{"fileInfo":{"companyName":"AppEsteem Corporation","lastUpdate":"260512","storePrefix":"https://appesteemstorage.blob.core.windows.net/apps/","usageInfo":"This API is licensed to you under the AppEsteem API Agreement (https://appesteemstorage.blob.core.windows.net/public-documents/api-license-agreement.pdf). The data accessed by the API is licensed to you under to the AppEsteem Terms of Use (https://appesteemstorage.blob.core.windows.net/public-documents/terms-of-use.pdf) (collectively with the API Agreement, the TERMS). Your use of the API and access of the data indicates your agreement to these TERMS on behalf of yourself and the entity you represent. If you do not agree to these TERMS or are not authorized to bind your entity, do not access or use the data or API.","website":"https://customer.appesteem.com","seeAlso":"/Home/Deceptor","cleanup":"/Home/DeceptorFix","template":"/Home/DeceptorTemplate"},"containsInfo":{"querySatisfied":true,"type":null,"returnCount":2828,"top":0,"skip":0,"queryCount":2828,"yyyymm":null,"tofix":false},"deceptors":[{"violations":{"ACR-048":"The app does not provide any control to cancel the installation process and launches invisibly after installation completes\n","ACR-010":"During installation, the application downloads and installs hidden malicious files under C:\\Program Files (x86)\\Microsoft Updater. and keep running in the background. It steals the local system info and attempts to communicate with 172.67.181.254. \n","ACR-084":"The background app processes (including malicious process loaded) keep running without providing any information in application notification or setting about how to terminate it to the user. \n"},"nonDeceptorViolations":{"ACR-065":"The install does not display links to the EULA and Privacy Policy.\nThe application's landing page has no link to the EULA and/or Terms of Service, and Privacy Policy.\n"},"samples":[{"isRevoked":"False","fileName":"ZyraInstaller.exe","isInstaller":"True","companyName":"Zyra Inc                                                    ","productName":"Zyra","productVersion":"1.0.0.0","fileVersion":"1.0.0.0","hashMD5":"0c1823e34b023ed3e80a6dcb945f957c","hashSHA1":"3d665b05572f894a500ee690c02f962d9414afcc","hashSHA256":"c1a32cb9da5a1ea24711b50e962b962f7dbea1d3b082613bdafff300bb988cf8","sourceIndex":"2","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"ZyraVPN.zip","hashMD5":"d32f228037c5a4ee8ae7daa10739b324","hashSHA1":"4b718ac8c9d41d4e9e90e1070b1067a54db31ce0","hashSHA256":"3c9cc8d89a90cfe8a7a7d5ae6413d5b7bb78295d1b04967276ef897f8b22cc6f","sourceIndex":"2","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"control.exe","companyName":"Node.js","productName":"Node.js","productVersion":"16.16.0","fileVersion":"16.16.0","hashMD5":"ab4fc3682cde32483f87231528b2167f","hashSHA1":"844bb6d5c149e6e840ca86c1d6f9c84836a0edca","hashSHA256":"9ff4755fafeddccb390440be05e8999c06cbf65d37b6025e4f018977906d1bc0","sourceIndex":"2","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"updater.exe","companyName":"Node.js","productName":"Node.js","productVersion":"16.16.0","fileVersion":"16.16.0","hashMD5":"11ab82d96de766adcd3f67df641e2a68","hashSHA1":"5e969579528271b228ded4d608565861b73d272f","hashSHA256":"6b9fdcc0010eee1bdcb0270309946914db6b6a241322e6775802a3fd1daf7463","sourceIndex":"2","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"ZyraVPNInstaller_2.exe","isInstaller":"True","companyName":"ZyraVPN Inc                                                 ","productName":"ZyraVPN","productVersion":"6.0.9.9","fileVersion":"6.0.9.9","hashMD5":"14b2233bcc9bbee289c49f0912186fe5","hashSHA1":"afc6914d975530bc65d7b38231fa901fd5adcb92","hashSHA256":"b51c729235f333f71fb587dc05bb8f0fee1806e748358545758d0120a12d152e","sourceIndex":"2","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"updater_2.exe","companyName":"Node.js","productName":"Node.js","productVersion":"16.16.0","fileVersion":"16.16.0","hashMD5":"771cea1309c7bff5b872373b13603cc4","hashSHA1":"b978dfe5813c8c307ebc02166af014b63a19945f","hashSHA256":"a6a212fec529fee7089373fb8b76dfc7e8ff347898f39dea4889ef0da8d3d844","sourceIndex":"2","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"https://zyravpn.com/","reference":"https://zyravpn.com/","landingPage":"https://zyravpn.com/","directDownloadingLink":"https://zyravpn.com/download/ZyraVPN.zip","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://zyravpn.com/download/ZyraVPN.zip","sourceIndex":"2"}],"sampleFiles":["260511/ZyraVPN-260507/1.0.0.0/Samples/ZyraInstaller.exe","260511/ZyraVPN-260507/1.0.0.0/Samples/ZyraVPN.zip","260511/ZyraVPN-260507/1.0.0.0/Samples/control.exe","260511/ZyraVPN-260507/1.0.0.0/Samples/updater.exe","260511/ZyraVPN-260507/1.0.0.0/Samples/ZyraVPNInstaller_2.exe","260511/ZyraVPN-260507/1.0.0.0/Samples/updater_2.exe"],"imageFiles":["260511/ZyraVPN-260507/1.0.0.0/Images/ACR-084/ACR-010_2.png","260511/ZyraVPN-260507/1.0.0.0/Images/ACR-048/install2.png","260511/ZyraVPN-260507/1.0.0.0/Images/ACR-010/ACR-010_1.png","260511/ZyraVPN-260507/1.0.0.0/Images/ACR-010/ACR-010_2.png","260511/ZyraVPN-260507/1.0.0.0/Images/ACR-010/ACR-010_3.png","260511/ZyraVPN-260507/1.0.0.0/Images/ACR-010/ACR-010_4.png"],"nonDeceptorImageFiles":["260511/ZyraVPN-260507/1.0.0.0/Images/ACR-065/install1.png","260511/ZyraVPN-260507/1.0.0.0/Images/ACR-065/install2.png","260511/ZyraVPN-260507/1.0.0.0/Images/ACR-065/landingpage.png"],"guid":"3ec35b9c-b9db-48d9-8b44-19ca48c8738e_1.0.0.0_1","appID":"ZyraVPN-260507","dateAdded":"260511","deceptorType":"App","name":"Zyra VPN","company":"Zyra Inc.","version":"1.0.0.0","lastKnownDate":"260511","type":"Windows Executable","targetCustomer":"consumer","monetization":"net proxy,mining","lastUpdate":"2026-05-11T19:40:30.0697506+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":0},{"violations":{"ACR-004":"Application doesn't provide free fix for all items reported, only allow to recover up to 200MB of data. Instead it requires a paid license to completely recover files shown.\n"},"nonDeceptorViolations":{"ACR-017":"The app elevates its consumer trust level by displaying unverifiable logos or 3rd party endorsements in the landing page.\n"},"samples":[{"isRevoked":"False","fileName":"MagoshareDataRecovery.exe","isInstaller":"True","companyName":"Magoshare                                                   ","productName":"Magoshare Data Recovery Trial 4.6","productVersion":"4.6","fileVersion":"4.6","hashMD5":"62ff2ad812888ad7ddc5734de9d4bb4e","hashSHA1":"9cc7e84caa84ad10927e88a6c9efb6d7bd5b3009","hashSHA256":"fc102b14c509726b6b67714176b96f26a949ed00cd82b5a6ff7a46a12f61d1c7","digitalCertThumbprint":"57D90DAE6762C76648F2AF8204F4DEB69F256074","digitalCertIssuer":"CN=GlobalSign GCC R45 EV CodeSigning CA 2020, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"CN=\"Chengdu Shengxuan Technology Co., Ltd.\", OU=IT, O=\"Chengdu Shengxuan Technology Co., Ltd.\", L=Chengdu, S=Sichuan, C=CN, OID.1.3.6.1.4.1.311.60.2.1.1=Chengdu, OID.1.3.6.1.4.1.311.60.2.1.2=Sichuan, OID.1.3.6.1.4.1.311.60.2.1.3=CN, SERIALNUMBER=91510100MA6ADXEC52, OID.2.5.4.15=Private Organization","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"1","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"Magoshare.exe","companyName":"Magoshare","productName":"Magoshare Data Recovery","productVersion":"4.6","fileVersion":"4.6","hashMD5":"b18d2cf6d493724cbe9241f9d6b9740c","hashSHA1":"f1db9b547bd8fcb92bc8b10932296f8786c6c248","hashSHA256":"b84c2ff4a2a69c4193ab0f72567c826dc2a5edf502adc2bfb5e4e05302d03a0d","digitalCertThumbprint":"57D90DAE6762C76648F2AF8204F4DEB69F256074","digitalCertIssuer":"CN=GlobalSign GCC R45 EV CodeSigning CA 2020, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"CN=\"Chengdu Shengxuan Technology Co., Ltd.\", OU=IT, O=\"Chengdu Shengxuan Technology Co., Ltd.\", L=Chengdu, S=Sichuan, C=CN, OID.1.3.6.1.4.1.311.60.2.1.1=Chengdu, OID.1.3.6.1.4.1.311.60.2.1.2=Sichuan, OID.1.3.6.1.4.1.311.60.2.1.3=CN, SERIALNUMBER=91510100MA6ADXEC52, OID.2.5.4.15=Private Organization","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"1","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"Main.exe","companyName":"Magoshare","productName":"Magoshare Data Recovery","productVersion":"4.6","fileVersion":"4.6","hashMD5":"a96adaae43443a760bf777e5010b1f6b","hashSHA1":"255d75066f4e7608232a6fa940496091a8e5fb03","hashSHA256":"df13866802f5140d335b2123e8beee8709df6beac29b6fbffecab114a58a4cce","digitalCertThumbprint":"57D90DAE6762C76648F2AF8204F4DEB69F256074","digitalCertIssuer":"CN=GlobalSign GCC R45 EV CodeSigning CA 2020, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"CN=\"Chengdu Shengxuan Technology Co., Ltd.\", OU=IT, O=\"Chengdu Shengxuan Technology Co., Ltd.\", L=Chengdu, S=Sichuan, C=CN, OID.1.3.6.1.4.1.311.60.2.1.1=Chengdu, OID.1.3.6.1.4.1.311.60.2.1.2=Sichuan, OID.1.3.6.1.4.1.311.60.2.1.3=CN, SERIALNUMBER=91510100MA6ADXEC52, OID.2.5.4.15=Private Organization","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"1","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"random search","reference":"","landingPage":"https://www.magoshare.com/trial/MagoshareDataRecovery.exe","directDownloadingLink":"https://www.magoshare.com/data-recovery-software/windows-data-recovery-software.html","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.magoshare.com/data-recovery-software/windows-data-recovery-software.html","sourceIndex":"1"}],"sampleFiles":["260511/MagoshareDataRecovery-260506/4.6/Samples/MagoshareDataRecovery.exe","260511/MagoshareDataRecovery-260506/4.6/Samples/Magoshare.exe","260511/MagoshareDataRecovery-260506/4.6/Samples/Main.exe"],"imageFiles":["260511/MagoshareDataRecovery-260506/4.6/Images/ACR-004/ACR-004_Software_1.png","260511/MagoshareDataRecovery-260506/4.6/Images/ACR-004/ACR-004_Software_2.png"],"nonDeceptorImageFiles":["260511/MagoshareDataRecovery-260506/4.6/Images/ACR-017/ACR-017_Landing page_1.png"],"guid":"1aae0158-a14a-4f3b-8816-cacf4e2f58cf_4.6_1","appID":"MagoshareDataRecovery-260506","dateAdded":"260511","deceptorType":"App","name":"Magoshare Data Recovery","company":"Magoshare","version":"4.6","lastKnownDate":"260511","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2026-05-11T19:43:14.4708681+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1},{"violations":{"ACR-010":"Installation package masquerading as application LetsVPN installer, with hidden components (files/programs) bundled that are not related with LetsVPN. The hidden components are dropped and installed during installation. The installer propagates malicious program (for example: SHA256: b82b706eee4acbb0eb103c253db9744cf5f374ab2c20b630a972d1a74a2ba6c5; SHA256:af96daf71620f14e90e8b2981046ec4903df2c84be5b55b1c29eb8bd45af20d9)\n","ACR-014":"Landing page and installation prompts present the fake information tricking user to download malicious program that masquerades as LetsVPN application.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"kuailian-vpn.exe","isInstaller":"True","companyName":"Letsgo Network Incorporated","productName":"LetsVPN","productVersion":"91.8.18.79","fileVersion":"91.8.18.79","hashMD5":"4ce6f37b4f67cd015f9ecc0dbeb334bf","hashSHA1":"94094667d670fc64d5a509fc5724709ead3fe095","hashSHA256":"b82b706eee4acbb0eb103c253db9744cf5f374ab2c20b630a972d1a74a2ba6c5","digitalCertThumbprint":"599922EC0A2FB1E4D1DC92392DF25782B16ED90A","digitalCertIssuer":"CN=DigiCert EV Code Signing CA, OU=www.digicert.com, O=DigiCert Inc, C=US","digitalCertIssuedTo":"CN=四川迅游网络科技股份有限公司, O=四川迅游网络科技股份有限公司, L=成都市, S=四川省, C=CN, SERIALNUMBER=91510100677184972A, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.1=成都市, OID.1.3.6.1.4.1.311.60.2.1.2=四川省, OID.1.3.6.1.4.1.311.60.2.1.3=CN","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"3","avBlockList":["360 Total Security (20260428)","Avast Premium Security (20260428)","AVG Internet Security (20260428)","Avira Internet Security (20260428)","Bitdefender Internet Security (20260428)","COMODO Antivirus (20260428)","Dr.Web Security Space (20260428)","ESET Internet Security (20260428)","FortectPremium (20260428)","G DATA INTERNET SECURITY (20260428)","K7 Total Security (20260428)","KasperskyPremium (20260428)","Malwarebytes Premium (20260428)","McAfee Total Protection (20260428)","Norton Security (20260428)","Panda Dome (20260428)","Quick Heal Internet Security (20260428)","Sophos Home Premium (20260428)","SpyHunter5 (20260428)","Total AV Antivirus Pro (20260428)","Trend Micro Internet Security (20260428)","VIPRE Advanced Security (20260428)","VirIT eXplorer PRO (20260428)","Webroot SecureAnywhere (20260428)","Windows Defender (20260428)"],"avAllowList":[]},{"isRevoked":"False","fileName":"LetsVPN.msi","isInstaller":"True","hashMD5":"ae36251d84fe803f915cdc1df690572b","hashSHA1":"5a7752bbc02a01a96d8ff3b9aa0660bb143c1df0","hashSHA256":"d46993d5f962abcf8c7de245df1b6e60328823cebc879fc3642db6ef1dc50263","sourceIndex":"3","avBlockList":["360 Total Security (20260430)","Avast Premium Security (20260430)","AVG Internet Security (20260430)","Avira Internet Security (20260430)","Bitdefender Internet Security (20260430)","COMODO Antivirus (20260430)","ESET Internet Security (20260430)","FortectPremium (20260430)","G DATA INTERNET SECURITY (20260430)","K7 Total Security (20260430)","KasperskyPremium (20260430)","Malwarebytes Premium (20260430)","McAfee Total Protection (20260430)","Norton Security (20260430)","SpyHunter5 (20260430)","Total AV Antivirus Pro (20260430)","VIPRE Advanced Security (20260430)","VirIT eXplorer PRO (20260430)","Webroot SecureAnywhere (20260430)"],"avAllowList":["Dr.Web Security Space (20260430)","Panda Dome (20260430)","Quick Heal Internet Security (20260430)","Sophos Home Premium (20260430)","Trend Micro Internet Security (20260430)","Windows Defender (20260430)"]},{"isRevoked":"False","fileName":"kuail.msi","isInstaller":"True","hashMD5":"65f69c1a9ab36667e6b1cf71a7de0693","hashSHA1":"569ce87199d61f112375a0072774ec94d36272d9","hashSHA256":"abd30ca94ca5060512e380c64105a145dd2f6e4e0ad5b6b9c371689a19c4f298","sourceIndex":"3","avBlockList":["360 Total Security (20260505)","Avast Premium Security (20260505)","AVG Internet Security (20260505)","Avira Internet Security (20260505)","Bitdefender Internet Security (20260505)","COMODO Antivirus (20260505)","ESET Internet Security (20260505)","FortectPremium (20260505)","G DATA INTERNET SECURITY (20260505)","K7 Total Security (20260505)","KasperskyPremium (20260505)","Malwarebytes Premium (20260505)","McAfee Total Protection (20260505)","Norton Security (20260505)","Panda Dome (20260505)","Sophos Home Premium (20260505)","SpyHunter5 (20260505)","Total AV Antivirus Pro (20260505)","VIPRE Advanced Security (20260505)","VirIT eXplorer PRO (20260505)","Webroot SecureAnywhere (20260505)","Windows Defender (20260505)"],"avAllowList":["Dr.Web Security Space (20260505)","Quick Heal Internet Security (20260505)","Trend Micro Internet Security (20260505)"]},{"isRevoked":"False","fileName":"lest_Install.msi","isInstaller":"True","hashMD5":"747f3a1aa1da94e3b04fc6a925ae93df","hashSHA1":"1161fe7d2cab3587660c7e54cc221716012f3902","hashSHA256":"cb767c9817631094d488d5c3d99ee0ef0ad8240dce99159ebfe4bdc12b4c351d","digitalCertThumbprint":"95981A0FE8299FCF215465B087C0F0E62D79048B","digitalCertIssuer":"CN=Sectigo Public Code Signing CA E36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=\"Emurasoft, Inc.\", O=\"Emurasoft, Inc.\", S=Washington, C=US","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"3","avBlockList":["360 Total Security (20260507)","Avast Premium Security (20260507)","AVG Internet Security (20260507)","Avira Internet Security (20260507)","Bitdefender Internet Security (20260507)","COMODO Antivirus (20260507)","Dr.Web Security Space (20260507)","ESET Internet Security (20260507)","FortectPremium (20260507)","G DATA INTERNET SECURITY (20260507)","K7 Total Security (20260507)","KasperskyPremium (20260507)","Malwarebytes Premium (20260507)","McAfee Total Protection (20260507)","Norton Security (20260507)","Sophos Home Premium (20260507)","SpyHunter5 (20260507)","Total AV Antivirus Pro (20260507)","VIPRE Advanced Security (20260507)","VirIT eXplorer PRO (20260507)","Webroot SecureAnywhere (20260507)"],"avAllowList":["Panda Dome (20260507)","Quick Heal Internet Security (20260507)","Trend Micro Internet Security (20260507)","Windows Defender (20260507)"]},{"isRevoked":"False","fileName":"Windows.msi","isInstaller":"True","hashMD5":"af8997b5e50035d4e1bdb53df284da4f","hashSHA1":"896f898f2c1afe8e2e35e0cfe4df388bee1e106e","hashSHA256":"4cd7cdea70f6d1ad9ed82247e15ad2057723e247b9a3b2914f45cac1987705c5","sourceIndex":"3","avBlockList":["360 Total Security (20260423)","Avast Premium Security (20260423)","AVG Internet Security (20260423)","Avira Internet Security (20260423)","Bitdefender Internet Security (20260423)","COMODO Antivirus (20260423)","Dr.Web Security Space (20260423)","ESET Internet Security (20260423)","G DATA INTERNET SECURITY (20260423)","K7 Total Security (20260423)","KasperskyPremium (20260423)","Malwarebytes Premium (20260423)","McAfee Total Protection (20260423)","Norton Security (20260423)","Panda Dome (20260423)","Sophos Home Premium (20260423)","SpyHunter5 (20260423)","Total AV Antivirus Pro (20260423)","VIPRE Advanced Security (20260423)","VirIT eXplorer PRO (20260423)","Webroot SecureAnywhere (20260423)","Windows Defender (20260423)"],"avAllowList":["FortectPremium (20260423)","Quick Heal Internet Security (20260423)","Trend Micro Internet Security (20260423)"]},{"isRevoked":"False","fileName":"Win64%20-%20LetsProa1.1.msi","isInstaller":"True","hashMD5":"aee3c7e910fc5a89819a56b0ede0487c","hashSHA1":"a5e77399a7d0f17bccbada8e1e31be1a84fbd07f","hashSHA256":"fb88b8f1a1312d09424c028e2c1c577165648b0e6e9080887f5f6d0e4bc81de5","sourceIndex":"3","avBlockList":["360 Total Security (20251230)","Avast Premium Security (20251230)","AVG Internet Security (20251230)","Avira Internet Security (20251230)","Bitdefender Internet Security (20251230)","COMODO Antivirus (20251230)","Dr.Web Security Space (20251230)","ESET Internet Security (20251230)","FortectPremium (20251230)","G DATA INTERNET SECURITY (20251230)","K7 Total Security (20251230)","KasperskyPremium (20251230)","Malwarebytes Premium (20251230)","McAfee Total Protection (20251230)","Norton Security (20251230)","Panda Dome (20251230)","Quick Heal Internet Security (20251230)","Sophos Home Premium (20251230)","SpyHunter5 (20251230)","Total AV Antivirus Pro (20251230)","Trend Micro Internet Security (20251230)","VIPRE Advanced Security (20251230)","VirIT eXplorer PRO (20251230)","Webroot SecureAnywhere (20251230)","Windows Defender (20251230)"],"avAllowList":[]},{"isRevoked":"False","fileName":"letsvpn-latest.exe","isInstaller":"True","hashMD5":"3eabf7921c52a0ecbc11891722d7f0db","hashSHA1":"87ce495e38ed3ef10f519b4f667f6f158769e105","hashSHA256":"6a4100e29add30926d2fcbbeed4f0647f6fbee323d551390435d07af606bf774","digitalCertThumbprint":"20C98CD8E61F7B9E77DBD74242B7538FF410F57B","digitalCertIssuer":"CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O=\"VeriSign, Inc.\", C=US","digitalCertIssuedTo":"CN=ShenZhen Thunder Networking Technologies Ltd., OU=Operate, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=ShenZhen Thunder Networking Technologies Ltd., L=Shenzhen, S=Guangdong, C=CN","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"3","avBlockList":["Avast Premium Security (20260421)","AVG Internet Security (20260421)","Avira Internet Security (20260421)","Bitdefender Internet Security (20260421)","COMODO Antivirus (20260421)","ESET Internet Security (20260421)","FortectPremium (20260421)","G DATA INTERNET SECURITY (20260421)","K7 Total Security (20260421)","KasperskyPremium (20260421)","Malwarebytes Premium (20260421)","McAfee Total Protection (20260421)","Norton Security (20260421)","Panda Dome (20260421)","Quick Heal Internet Security (20260421)","Sophos Home Premium (20260421)","SpyHunter5 (20260421)","Total AV Antivirus Pro (20260421)","Trend Micro Internet Security (20260421)","VIPRE Advanced Security (20260421)","VirIT eXplorer PRO (20260421)","Webroot SecureAnywhere (20260421)","Windows Defender (20260421)"],"avAllowList":["360 Total Security (20260421)","Dr.Web Security Space (20260421)"]}],"additionalFiles":[],"sources":[{"howFound":"Spoofed LetsVPN","reference":"","landingPage":"https://www.kaovpn.com/","ipv4":"","ipv6":"","sourceIndex":"3"},{"howFound":"","reference":"","landingPage":"https://www.letsvpn.im/","ipv4":"","ipv6":"","sourceIndex":"4"},{"howFound":"","reference":"","landingPage":"https://www.letsvpnn.com/","ipv4":"","ipv6":"","sourceIndex":"5"},{"howFound":"","reference":"","landingPage":"https://kmvpn.com/index.html","ipv4":"","ipv6":"","sourceIndex":"6"},{"howFound":"","reference":"","landingPage":"https://www.kuailian-vpn.org.cn/","ipv4":"","ipv6":"","sourceIndex":"7"},{"howFound":"","reference":"","landingPage":"https://kmvpn.com/download.html","ipv4":"","ipv6":"","sourceIndex":"8"},{"howFound":"","reference":"","landingPage":"https://www.pc-kuailian.com.cn/","ipv4":"","ipv6":"","sourceIndex":"9"},{"howFound":"","reference":"","landingPage":"https://www.kuaillan.com/","ipv4":"","ipv6":"","sourceIndex":"10"},{"howFound":"","reference":"","landingPage":"https://letsvnpn.com/index.html","ipv4":"","ipv6":"","sourceIndex":"11"},{"howFound":"","reference":"","landingPage":"https://www.kuaillian.com.cn/","ipv4":"","ipv6":"","sourceIndex":"12"},{"howFound":"","reference":"","landingPage":"https://www.vpn-kuailian.com.cn/","ipv4":"","ipv6":"","sourceIndex":"13"},{"howFound":"","reference":"","landingPage":"https://www.kuailian.im/","ipv4":"","ipv6":"","sourceIndex":"14"},{"howFound":"","reference":"","landingPage":"https://www.pugane.com/","ipv4":"","ipv6":"","sourceIndex":"15"},{"howFound":"","reference":"","landingPage":"https://gaojianzixun.com/","ipv4":"","ipv6":"","sourceIndex":"16"},{"howFound":"","reference":"","landingPage":"https://www.xalianao.com/","ipv4":"","ipv6":"","sourceIndex":"17"},{"howFound":"","reference":"","landingPage":"https://www.haomiaomiao.com/","ipv4":"","ipv6":"","sourceIndex":"18"},{"howFound":"","reference":"","landingPage":"https://www.kuailianlian.com.cn/xiazai/","ipv4":"","ipv6":"","sourceIndex":"19"},{"howFound":"","reference":"","landingPage":"https://www.kuailianquick.com/","ipv4":"","ipv6":"","sourceIndex":"20"},{"howFound":"","reference":"","landingPage":"https://kuailianup.com/","ipv4":"","ipv6":"","sourceIndex":"21"},{"howFound":"","reference":"","landingPage":"https://www.kuilian-china.com","ipv4":"","ipv6":"","sourceIndex":"22"},{"howFound":"","reference":"","landingPage":"https://www.letsvpn.im/","ipv4":"","ipv6":"","sourceIndex":"23"},{"howFound":"","reference":"","landingPage":"https://www.letsvpnn.com/","ipv4":"","ipv6":"","sourceIndex":"24"},{"howFound":"","reference":"","landingPage":"https://kmvpn.com/index.html","ipv4":"","ipv6":"","sourceIndex":"25"},{"howFound":"","reference":"","landingPage":"https://www.kuailian-vpn.org.cn/","ipv4":"","ipv6":"","sourceIndex":"26"},{"howFound":"","reference":"","landingPage":"https://kmvpn.com/download.html","ipv4":"","ipv6":"","sourceIndex":"27"},{"howFound":"","reference":"","landingPage":"https://www.pc-kuailian.com.cn/","ipv4":"","ipv6":"","sourceIndex":"28"},{"howFound":"","reference":"","landingPage":"https://www.kuaillan.com/","ipv4":"","ipv6":"","sourceIndex":"29"},{"howFound":"","reference":"","landingPage":"https://letsvnpn.com/index.html","ipv4":"","ipv6":"","sourceIndex":"30"},{"howFound":"","reference":"","landingPage":"https://www.kuaillian.com.cn/","ipv4":"","ipv6":"","sourceIndex":"31"},{"howFound":"","reference":"","landingPage":"https://www.vpn-kuailian.com.cn/","ipv4":"","ipv6":"","sourceIndex":"32"},{"howFound":"","reference":"","landingPage":"https://www.kuailian.im/","ipv4":"","ipv6":"","sourceIndex":"33"},{"howFound":"","reference":"","landingPage":"https://www.pugane.com/","ipv4":"","ipv6":"","sourceIndex":"34"},{"howFound":"","reference":"","landingPage":"https://gaojianzixun.com/","ipv4":"","ipv6":"","sourceIndex":"35"},{"howFound":"","reference":"","landingPage":"https://www.xalianao.com/","ipv4":"","ipv6":"","sourceIndex":"36"},{"howFound":"","reference":"","landingPage":"https://www.haomiaomiao.com/","ipv4":"","ipv6":"","sourceIndex":"37"},{"howFound":"","reference":"","landingPage":"https://www.kuailianlian.com.cn/xiazai/","ipv4":"","ipv6":"","sourceIndex":"38"},{"howFound":"","reference":"","landingPage":"https://www.kuailianquick.com/","ipv4":"","ipv6":"","sourceIndex":"39"},{"howFound":"","reference":"","landingPage":"https://kuailianup.com/","ipv4":"","ipv6":"","sourceIndex":"40"},{"howFound":"","reference":"","landingPage":"https://www.kuilian-china.com/","ipv4":"","ipv6":"","sourceIndex":"41"},{"howFound":"","reference":"","landingPage":"https://www.kuailianppp.com.cn/","ipv4":"","ipv6":"","sourceIndex":"42"},{"howFound":"","reference":"","landingPage":"https://www.letsvpns.com/","ipv4":"","ipv6":"","sourceIndex":"43"},{"howFound":"","reference":"","landingPage":"https://www.cakuailian.com.cn/","ipv4":"","ipv6":"","sourceIndex":"44"},{"howFound":"","reference":"","landingPage":"https://kualianvpn.com/","ipv4":"","ipv6":"","sourceIndex":"45"},{"howFound":"","reference":"","landingPage":"https://www.kuailianvo.com.cn/","ipv4":"","ipv6":"","sourceIndex":"46"},{"howFound":"","reference":"","landingPage":"https://www.kuailianui.com.cn/","ipv4":"","ipv6":"","sourceIndex":"47"},{"howFound":"","reference":"","landingPage":"https://www.kuailianchina.com/","ipv4":"","ipv6":"","sourceIndex":"48"},{"howFound":"","reference":"","landingPage":"https://tiaozhuan.hgjjwl.asia/Lets%20%E5%8A%A0%E9%80%9F%E5%99%A8.html?/","ipv4":"","ipv6":"","sourceIndex":"49"},{"howFound":"","reference":"","landingPage":"https://letsvpnaccess.cn/","ipv4":"","ipv6":"","sourceIndex":"50"},{"howFound":"","reference":"","landingPage":"https://kuainlin.com.cn/","ipv4":"","ipv6":"","sourceIndex":"51"},{"howFound":"","reference":"","landingPage":"https://letsvpn-kuailianvpn.com/enproduct/","ipv4":"","ipv6":"","sourceIndex":"52"},{"howFound":"","reference":"","landingPage":"https://letsvpn-service.com/","ipv4":"","ipv6":"","sourceIndex":"53"},{"howFound":"","reference":"","landingPage":"https://sites.google.com/view/wuyunseomv/home","ipv4":"","ipv6":"","sourceIndex":"54"},{"howFound":"","reference":"","landingPage":"https://sites.google.com/view/bfbdten/home","ipv4":"","ipv6":"","sourceIndex":"55"},{"howFound":"","reference":"","landingPage":"https://ssl-letsvpn.com/pricing.html","ipv4":"","ipv6":"","sourceIndex":"56"},{"howFound":"","reference":"","landingPage":"https://www.zh-letsvpn.com.cn/","ipv4":"","ipv6":"","sourceIndex":"57"},{"howFound":"","reference":"","landingPage":"https://www.letsvpn.dev/","ipv4":"","ipv6":"","sourceIndex":"58"},{"howFound":"","reference":"","landingPage":"https://letsvpn.us/","ipv4":"","ipv6":"","sourceIndex":"59"},{"howFound":"","reference":"","landingPage":"https://www.letsvpn.us/","ipv4":"","ipv6":"","sourceIndex":"60"},{"howFound":"","reference":"","landingPage":"https://letsvpn.hot/","ipv4":"","ipv6":"","sourceIndex":"61"},{"howFound":"","reference":"","landingPage":"https://www.klvpnn.com/","ipv4":"","ipv6":"","sourceIndex":"62"},{"howFound":"","reference":"","landingPage":"https://mwm.ai/apps/vpn/1471102783","ipv4":"","ipv6":"","sourceIndex":"63"},{"howFound":"","reference":"","landingPage":"https://www.letsilvpn.com/","ipv4":"","ipv6":"","sourceIndex":"64"},{"howFound":"","reference":"","landingPage":"https://kuailian-dd.com.cn/","ipv4":"","ipv6":"","sourceIndex":"65"},{"howFound":"","reference":"","landingPage":"https://www.sbrjnf.com/","ipv4":"","ipv6":"","sourceIndex":"66"},{"howFound":"","reference":"","landingPage":"https://link-kuailian.com.cn/","ipv4":"","ipv6":"","sourceIndex":"67"},{"howFound":"","reference":"","landingPage":"https://kui.lsai2.top/","ipv4":"","ipv6":"","sourceIndex":"68"},{"howFound":"","reference":"","landingPage":"https://letswvpn.com/","ipv4":"","ipv6":"","sourceIndex":"69"},{"howFound":"","reference":"","landingPage":"https://tcfrvj.com/ maisondeco.cn/?clickId=d0ybm7e9fjsl&mt=1774191703&ip=115.60.149.173&uid=d0ybm7e9fjsl&source=SEO_CN&utm_source=www.maisondeco.cn&platform=Linux&utm_campaign=fapnetKuailianSeptember23&siteUrl=%2F&trafficSource=direct&utm_medium=direct","ipv4":"","ipv6":"","sourceIndex":"70"},{"howFound":"","reference":"","landingPage":"https://wj-letsvpn.com","ipv4":"","ipv6":"","sourceIndex":"71"},{"howFound":"","reference":"","landingPage":"https://letsvpnofficial.com/","ipv4":"","ipv6":"","sourceIndex":"72"},{"howFound":"","reference":"","landingPage":"https://m.mfioi.cn/","ipv4":"","ipv6":"","sourceIndex":"73"},{"howFound":"","reference":"","landingPage":"https://ues-letsvpn.com/","ipv4":"","ipv6":"","sourceIndex":"74"},{"howFound":"","reference":"","landingPage":"https://vdlkzx.com/","ipv4":"","ipv6":"","sourceIndex":"75"},{"howFound":"","reference":"","landingPage":"https://www.gwqpmh.com","ipv4":"","ipv6":"","sourceIndex":"76"},{"howFound":"","reference":"","landingPage":"https://kainglian.com.cn","ipv4":"","ipv6":"","sourceIndex":"77"},{"howFound":"","reference":"","landingPage":"https://kainlian.com.cn/index.html","ipv4":"","ipv6":"","sourceIndex":"78"},{"howFound":"","reference":"","landingPage":"https://kuailiangrp.com.cn/","ipv4":"","ipv6":"","sourceIndex":"79"},{"howFound":"","reference":"","landingPage":"https://m.mfioi.cn/","ipv4":"","ipv6":"","sourceIndex":"80"},{"howFound":"","reference":"","landingPage":"http://kuailianevpn.com.cn/","ipv4":"","ipv6":"","sourceIndex":"81"},{"howFound":"","reference":"","landingPage":"https://of-klian.com/","ipv4":"","ipv6":"","sourceIndex":"82"},{"howFound":"","reference":"","landingPage":"http://rkkuailian.com.cn/","ipv4":"","ipv6":"","sourceIndex":"83"},{"howFound":"","reference":"","landingPage":"https://qsyydnbxz.com/","ipv4":"","ipv6":"","sourceIndex":"84"},{"howFound":"","reference":"","landingPage":"https://letsvpnx.pro/","ipv4":"","ipv6":"","sourceIndex":"85"},{"howFound":"","reference":"","landingPage":"https://www.letscpvpn.com/","ipv4":"","ipv6":"","sourceIndex":"86"},{"howFound":"","reference":"","landingPage":"https://kuaihlian.com.cn/#","ipv4":"","ipv6":"","sourceIndex":"87"},{"howFound":"","reference":"","landingPage":"https://kuaillan.cn/","ipv4":"","ipv6":"","sourceIndex":"88"},{"howFound":"","reference":"","landingPage":"http://kuailianvan.com.cn/","ipv4":"","ipv6":"","sourceIndex":"89"},{"howFound":"","reference":"","landingPage":"https://kuailianvan.com.cn/","ipv4":"","ipv6":"","sourceIndex":"90"},{"howFound":"","reference":"","landingPage":"https://knkuailian.com.cn","ipv4":"","ipv6":"","sourceIndex":"91"},{"howFound":"","reference":"","landingPage":"https://nuyi.mobi/#","ipv4":"","ipv6":"","sourceIndex":"92"},{"howFound":"","reference":"","landingPage":"https://bsiqso.cn/","ipv4":"","ipv6":"","sourceIndex":"93"},{"howFound":"","reference":"","landingPage":"https://letsvpn-asia.com/","ipv4":"","ipv6":"","sourceIndex":"94"},{"howFound":"","reference":"","landingPage":"http://oilkxv.cn/","ipv4":"","ipv6":"","sourceIndex":"95"},{"howFound":"","reference":"","landingPage":"https://kuailian-vpn3.com/","ipv4":"","ipv6":"","sourceIndex":"96"},{"howFound":"","reference":"","landingPage":"https://kuailianng.com.cn/","ipv4":"","ipv6":"","sourceIndex":"97"},{"howFound":"","reference":"","landingPage":"http://www.shpsqir.xyz/","ipv4":"","ipv6":"","sourceIndex":"98"},{"howFound":"","reference":"","landingPage":"https://kuailianfast.com/","ipv4":"","ipv6":"","sourceIndex":"99"},{"howFound":"","reference":"","landingPage":"https://kuail.xiazte.com/","ipv4":"","ipv6":"","sourceIndex":"100"},{"howFound":"","reference":"","landingPage":"https://www.kknqi.cn/","ipv4":"","ipv6":"","sourceIndex":"101"},{"howFound":"","reference":"","landingPage":"https://www.zh-letsvpn.com.cn/","ipv4":"","ipv6":"","sourceIndex":"102"},{"howFound":"","reference":"","landingPage":"https://www.lets-vpn.dev/","ipv4":"","ipv6":"","sourceIndex":"103"},{"howFound":"","reference":"","landingPage":"https://www.letsvpn.dev/download","ipv4":"","ipv6":"","sourceIndex":"104"},{"howFound":"","reference":"","landingPage":"https://www.kuailianvpn123.com/","ipv4":"","ipv6":"","sourceIndex":"105"},{"howFound":"","reference":"","landingPage":"https://www.vbfxe.cn","ipv4":"","ipv6":"","sourceIndex":"106"},{"howFound":"","reference":"","landingPage":"https://kuailiansz.com.cn/","ipv4":"","ipv6":"","sourceIndex":"107"}],"sampleFiles":["260416/SpoofedVPN-250813/250813/Samples/kuailian-vpn.exe","260416/SpoofedVPN-250813/250813/Samples/LetsVPN.msi","260416/SpoofedVPN-250813/250813/Samples/kuail.msi","260416/SpoofedVPN-250813/250813/Samples/lest_Install.msi","260416/SpoofedVPN-250813/250813/Samples/Windows.msi","260416/SpoofedVPN-250813/250813/Samples/Win64%20-%20LetsProa1.1.msi","260416/SpoofedVPN-250813/250813/Samples/letsvpn-latest.exe"],"imageFiles":["260416/SpoofedVPN-250813/250813/Images/ACR-014/ACR-014_Install_1.png","260416/SpoofedVPN-250813/250813/Images/ACR-014/ACR-014_Install_2.png","260416/SpoofedVPN-250813/250813/Images/ACR-010/ACR-010_Software_1.png"],"nonDeceptorImageFiles":[],"guid":"2bf2d7f5-d2e1-442b-be89-16b89c31ba5c_250813_1","appID":"SpoofedVPN-250813","dateAdded":"260416","deceptorType":"App","name":"SpoofedVPN","company":"Unknown","version":"250813","lastKnownStatus":"250813;250923;251001;260416","lastKnownDate":"260416","type":"Windows Executable","category":"Business Developer Tools","targetOS":"Windows 10,Windows 11","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"none","lastUpdate":"2026-04-16T22:09:13.1430455+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2},{"violations":{"ACR-006":"The app does not disclose that it is serving up Yahoo! search results.\n","ACR-104":"The search doesn't clearly attribute Yahoo and disclose that user queries will be processed through it.\n","ACR-118":"After uninstallation, some executable files remain on the device without the user’s knowledge.\n","ACR-039":"The app silently adds \"PDF\" and \"Shift Browser\" shortcuts to the desktop without clearly disclosing their relationship during installation and EULA.\n"},"nonDeceptorViolations":{"ACR-038":"App is not clear about what it is installing.\n","ACR-040":"App installs in hidden folder %AppData% without proper disclosure.\n","ACR-065":"The install does not display links to the EULA and Privacy Policy.\n"},"samples":[{"isRevoked":"False","fileName":"Shift%20-%20PDF_x85yyw.exe","isInstaller":"True","companyName":"Shift Technologies Inc.                                     ","productName":"Shift Browser","productVersion":"144.0.0","fileVersion":"144.0.0","hashMD5":"b2b2e7a5c11674651be2aeac2a40a3be","hashSHA1":"90185678b018d9585e3cc424a4ebb58458dfd947","hashSHA256":"b3e96b580142c74a132d38e54758d4d09697e6441d2b75531d6a2a5b82c8f55f","digitalCertThumbprint":"0C9A1B5FD117CB11BF7D5E624B20E458F6BCFBF4","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Shift Technologies Inc, O=Shift Technologies Inc, L=Victoria, S=British Columbia, C=CA, SERIALNUMBER=BC1497351, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.2=British Columbia, OID.1.3.6.1.4.1.311.60.2.1.3=CA","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"108","avBlockList":["360 Total Security (20260430)","Avast Premium Security (20260430)","AVG Internet Security (20260430)","Avira Internet Security (20260430)","COMODO Antivirus (20260430)","FortectPremium (20260430)","K7 Total Security (20260430)","KasperskyPremium (20260430)","Malwarebytes Premium (20260430)","Norton Security (20260430)","Quick Heal Internet Security (20260430)","Sophos Home Premium (20260430)","SpyHunter5 (20260430)","Total AV Antivirus Pro (20260430)","VirIT eXplorer PRO (20260430)","Webroot SecureAnywhere (20260430)"],"avAllowList":["Bitdefender Internet Security (20260430)","Dr.Web Security Space (20260430)","ESET Internet Security (20260430)","G DATA INTERNET SECURITY (20260430)","McAfee Total Protection (20260430)","Panda Dome (20260430)","Trend Micro Internet Security (20260430)","VIPRE Advanced Security (20260430)","Windows Defender (20260421)"]}],"additionalFiles":[],"sources":[{"howFound":"filehippo.com Ads","reference":"","landingPage":"https://shift.com/","directDownloadingLink":"https://app.shift.com/shift/download/Shift%20-%20PDF_x85yyw.exe?key=x85yyw&installer=shift-v144.0.0-web.exe","ipv4":"","ipv6":"","landingPageWildChar":"","directDownloadingLinkWildChar":"https://app.shift.com/shift/download/Shift%20-%20PDF_x85yyw.exe?key=x85yyw&installer=shift-v144.0.0-web.exe","sourceIndex":"108"}],"sampleFiles":["260416/Shift-260415/144.00.76/Samples/Shift%20-%20PDF_x85yyw.exe"],"imageFiles":["260416/Shift-260415/144.00.76/Images/ACR-039/ACR-039_Install_1.png","260416/Shift-260415/144.00.76/Images/ACR-039/ACR-039_Install_2.png","260416/Shift-260415/144.00.76/Images/ACR-104/ACR-104_Software_1.png","260416/Shift-260415/144.00.76/Images/ACR-104/ACR-104.mp4","260416/Shift-260415/144.00.76/Images/ACR-006/ACR-006.mp4","260416/Shift-260415/144.00.76/Images/ACR-006/ACR-006_Software_1.png","260416/Shift-260415/144.00.76/Images/ACR-118/ACR-118_Uninstall_1.png"],"nonDeceptorImageFiles":["260416/Shift-260415/144.00.76/Images/ACR-040/ACR-040_Install_1.png","260416/Shift-260415/144.00.76/Images/ACR-038/ACR-038_Install_1.png","260416/Shift-260415/144.00.76/Images/ACR-065/ACR-065.mp4"],"guid":"fdb84a90-bf10-4225-b554-dddc28b9e4c8_144.00.76_1","appID":"Shift-260415","dateAdded":"260416","deceptorType":"App","name":"Shift","company":"Shift Technologies Inc.","version":"144.00.76","lastKnownDate":"260416","type":"Windows Executable","category":"Personalization & Search","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10,Windows 11","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"search","lastUpdate":"2026-04-16T19:58:29.7314858+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":3},{"violations":{"ACR-007":"App does not obtain informed user explicit consent to reduce the consumer's security posture caused by resource sharing.\n","ACR-084":"1. Application creates auto startup item without providing option for user to disable it.\n2. Application doesn't provide visible indication that resource sharing on status.\n","ACR-014":"The app misleads the user by stating \"unprotected\", while another VPN service is already active and running.\n"},"nonDeceptorViolations":{"ACR-123":"The auto startup item is not removed during uninstallation.\n"},"samples":[{"isRevoked":"False","fileName":"tuxlerVPNSetup.exe","isInstaller":"True","companyName":"Tuxler Privacy Technologies, Inc.                           ","productName":"tuxlerVPN","productVersion":"2.3.0.8","fileVersion":"2.3.0.8","hashMD5":"62cc56af16af9b1a6e5b860178c51233","hashSHA1":"d30e708a08bcd0697b70a1d9ef221fe347e385fa","hashSHA256":"3260ac9c8d4826b002558eb657f91c6ffae65c4dce5dde6e9149188387e14657","digitalCertThumbprint":"65BE23B6792FD8266CECFC35ED9AF1E2E98035A8","digitalCertIssuer":"CN=GlobalSign GCC R45 EV CodeSigning CA 2020, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"E=office@tuxler.com, CN=\"TUXLER PRIVACY TECHNOLOGIES, INC.\", O=\"TUXLER PRIVACY TECHNOLOGIES, INC.\", L=Walnut Creek, S=California, C=US, OID.1.3.6.1.4.1.311.60.2.1.2=Delaware, OID.1.3.6.1.4.1.311.60.2.1.3=US, SERIALNUMBER=5931368, OID.2.5.4.15=Private Organization","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"110","avBlockList":["360 Total Security (20260430)","Bitdefender Internet Security (20260430)","G DATA INTERNET SECURITY (20260430)","K7 Total Security (20260430)","KasperskyPremium (20260430)","Malwarebytes Premium (20260430)","Panda Dome (20260430)","Quick Heal Internet Security (20260430)","Sophos Home Premium (20260430)","SpyHunter5 (20260430)","VIPRE Advanced Security (20260430)","VirIT eXplorer PRO (20260430)","Webroot SecureAnywhere (20260430)"],"avAllowList":["Avast Premium Security (20260430)","AVG Internet Security (20260430)","Avira Internet Security (20260430)","COMODO Antivirus (20260430)","Dr.Web Security Space (20260430)","ESET Internet Security (20260430)","FortectPremium (20260430)","McAfee Total Protection (20260430)","Norton Security (20260430)","Total AV Antivirus Pro (20260430)","Trend Micro Internet Security (20260430)","Windows Defender (20260430)"]},{"isRevoked":"False","fileName":"tuxlerVPN.exe","companyName":"Tuxler Privacy Technologies, Inc.","productName":"tuxlerVPN Desktop Application","productVersion":"2.3.0.8","fileVersion":"2.3.0.8","hashMD5":"5194c88f7624c94201ee209802150de6","hashSHA1":"67a3c6f39ce2978bf9c4a1fbba401ca089aef171","hashSHA256":"767e030327d9f0cedcc88a974d674e27215ae5072c5d3e43241461c082e0bf6e","digitalCertThumbprint":"65BE23B6792FD8266CECFC35ED9AF1E2E98035A8","digitalCertIssuer":"CN=GlobalSign GCC R45 EV CodeSigning CA 2020, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"E=office@tuxler.com, CN=\"TUXLER PRIVACY TECHNOLOGIES, INC.\", O=\"TUXLER PRIVACY TECHNOLOGIES, INC.\", L=Walnut Creek, S=California, C=US, OID.1.3.6.1.4.1.311.60.2.1.2=Delaware, OID.1.3.6.1.4.1.311.60.2.1.3=US, SERIALNUMBER=5931368, OID.2.5.4.15=Private Organization","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"110","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"resource sharing VPN","reference":"","landingPage":"https://www.tuxlervpn.com","directDownloadingLink":"https://www.tuxlervpn.com/download-windows/","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.tuxlervpn.com/download-windows/","sourceIndex":"110"}],"sampleFiles":["260324/TuxlerVPN-251102/2.3.0.8 new/Samples/tuxlerVPNSetup.exe"],"imageFiles":["260324/TuxlerVPN-251102/2.3.0.8 new/Images/ACR-007/ACR-007_Install_1.png","260324/TuxlerVPN-251102/2.3.0.8 new/Images/ACR-007/ACR-007_Install_3.png","260324/TuxlerVPN-251102/2.3.0.8 new/Images/ACR-007/ACR-007_Install_2.png","260324/TuxlerVPN-251102/2.3.0.8 new/Images/ACR-084/ACR-084_Software_1.png","260324/TuxlerVPN-251102/2.3.0.8 new/Images/ACR-084/ACR-084_Software_2.png","260324/TuxlerVPN-251102/2.3.0.8 new/Images/ACR-014/ACR-014_Software_1.png"],"nonDeceptorImageFiles":["260324/TuxlerVPN-251102/2.3.0.8 new/Images/ACR-123/ACR-123_Uninstall_1.png"],"guid":"24479c47-8ef1-44a7-8d26-618183d10a05_2.3.0.8 new_1","appID":"TuxlerVPN-251102","dateAdded":"260324","deceptorType":"App","name":"TuxlerVPN","company":"TUXLER PRIVACY TECHNOLOGIES, INC.","version":"2.3.0.8 new","lastKnownStatus":"2.3.0.8","lastKnownDate":"260324","type":"Windows Executable","category":"Personalization & Search","targetOS":"Windows 11,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"net proxy","lastUpdate":"2026-03-24T21:24:13.9779893+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":4},{"violations":{"ACR-007":"App does not obtain user explicit consent to reduce the consumer's security posture caused by resource sharing.\n","ACR-084":"1. Application creates auto startup item without providing option for user to disable it.\n2. Application doesn't provide visible indication that resource sharing on status.\n","ACR-014":"The app misleads the user by stating \"unprotected\", while another VPN service is already active and running.\n"},"nonDeceptorViolations":{"ACR-123":"The auto startup item is not removed during uninstallation.\n"},"samples":[{"isRevoked":"False","fileName":"tuxlerVPNSetup.exe","isInstaller":"True","companyName":"Tuxler Privacy Technologies, Inc.                           ","productName":"tuxlerVPN","productVersion":"2.3.0.8","fileVersion":"2.3.0.8","hashMD5":"ead351096aea7e698bae201db791d10e","hashSHA1":"3ec8d26ada98dfdef5044416d7dc3aa2cdfbf877","hashSHA256":"9188e5b848926666064d40c59a29744db173ed253ddd773883a601e20f3e87b1","digitalCertThumbprint":"65BE23B6792FD8266CECFC35ED9AF1E2E98035A8","digitalCertIssuer":"CN=GlobalSign GCC R45 EV CodeSigning CA 2020, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"E=office@tuxler.com, CN=\"TUXLER PRIVACY TECHNOLOGIES, INC.\", O=\"TUXLER PRIVACY TECHNOLOGIES, INC.\", L=Walnut Creek, S=California, C=US, OID.1.3.6.1.4.1.311.60.2.1.2=Delaware, OID.1.3.6.1.4.1.311.60.2.1.3=US, SERIALNUMBER=5931368, OID.2.5.4.15=Private Organization","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"154","avBlockList":["G DATA INTERNET SECURITY (20260326)","K7 Total Security (20260326)","KasperskyPremium (20260326)","Malwarebytes Premium (20260326)","McAfee Total Protection (20260326)","Panda Dome (20260326)","Quick Heal Internet Security (20260326)","Sophos Home Premium (20260326)","SpyHunter5 (20260326)","VIPRE Advanced Security (20260326)","VirIT eXplorer PRO (20260326)","Webroot SecureAnywhere (20260326)"],"avAllowList":["360 Total Security (20260326)","Avast Premium Security (20260326)","AVG Internet Security (20260326)","Avira Internet Security (20260326)","Bitdefender Internet Security (20260326)","COMODO Antivirus (20260326)","Dr.Web Security Space (20260326)","ESET Internet Security (20260326)","FortectPremium (20260326)","Norton Security (20260326)","Total AV Antivirus Pro (20260326)","Trend Micro Internet Security (20260326)","Windows Defender (20260326)"]},{"isRevoked":"False","fileName":"ExtensionHelperAppHelperTuxler.exe","companyName":"Tuxler Privacy Technologies, Inc.","productName":"Tuxler Extension Helper Application","productVersion":"1.1.5.0","fileVersion":"1.1.5.0","hashMD5":"a3b9bed64fc289c2aa00a975ec3f991e","hashSHA1":"cda27e2520f79059512627a02815c0b289cd9dcd","hashSHA256":"c0ece7053328d1cac78afa691d18a1629b7aa2c7a4b2dd55cd116b11d64bb14e","digitalCertThumbprint":"65BE23B6792FD8266CECFC35ED9AF1E2E98035A8","digitalCertIssuer":"CN=GlobalSign GCC R45 EV CodeSigning CA 2020, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"E=office@tuxler.com, CN=\"TUXLER PRIVACY TECHNOLOGIES, INC.\", O=\"TUXLER PRIVACY TECHNOLOGIES, INC.\", L=Walnut Creek, S=California, C=US, OID.1.3.6.1.4.1.311.60.2.1.2=Delaware, OID.1.3.6.1.4.1.311.60.2.1.3=US, SERIALNUMBER=5931368, OID.2.5.4.15=Private Organization","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"154","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"tuxlerVPN.exe","companyName":"Tuxler Privacy Technologies, Inc.","productName":"tuxlerVPN Desktop Application","productVersion":"2.3.0.8","fileVersion":"2.3.0.8","hashMD5":"09c5d9af8eb4b060f153629b41cf6d61","hashSHA1":"0719eacc918dca1b3d494eb79e5fbf4def603429","hashSHA256":"ddcad265e29749ac898d5ada4da81ee44fcd6c69b15b594f22d4ac37d3d39530","digitalCertThumbprint":"65BE23B6792FD8266CECFC35ED9AF1E2E98035A8","digitalCertIssuer":"CN=GlobalSign GCC R45 EV CodeSigning CA 2020, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"E=office@tuxler.com, CN=\"TUXLER PRIVACY TECHNOLOGIES, INC.\", O=\"TUXLER PRIVACY TECHNOLOGIES, INC.\", L=Walnut Creek, S=California, C=US, OID.1.3.6.1.4.1.311.60.2.1.2=Delaware, OID.1.3.6.1.4.1.311.60.2.1.3=US, SERIALNUMBER=5931368, OID.2.5.4.15=Private Organization","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"154","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"resource sharing VPN","reference":"","landingPage":"https://www.tuxlervpn.com","directDownloadingLink":"https://www.tuxlervpn.com/download-windows/","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.tuxlervpn.com/download-windows/","sourceIndex":"154"}],"sampleFiles":["251103/TuxlerVPN-251102/2.3.0.8/Samples/tuxlerVPNSetup.exe"],"imageFiles":["251103/TuxlerVPN-251102/2.3.0.8/Images/ACR-007/ACR-007_Install_1.png","251103/TuxlerVPN-251102/2.3.0.8/Images/ACR-007/ACR-007_Install_2.png","251103/TuxlerVPN-251102/2.3.0.8/Images/ACR-007/ACR-007_Install_3.png","251103/TuxlerVPN-251102/2.3.0.8/Images/ACR-084/ACR-084_Software_1.png","251103/TuxlerVPN-251102/2.3.0.8/Images/ACR-084/ACR-084_Software_2.png","251103/TuxlerVPN-251102/2.3.0.8/Images/ACR-014/ACR-014_Software_1.png"],"nonDeceptorImageFiles":["251103/TuxlerVPN-251102/2.3.0.8/Images/ACR-123/ACR-123_Uninstall_1.png"],"guid":"24479c47-8ef1-44a7-8d26-618183d10a05_2.3.0.8_1","appID":"TuxlerVPN-251102","dateAdded":"260324","deceptorType":"App","name":"TuxlerVPN","company":"TUXLER PRIVACY TECHNOLOGIES, INC.","version":"2.3.0.8","lastKnownStatus":"2.3.0.8","lastKnownDate":"260324","type":"Windows Executable","category":"Personalization & Search","targetOS":"Windows 11,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"net proxy","lastUpdate":"2026-03-24T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":5},{"violations":{"ACR-042":"The app installs a Trusted Root Certificate without obtaining the consumer's permission through explicit user action.\n","ACR-043":"The app does not provide information regarding the Trusted Root Certificate that is installed and the potential risk introduced to the user system after its installation.\n","ACR-048":"The app does not provide control to disable the notifications and remove its background processes completely within the app's settings.\n","ACR-007":"The app installs Trusted Root Certificate without obtaining the consumer's permission through explicit user action.\n","ACR-084":"On closing the app, the application doesn't exit completely. The process \"master_vpn-service.exe\" runs in the background, hiding the fact that it is active from the consumer without notifying the user. \n"},"nonDeceptorViolations":{"ACR-099":"The app does not display links to uninstall information inside software.\nThe landing page (https://vpnproxymaster.com/) does not display links to uninstall information.\n","ACR-123":"The app does not remove the Trusted Root certificate even after uninstall.\n","ACR-014":"The app misleads by displaying status as \"Exposed'\" on the landing pages(https://vpnproxymaster.com/), even though another VPN (tunnel bear) is on and running.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\VPNMaster\\VPNMaster.exe","companyName":"Innovative Connecting","productName":"VPNMaster","productVersion":"3.11.0.0","fileVersion":"3.11.0.0","hashMD5":"fe53db78e5bc1ae2cca41127c8f670bd","hashSHA1":"8a3ad2a93a5e53ae57b96d46c005844a59cbd737","hashSHA256":"20a451eedf0a0185c17b74783fb7c79fede6197db087329696558611047b4a96","digitalCertThumbprint":"07C3E4BF1A3B117D2C462418A99ED28CD41C7808","digitalCertIssuer":"Symantec Class 3 Extended Validation Code Signing CA - G2","digitalCertIssuedTo":"INNOVATIVE CONNECTING PTE. LIMITED","storeId":"","sourceIndex":"1689","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"VPNMaster_setup.exe","isInstaller":"True","companyName":"Innovative Connecting","productName":"VPNProxyMaster","productVersion":"3.11.0.0","fileVersion":"3.11.0.0","hashMD5":"36375e821e4c129a7ca7e4375ccc218c","hashSHA1":"236e0586a954cb11f068b662a6e8e1bb719dba27","hashSHA256":"9c6d24999f901aec499102e0198aa02000047e6c2da27a043565b88330f119ef","digitalCertThumbprint":"07C3E4BF1A3B117D2C462418A99ED28CD41C7808","digitalCertIssuer":"Symantec Class 3 Extended Validation Code Signing CA - G2","digitalCertIssuedTo":"INNOVATIVE CONNECTING PTE. LIMITED","storeId":"","sourceIndex":"1689","avBlockList":["360 Total Security (20220322)","Avira Internet Security (20220322)","Bitdefender Internet Security (20220322)","G DATA INTERNET SECURITY (20220322)","K7 Total Security (20220322)","Norton Security (20220322)","Panda Dome (20220322)","Sophos Home Premium (20220322)","SpyHunter5 (20220322)","Total AV Antivirus Pro (20220322)","VIPRE Advanced Security (20220322)","VirIT eXplorer PRO (20220322)","Webroot SecureAnywhere (20220322)","Windows Defender (20220322)"],"avAllowList":["Avast Premium Security (20220322)","AVG Internet Security (20220322)","COMODO Antivirus (20220322)","Dr.Web Security Space (20220322)","ESET Internet Security (20220322)","Kaspersky Internet Security (20220322)","Malwarebytes Premium (20220322)","McAfee Total Protection (20220322)","Quick Heal Internet Security (20220322)","Tencent PC Manager (20220322)","Trend Micro Internet Security (20220322)"]}],"additionalFiles":[],"sources":[{"howFound":"Free VPN in Blur BI data","reference":"","landingPage":"https://vpnproxymaster.com/","directDownloadingLink":"https://download.fastpull.net/file/windows-master/VPNMaster_setup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://download.fastpull.net/file/windows-master/VPNMaster_setup.exe","sourceIndex":"1689"}],"sampleFiles":["220310/VPNProxyMaster-220309/3.11.0.0/Samples/VPNMaster_setup.exe"],"imageFiles":["220310/VPNProxyMaster-220309/3.11.0.0/Images/ACR-043/ACR-043_Install_Root_Certificate_Installed.JPG","220310/VPNProxyMaster-220309/3.11.0.0/Images/ACR-042/ACR-042_Install_Root_Certificate_Installed.JPG","220310/VPNProxyMaster-220309/3.11.0.0/Images/ACR-007/ACR-007_Install_Root_Certificate_Installed.JPG","220310/VPNProxyMaster-220309/3.11.0.0/Images/ACR-084/ACR-084_Software_Background_Process_Exists.JPG","220310/VPNProxyMaster-220309/3.11.0.0/Images/ACR-048/ACR-048_Software_No_Control.JPG","220310/VPNProxyMaster-220309/3.11.0.0/Images/ACR-048/ACR-048_Software_No_Control_1.JPG","220310/VPNProxyMaster-220309/3.11.0.0/Images/ACR-048/ACR-048_oftware_1.JPG"],"nonDeceptorImageFiles":["220310/VPNProxyMaster-220309/3.11.0.0/Images/ACR-099/ACR-099_Software_No_Uninstall_Info.jpg","220310/VPNProxyMaster-220309/3.11.0.0/Images/ACR-123/ACR-123_Uninstall_Root_Certificate_Retained.JPG","220310/VPNProxyMaster-220309/3.11.0.0/Images/ACR-099/ACR-099_LandingPage_No_Uninstall_Info.jpg","220310/VPNProxyMaster-220309/3.11.0.0/Images/ACR-014/ACR-014_LandingPage_Misleading_Status.JPG"],"guid":"48664530-708c-4287-a879-bf93eeb1bcd3_3.11.0.0_1","appID":"VPNProxyMaster-220309","dateAdded":"260316","deceptorType":"App","name":"VPN Proxy Master","company":"INNOVATIVE CONNECTING PTE","version":"3.11.0.0","sigName":"Deceptor:Win32/VPNProxyMaster!043042007084048","lastKnownStatus":"3.11.0.0;3.12.0.0;3.13.0.0;3.17.0.0;3.18.0.0;3.19.0.0;3.20.0.0;3.21.0.0;3.25.1.0;3.25.1.0","lastKnownDate":"260316","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 7,Windows 8,Windows 10,Windows Vista,Windows XP","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2026-03-16T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":9,"sortOrder":14},{"violations":{"ACR-042":"The app installs a Trusted Root Certificate without obtaining the consumer's permission through explicit user action.\n","ACR-043":"The app does not provide information regarding the Trusted Root Certificate that is installed and the potential risk introduced to the user system after its installation.\n","ACR-048":"The app does not provide control to disable the notifications and remove its background processes completely within the app's settings.\n","ACR-007":"The app installs Trusted Root Certificate without obtaining the consumer's permission through explicit user action.\n","ACR-084":"On closing the app, the application doesn't exit completely. The processes \"master_vpn-service.exe\" and \"VPNMaster.exe\" run in the background, hiding the fact that it is active from the consumer without notifying the user. \n","ACR-118":"The Non-trusted root certificate installed by the application is not removed from the system after the application is uninstalled.\n"},"nonDeceptorViolations":{"ACR-099":"The app does not display links to uninstall information inside software.\nThe landing page (https://vpnproxymaster.com/home) does not display links to uninstall information.\n","ACR-014":"The app misleads by displaying status as \"Exposed'\" on the landing pages(https://vpnproxymaster.com/home), even though another VPN (tunnel bear) is on and running.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\VPNMaster\\master_vpn-service.exe","companyName":"Innovative Connecting","productName":"master_vpn-service","productVersion":"1.0.0.1","fileVersion":"1.0.0.1","hashMD5":"84d1b19c2468d0cf06561324a37a0e8c","hashSHA1":"6eca9bbdbe71e99ff4c1b819337d616007ca051f","hashSHA256":"481f9e150e7430426c47929e1012649738a3711cfe86f568dcefbe60bfbff54a","digitalCertThumbprint":"B621CF3191921926F1C9A6B96201051EE3EFD13E","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"INNOVATIVE CONNECTING PTE. LIMITED","storeId":"","sourceIndex":"1647","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\VPNMaster\\Startup.exe","companyName":"Innovative Connecting","productName":"Startup","productVersion":"1.0.0.1","fileVersion":"1.0.0.1","hashMD5":"f3f45056356461c1d767edfd031a1a61","hashSHA1":"7e5524af1af2eba562f4eb273d1ed466434f32b4","hashSHA256":"812c45bb0fb4416f2b2fa4ebc38ce2fa641d92a26c5af71ff3293d51f39b3f1f","digitalCertThumbprint":"B621CF3191921926F1C9A6B96201051EE3EFD13E","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"INNOVATIVE CONNECTING PTE. LIMITED","storeId":"","sourceIndex":"1647","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\VPNMaster\\VPNMaster.exe","companyName":"Innovative Connecting","productName":"VPNMaster","productVersion":"3.12.0.0","fileVersion":"3.12.0.0","hashMD5":"01ea2be9762855597d72b259c181c341","hashSHA1":"b0154b49bb50737f1bf2a3968995f5363c43b4cd","hashSHA256":"52b8a3cfccfea086bba5db4ec021f43c6d2e876ab9d0dfa54e83a2bd562ea98c","digitalCertThumbprint":"B621CF3191921926F1C9A6B96201051EE3EFD13E","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"INNOVATIVE CONNECTING PTE. LIMITED","storeId":"","sourceIndex":"1647","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"VPNMaster_setup.exe","isInstaller":"True","companyName":"Innovative Connecting","productName":"VPNProxyMaster","productVersion":"3.12.0.0","fileVersion":"3.12.0.0","hashMD5":"da1b04e331d000ecd82f689be54fb6d1","hashSHA1":"cec3c2de6f1faa31c0b5adf15f80ce92a1442dc5","hashSHA256":"b604150ef74651e6d1a31c629bb978d3565ba291f5b4ba088c4ddf93f411e5d3","digitalCertThumbprint":"B621CF3191921926F1C9A6B96201051EE3EFD13E","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"INNOVATIVE CONNECTING PTE. LIMITED","storeId":"","sourceIndex":"1647","avBlockList":["Avira Internet Security (20220426)","K7 Total Security (20220426)","McAfee Total Protection (20220426)","Norton Security (20220426)","Panda Dome (20220426)","Quick Heal Internet Security (20220426)","Sophos Home Premium (20220426)","SpyHunter5 (20220426)","Total AV Antivirus Pro (20220426)","VirIT eXplorer PRO (20220426)","Webroot SecureAnywhere (20220426)"],"avAllowList":["360 Total Security (20220426)","Avast Premium Security (20220426)","AVG Internet Security (20220426)","Bitdefender Internet Security (20220426)","COMODO Antivirus (20220426)","Dr.Web Security Space (20220426)","ESET Internet Security (20220426)","G DATA INTERNET SECURITY (20220426)","Kaspersky Internet Security (20220426)","Malwarebytes Premium (20220426)","Tencent PC Manager (20220426)","Trend Micro Internet Security (20220426)","VIPRE Advanced Security (20220426)","Windows Defender (20220426)"]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on VPN app","reference":"","landingPage":"https://vpnproxymaster.com/","directDownloadingLink":"https://download.fastpull.net/file/windows-master/VPNMaster_setup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://download.fastpull.net/file/windows-master/VPNMaster_setup.exe","sourceIndex":"1647"}],"sampleFiles":["220413/VPNProxyMaster-220309/3.12.0.0/Samples/VPNMaster_setup.exe"],"imageFiles":["220413/VPNProxyMaster-220309/3.12.0.0/Images/ACR-043/ACR-043_Install.JPG","220413/VPNProxyMaster-220309/3.12.0.0/Images/ACR-043/ACR-043_Install_1.JPG","220413/VPNProxyMaster-220309/3.12.0.0/Images/ACR-042/ACR-042_Install.JPG","220413/VPNProxyMaster-220309/3.12.0.0/Images/ACR-042/ACR-042_Install_1.JPG","220413/VPNProxyMaster-220309/3.12.0.0/Images/ACR-007/ACR-007_Install.JPG","220413/VPNProxyMaster-220309/3.12.0.0/Images/ACR-007/ACR-007_Install_1.JPG","220413/VPNProxyMaster-220309/3.12.0.0/Images/ACR-084/ACR-084_Software.JPG","220413/VPNProxyMaster-220309/3.12.0.0/Images/ACR-048/ACR-048_Software_No_Control.JPG","220413/VPNProxyMaster-220309/3.12.0.0/Images/ACR-048/ACR-048_Software_No_Control_1.JPG","220413/VPNProxyMaster-220309/3.12.0.0/Images/ACR-048/ACR-048_Software_No_Control_2.JPG","220413/VPNProxyMaster-220309/3.12.0.0/Images/ACR-118/ACR-118_Uninstall.JPG","220413/VPNProxyMaster-220309/3.12.0.0/Images/ACR-118/ACR-118_Uninstall_1.JPG"],"nonDeceptorImageFiles":["220413/VPNProxyMaster-220309/3.12.0.0/Images/ACR-099/ACR-099_Software.JPG","220413/VPNProxyMaster-220309/3.12.0.0/Images/ACR-099/ACR-099_Landingpage.JPG","220413/VPNProxyMaster-220309/3.12.0.0/Images/ACR-014/ACR-014_Landingpage_Misleading.JPG"],"guid":"48664530-708c-4287-a879-bf93eeb1bcd3_3.12.0.0_1","appID":"VPNProxyMaster-220309","dateAdded":"260316","deceptorType":"App","name":"VPN Proxy Master","company":"INNOVATIVE CONNECTING PTE","version":"3.12.0.0","lastKnownStatus":"3.11.0.0;3.12.0.0;3.13.0.0;3.17.0.0;3.18.0.0;3.19.0.0;3.20.0.0;3.21.0.0;3.25.1.0;3.25.1.0","lastKnownDate":"260316","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 7,Windows 8,Windows 10,Windows Vista,Windows XP","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2026-03-16T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":9,"sortOrder":13},{"violations":{"ACR-042":"The app installs a Trusted Root Certificate without obtaining the consumer's permission through explicit user action.\n","ACR-043":"The app does not provide information regarding the Trusted Root Certificate that is installed and the potential risk introduced to the user system after its installation.\n","ACR-048":"The app does not provide control to disable the notifications and remove its background processes completely within the app's settings.\n","ACR-007":"The app installs Trusted Root Certificate without obtaining the consumer's permission through explicit user action.\n","ACR-084":"On closing the app, the application doesn't exit completely. The process \"master_vpn-service.exe\" runs in the background, hiding the fact that it is active from the consumer without notifying the user. \n","ACR-118":"The Non-trusted root certificate installed by the application is not removed from the system after the application is uninstalled.\n"},"nonDeceptorViolations":{"ACR-045":"The app does not describe clearly what effect is caused to the user's system due to the installation of the Trusted Root Certificate.\n","ACR-099":"The app does not display links to uninstall information inside software.\nThe landing page (https://vpnproxymaster.com/home) does not display links to uninstall information.\n","ACR-014":"The app misleads by displaying status as \"Exposed'\" on the landing pages(https://vpnproxymaster.com/home), even though another VPN is on and running.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\VPNMaster\\VPNMaster.exe","companyName":"Innovative Connecting","productName":"VPNMaster","productVersion":"3.13.0.0","fileVersion":"3.13.0.0","hashMD5":"4e8e449725d983e249f3fe2677f12d10","hashSHA1":"6a818446411bd23b5d34eb5e49a9137a52372d61","hashSHA256":"f7231234c0c735bf5220093dcf4007b474b366c7966e00680fe08cd4c5df8b33","digitalCertThumbprint":"B621CF3191921926F1C9A6B96201051EE3EFD13E","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"INNOVATIVE CONNECTING PTE. LIMITED","storeId":"","sourceIndex":"1405","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\VPNMaster\\master_vpn-service.exe","companyName":"Innovative Connecting","productName":"master_vpn-service","productVersion":"1.0.0.1","fileVersion":"1.0.0.1","hashMD5":"401c73812aa8c1904829c6408defcdea","hashSHA1":"b694fd4b8bdab555e6f8ca9ce5b719a0d631aef8","hashSHA256":"c4c69589d8df94319c7c8fe47434c03e9edd0731b83e9c21420eb347c6922d0e","digitalCertThumbprint":"B621CF3191921926F1C9A6B96201051EE3EFD13E","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"INNOVATIVE CONNECTING PTE. LIMITED","storeId":"","sourceIndex":"1405","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"VPNMaster_setup.exe","isInstaller":"True","companyName":"Innovative Connecting","productName":"VPNProxyMaster","productVersion":"3.13.0.0","fileVersion":"3.13.0.0","hashMD5":"9e60476466ae4ae51a5c6c0feaeb8598","hashSHA1":"5d9a42b1b5d99414b90c5ffa9a603b73b6e645b1","hashSHA256":"2861a0cea1c7eb406e3a5c470311b22398b54da0f7c40e954f36f1f71cf368ee","digitalCertThumbprint":"B621CF3191921926F1C9A6B96201051EE3EFD13E","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"INNOVATIVE CONNECTING PTE. LIMITED","storeId":"","sourceIndex":"1405","avBlockList":["Avast Premium Security (20230615)","AVG Internet Security (20230615)","Avira Internet Security (20230615)","K7 Total Security (20230615)","Malwarebytes Premium (20230615)","McAfee Total Protection (20230615)","Norton Security (20230615)","Panda Dome (20230615)","Sophos Home Premium (20230615)","SpyHunter5 (20230615)","Total AV Antivirus Pro (20230615)","VirIT eXplorer PRO (20230615)","Webroot SecureAnywhere (20230615)"],"avAllowList":["360 Total Security (20230615)","Bitdefender Internet Security (20230615)","COMODO Antivirus (20230615)","Dr.Web Security Space (20230615)","ESET Internet Security (20230615)","G DATA INTERNET SECURITY (20230615)","Kaspersky Internet Security (20230615)","Quick Heal Internet Security (20230615)","Trend Micro Internet Security (20230615)","VIPRE Advanced Security (20230615)","Windows Defender (20230615)"]}],"additionalFiles":[],"sources":[{"howFound":"Free VPN in Blur BI data","reference":"","landingPage":"https://vpnproxymaster.com/","directDownloadingLink":"https://download.fastpull.net/file/windows-master/VPNMaster_setup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://download.fastpull.net/file/windows-master/VPNMaster_setup.exe","sourceIndex":"1405"}],"sampleFiles":["220927/VPNProxyMaster-220309/3.13.0.0/Samples/VPNMaster_setup.exe"],"imageFiles":["220927/VPNProxyMaster-220309/3.13.0.0/Images/ACR-043/ACR-043.JPG","220927/VPNProxyMaster-220309/3.13.0.0/Images/ACR-042/ACR-042.JPG","220927/VPNProxyMaster-220309/3.13.0.0/Images/ACR-007/ACR-007.JPG","220927/VPNProxyMaster-220309/3.13.0.0/Images/ACR-084/ACR-084.JPG","220927/VPNProxyMaster-220309/3.13.0.0/Images/ACR-048/ACR-048_1.JPG","220927/VPNProxyMaster-220309/3.13.0.0/Images/ACR-048/ACR-048_2.JPG","220927/VPNProxyMaster-220309/3.13.0.0/Images/ACR-048/ACR-048_3.JPG","220927/VPNProxyMaster-220309/3.13.0.0/Images/ACR-118/ACR-118.JPG"],"nonDeceptorImageFiles":["220927/VPNProxyMaster-220309/3.13.0.0/Images/ACR-045/ACR-045.JPG","220927/VPNProxyMaster-220309/3.13.0.0/Images/ACR-099/ACR-099.JPG","220927/VPNProxyMaster-220309/3.13.0.0/Images/ACR-099/ACR-099_LandingPage.JPG","220927/VPNProxyMaster-220309/3.13.0.0/Images/ACR-014/ACR-014.JPG"],"guid":"48664530-708c-4287-a879-bf93eeb1bcd3_3.13.0.0_1","appID":"VPNProxyMaster-220309","dateAdded":"260316","deceptorType":"App","name":"VPN Proxy Master","company":"INNOVATIVE CONNECTING PTE","version":"3.13.0.0","lastKnownStatus":"3.11.0.0;3.12.0.0;3.13.0.0;3.17.0.0;3.18.0.0;3.19.0.0;3.20.0.0;3.21.0.0;3.25.1.0;3.25.1.0","lastKnownDate":"260316","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 7,Windows 8,Windows 10,Windows Vista,Windows XP","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2026-03-16T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":9,"sortOrder":12},{"violations":{"ACR-042":"The app installs a self signed Trusted Root Certificate without obtaining the consumer's permission through explicit user action.\n","ACR-043":"The app does not provide information regarding the self signed Trusted Root Certificate that is installed and the potential risk introduced to the user system after its installation.\n","ACR-048":"The app does not provide control to disable the notifications and remove its background processes completely within the app's settings.\n","ACR-007":"The app does not obtain user consent to reduce the consumer's security posture caused by installing a self signed trusted root certificate.\n","ACR-084":"On closing the app, the application doesn't exit completely. Some of the processes run in the background, hiding the fact that it is active from the consumer without notifying the user. \n","ACR-118":"The self signed trusted root certificate installed by the application is not removed from the system after the application is uninstalled.\n"},"nonDeceptorViolations":{"ACR-045":"The app does not describe clearly what effect is caused to the user's system due to the installation of the Trusted Root Certificate.\n","ACR-099":"The app does not display links to uninstall information inside software.\nThe landing page (https://vpnproxymaster.com/) does not display links to uninstall information.\n","ACR-123":"The app does not remove the installed Trusted Root certificate even after uninstalling.\n","ACR-018":"The app is promoted using articles that offer to help the consumer break the law across the Landing Pages(https://vpnproxymaster.com/what-is-vpn   and    https://vpnproxymaster.com/download). \n","ACR-014":"The app misleads by displaying status as \"Exposed'\" on the landing pages(https://vpnproxymaster.com/home), even though another VPN is on and running.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\VPNMaster\\master_vpn-service.exe","companyName":"Innovative Connecting","productName":"master_vpn-service","productVersion":"1.0.0.1","fileVersion":"1.0.0.1","hashMD5":"405b03d25f0d76ce76927a6a8c6e6e59","hashSHA1":"60381c1014551b8036fdb66125f6e3d2a7c57817","hashSHA256":"596982a66185ac8f77658e39d59af1ed787b7389ecab2f441392ce6432a3a2f4","digitalCertThumbprint":"B621CF3191921926F1C9A6B96201051EE3EFD13E","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"INNOVATIVE CONNECTING PTE. LIMITED","storeId":"","sourceIndex":"1294","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\VPNMaster\\VPNMaster.exe","companyName":"Innovative Connecting","productName":"VPNMaster","productVersion":"3.18.0.0","fileVersion":"3.18.0.0","hashMD5":"e2a8b1fa14711151ea0520b7aa10b9ed","hashSHA1":"710c2b3f91048e71a3b885f8f1d707faa265f7b0","hashSHA256":"1834f79fdda30cf5e9907b0bc78cc1b90628b328f291914dcbf6eb74f1560c54","digitalCertThumbprint":"B621CF3191921926F1C9A6B96201051EE3EFD13E","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"INNOVATIVE CONNECTING PTE. LIMITED","storeId":"","sourceIndex":"1294","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"VPNMaster_setup.exe","isInstaller":"True","companyName":"Innovative Connecting","productName":"VPNProxyMaster","productVersion":"3.18.0.0","fileVersion":"3.18.0.0","hashMD5":"16bfe981cc33dc60d1c2c99d81ae6d44","hashSHA1":"cf14de9c0e4ad3d9cf57aa24e504e2ca068b86cb","hashSHA256":"8b76093340a228d2bff0693f8ec0742c52ac42ec363fa5047402fc7bedd0beb0","digitalCertThumbprint":"B621CF3191921926F1C9A6B96201051EE3EFD13E","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"INNOVATIVE CONNECTING PTE. LIMITED","storeId":"","sourceIndex":"1294","avBlockList":["Avast Premium Security (20230124)","AVG Internet Security (20230124)","Avira Internet Security (20230124)","K7 Total Security (20230124)","Malwarebytes Premium (20230124)","McAfee Total Protection (20230124)","Norton Security (20230124)","Panda Dome (20230124)","Quick Heal Internet Security (20230124)","Sophos Home Premium (20230124)","SpyHunter5 (20230124)","Total AV Antivirus Pro (20230124)","VirIT eXplorer PRO (20230124)","Webroot SecureAnywhere (20230124)","Windows Defender (20230124)"],"avAllowList":["360 Total Security (20230124)","Bitdefender Internet Security (20230124)","COMODO Antivirus (20230124)","Dr.Web Security Space (20230124)","ESET Internet Security (20230124)","G DATA INTERNET SECURITY (20230124)","Kaspersky Internet Security (20230124)","Trend Micro Internet Security (20230124)","VIPRE Advanced Security (20230124)"]}],"additionalFiles":[],"sources":[{"howFound":"Free VPN in Blur BI data","reference":"","landingPage":"https://vpnproxymaster.com/","directDownloadingLink":"https://download.fastpull.net/file/windows-master/VPNMaster_setup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://download.fastpull.net/file/windows-master/VPNMaster_setup.exe","sourceIndex":"1294"}],"sampleFiles":["221122/VPNProxyMaster-220309/3.18.0.0/Samples/VPNMaster_setup.exe"],"imageFiles":["221122/VPNProxyMaster-220309/3.18.0.0/Images/ACR-043/ACR-043.JPG","221122/VPNProxyMaster-220309/3.18.0.0/Images/ACR-042/ACR-042.JPG","221122/VPNProxyMaster-220309/3.18.0.0/Images/ACR-007/ACR-007.JPG","221122/VPNProxyMaster-220309/3.18.0.0/Images/ACR-084/ACR-084.JPG","221122/VPNProxyMaster-220309/3.18.0.0/Images/ACR-048/ACR-048.JPG","221122/VPNProxyMaster-220309/3.18.0.0/Images/ACR-048/ACR-048_1.JPG","221122/VPNProxyMaster-220309/3.18.0.0/Images/ACR-048/ACR-048_2.JPG","221122/VPNProxyMaster-220309/3.18.0.0/Images/ACR-118/ACR-118.JPG"],"nonDeceptorImageFiles":["221122/VPNProxyMaster-220309/3.18.0.0/Images/ACR-045/ACR-045.JPG","221122/VPNProxyMaster-220309/3.18.0.0/Images/ACR-099/ACR-099_Software.JPG","221122/VPNProxyMaster-220309/3.18.0.0/Images/ACR-123/ACR-123.JPG","221122/VPNProxyMaster-220309/3.18.0.0/Images/ACR-099/ACR-099_Landingpage.JPG","221122/VPNProxyMaster-220309/3.18.0.0/Images/ACR-014/ACR-014.JPG","221122/VPNProxyMaster-220309/3.18.0.0/Images/ACR-018/ACR-018.JPG","221122/VPNProxyMaster-220309/3.18.0.0/Images/ACR-018/ACR-018_1.jpg"],"guid":"48664530-708c-4287-a879-bf93eeb1bcd3_3.18.0.0_1","appID":"VPNProxyMaster-220309","dateAdded":"260316","deceptorType":"App","name":"VPN Proxy Master","company":"INNOVATIVE CONNECTING PTE","version":"3.18.0.0","lastKnownStatus":"3.11.0.0;3.12.0.0;3.13.0.0;3.17.0.0;3.18.0.0;3.19.0.0;3.20.0.0;3.21.0.0;3.25.1.0;3.25.1.0","lastKnownDate":"260316","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 7,Windows 8,Windows 10,Windows Vista,Windows XP","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2026-03-16T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":9,"sortOrder":10},{"violations":{"ACR-042":"The app installs a self signed Trusted Root Certificate without obtaining the consumer's permission through explicit user action.\n","ACR-043":"The app does not provide information regarding the self signed Trusted Root Certificate that is installed and the potential risk introduced to the user system after its installation.\n","ACR-048":"The app does not provide control to disable the notifications and remove its background processes completely within the app's settings.\n","ACR-007":"The app does not obtain user consent to reduce the consumer's security posture caused by installing a self signed trusted root certificate.\n","ACR-084":"On closing the app, the application doesn't exit completely. Some of the processes run in the background, hiding the fact that it is active from the consumer without notifying the user. \n","ACR-118":"The self signed trusted root certificate installed by the application is not removed from the system after the application is uninstalled.\n"},"nonDeceptorViolations":{"ACR-045":"The app does not describe clearly what effect is caused to the user's system due to the installation of the Trusted Root Certificate.\n","ACR-099":"The app does not display links to uninstall information inside software.\nThe landing page (https://vpnproxymaster.com/) does not display links to uninstall information.\n","ACR-018":"The app is promoted using articles that offer to help the consumer break the law across the Landing Pages(https://vpnproxymaster.com/what-is-vpn   and    https://vpnproxymaster.com/download). \n","ACR-014":"The app misleads by displaying status as \"Exposed'\" on the landing pages(https://vpnproxymaster.com/home), even though another VPN is on and running.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\VPNMaster\\master_vpn-service.exe","companyName":"Innovative Connecting","productName":"master_vpn-service","productVersion":"1.0.0.1","fileVersion":"1.0.0.1","hashMD5":"2f8039f6f49b063dc37d2ff25725b0bb","hashSHA1":"545798b75639a5f6ad33941a90615bfd293624da","hashSHA256":"fc748b3352e385c4a274a267268154830aa749e2125873c2d6994dfdf3b543d7","digitalCertThumbprint":"B621CF3191921926F1C9A6B96201051EE3EFD13E","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"INNOVATIVE CONNECTING PTE. LIMITED","storeId":"","sourceIndex":"1380","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\VPNMaster\\VPNMaster.exe","companyName":"Innovative Connecting","productName":"VPNMaster","productVersion":"3.17.0.0","fileVersion":"3.17.0.0","hashMD5":"30620e8cc02ce9a8660d08a33a31dd9e","hashSHA1":"f3674ce85a4937f5915de61d5adadbc8978c736b","hashSHA256":"6fc9fa65402e119609e4e422688516d199db1265931cbcfc067bed0b1ad2a6e9","digitalCertThumbprint":"B621CF3191921926F1C9A6B96201051EE3EFD13E","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"INNOVATIVE CONNECTING PTE. LIMITED","storeId":"","sourceIndex":"1380","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"VPNMaster_setup.exe","isInstaller":"True","companyName":"Innovative Connecting","productName":"VPNProxyMaster","productVersion":"3.17.0.0","fileVersion":"3.17.0.0","hashMD5":"bda22f80dfdcc32f6b3dcba9ff72038c","hashSHA1":"d1a444c984027c970ef829c59bf93d043d1ab493","hashSHA256":"464829643a47166115404a107b5a855092d51adea6b7a4aae8911d2070b36755","digitalCertThumbprint":"B621CF3191921926F1C9A6B96201051EE3EFD13E","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"INNOVATIVE CONNECTING PTE. LIMITED","storeId":"","sourceIndex":"1380","avBlockList":["Avast Premium Security (20221027)","AVG Internet Security (20221027)","Avira Internet Security (20221027)","COMODO Antivirus (20221027)","K7 Total Security (20221027)","Malwarebytes Premium (20221027)","McAfee Total Protection (20221027)","Norton Security (20221027)","Panda Dome (20221027)","Sophos Home Premium (20221027)","SpyHunter5 (20221027)","Total AV Antivirus Pro (20221027)","VirIT eXplorer PRO (20221027)","Webroot SecureAnywhere (20221027)"],"avAllowList":["360 Total Security (20221027)","Bitdefender Internet Security (20221027)","Dr.Web Security Space (20221027)","ESET Internet Security (20221027)","G DATA INTERNET SECURITY (20221027)","Kaspersky Internet Security (20221027)","Quick Heal Internet Security (20221027)","Trend Micro Internet Security (20221027)","VIPRE Advanced Security (20221027)","Windows Defender (20221027)"]}],"additionalFiles":[],"sources":[{"howFound":"Free VPN in Blur BI data","reference":"","landingPage":"https://vpnproxymaster.com/","directDownloadingLink":"https://vpnproxymaster.com/download/windows","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://vpnproxymaster.com/download/windows","sourceIndex":"1380"}],"sampleFiles":["221011/VPNProxyMaster-220309/3.17.0.0/Samples/VPNMaster_setup.exe"],"imageFiles":["221011/VPNProxyMaster-220309/3.17.0.0/Images/ACR-043/ACR-043.JPG","221011/VPNProxyMaster-220309/3.17.0.0/Images/ACR-042/ACR-042.JPG","221011/VPNProxyMaster-220309/3.17.0.0/Images/ACR-007/ACR-007.JPG","221011/VPNProxyMaster-220309/3.17.0.0/Images/ACR-084/ACR-084.JPG","221011/VPNProxyMaster-220309/3.17.0.0/Images/ACR-048/ACR-048_1.JPG","221011/VPNProxyMaster-220309/3.17.0.0/Images/ACR-048/ACR-048_2.JPG","221011/VPNProxyMaster-220309/3.17.0.0/Images/ACR-048/ACR-048_3.JPG","221011/VPNProxyMaster-220309/3.17.0.0/Images/ACR-118/ACR-118.JPG"],"nonDeceptorImageFiles":["221011/VPNProxyMaster-220309/3.17.0.0/Images/ACR-045/ACR-045.JPG","221011/VPNProxyMaster-220309/3.17.0.0/Images/ACR-099/ACR-099.JPG","221011/VPNProxyMaster-220309/3.17.0.0/Images/ACR-099/ACR-099_1.JPG","221011/VPNProxyMaster-220309/3.17.0.0/Images/ACR-014/ACR-014.JPG","221011/VPNProxyMaster-220309/3.17.0.0/Images/ACR-018/ACR-018_1.JPG","221011/VPNProxyMaster-220309/3.17.0.0/Images/ACR-018/ACR-018_2.JPG"],"guid":"48664530-708c-4287-a879-bf93eeb1bcd3_3.17.0.0_1","appID":"VPNProxyMaster-220309","dateAdded":"260316","deceptorType":"App","name":"VPN Proxy Master","company":"INNOVATIVE CONNECTING PTE","version":"3.17.0.0","lastKnownStatus":"3.11.0.0;3.12.0.0;3.13.0.0;3.17.0.0;3.18.0.0;3.19.0.0;3.20.0.0;3.21.0.0;3.25.1.0;3.25.1.0","lastKnownDate":"260316","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 7,Windows 8,Windows 10,Windows Vista,Windows XP","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2026-03-16T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":9,"sortOrder":11},{"violations":{"ACR-042":"The app installs a self signed Trusted Root Certificate without obtaining the consumer's permission through explicit user action.\n","ACR-043":"The app does not provide information regarding the self signed Trusted Root Certificate that is installed and the potential risk introduced to the user system after its installation.\n","ACR-046":"The Subscription related disclosures are obscure & require scrolling and are presented in a way that is unclear and not easily readable. \n","ACR-048":"The app does not provide control to cancel the installation process.\nThe app does not provide control to disable the notifications. Application can be closed/exit completely.\n","ACR-007":"The app does not obtain user consent to reduce the consumer's security posture caused by installing a self signed trusted root certificate.\n","ACR-084":"On closing the app, the application doesn't exit completely. Some of the processes run in the background, hiding the fact that it is active from the consumer without notifying the user. \n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains the self-signed trusted root certificate without the consumer's consent or notifying the user.\n"},"nonDeceptorViolations":{"ACR-045":"The app does not describe clearly what effect is caused to the user's system due to the installation of the Trusted Root Certificate.\n","ACR-099":"The app does not display links to uninstall information inside software.\nThe landing page (https://vpnproxymaster.com/) does not display links to uninstall information.\n","ACR-123":"The app does not remove the installed Trusted Root certificate even after uninstalling.\n","ACR-018":"The app is promoted using articles that offer to help the consumer break the law across the Landing Pages(https://vpnproxymaster.com/what-is-vpn   and    https://vpnproxymaster.com/download).\n","ACR-011":"The Advertisement was not clearly labeled as an Ad and it was displayed as if it was part of the app.\n","ACR-014":"The app misleads by displaying status as \"Exposed\" on the landing pages(https://vpnproxymaster.com/home), even though another VPN is on and running.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\VPNMaster\\master_vpn-service.exe","companyName":"Innovative Connecting","productName":"master_vpn-service","productVersion":"1.0.0.1","fileVersion":"1.0.0.1","hashMD5":"3fe3fd1ee9a5b02e65f4a4a93805bc6f","hashSHA1":"e015abcc8f066200b9c6b09eb4dc2cab99788fc8","hashSHA256":"e0fdfa93ba5eb500b68a223fd211ea0b22eb1795215afec03d022b707a2a119a","digitalCertThumbprint":"B621CF3191921926F1C9A6B96201051EE3EFD13E","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"INNOVATIVE CONNECTING PTE. LIMITED","storeId":"","sourceIndex":"1191","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\VPNMaster\\VPNMaster.exe","companyName":"Innovative Connecting","productName":"VPNMaster","productVersion":"3.20.0.0","fileVersion":"3.20.0.0","hashMD5":"7793f1d57394094e29c5e5698f169b94","hashSHA1":"7888ebb9414b769c03ae35c51952e63683296f4d","hashSHA256":"feca8676ae42b94fc7f5015807027022da515593eecfee54f55cdffbd0a0e2dd","digitalCertThumbprint":"B621CF3191921926F1C9A6B96201051EE3EFD13E","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"INNOVATIVE CONNECTING PTE. LIMITED","storeId":"","sourceIndex":"1191","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"VPNMaster_setup.exe","isInstaller":"True","companyName":"Innovative Connecting","productName":"VPNProxyMaster","productVersion":"3.20.0.0","fileVersion":"3.20.0.0","hashMD5":"d0311e3aa9855d7406ade40c64af0caa","hashSHA1":"4525d4c96968293b5d5db343b30c53c2e4a75606","hashSHA256":"12af3f4d8b32f11d9a6925d4959b05464fac48c58dd4728ba58261dd61fb6172","digitalCertThumbprint":"B621CF3191921926F1C9A6B96201051EE3EFD13E","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"INNOVATIVE CONNECTING PTE. LIMITED","storeId":"","sourceIndex":"1191","avBlockList":["Avast Premium Security (20230504)","AVG Internet Security (20230504)","Avira Internet Security (20230504)","Bitdefender Internet Security (20230504)","G DATA INTERNET SECURITY (20230504)","K7 Total Security (20230504)","Malwarebytes Premium (20230504)","McAfee Total Protection (20230504)","Norton Security (20230504)","Panda Dome (20230504)","Quick Heal Internet Security (20230504)","Sophos Home Premium (20230504)","SpyHunter5 (20230504)","Total AV Antivirus Pro (20230504)","VIPRE Advanced Security (20230504)","VirIT eXplorer PRO (20230504)","Webroot SecureAnywhere (20230504)"],"avAllowList":["360 Total Security (20230504)","COMODO Antivirus (20230504)","Dr.Web Security Space (20230504)","ESET Internet Security (20230504)","Kaspersky Internet Security (20230504)","Trend Micro Internet Security (20230504)","Windows Defender (20230504)"]}],"additionalFiles":[],"sources":[{"howFound":"Free VPN in Blur BI data","reference":"","landingPage":"https://vpnproxymaster.com/","directDownloadingLink":"https://vpnproxymaster.com/download/windows","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://vpnproxymaster.com/download/windows","sourceIndex":"1191"}],"sampleFiles":["230328/VPNProxyMaster-220309/3.20.0.0/Samples/VPNMaster_setup.exe"],"imageFiles":["230328/VPNProxyMaster-220309/3.20.0.0/Images/ACR-043/ACR-043.JPG","230328/VPNProxyMaster-220309/3.20.0.0/Images/ACR-042/ACR-042.JPG","230328/VPNProxyMaster-220309/3.20.0.0/Images/ACR-048/ACR-048.JPG","230328/VPNProxyMaster-220309/3.20.0.0/Images/ACR-007/ACR-007.JPG","230328/VPNProxyMaster-220309/3.20.0.0/Images/ACR-084/ACR-084.JPG","230328/VPNProxyMaster-220309/3.20.0.0/Images/ACR-048/ACR-048_1.JPG","230328/VPNProxyMaster-220309/3.20.0.0/Images/ACR-048/ACR-048_2.JPG","230328/VPNProxyMaster-220309/3.20.0.0/Images/ACR-048/ACR-048_3.JPG","230328/VPNProxyMaster-220309/3.20.0.0/Images/ACR-118/ACR-118_1.JPG","230328/VPNProxyMaster-220309/3.20.0.0/Images/ACR-046/ACR-046.JPG"],"nonDeceptorImageFiles":["230328/VPNProxyMaster-220309/3.20.0.0/Images/ACR-045/ACR-045.JPG","230328/VPNProxyMaster-220309/3.20.0.0/Images/ACR-099/ACR-099_Software.JPG","230328/VPNProxyMaster-220309/3.20.0.0/Images/ACR-123/ACR-123.JPG","230328/VPNProxyMaster-220309/3.20.0.0/Images/ACR-099/ACR-099_Landingpage.JPG","230328/VPNProxyMaster-220309/3.20.0.0/Images/ACR-014/ACR-014.JPG","230328/VPNProxyMaster-220309/3.20.0.0/Images/ACR-018/ACR-018.JPG","230328/VPNProxyMaster-220309/3.20.0.0/Images/ACR-018/ACR-018_1.jpg","230328/VPNProxyMaster-220309/3.20.0.0/Images/ACR-011/ACR-011.JPG","230328/VPNProxyMaster-220309/3.20.0.0/Images/ACR-011/ACR-011-1.JPG"],"guid":"48664530-708c-4287-a879-bf93eeb1bcd3_3.20.0.0_1","appID":"VPNProxyMaster-220309","dateAdded":"260316","deceptorType":"App","name":"VPN Proxy Master","company":"INNOVATIVE CONNECTING PTE","version":"3.20.0.0","lastKnownStatus":"3.11.0.0;3.12.0.0;3.13.0.0;3.17.0.0;3.18.0.0;3.19.0.0;3.20.0.0;3.21.0.0;3.25.1.0;3.25.1.0","lastKnownDate":"260316","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 7,Windows 8,Windows 10,Windows Vista,Windows XP","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2026-03-16T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":9,"sortOrder":8},{"violations":{"ACR-042":"The app installs a self signed Trusted Root Certificate without obtaining the consumer's permission through explicit user action.\n","ACR-043":"The app does not provide information regarding the self signed Trusted Root Certificate that is installed and the potential risk introduced to the user system after its installation.\n","ACR-046":"The Subscription related disclosures are obscure & require scrolling and are presented in a way that is unclear and not easily readable. \n","ACR-048":"The app does not provide control to cancel the installation process.\nThe app does not provide control to disable the notifications. Application process can't exit completely even user exit the app from systray\n","ACR-007":"The app does not obtain user consent to reduce the consumer's security posture caused by installing a self signed trusted root certificate.\n","ACR-084":"On closing the app, the application doesn't exit completely. Some of the processes run in the background, hiding the fact that it is active from the consumer without notifying the user. \n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains the self-signed trusted root certificate without the consumer's consent or notifying the user.\n"},"nonDeceptorViolations":{"ACR-045":"The app does not describe clearly what effect is caused to the user's system due to the installation of the Trusted Root Certificate.\n","ACR-123":"The app does not remove the installed Trusted Root certificate even after uninstalling.\n","ACR-018":"The app is promoted using articles that offer to help the consumer break the law across the Landing Pages(https://vpnproxymaster.com/what-is-vpn   and    https://vpnproxymaster.com/download).\n","ACR-011":"The Advertisement was not clearly labeled as an Ad and it was displayed as if it was part of the app.\n","ACR-014":"The app misleads by displaying status as \"Exposed\" on the landing pages (https://vpnproxymaster.com/home), even though another VPN is on and running.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\VPNMaster\\master_vpn-service.exe","companyName":"Innovative Connecting","productName":"master_vpn-service","productVersion":"1.0.0.1","fileVersion":"1.0.0.1","hashMD5":"4282a2635ae5801f6322bc52871bda7d","hashSHA1":"970e2182ecd29b456b8e9ce653ae503ca2fa09f6","hashSHA256":"5d2284a4d1e93afe3a97013d6ce887705302b8e00cd8af452cc7c0e0e5082687","digitalCertThumbprint":"B621CF3191921926F1C9A6B96201051EE3EFD13E","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"INNOVATIVE CONNECTING PTE. LIMITED","storeId":"","sourceIndex":"1116","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\VPNMaster\\VPNMaster.exe","companyName":"Innovative Connecting","productName":"VPNMaster","productVersion":"3.21.0.0","fileVersion":"3.21.0.0","hashMD5":"568640a75afe06e46aaaaf95f5f778e2","hashSHA1":"99582ede98d8b47a1a32aa2451d367f3bb756e17","hashSHA256":"8e4cea578cce63e3e8b09093f112e7c344bf3e4078ab56d9e04ce02efb1473dc","digitalCertThumbprint":"B621CF3191921926F1C9A6B96201051EE3EFD13E","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"INNOVATIVE CONNECTING PTE. LIMITED","storeId":"","sourceIndex":"1116","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"VPNMaster_setup.exe","isInstaller":"True","companyName":"Innovative Connecting","productName":"VPNProxyMaster","productVersion":"3.21.0.0","fileVersion":"3.21.0.0","hashMD5":"5640727c164ee968d3938b381c930096","hashSHA1":"8b200e98498fe5ed91587d40769a65a86dee1df4","hashSHA256":"d754ec37b113d42c789a4e8fb9bd35fe26ae65f9f2711d920d39b343adca0c93","digitalCertThumbprint":"B621CF3191921926F1C9A6B96201051EE3EFD13E","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"INNOVATIVE CONNECTING PTE. LIMITED","storeId":"","sourceIndex":"1116","avBlockList":["Avast Premium Security (20260317)","AVG Internet Security (20260317)","Avira Internet Security (20260317)","Dr.Web Security Space (20260317)","ESET Internet Security (20260317)","G DATA INTERNET SECURITY (20260317)","Malwarebytes Premium (20260317)","McAfee Total Protection (20260317)","Norton Security (20260317)","Panda Dome (20260317)","Quick Heal Internet Security (20260317)","Sophos Home Premium (20260317)","SpyHunter5 (20260317)","Total AV Antivirus Pro (20260317)","VirIT eXplorer PRO (20260317)","Webroot SecureAnywhere (20260317)","FortectPremium (20260317)"],"avAllowList":["360 Total Security (20260317)","Bitdefender Internet Security (20260317)","COMODO Antivirus (20260317)","K7 Total Security (20260317)","Kaspersky Internet Security (20230518)","Trend Micro Internet Security (20260317)","VIPRE Advanced Security (20260317)","Windows Defender (20260317)","KasperskyPremium (20260317)"]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on windows app","reference":"","landingPage":"https://vpnproxymaster.com/download/windows","directDownloadingLink":"https://vpnproxymaster.com/download/windows/VPNMaster_setup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://vpnproxymaster.com/download/windows/VPNMaster_setup.exe","sourceIndex":"1116"}],"sampleFiles":["230508/VPNProxyMaster-220309/3.21.0.0/Samples/VPNMaster_setup.exe"],"imageFiles":["230508/VPNProxyMaster-220309/3.21.0.0/Images/ACR-043/ACR-043.JPG","230508/VPNProxyMaster-220309/3.21.0.0/Images/ACR-042/ACR-042.JPG","230508/VPNProxyMaster-220309/3.21.0.0/Images/ACR-048/ACR-048_Install.JPG","230508/VPNProxyMaster-220309/3.21.0.0/Images/ACR-007/ACR-007.JPG","230508/VPNProxyMaster-220309/3.21.0.0/Images/ACR-084/ACR-084.JPG","230508/VPNProxyMaster-220309/3.21.0.0/Images/ACR-048/ACR-048_1.JPG","230508/VPNProxyMaster-220309/3.21.0.0/Images/ACR-048/ACR-048_2.JPG","230508/VPNProxyMaster-220309/3.21.0.0/Images/ACR-048/ACR-048_3.JPG","230508/VPNProxyMaster-220309/3.21.0.0/Images/ACR-118/ACR-118.JPG","230508/VPNProxyMaster-220309/3.21.0.0/Images/ACR-046/ACR-046.JPG"],"nonDeceptorImageFiles":["230508/VPNProxyMaster-220309/3.21.0.0/Images/ACR-045/ACR-045.JPG","230508/VPNProxyMaster-220309/3.21.0.0/Images/ACR-123/ACR-123.JPG","230508/VPNProxyMaster-220309/3.21.0.0/Images/ACR-014/ACR-014.JPG","230508/VPNProxyMaster-220309/3.21.0.0/Images/ACR-018/ACR-018.JPG","230508/VPNProxyMaster-220309/3.21.0.0/Images/ACR-018/ACR-018_1.JPG","230508/VPNProxyMaster-220309/3.21.0.0/Images/ACR-011/ACR-011.JPG","230508/VPNProxyMaster-220309/3.21.0.0/Images/ACR-011/ACR-011_1.JPG"],"guid":"48664530-708c-4287-a879-bf93eeb1bcd3_3.21.0.0_1","appID":"VPNProxyMaster-220309","dateAdded":"260316","deceptorType":"App","name":"VPN Proxy Master","company":"INNOVATIVE CONNECTING PTE","version":"3.21.0.0","lastKnownStatus":"3.11.0.0;3.12.0.0;3.13.0.0;3.17.0.0;3.18.0.0;3.19.0.0;3.20.0.0;3.21.0.0;3.25.1.0;3.25.1.0","lastKnownDate":"260316","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 7,Windows 8,Windows 10,Windows Vista,Windows XP","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2026-03-16T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":9,"sortOrder":7},{"violations":{"ACR-046":"The Subscription related disclosures are obscure & require scrolling and are presented in a way that is unclear and not easily readable. \n","ACR-048":"The app does not provide control to cancel the installation process.\nApplication process can't exit completely even user exit the app from systray. \n","ACR-084":"On closing the app, the application doesn't exit completely. Service process run in the background after app quits. Service process starts automatically when system starts, hiding the fact that it is active from the consumer without notifying the user. \n"},"nonDeceptorViolations":{"ACR-018":"The app is promoted using articles that offer to help the consumer break the law across the Landing Pages(https://vpnproxymaster.com/what-is-vpn   and    https://vpnproxymaster.com/download).\n","ACR-014":"The app misleads by displaying status as \"Exposed\" on the landing pages (https://vpnproxymaster.com/home), even though another VPN is on and running.\n"},"samples":[{"isRevoked":"False","fileName":"VPNMaster_setup.exe","isInstaller":"True","companyName":"Innovative Connecting","productName":"VPNProxyMaster","productVersion":"3.25.1.0","fileVersion":"3.25.1.0","hashMD5":"173dc870a38b3fd26e98bf14875803d0","hashSHA1":"f54182cbdf225b3e9720fed5b184f3092f25b936","hashSHA256":"e170cbee6bfb2953d3cd1443c464d922205446e89a06880e113658bf9c764570","digitalCertThumbprint":"C0B0B6871F4782604BBD883A073592B24AECF707","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=INNOVATIVE CONNECTING PTE. LIMITED, O=INNOVATIVE CONNECTING PTE. LIMITED, L=SINGAPORE, C=SG, SERIALNUMBER=201812738K, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=SG","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"113","avBlockList":["Avast Premium Security (20260430)","AVG Internet Security (20260430)","Avira Internet Security (20260430)","Bitdefender Internet Security (20260430)","Dr.Web Security Space (20260430)","ESET Internet Security (20260430)","FortectPremium (20260430)","G DATA INTERNET SECURITY (20260430)","K7 Total Security (20260430)","Norton Security (20260430)","Panda Dome (20260430)","Quick Heal Internet Security (20260430)","Sophos Home Premium (20260430)","SpyHunter5 (20260430)","Total AV Antivirus Pro (20260430)","VIPRE Advanced Security (20260430)","VirIT eXplorer PRO (20260430)","Webroot SecureAnywhere (20260430)"],"avAllowList":["360 Total Security (20260430)","COMODO Antivirus (20260430)","KasperskyPremium (20260430)","Malwarebytes Premium (20260430)","McAfee Total Protection (20260430)","Trend Micro Internet Security (20260430)","Windows Defender (20260430)"]},{"isRevoked":"False","fileName":"master_vpn-service.exe","companyName":"Innovative Connecting","productName":"master_vpn-service","productVersion":"1.0.0.1","fileVersion":"1.0.0.1","hashMD5":"a9a605655ad81bd2dcc61f6bdea4ee4c","hashSHA1":"586b7bc10e9d670fe608984ec053ffbe7c0dc50b","hashSHA256":"e56053f445e5a3bdfb94bbe75740ab6272a59250cb445775cf86424740a773d2","digitalCertThumbprint":"C0B0B6871F4782604BBD883A073592B24AECF707","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=INNOVATIVE CONNECTING PTE. LIMITED, O=INNOVATIVE CONNECTING PTE. LIMITED, L=SINGAPORE, C=SG, SERIALNUMBER=201812738K, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=SG","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"113","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"Startup.exe","companyName":"Innovative Connecting","productName":"Startup","productVersion":"1.0.0.1","fileVersion":"1.0.0.1","hashMD5":"081ff2134e746c2475b09a6a99a4c12f","hashSHA1":"dcb3b04fffe332cb102ffa59ef4321866a6c4fa8","hashSHA256":"555145bcd94abf4dc284e3b2b3b79c9b9e7f94ea2e2aa41d5bf419ccb76dd7b7","digitalCertThumbprint":"C0B0B6871F4782604BBD883A073592B24AECF707","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=INNOVATIVE CONNECTING PTE. LIMITED, O=INNOVATIVE CONNECTING PTE. LIMITED, L=SINGAPORE, C=SG, SERIALNUMBER=201812738K, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=SG","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"113","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"VPNMaster.exe","companyName":"Innovative Connecting","productName":"VPNMaster","productVersion":"3.25.1.0","fileVersion":"3.25.1.0","hashMD5":"75a96027e2739504dc48cf2ea5aad851","hashSHA1":"fdb059e9367dcd020d1a531a6eabcb379f470f8c","hashSHA256":"0b1440414ac5c9109cf4c4714f5e7b23e19f8a572ddde6f3a4c3306d13a80ee9","digitalCertThumbprint":"C0B0B6871F4782604BBD883A073592B24AECF707","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=INNOVATIVE CONNECTING PTE. LIMITED, O=INNOVATIVE CONNECTING PTE. LIMITED, L=SINGAPORE, C=SG, SERIALNUMBER=201812738K, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=SG","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"113","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Free VPN in Blur BI data","reference":"","landingPage":"https://vpnproxymaster.com/","directDownloadingLink":"https://download.fastpull.net/file/windows-master/VPNMaster_setup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://download.fastpull.net/file/windows-master/VPNMaster_setup.exe","sourceIndex":"113"}],"sampleFiles":["260316/VPNProxyMaster-220309/3.25.1.0/Samples/VPNMaster_setup.exe"],"imageFiles":["260316/VPNProxyMaster-220309/3.25.1.0/Images/ACR-048/ACR-048_Install.JPG","260316/VPNProxyMaster-220309/3.25.1.0/Images/ACR-084/ACR-084_Software_1.png","260316/VPNProxyMaster-220309/3.25.1.0/Images/ACR-048/ACR-048_Software_1.png","260316/VPNProxyMaster-220309/3.25.1.0/Images/ACR-048/ACR-048_Software_2.png","260316/VPNProxyMaster-220309/3.25.1.0/Images/ACR-046/ACR-046_Internal offers_1.png"],"nonDeceptorImageFiles":["260316/VPNProxyMaster-220309/3.25.1.0/Images/ACR-014/ACR-014_Landing page_1.png","260316/VPNProxyMaster-220309/3.25.1.0/Images/ACR-018/ACR-018.JPG","260316/VPNProxyMaster-220309/3.25.1.0/Images/ACR-018/ACR-018_1.JPG"],"guid":"48664530-708c-4287-a879-bf93eeb1bcd3_3.25.1.0_1","appID":"VPNProxyMaster-220309","dateAdded":"260316","deceptorType":"App","name":"VPN Proxy Master","company":"INNOVATIVE CONNECTING PTE","version":"3.25.1.0","lastKnownStatus":"3.11.0.0;3.12.0.0;3.13.0.0;3.17.0.0;3.18.0.0;3.19.0.0;3.20.0.0;3.21.0.0;3.25.1.0;3.25.1.0","lastKnownDate":"260316","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 7,Windows 8,Windows 10,Windows Vista,Windows XP","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2026-03-16T21:02:16.5497851+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":9,"sortOrder":6},{"violations":{"ACR-042":"The app installs a self signed Trusted Root Certificate without obtaining the consumer's permission through explicit user action.\n","ACR-043":"The app does not provide information regarding the self signed Trusted Root Certificate that is installed and the potential risk introduced to the user system after its installation.\n","ACR-046":"The Subscription related disclosures are obscure & require scrolling and are presented in a way that is unclear and not easily readable. \n","ACR-048":"The app does not provide control to cancel the installation process.\nThe app does not provide control to disable the notifications and remove its background processes completely within the app's settings.\n","ACR-007":"The app does not obtain user consent to reduce the consumer's security posture caused by installing a self signed trusted root certificate.\n","ACR-084":"On closing the app, the application doesn't exit completely. Some of the processes run in the background, hiding the fact that it is active from the consumer without notifying the user. \n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains many of its components on the device along with the self-signed trusted root certificate without the consumer's consent or notifying the user.\n","ACR-119":"The app retains its monetization components after uninstall.\n"},"nonDeceptorViolations":{"ACR-045":"The app does not describe clearly what effect is caused to the user's system due to the installation of the Trusted Root Certificate.\n","ACR-099":"The app does not display links to uninstall information inside software.\nThe landing page (https://vpnproxymaster.com/) does not display links to uninstall information.\n","ACR-123":"The app does not remove the installed Trusted Root certificate even after uninstalling.\n","ACR-011":"The Advertisement was not clearly labeled as an Ad and it was displayed as if it was part of the app.\n","ACR-014":"The app misleads by displaying status as \"Exposed'\" on the landing pages(https://vpnproxymaster.com/home), even though another VPN is on and running.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\VPNMaster\\master_vpn-service.exe","companyName":"Innovative Connecting","productName":"master_vpn-service","productVersion":"1.0.0.1","fileVersion":"1.0.0.1","hashMD5":"4928b7224ddc7aa64da414d5ed34f50d","hashSHA1":"a89c81c6c0f92502cbd6a44757bd0742abd66b66","hashSHA256":"9b512a9a4de388fe02b0b813641fbf6062bbbc191208545dbf8c588c7be607ca","digitalCertThumbprint":"B621CF3191921926F1C9A6B96201051EE3EFD13E","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"INNOVATIVE CONNECTING PTE. LIMITED","storeId":"","sourceIndex":"1192","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\VPNMaster\\VPNMaster.exe","companyName":"Innovative Connecting","productName":"VPNMaster","productVersion":"3.19.0.0","fileVersion":"3.19.0.0","hashMD5":"c8d0f50fbcdf2ded87708d1ff9f76d29","hashSHA1":"c3c07b2c628423528595b1576c332872c7a7e01e","hashSHA256":"61c8fad79d4fc76e29d4caefc08253e41817c8324a1e1f4785319f36fca7fafa","digitalCertThumbprint":"B621CF3191921926F1C9A6B96201051EE3EFD13E","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"INNOVATIVE CONNECTING PTE. LIMITED","storeId":"","sourceIndex":"1192","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"VPNMaster_setup_pad.exe","isInstaller":"True","companyName":"Innovative Connecting","productName":"VPNProxyMaster","productVersion":"3.15.0.0","fileVersion":"3.15.0.0","hashMD5":"1d9dc7a5be027c7b2959328f0eb8b3ab","hashSHA1":"e3165a8b4d61e9b86a3502560e96a345ad31ac9d","hashSHA256":"c8172a73775da92aaa61972edf7a079786e3c55d07e1a45fc29b6d269b3e6a3d","digitalCertThumbprint":"B621CF3191921926F1C9A6B96201051EE3EFD13E","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"INNOVATIVE CONNECTING PTE. LIMITED","storeId":"","sourceIndex":"1192","avBlockList":["Avast Premium Security (20230418)","AVG Internet Security (20230418)","Avira Internet Security (20230418)","Malwarebytes Premium (20230418)","McAfee Total Protection (20230418)","Norton Security (20230418)","Panda Dome (20230418)","Quick Heal Internet Security (20230418)","Sophos Home Premium (20230418)","SpyHunter5 (20230418)","Total AV Antivirus Pro (20230418)","VirIT eXplorer PRO (20230418)","Webroot SecureAnywhere (20230418)"],"avAllowList":["360 Total Security (20230418)","Bitdefender Internet Security (20230418)","COMODO Antivirus (20230418)","Dr.Web Security Space (20230418)","ESET Internet Security (20230418)","G DATA INTERNET SECURITY (20230418)","K7 Total Security (20230418)","Kaspersky Internet Security (20230418)","Trend Micro Internet Security (20230418)","VIPRE Advanced Security (20230418)","Windows Defender (20230418)"]}],"additionalFiles":[],"sources":[{"howFound":"Free VPN in Blur BI data","reference":"","landingPage":"https://vpnproxymaster.com/","directDownloadingLink":"https://download.freedownloadmanager.org/Windows-PC/VPN-Proxy-Master-Download-for-Windows/FREE-3.15.1.html?ac79f89","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://download.freedownloadmanager.org/Windows-PC/VPN-Proxy-Master-Download-for-Windows/FREE-3.15.1.html?ac79f89","sourceIndex":"1192"}],"sampleFiles":["230323/VPNProxyMaster-220309/3.19.0.0/Samples/VPNMaster_setup_pad.exe"],"imageFiles":["230323/VPNProxyMaster-220309/3.19.0.0/Images/ACR-043/ACR-043.JPG","230323/VPNProxyMaster-220309/3.19.0.0/Images/ACR-042/ACR-042.JPG","230323/VPNProxyMaster-220309/3.19.0.0/Images/ACR-048/ACR-048(1).JPG","230323/VPNProxyMaster-220309/3.19.0.0/Images/ACR-007/ACR-007.JPG","230323/VPNProxyMaster-220309/3.19.0.0/Images/ACR-084/ACR-084.JPG","230323/VPNProxyMaster-220309/3.19.0.0/Images/ACR-048/ACR-048.JPG","230323/VPNProxyMaster-220309/3.19.0.0/Images/ACR-048/ACR-048_1.JPG","230323/VPNProxyMaster-220309/3.19.0.0/Images/ACR-048/ACR-048_2.JPG","230323/VPNProxyMaster-220309/3.19.0.0/Images/ACR-118/ACR-118.JPG","230323/VPNProxyMaster-220309/3.19.0.0/Images/ACR-118/ACR-118_1.JPG","230323/VPNProxyMaster-220309/3.19.0.0/Images/ACR-119/ACR-119.JPG","230323/VPNProxyMaster-220309/3.19.0.0/Images/ACR-046/ACR-046.JPG"],"nonDeceptorImageFiles":["230323/VPNProxyMaster-220309/3.19.0.0/Images/ACR-045/ACR-045.JPG","230323/VPNProxyMaster-220309/3.19.0.0/Images/ACR-099/ACR-099_Software.JPG","230323/VPNProxyMaster-220309/3.19.0.0/Images/ACR-123/ACR-123.JPG","230323/VPNProxyMaster-220309/3.19.0.0/Images/ACR-099/ACR-099_Landingpage.JPG","230323/VPNProxyMaster-220309/3.19.0.0/Images/ACR-014/ACR-014.JPG","230323/VPNProxyMaster-220309/3.19.0.0/Images/ACR-011/ACR-011.JPG","230323/VPNProxyMaster-220309/3.19.0.0/Images/ACR-011/ACR-011-1.JPG"],"guid":"48664530-708c-4287-a879-bf93eeb1bcd3_3.19.0.0_1","appID":"VPNProxyMaster-220309","dateAdded":"260316","deceptorType":"App","name":"VPN Proxy Master","company":"INNOVATIVE CONNECTING PTE","version":"3.19.0.0","lastKnownStatus":"3.11.0.0;3.12.0.0;3.13.0.0;3.17.0.0;3.18.0.0;3.19.0.0;3.20.0.0;3.21.0.0;3.25.1.0;3.25.1.0","lastKnownDate":"260316","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 7,Windows 8,Windows 10,Windows Vista,Windows XP","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2026-03-16T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":9,"sortOrder":9},{"violations":{"ACR-046":"Application hides the unexpected behavior setting (may adjust browser setting) behind EULA link.\n","ACR-048":"A scheduled task was added without the user's knowledge and does not offer any option within an app settings to control it.\n","ACR-055":"The “Continue” button acts as acceptance of the app installation while concealing the part of the installation process that may alter the user’s default search engine settings under the EULA. Users are not clearly informed about what they are consenting to. The offer is presented in a vague and potentially misleading way and does not include a clear accept or decline option for the user.\n"},"nonDeceptorViolations":{"ACR-038":"App is missing identification information such as file version and vendor in the Control Panel.\n","ACR-040":"The app installs itself in a hidden folder %AppData% without proper disclosure.\n","ACR-092":"The application installer and main executable does not have a digital signature.\n"},"samples":[{"isRevoked":"False","fileName":"ZapPDF-setup.exe","isInstaller":"True","productName":"Zapdf","productVersion":"1.0.0.11","fileVersion":"1.0.0.11","hashMD5":"735dc0470cb55040b5610cde35f4831e","hashSHA1":"270d62bd1590e2f5fad24dd0d745d8b73295cd10","hashSHA256":"84459f055a271cf9229ff0aa82981b47a2870f1ea6307a6078a30ae67eae1762","sourceIndex":"114","avBlockList":["360 Total Security (20260507)","Avast Premium Security (20260507)","AVG Internet Security (20260507)","Avira Internet Security (20260507)","Bitdefender Internet Security (20260507)","Dr.Web Security Space (20260507)","ESET Internet Security (20260507)","FortectPremium (20260507)","G DATA INTERNET SECURITY (20260507)","K7 Total Security (20260507)","KasperskyPremium (20260507)","Malwarebytes Premium (20260507)","McAfee Total Protection (20260507)","Norton Security (20260507)","Panda Dome (20260507)","Quick Heal Internet Security (20260507)","Sophos Home Premium (20260507)","SpyHunter5 (20260507)","Total AV Antivirus Pro (20260507)","VIPRE Advanced Security (20260507)","VirIT eXplorer PRO (20260507)","Webroot SecureAnywhere (20260507)"],"avAllowList":["COMODO Antivirus (20260507)","Trend Micro Internet Security (20260507)","Windows Defender (20260507)"]},{"isRevoked":"False","fileName":"Zapdf.exe","productName":"Zapdf","productVersion":"1.0.0.9","fileVersion":"1.0.0.9","hashMD5":"038556979e7af268c9337e7526074f70","hashSHA1":"0de44f327f9a3c6a56623ba13ef70ebc1d8e65cc","hashSHA256":"307d498f17702992fb3d6dc8e37de9b97baa4ee721fc703775b4e8ba3d44faa8","sourceIndex":"114","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"random search","reference":"","landingPage":"https://www.myzappdf.com/","directDownloadingLink":"https://yaminit.com/vreq/?entryAnchor=null&vHash=b2b403e5-1db8-4f1a-9384-0d5707a29b58&_ga=GA1.1.1308856916.1772794205&_ga_T777GNMCZ4=GS2.1.s1772794204%24o1%24g1%24t1772794238%24j24%24l0%24h160636201","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://yaminit.com/vreq/?entryAnchor=null&vHash=b2b403e5-1db8-4f1a-9384-0d5707a29b58&_ga=GA1.1.1308856916.1772794205&_ga_T777GNMCZ4=GS2.1.s1772794204%24o1%24g1%24t1772794238%24j24%24l0%24h160636201","sourceIndex":"114"}],"sampleFiles":["260309/ZapPDF-260306/1.0.0.11/Samples/ZapPDF-setup.exe","260309/ZapPDF-260306/1.0.0.11/Samples/Zapdf.exe"],"imageFiles":["260309/ZapPDF-260306/1.0.0.11/Images/ACR-046/ACR-046_Install_1.png","260309/ZapPDF-260306/1.0.0.11/Images/ACR-046/ACR-046_Install_2.png","260309/ZapPDF-260306/1.0.0.11/Images/ACR-055/ACR-055_Install_1.png","260309/ZapPDF-260306/1.0.0.11/Images/ACR-055/ACR-055_Install_2.png","260309/ZapPDF-260306/1.0.0.11/Images/ACR-055/ACR-055_Install_3.png","260309/ZapPDF-260306/1.0.0.11/Images/ACR-048/ACR-048_Software_1.png"],"nonDeceptorImageFiles":["260309/ZapPDF-260306/1.0.0.11/Images/ACR-038/ACR-038_Install_1.png","260309/ZapPDF-260306/1.0.0.11/Images/ACR-040/ACR-040_Install_1.png","260309/ZapPDF-260306/1.0.0.11/Images/ACR-092/ACR-092_Software_1.png","260309/ZapPDF-260306/1.0.0.11/Images/ACR-092/ACR-092_Software_2.png"],"guid":"bef04523-7840-453a-ba7d-d04b35c4c32c_1.0.0.11_1","appID":"ZapPDF-260306","dateAdded":"260309","deceptorType":"App","name":"Zap PDF","company":"ZapPDF","version":"1.0.0.11","lastKnownStatus":"1.0.0.11","lastKnownDate":"260309","type":"Windows Executable","category":"SysTools & Utilities","ageAppropriate":"12+ appropriate","monetization":"install offers,search","lastUpdate":"2026-03-09T18:12:39.067061+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":15},{"violations":{"ACR-109":"The app downloads RelevantKnowledge files and run \"rk_setup.exe\" without the consumer's consent.\n","ACR-042":"The app drops the Root Certificate files before obtaining the consumer's permission through explicit user action in the installation prompt.\n","ACR-043":"The app drops the Root Certificate files without disclosing in during installation.\n","ACR-048":"Clicking the 'I Decline' button still downloads and executes rk_setup.exe, identified as a RelevantKnowledge file, which contradicts the expected user action.\n","ACR-007":"The app does not obtain user consent for dropping the Root Certificate files to reduce the consumer's security posture caused by the installation prompt. \n","ACR-010":"The app bundler distributes deceptor application. The offer in this bundler, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control. \n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software \n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains \"curl-ca-bundle.crt\" and other components on the device without the consumer's consent or notifying the user. \n","ACR-057":"The app bundles the \"Relevant Knowledge\" offer which does not allow the consumer to decline the offer.\n","ACR-071":"The \"Relevant Knowledge\" offer cannot be declined independently as the installation is unable to proceed when attempting to decline the offer. Thus it forces the user to, only accept the offer and proceed with the installation \n","ACR-059":"The Offer is not clearly marked as an offer. who is recommending the offer is not clear.\n","ACR-155":"Offers are designed to look like part of the install workflow.\n"},"nonDeceptorViolations":{"ACR-045":"The app does not describe clearly and straightforwardly what effect is caused to the user's system due to the dropped Cert file in the installation prompt.\n","ACR-106":"App offers deceptive application 'Relevant Knowledge market survey'.\n","ACR-092":"The app does not provide digital signature for the executables.\n","ACR-123":"The app does not remove an dropped root certificates even after uninstalling.\n"},"samples":[{"isRevoked":"False","fileName":"pgware_throttle.exe","isInstaller":"True","companyName":"PGWARE LLC                                                  ","productName":"Throttle","productVersion":"1.0.0.1","fileVersion":"1.0.0.1","hashMD5":"ff6455885b6c2ac5fb6d5315dcb2c138","hashSHA1":"eac166acaba1ee938d45924b3127871ddecdcf1b","hashSHA256":"a10baa435e9e9326604d29377d73ab87c3f85d68e6a19ca86ab203de93824b4b","sourceIndex":"115","avBlockList":["360 Total Security (20260430)","Avast Premium Security (20260430)","AVG Internet Security (20260430)","Avira Internet Security (20260430)","Bitdefender Internet Security (20260430)","Dr.Web Security Space (20260430)","ESET Internet Security (20260430)","FortectPremium (20260430)","G DATA INTERNET SECURITY (20260430)","K7 Total Security (20260430)","KasperskyPremium (20260430)","Malwarebytes Premium (20260430)","McAfee Total Protection (20260430)","Norton Security (20260430)","Panda Dome (20260430)","Sophos Home Premium (20260430)","SpyHunter5 (20260430)","Total AV Antivirus Pro (20260430)","Trend Micro Internet Security (20260430)","VIPRE Advanced Security (20260430)","VirIT eXplorer PRO (20260430)","Webroot SecureAnywhere (20260430)","Windows Defender (20260430)"],"avAllowList":["COMODO Antivirus (20260430)","Quick Heal Internet Security (20260430)"]}],"additionalFiles":[],"sources":[{"howFound":"search for new version of PGWARE apps","reference":"","landingPage":"http://pgware.com/","directDownloadingLink":"http://pgware.com/downloads/pgware_throttle.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://pgware.com/downloads/pgware_throttle.exe","sourceIndex":"115"}],"sampleFiles":["260304/Throttle-211209/8.10.21.2024/Samples/pgware_throttle.exe"],"imageFiles":["260304/Throttle-211209/8.10.21.2024/Images/ACR-109/ACR-109_Install_1.png","260304/Throttle-211209/8.10.21.2024/Images/ACR-109/ACR-109_Install_2.png","260304/Throttle-211209/8.10.21.2024/Images/ACR-043/ACR-043_Install_1.png","260304/Throttle-211209/8.10.21.2024/Images/ACR-042/ACR-042_Install_1.png","260304/Throttle-211209/8.10.21.2024/Images/ACR-048/ACR-048_Install_1.png","260304/Throttle-211209/8.10.21.2024/Images/ACR-048/ACR-048_Install_2.png","260304/Throttle-211209/8.10.21.2024/Images/ACR-007/ACR-007_Install_1.png","260304/Throttle-211209/8.10.21.2024/Images/ACR-010/ACR-010_Install_1.png","260304/Throttle-211209/8.10.21.2024/Images/ACR-118/ACR-118_Uninstall_1.png","260304/Throttle-211209/8.10.21.2024/Images/ACR-057/ACR-057_Internal offers_1.png","260304/Throttle-211209/8.10.21.2024/Images/ACR-059/ACR-059_Internal offers_1.png","260304/Throttle-211209/8.10.21.2024/Images/ACR-071/ACR-071_Internal offers_1.png","260304/Throttle-211209/8.10.21.2024/Images/ACR-155/ACR-155_Bundler-made offers_1.png","260304/Throttle-211209/8.10.21.2024/Images/ACR-013/ACR-013_Install_1.png","260304/Throttle-211209/8.10.21.2024/Images/ACR-060/ACR-060_Internal offers_1.png"],"nonDeceptorImageFiles":["260304/Throttle-211209/8.10.21.2024/Images/ACR-045/ACR-045_Install_1.png","260304/Throttle-211209/8.10.21.2024/Images/ACR-106/ACR-106_Software_1.png","260304/Throttle-211209/8.10.21.2024/Images/ACR-092/ACR-092_Software_1.png","260304/Throttle-211209/8.10.21.2024/Images/ACR-092/ACR-092_Software_2.png","260304/Throttle-211209/8.10.21.2024/Images/ACR-123/ACR-123_Uninstall_1.png"],"guid":"8ca23ddb-e7fd-42ec-b8da-1427412ff0cf_8.10.21.2024_1","appID":"Throttle-211209","dateAdded":"260304","deceptorType":"Bundler","name":"Throttle","company":"PGWARE LLC","version":"8.10.21.2024","lastKnownStatus":"Deceptor:8.8.23.2021;8.3.7.2022;8.10.21.2024","lastKnownDate":"260304","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10,Windows Server","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"sold in bundle","lastUpdate":"2026-05-12T22:59:37.408901+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":3,"sortOrder":16},{"violations":{"ACR-109":"The app downloads RelevantKnowledge files and run \"rkverify.exe\" without disclosing to user\n","ACR-042":"The app drops the Root Certificate files before obtaining the consumer's permission through explicit user action in the installation prompt \n","ACR-043":"The app drops the Root Certificate files without disclosing in during installation\n","ACR-048":"There is a \"decline \" button that when pressed it still downloads and run “rkverify.exe”, a RelevantKnowledge file.\n","ACR-007":"The app does not obtain user consent for dropping the Root Certificate files to reduce the consumer's security posture caused by the installation prompt. \n","ACR-010":"The app bundler distributes deceptor application. The offer in this bundler, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control. \n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software \n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains \"curl-ca-bundle.crt\" and other components on the device without the consumer's consent or notifying the user. \n","ACR-057":"The app bundles the \"Relevant Knowledge\" offer which does not allow the consumer to decline the offer\n","ACR-071":"The \"Relevant Knowledge\" offer cannot be declined independently as the installation is unable to proceed when attempting to decline the offer. Thus it forces the user to, only accept the offer and proceed with the installation \n","ACR-059":"The Offer is not clearly marked as an offer. who is recommending the offer is not clear\n","ACR-155":"Offers are designed to look like part of the install workflow\n"},"nonDeceptorViolations":{"ACR-045":"The app does not describe clearly and straightforwardly what effect is caused to the user's system due to the dropped Cert file in the installation prompt \n","ACR-106":"App offers deceptive application 'Relevant Knowledge market survey'.\n","ACR-092":"The app does not provide digital signature for the executables.\n","ACR-123":"The app does not remove an dropped root certificates even after uninstalling \n"},"samples":[{"isRevoked":"False","fileName":"throttle.exe","isInstaller":"True","companyName":"PGWARE LLC                                                  ","productName":"Throttle                                                    ","productVersion":"1.0.0.1                                           ","fileVersion":"1.0.0.1             ","hashMD5":"5c49ba5981270d73974186fa53976231","hashSHA1":"502ee46ab5d8b79cc967dad5c58152ec11e7fc91","hashSHA256":"d8fd0230b84551fa3d43288791611a1e56ffc1405551820332e88d50762217dd","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1101","avBlockList":["360 Total Security (20260305)","Avast Premium Security (20260305)","AVG Internet Security (20260305)","Avira Internet Security (20260305)","Bitdefender Internet Security (20260305)","COMODO Antivirus (20260305)","ESET Internet Security (20260305)","G DATA INTERNET SECURITY (20260305)","K7 Total Security (20260305)","Kaspersky Internet Security (20230608)","Malwarebytes Premium (20260305)","McAfee Total Protection (20260305)","Norton Security (20260305)","Panda Dome (20260305)","Sophos Home Premium (20260305)","SpyHunter5 (20260305)","Total AV Antivirus Pro (20260305)","Trend Micro Internet Security (20260305)","VIPRE Advanced Security (20260305)","VirIT eXplorer PRO (20260305)","Webroot SecureAnywhere (20260305)","Windows Defender (20260305)","FortectPremium (20260305)","KasperskyPremium (20260305)"],"avAllowList":["Dr.Web Security Space (20260305)","Quick Heal Internet Security (20260305)"]},{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\PGWARE\\Throttle\\Throttle1.exe","companyName":"","productName":"Throttle","productVersion":"1.0.0.0","fileVersion":"1.0.0.0","hashMD5":"fd13b5940d01c8909fb32eed28d84996","hashSHA1":"8cf22d83fbaecfe6a96e6c778d4b46c7360ae8f3","hashSHA256":"4856616ced90e944500c5b294bd5c8d18421e04f71f06dc4818ed0da1469e75e","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1101","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"search for new version of PGWARE apps","reference":"","landingPage":"http://pgware.com/","directDownloadingLink":"http://pgware.com/downloads/throttle.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://pgware.com/downloads/throttle.exe","sourceIndex":"1101"}],"sampleFiles":["230519/Throttle-211209/8.3.7.2022/Samples/throttle.exe"],"imageFiles":["230519/Throttle-211209/8.3.7.2022/Images/ACR-109/ACR-109.JPG","230519/Throttle-211209/8.3.7.2022/Images/ACR-043/ACR-043.JPG","230519/Throttle-211209/8.3.7.2022/Images/ACR-042/ACR-042.JPG","230519/Throttle-211209/8.3.7.2022/Images/ACR-048/ACR-048.JPG","230519/Throttle-211209/8.3.7.2022/Images/ACR-007/ACR-007.JPG","230519/Throttle-211209/8.3.7.2022/Images/ACR-010/ACR-010.JPG","230519/Throttle-211209/8.3.7.2022/Images/ACR-118/ACR-118.JPG","230519/Throttle-211209/8.3.7.2022/Images/ACR-118/ACR-118_1.JPG","230519/Throttle-211209/8.3.7.2022/Images/ACR-057/ACR-057.JPG","230519/Throttle-211209/8.3.7.2022/Images/ACR-059/ACR-059.JPG","230519/Throttle-211209/8.3.7.2022/Images/ACR-071/ACR-071.JPG","230519/Throttle-211209/8.3.7.2022/Images/ACR-155/ACR-155.JPG","230519/Throttle-211209/8.3.7.2022/Images/ACR-013/ACR-013.JPG","230519/Throttle-211209/8.3.7.2022/Images/ACR-060/ACR-060.JPG"],"nonDeceptorImageFiles":["230519/Throttle-211209/8.3.7.2022/Images/ACR-045/ACR-045.JPG","230519/Throttle-211209/8.3.7.2022/Images/ACR-106/ACR-106.JPG","230519/Throttle-211209/8.3.7.2022/Images/ACR-092/ACR-092.JPG","230519/Throttle-211209/8.3.7.2022/Images/ACR-123/ACR-123.JPG"],"guid":"8ca23ddb-e7fd-42ec-b8da-1427412ff0cf_8.3.7.2022_1","appID":"Throttle-211209","dateAdded":"260304","deceptorType":"Bundler","name":"Throttle","company":"PGWARE LLC","version":"8.3.7.2022","lastKnownStatus":"Deceptor:8.8.23.2021;8.3.7.2022;8.10.21.2024","lastKnownDate":"260304","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10,Windows Server","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"sold in bundle","lastUpdate":"2026-05-12T23:00:07.6739145+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":3,"sortOrder":17},{"violations":{"ACR-109":"The app downloads RelevantKnowledge files and runs \"rk_setup.exe\" without waiting for user's decision and agreement. \n","ACR-059":"The Offer is not clearly marked as an offer. who is recommending the offer is not clear.\n","ACR-155":" Offer is designed to look like part of the install workflow\n"},"nonDeceptorViolations":{"ACR-065":"The install wizard does not display links to the Returns and Cancellation Policy and Privacy Policy.\nThe app does not display links to the Returns and Cancellation Policy, Privacy Policy \nThe landing page does not display links to the Returns and Cancellation Policy.\nThe internal offer page does not display links to the Privacy Policy. \n","ACR-106":"App offers deceptive program Relevant Knowledge market survey application. See Relevant Knowledge Deceptor details\n","ACR-092":"The app does not provide a digital signature for the executables. \n","ACR-099":" The application has no link to a webpage that shows how to uninstall the app\nThe application's landing page has no link or information that shows how it can be uninstalled.\nThe application's internal offer page has no link or information that shows how it can be uninstalled.\n","ACR-167":"The landing page does not display links to a Returns and Cancellations Policy.\n"},"samples":[{"isRevoked":"False","fileName":"throttle installer.exe","isInstaller":"True","companyName":"PGWARE LLC                                                  ","productName":"Throttle","productVersion":"8.8.23.2021","fileVersion":"1.0","hashMD5":"ef30091a40abbd1ef6d1b453f7c5cf96","hashSHA1":"8e27a9dd980d653a8510321bc6993a64a2f0a365","hashSHA256":"866be8e23513f0745d4b4695062741593530fad0a3a4668e64e9a48f6854d00e","sourceIndex":"1771","avBlockList":["Avast Premium Security (20211223)","Avira Internet Security (20211223)","Bitdefender Internet Security (20211223)","ESET Internet Security (20211223)","G DATA INTERNET SECURITY (20211223)","K7 Total Security (20211223)","Kaspersky Internet Security (20211223)","Malwarebytes Premium (20211223)","McAfee Total Protection (20211223)","Norton Security (20211223)","Panda Dome (20211223)","Quick Heal Internet Security (20211223)","Sophos Home Premium (20211223)","SpyHunter5 (20211223)","Tencent PC Manager (20211223)","Total AV Antivirus Pro (20211223)","VIPRE Advanced Security (20211223)","VirIT eXplorer PRO (20211223)","Webroot SecureAnywhere (20211223)","Windows Defender (20211223)","AVG Internet Security (20211223)"],"avAllowList":["360 Total Security (20211223)","COMODO Antivirus (20211223)","Dr.Web Security Space (20211223)","Trend Micro Internet Security (20211223)"]},{"isRevoked":"False","fileName":"Throttle.exe","companyName":"PGWARE LLC    ","productName":"Throttle","productVersion":"8.8.23.2021","fileVersion":"1.0","hashMD5":"b01d61eb50b29558ec60473179a96ff1","hashSHA1":"b874d79f91d006ed953dde48a29a3e46051119cb","hashSHA256":"99dcd91bf5322a7ad92fd26358b72fe8984d01abf1a86c480bd56a0ec0d0c1f8","sourceIndex":"1771","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"search for new version of PGWARE apps","reference":"","landingPage":"http://pgware.com/","directDownloadingLink":"http://pgware.com/downloads/throttle.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://pgware.com/downloads/throttle.exe","sourceIndex":"1771"}],"sampleFiles":["211209/Throttle-211209/8.8.23.2021/Samples/throttle installer.exe","211209/Throttle-211209/8.8.23.2021/Samples/Throttle.exe"],"imageFiles":["211209/Throttle-211209/8.8.23.2021/Images/ACR-109/RK Files and Installation.png","211209/Throttle-211209/8.8.23.2021/Images/ACR-059/RK install.png","211209/Throttle-211209/8.8.23.2021/Images/ACR-155/RK install.png"],"nonDeceptorImageFiles":["211209/Throttle-211209/8.8.23.2021/Images/ACR-065/Throttle Install 1.png","211209/Throttle-211209/8.8.23.2021/Images/ACR-065/Throttle About.png","211209/Throttle-211209/8.8.23.2021/Images/ACR-065/PGWare Landing Page.png","211209/Throttle-211209/8.8.23.2021/Images/ACR-065/PGWare Offer Page.png","211209/Throttle-211209/8.8.23.2021/Images/ACR-106/RK install.png","211209/Throttle-211209/8.8.23.2021/Images/ACR-092/Throttle File Properties.png","211209/Throttle-211209/8.8.23.2021/Images/ACR-092/Throttle Installer File Properties.png","211209/Throttle-211209/8.8.23.2021/Images/ACR-099/Throttle About.png","211209/Throttle-211209/8.8.23.2021/Images/ACR-099/PGWare Landing Page.png","211209/Throttle-211209/8.8.23.2021/Images/ACR-099/PGWare Offer Page.png","211209/Throttle-211209/8.8.23.2021/Images/ACR-167/PGWare Landing Page.png"],"guid":"8ca23ddb-e7fd-42ec-b8da-1427412ff0cf_8.8.23.2021_1","appID":"Throttle-211209","dateAdded":"260304","deceptorType":"Bundler","name":"Throttle","company":"PGWARE LLC","version":"8.8.23.2021","sigName":"Deceptor:Win32/Throttle!109059155","lastKnownStatus":"Deceptor:8.8.23.2021;8.3.7.2022;8.10.21.2024","lastKnownDate":"260304","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10,Windows Server","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"sold in bundle","lastUpdate":"2026-03-04T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":3,"sortOrder":18},{"violations":{"ACR-109":"The app downloads \"rkverify.exe\", a RelevantKnowledge file. \n","ACR-048":"There is a \"decline \" button that when pressed it still downloads and run “rkverify.exe”, a RelevantKnowledge file\n","ACR-059":"The Offer is not clearly marked as an offer. Unclear who is recommending the offer.\n","ACR-155":"Offers are designed to look like part of the install workflow.\n"},"nonDeceptorViolations":{"ACR-065":"The install wizard does not display links to the Returns and Cancellation Policy, or the Privacy Policy.\nThe app does not display links to the EULA and/or Terms of Service, Returns and Cancellation Policy, or the Privacy Policy. \nThe landing page does not display links to the EULA and/or Terms of Service, Returns and Cancellations Policy, Privacy Policy. \nThe internal offer page does not display links to the EULA and/or Terms of Service, Returns and Cancellations Policy, Privacy Policy.\n","ACR-161":"The internal offer page has testimonials that have no links back to a source so consumers can verify if they're real.\n","ACR-099":"The application has no link to a webpage that shows how to uninstall the app. \nThe application's landing page has no link or information that shows how it can be uninstalled.\nThe application's internal offer page has no link or information that shows how it can be uninstalled.\n","ACR-035":"No EULA/Terms of Service, Returns and Cancellation Policy or Privacy Policy is provided for the app.\n","ACR-036":"No EULA/Terms of Service, Returns and Cancellation Policy or Privacy Policy is provided for the app.\n","ACR-037":"The application has no privacy policy.\n","ACR-167":"The application's has no mention of a 30 days refund policy.\n"},"samples":[{"isRevoked":"False","fileName":"ChrisPCVPN.exe","companyName":"Chris P.C. srl","fileVersion":"2.0","hashMD5":"b04faad85984f2126d38cff22ce54f66","hashSHA1":"1e19b77c7bd4d34efb85c0f9fc9afec42e79075f","hashSHA256":"53ae092faa09bd36987f5323202346e596db258ff96030f693684c836378225e","digitalCertThumbprint":"4A7818A2819B6BA1A430592C742FD458A6507DBD","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=ChrisPC Software SRL, O=ChrisPC Software SRL, STREET=STR. PARIS Nr 19-21 Etaj 2 Apartament 9B, L=Cluj-Napoca, PostalCode=400001, C=RO","sourceIndex":"1887","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"rk_setup.exe","companyName":"TMRG                                                        ","fileVersion":"1.1","hashMD5":"89c8796cd6169d14531791b7388bc0e9","hashSHA1":"473a91fc861a45122f9f60ee8cd807b57cd2f29d","hashSHA256":"53ef40c6950b12e766195905ffcc596d771b43398ad2eeb2f9a895ab5a8bb278","digitalCertThumbprint":"D362EC5A4BE2AAB2A814455AD92B99021DA22C51","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"TMRG, Inc.\", O=\"TMRG, Inc.\", STREET=11950 Democracy Drive, STREET=Suite 600, L=Reston, S=Virginia, PostalCode=20190, C=US","sourceIndex":"1887","avBlockList":["Avast Premium Security (20240702)","AVG Internet Security (20240702)","Avira Internet Security (20240702)","Bitdefender Internet Security (20240702)","COMODO Antivirus (20240702)","Dr.Web Security Space (20240702)","ESET Internet Security (20240702)","FortectPremium (20240702)","G DATA INTERNET SECURITY (20240702)","K7 Total Security (20240702)","Kaspersky Internet Security (20240702)","Malwarebytes Premium (20240702)","Norton Security (20240702)","Panda Dome (20240702)","Quick Heal Internet Security (20240702)","Sophos Home Premium (20240702)","SpyHunter5 (20240702)","Total AV Antivirus Pro (20240702)","VIPRE Advanced Security (20240702)","VirIT eXplorer PRO (20240702)","Webroot SecureAnywhere (20240702)"],"avAllowList":["360 Total Security (20240702)","McAfee Total Protection (20240702)","Trend Micro Internet Security (20240702)","Windows Defender (20240702)"]},{"isRevoked":"False","fileName":"setup_chrispc_free_vpn_connection_2_17_22.exe","isInstaller":"True","companyName":"Chris P.C. srl                                              ","fileVersion":"2.17","hashMD5":"7ac7970d13ee4bce9f6e69b0c84ee9df","hashSHA1":"78486e9f6d24917231edfd56c19fe2634e904725","hashSHA256":"c7d609de078f8fc0ba9384de98962abd2103f408d05ca80a2720afe344a8a081","digitalCertThumbprint":"4A7818A2819B6BA1A430592C742FD458A6507DBD","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=ChrisPC Software SRL, O=ChrisPC Software SRL, STREET=STR. PARIS Nr 19-21 Etaj 2 Apartament 9B, L=Cluj-Napoca, PostalCode=400001, C=RO","sourceIndex":"1887","avBlockList":["Avast Premium Security (20211111)","AVG Internet Security (20211111)","Avira Internet Security (20211111)","Bitdefender Internet Security (20211111)","COMODO Antivirus (20211111)","ESET Internet Security (20211111)","G DATA INTERNET SECURITY (20211111)","K7 Total Security (20211111)","Kaspersky Internet Security (20211111)","Malwarebytes Premium (20211111)","McAfee Total Protection (20211111)","Norton Security (20211111)","Panda Dome (20211111)","Quick Heal Internet Security (20211111)","Sophos Home Premium (20211111)","SpyHunter5 (20211111)","Tencent PC Manager (20211111)","Total AV Antivirus Pro (20211111)","VIPRE Advanced Security (20211111)","VirIT eXplorer PRO (20211111)","Webroot SecureAnywhere (20211111)","Windows Defender (20211111)"],"avAllowList":["360 Total Security (20211111)","Dr.Web Security Space (20211111)","Trend Micro Internet Security (20211111)"]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"https://www.chris-pc.com/","landingPage":"https://free-vpn-connection.chris-pc.com/index.html","directDownloadingLink":"https://www.chris-pc.com/download.php?id=51&file=setup_chrispc_free_vpn_connection.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.chris-pc.com/download.php?id=51&file=setup_chrispc_free_vpn_connection.exe","sourceIndex":"1887"}],"sampleFiles":["210622/ChrisPCFreeVPNConnection-210622/2.17.22/Samples/ChrisPCVPN.exe","210622/ChrisPCFreeVPNConnection-210622/2.17.22/Samples/rk_setup.exe","210622/ChrisPCFreeVPNConnection-210622/2.17.22/Samples/setup_chrispc_free_vpn_connection_2_17_22.exe"],"imageFiles":["210622/ChrisPCFreeVPNConnection-210622/2.17.22/Images/ACR-109/ChisPC-Free VPN Connection_Install [7 ].png","210622/ChrisPCFreeVPNConnection-210622/2.17.22/Images/ACR-048/ChisPC-Free VPN Connection_Install [7 ].png","210622/ChrisPCFreeVPNConnection-210622/2.17.22/Images/ACR-059/ChisPC-Free VPN Connection_Install [7].png","210622/ChrisPCFreeVPNConnection-210622/2.17.22/Images/ACR-155/ChisPC-Free VPN Connection_Install [7].png"],"nonDeceptorImageFiles":["210622/ChrisPCFreeVPNConnection-210622/2.17.22/Images/ACR-065/ChisPC-Free VPN Connection_Install [1].png","210622/ChrisPCFreeVPNConnection-210622/2.17.22/Images/ACR-065/ChisPC-Free VPN Connection_Install [2].png","210622/ChrisPCFreeVPNConnection-210622/2.17.22/Images/ACR-065/ChisPC-Free VPN Connection_Install [8].png","210622/ChrisPCFreeVPNConnection-210622/2.17.22/Images/ACR-065/ChisPC-Free VPN Connection_About [1].png","210622/ChrisPCFreeVPNConnection-210622/2.17.22/Images/ACR-099/ChisPC-Free VPN Connection_About [1].png","210622/ChrisPCFreeVPNConnection-210622/2.17.22/Images/ACR-065/ChisPC-Free VPN Connection_LandingPage [1].png","210622/ChrisPCFreeVPNConnection-210622/2.17.22/Images/ACR-099/ChisPC-Free VPN Connection_LandingPage [1].png","210622/ChrisPCFreeVPNConnection-210622/2.17.22/Images/ACR-065/ChisPC-Free VPN Connection_OfferPage [1].png","210622/ChrisPCFreeVPNConnection-210622/2.17.22/Images/ACR-099/ChisPC-Free VPN Connection_OfferPage [1].png","210622/ChrisPCFreeVPNConnection-210622/2.17.22/Images/ACR-161/ChisPC-Free VPN Connection_OfferPage [1].png"],"guid":"19d8584b-78ed-449c-a664-5581f82c8d00_2.17.22_1","appID":"ChrisPCFreeVPNConnection-210622","dateAdded":"260303","deceptorType":"Bundler","name":"ChrisPC – Free VPN Connection","company":"Chris P.C. srl.","version":"2.17.22","sigName":"Deceptor:Win32/ChrisPCFreeVPNConnection!109048059155","lastKnownStatus":"2.17.22;2.23.15;4.26.0207","lastKnownDate":"260303","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows Vista,Windows 7,Windows 8,Windows 10,Windows XP","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"cross-sell other apps","lastUpdate":"2026-03-03T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":3,"sortOrder":21},{"violations":{"ACR-109":"The app downloads \"rk_setup.exe\", a RelevantKnowledge file without the consumer's consent.\n","ACR-048":"The \"Decline\" button does not have any control but still drops a RelevantKnowledge file “rk_setup.exe”.\n","ACR-010":"The app bundler distributes deceptor application. The offer in this bundler, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains a few components along with a \"curl-ca-bundle.crt\" on the device without the consumer's consent or notifying the user.\n","ACR-057":"The app bundles the \"Relevant Knowledge\" offer which does not make it clear that the user can decline the offer. The \"Next\" button is grayed out if user selects \"I Decline\".\n","ACR-059":"The Offer is not clearly marked as an offer. Unclear who is recommending the offer.\n","ACR-155":"Offers are designed to look like part of the install workflow.\n"},"nonDeceptorViolations":{"ACR-106":"App offers deceptive application 'Relevant Knowledge market survey'.\n"},"samples":[{"isRevoked":"False","fileName":"setup_chrispc_free_vpn_connection_4_26_0207.exe","isInstaller":"True","companyName":"Chris P.C. srl                                              ","productName":"ChrisPC Free VPN Connection","productVersion":"4.26.0207","fileVersion":"4.26.0207","hashMD5":"497f81d71982034eafea622ca2fc5a7b","hashSHA1":"19bc15a3abb8823a92a1223f6414df052b9f7561","hashSHA256":"23b6f78dce1bda8d797f51b41faed1814442083d2c91706f6f1ba9f8bd3744d1","digitalCertThumbprint":"A254821B41A59F465FFD306CBCBD337781B5A5AC","digitalCertIssuer":"CN=Sectigo Public Code Signing CA R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=ChrisPC Software SRL, O=ChrisPC Software SRL, S=Cluj, C=RO","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"116","avBlockList":["360 Total Security (20260430)","Avast Premium Security (20260430)","AVG Internet Security (20260430)","Avira Internet Security (20260430)","Bitdefender Internet Security (20260430)","COMODO Antivirus (20260430)","Dr.Web Security Space (20260430)","ESET Internet Security (20260430)","FortectPremium (20260430)","G DATA INTERNET SECURITY (20260430)","K7 Total Security (20260430)","KasperskyPremium (20260430)","Malwarebytes Premium (20260430)","McAfee Total Protection (20260430)","Norton Security (20260430)","Panda Dome (20260430)","Quick Heal Internet Security (20260430)","Sophos Home Premium (20260430)","SpyHunter5 (20260430)","Total AV Antivirus Pro (20260430)","VIPRE Advanced Security (20260430)","VirIT eXplorer PRO (20260430)","Webroot SecureAnywhere (20260430)"],"avAllowList":["Trend Micro Internet Security (20260430)","Windows Defender (20260430)"]},{"isRevoked":"False","fileName":"rk_setup.exe","isInstaller":"True","companyName":"TMRG                                                        ","productName":"RelevantKnowledge Setup","productVersion":"1.1.0","fileVersion":"1.1.0","hashMD5":"9cfa0cb7a345bfe8278642eae69fbfa8","hashSHA1":"fe4f056af9c2e54e1ecb3b10ffd73311b23fb171","hashSHA256":"ed692e804c10483e0e6e1e50f34b9d5f9fbf43ab33357dbbedf5e7494b22872d","digitalCertThumbprint":"9E8BAD8B8FF388AE7C360DA59231961CC469F3A1","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=\"TMRG, Inc\", O=\"TMRG, Inc\", L=Reston, S=Virginia, C=US","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"116","avBlockList":["360 Total Security (20260507)","Avast Premium Security (20260507)","AVG Internet Security (20260507)","Avira Internet Security (20260507)","COMODO Antivirus (20260507)","Dr.Web Security Space (20260507)","ESET Internet Security (20260507)","FortectPremium (20260507)","G DATA INTERNET SECURITY (20260507)","K7 Total Security (20260507)","KasperskyPremium (20260507)","Malwarebytes Premium (20260507)","McAfee Total Protection (20260507)","Norton Security (20260507)","Panda Dome (20260507)","Sophos Home Premium (20260507)","SpyHunter5 (20260507)","Total AV Antivirus Pro (20260507)","Trend Micro Internet Security (20260507)","VIPRE Advanced Security (20260507)","VirIT eXplorer PRO (20260507)","Webroot SecureAnywhere (20260507)"],"avAllowList":["Bitdefender Internet Security (20260507)","Quick Heal Internet Security (20260507)","Windows Defender (20260507)"]}],"additionalFiles":[],"sources":[{"howFound":"new version of existing Deceptor","reference":"https://www.chris-pc.com/","landingPage":"https://free-vpn-connection.chris-pc.com/index.html","directDownloadingLink":"https://www.chris-pc.com/download.php?id=51&file=setup_chrispc_free_vpn_connection.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.chris-pc.com/download.php?id=51&file=setup_chrispc_free_vpn_connection.exe","sourceIndex":"116"}],"sampleFiles":["260303/ChrisPCFreeVPNConnection-210622/4.26.0207/Samples/setup_chrispc_free_vpn_connection_4_26_0207.exe","260303/ChrisPCFreeVPNConnection-210622/4.26.0207/Samples/rk_setup.exe"],"imageFiles":["260303/ChrisPCFreeVPNConnection-210622/4.26.0207/Images/ACR-109/ACR-109_Install_1.png","260303/ChrisPCFreeVPNConnection-210622/4.26.0207/Images/ACR-048/ACR-048_Install_1.png","260303/ChrisPCFreeVPNConnection-210622/4.26.0207/Images/ACR-010/ACR-010_Install_1.png","260303/ChrisPCFreeVPNConnection-210622/4.26.0207/Images/ACR-118/ACR-118_Uninstall_1.png","260303/ChrisPCFreeVPNConnection-210622/4.26.0207/Images/ACR-057/ACR-057_Bundler-made offers_1.png","260303/ChrisPCFreeVPNConnection-210622/4.26.0207/Images/ACR-057/ACR-057_Bundler-made offers_2.png","260303/ChrisPCFreeVPNConnection-210622/4.26.0207/Images/ACR-059/ACR-059_Bundler-made offers_1.png","260303/ChrisPCFreeVPNConnection-210622/4.26.0207/Images/ACR-155/ACR-155_Bundler-made offers_1.png"],"nonDeceptorImageFiles":["260303/ChrisPCFreeVPNConnection-210622/4.26.0207/Images/ACR-106/ACR-106_Software_1.png"],"guid":"19d8584b-78ed-449c-a664-5581f82c8d00_4.26.0207_1","appID":"ChrisPCFreeVPNConnection-210622","dateAdded":"260303","deceptorType":"Bundler","name":"ChrisPC – Free VPN Connection","company":"Chris P.C. srl.","version":"4.26.0207","lastKnownStatus":"2.17.22;2.23.15;4.26.0207","lastKnownDate":"260303","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows Vista,Windows 7,Windows 8,Windows 10,Windows XP","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"cross-sell other apps","lastUpdate":"2026-05-12T22:59:37.4395519+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":3,"sortOrder":19},{"violations":{"ACR-109":"The app downloads \"rkverify.exe\", a RelevantKnowledge file. \n","ACR-048":"App still downloads and run “rkverify.exe”, a RelevantKnowledge file even user chose decline.\nOn minimizing the app, it gets directly minimized to system tray instead of task bar, thus limits consumer's control on app.\n","ACR-084":"On minimizing the app, it directly gets minimized to system tray instead of task bar, thus hiding the fact that it is active from the consumer.\n","ACR-103":"Unable to verify the app's value proposition as none of the region gets connected. \n","ACR-059":"The Offer is not clearly marked as an offer. Unclear who is recommending the offer.\n","ACR-155":"Offers are designed to look like part of the install workflow.\n"},"nonDeceptorViolations":{"ACR-065":"The install wizard does not display links to the Returns and Cancellation Policy, or the Privacy Policy.\nThe app does not display links to the EULA and/or Terms of Service, Returns and Cancellation Policy, or the Privacy Policy. \nThe landing page does not display links to the EULA and/or Terms of Service, Returns and Cancellations Policy, Privacy Policy. \nThe internal offer page does not display links to the EULA and/or Terms of Service, Returns and Cancellations Policy, Privacy Policy.\n","ACR-161":"The internal offer page has testimonials that have no links back to a source so consumers can verify if they're real.\n","ACR-099":"The application has no link to a webpage that shows how to uninstall the app. \nThe application's landing page has no link or information that shows how it can be uninstalled.\nThe application's internal offer page has no link or information that shows how it can be uninstalled.\n","ACR-035":"No EULA/Terms of Service, Returns and Cancellation Policy or Privacy Policy is provided for the app.\n","ACR-036":"No EULA/Terms of Service, Returns and Cancellation Policy or Privacy Policy is provided for the app.\n","ACR-037":"The application has no privacy policy.\n","ACR-167":"The application's has no mention of a 30 days refund policy.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\ChrisPC Free VPN Connection\\ChrisPCVPN.exe","companyName":"Chris P.C. srl","productName":"ChrisPC Free VPN Connection","productVersion":"2","fileVersion":"2.4.8.7","hashMD5":"4a94a3b5c47c528f3b2af4eae2af8f99","hashSHA1":"5604521bc05abd2c661a0987c5fcfd219355f388","hashSHA256":"65a29a335440c0ce1aa0093e665e668e3c4daecd6b0e994588c0a6fc2ca7aefd","digitalCertThumbprint":"4A7818A2819B6BA1A430592C742FD458A6507DBD","digitalCertIssuer":"Sectigo RSA Code Signing CA","digitalCertIssuedTo":"ChrisPC Software SRL","storeId":"","sourceIndex":"1772","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"setup_chrispc_free_vpn_connection_2_23_15.exe","isInstaller":"True","companyName":"Chris P.C. srl                                              ","productName":"ChrisPC Free VPN Connection                                 ","productVersion":"2.23.15                                           ","fileVersion":"2.23.15             ","hashMD5":"97b0d0caab0ead9ad9d325cf91ddd9c6","hashSHA1":"69d9d6399a91bd01b6a203c508298f84bc24f845","hashSHA256":"c6265a770712cc364a40b4977400f9ab5a00673da0d1055b6dbc85b16481eecf","digitalCertThumbprint":"4A7818A2819B6BA1A430592C742FD458A6507DBD","digitalCertIssuer":"Sectigo RSA Code Signing CA","digitalCertIssuedTo":"ChrisPC Software SRL","storeId":"","sourceIndex":"1772","avBlockList":["360 Total Security (20260305)","Avast Premium Security (20260305)","AVG Internet Security (20260305)","Avira Internet Security (20260305)","Bitdefender Internet Security (20260305)","COMODO Antivirus (20260305)","Dr.Web Security Space (20260305)","ESET Internet Security (20260305)","G DATA INTERNET SECURITY (20260305)","K7 Total Security (20260305)","Kaspersky Internet Security (20220106)","Malwarebytes Premium (20260305)","McAfee Total Protection (20260305)","Norton Security (20260305)","Panda Dome (20260305)","Quick Heal Internet Security (20260305)","Sophos Home Premium (20260305)","SpyHunter5 (20260305)","Tencent PC Manager (20220106)","Total AV Antivirus Pro (20260305)","VIPRE Advanced Security (20260305)","VirIT eXplorer PRO (20260305)","Webroot SecureAnywhere (20260305)","Windows Defender (20260305)","FortectPremium (20260305)","KasperskyPremium (20260305)"],"avAllowList":["Trend Micro Internet Security (20260305)"]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"","landingPage":"https://free-vpn-connection.chris-pc.com/","directDownloadingLink":"https://www.chris-pc.com/download.php?id=51&file=setup_chrispc_free_vpn_connection.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.chris-pc.com/download.php?id=51&file=setup_chrispc_free_vpn_connection.exe","sourceIndex":"1772"}],"sampleFiles":["211208/ChrisPCFreeVPNConnection-210622/2.23.15/Samples/setup_chrispc_free_vpn_connection_2_23_15.exe"],"imageFiles":["211208/ChrisPCFreeVPNConnection-210622/2.23.15/Images/ACR-109/ACR-109_Install_Downloads_RK.JPG","211208/ChrisPCFreeVPNConnection-210622/2.23.15/Images/ACR-048/ACR-048_Install_No_Control.JPG","211208/ChrisPCFreeVPNConnection-210622/2.23.15/Images/ACR-084/ACR-084_Software_Hides.mp4","211208/ChrisPCFreeVPNConnection-210622/2.23.15/Images/ACR-103/ACR-103_Software_Value_Not_Met.mp4","211208/ChrisPCFreeVPNConnection-210622/2.23.15/Images/ACR-048/ACR-048_Software_Hides.mp4","211208/ChrisPCFreeVPNConnection-210622/2.23.15/Images/ACR-059/ACR-059_Bundler-MadeOffers_Offer_Not_Clear.JPG","211208/ChrisPCFreeVPNConnection-210622/2.23.15/Images/ACR-155/ACR-155_Bundler-MadeOffers_Masquerading_Offer.JPG"],"nonDeceptorImageFiles":["211208/ChrisPCFreeVPNConnection-210622/2.23.15/Images/ACR-065/ACR-065_Install_No_Docs.JPG","211208/ChrisPCFreeVPNConnection-210622/2.23.15/Images/ACR-065/ACR-065_Software_No_Docs.JPG","211208/ChrisPCFreeVPNConnection-210622/2.23.15/Images/ACR-099/ACR-099_Software_No_Uninstall_Information.JPG","211208/ChrisPCFreeVPNConnection-210622/2.23.15/Images/ACR-035/ACR-035_Docs_No_Docs.JPG","211208/ChrisPCFreeVPNConnection-210622/2.23.15/Images/ACR-036/ACR-036_Docs_No_Docs.JPG","211208/ChrisPCFreeVPNConnection-210622/2.23.15/Images/ACR-037/ACR-037_Docs_No_Docs.JPG","211208/ChrisPCFreeVPNConnection-210622/2.23.15/Images/ACR-065/ACR-065_LandingPage_No_Docs.JPG","211208/ChrisPCFreeVPNConnection-210622/2.23.15/Images/ACR-099/ACR-099_LandingPage_No_Uninstall_Information.JPG","211208/ChrisPCFreeVPNConnection-210622/2.23.15/Images/ACR-065/ACR-065_InternalOffers_No_Docs.JPG","211208/ChrisPCFreeVPNConnection-210622/2.23.15/Images/ACR-099/ACR-099_InternalOffers_No_Uninstall_Information.JPG","211208/ChrisPCFreeVPNConnection-210622/2.23.15/Images/ACR-161/ACR-161_InternalOffers_Unverifiable_Testimonials.JPG"],"guid":"19d8584b-78ed-449c-a664-5581f82c8d00_2.23.15_1","appID":"ChrisPCFreeVPNConnection-210622","dateAdded":"260303","deceptorType":"Bundler","name":"ChrisPC – Free VPN Connection","company":"Chris P.C. srl.","version":"2.23.15","lastKnownStatus":"2.17.22;2.23.15;4.26.0207","lastKnownDate":"260303","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows Vista,Windows 7,Windows 8,Windows 10,Windows XP","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"cross-sell other apps","lastUpdate":"2026-03-03T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":3,"sortOrder":20},{"violations":{"ACR-004":"The application doesn't provide a free fix (recovery) instead offering a subscription that the user needs to pay to fix it.\n"},"nonDeceptorViolations":{"ACR-045":"“Try it Free\" highlights \"Free\" misleads user. The functionality that requires consumer payment in order to be activated needs to be marked clearly in landing page. Otherwise app should remove \"free\" word.\n"},"samples":[{"isRevoked":"False","fileName":"Wondershare_Recoverit_Installer.dmg","isInstaller":"True","hashMD5":"d5a0e47ce8e6322fee73cb1d50c5a778","hashSHA1":"4436cf3f22726cce9eca2c648bce801b9aa04b45","hashSHA256":"88de43b4aabfe239b9fdeaca69630ca6f6b6f771f8d37e49970743c3c09f139d","sourceIndex":"142","avBlockList":["Avast Security for Mac (20260210)","Avira Security for Mac (20260210)","Norton Security for Mac (20260210)","SpyHunterforMac (20260210)","Trend Micro Antivirus for Mac (20260210)"],"avAllowList":["Bitdefender Antivirus for Mac (20260210)","ESET Cyber Security Pro for Mac (20260210)","G DATA AntiVirus for Mac (20260210)","K7 Antivirus for Mac (20260210)","Kaspersky Internet Security for Mac (20260210)","McAfee Internet Security for Mac (20260210)","Sophos Home Premium For Mac (20260210)"]},{"isRevoked":"False","fileName":"Recoverit","fileVersion":"10.10.0","hashMD5":"bf1a771b7421e03e9fb392f48d5b79fb","hashSHA1":"b6b639e89ab77b3220c4b586b3f35fcb261abbba","hashSHA256":"ced7a3781d21b6b3b6fb451dcfaabae32d24cfcf2751b36c0bf0083d8ea5a67d","sourceIndex":"142","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"https://recoverit.wondershare.com/","reference":"https://www.wondershare.com","landingPage":"https://recoverit.wondershare.com/","directDownloadingLink":"https://download.wondershare.com/inst/installer-privacy-a_recoverit_setup_full4138.dmg","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://download.wondershare.com/inst/installer-privacy-a_recoverit_setup_full4138.dmg","sourceIndex":"142"}],"sampleFiles":["251201/WondershareRecoverit-251127/14.0.5/Samples/Wondershare_Recoverit_Installer.dmg","251201/WondershareRecoverit-251127/14.0.5/Samples/Recoverit"],"imageFiles":["251201/WondershareRecoverit-251127/14.0.5/Images/ACR-004/app6.png","251201/WondershareRecoverit-251127/14.0.5/Images/ACR-004/Offerpage1.png"],"nonDeceptorImageFiles":["251201/WondershareRecoverit-251127/14.0.5/Images/ACR-045/landingpage2.png","251201/WondershareRecoverit-251127/14.0.5/Images/ACR-045/landingpage3.png"],"guid":"e7e6be31-bb77-4e14-ac8d-22bccfc1857d_14.0.5_1","appID":"WondershareRecoverit-251127","dateAdded":"260302","deceptorType":"MacOS App","name":"Wondershare Recoverit for Mac","company":"WONDERSHARE TECHNOLOGY GROUP CO., LIMITED","version":"14.0.5","lastKnownStatus":"14.0.5;14.0.12","lastKnownDate":"260302","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2026-03-02T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":23},{"violations":{"ACR-048":"The app creates undisclosed scheduled task and startup item to perform actions without the consumer's knowledge and consent and does not provide control to enable/disable them within the app's settings.\n","ACR-006":"The app does not disclose the search engine \"Pulse\" is serving up Yahoo! search results.\n","ACR-007":"The app's attribution is not clear misleading user about their search provider. It redirects user searches to search.pulsebrowser.com before calling Yahoo search.\n","ACR-104":"App serves Yahoo search results when it indicates in search bar that it will use Pulse.\n\n"},"nonDeceptorViolations":{"ACR-040":"App installs in hidden folder %AppData% without proper disclosure.\n","ACR-065":"The install does not display links to the EULA and Privacy Policy.\n"},"samples":[{"isRevoked":"False","fileName":"setup.exe","isInstaller":"True","companyName":"The Chromium Authors","productName":"Pulse Browser Installer","productVersion":"133.0.6943.175","fileVersion":"133.0.6943.175","hashMD5":"cb473df61889d7bdde07b4ebff3bbeb6","hashSHA1":"116a9f1d4a9b2943f0f854e7f4a5f4b848be8f29","hashSHA256":"5195dea0b8f123f84fd9fcc4aeed85b0525d0b62fd676dcb83e18d095f214386","digitalCertThumbprint":"08A802FF1EF56FE63075A6D99CAC10C5A3398C42","digitalCertIssuer":"CN=Sectigo Public Code Signing CA EV R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=\"Alabama Technology USA, LLC\", O=\"Alabama Technology USA, LLC\", S=New Mexico, C=US, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.2=New Mexico, OID.1.3.6.1.4.1.311.60.2.1.3=US, SERIALNUMBER=6310788","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"112","avBlockList":["360 Total Security (20260317)","Avast Premium Security (20260317)","AVG Internet Security (20260317)","Avira Internet Security (20260317)","COMODO Antivirus (20260317)","Dr.Web Security Space (20260317)","ESET Internet Security (20260317)","FortectPremium (20260317)","K7 Total Security (20260317)","Malwarebytes Premium (20260317)","Norton Security (20260317)","Panda Dome (20260317)","Quick Heal Internet Security (20260317)","Sophos Home Premium (20260317)","SpyHunter5 (20260317)","Total AV Antivirus Pro (20260317)","VirIT eXplorer PRO (20260317)","Webroot SecureAnywhere (20260317)"],"avAllowList":["Bitdefender Internet Security (20260317)","G DATA INTERNET SECURITY (20260317)","KasperskyPremium (20260317)","McAfee Total Protection (20260317)","Trend Micro Internet Security (20260317)","VIPRE Advanced Security (20260317)","Windows Defender (20260317)"]},{"isRevoked":"False","fileName":"pulsebrowser.exe","companyName":"Pulse Software","productName":"PulseBrowser","productVersion":"144.0.7559.67","fileVersion":"144.0.7559.67","hashMD5":"3c451f481676f0ca9a65e687fc9e41e5","hashSHA1":"c6e194d08062047551066f38ba6eae626520ca1a","hashSHA256":"2413db38bcba28791b0fd0eb221d73436ceddf1aa121a280f3f9329d77ee5a92","digitalCertThumbprint":"08A802FF1EF56FE63075A6D99CAC10C5A3398C42","digitalCertIssuer":"CN=Sectigo Public Code Signing CA EV R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=\"Alabama Technology USA, LLC\", O=\"Alabama Technology USA, LLC\", S=New Mexico, C=US, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.2=New Mexico, OID.1.3.6.1.4.1.311.60.2.1.3=US, SERIALNUMBER=6310788","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"112","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"pulsebrowser_proxy.exe","companyName":"Pulse Software","productName":"PulseBrowser","productVersion":"144.0.7559.67","fileVersion":"144.0.7559.67","hashMD5":"010a529f41e1bb4ed6c598b96934f120","hashSHA1":"b61451ca345c27113705f2313b80862084ab4774","hashSHA256":"c1e44f3eff982af3883fad161418a2af8b0231f08080ce7e64c23a496c04c453","digitalCertThumbprint":"08A802FF1EF56FE63075A6D99CAC10C5A3398C42","digitalCertIssuer":"CN=Sectigo Public Code Signing CA EV R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=\"Alabama Technology USA, LLC\", O=\"Alabama Technology USA, LLC\", S=New Mexico, C=US, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.2=New Mexico, OID.1.3.6.1.4.1.311.60.2.1.3=US, SERIALNUMBER=6310788","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"112","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"updater.exe","companyName":"The Chromium Authors","productName":"Pulse Browser Updater","productVersion":"133.0.6943.175","fileVersion":"133.0.6943.175","hashMD5":"e856b7edef397d8df1b2ab0a9b16992c","hashSHA1":"e63dff1fbd788fb1d7e1c1553c67bb778aefff69","hashSHA256":"f9fc1cda1d96dad67e1e0807a9076e2fdd222e7cebe4d6b400b77a833fa389c5","digitalCertThumbprint":"08A802FF1EF56FE63075A6D99CAC10C5A3398C42","digitalCertIssuer":"CN=Sectigo Public Code Signing CA EV R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=\"Alabama Technology USA, LLC\", O=\"Alabama Technology USA, LLC\", S=New Mexico, C=US, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.2=New Mexico, OID.1.3.6.1.4.1.311.60.2.1.3=US, SERIALNUMBER=6310788","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"112","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"random hunt","reference":"Ads - https://filterbypass.me/, https://www.softpedia.com/get/Tweak/Memory-Tweak/  ","landingPage":"https://browsergo.com/","directDownloadingLink":"https://get18.pulsebrowser.net/?tid=fHwxNzcyNDY0ODky","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://get18.pulsebrowser.net/?tid=fHwxNzcyNDY0ODky","sourceIndex":"112"}],"sampleFiles":["260302/PulseBrowser-260302/144.0.7559.67/Samples/setup.exe","260302/PulseBrowser-260302/144.0.7559.67/Samples/pulsebrowser.exe","260302/PulseBrowser-260302/144.0.7559.67/Samples/pulsebrowser_proxy.exe","260302/PulseBrowser-260302/144.0.7559.67/Samples/updater.exe"],"imageFiles":["260302/PulseBrowser-260302/144.0.7559.67/Images/ACR-104/ACR-104.gif","260302/PulseBrowser-260302/144.0.7559.67/Images/ACR-048/ACR-048_Software_1.png","260302/PulseBrowser-260302/144.0.7559.67/Images/ACR-006/ACR-006.gif","260302/PulseBrowser-260302/144.0.7559.67/Images/ACR-007/ACR-007.gif"],"nonDeceptorImageFiles":["260302/PulseBrowser-260302/144.0.7559.67/Images/ACR-040/ACR-040_Install_1.png","260302/PulseBrowser-260302/144.0.7559.67/Images/ACR-065/ACR-065.mp4"],"guid":"e7b76040-2a73-4f3d-bc9f-a1e417f3604b_144.0.7559.67_1","appID":"PulseBrowser-260302","dateAdded":"260302","deceptorType":"App","name":"Pulse Browser","company":"Pulse Software","version":"144.0.7559.67","firstVendorContactDate":"260309","firstAppEsteemReplyDate":"260309","firstResolvedDate":"260313","firstResolvedVersion":"133.0.6943.177","resolved":"TRUE","lastKnownDate":"260302","type":"Windows Executable","category":"Personalization & Search","targetOS":"Windows XP,Windows 11,Windows 10,Windows 8,Windows 7,Windows Vista","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"search","lastUpdate":"2026-03-18T21:15:39.3869223+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":24},{"violations":{"ACR-004":"The application doesn't provide a free fix (recovery) instead offering a subscription that the user needs to pay to fix it.\n"},"nonDeceptorViolations":{"ACR-045":"“Try it Free\" highlights \"Free\" misleads user. The functionality that requires consumer payment in order to be activated needs to be marked clearly in landing page. Otherwise app should remove \"free\" word.\n"},"samples":[{"isRevoked":"False","fileName":"Recoverit","fileVersion":"10.10.0","hashMD5":"bfa96e7b766eaf5099d2dcaadf43043d","hashSHA1":"6ee37062bf3507c9f975704bbf2a493125fa5b10","hashSHA256":"50c5f72866546d187d98171871af2c573338f6c5316a12703da05fa266997b45","sourceIndex":"117","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"Wondershare_Recoverit_Installer.dmg","isInstaller":"True","hashMD5":"1b57fde0b6312795bdff440541ea32cb","hashSHA1":"92fa3e13aba2419839a85c9b82749c00b14022ce","hashSHA256":"149174dce191fa5c850a89945da39ae3d9752b54721be7ff66d458e1e14e13c3","sourceIndex":"117","avBlockList":["Avast Security for Mac (20260512)","Avira Security for Mac (20260512)","ESET Cyber Security Pro for Mac (20260512)","Norton Security for Mac (20260512)","SpyHunterforMac (20260512)","Trend Micro Antivirus for Mac (20260512)"],"avAllowList":["Bitdefender Antivirus for Mac (20260512)","G DATA AntiVirus for Mac (20260512)","K7 Antivirus for Mac (20260512)","Kaspersky Internet Security for Mac (20260512)","McAfee Internet Security for Mac (20260512)","Sophos Home Premium For Mac (20260512)"]}],"additionalFiles":[],"sources":[{"howFound":"https://recoverit.wondershare.com/","reference":"https://www.wondershare.com","landingPage":"https://recoverit.wondershare.com/","directDownloadingLink":"https://download.wondershare.com/inst/installer-privacy-b_recoverit_setup_full4138.dmg","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://download.wondershare.com/inst/installer-privacy-b_recoverit_setup_full4138.dmg","sourceIndex":"117"}],"sampleFiles":["260302/WondershareRecoverit-251127/14.0.12/Samples/Recoverit","260302/WondershareRecoverit-251127/14.0.12/Samples/Wondershare_Recoverit_Installer.dmg"],"imageFiles":["260302/WondershareRecoverit-251127/14.0.12/Images/ACR-004/app3.png","260302/WondershareRecoverit-251127/14.0.12/Images/ACR-004/app5.png","260302/WondershareRecoverit-251127/14.0.12/Images/ACR-004/Recoverit Online Store to Recover Data on Mac Computers.png"],"nonDeceptorImageFiles":["260302/WondershareRecoverit-251127/14.0.12/Images/ACR-045/Official Recoverit for Mac - Recover Unlimited Data from Mac System2.png"],"guid":"e7e6be31-bb77-4e14-ac8d-22bccfc1857d_14.0.12_1","appID":"WondershareRecoverit-251127","dateAdded":"260302","deceptorType":"MacOS App","name":"Wondershare Recoverit for Mac","company":"WONDERSHARE TECHNOLOGY GROUP CO., LIMITED","version":"14.0.12","lastKnownStatus":"14.0.5;14.0.12","lastKnownDate":"260302","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2026-03-02T20:00:04.6406658+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":22},{"violations":{"ACR-048":"\"Quit Carebuzz\"  doesn't quit application completely. The process keeps running in background.\n","ACR-084":"On closing the app, the application keeps running silently in background without notifying user. No clearly indicating the resource sharing is active.\n"},"nonDeceptorViolations":{"ACR-123":"The app does not remove the non-executable files even after uninstall.\n"},"samples":[{"isRevoked":"False","fileName":"CareBuzz_install.exe","isInstaller":"True","companyName":"CareBuzz","productName":"CareBuzz","productVersion":"0.1.3.0","fileVersion":"0.1.3.0","hashMD5":"370b06df1a2e59e0090fcce092a02187","hashSHA1":"eaa8738ccceb1919152419008a779ff733516fc9","hashSHA256":"7b91998b0ec0874b3e8135db7933e1c0fef457e095a2da2b3a1de37f684ffaf7","digitalCertThumbprint":"18D420FE5078F67A5C24B953661233D90ED8CDE6","digitalCertIssuer":"CN=Sectigo Public Code Signing CA EV R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=\"Honeygain, UAB\", O=\"Honeygain, UAB\", S=Vilnius, C=LT, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=LT, SERIALNUMBER=306103177","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"118","avBlockList":["360 Total Security (20260507)","ESET Internet Security (20260507)","FortectPremium (20260507)","K7 Total Security (20260507)","KasperskyPremium (20260507)","Malwarebytes Premium (20260507)","Panda Dome (20260507)","Quick Heal Internet Security (20260507)","Sophos Home Premium (20260507)","SpyHunter5 (20260507)","VirIT eXplorer PRO (20260507)","Webroot SecureAnywhere (20260507)"],"avAllowList":["Avast Premium Security (20260507)","AVG Internet Security (20260507)","Avira Internet Security (20260507)","Bitdefender Internet Security (20260507)","COMODO Antivirus (20260507)","Dr.Web Security Space (20260507)","G DATA INTERNET SECURITY (20260507)","Norton Security (20260507)","Total AV Antivirus Pro (20260507)","Trend Micro Internet Security (20260507)","VIPRE Advanced Security (20260507)","Windows Defender (20260507)","McAfee Total Protection (20260507)"]},{"isRevoked":"False","fileName":"CareBuzz.exe","productName":"CareBuzz","productVersion":"0.1.3.0","fileVersion":"0.1.3.0","hashMD5":"b336328cce2739eb18c9ad45e8838aac","hashSHA1":"79f7cabd3e893932ff144be5aec8162dcaa2a847","hashSHA256":"c929b2bc024648e91e85e2366ae77838a234c4d04bedd0619a0233494d9a1a9a","digitalCertThumbprint":"18D420FE5078F67A5C24B953661233D90ED8CDE6","digitalCertIssuer":"CN=Sectigo Public Code Signing CA EV R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=\"Honeygain, UAB\", O=\"Honeygain, UAB\", S=Vilnius, C=LT, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=LT, SERIALNUMBER=306103177","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"118","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"CareBuzzUpdater.exe","companyName":"CareBuzz","productName":"CareBuzz","productVersion":"0.1.3.0","fileVersion":"0.1.3.0","hashMD5":"c25216dd7a781fff7c34e2644af216d3","hashSHA1":"41f7fcbc402e84ccbfcd4a82587ff3a3b5db0132","hashSHA256":"d21801f014871019e0e0d5ed57be47ca4502928169048271ad81afaf09730436","digitalCertThumbprint":"18D420FE5078F67A5C24B953661233D90ED8CDE6","digitalCertIssuer":"CN=Sectigo Public Code Signing CA EV R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=\"Honeygain, UAB\", O=\"Honeygain, UAB\", S=Vilnius, C=LT, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=LT, SERIALNUMBER=306103177","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"118","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"resource sharing","reference":"Honey Gain","landingPage":"https://www.honeygain.com/carebuzz/","ipv4":"","ipv6":"","sourceIndex":"118"}],"sampleFiles":["260226/CareBuzz-240129/0.1.3.0/Samples/CareBuzz_install.exe"],"imageFiles":["260226/CareBuzz-240129/0.1.3.0/Images/ACR-084/ACR-084_Software_1.png","260226/CareBuzz-240129/0.1.3.0/Images/ACR-084/ACR-084_Software_2.png","260226/CareBuzz-240129/0.1.3.0/Images/ACR-048/ACR-048_Software_1.png","260226/CareBuzz-240129/0.1.3.0/Images/ACR-048/ACR-048_Software_2.png"],"nonDeceptorImageFiles":["260226/CareBuzz-240129/0.1.3.0/Images/ACR-123/ACR-123_Uninstall_1.png"],"guid":"c34a3e38-9add-4523-9423-6a7334fa63b1_0.1.3.0_1","appID":"CareBuzz-240129","dateAdded":"260226","deceptorType":"App","name":"CareBuzz","company":"HoneyGain","version":"0.1.3.0","firstResolvedVersion":"","lastKnownStatus":"0.1.1.0;1.1.3.0","lastKnownDate":"260226","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2026-02-26T23:31:14.5613909+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":25},{"violations":{"ACR-048":"1. The app needs to provide control to quit the background process and app completely within the app settings.\n2. The control for the \"Allow sharing\" option in the settings doesn't function as it claims. The sharing function is always on.\n","ACR-084":"On closing the app, the application doesn't exit completely. It runs silently in the background, hiding the fact that it is active  from the consumer without any notification.\n"},"nonDeceptorViolations":{"ACR-123":"The app does not remove the non-executable files even after uninstall and reboot.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\CareBuzz\\CareBuzz.exe","companyName":"","productName":"CareBuzz","productVersion":"0.1.1.0","fileVersion":"0.1.1.0","hashMD5":"d02e0e3034962c0d82f63b09af19da37","hashSHA1":"e69737350c9fe6767d0a938945b274770eb4aa2f","hashSHA256":"73ea6d6cb8c0e16f8f101edd01d1577b9e25a2b6a8c539f251e88b7865325613","digitalCertThumbprint":"18D420FE5078F67A5C24B953661233D90ED8CDE6","digitalCertIssuer":"Sectigo Public Code Signing CA EV R36","digitalCertIssuedTo":"Honeygain UAB","storeId":"","sourceIndex":"630","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\CareBuzz\\CareBuzzUpdater.exe","companyName":"CareBuzz","productName":"CareBuzz","productVersion":"0.1.1.0","fileVersion":"0.1.1.0","hashMD5":"95ca575cfdb33c41e756f73a277c68cf","hashSHA1":"d023e11f2072db321e37ab49740085866c190824","hashSHA256":"1a4cc4db7a782499935f780d5f5763c89c726482874f15a4bd15dbd25ce54c04","digitalCertThumbprint":"18D420FE5078F67A5C24B953661233D90ED8CDE6","digitalCertIssuer":"Sectigo Public Code Signing CA EV R36","digitalCertIssuedTo":"Honeygain UAB","storeId":"","sourceIndex":"630","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"CareBuzz_install.exe","isInstaller":"True","companyName":"CareBuzz","productName":"CareBuzz","productVersion":"0.1.1.0","fileVersion":"0.1.1.0","hashMD5":"a6de5e58f89021235e2b2055f86faac2","hashSHA1":"c06b8544a53a117b2ab731f70473b43c33ebdaa0","hashSHA256":"bbe1a5b149abaae8fa79de489ebe5a3971e9a18123757b058bec8c793a26c331","digitalCertThumbprint":"18D420FE5078F67A5C24B953661233D90ED8CDE6","digitalCertIssuer":"Sectigo Public Code Signing CA EV R36","digitalCertIssuedTo":"Honeygain UAB","storeId":"","sourceIndex":"630","avBlockList":["Avast Premium Security (20240208)","AVG Internet Security (20240208)","COMODO Antivirus (20240208)","ESET Internet Security (20240208)","K7 Total Security (20240208)","Kaspersky Internet Security (20240208)","McAfee Total Protection (20240208)","Norton Security (20240208)","Panda Dome (20240208)","Sophos Home Premium (20240208)","SpyHunter5 (20240208)","VirIT eXplorer PRO (20240208)","Webroot SecureAnywhere (20240208)"],"avAllowList":["360 Total Security (20240208)","Avira Internet Security (20240208)","Bitdefender Internet Security (20240208)","Dr.Web Security Space (20240208)","G DATA INTERNET SECURITY (20240208)","Malwarebytes Premium (20240208)","Quick Heal Internet Security (20240208)","Total AV Antivirus Pro (20240208)","Trend Micro Internet Security (20240208)","VIPRE Advanced Security (20240208)","Windows Defender (20240208)"]}],"additionalFiles":[],"sources":[{"howFound":"resource sharing","reference":"Honey Gain","landingPage":"https://www.honeygain.com/carebuzz/","ipv4":"","ipv6":"","sourceIndex":"630"}],"sampleFiles":["240131/CareBuzz-240129/0.1.1.0/Samples/CareBuzz_install.exe"],"imageFiles":["240131/CareBuzz-240129/0.1.1.0/Images/ACR-084/ACR-084_Software_1.png","240131/CareBuzz-240129/0.1.1.0/Images/ACR-048/ACR-048_Software_1.png","240131/CareBuzz-240129/0.1.1.0/Images/ACR-048/ACR-048_Software_2.png"],"nonDeceptorImageFiles":["240131/CareBuzz-240129/0.1.1.0/Images/ACR-123/ACR-123.PNG"],"guid":"c34a3e38-9add-4523-9423-6a7334fa63b1_0.1.1.0_1","appID":"CareBuzz-240129","dateAdded":"260226","deceptorType":"App","name":"CareBuzz","company":"HoneyGain","version":"0.1.1.0","firstResolvedVersion":"","lastKnownStatus":"0.1.1.0;1.1.3.0","lastKnownDate":"260226","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2026-02-26T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":26},{"violations":{"ACR-048":"The app does not provide any control to cancel the installation. Even on canceling it installs the application. \n","ACR-017":"The 3rd party endorsement (https://store.bittorrent.com/849/?scope=checkout&cfg=bittorent_redesign_nr&cart=238174&tracking=BitTorrent&tracking=quantcast&enablecoupon=true&x-newsletter=true&paymentTypeId=CCA_VIS&x-logo=ut&x-layout=sass2col) is not verifiable. \n","ACR-084":"On closing the app, application doesn't exit completely. It runs silently in the background, hiding the fact that it is active from the consumer without any notification.\n","ACR-097":"During installation, the app has the option to evade default system security guard \"Add an exception for uTorrent in windows firewall\" without dislclsoing exception reason to the user\n"},"nonDeceptorViolations":{"ACR-040":"The app installs all files to a different location <C:\\Users\\User\\AppData\\Roaming\\uTorrent> instead of the standard location.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Users\\User\\AppData\\Roaming\\uTorrent\\helper\\helper.exe","companyName":"BitTorrent Inc.","productName":"µTorrent Helper","productVersion":"2.1.4.2372","fileVersion":"2.1.4.2372","hashMD5":"0c837d99d77466bb61788fa30b4470fe","hashSHA1":"02d1d3ab0b30b77a3ecae78058a672ba1ea5076d","hashSHA256":"dbedd973360c6952a406ec765e7c766c3940a5e8c5aa9763172497bea51d1e93","digitalCertThumbprint":"94B5B937366BAF324364380B0694A0D8E32A08E2","digitalCertIssuer":"Symantec Class 3 SHA256 Code Signing CA","digitalCertIssuedTo":"BitTorrent Inc","storeId":"","sourceIndex":"1352","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Users\\User\\AppData\\Roaming\\uTorrent\\updates\\3.5.5_46552\\utorrentie.exe","companyName":"BitTorrent Inc.","productName":"","productVersion":"","fileVersion":"1.0.0","hashMD5":"0b383dfcc445fbfa0d62595812ffac16","hashSHA1":"e63460c994957cf0860d000f4620a8994a5753fd","hashSHA256":"88d610acf543eb7679ee558db9c31972353d46a792b1d233c7acb30a486f1e23","digitalCertThumbprint":"94B5B937366BAF324364380B0694A0D8E32A08E2","digitalCertIssuer":"Symantec Class 3 SHA256 Code Signing CA","digitalCertIssuedTo":"BitTorrent Inc","storeId":"","sourceIndex":"1352","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Users\\User\\AppData\\Roaming\\uTorrent\\uTorrent.exe","companyName":"BitTorrent Inc.","productName":"µTorrent","productVersion":"3.5.5.46552","fileVersion":"3.5.5.46552","hashMD5":"be8519c6da696abd322b2db07ff2b462","hashSHA1":"a2dcb30ae032c3b0695af6ac1601bedbc05a11fd","hashSHA256":"d9ff2aeb715a0c795e8e86a9de31eb1405bf510d9e57860acb0fde71a0e80468","digitalCertThumbprint":"94B5B937366BAF324364380B0694A0D8E32A08E2","digitalCertIssuer":"Symantec Class 3 SHA256 Code Signing CA","digitalCertIssuedTo":"BitTorrent Inc","storeId":"","sourceIndex":"1352","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"uTorrent.exe","isInstaller":"True","companyName":"                                                            ","productName":"µTorrent® Classic                                           ","productVersion":"3.5                                               ","fileVersion":"3.5                 ","hashMD5":"68a70ef9d99e94926e7231e00e136890","hashSHA1":"5486bb9e8ad619d60e627efb13b1eb474a47c94f","hashSHA256":"f72ee83436cb1f82366bfaafb14a4c0cb99826c02166fc0bd21fb6e7eb5190c6","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Rainberry Inc","storeId":"","sourceIndex":"1352","avBlockList":["360 Total Security (20240718)","Avast Premium Security (20240718)","AVG Internet Security (20240718)","Avira Internet Security (20240718)","Bitdefender Internet Security (20240718)","COMODO Antivirus (20240718)","Dr.Web Security Space (20240718)","ESET Internet Security (20240718)","G DATA INTERNET SECURITY (20240718)","K7 Total Security (20240718)","Kaspersky Internet Security (20240718)","Malwarebytes Premium (20240718)","McAfee Total Protection (20240718)","Norton Security (20240718)","Panda Dome (20240718)","Quick Heal Internet Security (20240718)","Sophos Home Premium (20240718)","SpyHunter5 (20240718)","Total AV Antivirus Pro (20240718)","Trend Micro Internet Security (20240718)","VIPRE Advanced Security (20240718)","VirIT eXplorer PRO (20240718)","Webroot SecureAnywhere (20240718)","Windows Defender (20240718)","FortectPremium (20240718)"],"avAllowList":["Tencent PC Manager (20220719)"]}],"additionalFiles":[],"sources":[{"howFound":"uTorrent Web","reference":"","landingPage":"https://www.utorrent.com/","directDownloadingLink":"https://www.utorrent.com/downloads/complete/track/stable/os/win/","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.utorrent.com/downloads/complete/track/stable/os/win/","sourceIndex":"1352"}],"sampleFiles":["221027/uTorrentClassic-211215/3.5.5.46552/Samples/uTorrent.exe"],"imageFiles":["221027/uTorrentClassic-211215/3.5.5.46552/Images/ACR-048/ACR-048_Install.JPG","221027/uTorrentClassic-211215/3.5.5.46552/Images/ACR-084/ACR-084_Software.JPG","221027/uTorrentClassic-211215/3.5.5.46552/Images/ACR-097/ACR-097_Software.JPG","221027/uTorrentClassic-211215/3.5.5.46552/Images/ACR-017/ACR-017_InternalOffers.JPG"],"nonDeceptorImageFiles":["221027/uTorrentClassic-211215/3.5.5.46552/Images/ACR-040/ACR-040_Install.JPG"],"guid":"4b11710c-2201-4d5a-bf94-5850f6f9c6f1_3.5.5.46552_1","appID":"uTorrentClassic-211215","dateAdded":"260209","deceptorType":"App","name":"uTorrent Classic","company":"BitTorrent Inc.","version":"3.5.5.46552","lastKnownStatus":"3.5.5.46148;3.5.5.46200;3.5.5.46304;3.5.5.46348;3.5.5.46542;3.5.5.46552;3.6.0.46716;3.6.0.46812;3.6.0.46822;3.6.0.46828;3.6.0.46830;3.6.0.46842;3.6.0.46856;3.6.0.46884;3.6.0.46896;3.6.0.46922;3.6.0.47006;3.6.0.47012;;3.6.0.47016;3.6.0.47028;3.6.0.47044;3.6.0.47062;3.6.0.47082;3.6.0.47084;3.6.0.47124;3.6.0.47116;3.6.0.47132;3.6.0.47134;3.6.0.47228;3.6.0.47142","lastKnownDate":"260209","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2026-02-09T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":30,"sortOrder":51},{"violations":{"ACR-048":"The app does not provide any control to cancel the installation. Even on canceling it installs the application. \n","ACR-017":"The 3rd party endorsement (https://store.bittorrent.com/849/?scope=checkout&cfg=bittorent_redesign_nr&cart=238174&tracking=BitTorrent&tracking=quantcast&enablecoupon=true&x-newsletter=true&paymentTypeId=CCA_VIS&x-logo=ut&x-layout=sass2col) is not verifiable. \n","ACR-084":"On closing the app, application doesn't exit completely. It runs silently in the background, hiding the fact that it is active from the consumer without any notification.\n","ACR-097":"During installation, the app has an option to evade default system security guard \"Add an exception for uTorrent in windows firewall\" without details the reason to user. \n"},"nonDeceptorViolations":{"ACR-040":"The app installs all files to a different location <C:\\Users\\User\\AppData\\Roaming\\uTorrent> instead of the standard location.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Users\\User\\AppData\\Roaming\\uTorrent\\helper\\helper.exe","companyName":"BitTorrent Inc.","productName":"µTorrent Helper","productVersion":"2.1.4.2372","fileVersion":"2.1.4.2372","hashMD5":"0c837d99d77466bb61788fa30b4470fe","hashSHA1":"02d1d3ab0b30b77a3ecae78058a672ba1ea5076d","hashSHA256":"dbedd973360c6952a406ec765e7c766c3940a5e8c5aa9763172497bea51d1e93","digitalCertThumbprint":"94B5B937366BAF324364380B0694A0D8E32A08E2","digitalCertIssuer":"Symantec Class 3 SHA256 Code Signing CA","digitalCertIssuedTo":"BitTorrent Inc","storeId":"","sourceIndex":"1379","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Users\\User\\AppData\\Roaming\\uTorrent\\updates\\3.5.5_46542\\utorrentie.exe","companyName":"BitTorrent Inc.","productName":"","productVersion":"","fileVersion":"1.0.0","hashMD5":"046dd376d569d451935759e6279c0ce4","hashSHA1":"b6976b186758d6d7e1ba799802c0eab2b8207757","hashSHA256":"02ef23aa766740943aa2c5d1bee832bd8c1527f33fe12832f7986d9e8fa7444a","digitalCertThumbprint":"94B5B937366BAF324364380B0694A0D8E32A08E2","digitalCertIssuer":"Symantec Class 3 SHA256 Code Signing CA","digitalCertIssuedTo":"BitTorrent Inc","storeId":"","sourceIndex":"1379","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Users\\User\\AppData\\Roaming\\uTorrent\\uTorrent.exe","companyName":"BitTorrent Inc.","productName":"µTorrent","productVersion":"3.5.5.46542","fileVersion":"3.5.5.46542","hashMD5":"33a93c317ce7d83768be259447b9d3df","hashSHA1":"55f1130f1d6b736a44a6fece78f196277def9d42","hashSHA256":"74c45a5f2ffffad53ca82c3daf94b5c21ef2e06bdbc2e6ecc8128124933cd6e5","digitalCertThumbprint":"94B5B937366BAF324364380B0694A0D8E32A08E2","digitalCertIssuer":"Symantec Class 3 SHA256 Code Signing CA","digitalCertIssuedTo":"BitTorrent Inc","storeId":"","sourceIndex":"1379","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"uTorrent.exe","isInstaller":"True","companyName":"                                                            ","productName":"µTorrent® Classic                                           ","productVersion":"3.5                                               ","fileVersion":"3.5                 ","hashMD5":"68a70ef9d99e94926e7231e00e136890","hashSHA1":"5486bb9e8ad619d60e627efb13b1eb474a47c94f","hashSHA256":"f72ee83436cb1f82366bfaafb14a4c0cb99826c02166fc0bd21fb6e7eb5190c6","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Rainberry Inc","storeId":"","sourceIndex":"1379","avBlockList":["360 Total Security (20240718)","Avast Premium Security (20240718)","AVG Internet Security (20240718)","Avira Internet Security (20240718)","Bitdefender Internet Security (20240718)","COMODO Antivirus (20240718)","Dr.Web Security Space (20240718)","ESET Internet Security (20240718)","G DATA INTERNET SECURITY (20240718)","K7 Total Security (20240718)","Kaspersky Internet Security (20240718)","Malwarebytes Premium (20240718)","McAfee Total Protection (20240718)","Norton Security (20240718)","Panda Dome (20240718)","Quick Heal Internet Security (20240718)","Sophos Home Premium (20240718)","SpyHunter5 (20240718)","Total AV Antivirus Pro (20240718)","Trend Micro Internet Security (20240718)","VIPRE Advanced Security (20240718)","VirIT eXplorer PRO (20240718)","Webroot SecureAnywhere (20240718)","Windows Defender (20240718)","FortectPremium (20240718)"],"avAllowList":["Tencent PC Manager (20220719)"]}],"additionalFiles":[],"sources":[{"howFound":"uTorrent Web","reference":"","landingPage":"https://www.utorrent.com/","directDownloadingLink":"https://www.utorrent.com/downloads/complete/track/stable/os/win/","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.utorrent.com/downloads/complete/track/stable/os/win/","sourceIndex":"1379"}],"sampleFiles":["221011/uTorrentClassic-211215/3.5.5.46542/Samples/uTorrent.exe"],"imageFiles":["221011/uTorrentClassic-211215/3.5.5.46542/Images/ACR-048/ACR-048.JPG","221011/uTorrentClassic-211215/3.5.5.46542/Images/ACR-084/ACR-084_Software.JPG","221011/uTorrentClassic-211215/3.5.5.46542/Images/ACR-097/ACR-097.JPG","221011/uTorrentClassic-211215/3.5.5.46542/Images/ACR-017/ACR-017.JPG"],"nonDeceptorImageFiles":["221011/uTorrentClassic-211215/3.5.5.46542/Images/ACR-040/ACR-040.JPG"],"guid":"4b11710c-2201-4d5a-bf94-5850f6f9c6f1_3.5.5.46542_1","appID":"uTorrentClassic-211215","dateAdded":"260209","deceptorType":"App","name":"uTorrent Classic","company":"BitTorrent Inc.","version":"3.5.5.46542","lastKnownStatus":"3.5.5.46148;3.5.5.46200;3.5.5.46304;3.5.5.46348;3.5.5.46542;3.5.5.46552;3.6.0.46716;3.6.0.46812;3.6.0.46822;3.6.0.46828;3.6.0.46830;3.6.0.46842;3.6.0.46856;3.6.0.46884;3.6.0.46896;3.6.0.46922;3.6.0.47006;3.6.0.47012;;3.6.0.47016;3.6.0.47028;3.6.0.47044;3.6.0.47062;3.6.0.47082;3.6.0.47084;3.6.0.47124;3.6.0.47116;3.6.0.47132;3.6.0.47134;3.6.0.47228;3.6.0.47142","lastKnownDate":"260209","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2026-02-09T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":30,"sortOrder":52},{"violations":{"ACR-048":"The app does not provide any control to cancel the installation. Even on canceling it installs the application. \n","ACR-017":"The 3rd party endorsement (https://store.bittorrent.com/849/?scope=checkout&cfg=bittorent_redesign_nr&cart=238174&tracking=BitTorrent&tracking=quantcast&enablecoupon=true&x-newsletter=true&paymentTypeId=CCA_VIS&x-logo=ut&x-layout=sass2col) is not verifiable. \n","ACR-084":"On closing the app, application doesn't exit completely. It runs silently in the background, hiding the fact that it is active from the consumer without any notification.\n","ACR-097":"During installation, the app has an option to evade default system security guard \"Add an exception for uTorrent in windows firewall\" without details the reason to user. \n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components on the device without notifying user.\n"},"nonDeceptorViolations":{"ACR-040":"The app installs all files to a different location <C:\\Users\\User\\AppData\\Roaming\\uTorrent> instead of the standard location.\n","ACR-123":"The app does not remove its startup item even after uninstall.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Users\\User\\AppData\\Roaming\\uTorrent\\helper\\helper.exe","companyName":"BitTorrent Inc.","productName":"µTorrent Helper","productVersion":"2.1.4.2372","fileVersion":"2.1.4.2372","hashMD5":"0c837d99d77466bb61788fa30b4470fe","hashSHA1":"02d1d3ab0b30b77a3ecae78058a672ba1ea5076d","hashSHA256":"dbedd973360c6952a406ec765e7c766c3940a5e8c5aa9763172497bea51d1e93","digitalCertThumbprint":"94B5B937366BAF324364380B0694A0D8E32A08E2","digitalCertIssuer":"Symantec Class 3 SHA256 Code Signing CA","digitalCertIssuedTo":"BitTorrent Inc","storeId":"","sourceIndex":"1520","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Users\\User\\AppData\\Roaming\\uTorrent\\updates\\3.5.5_46348\\utorrentie.exe","companyName":"BitTorrent Inc.","productName":"","productVersion":"","fileVersion":"1.0.0","hashMD5":"cc70a40eea5375c967813f0b3595b61d","hashSHA1":"2e58b566bb2d011c4ca1bcb1f1d69565f957e618","hashSHA256":"28317a2f4adad12865be839e1ac038d11a134d13c494024ba5af1ffb8a26929f","digitalCertThumbprint":"94B5B937366BAF324364380B0694A0D8E32A08E2","digitalCertIssuer":"Symantec Class 3 SHA256 Code Signing CA","digitalCertIssuedTo":"BitTorrent Inc","storeId":"","sourceIndex":"1520","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Users\\User\\AppData\\Roaming\\uTorrent\\uTorrent.exe","companyName":"BitTorrent Inc.","productName":"µTorrent","productVersion":"3.5.5.46348","fileVersion":"3.5.5.46348","hashMD5":"600f20abcc1fa9f5bda0965d07b6855d","hashSHA1":"38f079ce6b51508a9e62bd7b24ed792cde38d33b","hashSHA256":"7d89a16fc0d3afa3cd78cc51e7ae6a81343cb14de6fdca9325142deca5133515","digitalCertThumbprint":"94B5B937366BAF324364380B0694A0D8E32A08E2","digitalCertIssuer":"Symantec Class 3 SHA256 Code Signing CA","digitalCertIssuedTo":"BitTorrent Inc","storeId":"","sourceIndex":"1520","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"uTorrent.exe","isInstaller":"True","companyName":"                                                            ","productName":"µTorrent® Classic                                           ","productVersion":"3.5                                               ","fileVersion":"3.5                 ","hashMD5":"68a70ef9d99e94926e7231e00e136890","hashSHA1":"5486bb9e8ad619d60e627efb13b1eb474a47c94f","hashSHA256":"f72ee83436cb1f82366bfaafb14a4c0cb99826c02166fc0bd21fb6e7eb5190c6","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Rainberry Inc","storeId":"","sourceIndex":"1520","avBlockList":["360 Total Security (20240718)","Avast Premium Security (20240718)","AVG Internet Security (20240718)","Avira Internet Security (20240718)","Bitdefender Internet Security (20240718)","COMODO Antivirus (20240718)","Dr.Web Security Space (20240718)","ESET Internet Security (20240718)","G DATA INTERNET SECURITY (20240718)","K7 Total Security (20240718)","Kaspersky Internet Security (20240718)","Malwarebytes Premium (20240718)","McAfee Total Protection (20240718)","Norton Security (20240718)","Panda Dome (20240718)","Quick Heal Internet Security (20240718)","Sophos Home Premium (20240718)","SpyHunter5 (20240718)","Total AV Antivirus Pro (20240718)","Trend Micro Internet Security (20240718)","VIPRE Advanced Security (20240718)","VirIT eXplorer PRO (20240718)","Webroot SecureAnywhere (20240718)","Windows Defender (20240718)","FortectPremium (20240718)"],"avAllowList":["Tencent PC Manager (20220719)"]}],"additionalFiles":[],"sources":[{"howFound":"Google search- Torrent apps","reference":"","landingPage":"https://www.utorrent.com/desktop/","directDownloadingLink":"https://www.utorrent.com/downloads/complete/track/stable/os/win/","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.utorrent.com/downloads/complete/track/stable/os/win/","sourceIndex":"1520"}],"sampleFiles":["220712/uTorrentClassic-211215/3.5.5.46348/Samples/uTorrent.exe"],"imageFiles":["220712/uTorrentClassic-211215/3.5.5.46348/Images/ACR-048/ACR-048_Install.JPG","220712/uTorrentClassic-211215/3.5.5.46348/Images/ACR-084/ACR-084_Software.JPG","220712/uTorrentClassic-211215/3.5.5.46348/Images/ACR-097/ACR-097_Software.JPG","220712/uTorrentClassic-211215/3.5.5.46348/Images/ACR-118/ACR-118_Uninstall.JPG","220712/uTorrentClassic-211215/3.5.5.46348/Images/ACR-118/ACR-118_Uninstall_1.JPG","220712/uTorrentClassic-211215/3.5.5.46348/Images/ACR-017/ACR-017_InternalOffers.JPG"],"nonDeceptorImageFiles":["220712/uTorrentClassic-211215/3.5.5.46348/Images/ACR-040/ACR-040_Install.JPG","220712/uTorrentClassic-211215/3.5.5.46348/Images/ACR-123/ACR-123_Uninstall.JPG"],"guid":"4b11710c-2201-4d5a-bf94-5850f6f9c6f1_3.5.5.46348_1","appID":"uTorrentClassic-211215","dateAdded":"260209","deceptorType":"App","name":"uTorrent Classic","company":"BitTorrent Inc.","version":"3.5.5.46348","lastKnownStatus":"3.5.5.46148;3.5.5.46200;3.5.5.46304;3.5.5.46348;3.5.5.46542;3.5.5.46552;3.6.0.46716;3.6.0.46812;3.6.0.46822;3.6.0.46828;3.6.0.46830;3.6.0.46842;3.6.0.46856;3.6.0.46884;3.6.0.46896;3.6.0.46922;3.6.0.47006;3.6.0.47012;;3.6.0.47016;3.6.0.47028;3.6.0.47044;3.6.0.47062;3.6.0.47082;3.6.0.47084;3.6.0.47124;3.6.0.47116;3.6.0.47132;3.6.0.47134;3.6.0.47228;3.6.0.47142","lastKnownDate":"260209","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2026-02-09T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":30,"sortOrder":53},{"violations":{"ACR-048":"The app does not provide any control to cancel the installation. Even on canceling it installs the application. \n","ACR-017":"The 3rd party endorsement ( https://store.bittorrent.com/849/?scope=checkout&cfg=bittorent_redesign_nr&cart=238174&tracking=BitTorrent&tracking=quantcast&enablecoupon=true&x-newsletter=true&paymentTypeId=CCA_VIS&x-logo=ut&x-layout=sass2col) is not verifiable. \n","ACR-084":"On closing the app, application doesn't exit completely. It runs silently in the background, hiding the fact that it is active from the consumer without any notification.\n","ACR-097":"During installation, the app has an option to evade default system security guard \"Add an exception for uTorrent in windows firewall\" without details the reason to user. \n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components on the device without notifying user.\n"},"nonDeceptorViolations":{"ACR-040":"The app installs all files to a different location <C:\\Users\\User\\AppData\\Roaming\\uTorrent> instead of the standard location.\n","ACR-123":"The app does not remove its startup item even after uninstall.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Users\\User\\AppData\\Roaming\\uTorrent\\helper\\helper.exe","companyName":"BitTorrent Inc.","productName":"µTorrent Helper","productVersion":"2.1.4.2372","fileVersion":"2.1.4.2372","hashMD5":"0c837d99d77466bb61788fa30b4470fe","hashSHA1":"02d1d3ab0b30b77a3ecae78058a672ba1ea5076d","hashSHA256":"dbedd973360c6952a406ec765e7c766c3940a5e8c5aa9763172497bea51d1e93","digitalCertThumbprint":"94B5B937366BAF324364380B0694A0D8E32A08E2","digitalCertIssuer":"Symantec Class 3 SHA256 Code Signing CA","digitalCertIssuedTo":"BitTorrent Inc","storeId":"","sourceIndex":"1549","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Users\\User\\AppData\\Roaming\\uTorrent\\updates\\3.5.5_46304\\utorrentie.exe","companyName":"BitTorrent Inc.","productName":"","productVersion":"","fileVersion":"1.0.0","hashMD5":"3db2507f58e1fc30c23e30b03ad94778","hashSHA1":"18369b9e0c1640bf71e71339a26da98e976459f0","hashSHA256":"32efa4bffb640bc07d5104fb5e6dd4feb6c298f7acd10198289ae8a7e22604cf","digitalCertThumbprint":"94B5B937366BAF324364380B0694A0D8E32A08E2","digitalCertIssuer":"Symantec Class 3 SHA256 Code Signing CA","digitalCertIssuedTo":"BitTorrent Inc","storeId":"","sourceIndex":"1549","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Users\\User\\AppData\\Roaming\\uTorrent\\uTorrent.exe","companyName":"BitTorrent Inc.","productName":"µTorrent","productVersion":"3.5.5.46304","fileVersion":"3.5.5.46304","hashMD5":"dc207cc725ba775fe9a5d7fd3abbf0d1","hashSHA1":"6f5ad0fb56ba624afa24c7f7ce703736bb7c8c1f","hashSHA256":"8ce54612b6ba168908343fc29c89c6d4cadbb05bab38b87876ff9fb3e98b4e4e","digitalCertThumbprint":"94B5B937366BAF324364380B0694A0D8E32A08E2","digitalCertIssuer":"Symantec Class 3 SHA256 Code Signing CA","digitalCertIssuedTo":"BitTorrent Inc","storeId":"","sourceIndex":"1549","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"uTorrent.exe","isInstaller":"True","companyName":"                                                            ","productName":"µTorrent® Classic                                           ","productVersion":"3.5                                               ","fileVersion":"3.5                 ","hashMD5":"a1dd2f1ae9790d39852d8216cc0764a1","hashSHA1":"af3c126b46b8c33c01304c621f0ff9a13d3da4af","hashSHA256":"aa6a9387bdaf3c1ecc34e51404a49d5d97fb9ace4f08b7ac3b3558a41eac87f4","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Rainberry Inc","storeId":"","sourceIndex":"1549","avBlockList":["COMODO Antivirus (20240613)","Dr.Web Security Space (20240613)","ESET Internet Security (20240613)","G DATA INTERNET SECURITY (20240613)","Malwarebytes Premium (20240613)","McAfee Total Protection (20240613)","Norton Security (20240613)","Panda Dome (20240613)","Sophos Home Premium (20240613)","VirIT eXplorer PRO (20240613)","Webroot SecureAnywhere (20240613)"],"avAllowList":["360 Total Security (20240613)","Avast Premium Security (20240613)","AVG Internet Security (20240613)","Avira Internet Security (20240613)","Bitdefender Internet Security (20240613)","K7 Total Security (20240613)","Kaspersky Internet Security (20240613)","Quick Heal Internet Security (20240613)","SpyHunter5 (20240613)","Total AV Antivirus Pro (20240613)","Trend Micro Internet Security (20240613)","VIPRE Advanced Security (20240613)","Windows Defender (20240613)"]}],"additionalFiles":[],"sources":[{"howFound":"uTorrent Web","reference":"","landingPage":"https://www.utorrent.com/desktop/","directDownloadingLink":"https://www.utorrent.com/downloads/complete/track/stable/os/win/","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.utorrent.com/downloads/complete/track/stable/os/win/","sourceIndex":"1549"}],"sampleFiles":["220622/uTorrentClassic-211215/3.5.5.46304/Samples/uTorrent.exe"],"imageFiles":["220622/uTorrentClassic-211215/3.5.5.46304/Images/ACR-048/ACR-048_Install.JPG","220622/uTorrentClassic-211215/3.5.5.46304/Images/ACR-084/ACR-084_Software.JPG","220622/uTorrentClassic-211215/3.5.5.46304/Images/ACR-097/ACR-097_Software.JPG","220622/uTorrentClassic-211215/3.5.5.46304/Images/ACR-118/ACR-118_Uninstall.JPG","220622/uTorrentClassic-211215/3.5.5.46304/Images/ACR-118/ACR-118_Uninstall_1.JPG","220622/uTorrentClassic-211215/3.5.5.46304/Images/ACR-017/ACR-017_InternalOffers.JPG"],"nonDeceptorImageFiles":["220622/uTorrentClassic-211215/3.5.5.46304/Images/ACR-040/ACR-040_Install.JPG","220622/uTorrentClassic-211215/3.5.5.46304/Images/ACR-123/ACR-123_Uninstall.JPG"],"guid":"4b11710c-2201-4d5a-bf94-5850f6f9c6f1_3.5.5.46304_1","appID":"uTorrentClassic-211215","dateAdded":"260209","deceptorType":"App","name":"uTorrent Classic","company":"BitTorrent Inc.","version":"3.5.5.46304","lastKnownStatus":"3.5.5.46148;3.5.5.46200;3.5.5.46304;3.5.5.46348;3.5.5.46542;3.5.5.46552;3.6.0.46716;3.6.0.46812;3.6.0.46822;3.6.0.46828;3.6.0.46830;3.6.0.46842;3.6.0.46856;3.6.0.46884;3.6.0.46896;3.6.0.46922;3.6.0.47006;3.6.0.47012;;3.6.0.47016;3.6.0.47028;3.6.0.47044;3.6.0.47062;3.6.0.47082;3.6.0.47084;3.6.0.47124;3.6.0.47116;3.6.0.47132;3.6.0.47134;3.6.0.47228;3.6.0.47142","lastKnownDate":"260209","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2026-02-09T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":30,"sortOrder":54},{"violations":{"ACR-048":"The app does not provide any control to cancel the installation. Even on canceling it installs the application. \n","ACR-017":"The 3rd party endorsement ( https://bit.ly/3JuzY2b ) is not verifiable. \n","ACR-084":"On closing the app, application doesn't exit completely. It runs silently in the background, hiding the fact that it is active from the consumer without any notification.\n","ACR-097":"During installation, the app has an option to evade default system security guard \"Add an exception for uTorrent in windows firewall\" without details the reason to user. \n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components on the device without notifying user.\n","ACR-059":"The recommended by \"who\" is not clear in the Offer.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"C:\\Users\\User\\AppData\\Roaming\\uTorrent\\uTorrent.exe","companyName":"BitTorrent Inc.","productName":"µTorrent","productVersion":"3.5.5.46200","fileVersion":"3.5.5.46200","hashMD5":"7c4f15ea0f16f5bfd2e868d70aded600","hashSHA1":"f79177ecfbc633e294a9c159bac9424f712278e1","hashSHA256":"d91e240254ebb233f7f23fa1afe91c12089eed919e9ff85e4cb7a8aeb04b5a51","digitalCertThumbprint":"94B5B937366BAF324364380B0694A0D8E32A08E2","digitalCertIssuer":"Symantec Class 3 SHA256 Code Signing CA","digitalCertIssuedTo":"BitTorrent Inc","storeId":"","sourceIndex":"1711","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"uTorrentClassicInstaller.exe","isInstaller":"True","companyName":"BitTorrent Inc.","productName":"µTorrent","productVersion":"3.5.5.46200","fileVersion":"3.5.5.46200","hashMD5":"022d5ae6c56eae61aac0e44bb680bc5e","hashSHA1":"41a0cbb65ede0c6105a4b4db36014d593c59fc7d","hashSHA256":"50d5c5e87031f564b0ccf85520fd29e8189f06f616054bbbd31340b8d643a4a2","digitalCertThumbprint":"680463B23D34E23AC40F45E062C9296878995188","digitalCertIssuer":"Entrust Extended Validation Code Signing CA - EVCS1","digitalCertIssuedTo":"BitTorrent Inc.","storeId":"","sourceIndex":"1711","avBlockList":["Bitdefender Internet Security (20240808)","COMODO Antivirus (20240808)","Dr.Web Security Space (20240808)","ESET Internet Security (20240808)","G DATA INTERNET SECURITY (20240808)","K7 Total Security (20240808)","Malwarebytes Premium (20240808)","Norton Security (20240808)","Panda Dome (20240808)","Quick Heal Internet Security (20240808)","Sophos Home Premium (20240808)","Trend Micro Internet Security (20240808)","VIPRE Advanced Security (20240808)","VirIT eXplorer PRO (20240808)","Webroot SecureAnywhere (20240808)","FortectPremium (20240808)"],"avAllowList":["360 Total Security (20240808)","Avast Premium Security (20240808)","AVG Internet Security (20240808)","Avira Internet Security (20240808)","Kaspersky Internet Security (20220222)","McAfee Total Protection (20240808)","SpyHunter5 (20240808)","Tencent PC Manager (20220222)","Total AV Antivirus Pro (20240808)","Windows Defender (20240808)","KasperskyPremium (20240808)"]}],"additionalFiles":[],"sources":[{"howFound":"uTorrent Web","reference":"","landingPage":"https://www.utorrent.com/desktop/","directDownloadingLink":"https://www.utorrent.com/downloads/complete/track/stable/os/win/","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.utorrent.com/downloads/complete/track/stable/os/win/","sourceIndex":"1711"}],"sampleFiles":["220214/uTorrentClassic-211215/3.5.5.46200/Samples/uTorrentClassicInstaller.exe"],"imageFiles":["220214/uTorrentClassic-211215/3.5.5.46200/Images/ACR-048/ACR-048_Software_No_Control.JPG","220214/uTorrentClassic-211215/3.5.5.46200/Images/ACR-084/ACR-084_Software_Process.JPG","220214/uTorrentClassic-211215/3.5.5.46200/Images/ACR-097/ACR-097_Software.JPG","220214/uTorrentClassic-211215/3.5.5.46200/Images/ACR-118/ACR-118_Uninstall_Retains.JPG","220214/uTorrentClassic-211215/3.5.5.46200/Images/ACR-118/ACR-118_Uninstall_Retains_1.JPG","220214/uTorrentClassic-211215/3.5.5.46200/Images/ACR-059/ACR-059_BundlerMadeOffers_Recommended.JPG","220214/uTorrentClassic-211215/3.5.5.46200/Images/ACR-017/ACR-017_InternalOffers_Unverifiable.JPG"],"nonDeceptorImageFiles":[],"guid":"4b11710c-2201-4d5a-bf94-5850f6f9c6f1_3.5.5.46200_1","appID":"uTorrentClassic-211215","dateAdded":"260209","deceptorType":"App","name":"uTorrent Classic","company":"BitTorrent Inc.","version":"3.5.5.46200","lastKnownStatus":"3.5.5.46148;3.5.5.46200;3.5.5.46304;3.5.5.46348;3.5.5.46542;3.5.5.46552;3.6.0.46716;3.6.0.46812;3.6.0.46822;3.6.0.46828;3.6.0.46830;3.6.0.46842;3.6.0.46856;3.6.0.46884;3.6.0.46896;3.6.0.46922;3.6.0.47006;3.6.0.47012;;3.6.0.47016;3.6.0.47028;3.6.0.47044;3.6.0.47062;3.6.0.47082;3.6.0.47084;3.6.0.47124;3.6.0.47116;3.6.0.47132;3.6.0.47134;3.6.0.47228;3.6.0.47142","lastKnownDate":"260209","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2026-02-09T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":30,"sortOrder":55},{"violations":{"ACR-048":"The app does not provide any control to cancel the installation. Even on canceling it installs the application. \n","ACR-017":"The 3rd party endorsement ( https://bit.ly/30uyTX5 ) is not verifiable. \n","ACR-084":"On closing the app, application doesn't exit completely. It runs silently in the background, hiding the fact that it is active from the consumer without any notification.\n","ACR-097":"During installation, the app has an option to evade default system security guard \"Add an exception for uTorrent in windows firewall\" without details the reason to user. \n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components on the device without notifying user.\n","ACR-057":"Offers don't have clear way for user to accept or decline.\n","ACR-055":"The accept/Decline options are not consistent for offers. \n","ACR-059":"The recommended by \"who\" is not clear in the Offer.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"C:\\Users\\User\\AppData\\Roaming\\uTorrent\\uTorrent.exe","companyName":"BitTorrent Inc.","productName":"µTorrent","productVersion":"3.5.5.46148","fileVersion":"3.5.5.46148","hashMD5":"0fd690965106cb0a7ac1122498ff993a","hashSHA1":"7a307e73eca7e00fb8f9de03657035b3618eb778","hashSHA256":"1c50bfb94e6dd203e78b475d859ab0752167de75af3277cc9214bcd136303273","digitalCertThumbprint":"94B5B937366BAF324364380B0694A0D8E32A08E2","digitalCertIssuer":"Symantec Class 3 SHA256 Code Signing CA","digitalCertIssuedTo":"BitTorrent Inc","storeId":"","sourceIndex":"1728","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Users\\User\\Desktop\\uTorrent.exe","isInstaller":"True","companyName":"BitTorrent Inc.","productName":"µTorrent","productVersion":"3.5.5.46148","fileVersion":"3.5.5.46148","hashMD5":"f44824a63d5d3eb1352ed5dfabfcdce2","hashSHA1":"c5560634c092a5d5b816d057144043a0b6eea5b7","hashSHA256":"57982817e22b04a8ba62880500fe14c2e0549445ea60ddb8862b7e4699ad4b6d","digitalCertThumbprint":"680463B23D34E23AC40F45E062C9296878995188","digitalCertIssuer":"Entrust Extended Validation Code Signing CA - EVCS1","digitalCertIssuedTo":"BitTorrent Inc.","storeId":"","sourceIndex":"1728","avBlockList":["360 Total Security (20240730)","Bitdefender Internet Security (20240730)","COMODO Antivirus (20240730)","Dr.Web Security Space (20240730)","ESET Internet Security (20240730)","G DATA INTERNET SECURITY (20240730)","K7 Total Security (20240730)","Malwarebytes Premium (20240730)","Norton Security (20240730)","Panda Dome (20240730)","Sophos Home Premium (20240730)","Tencent PC Manager (20220324)","Trend Micro Internet Security (20240730)","VIPRE Advanced Security (20240730)","VirIT eXplorer PRO (20240730)","Webroot SecureAnywhere (20240730)","FortectPremium (20240730)"],"avAllowList":["Avast Premium Security (20240730)","AVG Internet Security (20240730)","Avira Internet Security (20240730)","Kaspersky Internet Security (20230905)","McAfee Total Protection (20240730)","Quick Heal Internet Security (20240730)","SpyHunter5 (20240730)","Total AV Antivirus Pro (20240730)","Windows Defender (20240730)","KasperskyPremium (20240730)"]}],"additionalFiles":[],"sources":[{"howFound":"uTorrent Web","reference":"","landingPage":"https://www.utorrent.com/","directDownloadingLink":"https://www.utorrent.com/downloads/complete/track/stable/os/win/","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.utorrent.com/downloads/complete/track/stable/os/win/","sourceIndex":"1728"}],"sampleFiles":["220126/uTorrentClassic-211215/3.5.5.46148/Samples/uTorrentClassicInstaller.exe"],"imageFiles":["220126/uTorrentClassic-211215/3.5.5.46148/Images/ACR-048/ACR-048_Software_No_Control.JPG","220126/uTorrentClassic-211215/3.5.5.46148/Images/ACR-084/ACR-084_Software_Process.JPG","220126/uTorrentClassic-211215/3.5.5.46148/Images/ACR-097/ACR-097_Software.JPG","220126/uTorrentClassic-211215/3.5.5.46148/Images/ACR-118/ACR-118_Uninstall_Retains_Components.JPG","220126/uTorrentClassic-211215/3.5.5.46148/Images/ACR-118/ACR-118_Uninstall_Retains_Components_1.JPG","220126/uTorrentClassic-211215/3.5.5.46148/Images/ACR-057/ACR-057_BundlerMadeOffers_No_Accept_Decline_Option.JPG","220126/uTorrentClassic-211215/3.5.5.46148/Images/ACR-057/ACR-057_BundlerMadeOffers_No_Accept_Decline_Option_2.JPG","220126/uTorrentClassic-211215/3.5.5.46148/Images/ACR-057/ACR-057_BundlerMadeOffers_No_Accept_Decline_Option_3.JPG","220126/uTorrentClassic-211215/3.5.5.46148/Images/ACR-059/ACR-059_BundlerMadeOffers_Recommended.JPG","220126/uTorrentClassic-211215/3.5.5.46148/Images/ACR-055/ACR-055_BundlerMadeOffers_Inconsistent_Accept_Decline_Option.JPG","220126/uTorrentClassic-211215/3.5.5.46148/Images/ACR-055/ACR-055_BundlerMadeOffers_Inconsistent_Accept_Decline_Option_1.JPG","220126/uTorrentClassic-211215/3.5.5.46148/Images/ACR-055/ACR-055_BundlerMadeOffers_Inconsistent_Accept_Decline_Option_2.JPG","220126/uTorrentClassic-211215/3.5.5.46148/Images/ACR-055/ACR-055_BundlerMadeOffers_Inconsistent_Accept_Decline_Option_3.JPG","220126/uTorrentClassic-211215/3.5.5.46148/Images/ACR-017/ACR-017_InternalOffers_Unverifiable.JPG"],"nonDeceptorImageFiles":[],"guid":"4b11710c-2201-4d5a-bf94-5850f6f9c6f1_3.5.5.46148_1","appID":"uTorrentClassic-211215","dateAdded":"260209","deceptorType":"App","name":"uTorrent Classic","company":"BitTorrent Inc.","version":"3.5.5.46148","sigName":"Deceptor:Win32/uTorrentClassic!048084097118057059055017","lastKnownStatus":"3.5.5.46148;3.5.5.46200;3.5.5.46304;3.5.5.46348;3.5.5.46542;3.5.5.46552;3.6.0.46716;3.6.0.46812;3.6.0.46822;3.6.0.46828;3.6.0.46830;3.6.0.46842;3.6.0.46856;3.6.0.46884;3.6.0.46896;3.6.0.46922;3.6.0.47006;3.6.0.47012;;3.6.0.47016;3.6.0.47028;3.6.0.47044;3.6.0.47062;3.6.0.47082;3.6.0.47084;3.6.0.47124;3.6.0.47116;3.6.0.47132;3.6.0.47134;3.6.0.47228;3.6.0.47142","lastKnownDate":"260209","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2026-02-09T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":30,"sortOrder":56},{"violations":{"ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software.\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software.\n","ACR-084":"On closing the app, the application doesn't exit completely. It runs silently in the background, hiding the fact that it is active from the consumer without any notification.\n","ACR-097":"The app has a default settings \"Add Windows firewall exception\" without providing obvious disclaim or option to change the setting during installation.\n"},"nonDeceptorViolations":{"ACR-123":"Even after a reboot and uninstall, the application retains certain executables and non-executable files. Also, did not remove the firewall exception that was added during installation.\n"},"samples":[{"isRevoked":"False","fileName":"bitcomet_setup.exe","isInstaller":"True","productName":"BitComet","productVersion":"2.12.1.9","fileVersion":"2.12.1.9","hashMD5":"b71f074489d9b0b16f2b5e751054d7b6","hashSHA1":"146bc790e4e9a3cc8ac521999ac83dac5acb6dae","hashSHA256":"839c696ae3d7497d3c3b70eceb2d9f8337569ffcf63879697cdb94b915a0fc17","digitalCertThumbprint":"6319B05A9D8D4DCC620BDFEBDBBF0DC166F9363B","digitalCertIssuer":"CN=Sectigo Public Code Signing CA R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=Astronexx, O=Astronexx, S=Tel Aviv, C=IL","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"120","avBlockList":["Avast Premium Security (20260507)","AVG Internet Security (20260507)","Avira Internet Security (20260507)","Bitdefender Internet Security (20260507)","COMODO Antivirus (20260507)","Dr.Web Security Space (20260507)","ESET Internet Security (20260507)","FortectPremium (20260507)","G DATA INTERNET SECURITY (20260507)","K7 Total Security (20260507)","KasperskyPremium (20260507)","Malwarebytes Premium (20260507)","Norton Security (20260507)","Panda Dome (20260507)","Quick Heal Internet Security (20260507)","Sophos Home Premium (20260507)","SpyHunter5 (20260507)","Total AV Antivirus Pro (20260507)","VIPRE Advanced Security (20260507)","VirIT eXplorer PRO (20260507)","Webroot SecureAnywhere (20260507)","Windows Defender (20260507)"],"avAllowList":["360 Total Security (20260507)","McAfee Total Protection (20260507)","Trend Micro Internet Security (20260507)"]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on Torrent apps","reference":"","landingPage":"https://bitcomet.com/en/","directDownloadingLink":"https://d1vnov0b4l0has.cloudfront.net/9UNcPwhA1.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://d1vnov0b4l0has.cloudfront.net/9UNcPwhA1.exe","sourceIndex":"120"}],"sampleFiles":["260209/bitcomet-220223/2.20.1.19/Samples/bitcomet_setup.exe"],"imageFiles":["260209/bitcomet-220223/2.20.1.19/Images/ACR-097/ACR-097.png","260209/bitcomet-220223/2.20.1.19/Images/ACR-097/app4.png","260209/bitcomet-220223/2.20.1.19/Images/ACR-084/ACR-084.png","260209/bitcomet-220223/2.20.1.19/Images/ACR-013/offer1.png","260209/bitcomet-220223/2.20.1.19/Images/ACR-013/offer2.png","260209/bitcomet-220223/2.20.1.19/Images/ACR-060/offer1.png","260209/bitcomet-220223/2.20.1.19/Images/ACR-060/offer2.png"],"nonDeceptorImageFiles":["260209/bitcomet-220223/2.20.1.19/Images/ACR-123/ACR-123_1.png","260209/bitcomet-220223/2.20.1.19/Images/ACR-123/ACR-123_2.png","260209/bitcomet-220223/2.20.1.19/Images/ACR-123/ACR-123_3.png"],"guid":"80a7b3a8-4a37-4d3d-859b-0555e4081baa_2.20.1.19_1","appID":"bitcomet-220223","dateAdded":"260209","deceptorType":"App","name":"BitComet","company":"www.BitComet.com","version":"2.20.1.19","lastKnownStatus":"1.85.1.18;1.87.0;1.98.12.8;1.99;2.0;2.0.1;2.0.2;2.0.3;2.0.4.0;2.0.5.0;2.0.6.0;2.0.7.0;2.0.8.0;2.0.9.0;2.20.1.19","lastKnownDate":"260209","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2026-02-09T23:17:10.5767925+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":16,"sortOrder":57},{"violations":{"ACR-048":"The app does not provide any control to cancel the installation. \n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software.\nDuring uninstallation, the user is interrupted by non-consented offers to silently install unrelated software.\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software.\n","ACR-084":"On closing the app, the application doesn't exit completely. It runs silently in the background, hiding the fact that it is active from the consumer without any notification.\n","ACR-097":"The app has a default settings \"Add Windows firewall exception\" without providing obvious disclaim or option to change the setting during installation.\n","ACR-124":"During uninstallation, the app shows more than 1 prompt and provides third-party offers, thus adding unnecessary friction for the consumer.\n"},"nonDeceptorViolations":{"ACR-123":"Even after a reboot and uninstall, the application retains certain executables and non-executable files. Also, did not remove the firewall exception that was added during installation.\n"},"samples":[{"isRevoked":"False","fileName":"bitcomet_setup.exe","isInstaller":"True","companyName":"                                                            ","productName":"BitComet                                                    ","productVersion":"2.0.8.7                                           ","fileVersion":"2.0.8.7             ","hashMD5":"8c0ee88d75cbc41b3e15b3249e90bf6c","hashSHA1":"6772cb9a9ff9aa0ff5730e5a92f227027e7663c6","hashSHA256":"71d8f62750b57b700d3e762fc2798df472e08538b21afd57257d008f9a048bbe","digitalCertThumbprint":"D1CDF37E4A61C7F13F8DF0BFA4A4A26BAB7AE33B","digitalCertIssuer":"Certum Code Signing 2021 CA","digitalCertIssuedTo":"Xing Wang","storeId":"","sourceIndex":"528","avBlockList":["Avast Premium Security (20241217)","AVG Internet Security (20241217)","Bitdefender Internet Security (20241217)","COMODO Antivirus (20241217)","ESET Internet Security (20241217)","FortectPremium (20241217)","G DATA INTERNET SECURITY (20241217)","K7 Total Security (20241217)","KasperskyPremium (20241217)","Malwarebytes Premium (20241217)","Norton Security (20241217)","Panda Dome (20241217)","Quick Heal Internet Security (20241217)","Sophos Home Premium (20241217)","SpyHunter5 (20241217)","VIPRE Advanced Security (20241217)","VirIT eXplorer PRO (20241217)","Webroot SecureAnywhere (20241217)"],"avAllowList":["360 Total Security (20241217)","Avira Internet Security (20241217)","Dr.Web Security Space (20241217)","McAfee Total Protection (20241217)","Total AV Antivirus Pro (20241217)","Trend Micro Internet Security (20241217)","Windows Defender (20241217)"]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on windows app","reference":"","landingPage":"https://www.bitcomet.com/en","directDownloadingLink":"https://www.bitcomet.com/en/downloading?platform=win32","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.bitcomet.com/en/downloading?platform=win32","sourceIndex":"528"}],"sampleFiles":["240930/bitcomet-220223/2.0.9.0/Samples/bitcomet_setup.exe"],"imageFiles":["240930/bitcomet-220223/2.0.9.0/Images/ACR-097/ACR-097.PNG","240930/bitcomet-220223/2.0.9.0/Images/ACR-097/ACR-097_1.PNG","240930/bitcomet-220223/2.0.9.0/Images/ACR-084/ACR-084.PNG","240930/bitcomet-220223/2.0.9.0/Images/ACR-048/ACR-048.PNG","240930/bitcomet-220223/2.0.9.0/Images/ACR-124/ACR-124.PNG","240930/bitcomet-220223/2.0.9.0/Images/ACR-124/ACR-124_1.PNG","240930/bitcomet-220223/2.0.9.0/Images/ACR-124/ACR-124_2.PNG","240930/bitcomet-220223/2.0.9.0/Images/ACR-124/ACR-124_3.PNG","240930/bitcomet-220223/2.0.9.0/Images/ACR-124/ACR-124_4.PNG","240930/bitcomet-220223/2.0.9.0/Images/ACR-013/ACR-013.PNG","240930/bitcomet-220223/2.0.9.0/Images/ACR-013/ACR-013_1.PNG","240930/bitcomet-220223/2.0.9.0/Images/ACR-013/ACR-013_Uninstall.PNG","240930/bitcomet-220223/2.0.9.0/Images/ACR-013/ACR-013_Uninstall_1.PNG","240930/bitcomet-220223/2.0.9.0/Images/ACR-060/ACR-060.PNG","240930/bitcomet-220223/2.0.9.0/Images/ACR-060/ACR-060_1.PNG"],"nonDeceptorImageFiles":["240930/bitcomet-220223/2.0.9.0/Images/ACR-123/ACR-123.PNG","240930/bitcomet-220223/2.0.9.0/Images/ACR-123/ACR-123_1.PNG","240930/bitcomet-220223/2.0.9.0/Images/ACR-123/ACR-123_2.PNG"],"guid":"80a7b3a8-4a37-4d3d-859b-0555e4081baa_2.0.9.0_1","appID":"bitcomet-220223","dateAdded":"260209","deceptorType":"App","name":"BitComet","company":"www.BitComet.com","version":"2.0.9.0","lastKnownStatus":"1.85.1.18;1.87.0;1.98.12.8;1.99;2.0;2.0.1;2.0.2;2.0.3;2.0.4.0;2.0.5.0;2.0.6.0;2.0.7.0;2.0.8.0;2.0.9.0;2.20.1.19","lastKnownDate":"260209","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2026-02-09T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":16,"sortOrder":58},{"violations":{"ACR-048":"The app does not provide any control to cancel the installation. \n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software.\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software.\n","ACR-084":"On closing the app, the application doesn't exit completely. It runs silently in the background, hiding the fact that it is active from the consumer without any notification.\n","ACR-097":"The app has a default settings \"Add Windows firewall exception\" without providing obvious disclaim or option to change the setting during installation.\n"},"nonDeceptorViolations":{"ACR-123":"Even after a reboot and uninstall, the application retains certain executables and non-executable files. Also, did not remove the firewall exception that was added during installation.\n"},"samples":[{"isRevoked":"False","fileName":"bitcomet_setup.exe","isInstaller":"True","companyName":"                                                            ","productName":"BitComet                                                    ","productVersion":"2.0.8.0                                           ","fileVersion":"2.0.8.0             ","hashMD5":"2f9281010bf12890403934bdb517c2c4","hashSHA1":"6e822864dd45fa4a09d29b6e0dc5906dbf96e3d1","hashSHA256":"7ccef9af5267c22a56bdbaf2f9109a02611bba461e0b0321bed42b5911163272","digitalCertThumbprint":"D1CDF37E4A61C7F13F8DF0BFA4A4A26BAB7AE33B","digitalCertIssuer":"Certum Code Signing 2021 CA","digitalCertIssuedTo":"Xing Wang","storeId":"","sourceIndex":"622","avBlockList":["Bitdefender Internet Security (20240829)","COMODO Antivirus (20240829)","Dr.Web Security Space (20240829)","ESET Internet Security (20240829)","G DATA INTERNET SECURITY (20240829)","K7 Total Security (20240829)","Kaspersky Internet Security (20240625)","Malwarebytes Premium (20240829)","Norton Security (20240829)","Panda Dome (20240829)","Quick Heal Internet Security (20240829)","Sophos Home Premium (20240829)","SpyHunter5 (20240829)","VIPRE Advanced Security (20240829)","VirIT eXplorer PRO (20240829)","Webroot SecureAnywhere (20240829)","FortectPremium (20240829)","KasperskyPremium (20240829)"],"avAllowList":["360 Total Security (20240829)","Avast Premium Security (20240829)","AVG Internet Security (20240829)","Avira Internet Security (20240829)","McAfee Total Protection (20240829)","Total AV Antivirus Pro (20240829)","Trend Micro Internet Security (20240829)","Windows Defender (20240829)"]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on windows app","reference":"","landingPage":"https://www.bitcomet.com/en","directDownloadingLink":"https://www.bitcomet.com/en/downloading?platform=win32","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.bitcomet.com/en/downloading?platform=win32","sourceIndex":"622"}],"sampleFiles":["240620/bitcomet-220223/2.0.8.0/Samples/bitcomet_setup.exe"],"imageFiles":["240620/bitcomet-220223/2.0.8.0/Images/ACR-097/ACR-097.PNG","240620/bitcomet-220223/2.0.8.0/Images/ACR-097/ACR-097_1.PNG","240620/bitcomet-220223/2.0.8.0/Images/ACR-084/ACR-084.PNG","240620/bitcomet-220223/2.0.8.0/Images/ACR-048/ACR-048.PNG","240620/bitcomet-220223/2.0.8.0/Images/ACR-013/ACR-013.PNG","240620/bitcomet-220223/2.0.8.0/Images/ACR-013/ACR-013_1.PNG","240620/bitcomet-220223/2.0.8.0/Images/ACR-060/ACR-060.PNG","240620/bitcomet-220223/2.0.8.0/Images/ACR-060/ACR-060_1.PNG"],"nonDeceptorImageFiles":["240620/bitcomet-220223/2.0.8.0/Images/ACR-123/ACR-123.PNG","240620/bitcomet-220223/2.0.8.0/Images/ACR-123/ACR-123_1.PNG","240620/bitcomet-220223/2.0.8.0/Images/ACR-123/ACR-123_2.PNG"],"guid":"80a7b3a8-4a37-4d3d-859b-0555e4081baa_2.0.8.0_1","appID":"bitcomet-220223","dateAdded":"260209","deceptorType":"App","name":"BitComet","company":"www.BitComet.com","version":"2.0.8.0","lastKnownStatus":"1.85.1.18;1.87.0;1.98.12.8;1.99;2.0;2.0.1;2.0.2;2.0.3;2.0.4.0;2.0.5.0;2.0.6.0;2.0.7.0;2.0.8.0;2.0.9.0;2.20.1.19","lastKnownDate":"260209","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2026-02-09T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":16,"sortOrder":59},{"violations":{"ACR-042":"The app initiates network communications with 3rd party offer provider before obtaining user consent\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software.\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software.\n","ACR-084":"On closing the app, the application doesn't exit completely. It runs silently in the background, hiding the fact that it is active from the consumer without any notification.\n","ACR-097":"The app has a default settings \"Add Windows firewall exception\" without providing obvious disclaim or option to change the setting during installation.\n"},"nonDeceptorViolations":{"ACR-123":"Even after a reboot and uninstall, the application retains certain executables and non-executable files. Also, did not remove the firewall exception that was added during installation.\n"},"samples":[{"isRevoked":"False","fileName":"bitcomet_setup.exe","isInstaller":"True","companyName":"                                                            ","productName":"BitComet                                                    ","productVersion":"2.0.7.0                                           ","fileVersion":"2.0.7.0             ","hashMD5":"a2af719ea5acf34dbba496a4a2d14b87","hashSHA1":"c034b644776331c512e7b5953993ba9b86ce1728","hashSHA256":"574f282bee0927e2582139d6c6ef565c10e49d5187dc87625aecfeb66d61105f","digitalCertThumbprint":"D1CDF37E4A61C7F13F8DF0BFA4A4A26BAB7AE33B","digitalCertIssuer":"Certum Code Signing 2021 CA","digitalCertIssuedTo":"Xing Wang","storeId":"","sourceIndex":"699","avBlockList":["Bitdefender Internet Security (20240723)","COMODO Antivirus (20240723)","Dr.Web Security Space (20240723)","ESET Internet Security (20240723)","FortectPremium (20240723)","G DATA INTERNET SECURITY (20240723)","K7 Total Security (20240723)","Kaspersky Internet Security (20240723)","Malwarebytes Premium (20240723)","Norton Security (20240723)","Panda Dome (20240723)","Quick Heal Internet Security (20240723)","Sophos Home Premium (20240723)","SpyHunter5 (20240723)","Trend Micro Internet Security (20240723)","VIPRE Advanced Security (20240723)","VirIT eXplorer PRO (20240723)","Webroot SecureAnywhere (20240723)"],"avAllowList":["360 Total Security (20240723)","Avast Premium Security (20240723)","AVG Internet Security (20240723)","Avira Internet Security (20240723)","McAfee Total Protection (20240723)","Total AV Antivirus Pro (20240723)","Windows Defender (20240723)"]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on windows app","reference":"","landingPage":"https://www.bitcomet.com/en","directDownloadingLink":"https://d1e8a0cmlfx1tk.cloudfront.net/installer/9726353368659768601/163852","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://d1e8a0cmlfx1tk.cloudfront.net/installer/9726353368659768601/163852","sourceIndex":"699"}],"sampleFiles":["240327/bitcomet-220223/2.0.7.0/Samples/bitcomet_setup.exe"],"imageFiles":["240327/bitcomet-220223/2.0.7.0/Images/ACR-097/ACR-097.PNG","240327/bitcomet-220223/2.0.7.0/Images/ACR-097/ACR-097_1.PNG","240327/bitcomet-220223/2.0.7.0/Images/ACR-042/ACR-042.PNG","240327/bitcomet-220223/2.0.7.0/Images/ACR-084/ACR-084.PNG","240327/bitcomet-220223/2.0.7.0/Images/ACR-013/ACR-013.PNG","240327/bitcomet-220223/2.0.7.0/Images/ACR-013/ACR-013_1.PNG","240327/bitcomet-220223/2.0.7.0/Images/ACR-060/ACR-060.PNG","240327/bitcomet-220223/2.0.7.0/Images/ACR-060/ACR-060_1.PNG"],"nonDeceptorImageFiles":["240327/bitcomet-220223/2.0.7.0/Images/ACR-123/ACR-123_1.PNG","240327/bitcomet-220223/2.0.7.0/Images/ACR-123/ACR-123_2.PNG","240327/bitcomet-220223/2.0.7.0/Images/ACR-123/ACR-123_3.PNG"],"guid":"80a7b3a8-4a37-4d3d-859b-0555e4081baa_2.0.7.0_1","appID":"bitcomet-220223","dateAdded":"260209","deceptorType":"App","name":"BitComet","company":"www.BitComet.com","version":"2.0.7.0","lastKnownStatus":"1.85.1.18;1.87.0;1.98.12.8;1.99;2.0;2.0.1;2.0.2;2.0.3;2.0.4.0;2.0.5.0;2.0.6.0;2.0.7.0;2.0.8.0;2.0.9.0;2.20.1.19","lastKnownDate":"260209","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2026-02-09T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":16,"sortOrder":60},{"violations":{"ACR-042":"The app initiates network communications with 3rd party offer provider before obtaining user consent\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software.\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software\n","ACR-084":"On closing the app, the application doesn't exit completely. It runs silently in the background, hiding the fact that it is active from the consumer without any notification.\n","ACR-097":"App has by default setting \"Add an exception for Windows firewall\" without providing obvious disclaim or option to change the setting during installation.\n","ACR-014":"The \"Accept\" button on the Opera Browser offer is used for two things: accepting an offer and accepting opera as the default browser. The \"Accept\" button is misleading and confusing because the user is easily led to believe that \"accept\" is only for installing Opera and not for changing his system browser default settings.\n"},"nonDeceptorViolations":{"ACR-123":"Even after a reboot and uninstall, the application retains certain executables and non-executable files. Also, did not remove the firewall exception that was added during installation.\n"},"samples":[{"isRevoked":"False","fileName":"bitcomet_setup.exe","isInstaller":"True","companyName":"                                                            ","productName":"BitComet                                                    ","productVersion":"2.0.6.0                                           ","fileVersion":"2.0.6.0             ","hashMD5":"f3a7a84a230f0fcdd1013100fcf5139b","hashSHA1":"9124eb61cb4b94842b3a291e9791887032dae979","hashSHA256":"e7c01533667aeaca3a0bc8e932557083c61c57b9d95e412947dd3cd7a61396c9","digitalCertThumbprint":"D1CDF37E4A61C7F13F8DF0BFA4A4A26BAB7AE33B","digitalCertIssuer":"Certum Code Signing 2021 CA","digitalCertIssuedTo":"Xing Wang","storeId":"","sourceIndex":"729","avBlockList":["360 Total Security (20240227)","Avira Internet Security (20240227)","Bitdefender Internet Security (20240227)","COMODO Antivirus (20240227)","ESET Internet Security (20240227)","G DATA INTERNET SECURITY (20240227)","K7 Total Security (20240227)","Kaspersky Internet Security (20240227)","Malwarebytes Premium (20240227)","Norton Security (20240227)","Panda Dome (20240227)","Quick Heal Internet Security (20240227)","Sophos Home Premium (20240227)","SpyHunter5 (20240227)","Total AV Antivirus Pro (20240227)","VIPRE Advanced Security (20240227)","VirIT eXplorer PRO (20240227)","Webroot SecureAnywhere (20240227)"],"avAllowList":["Avast Premium Security (20240227)","AVG Internet Security (20240227)","Dr.Web Security Space (20240227)","McAfee Total Protection (20240227)","Trend Micro Internet Security (20240227)","Windows Defender (20240227)"]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on Torrent apps","reference":"","landingPage":"https://www.bitcomet.com/en","directDownloadingLink":"https://d24z8ostpbuezc.cloudfront.net/2CNdqgs76AXXGtCuA3RYXeAUE8AT+l16K9DqjpgQNwNMLXSJ3FSth9f1j3jScZDEBWC4LqwjBqvR+_IfACgebiFyodsihd0xTmDPaWYOVJ3cpOLyrUXJIEkf7pLB4fAXQbULYlOt4ov1JHOJv2NMQ_tyGuaSZUuKDaUIC5oMJ2adqNMT5AAsF5rQnRkMuMUIMkbsNRQuIfjy+dmmoluPEzdTy1aQu1MvysWxnGSznYQA7ZetOgGHo+Fc6NQKI900HiqYZAri5DaNdIKRSN1kGVXf2NEVCHgE85f1TGcf8W+MIu3_miA=-GzsAAMTaOW4vgzIzDR_flR9EOQIbcOAWQaK5jTeFbR8HuZfAVOlOWxOsWs2GP4TirPxplJz0gHcLPgA=","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://d24z8ostpbuezc.cloudfront.net/2CNdqgs76AXXGtCuA3RYXeAUE8AT+l16K9DqjpgQNwNMLXSJ3FSth9f1j3jScZDEBWC4LqwjBqvR+_IfACgebiFyodsihd0xTmDPaWYOVJ3cpOLyrUXJIEkf7pLB4fAXQbULYlOt4ov1JHOJv2NMQ_tyGuaSZUuKDaUIC5oMJ2adqNMT5AAsF5rQnRkMuMUIMkbsNRQuIfjy+dmmoluPEzdTy1aQu1MvysWxnGSznYQA7ZetOgGHo+Fc6NQKI900HiqYZAri5DaNdIKRSN1kGVXf2NEVCHgE85f1TGcf8W+MIu3_miA=-GzsAAMTaOW4vgzIzDR_flR9EOQIbcOAWQaK5jTeFbR8HuZfAVOlOWxOsWs2GP4TirPxplJz0gHcLPgA=","sourceIndex":"729"}],"sampleFiles":["240220/bitcomet-220223/2.0.6.0/Samples/bitcomet_setup.exe"],"imageFiles":["240220/bitcomet-220223/2.0.6.0/Images/ACR-097/ACR-097_Software_1.png","240220/bitcomet-220223/2.0.6.0/Images/ACR-097/ACR-097_Software_2.png","240220/bitcomet-220223/2.0.6.0/Images/ACR-042/ACR-042_Install_1.png","240220/bitcomet-220223/2.0.6.0/Images/ACR-084/ACR-084_Software_1.png","240220/bitcomet-220223/2.0.6.0/Images/ACR-014/ACR-014_Install_1.png","240220/bitcomet-220223/2.0.6.0/Images/ACR-013/ACR-013_Install_1.png","240220/bitcomet-220223/2.0.6.0/Images/ACR-013/ACR-013_Install_2.png","240220/bitcomet-220223/2.0.6.0/Images/ACR-060/ACR-060_Bundler-made offers_1.png","240220/bitcomet-220223/2.0.6.0/Images/ACR-060/ACR-060_Bundler-made offers_2.png"],"nonDeceptorImageFiles":["240220/bitcomet-220223/2.0.6.0/Images/ACR-123/ACR-123_Uninstall_3.png","240220/bitcomet-220223/2.0.6.0/Images/ACR-123/ACR-123_Uninstall_4.png","240220/bitcomet-220223/2.0.6.0/Images/ACR-123/ACR-123_Uninstall_1.png","240220/bitcomet-220223/2.0.6.0/Images/ACR-123/ACR-123_Uninstall_2.png"],"guid":"80a7b3a8-4a37-4d3d-859b-0555e4081baa_2.0.6.0_1","appID":"bitcomet-220223","dateAdded":"260209","deceptorType":"App","name":"BitComet","company":"www.BitComet.com","version":"2.0.6.0","lastKnownStatus":"1.85.1.18;1.87.0;1.98.12.8;1.99;2.0;2.0.1;2.0.2;2.0.3;2.0.4.0;2.0.5.0;2.0.6.0;2.0.7.0;2.0.8.0;2.0.9.0;2.20.1.19","lastKnownDate":"260209","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2026-02-09T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":16,"sortOrder":61},{"violations":{"ACR-042":"App drops unrelated components in hidden folder before user permission through explicit user's action. \n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software.\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software\n\n","ACR-084":"On closing the app, the application doesn't exit completely. It runs silently in the background, hiding the fact that it is active from the consumer without any notification.\n","ACR-097":"App has by default setting \"Add an exception for Windows firewall\" without providing obvious disclaim or option to change the setting during installation.\n"},"nonDeceptorViolations":{"ACR-123":"The app does not remove the non-executable files even after uninstall and reboot. \n"},"samples":[{"isRevoked":"False","fileName":"bitcomet_setup.exe","isInstaller":"True","fileVersion":"2.0","hashMD5":"c7fa9b7e965e5e9fe40f3d5bcc3e5e08","hashSHA1":"48612709cf534f113e4d3f02319a8832ffde3594","hashSHA256":"a5d99d29cd226579fe6a85973c5e4d572179b794f445d70303ee069a9acba487","digitalCertThumbprint":"EB0343BBE59BACBBB9470BC6C41E1A6DA13A4E73","digitalCertIssuer":"CN=Certum Code Signing 2021 CA, O=Asseco Data Systems S.A., C=PL","digitalCertIssuedTo":"E=wxhere@hotmail.com, CN=Xing Wang, O=Xing Wang, L=Shanghai, C=CN","sourceIndex":"808","avBlockList":["Avira Internet Security (20231121)","Bitdefender Internet Security (20231121)","COMODO Antivirus (20231121)","Dr.Web Security Space (20231121)","ESET Internet Security (20231121)","G DATA INTERNET SECURITY (20231121)","K7 Total Security (20231121)","Kaspersky Internet Security (20231121)","Malwarebytes Premium (20231121)","Norton Security (20231121)","Panda Dome (20231121)","Quick Heal Internet Security (20231121)","Sophos Home Premium (20231121)","SpyHunter5 (20231121)","Total AV Antivirus Pro (20231121)","VIPRE Advanced Security (20231121)","VirIT eXplorer PRO (20231121)","Webroot SecureAnywhere (20231121)"],"avAllowList":["360 Total Security (20231121)","Avast Premium Security (20231121)","AVG Internet Security (20231121)","McAfee Total Protection (20231121)","Trend Micro Internet Security (20231121)","Windows Defender (20231121)"]},{"isRevoked":"False","fileName":"bitcomet_setup_231102.exe","isInstaller":"True","fileVersion":"2.0","hashMD5":"eabb0d6a2f448e2f88685e19a85b1cc5","hashSHA1":"2129494c0d55b645e638a8d9a933811b5ccfc5ce","hashSHA256":"b0f26d73b1785c820a870a6f2c258598463aa7d577a3b2934bc37aadd45c6385","digitalCertThumbprint":"EB0343BBE59BACBBB9470BC6C41E1A6DA13A4E73","digitalCertIssuer":"CN=Certum Code Signing 2021 CA, O=Asseco Data Systems S.A., C=PL","digitalCertIssuedTo":"E=wxhere@hotmail.com, CN=Xing Wang, O=Xing Wang, L=Shanghai, C=CN","sourceIndex":"808","avBlockList":["Bitdefender Internet Security (20240808)","COMODO Antivirus (20240808)","Dr.Web Security Space (20240808)","ESET Internet Security (20240808)","FortectPremium (20240808)","G DATA INTERNET SECURITY (20240808)","K7 Total Security (20240808)","KasperskyPremium (20240808)","Malwarebytes Premium (20240808)","Norton Security (20240808)","Panda Dome (20240808)","Quick Heal Internet Security (20240808)","Sophos Home Premium (20240808)","SpyHunter5 (20240808)","Total AV Antivirus Pro (20240808)","VIPRE Advanced Security (20240808)","VirIT eXplorer PRO (20240808)","Webroot SecureAnywhere (20240808)"],"avAllowList":["360 Total Security (20240808)","Avast Premium Security (20240808)","AVG Internet Security (20240808)","Avira Internet Security (20240808)","McAfee Total Protection (20240808)","Trend Micro Internet Security (20240808)","Windows Defender (20240808)"]},{"isRevoked":"False","fileName":"bitcomet_setup_231108.exe","isInstaller":"True","fileVersion":"2.0","hashMD5":"b591e06f3bc3fa0ad661fd0090bd1cf6","hashSHA1":"49decb2ec2ebbe1ce4df4630b1fb415546c59a42","hashSHA256":"de98f003db1feca34db83638944cbdce679367d5e6bb576f72e233d0ff3a5cbc","digitalCertThumbprint":"EB0343BBE59BACBBB9470BC6C41E1A6DA13A4E73","digitalCertIssuer":"CN=Certum Code Signing 2021 CA, O=Asseco Data Systems S.A., C=PL","digitalCertIssuedTo":"E=wxhere@hotmail.com, CN=Xing Wang, O=Xing Wang, L=Shanghai, C=CN","sourceIndex":"808","avBlockList":["Bitdefender Internet Security (20240815)","COMODO Antivirus (20240815)","Dr.Web Security Space (20240815)","ESET Internet Security (20240815)","FortectPremium (20240815)","G DATA INTERNET SECURITY (20240815)","K7 Total Security (20240815)","KasperskyPremium (20240815)","Malwarebytes Premium (20240815)","Norton Security (20240815)","Panda Dome (20240815)","Quick Heal Internet Security (20240815)","Sophos Home Premium (20240815)","SpyHunter5 (20240815)","VIPRE Advanced Security (20240815)","VirIT eXplorer PRO (20240815)","Webroot SecureAnywhere (20240815)"],"avAllowList":["360 Total Security (20240815)","Avast Premium Security (20240815)","AVG Internet Security (20240815)","Avira Internet Security (20240815)","McAfee Total Protection (20240815)","Total AV Antivirus Pro (20240815)","Trend Micro Internet Security (20240815)","Windows Defender (20240815)"]},{"isRevoked":"False","fileName":"bitcomet_setup_231116.exe","isInstaller":"True","fileVersion":"2.0","hashMD5":"b2d9815f7382e2d9dd0972996bad87af","hashSHA1":"62f0d44b5f2311868db3abfb3fabc260869f8a49","hashSHA256":"30342bc1865f9c40a56320c4a40b5c4dd25e86268bf72ae851935cbae9a50fb3","digitalCertThumbprint":"EB0343BBE59BACBBB9470BC6C41E1A6DA13A4E73","digitalCertIssuer":"CN=Certum Code Signing 2021 CA, O=Asseco Data Systems S.A., C=PL","digitalCertIssuedTo":"E=wxhere@hotmail.com, CN=Xing Wang, O=Xing Wang, L=Shanghai, C=CN","sourceIndex":"808","avBlockList":["Bitdefender Internet Security (20240820)","COMODO Antivirus (20240820)","Dr.Web Security Space (20240820)","ESET Internet Security (20240820)","FortectPremium (20240820)","G DATA INTERNET SECURITY (20240820)","K7 Total Security (20240820)","KasperskyPremium (20240820)","Malwarebytes Premium (20240820)","Norton Security (20240820)","Panda Dome (20240820)","Quick Heal Internet Security (20240820)","Sophos Home Premium (20240820)","SpyHunter5 (20240820)","VIPRE Advanced Security (20240820)","VirIT eXplorer PRO (20240820)","Webroot SecureAnywhere (20240820)"],"avAllowList":["360 Total Security (20240820)","Avast Premium Security (20240820)","AVG Internet Security (20240820)","Avira Internet Security (20240820)","McAfee Total Protection (20240820)","Total AV Antivirus Pro (20240820)","Trend Micro Internet Security (20240820)","Windows Defender (20240820)"]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on Torrent apps","reference":"","landingPage":"https://www.bitcomet.com/en","directDownloadingLink":"https://d1e8a0cmlfx1tk.cloudfront.net/installer/57800901885072864/43703509","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://d1e8a0cmlfx1tk.cloudfront.net/installer/57800901885072864/43703509","sourceIndex":"808"}],"sampleFiles":["231116/bitcomet-220223/2.0.4.0/Samples/bitcomet_setup.exe","231116/bitcomet-220223/2.0.4.0/Samples/bitcomet_setup_231102.exe","231116/bitcomet-220223/2.0.4.0/Samples/bitcomet_setup_231108.exe","231116/bitcomet-220223/2.0.4.0/Samples/bitcomet_setup_231116.exe"],"imageFiles":["231116/bitcomet-220223/2.0.4.0/Images/ACR-097/ACR-097.jpg","231116/bitcomet-220223/2.0.4.0/Images/ACR-042/ACR-042.jpg","231116/bitcomet-220223/2.0.4.0/Images/ACR-084/ACR-084.jpg","231116/bitcomet-220223/2.0.4.0/Images/ACR-013/OptionalOffer.jpg","231116/bitcomet-220223/2.0.4.0/Images/ACR-060/OptionalOffer.jpg"],"nonDeceptorImageFiles":["231116/bitcomet-220223/2.0.4.0/Images/ACR-123/ACR-123.jpg"],"guid":"80a7b3a8-4a37-4d3d-859b-0555e4081baa_2.0.4.0_1","appID":"bitcomet-220223","dateAdded":"260209","deceptorType":"App","name":"BitComet","company":"www.BitComet.com","version":"2.0.4.0","lastKnownStatus":"1.85.1.18;1.87.0;1.98.12.8;1.99;2.0;2.0.1;2.0.2;2.0.3;2.0.4.0;2.0.5.0;2.0.6.0;2.0.7.0;2.0.8.0;2.0.9.0;2.20.1.19","lastKnownDate":"260209","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2026-02-09T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":16,"sortOrder":63},{"violations":{"ACR-042":"App drops unrelated components in hidden folder before user permission through explicit user's action. \n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software.\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software\n\n","ACR-084":"On closing the app, the application doesn't exit completely. It runs silently in the background, hiding the fact that it is active from the consumer without any notification.\n","ACR-097":"App has by default setting \"Add an exception for Windows firewall\" without providing obvious disclaim or option to change the setting during installation.\n"},"nonDeceptorViolations":{"ACR-123":"The app does not remove the non-executable files even after uninstall and reboot. \n"},"samples":[{"isRevoked":"False","fileName":"BitComet.exe","companyName":"www.BitComet.com","fileVersion":"2.3","hashMD5":"92c13eb4b0347fde16b4e02b288c339f","hashSHA1":"f738d997e3d79d339306951565fc96dda6242cb2","hashSHA256":"bc1a76868e6d813821f780fc946c46434aef339f7c6a881a1cd647c0a516b180","digitalCertThumbprint":"EB0343BBE59BACBBB9470BC6C41E1A6DA13A4E73","digitalCertIssuer":"CN=Certum Code Signing 2021 CA, O=Asseco Data Systems S.A., C=PL","digitalCertIssuedTo":"E=wxhere@hotmail.com, CN=Xing Wang, O=Xing Wang, L=Shanghai, C=CN","sourceIndex":"907","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"bitcomet_setup.exe","isInstaller":"True","fileVersion":"2.0","hashMD5":"8a25a20fde19a8f580e4eddf5b321c44","hashSHA1":"bdf7a79e34fb9ad725108144b8cf0346b9a9b67b","hashSHA256":"56ee40dbef8292bf80d187bdb44778b4a00036848823cdf7b2afd852a248cd26","digitalCertThumbprint":"EB0343BBE59BACBBB9470BC6C41E1A6DA13A4E73","digitalCertIssuer":"CN=Certum Code Signing 2021 CA, O=Asseco Data Systems S.A., C=PL","digitalCertIssuedTo":"E=wxhere@hotmail.com, CN=Xing Wang, O=Xing Wang, L=Shanghai, C=CN","sourceIndex":"907","avBlockList":["Avira Internet Security (20231102)","Bitdefender Internet Security (20231102)","COMODO Antivirus (20231102)","Dr.Web Security Space (20231102)","ESET Internet Security (20231102)","G DATA INTERNET SECURITY (20231102)","K7 Total Security (20231102)","Kaspersky Internet Security (20231102)","Malwarebytes Premium (20231102)","Norton Security (20231102)","Panda Dome (20231102)","Quick Heal Internet Security (20231102)","Sophos Home Premium (20231102)","SpyHunter5 (20231102)","Total AV Antivirus Pro (20231102)","Trend Micro Internet Security (20231102)","VIPRE Advanced Security (20231102)","VirIT eXplorer PRO (20231102)","Webroot SecureAnywhere (20231102)"],"avAllowList":["360 Total Security (20231102)","Avast Premium Security (20231102)","AVG Internet Security (20231102)","McAfee Total Protection (20231102)","Windows Defender (20231102)"]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on Torrent apps","reference":"","landingPage":"https://www.bitcomet.com/en","directDownloadingLink":"https://d24z8ostpbuezc.cloudfront.net/2CNdqgs76AXXGtCuA3RYXeAUE8AT+l16K9DqjpgQNwNMLXSJ3FSth9f1j3jScZDEBWC4LqwjBqvR+_IfACgebiFyodsihd0xTmDPaWYOVJ3cpOLyrUXJIEkf7pLB4fAXQbULYlOt4ov1JHOJv2NMQ_tyGuaSZUuKDaUIC5oMJ2adqNMT5AAsF5rQnRkMuMUIMkbsNRQuIfjy+dmmoluPEzdTy1aQu1MvysWxnGSznYQA7ZetOgGHo+Fc6NQKI900HiqYZAri5DaNdIKRSN1kGVXf2NEVCHgE85f1TGcf8W+MIu3_miA=-GzsAAMTaOW4vgzIzDR_flR9EOQIbcOAWQaK5jTeFbR8HuZfAVOlOWxOsWs2GP4TirPxplJz0gHcLPgA=","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://d24z8ostpbuezc.cloudfront.net/2CNdqgs76AXXGtCuA3RYXeAUE8AT+l16K9DqjpgQNwNMLXSJ3FSth9f1j3jScZDEBWC4LqwjBqvR+_IfACgebiFyodsihd0xTmDPaWYOVJ3cpOLyrUXJIEkf7pLB4fAXQbULYlOt4ov1JHOJv2NMQ_tyGuaSZUuKDaUIC5oMJ2adqNMT5AAsF5rQnRkMuMUIMkbsNRQuIfjy+dmmoluPEzdTy1aQu1MvysWxnGSznYQA7ZetOgGHo+Fc6NQKI900HiqYZAri5DaNdIKRSN1kGVXf2NEVCHgE85f1TGcf8W+MIu3_miA=-GzsAAMTaOW4vgzIzDR_flR9EOQIbcOAWQaK5jTeFbR8HuZfAVOlOWxOsWs2GP4TirPxplJz0gHcLPgA=","sourceIndex":"907"}],"sampleFiles":["230906/bitcomet-220223/2.0.3/Samples/BitComet.exe","230906/bitcomet-220223/2.0.3/Samples/bitcomet_setup.exe"],"imageFiles":["230906/bitcomet-220223/2.0.3/Images/ACR-097/ACR-097.jpg","230906/bitcomet-220223/2.0.3/Images/ACR-042/ACR-042.jpg","230906/bitcomet-220223/2.0.3/Images/ACR-084/ACR-084.jpg","230906/bitcomet-220223/2.0.3/Images/ACR-013/OptionalOffer.jpg","230906/bitcomet-220223/2.0.3/Images/ACR-060/OptionalOffer.jpg"],"nonDeceptorImageFiles":["230906/bitcomet-220223/2.0.3/Images/ACR-123/ACR-123a.jpg","230906/bitcomet-220223/2.0.3/Images/ACR-123/ACR-123b.jpg"],"guid":"80a7b3a8-4a37-4d3d-859b-0555e4081baa_2.0.3_1","appID":"bitcomet-220223","dateAdded":"260209","deceptorType":"App","name":"BitComet","company":"www.BitComet.com","version":"2.0.3","lastKnownStatus":"1.85.1.18;1.87.0;1.98.12.8;1.99;2.0;2.0.1;2.0.2;2.0.3;2.0.4.0;2.0.5.0;2.0.6.0;2.0.7.0;2.0.8.0;2.0.9.0;2.20.1.19","lastKnownDate":"260209","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2026-02-09T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":16,"sortOrder":64},{"violations":{"ACR-042":"App drops unrelated components in hidden folder before user permission through explicit user's action. \n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software.\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software\n\n","ACR-084":"On closing the app, the application doesn't exit completely. It runs silently in the background, hiding the fact that it is active from the consumer without any notification.\n","ACR-097":"App has by default setting \"Add an exception for Windows firewall\" without providing obvious disclaim or option to change the setting during installation.\n"},"nonDeceptorViolations":{"ACR-123":"The app does not remove the non-executable files even after uninstall and reboot. \n"},"samples":[{"isRevoked":"False","fileName":"bitcomet_setup.exe","isInstaller":"True","fileVersion":"2.0","hashMD5":"7f9e2664d5b832c8768234a61d4934bb","hashSHA1":"ea220e54e129e235fdad73d07411fd698f7db656","hashSHA256":"5b7ca67736cb6040f896b475ff0b9c04043d62c1c989cec9b0295196db7e63c9","digitalCertThumbprint":"EB0343BBE59BACBBB9470BC6C41E1A6DA13A4E73","digitalCertIssuer":"CN=Certum Code Signing 2021 CA, O=Asseco Data Systems S.A., C=PL","digitalCertIssuedTo":"E=wxhere@hotmail.com, CN=Xing Wang, O=Xing Wang, L=Shanghai, C=CN","sourceIndex":"919","avBlockList":["Avira Internet Security (20231228)","COMODO Antivirus (20231228)","Dr.Web Security Space (20231228)","ESET Internet Security (20231228)","G DATA INTERNET SECURITY (20231228)","K7 Total Security (20231228)","Kaspersky Internet Security (20231228)","Malwarebytes Premium (20231228)","Norton Security (20231228)","Panda Dome (20231228)","Quick Heal Internet Security (20231228)","Sophos Home Premium (20231228)","SpyHunter5 (20231228)","Total AV Antivirus Pro (20231228)","VirIT eXplorer PRO (20231228)","Webroot SecureAnywhere (20231228)"],"avAllowList":["360 Total Security (20231228)","Avast Premium Security (20231228)","AVG Internet Security (20231228)","Bitdefender Internet Security (20231228)","McAfee Total Protection (20231228)","Trend Micro Internet Security (20231228)","VIPRE Advanced Security (20231228)","Windows Defender (20231228)"]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on Torrent apps","reference":"","landingPage":"https://www.bitcomet.com/en","directDownloadingLink":"https://d24z8ostpbuezc.cloudfront.net/2CNdqgs76AXXGtCuA3RYXeAUE8AT+l16K9DqjpgQNwNMLXSJ3FSth9f1j3jScZDEBWC4LqwjBqvR+_IfACgebiFyodsihd0xTmDPaWYOVJ3cpOLyrUXJIEkf7pLB4fAXQbULYlOt4ov1JHOJv2NMQ_tyGuaSZUuKDaUIC5oMJ2adqNMT5AAsF5rQnRkMuMUIMkbsNRQuIfjy+dmmoluPEzdTy1aQu1MvysWxnGSznYQA7ZetOgGHo+Fc6NQKI900HiqYZAri5DaNdIKRSN1kGVXf2NEVCHgE85f1TGcf8W+MIu3_miA=-GzsAAMTaOW4vgzIzDR_flR9EOQIbcOAWQaK5jTeFbR8HuZfAVOlOWxOsWs2GP4TirPxplJz0gHcLPgA=","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://d24z8ostpbuezc.cloudfront.net/2CNdqgs76AXXGtCuA3RYXeAUE8AT+l16K9DqjpgQNwNMLXSJ3FSth9f1j3jScZDEBWC4LqwjBqvR+_IfACgebiFyodsihd0xTmDPaWYOVJ3cpOLyrUXJIEkf7pLB4fAXQbULYlOt4ov1JHOJv2NMQ_tyGuaSZUuKDaUIC5oMJ2adqNMT5AAsF5rQnRkMuMUIMkbsNRQuIfjy+dmmoluPEzdTy1aQu1MvysWxnGSznYQA7ZetOgGHo+Fc6NQKI900HiqYZAri5DaNdIKRSN1kGVXf2NEVCHgE85f1TGcf8W+MIu3_miA=-GzsAAMTaOW4vgzIzDR_flR9EOQIbcOAWQaK5jTeFbR8HuZfAVOlOWxOsWs2GP4TirPxplJz0gHcLPgA=","sourceIndex":"919"}],"sampleFiles":["230821/bitcomet-220223/2.0.2/Samples/bitcomet_setup.exe"],"imageFiles":["230821/bitcomet-220223/2.0.2/Images/ACR-097/FirewallException.jpg","230821/bitcomet-220223/2.0.2/Images/ACR-042/ACR-042.jpg","230821/bitcomet-220223/2.0.2/Images/ACR-084/ACR-084.jpg","230821/bitcomet-220223/2.0.2/Images/ACR-013/OptionalOffer.jpg","230821/bitcomet-220223/2.0.2/Images/ACR-060/OptionalOffer.jpg"],"nonDeceptorImageFiles":["230821/bitcomet-220223/2.0.2/Images/ACR-123/ACR-123.jpg","230821/bitcomet-220223/2.0.2/Images/ACR-123/ACR-123-appdata.jpg"],"guid":"80a7b3a8-4a37-4d3d-859b-0555e4081baa_2.0.2_1","appID":"bitcomet-220223","dateAdded":"260209","deceptorType":"App","name":"BitComet","company":"www.BitComet.com","version":"2.0.2","lastKnownStatus":"1.85.1.18;1.87.0;1.98.12.8;1.99;2.0;2.0.1;2.0.2;2.0.3;2.0.4.0;2.0.5.0;2.0.6.0;2.0.7.0;2.0.8.0;2.0.9.0;2.20.1.19","lastKnownDate":"260209","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2026-02-09T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":16,"sortOrder":65},{"violations":{"ACR-042":"App drops unrelated components in hidden folder before user permission through explicit user's action. \n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software.\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software\n\n","ACR-084":"On closing the app, the application doesn't exit completely. It runs silently in the background, hiding the fact that it is active from the consumer without any notification.\n","ACR-097":"App has by default setting \"Add an exception for Windows firewall\" without providing obvious disclaim or option to change the setting during installation.\n"},"nonDeceptorViolations":{"ACR-123":"The app does not remove the non-executable files even after uninstall and reboot. \n"},"samples":[{"isRevoked":"False","fileName":"BitComet.exe","companyName":"www.BitComet.com","fileVersion":"2.1","hashMD5":"fc063c88b8e50cffc2a92c79ed414983","hashSHA1":"d46c5752509254259ffffbc99380a9f4e907189c","hashSHA256":"f143c7782dbf5732c5f099d86a70f5b5710e740b233d8474a1e1db4dcd2bfa98","digitalCertThumbprint":"EB0343BBE59BACBBB9470BC6C41E1A6DA13A4E73","digitalCertIssuer":"CN=Certum Code Signing 2021 CA, O=Asseco Data Systems S.A., C=PL","digitalCertIssuedTo":"E=wxhere@hotmail.com, CN=Xing Wang, O=Xing Wang, L=Shanghai, C=CN","sourceIndex":"1003","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"bitcomet_setup.exe","isInstaller":"True","fileVersion":"2.0","hashMD5":"282421b40877b9ce0d8cabbdb2fbf56b","hashSHA1":"6bfe587c0ef7a5cfecf086b563d1dfb1625f3623","hashSHA256":"61b7b1fa9fcd841e943b81814cec785c2449e6240661630bc202c598372b972d","digitalCertThumbprint":"EB0343BBE59BACBBB9470BC6C41E1A6DA13A4E73","digitalCertIssuer":"CN=Certum Code Signing 2021 CA, O=Asseco Data Systems S.A., C=PL","digitalCertIssuedTo":"E=wxhere@hotmail.com, CN=Xing Wang, O=Xing Wang, L=Shanghai, C=CN","sourceIndex":"1003","avBlockList":["Avira Internet Security (20240307)","Bitdefender Internet Security (20240307)","COMODO Antivirus (20240307)","Dr.Web Security Space (20240307)","ESET Internet Security (20240307)","G DATA INTERNET SECURITY (20240307)","Kaspersky Internet Security (20240307)","Malwarebytes Premium (20240307)","McAfee Total Protection (20240307)","Norton Security (20240307)","Panda Dome (20240307)","Quick Heal Internet Security (20240307)","Sophos Home Premium (20240307)","SpyHunter5 (20240307)","Total AV Antivirus Pro (20240307)","Trend Micro Internet Security (20240307)","VIPRE Advanced Security (20240307)","VirIT eXplorer PRO (20240307)","Webroot SecureAnywhere (20240307)"],"avAllowList":["360 Total Security (20240307)","Avast Premium Security (20240307)","AVG Internet Security (20240307)","K7 Total Security (20240307)","Windows Defender (20240307)"]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on Torrent apps","reference":"","landingPage":"https://www.bitcomet.com/en","directDownloadingLink":"https://d24z8ostpbuezc.cloudfront.net/2CNdqgs76AXXGtCuA3RYXeAUE8AT+l16K9DqjpgQNwNMLXSJ3FSth9f1j3jScZDEBWC4LqwjBqvR+_IfACgebiFyodsihd0xTmDPaWYOVJ3cpOLyrUXJIEkf7pLB4fAXQbULYlOt4ov1JHOJv2NMQ_tyGuaSZUuKDaUIC5oMJ2adqNMT5AAsF5rQnRkMuMUIMkbsNRQuIfjy+dmmoluPEzdTy1aQu1MvysWxnGSznYQA7ZetOgGHo+Fc6NQKI900HiqYZAri5DaNdIKRSN1kGVXf2NEVCHgE85f1TGcf8W+MIu3_miA=-GzsAAMTaOW4vgzIzDR_flR9EOQIbcOAWQaK5jTeFbR8HuZfAVOlOWxOsWs2GP4TirPxplJz0gHcLPgA=","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://d24z8ostpbuezc.cloudfront.net/2CNdqgs76AXXGtCuA3RYXeAUE8AT+l16K9DqjpgQNwNMLXSJ3FSth9f1j3jScZDEBWC4LqwjBqvR+_IfACgebiFyodsihd0xTmDPaWYOVJ3cpOLyrUXJIEkf7pLB4fAXQbULYlOt4ov1JHOJv2NMQ_tyGuaSZUuKDaUIC5oMJ2adqNMT5AAsF5rQnRkMuMUIMkbsNRQuIfjy+dmmoluPEzdTy1aQu1MvysWxnGSznYQA7ZetOgGHo+Fc6NQKI900HiqYZAri5DaNdIKRSN1kGVXf2NEVCHgE85f1TGcf8W+MIu3_miA=-GzsAAMTaOW4vgzIzDR_flR9EOQIbcOAWQaK5jTeFbR8HuZfAVOlOWxOsWs2GP4TirPxplJz0gHcLPgA=","sourceIndex":"1003"}],"sampleFiles":["230711/bitcomet-220223/2.0.1/Samples/BitComet.exe","230711/bitcomet-220223/2.0.1/Samples/bitcomet_setup.exe"],"imageFiles":["230711/bitcomet-220223/2.0.1/Images/ACR-097/Firewallexception.png","230711/bitcomet-220223/2.0.1/Images/ACR-042/ACR-042.png","230711/bitcomet-220223/2.0.1/Images/ACR-084/ACR-084.png","230711/bitcomet-220223/2.0.1/Images/ACR-013/ACR-013_4.png","230711/bitcomet-220223/2.0.1/Images/ACR-013/OptionalOffer1.png","230711/bitcomet-220223/2.0.1/Images/ACR-060/OptionalOffer1.png"],"nonDeceptorImageFiles":["230711/bitcomet-220223/2.0.1/Images/ACR-123/ACR-123-a.png","230711/bitcomet-220223/2.0.1/Images/ACR-123/ACR-123-b.png"],"guid":"80a7b3a8-4a37-4d3d-859b-0555e4081baa_2.0.1_1","appID":"bitcomet-220223","dateAdded":"260209","deceptorType":"App","name":"BitComet","company":"www.BitComet.com","version":"2.0.1","lastKnownStatus":"1.85.1.18;1.87.0;1.98.12.8;1.99;2.0;2.0.1;2.0.2;2.0.3;2.0.4.0;2.0.5.0;2.0.6.0;2.0.7.0;2.0.8.0;2.0.9.0;2.20.1.19","lastKnownDate":"260209","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2026-02-09T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":16,"sortOrder":66},{"violations":{"ACR-042":"App drops unrelated components in hidden folder before user permission through explicit user's action. \n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software.\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software\n\n","ACR-084":"On closing the app, the application doesn't exit completely. It runs silently in the background, hiding the fact that it is active from the consumer without any notification.\n","ACR-097":"App has by default setting \"Add an exception for Windows firewall\" without providing obvious disclaim or option to change the setting during installation.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains one of its component on the device without the consumer's consent or notifying the user.\n"},"nonDeceptorViolations":{"ACR-123":"The app does not remove the non-executable files even after uninstall and reboot.\n"},"samples":[{"isRevoked":"False","fileName":"bitcomet_setup.exe","isInstaller":"True","fileVersion":"2.0","hashMD5":"641ee3996cd32e3dabf0b1546b71a4b0","hashSHA1":"f818014b712d33c52c098497863467b5666b3c19","hashSHA256":"aee890270f10c7c1b78c3e07091fb06983e22fa9d18f946a84d04702b940a765","digitalCertThumbprint":"EB0343BBE59BACBBB9470BC6C41E1A6DA13A4E73","digitalCertIssuer":"CN=Certum Code Signing 2021 CA, O=Asseco Data Systems S.A., C=PL","digitalCertIssuedTo":"E=wxhere@hotmail.com, CN=Xing Wang, O=Xing Wang, L=Shanghai, C=CN","sourceIndex":"1093","avBlockList":["Avira Internet Security (20230608)","Bitdefender Internet Security (20230608)","COMODO Antivirus (20230608)","Dr.Web Security Space (20230608)","ESET Internet Security (20230608)","G DATA INTERNET SECURITY (20230608)","K7 Total Security (20230608)","Kaspersky Internet Security (20230608)","Malwarebytes Premium (20230608)","McAfee Total Protection (20230608)","Norton Security (20230608)","Panda Dome (20230608)","Quick Heal Internet Security (20230608)","Sophos Home Premium (20230608)","SpyHunter5 (20230608)","Total AV Antivirus Pro (20230608)","VIPRE Advanced Security (20230608)","VirIT eXplorer PRO (20230608)","Webroot SecureAnywhere (20230608)"],"avAllowList":["360 Total Security (20230608)","Avast Premium Security (20230608)","AVG Internet Security (20230608)","Trend Micro Internet Security (20230608)","Windows Defender (20230608)"]},{"isRevoked":"False","fileName":"BitComet.exe","companyName":"www.BitComet.com","fileVersion":"2.0","hashMD5":"39014cf1cf429113da2891d699f22507","hashSHA1":"c61b222df3ff7b70f5be5112d7050c52f1463928","hashSHA256":"49bde50c06fadb98e19386e79d9368530eb3baa538aa3f95c552577812248a46","digitalCertThumbprint":"EB0343BBE59BACBBB9470BC6C41E1A6DA13A4E73","digitalCertIssuer":"CN=Certum Code Signing 2021 CA, O=Asseco Data Systems S.A., C=PL","digitalCertIssuedTo":"E=wxhere@hotmail.com, CN=Xing Wang, O=Xing Wang, L=Shanghai, C=CN","sourceIndex":"1093","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on Torrent apps","reference":"","landingPage":"https://www.bitcomet.com/en","directDownloadingLink":"https://d24z8ostpbuezc.cloudfront.net/2CNdqgs76AXXGtCuA3RYXeAUE8AT+l16K9DqjpgQNwNMLXSJ3FSth9f1j3jScZDEBWC4LqwjBqvR+_IfACgebiFyodsihd0xTmDPaWYOVJ3cpOLyrUXJIEkf7pLB4fAXQbULYlOt4ov1JHOJv2NMQ_tyGuaSZUuKDaUIC5oMJ2adqNMT5AAsF5rQnRkMuMUIMkbsNRQuIfjy+dmmoluPEzdTy1aQu1MvysWxnGSznYQA7ZetOgGHo+Fc6NQKI900HiqYZAri5DaNdIKRSN1kGVXf2NEVCHgE85f1TGcf8W+MIu3_miA=-GzsAAMTaOW4vgzIzDR_flR9EOQIbcOAWQaK5jTeFbR8HuZfAVOlOWxOsWs2GP4TirPxplJz0gHcLPgA=","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://d24z8ostpbuezc.cloudfront.net/2CNdqgs76AXXGtCuA3RYXeAUE8AT+l16K9DqjpgQNwNMLXSJ3FSth9f1j3jScZDEBWC4LqwjBqvR+_IfACgebiFyodsihd0xTmDPaWYOVJ3cpOLyrUXJIEkf7pLB4fAXQbULYlOt4ov1JHOJv2NMQ_tyGuaSZUuKDaUIC5oMJ2adqNMT5AAsF5rQnRkMuMUIMkbsNRQuIfjy+dmmoluPEzdTy1aQu1MvysWxnGSznYQA7ZetOgGHo+Fc6NQKI900HiqYZAri5DaNdIKRSN1kGVXf2NEVCHgE85f1TGcf8W+MIu3_miA=-GzsAAMTaOW4vgzIzDR_flR9EOQIbcOAWQaK5jTeFbR8HuZfAVOlOWxOsWs2GP4TirPxplJz0gHcLPgA=","sourceIndex":"1093"},{"howFound":"DE-site","reference":"","landingPage":"","directDownloadingLink":"https://d2uwggmj21pt97.cloudfront.net/installer/5644244/46887598277","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://d2uwggmj21pt97.cloudfront.net/installer/5644244/46887598277","sourceIndex":"1094"}],"sampleFiles":["230522/bitcomet-220223/2.0/Samples/bitcomet_setup.exe","230522/bitcomet-220223/2.0/Samples/BitComet.exe"],"imageFiles":["230522/bitcomet-220223/2.0/Images/ACR-097/ACR-097-bit.jpg","230522/bitcomet-220223/2.0/Images/ACR-042/ACR-042_043.jpg","230522/bitcomet-220223/2.0/Images/ACR-084/ACR-084.jpg","230522/bitcomet-220223/2.0/Images/ACR-084/ACR-084-bitcomet.jpg","230522/bitcomet-220223/2.0/Images/ACR-118/ACR-118.jpg","230522/bitcomet-220223/2.0/Images/ACR-013/ACR-013_1.png","230522/bitcomet-220223/2.0/Images/ACR-013/ACR-013_2.png","230522/bitcomet-220223/2.0/Images/ACR-013/ACR-013_3.png","230522/bitcomet-220223/2.0/Images/ACR-013/ACR-013_4.png","230522/bitcomet-220223/2.0/Images/ACR-013/OptionalOffer.jpg","230522/bitcomet-220223/2.0/Images/ACR-060/ACR-060_1.png","230522/bitcomet-220223/2.0/Images/ACR-060/ACR-060_2.png","230522/bitcomet-220223/2.0/Images/ACR-060/ACR-060_3.png","230522/bitcomet-220223/2.0/Images/ACR-060/ACR-060_4.png","230522/bitcomet-220223/2.0/Images/ACR-060/OptionalOffer.jpg"],"nonDeceptorImageFiles":["230522/bitcomet-220223/2.0/Images/ACR-123/ACR-123.jpg"],"guid":"80a7b3a8-4a37-4d3d-859b-0555e4081baa_2.0_1","appID":"bitcomet-220223","dateAdded":"260209","deceptorType":"App","name":"BitComet","company":"www.BitComet.com","version":"2.0","lastKnownStatus":"1.85.1.18;1.87.0;1.98.12.8;1.99;2.0;2.0.1;2.0.2;2.0.3;2.0.4.0;2.0.5.0;2.0.6.0;2.0.7.0;2.0.8.0;2.0.9.0;2.20.1.19","lastKnownDate":"260209","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2026-02-09T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":16,"sortOrder":67},{"violations":{"ACR-042":"App drops unrelated components in hidden folder before user permission through explicit user's action. \n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software.\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software\n\n","ACR-084":"On closing the app, the application doesn't exit completely. It runs silently in the background, hiding the fact that it is active from the consumer without any notification.\n","ACR-097":"App has by default setting \"Add an exception for Windows firewall\" without providing obvious disclaim or option to change the setting during installation.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains one of its component on the device without the consumer's consent or notifying the user.\n"},"nonDeceptorViolations":{"ACR-123":"The app does not remove the non-executable files even after uninstall and reboot.\n"},"samples":[{"isRevoked":"False","fileName":"BitComet.exe","isInstaller":"True","companyName":"www.BitComet.com","fileVersion":"1.99","hashMD5":"efd3cfa7bddd252e32dd88e6bbfc5973","hashSHA1":"531c4ec65a0bf1afc58b846ff5c844b95be99814","hashSHA256":"c8e100cbfed896bec689d37bf28944d4ff0ac21852603c7b3c867d6ecc3fb5d2","digitalCertThumbprint":"DC06C09F2067119B72613CCDF4C6AC63CED6BE6E","digitalCertIssuer":"CN=Certum Code Signing CA SHA2, OU=Certum Certification Authority, O=Unizeto Technologies S.A., C=PL","digitalCertIssuedTo":"E=wxhere@hotmail.com, CN=Xing Wang, O=Xing Wang, L=Shanghai, C=CN","sourceIndex":"1144","avBlockList":["Avira Internet Security (20240411)","K7 Total Security (20240411)","Kaspersky Internet Security (20240411)","Malwarebytes Premium (20240411)","McAfee Total Protection (20240411)","Norton Security (20240411)","Panda Dome (20240411)","Quick Heal Internet Security (20240411)","Sophos Home Premium (20240411)","SpyHunter5 (20240411)","Total AV Antivirus Pro (20240411)","VirIT eXplorer PRO (20240411)"],"avAllowList":["360 Total Security (20240411)","Avast Premium Security (20240411)","AVG Internet Security (20240411)","Bitdefender Internet Security (20240411)","COMODO Antivirus (20240411)","Dr.Web Security Space (20240411)","ESET Internet Security (20240411)","G DATA INTERNET SECURITY (20240411)","Trend Micro Internet Security (20240411)","VIPRE Advanced Security (20240411)","Webroot SecureAnywhere (20240411)","Windows Defender (20240411)"]},{"isRevoked":"False","fileName":"bitcomet_setup.exe","isInstaller":"True","fileVersion":"1.99","hashMD5":"be76e13003314820587c6ff64832765e","hashSHA1":"4e6b36f5ebd091f29b4dd1cbeffc612648393d56","hashSHA256":"47884ecdf4dd3910e3a347de3ea722ea7f732ff9f15e2f5102380734b871b269","digitalCertThumbprint":"DC06C09F2067119B72613CCDF4C6AC63CED6BE6E","digitalCertIssuer":"CN=Certum Code Signing CA SHA2, OU=Certum Certification Authority, O=Unizeto Technologies S.A., C=PL","digitalCertIssuedTo":"E=wxhere@hotmail.com, CN=Xing Wang, O=Xing Wang, L=Shanghai, C=CN","sourceIndex":"1144","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on Torrent apps","reference":"","landingPage":"https://www.bitcomet.com/en","directDownloadingLink":"https://d24z8ostpbuezc.cloudfront.net/2CNdqgs76AXXGtCuA3RYXeAUE8AT+l16K9DqjpgQNwNMLXSJ3FSth9f1j3jScZDEBWC4LqwjBqvR+_IfACgebiFyodsihd0xTmDPaWYOVJ3cpOLyrUXJIEkf7pLB4fAXQbULYlOt4ov1JHOJv2NMQ_tyGuaSZUuKDaUIC5oMJ2adqNMT5AAsF5rQnRkMuMUIMkbsNRQuIfjy+dmmoluPEzdTy1aQu1MvysWxnGSznYQA7ZetOgGHo+Fc6NQKI900HiqYZAri5DaNdIKRSN1kGVXf2NEVCHgE85f1TGcf8W+MIu3_miA=-GzsAAMTaOW4vgzIzDR_flR9EOQIbcOAWQaK5jTeFbR8HuZfAVOlOWxOsWs2GP4TirPxplJz0gHcLPgA=","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://d24z8ostpbuezc.cloudfront.net/2CNdqgs76AXXGtCuA3RYXeAUE8AT+l16K9DqjpgQNwNMLXSJ3FSth9f1j3jScZDEBWC4LqwjBqvR+_IfACgebiFyodsihd0xTmDPaWYOVJ3cpOLyrUXJIEkf7pLB4fAXQbULYlOt4ov1JHOJv2NMQ_tyGuaSZUuKDaUIC5oMJ2adqNMT5AAsF5rQnRkMuMUIMkbsNRQuIfjy+dmmoluPEzdTy1aQu1MvysWxnGSznYQA7ZetOgGHo+Fc6NQKI900HiqYZAri5DaNdIKRSN1kGVXf2NEVCHgE85f1TGcf8W+MIu3_miA=-GzsAAMTaOW4vgzIzDR_flR9EOQIbcOAWQaK5jTeFbR8HuZfAVOlOWxOsWs2GP4TirPxplJz0gHcLPgA=","sourceIndex":"1144"}],"sampleFiles":["230427/bitcomet-220223/1.99/Samples/BitComet.exe","230427/bitcomet-220223/1.99/Samples/bitcomet_setup.exe"],"imageFiles":["230427/bitcomet-220223/1.99/Images/ACR-097/ACR-097.jpg","230427/bitcomet-220223/1.99/Images/ACR-042/ACR-042.jpg","230427/bitcomet-220223/1.99/Images/ACR-084/ACR-084.jpg","230427/bitcomet-220223/1.99/Images/ACR-118/ACR-118.jpg","230427/bitcomet-220223/1.99/Images/ACR-013/ACR-013_1.png","230427/bitcomet-220223/1.99/Images/ACR-013/ACR-013_2.png","230427/bitcomet-220223/1.99/Images/ACR-013/ACR-013_3.png","230427/bitcomet-220223/1.99/Images/ACR-013/ACR-013_4.png","230427/bitcomet-220223/1.99/Images/ACR-013/OptionalOffer.jpg","230427/bitcomet-220223/1.99/Images/ACR-060/ACR-060_1.png","230427/bitcomet-220223/1.99/Images/ACR-060/ACR-060_2.png","230427/bitcomet-220223/1.99/Images/ACR-060/ACR-060_3.png","230427/bitcomet-220223/1.99/Images/ACR-060/ACR-060_4.png","230427/bitcomet-220223/1.99/Images/ACR-060/OptionalOffer.jpg"],"nonDeceptorImageFiles":["230427/bitcomet-220223/1.99/Images/ACR-123/ACR-123.png"],"guid":"80a7b3a8-4a37-4d3d-859b-0555e4081baa_1.99_1","appID":"bitcomet-220223","dateAdded":"260209","deceptorType":"App","name":"BitComet","company":"www.BitComet.com","version":"1.99","lastKnownStatus":"1.85.1.18;1.87.0;1.98.12.8;1.99;2.0;2.0.1;2.0.2;2.0.3;2.0.4.0;2.0.5.0;2.0.6.0;2.0.7.0;2.0.8.0;2.0.9.0;2.20.1.19","lastKnownDate":"260209","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2026-02-09T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":16,"sortOrder":68},{"violations":{"ACR-042":"App drops unrelated components in hidden folder before user permission through explicit user's action. \n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software.\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software\n\n","ACR-084":"On closing the app, the application doesn't exit completely. It runs silently in the background, hiding the fact that it is active from the consumer without any notification.\n","ACR-097":"App has by default setting \"Add an exception for Windows firewall\" without providing obvious disclaim or option to change the setting during installation.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains one of its component on the device without the consumer's consent or notifying the user.\n"},"nonDeceptorViolations":{"ACR-123":"The app does not remove the non-executable files even after uninstall and reboot.\n"},"samples":[{"isRevoked":"False","fileName":"BitComet.exe-381c584511c773db358f9981214f663e46d05eaec2103e4416e5279c5773eb07","isInstaller":"True","companyName":"www.BitComet.com","fileVersion":"1.98","hashMD5":"37096a6de049ec34cbd851797b120b5d","hashSHA1":"81ab96b0a2480948b47facf549ee30a15d16fcca","hashSHA256":"381c584511c773db358f9981214f663e46d05eaec2103e4416e5279c5773eb07","digitalCertThumbprint":"DC06C09F2067119B72613CCDF4C6AC63CED6BE6E","digitalCertIssuer":"CN=Certum Code Signing CA SHA2, OU=Certum Certification Authority, O=Unizeto Technologies S.A., C=PL","digitalCertIssuedTo":"E=wxhere@hotmail.com, CN=Xing Wang, O=Xing Wang, L=Shanghai, C=CN","sourceIndex":"1183","avBlockList":["Avira Internet Security (20230926)","Kaspersky Internet Security (20230926)","McAfee Total Protection (20230926)","Norton Security (20230926)","Panda Dome (20230926)","Sophos Home Premium (20230926)","SpyHunter5 (20230926)","Total AV Antivirus Pro (20230926)","VirIT eXplorer PRO (20230926)","Webroot SecureAnywhere (20230926)"],"avAllowList":["360 Total Security (20230926)","Avast Premium Security (20230926)","AVG Internet Security (20230926)","Bitdefender Internet Security (20230926)","COMODO Antivirus (20230926)","Dr.Web Security Space (20230926)","ESET Internet Security (20230926)","G DATA INTERNET SECURITY (20230926)","K7 Total Security (20230926)","Malwarebytes Premium (20230926)","Quick Heal Internet Security (20230926)","Trend Micro Internet Security (20230926)","VIPRE Advanced Security (20230926)","Windows Defender (20230926)"]},{"isRevoked":"False","fileName":"bitcomet_setup.exe-ba01d62da0cc42e35a839dfb8483573d166d283c86eef1cc276930694f3cb262","isInstaller":"True","fileVersion":"1.98","hashMD5":"b01f3846502ef3ce068ab61132834692","hashSHA1":"442b62fcace41fdf026be4f5da1cbba2d5a217e1","hashSHA256":"ba01d62da0cc42e35a839dfb8483573d166d283c86eef1cc276930694f3cb262","digitalCertThumbprint":"DC06C09F2067119B72613CCDF4C6AC63CED6BE6E","digitalCertIssuer":"CN=Certum Code Signing CA SHA2, OU=Certum Certification Authority, O=Unizeto Technologies S.A., C=PL","digitalCertIssuedTo":"E=wxhere@hotmail.com, CN=Xing Wang, O=Xing Wang, L=Shanghai, C=CN","sourceIndex":"1183","avBlockList":["360 Total Security (20230323)","Avira Internet Security (20230323)","Bitdefender Internet Security (20230323)","COMODO Antivirus (20230323)","Dr.Web Security Space (20230323)","ESET Internet Security (20230323)","G DATA INTERNET SECURITY (20230323)","K7 Total Security (20230323)","Kaspersky Internet Security (20230323)","Malwarebytes Premium (20230323)","McAfee Total Protection (20230323)","Norton Security (20230323)","Panda Dome (20230323)","Quick Heal Internet Security (20230323)","Sophos Home Premium (20230323)","SpyHunter5 (20230323)","Total AV Antivirus Pro (20230323)","Trend Micro Internet Security (20230323)","VIPRE Advanced Security (20230323)","VirIT eXplorer PRO (20230323)","Webroot SecureAnywhere (20230323)"],"avAllowList":["Avast Premium Security (20230323)","AVG Internet Security (20230323)","Windows Defender (20230323)"]},{"isRevoked":"False","fileName":"bitcomet_setup.exe","isInstaller":"True","fileVersion":"1.98","hashMD5":"0c2bb65140d0eb00fee23f3cbd96eeaf","hashSHA1":"fb61ea4645b10992c7a2c79fa7cf88f7b5c31b1e","hashSHA256":"54e6e3402782645198a89a7b4ae03c023dddf94880206d054d1a277b21cf10f1","digitalCertThumbprint":"DC06C09F2067119B72613CCDF4C6AC63CED6BE6E","digitalCertIssuer":"CN=Certum Code Signing CA SHA2, OU=Certum Certification Authority, O=Unizeto Technologies S.A., C=PL","digitalCertIssuedTo":"E=wxhere@hotmail.com, CN=Xing Wang, O=Xing Wang, L=Shanghai, C=CN","sourceIndex":"1183","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on Torrent apps","reference":"","landingPage":"https://www.bitcomet.com/en","directDownloadingLink":"https://d3kodgqn5k9djk.cloudfront.net/installer/756820/063650034893347238","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://d3kodgqn5k9djk.cloudfront.net/installer/756820/063650034893347238","sourceIndex":"1183"}],"sampleFiles":["230402/bitcomet-220223/1.98.12.8/Samples/BitComet.exe-381c584511c773db358f9981214f663e46d05eaec2103e4416e5279c5773eb07","230402/bitcomet-220223/1.98.12.8/Samples/bitcomet_setup.exe-ba01d62da0cc42e35a839dfb8483573d166d283c86eef1cc276930694f3cb262","230402/bitcomet-220223/1.98.12.8/Samples/bitcomet_setup.exe"],"imageFiles":["230402/bitcomet-220223/1.98.12.8/Images/ACR-097/ACR-097.png","230402/bitcomet-220223/1.98.12.8/Images/ACR-042/BitComet_042.JPG","230402/bitcomet-220223/1.98.12.8/Images/ACR-084/ACR-084.png","230402/bitcomet-220223/1.98.12.8/Images/ACR-118/ACR-118.png","230402/bitcomet-220223/1.98.12.8/Images/ACR-013/ACR-013_1.png","230402/bitcomet-220223/1.98.12.8/Images/ACR-013/ACR-013_2.png","230402/bitcomet-220223/1.98.12.8/Images/ACR-013/ACR-013_3.png","230402/bitcomet-220223/1.98.12.8/Images/ACR-013/ACR-013_4.png","230402/bitcomet-220223/1.98.12.8/Images/ACR-060/ACR-060_1.png","230402/bitcomet-220223/1.98.12.8/Images/ACR-060/ACR-060_2.png","230402/bitcomet-220223/1.98.12.8/Images/ACR-060/ACR-060_3.png","230402/bitcomet-220223/1.98.12.8/Images/ACR-060/ACR-060_4.png"],"nonDeceptorImageFiles":["230402/bitcomet-220223/1.98.12.8/Images/ACR-123/ACR-123.png"],"guid":"80a7b3a8-4a37-4d3d-859b-0555e4081baa_1.98.12.8_1","appID":"bitcomet-220223","dateAdded":"260209","deceptorType":"App","name":"BitComet","company":"www.BitComet.com","version":"1.98.12.8","sigName":"","lastKnownStatus":"1.85.1.18;1.87.0;1.98.12.8;1.99;2.0;2.0.1;2.0.2;2.0.3;2.0.4.0;2.0.5.0;2.0.6.0;2.0.7.0;2.0.8.0;2.0.9.0;2.20.1.19","lastKnownDate":"260209","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2026-02-09T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":16,"sortOrder":69},{"violations":{"ACR-084":"On closing the app, the application doesn't exit completely. It runs silently in the background, hiding the fact that it is active from the consumer without any notification.\n","ACR-097":"App has by default setting \"Add an exception for Windows firewall\" without providing obvious disclaim or option to change the setting during installation.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains one of its component on the device without the consumer's consent or notifying the user.\n"},"nonDeceptorViolations":{"ACR-123":"The app does not remove the non-executable files even after uninstall and reboot.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files\\BitComet\\BitComet.exe","companyName":"www.BitComet.com","productName":"BitComet 64-bit","productVersion":"1.91","fileVersion":"1.91","hashMD5":"3a98dfd359396efa54ccc111cbfbc18b","hashSHA1":"06b99d7881feaed5b83d33c4e9552521482b4b2a","hashSHA256":"a389a890e03664205a36034c836ad4197e47e07a78766b68a4dd02118916a3e3","digitalCertThumbprint":"DC06C09F2067119B72613CCDF4C6AC63CED6BE6E","digitalCertIssuer":"Certum Code Signing CA SHA2","digitalCertIssuedTo":"Xing Wang","storeId":"","sourceIndex":"1521","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Program Files\\BitComet\\tools\\BitCometService.exe","companyName":"www.BitComet.com","productName":"BitComet","productVersion":"1.83","fileVersion":"1.83","hashMD5":"174a32c8dca516230ff6eb0805d6f829","hashSHA1":"f0fcce7bf22532e0829812473b3aed437fc105b1","hashSHA256":"b234be795f9472b90c7746b7189ead8ffb2e81ccfc1546d6ea93ebdb6b08010b","digitalCertThumbprint":"DC06C09F2067119B72613CCDF4C6AC63CED6BE6E","digitalCertIssuer":"Certum Code Signing CA SHA2","digitalCertIssuedTo":"Xing Wang","storeId":"","sourceIndex":"1521","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Program Files\\BitComet\\tools\\UPNP.exe","companyName":"www.BitComet.com","productName":"UPNP.exe","productVersion":"1.76","fileVersion":"1.76","hashMD5":"febbaf0c03103a63e0141a96535b7745","hashSHA1":"84d8deccdcf8ae2c703063477e4788a61ba061a1","hashSHA256":"5139ca694cdba3802811160dd15563f72b8cc1d6ce0d9cc3b415104516eac305","digitalCertThumbprint":"DC06C09F2067119B72613CCDF4C6AC63CED6BE6E","digitalCertIssuer":"Certum Code Signing CA SHA2","digitalCertIssuedTo":"Xing Wang","storeId":"","sourceIndex":"1521","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"bitcomet_setup.exe","isInstaller":"True","companyName":"                                                            ","productName":"BitComet                                                    ","productVersion":"1.91.0                                            ","fileVersion":"1.91.0              ","hashMD5":"1564141c670c091967af77487f561c96","hashSHA1":"f4bd11fbad6902397befbdf82669675766a60f1d","hashSHA256":"1e698b74ceb7974518d2539bc061344310cc05f4d3772075e17d75362164480f","digitalCertThumbprint":"DC06C09F2067119B72613CCDF4C6AC63CED6BE6E","digitalCertIssuer":"Certum Code Signing CA SHA2","digitalCertIssuedTo":"Xing Wang","storeId":"","sourceIndex":"1521","avBlockList":["Avira Internet Security (20230418)","Bitdefender Internet Security (20230418)","COMODO Antivirus (20230418)","Dr.Web Security Space (20230418)","ESET Internet Security (20230418)","G DATA INTERNET SECURITY (20230418)","K7 Total Security (20230418)","Kaspersky Internet Security (20230418)","Malwarebytes Premium (20230418)","McAfee Total Protection (20230418)","Norton Security (20230418)","Panda Dome (20230418)","Quick Heal Internet Security (20230418)","Sophos Home Premium (20230418)","SpyHunter5 (20230418)","Total AV Antivirus Pro (20230418)","Trend Micro Internet Security (20230418)","VIPRE Advanced Security (20230418)","VirIT eXplorer PRO (20230418)","Webroot SecureAnywhere (20230418)"],"avAllowList":["360 Total Security (20230418)","Avast Premium Security (20230418)","AVG Internet Security (20230418)","Windows Defender (20230418)"]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on Torrent apps","reference":"","landingPage":"https://www.bitcomet.com/en","directDownloadingLink":"https://dbfpx8h3uq9ti.cloudfront.net/installer/50950607/0300313875017","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://dbfpx8h3uq9ti.cloudfront.net/installer/50950607/0300313875017","sourceIndex":"1521"}],"sampleFiles":["220519/bitcomet-220223/1.91.0/Samples/bitcomet_setup.exe"],"imageFiles":["220519/bitcomet-220223/1.91.0/Images/ACR-097/ACR-097_Software.JPG","220519/bitcomet-220223/1.91.0/Images/ACR-084/ACR-084_Software.JPG","220519/bitcomet-220223/1.91.0/Images/ACR-118/ACR-118_Uninstall.JPG"],"nonDeceptorImageFiles":["220519/bitcomet-220223/1.91.0/Images/ACR-123/ACR-123_Uninstall.JPG","220519/bitcomet-220223/1.91.0/Images/ACR-123/ACR-123_Uninstall_1.JPG"],"guid":"80a7b3a8-4a37-4d3d-859b-0555e4081baa_1.91.0_1","appID":"bitcomet-220223","dateAdded":"260209","deceptorType":"App","name":"BitComet","company":"www.BitComet.com","version":"1.91.0","lastKnownStatus":"1.85.1.18;1.87.0;1.98.12.8;1.99;2.0;2.0.1;2.0.2;2.0.3;2.0.4.0;2.0.5.0;2.0.6.0;2.0.7.0;2.0.8.0;2.0.9.0;2.20.1.19","lastKnownDate":"260209","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2026-02-09T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":16,"sortOrder":70},{"violations":{"ACR-084":"On closing the app, the application doesn't exit completely. It runs silently in the background, hiding the fact that it is active from the consumer without any notification.\n","ACR-097":"App has by default setting \"Add an exception for Windows firewall\" without providing obvious disclaim or option to change the setting during installation.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains one of its component on the device without the consumer's consent or notifying the user.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files\\BitComet\\BitComet.exe","companyName":"www.BitComet.com","productName":"BitComet 64-bit","productVersion":"1.87","fileVersion":"1.87","hashMD5":"bc3d64a7e19dc11a094218d9f9cef22f","hashSHA1":"b7709ccd75cff2bc1410d5a73af0986a16b4e3f1","hashSHA256":"0480e296716fc0e256f06e59db6a5200c31624c4369b81de26b876a36df0e799","digitalCertThumbprint":"DC06C09F2067119B72613CCDF4C6AC63CED6BE6E","digitalCertIssuer":"Certum Code Signing CA SHA2","digitalCertIssuedTo":"Xing Wang","storeId":"","sourceIndex":"1604","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Program Files\\BitComet\\tools\\BitCometService.exe","companyName":"www.BitComet.com","productName":"BitComet","productVersion":"1.83","fileVersion":"1.83","hashMD5":"174a32c8dca516230ff6eb0805d6f829","hashSHA1":"f0fcce7bf22532e0829812473b3aed437fc105b1","hashSHA256":"b234be795f9472b90c7746b7189ead8ffb2e81ccfc1546d6ea93ebdb6b08010b","digitalCertThumbprint":"DC06C09F2067119B72613CCDF4C6AC63CED6BE6E","digitalCertIssuer":"Certum Code Signing CA SHA2","digitalCertIssuedTo":"Xing Wang","storeId":"","sourceIndex":"1604","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"bitcomet_setup.exe","isInstaller":"True","companyName":"                                                            ","productName":"BitComet                                                    ","productVersion":"1.87.0                                            ","fileVersion":"1.87.0              ","hashMD5":"2a4592a447d3b9b5661c15b5d3ed4adb","hashSHA1":"a403c80da8a845cfc8be0483f627e654eee689c2","hashSHA256":"1dcb4785fd3bc46bbbffaeda92b90d23c782bdd649a70b653b74697d50733cc0","digitalCertThumbprint":"DC06C09F2067119B72613CCDF4C6AC63CED6BE6E","digitalCertIssuer":"Certum Code Signing CA SHA2","digitalCertIssuedTo":"Xing Wang","storeId":"","sourceIndex":"1604","avBlockList":["Avira Internet Security (20230831)","COMODO Antivirus (20230831)","Dr.Web Security Space (20230831)","ESET Internet Security (20230831)","G DATA INTERNET SECURITY (20230831)","K7 Total Security (20230831)","Kaspersky Internet Security (20230831)","Malwarebytes Premium (20230831)","McAfee Total Protection (20230831)","Norton Security (20230831)","Panda Dome (20230831)","Quick Heal Internet Security (20230831)","Sophos Home Premium (20230831)","SpyHunter5 (20230831)","Total AV Antivirus Pro (20230831)","VirIT eXplorer PRO (20230831)","Webroot SecureAnywhere (20230831)","Windows Defender (20230831)"],"avAllowList":["360 Total Security (20230831)","Avast Premium Security (20230831)","AVG Internet Security (20230831)","Bitdefender Internet Security (20230831)","Tencent PC Manager (20220602)","Trend Micro Internet Security (20230831)","VIPRE Advanced Security (20230831)"]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on Torrent apps","reference":"","landingPage":"https://www.bitcomet.com/en","directDownloadingLink":"https://d24z8ostpbuezc.cloudfront.net/2CNdqgs76AXXGtCuA3RYXeAUE8AT+l16K9DqjpgQNwNMLXSJ3FSth9f1j3jScZDEBWC4LqwjBqvR+_IfACgebiFyodsihd0xTmDPaWYOVJ3cpOLyrUXJIEkf7pLB4fAXQbULYlOt4ov1JHOJv2NMQ_tyGuaSZUuKDaUIC5oMJ2adqNMT5AAsF5rQnRkMuMUIMkbsNRQuIfjy+dmmoluPEzdTy1aQu1MvysWxnGSznYQA7ZetOgGHo+Fc6NQKI900HiqYZAri5DaNdIKRSN1kGVXf2NEVCHgE85f1TGcf8W+MIu3_miA=-GzsAAMTaOW4vgzIzDR_flR9EOQIbcOAWQaK5jTeFbR8HuZfAVOlOWxOsWs2GP4TirPxplJz0gHcLPgA=","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://d24z8ostpbuezc.cloudfront.net/2CNdqgs76AXXGtCuA3RYXeAUE8AT+l16K9DqjpgQNwNMLXSJ3FSth9f1j3jScZDEBWC4LqwjBqvR+_IfACgebiFyodsihd0xTmDPaWYOVJ3cpOLyrUXJIEkf7pLB4fAXQbULYlOt4ov1JHOJv2NMQ_tyGuaSZUuKDaUIC5oMJ2adqNMT5AAsF5rQnRkMuMUIMkbsNRQuIfjy+dmmoluPEzdTy1aQu1MvysWxnGSznYQA7ZetOgGHo+Fc6NQKI900HiqYZAri5DaNdIKRSN1kGVXf2NEVCHgE85f1TGcf8W+MIu3_miA=-GzsAAMTaOW4vgzIzDR_flR9EOQIbcOAWQaK5jTeFbR8HuZfAVOlOWxOsWs2GP4TirPxplJz0gHcLPgA=","sourceIndex":"1604"}],"sampleFiles":["220519/bitcomet-220223/1.87.0/Samples/bitcomet_setup.exe"],"imageFiles":["220519/bitcomet-220223/1.87.0/Images/ACR-097/ACR-097_Software_Exception_Behaviour.JPG","220519/bitcomet-220223/1.87.0/Images/ACR-084/ACR-084_1.JPG","220519/bitcomet-220223/1.87.0/Images/ACR-118/ACR-118_Uninstall_1.JPG"],"nonDeceptorImageFiles":[],"guid":"80a7b3a8-4a37-4d3d-859b-0555e4081baa_1.87.0_1","appID":"bitcomet-220223","dateAdded":"260209","deceptorType":"App","name":"BitComet","company":"www.BitComet.com","version":"1.87.0","lastKnownStatus":"1.85.1.18;1.87.0;1.98.12.8;1.99;2.0;2.0.1;2.0.2;2.0.3;2.0.4.0;2.0.5.0;2.0.6.0;2.0.7.0;2.0.8.0;2.0.9.0;2.20.1.19","lastKnownDate":"260209","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2026-02-09T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":16,"sortOrder":71},{"violations":{"ACR-084":"On closing the app, the application doesn't exit completely. It runs silently in the background, hiding the fact that it is active from the consumer without any notification.\n","ACR-097":"App has by default setting \"Add an exception for Windows firewall\" without providing obvious disclaim or option to change the setting during installation.\n","ACR-059":"The offer is not marked clearly it is optional offer. \n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"bitcomet_setup.exe","isInstaller":"True","companyName":"                                                            ","productName":"BitComet                                                    ","productVersion":"1.85.0                                            ","fileVersion":"1.85.0              ","hashMD5":"b789173ce35f68f9da1ff9faa00c6d86","hashSHA1":"3fb2ddf50866299d62f4e49de7b32300518edc46","hashSHA256":"58da26d46c3641b775970ac5ba92603eb9d7b59554bdd0520f54c812cb496a47","digitalCertThumbprint":"DC06C09F2067119B72613CCDF4C6AC63CED6BE6E","digitalCertIssuer":"Certum Code Signing CA SHA2","digitalCertIssuedTo":"Xing Wang","storeId":"","sourceIndex":"1705","avBlockList":["360 Total Security (20240613)","Avast Premium Security (20240613)","AVG Internet Security (20240613)","Avira Internet Security (20240613)","Bitdefender Internet Security (20240613)","COMODO Antivirus (20240613)","Dr.Web Security Space (20240613)","ESET Internet Security (20240613)","G DATA INTERNET SECURITY (20240613)","K7 Total Security (20240613)","Kaspersky Internet Security (20240613)","Malwarebytes Premium (20240613)","McAfee Total Protection (20240613)","Norton Security (20240613)","Panda Dome (20240613)","Quick Heal Internet Security (20240613)","Sophos Home Premium (20240613)","SpyHunter5 (20240613)","Total AV Antivirus Pro (20240613)","VIPRE Advanced Security (20240613)","VirIT eXplorer PRO (20240613)","Webroot SecureAnywhere (20240613)","Windows Defender (20240613)"],"avAllowList":["Tencent PC Manager (20220428)","Trend Micro Internet Security (20240613)"]},{"isRevoked":"False","fileName":"C:\\Program Files\\BitComet\\BitComet.exe","companyName":"www.BitComet.com","productName":"BitComet 64-bit","productVersion":"1.85","fileVersion":"1.85","hashMD5":"79d211fcf99411e9081d53e7af36ed54","hashSHA1":"132d2b32ab95c1c0f56f54ea7ac48fd43ff491db","hashSHA256":"9f05f0647bc7a9c53559c0ef8497f9617659607f06d5830f5debeb2e9965cf61","digitalCertThumbprint":"DC06C09F2067119B72613CCDF4C6AC63CED6BE6E","digitalCertIssuer":"Certum Code Signing CA SHA2","digitalCertIssuedTo":"Xing Wang","storeId":"","sourceIndex":"1705","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on Torrent apps","reference":"","landingPage":"https://www.bitcomet.com/en","directDownloadingLink":"https://d24z8ostpbuezc.cloudfront.net/2CNdqgs76AXXGtCuA3RYXeAUE8AT+l16K9DqjpgQNwNMLXSJ3FSth9f1j3jScZDEBWC4LqwjBqvR+_IfACgebiFyodsihd0xTmDPaWYOVJ3cpOLyrUXJIEkf7pLB4fAXQbULYlOt4ov1JHOJv2NMQ_tyGuaSZUuKDaUIC5oMJ2adqNMT5AAsF5rQnRkMuMUIMkbsNRQuIfjy+dmmoluPEzdTy1aQu1MvysWxnGSznYQA7ZetOgGHo+Fc6NQKI900HiqYZAri5DaNdIKRSN1kGVXf2NEVCHgE85f1TGcf8W+MIu3_miA=-GzsAAMTaOW4vgzIzDR_flR9EOQIbcOAWQaK5jTeFbR8HuZfAVOlOWxOsWs2GP4TirPxplJz0gHcLPgA=","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://d24z8ostpbuezc.cloudfront.net/2CNdqgs76AXXGtCuA3RYXeAUE8AT+l16K9DqjpgQNwNMLXSJ3FSth9f1j3jScZDEBWC4LqwjBqvR+_IfACgebiFyodsihd0xTmDPaWYOVJ3cpOLyrUXJIEkf7pLB4fAXQbULYlOt4ov1JHOJv2NMQ_tyGuaSZUuKDaUIC5oMJ2adqNMT5AAsF5rQnRkMuMUIMkbsNRQuIfjy+dmmoluPEzdTy1aQu1MvysWxnGSznYQA7ZetOgGHo+Fc6NQKI900HiqYZAri5DaNdIKRSN1kGVXf2NEVCHgE85f1TGcf8W+MIu3_miA=-GzsAAMTaOW4vgzIzDR_flR9EOQIbcOAWQaK5jTeFbR8HuZfAVOlOWxOsWs2GP4TirPxplJz0gHcLPgA=","sourceIndex":"1705"}],"sampleFiles":["220223/bitcomet-220223/1.85.1.18/Samples/bitcomet_setup.exe"],"imageFiles":["220223/bitcomet-220223/1.85.1.18/Images/ACR-097/ACR-097_Software_Exception_Behaviour.JPG","220223/bitcomet-220223/1.85.1.18/Images/ACR-084/ACR-084_Software_Background_Process_Exists.JPG","220223/bitcomet-220223/1.85.1.18/Images/ACR-059/Offer1.jpg"],"nonDeceptorImageFiles":[],"guid":"80a7b3a8-4a37-4d3d-859b-0555e4081baa_1.85.1.18_1","appID":"bitcomet-220223","dateAdded":"260209","deceptorType":"App","name":"BitComet","company":"www.BitComet.com","version":"1.85.1.18","lastKnownStatus":"1.85.1.18;1.87.0;1.98.12.8;1.99;2.0;2.0.1;2.0.2;2.0.3;2.0.4.0;2.0.5.0;2.0.6.0;2.0.7.0;2.0.8.0;2.0.9.0;2.20.1.19","lastKnownDate":"260209","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2026-02-09T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":16,"sortOrder":72},{"violations":{"ACR-042":"The app initiates network communications with 3rd party offer provider before obtaining user consent\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software.\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software\n","ACR-084":"On closing the app, the application doesn't exit completely. It runs silently in the background, hiding the fact that it is active from the consumer without any notification.\n","ACR-097":"App has by default setting \"Add an exception for Windows firewall\" without providing obvious disclaim or option to change the setting during installation.\n","ACR-014":"The \"Accept\" button on the Opera Browser offer is used for two things: accepting an offer and accepting opera as the default browser. The \"Accept\" button is misleading and confusing because the user is easily led to believe that \"accept\" is only for installing Opera and not for changing his system browser default settings.\n"},"nonDeceptorViolations":{"ACR-123":"The app does not remove the non-executable files even after uninstall and reboot. \n"},"samples":[{"isRevoked":"False","fileName":"bitcomet_setup.exe","isInstaller":"True","companyName":"                                                            ","productName":"BitComet                                                    ","productVersion":"2.0.5.0                                           ","fileVersion":"2.0.5.0             ","hashMD5":"e4fc74f5c702e0b7f4bf573ab02cac24","hashSHA1":"91ed9030122ccc5891a0b69c8ce875c9dd6ce67f","hashSHA256":"2702cdc4384ca57de294f1cab900dd678296809fb4930dd1416035fe2ecc5a5a","digitalCertThumbprint":"EB0343BBE59BACBBB9470BC6C41E1A6DA13A4E73","digitalCertIssuer":"Certum Code Signing 2021 CA","digitalCertIssuedTo":"Xing Wang","storeId":"","sourceIndex":"775","avBlockList":["Bitdefender Internet Security (20240730)","COMODO Antivirus (20240730)","Dr.Web Security Space (20240730)","ESET Internet Security (20240730)","FortectPremium (20240730)","G DATA INTERNET SECURITY (20240730)","KasperskyPremium (20240730)","Malwarebytes Premium (20240730)","Norton Security (20240730)","Panda Dome (20240730)","Quick Heal Internet Security (20240730)","Sophos Home Premium (20240730)","SpyHunter5 (20240730)","VIPRE Advanced Security (20240730)","VirIT eXplorer PRO (20240730)","Webroot SecureAnywhere (20240730)"],"avAllowList":["360 Total Security (20240730)","Avast Premium Security (20240730)","AVG Internet Security (20240730)","Avira Internet Security (20240730)","K7 Total Security (20240730)","McAfee Total Protection (20240730)","Total AV Antivirus Pro (20240730)","Trend Micro Internet Security (20240730)","Windows Defender (20240730)"]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on Torrent apps","reference":"","landingPage":"https://www.bitcomet.com/en","directDownloadingLink":"https://d24z8ostpbuezc.cloudfront.net/2CNdqgs76AXXGtCuA3RYXeAUE8AT+l16K9DqjpgQNwNMLXSJ3FSth9f1j3jScZDEBWC4LqwjBqvR+_IfACgebiFyodsihd0xTmDPaWYOVJ3cpOLyrUXJIEkf7pLB4fAXQbULYlOt4ov1JHOJv2NMQ_tyGuaSZUuKDaUIC5oMJ2adqNMT5AAsF5rQnRkMuMUIMkbsNRQuIfjy+dmmoluPEzdTy1aQu1MvysWxnGSznYQA7ZetOgGHo+Fc6NQKI900HiqYZAri5DaNdIKRSN1kGVXf2NEVCHgE85f1TGcf8W+MIu3_miA=-GzsAAMTaOW4vgzIzDR_flR9EOQIbcOAWQaK5jTeFbR8HuZfAVOlOWxOsWs2GP4TirPxplJz0gHcLPgA=","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://d24z8ostpbuezc.cloudfront.net/2CNdqgs76AXXGtCuA3RYXeAUE8AT+l16K9DqjpgQNwNMLXSJ3FSth9f1j3jScZDEBWC4LqwjBqvR+_IfACgebiFyodsihd0xTmDPaWYOVJ3cpOLyrUXJIEkf7pLB4fAXQbULYlOt4ov1JHOJv2NMQ_tyGuaSZUuKDaUIC5oMJ2adqNMT5AAsF5rQnRkMuMUIMkbsNRQuIfjy+dmmoluPEzdTy1aQu1MvysWxnGSznYQA7ZetOgGHo+Fc6NQKI900HiqYZAri5DaNdIKRSN1kGVXf2NEVCHgE85f1TGcf8W+MIu3_miA=-GzsAAMTaOW4vgzIzDR_flR9EOQIbcOAWQaK5jTeFbR8HuZfAVOlOWxOsWs2GP4TirPxplJz0gHcLPgA=","sourceIndex":"775"}],"sampleFiles":["240102/bitcomet-220223/2.0.5.0/Samples/bitcomet_setup.exe"],"imageFiles":["240102/bitcomet-220223/2.0.5.0/Images/ACR-097/ACR-097_Software_1.png","240102/bitcomet-220223/2.0.5.0/Images/ACR-042/ACR-042_Install_1.png","240102/bitcomet-220223/2.0.5.0/Images/ACR-084/ACR-084_Software_1.png","240102/bitcomet-220223/2.0.5.0/Images/ACR-014/ACR-014_Install_1.png","240102/bitcomet-220223/2.0.5.0/Images/ACR-013/ACR-013_Install_1.png","240102/bitcomet-220223/2.0.5.0/Images/ACR-013/ACR-013_Install_2.png","240102/bitcomet-220223/2.0.5.0/Images/ACR-013/ACR-013_Install_3.png","240102/bitcomet-220223/2.0.5.0/Images/ACR-060/ACR-060_Bundler-made offers_1.png","240102/bitcomet-220223/2.0.5.0/Images/ACR-060/ACR-060_Bundler-made offers_2.png","240102/bitcomet-220223/2.0.5.0/Images/ACR-060/ACR-060_Bundler-made offers_3.png"],"nonDeceptorImageFiles":["240102/bitcomet-220223/2.0.5.0/Images/ACR-123/ACR-123.jpg","240102/bitcomet-220223/2.0.5.0/Images/ACR-123/ACR-123_Uninstall_1.png"],"guid":"80a7b3a8-4a37-4d3d-859b-0555e4081baa_2.0.5.0_1","appID":"bitcomet-220223","dateAdded":"260209","deceptorType":"App","name":"BitComet","company":"www.BitComet.com","version":"2.0.5.0","lastKnownStatus":"1.85.1.18;1.87.0;1.98.12.8;1.99;2.0;2.0.1;2.0.2;2.0.3;2.0.4.0;2.0.5.0;2.0.6.0;2.0.7.0;2.0.8.0;2.0.9.0;2.20.1.19","lastKnownDate":"260209","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2026-02-09T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":16,"sortOrder":62},{"violations":{"ACR-042":"App drops unrelated components in hidden folder before user permission through explicit user's action.\n","ACR-043":"The \"uTorrent\" components get dropped in one click without asking the user's permission and disclosing the installation path.\n","ACR-048":"The app does not provide any control to cancel the installation. Even on canceling it installs the application. \n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software.\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software\n","ACR-084":"On closing the app, application doesn't exit completely. It runs silently in the background, hiding the fact that it is active from the consumer without any notification.\n","ACR-097":"During installation, the app has an option to evade the default system security guard \"Add an exception for BitTorrent in windows firewall\". \n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components on the device without the consumer's consent. \n"},"nonDeceptorViolations":{"ACR-092":"The app does not have a digital signature for the executable \"utorrentie.exe\" \n"},"samples":[{"isRevoked":"False","fileName":"helper.exe-dbedd973360c6952a406ec765e7c766c3940a5e8c5aa9763172497bea51d1e93","companyName":"BitTorrent Inc.","fileVersion":"2.1","hashMD5":"0c837d99d77466bb61788fa30b4470fe","hashSHA1":"02d1d3ab0b30b77a3ecae78058a672ba1ea5076d","hashSHA256":"dbedd973360c6952a406ec765e7c766c3940a5e8c5aa9763172497bea51d1e93","digitalCertThumbprint":"94B5B937366BAF324364380B0694A0D8E32A08E2","digitalCertIssuer":"CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US","digitalCertIssuedTo":"CN=BitTorrent Inc, O=BitTorrent Inc, L=San Francisco, S=California, C=US","sourceIndex":"1124","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"uTorrent.exe-cd7681bc3495a1746a84c0b2e4dece79c9e4ae478be859ff4771795a9a765063","companyName":"BitTorrent Inc.","fileVersion":"3.6","hashMD5":"dabe3bd054cd2268b23a42a49acd2ac9","hashSHA1":"0ed81ad1371eb5651e79b0e4c3fb95a45093d25a","hashSHA256":"cd7681bc3495a1746a84c0b2e4dece79c9e4ae478be859ff4771795a9a765063","digitalCertThumbprint":"09AFB68255629E565090CAC7EA49AAD67143FA93","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"1124","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"utorrent_installer.exe-52dda648edf6eab8fdb5187e2866bb337e73e9025a0e13dced7abe00f899d44e","isInstaller":"True","fileVersion":"3.6","hashMD5":"b6b16ce1d51baf68aedf62e35e9390c9","hashSHA1":"428efbd8c1a3a92eac36694ef4ed0ba76801342a","hashSHA256":"52dda648edf6eab8fdb5187e2866bb337e73e9025a0e13dced7abe00f899d44e","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"1124","avBlockList":["360 Total Security (20230323)","COMODO Antivirus (20230323)","Dr.Web Security Space (20230323)","ESET Internet Security (20230323)","G DATA INTERNET SECURITY (20230323)","Malwarebytes Premium (20230323)","McAfee Total Protection (20230323)","Norton Security (20230323)","Panda Dome (20230323)","Quick Heal Internet Security (20230323)","Sophos Home Premium (20230323)","VirIT eXplorer PRO (20230323)","Webroot SecureAnywhere (20230323)"],"avAllowList":["Avast Premium Security (20230323)","AVG Internet Security (20230323)","Avira Internet Security (20230323)","Bitdefender Internet Security (20230323)","K7 Total Security (20230323)","Kaspersky Internet Security (20230323)","SpyHunter5 (20230323)","Total AV Antivirus Pro (20230323)","Trend Micro Internet Security (20230323)","VIPRE Advanced Security (20230323)","Windows Defender (20230323)"]},{"isRevoked":"False","fileName":"utorrentie.exe-db9cec3aab02ae12bd2346f5f25c2c34d32ae6a3eac75208a310f009eb1ea110","companyName":"BitTorrent Inc.","fileVersion":"1.0","hashMD5":"ac3aa3016d9b5759376edbb332dc8954","hashSHA1":"b1d03fd9d82bf8ecfb5d63de7a6f1c4db5d7f88e","hashSHA256":"db9cec3aab02ae12bd2346f5f25c2c34d32ae6a3eac75208a310f009eb1ea110","sourceIndex":"1124","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"utorrent_installer_BE91A0635CAB8BE4952C30398671617F9E548F30451172ED0ECD416FDC0AA998.exe","isInstaller":"True","fileVersion":"3.6","hashMD5":"bb58fd279a1b991e2bebb1941bb64905","hashSHA1":"71f48cfc2ad7f6faa0cfb9b9424e5564e215a9b0","hashSHA256":"be91a0635cab8be4952c30398671617f9e548f30451172ed0ecd416fdc0aa998","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"1124","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"utorrent_installer.exe","isInstaller":"True","fileVersion":"3.6","hashMD5":"32d10e3f8bd33033e7865fe7df34e4f4","hashSHA1":"2efcac62ad7e7c0c09b6d46c576beb051bc8a63c","hashSHA256":"8bd1de99069b6785768cdcb6f5e056e0dde3ef9d6f568d2f61f0bc63af9232eb","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"1124","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"uTorrent Web","reference":"","landingPage":"https://www.utorrent.com/","directDownloadingLink":"https://download-hr.utorrent.com/track/stable/endpoint/utorrent/os/windows","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://download-hr.utorrent.com/track/stable/endpoint/utorrent/os/windows","sourceIndex":"1124"},{"howFound":"","reference":"","landingPage":"https://www.utorrent.com/","directDownloadingLink":"https://download-hr.utorrent.com/track/stable/endpoint/utorrent/os/windows","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://download-hr.utorrent.com/track/stable/endpoint/utorrent/os/windows","sourceIndex":"1125"}],"sampleFiles":["230504/uTorrentClassic-211215/3.6.0.46716/Samples/helper.exe-dbedd973360c6952a406ec765e7c766c3940a5e8c5aa9763172497bea51d1e93","230504/uTorrentClassic-211215/3.6.0.46716/Samples/uTorrent.exe-cd7681bc3495a1746a84c0b2e4dece79c9e4ae478be859ff4771795a9a765063","230504/uTorrentClassic-211215/3.6.0.46716/Samples/utorrent_installer.exe-52dda648edf6eab8fdb5187e2866bb337e73e9025a0e13dced7abe00f899d44e","230504/uTorrentClassic-211215/3.6.0.46716/Samples/utorrentie.exe-db9cec3aab02ae12bd2346f5f25c2c34d32ae6a3eac75208a310f009eb1ea110","230504/uTorrentClassic-211215/3.6.0.46716/Samples/utorrent_installer_BE91A0635CAB8BE4952C30398671617F9E548F30451172ED0ECD416FDC0AA998.exe","230504/uTorrentClassic-211215/3.6.0.46716/Samples/utorrent_installer.exe"],"imageFiles":["230504/uTorrentClassic-211215/3.6.0.46716/Images/ACR-043/ACR-043.png","230504/uTorrentClassic-211215/3.6.0.46716/Images/ACR-042/UtorrentWeb_042.JPG","230504/uTorrentClassic-211215/3.6.0.46716/Images/ACR-048/ACR-048.png","230504/uTorrentClassic-211215/3.6.0.46716/Images/ACR-084/ACR-084.png","230504/uTorrentClassic-211215/3.6.0.46716/Images/ACR-097/ACR-097.png","230504/uTorrentClassic-211215/3.6.0.46716/Images/ACR-118/ACR-118.png","230504/uTorrentClassic-211215/3.6.0.46716/Images/ACR-013/ACR-013_1.png","230504/uTorrentClassic-211215/3.6.0.46716/Images/ACR-013/ACR-013_2.png","230504/uTorrentClassic-211215/3.6.0.46716/Images/ACR-013/ACR-013_3.png","230504/uTorrentClassic-211215/3.6.0.46716/Images/ACR-013/ACR-013_4.png","230504/uTorrentClassic-211215/3.6.0.46716/Images/ACR-060/ACR-060_1.png","230504/uTorrentClassic-211215/3.6.0.46716/Images/ACR-060/ACR-060_2.png","230504/uTorrentClassic-211215/3.6.0.46716/Images/ACR-060/ACR-060_3.png","230504/uTorrentClassic-211215/3.6.0.46716/Images/ACR-060/ACR-060_4.png"],"nonDeceptorImageFiles":["230504/uTorrentClassic-211215/3.6.0.46716/Images/ACR-092/ACR-092.png"],"guid":"4b11710c-2201-4d5a-bf94-5850f6f9c6f1_3.6.0.46716_1","appID":"uTorrentClassic-211215","dateAdded":"260209","deceptorType":"App","name":"uTorrent Classic","company":"BitTorrent Inc.","version":"3.6.0.46716","lastKnownStatus":"3.5.5.46148;3.5.5.46200;3.5.5.46304;3.5.5.46348;3.5.5.46542;3.5.5.46552;3.6.0.46716;3.6.0.46812;3.6.0.46822;3.6.0.46828;3.6.0.46830;3.6.0.46842;3.6.0.46856;3.6.0.46884;3.6.0.46896;3.6.0.46922;3.6.0.47006;3.6.0.47012;;3.6.0.47016;3.6.0.47028;3.6.0.47044;3.6.0.47062;3.6.0.47082;3.6.0.47084;3.6.0.47124;3.6.0.47116;3.6.0.47132;3.6.0.47134;3.6.0.47228;3.6.0.47142","lastKnownDate":"260209","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2026-05-12T23:00:08.4538689+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":30,"sortOrder":50},{"violations":{"ACR-042":"App drops hidden file/potential offer app info in hidden folder without user permission. \n","ACR-048":"The app does not provide any control to cancel the installation. Even on canceling it installs the application. \n","ACR-013":"During installation, the user is interrupted by non-consented offer to silently install unrelated software.\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software\n","ACR-084":" On closing the app, application doesn't exit completely. It runs silently in the background, hiding the fact that it is active from the consumer without any notification.\n","ACR-097":"During installation, the app has an option to evade the default system security guard \"Add an exception for BitTorrent in windows firewall\". \n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"C:\\Users\\User\\AppData\\Local\\Temp\\nsw3EAD.tmp\\utorrent.exe","companyName":"BitTorrent Inc.","productName":"µTorrent","productVersion":"3.6.0.46842","fileVersion":"3.6.0.46842","hashMD5":"cb1c82cde2bc59c31c5504cdcf733074","hashSHA1":"1af61bbf0641437b53859ccd5c931f018672fde5","hashSHA256":"adf5f209a7d89bea67d4c572a5bfe6c869650f268189e32dd9265d9171955eaa","digitalCertThumbprint":"09AFB68255629E565090CAC7EA49AAD67143FA93","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Rainberry Inc","storeId":"","sourceIndex":"934","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"utorrent_installer.exe","isInstaller":"True","companyName":"                                                            ","productName":"uTorrent® Classic                                           ","productVersion":"3.6                                               ","fileVersion":"3.6                 ","hashMD5":"1b2ec0b6333afc09eba03a5f59d0b76a","hashSHA1":"cd444f69c7ecf79c3cfebd17e866870b0989c63f","hashSHA256":"738fff1c56ce34baa6dfa2200b873eb7c6aac69f6b5d051fdaf21500a80e846a","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Rainberry Inc","storeId":"","sourceIndex":"934","avBlockList":["COMODO Antivirus (20240404)","Dr.Web Security Space (20240404)","ESET Internet Security (20240404)","G DATA INTERNET SECURITY (20240404)","K7 Total Security (20240404)","Malwarebytes Premium (20240404)","Norton Security (20240404)","Panda Dome (20240404)","Quick Heal Internet Security (20240404)","Sophos Home Premium (20240404)","VirIT eXplorer PRO (20240404)","Webroot SecureAnywhere (20240404)"],"avAllowList":["360 Total Security (20240404)","Avast Premium Security (20240404)","AVG Internet Security (20240404)","Avira Internet Security (20240404)","Bitdefender Internet Security (20240404)","Kaspersky Internet Security (20240404)","McAfee Total Protection (20240404)","SpyHunter5 (20240404)","Total AV Antivirus Pro (20240404)","Trend Micro Internet Security (20240404)","VIPRE Advanced Security (20240404)","Windows Defender (20240404)"]},{"isRevoked":"False","fileName":"utorrent_installer1.exe","isInstaller":"True","productName":"uTorrent® Classic  ","productVersion":"3.6        ","fileVersion":"3.6","hashMD5":"0d7e9cbe5109336465bf78b6b09b7e73","hashSHA1":"4ed2017ee1910f3180a7ec4a77562a8c46b2c712","hashSHA256":"965b37a54dbf64c32d3e63923f846257f7f22c03abf6b5dff45b8e9ebff4fea1","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"934","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"uTorrent Web","reference":"","landingPage":"https://www.utorrent.com/","directDownloadingLink":"https://www.utorrent.com/downloads/complete/track/stable/os/win/","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.utorrent.com/downloads/complete/track/stable/os/win/","sourceIndex":"934"}],"sampleFiles":["230802/uTorrentClassic-211215/3.6.0.46842/Samples/utorrent_installer.exe","230802/uTorrentClassic-211215/3.6.0.46842/Samples/utorrent_installer1.exe"],"imageFiles":["230802/uTorrentClassic-211215/3.6.0.46842/Images/ACR-042/ACR-042_Install_1.png","230802/uTorrentClassic-211215/3.6.0.46842/Images/ACR-048/ACR-048_Install_1.png","230802/uTorrentClassic-211215/3.6.0.46842/Images/ACR-084/ACR-084_Software_1.png","230802/uTorrentClassic-211215/3.6.0.46842/Images/ACR-097/ACR-097_Software_1.png","230802/uTorrentClassic-211215/3.6.0.46842/Images/ACR-013/ACR-013_Install_1.png","230802/uTorrentClassic-211215/3.6.0.46842/Images/ACR-013/ACR-013_Install_2.png","230802/uTorrentClassic-211215/3.6.0.46842/Images/ACR-013/ACR-013_Install_3.png","230802/uTorrentClassic-211215/3.6.0.46842/Images/ACR-060/ACR-060_Bundler-made offers_1.png","230802/uTorrentClassic-211215/3.6.0.46842/Images/ACR-060/ACR-060_Bundler-made offers_2.png","230802/uTorrentClassic-211215/3.6.0.46842/Images/ACR-060/ACR-060_Bundler-made offers_3.png"],"nonDeceptorImageFiles":[],"guid":"4b11710c-2201-4d5a-bf94-5850f6f9c6f1_3.6.0.46842_1","appID":"uTorrentClassic-211215","dateAdded":"260209","deceptorType":"App","name":"uTorrent Classic","company":"BitTorrent Inc.","version":"3.6.0.46842","lastKnownStatus":"3.5.5.46148;3.5.5.46200;3.5.5.46304;3.5.5.46348;3.5.5.46542;3.5.5.46552;3.6.0.46716;3.6.0.46812;3.6.0.46822;3.6.0.46828;3.6.0.46830;3.6.0.46842;3.6.0.46856;3.6.0.46884;3.6.0.46896;3.6.0.46922;3.6.0.47006;3.6.0.47012;;3.6.0.47016;3.6.0.47028;3.6.0.47044;3.6.0.47062;3.6.0.47082;3.6.0.47084;3.6.0.47124;3.6.0.47116;3.6.0.47132;3.6.0.47134;3.6.0.47228;3.6.0.47142","lastKnownDate":"260209","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2026-05-12T23:00:02.9230189+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":30,"sortOrder":45},{"violations":{"ACR-042":"App drops unrelated components in hidden folder before user permission through explicit user's action.\n","ACR-043":"The \"uTorrent\" components get dropped in one click without asking the user's permission and disclosing the installation path.\n","ACR-048":"The app does not provide any control to cancel the installation. Even on canceling it installs the application. \n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software.\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software\n","ACR-084":"On closing the app, application doesn't exit completely. It runs silently in the background, hiding the fact that it is active from the consumer without any notification.\n","ACR-097":"During installation, the app has an option to evade the default system security guard \"Add an exception for BitTorrent in windows firewall\". \n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components on the device without the consumer's consent. \n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"C:\\Users\\User\\AppData\\Roaming\\utorrent\\uTorrent.exe","companyName":"BitTorrent Inc.","productName":"µTorrent","productVersion":"3.6.0.46822","fileVersion":"3.6.0.46822","hashMD5":"bcd70ed5f66717727b2d5e9fc5f5a799","hashSHA1":"fe0df86d6eea22a6d1789937df2808df14016c7e","hashSHA256":"487202c7838f14d169393913ccd6e3649400ae7367575d957861fb1bbe8a4cfb","digitalCertThumbprint":"09AFB68255629E565090CAC7EA49AAD67143FA93","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Rainberry Inc","storeId":"","sourceIndex":"1050","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"utorrent_installer.exe","isInstaller":"True","companyName":"                                                            ","productName":"uTorrent® Classic                                           ","productVersion":"3.6                                               ","fileVersion":"3.6                 ","hashMD5":"1dac5d888842e537b82e984e78eda39f","hashSHA1":"772a36434b9a5e4ec8a92363e29b9b3b21fa4cf1","hashSHA256":"06dfdc5acb8bcdf9e1bcb67dd5a3b0945e111a75be9634aa1e53e5f7b106cb1d","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Rainberry Inc","storeId":"","sourceIndex":"1050","avBlockList":["COMODO Antivirus (20240502)","Dr.Web Security Space (20240502)","ESET Internet Security (20240502)","G DATA INTERNET SECURITY (20240502)","Malwarebytes Premium (20240502)","Norton Security (20240502)","Panda Dome (20240502)","Sophos Home Premium (20240502)","VirIT eXplorer PRO (20240502)","Webroot SecureAnywhere (20240502)"],"avAllowList":["360 Total Security (20240502)","Avast Premium Security (20240502)","AVG Internet Security (20240502)","Avira Internet Security (20240502)","Bitdefender Internet Security (20240502)","K7 Total Security (20240502)","Kaspersky Internet Security (20240502)","McAfee Total Protection (20240502)","Quick Heal Internet Security (20240502)","SpyHunter5 (20240502)","Total AV Antivirus Pro (20240502)","Trend Micro Internet Security (20240502)","VIPRE Advanced Security (20240502)","Windows Defender (20240502)"]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on windows app","reference":"","landingPage":"https://www.utorrent.com/","directDownloadingLink":"https://www.utorrent.com/downloads/complete/track/stable/os/win/","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.utorrent.com/downloads/complete/track/stable/os/win/","sourceIndex":"1050"}],"sampleFiles":["231117/uTorrentClassic-211215/3.6.0.46822/Samples/utorrent_installer.exe"],"imageFiles":["231117/uTorrentClassic-211215/3.6.0.46822/Images/ACR-043/ACR-043.JPG","231117/uTorrentClassic-211215/3.6.0.46822/Images/ACR-042/ACR-042.JPG","231117/uTorrentClassic-211215/3.6.0.46822/Images/ACR-048/ACR-048_Install.JPG","231117/uTorrentClassic-211215/3.6.0.46822/Images/ACR-084/ACR-084.JPG","231117/uTorrentClassic-211215/3.6.0.46822/Images/ACR-097/ACR-097.JPG","231117/uTorrentClassic-211215/3.6.0.46822/Images/ACR-118/ACR-118.JPG","231117/uTorrentClassic-211215/3.6.0.46822/Images/ACR-013/ACR-013.JPG","231117/uTorrentClassic-211215/3.6.0.46822/Images/ACR-013/ACR-013_1.JPG","231117/uTorrentClassic-211215/3.6.0.46822/Images/ACR-013/ACR-013_2.JPG","231117/uTorrentClassic-211215/3.6.0.46822/Images/ACR-060/ACR-060.JPG","231117/uTorrentClassic-211215/3.6.0.46822/Images/ACR-060/ACR-060_1.JPG","231117/uTorrentClassic-211215/3.6.0.46822/Images/ACR-060/ACR-060_2.JPG"],"nonDeceptorImageFiles":[],"guid":"4b11710c-2201-4d5a-bf94-5850f6f9c6f1_3.6.0.46822_1","appID":"uTorrentClassic-211215","dateAdded":"260209","deceptorType":"App","name":"uTorrent Classic","company":"BitTorrent Inc.","version":"3.6.0.46822","lastKnownStatus":"3.5.5.46148;3.5.5.46200;3.5.5.46304;3.5.5.46348;3.5.5.46542;3.5.5.46552;3.6.0.46716;3.6.0.46812;3.6.0.46822;3.6.0.46828;3.6.0.46830;3.6.0.46842;3.6.0.46856;3.6.0.46884;3.6.0.46896;3.6.0.46922;3.6.0.47006;3.6.0.47012;;3.6.0.47016;3.6.0.47028;3.6.0.47044;3.6.0.47062;3.6.0.47082;3.6.0.47084;3.6.0.47124;3.6.0.47116;3.6.0.47132;3.6.0.47134;3.6.0.47228;3.6.0.47142","lastKnownDate":"260209","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2026-05-12T23:00:05.9298404+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":30,"sortOrder":48},{"violations":{"ACR-048":"The app does not provide any control to cancel the installation. \n","ACR-013":"During installation, the user is interrupted by non-consented offer to silently install unrelated software.\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software\n","ACR-084":" On closing the app, application doesn't exit completely. It runs silently in the background, hiding the fact that it is active from the consumer without any notification.\n","ACR-097":"During installation, the app has an option selected  \"Add an exception for uTorrent in windows firewall\" without explicit reason for such setting, that lower the default system security guard.\n"},"nonDeceptorViolations":{"ACR-040":"The app installs its components in \"C:\\Users\\User\\AppData\\Roaming\" path, instead of a standard location.\n"},"samples":[{"isRevoked":"False","fileName":"utorrent_installer.exe","isInstaller":"True","productName":"uTοrrent® Classic","productVersion":"3.6","fileVersion":"3.6","hashMD5":"53e2564c6672ced6626407f73a7a4823","hashSHA1":"89d4f2494b5e0d761908ebab91bfc2fa0434ba02","hashSHA256":"4143676fa02ba575e2f44974623086d3ca5ff8cf7f48ad21da4e394855fd7193","digitalCertThumbprint":"03F072F141084FFE88CF28E65258CEE35071F961","digitalCertIssuer":"CN=Sectigo Public Code Signing CA EV R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=Cassini Labs Ltd, O=Cassini Labs Ltd, S=Tel Aviv, C=IL, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=IL, SERIALNUMBER=514758457","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"119","avBlockList":["360 Total Security (20260507)","COMODO Antivirus (20260507)","ESET Internet Security (20260507)","FortectPremium (20260507)","G DATA INTERNET SECURITY (20260507)","K7 Total Security (20260507)","Malwarebytes Premium (20260507)","Panda Dome (20260507)","Quick Heal Internet Security (20260507)","Sophos Home Premium (20260507)","SpyHunter5 (20260507)","VirIT eXplorer PRO (20260507)","Webroot SecureAnywhere (20260507)","Windows Defender (20260507)"],"avAllowList":["Avast Premium Security (20260507)","AVG Internet Security (20260507)","Avira Internet Security (20260507)","Bitdefender Internet Security (20260507)","Dr.Web Security Space (20260507)","KasperskyPremium (20260507)","McAfee Total Protection (20260507)","Norton Security (20260507)","Total AV Antivirus Pro (20260507)","Trend Micro Internet Security (20260507)","VIPRE Advanced Security (20260507)"]}],"additionalFiles":[],"sources":[{"howFound":"uTorrent Web","reference":"","landingPage":"https://www.utorrent.com/","directDownloadingLink":"https://www.utorrent.com/downloads/complete/track/stable/os/win/","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.utorrent.com/downloads/complete/track/stable/os/win/","sourceIndex":"119"}],"sampleFiles":["260209/uTorrentClassic-211215/3.6.0.47142/Samples/utorrent_installer.exe"],"imageFiles":["260209/uTorrentClassic-211215/3.6.0.47142/Images/ACR-048/install2.png","260209/uTorrentClassic-211215/3.6.0.47142/Images/ACR-084/ACR-084.png","260209/uTorrentClassic-211215/3.6.0.47142/Images/ACR-097/ACR-097.png","260209/uTorrentClassic-211215/3.6.0.47142/Images/ACR-097/install6.png","260209/uTorrentClassic-211215/3.6.0.47142/Images/ACR-013/offer1.png","260209/uTorrentClassic-211215/3.6.0.47142/Images/ACR-013/offer2.png","260209/uTorrentClassic-211215/3.6.0.47142/Images/ACR-013/offer3.png","260209/uTorrentClassic-211215/3.6.0.47142/Images/ACR-013/offer4.png","260209/uTorrentClassic-211215/3.6.0.47142/Images/ACR-060/offer1.png","260209/uTorrentClassic-211215/3.6.0.47142/Images/ACR-060/offer2.png","260209/uTorrentClassic-211215/3.6.0.47142/Images/ACR-060/offer3.png","260209/uTorrentClassic-211215/3.6.0.47142/Images/ACR-060/offer4.png"],"nonDeceptorImageFiles":["260209/uTorrentClassic-211215/3.6.0.47142/Images/ACR-040/ACR-040.png"],"guid":"4b11710c-2201-4d5a-bf94-5850f6f9c6f1_3.6.0.47142_1","appID":"uTorrentClassic-211215","dateAdded":"260209","deceptorType":"App","name":"uTorrent Classic","company":"BitTorrent Inc.","version":"3.6.0.47142","lastKnownStatus":"3.5.5.46148;3.5.5.46200;3.5.5.46304;3.5.5.46348;3.5.5.46542;3.5.5.46552;3.6.0.46716;3.6.0.46812;3.6.0.46822;3.6.0.46828;3.6.0.46830;3.6.0.46842;3.6.0.46856;3.6.0.46884;3.6.0.46896;3.6.0.46922;3.6.0.47006;3.6.0.47012;;3.6.0.47016;3.6.0.47028;3.6.0.47044;3.6.0.47062;3.6.0.47082;3.6.0.47084;3.6.0.47124;3.6.0.47116;3.6.0.47132;3.6.0.47134;3.6.0.47228;3.6.0.47142","lastKnownDate":"260209","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2026-05-12T22:59:37.5412242+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":30,"sortOrder":27},{"violations":{"ACR-042":"App drops unrelated components in hidden folder before user permission through explicit user's action.\n","ACR-043":"The \"uTorrent\" components get dropped in one click without asking the user's permission and disclosing the installation path.\n","ACR-048":"The app does not provide any control to cancel the installation. Even on canceling it installs the application. \n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software.\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software\n","ACR-084":"On closing the app, application doesn't exit completely. It runs silently in the background, hiding the fact that it is active from the consumer without any notification.\n","ACR-097":"During installation, the app has an option to evade the default system security guard \"Add an exception for BitTorrent in windows firewall\". \n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components on the device without the consumer's consent. \n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"uTorrent.exe","companyName":"BitTorrent Inc.","fileVersion":"3.6","hashMD5":"8cdc1930f5f11ad16f68daeb94c8cb17","hashSHA1":"5cb6fba98ba9af7baf552d1ea00ea6b8e8777df0","hashSHA256":"eae4e7436085d7a10cb8c90a75284ea9dcd9602e034f501ff36203fa74a8fce8","digitalCertThumbprint":"09AFB68255629E565090CAC7EA49AAD67143FA93","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"1095","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"utorrent_installer.exe","isInstaller":"True","fileVersion":"3.6","hashMD5":"20ca2e9b1799f4ca49a842938de2c311","hashSHA1":"c04246d5ebb3d1099e965ebeda9497d28c594956","hashSHA256":"00537e33ed066991e4a6f8d8ee76c158ee990649cf3f24c2561b2b9436742944","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"1095","avBlockList":["COMODO Antivirus (20240305)","Dr.Web Security Space (20240305)","ESET Internet Security (20240305)","G DATA INTERNET SECURITY (20240305)","Kaspersky Internet Security (20240305)","Malwarebytes Premium (20240305)","Norton Security (20240305)","Panda Dome (20240305)","Sophos Home Premium (20240305)","VirIT eXplorer PRO (20240305)","Webroot SecureAnywhere (20240305)"],"avAllowList":["360 Total Security (20240305)","Avast Premium Security (20240305)","AVG Internet Security (20240305)","Avira Internet Security (20240305)","Bitdefender Internet Security (20240305)","K7 Total Security (20240305)","McAfee Total Protection (20240305)","Quick Heal Internet Security (20240305)","SpyHunter5 (20240305)","Total AV Antivirus Pro (20240305)","Trend Micro Internet Security (20240305)","VIPRE Advanced Security (20240305)","Windows Defender (20240305)"]}],"additionalFiles":[],"sources":[{"howFound":"uTorrent Web","reference":"","landingPage":"https://www.utorrent.com/","directDownloadingLink":"https://www.utorrent.com/downloads/complete/track/stable/os/win/","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.utorrent.com/downloads/complete/track/stable/os/win/","sourceIndex":"1095"}],"sampleFiles":["230522/uTorrentClassic-211215/3.6.0.46812/Samples/uTorrent.exe","230522/uTorrentClassic-211215/3.6.0.46812/Samples/utorrent_installer.exe"],"imageFiles":["230522/uTorrentClassic-211215/3.6.0.46812/Images/ACR-043/ACR-043.jpg","230522/uTorrentClassic-211215/3.6.0.46812/Images/ACR-042/ACR-042.jpg","230522/uTorrentClassic-211215/3.6.0.46812/Images/ACR-048/ACR-048.jpg","230522/uTorrentClassic-211215/3.6.0.46812/Images/ACR-084/ACR-084.jpg","230522/uTorrentClassic-211215/3.6.0.46812/Images/ACR-097/ACR-097.png","230522/uTorrentClassic-211215/3.6.0.46812/Images/ACR-118/ACR-118.jpg","230522/uTorrentClassic-211215/3.6.0.46812/Images/ACR-013/ACR-013_1.png","230522/uTorrentClassic-211215/3.6.0.46812/Images/ACR-013/ACR-013_2.png","230522/uTorrentClassic-211215/3.6.0.46812/Images/ACR-013/ACR-013_3.png","230522/uTorrentClassic-211215/3.6.0.46812/Images/ACR-013/ACR-013_4.png","230522/uTorrentClassic-211215/3.6.0.46812/Images/ACR-060/ACR-060_1.png","230522/uTorrentClassic-211215/3.6.0.46812/Images/ACR-060/ACR-060_2.png","230522/uTorrentClassic-211215/3.6.0.46812/Images/ACR-060/ACR-060_3.png","230522/uTorrentClassic-211215/3.6.0.46812/Images/ACR-060/ACR-060_4.png"],"nonDeceptorImageFiles":[],"guid":"4b11710c-2201-4d5a-bf94-5850f6f9c6f1_3.6.0.46812_1","appID":"uTorrentClassic-211215","dateAdded":"260209","deceptorType":"App","name":"uTorrent Classic","company":"BitTorrent Inc.","version":"3.6.0.46812","lastKnownStatus":"3.5.5.46148;3.5.5.46200;3.5.5.46304;3.5.5.46348;3.5.5.46542;3.5.5.46552;3.6.0.46716;3.6.0.46812;3.6.0.46822;3.6.0.46828;3.6.0.46830;3.6.0.46842;3.6.0.46856;3.6.0.46884;3.6.0.46896;3.6.0.46922;3.6.0.47006;3.6.0.47012;;3.6.0.47016;3.6.0.47028;3.6.0.47044;3.6.0.47062;3.6.0.47082;3.6.0.47084;3.6.0.47124;3.6.0.47116;3.6.0.47132;3.6.0.47134;3.6.0.47228;3.6.0.47142","lastKnownDate":"260209","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2026-05-12T23:00:07.5168201+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":30,"sortOrder":49},{"violations":{"ACR-048":"The app does not provide any control to cancel the installation. \n","ACR-013":"During installation, the user is interrupted by non-consented offer to silently install unrelated software.\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software\n","ACR-084":" On closing the app, application doesn't exit completely. It runs silently in the background, hiding the fact that it is active from the consumer without any notification.\n","ACR-097":"During installation, the app has an option selected  \"Add an exception for uTorrent in windows firewall\" without explicit reason for such setting, that lower the default system security guard.\n","ACR-014":"The \"Accept\" button on the Norton Browser offer is used for two things: accepting an offer and accepting Norton as the default browser. The \"Accept\" button is misleading and confusing because the user is easily led to believe that \"Accept\" is only for installing Norton and not for changing the system browser's default settings.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"utorrent_installer.exe","isInstaller":"True","companyName":"                                                            ","productName":"uТorrеnt® Classic                                           ","productVersion":"3.6                                               ","fileVersion":"3.6                 ","hashMD5":"0f3833784a4b1164b2654cdfb2a00a2a","hashSHA1":"3fe8b8253304e68d868d164d5518a81a6092832f","hashSHA256":"0f7324b1091f11f9736af020396f1fe92f5dea8c414c278cc9a82c9b5ee310cd","digitalCertThumbprint":"2454B8E0EA6E609AEF03C83090EE29C284BA586C","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Rainberry Inc","storeId":"","sourceIndex":"562","avBlockList":["COMODO Antivirus (20240926)","ESET Internet Security (20240926)","FortectPremium (20240926)","K7 Total Security (20240926)","Malwarebytes Premium (20240926)","Norton Security (20240926)","Panda Dome (20240926)","Quick Heal Internet Security (20240926)","Sophos Home Premium (20240926)","VirIT eXplorer PRO (20240926)","Webroot SecureAnywhere (20240926)"],"avAllowList":["360 Total Security (20240926)","Avast Premium Security (20240926)","AVG Internet Security (20240926)","Avira Internet Security (20240926)","Bitdefender Internet Security (20240926)","Dr.Web Security Space (20240926)","G DATA INTERNET SECURITY (20240926)","KasperskyPremium (20240926)","McAfee Total Protection (20240926)","SpyHunter5 (20240926)","Total AV Antivirus Pro (20240926)","Trend Micro Internet Security (20240926)","VIPRE Advanced Security (20240926)","Windows Defender (20240926)"]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on windows app","reference":"","landingPage":"https://www.utorrent.com/","directDownloadingLink":"https://www.utorrent.com/downloads/complete/track/stable/os/win/","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.utorrent.com/downloads/complete/track/stable/os/win/","sourceIndex":"562"}],"sampleFiles":["240904/uTorrentClassic-211215/3.6.0.47134/Samples/utorrent_installer.exe"],"imageFiles":["240904/uTorrentClassic-211215/3.6.0.47134/Images/ACR-048/ACR-048.PNG","240904/uTorrentClassic-211215/3.6.0.47134/Images/ACR-084/ACR-084.PNG","240904/uTorrentClassic-211215/3.6.0.47134/Images/ACR-097/ACR-097.PNG","240904/uTorrentClassic-211215/3.6.0.47134/Images/ACR-097/ACR-097_1.PNG","240904/uTorrentClassic-211215/3.6.0.47134/Images/ACR-014/ACR-014.PNG","240904/uTorrentClassic-211215/3.6.0.47134/Images/ACR-013/ACR-013.PNG","240904/uTorrentClassic-211215/3.6.0.47134/Images/ACR-013/ACR-013_1.PNG","240904/uTorrentClassic-211215/3.6.0.47134/Images/ACR-013/ACR-013_2.PNG","240904/uTorrentClassic-211215/3.6.0.47134/Images/ACR-060/ACR-060.PNG","240904/uTorrentClassic-211215/3.6.0.47134/Images/ACR-060/ACR-060_1.PNG","240904/uTorrentClassic-211215/3.6.0.47134/Images/ACR-060/ACR-060_2.PNG"],"nonDeceptorImageFiles":[],"guid":"4b11710c-2201-4d5a-bf94-5850f6f9c6f1_3.6.0.47134_1","appID":"uTorrentClassic-211215","dateAdded":"260209","deceptorType":"App","name":"uTorrent Classic","company":"BitTorrent Inc.","version":"3.6.0.47134","lastKnownStatus":"3.5.5.46148;3.5.5.46200;3.5.5.46304;3.5.5.46348;3.5.5.46542;3.5.5.46552;3.6.0.46716;3.6.0.46812;3.6.0.46822;3.6.0.46828;3.6.0.46830;3.6.0.46842;3.6.0.46856;3.6.0.46884;3.6.0.46896;3.6.0.46922;3.6.0.47006;3.6.0.47012;;3.6.0.47016;3.6.0.47028;3.6.0.47044;3.6.0.47062;3.6.0.47082;3.6.0.47084;3.6.0.47124;3.6.0.47116;3.6.0.47132;3.6.0.47134;3.6.0.47228;3.6.0.47142","lastKnownDate":"260209","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2026-05-12T22:59:50.9101773+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":30,"sortOrder":29},{"violations":{"ACR-048":"The app does not provide any control to cancel the installation. \n","ACR-013":"During installation, the user is interrupted by non-consented offer to silently install unrelated software.\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software\n","ACR-084":" On closing the app, application doesn't exit completely. It runs silently in the background, hiding the fact that it is active from the consumer without any notification.\n","ACR-097":"During installation, the app has an option selected  \"Add an exception for uTorrent in windows firewall\" without explicit reason for such setting, that lower the default system security guard.\n","ACR-014":"The \"Accept\" button on the Norton Browser offer is used for two things: accepting an offer and accepting Norton as the default browser. The \"Accept\" button is misleading and confusing because the user is easily led to believe that \"Accept\" is only for installing Norton and not for changing the system browser's default settings.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"utorrent_installer.exe","isInstaller":"True","companyName":"                                                            ","productName":"uТorrеnt® Classic                                           ","productVersion":"3.6                                               ","fileVersion":"3.6                 ","hashMD5":"7174ae30213a326a3f4432d6b6bb22e7","hashSHA1":"0457c2ef808dc7b3fb754fb38bc2eb8c9d14c025","hashSHA256":"8ab20cbadcfa1a328d008aa55abf411113f2b337460ade881a86b63434c6784b","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Rainberry Inc","storeId":"","sourceIndex":"586","avBlockList":["COMODO Antivirus (20240905)","Dr.Web Security Space (20240905)","ESET Internet Security (20240905)","FortectPremium (20240905)","G DATA INTERNET SECURITY (20240905)","K7 Total Security (20240905)","Malwarebytes Premium (20240905)","McAfee Total Protection (20240905)","Norton Security (20240905)","Panda Dome (20240905)","Sophos Home Premium (20240905)","VirIT eXplorer PRO (20240905)","Webroot SecureAnywhere (20240905)"],"avAllowList":["360 Total Security (20240905)","Avast Premium Security (20240905)","AVG Internet Security (20240905)","Avira Internet Security (20240905)","Bitdefender Internet Security (20240905)","KasperskyPremium (20240905)","Quick Heal Internet Security (20240905)","SpyHunter5 (20240905)","Total AV Antivirus Pro (20240905)","Trend Micro Internet Security (20240905)","VIPRE Advanced Security (20240905)","Windows Defender (20240905)"]}],"additionalFiles":[],"sources":[{"howFound":"uTorrent Web","reference":"","landingPage":"https://www.utorrent.com/","directDownloadingLink":"https://www.utorrent.com/downloads/complete/track/stable/os/win/","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.utorrent.com/downloads/complete/track/stable/os/win/","sourceIndex":"586"}],"sampleFiles":["240724/uTorrentClassic-211215/3.6.0.47132/Samples/utorrent_installer.exe"],"imageFiles":["240724/uTorrentClassic-211215/3.6.0.47132/Images/ACR-048/ACR-048.PNG","240724/uTorrentClassic-211215/3.6.0.47132/Images/ACR-084/ACR-084.PNG","240724/uTorrentClassic-211215/3.6.0.47132/Images/ACR-097/ACR-097.PNG","240724/uTorrentClassic-211215/3.6.0.47132/Images/ACR-097/ACR-097_1.PNG","240724/uTorrentClassic-211215/3.6.0.47132/Images/ACR-014/ACR-014.PNG","240724/uTorrentClassic-211215/3.6.0.47132/Images/ACR-013/ACR-013.PNG","240724/uTorrentClassic-211215/3.6.0.47132/Images/ACR-013/ACR-013_1.PNG","240724/uTorrentClassic-211215/3.6.0.47132/Images/ACR-013/ACR-013_2.PNG","240724/uTorrentClassic-211215/3.6.0.47132/Images/ACR-060/ACR-060.PNG","240724/uTorrentClassic-211215/3.6.0.47132/Images/ACR-060/ACR-060_1.PNG","240724/uTorrentClassic-211215/3.6.0.47132/Images/ACR-060/ACR-060_2.PNG"],"nonDeceptorImageFiles":[],"guid":"4b11710c-2201-4d5a-bf94-5850f6f9c6f1_3.6.0.47132_1","appID":"uTorrentClassic-211215","dateAdded":"260209","deceptorType":"App","name":"uTorrent Classic","company":"BitTorrent Inc.","version":"3.6.0.47132","lastKnownStatus":"3.5.5.46148;3.5.5.46200;3.5.5.46304;3.5.5.46348;3.5.5.46542;3.5.5.46552;3.6.0.46716;3.6.0.46812;3.6.0.46822;3.6.0.46828;3.6.0.46830;3.6.0.46842;3.6.0.46856;3.6.0.46884;3.6.0.46896;3.6.0.46922;3.6.0.47006;3.6.0.47012;;3.6.0.47016;3.6.0.47028;3.6.0.47044;3.6.0.47062;3.6.0.47082;3.6.0.47084;3.6.0.47124;3.6.0.47116;3.6.0.47132;3.6.0.47134;3.6.0.47228;3.6.0.47142","lastKnownDate":"260209","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2026-05-12T22:59:52.1227025+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":30,"sortOrder":30},{"violations":{"ACR-048":"The app does not provide any control to cancel the installation. \n","ACR-013":"During installation, the user is interrupted by non-consented offer to silently install unrelated software.\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software\n","ACR-084":" On closing the app, application doesn't exit completely. It runs silently in the background, hiding the fact that it is active from the consumer without any notification.\n","ACR-097":"During installation, the app has an option selected  \"Add an exception for uTorrent in windows firewall\" without explicit reason for such setting, that lower the default system security guard.\n","ACR-014":"The \"Accept\" button on the Opera Browser offer is used for two things: accepting an offer and accepting Opera as the default browser. The \"Accept\" button is misleading and confusing because the user is easily led to believe that \"Accept\" is only for installing Opera and not for changing the system browser's default settings.\n"},"nonDeceptorViolations":{"ACR-040":"The app drops all its components in the hidden path \"C:\\Users\\User\\AppData\\Roaming\\utorrent\"\n"},"samples":[{"isRevoked":"False","fileName":"utorrent_installer.exe","isInstaller":"True","companyName":"                                                            ","productName":"uТorrеnt® Classic                                           ","productVersion":"3.6                                               ","fileVersion":"3.6                 ","hashMD5":"33a2963469ec9693d7ebe822cbb98923","hashSHA1":"e7f491d79181b233589c9a39d2ee2faff37d50e0","hashSHA256":"17839640a8ddf47631b6ec8a9006d8fcd2989c5eb6b07d593c27f8e5354b4779","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Rainberry Inc","storeId":"","sourceIndex":"604","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"utorrent_installer_240403.exe","isInstaller":"True","fileVersion":"3.6","hashMD5":"e024600dee53b393ffd12f38d557c2a3","hashSHA1":"e1ba663ce7d5e5704e85e256fc0f46004a9a6275","hashSHA256":"63528c3c3f8fc6e7f6e1943f574d77b87db7f48a53c8b962594ccb902d4787d9","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"604","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"utorrent_installer_240408.exe","isInstaller":"True","fileVersion":"3.6","hashMD5":"74af8631c70917bcb96c6fd8c2258d3a","hashSHA1":"2fd08435672b95cc5afdf2d514576642e8e6364c","hashSHA256":"42fc76e61a4e655b4dbbb7a64d5513b6686aa251d049cdc3fcc4e274653f3346","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"604","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"utorrent_installer_240412.exe","isInstaller":"True","fileVersion":"3.6","hashMD5":"396aac3fcea1330cccef94f4bec291c0","hashSHA1":"0685f86468e8822e6c479f695dffd31f167fbea5","hashSHA256":"0bedc580034d83b3eb8ad3924fa004d2304b50fffe1bb05201a40b236ff5a4f8","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"604","avBlockList":["COMODO Antivirus (20240425)","Dr.Web Security Space (20240425)","ESET Internet Security (20240425)","K7 Total Security (20240425)","Malwarebytes Premium (20240425)","Norton Security (20240425)","Panda Dome (20240425)","Quick Heal Internet Security (20240425)","Sophos Home Premium (20240425)","VirIT eXplorer PRO (20240425)","Webroot SecureAnywhere (20240425)"],"avAllowList":["360 Total Security (20240425)","Avast Premium Security (20240425)","AVG Internet Security (20240425)","Avira Internet Security (20240425)","Bitdefender Internet Security (20240425)","G DATA INTERNET SECURITY (20240425)","Kaspersky Internet Security (20240425)","McAfee Total Protection (20240425)","SpyHunter5 (20240425)","Total AV Antivirus Pro (20240425)","Trend Micro Internet Security (20240425)","VIPRE Advanced Security (20240425)","Windows Defender (20240425)"]},{"isRevoked":"False","fileName":"utorrent_installer_240415.exe","isInstaller":"True","fileVersion":"3.6","hashMD5":"7a0fe04d498b149fa2a7d223b80bd629","hashSHA1":"5d6d9752131f9dc3ade527da4919a43c4d8d32df","hashSHA256":"2ba900dabd9eb1c0f29dccea9b66b630bc49926962d64b049c1c115557413e69","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"604","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"utorrent_installer_240416.exe","isInstaller":"True","fileVersion":"3.6","hashMD5":"d4941a9f883722f1459fece9ca03b904","hashSHA1":"9afe8659552d8120cafe9f938f58edbbc0f64133","hashSHA256":"332157bc76c5508a2b160c1f64d256c6b4cad7f1c760e7119d9582c280802bb5","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"604","avBlockList":["COMODO Antivirus (20240604)","Dr.Web Security Space (20240604)","ESET Internet Security (20240604)","G DATA INTERNET SECURITY (20240604)","K7 Total Security (20240604)","Malwarebytes Premium (20240604)","Norton Security (20240604)","Panda Dome (20240604)","Quick Heal Internet Security (20240604)","Sophos Home Premium (20240604)","VirIT eXplorer PRO (20240604)","Webroot SecureAnywhere (20240604)"],"avAllowList":["360 Total Security (20240604)","Avast Premium Security (20240604)","AVG Internet Security (20240604)","Avira Internet Security (20240604)","Bitdefender Internet Security (20240604)","Kaspersky Internet Security (20240604)","McAfee Total Protection (20240604)","SpyHunter5 (20240604)","Total AV Antivirus Pro (20240604)","Trend Micro Internet Security (20240604)","VIPRE Advanced Security (20240604)","Windows Defender (20240604)"]},{"isRevoked":"False","fileName":"utorrent_installer_240417.exe","isInstaller":"True","fileVersion":"3.6","hashMD5":"b5fa06324d1b8919b58151ef420c236f","hashSHA1":"159556c5ff9f803d875710be471ecd74842b812e","hashSHA256":"7a606a51732f9d32db14b83cbd0e9acb3ef259a41ef7a901111c8c35b0f5b0ba","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"604","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"uTorrent apps","reference":"","landingPage":"https://www.utorrent.com/","directDownloadingLink":"https://www.utorrent.com/downloads/complete/track/stable/os/win/","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.utorrent.com/downloads/complete/track/stable/os/win/","sourceIndex":"604"}],"sampleFiles":["240710/uTorrentClassic-211215/3.6.0.47044/Samples/utorrent_installer.exe","240710/uTorrentClassic-211215/3.6.0.47044/Samples/utorrent_installer_240403.exe","240710/uTorrentClassic-211215/3.6.0.47044/Samples/utorrent_installer_240408.exe","240710/uTorrentClassic-211215/3.6.0.47044/Samples/utorrent_installer_240412.exe","240710/uTorrentClassic-211215/3.6.0.47044/Samples/utorrent_installer_240415.exe","240710/uTorrentClassic-211215/3.6.0.47044/Samples/utorrent_installer_240416.exe","240710/uTorrentClassic-211215/3.6.0.47044/Samples/utorrent_installer_240417.exe"],"imageFiles":["240710/uTorrentClassic-211215/3.6.0.47044/Images/ACR-048/ACR-048.PNG","240710/uTorrentClassic-211215/3.6.0.47044/Images/ACR-084/ACR-084.PNG","240710/uTorrentClassic-211215/3.6.0.47044/Images/ACR-097/ACR-097.PNG","240710/uTorrentClassic-211215/3.6.0.47044/Images/ACR-097/ACR-097_1.PNG","240710/uTorrentClassic-211215/3.6.0.47044/Images/ACR-014/ACR-014.PNG","240710/uTorrentClassic-211215/3.6.0.47044/Images/ACR-013/ACR-013.PNG","240710/uTorrentClassic-211215/3.6.0.47044/Images/ACR-013/ACR-013_1.PNG","240710/uTorrentClassic-211215/3.6.0.47044/Images/ACR-013/ACR-013_2.PNG","240710/uTorrentClassic-211215/3.6.0.47044/Images/ACR-060/ACR-060.PNG","240710/uTorrentClassic-211215/3.6.0.47044/Images/ACR-060/ACR-060_1.PNG","240710/uTorrentClassic-211215/3.6.0.47044/Images/ACR-060/ACR-060_2.PNG"],"nonDeceptorImageFiles":["240710/uTorrentClassic-211215/3.6.0.47044/Images/ACR-040/ACR-040.PNG"],"guid":"4b11710c-2201-4d5a-bf94-5850f6f9c6f1_3.6.0.47044_1","appID":"uTorrentClassic-211215","dateAdded":"260209","deceptorType":"App","name":"uTorrent Classic","company":"BitTorrent Inc.","version":"3.6.0.47044","lastKnownStatus":"3.5.5.46148;3.5.5.46200;3.5.5.46304;3.5.5.46348;3.5.5.46542;3.5.5.46552;3.6.0.46716;3.6.0.46812;3.6.0.46822;3.6.0.46828;3.6.0.46830;3.6.0.46842;3.6.0.46856;3.6.0.46884;3.6.0.46896;3.6.0.46922;3.6.0.47006;3.6.0.47012;;3.6.0.47016;3.6.0.47028;3.6.0.47044;3.6.0.47062;3.6.0.47082;3.6.0.47084;3.6.0.47124;3.6.0.47116;3.6.0.47132;3.6.0.47134;3.6.0.47228;3.6.0.47142","lastKnownDate":"260209","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2026-05-12T22:59:52.8530874+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":30,"sortOrder":31},{"violations":{"ACR-048":"The app does not provide any control to cancel the installation. \n","ACR-013":"During installation, the user is interrupted by non-consented offer to silently install unrelated software.\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software\n","ACR-084":" On closing the app, application doesn't exit completely. It runs silently in the background, hiding the fact that it is active from the consumer without any notification.\n","ACR-097":"During installation, the app has an option selected  \"Add an exception for uTorrent in windows firewall\" without explicit reason for such setting, that lower the default system security guard.\n","ACR-014":"The \"Accept\" button on the Norton Browser offer is used for two things: accepting an offer and accepting Norton as the default browser. The \"Accept\" button is misleading and confusing because the user is easily led to believe that \"Accept\" is only for installing Norton and not for changing the system browser's default settings.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"utorrent_installer.exe","isInstaller":"True","companyName":"                                                            ","productName":"uТorrеnt® Classic                                           ","productVersion":"3.6                                               ","fileVersion":"3.6                 ","hashMD5":"8d45f745fd212a1dfbbfc783a706ab8e","hashSHA1":"cf89a73dc31a7b4067813614637c07fc7cad3f59","hashSHA256":"e35405541af5d416731399068c523c10757865f3336c9ac30aaca55c41dbc83e","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Rainberry Inc","storeId":"","sourceIndex":"605","avBlockList":["COMODO Antivirus (20240702)","Dr.Web Security Space (20240702)","ESET Internet Security (20240702)","FortectPremium (20240702)","K7 Total Security (20240702)","Malwarebytes Premium (20240702)","Norton Security (20240702)","Panda Dome (20240702)","Sophos Home Premium (20240702)","SpyHunter5 (20240702)","VirIT eXplorer PRO (20240702)","Webroot SecureAnywhere (20240702)"],"avAllowList":["360 Total Security (20240702)","Avast Premium Security (20240702)","AVG Internet Security (20240702)","Avira Internet Security (20240702)","Bitdefender Internet Security (20240702)","G DATA INTERNET SECURITY (20240702)","Kaspersky Internet Security (20240702)","McAfee Total Protection (20240702)","Quick Heal Internet Security (20240702)","Total AV Antivirus Pro (20240702)","Trend Micro Internet Security (20240702)","VIPRE Advanced Security (20240702)","Windows Defender (20240702)"]},{"isRevoked":"False","fileName":"utorrent_installer_240612.exe","isInstaller":"True","fileVersion":"3.6","hashMD5":"9f35423b1698acbf25cc8b82c39dbb99","hashSHA1":"8227ca3647a3bf48486d7c29b9051dfceffa9cc7","hashSHA256":"d5d1d982868e25d037e85b3e6f314b93b8deddf49cbc58dc1234ff77a9c953ee","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"605","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt on torrent applications","reference":"","landingPage":"https://www.utorrent.com/","directDownloadingLink":"https://www.utorrent.com/downloads/complete/track/stable/os/win/","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.utorrent.com/downloads/complete/track/stable/os/win/","sourceIndex":"605"}],"sampleFiles":["240710/uTorrentClassic-211215/3.6.0.47116/Samples/utorrent_installer.exe"],"imageFiles":["240710/uTorrentClassic-211215/3.6.0.47116/Images/ACR-048/ACR-048.PNG","240710/uTorrentClassic-211215/3.6.0.47116/Images/ACR-084/ACR-084.PNG","240710/uTorrentClassic-211215/3.6.0.47116/Images/ACR-097/ACR-097.PNG","240710/uTorrentClassic-211215/3.6.0.47116/Images/ACR-097/ACR-097_1.PNG","240710/uTorrentClassic-211215/3.6.0.47116/Images/ACR-014/ACR-014.PNG","240710/uTorrentClassic-211215/3.6.0.47116/Images/ACR-013/ACR-013.PNG","240710/uTorrentClassic-211215/3.6.0.47116/Images/ACR-013/ACR-013_1.PNG","240710/uTorrentClassic-211215/3.6.0.47116/Images/ACR-013/ACR-013_2.PNG","240710/uTorrentClassic-211215/3.6.0.47116/Images/ACR-060/ACR-060.PNG","240710/uTorrentClassic-211215/3.6.0.47116/Images/ACR-060/ACR-060_1.PNG","240710/uTorrentClassic-211215/3.6.0.47116/Images/ACR-060/ACR-060_2.PNG"],"nonDeceptorImageFiles":[],"guid":"4b11710c-2201-4d5a-bf94-5850f6f9c6f1_3.6.0.47116_1","appID":"uTorrentClassic-211215","dateAdded":"260209","deceptorType":"App","name":"uTorrent Classic","company":"BitTorrent Inc.","version":"3.6.0.47116","lastKnownStatus":"3.5.5.46148;3.5.5.46200;3.5.5.46304;3.5.5.46348;3.5.5.46542;3.5.5.46552;3.6.0.46716;3.6.0.46812;3.6.0.46822;3.6.0.46828;3.6.0.46830;3.6.0.46842;3.6.0.46856;3.6.0.46884;3.6.0.46896;3.6.0.46922;3.6.0.47006;3.6.0.47012;;3.6.0.47016;3.6.0.47028;3.6.0.47044;3.6.0.47062;3.6.0.47082;3.6.0.47084;3.6.0.47124;3.6.0.47116;3.6.0.47132;3.6.0.47134;3.6.0.47228;3.6.0.47142","lastKnownDate":"260209","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2026-05-12T22:59:52.8932041+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":30,"sortOrder":32},{"violations":{"ACR-048":"The app does not provide any control to cancel the installation. \n","ACR-013":"During installation, the user is interrupted by non-consented offer to silently install unrelated software.\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software\n","ACR-084":" On closing the app, application doesn't exit completely. It runs silently in the background, hiding the fact that it is active from the consumer without any notification.\n","ACR-097":"During installation, the app has an option selected  \"Add an exception for uTorrent in windows firewall\" without explicit reason for such setting, that lower the default system security guard.\n","ACR-014":"The \"Accept\" button on the Norton Browser offer is used for two things: accepting an offer and accepting Norton as the default browser. The \"Accept\" button is misleading and confusing because the user is easily led to believe that \"Accept\" is only for installing Norton and not for changing the system browser's default settings.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"utorrent_installer.exe","isInstaller":"True","companyName":"                                                            ","productName":"uТorrеnt® Classic                                           ","productVersion":"3.6                                               ","fileVersion":"3.6                 ","hashMD5":"8d45f745fd212a1dfbbfc783a706ab8e","hashSHA1":"cf89a73dc31a7b4067813614637c07fc7cad3f59","hashSHA256":"e35405541af5d416731399068c523c10757865f3336c9ac30aaca55c41dbc83e","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Rainberry Inc","storeId":"","sourceIndex":"606","avBlockList":["COMODO Antivirus (20240702)","Dr.Web Security Space (20240702)","ESET Internet Security (20240702)","FortectPremium (20240702)","K7 Total Security (20240702)","Malwarebytes Premium (20240702)","Norton Security (20240702)","Panda Dome (20240702)","Sophos Home Premium (20240702)","SpyHunter5 (20240702)","VirIT eXplorer PRO (20240702)","Webroot SecureAnywhere (20240702)"],"avAllowList":["360 Total Security (20240702)","Avast Premium Security (20240702)","AVG Internet Security (20240702)","Avira Internet Security (20240702)","Bitdefender Internet Security (20240702)","G DATA INTERNET SECURITY (20240702)","Kaspersky Internet Security (20240702)","McAfee Total Protection (20240702)","Quick Heal Internet Security (20240702)","Total AV Antivirus Pro (20240702)","Trend Micro Internet Security (20240702)","VIPRE Advanced Security (20240702)","Windows Defender (20240702)"]},{"isRevoked":"False","fileName":"utorrent_installer_240628.exe","isInstaller":"True","fileVersion":"3.6","hashMD5":"9c99e3d89ed936f9f1a5d188c01f7482","hashSHA1":"b86e22b9595f07b75dff4e69c8d3e197f9cc2210","hashSHA256":"3db942b9d3f84e5060f143c81507aab2438b34d963cbd5cab5bbac882ffe6d8e","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"606","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"utorrent_installer_240708.exe","isInstaller":"True","fileVersion":"3.6","hashMD5":"2e0e51db33a8ef5ec10539c806308daf","hashSHA1":"f8d310591eddad6ba37d2c406a547796ca37f02b","hashSHA256":"d16735903e6c843d95d06d053bbccfec9c3a14db81843d7832f1acaaf5eb1792","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"606","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"uTorrent Web","reference":"","landingPage":"https://www.utorrent.com/","directDownloadingLink":"https://www.utorrent.com/downloads/complete/track/stable/os/win/","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.utorrent.com/downloads/complete/track/stable/os/win/","sourceIndex":"606"}],"sampleFiles":["240710/uTorrentClassic-211215/3.6.0.47124/Samples/utorrent_installer.exe","240710/uTorrentClassic-211215/3.6.0.47124/Samples/utorrent_installer_240628.exe","240710/uTorrentClassic-211215/3.6.0.47124/Samples/utorrent_installer_240708.exe"],"imageFiles":["240710/uTorrentClassic-211215/3.6.0.47124/Images/ACR-048/ACR-048.PNG","240710/uTorrentClassic-211215/3.6.0.47124/Images/ACR-084/ACR-084.PNG","240710/uTorrentClassic-211215/3.6.0.47124/Images/ACR-097/ACR-097.PNG","240710/uTorrentClassic-211215/3.6.0.47124/Images/ACR-097/ACR-097_1.PNG","240710/uTorrentClassic-211215/3.6.0.47124/Images/ACR-014/ACR-014.PNG","240710/uTorrentClassic-211215/3.6.0.47124/Images/ACR-013/ACR-013.PNG","240710/uTorrentClassic-211215/3.6.0.47124/Images/ACR-013/ACR-013_1.PNG","240710/uTorrentClassic-211215/3.6.0.47124/Images/ACR-013/ACR-013_2.PNG","240710/uTorrentClassic-211215/3.6.0.47124/Images/ACR-060/ACR-060.PNG","240710/uTorrentClassic-211215/3.6.0.47124/Images/ACR-060/ACR-060_1.PNG","240710/uTorrentClassic-211215/3.6.0.47124/Images/ACR-060/ACR-060_2.PNG"],"nonDeceptorImageFiles":[],"guid":"4b11710c-2201-4d5a-bf94-5850f6f9c6f1_3.6.0.47124_1","appID":"uTorrentClassic-211215","dateAdded":"260209","deceptorType":"App","name":"uTorrent Classic","company":"BitTorrent Inc.","version":"3.6.0.47124","lastKnownStatus":"3.5.5.46148;3.5.5.46200;3.5.5.46304;3.5.5.46348;3.5.5.46542;3.5.5.46552;3.6.0.46716;3.6.0.46812;3.6.0.46822;3.6.0.46828;3.6.0.46830;3.6.0.46842;3.6.0.46856;3.6.0.46884;3.6.0.46896;3.6.0.46922;3.6.0.47006;3.6.0.47012;;3.6.0.47016;3.6.0.47028;3.6.0.47044;3.6.0.47062;3.6.0.47082;3.6.0.47084;3.6.0.47124;3.6.0.47116;3.6.0.47132;3.6.0.47134;3.6.0.47228;3.6.0.47142","lastKnownDate":"260209","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2026-05-12T22:59:52.9530404+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":30,"sortOrder":33},{"violations":{"ACR-048":"The app does not provide any control to cancel the installation. \n","ACR-013":"During installation, the user is interrupted by non-consented offer to silently install unrelated software.\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software\n","ACR-084":" On closing the app, application doesn't exit completely. It runs silently in the background, hiding the fact that it is active from the consumer without any notification.\n","ACR-097":"During installation, the app has an option selected  \"Add an exception for uTorrent in windows firewall\" without explicit reason for such setting, that lower the default system security guard.\n","ACR-014":"The \"Accept\" button on the Norton Browser offer is used for two things: accepting an offer and accepting Norton as the default browser. The \"Accept\" button is misleading and confusing because the user is easily led to believe that \"Accept\" is only for installing Norton and not for changing the system browser's default settings.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"utorrent_installer.exe","isInstaller":"True","companyName":"                                                            ","productName":"uТorrеnt® Classic                                           ","productVersion":"3.6                                               ","fileVersion":"3.6                 ","hashMD5":"d4941a9f883722f1459fece9ca03b904","hashSHA1":"9afe8659552d8120cafe9f938f58edbbc0f64133","hashSHA256":"332157bc76c5508a2b160c1f64d256c6b4cad7f1c760e7119d9582c280802bb5","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Rainberry Inc","storeId":"","sourceIndex":"610","avBlockList":["COMODO Antivirus (20240604)","Dr.Web Security Space (20240604)","ESET Internet Security (20240604)","G DATA INTERNET SECURITY (20240604)","K7 Total Security (20240604)","Malwarebytes Premium (20240604)","Norton Security (20240604)","Panda Dome (20240604)","Quick Heal Internet Security (20240604)","Sophos Home Premium (20240604)","VirIT eXplorer PRO (20240604)","Webroot SecureAnywhere (20240604)"],"avAllowList":["360 Total Security (20240604)","Avast Premium Security (20240604)","AVG Internet Security (20240604)","Avira Internet Security (20240604)","Bitdefender Internet Security (20240604)","Kaspersky Internet Security (20240604)","McAfee Total Protection (20240604)","SpyHunter5 (20240604)","Total AV Antivirus Pro (20240604)","Trend Micro Internet Security (20240604)","VIPRE Advanced Security (20240604)","Windows Defender (20240604)"]},{"isRevoked":"False","fileName":"utorrent_installer_240515.exe","isInstaller":"True","fileVersion":"3.6","hashMD5":"48db35671de4f4fe63aa341f2bd90eeb","hashSHA1":"9cdb5024afc401b738e0806f261a5027dd49c19b","hashSHA256":"ff25cde64e92f138d469b752293da73b1aa0522d3bb652b8cde1a01e69b95e27","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"610","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"utorrent_installer_240517.exe","isInstaller":"True","fileVersion":"3.6","hashMD5":"861b23631cd7b9581535bd9ca1c313d7","hashSHA1":"597e690b1309fc8dc804f05e3bc27d31f1f3b525","hashSHA256":"d7af1757ebcf2e517de9947d4263693029089765ab87593c1d0a80561cc42b6a","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"610","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"utorrent_installer_240528.exe","isInstaller":"True","fileVersion":"3.6","hashMD5":"83d572275156dca460def6ba25947e4a","hashSHA1":"27f74b95191c801e7406bd8db017b2a7ae6bad31","hashSHA256":"8c06956cdb67fdc1b9348f8d4a06875593244058b2351b6a1c0d6f48e5378703","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"610","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"utorrent_installer_240530.exe","isInstaller":"True","fileVersion":"3.6","hashMD5":"8d45f745fd212a1dfbbfc783a706ab8e","hashSHA1":"cf89a73dc31a7b4067813614637c07fc7cad3f59","hashSHA256":"e35405541af5d416731399068c523c10757865f3336c9ac30aaca55c41dbc83e","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"610","avBlockList":["COMODO Antivirus (20240702)","Dr.Web Security Space (20240702)","ESET Internet Security (20240702)","FortectPremium (20240702)","K7 Total Security (20240702)","Malwarebytes Premium (20240702)","Norton Security (20240702)","Panda Dome (20240702)","Sophos Home Premium (20240702)","SpyHunter5 (20240702)","VirIT eXplorer PRO (20240702)","Webroot SecureAnywhere (20240702)"],"avAllowList":["360 Total Security (20240702)","Avast Premium Security (20240702)","AVG Internet Security (20240702)","Avira Internet Security (20240702)","Bitdefender Internet Security (20240702)","G DATA INTERNET SECURITY (20240702)","Kaspersky Internet Security (20240702)","McAfee Total Protection (20240702)","Quick Heal Internet Security (20240702)","Total AV Antivirus Pro (20240702)","Trend Micro Internet Security (20240702)","VIPRE Advanced Security (20240702)","Windows Defender (20240702)"]},{"isRevoked":"False","fileName":"utorrent_installer_240530_1.exe","isInstaller":"True","fileVersion":"3.6","hashMD5":"983b3a88637f0c02e0f55cd7d9024615","hashSHA1":"a29089a3406388e5d8cf16c62e4fc7abc2840f6e","hashSHA256":"fdd5144c7fa98d643b55d079d1ab23832db70ab86ec926ed4ee2a635933a692e","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"610","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"utorrent_installer_240603.exe","isInstaller":"True","fileVersion":"3.6","hashMD5":"03f2c905b39d7875c1546ed80d2721ed","hashSHA1":"e818f038bbac5881e90ea0db135274a35afd312b","hashSHA256":"3aa42db59956138589269111173d6d12ef1aa663539198c83719fb9983339293","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"610","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"utorrent_installer_240611.exe","isInstaller":"True","fileVersion":"3.6","hashMD5":"5171f0f3f82a8963ab853d896d352ce5","hashSHA1":"9731f833609a9963962c39144b2e88fedfe4304e","hashSHA256":"440e04319a8b4a9c9ab1277b8ea26b30c7a1e7f4f69b4e0e0982ea977847926e","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"610","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"uTorrent Web","reference":"","landingPage":"https://www.utorrent.com/","directDownloadingLink":"https://www.utorrent.com/downloads/complete/track/stable/os/win/","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.utorrent.com/downloads/complete/track/stable/os/win/","sourceIndex":"610"}],"sampleFiles":["240709/uTorrentClassic-211215/3.6.0.47084/Samples/utorrent_installer.exe","240709/uTorrentClassic-211215/3.6.0.47084/Samples/utorrent_installer_240515.exe","240709/uTorrentClassic-211215/3.6.0.47084/Samples/utorrent_installer_240517.exe","240709/uTorrentClassic-211215/3.6.0.47084/Samples/utorrent_installer_240528.exe","240709/uTorrentClassic-211215/3.6.0.47084/Samples/utorrent_installer_240530.exe","240709/uTorrentClassic-211215/3.6.0.47084/Samples/utorrent_installer_240530_1.exe","240709/uTorrentClassic-211215/3.6.0.47084/Samples/utorrent_installer_240603.exe","240709/uTorrentClassic-211215/3.6.0.47084/Samples/utorrent_installer_240611.exe"],"imageFiles":["240709/uTorrentClassic-211215/3.6.0.47084/Images/ACR-048/ACR-048.PNG","240709/uTorrentClassic-211215/3.6.0.47084/Images/ACR-084/ACR-084.PNG","240709/uTorrentClassic-211215/3.6.0.47084/Images/ACR-097/ACR-097.PNG","240709/uTorrentClassic-211215/3.6.0.47084/Images/ACR-097/ACR-097_1.PNG","240709/uTorrentClassic-211215/3.6.0.47084/Images/ACR-014/ACR-014.PNG","240709/uTorrentClassic-211215/3.6.0.47084/Images/ACR-013/ACR-013.PNG","240709/uTorrentClassic-211215/3.6.0.47084/Images/ACR-013/ACR-013_1.PNG","240709/uTorrentClassic-211215/3.6.0.47084/Images/ACR-013/ACR-013_2.PNG","240709/uTorrentClassic-211215/3.6.0.47084/Images/ACR-060/ACR-060.PNG","240709/uTorrentClassic-211215/3.6.0.47084/Images/ACR-060/ACR-060_1.PNG","240709/uTorrentClassic-211215/3.6.0.47084/Images/ACR-060/ACR-060_2.PNG"],"nonDeceptorImageFiles":[],"guid":"4b11710c-2201-4d5a-bf94-5850f6f9c6f1_3.6.0.47084_1","appID":"uTorrentClassic-211215","dateAdded":"260209","deceptorType":"App","name":"uTorrent Classic","company":"BitTorrent Inc.","version":"3.6.0.47084","lastKnownStatus":"3.5.5.46148;3.5.5.46200;3.5.5.46304;3.5.5.46348;3.5.5.46542;3.5.5.46552;3.6.0.46716;3.6.0.46812;3.6.0.46822;3.6.0.46828;3.6.0.46830;3.6.0.46842;3.6.0.46856;3.6.0.46884;3.6.0.46896;3.6.0.46922;3.6.0.47006;3.6.0.47012;;3.6.0.47016;3.6.0.47028;3.6.0.47044;3.6.0.47062;3.6.0.47082;3.6.0.47084;3.6.0.47124;3.6.0.47116;3.6.0.47132;3.6.0.47134;3.6.0.47228;3.6.0.47142","lastKnownDate":"260209","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2026-05-12T22:59:53.3754537+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":30,"sortOrder":34},{"violations":{"ACR-042":"The app initiates network communications with 3rd party offer provider before obtaining user consent\n","ACR-048":"The app does not provide any control to cancel the installation. \n","ACR-013":"During installation, the user is interrupted by non-consented offer to silently install unrelated software.\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software\n","ACR-084":" On closing the app, application doesn't exit completely. It runs silently in the background, hiding the fact that it is active from the consumer without any notification.\n","ACR-097":"During installation, the app has an option selected  \"Add an exception for uTorrent in windows firewall\" without explicit reason for such setting, that lower the default system security guard.\n","ACR-014":"The \"Accept\" button on the Opera Browser offer is used for two things: accepting an offer and accepting Opera as the default browser. The \"Accept\" button is misleading and confusing because the user is easily led to believe that \"Accept\" is only for installing Opera and not for changing the system browser's default settings.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"utorrent_installer.exe","isInstaller":"True","companyName":"                                                            ","productName":"uТorrеnt® Classic                                           ","productVersion":"3.6                                               ","fileVersion":"3.6                 ","hashMD5":"0db5265e17f515ce4e94a49569511179","hashSHA1":"11cdc8ca1d922df75e707646e672a6a1a411ff8e","hashSHA256":"3a86fc570139bbcd849fd647754b24fa9b94a2e31b3f04e98f494be9940e7bb0","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Rainberry Inc","storeId":"","sourceIndex":"641","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"utorrent_installer_240509.exe","isInstaller":"True","fileVersion":"3.6","hashMD5":"b868c4bb1ab9fd8030589ecb115743d5","hashSHA1":"6c1c6aec5f62498c3e1fb091377347a431053772","hashSHA256":"500ea933a87376b3e3c455bc516b421f19ec307cfcfbec09bd53370e2c08f051","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"641","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"uTorrent apps","reference":"","landingPage":"https://www.utorrent.com/","directDownloadingLink":"https://www.utorrent.com/downloads/complete/track/stable/os/win/","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.utorrent.com/downloads/complete/track/stable/os/win/","sourceIndex":"641"}],"sampleFiles":["240521/uTorrentClassic-211215/3.6.0.47082/Samples/utorrent_installer.exe","240521/uTorrentClassic-211215/3.6.0.47082/Samples/utorrent_installer_240509.exe"],"imageFiles":["240521/uTorrentClassic-211215/3.6.0.47082/Images/ACR-042/ACR-042.PNG","240521/uTorrentClassic-211215/3.6.0.47082/Images/ACR-048/ACR-048.PNG","240521/uTorrentClassic-211215/3.6.0.47082/Images/ACR-084/ACR-084.PNG","240521/uTorrentClassic-211215/3.6.0.47082/Images/ACR-097/ACR-097.PNG","240521/uTorrentClassic-211215/3.6.0.47082/Images/ACR-097/ACR-097_1.PNG","240521/uTorrentClassic-211215/3.6.0.47082/Images/ACR-014/ACR-014.PNG","240521/uTorrentClassic-211215/3.6.0.47082/Images/ACR-013/ACR-013.PNG","240521/uTorrentClassic-211215/3.6.0.47082/Images/ACR-013/ACR-013_1.PNG","240521/uTorrentClassic-211215/3.6.0.47082/Images/ACR-013/ACR-013_2.PNG","240521/uTorrentClassic-211215/3.6.0.47082/Images/ACR-060/ACR-060.PNG","240521/uTorrentClassic-211215/3.6.0.47082/Images/ACR-060/ACR-060_1.PNG","240521/uTorrentClassic-211215/3.6.0.47082/Images/ACR-060/ACR-060_2.PNG"],"nonDeceptorImageFiles":[],"guid":"4b11710c-2201-4d5a-bf94-5850f6f9c6f1_3.6.0.47082_1","appID":"uTorrentClassic-211215","dateAdded":"260209","deceptorType":"App","name":"uTorrent Classic","company":"BitTorrent Inc.","version":"3.6.0.47082","lastKnownStatus":"3.5.5.46148;3.5.5.46200;3.5.5.46304;3.5.5.46348;3.5.5.46542;3.5.5.46552;3.6.0.46716;3.6.0.46812;3.6.0.46822;3.6.0.46828;3.6.0.46830;3.6.0.46842;3.6.0.46856;3.6.0.46884;3.6.0.46896;3.6.0.46922;3.6.0.47006;3.6.0.47012;;3.6.0.47016;3.6.0.47028;3.6.0.47044;3.6.0.47062;3.6.0.47082;3.6.0.47084;3.6.0.47124;3.6.0.47116;3.6.0.47132;3.6.0.47134;3.6.0.47228;3.6.0.47142","lastKnownDate":"260209","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2026-05-12T22:59:54.4611528+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":30,"sortOrder":35},{"violations":{"ACR-042":"The app initiates network communications with 3rd party offer provider before obtaining user consent\n","ACR-048":"The app does not provide any control to cancel the installation. \n","ACR-013":"During installation, the user is interrupted by non-consented offer to silently install unrelated software.\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software\n","ACR-084":" On closing the app, application doesn't exit completely. It runs silently in the background, hiding the fact that it is active from the consumer without any notification.\n","ACR-097":"During installation, the app has an option selected  \"Add an exception for uTorrent in windows firewall\" without explicit reason for such setting, that lower the default system security guard.\n","ACR-014":"The \"Accept\" button on the Opera Browser offer is used for two things: accepting an offer and accepting Opera as the default browser. The \"Accept\" button is misleading and confusing because the user is easily led to believe that \"Accept\" is only for installing Opera and not for changing the system browser's default settings.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"utorrent_installer.exe","isInstaller":"True","companyName":"                                                            ","productName":"uТorrеnt® Classic                                           ","productVersion":"3.6                                               ","fileVersion":"3.6                 ","hashMD5":"396aac3fcea1330cccef94f4bec291c0","hashSHA1":"0685f86468e8822e6c479f695dffd31f167fbea5","hashSHA256":"0bedc580034d83b3eb8ad3924fa004d2304b50fffe1bb05201a40b236ff5a4f8","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Rainberry Inc","storeId":"","sourceIndex":"642","avBlockList":["COMODO Antivirus (20240425)","Dr.Web Security Space (20240425)","ESET Internet Security (20240425)","K7 Total Security (20240425)","Malwarebytes Premium (20240425)","Norton Security (20240425)","Panda Dome (20240425)","Quick Heal Internet Security (20240425)","Sophos Home Premium (20240425)","VirIT eXplorer PRO (20240425)","Webroot SecureAnywhere (20240425)"],"avAllowList":["360 Total Security (20240425)","Avast Premium Security (20240425)","AVG Internet Security (20240425)","Avira Internet Security (20240425)","Bitdefender Internet Security (20240425)","G DATA INTERNET SECURITY (20240425)","Kaspersky Internet Security (20240425)","McAfee Total Protection (20240425)","SpyHunter5 (20240425)","Total AV Antivirus Pro (20240425)","Trend Micro Internet Security (20240425)","VIPRE Advanced Security (20240425)","Windows Defender (20240425)"]},{"isRevoked":"False","fileName":"utorrent_installer_240423.exe","isInstaller":"True","fileVersion":"3.6","hashMD5":"7a0fe04d498b149fa2a7d223b80bd629","hashSHA1":"5d6d9752131f9dc3ade527da4919a43c4d8d32df","hashSHA256":"2ba900dabd9eb1c0f29dccea9b66b630bc49926962d64b049c1c115557413e69","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"642","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"utorrent_installer_240425.exe","isInstaller":"True","fileVersion":"3.6","hashMD5":"d4941a9f883722f1459fece9ca03b904","hashSHA1":"9afe8659552d8120cafe9f938f58edbbc0f64133","hashSHA256":"332157bc76c5508a2b160c1f64d256c6b4cad7f1c760e7119d9582c280802bb5","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"642","avBlockList":["COMODO Antivirus (20240604)","Dr.Web Security Space (20240604)","ESET Internet Security (20240604)","G DATA INTERNET SECURITY (20240604)","K7 Total Security (20240604)","Malwarebytes Premium (20240604)","Norton Security (20240604)","Panda Dome (20240604)","Quick Heal Internet Security (20240604)","Sophos Home Premium (20240604)","VirIT eXplorer PRO (20240604)","Webroot SecureAnywhere (20240604)"],"avAllowList":["360 Total Security (20240604)","Avast Premium Security (20240604)","AVG Internet Security (20240604)","Avira Internet Security (20240604)","Bitdefender Internet Security (20240604)","Kaspersky Internet Security (20240604)","McAfee Total Protection (20240604)","SpyHunter5 (20240604)","Total AV Antivirus Pro (20240604)","Trend Micro Internet Security (20240604)","VIPRE Advanced Security (20240604)","Windows Defender (20240604)"]},{"isRevoked":"False","fileName":"utorrent_installer_240426.exe","isInstaller":"True","fileVersion":"3.6","hashMD5":"0db5265e17f515ce4e94a49569511179","hashSHA1":"11cdc8ca1d922df75e707646e672a6a1a411ff8e","hashSHA256":"3a86fc570139bbcd849fd647754b24fa9b94a2e31b3f04e98f494be9940e7bb0","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"642","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"uTorrent Web","reference":"","landingPage":"https://www.utorrent.com/","directDownloadingLink":"https://www.utorrent.com/downloads/complete/track/stable/os/win/","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.utorrent.com/downloads/complete/track/stable/os/win/","sourceIndex":"642"}],"sampleFiles":["240521/uTorrentClassic-211215/3.6.0.47062/Samples/utorrent_installer.exe","240521/uTorrentClassic-211215/3.6.0.47062/Samples/utorrent_installer_240423.exe","240521/uTorrentClassic-211215/3.6.0.47062/Samples/utorrent_installer_240425.exe","240521/uTorrentClassic-211215/3.6.0.47062/Samples/utorrent_installer_240426.exe"],"imageFiles":["240521/uTorrentClassic-211215/3.6.0.47062/Images/ACR-042/ACR-042.PNG","240521/uTorrentClassic-211215/3.6.0.47062/Images/ACR-048/ACR-048.PNG","240521/uTorrentClassic-211215/3.6.0.47062/Images/ACR-084/ACR-084.PNG","240521/uTorrentClassic-211215/3.6.0.47062/Images/ACR-097/ACR-097.PNG","240521/uTorrentClassic-211215/3.6.0.47062/Images/ACR-097/ACR-097_1.PNG","240521/uTorrentClassic-211215/3.6.0.47062/Images/ACR-014/ACR-014.PNG","240521/uTorrentClassic-211215/3.6.0.47062/Images/ACR-013/ACR-013.PNG","240521/uTorrentClassic-211215/3.6.0.47062/Images/ACR-013/ACR-013_1.PNG","240521/uTorrentClassic-211215/3.6.0.47062/Images/ACR-013/ACR-013_2.PNG","240521/uTorrentClassic-211215/3.6.0.47062/Images/ACR-060/ACR-060.PNG","240521/uTorrentClassic-211215/3.6.0.47062/Images/ACR-060/ACR-060_1.PNG","240521/uTorrentClassic-211215/3.6.0.47062/Images/ACR-060/ACR-060_2.PNG"],"nonDeceptorImageFiles":[],"guid":"4b11710c-2201-4d5a-bf94-5850f6f9c6f1_3.6.0.47062_1","appID":"uTorrentClassic-211215","dateAdded":"260209","deceptorType":"App","name":"uTorrent Classic","company":"BitTorrent Inc.","version":"3.6.0.47062","lastKnownStatus":"3.5.5.46148;3.5.5.46200;3.5.5.46304;3.5.5.46348;3.5.5.46542;3.5.5.46552;3.6.0.46716;3.6.0.46812;3.6.0.46822;3.6.0.46828;3.6.0.46830;3.6.0.46842;3.6.0.46856;3.6.0.46884;3.6.0.46896;3.6.0.46922;3.6.0.47006;3.6.0.47012;;3.6.0.47016;3.6.0.47028;3.6.0.47044;3.6.0.47062;3.6.0.47082;3.6.0.47084;3.6.0.47124;3.6.0.47116;3.6.0.47132;3.6.0.47134;3.6.0.47228;3.6.0.47142","lastKnownDate":"260209","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2026-05-12T22:59:54.4956171+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":30,"sortOrder":36},{"violations":{"ACR-048":"The app does not provide any control to cancel the installation. \n","ACR-013":"During installation, the user is interrupted by non-consented offer to silently install unrelated software.\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software\n","ACR-084":" On closing the app, application doesn't exit completely. It runs silently in the background, hiding the fact that it is active from the consumer without any notification.\n","ACR-097":"During installation, the app has an option selected  \"Add an exception for uTorrent in windows firewall\" without explicit reason for such setting, that lower the default system security guard.\n"},"nonDeceptorViolations":{"ACR-040":"The app installs its components in \"C:\\Users\\User\\AppData\\Roaming\" path, instead of a standard location.\n"},"samples":[{"isRevoked":"False","fileName":"utorrent_installer.exe","isInstaller":"True","productName":"uTοrrent® Classic","productVersion":"3.6","fileVersion":"3.6","hashMD5":"53e2564c6672ced6626407f73a7a4823","hashSHA1":"89d4f2494b5e0d761908ebab91bfc2fa0434ba02","hashSHA256":"4143676fa02ba575e2f44974623086d3ca5ff8cf7f48ad21da4e394855fd7193","digitalCertThumbprint":"03F072F141084FFE88CF28E65258CEE35071F961","digitalCertIssuer":"CN=Sectigo Public Code Signing CA EV R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=Cassini Labs Ltd, O=Cassini Labs Ltd, S=Tel Aviv, C=IL, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=IL, SERIALNUMBER=514758457","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"121","avBlockList":["360 Total Security (20260507)","COMODO Antivirus (20260507)","ESET Internet Security (20260507)","FortectPremium (20260507)","G DATA INTERNET SECURITY (20260507)","K7 Total Security (20260507)","Malwarebytes Premium (20260507)","Panda Dome (20260507)","Quick Heal Internet Security (20260507)","Sophos Home Premium (20260507)","SpyHunter5 (20260507)","VirIT eXplorer PRO (20260507)","Webroot SecureAnywhere (20260507)","Windows Defender (20260507)"],"avAllowList":["Avast Premium Security (20260507)","AVG Internet Security (20260507)","Avira Internet Security (20260507)","Bitdefender Internet Security (20260507)","Dr.Web Security Space (20260507)","KasperskyPremium (20260507)","McAfee Total Protection (20260507)","Norton Security (20260507)","Total AV Antivirus Pro (20260507)","Trend Micro Internet Security (20260507)","VIPRE Advanced Security (20260507)"]}],"additionalFiles":[],"sources":[{"howFound":"uTorrent Web","reference":"","landingPage":"https://www.utorrent.com/","directDownloadingLink":"https://www.utorrent.com/downloads/complete/track/stable/os/win/","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.utorrent.com/downloads/complete/track/stable/os/win/","sourceIndex":"121"}],"sampleFiles":["260209/uTorrentClassic-211215/3.6.0.47228/Samples/utorrent_installer.exe"],"imageFiles":["260209/uTorrentClassic-211215/3.6.0.47228/Images/ACR-048/install2.png","260209/uTorrentClassic-211215/3.6.0.47228/Images/ACR-084/ACR-084.png","260209/uTorrentClassic-211215/3.6.0.47228/Images/ACR-097/ACR-097.png","260209/uTorrentClassic-211215/3.6.0.47228/Images/ACR-097/install6.png","260209/uTorrentClassic-211215/3.6.0.47228/Images/ACR-013/offer1.png","260209/uTorrentClassic-211215/3.6.0.47228/Images/ACR-013/offer2.png","260209/uTorrentClassic-211215/3.6.0.47228/Images/ACR-013/offer3.png","260209/uTorrentClassic-211215/3.6.0.47228/Images/ACR-060/ACR-060.PNG","260209/uTorrentClassic-211215/3.6.0.47228/Images/ACR-060/ACR-060_2.PNG","260209/uTorrentClassic-211215/3.6.0.47228/Images/ACR-060/offer1.png","260209/uTorrentClassic-211215/3.6.0.47228/Images/ACR-060/offer2.png","260209/uTorrentClassic-211215/3.6.0.47228/Images/ACR-060/offer3.png"],"nonDeceptorImageFiles":["260209/uTorrentClassic-211215/3.6.0.47228/Images/ACR-040/ACR-040.png"],"guid":"4b11710c-2201-4d5a-bf94-5850f6f9c6f1_3.6.0.47228_1","appID":"uTorrentClassic-211215","dateAdded":"260209","deceptorType":"App","name":"uTorrent Classic","company":"BitTorrent Inc.","version":"3.6.0.47228","lastKnownStatus":"3.5.5.46148;3.5.5.46200;3.5.5.46304;3.5.5.46348;3.5.5.46542;3.5.5.46552;3.6.0.46716;3.6.0.46812;3.6.0.46822;3.6.0.46828;3.6.0.46830;3.6.0.46842;3.6.0.46856;3.6.0.46884;3.6.0.46896;3.6.0.46922;3.6.0.47006;3.6.0.47012;;3.6.0.47016;3.6.0.47028;3.6.0.47044;3.6.0.47062;3.6.0.47082;3.6.0.47084;3.6.0.47124;3.6.0.47116;3.6.0.47132;3.6.0.47134;3.6.0.47228;3.6.0.47142","lastKnownDate":"260209","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2026-05-12T22:59:37.6028482+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":30,"sortOrder":28},{"violations":{"ACR-042":"The app initiates network communications with 3rd party offer provider before obtaining user consent\n","ACR-048":"The app does not provide any control to cancel the installation. \n","ACR-013":"During installation, the user is interrupted by non-consented offer to silently install unrelated software.\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software\n","ACR-084":" On closing the app, application doesn't exit completely. It runs silently in the background, hiding the fact that it is active from the consumer without any notification.\n","ACR-097":"During installation, the app has an option to evade the default system security guard \"Add an exception for BitTorrent in windows firewall\". \n","ACR-014":"The \"Accept\" button on the Opera Browser offer is used for two things: accepting an offer and accepting opera as the default browser. The \"Accept\" button is misleading and confusing because the user is easily led to believe that \"accept\" is only for installing Opera and not for changing the system browser default settings.\n"},"nonDeceptorViolations":{"ACR-040":"The app drops all its components in the hidden path \"C:\\Users\\User\\AppData\\Roaming\\utorrent\"\n"},"samples":[{"isRevoked":"False","fileName":"utorrent_installer.exe","isInstaller":"True","companyName":"                                                            ","productName":"uТorrеnt® Classic                                           ","productVersion":"3.6                                               ","fileVersion":"3.6                 ","hashMD5":"94f118546dcd976a53c33b90d5c1950c","hashSHA1":"4470a6f4e215bc54ea812a3f306bca31fc928385","hashSHA256":"81d480f48a5b36510f6473055a1e43778fee8b04990f0be1debd927ca4a0cf9b","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Rainberry Inc","storeId":"","sourceIndex":"709","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"utorrent_installer_240304.exe","isInstaller":"True","fileVersion":"3.6","hashMD5":"3c3235a0150976f5005e3a2cd0c37599","hashSHA1":"13990458334cad615f0158781663c860c8e15ad0","hashSHA256":"ba446a4d7bc5fff2c0f161eec08b7ff0c517e31de809c7cb4ded06f6c83e75dd","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"709","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"utorrent_installer_240305.exe","isInstaller":"True","fileVersion":"3.6","hashMD5":"d21ba702cbf98a4c6492bef0cb73fd7e","hashSHA1":"31a48265a2a6f2cd9479a7c495e63d500568bd28","hashSHA256":"c47613f7eec1bbf8a562b01b48a3bd9910abf2de1276a3e1d743307350dfb8c5","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"709","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"utorrent_installer_240306.exe","isInstaller":"True","fileVersion":"3.6","hashMD5":"3d1d6054f7dd295d65b34ab868744eca","hashSHA1":"37de23546ddd5e1f84243cfeba39b5dfd33f0802","hashSHA256":"4a8cdaed980850edfcbbf7aaffb1bb6264f58a00c9d2358d24bd6ceb312997f7","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"709","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"utorrent_installer_240307.exe","isInstaller":"True","fileVersion":"3.6","hashMD5":"b04400605900af1b738f740f7a5df6ac","hashSHA1":"8cdfb00e64efddb751e42fa7c2a45c6bd0da5072","hashSHA256":"53684f5cabf37edf5acfd4d490f208b1f3882cd97f847d897d0301ed974acf69","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"709","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"utorrent_installer_240308.exe","isInstaller":"True","fileVersion":"3.6","hashMD5":"1bf1c11f98955872a83f74c9e1c38792","hashSHA1":"b74909e5888c9ccef21545505280116f81791c49","hashSHA256":"703926b0b33019b24db8fbf1e2da266b4b7eea4a0eec8de43c75b1f4690bc2a8","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"709","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"utorrent_installer_240311.exe","isInstaller":"True","fileVersion":"3.6","hashMD5":"c48ce3b5996267593434038ccddaefc0","hashSHA1":"c3623f6f6cdec02c0bd9c9b2cb7cab011e78018b","hashSHA256":"956e8f82345eec669d1569e053d25a4a41f23fcc7de296f673b3ef6b09f4cf3c","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"709","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"utorrent_installer_240318.exe","isInstaller":"True","fileVersion":"3.6","hashMD5":"090bf850327900a66e6105aef14f4958","hashSHA1":"60b3e8e1bf3e0a5959eee53aeca300e5aba26046","hashSHA256":"5a3a8a7069f5d5894a3582a74a7f8c788a49528469590633360af0a90ddd6e1b","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"709","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"uTorrent Web","reference":"","landingPage":"https://www.utorrent.com/","directDownloadingLink":"https://www.utorrent.com/downloads/complete/track/stable/os/win/","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.utorrent.com/downloads/complete/track/stable/os/win/","sourceIndex":"709"}],"sampleFiles":["240319/uTorrentClassic-211215/3.6.0.47016/Samples/utorrent_installer.exe","240319/uTorrentClassic-211215/3.6.0.47016/Samples/utorrent_installer_240304.exe","240319/uTorrentClassic-211215/3.6.0.47016/Samples/utorrent_installer_240305.exe","240319/uTorrentClassic-211215/3.6.0.47016/Samples/utorrent_installer_240306.exe","240319/uTorrentClassic-211215/3.6.0.47016/Samples/utorrent_installer_240307.exe","240319/uTorrentClassic-211215/3.6.0.47016/Samples/utorrent_installer_240308.exe","240319/uTorrentClassic-211215/3.6.0.47016/Samples/utorrent_installer_240311.exe","240319/uTorrentClassic-211215/3.6.0.47016/Samples/utorrent_installer_240318.exe"],"imageFiles":["240319/uTorrentClassic-211215/3.6.0.47016/Images/ACR-042/ACR-042.PNG","240319/uTorrentClassic-211215/3.6.0.47016/Images/ACR-048/ACR-048.PNG","240319/uTorrentClassic-211215/3.6.0.47016/Images/ACR-084/ACR-084.PNG","240319/uTorrentClassic-211215/3.6.0.47016/Images/ACR-097/ACR-097.PNG","240319/uTorrentClassic-211215/3.6.0.47016/Images/ACR-014/ACR-014.PNG","240319/uTorrentClassic-211215/3.6.0.47016/Images/ACR-013/ACR-013.PNG","240319/uTorrentClassic-211215/3.6.0.47016/Images/ACR-013/ACR-013_1.PNG","240319/uTorrentClassic-211215/3.6.0.47016/Images/ACR-013/ACR-013_2.PNG","240319/uTorrentClassic-211215/3.6.0.47016/Images/ACR-060/ACR-060.PNG","240319/uTorrentClassic-211215/3.6.0.47016/Images/ACR-060/ACR-060_1.PNG","240319/uTorrentClassic-211215/3.6.0.47016/Images/ACR-060/ACR-060_2.PNG"],"nonDeceptorImageFiles":["240319/uTorrentClassic-211215/3.6.0.47016/Images/ACR-040/ACR-040.PNG"],"guid":"4b11710c-2201-4d5a-bf94-5850f6f9c6f1_3.6.0.47016_1","appID":"uTorrentClassic-211215","dateAdded":"260209","deceptorType":"App","name":"uTorrent Classic","company":"BitTorrent Inc.","version":"3.6.0.47016","lastKnownStatus":"3.5.5.46148;3.5.5.46200;3.5.5.46304;3.5.5.46348;3.5.5.46542;3.5.5.46552;3.6.0.46716;3.6.0.46812;3.6.0.46822;3.6.0.46828;3.6.0.46830;3.6.0.46842;3.6.0.46856;3.6.0.46884;3.6.0.46896;3.6.0.46922;3.6.0.47006;3.6.0.47012;;3.6.0.47016;3.6.0.47028;3.6.0.47044;3.6.0.47062;3.6.0.47082;3.6.0.47084;3.6.0.47124;3.6.0.47116;3.6.0.47132;3.6.0.47134;3.6.0.47228;3.6.0.47142","lastKnownDate":"260209","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2026-05-12T22:59:56.3873674+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":30,"sortOrder":38},{"violations":{"ACR-042":"The app initiates network communications with 3rd party offer provider before obtaining user consent\n","ACR-048":"The app does not provide any control to cancel the installation. \n","ACR-013":"During installation, the user is interrupted by non-consented offer to silently install unrelated software.\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software\n","ACR-084":" On closing the app, application doesn't exit completely. It runs silently in the background, hiding the fact that it is active from the consumer without any notification.\n","ACR-097":"During installation, the app has an option selected  \"Add an exception for uTorrent in windows firewall\" without explicit reason for such setting, that lower the default system security guard.\n","ACR-014":"The \"Accept\" button on the Norton Browser offer is used for two things: accepting an offer and accepting Norton as the default browser. The \"Accept\" button is misleading and confusing because the user is easily led to believe that \"Accept\" is only for installing Norton and not for changing the system browser's default settings.\n"},"nonDeceptorViolations":{"ACR-040":"The app drops all its components in the hidden path \"C:\\Users\\User\\AppData\\Roaming\\utorrent\"\n"},"samples":[{"isRevoked":"False","fileName":"utorrent_installer.exe","isInstaller":"True","companyName":"                                                            ","productName":"uТorrеnt® Classic                                           ","productVersion":"3.6                                               ","fileVersion":"3.6                 ","hashMD5":"0bb603a70d48c249477b37d8d038d36a","hashSHA1":"2da19ade46bf4cf4cff6c0472a9c4aaa8b229f5f","hashSHA256":"7d13f8ec0a2cf0cdbac2113427194ff7b02b6ede0e57e536a72ceb3096f5092d","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Rainberry Inc","storeId":"","sourceIndex":"670","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"utorrent_installer_240325.exe","isInstaller":"True","fileVersion":"3.6","hashMD5":"2f97c0673f0255e2c1eed8d754343a6b","hashSHA1":"c5c3dbf02ce22493f548195aab750ae8265877aa","hashSHA256":"ca4c4b987da410d20719aaac8c86d547bbb84128aa8960b03a4e0641797d9070","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"670","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"utorrent_installer_240327.exe","isInstaller":"True","fileVersion":"3.6","hashMD5":"b04400605900af1b738f740f7a5df6ac","hashSHA1":"8cdfb00e64efddb751e42fa7c2a45c6bd0da5072","hashSHA256":"53684f5cabf37edf5acfd4d490f208b1f3882cd97f847d897d0301ed974acf69","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"670","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"uTorrent Web","reference":"","landingPage":"https://www.utorrent.com/","directDownloadingLink":"https://www.utorrent.com/downloads/complete/track/stable/os/win/","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.utorrent.com/downloads/complete/track/stable/os/win/","sourceIndex":"670"}],"sampleFiles":["240328/uTorrentClassic-211215/3.6.0.47028/Samples/utorrent_installer.exe","240328/uTorrentClassic-211215/3.6.0.47028/Samples/utorrent_installer_240325.exe","240328/uTorrentClassic-211215/3.6.0.47028/Samples/utorrent_installer_240327.exe"],"imageFiles":["240328/uTorrentClassic-211215/3.6.0.47028/Images/ACR-042/ACR-042.PNG","240328/uTorrentClassic-211215/3.6.0.47028/Images/ACR-048/ACR-048.PNG","240328/uTorrentClassic-211215/3.6.0.47028/Images/ACR-084/ACR-084.PNG","240328/uTorrentClassic-211215/3.6.0.47028/Images/ACR-097/ACR-097.PNG","240328/uTorrentClassic-211215/3.6.0.47028/Images/ACR-097/ACR-097_1.PNG","240328/uTorrentClassic-211215/3.6.0.47028/Images/ACR-014/ACR-014.PNG","240328/uTorrentClassic-211215/3.6.0.47028/Images/ACR-013/ACR-013.PNG","240328/uTorrentClassic-211215/3.6.0.47028/Images/ACR-013/ACR-013_1.PNG","240328/uTorrentClassic-211215/3.6.0.47028/Images/ACR-013/ACR-013_2.PNG","240328/uTorrentClassic-211215/3.6.0.47028/Images/ACR-060/ACR-060.PNG","240328/uTorrentClassic-211215/3.6.0.47028/Images/ACR-060/ACR-060_1.PNG","240328/uTorrentClassic-211215/3.6.0.47028/Images/ACR-060/ACR-060_2.PNG"],"nonDeceptorImageFiles":["240328/uTorrentClassic-211215/3.6.0.47028/Images/ACR-040/ACR-040.PNG"],"guid":"4b11710c-2201-4d5a-bf94-5850f6f9c6f1_3.6.0.47028_1","appID":"uTorrentClassic-211215","dateAdded":"260209","deceptorType":"App","name":"uTorrent Classic","company":"BitTorrent Inc.","version":"3.6.0.47028","lastKnownStatus":"3.5.5.46148;3.5.5.46200;3.5.5.46304;3.5.5.46348;3.5.5.46542;3.5.5.46552;3.6.0.46716;3.6.0.46812;3.6.0.46822;3.6.0.46828;3.6.0.46830;3.6.0.46842;3.6.0.46856;3.6.0.46884;3.6.0.46896;3.6.0.46922;3.6.0.47006;3.6.0.47012;;3.6.0.47016;3.6.0.47028;3.6.0.47044;3.6.0.47062;3.6.0.47082;3.6.0.47084;3.6.0.47124;3.6.0.47116;3.6.0.47132;3.6.0.47134;3.6.0.47228;3.6.0.47142","lastKnownDate":"260209","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2026-05-12T22:59:55.573471+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":30,"sortOrder":37},{"violations":{"ACR-042":"App drops hidden file/potential offer app info in hidden folder without user permission. \n","ACR-048":"The app does not provide any control to cancel the installation. Even on canceling it installs the application. \n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software.\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software\n","ACR-084":"On closing the app, application doesn't exit completely. It runs silently in the background, hiding the fact that it is active from the consumer without any notification.\n","ACR-097":"During installation, the app has an option to evade the default system security guard \"Add an exception for BitTorrent in windows firewall\". \n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components on the device without the consumer's consent. \n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"uTorrent.exe","companyName":"BitTorrent Inc.","fileVersion":"3.6","hashMD5":"1009e138a3edeef04ec3a0c3bddfdf20","hashSHA1":"f8889787ca28a22aaac0a958b07f29c21a0ca733","hashSHA256":"962ca30406e010630cc520c1b63233c8d67cdab34c4e389dd16cf4957b938d91","digitalCertThumbprint":"09AFB68255629E565090CAC7EA49AAD67143FA93","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"1002","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"utorrent_installer.exe","isInstaller":"True","fileVersion":"3.6","hashMD5":"34fe9c7c02c7be98c80caa299933aa22","hashSHA1":"55eb6cf381ef96949a25f0c0adec7c7f180e9914","hashSHA256":"ef7c7ec794e42224c24d5857c65657f214cf97531f8f4ed9524799eaba31a210","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"1002","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"utorrent_installer_062923.exe","isInstaller":"True","fileVersion":"3.6","hashMD5":"ddc44cfe17b7e695f076569a42dfab7d","hashSHA1":"88678b15f02f1e658c2437475a068fa8f61a3d99","hashSHA256":"4ac4a2c4406d1f822b1fb079afb8d863c4073b41a030bf539b87dbc02d4b76ca","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"1002","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"uTorrent Web","reference":"","landingPage":"https://www.utorrent.com/","directDownloadingLink":"https://www.utorrent.com/downloads/complete/track/stable/os/win/","ipv4":"","ipv6":"","landingPageWildChar":"","directDownloadingLinkWildChar":"https://www.utorrent.com/downloads/complete/track/stable/os/win/","sourceIndex":"1002"}],"sampleFiles":["230711/uTorrentClassic-211215/3.6.0.46828/Samples/uTorrent.exe","230711/uTorrentClassic-211215/3.6.0.46828/Samples/utorrent_installer.exe","230711/uTorrentClassic-211215/3.6.0.46828/Samples/utorrent_installer_062923.exe"],"imageFiles":["230711/uTorrentClassic-211215/3.6.0.46828/Images/ACR-042/ACR-042.png","230711/uTorrentClassic-211215/3.6.0.46828/Images/ACR-048/ACR-048.png","230711/uTorrentClassic-211215/3.6.0.46828/Images/ACR-084/ACR-084.png","230711/uTorrentClassic-211215/3.6.0.46828/Images/ACR-097/ACR-097.png","230711/uTorrentClassic-211215/3.6.0.46828/Images/ACR-118/ACR-118.png","230711/uTorrentClassic-211215/3.6.0.46828/Images/ACR-013/ACR-013_060.png","230711/uTorrentClassic-211215/3.6.0.46828/Images/ACR-060/ACR-013_060.png"],"nonDeceptorImageFiles":[],"guid":"4b11710c-2201-4d5a-bf94-5850f6f9c6f1_3.6.0.46828_1","appID":"uTorrentClassic-211215","dateAdded":"260209","deceptorType":"App","name":"uTorrent Classic","company":"BitTorrent Inc.","version":"3.6.0.46828","lastKnownStatus":"3.5.5.46148;3.5.5.46200;3.5.5.46304;3.5.5.46348;3.5.5.46542;3.5.5.46552;3.6.0.46716;3.6.0.46812;3.6.0.46822;3.6.0.46828;3.6.0.46830;3.6.0.46842;3.6.0.46856;3.6.0.46884;3.6.0.46896;3.6.0.46922;3.6.0.47006;3.6.0.47012;;3.6.0.47016;3.6.0.47028;3.6.0.47044;3.6.0.47062;3.6.0.47082;3.6.0.47084;3.6.0.47124;3.6.0.47116;3.6.0.47132;3.6.0.47134;3.6.0.47228;3.6.0.47142","lastKnownDate":"260209","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2026-05-12T23:00:04.3650445+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":30,"sortOrder":47},{"violations":{"ACR-042":"App drops hidden file/potential offer app info in hidden folder without user permission. \n","ACR-048":"The app does not provide any control to cancel the installation. Even on canceling it installs the application. \n","ACR-013":"During installation, the user is interrupted by non-consented offer to silently install unrelated software.\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software\n","ACR-084":" On closing the app, application doesn't exit completely. It runs silently in the background, hiding the fact that it is active from the consumer without any notification.\n","ACR-097":"During installation, the app has an option to evade the default system security guard \"Add an exception for BitTorrent in windows firewall\". \n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"C:\\Users\\User\\AppData\\Roaming\\utorrent\\uTorrent.exe","companyName":"BitTorrent Inc.","productName":"µTorrent","productVersion":"3.6.0.46856","fileVersion":"3.6.0.46856","hashMD5":"4a3ce2950995959b3a1188f4e7657523","hashSHA1":"413241f0d81434fb0115d86e69a952959ffccaae","hashSHA256":"379ab962949d2d807fdeaaf1aff04435c253058939cc2fdec6ecea1880476c24","digitalCertThumbprint":"09AFB68255629E565090CAC7EA49AAD67143FA93","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Rainberry Inc","storeId":"","sourceIndex":"926","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"utorrent_installer.exe","isInstaller":"True","companyName":"                                                            ","productName":"uTorrent® Classic                                           ","productVersion":"3.6                                               ","fileVersion":"3.6                 ","hashMD5":"c73cbc75ca44c32aa9772bedfd245788","hashSHA1":"11ac42027f69bde30b4ea50f81e7ad5f2727eeb3","hashSHA256":"cea182357dbf0aa245cad4ef7e339d2c7c6d25d7ae181f9f522e6da4c111a022","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Rainberry Inc","storeId":"","sourceIndex":"926","avBlockList":["COMODO Antivirus (20231219)","Dr.Web Security Space (20231219)","ESET Internet Security (20231219)","G DATA INTERNET SECURITY (20231219)","K7 Total Security (20231219)","Malwarebytes Premium (20231219)","Norton Security (20231219)","Panda Dome (20231219)","Quick Heal Internet Security (20231219)","Sophos Home Premium (20231219)","VirIT eXplorer PRO (20231219)","Webroot SecureAnywhere (20231219)"],"avAllowList":["360 Total Security (20231219)","Avast Premium Security (20231219)","AVG Internet Security (20231219)","Avira Internet Security (20231219)","Bitdefender Internet Security (20231219)","Kaspersky Internet Security (20231219)","McAfee Total Protection (20231219)","SpyHunter5 (20231219)","Total AV Antivirus Pro (20231219)","Trend Micro Internet Security (20231219)","VIPRE Advanced Security (20231219)","Windows Defender (20231219)"]},{"isRevoked":"False","fileName":"utorrent_installer_110823.exe","isInstaller":"True","productName":"uTorrent® Classic          ","productVersion":"3.6    ","fileVersion":"3.6","hashMD5":"685489a499de173fd16af300092e88f7","hashSHA1":"4d65b9f499e5b3a7453553236482673866922283","hashSHA256":"dd0e988d3c5778ac32801d5512d38b2ae1e4852b99e35eef12a865f6caf7d1d4","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Rainberry Inc","sourceIndex":"926","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"uTorrent Web","reference":"","landingPage":"https://www.utorrent.com/","directDownloadingLink":"https://www.utorrent.com/downloads/complete/track/stable/os/win/","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.utorrent.com/downloads/complete/track/stable/os/win/","sourceIndex":"926"}],"sampleFiles":["230811/uTorrentClassic-211215/3.6.0.46856/Samples/utorrent_installer.exe","230811/uTorrentClassic-211215/3.6.0.46856/Samples/utorrent_installer_110823.exe"],"imageFiles":["230811/uTorrentClassic-211215/3.6.0.46856/Images/ACR-042/ACR-042_Install_1.png","230811/uTorrentClassic-211215/3.6.0.46856/Images/ACR-048/ACR-048_Install_1.png","230811/uTorrentClassic-211215/3.6.0.46856/Images/ACR-084/ACR-084_Software_1.png","230811/uTorrentClassic-211215/3.6.0.46856/Images/ACR-097/ACR-097_Software_1.png","230811/uTorrentClassic-211215/3.6.0.46856/Images/ACR-013/ACR-013_Install_1.png","230811/uTorrentClassic-211215/3.6.0.46856/Images/ACR-013/ACR-013_Install_2.png","230811/uTorrentClassic-211215/3.6.0.46856/Images/ACR-013/ACR-013_Install_3.png","230811/uTorrentClassic-211215/3.6.0.46856/Images/ACR-060/ACR-060_Bundler-made offers_1.png","230811/uTorrentClassic-211215/3.6.0.46856/Images/ACR-060/ACR-060_Bundler-made offers_2.png","230811/uTorrentClassic-211215/3.6.0.46856/Images/ACR-060/ACR-060_Bundler-made offers_3.png"],"nonDeceptorImageFiles":[],"guid":"4b11710c-2201-4d5a-bf94-5850f6f9c6f1_3.6.0.46856_1","appID":"uTorrentClassic-211215","dateAdded":"260209","deceptorType":"App","name":"uTorrent Classic","company":"BitTorrent Inc.","version":"3.6.0.46856","lastKnownStatus":"3.5.5.46148;3.5.5.46200;3.5.5.46304;3.5.5.46348;3.5.5.46542;3.5.5.46552;3.6.0.46716;3.6.0.46812;3.6.0.46822;3.6.0.46828;3.6.0.46830;3.6.0.46842;3.6.0.46856;3.6.0.46884;3.6.0.46896;3.6.0.46922;3.6.0.47006;3.6.0.47012;;3.6.0.47016;3.6.0.47028;3.6.0.47044;3.6.0.47062;3.6.0.47082;3.6.0.47084;3.6.0.47124;3.6.0.47116;3.6.0.47132;3.6.0.47134;3.6.0.47228;3.6.0.47142","lastKnownDate":"260209","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2026-05-12T23:00:02.620788+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":30,"sortOrder":44},{"violations":{"ACR-042":"App drops potential offer app info in hidden folder without user permission. \n","ACR-048":"The app does not provide any control to cancel the installation. Even on canceling it installs the application. \n","ACR-013":"During installation, the user is interrupted by non-consented offer to silently install unrelated software.\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software\n","ACR-084":" On closing the app, application doesn't exit completely. It runs silently in the background, hiding the fact that it is active from the consumer without any notification.\n","ACR-097":"During installation, the app has an option to evade the default system security guard \"Add an exception for BitTorrent in windows firewall\". \n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"uTorrent.exe","companyName":"BitTorrent Inc.","fileVersion":"3.6","hashMD5":"64394d87c41476e3c75e1c435342dea4","hashSHA1":"12a146778da65f436c096f5cb005aeb3ce774b7c","hashSHA256":"d69786c703d99c3c305952c67a4ff02911b31cabc1d41ebf17a128e66112cd13","digitalCertThumbprint":"09AFB68255629E565090CAC7EA49AAD67143FA93","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"916","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"utorrent_installer.exe","isInstaller":"True","fileVersion":"3.6","hashMD5":"8399e2328e74253f7d5ae6293840d954","hashSHA1":"e2054432a188315d45f41c5e4adf1871b8d19458","hashSHA256":"b628a28046502aeb3befc908c4383341d2a5164baf8a86dfd7e92a3ec23ef11d","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"916","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"utorrent_installer_230818.exe","isInstaller":"True","fileVersion":"3.6","hashMD5":"51b7df10c11728e06e8df45c128ec0dc","hashSHA1":"3221ae56450dee26a620a6f6b1dd0cc18d9b6721","hashSHA256":"5781f34bfd6f640588c91d4e068ecea7dd09c2c8689bf1660baa81d6ec5bf0a0","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"916","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"utorrent_installer_230823.exe","isInstaller":"True","fileVersion":"3.6","hashMD5":"241ce365f228ee5f74d81b3fea14e09a","hashSHA1":"700b05506dd3eebb4b87ff545f6d2bb6af6a3ae3","hashSHA256":"bf4ee47d0df1870104f4fada8a68c2fb29e94fea9284c7bb6a6b385a718d8a18","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"916","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"utorrent_installer_230829.exe","isInstaller":"True","fileVersion":"3.6","hashMD5":"732f9aa272ebd89d79950fb6ffe8f6c7","hashSHA1":"3713a0a8fa35946b7096a9df9b4b39ce5c0aad45","hashSHA256":"24ee499cb6c328e7a3d4aa3494ba121b17ba43cdfeded80694a795595c0b9af8","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"916","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"utorrent_installer_230831.exe","isInstaller":"True","fileVersion":"3.6","hashMD5":"00c064c24f9a63bd3e724ba584f37283","hashSHA1":"efe70070810aa513f5c27c1166e1a1872c68e985","hashSHA256":"d4c23af61f43210023a86976eac522cfd9d9b90c1be1ef9234769a449ab50aa4","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"916","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"uTorrent Web","reference":"","landingPage":"https://www.utorrent.com/","directDownloadingLink":"https://www.utorrent.com/downloads/complete/track/stable/os/win/","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.utorrent.com/downloads/complete/track/stable/os/win/","sourceIndex":"916"}],"sampleFiles":["230831/uTorrentClassic-211215/3.6.0.46884/Samples/uTorrent.exe","230831/uTorrentClassic-211215/3.6.0.46884/Samples/utorrent_installer.exe","230831/uTorrentClassic-211215/3.6.0.46884/Samples/utorrent_installer_230818.exe","230831/uTorrentClassic-211215/3.6.0.46884/Samples/utorrent_installer_230823.exe","230831/uTorrentClassic-211215/3.6.0.46884/Samples/utorrent_installer_230829.exe","230831/uTorrentClassic-211215/3.6.0.46884/Samples/utorrent_installer_230831.exe"],"imageFiles":["230831/uTorrentClassic-211215/3.6.0.46884/Images/ACR-042/ACR-042.jpg","230831/uTorrentClassic-211215/3.6.0.46884/Images/ACR-048/ACR-048_Install_1.png","230831/uTorrentClassic-211215/3.6.0.46884/Images/ACR-084/BackgroundProcess.jpg","230831/uTorrentClassic-211215/3.6.0.46884/Images/ACR-097/ACR-097.jpg","230831/uTorrentClassic-211215/3.6.0.46884/Images/ACR-013/OptionalOffer.jpg","230831/uTorrentClassic-211215/3.6.0.46884/Images/ACR-060/ACR-060_Bundler-made offers_1.png","230831/uTorrentClassic-211215/3.6.0.46884/Images/ACR-060/ACR-060_Bundler-made offers_2.png","230831/uTorrentClassic-211215/3.6.0.46884/Images/ACR-060/ACR-060_Bundler-made offers_3.png"],"nonDeceptorImageFiles":[],"guid":"4b11710c-2201-4d5a-bf94-5850f6f9c6f1_3.6.0.46884_1","appID":"uTorrentClassic-211215","dateAdded":"260209","deceptorType":"App","name":"uTorrent Classic","company":"BitTorrent Inc.","version":"3.6.0.46884","lastKnownStatus":"3.5.5.46148;3.5.5.46200;3.5.5.46304;3.5.5.46348;3.5.5.46542;3.5.5.46552;3.6.0.46716;3.6.0.46812;3.6.0.46822;3.6.0.46828;3.6.0.46830;3.6.0.46842;3.6.0.46856;3.6.0.46884;3.6.0.46896;3.6.0.46922;3.6.0.47006;3.6.0.47012;;3.6.0.47016;3.6.0.47028;3.6.0.47044;3.6.0.47062;3.6.0.47082;3.6.0.47084;3.6.0.47124;3.6.0.47116;3.6.0.47132;3.6.0.47134;3.6.0.47228;3.6.0.47142","lastKnownDate":"260209","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2026-05-12T23:00:02.1268739+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":30,"sortOrder":43},{"violations":{"ACR-042":"App drops hidden file/potential offer app info in hidden folder without user permission. \n","ACR-048":"The app does not provide any control to cancel the installation. Even on canceling it installs the application. \n","ACR-013":"During installation, the user is interrupted by non-consented offer to silently install unrelated software.\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software\n","ACR-084":"On closing the app, application doesn't exit completely. It runs silently in the background, hiding the fact that it is active from the consumer without any notification.\n","ACR-097":"During installation, the app has an option to evade the default system security guard \"Add an exception for BitTorrent in windows firewall\". \n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"uTorrent.exe","companyName":"BitTorrent Inc.","fileVersion":"3.6","hashMD5":"3af5988dba2e27be3402ee9c7f217407","hashSHA1":"8b289c7d4d504d00b4f2d1521038ab35ca047a50","hashSHA256":"410e099f3626ac1c89a7188ac3007e82f3a71aaf4b09250bf8476f23e9248594","digitalCertThumbprint":"09AFB68255629E565090CAC7EA49AAD67143FA93","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"990","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"utorrent_installer.exe","isInstaller":"True","fileVersion":"3.6","hashMD5":"20ca2e9b1799f4ca49a842938de2c311","hashSHA1":"c04246d5ebb3d1099e965ebeda9497d28c594956","hashSHA256":"00537e33ed066991e4a6f8d8ee76c158ee990649cf3f24c2561b2b9436742944","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"990","avBlockList":["COMODO Antivirus (20240305)","Dr.Web Security Space (20240305)","ESET Internet Security (20240305)","G DATA INTERNET SECURITY (20240305)","Kaspersky Internet Security (20240305)","Malwarebytes Premium (20240305)","Norton Security (20240305)","Panda Dome (20240305)","Sophos Home Premium (20240305)","VirIT eXplorer PRO (20240305)","Webroot SecureAnywhere (20240305)"],"avAllowList":["360 Total Security (20240305)","Avast Premium Security (20240305)","AVG Internet Security (20240305)","Avira Internet Security (20240305)","Bitdefender Internet Security (20240305)","K7 Total Security (20240305)","McAfee Total Protection (20240305)","Quick Heal Internet Security (20240305)","SpyHunter5 (20240305)","Total AV Antivirus Pro (20240305)","Trend Micro Internet Security (20240305)","VIPRE Advanced Security (20240305)","Windows Defender (20240305)"]}],"additionalFiles":[],"sources":[{"howFound":"uTorrent Web","reference":"","landingPage":"https://www.utorrent.com/","directDownloadingLink":"https://www.utorrent.com/downloads/complete/track/stable/os/win/","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.utorrent.com/downloads/complete/track/stable/os/win/","sourceIndex":"990"}],"sampleFiles":["230712/uTorrentClassic-211215/3.6.0.46830/Samples/uTorrent.exe","230712/uTorrentClassic-211215/3.6.0.46830/Samples/utorrent_installer.exe"],"imageFiles":["230712/uTorrentClassic-211215/3.6.0.46830/Images/ACR-042/uTW-ACR-042.jpg","230712/uTorrentClassic-211215/3.6.0.46830/Images/ACR-048/ACR-048.png","230712/uTorrentClassic-211215/3.6.0.46830/Images/ACR-084/uTC-ACR-084.jpg","230712/uTorrentClassic-211215/3.6.0.46830/Images/ACR-097/uTC-FirewallException.jpg","230712/uTorrentClassic-211215/3.6.0.46830/Images/ACR-013/uTC-OptionalOffer.jpg","230712/uTorrentClassic-211215/3.6.0.46830/Images/ACR-060/uTC-OptionalOffer.jpg"],"nonDeceptorImageFiles":[],"guid":"4b11710c-2201-4d5a-bf94-5850f6f9c6f1_3.6.0.46830_1","appID":"uTorrentClassic-211215","dateAdded":"260209","deceptorType":"App","name":"uTorrent Classic","company":"BitTorrent Inc.","version":"3.6.0.46830","lastKnownStatus":"3.5.5.46148;3.5.5.46200;3.5.5.46304;3.5.5.46348;3.5.5.46542;3.5.5.46552;3.6.0.46716;3.6.0.46812;3.6.0.46822;3.6.0.46828;3.6.0.46830;3.6.0.46842;3.6.0.46856;3.6.0.46884;3.6.0.46896;3.6.0.46922;3.6.0.47006;3.6.0.47012;;3.6.0.47016;3.6.0.47028;3.6.0.47044;3.6.0.47062;3.6.0.47082;3.6.0.47084;3.6.0.47124;3.6.0.47116;3.6.0.47132;3.6.0.47134;3.6.0.47228;3.6.0.47142","lastKnownDate":"260209","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2026-05-12T23:00:04.1912865+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":30,"sortOrder":46},{"violations":{"ACR-048":"The app does not provide any control to cancel the installation. \n","ACR-013":"During installation, the user is interrupted by non-consented offer to silently install unrelated software.\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software\n","ACR-084":" On closing the app, application doesn't exit completely. It runs silently in the background, hiding the fact that it is active from the consumer without any notification.\n","ACR-097":"During installation, the app has an option to evade the default system security guard \"Add an exception for BitTorrent in windows firewall\". \n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"C:\\Users\\User\\AppData\\Roaming\\utorrent\\uTorrent.exe","companyName":"BitTorrent Inc.","productName":"µTorrent","productVersion":"3.6.0.46922","fileVersion":"3.6.0.46922","hashMD5":"c020799e4ab5e3266ad6a6e20127e948","hashSHA1":"84125e94ab4a13e0afad5fc7301176d025de4963","hashSHA256":"a3eb4ccb3265575ecad27583ba614c5d4c4c7436948eb1cfb0b6d326444f445d","digitalCertThumbprint":"09AFB68255629E565090CAC7EA49AAD67143FA93","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Rainberry Inc","storeId":"","sourceIndex":"759","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"utorrent_installer.exe","isInstaller":"True","companyName":"                                                            ","productName":"uТorrеnt® Classic                                           ","productVersion":"3.6                                               ","fileVersion":"3.6                 ","hashMD5":"67b187d5806de105737b68b208c07d64","hashSHA1":"513e7cb5c37057e1a64ae1682f22f8bbd5ae2608","hashSHA256":"26c3f51a34b8a7d6745a02b8b8ed4cd9d89c514da0803a03b95fa799b408e592","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Rainberry Inc","storeId":"","sourceIndex":"759","avBlockList":["COMODO Antivirus (20240116)","Dr.Web Security Space (20240116)","ESET Internet Security (20240116)","G DATA INTERNET SECURITY (20240116)","Malwarebytes Premium (20240116)","Norton Security (20240116)","Panda Dome (20240116)","Quick Heal Internet Security (20240116)","Sophos Home Premium (20240116)","VirIT eXplorer PRO (20240116)","Webroot SecureAnywhere (20240116)"],"avAllowList":["360 Total Security (20240116)","Avast Premium Security (20240116)","AVG Internet Security (20240116)","Avira Internet Security (20240116)","Bitdefender Internet Security (20240116)","K7 Total Security (20240116)","Kaspersky Internet Security (20240116)","McAfee Total Protection (20240116)","SpyHunter5 (20240116)","Total AV Antivirus Pro (20240116)","Trend Micro Internet Security (20240116)","VIPRE Advanced Security (20240116)","Windows Defender (20240116)"]},{"isRevoked":"False","fileName":"utorrent_installer_231114.exe","isInstaller":"True","fileVersion":"3.6","hashMD5":"aa0690e11e7608867c447fb8cf63c12c","hashSHA1":"2abdc50620015a9ef0ebbc0cbaee416fa30feacf","hashSHA256":"9a8644a7877f73fce9429139eb8f6efbb17951cac99f26f8bea2cdfec6ab6390","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"759","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"utorrent_installer_231116.exe","isInstaller":"True","fileVersion":"3.6","hashMD5":"ab6e0ebc02985a49a54a2e7141d68497","hashSHA1":"dd25faeba53daf84537919b919a4e9bc7e05d0b0","hashSHA256":"cb1f1f0e42cb0fea9ef6daf6824201dafbd9578c9de2972d5a09379c6ab88f81","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"759","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"utorrent_installer_231116_2.exe","isInstaller":"True","fileVersion":"3.6","hashMD5":"ef1ad54515af77ac27ba9db55eef7804","hashSHA1":"2c186e06ccc0d73009e3cd6c2a9d191714650e46","hashSHA256":"f846dc0d2021ca20410d3573646ad52841ae552b5aceedf6544611def2d3cd95","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"759","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"utorrent_installer_231117.exe","isInstaller":"True","fileVersion":"3.6","hashMD5":"fc078a86fab736ba9de5553a8a8bcc77","hashSHA1":"3c4d54b0d478d50b5222ed54ecf1ff8a35ae5fcf","hashSHA256":"6d602a9b75bd60734a4f145c939d0abe9c1fff20e578230978e4da074909083e","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"759","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"utorrent_installer_231120.exe","isInstaller":"True","fileVersion":"3.6","hashMD5":"73b09509e8783cbb34b09102f56b1056","hashSHA1":"044f589fc3e8a2b61fadb26823d166277de2ab81","hashSHA256":"eecab1911054f1aa686690e9cdaf172bbae99155315fc0805c6e56cd73090e1a","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"759","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"utorrent_installer_231124.exe","isInstaller":"True","fileVersion":"3.6","hashMD5":"b7cbeb0925eaa93b45a325fba43d1e86","hashSHA1":"0c31e3e3a932b6e193677829c66a822a98118785","hashSHA256":"2e8af26bf2352741294f6f62ad41c3e2e60611426aac9a366b3d851f49adde17","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"759","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"utorrent_installer_231204.exe","isInstaller":"True","fileVersion":"3.6","hashMD5":"a6dccdb6942893fac055afc339199969","hashSHA1":"ca619e10c38518d5dc3a9adae70ead1bf5734947","hashSHA256":"39464336e7b61605247482c084081f3838cd1a775f71059ab85e4696a63e072a","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"759","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"utorrent_installer_231211.exe","isInstaller":"True","fileVersion":"3.6","hashMD5":"46ceef5dc87844f8886565558f5d9298","hashSHA1":"023f4fb576f508deed1eacbad079436623554aa4","hashSHA256":"8342e14108941bdbde009b546d29ffc86eb8c585d21362cfdceb76b0624bce2b","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"759","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"utorrent_installer_231226.exe","isInstaller":"True","fileVersion":"3.6","hashMD5":"3046354d9e8ac93f3b02ef77413dbf56","hashSHA1":"2fa1e46a6b66c18b5f42c90123be83dbbc294b0a","hashSHA256":"a7d0054f0a6191ed7cb67a340c147706391e8b2a2988f0f32e13655212b2f6ec","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"759","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"utorrent_installer_240103.exe","isInstaller":"True","fileVersion":"3.6","hashMD5":"8051da7ebe132b533d441a85275a1137","hashSHA1":"78311cb2fc0eb93e8a49f63d16cad138e698d494","hashSHA256":"6a5bd8fde9d1d3e3d04703c4961059028cd732f07ccb828c1a48f7c693844289","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"759","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"utorrent_installer_240109.exe","isInstaller":"True","fileVersion":"3.6","hashMD5":"e55ccfafdd417a86f8483a60d19661c7","hashSHA1":"efda3e3b9cf759dc13d001118982759173a98998","hashSHA256":"36addc7c555a20a762034d9a66090b24bf3c947cfa2a4ee127f3203de514f376","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"759","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"utorrent_installer_220124.exe","isInstaller":"True","fileVersion":"3.6","hashMD5":"7f0ca732f8d9a986a12e97719b16ef5d","hashSHA1":"ee9190f43130d058f9edabf621ad8cfc48320d49","hashSHA256":"a54ed9aae3b17132368483443cf2733fd2ed026b9c3c58c71efaebe2eaa60fdf","digitalCertThumbprint":"2454B8E0EA6E609AEF03C83090EE29C284BA586C","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, OU=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"759","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on torrent app","reference":"","landingPage":"https://www.utorrent.com/desktop/","directDownloadingLink":"https://www.utorrent.com/downloads/complete/track/stable/os/win/","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.utorrent.com/downloads/complete/track/stable/os/win/","sourceIndex":"759"}],"sampleFiles":["240122/uTorrentClassic-211215/3.6.0.46922/Samples/utorrent_installer.exe","240122/uTorrentClassic-211215/3.6.0.46922/Samples/utorrent_installer_231114.exe","240122/uTorrentClassic-211215/3.6.0.46922/Samples/utorrent_installer_231116.exe","240122/uTorrentClassic-211215/3.6.0.46922/Samples/utorrent_installer_231116_2.exe","240122/uTorrentClassic-211215/3.6.0.46922/Samples/utorrent_installer_231117.exe","240122/uTorrentClassic-211215/3.6.0.46922/Samples/utorrent_installer_231120.exe","240122/uTorrentClassic-211215/3.6.0.46922/Samples/utorrent_installer_231124.exe","240122/uTorrentClassic-211215/3.6.0.46922/Samples/utorrent_installer_231204.exe","240122/uTorrentClassic-211215/3.6.0.46922/Samples/utorrent_installer_231211.exe","240122/uTorrentClassic-211215/3.6.0.46922/Samples/utorrent_installer_231226.exe","240122/uTorrentClassic-211215/3.6.0.46922/Samples/utorrent_installer_240103.exe","240122/uTorrentClassic-211215/3.6.0.46922/Samples/utorrent_installer_240109.exe","240122/uTorrentClassic-211215/3.6.0.46922/Samples/utorrent_installer_220124.exe"],"imageFiles":["240122/uTorrentClassic-211215/3.6.0.46922/Images/ACR-048/ACR-048.PNG","240122/uTorrentClassic-211215/3.6.0.46922/Images/ACR-084/ACR-084.PNG","240122/uTorrentClassic-211215/3.6.0.46922/Images/ACR-097/ACR-097.PNG","240122/uTorrentClassic-211215/3.6.0.46922/Images/ACR-097/ACR-097_1.PNG","240122/uTorrentClassic-211215/3.6.0.46922/Images/ACR-013/ACR-013.PNG","240122/uTorrentClassic-211215/3.6.0.46922/Images/ACR-013/ACR-013_1.PNG","240122/uTorrentClassic-211215/3.6.0.46922/Images/ACR-013/ACR-013_2.PNG","240122/uTorrentClassic-211215/3.6.0.46922/Images/ACR-060/ACR-060.PNG","240122/uTorrentClassic-211215/3.6.0.46922/Images/ACR-060/ACR-060_1.PNG","240122/uTorrentClassic-211215/3.6.0.46922/Images/ACR-060/ACR-060_2.PNG"],"nonDeceptorImageFiles":[],"guid":"4b11710c-2201-4d5a-bf94-5850f6f9c6f1_3.6.0.46922_1","appID":"uTorrentClassic-211215","dateAdded":"260209","deceptorType":"App","name":"uTorrent Classic","company":"BitTorrent Inc.","version":"3.6.0.46922","lastKnownStatus":"3.5.5.46148;3.5.5.46200;3.5.5.46304;3.5.5.46348;3.5.5.46542;3.5.5.46552;3.6.0.46716;3.6.0.46812;3.6.0.46822;3.6.0.46828;3.6.0.46830;3.6.0.46842;3.6.0.46856;3.6.0.46884;3.6.0.46896;3.6.0.46922;3.6.0.47006;3.6.0.47012;;3.6.0.47016;3.6.0.47028;3.6.0.47044;3.6.0.47062;3.6.0.47082;3.6.0.47084;3.6.0.47124;3.6.0.47116;3.6.0.47132;3.6.0.47134;3.6.0.47228;3.6.0.47142","lastKnownDate":"260209","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2026-05-12T22:59:58.0886661+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":30,"sortOrder":41},{"violations":{"ACR-048":"The app does not provide any control to cancel the installation. \n","ACR-013":"During installation, the user is interrupted by non-consented offer to silently install unrelated software.\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software\n","ACR-084":" On closing the app, application doesn't exit completely. It runs silently in the background, hiding the fact that it is active from the consumer without any notification.\n","ACR-097":"During installation, the app has an option to evade the default system security guard \"Add an exception for BitTorrent in windows firewall\". \n","ACR-014":"The accept/decline option is overloaded and unfair to the user. It includes acceptance for installing Norton secure browser implying agree EULA/PP and also agree to AVG secure browser making itself the default browser. \n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"utorrent_installer.exe","isInstaller":"True","companyName":"                                                            ","productName":"uТorrеnt® Classic                                           ","productVersion":"3.6                                               ","fileVersion":"3.6                 ","hashMD5":"3c3235a0150976f5005e3a2cd0c37599","hashSHA1":"13990458334cad615f0158781663c860c8e15ad0","hashSHA256":"ba446a4d7bc5fff2c0f161eec08b7ff0c517e31de809c7cb4ded06f6c83e75dd","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Rainberry Inc","storeId":"","sourceIndex":"736","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"utorrent_installer-240202.exe","isInstaller":"True","fileVersion":"3.6","hashMD5":"dbda5d0d08f61a77db95659dc797c255","hashSHA1":"6188da349212563e0f432dc895fd91c42c2cff76","hashSHA256":"545594727c3f69a4bcfe1530e08ce71099b46ee45345ecd06a5f59fe01c5f9ff","digitalCertThumbprint":"2454B8E0EA6E609AEF03C83090EE29C284BA586C","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, OU=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"736","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"utorrent_installer_240205.exe","isInstaller":"True","fileVersion":"3.6","hashMD5":"6ec940ea71598acdfbfc4e3dab3da2e9","hashSHA1":"703155b21a278a24caebfffa6207f76715aa5264","hashSHA256":"83f2135230b8546a83f508033d6f4a81080593553720f7b609648f815eae972c","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"736","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"utorrent_installer_240207.exe","isInstaller":"True","fileVersion":"3.6","hashMD5":"345ca03d5b299e48de5e93cbf922a965","hashSHA1":"66bc5c8f208259a2dc1e71bae11ad6e8f4461cdf","hashSHA256":"e7809ffec2acd4452b85fe76b53bad1d58d9bcb37df420aaa9081a632ae34cf5","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"736","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"utorrent_installer_240208.exe","isInstaller":"True","fileVersion":"3.6","hashMD5":"29c3dfdbbb9b95a9d901d80cb3e8933a","hashSHA1":"33ffb0a515a3c0d51160da06fc4dbdfb3ae12224","hashSHA256":"2481997987211a3d289aac00d420dc27c848b51fb353f6acb5136b37373b4b1e","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"736","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"utorrent_installer_240213.exe","isInstaller":"True","fileVersion":"3.6","hashMD5":"45d17e66df0ce56b1b7a31a41118d559","hashSHA1":"11c6aa868842ceef67a40efaf1cc45c09e067717","hashSHA256":"8faf81c8634fa0f001ea69a5180343ed9c7215e2e7c9ea161f93b0607e24f774","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"736","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"uTorrent Web","reference":"","landingPage":"https://www.utorrent.com/","directDownloadingLink":"https://www.utorrent.com/downloads/complete/track/stable/os/win/","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.utorrent.com/downloads/complete/track/stable/os/win/","sourceIndex":"736"}],"sampleFiles":["240213/uTorrentClassic-211215/3.6.0.47006/Samples/utorrent_installer.exe","240213/uTorrentClassic-211215/3.6.0.47006/Samples/utorrent_installer-240202.exe","240213/uTorrentClassic-211215/3.6.0.47006/Samples/utorrent_installer_240205.exe","240213/uTorrentClassic-211215/3.6.0.47006/Samples/utorrent_installer_240207.exe","240213/uTorrentClassic-211215/3.6.0.47006/Samples/utorrent_installer_240208.exe","240213/uTorrentClassic-211215/3.6.0.47006/Samples/utorrent_installer_240213.exe"],"imageFiles":["240213/uTorrentClassic-211215/3.6.0.47006/Images/ACR-048/ACR-048.PNG","240213/uTorrentClassic-211215/3.6.0.47006/Images/ACR-084/ACR-084.PNG","240213/uTorrentClassic-211215/3.6.0.47006/Images/ACR-097/ACR-097.PNG","240213/uTorrentClassic-211215/3.6.0.47006/Images/ACR-014/ACR-014.PNG","240213/uTorrentClassic-211215/3.6.0.47006/Images/ACR-013/ACR-013.PNG","240213/uTorrentClassic-211215/3.6.0.47006/Images/ACR-013/ACR-013_1.PNG","240213/uTorrentClassic-211215/3.6.0.47006/Images/ACR-013/ACR-013_2.PNG","240213/uTorrentClassic-211215/3.6.0.47006/Images/ACR-060/ACR-060.PNG","240213/uTorrentClassic-211215/3.6.0.47006/Images/ACR-060/ACR-060_1.PNG","240213/uTorrentClassic-211215/3.6.0.47006/Images/ACR-060/ACR-060_2.PNG"],"nonDeceptorImageFiles":[],"guid":"4b11710c-2201-4d5a-bf94-5850f6f9c6f1_3.6.0.47006_1","appID":"uTorrentClassic-211215","dateAdded":"260209","deceptorType":"App","name":"uTorrent Classic","company":"BitTorrent Inc.","version":"3.6.0.47006","lastKnownStatus":"3.5.5.46148;3.5.5.46200;3.5.5.46304;3.5.5.46348;3.5.5.46542;3.5.5.46552;3.6.0.46716;3.6.0.46812;3.6.0.46822;3.6.0.46828;3.6.0.46830;3.6.0.46842;3.6.0.46856;3.6.0.46884;3.6.0.46896;3.6.0.46922;3.6.0.47006;3.6.0.47012;;3.6.0.47016;3.6.0.47028;3.6.0.47044;3.6.0.47062;3.6.0.47082;3.6.0.47084;3.6.0.47124;3.6.0.47116;3.6.0.47132;3.6.0.47134;3.6.0.47228;3.6.0.47142","lastKnownDate":"260209","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2026-05-12T22:59:57.2937569+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":30,"sortOrder":40},{"violations":{"ACR-042":"The app initiates network communications with 3rd party offer provider before obtaining user consent\n","ACR-048":"The app does not provide any control to cancel the installation. \n","ACR-013":"During installation, the user is interrupted by non-consented offer to silently install unrelated software.\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software\n","ACR-084":" On closing the app, application doesn't exit completely. It runs silently in the background, hiding the fact that it is active from the consumer without any notification.\n","ACR-097":"During installation, the app has an option to evade the default system security guard \"Add an exception for BitTorrent in windows firewall\". \n","ACR-014":"The \"Accept\" button on the Opera Browser offer is used for two things: accepting an offer and accepting opera as the default browser. The \"Accept\" button is misleading and confusing because the user is easily led to believe that \"accept\" is only for installing Opera and not for changing the system browser default settings.\n"},"nonDeceptorViolations":{"ACR-040":"The app drops all its components in the hidden path \"C:\\Users\\User\\AppData\\Roaming\\utorrent\"\n"},"samples":[{"isRevoked":"False","fileName":"utorrent_installer.exe","isInstaller":"True","companyName":"                                                            ","productName":"uТorrеnt® Classic                                           ","productVersion":"3.6                                               ","fileVersion":"3.6                 ","hashMD5":"eead5c2817233a3c3fbdd1789c16fe1a","hashSHA1":"e76e4102b7c005db3cd6a010d7177354d5dbdf6d","hashSHA256":"22080d6bf5cf92a27d0fb9335e1e33b54e81308eeb5abb9bca2bbc71a294073f","digitalCertThumbprint":"2454B8E0EA6E609AEF03C83090EE29C284BA586C","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Rainberry Inc","storeId":"","sourceIndex":"731","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"utorrent_installer_240220.exe","isInstaller":"True","fileVersion":"3.6","hashMD5":"a4a1083c41a4eb6f683771a60f28280d","hashSHA1":"79cc68653eae69932c687fab620764b62777ae17","hashSHA256":"63649fdb6ee8daeede18a9849acdcd05186b30bc72df11ed8d7482e52a738c8d","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"731","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"uTorrent Web","reference":"","landingPage":"https://www.utorrent.com/","directDownloadingLink":"https://www.utorrent.com/downloads/complete/track/stable/os/win/","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.utorrent.com/downloads/complete/track/stable/os/win/","sourceIndex":"731"}],"sampleFiles":["240220/uTorrentClassic-211215/3.6.0.47012/Samples/utorrent_installer.exe","240220/uTorrentClassic-211215/3.6.0.47012/Samples/utorrent_installer_240220.exe"],"imageFiles":["240220/uTorrentClassic-211215/3.6.0.47012/Images/ACR-042/ACR-042_Install_1.png","240220/uTorrentClassic-211215/3.6.0.47012/Images/ACR-048/ACR-048_Install_1.png","240220/uTorrentClassic-211215/3.6.0.47012/Images/ACR-084/ACR-084_Software_1.png","240220/uTorrentClassic-211215/3.6.0.47012/Images/ACR-097/ACR-097_Software_1.png","240220/uTorrentClassic-211215/3.6.0.47012/Images/ACR-014/ACR-014_Bundler-made offers_1.png","240220/uTorrentClassic-211215/3.6.0.47012/Images/ACR-013/ACR-013_Install_1.png","240220/uTorrentClassic-211215/3.6.0.47012/Images/ACR-013/ACR-013_Install_2.png","240220/uTorrentClassic-211215/3.6.0.47012/Images/ACR-060/ACR-060_Bundler-made offers_1.png","240220/uTorrentClassic-211215/3.6.0.47012/Images/ACR-060/ACR-060_Bundler-made offers_2.png"],"nonDeceptorImageFiles":["240220/uTorrentClassic-211215/3.6.0.47012/Images/ACR-040/ACR-040_Install_1.png"],"guid":"4b11710c-2201-4d5a-bf94-5850f6f9c6f1_3.6.0.47012_1","appID":"uTorrentClassic-211215","dateAdded":"260209","deceptorType":"App","name":"uTorrent Classic","company":"BitTorrent Inc.","version":"3.6.0.47012","lastKnownStatus":"3.5.5.46148;3.5.5.46200;3.5.5.46304;3.5.5.46348;3.5.5.46542;3.5.5.46552;3.6.0.46716;3.6.0.46812;3.6.0.46822;3.6.0.46828;3.6.0.46830;3.6.0.46842;3.6.0.46856;3.6.0.46884;3.6.0.46896;3.6.0.46922;3.6.0.47006;3.6.0.47012;;3.6.0.47016;3.6.0.47028;3.6.0.47044;3.6.0.47062;3.6.0.47082;3.6.0.47084;3.6.0.47124;3.6.0.47116;3.6.0.47132;3.6.0.47134;3.6.0.47228;3.6.0.47142","lastKnownDate":"260209","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2026-05-12T22:59:57.130876+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":30,"sortOrder":39},{"violations":{"ACR-048":"The app does not provide any control to cancel the installation. Even on canceling it installs the application. \n","ACR-013":"During installation, the user is interrupted by non-consented offer to silently install unrelated software.\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software\n","ACR-084":" On closing the app, application doesn't exit completely. It runs silently in the background, hiding the fact that it is active from the consumer without any notification.\n","ACR-097":"During installation, the app has an option to evade the default system security guard \"Add an exception for BitTorrent in windows firewall\". \n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"C:\\Users\\User\\AppData\\Roaming\\utorrent\\uTorrent.exe","companyName":"BitTorrent Inc.","productName":"µTorrent","productVersion":"3.6.0.46896","fileVersion":"3.6.0.46896","hashMD5":"0f7cbaee2280137bc1eef881d0d4e54a","hashSHA1":"ca8346bb5cbfda7d80bf7d427eaa870379bfbca9","hashSHA256":"2d44a0822c6c2d4344f6312afa06fdbde9b037c3327c877cbb3991e0158f39c8","digitalCertThumbprint":"09AFB68255629E565090CAC7EA49AAD67143FA93","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Rainberry Inc","storeId":"","sourceIndex":"806","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"utorrent_installer(1).exe","isInstaller":"True","companyName":"                                                            ","productName":"սTorrent® Classic                                           ","productVersion":"3.6                                              ","fileVersion":"3.6                 ","hashMD5":"1f1a1cafa0da782af80743369b9233cf","hashSHA1":"040d2b1cce6e76cef1429a930bb8968657a31df1","hashSHA256":"05a297fd31d2b6bf5d0663a7fed0af3063d5d55e9e90848a5fd1d91def8f8864","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Rainberry Inc","storeId":"","sourceIndex":"806","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"utorrent_installer.exe","isInstaller":"True","companyName":"                                                            ","productName":"սTorrent® Classic                                           ","productVersion":"3.6                                        ","fileVersion":"3.6                 ","hashMD5":"ef6b9483b38313737d3c2609678b7472","hashSHA1":"7f884d395063a812274d8a191560ef9803868de9","hashSHA256":"1ed1df7e5d38af3049a6bdd75c477eba98adc7439cebbdf0925ee6ec66e5f579","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Rainberry Inc","storeId":"","sourceIndex":"806","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"utorrent_installer_230906.exe","isInstaller":"True","productName":"սTorrent® Classic ","productVersion":"3.6     ","fileVersion":"3.6","hashMD5":"8399e2328e74253f7d5ae6293840d954","hashSHA1":"e2054432a188315d45f41c5e4adf1871b8d19458","hashSHA256":"b628a28046502aeb3befc908c4383341d2a5164baf8a86dfd7e92a3ec23ef11d","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"806","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"utorrent_installer_230911.exe","isInstaller":"True","productName":"սTorrent® Classic ","productVersion":"3.6      ","fileVersion":"3.6","hashMD5":"24873e12c53a4983bfe08a3a7e728b98","hashSHA1":"a0cd0088d4b6d9871de0548ab0e5ae529bd4e1e2","hashSHA256":"36970dbd0d6cb7b9760770926850426c887097b56c0a2981d32dc04906cf2fc4","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"806","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"utorrent_installer_20230915.exe","isInstaller":"True","productName":"սTorrent® Classic ","productVersion":"3.6    ","fileVersion":"3.6","hashMD5":"ed544e6ea3621f4319a20c605eacead7","hashSHA1":"c37f721e40ff361c84fe53acb0af92cd477d7c86","hashSHA256":"473dbb7eed7b449cdfa88d6da1ec9def38735b42df35c27946198241bd851e8c","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"806","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"utorrent_installer_230921.exe","isInstaller":"True","productName":"սTorrent® Classic ","productVersion":"3.6","fileVersion":"3.6","hashMD5":"dfc853f7ec73a8c52c9c2df90e30d6bf","hashSHA1":"d65b9efe154f926f36bec6bc961ab34dd7859d36","hashSHA256":"9d89c75cd52bb2d0651198593b2b1308af0b82ca6ed5fb7c6751cc4e00d31460","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"806","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"utorrent_installer_230926.exe","isInstaller":"True","fileVersion":"3.6","hashMD5":"44fc758fc8fed55fa446dae56f1b7740","hashSHA1":"c0a7ff529b3ed72d39167d4dbd6acb367f6b3045","hashSHA256":"f92e8743c4674165f588e70310da3ef3bc42e41fac381a670144cd69572c437f","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"806","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"utorrent_installer_20230927.exe","isInstaller":"True","fileVersion":"3.6","hashMD5":"e1744dcc84dc5f17652c15680b7121c0","hashSHA1":"b0222f5d8ad9168ed465619c22d3b4499dc5d90d","hashSHA256":"9584b8bda42e6f152469a0b41f5586f914bc47282854e259be60797f5bf27e6c","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"806","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"utorrent_installer-230928.exe","isInstaller":"True","fileVersion":"3.6","hashMD5":"2078c7554890965eef4361435675a2cd","hashSHA1":"98095e10419a6ac755e750726f277b3f6de01b50","hashSHA256":"3cb861435233bec656c60489505da7399c5e0a3da1232d7892f165aa3d5e7341","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"806","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"utorrent_installer_231006.exe","isInstaller":"True","fileVersion":"3.6","hashMD5":"71a16676ec3fb40245ee30f16ae46ec1","hashSHA1":"f07a865e21ba9ccfab1b2aa8877a75c6c5efcdc8","hashSHA256":"054b91b15d05e78737dc5687dbc2a9b5eb2a45ae762abbc47cfb1dacc3506b77","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"806","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"utorrent_installer_231009.exe","isInstaller":"True","fileVersion":"3.6","hashMD5":"5d00cddbfd3ae7096c6de6e2ce56f1e5","hashSHA1":"75c97f99367b6178f73f002fc8391839816f833f","hashSHA256":"7276470191fe225dd91e1df8a8ca1e1396defd1a7f27fd639cff02afee61c2a2","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"806","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"utorrent_installer_231010.exe","isInstaller":"True","fileVersion":"3.6","hashMD5":"95c9ac27c4da2f93e0a258ef16b4bf64","hashSHA1":"263454da69fe11727f771dda238aeca39166a721","hashSHA256":"5e2790ad3a6462ab9411c684829b731b9dee5979367f387bd84c126c2e6ffb02","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"806","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"utorrent_installer_231011.exe","isInstaller":"True","fileVersion":"3.6","hashMD5":"7873cffaa5a4a1deec11690341f18d85","hashSHA1":"b71f4a02205b062b9f7ebf881c33c66d800c143d","hashSHA256":"4257f8d198adca33eba549b046c4fbdd5f51f1c1e5b6dfe471e7413c1ff2001a","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"806","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"utorrent_installer_231013.exe","isInstaller":"True","fileVersion":"3.6","hashMD5":"5a2fdb84e881fd6a1dcc166b7a0725e8","hashSHA1":"428a4d68907af71a639cd4cb1663607044a4b588","hashSHA256":"ac26d1dd6eb1bff14d9f7478d481fb258247d466c24afaa722123c28bcfb505e","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"806","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"utorrent_installer_231026.exe","isInstaller":"True","fileVersion":"3.6","hashMD5":"4292c361e0ea84c90b4dae362893644d","hashSHA1":"7d173dbaca15e37d3200e0baeb2aeac3fa4937d9","hashSHA256":"bed4e9300a65bbb9dacfdf81f64efb028af8f5094e9b7dd08ecd266e593d9949","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"806","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"utorrent_installer_231027.exe","isInstaller":"True","fileVersion":"3.6","hashMD5":"3135dfabb3895d8f03a28741fb8b4154","hashSHA1":"3e736faf75f24f78589ce1f8173ddeadb1463417","hashSHA256":"8b2d71292196a2766a9e048ba1679304afdfe148f1e2701897a1143c8abfafcf","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"806","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"utorrent_installer_231030.exe","isInstaller":"True","fileVersion":"3.6","hashMD5":"05e1477d0dd91b950498238157cb34aa","hashSHA1":"7e6b3ff90d6b21320891b2b753f927f191378da2","hashSHA256":"1928388abe512b1d6aa3e36e977ebdd4a2c3f7ffbcfb0384e86cde15c8b04914","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"806","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"utorrent_installer_231031.exe","isInstaller":"True","fileVersion":"3.6","hashMD5":"8b40fc93fa4d9b94d36dab52cbb51317","hashSHA1":"f123a10a586e39b74115ced13914dcb4510b95dd","hashSHA256":"e7d55a4ea4472c9819af3c2a95a104ab5e2e6a6d495df858f741e8b7b4f38a45","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"806","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"utorrent_installer_231102.exe","isInstaller":"True","fileVersion":"3.6","hashMD5":"1d702952115ecf752427454cd1b65810","hashSHA1":"48feba3d5c24515ae82f7343c16b18bd7bafa6f8","hashSHA256":"422c3bb360ad4f2183db9abe0a63234b726d0c1430d985b0b4f49c635b858334","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"806","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"utorrent_installer_231102_1.exe","isInstaller":"True","fileVersion":"3.6","hashMD5":"f2facf534cd47d9d1c6f391800838dd7","hashSHA1":"c3126ad97d3c47f51a6ecf57069a7d588d467be3","hashSHA256":"45efafc45926bb49fa71a69c07aeb91cec123a54b5c72a8b0db7071260404d8b","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"806","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"utorrent_installer_231103.exe","isInstaller":"True","fileVersion":"3.6","hashMD5":"2db36de684d52a5cc5a8d5ab41cf1f18","hashSHA1":"28e8f558d235726e42857f73cefab8238bcdf502","hashSHA256":"b23f95f86438901381a5358f4d2deb231028809a51eebaabece2a1e63fab5fda","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"806","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"utorrent_installer_1.exe","isInstaller":"True","fileVersion":"3.6","hashMD5":"e5d745db94173861a93a716ca796eeca","hashSHA1":"a808f2e19c08428ffb9afbda895e3ca5cbbf173b","hashSHA256":"6f96d0ff7cc53df3a68dc7f9765c1652b12f44019b3db9f4a07b51efe4bf07e2","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"806","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"utorrent_installer_231108.exe","isInstaller":"True","fileVersion":"3.6","hashMD5":"bf04a91d35214c2a1f64e195e6c16749","hashSHA1":"fbc9c02c2f5c1027de146585ff6769bbc119d57b","hashSHA256":"cac79f6d81eabf3f0711b87edb9ffbeeaf269c64800f33143af8909904986731","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"806","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"uTorrent Web","reference":"","landingPage":"https://www.utorrent.com/","directDownloadingLink":"https://www.utorrent.com/downloads/complete/track/stable/os/win/","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.utorrent.com/downloads/complete/track/stable/os/win/","sourceIndex":"806"}],"sampleFiles":["231117/uTorrentClassic-211215/3.6.0.46896/Samples/utorrent_installer(1).exe","231117/uTorrentClassic-211215/3.6.0.46896/Samples/utorrent_installer.exe","231117/uTorrentClassic-211215/3.6.0.46896/Samples/utorrent_installer_230906.exe","231117/uTorrentClassic-211215/3.6.0.46896/Samples/utorrent_installer_230911.exe","231117/uTorrentClassic-211215/3.6.0.46896/Samples/utorrent_installer_20230915.exe","231117/uTorrentClassic-211215/3.6.0.46896/Samples/utorrent_installer_230921.exe","231117/uTorrentClassic-211215/3.6.0.46896/Samples/utorrent_installer_230926.exe","231117/uTorrentClassic-211215/3.6.0.46896/Samples/utorrent_installer_20230927.exe","231117/uTorrentClassic-211215/3.6.0.46896/Samples/utorrent_installer-230928.exe","231117/uTorrentClassic-211215/3.6.0.46896/Samples/utorrent_installer_231006.exe","231117/uTorrentClassic-211215/3.6.0.46896/Samples/utorrent_installer_231009.exe","231117/uTorrentClassic-211215/3.6.0.46896/Samples/utorrent_installer_231010.exe","231117/uTorrentClassic-211215/3.6.0.46896/Samples/utorrent_installer_231011.exe","231117/uTorrentClassic-211215/3.6.0.46896/Samples/utorrent_installer_231013.exe","231117/uTorrentClassic-211215/3.6.0.46896/Samples/utorrent_installer_231026.exe","231117/uTorrentClassic-211215/3.6.0.46896/Samples/utorrent_installer_231027.exe","231117/uTorrentClassic-211215/3.6.0.46896/Samples/utorrent_installer_231030.exe","231117/uTorrentClassic-211215/3.6.0.46896/Samples/utorrent_installer_231031.exe","231117/uTorrentClassic-211215/3.6.0.46896/Samples/utorrent_installer_231102.exe","231117/uTorrentClassic-211215/3.6.0.46896/Samples/utorrent_installer_231102_1.exe","231117/uTorrentClassic-211215/3.6.0.46896/Samples/utorrent_installer_231103.exe","231117/uTorrentClassic-211215/3.6.0.46896/Samples/utorrent_installer_1.exe","231117/uTorrentClassic-211215/3.6.0.46896/Samples/utorrent_installer_231108.exe"],"imageFiles":["231117/uTorrentClassic-211215/3.6.0.46896/Images/ACR-048/ACR-048.JPG","231117/uTorrentClassic-211215/3.6.0.46896/Images/ACR-048/ACR-048_1.JPG","231117/uTorrentClassic-211215/3.6.0.46896/Images/ACR-084/ACR-084.JPG","231117/uTorrentClassic-211215/3.6.0.46896/Images/ACR-097/ACR-097.JPG","231117/uTorrentClassic-211215/3.6.0.46896/Images/ACR-013/ACR-013.JPG","231117/uTorrentClassic-211215/3.6.0.46896/Images/ACR-013/ACR-013_1.JPG","231117/uTorrentClassic-211215/3.6.0.46896/Images/ACR-013/ACR-013_2.JPG","231117/uTorrentClassic-211215/3.6.0.46896/Images/ACR-060/ACR-060 (1).JPG","231117/uTorrentClassic-211215/3.6.0.46896/Images/ACR-060/ACR-060 (2).JPG","231117/uTorrentClassic-211215/3.6.0.46896/Images/ACR-060/ACR-060 (3).JPG"],"nonDeceptorImageFiles":[],"guid":"4b11710c-2201-4d5a-bf94-5850f6f9c6f1_3.6.0.46896_1","appID":"uTorrentClassic-211215","dateAdded":"260209","deceptorType":"App","name":"uTorrent Classic","company":"BitTorrent Inc.","version":"3.6.0.46896","lastKnownStatus":"3.5.5.46148;3.5.5.46200;3.5.5.46304;3.5.5.46348;3.5.5.46542;3.5.5.46552;3.6.0.46716;3.6.0.46812;3.6.0.46822;3.6.0.46828;3.6.0.46830;3.6.0.46842;3.6.0.46856;3.6.0.46884;3.6.0.46896;3.6.0.46922;3.6.0.47006;3.6.0.47012;;3.6.0.47016;3.6.0.47028;3.6.0.47044;3.6.0.47062;3.6.0.47082;3.6.0.47084;3.6.0.47124;3.6.0.47116;3.6.0.47132;3.6.0.47134;3.6.0.47228;3.6.0.47142","lastKnownDate":"260209","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2026-05-12T22:59:59.0074064+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":30,"sortOrder":42},{"violations":{"ACR-042":"The app initiates network communications with 3rd party offer provider immediately after executing the installer.\n","ACR-048":"The app does not provide any control to cancel the installation.\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software.\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software.\n","ACR-084":"On closing the app, application doesn't exit completely. It runs silently in the background, hiding the fact that it is active from the consumer without any notification. \n","ACR-097":"During installation, the app has default setting to evade the default system security guard \"Add an exception for BitTorrent in windows firewall\".\n","ACR-014":"The \"Accept\" button on the Opera Browser offer is used for two things: accepting an offer and accepting opera as the default browser. The \"Accept\" button is misleading and confusing because the user is easily led to believe that \"accept\" is only for installing Opera and not for changing his system browser default settings.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"bittorrent_installer_240416.exe","isInstaller":"True","fileVersion":"7.11","hashMD5":"ae8a9f845b4730fdcc1d6099e2e5a299","hashSHA1":"80c7275086e8919f25af4fd990eb09bff43e3378","hashSHA256":"bcb68777295b07b8c5273ff5f195f8dc3fca3f6c97d46ccd1326a590fa46bedc","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"643","avBlockList":["COMODO Antivirus (20240528)","Dr.Web Security Space (20240528)","ESET Internet Security (20240528)","G DATA INTERNET SECURITY (20240528)","Malwarebytes Premium (20240528)","Norton Security (20240528)","Sophos Home Premium (20240528)","VirIT eXplorer PRO (20240528)","Webroot SecureAnywhere (20240528)"],"avAllowList":["360 Total Security (20240528)","Avast Premium Security (20240528)","AVG Internet Security (20240528)","Avira Internet Security (20240528)","Bitdefender Internet Security (20240528)","K7 Total Security (20240528)","Kaspersky Internet Security (20240528)","McAfee Total Protection (20240528)","Panda Dome (20240528)","Quick Heal Internet Security (20240528)","SpyHunter5 (20240528)","Total AV Antivirus Pro (20240528)","Trend Micro Internet Security (20240528)","VIPRE Advanced Security (20240528)","Windows Defender (20240528)"]},{"isRevoked":"False","fileName":"bittorrent_installer_240417.exe","isInstaller":"True","fileVersion":"7.11","hashMD5":"29edb55ffa6fa3cc450b39faabf401e9","hashSHA1":"9d85341b7f7d5fe4e01ff22d5a47fc0c899557d3","hashSHA256":"e72d39a573b158482efa52206f01d99c51667f7cadceca90fc6af4355bae51cb","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"643","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"bittorrent_installer_240418.exe","isInstaller":"True","fileVersion":"7.11","hashMD5":"eb4dc818e183a97cdedfb1c351239e5d","hashSHA1":"157560475d6883f2654b69dace1b4d51495b176b","hashSHA256":"568bda8c10109a980a32939ae7e63c31e4525b8da0f990b3be2302474651e5ef","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"643","avBlockList":["COMODO Antivirus (20241001)","Dr.Web Security Space (20241001)","ESET Internet Security (20241001)","FortectPremium (20241001)","G DATA INTERNET SECURITY (20241001)","Malwarebytes Premium (20241001)","Norton Security (20241001)","Panda Dome (20241001)","Sophos Home Premium (20241001)","VirIT eXplorer PRO (20241001)","Webroot SecureAnywhere (20241001)"],"avAllowList":["360 Total Security (20241001)","Avast Premium Security (20241001)","AVG Internet Security (20241001)","Avira Internet Security (20241001)","Bitdefender Internet Security (20241001)","K7 Total Security (20241001)","KasperskyPremium (20241001)","McAfee Total Protection (20241001)","Quick Heal Internet Security (20241001)","SpyHunter5 (20241001)","Total AV Antivirus Pro (20241001)","Trend Micro Internet Security (20241001)","VIPRE Advanced Security (20241001)","Windows Defender (20241001)"]},{"isRevoked":"False","fileName":"bittorrent_installer_240422.exe","isInstaller":"True","fileVersion":"7.11","hashMD5":"9fcf5a4c8626febb437c2aef7a5f0893","hashSHA1":"a33b9806257b1d6afcf48dd2df0ecbb2a36e1e83","hashSHA256":"f2ee97951707bc83694c7e48cff57f67c455b13b59f67f04f35ba74d7fdfc9f6","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"643","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"bittorrent_installer_240425.exe","isInstaller":"True","fileVersion":"7.11","hashMD5":"ac3f7a256489ed25ba186eb70b94d20d","hashSHA1":"462072e44315d39a314ed734d3c6372c019916d3","hashSHA256":"11c101a74221e14adb55d429e79dc64a59668d259d6267dd2f37f804195bc77f","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"643","avBlockList":["COMODO Antivirus (20241231)","Dr.Web Security Space (20241231)","ESET Internet Security (20241231)","FortectPremium (20241231)","G DATA INTERNET SECURITY (20241231)","Malwarebytes Premium (20241231)","Panda Dome (20241231)","Quick Heal Internet Security (20241231)","Sophos Home Premium (20241231)","VirIT eXplorer PRO (20241231)","Webroot SecureAnywhere (20241231)"],"avAllowList":["360 Total Security (20241231)","Avast Premium Security (20241231)","AVG Internet Security (20241231)","Avira Internet Security (20241231)","Bitdefender Internet Security (20241231)","K7 Total Security (20241231)","KasperskyPremium (20241231)","McAfee Total Protection (20241231)","Norton Security (20241231)","SpyHunter5 (20241231)","Total AV Antivirus Pro (20241231)","Trend Micro Internet Security (20241231)","VIPRE Advanced Security (20241231)","Windows Defender (20241231)"]},{"isRevoked":"False","fileName":"bittorrent_installer_240429.exe","isInstaller":"True","fileVersion":"7.11","hashMD5":"8a9cdca60a164b7464f06373a2243265","hashSHA1":"20eb1e4e3a5bb4742130e5590c08781671346173","hashSHA256":"dd489dd3aa2951704909bf74f302c9129751c54d6d0053d29e6155e9116faf43","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"643","avBlockList":["COMODO Antivirus (20240702)","Dr.Web Security Space (20240702)","ESET Internet Security (20240702)","FortectPremium (20240702)","G DATA INTERNET SECURITY (20240702)","K7 Total Security (20240702)","Malwarebytes Premium (20240702)","Norton Security (20240702)","Quick Heal Internet Security (20240702)","Sophos Home Premium (20240702)","VirIT eXplorer PRO (20240702)","Webroot SecureAnywhere (20240702)"],"avAllowList":["360 Total Security (20240702)","Avast Premium Security (20240702)","AVG Internet Security (20240702)","Avira Internet Security (20240702)","Bitdefender Internet Security (20240702)","Kaspersky Internet Security (20240702)","McAfee Total Protection (20240702)","Panda Dome (20240702)","SpyHunter5 (20240702)","Total AV Antivirus Pro (20240702)","Trend Micro Internet Security (20240702)","VIPRE Advanced Security (20240702)","Windows Defender (20240702)"]}],"additionalFiles":[],"sources":[{"howFound":"Google search- Torrent apps","reference":"","landingPage":"https://www.bittorrent.com/","directDownloadingLink":"https://www.bittorrent.com/downloads/complete/classic/","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.bittorrent.com/downloads/complete/classic/","sourceIndex":"643"}],"sampleFiles":["240521/bittorrentclassic-220201/7.11.0.47063/Samples/bittorrent_installer.exe","240521/bittorrentclassic-220201/7.11.0.47063/Samples/bittorrent_installer_240417.exe","240521/bittorrentclassic-220201/7.11.0.47063/Samples/bittorrent_installer_240418.exe","240521/bittorrentclassic-220201/7.11.0.47063/Samples/bittorrent_installer_240422.exe","240521/bittorrentclassic-220201/7.11.0.47063/Samples/bittorrent_installer_240425.exe","240521/bittorrentclassic-220201/7.11.0.47063/Samples/bittorrent_installer_240429.exe"],"imageFiles":["240521/bittorrentclassic-220201/7.11.0.47063/Images/ACR-042/ACR-042.PNG","240521/bittorrentclassic-220201/7.11.0.47063/Images/ACR-048/ACR-048.PNG","240521/bittorrentclassic-220201/7.11.0.47063/Images/ACR-084/ACR-084.PNG","240521/bittorrentclassic-220201/7.11.0.47063/Images/ACR-097/ACR-097.PNG","240521/bittorrentclassic-220201/7.11.0.47063/Images/ACR-097/ACR-097_1.PNG","240521/bittorrentclassic-220201/7.11.0.47063/Images/ACR-014/ACR-014.PNG","240521/bittorrentclassic-220201/7.11.0.47063/Images/ACR-013/ACR-013.PNG","240521/bittorrentclassic-220201/7.11.0.47063/Images/ACR-013/ACR-013_1.PNG","240521/bittorrentclassic-220201/7.11.0.47063/Images/ACR-013/ACR-013_2.PNG","240521/bittorrentclassic-220201/7.11.0.47063/Images/ACR-060/ACR-060.PNG","240521/bittorrentclassic-220201/7.11.0.47063/Images/ACR-060/ACR-060_1.PNG","240521/bittorrentclassic-220201/7.11.0.47063/Images/ACR-060/ACR-060_2.PNG"],"nonDeceptorImageFiles":[],"guid":"8da8f4bf-11f6-433a-8109-bb68e205a8fb_7.11.0.47063_1","appID":"bittorrentclassic-220201","dateAdded":"260205","deceptorType":"App","name":"Bittorrent Classic","company":"BitTorrent Inc","version":"7.11.0.47063","lastKnownStatus":"7.10.5.46097;7.10.5.46193;7.10.5.46211;7.11.0.46519;7.11.0.46541;7.11.0.46591;7.11.0.46681;7.11.0.46813;7.11.0.46823;7.11.0.46831;7.11.0.46857;7.11.0.46901;7.11.0.46923;7.11.0.47007;7.11.0.47013;7.11.0.47029;7.11.0.47063;7.11.0.47083;7.11.0.47125;7.11.0.47143;7.11.0.47197","lastKnownDate":"260205","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2026-02-05T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":21,"sortOrder":95},{"violations":{"ACR-042":"App drops hidden file/potential offer app info in hidden folder without user permission.\n","ACR-043":"The \"Bit Torrent Classic\" components get dropped in one click without asking the user's permission and disclosing the installation path.\n","ACR-048":"The app does not provide any control to cancel the installation. Even on canceling it installs the application.\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software.\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software.\n","ACR-084":"On closing the app, application doesn't exit completely. It runs silently in the background, hiding the fact that it is active from the consumer without any notification. \n","ACR-097":"During installation, the app has default setting to evade the default system security guard \"Add an exception for BitTorrent in windows firewall\".\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"C:\\Users\\User\\AppData\\Roaming\\bittorrent\\BitTorrent.exe","companyName":"BitTorrent Inc.","productName":"BitTorrent","productVersion":"7.11.0.46901","fileVersion":"7.11.0.46901","hashMD5":"f511434e93d25f138d22c9f5ddc0d30f","hashSHA1":"07e1d408c545548ca5b753b6d7682fbfb0967477","hashSHA256":"5decec8501581bd43c6933c3296656f74f31e06a1cc345317ae7f9814bf4353a","digitalCertThumbprint":"09AFB68255629E565090CAC7EA49AAD67143FA93","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Rainberry Inc","storeId":"","sourceIndex":"814","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"bittorrent_installer.exe","isInstaller":"True","companyName":"                                                            ","productName":"BіtTorrent® Classic                                         ","productVersion":"7.11                                              ","fileVersion":"7.11                ","hashMD5":"fef05fa9d2f5a28704dc88492ac79ec6","hashSHA1":"0102a7ccc218bf2ff3101d6acab8d8979e677343","hashSHA256":"9505b8cb89e5eb5c103e3850c97e8996093f2c3f3a4607111c5d90f95d113580","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Rainberry Inc","storeId":"","sourceIndex":"814","avBlockList":["Bitdefender Internet Security (20231107)","COMODO Antivirus (20231107)","Dr.Web Security Space (20231107)","ESET Internet Security (20231107)","G DATA INTERNET SECURITY (20231107)","K7 Total Security (20231107)","Malwarebytes Premium (20231107)","Norton Security (20231107)","Panda Dome (20231107)","Quick Heal Internet Security (20231107)","Sophos Home Premium (20231107)","VIPRE Advanced Security (20231107)","VirIT eXplorer PRO (20231107)","Webroot SecureAnywhere (20231107)"],"avAllowList":["360 Total Security (20231107)","Avast Premium Security (20231107)","AVG Internet Security (20231107)","Avira Internet Security (20231107)","Kaspersky Internet Security (20231107)","McAfee Total Protection (20231107)","SpyHunter5 (20231107)","Total AV Antivirus Pro (20231107)","Trend Micro Internet Security (20231107)","Windows Defender (20231107)"]},{"isRevoked":"False","fileName":"bittorrent_installer_231009.exe","isInstaller":"True","fileVersion":"7.11","hashMD5":"d8a4d0ecb7f0dcc952bd4c6bbb6423e0","hashSHA1":"58292236361f34e1f9f2d990cf5bb366ddede6eb","hashSHA256":"00f44b47aa342ef8bcd1af5319d3d97ced922848069d85a40f6eaaf53354778f","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"814","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"bittorrent_installer_231010.exe","isInstaller":"True","fileVersion":"7.11","hashMD5":"95c6fbcf4897cb6966b8b4bbe823154c","hashSHA1":"ba2ec29831ced48717325abeec6f5ab0df1385d3","hashSHA256":"62e0e5fee093afb411ddc943db79a9331342b46e53b76788e77de12c3276094b","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"814","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"bittorrent_installer_231011.exe","isInstaller":"True","fileVersion":"7.11","hashMD5":"c9c3d0959bf5c283dee53705536e9eb2","hashSHA1":"919bbe553f7e6c0aac172da03883b7d9e5d12e39","hashSHA256":"cd1d6e1be9e4fad4020591c355f8300b8488e184b3b82b76c4149e1b11eae9c0","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"814","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"bittorrent_installer_231011-2.exe","isInstaller":"True","fileVersion":"7.11","hashMD5":"86cc5bca9e216179c94d640da2788135","hashSHA1":"bdeaa98ddac4f549caade0caad6e19e77e23c7f2","hashSHA256":"a645b03f370917a49f724c26dbf0d6815d2ecebbb0c7d6b585856779b35d0fe8","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"814","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"bittorrent_installer_231026.exe","isInstaller":"True","fileVersion":"7.11","hashMD5":"8e51b1442c7942795f09363456d805ac","hashSHA1":"318ecf0ec181574619cc3ac9dfd1ab335146b3b4","hashSHA256":"ceeb59575180dae0565ccae8c626a85b59a1d7631bd766d48e55753b774682d0","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"814","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"bittorrent_installer_231027.exe","isInstaller":"True","fileVersion":"7.11","hashMD5":"3a687d7e45750531c4ead920890ca2ec","hashSHA1":"d3a70427fd4b944c04809a2c4930ea0ee2ba8938","hashSHA256":"da81d46bec4d4df64cd022989fcade8f667b8f0c49d1c619301fa7857d66f1d7","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"814","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"bittorrent_installer_231031.exe","isInstaller":"True","fileVersion":"7.11","hashMD5":"cfaa7936fa5eaaebc024d8b7eb5e9b30","hashSHA1":"1c5300c37dee7b31b46d38b409276ce9771daa88","hashSHA256":"47f26b0ff6e1f3f5c981b06b933659da10b7c2086c9485f760df565a4fa8e039","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"814","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"bittorrent_installer_231102.exe","isInstaller":"True","fileVersion":"7.11","hashMD5":"3b0fcd2fe470962848abb96af7a25d0d","hashSHA1":"8d28b9b06ee6183838f287046a9f3d76d03de90c","hashSHA256":"7c14280fd67cbd53c1eff978b50ea1fa7c88a79622a75f7ab804ed44fc391e00","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"814","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"bittorrent_installer_231103.exe","isInstaller":"True","fileVersion":"7.11","hashMD5":"47d96abdbcf90c0f5cc32b65dbe70619","hashSHA1":"de9b31e7fdada368cab474befa0bf38d9bdebd25","hashSHA256":"66cef7731ebdaf11f2d887389cbd824e12303cfa789792755aaf5a88f81e0065","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"814","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"bittorrent_installer_1.exe","isInstaller":"True","fileVersion":"7.11","hashMD5":"4afe38427939a526b57fa0c21a4af0b0","hashSHA1":"8c6f5333a9acf1be9de5dfb79d407f3fb451758d","hashSHA256":"c760f68ee0a7ffa7c41647313c68cd3afe1fff1ebd9f4f4b5a9405e36c786567","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"814","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"bittorrent_installer_231113.exe","isInstaller":"True","fileVersion":"7.11","hashMD5":"4abcbbc3b9305e026dadbb22239fcb29","hashSHA1":"52772e9ee47faf784dfd98789e5b6406943f2e42","hashSHA256":"207412f840653de40fd9931bf6459bbb88efd825ebd3fa79f6602ec972f5b55f","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"814","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"bittorrent_installer_231115.exe","isInstaller":"True","fileVersion":"7.11","hashMD5":"0b4c759df591dfa6352b705f2742c70f","hashSHA1":"cb98803dfcd83b64f9c5c6dc34acdeedb57b1e60","hashSHA256":"9bc1644f9ed77f6474b662365229ecaf85a7fd2749173a946f50bb84a2200bb1","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"814","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on torrent app","reference":"","landingPage":"https://www.bittorrent.com/","directDownloadingLink":"https://www.bittorrent.com/downloads/complete/classic/","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.bittorrent.com/downloads/complete/classic/","sourceIndex":"814"}],"sampleFiles":["231117/bittorrentclassic-220201/7.11.0.46901/Samples/bittorrent_installer.exe","231117/bittorrentclassic-220201/7.11.0.46901/Samples/bittorrent_installer_231009.exe","231117/bittorrentclassic-220201/7.11.0.46901/Samples/bittorrent_installer_231010.exe","231117/bittorrentclassic-220201/7.11.0.46901/Samples/bittorrent_installer_231011.exe","231117/bittorrentclassic-220201/7.11.0.46901/Samples/bittorrent_installer_231011-2.exe","231117/bittorrentclassic-220201/7.11.0.46901/Samples/bittorrent_installer_231026.exe","231117/bittorrentclassic-220201/7.11.0.46901/Samples/bittorrent_installer_231027.exe","231117/bittorrentclassic-220201/7.11.0.46901/Samples/bittorrent_installer_231031.exe","231117/bittorrentclassic-220201/7.11.0.46901/Samples/bittorrent_installer_231102.exe","231117/bittorrentclassic-220201/7.11.0.46901/Samples/bittorrent_installer_231103.exe","231117/bittorrentclassic-220201/7.11.0.46901/Samples/bittorrent_installer_1.exe","231117/bittorrentclassic-220201/7.11.0.46901/Samples/bittorrent_installer_231113.exe","231117/bittorrentclassic-220201/7.11.0.46901/Samples/bittorrent_installer_231115.exe"],"imageFiles":["231117/bittorrentclassic-220201/7.11.0.46901/Images/ACR-043/ACR-043.PNG","231117/bittorrentclassic-220201/7.11.0.46901/Images/ACR-043/ACR-043_1.PNG","231117/bittorrentclassic-220201/7.11.0.46901/Images/ACR-042/ACR-042.PNG","231117/bittorrentclassic-220201/7.11.0.46901/Images/ACR-042/ACR-042_1.PNG","231117/bittorrentclassic-220201/7.11.0.46901/Images/ACR-048/ACR-048.PNG","231117/bittorrentclassic-220201/7.11.0.46901/Images/ACR-084/ACR-084.PNG","231117/bittorrentclassic-220201/7.11.0.46901/Images/ACR-097/ACR-097.PNG","231117/bittorrentclassic-220201/7.11.0.46901/Images/ACR-097/ACR-097_1.PNG","231117/bittorrentclassic-220201/7.11.0.46901/Images/ACR-013/ACR-013.PNG","231117/bittorrentclassic-220201/7.11.0.46901/Images/ACR-013/ACR-013_1.PNG","231117/bittorrentclassic-220201/7.11.0.46901/Images/ACR-013/ACR-013_2.PNG","231117/bittorrentclassic-220201/7.11.0.46901/Images/ACR-060/ACR-060.PNG","231117/bittorrentclassic-220201/7.11.0.46901/Images/ACR-060/ACR-060_1.PNG","231117/bittorrentclassic-220201/7.11.0.46901/Images/ACR-060/ACR-060_2.PNG"],"nonDeceptorImageFiles":[],"guid":"8da8f4bf-11f6-433a-8109-bb68e205a8fb_7.11.0.46901_1","appID":"bittorrentclassic-220201","dateAdded":"260205","deceptorType":"App","name":"Bittorrent Classic","company":"BitTorrent Inc","version":"7.11.0.46901","lastKnownStatus":"7.10.5.46097;7.10.5.46193;7.10.5.46211;7.11.0.46519;7.11.0.46541;7.11.0.46591;7.11.0.46681;7.11.0.46813;7.11.0.46823;7.11.0.46831;7.11.0.46857;7.11.0.46901;7.11.0.46923;7.11.0.47007;7.11.0.47013;7.11.0.47029;7.11.0.47063;7.11.0.47083;7.11.0.47125;7.11.0.47143;7.11.0.47197","lastKnownDate":"260205","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2026-02-05T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":21,"sortOrder":101},{"violations":{"ACR-042":"The app initiates network communications with 3rd party offer provider immediately after executing the installer.\n","ACR-048":"The app does not provide any control to cancel the installation.\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software.\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software.\n","ACR-084":"On closing the app, application doesn't exit completely. It runs silently in the background, hiding the fact that it is active from the consumer without any notification. \n","ACR-097":"During installation, the app has default setting to evade the default system security guard \"Add an exception for BitTorrent in windows firewall\".\n","ACR-014":"The \"Accept\" button on the Opera Browser offer is used for two things: accepting an offer and accepting opera as the default browser. The \"Accept\" button is misleading and confusing because the user is easily led to believe that \"accept\" is only for installing Opera and not for changing his system browser default settings.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"bittorrent_installer.exe","isInstaller":"True","companyName":"                                                            ","productName":"B𝗂tTorrent® Classic                                        ","productVersion":"7.11                                              ","fileVersion":"7.11                ","hashMD5":"9fcf5a4c8626febb437c2aef7a5f0893","hashSHA1":"a33b9806257b1d6afcf48dd2df0ecbb2a36e1e83","hashSHA256":"f2ee97951707bc83694c7e48cff57f67c455b13b59f67f04f35ba74d7fdfc9f6","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Rainberry Inc","storeId":"","sourceIndex":"658","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"bittorrent_installer_240403.exe","isInstaller":"True","fileVersion":"7.11","hashMD5":"ac3f7a256489ed25ba186eb70b94d20d","hashSHA1":"462072e44315d39a314ed734d3c6372c019916d3","hashSHA256":"11c101a74221e14adb55d429e79dc64a59668d259d6267dd2f37f804195bc77f","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"658","avBlockList":["COMODO Antivirus (20241231)","Dr.Web Security Space (20241231)","ESET Internet Security (20241231)","FortectPremium (20241231)","G DATA INTERNET SECURITY (20241231)","Malwarebytes Premium (20241231)","Panda Dome (20241231)","Quick Heal Internet Security (20241231)","Sophos Home Premium (20241231)","VirIT eXplorer PRO (20241231)","Webroot SecureAnywhere (20241231)"],"avAllowList":["360 Total Security (20241231)","Avast Premium Security (20241231)","AVG Internet Security (20241231)","Avira Internet Security (20241231)","Bitdefender Internet Security (20241231)","K7 Total Security (20241231)","KasperskyPremium (20241231)","McAfee Total Protection (20241231)","Norton Security (20241231)","SpyHunter5 (20241231)","Total AV Antivirus Pro (20241231)","Trend Micro Internet Security (20241231)","VIPRE Advanced Security (20241231)","Windows Defender (20241231)"]},{"isRevoked":"False","fileName":"bittorrent_installer_240405.exe","isInstaller":"True","fileVersion":"7.11","hashMD5":"a5042d3b41dc6513bb0ed259d5f0af93","hashSHA1":"095e5060d60b816f155b49e714663addd957cab0","hashSHA256":"512fbeefa7ff900ce760066da5c13ad0a53d317a2afa39f02292700c885807fd","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"658","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"bittorrent_installer_240408.exe","isInstaller":"True","fileVersion":"7.11","hashMD5":"ae8a9f845b4730fdcc1d6099e2e5a299","hashSHA1":"80c7275086e8919f25af4fd990eb09bff43e3378","hashSHA256":"bcb68777295b07b8c5273ff5f195f8dc3fca3f6c97d46ccd1326a590fa46bedc","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"658","avBlockList":["COMODO Antivirus (20240528)","Dr.Web Security Space (20240528)","ESET Internet Security (20240528)","G DATA INTERNET SECURITY (20240528)","Malwarebytes Premium (20240528)","Norton Security (20240528)","Sophos Home Premium (20240528)","VirIT eXplorer PRO (20240528)","Webroot SecureAnywhere (20240528)"],"avAllowList":["360 Total Security (20240528)","Avast Premium Security (20240528)","AVG Internet Security (20240528)","Avira Internet Security (20240528)","Bitdefender Internet Security (20240528)","K7 Total Security (20240528)","Kaspersky Internet Security (20240528)","McAfee Total Protection (20240528)","Panda Dome (20240528)","Quick Heal Internet Security (20240528)","SpyHunter5 (20240528)","Total AV Antivirus Pro (20240528)","Trend Micro Internet Security (20240528)","VIPRE Advanced Security (20240528)","Windows Defender (20240528)"]},{"isRevoked":"False","fileName":"bittorrent_installer_240410.exe","isInstaller":"True","fileVersion":"7.11","hashMD5":"8a9cdca60a164b7464f06373a2243265","hashSHA1":"20eb1e4e3a5bb4742130e5590c08781671346173","hashSHA256":"dd489dd3aa2951704909bf74f302c9129751c54d6d0053d29e6155e9116faf43","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"658","avBlockList":["COMODO Antivirus (20240702)","Dr.Web Security Space (20240702)","ESET Internet Security (20240702)","FortectPremium (20240702)","G DATA INTERNET SECURITY (20240702)","K7 Total Security (20240702)","Malwarebytes Premium (20240702)","Norton Security (20240702)","Quick Heal Internet Security (20240702)","Sophos Home Premium (20240702)","VirIT eXplorer PRO (20240702)","Webroot SecureAnywhere (20240702)"],"avAllowList":["360 Total Security (20240702)","Avast Premium Security (20240702)","AVG Internet Security (20240702)","Avira Internet Security (20240702)","Bitdefender Internet Security (20240702)","Kaspersky Internet Security (20240702)","McAfee Total Protection (20240702)","Panda Dome (20240702)","SpyHunter5 (20240702)","Total AV Antivirus Pro (20240702)","Trend Micro Internet Security (20240702)","VIPRE Advanced Security (20240702)","Windows Defender (20240702)"]}],"additionalFiles":[],"sources":[{"howFound":"Google search- Torrent apps","reference":"","landingPage":"https://www.bittorrent.com/","directDownloadingLink":"https://www.bittorrent.com/downloads/complete/classic/","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.bittorrent.com/downloads/complete/classic/","sourceIndex":"658"}],"sampleFiles":["240415/bittorrentclassic-220201/7.11.0.47029/Samples/bittorrent_installer.exe","240415/bittorrentclassic-220201/7.11.0.47029/Samples/bittorrent_installer_240403.exe","240415/bittorrentclassic-220201/7.11.0.47029/Samples/bittorrent_installer_240405.exe","240415/bittorrentclassic-220201/7.11.0.47029/Samples/bittorrent_installer_240408.exe","240415/bittorrentclassic-220201/7.11.0.47029/Samples/bittorrent_installer_240410.exe"],"imageFiles":["240415/bittorrentclassic-220201/7.11.0.47029/Images/ACR-042/ACR-042.PNG","240415/bittorrentclassic-220201/7.11.0.47029/Images/ACR-048/ACR-048.PNG","240415/bittorrentclassic-220201/7.11.0.47029/Images/ACR-084/ACR-084.PNG","240415/bittorrentclassic-220201/7.11.0.47029/Images/ACR-097/ACR-097.PNG","240415/bittorrentclassic-220201/7.11.0.47029/Images/ACR-097/ACR-097_1.PNG","240415/bittorrentclassic-220201/7.11.0.47029/Images/ACR-014/ACR-014.PNG","240415/bittorrentclassic-220201/7.11.0.47029/Images/ACR-013/ACR-013.PNG","240415/bittorrentclassic-220201/7.11.0.47029/Images/ACR-013/ACR-013_1.PNG","240415/bittorrentclassic-220201/7.11.0.47029/Images/ACR-013/ACR-013_2.PNG","240415/bittorrentclassic-220201/7.11.0.47029/Images/ACR-060/ACR-060.PNG","240415/bittorrentclassic-220201/7.11.0.47029/Images/ACR-060/ACR-060_1.PNG","240415/bittorrentclassic-220201/7.11.0.47029/Images/ACR-060/ACR-060_2.PNG"],"nonDeceptorImageFiles":[],"guid":"8da8f4bf-11f6-433a-8109-bb68e205a8fb_7.11.0.47029_1","appID":"bittorrentclassic-220201","dateAdded":"260205","deceptorType":"App","name":"Bittorrent Classic","company":"BitTorrent Inc","version":"7.11.0.47029","lastKnownStatus":"7.10.5.46097;7.10.5.46193;7.10.5.46211;7.11.0.46519;7.11.0.46541;7.11.0.46591;7.11.0.46681;7.11.0.46813;7.11.0.46823;7.11.0.46831;7.11.0.46857;7.11.0.46901;7.11.0.46923;7.11.0.47007;7.11.0.47013;7.11.0.47029;7.11.0.47063;7.11.0.47083;7.11.0.47125;7.11.0.47143;7.11.0.47197","lastKnownDate":"260205","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2026-02-05T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":21,"sortOrder":96},{"violations":{"ACR-042":"The app initiates network communications with 3rd party offer provider immediately after executing the installer.\n","ACR-048":"The app does not provide any control to cancel the installation.\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software.\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software.\n","ACR-084":"On closing the app, application doesn't exit completely. It runs silently in the background, hiding the fact that it is active from the consumer without any notification. \n","ACR-097":"During installation, the app has default setting to evade the default system security guard \"Add an exception for BitTorrent in windows firewall\".\n","ACR-014":"The \"Accept\" button on the Opera Browser offer is used for two things: accepting an offer and accepting opera as the default browser. The \"Accept\" button is misleading and confusing because the user is easily led to believe that \"accept\" is only for installing Opera and not for changing his system browser default settings.\n"},"nonDeceptorViolations":{"ACR-040":"The app drops all its components in the hidden path \"C:\\Users\\User\\AppData\\Roaming\\bittorrent\".\n"},"samples":[{"isRevoked":"False","fileName":"bittorrent_installer.exe","isInstaller":"True","companyName":"                                                            ","productName":"B𝗂tTorrent® Classic                                        ","productVersion":"7.11                                              ","fileVersion":"7.11                ","hashMD5":"d166e951043780ee62b8133a68111efd","hashSHA1":"aa6279869bc027e0cc628a96f17c00229395fa80","hashSHA256":"a90f8dd63490da82af080e6d714fc6256af345c2ed9942d9615566d140a1cd73","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Rainberry Inc","storeId":"","sourceIndex":"713","avBlockList":["COMODO Antivirus (20240718)","Dr.Web Security Space (20240718)","ESET Internet Security (20240718)","G DATA INTERNET SECURITY (20240718)","K7 Total Security (20240718)","Malwarebytes Premium (20240718)","Norton Security (20240718)","Panda Dome (20240718)","Quick Heal Internet Security (20240718)","Sophos Home Premium (20240718)","VirIT eXplorer PRO (20240718)","Webroot SecureAnywhere (20240718)","FortectPremium (20240718)"],"avAllowList":["360 Total Security (20240718)","Avast Premium Security (20240718)","AVG Internet Security (20240718)","Avira Internet Security (20240718)","Bitdefender Internet Security (20240718)","Kaspersky Internet Security (20240718)","McAfee Total Protection (20240718)","SpyHunter5 (20240718)","Total AV Antivirus Pro (20240718)","Trend Micro Internet Security (20240718)","VIPRE Advanced Security (20240718)","Windows Defender (20240718)"]},{"isRevoked":"False","fileName":"bittorrent_installer_240227.exe","isInstaller":"True","fileVersion":"7.11","hashMD5":"e49f305d0aacb2e07805c1ddec9d37cb","hashSHA1":"c8c18466701dd8c82c3041d15e29c93fd1dc7d75","hashSHA256":"e10ccaced3fa93587e4de2e7cf43f460f8021a9b4aed22ab834e8dcc18ce1736","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"713","avBlockList":["COMODO Antivirus (20240730)","Dr.Web Security Space (20240730)","ESET Internet Security (20240730)","FortectPremium (20240730)","G DATA INTERNET SECURITY (20240730)","K7 Total Security (20240730)","Malwarebytes Premium (20240730)","Norton Security (20240730)","Quick Heal Internet Security (20240730)","Sophos Home Premium (20240730)","VirIT eXplorer PRO (20240730)","Webroot SecureAnywhere (20240730)"],"avAllowList":["360 Total Security (20240730)","Avast Premium Security (20240730)","AVG Internet Security (20240730)","Avira Internet Security (20240730)","Bitdefender Internet Security (20240730)","KasperskyPremium (20240730)","McAfee Total Protection (20240730)","Panda Dome (20240730)","SpyHunter5 (20240730)","Total AV Antivirus Pro (20240730)","Trend Micro Internet Security (20240730)","VIPRE Advanced Security (20240730)","Windows Defender (20240730)"]},{"isRevoked":"False","fileName":"bittorrent_installer_240301.exe","isInstaller":"True","fileVersion":"7.11","hashMD5":"09f08b171c529814ceae70f0a6b899af","hashSHA1":"ce4113ca1744d121b2fb1c8291272a90969d0ab0","hashSHA256":"67aee9c4c702655cd07e59115cbf70fdaa60d9a8f957bc8856b3101db600e2e9","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"713","avBlockList":["COMODO Antivirus (20240801)","Dr.Web Security Space (20240801)","ESET Internet Security (20240801)","FortectPremium (20240801)","G DATA INTERNET SECURITY (20240801)","K7 Total Security (20240801)","Malwarebytes Premium (20240801)","Norton Security (20240801)","Sophos Home Premium (20240801)","VirIT eXplorer PRO (20240801)","Webroot SecureAnywhere (20240801)"],"avAllowList":["360 Total Security (20240801)","Avast Premium Security (20240801)","AVG Internet Security (20240801)","Avira Internet Security (20240801)","Bitdefender Internet Security (20240801)","KasperskyPremium (20240801)","McAfee Total Protection (20240801)","Panda Dome (20240801)","Quick Heal Internet Security (20240801)","SpyHunter5 (20240801)","Total AV Antivirus Pro (20240801)","Trend Micro Internet Security (20240801)","VIPRE Advanced Security (20240801)","Windows Defender (20240801)"]},{"isRevoked":"False","fileName":"bittorrent_installer_240304.exe","isInstaller":"True","fileVersion":"7.11","hashMD5":"4036bbae3656dcec8ffdaf0078368d47","hashSHA1":"04c51cd7179c543ce423eaa1a9d28196dd8c8009","hashSHA256":"7fdd92e9e8feeb7404454786f5eafd9c424e0aabc82f3a63f359a820b475b547","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"713","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"bittorrent_installer_240306.exe","isInstaller":"True","fileVersion":"7.11","hashMD5":"098a0b8274d47775ca8dc49fbba067d5","hashSHA1":"de3a6d050a86c78889a5e719ea2dca2da32f2512","hashSHA256":"84044bcdc8a9f2f02ffef19c434428881ef3655a6fdcb7216f029cf12ee9dcd6","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"713","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"bittorrent_installer_240307.exe","isInstaller":"True","fileVersion":"7.11","hashMD5":"5755cab0c0a3ef16f21b60b9f83cb23a","hashSHA1":"786a1dd531bcfb486a1ff6c049c23f606b29b1ee","hashSHA256":"6436ab570c0ec62eccb3d5c80d16712c853d619d883875bc2f75f4aadcc9c98d","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"713","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"bittorrent_installer_240308.exe","isInstaller":"True","fileVersion":"7.11","hashMD5":"c28a37d0c5975028675a4296cdd1eb38","hashSHA1":"9bd8f943992fcf2b8cee9697cdb49a56d824c755","hashSHA256":"374e8d0178f1ff16a5cee34aaada333a8890c7d45e2222b9571babbfdc9211c0","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"713","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"bittorrent_installer_240311.exe","isInstaller":"True","fileVersion":"7.11","hashMD5":"ff454b5053be1ca430d547fb9bde31c0","hashSHA1":"6adfe9f4ee9074df6f7baff293f5a863e70f5224","hashSHA256":"500804a27ff919aa64fce31ecfb2f9e0b26f9077bf1e21981bb953f68b74aa6d","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"713","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"bittorrent_installer_240313.exe","isInstaller":"True","fileVersion":"7.11","hashMD5":"ba0d48a26e798fff2a4f91b5d49feb04","hashSHA1":"5a55752d173348eaa8a2eaa636a2c83403049379","hashSHA256":"e1e1bc0da7d3810e1b848864f41d5b8d24dba1936c02968324ed43b38bff1753","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"713","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Google search- Torrent apps","reference":"","landingPage":"https://www.bittorrent.com/","directDownloadingLink":"https://www.bittorrent.com/downloads/complete/classic/","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.bittorrent.com/downloads/complete/classic/","sourceIndex":"713"}],"sampleFiles":["240314/bittorrentclassic-220201/7.11.0.47013/Samples/bittorrent_installer.exe","240314/bittorrentclassic-220201/7.11.0.47013/Samples/bittorrent_installer_240227.exe","240314/bittorrentclassic-220201/7.11.0.47013/Samples/bittorrent_installer_240301.exe","240314/bittorrentclassic-220201/7.11.0.47013/Samples/bittorrent_installer_240304.exe","240314/bittorrentclassic-220201/7.11.0.47013/Samples/bittorrent_installer_240306.exe","240314/bittorrentclassic-220201/7.11.0.47013/Samples/bittorrent_installer_240307.exe","240314/bittorrentclassic-220201/7.11.0.47013/Samples/bittorrent_installer_240308.exe","240314/bittorrentclassic-220201/7.11.0.47013/Samples/bittorrent_installer_240311.exe","240314/bittorrentclassic-220201/7.11.0.47013/Samples/bittorrent_installer_240313.exe"],"imageFiles":["240314/bittorrentclassic-220201/7.11.0.47013/Images/ACR-042/ACR-042.PNG","240314/bittorrentclassic-220201/7.11.0.47013/Images/ACR-048/ACR-048.PNG","240314/bittorrentclassic-220201/7.11.0.47013/Images/ACR-084/ACR-084.PNG","240314/bittorrentclassic-220201/7.11.0.47013/Images/ACR-097/ACR-097.PNG","240314/bittorrentclassic-220201/7.11.0.47013/Images/ACR-097/ACR-097_1.PNG","240314/bittorrentclassic-220201/7.11.0.47013/Images/ACR-014/ACR-014.PNG","240314/bittorrentclassic-220201/7.11.0.47013/Images/ACR-013/ACR-013.PNG","240314/bittorrentclassic-220201/7.11.0.47013/Images/ACR-013/ACR-013_1.PNG","240314/bittorrentclassic-220201/7.11.0.47013/Images/ACR-013/ACR-013_2.PNG","240314/bittorrentclassic-220201/7.11.0.47013/Images/ACR-060/ACR-060.PNG","240314/bittorrentclassic-220201/7.11.0.47013/Images/ACR-060/ACR-060_1.PNG","240314/bittorrentclassic-220201/7.11.0.47013/Images/ACR-060/ACR-060_2.PNG"],"nonDeceptorImageFiles":["240314/bittorrentclassic-220201/7.11.0.47013/Images/ACR-040/ACR-040.PNG"],"guid":"8da8f4bf-11f6-433a-8109-bb68e205a8fb_7.11.0.47013_1","appID":"bittorrentclassic-220201","dateAdded":"260205","deceptorType":"App","name":"Bittorrent Classic","company":"BitTorrent Inc","version":"7.11.0.47013","lastKnownStatus":"7.10.5.46097;7.10.5.46193;7.10.5.46211;7.11.0.46519;7.11.0.46541;7.11.0.46591;7.11.0.46681;7.11.0.46813;7.11.0.46823;7.11.0.46831;7.11.0.46857;7.11.0.46901;7.11.0.46923;7.11.0.47007;7.11.0.47013;7.11.0.47029;7.11.0.47063;7.11.0.47083;7.11.0.47125;7.11.0.47143;7.11.0.47197","lastKnownDate":"260205","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2026-02-05T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":21,"sortOrder":97},{"violations":{"ACR-042":"The app initiates network communications with 3rd party offer provider immediately after executing the installer.\n","ACR-048":"The app does not provide any control to cancel the installation.\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software.\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software.\n","ACR-084":"On closing the app, application doesn't exit completely. It runs silently in the background, hiding the fact that it is active from the consumer without any notification. \n","ACR-097":"During installation, the app has default setting to evade the default system security guard \"Add an exception for BitTorrent in windows firewall\".\n"},"nonDeceptorViolations":{"ACR-040":"The app drops all its components in the hidden path \"C:\\Users\\User\\AppData\\Roaming\\bittorrent\".\n"},"samples":[{"isRevoked":"False","fileName":"bittorrent_installer.exe","isInstaller":"True","companyName":"                                                            ","productName":"B𝗂tTorrent® Classic                                        ","productVersion":"7.11                                              ","fileVersion":"7.11                ","hashMD5":"2ae9b0e450a934712b9ae98ebfebde36","hashSHA1":"a7255579fc200bf62ec57a72378d5562d199acbe","hashSHA256":"63ded2716c1cef757ccc740c64405ad6e90d55c25b72406c95484c1f188396b7","digitalCertThumbprint":"2454B8E0EA6E609AEF03C83090EE29C284BA586C","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Rainberry Inc","storeId":"","sourceIndex":"734","avBlockList":["COMODO Antivirus (20240606)","ESET Internet Security (20240606)","G DATA INTERNET SECURITY (20240606)","K7 Total Security (20240606)","Malwarebytes Premium (20240606)","Norton Security (20240606)","Panda Dome (20240606)","Quick Heal Internet Security (20240606)","Sophos Home Premium (20240606)","VirIT eXplorer PRO (20240606)","Webroot SecureAnywhere (20240606)","Windows Defender (20240606)"],"avAllowList":["360 Total Security (20240606)","Avast Premium Security (20240606)","AVG Internet Security (20240606)","Avira Internet Security (20240606)","Bitdefender Internet Security (20240606)","Dr.Web Security Space (20240606)","Kaspersky Internet Security (20240606)","McAfee Total Protection (20240606)","SpyHunter5 (20240606)","Total AV Antivirus Pro (20240606)","Trend Micro Internet Security (20240606)","VIPRE Advanced Security (20240606)"]},{"isRevoked":"False","fileName":"bittorrent_installer_240205.exe","isInstaller":"True","fileVersion":"7.11","hashMD5":"c28a37d0c5975028675a4296cdd1eb38","hashSHA1":"9bd8f943992fcf2b8cee9697cdb49a56d824c755","hashSHA256":"374e8d0178f1ff16a5cee34aaada333a8890c7d45e2222b9571babbfdc9211c0","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"734","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"bittorrent_installer_240206.exe","isInstaller":"True","fileVersion":"7.11","hashMD5":"e49f305d0aacb2e07805c1ddec9d37cb","hashSHA1":"c8c18466701dd8c82c3041d15e29c93fd1dc7d75","hashSHA256":"e10ccaced3fa93587e4de2e7cf43f460f8021a9b4aed22ab834e8dcc18ce1736","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"734","avBlockList":["COMODO Antivirus (20240730)","Dr.Web Security Space (20240730)","ESET Internet Security (20240730)","FortectPremium (20240730)","G DATA INTERNET SECURITY (20240730)","K7 Total Security (20240730)","Malwarebytes Premium (20240730)","Norton Security (20240730)","Quick Heal Internet Security (20240730)","Sophos Home Premium (20240730)","VirIT eXplorer PRO (20240730)","Webroot SecureAnywhere (20240730)"],"avAllowList":["360 Total Security (20240730)","Avast Premium Security (20240730)","AVG Internet Security (20240730)","Avira Internet Security (20240730)","Bitdefender Internet Security (20240730)","KasperskyPremium (20240730)","McAfee Total Protection (20240730)","Panda Dome (20240730)","SpyHunter5 (20240730)","Total AV Antivirus Pro (20240730)","Trend Micro Internet Security (20240730)","VIPRE Advanced Security (20240730)","Windows Defender (20240730)"]},{"isRevoked":"False","fileName":"bittorrent_installer_240208.exe","isInstaller":"True","fileVersion":"7.11","hashMD5":"5755cab0c0a3ef16f21b60b9f83cb23a","hashSHA1":"786a1dd531bcfb486a1ff6c049c23f606b29b1ee","hashSHA256":"6436ab570c0ec62eccb3d5c80d16712c853d619d883875bc2f75f4aadcc9c98d","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"734","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"bittorrent_installer_240213.exe","isInstaller":"True","fileVersion":"7.11","hashMD5":"e216db4f3d5c151ae0d171fae64ebb34","hashSHA1":"0147a75651ab8c15012792e6d707911ecaea7d66","hashSHA256":"95de93d1eabeb9aa2293c5628b881110b8caeb50bc95c9873b488cf23a0910cb","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"734","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"bittorrent_installer_241502.exe","isInstaller":"True","fileVersion":"7.11","hashMD5":"81316042cab65a29d2c8d4976d8620b9","hashSHA1":"5fb7a895ee96ecb72808a3430de7bab0f2e694bd","hashSHA256":"12a62635aabba697a8c9e06b8e9aa4a34df5986a0006eb6544d56d6988d856a1","digitalCertThumbprint":"2454B8E0EA6E609AEF03C83090EE29C284BA586C","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, OU=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"734","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Google search- Torrent apps","reference":"","landingPage":"https://www.bittorrent.com/","directDownloadingLink":"https://www.bittorrent.com/downloads/complete/classic/","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.bittorrent.com/downloads/complete/classic/","sourceIndex":"734"}],"sampleFiles":["240215/bittorrentclassic-220201/7.11.0.47007/Samples/bittorrent_installer.exe","240215/bittorrentclassic-220201/7.11.0.47007/Samples/bittorrent_installer_240205.exe","240215/bittorrentclassic-220201/7.11.0.47007/Samples/bittorrent_installer_240206.exe","240215/bittorrentclassic-220201/7.11.0.47007/Samples/bittorrent_installer_240208.exe","240215/bittorrentclassic-220201/7.11.0.47007/Samples/bittorrent_installer_240213.exe","240215/bittorrentclassic-220201/7.11.0.47007/Samples/bittorrent_installer_241502.exe"],"imageFiles":["240215/bittorrentclassic-220201/7.11.0.47007/Images/ACR-042/ACR-042.JPG","240215/bittorrentclassic-220201/7.11.0.47007/Images/ACR-048/ACR-048_Install_1.png","240215/bittorrentclassic-220201/7.11.0.47007/Images/ACR-084/ACR-084_Software_1.png","240215/bittorrentclassic-220201/7.11.0.47007/Images/ACR-097/ACR-097.JPG","240215/bittorrentclassic-220201/7.11.0.47007/Images/ACR-097/ACR-097_Software_1.png","240215/bittorrentclassic-220201/7.11.0.47007/Images/ACR-013/ACR-013 (1).JPG","240215/bittorrentclassic-220201/7.11.0.47007/Images/ACR-013/ACR-013 (2).JPG","240215/bittorrentclassic-220201/7.11.0.47007/Images/ACR-013/ACR-013 (3).JPG","240215/bittorrentclassic-220201/7.11.0.47007/Images/ACR-060/ACR-060 (1).JPG","240215/bittorrentclassic-220201/7.11.0.47007/Images/ACR-060/ACR-060 (2).JPG","240215/bittorrentclassic-220201/7.11.0.47007/Images/ACR-060/ACR-060 (3).JPG"],"nonDeceptorImageFiles":["240215/bittorrentclassic-220201/7.11.0.47007/Images/ACR-040/ACR-040_Install_1.png"],"guid":"8da8f4bf-11f6-433a-8109-bb68e205a8fb_7.11.0.47007_1","appID":"bittorrentclassic-220201","dateAdded":"260205","deceptorType":"App","name":"Bittorrent Classic","company":"BitTorrent Inc","version":"7.11.0.47007","lastKnownStatus":"7.10.5.46097;7.10.5.46193;7.10.5.46211;7.11.0.46519;7.11.0.46541;7.11.0.46591;7.11.0.46681;7.11.0.46813;7.11.0.46823;7.11.0.46831;7.11.0.46857;7.11.0.46901;7.11.0.46923;7.11.0.47007;7.11.0.47013;7.11.0.47029;7.11.0.47063;7.11.0.47083;7.11.0.47125;7.11.0.47143;7.11.0.47197","lastKnownDate":"260205","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2026-02-05T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":21,"sortOrder":98},{"violations":{"ACR-048":"The app does not provide any control to cancel the installation.\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software.\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software.\n","ACR-084":"On closing the app, application doesn't exit completely. It runs silently in the background, hiding the fact that it is active from the consumer without any notification. \n","ACR-097":"During installation, the app has default setting to evade the default system security guard \"Add an exception for BitTorrent in windows firewall\".\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"C:\\Users\\User\\AppData\\Roaming\\bittorrent\\BitTorrent.exe","companyName":"BitTorrent Inc.","productName":"BitTorrent","productVersion":"7.11.0.46923","fileVersion":"7.11.0.46923","hashMD5":"0b59e28104dde558b7418335b4a06249","hashSHA1":"4e6e1501b0a581af528e111c49acae53596cd405","hashSHA256":"8247c1bf99a3e892037ddc52cf0a2775fd1f45b7a3215ec034ea4a6eb792e2ee","digitalCertThumbprint":"09AFB68255629E565090CAC7EA49AAD67143FA93","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Rainberry Inc","storeId":"","sourceIndex":"737","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"bittorrent_installer.exe","isInstaller":"True","companyName":"                                                            ","productName":"BіtТorrеnt® Classic                                         ","productVersion":"7.11                                              ","fileVersion":"7.11                ","hashMD5":"2bbb345d53883f05a32cc1389b5dda0d","hashSHA1":"17e7dfe087417d4b6077b43316999bdc3d85aa05","hashSHA256":"dea487953f984f1dae0207e60f4d5a690020c69725b6143fbcac1c7fc5b4daad","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Rainberry Inc","storeId":"","sourceIndex":"737","avBlockList":["COMODO Antivirus (20240102)","Dr.Web Security Space (20240102)","ESET Internet Security (20240102)","G DATA INTERNET SECURITY (20240102)","Malwarebytes Premium (20240102)","Norton Security (20240102)","Panda Dome (20240102)","Quick Heal Internet Security (20240102)","Sophos Home Premium (20240102)","VirIT eXplorer PRO (20240102)","Webroot SecureAnywhere (20240102)"],"avAllowList":["360 Total Security (20240102)","Avast Premium Security (20240102)","AVG Internet Security (20240102)","Avira Internet Security (20240102)","Bitdefender Internet Security (20240102)","K7 Total Security (20240102)","Kaspersky Internet Security (20240102)","McAfee Total Protection (20240102)","SpyHunter5 (20240102)","Total AV Antivirus Pro (20240102)","Trend Micro Internet Security (20240102)","VIPRE Advanced Security (20240102)","Windows Defender (20240102)"]},{"isRevoked":"False","fileName":"bittorrent_installer%20_231116.exe","isInstaller":"True","fileVersion":"7.11","hashMD5":"61b143f7c821635e522df5e2cccc7bf2","hashSHA1":"86d0ef8dd9caf2395c584f949b9109d9056467b7","hashSHA256":"4e96ac87931107ec25a8160d01e2f9eb96adfe339e4e4bb5003f7092556cdc4f","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"737","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"bittorrent_installer_231117.exe","isInstaller":"True","fileVersion":"7.11","hashMD5":"22caeb0a03bab237670382bc1de66a51","hashSHA1":"4b18a6914edcc870f9c7c1d847fcbef4a787b9e7","hashSHA256":"fe1867563cf826aa5887d95c7ec523b4090da9da4ed8c61bf37378559411628d","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"737","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"bittorrent_installer_231120.exe","isInstaller":"True","fileVersion":"7.11","hashMD5":"41f09d291e0c5e21d291e9e5792f0494","hashSHA1":"5914696d753aaeaef75cf3700819f1e4a8089d8e","hashSHA256":"d91ce3589f0e932882f3b5a0ec8cdb16d0865903cb92a43e6eac2a08154b1cd3","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"737","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"bittorrent_installer_231124.exe","isInstaller":"True","fileVersion":"7.11","hashMD5":"26a14b97ffece09e30c47cc7a7ba3651","hashSHA1":"c996b73757c464126ff5cb5b508b95739b98f196","hashSHA256":"34499e29f6477f82cc2a97f9b35a6d8d291540ad1c4e7b135d650ab8d5de97b9","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"737","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"bittorrent_installer_231204.exe","isInstaller":"True","fileVersion":"7.11","hashMD5":"d86827540b2444640a893555a591b898","hashSHA1":"1fd50136e595c13cc97c8e039375e1d9b588ae43","hashSHA256":"f559eb2923c34f8be09400f281c193ded59c964af46ccccecefb23c6b433c63a","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"737","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"bittorrent_installer_231211.exe","isInstaller":"True","fileVersion":"7.11","hashMD5":"af89bfe5b99ae7d3366bbaef21c8953f","hashSHA1":"9687f04b72ddf5bf113fab886fdc367552f7f065","hashSHA256":"b97203d90fb3e45a97d6feed672a3733c66178fff7c036ea225cd902ba1e8e30","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"737","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"bittorrent_installer_231226.exe","isInstaller":"True","fileVersion":"7.11","hashMD5":"7c88c32e6ea5f9dadcf605e8af7ec646","hashSHA1":"aca64e43f1e8cb6f24f3937466de1a7716a69291","hashSHA256":"ffb4037551ad83ca1c4c32e576192a322ce37261be0c75a808b9abe9e87020b5","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"737","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"bittorrent_installer_240103.exe","isInstaller":"True","fileVersion":"7.11","hashMD5":"75e906e76810d2eddb8d7a9aecff350e","hashSHA1":"8f1afcac6b5f733ff059f4411b924089ef663558","hashSHA256":"e7f7cf2df7f5b9bf97a07d827505007d7642d14fac06e8539dc8896ee170d662","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"737","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"bittorrent_installer_240109.exe","isInstaller":"True","fileVersion":"7.11","hashMD5":"365233466d59c91300c0679e9419b05e","hashSHA1":"6033b633b0beea1f5a2d97346d0dfeb9f37d81c2","hashSHA256":"6a8f80cdcb5ee26b48808294996a07c7db42b0d91d273ad55c21c147e639d57d","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"737","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"bittorrent_installer_220124.exe","isInstaller":"True","fileVersion":"7.11","hashMD5":"6069a460fc49fe3c9eaf3cfc48d52f3d","hashSHA1":"22de7fa52810c423c9cc9b1a1a262cc44d362c0d","hashSHA256":"04a2d88ebab867759172ad5fd262d26d32d28efc59453d44dffe2ff66a44cacf","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"737","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"bittorrent_installer_240130.exe","isInstaller":"True","fileVersion":"7.11","hashMD5":"230ac98b633147568e785e1132d561e2","hashSHA1":"1d97a3d58276dabdf1b37e93ae7b64b998c741aa","hashSHA256":"06836db659ca536a8093390bcd5078d809eaee40cc6204e02767d8e6f31d1566","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"737","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"bittorrent_installer_230207.exe","isInstaller":"True","fileVersion":"7.11","hashMD5":"09f08b171c529814ceae70f0a6b899af","hashSHA1":"ce4113ca1744d121b2fb1c8291272a90969d0ab0","hashSHA256":"67aee9c4c702655cd07e59115cbf70fdaa60d9a8f957bc8856b3101db600e2e9","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"737","avBlockList":["COMODO Antivirus (20240801)","Dr.Web Security Space (20240801)","ESET Internet Security (20240801)","FortectPremium (20240801)","G DATA INTERNET SECURITY (20240801)","K7 Total Security (20240801)","Malwarebytes Premium (20240801)","Norton Security (20240801)","Sophos Home Premium (20240801)","VirIT eXplorer PRO (20240801)","Webroot SecureAnywhere (20240801)"],"avAllowList":["360 Total Security (20240801)","Avast Premium Security (20240801)","AVG Internet Security (20240801)","Avira Internet Security (20240801)","Bitdefender Internet Security (20240801)","KasperskyPremium (20240801)","McAfee Total Protection (20240801)","Panda Dome (20240801)","Quick Heal Internet Security (20240801)","SpyHunter5 (20240801)","Total AV Antivirus Pro (20240801)","Trend Micro Internet Security (20240801)","VIPRE Advanced Security (20240801)","Windows Defender (20240801)"]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on Torrent apps","reference":"","landingPage":"https://www.bittorrent.com/products/win/bittorrent-web-free/","directDownloadingLink":"https://www.bittorrent.com/downloads/complete/classic/","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.bittorrent.com/downloads/complete/classic/","sourceIndex":"737"}],"sampleFiles":["240207/bittorrentclassic-220201/7.11.0.46923/Samples/bittorrent_installer.exe","240207/bittorrentclassic-220201/7.11.0.46923/Samples/bittorrent_installer%20_231116.exe","240207/bittorrentclassic-220201/7.11.0.46923/Samples/bittorrent_installer_231117.exe","240207/bittorrentclassic-220201/7.11.0.46923/Samples/bittorrent_installer_231120.exe","240207/bittorrentclassic-220201/7.11.0.46923/Samples/bittorrent_installer_231124.exe","240207/bittorrentclassic-220201/7.11.0.46923/Samples/bittorrent_installer_231204.exe","240207/bittorrentclassic-220201/7.11.0.46923/Samples/bittorrent_installer_231211.exe","240207/bittorrentclassic-220201/7.11.0.46923/Samples/bittorrent_installer_231226.exe","240207/bittorrentclassic-220201/7.11.0.46923/Samples/bittorrent_installer_240103.exe","240207/bittorrentclassic-220201/7.11.0.46923/Samples/bittorrent_installer_240109.exe","240207/bittorrentclassic-220201/7.11.0.46923/Samples/bittorrent_installer_220124.exe","240207/bittorrentclassic-220201/7.11.0.46923/Samples/bittorrent_installer_240130.exe","240207/bittorrentclassic-220201/7.11.0.46923/Samples/bittorrent_installer_230207.exe"],"imageFiles":["240207/bittorrentclassic-220201/7.11.0.46923/Images/ACR-048/ACR-048.JPG","240207/bittorrentclassic-220201/7.11.0.46923/Images/ACR-084/ACR-084.JPG","240207/bittorrentclassic-220201/7.11.0.46923/Images/ACR-097/ACR-097.JPG","240207/bittorrentclassic-220201/7.11.0.46923/Images/ACR-097/ACR-097_1.JPG","240207/bittorrentclassic-220201/7.11.0.46923/Images/ACR-013/ACR-013.JPG","240207/bittorrentclassic-220201/7.11.0.46923/Images/ACR-013/ACR-013_1.JPG","240207/bittorrentclassic-220201/7.11.0.46923/Images/ACR-013/ACR-013_2.JPG","240207/bittorrentclassic-220201/7.11.0.46923/Images/ACR-060/ACR-060.JPG","240207/bittorrentclassic-220201/7.11.0.46923/Images/ACR-060/ACR-060_1.JPG","240207/bittorrentclassic-220201/7.11.0.46923/Images/ACR-060/ACR-060_2.JPG"],"nonDeceptorImageFiles":[],"guid":"8da8f4bf-11f6-433a-8109-bb68e205a8fb_7.11.0.46923_1","appID":"bittorrentclassic-220201","dateAdded":"260205","deceptorType":"App","name":"Bittorrent Classic","company":"BitTorrent Inc","version":"7.11.0.46923","lastKnownStatus":"7.10.5.46097;7.10.5.46193;7.10.5.46211;7.11.0.46519;7.11.0.46541;7.11.0.46591;7.11.0.46681;7.11.0.46813;7.11.0.46823;7.11.0.46831;7.11.0.46857;7.11.0.46901;7.11.0.46923;7.11.0.47007;7.11.0.47013;7.11.0.47029;7.11.0.47063;7.11.0.47083;7.11.0.47125;7.11.0.47143;7.11.0.47197","lastKnownDate":"260205","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2026-02-05T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":21,"sortOrder":99},{"violations":{"ACR-042":"App drops hidden file/potential offer app info in hidden folder without user permission.\n","ACR-043":"The \"Bit Torrent Classic\" components get dropped in one click without asking the user's permission and disclosing the installation path.\n","ACR-048":"The app does not provide any control to cancel the installation. Even on canceling it installs the application.\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software.\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software.\n","ACR-084":"On closing the app, application doesn't exit completely. It runs silently in the background, hiding the fact that it is active from the consumer without any notification. \n","ACR-097":"During installation, the app has default setting to evade the default system security guard \"Add an exception for BitTorrent in windows firewall\".\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"C:\\Users\\User\\AppData\\Roaming\\bittorrent\\BitTorrent.exe","companyName":"BitTorrent Inc.","productName":"BitTorrent","productVersion":"7.11.0.46831","fileVersion":"7.11.0.46831","hashMD5":"35b12f3b4ffff52eab5f32cb32fbde63","hashSHA1":"eecbef6d301c53bd5ac53b69071093ad8b75c47c","hashSHA256":"d262dddadd4aff06e70c4aa9aba805a1ec32414691a9f3741800c8c0522e0ad3","digitalCertThumbprint":"09AFB68255629E565090CAC7EA49AAD67143FA93","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Rainberry Inc","storeId":"","sourceIndex":"805","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"bittorrent_installer.exe","isInstaller":"True","companyName":"                                                            ","productName":"BitTorrent® Classic                                         ","productVersion":"7.11                                              ","fileVersion":"7.11                ","hashMD5":"2c060f9ce1e0e2ad57865817a7eaad65","hashSHA1":"7b48105cd53500f45dd2bc0bf830c57a8932d81c","hashSHA256":"ae252f256a9df7862c009b1e277448e74381e0b2d1620e574afa96736aed1e58","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Rainberry Inc","storeId":"","sourceIndex":"805","avBlockList":["COMODO Antivirus (20230905)","Dr.Web Security Space (20230905)","ESET Internet Security (20230905)","G DATA INTERNET SECURITY (20230905)","K7 Total Security (20230905)","Malwarebytes Premium (20230905)","Norton Security (20230905)","Panda Dome (20230905)","Quick Heal Internet Security (20230905)","Sophos Home Premium (20230905)","VirIT eXplorer PRO (20230905)","Webroot SecureAnywhere (20230905)"],"avAllowList":["360 Total Security (20230905)","Avast Premium Security (20230905)","AVG Internet Security (20230905)","Avira Internet Security (20230905)","Bitdefender Internet Security (20230905)","Kaspersky Internet Security (20230905)","McAfee Total Protection (20230905)","SpyHunter5 (20230905)","Total AV Antivirus Pro (20230905)","Trend Micro Internet Security (20230905)","VIPRE Advanced Security (20230905)","Windows Defender (20230905)"]},{"isRevoked":"False","fileName":"bittorrent_installer-072723.exe","isInstaller":"True","fileVersion":"7.11","hashMD5":"3d71296c35a8c4183200e2b7938c9509","hashSHA1":"6923ab44dd675e976090d9e4b364493ce99c5680","hashSHA256":"0f9b4c9d435e43ed1a37edfc35c8f20c77ea745fea4376c79e2947dbe4bb23c2","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"805","avBlockList":["COMODO Antivirus (20230919)","Dr.Web Security Space (20230919)","ESET Internet Security (20230919)","G DATA INTERNET SECURITY (20230919)","K7 Total Security (20230919)","Malwarebytes Premium (20230919)","Norton Security (20230919)","Panda Dome (20230919)","Quick Heal Internet Security (20230919)","Sophos Home Premium (20230919)","VirIT eXplorer PRO (20230919)","Webroot SecureAnywhere (20230919)"],"avAllowList":["360 Total Security (20230919)","Avast Premium Security (20230919)","AVG Internet Security (20230919)","Avira Internet Security (20230919)","Bitdefender Internet Security (20230919)","Kaspersky Internet Security (20230919)","McAfee Total Protection (20230919)","SpyHunter5 (20230919)","Total AV Antivirus Pro (20230919)","Trend Micro Internet Security (20230919)","VIPRE Advanced Security (20230919)","Windows Defender (20230919)"]},{"isRevoked":"False","fileName":"bittorrent_installer_230821.exe","isInstaller":"True","fileVersion":"7.11","hashMD5":"33616e1fb52807431ae397263050fb2c","hashSHA1":"d4a5a533b5a547378003c0111232aeaf0b8ac5e6","hashSHA256":"720ce6970bb7e677deb3e6f0fc8ed3ffd7517c87a6d5f2add55f74b6aae5dad2","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"805","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"btweb_installer_1.exe","isInstaller":"True","fileVersion":"1.4","hashMD5":"c7848e55b0883548fed699baa89486bf","hashSHA1":"b4665bbca06c579615dede0d56a415e67c741316","hashSHA256":"85b2623fb1851b2e86701030e13e5fc41301551c29b00715be5871fd74d49eb9","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"805","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on windows app","reference":"","landingPage":"https://www.bittorrent.com/products/win/bittorrent-classic-free","directDownloadingLink":"https://www.bittorrent.com/downloads/complete/classic","ipv4":"","ipv6":"","landingPageWildChar":"","directDownloadingLinkWildChar":"https://www.bittorrent.com/downloads/complete/classic","sourceIndex":"805"}],"sampleFiles":["231117/bittorrentclassic-220201/7.11.0.46831/Samples/bittorrent_installer.exe","231117/bittorrentclassic-220201/7.11.0.46831/Samples/bittorrent_installer-072723.exe"],"imageFiles":["231117/bittorrentclassic-220201/7.11.0.46831/Images/ACR-043/ACR-043.JPG","231117/bittorrentclassic-220201/7.11.0.46831/Images/ACR-042/ACR-042.JPG","231117/bittorrentclassic-220201/7.11.0.46831/Images/ACR-048/ACR-048.JPG","231117/bittorrentclassic-220201/7.11.0.46831/Images/ACR-084/ACR-084_Software_1.png","231117/bittorrentclassic-220201/7.11.0.46831/Images/ACR-097/ACR-097.JPG","231117/bittorrentclassic-220201/7.11.0.46831/Images/ACR-097/ACR-097_1.JPG","231117/bittorrentclassic-220201/7.11.0.46831/Images/ACR-013/ACR-013.JPG","231117/bittorrentclassic-220201/7.11.0.46831/Images/ACR-013/ACR-013_1.JPG","231117/bittorrentclassic-220201/7.11.0.46831/Images/ACR-013/ACR-013_2.JPG","231117/bittorrentclassic-220201/7.11.0.46831/Images/ACR-060/ACR-060.JPG","231117/bittorrentclassic-220201/7.11.0.46831/Images/ACR-060/ACR-060_1.JPG","231117/bittorrentclassic-220201/7.11.0.46831/Images/ACR-060/ACR-060_2.JPG"],"nonDeceptorImageFiles":[],"guid":"8da8f4bf-11f6-433a-8109-bb68e205a8fb_7.11.0.46831_1","appID":"bittorrentclassic-220201","dateAdded":"260205","deceptorType":"App","name":"Bittorrent Classic","company":"BitTorrent Inc","version":"7.11.0.46831","lastKnownStatus":"7.10.5.46097;7.10.5.46193;7.10.5.46211;7.11.0.46519;7.11.0.46541;7.11.0.46591;7.11.0.46681;7.11.0.46813;7.11.0.46823;7.11.0.46831;7.11.0.46857;7.11.0.46901;7.11.0.46923;7.11.0.47007;7.11.0.47013;7.11.0.47029;7.11.0.47063;7.11.0.47083;7.11.0.47125;7.11.0.47143;7.11.0.47197","lastKnownDate":"260205","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2026-02-05T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":21,"sortOrder":100},{"violations":{"ACR-042":"App drops hidden file/potential offer app info in hidden folder without user permission.\n","ACR-043":"The \"Bit Torrent Classic\" components get dropped in one click without asking the user's permission and disclosing the installation path.\n","ACR-048":"The app does not provide any control to cancel the installation. Even on canceling it installs the application.\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software.\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software.\n","ACR-084":"On closing the app, application doesn't exit completely. It runs silently in the background, hiding the fact that it is active from the consumer without any notification. \n","ACR-097":"During installation, the app has default setting to evade the default system security guard \"Add an exception for BitTorrent in windows firewall\".\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"BitTorrent.exe","companyName":"BitTorrent Inc.","fileVersion":"7.11","hashMD5":"7efa4405d75282464fe3b5c1c50b0ad6","hashSHA1":"c3d6599eb4ff5078421fb99705e782c9e013737c","hashSHA256":"99b4cd3814dec4e9178fd5292f25aaa19f1b90aa8576b193ade18cf4a10a9024","digitalCertThumbprint":"09AFB68255629E565090CAC7EA49AAD67143FA93","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"886","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"bittorrent_installer.exe","isInstaller":"True","fileVersion":"7.11","hashMD5":"3d71296c35a8c4183200e2b7938c9509","hashSHA1":"6923ab44dd675e976090d9e4b364493ce99c5680","hashSHA256":"0f9b4c9d435e43ed1a37edfc35c8f20c77ea745fea4376c79e2947dbe4bb23c2","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"886","avBlockList":["COMODO Antivirus (20230919)","Dr.Web Security Space (20230919)","ESET Internet Security (20230919)","G DATA INTERNET SECURITY (20230919)","K7 Total Security (20230919)","Malwarebytes Premium (20230919)","Norton Security (20230919)","Panda Dome (20230919)","Quick Heal Internet Security (20230919)","Sophos Home Premium (20230919)","VirIT eXplorer PRO (20230919)","Webroot SecureAnywhere (20230919)"],"avAllowList":["360 Total Security (20230919)","Avast Premium Security (20230919)","AVG Internet Security (20230919)","Avira Internet Security (20230919)","Bitdefender Internet Security (20230919)","Kaspersky Internet Security (20230919)","McAfee Total Protection (20230919)","SpyHunter5 (20230919)","Total AV Antivirus Pro (20230919)","Trend Micro Internet Security (20230919)","VIPRE Advanced Security (20230919)","Windows Defender (20230919)"]},{"isRevoked":"False","fileName":"bittorrent_installer1.exe","isInstaller":"True","fileVersion":"7.11","hashMD5":"67fc95f638917d51663ec4326e39a236","hashSHA1":"b0bb3af91487cb53fb29acaac28024c018838dd9","hashSHA256":"8d41b40690e35ec621bff84bda80e36f31d8418544d78087ca8bcbfac0fafeb0","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"886","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"bittorrent_installer2.exe","isInstaller":"True","fileVersion":"7.11","hashMD5":"8fd7113b169042d3db11b1e10267ff52","hashSHA1":"841f1cb40b5c92a22d6e0e759ccd072a5b623e4b","hashSHA256":"0933f9a4ebb55cd3508bd2c782d5a33f578491e7e79d4e024192fc83231a4eec","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"886","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"bittorrent_installer_110823.exe","isInstaller":"True","fileVersion":"7.11","hashMD5":"2a59b41ca9b7aec80ee6612dc2c6309a","hashSHA1":"a77bb8d51e20f4073f66a7973957a1a8fff36d50","hashSHA256":"6b3f4314223f257e2ed7d290fed709b5d17e2e4d467a8f9a10442a22f534c146","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"886","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"bittorrent_installer_230815.exe","isInstaller":"True","fileVersion":"7.11","hashMD5":"3d6fbc619fc8d787e6de436dc304160e","hashSHA1":"b797d82d33f4b792db37a6942ddb1f0335908107","hashSHA256":"1fe94e4a1593f6b70b698017b6efcd955e55bafabe3e79401cf192dd45166e1d","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"886","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"bittorrent_installer_230818.exe","isInstaller":"True","fileVersion":"7.11","hashMD5":"3835f4b79fcd3623d27e93ed8df79f86","hashSHA1":"c182e7e6e677d3190f6396a48e8a14f267036f4e","hashSHA256":"274f7c4a8fc2ec48d8f8fef83cdefc5bc0d1d41f7db6d9bccca41e5a319a50fe","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"886","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"bittorrent_installer_230821.exe","isInstaller":"True","fileVersion":"7.11","hashMD5":"33616e1fb52807431ae397263050fb2c","hashSHA1":"d4a5a533b5a547378003c0111232aeaf0b8ac5e6","hashSHA256":"720ce6970bb7e677deb3e6f0fc8ed3ffd7517c87a6d5f2add55f74b6aae5dad2","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"886","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"bittorrent_installer_230823.exe","isInstaller":"True","fileVersion":"7.11","hashMD5":"ffef3f26f81233b9e35c82aa7c7b60a3","hashSHA1":"81cf282613397542da144c017d6173fbac61698a","hashSHA256":"ca5fa638986e10239d4df8c8144cc1e3af22f363dc51452ce0bd083e577c73ae","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"886","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"bittorrent_installer_230825.exe","isInstaller":"True","fileVersion":"7.11","hashMD5":"4ad4dbc8e036888532e797a8a4c05b6d","hashSHA1":"1dd888e068f6f0bf2acfbe3fdb49747da065cb62","hashSHA256":"a733ce13d26acb22da77a2f15b481c435a1daa52fca3190e0c62271e78de05c6","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"886","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"bittorrent_installer_230829.exe","isInstaller":"True","fileVersion":"7.11","hashMD5":"1ae46aef996e1c20f9c7369b52259485","hashSHA1":"347ce6b8af410a2b11a0f2b25780c7a5cbd20374","hashSHA256":"68cd45de3153a2c1ac540f561954fff3fd48d3c6d7f0cd00c447456b25296504","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"886","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"bittorrent_installer_230831.exe","isInstaller":"True","fileVersion":"7.11","hashMD5":"60bed0a00409e3af3842181cccedb6da","hashSHA1":"098cdb8aa62e500f492df02cf65df1de5f42c456","hashSHA256":"10a4e72820a0c0ef437a337a86e108b92765f1099b5337415754864737dcbc2e","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"886","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"bittorrent_installer_230904.exe","isInstaller":"True","fileVersion":"7.11","hashMD5":"c006e449a9596d8651b13dd5f54c2579","hashSHA1":"c8c20bf2053b9fb30d9dabecc5e9e84ce15432b6","hashSHA256":"60f13e4576cf07ceb1af45e2926e90cf3b3ec8d297861ae5e582d2177e8df010","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"886","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"bittorrent_installerr_230911.exe","isInstaller":"True","fileVersion":"7.11","hashMD5":"8576c91b540d5c9019d40b09348ffc1c","hashSHA1":"98766f62a6086392c2277b9ae154c0af33005a46","hashSHA256":"8d5939576504e48863064ba2ad720c909c20411658f9f729f810c2931f5fc9a6","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"886","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"bittorrent_installer_230912.exe","isInstaller":"True","fileVersion":"7.11","hashMD5":"ba549cb782e6469f8e7f458492961241","hashSHA1":"c9be5f243a0348ff1370b4ac3ddfccf468c9f9d6","hashSHA256":"bad81d9a627bdaf7cadf2b1a6114b14fb562abcab1473d5b84287dc3d0701246","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"886","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"bittorrent_installer_20230915.exe","isInstaller":"True","fileVersion":"7.11","hashMD5":"c7fb2df616ce42d1da4ca8d8ead4c386","hashSHA1":"9914bae1a4cd8d05bcb5089db70c00951ef2b3cc","hashSHA256":"047790a71a8a1bba7bd3e86a7799cb7ba86048289374f5bda377991729e90608","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"886","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"bittorrent_installer230921.exe","isInstaller":"True","fileVersion":"7.11","hashMD5":"abc8ad57639be9816e7fe3abf28ddc89","hashSHA1":"248471efc962c1965a11c6b9d85bc121b7f36901","hashSHA256":"f1d6484a01bdc5a7a6d2ed01ffbec60550535f24ac0174f003a94b8faaa3ff71","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"886","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"bittorrent_installer_230926.exe","isInstaller":"True","fileVersion":"7.11","hashMD5":"990467aa3ce8c422a0e1169f2ed00d3b","hashSHA1":"f262b78907d57a9554a32e19ee412fa3a8ec3acc","hashSHA256":"329c164b6f568291ded312f52fe8e1d5f3d97520c505a23c68538ac122b19ff2","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"886","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"bittorrent_installer_20230927.exe","isInstaller":"True","fileVersion":"7.11","hashMD5":"88c220796518b38d32b00d0a85698da3","hashSHA1":"8e5db91ff4753516585dadc9303b6fda271760d9","hashSHA256":"ae084d6968bb204038b71264e0f29c6a096eff0e59af59f0b37c53e589abd3e9","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"886","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"bittorrent_installer-230928.exe","isInstaller":"True","fileVersion":"7.11","hashMD5":"86cc5bca9e216179c94d640da2788135","hashSHA1":"bdeaa98ddac4f549caade0caad6e19e77e23c7f2","hashSHA256":"a645b03f370917a49f724c26dbf0d6815d2ecebbb0c7d6b585856779b35d0fe8","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"886","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Google search- Torrent apps","reference":"","landingPage":"https://www.bittorrent.com/","directDownloadingLink":"https://www.bittorrent.com/downloads/complete/classic/","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.bittorrent.com/downloads/complete/classic/","sourceIndex":"886"}],"sampleFiles":["230928/bittorrentclassic-220201/7.11.0.46857/Samples/BitTorrent.exe","230928/bittorrentclassic-220201/7.11.0.46857/Samples/bittorrent_installer.exe","230928/bittorrentclassic-220201/7.11.0.46857/Samples/bittorrent_installer1.exe","230928/bittorrentclassic-220201/7.11.0.46857/Samples/bittorrent_installer2.exe","230928/bittorrentclassic-220201/7.11.0.46857/Samples/bittorrent_installer_110823.exe","230928/bittorrentclassic-220201/7.11.0.46857/Samples/bittorrent_installer_230815.exe","230928/bittorrentclassic-220201/7.11.0.46857/Samples/bittorrent_installer_230818.exe","230928/bittorrentclassic-220201/7.11.0.46857/Samples/bittorrent_installer_230821.exe","230928/bittorrentclassic-220201/7.11.0.46857/Samples/bittorrent_installer_230823.exe","230928/bittorrentclassic-220201/7.11.0.46857/Samples/bittorrent_installer_230825.exe","230928/bittorrentclassic-220201/7.11.0.46857/Samples/bittorrent_installer_230829.exe","230928/bittorrentclassic-220201/7.11.0.46857/Samples/bittorrent_installer_230831.exe","230928/bittorrentclassic-220201/7.11.0.46857/Samples/bittorrent_installer_230904.exe","230928/bittorrentclassic-220201/7.11.0.46857/Samples/bittorrent_installerr_230911.exe","230928/bittorrentclassic-220201/7.11.0.46857/Samples/bittorrent_installer_230912.exe","230928/bittorrentclassic-220201/7.11.0.46857/Samples/bittorrent_installer_20230915.exe","230928/bittorrentclassic-220201/7.11.0.46857/Samples/bittorrent_installer230921.exe","230928/bittorrentclassic-220201/7.11.0.46857/Samples/bittorrent_installer_230926.exe","230928/bittorrentclassic-220201/7.11.0.46857/Samples/bittorrent_installer_20230927.exe","230928/bittorrentclassic-220201/7.11.0.46857/Samples/bittorrent_installer-230928.exe"],"imageFiles":["230928/bittorrentclassic-220201/7.11.0.46857/Images/ACR-043/BTC_ACR-042_043.jpg","230928/bittorrentclassic-220201/7.11.0.46857/Images/ACR-042/BTC_ACR-042_043.jpg","230928/bittorrentclassic-220201/7.11.0.46857/Images/ACR-048/BTC_ACR-048.jpg","230928/bittorrentclassic-220201/7.11.0.46857/Images/ACR-084/BTC_ACR-084.jpg","230928/bittorrentclassic-220201/7.11.0.46857/Images/ACR-097/BTC_ACR-097.jpg","230928/bittorrentclassic-220201/7.11.0.46857/Images/ACR-013/BTC_OptionalOffer.jpg","230928/bittorrentclassic-220201/7.11.0.46857/Images/ACR-060/BTC_OptionalOffer.jpg"],"nonDeceptorImageFiles":[],"guid":"8da8f4bf-11f6-433a-8109-bb68e205a8fb_7.11.0.46857_1","appID":"bittorrentclassic-220201","dateAdded":"260205","deceptorType":"App","name":"Bittorrent Classic","company":"BitTorrent Inc","version":"7.11.0.46857","lastKnownStatus":"7.10.5.46097;7.10.5.46193;7.10.5.46211;7.11.0.46519;7.11.0.46541;7.11.0.46591;7.11.0.46681;7.11.0.46813;7.11.0.46823;7.11.0.46831;7.11.0.46857;7.11.0.46901;7.11.0.46923;7.11.0.47007;7.11.0.47013;7.11.0.47029;7.11.0.47063;7.11.0.47083;7.11.0.47125;7.11.0.47143;7.11.0.47197","lastKnownDate":"260205","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2026-02-05T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":21,"sortOrder":102},{"violations":{"ACR-043":"The \"Bittorrent\" components get dropped in one click without asking the user's permission and disclosing the installation path.\n","ACR-048":"The app does not provide any control to cancel the installation. Even on canceling it installs the application.\n","ACR-084":"On closing the app, application doesn't exit completely. It runs silently in the background, hiding the fact that it is active from the consumer without any notification. \n","ACR-097":"During installation, the app has an option to evade the default system security guard \"Add an exception for BitTorrent in windows firewall\".\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components on the device without the consumer's consent.\n","ACR-057":"Offers don't have clear way for user to accept or decline. \n","ACR-055":"The accept/Decline options are not consistent for offers. \n"},"nonDeceptorViolations":{"ACR-092":"The app does not have a digital signature for the executable \"bittorrentie.exe\"\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Users\\User\\AppData\\Roaming\\bittorrent\\BitTorrent.exe","companyName":"BitTorrent Inc.","productName":"BitTorrent","productVersion":"7.11.0.46541","fileVersion":"7.11.0.46541","hashMD5":"159d80d8deaa583aabb2ce7a9290c5d3","hashSHA1":"605021e0a5e6183635db530ce5f5d615b403ece7","hashSHA256":"a268255938ecb743ace3e7ca8c965d084d05370d00b30751cd651f184becfd34","digitalCertThumbprint":"94B5B937366BAF324364380B0694A0D8E32A08E2","digitalCertIssuer":"Symantec Class 3 SHA256 Code Signing CA","digitalCertIssuedTo":"BitTorrent Inc","storeId":"","sourceIndex":"1361","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Users\\User\\AppData\\Roaming\\bittorrent\\updates\\7.11.0_46541\\bittorrentie.exe","companyName":"BitTorrent Inc.","productName":"","productVersion":"","fileVersion":"1.0.0","hashMD5":"208e7fc415a0b98ce154440dfe23cb38","hashSHA1":"4b7f2e052916fc738f4d0a37f94672e037fffaef","hashSHA256":"6b3f9543e3a8acaf6dfeaf6165a428246f4e0922489f634f6322916e5242053f","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1361","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Users\\User\\AppData\\Roaming\\bittorrent\\btfs\\btfs.exe","companyName":"BitTorrent Inc","productName":"BTFS","productVersion":"2.1.3","fileVersion":"2.1.3","hashMD5":"4a4c20378a5ee26188d437ea4d085242","hashSHA1":"9a1b148adfafe0631a7856452f2dd0c3473a0e5c","hashSHA256":"061870bfafb79fa6cf681ccb06f120769319626f1d9648ca2ecca237b82b2999","digitalCertThumbprint":"534AA6D3D1999D01686D94A9CF2940EF10286D08","digitalCertIssuer":"Go Daddy Secure Certificate Authority - G2","digitalCertIssuedTo":"Bittorrent Inc.","storeId":"","sourceIndex":"1361","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Users\\User\\AppData\\Roaming\\bittorrent\\helper\\helper.exe","companyName":"BitTorrent Inc.","productName":"µTorrent Helper","productVersion":"2.1.4.2372","fileVersion":"2.1.4.2372","hashMD5":"0c837d99d77466bb61788fa30b4470fe","hashSHA1":"02d1d3ab0b30b77a3ecae78058a672ba1ea5076d","hashSHA256":"dbedd973360c6952a406ec765e7c766c3940a5e8c5aa9763172497bea51d1e93","digitalCertThumbprint":"94B5B937366BAF324364380B0694A0D8E32A08E2","digitalCertIssuer":"Symantec Class 3 SHA256 Code Signing CA","digitalCertIssuedTo":"BitTorrent Inc","storeId":"","sourceIndex":"1361","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"bittorrent_installer.exe","isInstaller":"True","companyName":"Rainberry Inc.","productName":"bittorrent","productVersion":"7.11.0.46541","fileVersion":"7.11.0.46541","hashMD5":"d71024c8f5014b93670c5b6807721e44","hashSHA1":"2d16a99347a8362406264614fc5c8f220e06b94a","hashSHA256":"32ce0a6c6b8eb0982bebf282e3f8b7391636d6b27a6be6621e73862d4c0a1996","digitalCertThumbprint":"6210E153E85031347F0884CBC539E100D920A5B5","digitalCertIssuer":"Entrust Extended Validation Code Signing CA - EVCS2","digitalCertIssuedTo":"Rainberry Inc.","storeId":"","sourceIndex":"1361","avBlockList":["360 Total Security (20230404)","Dr.Web Security Space (20230404)","ESET Internet Security (20230404)","K7 Total Security (20230404)","McAfee Total Protection (20230404)","Norton Security (20230404)","Panda Dome (20230404)","Sophos Home Premium (20230404)","VirIT eXplorer PRO (20230404)","Webroot SecureAnywhere (20230404)"],"avAllowList":["Avast Premium Security (20230404)","AVG Internet Security (20230404)","Avira Internet Security (20230404)","Bitdefender Internet Security (20230404)","COMODO Antivirus (20230404)","G DATA INTERNET SECURITY (20230404)","Kaspersky Internet Security (20230404)","Malwarebytes Premium (20230404)","Quick Heal Internet Security (20230404)","SpyHunter5 (20230404)","Total AV Antivirus Pro (20230404)","Trend Micro Internet Security (20230404)","VIPRE Advanced Security (20230404)","Windows Defender (20230404)"]}],"additionalFiles":[],"sources":[{"howFound":"Google search- Torrent apps","reference":"","landingPage":"https://www.bittorrent.com/","directDownloadingLink":"https://www.bittorrent.com/downloads/complete/classic/","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.bittorrent.com/downloads/complete/classic/","sourceIndex":"1361"}],"sampleFiles":["221025/bittorrentclassic-220201/7.11.0.46541/Samples/bittorrent_installer.exe"],"imageFiles":["221025/bittorrentclassic-220201/7.11.0.46541/Images/ACR-043/ACR-043_Install.JPG","221025/bittorrentclassic-220201/7.11.0.46541/Images/ACR-048/ACR-048_Install.JPG","221025/bittorrentclassic-220201/7.11.0.46541/Images/ACR-084/ACR-084_Software.JPG","221025/bittorrentclassic-220201/7.11.0.46541/Images/ACR-097/AR-097_Software.JPG","221025/bittorrentclassic-220201/7.11.0.46541/Images/ACR-118/ACR-118_Uninstall.JPG","221025/bittorrentclassic-220201/7.11.0.46541/Images/ACR-118/ACR-118_Uninstall_1.JPG","221025/bittorrentclassic-220201/7.11.0.46541/Images/ACR-057/ACR-057_Bundler-madeOffers_No_Accept_Decline_Option.JPG","221025/bittorrentclassic-220201/7.11.0.46541/Images/ACR-055/ACR-055_Bundler-madeOffers_Inconsistent_Accept_Decline_Option.JPG","221025/bittorrentclassic-220201/7.11.0.46541/Images/ACR-055/ACR-055_Bundler-madeOffers_Inconsistent_Accept_Decline_Option_1.JPG"],"nonDeceptorImageFiles":["221025/bittorrentclassic-220201/7.11.0.46541/Images/ACR-092/ACR-092_Software.JPG"],"guid":"8da8f4bf-11f6-433a-8109-bb68e205a8fb_7.11.0.46541_1","appID":"bittorrentclassic-220201","dateAdded":"260205","deceptorType":"App","name":"Bittorrent Classic","company":"BitTorrent Inc","version":"7.11.0.46541","lastKnownStatus":"7.10.5.46097;7.10.5.46193;7.10.5.46211;7.11.0.46519;7.11.0.46541;7.11.0.46591;7.11.0.46681;7.11.0.46813;7.11.0.46823;7.11.0.46831;7.11.0.46857;7.11.0.46901;7.11.0.46923;7.11.0.47007;7.11.0.47013;7.11.0.47029;7.11.0.47063;7.11.0.47083;7.11.0.47125;7.11.0.47143;7.11.0.47197","lastKnownDate":"260205","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2026-02-05T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":21,"sortOrder":107},{"violations":{"ACR-043":"The \"Bit Torrent Classic\" components get dropped in one click without asking the user's permission and disclosing the installation path.\n","ACR-048":"The app does not provide any control to cancel the installation. Even on canceling it installs the application.\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software.\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software.\n","ACR-084":"On closing the app, application doesn't exit completely. It runs silently in the background, hiding the fact that it is active from the consumer without any notification. \n","ACR-097":"During installation, the app has default setting to evade the default system security guard \"Add an exception for BitTorrent in windows firewall\".\n"},"nonDeceptorViolations":{"ACR-163":"The BitTorrent FAQ link is not working and throws a 404 error.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Users\\User\\AppData\\Roaming\\bittorrent\\BitTorrent.exe","companyName":"BitTorrent Inc.","productName":"BitTorrent","productVersion":"7.11.0.46813","fileVersion":"7.11.0.46813","hashMD5":"c1e7b546fc0f782d318d131e57cab1d5","hashSHA1":"392b89b064dda0de309958611941451bcc7bd89c","hashSHA256":"1daf503548e8b99e5fe0be3195298ee75c48e93e845ff2251d8a180daea312e2","digitalCertThumbprint":"09AFB68255629E565090CAC7EA49AAD67143FA93","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Rainberry Inc","storeId":"","sourceIndex":"1083","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"bittorrent_installer.exe","isInstaller":"True","companyName":"                                                            ","productName":"BitTorrent® Classic                                         ","productVersion":"7.11                                              ","fileVersion":"7.11                ","hashMD5":"59ccdde3face28caffab52b8a763eff0","hashSHA1":"c1a595d01dbf1f1492c8c59423a34c6da00150c7","hashSHA256":"7057268b4c400711ba55edf81f81681465d64fa3fbc9a2836c02dbd81917584b","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Rainberry Inc","storeId":"","sourceIndex":"1083","avBlockList":["COMODO Antivirus (20240516)","Dr.Web Security Space (20240516)","ESET Internet Security (20240516)","G DATA INTERNET SECURITY (20240516)","K7 Total Security (20240516)","Malwarebytes Premium (20240516)","Norton Security (20240516)","Panda Dome (20240516)","Quick Heal Internet Security (20240516)","Sophos Home Premium (20240516)","VirIT eXplorer PRO (20240516)","Webroot SecureAnywhere (20240516)"],"avAllowList":["360 Total Security (20240516)","Avast Premium Security (20240516)","AVG Internet Security (20240516)","Avira Internet Security (20240516)","Bitdefender Internet Security (20240516)","Kaspersky Internet Security (20240516)","McAfee Total Protection (20240516)","SpyHunter5 (20240516)","Total AV Antivirus Pro (20240516)","Trend Micro Internet Security (20240516)","VIPRE Advanced Security (20240516)","Windows Defender (20240516)"]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on windows app","reference":"","landingPage":"https://www.bittorrent.com/products/win/bittorrent-classic-free","directDownloadingLink":"https://www.bittorrent.com/downloads/complete/classic/","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.bittorrent.com/downloads/complete/classic/","sourceIndex":"1083"}],"sampleFiles":["231117/bittorrentclassic-220201/7.11.0.46813/Samples/bittorrent_installer.exe"],"imageFiles":["231117/bittorrentclassic-220201/7.11.0.46813/Images/ACR-043/ACR-043.JPG","231117/bittorrentclassic-220201/7.11.0.46813/Images/ACR-048/ACR-048.JPG","231117/bittorrentclassic-220201/7.11.0.46813/Images/ACR-084/ACR-084.JPG","231117/bittorrentclassic-220201/7.11.0.46813/Images/ACR-097/ACR-097.JPG","231117/bittorrentclassic-220201/7.11.0.46813/Images/ACR-013/ACR-013.JPG","231117/bittorrentclassic-220201/7.11.0.46813/Images/ACR-013/ACR-013_1.JPG","231117/bittorrentclassic-220201/7.11.0.46813/Images/ACR-013/ACR-013_2.JPG","231117/bittorrentclassic-220201/7.11.0.46813/Images/ACR-060/ACR-060.JPG","231117/bittorrentclassic-220201/7.11.0.46813/Images/ACR-060/ACR-060_1.JPG","231117/bittorrentclassic-220201/7.11.0.46813/Images/ACR-060/ACR-060_2.JPG"],"nonDeceptorImageFiles":["231117/bittorrentclassic-220201/7.11.0.46813/Images/ACR-163/ACR-163.JPG"],"guid":"8da8f4bf-11f6-433a-8109-bb68e205a8fb_7.11.0.46813_1","appID":"bittorrentclassic-220201","dateAdded":"260205","deceptorType":"App","name":"Bittorrent Classic","company":"BitTorrent Inc","version":"7.11.0.46813","lastKnownStatus":"7.10.5.46097;7.10.5.46193;7.10.5.46211;7.11.0.46519;7.11.0.46541;7.11.0.46591;7.11.0.46681;7.11.0.46813;7.11.0.46823;7.11.0.46831;7.11.0.46857;7.11.0.46901;7.11.0.46923;7.11.0.47007;7.11.0.47013;7.11.0.47029;7.11.0.47063;7.11.0.47083;7.11.0.47125;7.11.0.47143;7.11.0.47197","lastKnownDate":"260205","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2026-02-05T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":21,"sortOrder":104},{"violations":{"ACR-048":"The app does not provide any control to cancel the installation. Even on canceling it installs the application.\n","ACR-084":"On closing the app, application doesn't exit completely. It runs silently in the background, hiding the fact that it is active from the consumer without any notification. \n","ACR-097":"During installation, the app has default setting to evade the default system security guard \"Add an exception for BitTorrent in windows firewall\".\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components on the device without the consumer's consent.\n","ACR-119":"The app fails to remove all of its monetization components after the consumer uninstalls it.\n"},"nonDeceptorViolations":{"ACR-163":"The BitTorrent FAQ link is not working and throws a 404 error.\n","ACR-092":"The app does not have a digital signature for the executable \"bittorrentie.exe\"\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Users\\User\\AppData\\Local\\Temp\\bittorrent\\bittorrent.exe","companyName":"BitTorrent Inc.","productName":"BitTorrent","productVersion":"7.11.0.46683","fileVersion":"7.11.0.46683","hashMD5":"e446f774876e1d1a2f3e2cccd8856a02","hashSHA1":"d7106eb596e3787b502dffaf5e1205bfc54c6dd7","hashSHA256":"45f5742e1c00b3463b4411c798a26f245c64907b1b519a995c852c3caee77d6d","digitalCertThumbprint":"09AFB68255629E565090CAC7EA49AAD67143FA93","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Rainberry Inc","storeId":"","sourceIndex":"1129","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Users\\User\\AppData\\Roaming\\bittorrent\\helper\\helper.exe","companyName":"BitTorrent Inc.","productName":"µTorrent Helper","productVersion":"2.1.4.2372","fileVersion":"2.1.4.2372","hashMD5":"0c837d99d77466bb61788fa30b4470fe","hashSHA1":"02d1d3ab0b30b77a3ecae78058a672ba1ea5076d","hashSHA256":"dbedd973360c6952a406ec765e7c766c3940a5e8c5aa9763172497bea51d1e93","digitalCertThumbprint":"94B5B937366BAF324364380B0694A0D8E32A08E2","digitalCertIssuer":"Symantec Class 3 SHA256 Code Signing CA","digitalCertIssuedTo":"BitTorrent Inc","storeId":"","sourceIndex":"1129","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"bittorrent_installer.exe","isInstaller":"True","companyName":"                                                            ","productName":"BitTorrent® Classic                                         ","productVersion":"7.11                                              ","fileVersion":"7.11                ","hashMD5":"3d2f4839fa0c47d4641fe7de7eafca96","hashSHA1":"a1ec8044ea50196c833e395eef3cbb2beff814e8","hashSHA256":"bcf78404cf206fe1ff43e1118081fe3039b8e75c026d2cf59ab5cd5f2113ce8b","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Rainberry Inc","storeId":"","sourceIndex":"1129","avBlockList":["COMODO Antivirus (20230926)","Dr.Web Security Space (20230926)","ESET Internet Security (20230926)","G DATA INTERNET SECURITY (20230926)","Malwarebytes Premium (20230926)","McAfee Total Protection (20230926)","Norton Security (20230926)","Panda Dome (20230926)","Sophos Home Premium (20230926)","SpyHunter5 (20230926)","VirIT eXplorer PRO (20230926)","Webroot SecureAnywhere (20230926)"],"avAllowList":["360 Total Security (20230926)","Avast Premium Security (20230926)","AVG Internet Security (20230926)","Avira Internet Security (20230926)","Bitdefender Internet Security (20230926)","K7 Total Security (20230926)","Kaspersky Internet Security (20230926)","Quick Heal Internet Security (20230926)","Total AV Antivirus Pro (20230926)","Trend Micro Internet Security (20230926)","VIPRE Advanced Security (20230926)","Windows Defender (20230926)"]},{"isRevoked":"False","fileName":"RemoteIE.exe","companyName":"BitTorrent Inc.","fileVersion":"1.0","hashMD5":"d702f91a0b25131965e958234abc44e3","hashSHA1":"28733b1e5b838e2e4582f879975f7a46817121c0","hashSHA256":"9f6e56fef5b2861e9cb756c7b60cd24351871ca54fa2b082a75167a0bdfd6c4b","sourceIndex":"1129","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Google search- Torrent apps","reference":"","landingPage":"https://www.bittorrent.com/","directDownloadingLink":"https://www.bittorrent.com/downloads/complete/classic/","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.bittorrent.com/downloads/complete/classic/","sourceIndex":"1129"}],"sampleFiles":["230306/bittorrentclassic-220201/7.11.0.46681/Samples/bittorrent_installer.exe","230306/bittorrentclassic-220201/7.11.0.46681/Samples/RemoteIE.exe"],"imageFiles":["230306/bittorrentclassic-220201/7.11.0.46681/Images/ACR-048/ACR-048_Install.JPG","230306/bittorrentclassic-220201/7.11.0.46681/Images/ACR-084/ACR-084.JPG","230306/bittorrentclassic-220201/7.11.0.46681/Images/ACR-097/ACR-097.JPG","230306/bittorrentclassic-220201/7.11.0.46681/Images/ACR-118/ACR-118.JPG","230306/bittorrentclassic-220201/7.11.0.46681/Images/ACR-119/ACR-119.JPG"],"nonDeceptorImageFiles":["230306/bittorrentclassic-220201/7.11.0.46681/Images/ACR-092/ACR-092.JPG","230306/bittorrentclassic-220201/7.11.0.46681/Images/ACR-163/ACR-163.JPG","230306/bittorrentclassic-220201/7.11.0.46681/Images/ACR-163/ACR-163_1.JPG"],"guid":"8da8f4bf-11f6-433a-8109-bb68e205a8fb_7.11.0.46681_1","appID":"bittorrentclassic-220201","dateAdded":"260205","deceptorType":"App","name":"Bittorrent Classic","company":"BitTorrent Inc","version":"7.11.0.46681","lastKnownStatus":"7.10.5.46097;7.10.5.46193;7.10.5.46211;7.11.0.46519;7.11.0.46541;7.11.0.46591;7.11.0.46681;7.11.0.46813;7.11.0.46823;7.11.0.46831;7.11.0.46857;7.11.0.46901;7.11.0.46923;7.11.0.47007;7.11.0.47013;7.11.0.47029;7.11.0.47063;7.11.0.47083;7.11.0.47125;7.11.0.47143;7.11.0.47197","lastKnownDate":"260205","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2026-02-05T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":21,"sortOrder":105},{"violations":{"ACR-043":"The \"Bittorrent\" components get dropped in one click without asking the user's permission and disclosing the installation path.\n","ACR-048":"The app does not provide any control to cancel the installation. Even on canceling it installs the application.\n","ACR-084":"On closing the app, application doesn't exit completely. It runs silently in the background, hiding the fact that it is active from the consumer without any notification. \n","ACR-097":"During installation, the app has an option to evade the default system security guard \"Add an exception for BitTorrent in windows firewall\".\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components on the device without the consumer's consent.\n"},"nonDeceptorViolations":{"ACR-092":"The app does not have a digital signature for the executable \"bittorrentie.exe\"\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Users\\User\\AppData\\Roaming\\bittorrent\\btfs\\btfs.exe","companyName":"BitTorrent Inc","productName":"BTFS","productVersion":"2.1.3","fileVersion":"2.1.3","hashMD5":"4a4c20378a5ee26188d437ea4d085242","hashSHA1":"9a1b148adfafe0631a7856452f2dd0c3473a0e5c","hashSHA256":"061870bfafb79fa6cf681ccb06f120769319626f1d9648ca2ecca237b82b2999","digitalCertThumbprint":"534AA6D3D1999D01686D94A9CF2940EF10286D08","digitalCertIssuer":"Go Daddy Secure Certificate Authority - G2","digitalCertIssuedTo":"Bittorrent Inc.","storeId":"","sourceIndex":"1257","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Users\\User\\AppData\\Roaming\\bittorrent\\helper\\helper.exe","companyName":"BitTorrent Inc.","productName":"µTorrent Helper","productVersion":"2.1.4.2372","fileVersion":"2.1.4.2372","hashMD5":"0c837d99d77466bb61788fa30b4470fe","hashSHA1":"02d1d3ab0b30b77a3ecae78058a672ba1ea5076d","hashSHA256":"dbedd973360c6952a406ec765e7c766c3940a5e8c5aa9763172497bea51d1e93","digitalCertThumbprint":"94B5B937366BAF324364380B0694A0D8E32A08E2","digitalCertIssuer":"Symantec Class 3 SHA256 Code Signing CA","digitalCertIssuedTo":"BitTorrent Inc","storeId":"","sourceIndex":"1257","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Users\\User\\AppData\\Roaming\\bittorrent\\BitTorrent.exe","companyName":"BitTorrent Inc.","productName":"BitTorrent","productVersion":"7.11.0.46591","fileVersion":"7.11.0.46591","hashMD5":"b4996b23c836fab2ac93b5aced17e448","hashSHA1":"7f1d79a835d41cfe72abce5388efeedb00c0f673","hashSHA256":"dc2e64c41388e29306d9f66f13487dc0c742726f432d06f96aa6b675c241e9ad","digitalCertThumbprint":"94B5B937366BAF324364380B0694A0D8E32A08E2","digitalCertIssuer":"Symantec Class 3 SHA256 Code Signing CA","digitalCertIssuedTo":"BitTorrent Inc","storeId":"","sourceIndex":"1257","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"bittorrent_installer.exe","isInstaller":"True","companyName":"Rainberry Inc.","productName":"bittorrent","productVersion":"7.11.0.46591","fileVersion":"7.11.0.46591","hashMD5":"6802b8a4c12167a8b82eda69f1d5a642","hashSHA1":"36a4f746245a5fc525c28b7c680e6732f90d6e15","hashSHA256":"4a38cc1653cab59af957ebe26a4569e07aca802843cdde3b03b6d38247911e2d","digitalCertThumbprint":"6210E153E85031347F0884CBC539E100D920A5B5","digitalCertIssuer":"Entrust Extended Validation Code Signing CA - EVCS2","digitalCertIssuedTo":"Rainberry Inc.","storeId":"","sourceIndex":"1257","avBlockList":["COMODO Antivirus (20240425)","Dr.Web Security Space (20240425)","ESET Internet Security (20240425)","G DATA INTERNET SECURITY (20240425)","K7 Total Security (20240425)","Malwarebytes Premium (20240425)","Norton Security (20240425)","Panda Dome (20240425)","Quick Heal Internet Security (20240425)","Sophos Home Premium (20240425)","VirIT eXplorer PRO (20240425)","Webroot SecureAnywhere (20240425)"],"avAllowList":["360 Total Security (20240425)","Avast Premium Security (20240425)","AVG Internet Security (20240425)","Avira Internet Security (20240425)","Bitdefender Internet Security (20240425)","Kaspersky Internet Security (20240425)","McAfee Total Protection (20240425)","SpyHunter5 (20240425)","Total AV Antivirus Pro (20240425)","Trend Micro Internet Security (20240425)","VIPRE Advanced Security (20240425)","Windows Defender (20240425)"]}],"additionalFiles":[],"sources":[{"howFound":"Google search- Torrent apps","reference":"","landingPage":"https://www.bittorrent.com/products/win/bittorrent-classic-free/","directDownloadingLink":"https://www.bittorrent.com/downloads/complete/classic/","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.bittorrent.com/downloads/complete/classic/","sourceIndex":"1257"}],"sampleFiles":["221231/bittorrentclassic-220201/7.11.0.46591/Samples/bittorrent_installer.exe"],"imageFiles":["221231/bittorrentclassic-220201/7.11.0.46591/Images/ACR-043/ACR-043.JPG","221231/bittorrentclassic-220201/7.11.0.46591/Images/ACR-048/ACR-048.JPG","221231/bittorrentclassic-220201/7.11.0.46591/Images/ACR-084/ACR-084.JPG","221231/bittorrentclassic-220201/7.11.0.46591/Images/ACR-097/ACR-097.JPG","221231/bittorrentclassic-220201/7.11.0.46591/Images/ACR-118/ACR-118.JPG","221231/bittorrentclassic-220201/7.11.0.46591/Images/ACR-118/ACR-118_1.JPG"],"nonDeceptorImageFiles":["221231/bittorrentclassic-220201/7.11.0.46591/Images/ACR-092/ACR-092.JPG"],"guid":"8da8f4bf-11f6-433a-8109-bb68e205a8fb_7.11.0.46591_1","appID":"bittorrentclassic-220201","dateAdded":"260205","deceptorType":"App","name":"Bittorrent Classic","company":"BitTorrent Inc","version":"7.11.0.46591","lastKnownStatus":"7.10.5.46097;7.10.5.46193;7.10.5.46211;7.11.0.46519;7.11.0.46541;7.11.0.46591;7.11.0.46681;7.11.0.46813;7.11.0.46823;7.11.0.46831;7.11.0.46857;7.11.0.46901;7.11.0.46923;7.11.0.47007;7.11.0.47013;7.11.0.47029;7.11.0.47063;7.11.0.47083;7.11.0.47125;7.11.0.47143;7.11.0.47197","lastKnownDate":"260205","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2026-02-05T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":21,"sortOrder":106},{"violations":{"ACR-043":"The \"Bittorrent\" components get dropped in one click without asking the user's permission and disclosing the installation path.\n","ACR-048":"The app does not provide any control to cancel the installation. Even on canceling it installs the application.\n","ACR-084":"On closing the app, application doesn't exit completely. It runs silently in the background, hiding the fact that it is active from the consumer without any notification. \n","ACR-097":"During installation, the app has an option to evade the default system security guard \"Add an exception for BitTorrent in windows firewall\".\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components on the device without the consumer's consent.\n","ACR-057":"Offers don't have clear way for user to accept or decline. \n","ACR-055":"The accept/Decline options are not consistent for offers. \n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"C:\\Users\\User\\AppData\\Local\\Temp\\bittorrent\\bittorrent.exe","companyName":"BitTorrent Inc.","productName":"BitTorrent","productVersion":"7.11.0.46519","fileVersion":"7.11.0.46519","hashMD5":"6d32128998c4728c828b752d83e9d02b","hashSHA1":"fde700fa2d3c7e60a2a100050e9a9ad1777e3f07","hashSHA256":"27c3550bfb61448c5374e939d0a6c27b12af4628f046aa8cb424299f5418f48e","digitalCertThumbprint":"94B5B937366BAF324364380B0694A0D8E32A08E2","digitalCertIssuer":"Symantec Class 3 SHA256 Code Signing CA","digitalCertIssuedTo":"BitTorrent Inc","storeId":"","sourceIndex":"1377","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Users\\User\\AppData\\Roaming\\bittorrent\\BitTorrent.exe","companyName":"BitTorrent Inc.","productName":"BitTorrent","productVersion":"7.11.0.46519","fileVersion":"7.11.0.46519","hashMD5":"6d32128998c4728c828b752d83e9d02b","hashSHA1":"fde700fa2d3c7e60a2a100050e9a9ad1777e3f07","hashSHA256":"27c3550bfb61448c5374e939d0a6c27b12af4628f046aa8cb424299f5418f48e","digitalCertThumbprint":"94B5B937366BAF324364380B0694A0D8E32A08E2","digitalCertIssuer":"Symantec Class 3 SHA256 Code Signing CA","digitalCertIssuedTo":"BitTorrent Inc","storeId":"","sourceIndex":"1377","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Users\\User\\AppData\\Roaming\\bittorrent\\helper\\helper.exe","companyName":"BitTorrent Inc.","productName":"µTorrent Helper","productVersion":"2.1.4.2372","fileVersion":"2.1.4.2372","hashMD5":"0c837d99d77466bb61788fa30b4470fe","hashSHA1":"02d1d3ab0b30b77a3ecae78058a672ba1ea5076d","hashSHA256":"dbedd973360c6952a406ec765e7c766c3940a5e8c5aa9763172497bea51d1e93","digitalCertThumbprint":"94B5B937366BAF324364380B0694A0D8E32A08E2","digitalCertIssuer":"Symantec Class 3 SHA256 Code Signing CA","digitalCertIssuedTo":"BitTorrent Inc","storeId":"","sourceIndex":"1377","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"bittorrent_installer.exe","isInstaller":"True","companyName":"Rainberry Inc.","productName":"bittorrent","productVersion":"7.11.0.46519","fileVersion":"7.11.0.46519","hashMD5":"8352d5ecefc734c40d27d26934eb61f8","hashSHA1":"cd807cb9242f6d6e4863c0389d8f62c0af4d2a53","hashSHA256":"46441addbe82d547891e498aa4a9fea710a44c5b2325446dc90de6a7a274e9a0","digitalCertThumbprint":"6210E153E85031347F0884CBC539E100D920A5B5","digitalCertIssuer":"Entrust Extended Validation Code Signing CA - EVCS2","digitalCertIssuedTo":"Rainberry Inc.","storeId":"","sourceIndex":"1377","avBlockList":["Dr.Web Security Space (20230720)","ESET Internet Security (20230720)","K7 Total Security (20230720)","Malwarebytes Premium (20230720)","McAfee Total Protection (20230720)","Norton Security (20230720)","Panda Dome (20230720)","Quick Heal Internet Security (20230720)","Sophos Home Premium (20230720)","VirIT eXplorer PRO (20230720)","Webroot SecureAnywhere (20230720)"],"avAllowList":["360 Total Security (20230720)","Avast Premium Security (20230720)","AVG Internet Security (20230720)","Avira Internet Security (20230720)","Bitdefender Internet Security (20230720)","COMODO Antivirus (20230720)","G DATA INTERNET SECURITY (20230720)","Kaspersky Internet Security (20230720)","SpyHunter5 (20230720)","Total AV Antivirus Pro (20230720)","Trend Micro Internet Security (20230720)","VIPRE Advanced Security (20230720)","Windows Defender (20230720)"]}],"additionalFiles":[],"sources":[{"howFound":"Google search- Torrent apps","reference":"","landingPage":"https://www.bittorrent.com/","directDownloadingLink":"https://www.bittorrent.com/downloads/complete/classic/","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.bittorrent.com/downloads/complete/classic/","sourceIndex":"1377"}],"sampleFiles":["221012/bittorrentclassic-220201/7.11.0.46519/Samples/bittorrent_installer.exe"],"imageFiles":["221012/bittorrentclassic-220201/7.11.0.46519/Images/ACR-043/ACR-043.JPG","221012/bittorrentclassic-220201/7.11.0.46519/Images/ACR-048/ACR-048.JPG","221012/bittorrentclassic-220201/7.11.0.46519/Images/ACR-084/ACR-084_Software.JPG","221012/bittorrentclassic-220201/7.11.0.46519/Images/ACR-097/ACR-097.JPG","221012/bittorrentclassic-220201/7.11.0.46519/Images/ACR-118/ACR-118.JPG","221012/bittorrentclassic-220201/7.11.0.46519/Images/ACR-057/ACR-057_Bundler-madeOffers_No_Accept_Decline_Option.JPG","221012/bittorrentclassic-220201/7.11.0.46519/Images/ACR-055/ACR-055_Bundler-madeOffers_Inconsistent_Accept_Decline_Option.JPG","221012/bittorrentclassic-220201/7.11.0.46519/Images/ACR-055/ACR-055_Bundler-madeOffers_Inconsistent_Accept_Decline_Option_1.JPG"],"nonDeceptorImageFiles":[],"guid":"8da8f4bf-11f6-433a-8109-bb68e205a8fb_7.11.0.46519_1","appID":"bittorrentclassic-220201","dateAdded":"260205","deceptorType":"App","name":"Bittorrent Classic","company":"BitTorrent Inc","version":"7.11.0.46519","lastKnownStatus":"7.10.5.46097;7.10.5.46193;7.10.5.46211;7.11.0.46519;7.11.0.46541;7.11.0.46591;7.11.0.46681;7.11.0.46813;7.11.0.46823;7.11.0.46831;7.11.0.46857;7.11.0.46901;7.11.0.46923;7.11.0.47007;7.11.0.47013;7.11.0.47029;7.11.0.47063;7.11.0.47083;7.11.0.47125;7.11.0.47143;7.11.0.47197","lastKnownDate":"260205","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2026-02-05T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":21,"sortOrder":108},{"violations":{"ACR-042":"The \"Adaware\" components get dropped without asking the user's permission and disclosing the installation path.\n","ACR-043":"The \"Bittorrent\" components and \"Adaware\" components get dropped in one click without asking the user's permission and disclosing the installation path.\n","ACR-048":"The app does not provide any control to cancel the installation. Even on canceling it installs the application.\n","ACR-017":"The 3rd party endorsement ( https://bit.ly/3q1SK9L ) is not verifiable.  \n","ACR-084":"On closing the app, application doesn't exit completely. It runs silently in the background, hiding the fact that it is active from the consumer without any notification. \n","ACR-097":"During installation, the app has an option to evade default system security guard \"Add an exception for BitTorrent in windows firewall\" without details the reason to user.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components on the device without the consumer's consent.\n","ACR-057":"Offers don't have clear way for user to accept or decline. \n","ACR-055":"The accept/Decline options are not consistent for offers. \n","ACR-059":"The recommended by \"who\" is not clear in the Offer.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"C:\\Users\\User\\AppData\\Roaming\\BitTorrent\\BitTorrent.exe","companyName":"BitTorrent Inc.","productName":"BitTorrent","productVersion":"7.10.5.46211","fileVersion":"7.10.5.46211","hashMD5":"3a72aae846afdd8c7f070f390a2151b0","hashSHA1":"dadb6c535731cf4445ee8ce2c216585ccc80760b","hashSHA256":"63a52c497a4a0f8c62d7686486fd3be8c3297024e336c0953ab2dcad9dceed3c","digitalCertThumbprint":"94B5B937366BAF324364380B0694A0D8E32A08E2","digitalCertIssuer":"Symantec Class 3 SHA256 Code Signing CA","digitalCertIssuedTo":"BitTorrent Inc","storeId":"","sourceIndex":"1685","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"BitTorrentSetup.exe","isInstaller":"True","companyName":"BitTorrent Inc.","productName":"BitTorrent","productVersion":"7.10.5.46211","fileVersion":"7.10.5.46211","hashMD5":"b8c24a19ae1706e4baf0253b8f33abe3","hashSHA1":"a6eb472bb97ddec488203467d10bc26e86dc8e53","hashSHA256":"3c855659332b10f81efb7574d83624a30db08c15fe3927cee1dbdb2c523d3554","digitalCertThumbprint":"680463B23D34E23AC40F45E062C9296878995188","digitalCertIssuer":"Entrust Extended Validation Code Signing CA - EVCS1","digitalCertIssuedTo":"BitTorrent Inc.","storeId":"","sourceIndex":"1685","avBlockList":["Avast Premium Security (20220324)","AVG Internet Security (20220324)","Avira Internet Security (20220324)","Bitdefender Internet Security (20220324)","COMODO Antivirus (20220324)","Dr.Web Security Space (20220324)","ESET Internet Security (20220324)","G DATA INTERNET SECURITY (20220324)","K7 Total Security (20220324)","Malwarebytes Premium (20220324)","McAfee Total Protection (20220324)","Norton Security (20220324)","Panda Dome (20220324)","Quick Heal Internet Security (20220324)","Sophos Home Premium (20220324)","SpyHunter5 (20220324)","Total AV Antivirus Pro (20220324)","VIPRE Advanced Security (20220324)","VirIT eXplorer PRO (20220324)","Webroot SecureAnywhere (20220324)"],"avAllowList":["360 Total Security (20220324)","Kaspersky Internet Security (20220324)","Tencent PC Manager (20220324)","Trend Micro Internet Security (20220324)","Windows Defender (20220324)"]}],"additionalFiles":[],"sources":[{"howFound":"Google search- Torrent apps","reference":"","landingPage":"https://www.bittorrent.com/products/win/bittorrent-classic-free/","directDownloadingLink":"https://www.bittorrent.com/downloads/complete/classic/","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.bittorrent.com/downloads/complete/classic/","sourceIndex":"1685"}],"sampleFiles":["220314/bittorrentclassic-220201/7.10.5.46211/Samples/BitTorrentSetup.exe"],"imageFiles":["220314/bittorrentclassic-220201/7.10.5.46211/Images/ACR-043/ACR-043_Install.JPG","220314/bittorrentclassic-220201/7.10.5.46211/Images/ACR-043/ACR-043_Install_1.JPG","220314/bittorrentclassic-220201/7.10.5.46211/Images/ACR-042/ACR-042_Install.JPG","220314/bittorrentclassic-220201/7.10.5.46211/Images/ACR-048/ACR-048_Install_No_Control.JPG","220314/bittorrentclassic-220201/7.10.5.46211/Images/ACR-084/ACR-084_Software_Process.JPG","220314/bittorrentclassic-220201/7.10.5.46211/Images/ACR-097/ACR-097_Software.JPG","220314/bittorrentclassic-220201/7.10.5.46211/Images/ACR-118/ACR-118_Uninstall.JPG","220314/bittorrentclassic-220201/7.10.5.46211/Images/ACR-057/ACR-057_Bundler-madeOffers_No_Accept_Decline_Option_1.JPG","220314/bittorrentclassic-220201/7.10.5.46211/Images/ACR-059/ACR-059_Bundler-madeOffers_Recommended.JPG","220314/bittorrentclassic-220201/7.10.5.46211/Images/ACR-055/ACR-055_Bundler-madeOffers_Inconsistent_Accept_Decline_Option.JPG","220314/bittorrentclassic-220201/7.10.5.46211/Images/ACR-055/ACR-055_Bundler-madeOffers_Inconsistent_Accept_Decline_Option_1.JPG","220314/bittorrentclassic-220201/7.10.5.46211/Images/ACR-017/ACR-017_InternalOffers_Unverifiable.JPG"],"nonDeceptorImageFiles":[],"guid":"8da8f4bf-11f6-433a-8109-bb68e205a8fb_7.10.5.46211_1","appID":"bittorrentclassic-220201","dateAdded":"260205","deceptorType":"App","name":"Bittorrent Classic","company":"BitTorrent Inc","version":"7.10.5.46211","lastKnownStatus":"7.10.5.46097;7.10.5.46193;7.10.5.46211;7.11.0.46519;7.11.0.46541;7.11.0.46591;7.11.0.46681;7.11.0.46813;7.11.0.46823;7.11.0.46831;7.11.0.46857;7.11.0.46901;7.11.0.46923;7.11.0.47007;7.11.0.47013;7.11.0.47029;7.11.0.47063;7.11.0.47083;7.11.0.47125;7.11.0.47143;7.11.0.47197","lastKnownDate":"260205","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2026-02-05T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":21,"sortOrder":109},{"violations":{"ACR-042":"The \"Adaware\" components get dropped without asking the user's permission and disclosing the installation path.\n","ACR-043":"The \"Bittorrent\" components and \"Adaware\" components get dropped in one click without asking the user's permission and disclosing the installation path.\n","ACR-048":"The app does not provide any control to cancel the installation. Even on canceling it installs the application.\n","ACR-017":"The 3rd party endorsement ( https://bit.ly/3M6d3wj ) is not verifiable.  \n","ACR-084":"On closing the app, application doesn't exit completely. It runs silently in the background, hiding the fact that it is active from the consumer without any notification. \n","ACR-097":"During installation, the app has an option to evade default system security guard \"Add an exception for BitTorrent in windows firewall\" without details the reason to user.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components on the device without the consumer's consent.\n","ACR-057":"Offers don't have clear way for user to accept or decline. \n","ACR-055":"The accept/Decline options are not consistent for offers. \n","ACR-059":"The recommended by \"who\" is not clear in the Offer.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"C:\\Users\\User\\AppData\\Roaming\\BitTorrent\\BitTorrent.exe","companyName":"BitTorrent Inc.","productName":"BitTorrent","productVersion":"7.10.5.46193","fileVersion":"7.10.5.46193","hashMD5":"6b5aa570e8bda63979ae9df10487190a","hashSHA1":"d40880f501072cb385635bd21a3e1dfb276203e6","hashSHA256":"fcbcfad6d802fde5d7aa64cb9ce97101cb8318d11af76253169935cc6299ef45","digitalCertThumbprint":"94B5B937366BAF324364380B0694A0D8E32A08E2","digitalCertIssuer":"Symantec Class 3 SHA256 Code Signing CA","digitalCertIssuedTo":"BitTorrent Inc","storeId":"","sourceIndex":"1706","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"BitTorrentSetup.exe","isInstaller":"True","companyName":"BitTorrent Inc.","productName":"BitTorrent","productVersion":"7.10.5.46193","fileVersion":"7.10.5.46193","hashMD5":"355f6b0291025d36690684959c193098","hashSHA1":"64ba5005d537cbe546b5196170862057b79d5949","hashSHA256":"a5765d95791edd8b66e08e17dd9c18866a54eb2e0507f0dd766c611559d60bbd","digitalCertThumbprint":"680463B23D34E23AC40F45E062C9296878995188","digitalCertIssuer":"Entrust Extended Validation Code Signing CA - EVCS1","digitalCertIssuedTo":"BitTorrent Inc.","storeId":"","sourceIndex":"1706","avBlockList":["Avast Premium Security (20220310)","AVG Internet Security (20220310)","Avira Internet Security (20220310)","Bitdefender Internet Security (20220310)","COMODO Antivirus (20220310)","Dr.Web Security Space (20220310)","ESET Internet Security (20220310)","G DATA INTERNET SECURITY (20220310)","K7 Total Security (20220310)","Malwarebytes Premium (20220310)","McAfee Total Protection (20220310)","Norton Security (20220310)","Panda Dome (20220310)","Quick Heal Internet Security (20220310)","Sophos Home Premium (20220310)","SpyHunter5 (20220310)","Total AV Antivirus Pro (20220310)","Trend Micro Internet Security (20220310)","VIPRE Advanced Security (20220310)","VirIT eXplorer PRO (20220310)","Webroot SecureAnywhere (20220310)","Windows Defender (20220310)"],"avAllowList":["360 Total Security (20220310)","Kaspersky Internet Security (20220310)","Tencent PC Manager (20220310)"]}],"additionalFiles":[],"sources":[{"howFound":"Google search- Torrent apps","reference":"","landingPage":"https://www.bittorrent.com/products/win/bittorrent-classic-free/","directDownloadingLink":"https://www.bittorrent.com/downloads/complete/classic/","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.bittorrent.com/downloads/complete/classic/","sourceIndex":"1706"}],"sampleFiles":["220223/bittorrentclassic-220201/7.10.5.46193/Samples/BitTorrentSetup.exe"],"imageFiles":["220223/bittorrentclassic-220201/7.10.5.46193/Images/ACR-043/ACR-043_Install.JPG","220223/bittorrentclassic-220201/7.10.5.46193/Images/ACR-043/ACR-043_Install_1.JPG","220223/bittorrentclassic-220201/7.10.5.46193/Images/ACR-042/ACR-042_Install.JPG","220223/bittorrentclassic-220201/7.10.5.46193/Images/ACR-048/ACR-048_Install_No_Control.JPG","220223/bittorrentclassic-220201/7.10.5.46193/Images/ACR-084/ACR-084_Software_Process.JPG","220223/bittorrentclassic-220201/7.10.5.46193/Images/ACR-097/ACR-097_Software.JPG","220223/bittorrentclassic-220201/7.10.5.46193/Images/ACR-118/ACR-118_Uninstall.JPG","220223/bittorrentclassic-220201/7.10.5.46193/Images/ACR-118/ACR-118_Uninstall_1.JPG","220223/bittorrentclassic-220201/7.10.5.46193/Images/ACR-118/ACR-118_Uninstall_2.JPG","220223/bittorrentclassic-220201/7.10.5.46193/Images/ACR-057/ACR-057_BundlerMadeOffers_No_Accept_Decline_Option_1.JPG","220223/bittorrentclassic-220201/7.10.5.46193/Images/ACR-059/ACR-059_BundlerMadeOffers_Recommended.JPG","220223/bittorrentclassic-220201/7.10.5.46193/Images/ACR-055/ACR-055_BundlerMadeOffers_Inconsistent_Accept_Decline_Option.JPG","220223/bittorrentclassic-220201/7.10.5.46193/Images/ACR-055/ACR-055_BundlerMadeOffers_Inconsistent_Accept_Decline_Option_1.JPG","220223/bittorrentclassic-220201/7.10.5.46193/Images/ACR-017/ACR-017_InternalOffers_Unverifiable.JPG"],"nonDeceptorImageFiles":[],"guid":"8da8f4bf-11f6-433a-8109-bb68e205a8fb_7.10.5.46193_1","appID":"bittorrentclassic-220201","dateAdded":"260205","deceptorType":"App","name":"Bittorrent Classic","company":"BitTorrent Inc","version":"7.10.5.46193","lastKnownStatus":"7.10.5.46097;7.10.5.46193;7.10.5.46211;7.11.0.46519;7.11.0.46541;7.11.0.46591;7.11.0.46681;7.11.0.46813;7.11.0.46823;7.11.0.46831;7.11.0.46857;7.11.0.46901;7.11.0.46923;7.11.0.47007;7.11.0.47013;7.11.0.47029;7.11.0.47063;7.11.0.47083;7.11.0.47125;7.11.0.47143;7.11.0.47197","lastKnownDate":"260205","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2026-02-05T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":21,"sortOrder":110},{"violations":{"ACR-042":"The \"Adaware\" components get dropped without asking the user's permission and disclosing the installation path.\n","ACR-043":"The \"Adaware\" components get dropped in one click without asking the user's permission and disclosing the installation path.\n","ACR-048":"The app does not provide any control to cancel the installation. Even on canceling it installs the application.  \n","ACR-084":"On closing the app, application doesn't exit completely. It runs silently in the background, hiding the fact that it is active from the consumer without any notification. \n","ACR-097":"During installation, the app has an option to evade default system security guard \"Add an exception for BitTorrent in windows firewall\" without details the reason to user.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components on the device without the consumer's consent.\n","ACR-057":"Offers don't have clear way for user to accept or decline. \n","ACR-055":"The accept/Decline options are not consistent for offers. \n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"C:\\Users\\User\\AppData\\Roaming\\BitTorrent\\BitTorrent.exe","companyName":"BitTorrent Inc.","productName":"BitTorrent","productVersion":"7.10.5.46097","fileVersion":"7.10.5.46097","hashMD5":"a664179a4cd200722c2688bff32358e0","hashSHA1":"65d1fd6fd60e16ff95a7df07d21b30f6b7c30090","hashSHA256":"cb7677e8cf42587bfd051de5e48ba019d018956bd60a59d7b7884937c7a52803","digitalCertThumbprint":"94B5B937366BAF324364380B0694A0D8E32A08E2","digitalCertIssuer":"Symantec Class 3 SHA256 Code Signing CA","digitalCertIssuedTo":"BitTorrent Inc","storeId":"","sourceIndex":"1723","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"BitTorrent.exe","isInstaller":"True","companyName":"BitTorrent Inc.","productName":"BitTorrent","productVersion":"7.10.5.46097","fileVersion":"7.10.5.46097","hashMD5":"9e341e85dcaa0a31a88ad14feaeed888","hashSHA1":"0ba9508166b2f8127451e07a1ceffd9ec63fd640","hashSHA256":"0333988d52da8b27e865657ffa2c4cb8e96b43fce7d6d7b72458a0b176713924","digitalCertThumbprint":"680463B23D34E23AC40F45E062C9296878995188","digitalCertIssuer":"Entrust Extended Validation Code Signing CA - EVCS1","digitalCertIssuedTo":"BitTorrent Inc.","storeId":"","sourceIndex":"1723","avBlockList":["COMODO Antivirus (20240806)","Dr.Web Security Space (20240806)","ESET Internet Security (20240806)","G DATA INTERNET SECURITY (20240806)","Malwarebytes Premium (20240806)","McAfee Total Protection (20240806)","Norton Security (20240806)","Panda Dome (20240806)","Quick Heal Internet Security (20240806)","Sophos Home Premium (20240806)","Trend Micro Internet Security (20240806)","VirIT eXplorer PRO (20240806)","Webroot SecureAnywhere (20240806)","FortectPremium (20240806)"],"avAllowList":["360 Total Security (20240806)","Avast Premium Security (20240806)","AVG Internet Security (20240806)","Avira Internet Security (20240806)","Bitdefender Internet Security (20240806)","K7 Total Security (20240806)","Kaspersky Internet Security (20220405)","SpyHunter5 (20240806)","Tencent PC Manager (20220405)","Total AV Antivirus Pro (20240806)","VIPRE Advanced Security (20240806)","Windows Defender (20240806)","KasperskyPremium (20240806)"]}],"additionalFiles":[],"sources":[{"howFound":"Google search- Torrent apps","reference":"","landingPage":"https://www.bittorrent.com/","directDownloadingLink":"https://www.bittorrent.com/downloads/complete/classic/","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.bittorrent.com/downloads/complete/classic/","sourceIndex":"1723"}],"sampleFiles":["220201/bittorrentclassic-220201/7.10.5.46097/Samples/BitTorrentSetup.exe"],"imageFiles":["220201/bittorrentclassic-220201/7.10.5.46097/Images/ACR-043/ACR-043_Install.JPG","220201/bittorrentclassic-220201/7.10.5.46097/Images/ACR-043/ACR-043_Install_1.JPG","220201/bittorrentclassic-220201/7.10.5.46097/Images/ACR-042/ACR-042_Install.JPG","220201/bittorrentclassic-220201/7.10.5.46097/Images/ACR-048/ACR-048_Install_No_Control.JPG","220201/bittorrentclassic-220201/7.10.5.46097/Images/ACR-084/ACR-084_Software_Process.JPG","220201/bittorrentclassic-220201/7.10.5.46097/Images/ACR-097/ACR-097_Software.JPG","220201/bittorrentclassic-220201/7.10.5.46097/Images/ACR-118/ACR-118_Uninstall_Retains.JPG","220201/bittorrentclassic-220201/7.10.5.46097/Images/ACR-057/ACR-057_BundlerMadeOffers_No_Accept_Decline_Option.JPG","220201/bittorrentclassic-220201/7.10.5.46097/Images/ACR-057/ACR-057_BundlerMadeOffers_No_Accept_Decline_Option_2.JPG","220201/bittorrentclassic-220201/7.10.5.46097/Images/ACR-055/ACR-055_BundlerMadeOffers_Inconsistent_Accept_Decline_Option.JPG","220201/bittorrentclassic-220201/7.10.5.46097/Images/ACR-055/ACR-055_BundlerMadeOffers_Inconsistent_Accept_Decline_Option_1.JPG","220201/bittorrentclassic-220201/7.10.5.46097/Images/ACR-055/ACR-055_BundlerMadeOffers_Inconsistent_Accept_Decline_Option_2.JPG","220201/bittorrentclassic-220201/7.10.5.46097/Images/ACR-055/ACR-055_BundlerMadeOffers_Inconsistent_Accept_Decline_Option_3.JPG"],"nonDeceptorImageFiles":[],"guid":"8da8f4bf-11f6-433a-8109-bb68e205a8fb_7.10.5.46097_1","appID":"bittorrentclassic-220201","dateAdded":"260205","deceptorType":"App","name":"Bittorrent Classic","company":"BitTorrent Inc","version":"7.10.5.46097","sigName":"Deceptor:Win32/BittorrentClassic!043042048084097118057055","lastKnownStatus":"7.10.5.46097;7.10.5.46193;7.10.5.46211;7.11.0.46519;7.11.0.46541;7.11.0.46591;7.11.0.46681;7.11.0.46813;7.11.0.46823;7.11.0.46831;7.11.0.46857;7.11.0.46901;7.11.0.46923;7.11.0.47007;7.11.0.47013;7.11.0.47029;7.11.0.47063;7.11.0.47083;7.11.0.47125;7.11.0.47143;7.11.0.47197","lastKnownDate":"260205","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2026-02-05T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":21,"sortOrder":111},{"violations":{"ACR-042":"The app initiates network communications with 3rd party offer provider immediately after executing the installer.\n","ACR-048":"The app does not provide any control to cancel the installation.\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software.\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software.\n","ACR-084":"On closing the app, application doesn't exit completely. It runs silently in the background, hiding the fact that it is active from the consumer without any notification. \n","ACR-097":"During installation, the app has default setting to evade the default system security guard \"Add an exception for BitTorrent in windows firewall\".\n","ACR-014":"The \"Accept\" button on the Opera Browser offer is used for two things: accepting an offer and accepting opera as the default browser. The \"Accept\" button is misleading and confusing because the user is easily led to believe that \"accept\" is only for installing Opera and not for changing his system browser default settings.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"bittorrent_installer.exe","isInstaller":"True","companyName":"                                                            ","productName":"B𝗂tTorrent® Classic                                        ","productVersion":"7.11                                              ","fileVersion":"7.11                ","hashMD5":"8a9cdca60a164b7464f06373a2243265","hashSHA1":"20eb1e4e3a5bb4742130e5590c08781671346173","hashSHA256":"dd489dd3aa2951704909bf74f302c9129751c54d6d0053d29e6155e9116faf43","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Rainberry Inc","storeId":"","sourceIndex":"608","avBlockList":["COMODO Antivirus (20240702)","Dr.Web Security Space (20240702)","ESET Internet Security (20240702)","FortectPremium (20240702)","G DATA INTERNET SECURITY (20240702)","K7 Total Security (20240702)","Malwarebytes Premium (20240702)","Norton Security (20240702)","Quick Heal Internet Security (20240702)","Sophos Home Premium (20240702)","VirIT eXplorer PRO (20240702)","Webroot SecureAnywhere (20240702)"],"avAllowList":["360 Total Security (20240702)","Avast Premium Security (20240702)","AVG Internet Security (20240702)","Avira Internet Security (20240702)","Bitdefender Internet Security (20240702)","Kaspersky Internet Security (20240702)","McAfee Total Protection (20240702)","Panda Dome (20240702)","SpyHunter5 (20240702)","Total AV Antivirus Pro (20240702)","Trend Micro Internet Security (20240702)","VIPRE Advanced Security (20240702)","Windows Defender (20240702)"]},{"isRevoked":"False","fileName":"bittorrent_installer_240515.exe","isInstaller":"True","fileVersion":"7.11","hashMD5":"ae8a9f845b4730fdcc1d6099e2e5a299","hashSHA1":"80c7275086e8919f25af4fd990eb09bff43e3378","hashSHA256":"bcb68777295b07b8c5273ff5f195f8dc3fca3f6c97d46ccd1326a590fa46bedc","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"608","avBlockList":["COMODO Antivirus (20240528)","Dr.Web Security Space (20240528)","ESET Internet Security (20240528)","G DATA INTERNET SECURITY (20240528)","Malwarebytes Premium (20240528)","Norton Security (20240528)","Sophos Home Premium (20240528)","VirIT eXplorer PRO (20240528)","Webroot SecureAnywhere (20240528)"],"avAllowList":["360 Total Security (20240528)","Avast Premium Security (20240528)","AVG Internet Security (20240528)","Avira Internet Security (20240528)","Bitdefender Internet Security (20240528)","K7 Total Security (20240528)","Kaspersky Internet Security (20240528)","McAfee Total Protection (20240528)","Panda Dome (20240528)","Quick Heal Internet Security (20240528)","SpyHunter5 (20240528)","Total AV Antivirus Pro (20240528)","Trend Micro Internet Security (20240528)","VIPRE Advanced Security (20240528)","Windows Defender (20240528)"]},{"isRevoked":"False","fileName":"bittorrent_installer_240516.exe","isInstaller":"True","fileVersion":"7.11","hashMD5":"eb4dc818e183a97cdedfb1c351239e5d","hashSHA1":"157560475d6883f2654b69dace1b4d51495b176b","hashSHA256":"568bda8c10109a980a32939ae7e63c31e4525b8da0f990b3be2302474651e5ef","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"608","avBlockList":["COMODO Antivirus (20241001)","Dr.Web Security Space (20241001)","ESET Internet Security (20241001)","FortectPremium (20241001)","G DATA INTERNET SECURITY (20241001)","Malwarebytes Premium (20241001)","Norton Security (20241001)","Panda Dome (20241001)","Sophos Home Premium (20241001)","VirIT eXplorer PRO (20241001)","Webroot SecureAnywhere (20241001)"],"avAllowList":["360 Total Security (20241001)","Avast Premium Security (20241001)","AVG Internet Security (20241001)","Avira Internet Security (20241001)","Bitdefender Internet Security (20241001)","K7 Total Security (20241001)","KasperskyPremium (20241001)","McAfee Total Protection (20241001)","Quick Heal Internet Security (20241001)","SpyHunter5 (20241001)","Total AV Antivirus Pro (20241001)","Trend Micro Internet Security (20241001)","VIPRE Advanced Security (20241001)","Windows Defender (20241001)"]},{"isRevoked":"False","fileName":"bittorrent_installer_240517.exe","isInstaller":"True","fileVersion":"7.11","hashMD5":"15585b5e528939cb8d780d9c9effe7d2","hashSHA1":"70e2ef46cc19413bcb3c0e7b6ac32f71c5c8600e","hashSHA256":"225eba1d44ba3cd0e73997ddd235e31b8c6593a5b2090427040297ce90409d5c","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"608","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"bittorrent_installer_240603.exe","isInstaller":"True","fileVersion":"7.11","hashMD5":"9fcf5a4c8626febb437c2aef7a5f0893","hashSHA1":"a33b9806257b1d6afcf48dd2df0ecbb2a36e1e83","hashSHA256":"f2ee97951707bc83694c7e48cff57f67c455b13b59f67f04f35ba74d7fdfc9f6","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"608","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"bittorrent_installer_240606.exe","isInstaller":"True","fileVersion":"7.11","hashMD5":"ac3f7a256489ed25ba186eb70b94d20d","hashSHA1":"462072e44315d39a314ed734d3c6372c019916d3","hashSHA256":"11c101a74221e14adb55d429e79dc64a59668d259d6267dd2f37f804195bc77f","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"608","avBlockList":["COMODO Antivirus (20241231)","Dr.Web Security Space (20241231)","ESET Internet Security (20241231)","FortectPremium (20241231)","G DATA INTERNET SECURITY (20241231)","Malwarebytes Premium (20241231)","Panda Dome (20241231)","Quick Heal Internet Security (20241231)","Sophos Home Premium (20241231)","VirIT eXplorer PRO (20241231)","Webroot SecureAnywhere (20241231)"],"avAllowList":["360 Total Security (20241231)","Avast Premium Security (20241231)","AVG Internet Security (20241231)","Avira Internet Security (20241231)","Bitdefender Internet Security (20241231)","K7 Total Security (20241231)","KasperskyPremium (20241231)","McAfee Total Protection (20241231)","Norton Security (20241231)","SpyHunter5 (20241231)","Total AV Antivirus Pro (20241231)","Trend Micro Internet Security (20241231)","VIPRE Advanced Security (20241231)","Windows Defender (20241231)"]},{"isRevoked":"False","fileName":"bittorrent_installer_240626.exe","isInstaller":"True","fileVersion":"7.11","hashMD5":"a5042d3b41dc6513bb0ed259d5f0af93","hashSHA1":"095e5060d60b816f155b49e714663addd957cab0","hashSHA256":"512fbeefa7ff900ce760066da5c13ad0a53d317a2afa39f02292700c885807fd","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"608","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Bittorrent apps","reference":"","landingPage":"https://www.bittorrent.com/","directDownloadingLink":"https://www.bittorrent.com/downloads/complete/classic/","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.bittorrent.com/downloads/complete/classic/","sourceIndex":"608"}],"sampleFiles":["240709/bittorrentclassic-220201/7.11.0.47083/Samples/bittorrent_installer.exe","240709/bittorrentclassic-220201/7.11.0.47083/Samples/bittorrent_installer_240515.exe","240709/bittorrentclassic-220201/7.11.0.47083/Samples/bittorrent_installer_240516.exe","240709/bittorrentclassic-220201/7.11.0.47083/Samples/bittorrent_installer_240517.exe","240709/bittorrentclassic-220201/7.11.0.47083/Samples/bittorrent_installer_240603.exe","240709/bittorrentclassic-220201/7.11.0.47083/Samples/bittorrent_installer_240606.exe","240709/bittorrentclassic-220201/7.11.0.47083/Samples/bittorrent_installer_240626.exe"],"imageFiles":["240709/bittorrentclassic-220201/7.11.0.47083/Images/ACR-042/ACR-042.PNG","240709/bittorrentclassic-220201/7.11.0.47083/Images/ACR-048/ACR-048.PNG","240709/bittorrentclassic-220201/7.11.0.47083/Images/ACR-084/ACR-084.PNG","240709/bittorrentclassic-220201/7.11.0.47083/Images/ACR-097/ACR-097.PNG","240709/bittorrentclassic-220201/7.11.0.47083/Images/ACR-097/ACR-097_1.PNG","240709/bittorrentclassic-220201/7.11.0.47083/Images/ACR-014/ACR-014.PNG","240709/bittorrentclassic-220201/7.11.0.47083/Images/ACR-013/ACR-013.PNG","240709/bittorrentclassic-220201/7.11.0.47083/Images/ACR-013/ACR-013_1.PNG","240709/bittorrentclassic-220201/7.11.0.47083/Images/ACR-013/ACR-013_2.PNG","240709/bittorrentclassic-220201/7.11.0.47083/Images/ACR-060/ACR-060.PNG","240709/bittorrentclassic-220201/7.11.0.47083/Images/ACR-060/ACR-060_1.PNG","240709/bittorrentclassic-220201/7.11.0.47083/Images/ACR-060/ACR-060_2.PNG"],"nonDeceptorImageFiles":[],"guid":"8da8f4bf-11f6-433a-8109-bb68e205a8fb_7.11.0.47083_1","appID":"bittorrentclassic-220201","dateAdded":"260205","deceptorType":"App","name":"Bittorrent Classic","company":"BitTorrent Inc","version":"7.11.0.47083","lastKnownStatus":"7.10.5.46097;7.10.5.46193;7.10.5.46211;7.11.0.46519;7.11.0.46541;7.11.0.46591;7.11.0.46681;7.11.0.46813;7.11.0.46823;7.11.0.46831;7.11.0.46857;7.11.0.46901;7.11.0.46923;7.11.0.47007;7.11.0.47013;7.11.0.47029;7.11.0.47063;7.11.0.47083;7.11.0.47125;7.11.0.47143;7.11.0.47197","lastKnownDate":"260205","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2026-02-05T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":21,"sortOrder":94},{"violations":{"ACR-043":"The \"Bit Torrent Classic\" components get dropped in one click without asking the user's permission and disclosing the installation path.\n","ACR-048":"The app does not provide any control to cancel the installation. Even on canceling it installs the application.\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software.\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software.\n","ACR-084":"On closing the app, application doesn't exit completely. It runs silently in the background, hiding the fact that it is active from the consumer without any notification. \n","ACR-097":"During installation, the app has default setting to evade the default system security guard \"Add an exception for BitTorrent in windows firewall\".\n"},"nonDeceptorViolations":{"ACR-163":"The BitTorrent FAQ link is not working and throws a 404 error.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Users\\User\\AppData\\Roaming\\bittorrent\\BitTorrent.exe","companyName":"BitTorrent Inc.","productName":"BitTorrent","productVersion":"7.11.0.46823","fileVersion":"7.11.0.46823","hashMD5":"5764e104c26c916bc956fae3f88fd790","hashSHA1":"5320247010cae946773a742c08b5e59932872a13","hashSHA256":"b18ea37ce8c327f5f7a2513796cfa4bebc7ff5c0ae0832b19dfa4299a2cc156f","digitalCertThumbprint":"09AFB68255629E565090CAC7EA49AAD67143FA93","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Rainberry Inc","storeId":"","sourceIndex":"1049","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"bittorrent_installer.exe","isInstaller":"True","companyName":"                                                            ","productName":"BitTorrent® Classic                                         ","productVersion":"7.11                                              ","fileVersion":"7.11                ","hashMD5":"1879368e45c76d7d04ed9e3533167dee","hashSHA1":"6da9e6db81af05aa546cfd96384456fdf2fb986d","hashSHA256":"0862b6767e2db772e995ce2e933ca4ab97461b9ceccd670f6a6eb0358f3c193d","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Rainberry Inc","storeId":"","sourceIndex":"1049","avBlockList":["Bitdefender Internet Security (20231005)","COMODO Antivirus (20231005)","Dr.Web Security Space (20231005)","ESET Internet Security (20231005)","G DATA INTERNET SECURITY (20231005)","Malwarebytes Premium (20231005)","Norton Security (20231005)","Panda Dome (20231005)","Sophos Home Premium (20231005)","VIPRE Advanced Security (20231005)","VirIT eXplorer PRO (20231005)","Webroot SecureAnywhere (20231005)","Windows Defender (20231005)"],"avAllowList":["360 Total Security (20231005)","Avast Premium Security (20231005)","AVG Internet Security (20231005)","Avira Internet Security (20231005)","K7 Total Security (20231005)","Kaspersky Internet Security (20231005)","McAfee Total Protection (20231005)","Quick Heal Internet Security (20231005)","SpyHunter5 (20231005)","Total AV Antivirus Pro (20231005)","Trend Micro Internet Security (20231005)"]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on torrent app","reference":"","landingPage":"https://www.bittorrent.com/","directDownloadingLink":"https://www.bittorrent.com/downloads/complete/classic/","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.bittorrent.com/downloads/complete/classic/","sourceIndex":"1049"}],"sampleFiles":["231117/bittorrentclassic-220201/7.11.0.46823/Samples/bittorrent_installer.exe"],"imageFiles":["231117/bittorrentclassic-220201/7.11.0.46823/Images/ACR-043/ACR-043.JPG","231117/bittorrentclassic-220201/7.11.0.46823/Images/ACR-048/ACR-048_Install.JPG","231117/bittorrentclassic-220201/7.11.0.46823/Images/ACR-084/ACR-084.JPG","231117/bittorrentclassic-220201/7.11.0.46823/Images/ACR-097/ACR-097.JPG","231117/bittorrentclassic-220201/7.11.0.46823/Images/ACR-013/ACR-013.JPG","231117/bittorrentclassic-220201/7.11.0.46823/Images/ACR-013/ACR-013_1.JPG","231117/bittorrentclassic-220201/7.11.0.46823/Images/ACR-013/ACR-013_2.JPG","231117/bittorrentclassic-220201/7.11.0.46823/Images/ACR-060/ACR-060.JPG","231117/bittorrentclassic-220201/7.11.0.46823/Images/ACR-060/ACR-060_1.JPG","231117/bittorrentclassic-220201/7.11.0.46823/Images/ACR-060/ACR-060_2.JPG"],"nonDeceptorImageFiles":["231117/bittorrentclassic-220201/7.11.0.46823/Images/ACR-163/ACR-163.JPG"],"guid":"8da8f4bf-11f6-433a-8109-bb68e205a8fb_7.11.0.46823_1","appID":"bittorrentclassic-220201","dateAdded":"260205","deceptorType":"App","name":"Bittorrent Classic","company":"BitTorrent Inc","version":"7.11.0.46823","lastKnownStatus":"7.10.5.46097;7.10.5.46193;7.10.5.46211;7.11.0.46519;7.11.0.46541;7.11.0.46591;7.11.0.46681;7.11.0.46813;7.11.0.46823;7.11.0.46831;7.11.0.46857;7.11.0.46901;7.11.0.46923;7.11.0.47007;7.11.0.47013;7.11.0.47029;7.11.0.47063;7.11.0.47083;7.11.0.47125;7.11.0.47143;7.11.0.47197","lastKnownDate":"260205","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2026-02-05T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":21,"sortOrder":103},{"violations":{"ACR-048":"The app does not provide any control to cancel the installation.\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software.\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software.\n","ACR-084":"On closing the app, application doesn't exit completely. It runs silently in the background, hiding the fact that it is active from the consumer without any notification. \n","ACR-097":"During installation, the app has default setting  \"Add an exception for BitTorrent in windows firewall\" without disclosing why the evading the default system security guard needed.\n","ACR-014":"The \"Accept\" button on the Opera Browser offer is used for two things: accepting an offer and accepting opera as the default browser. The \"Accept\" button is misleading and confusing because the user is easily led to believe that \"accept\" is only for installing Opera and not for changing his system browser default settings.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"bittorrent_installer.exe","isInstaller":"True","companyName":"                                                            ","productName":"B𝗂tTorrent® Classic                                        ","productVersion":"7.11                                              ","fileVersion":"7.11                ","hashMD5":"eb4dc818e183a97cdedfb1c351239e5d","hashSHA1":"157560475d6883f2654b69dace1b4d51495b176b","hashSHA256":"568bda8c10109a980a32939ae7e63c31e4525b8da0f990b3be2302474651e5ef","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Rainberry Inc","storeId":"","sourceIndex":"554","avBlockList":["COMODO Antivirus (20241001)","Dr.Web Security Space (20241001)","ESET Internet Security (20241001)","FortectPremium (20241001)","G DATA INTERNET SECURITY (20241001)","Malwarebytes Premium (20241001)","Norton Security (20241001)","Panda Dome (20241001)","Sophos Home Premium (20241001)","VirIT eXplorer PRO (20241001)","Webroot SecureAnywhere (20241001)"],"avAllowList":["360 Total Security (20241001)","Avast Premium Security (20241001)","AVG Internet Security (20241001)","Avira Internet Security (20241001)","Bitdefender Internet Security (20241001)","K7 Total Security (20241001)","KasperskyPremium (20241001)","McAfee Total Protection (20241001)","Quick Heal Internet Security (20241001)","SpyHunter5 (20241001)","Total AV Antivirus Pro (20241001)","Trend Micro Internet Security (20241001)","VIPRE Advanced Security (20241001)","Windows Defender (20241001)"]},{"isRevoked":"False","fileName":"bittorrent_installer_240723.exe","isInstaller":"True","fileVersion":"7.11","hashMD5":"63724aaf66739cf6ab5da43fd713f388","hashSHA1":"8f6b4e3790e20981378ac16bdcbcefad7edef959","hashSHA256":"7855d8727024c0bc4e49d86419547f407c27fc4f9d0d241c84d72bb528aa0c40","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"554","avBlockList":["COMODO Antivirus (20240919)","Dr.Web Security Space (20240919)","ESET Internet Security (20240919)","FortectPremium (20240919)","G DATA INTERNET SECURITY (20240919)","K7 Total Security (20240919)","Malwarebytes Premium (20240919)","Norton Security (20240919)","Panda Dome (20240919)","Quick Heal Internet Security (20240919)","Sophos Home Premium (20240919)","VirIT eXplorer PRO (20240919)","Webroot SecureAnywhere (20240919)"],"avAllowList":["360 Total Security (20240919)","Avast Premium Security (20240919)","AVG Internet Security (20240919)","Avira Internet Security (20240919)","Bitdefender Internet Security (20240919)","KasperskyPremium (20240919)","McAfee Total Protection (20240919)","SpyHunter5 (20240919)","Total AV Antivirus Pro (20240919)","Trend Micro Internet Security (20240919)","VIPRE Advanced Security (20240919)","Windows Defender (20240919)"]},{"isRevoked":"False","fileName":"bittorrent_installer_240903.exe","isInstaller":"True","fileVersion":"7.11","hashMD5":"d93dc3740544113dda4a051b48819b47","hashSHA1":"fa75fa8ce48e0672249ad0402df52c2b3a900750","hashSHA256":"02aec593599dcc0ada42c9a40ebfe16e3e71b9c4c2614067974f41d49626ebf4","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"554","avBlockList":["COMODO Antivirus (20241003)","Dr.Web Security Space (20241003)","ESET Internet Security (20241003)","FortectPremium (20241003)","G DATA INTERNET SECURITY (20241003)","K7 Total Security (20241003)","Malwarebytes Premium (20241003)","McAfee Total Protection (20241003)","Norton Security (20241003)","Panda Dome (20241003)","Quick Heal Internet Security (20241003)","Sophos Home Premium (20241003)","VirIT eXplorer PRO (20241003)","Webroot SecureAnywhere (20241003)"],"avAllowList":["360 Total Security (20241003)","Avast Premium Security (20241003)","AVG Internet Security (20241003)","Avira Internet Security (20241003)","Bitdefender Internet Security (20241003)","KasperskyPremium (20241003)","SpyHunter5 (20241003)","Total AV Antivirus Pro (20241003)","Trend Micro Internet Security (20241003)","VIPRE Advanced Security (20241003)","Windows Defender (20241003)"]}],"additionalFiles":[],"sources":[{"howFound":"Google search- Torrent apps","reference":"","landingPage":"https://www.bittorrent.com/","directDownloadingLink":"https://www.bittorrent.com/downloads/complete/classic/","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.bittorrent.com/downloads/complete/classic/","sourceIndex":"554"}],"sampleFiles":["240909/bittorrentclassic-220201/7.11.0.47125/Samples/bittorrent_installer.exe","240909/bittorrentclassic-220201/7.11.0.47125/Samples/bittorrent_installer_240723.exe","240909/bittorrentclassic-220201/7.11.0.47125/Samples/bittorrent_installer_240903.exe"],"imageFiles":["240909/bittorrentclassic-220201/7.11.0.47125/Images/ACR-048/ACR-048.PNG","240909/bittorrentclassic-220201/7.11.0.47125/Images/ACR-084/ACR-084.PNG","240909/bittorrentclassic-220201/7.11.0.47125/Images/ACR-097/ACR-097.PNG","240909/bittorrentclassic-220201/7.11.0.47125/Images/ACR-097/ACR-097_1.PNG","240909/bittorrentclassic-220201/7.11.0.47125/Images/ACR-014/ACR-014.PNG","240909/bittorrentclassic-220201/7.11.0.47125/Images/ACR-013/ACR-013.PNG","240909/bittorrentclassic-220201/7.11.0.47125/Images/ACR-013/ACR-013_1.PNG","240909/bittorrentclassic-220201/7.11.0.47125/Images/ACR-013/ACR-013_2.PNG","240909/bittorrentclassic-220201/7.11.0.47125/Images/ACR-060/ACR-060.PNG","240909/bittorrentclassic-220201/7.11.0.47125/Images/ACR-060/ACR-060_1.PNG","240909/bittorrentclassic-220201/7.11.0.47125/Images/ACR-060/ACR-060_2.PNG"],"nonDeceptorImageFiles":[],"guid":"8da8f4bf-11f6-433a-8109-bb68e205a8fb_7.11.0.47125_1","appID":"bittorrentclassic-220201","dateAdded":"260205","deceptorType":"App","name":"Bittorrent Classic","company":"BitTorrent Inc","version":"7.11.0.47125","lastKnownStatus":"7.10.5.46097;7.10.5.46193;7.10.5.46211;7.11.0.46519;7.11.0.46541;7.11.0.46591;7.11.0.46681;7.11.0.46813;7.11.0.46823;7.11.0.46831;7.11.0.46857;7.11.0.46901;7.11.0.46923;7.11.0.47007;7.11.0.47013;7.11.0.47029;7.11.0.47063;7.11.0.47083;7.11.0.47125;7.11.0.47143;7.11.0.47197","lastKnownDate":"260205","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2026-02-05T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":21,"sortOrder":93},{"violations":{"ACR-042":"App drops hidden file/potential offer app info in hidden folder without user permission.\n","ACR-043":"The \"uTorrent Web\" components get dropped in one click without asking the user's permission and disclosing the installation path.\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software. \n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software.\n","ACR-084":"On closing the app, application doesn't exit completely. It runs silently in the background, hiding the fact that it is active from the consumer without any notification.\n","ACR-097":"App adds an exception for Windows firewall to evade the default system security guard.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components on the device without the consumer's consent. \n"},"nonDeceptorViolations":{"ACR-123":"The app does not remove the startup even after uninstall and reboot. \n"},"samples":[{"isRevoked":"False","fileName":"C:\\Users\\User\\AppData\\Roaming\\uTorrent Web\\utweb.exe","companyName":"BitTorrent Inc.","productName":"µTorrent Web","productVersion":"1.3.0.5672","fileVersion":"1.3.0.5672","hashMD5":"59cdf68de3528ff19fe4f791adfe2d54","hashSHA1":"9bffd348ddd8db1051bfcb1449e1bee8b173b9af","hashSHA256":"7dc1273a91b2db72546de32b3657fede0099c788654aa55ae1a65ee6aa62c4d3","digitalCertThumbprint":"09AFB68255629E565090CAC7EA49AAD67143FA93","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Rainberry Inc","storeId":"","sourceIndex":"807","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"utweb_installer.exe","isInstaller":"True","companyName":"                                                            ","productName":"uTorrent Web®                                               ","productVersion":"1.3                                               ","fileVersion":"1.3                 ","hashMD5":"79e721db52fc8f3864afb1575bb50efe","hashSHA1":"e4062d2d4d8665dcd06f6d275f4911f443f88dfc","hashSHA256":"dc764b6f9ccebd9bf20af37674799f25ceb5376bf8801c24adfdb2120ad4a6ca","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Rainberry Inc","storeId":"","sourceIndex":"807","avBlockList":["COMODO Antivirus (20231228)","Dr.Web Security Space (20231228)","ESET Internet Security (20231228)","G DATA INTERNET SECURITY (20231228)","Malwarebytes Premium (20231228)","Norton Security (20231228)","Panda Dome (20231228)","Quick Heal Internet Security (20231228)","Sophos Home Premium (20231228)","VirIT eXplorer PRO (20231228)","Webroot SecureAnywhere (20231228)"],"avAllowList":["360 Total Security (20231228)","Avast Premium Security (20231228)","AVG Internet Security (20231228)","Avira Internet Security (20231228)","Bitdefender Internet Security (20231228)","K7 Total Security (20231228)","Kaspersky Internet Security (20231228)","McAfee Total Protection (20231228)","SpyHunter5 (20231228)","Total AV Antivirus Pro (20231228)","Trend Micro Internet Security (20231228)","VIPRE Advanced Security (20231228)","Windows Defender (20231228)"]},{"isRevoked":"False","fileName":"utweb_installer_230815.exe","isInstaller":"True","fileVersion":"1.3","hashMD5":"ecc1a6147b6b74a23f37ba44c2f6a741","hashSHA1":"d4e7706060d75092b6b5ce5dc122f5da62f802ff","hashSHA256":"79e9906960cede2e4060730833f058f877d05f928519bd08627d057aaede7f48","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"807","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Customer report","reference":"Opera offer bundled","landingPage":"https://www.utorrent.com","directDownloadingLink":"https://www.utorrent.com/web/downloads/complete/track/stable/os/win/","ipv4":"","ipv6":"","landingPageWildChar":"","directDownloadingLinkWildChar":"https://www.utorrent.com/web/downloads/complete/track/stable/os/win/","sourceIndex":"807"}],"sampleFiles":["231117/uTorrentWeb-211126/1.3.0.5672/Samples/utweb_installer.exe","231117/uTorrentWeb-211126/1.3.0.5672/Samples/utweb_installer_230815.exe"],"imageFiles":["231117/uTorrentWeb-211126/1.3.0.5672/Images/ACR-043/ACR-043_Install_1.png","231117/uTorrentWeb-211126/1.3.0.5672/Images/ACR-042/ACR-042_Install_1.png","231117/uTorrentWeb-211126/1.3.0.5672/Images/ACR-084/ACR-084_Software_1.png","231117/uTorrentWeb-211126/1.3.0.5672/Images/ACR-097/ACR-097_Software_1.png","231117/uTorrentWeb-211126/1.3.0.5672/Images/ACR-118/ACR-118_Uninstall_1.png","231117/uTorrentWeb-211126/1.3.0.5672/Images/ACR-013/ACR-013_Install_1.png","231117/uTorrentWeb-211126/1.3.0.5672/Images/ACR-013/ACR-013_Install_2.png","231117/uTorrentWeb-211126/1.3.0.5672/Images/ACR-013/ACR-013_Install_3.png","231117/uTorrentWeb-211126/1.3.0.5672/Images/ACR-060/ACR-060_In-bundle offers_1.png","231117/uTorrentWeb-211126/1.3.0.5672/Images/ACR-060/ACR-060_In-bundle offers_2.png","231117/uTorrentWeb-211126/1.3.0.5672/Images/ACR-060/ACR-060_In-bundle offers_3.png"],"nonDeceptorImageFiles":["231117/uTorrentWeb-211126/1.3.0.5672/Images/ACR-123/ACR-123_Uninstall_1.png"],"guid":"2809ba07-e9d6-4ab2-8748-339512fba3b7_1.3.0.5672_1","appID":"uTorrentWeb-211126","dateAdded":"260205","deceptorType":"App","name":"u Torrent Web","company":"BitTorrent, Inc","version":"1.3.0.5672","lastKnownStatus":"1.2.6.3977;1.2.7.4186;1.2.8.4523;1.3.0.5649;1.3.0.5665;1.3.0.5666;1.3.0.5668;1.3.0.5669;1.3.0.5670;1.3.0.5671;1.3.0.5672;1.3.0.5673;1.4.0.5714;1.4.0.5759;1.4.0.5828;1.4.0.5871;1.5.0.6335","lastKnownDate":"260205","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 10,Windows 8,Windows Server","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2026-05-12T22:59:59.0378689+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":18,"sortOrder":79},{"violations":{"ACR-048":"The app does not provide any control to cancel the installation.\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software.\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software.\n","ACR-084":"On closing the app, application doesn't exit completely. It runs silently in the background, hiding the fact that it is active from the consumer without any notification. \n","ACR-097":"During installation, the app has default setting  \"Add an exception for BitTorrent in windows firewall\" without disclosing why the evading the default system security guard needed.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components on the device without the consumer's consent.\n"},"nonDeceptorViolations":{"ACR-040":"The app installs its components in \"C:\\Users\\User\\AppData\\Roaming\" path, instead of a standard location.\n"},"samples":[{"isRevoked":"False","fileName":"bittorrent_installer.exe","isInstaller":"True","productName":"𝙱itTοrᴦent Classic® Classic","productVersion":"7.11","fileVersion":"7.11","hashMD5":"1f28c2ad5457fbeff9a71c1c419ac73a","hashSHA1":"82752e932f80c976d8e55fbccae48fd9a028bd95","hashSHA256":"d19e1ea5d8ceaf3a5db5a615dd1a0fd98e89ced5653e7c8f38d301f6b8183663","digitalCertThumbprint":"03F072F141084FFE88CF28E65258CEE35071F961","digitalCertIssuer":"CN=Sectigo Public Code Signing CA EV R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=Cassini Labs Ltd, O=Cassini Labs Ltd, S=Tel Aviv, C=IL, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=IL, SERIALNUMBER=514758457","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"123","avBlockList":["360 Total Security (20260428)","COMODO Antivirus (20260428)","ESET Internet Security (20260428)","FortectPremium (20260428)","G DATA INTERNET SECURITY (20260428)","K7 Total Security (20260428)","KasperskyPremium (20260428)","Malwarebytes Premium (20260428)","Panda Dome (20260428)","Quick Heal Internet Security (20260428)","Sophos Home Premium (20260428)","SpyHunter5 (20260428)","VirIT eXplorer PRO (20260428)","Webroot SecureAnywhere (20260428)","Windows Defender (20260428)"],"avAllowList":["Avast Premium Security (20260428)","AVG Internet Security (20260428)","Avira Internet Security (20260428)","Bitdefender Internet Security (20260428)","Dr.Web Security Space (20260428)","McAfee Total Protection (20260428)","Norton Security (20260428)","Total AV Antivirus Pro (20260428)","Trend Micro Internet Security (20260428)","VIPRE Advanced Security (20260428)"]}],"additionalFiles":[],"sources":[{"howFound":"Google search- Torrent apps","reference":"","landingPage":"https://www.bittorrent.com/","directDownloadingLink":"https://www.bittorrent.com/downloads/complete/classic/","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.bittorrent.com/downloads/complete/classic/","sourceIndex":"123"}],"sampleFiles":["260205/bittorrentclassic-220201/7.11.0.47197/Samples/bittorrent_installer.exe"],"imageFiles":["260205/bittorrentclassic-220201/7.11.0.47197/Images/ACR-048/ACR-048.png","260205/bittorrentclassic-220201/7.11.0.47197/Images/ACR-084/ACR-084.png","260205/bittorrentclassic-220201/7.11.0.47197/Images/ACR-097/ACR-097_1.png","260205/bittorrentclassic-220201/7.11.0.47197/Images/ACR-097/ACR-097_2.png","260205/bittorrentclassic-220201/7.11.0.47197/Images/ACR-118/ACR-118.png","260205/bittorrentclassic-220201/7.11.0.47197/Images/ACR-013/offer1.png","260205/bittorrentclassic-220201/7.11.0.47197/Images/ACR-013/offer2.png","260205/bittorrentclassic-220201/7.11.0.47197/Images/ACR-060/offer1.png","260205/bittorrentclassic-220201/7.11.0.47197/Images/ACR-060/offer2.png"],"nonDeceptorImageFiles":["260205/bittorrentclassic-220201/7.11.0.47197/Images/ACR-040/ACR-040.png"],"guid":"8da8f4bf-11f6-433a-8109-bb68e205a8fb_7.11.0.47197_1","appID":"bittorrentclassic-220201","dateAdded":"260205","deceptorType":"App","name":"Bittorrent Classic","company":"BitTorrent Inc","version":"7.11.0.47197","lastKnownStatus":"7.10.5.46097;7.10.5.46193;7.10.5.46211;7.11.0.46519;7.11.0.46541;7.11.0.46591;7.11.0.46681;7.11.0.46813;7.11.0.46823;7.11.0.46831;7.11.0.46857;7.11.0.46901;7.11.0.46923;7.11.0.47007;7.11.0.47013;7.11.0.47029;7.11.0.47063;7.11.0.47083;7.11.0.47125;7.11.0.47143;7.11.0.47197","lastKnownDate":"260205","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2026-02-05T23:15:33.7794117+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":21,"sortOrder":91},{"violations":{"ACR-048":"The app does not provide any control to cancel the installation.\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software.\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software.\n","ACR-084":"On closing the app, application doesn't exit completely. It runs silently in the background, hiding the fact that it is active from the consumer without any notification. \n","ACR-097":"During installation, the app has default setting  \"Add an exception for BitTorrent in windows firewall\" without disclosing why the evading the default system security guard needed.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"bittorrent_installer.exe","isInstaller":"True","companyName":"                                                            ","productName":"B𝗂tTorrent® Classic                                        ","productVersion":"7.11                                              ","fileVersion":"7.11                ","hashMD5":"ac3f7a256489ed25ba186eb70b94d20d","hashSHA1":"462072e44315d39a314ed734d3c6372c019916d3","hashSHA256":"11c101a74221e14adb55d429e79dc64a59668d259d6267dd2f37f804195bc77f","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Rainberry Inc","storeId":"","sourceIndex":"521","avBlockList":["COMODO Antivirus (20241231)","Dr.Web Security Space (20241231)","ESET Internet Security (20241231)","FortectPremium (20241231)","G DATA INTERNET SECURITY (20241231)","Malwarebytes Premium (20241231)","Panda Dome (20241231)","Quick Heal Internet Security (20241231)","Sophos Home Premium (20241231)","VirIT eXplorer PRO (20241231)","Webroot SecureAnywhere (20241231)"],"avAllowList":["360 Total Security (20241231)","Avast Premium Security (20241231)","AVG Internet Security (20241231)","Avira Internet Security (20241231)","Bitdefender Internet Security (20241231)","K7 Total Security (20241231)","KasperskyPremium (20241231)","McAfee Total Protection (20241231)","Norton Security (20241231)","SpyHunter5 (20241231)","Total AV Antivirus Pro (20241231)","Trend Micro Internet Security (20241231)","VIPRE Advanced Security (20241231)","Windows Defender (20241231)"]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on windows app","reference":"","landingPage":"https://www.bittorrent.com/","directDownloadingLink":"https://www.bittorrent.com/downloads/complete/classic/","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.bittorrent.com/downloads/complete/classic/","sourceIndex":"521"}],"sampleFiles":["241007/bittorrentclassic-220201/7.11.0.47143/Samples/bittorrent_installer.exe"],"imageFiles":["241007/bittorrentclassic-220201/7.11.0.47143/Images/ACR-048/ACR-048.PNG","241007/bittorrentclassic-220201/7.11.0.47143/Images/ACR-084/ACR-084.PNG","241007/bittorrentclassic-220201/7.11.0.47143/Images/ACR-097/ACR-097.PNG","241007/bittorrentclassic-220201/7.11.0.47143/Images/ACR-097/ACR-097_1.PNG","241007/bittorrentclassic-220201/7.11.0.47143/Images/ACR-013/ACR-013.PNG","241007/bittorrentclassic-220201/7.11.0.47143/Images/ACR-013/ACR-013_1.PNG","241007/bittorrentclassic-220201/7.11.0.47143/Images/ACR-013/ACR-013_2.PNG","241007/bittorrentclassic-220201/7.11.0.47143/Images/ACR-060/ACR-060.PNG","241007/bittorrentclassic-220201/7.11.0.47143/Images/ACR-060/ACR-060_1.PNG","241007/bittorrentclassic-220201/7.11.0.47143/Images/ACR-060/ACR-060_2.PNG"],"nonDeceptorImageFiles":[],"guid":"8da8f4bf-11f6-433a-8109-bb68e205a8fb_7.11.0.47143_1","appID":"bittorrentclassic-220201","dateAdded":"260205","deceptorType":"App","name":"Bittorrent Classic","company":"BitTorrent Inc","version":"7.11.0.47143","lastKnownStatus":"7.10.5.46097;7.10.5.46193;7.10.5.46211;7.11.0.46519;7.11.0.46541;7.11.0.46591;7.11.0.46681;7.11.0.46813;7.11.0.46823;7.11.0.46831;7.11.0.46857;7.11.0.46901;7.11.0.46923;7.11.0.47007;7.11.0.47013;7.11.0.47029;7.11.0.47063;7.11.0.47083;7.11.0.47125;7.11.0.47143;7.11.0.47197","lastKnownDate":"260205","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2026-02-05T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":21,"sortOrder":92},{"violations":{"ACR-048":"The app does not provide any control to cancel the installation. \n","ACR-084":"On closing the app, application doesn't exit completely. It runs silently in the background, hiding the fact that it is active from the consumer without any notification.\n","ACR-097":"App adds an exception for Windows firewall to evade the default system security guard.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components on the device without the consumer's consent. \n"},"nonDeceptorViolations":{"ACR-040":"The app installs its components in \"C:\\Users\\User\\AppData\\Roaming\" path, instead of a standard location.\n","ACR-123":"The app does not remove the startup even after uninstall and reboot.\n"},"samples":[{"isRevoked":"False","fileName":"installer_.exe","isInstaller":"True","companyName":"BitTorrent Limited","productName":"uTorrent Web","productVersion":"1.5.0.6335","fileVersion":"1.5.0.6335","hashMD5":"d72a7bf42470da36f643363bd9773ccc","hashSHA1":"6ad1c4a07d0d016bcdefaac39a513d462abecd3d","hashSHA256":"258f74685ebeb33f384a4b95fc12c12b6fc4a6fca6262cab7dcf3f3acba8c9a3","digitalCertThumbprint":"8AA7548C2D041AA6E6EEEF1E0910EC8B959BEBA9","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=BitTorrent Inc, O=BitTorrent Inc, L=San Francisco, S=California, C=US","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"122","avBlockList":["ESET Internet Security (20260428)","FortectPremium (20260428)","Malwarebytes Premium (20260428)","Panda Dome (20260428)","Quick Heal Internet Security (20260428)","Sophos Home Premium (20260428)","SpyHunter5 (20260428)","VirIT eXplorer PRO (20260428)","Webroot SecureAnywhere (20260428)"],"avAllowList":["360 Total Security (20260428)","Avast Premium Security (20260428)","AVG Internet Security (20260428)","Avira Internet Security (20260428)","Bitdefender Internet Security (20260428)","COMODO Antivirus (20260428)","Dr.Web Security Space (20260428)","G DATA INTERNET SECURITY (20260428)","K7 Total Security (20260428)","KasperskyPremium (20260428)","McAfee Total Protection (20260428)","Norton Security (20260428)","Total AV Antivirus Pro (20260428)","Trend Micro Internet Security (20260428)","VIPRE Advanced Security (20260428)","Windows Defender (20260428)"]}],"additionalFiles":[],"sources":[{"howFound":"Customer report","reference":"Opera offer bundled","landingPage":"https://www.utorrent.com","directDownloadingLink":"https://www.utorrent.com/web/downloads/complete/track/stable/os/win/","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.utorrent.com/web/downloads/complete/track/stable/os/win/","sourceIndex":"122"}],"sampleFiles":["260205/uTorrentWeb-211126/1.5.0.6335/Samples/installer_.exe"],"imageFiles":["260205/uTorrentWeb-211126/1.5.0.6335/Images/ACR-048/ACR-048.png","260205/uTorrentWeb-211126/1.5.0.6335/Images/ACR-084/ACR-084.png","260205/uTorrentWeb-211126/1.5.0.6335/Images/ACR-097/ACR-097.png","260205/uTorrentWeb-211126/1.5.0.6335/Images/ACR-118/ACR-118.png"],"nonDeceptorImageFiles":["260205/uTorrentWeb-211126/1.5.0.6335/Images/ACR-040/ACR-040.png","260205/uTorrentWeb-211126/1.5.0.6335/Images/ACR-123/ACR-123.png"],"guid":"2809ba07-e9d6-4ab2-8748-339512fba3b7_1.5.0.6335_1","appID":"uTorrentWeb-211126","dateAdded":"260205","deceptorType":"App","name":"u Torrent Web","company":"BitTorrent, Inc","version":"1.5.0.6335","lastKnownStatus":"1.2.6.3977;1.2.7.4186;1.2.8.4523;1.3.0.5649;1.3.0.5665;1.3.0.5666;1.3.0.5668;1.3.0.5669;1.3.0.5670;1.3.0.5671;1.3.0.5672;1.3.0.5673;1.4.0.5714;1.4.0.5759;1.4.0.5828;1.4.0.5871;1.5.0.6335","lastKnownDate":"260205","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 10,Windows 8,Windows Server","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2026-05-12T22:59:37.6337104+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":18,"sortOrder":73},{"violations":{"ACR-048":"The app does not provide any control to cancel the installation. \n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software. \n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software.\n","ACR-084":"On closing the app, application doesn't exit completely. It runs silently in the background, hiding the fact that it is active from the consumer without any notification.\n","ACR-097":"App adds an exception for Windows firewall to evade the default system security guard.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components on the device without the consumer's consent. \n","ACR-014":"The \"Accept\" button on the Opera Browser offer is used for two things: accepting an offer and accepting Opera as the default browser. The \"Accept\" button is misleading and confusing because the user is easily led to believe that \"accept\" is only for installing Opera and not for changing his system browser default settings.\n"},"nonDeceptorViolations":{"ACR-123":"The app does not remove the startup even after uninstall and reboot.\n"},"samples":[{"isRevoked":"False","fileName":"utweb_installer.exe","isInstaller":"True","companyName":"                                                            ","productName":"uTorrеnt Web®                                               ","productVersion":"1.4                                               ","fileVersion":"1.4                 ","hashMD5":"e38ec7295c803ec6e55d3577500b8079","hashSHA1":"3483bf598b7ecc07cb7e5084cd549cebcb6f228e","hashSHA256":"8896af562720f7f787df6f5293644dbee91dc91328b232c3b0ab851d3daca113","digitalCertThumbprint":"2454B8E0EA6E609AEF03C83090EE29C284BA586C","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Rainberry Inc","storeId":"","sourceIndex":"561","avBlockList":["COMODO Antivirus (20240926)","ESET Internet Security (20240926)","FortectPremium (20240926)","G DATA INTERNET SECURITY (20240926)","Malwarebytes Premium (20240926)","Norton Security (20240926)","Panda Dome (20240926)","Sophos Home Premium (20240926)","VirIT eXplorer PRO (20240926)","Webroot SecureAnywhere (20240926)"],"avAllowList":["360 Total Security (20240926)","Avast Premium Security (20240926)","AVG Internet Security (20240926)","Avira Internet Security (20240926)","Bitdefender Internet Security (20240926)","Dr.Web Security Space (20240926)","K7 Total Security (20240926)","KasperskyPremium (20240926)","McAfee Total Protection (20240926)","Quick Heal Internet Security (20240926)","SpyHunter5 (20240926)","Total AV Antivirus Pro (20240926)","Trend Micro Internet Security (20240926)","VIPRE Advanced Security (20240926)","Windows Defender (20240926)"]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on windows app","reference":"","landingPage":"https://www.utorrent.com","directDownloadingLink":"https://www.utorrent.com/web/downloads/complete/track/stable/os/win/","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.utorrent.com/web/downloads/complete/track/stable/os/win/","sourceIndex":"561"}],"sampleFiles":["240904/uTorrentWeb-211126/1.4.0.5871/Samples/utweb_installer.exe"],"imageFiles":["240904/uTorrentWeb-211126/1.4.0.5871/Images/ACR-048/ACR-048.PNG","240904/uTorrentWeb-211126/1.4.0.5871/Images/ACR-014/ACR-014.PNG","240904/uTorrentWeb-211126/1.4.0.5871/Images/ACR-084/ACR-084.PNG","240904/uTorrentWeb-211126/1.4.0.5871/Images/ACR-097/ACR-097.PNG","240904/uTorrentWeb-211126/1.4.0.5871/Images/ACR-118/ACR-118_Uninstall_1.png","240904/uTorrentWeb-211126/1.4.0.5871/Images/ACR-013/ACR-013.PNG","240904/uTorrentWeb-211126/1.4.0.5871/Images/ACR-013/ACR-013_1.PNG","240904/uTorrentWeb-211126/1.4.0.5871/Images/ACR-013/ACR-013_2.PNG","240904/uTorrentWeb-211126/1.4.0.5871/Images/ACR-060/ACR-060.PNG","240904/uTorrentWeb-211126/1.4.0.5871/Images/ACR-060/ACR-060_1.PNG","240904/uTorrentWeb-211126/1.4.0.5871/Images/ACR-060/ACR-060_2.PNG"],"nonDeceptorImageFiles":["240904/uTorrentWeb-211126/1.4.0.5871/Images/ACR-123/ACR-123_Uninstall_1.png"],"guid":"2809ba07-e9d6-4ab2-8748-339512fba3b7_1.4.0.5871_1","appID":"uTorrentWeb-211126","dateAdded":"260205","deceptorType":"App","name":"u Torrent Web","company":"BitTorrent, Inc","version":"1.4.0.5871","lastKnownStatus":"1.2.6.3977;1.2.7.4186;1.2.8.4523;1.3.0.5649;1.3.0.5665;1.3.0.5666;1.3.0.5668;1.3.0.5669;1.3.0.5670;1.3.0.5671;1.3.0.5672;1.3.0.5673;1.4.0.5714;1.4.0.5759;1.4.0.5828;1.4.0.5871;1.5.0.6335","lastKnownDate":"260205","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 10,Windows 8,Windows Server","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2026-05-12T22:59:50.8795019+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":18,"sortOrder":74},{"violations":{"ACR-048":"The app does not provide any control to cancel the installation. \n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software. \n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software.\n","ACR-084":"On closing the app, application doesn't exit completely. It runs silently in the background, hiding the fact that it is active from the consumer without any notification.\n","ACR-097":"App adds an exception for Windows firewall to evade the default system security guard.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components on the device without the consumer's consent. \n","ACR-014":"The \"Accept\" button on the Opera Browser offer is used for two things: accepting an offer and accepting Opera as the default browser. The \"Accept\" button is misleading and confusing because the user is easily led to believe that \"accept\" is only for installing Opera and not for changing his system browser default settings.\n"},"nonDeceptorViolations":{"ACR-123":"The app does not remove the startup even after uninstall and reboot. \n"},"samples":[{"isRevoked":"False","fileName":"utweb_installer.exe","isInstaller":"True","companyName":"                                                            ","productName":"uTorrеnt Web®                                               ","productVersion":"1.4                                               ","fileVersion":"1.4                 ","hashMD5":"e8f6c0280768373f846c679976100728","hashSHA1":"d26d882b7cda25e8b3abad1fe26acae67360b010","hashSHA256":"d8ada1627f815768f9cab9453f6fb1f1a881c591c562383809dd61f36e11fa19","digitalCertThumbprint":"2454B8E0EA6E609AEF03C83090EE29C284BA586C","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Rainberry Inc","storeId":"","sourceIndex":"580","avBlockList":["Avast Premium Security (20240829)","AVG Internet Security (20240829)","Avira Internet Security (20240829)","Bitdefender Internet Security (20240829)","COMODO Antivirus (20240829)","ESET Internet Security (20240829)","FortectPremium (20240829)","G DATA INTERNET SECURITY (20240829)","K7 Total Security (20240829)","KasperskyPremium (20240829)","Malwarebytes Premium (20240829)","McAfee Total Protection (20240829)","Norton Security (20240829)","Panda Dome (20240829)","Sophos Home Premium (20240829)","Total AV Antivirus Pro (20240829)","Trend Micro Internet Security (20240829)","VIPRE Advanced Security (20240829)","VirIT eXplorer PRO (20240829)","Webroot SecureAnywhere (20240829)"],"avAllowList":["360 Total Security (20240829)","Dr.Web Security Space (20240829)","Quick Heal Internet Security (20240829)","SpyHunter5 (20240829)","Windows Defender (20240829)"]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on windows app","reference":"","landingPage":"https://www.utorrent.com","directDownloadingLink":"https://www.utorrent.com/web/downloads/complete/track/stable/os/win/","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.utorrent.com/web/downloads/complete/track/stable/os/win/","sourceIndex":"580"}],"sampleFiles":["240805/uTorrentWeb-211126/1.4.0.5828/Samples/utweb_installer.exe"],"imageFiles":["240805/uTorrentWeb-211126/1.4.0.5828/Images/ACR-048/ACR-048.PNG","240805/uTorrentWeb-211126/1.4.0.5828/Images/ACR-014/ACR-014.PNG","240805/uTorrentWeb-211126/1.4.0.5828/Images/ACR-084/ACR-084.PNG","240805/uTorrentWeb-211126/1.4.0.5828/Images/ACR-097/ACR-097.PNG","240805/uTorrentWeb-211126/1.4.0.5828/Images/ACR-118/ACR-118.PNG","240805/uTorrentWeb-211126/1.4.0.5828/Images/ACR-013/ACR-013.PNG","240805/uTorrentWeb-211126/1.4.0.5828/Images/ACR-013/ACR-013_1.PNG","240805/uTorrentWeb-211126/1.4.0.5828/Images/ACR-013/ACR-013_2.PNG","240805/uTorrentWeb-211126/1.4.0.5828/Images/ACR-060/ACR-060.PNG","240805/uTorrentWeb-211126/1.4.0.5828/Images/ACR-060/ACR-060_1.PNG","240805/uTorrentWeb-211126/1.4.0.5828/Images/ACR-060/ACR-060_2.PNG"],"nonDeceptorImageFiles":["240805/uTorrentWeb-211126/1.4.0.5828/Images/ACR-123/ACR-123.PNG"],"guid":"2809ba07-e9d6-4ab2-8748-339512fba3b7_1.4.0.5828_1","appID":"uTorrentWeb-211126","dateAdded":"260205","deceptorType":"App","name":"u Torrent Web","company":"BitTorrent, Inc","version":"1.4.0.5828","lastKnownStatus":"1.2.6.3977;1.2.7.4186;1.2.8.4523;1.3.0.5649;1.3.0.5665;1.3.0.5666;1.3.0.5668;1.3.0.5669;1.3.0.5670;1.3.0.5671;1.3.0.5672;1.3.0.5673;1.4.0.5714;1.4.0.5759;1.4.0.5828;1.4.0.5871;1.5.0.6335","lastKnownDate":"260205","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 10,Windows 8,Windows Server","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2026-05-12T22:59:51.8487406+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":18,"sortOrder":75},{"violations":{"ACR-048":"The app does not provide any control to cancel the installation. \n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software. \n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software.\n","ACR-084":"On closing the app, application doesn't exit completely. It runs silently in the background, hiding the fact that it is active from the consumer without any notification.\n","ACR-097":"App adds an exception for Windows firewall to evade the default system security guard.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components on the device without the consumer's consent. \n","ACR-014":"The \"Accept\" button on the Opera Browser offer is used for two things: accepting an offer and accepting Opera as the default browser. The \"Accept\" button is misleading and confusing because the user is easily led to believe that \"accept\" is only for installing Opera and not for changing his system browser default settings.\n"},"nonDeceptorViolations":{"ACR-123":"The app does not remove the startup even after uninstall and reboot. \n"},"samples":[{"isRevoked":"False","fileName":"utweb_installer.exe","isInstaller":"True","companyName":"                                                            ","productName":"uTorrеnt Web®                                               ","productVersion":"1.4                                               ","fileVersion":"1.4                 ","hashMD5":"b0529e34f3669de937fdabb3832e19e9","hashSHA1":"4dfef8fd3e46607973aca93ad51093d0462e1a2e","hashSHA256":"bbf46e178f8e6d24cd1f3000bfe8fd2942bef4fc39dc0422bc2ee03ae9c843b2","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Rainberry Inc","storeId":"","sourceIndex":"609","avBlockList":["COMODO Antivirus (20240723)","Dr.Web Security Space (20240723)","ESET Internet Security (20240723)","FortectPremium (20240723)","G DATA INTERNET SECURITY (20240723)","K7 Total Security (20240723)","Malwarebytes Premium (20240723)","McAfee Total Protection (20240723)","Norton Security (20240723)","Panda Dome (20240723)","Sophos Home Premium (20240723)","VirIT eXplorer PRO (20240723)","Webroot SecureAnywhere (20240723)"],"avAllowList":["360 Total Security (20240723)","Avast Premium Security (20240723)","AVG Internet Security (20240723)","Avira Internet Security (20240723)","Bitdefender Internet Security (20240723)","Kaspersky Internet Security (20240723)","Quick Heal Internet Security (20240723)","SpyHunter5 (20240723)","Total AV Antivirus Pro (20240723)","Trend Micro Internet Security (20240723)","VIPRE Advanced Security (20240723)","Windows Defender (20240723)"]},{"isRevoked":"False","fileName":"utweb_installer_240531.exe","isInstaller":"True","fileVersion":"1.4","hashMD5":"a007da98ce66651b6ce5e3f19f9071a1","hashSHA1":"dccf5be953768a6d351e3279d808dc2730d90229","hashSHA256":"54f012c6570b9fa86f49807d913c3c35e105d1078084e4c5a3b1be8a5c4ec9fc","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"609","avBlockList":["COMODO Antivirus (20240730)","Dr.Web Security Space (20240730)","ESET Internet Security (20240730)","FortectPremium (20240730)","K7 Total Security (20240730)","Malwarebytes Premium (20240730)","McAfee Total Protection (20240730)","Norton Security (20240730)","Panda Dome (20240730)","Sophos Home Premium (20240730)","VirIT eXplorer PRO (20240730)","Webroot SecureAnywhere (20240730)"],"avAllowList":["360 Total Security (20240730)","Avast Premium Security (20240730)","AVG Internet Security (20240730)","Avira Internet Security (20240730)","Bitdefender Internet Security (20240730)","G DATA INTERNET SECURITY (20240730)","KasperskyPremium (20240730)","Quick Heal Internet Security (20240730)","SpyHunter5 (20240730)","Total AV Antivirus Pro (20240730)","Trend Micro Internet Security (20240730)","VIPRE Advanced Security (20240730)","Windows Defender (20240730)"]},{"isRevoked":"False","fileName":"utweb_installer_240603.exe","isInstaller":"True","fileVersion":"1.4","hashMD5":"86e969076bb08c1d537e69c6a38d5cb4","hashSHA1":"51243a989d9c3b868554b7eeee214b4cccb45104","hashSHA256":"9fd910262ebd2edd50756bad17f76aa93d5b0e52851df4c35e7c039d9e4a511b","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"609","avBlockList":["COMODO Antivirus (20240806)","Dr.Web Security Space (20240806)","ESET Internet Security (20240806)","FortectPremium (20240806)","G DATA INTERNET SECURITY (20240806)","K7 Total Security (20240806)","Malwarebytes Premium (20240806)","McAfee Total Protection (20240806)","Norton Security (20240806)","Panda Dome (20240806)","Quick Heal Internet Security (20240806)","Sophos Home Premium (20240806)","VirIT eXplorer PRO (20240806)","Webroot SecureAnywhere (20240806)"],"avAllowList":["360 Total Security (20240806)","Avast Premium Security (20240806)","AVG Internet Security (20240806)","Avira Internet Security (20240806)","Bitdefender Internet Security (20240806)","KasperskyPremium (20240806)","SpyHunter5 (20240806)","Total AV Antivirus Pro (20240806)","Trend Micro Internet Security (20240806)","VIPRE Advanced Security (20240806)","Windows Defender (20240806)"]},{"isRevoked":"False","fileName":"utweb_installer_240605.exe","isInstaller":"True","fileVersion":"1.4","hashMD5":"8138770c0687656180edc2dfa48a579e","hashSHA1":"37d367660fc6db8fb9f16fe41fd75c295220faf0","hashSHA256":"cfd1580c64e4fa4693fd1b873f933c5ed3de215f4bef56aea3b25be75dd8b209","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"609","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"utweb_installer_240626.exe","isInstaller":"True","fileVersion":"1.4","hashMD5":"c7af11e328b8a2fb77720cdf2b713309","hashSHA1":"3c74f2afe129fb84d98118b232bc6dbe804fe8ce","hashSHA256":"a3fcdc5f2c7f9c0100dcb152279bee9faa53f1d36de239e6138226fe08a3790d","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"609","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"utweb_installer_240628.exe","isInstaller":"True","fileVersion":"1.4","hashMD5":"d7be2fc1d9bbfa05a023d79df60676a4","hashSHA1":"afec08985e236e54896b9cc7a9446501229b30b6","hashSHA256":"64d39861477efa38454cae6608b0fb606a2fc822441a7c3aca9408af3795279a","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"609","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"utweb_installer_240703.exe","isInstaller":"True","fileVersion":"1.4","hashMD5":"2770dd06bc20562dc221943a2c09a72b","hashSHA1":"aa7c1620d15ff39df434575b261c4b436aa00b2c","hashSHA256":"4dde578eb8b9bfed5016f8a2efd4146b9bb934c678103f2d5612ece7a6fc571f","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"609","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"utweb_installer_240704.exe","isInstaller":"True","fileVersion":"1.4","hashMD5":"a64f1aa747ca5dbaf85ba305c180a334","hashSHA1":"e01954691f97c8115bb619fd35904735921a20c4","hashSHA256":"55f665e8047c3ccc26ac6b84494656d13b1a3b7ea2a02e48f8d0eeb7283c08c9","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"609","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"utweb_installer_240705.exe","isInstaller":"True","fileVersion":"1.4","hashMD5":"4cf84dad79a0dcfb0757daa9058a0d16","hashSHA1":"4818b4283f351ddc9dee9407ff30e0c7ccecb28a","hashSHA256":"8ec61ab1573969b342f78623ccac733838a90de76f6570a5570132123123f65c","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"609","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"utweb_installer_240708.exe","isInstaller":"True","fileVersion":"1.4","hashMD5":"1a8bb69b4ac04a0186d9198e31565424","hashSHA1":"9c5759d587b38cb63b6dccecaecc852a335f124a","hashSHA256":"cb498bcbe4306ec17186165c82f80770a54131b410a5ecedb2a94f58aeb2b6de","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"609","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"uTorrent apps","reference":"","landingPage":"https://www.utorrent.com","directDownloadingLink":"https://www.utorrent.com/web/downloads/complete/track/stable/os/win/","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.utorrent.com/web/downloads/complete/track/stable/os/win/","sourceIndex":"609"}],"sampleFiles":["240709/uTorrentWeb-211126/1.4.0.5822/Samples/utweb_installer.exe","240709/uTorrentWeb-211126/1.4.0.5822/Samples/utweb_installer_240531.exe","240709/uTorrentWeb-211126/1.4.0.5822/Samples/utweb_installer_240603.exe","240709/uTorrentWeb-211126/1.4.0.5822/Samples/utweb_installer_240605.exe","240709/uTorrentWeb-211126/1.4.0.5822/Samples/utweb_installer_240626.exe","240709/uTorrentWeb-211126/1.4.0.5822/Samples/utweb_installer_240628.exe","240709/uTorrentWeb-211126/1.4.0.5822/Samples/utweb_installer_240703.exe","240709/uTorrentWeb-211126/1.4.0.5822/Samples/utweb_installer_240704.exe","240709/uTorrentWeb-211126/1.4.0.5822/Samples/utweb_installer_240705.exe","240709/uTorrentWeb-211126/1.4.0.5822/Samples/utweb_installer_240708.exe"],"imageFiles":["240709/uTorrentWeb-211126/1.4.0.5822/Images/ACR-048/ACR-048.PNG","240709/uTorrentWeb-211126/1.4.0.5822/Images/ACR-014/ACR-014.PNG","240709/uTorrentWeb-211126/1.4.0.5822/Images/ACR-084/ACR-084.PNG","240709/uTorrentWeb-211126/1.4.0.5822/Images/ACR-097/ACR-097.PNG","240709/uTorrentWeb-211126/1.4.0.5822/Images/ACR-118/ACR-118.PNG","240709/uTorrentWeb-211126/1.4.0.5822/Images/ACR-013/ACR-013.PNG","240709/uTorrentWeb-211126/1.4.0.5822/Images/ACR-013/ACR-013_1.PNG","240709/uTorrentWeb-211126/1.4.0.5822/Images/ACR-013/ACR-013_2.PNG","240709/uTorrentWeb-211126/1.4.0.5822/Images/ACR-060/ACR-060.PNG","240709/uTorrentWeb-211126/1.4.0.5822/Images/ACR-060/ACR-060_1.PNG","240709/uTorrentWeb-211126/1.4.0.5822/Images/ACR-060/ACR-060_2.PNG"],"nonDeceptorImageFiles":["240709/uTorrentWeb-211126/1.4.0.5822/Images/ACR-123/ACR-123.PNG"],"guid":"2809ba07-e9d6-4ab2-8748-339512fba3b7_1.4.0.5822_1","appID":"uTorrentWeb-211126","dateAdded":"260205","deceptorType":"App","name":"u Torrent Web","company":"BitTorrent, Inc","version":"1.4.0.5822","lastKnownStatus":"1.2.6.3977;1.2.7.4186;1.2.8.4523;1.3.0.5649;1.3.0.5665;1.3.0.5666;1.3.0.5668;1.3.0.5669;1.3.0.5670;1.3.0.5671;1.3.0.5672;1.3.0.5673;1.4.0.5714;1.4.0.5759;1.4.0.5828;1.4.0.5871;1.5.0.6335","lastKnownDate":"260205","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 10,Windows 8,Windows Server","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2026-05-12T22:59:53.1523355+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":18,"sortOrder":76},{"violations":{"ACR-042":"The app initiates network communications with 3rd party offer provider before obtaining user consent.\n","ACR-048":"The app does not provide any control to cancel the installation. \n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software. \n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software.\n","ACR-084":"On closing the app, application doesn't exit completely. It runs silently in the background, hiding the fact that it is active from the consumer without any notification.\n","ACR-097":"App adds an exception for Windows firewall to evade the default system security guard.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components on the device without the consumer's consent. \n","ACR-014":"The \"Accept\" button on the Opera Browser offer is used for two things: accepting an offer and accepting opera as the default browser. The \"Accept\" button is misleading and confusing because the user is easily led to believe that \"accept\" is only for installing Opera and not for changing his system browser default settings.\n"},"nonDeceptorViolations":{"ACR-123":"The app does not remove the startup even after uninstall and reboot. \n"},"samples":[{"isRevoked":"False","fileName":"utweb_installer.exe","isInstaller":"True","companyName":"                                                            ","productName":"uTorrent Web®                                               ","productVersion":"1.3                                               ","fileVersion":"1.3                 ","hashMD5":"27d1c991d9a5de76165d98fa7633318c","hashSHA1":"e8e373eda97da6bba2e07fbb5b27cfdcb65560f8","hashSHA256":"d7fe823cdfafc9fce4f34501412eb81882e9842cfc59e4451457c2aa0afc30f4","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Rainberry Inc","storeId":"","sourceIndex":"640","avBlockList":["COMODO Antivirus (20240530)","Dr.Web Security Space (20240530)","ESET Internet Security (20240530)","G DATA INTERNET SECURITY (20240530)","K7 Total Security (20240530)","Malwarebytes Premium (20240530)","Norton Security (20240530)","Panda Dome (20240530)","Quick Heal Internet Security (20240530)","Sophos Home Premium (20240530)","Total AV Antivirus Pro (20240530)","VirIT eXplorer PRO (20240530)","Webroot SecureAnywhere (20240530)"],"avAllowList":["360 Total Security (20240530)","Avast Premium Security (20240530)","AVG Internet Security (20240530)","Avira Internet Security (20240530)","Bitdefender Internet Security (20240530)","Kaspersky Internet Security (20240530)","McAfee Total Protection (20240530)","SpyHunter5 (20240530)","Trend Micro Internet Security (20240530)","VIPRE Advanced Security (20240530)","Windows Defender (20240530)"]},{"isRevoked":"False","fileName":"utweb_installer1.exe","isInstaller":"True","fileVersion":"1.3","hashMD5":"f4a42f799c08eb76f41db515afb925bf","hashSHA1":"1170b5ab6762a877d030b1620c2f22fcfe9245fc","hashSHA256":"4042e5504f019bd13b465033dcb25a9fe39d6ec53908393d66485dcb4d29a6f0","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"640","avBlockList":["COMODO Antivirus (20240801)","Dr.Web Security Space (20240801)","ESET Internet Security (20240801)","FortectPremium (20240801)","G DATA INTERNET SECURITY (20240801)","K7 Total Security (20240801)","Malwarebytes Premium (20240801)","Norton Security (20240801)","Panda Dome (20240801)","Quick Heal Internet Security (20240801)","Sophos Home Premium (20240801)","VirIT eXplorer PRO (20240801)","Webroot SecureAnywhere (20240801)"],"avAllowList":["360 Total Security (20240801)","Avast Premium Security (20240801)","AVG Internet Security (20240801)","Avira Internet Security (20240801)","Bitdefender Internet Security (20240801)","KasperskyPremium (20240801)","McAfee Total Protection (20240801)","SpyHunter5 (20240801)","Total AV Antivirus Pro (20240801)","Trend Micro Internet Security (20240801)","VIPRE Advanced Security (20240801)","Windows Defender (20240801)"]},{"isRevoked":"False","fileName":"utweb_installer_240103.exe","isInstaller":"True","fileVersion":"1.4","hashMD5":"e6bc5f74e007ac704f72b5eb45b53d3f","hashSHA1":"39eee2bd1fb064016a9db56aeffa6e3875e07c1a","hashSHA256":"ea2fca5befbabaa9041c6a935ea9ac7a97e016bfdbe07a1b82294c3f9ffbfecd","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"640","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"utweb_installer_240109.exe","isInstaller":"True","fileVersion":"1.3","hashMD5":"9ba6326bfed1eb98dddffe84b6b8c9e2","hashSHA1":"0cdd5d163d3df64b0969615137f94aac2d76f381","hashSHA256":"70cc0df09535b31753bacce26de294cf1c0708ca4f5f7a6be7ba32b34ca45d4a","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"640","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"utweb_installer_220124.exe","isInstaller":"True","fileVersion":"1.4","hashMD5":"c88e87e621e8b9fa3fa4c98c431cbf3e","hashSHA1":"fe558342107ee9039064eb5c72db0521a3dc7669","hashSHA256":"cd142167a8ae4c74f8a2e2cf110a1aff3dcfcfc438971dbd99be0fa4f0f22f74","digitalCertThumbprint":"2454B8E0EA6E609AEF03C83090EE29C284BA586C","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, OU=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"640","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"utweb_installer_230124.exe","isInstaller":"True","fileVersion":"1.3","hashMD5":"cd6491f1194907c4de5f4a87eeacfdb9","hashSHA1":"644b7ab0b72aa260d07e7e91391c3157f868ad44","hashSHA256":"75f98a98d3377731f93ecd9ebd11a845cea7cb665df986e772dc08f6baf280d0","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"640","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"utweb_installer_240130.exe","isInstaller":"True","fileVersion":"1.4","hashMD5":"010d88228f2ad00b2f9160e8e4607e50","hashSHA1":"cfd9701d748bac037d67996f01a0d1a1a65c7cfd","hashSHA256":"a8f98fb5128d2a649ad035ca741529e405b231bd62aeca0d38960f0b48a57152","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"640","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"utweb_installer-240202.exe","isInstaller":"True","fileVersion":"1.3","hashMD5":"6fe0b9c6d0c9e80b6847f8cf7f8edfa4","hashSHA1":"a21be5a2d9f5838c4a6b9a2ce309a4375b4cac78","hashSHA256":"561fb323bdf61928a44995de86373997487558333427914252f0b19acb123399","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"640","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"utweb_installer_240205.exe","isInstaller":"True","fileVersion":"1.4","hashMD5":"a77d52a3fd647947cf874316ffaec44e","hashSHA1":"aacf6f497476ec2135a9eb074ef6669117b3a4bc","hashSHA256":"0c50516ec55b5a252ea0022dec7f7a6ef8f9b9aae23bb83dd6e87bf12729e73b","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"640","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"utweb_installer_240206.exe","isInstaller":"True","fileVersion":"1.4","hashMD5":"ae58ad318b13d6bb91134b7742725dbd","hashSHA1":"b74b26233c2d8f17c6cbe3c6d9289e02fb51ca08","hashSHA256":"db67f5de62754f3432f6c6d4510ccb1ef878af443c67aaae55fa84b55f33e461","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"640","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"utweb_installer_240207.exe","isInstaller":"True","fileVersion":"1.4","hashMD5":"0f830b5ed0b2be2d6e14b099a75e24be","hashSHA1":"797eaf13c564bae012d14fa3f5ec805648fe1b95","hashSHA256":"ab137f2c4a000c223f80ff0f5250d9ed4700435ee667c6d540307796d20b2a6e","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"640","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"utweb_installer_240213.exe","isInstaller":"True","fileVersion":"1.3","hashMD5":"6211646e926e9ce536c258af312a30e2","hashSHA1":"5df4b0416d0c9263cad7ed3d6e384ebce8d9790d","hashSHA256":"1a6dd4240b2ebefac1941e61cd7a0a5c3845e049e9740984e8dbe57c7478d97d","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"640","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"utweb_installer_240214.exe","isInstaller":"True","fileVersion":"1.4","hashMD5":"3c23a3a91af4e62c6a84bc2c91d7243e","hashSHA1":"120c6bcbf5d87ca4cf881faeb956bac759a50a53","hashSHA256":"f3af45b381dc6c2d20c1c7ee94f38d2a5ae49b8e60ef3417417eb3ec75de10f2","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"640","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"utweb_installer_240215.exe","isInstaller":"True","fileVersion":"1.4","hashMD5":"37cf19c6b7458269bfc8d3bda734ab7d","hashSHA1":"6229c9a812afca0511ed48453abcffd17c71569a","hashSHA256":"9aa06dbcb5ca96d5bc4e6091927ae3982db5309f31fffb36b7c5b6c1877e3d40","digitalCertThumbprint":"2454B8E0EA6E609AEF03C83090EE29C284BA586C","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, OU=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"640","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"utweb_installer_240220.exe","isInstaller":"True","fileVersion":"1.4","hashMD5":"38280c1a53ceea996541378c8c461a29","hashSHA1":"9760540eba5705f1b0cce804ca0c1aa75d06f964","hashSHA256":"e3a689d3b582121daca84b20dbb395b05efa2c4db93f8c6a2ae08e531554e1e2","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"640","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"utweb_installer_240227.exe","isInstaller":"True","fileVersion":"1.4","hashMD5":"64b08e5c8dca08c450a4b6937c1b6fab","hashSHA1":"73d151c50940375aca12488f01334d13e7dcd3b6","hashSHA256":"8ca41689b4f56ae76f6b3a84580ff98061dd2b9216c425adef1bad952dfceb73","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"640","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"utweb_installer_240301.exe","isInstaller":"True","fileVersion":"1.4","hashMD5":"1dbd5a0fa234594b050162184c15b6e5","hashSHA1":"8a25d29e16f8cdc521fa70a867b651586cfdb921","hashSHA256":"49919d8f572315db65d381ac6d49be402d78d8d94bf951cd8b0ae3812d5f732e","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"640","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"utweb_installer_240304.exe","isInstaller":"True","fileVersion":"1.4","hashMD5":"f4b040da7dc7d5e36a98d77208f450c3","hashSHA1":"9c1d8127737b95ac6776070bb0dfedf598b676cb","hashSHA256":"c9abf09a64e056b7b8bdf95896955ff515e19e84fbb403328b26f9725010ca19","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"640","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"utweb_installer_240305.exe","isInstaller":"True","fileVersion":"1.4","hashMD5":"d2cae80be283de7618b3b141ca5eb105","hashSHA1":"5d2560e249a91404507832fa2b1db0375615fb0c","hashSHA256":"a12074c0016d9b954666787d5090486dcc9bfa90e1abe2eee0a7fd37bdbb4663","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"640","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"utweb_installer_240306.exe","isInstaller":"True","fileVersion":"1.4","hashMD5":"274fcf991a347bf8fd9fe6ad2ee55b42","hashSHA1":"7ebda9ae2bc2a2b83d6fd06312ee9f98fa26ea14","hashSHA256":"9a4d410bb3c05f05cfad78619b9f312ee252a35105fa0ca04f4794eff3481237","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"640","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"utweb_installer_240307.exe","isInstaller":"True","fileVersion":"1.4","hashMD5":"e75c4728b15ecfa716a7b9f672179e7a","hashSHA1":"f9cf53872e26d2bc32e543641dd556684d33d24c","hashSHA256":"fae4d286aebcf6439c5bf3e4f3d5fff283211c4bb79fffe13fa579c38839c976","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"640","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"utweb_installer_240308.exe","isInstaller":"True","fileVersion":"1.4","hashMD5":"907a84014e40873308c071a5a35362e3","hashSHA1":"3bb828462c46bfc4923b4834d489b3a4147e6578","hashSHA256":"6f96421111939c85222f5085ccc252b556a3e89b06fa670f8587ac52b74b9e2e","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"640","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"utweb_installer_240311.exe","isInstaller":"True","fileVersion":"1.4","hashMD5":"e9646b1f6acdb0c8b50138111caf2c54","hashSHA1":"1479af7298f51cd018d2a00ed4765b8d7f4fb54f","hashSHA256":"2570a75246e001cd4641657484ef9b5f73e2c12a42408a4ff00701aed967a3e7","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"640","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"utweb_installer_240312.exe","isInstaller":"True","fileVersion":"1.4","hashMD5":"8138770c0687656180edc2dfa48a579e","hashSHA1":"37d367660fc6db8fb9f16fe41fd75c295220faf0","hashSHA256":"cfd1580c64e4fa4693fd1b873f933c5ed3de215f4bef56aea3b25be75dd8b209","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"640","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"utweb_installer_240313.exe","isInstaller":"True","fileVersion":"1.4","hashMD5":"647e8fcdb9cd74e32241a6b8cb5ab37a","hashSHA1":"f25c04893b5fb684b087c00067fee40201b8070a","hashSHA256":"b20f712cae4cab32a80874b421c9e148bcbb0d2645e4cd0dafd288eeb0568e8b","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"640","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"utweb_installer_240314.exe","isInstaller":"True","fileVersion":"1.4","hashMD5":"db8b8eb025f7ad6e7cb86bf492ed0dcb","hashSHA1":"d567e319ad4b3a996ba4e5ddc9984942534a8032","hashSHA256":"29ff10f34ed183b85842b209329046c0fbc0e8f3ce660b6dc5ddc1e9ea8ae31e","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"640","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"utweb_installer_240318.exe","isInstaller":"True","fileVersion":"1.4","hashMD5":"4a5ed4f55f820449d6806e247e33d867","hashSHA1":"6acff0079ab40620a153e3335e365b5073173c67","hashSHA256":"c0a6b58c5426a8e7f4ead5c6fc802a6eaa8cf9db13fa492ca2cb1386b93119ac","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"640","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"utweb_installer_240325.exe","isInstaller":"True","fileVersion":"1.4","hashMD5":"5d66c69fcc000ca822a6d4e0a9ae0446","hashSHA1":"ec7bb76626f3419de31f410abf09fff0274c6735","hashSHA256":"a10ed85d912bc5d5213307f5303a5e010e653ff5cac142c46a6f5fd6230775f1","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"640","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"utweb_installer_240326.exe","isInstaller":"True","fileVersion":"1.4","hashMD5":"6884b5dc669854b113660c6e25a7f31d","hashSHA1":"01c34371c7e20e8ddfe457c77a73c9a5af7956e6","hashSHA256":"6914be9efcb8a5334a89db69bfb4725df72636e864d5be6e933aabb9e389b8a6","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"640","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"utweb_installer_240401.exe","isInstaller":"True","fileVersion":"1.4","hashMD5":"787c79db7da0b4d6e4c999b452facef7","hashSHA1":"a35f56c51019434dcfc2288b9c8f83314d7520a9","hashSHA256":"4e5579f860753279010e6078badf53d04327650b8ced007c9241abff73441171","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"640","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"utweb_installer_240403.exe","isInstaller":"True","fileVersion":"1.4","hashMD5":"b1258cdc407ed0353404d817771ccc94","hashSHA1":"c94a78e1bb7aed2ee4e23076e0be3f311781f5f9","hashSHA256":"f090a795dd86fd8593c519c0dd7e05f7eb77507f11932a2b74f7a4c6e631b131","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"640","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"utweb_installer_240405.exe","isInstaller":"True","fileVersion":"1.4","hashMD5":"0f4c2e17340f6075cd47a51103fc1e7a","hashSHA1":"f5e77b8fbe5dee92bbf4ff19db2695ff0adae440","hashSHA256":"0d26bef296eb59aee4db37c280ece8593f6df63b952e3968c950ee9148f37cd4","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"640","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"utweb_installer_240408.exe","isInstaller":"True","fileVersion":"1.4","hashMD5":"32a368cbc0ddf097ebcdd445b23ca034","hashSHA1":"83c378e9a467ca6e91fd55cacbad691bbeac65ed","hashSHA256":"2cbeb432c8f7a0476d7db633f7d45492d38876ca64bc6e36eafcfbe3d3e6cbf2","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"640","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"utweb_installer_240410.exe","isInstaller":"True","fileVersion":"1.4","hashMD5":"c16d5f6972f66a4a603651501c8ac7e0","hashSHA1":"cadb11a0b99a258c0450b9cce4e575994c6aef6a","hashSHA256":"2c049cd919159dccb29da31b7711418dce301072ab27a7429e5628c90e952c0a","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"640","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"utweb_installer_240412.exe","isInstaller":"True","fileVersion":"1.4","hashMD5":"b0529e34f3669de937fdabb3832e19e9","hashSHA1":"4dfef8fd3e46607973aca93ad51093d0462e1a2e","hashSHA256":"bbf46e178f8e6d24cd1f3000bfe8fd2942bef4fc39dc0422bc2ee03ae9c843b2","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"640","avBlockList":["COMODO Antivirus (20240723)","Dr.Web Security Space (20240723)","ESET Internet Security (20240723)","FortectPremium (20240723)","G DATA INTERNET SECURITY (20240723)","K7 Total Security (20240723)","Malwarebytes Premium (20240723)","McAfee Total Protection (20240723)","Norton Security (20240723)","Panda Dome (20240723)","Sophos Home Premium (20240723)","VirIT eXplorer PRO (20240723)","Webroot SecureAnywhere (20240723)"],"avAllowList":["360 Total Security (20240723)","Avast Premium Security (20240723)","AVG Internet Security (20240723)","Avira Internet Security (20240723)","Bitdefender Internet Security (20240723)","Kaspersky Internet Security (20240723)","Quick Heal Internet Security (20240723)","SpyHunter5 (20240723)","Total AV Antivirus Pro (20240723)","Trend Micro Internet Security (20240723)","VIPRE Advanced Security (20240723)","Windows Defender (20240723)"]},{"isRevoked":"False","fileName":"utweb_installer_240429.exe","isInstaller":"True","fileVersion":"1.4","hashMD5":"c3a7b3fb0d80388919c2e2a15d3e5bfc","hashSHA1":"5a5bde30d6face23a5a290f70086c9c99ad30445","hashSHA256":"ce15c8cb85970ee34f63ac841e55e47ad1791e8e868bf8e8893f2882f554a0d3","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"640","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"utweb_installer_240516.exe","isInstaller":"True","fileVersion":"1.4","hashMD5":"522cdad4f7956be5abd920d432e9c7c5","hashSHA1":"ddf5e77be9c6967bb5ea510af0997f53869350e2","hashSHA256":"17da22bcce3572cea6070555adad0cb4e8a5901af04a873c296fcdbadecb4fb6","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"640","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Customer report","reference":"Opera offer bundled","landingPage":"https://www.utorrent.com","directDownloadingLink":"https://www.utorrent.com/web/downloads/complete/track/stable/os/win/","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.utorrent.com/web/downloads/complete/track/stable/os/win/","sourceIndex":"640"}],"sampleFiles":["240521/uTorrentWeb-211126/1.4.0.5759/Samples/utweb_installer.exe","240521/uTorrentWeb-211126/1.4.0.5759/Samples/utweb_installer1.exe","240521/uTorrentWeb-211126/1.4.0.5759/Samples/utweb_installer_240103.exe","240521/uTorrentWeb-211126/1.4.0.5759/Samples/utweb_installer_240109.exe","240521/uTorrentWeb-211126/1.4.0.5759/Samples/utweb_installer_220124.exe","240521/uTorrentWeb-211126/1.4.0.5759/Samples/utweb_installer_230124.exe","240521/uTorrentWeb-211126/1.4.0.5759/Samples/utweb_installer_240130.exe","240521/uTorrentWeb-211126/1.4.0.5759/Samples/utweb_installer-240202.exe","240521/uTorrentWeb-211126/1.4.0.5759/Samples/utweb_installer_240205.exe","240521/uTorrentWeb-211126/1.4.0.5759/Samples/utweb_installer_240206.exe","240521/uTorrentWeb-211126/1.4.0.5759/Samples/utweb_installer_240207.exe","240521/uTorrentWeb-211126/1.4.0.5759/Samples/utweb_installer_240213.exe","240521/uTorrentWeb-211126/1.4.0.5759/Samples/utweb_installer_240214.exe","240521/uTorrentWeb-211126/1.4.0.5759/Samples/utweb_installer_240215.exe","240521/uTorrentWeb-211126/1.4.0.5759/Samples/utweb_installer_240220.exe","240521/uTorrentWeb-211126/1.4.0.5759/Samples/utweb_installer_240227.exe","240521/uTorrentWeb-211126/1.4.0.5759/Samples/utweb_installer_240301.exe","240521/uTorrentWeb-211126/1.4.0.5759/Samples/utweb_installer_240304.exe","240521/uTorrentWeb-211126/1.4.0.5759/Samples/utweb_installer_240305.exe","240521/uTorrentWeb-211126/1.4.0.5759/Samples/utweb_installer_240306.exe","240521/uTorrentWeb-211126/1.4.0.5759/Samples/utweb_installer_240307.exe","240521/uTorrentWeb-211126/1.4.0.5759/Samples/utweb_installer_240308.exe","240521/uTorrentWeb-211126/1.4.0.5759/Samples/utweb_installer_240311.exe","240521/uTorrentWeb-211126/1.4.0.5759/Samples/utweb_installer_240312.exe","240521/uTorrentWeb-211126/1.4.0.5759/Samples/utweb_installer_240313.exe","240521/uTorrentWeb-211126/1.4.0.5759/Samples/utweb_installer_240314.exe","240521/uTorrentWeb-211126/1.4.0.5759/Samples/utweb_installer_240318.exe","240521/uTorrentWeb-211126/1.4.0.5759/Samples/utweb_installer_240325.exe","240521/uTorrentWeb-211126/1.4.0.5759/Samples/utweb_installer_240326.exe","240521/uTorrentWeb-211126/1.4.0.5759/Samples/utweb_installer_240401.exe","240521/uTorrentWeb-211126/1.4.0.5759/Samples/utweb_installer_240403.exe","240521/uTorrentWeb-211126/1.4.0.5759/Samples/utweb_installer_240405.exe","240521/uTorrentWeb-211126/1.4.0.5759/Samples/utweb_installer_240408.exe","240521/uTorrentWeb-211126/1.4.0.5759/Samples/utweb_installer_240410.exe","240521/uTorrentWeb-211126/1.4.0.5759/Samples/utweb_installer_240412.exe","240521/uTorrentWeb-211126/1.4.0.5759/Samples/utweb_installer_240429.exe","240521/uTorrentWeb-211126/1.4.0.5759/Samples/utweb_installer_240516.exe"],"imageFiles":["240521/uTorrentWeb-211126/1.4.0.5759/Images/ACR-042/ACR-042_Install_1.png","240521/uTorrentWeb-211126/1.4.0.5759/Images/ACR-048/ACR-048_Install_1.png","240521/uTorrentWeb-211126/1.4.0.5759/Images/ACR-014/ACR-014_Install_1.png","240521/uTorrentWeb-211126/1.4.0.5759/Images/ACR-084/ACR-084_Software_1.png","240521/uTorrentWeb-211126/1.4.0.5759/Images/ACR-097/ACR-097_Software_1.png","240521/uTorrentWeb-211126/1.4.0.5759/Images/ACR-118/ACR-118_Uninstall_1.png","240521/uTorrentWeb-211126/1.4.0.5759/Images/ACR-013/ACR-013_Install_1.png","240521/uTorrentWeb-211126/1.4.0.5759/Images/ACR-013/ACR-013_Install_2.png","240521/uTorrentWeb-211126/1.4.0.5759/Images/ACR-060/ACR-060_Bundler-made offers_1.png","240521/uTorrentWeb-211126/1.4.0.5759/Images/ACR-060/ACR-060_Bundler-made offers_2.png"],"nonDeceptorImageFiles":["240521/uTorrentWeb-211126/1.4.0.5759/Images/ACR-123/ACR-123_Uninstall_1.png"],"guid":"2809ba07-e9d6-4ab2-8748-339512fba3b7_1.4.0.5759_1","appID":"uTorrentWeb-211126","dateAdded":"260205","deceptorType":"App","name":"u Torrent Web","company":"BitTorrent, Inc","version":"1.4.0.5759","lastKnownStatus":"1.2.6.3977;1.2.7.4186;1.2.8.4523;1.3.0.5649;1.3.0.5665;1.3.0.5666;1.3.0.5668;1.3.0.5669;1.3.0.5670;1.3.0.5671;1.3.0.5672;1.3.0.5673;1.4.0.5714;1.4.0.5759;1.4.0.5828;1.4.0.5871;1.5.0.6335","lastKnownDate":"260205","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 10,Windows 8,Windows Server","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2026-05-12T22:59:54.4155544+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":18,"sortOrder":77},{"violations":{"ACR-042":"App drops hidden file/potential offer app info in hidden folder without user permission.\n","ACR-043":"The \"uTorrent Web\" components get dropped in one click without asking the user's permission and disclosing the installation path.\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software. \n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software.\n","ACR-084":"On closing the app, application doesn't exit completely. It runs silently in the background, hiding the fact that it is active from the consumer without any notification.\n","ACR-097":"App adds an exception for Windows firewall to evade the default system security guard.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components on the device without the consumer's consent. \n"},"nonDeceptorViolations":{"ACR-123":"The app does not remove the startup even after uninstall and reboot. \n"},"samples":[{"isRevoked":"False","fileName":"C:\\Users\\User\\AppData\\Roaming\\uTorrent Web\\utweb.exe","companyName":"BitTorrent Inc.","productName":"µTorrent Web","productVersion":"1.3.0.5673","fileVersion":"1.3.0.5673","hashMD5":"c3641efb14cad8456da90549f447cae7","hashSHA1":"dcfa67e2dbe11bbe712e30c6df2581e80dcdd618","hashSHA256":"c2bd13a030ff09abe94aac7de2e96236698c1db43b88187039ee6512f27ac00b","digitalCertThumbprint":"09AFB68255629E565090CAC7EA49AAD67143FA93","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Rainberry Inc","storeId":"","sourceIndex":"839","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"utweb_installer.exe","isInstaller":"True","companyName":"                                                            ","productName":"uTorrent Web®                                               ","productVersion":"1.3                                               ","fileVersion":"1.3                 ","hashMD5":"b44fcddd6a7ff3403e5b3074eefc5bee","hashSHA1":"e62e0edd49269b9b29c7b8caa8d2126ba787e4ed","hashSHA256":"f191d6db4a16a5d8d16e77a3cd045f4c3a4d7302ff1f5c5182e0e775f5eac370","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Rainberry Inc","storeId":"","sourceIndex":"839","avBlockList":["COMODO Antivirus (20230919)","Dr.Web Security Space (20230919)","ESET Internet Security (20230919)","K7 Total Security (20230919)","Malwarebytes Premium (20230919)","Norton Security (20230919)","Panda Dome (20230919)","Quick Heal Internet Security (20230919)","Sophos Home Premium (20230919)","VirIT eXplorer PRO (20230919)","Webroot SecureAnywhere (20230919)"],"avAllowList":["360 Total Security (20230919)","Avast Premium Security (20230919)","AVG Internet Security (20230919)","Avira Internet Security (20230919)","Bitdefender Internet Security (20230919)","G DATA INTERNET SECURITY (20230919)","Kaspersky Internet Security (20230919)","McAfee Total Protection (20230919)","SpyHunter5 (20230919)","Total AV Antivirus Pro (20230919)","Trend Micro Internet Security (20230919)","VIPRE Advanced Security (20230919)","Windows Defender (20230919)"]},{"isRevoked":"False","fileName":"utweb_installer_230821.exe","isInstaller":"True","productName":"uTorrent Web®","productVersion":"1.3","fileVersion":"1.3","hashMD5":"575049bb9a0610946fa1b235059e7973","hashSHA1":"7e333813cafdb63ae7236607d647ac11630d2ded","hashSHA256":"cb9108e448dde1b97c307df99f7c4349eece08ed63dd91bf88ec9ae9d57f8c5e","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"839","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"utweb_installer230823.exe","isInstaller":"True","productName":"uTorrent Web®","productVersion":"1.3","fileVersion":"1.3","hashMD5":"d2edd3dfe864a7c9f404eeaf31876b54","hashSHA1":"78bd37c62d63696bc709bb8cf5606efa6e99acfa","hashSHA256":"7f55c694a91d6fe4fb57e0becbe0a2494d2a7b16cb7b72e01dc5b8e3205fb3af","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"839","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"utweb_installer_230829.exe","isInstaller":"True","productName":"uTorrent Web®","productVersion":"1.3","fileVersion":"1.3","hashMD5":"a99eecc7bf98426e450489cac02e7cc9","hashSHA1":"6d570bc1af8b13d24aa99d9dc72da6d1ec18471a","hashSHA256":"a534f752c5eee84503380632411a984758c20b09c4577ce724971d1d828e0562","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"839","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"utweb_installer_230831.exe","isInstaller":"True","productName":"uTorrent Web®","productVersion":"1.3","fileVersion":"1.3","hashMD5":"5da6c30f70aabb1884d7260cf33d6724","hashSHA1":"622cae1e017c5c7c736f0504ca99991c1c8b1be0","hashSHA256":"954249f126a5fc45b534f54483ad684ce3a41e266bcc4b672024f68dac5bc0a7","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"839","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"utweb_installer_230904.exe","isInstaller":"True","productName":"uTorrent Web®","productVersion":"1.3","fileVersion":"1.3","hashMD5":"003cb5d1bc3367f313d86b7a9d3bd072","hashSHA1":"9fd4f5e68dcd7cd1d39738e7ea409d482fd444db","hashSHA256":"26a9866332c64c9450101fe356e5f19b33ee999fa5cd43fc63997d553bb4eeec","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"839","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"utweb_installer_230911.exe","isInstaller":"True","productName":"uTorrent Web®","productVersion":"1.3","fileVersion":"1.3","hashMD5":"3ca477ca14076a6f8431dcc1f5854002","hashSHA1":"b54b726fc8a6616e093a4637afdc0053b2f3eaab","hashSHA256":"303bd3a3830a381fbed2493383399a994fe9ed6eaa5d10ccf55d28683332a577","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"839","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"utweb_installer_20230915.exe","isInstaller":"True","productName":"uTorrent Web®","productVersion":"1.3","fileVersion":"1.3","hashMD5":"a75857783ba97cc414be429e0723fce3","hashSHA1":"e5f4d026837efc07c0fe25b70a7768bc0a32c3be","hashSHA256":"8b2e706931d2cd15331cf10be5e0dd608666ad232f242a620d1dddef43a98208","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"839","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"utweb_installer_230921.exe","isInstaller":"True","productName":"uTorrent Web®","productVersion":"1.3","fileVersion":"1.3","hashMD5":"1aa85d2cf21244e0028dbe791d3440d0","hashSHA1":"ac96f505af89d463a1d8a1eef25a974a5baabcdc","hashSHA256":"d2958ad4cc05178036fc3941c12cacb8d966b81348d90f4ec74f41894fd707ca","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"839","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"utweb_installer_230926.exe","isInstaller":"True","fileVersion":"1.3","hashMD5":"afcbee0633928a7f3fd238028d7bbac8","hashSHA1":"db1279331d529bcde5b39bb178a6b9f8c84fa6b0","hashSHA256":"66df7da160bc791e894f752c42b2055288faf717d053e6a912ccaed971225e4f","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"839","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"utweb_installer-230928.exe","isInstaller":"True","fileVersion":"1.3","hashMD5":"a3b2c14b71bb72e7e804fca38b61861a","hashSHA1":"2891e16969876a3747651edbe0e42c4034b976a6","hashSHA256":"7800fdb59b95bd007674a3aa5721070998c0b6f9df3fa3c4b94b3a8d9c758656","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"839","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"utweb_installer_231006.exe","isInstaller":"True","fileVersion":"1.3","hashMD5":"9546234c4ce9552436e77b4c9080f7e7","hashSHA1":"1185d8072f0ed145d19eb799e0098803cddeae05","hashSHA256":"0bae8ff344e4cf87ded1a558e6bb4825c6a2c441e3f4409c84937f0a205a87ee","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"839","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"utweb_installer_231009.exe","isInstaller":"True","fileVersion":"1.3","hashMD5":"579225d3cfce3eaa4df9111c228155b6","hashSHA1":"fc815b648918a3395eea1e8e74a46d66402b3af6","hashSHA256":"b291a0c0b3e88652e9cd9d324e789e7dbf2ef201581ecca183757e94225a9a21","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"839","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"utweb_installer_231010.exe","isInstaller":"True","fileVersion":"1.3","hashMD5":"915ac2e793fdc306c0a62cb9790ba9a8","hashSHA1":"ebfc231eddcfaa40726b62d397aee90ce4074d07","hashSHA256":"7f1b0438a7fa35dbe88a2dc210f520ecb5e3de72f8aaaee5e7b040b6631b3ca4","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"839","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"utweb_installer_231011.exe","isInstaller":"True","fileVersion":"1.3","hashMD5":"17eb6140d1d3568b6f89ce6ecff14687","hashSHA1":"55e020f642b4534709e02f3bcc4f32d0222d4a95","hashSHA256":"0f256cbb6b4ff871cc0df07e387e6fa4fb3a1f01461068ac23edc92b9f3a891e","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"839","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"utweb_installer_231013.exe","isInstaller":"True","fileVersion":"1.3","hashMD5":"d0716cbe5be5804d9b19f64bf2cc0c7c","hashSHA1":"87c82cfadba187bd9103cdda203005e029e4f2f1","hashSHA256":"71f5247173bdb3177b54a9543917d0a6119af174d65249050c4cd4b2ec93ad45","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"839","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt on torrent applications","reference":"","landingPage":"https://www.utorrent.com/web/","directDownloadingLink":"https://www.utorrent.com/web/downloads/complete/track/stable/os/win/","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.utorrent.com/web/downloads/complete/track/stable/os/win/","sourceIndex":"839"}],"sampleFiles":["231117/uTorrentWeb-211126/1.3.0.5673/Samples/utweb_installer.exe","231117/uTorrentWeb-211126/1.3.0.5673/Samples/utweb_installer_230821.exe","231117/uTorrentWeb-211126/1.3.0.5673/Samples/utweb_installer230823.exe","231117/uTorrentWeb-211126/1.3.0.5673/Samples/utweb_installer_230829.exe","231117/uTorrentWeb-211126/1.3.0.5673/Samples/utweb_installer_230831.exe","231117/uTorrentWeb-211126/1.3.0.5673/Samples/utweb_installer_230904.exe","231117/uTorrentWeb-211126/1.3.0.5673/Samples/utweb_installer_230911.exe","231117/uTorrentWeb-211126/1.3.0.5673/Samples/utweb_installer_20230915.exe","231117/uTorrentWeb-211126/1.3.0.5673/Samples/utweb_installer_230921.exe","231117/uTorrentWeb-211126/1.3.0.5673/Samples/utweb_installer_230926.exe","231117/uTorrentWeb-211126/1.3.0.5673/Samples/utweb_installer-230928.exe","231117/uTorrentWeb-211126/1.3.0.5673/Samples/utweb_installer_231006.exe","231117/uTorrentWeb-211126/1.3.0.5673/Samples/utweb_installer_231009.exe","231117/uTorrentWeb-211126/1.3.0.5673/Samples/utweb_installer_231010.exe","231117/uTorrentWeb-211126/1.3.0.5673/Samples/utweb_installer_231011.exe","231117/uTorrentWeb-211126/1.3.0.5673/Samples/utweb_installer_231013.exe"],"imageFiles":["231117/uTorrentWeb-211126/1.3.0.5673/Images/ACR-043/ACR-043.PNG","231117/uTorrentWeb-211126/1.3.0.5673/Images/ACR-042/ACR-042.PNG","231117/uTorrentWeb-211126/1.3.0.5673/Images/ACR-084/ACR-084.PNG","231117/uTorrentWeb-211126/1.3.0.5673/Images/ACR-097/ACR-097.PNG","231117/uTorrentWeb-211126/1.3.0.5673/Images/ACR-118/ACR-118.PNG","231117/uTorrentWeb-211126/1.3.0.5673/Images/ACR-013/ACR-013.PNG","231117/uTorrentWeb-211126/1.3.0.5673/Images/ACR-013/ACR-013_1.PNG","231117/uTorrentWeb-211126/1.3.0.5673/Images/ACR-013/ACR-013_2.PNG","231117/uTorrentWeb-211126/1.3.0.5673/Images/ACR-060/ACR-060.PNG","231117/uTorrentWeb-211126/1.3.0.5673/Images/ACR-060/ACR-060_1.PNG","231117/uTorrentWeb-211126/1.3.0.5673/Images/ACR-060/ACR-060_2.PNG"],"nonDeceptorImageFiles":["231117/uTorrentWeb-211126/1.3.0.5673/Images/ACR-123/ACR-123.PNG"],"guid":"2809ba07-e9d6-4ab2-8748-339512fba3b7_1.3.0.5673_1","appID":"uTorrentWeb-211126","dateAdded":"260205","deceptorType":"App","name":"u Torrent Web","company":"BitTorrent, Inc","version":"1.3.0.5673","lastKnownStatus":"1.2.6.3977;1.2.7.4186;1.2.8.4523;1.3.0.5649;1.3.0.5665;1.3.0.5666;1.3.0.5668;1.3.0.5669;1.3.0.5670;1.3.0.5671;1.3.0.5672;1.3.0.5673;1.4.0.5714;1.4.0.5759;1.4.0.5828;1.4.0.5871;1.5.0.6335","lastKnownDate":"260205","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 10,Windows 8,Windows Server","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2026-05-12T22:59:59.5173118+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":18,"sortOrder":80},{"violations":{"ACR-042":"App drops hidden file/potential offer app info in hidden folder without user permission.\n","ACR-043":"The \"uTorrent Web\" components get dropped in one click without asking the user's permission and disclosing the installation path.\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software. \n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software.\n","ACR-084":"On closing the app, application doesn't exit completely. It runs silently in the background, hiding the fact that it is active from the consumer without any notification.\n","ACR-097":"App adds an exception for Windows firewall to evade the default system security guard.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components on the device without the consumer's consent. \n"},"nonDeceptorViolations":{"ACR-123":"The app does not remove the startup even after uninstall and reboot. \n"},"samples":[{"isRevoked":"False","fileName":"C:\\Users\\User\\AppData\\Roaming\\uTorrent Web\\utweb.exe","companyName":"BitTorrent Inc.","productName":"µTorrent Web","productVersion":"1.3.0.5671","fileVersion":"1.3.0.5671","hashMD5":"0baa943481dcb37a410ae91864df937e","hashSHA1":"7a31195a15887fcb71b75684bddb6e38f0df9440","hashSHA256":"fb16c6d424b705b0db3277fe8776e96694c00f8b942dc5828412b1f7b7a3b8ea","digitalCertThumbprint":"09AFB68255629E565090CAC7EA49AAD67143FA93","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Rainberry Inc","storeId":"","sourceIndex":"932","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"utweb_installer.exe","isInstaller":"True","companyName":"                                                            ","productName":"uTorrent Web®                                               ","productVersion":"1.3                                               ","fileVersion":"1.3                 ","hashMD5":"429e56e044f63422147b548ed1bd97a8","hashSHA1":"c26d32fd4fd0628381ecac39c60cc1c4808b3fe0","hashSHA256":"75085e19a2fb105bf96bf5f942cd3fce8c4bd71e8d761c16e96d194e45a5d555","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Rainberry Inc","storeId":"","sourceIndex":"932","avBlockList":["COMODO Antivirus (20240201)","Dr.Web Security Space (20240201)","ESET Internet Security (20240201)","G DATA INTERNET SECURITY (20240201)","Malwarebytes Premium (20240201)","Norton Security (20240201)","Panda Dome (20240201)","Quick Heal Internet Security (20240201)","Sophos Home Premium (20240201)","VirIT eXplorer PRO (20240201)","Webroot SecureAnywhere (20240201)"],"avAllowList":["360 Total Security (20240201)","Avast Premium Security (20240201)","AVG Internet Security (20240201)","Avira Internet Security (20240201)","Bitdefender Internet Security (20240201)","K7 Total Security (20240201)","Kaspersky Internet Security (20240201)","McAfee Total Protection (20240201)","SpyHunter5 (20240201)","Total AV Antivirus Pro (20240201)","Trend Micro Internet Security (20240201)","VIPRE Advanced Security (20240201)","Windows Defender (20240201)"]},{"isRevoked":"False","fileName":"utweb_installer_1.exe","isInstaller":"True","productName":"uTorrent Web®  ","productVersion":"1.3          ","fileVersion":"1.3","hashMD5":"99a1af9119c27910d2a11a133069aeec","hashSHA1":"c68ca0a346f36de8c740d0ef5665fbb001f55a98","hashSHA256":"cdbb1ce80abeae040c5cbf0a082b8b9d59493131f7a472b77c398f55fdac71d9","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"Rainberry Inc","sourceIndex":"932","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on windows app","reference":"","landingPage":"https://www.utorrent.com/web/","directDownloadingLink":"https://www.utorrent.com/web/downloads/complete/track/stable/os/win/","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.utorrent.com/web/downloads/complete/track/stable/os/win/","sourceIndex":"932"}],"sampleFiles":["231117/uTorrentWeb-211126/1.3.0.5671/Samples/utweb_installer.exe","231117/uTorrentWeb-211126/1.3.0.5671/Samples/utweb_installer_1.exe"],"imageFiles":["231117/uTorrentWeb-211126/1.3.0.5671/Images/ACR-043/ACR-043.PNG","231117/uTorrentWeb-211126/1.3.0.5671/Images/ACR-042/ACR-042.PNG","231117/uTorrentWeb-211126/1.3.0.5671/Images/ACR-084/ACR-084.PNG","231117/uTorrentWeb-211126/1.3.0.5671/Images/ACR-097/ACR-097.PNG","231117/uTorrentWeb-211126/1.3.0.5671/Images/ACR-118/ACR-118.PNG","231117/uTorrentWeb-211126/1.3.0.5671/Images/ACR-013/ACR-013.PNG","231117/uTorrentWeb-211126/1.3.0.5671/Images/ACR-013/ACR-013_1.PNG","231117/uTorrentWeb-211126/1.3.0.5671/Images/ACR-013/ACR-013_2.PNG","231117/uTorrentWeb-211126/1.3.0.5671/Images/ACR-060/ACR-060.PNG","231117/uTorrentWeb-211126/1.3.0.5671/Images/ACR-060/ACR-060_1.PNG","231117/uTorrentWeb-211126/1.3.0.5671/Images/ACR-060/ACR-060_2.PNG"],"nonDeceptorImageFiles":["231117/uTorrentWeb-211126/1.3.0.5671/Images/ACR-123/ACR-123.PNG"],"guid":"2809ba07-e9d6-4ab2-8748-339512fba3b7_1.3.0.5671_1","appID":"uTorrentWeb-211126","dateAdded":"260205","deceptorType":"App","name":"u Torrent Web","company":"BitTorrent, Inc","version":"1.3.0.5671","lastKnownStatus":"1.2.6.3977;1.2.7.4186;1.2.8.4523;1.3.0.5649;1.3.0.5665;1.3.0.5666;1.3.0.5668;1.3.0.5669;1.3.0.5670;1.3.0.5671;1.3.0.5672;1.3.0.5673;1.4.0.5714;1.4.0.5759;1.4.0.5828;1.4.0.5871;1.5.0.6335","lastKnownDate":"260205","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 10,Windows 8,Windows Server","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2026-05-12T23:00:02.8571263+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":18,"sortOrder":81},{"violations":{"ACR-042":"The app initiates network communications with 3rd party offer provider before obtaining user consent.\n","ACR-048":"The app does not provide any control to cancel the installation. \n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software. \n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software.\n","ACR-084":"On closing the app, application doesn't exit completely. It runs silently in the background, hiding the fact that it is active from the consumer without any notification.\n","ACR-097":"App adds an exception for Windows firewall to evade the default system security guard.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components on the device without the consumer's consent. \n"},"nonDeceptorViolations":{"ACR-123":"The app does not remove the startup even after uninstall and reboot. \n"},"samples":[{"isRevoked":"False","fileName":"C:\\Users\\User\\AppData\\Roaming\\uTorrent Web\\utweb.exe","companyName":"Rainberry Inc.","productName":"µTorrent Web","productVersion":"1.4.0.5714","fileVersion":"1.4.0.5714","hashMD5":"9d69c89d503302ea9b83dc0ca841a421","hashSHA1":"4bddff916eaae96c449c34cfa1a94ebc74e106ef","hashSHA256":"58f2463c0885326ce24faf80a03edc676e171e676f22d325ffdd15f6c84039db","digitalCertThumbprint":"09AFB68255629E565090CAC7EA49AAD67143FA93","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Rainberry Inc","storeId":"","sourceIndex":"788","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"utweb_installer.exe","isInstaller":"True","companyName":"                                                            ","productName":"uТorrеnt Web®                                               ","productVersion":"1.4                                               ","fileVersion":"1.4                 ","hashMD5":"a3552a54b69d588f71cedf2031a2de9d","hashSHA1":"cd7d4d7b86e4d90000a09bbca2ae27c8fe6bfdda","hashSHA256":"5f388824d367819b691783624c53cdbb161a4495dd243ca42508776048fd29ed","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Rainberry Inc","storeId":"","sourceIndex":"788","avBlockList":["Bitdefender Internet Security (20240305)","COMODO Antivirus (20240305)","Dr.Web Security Space (20240305)","ESET Internet Security (20240305)","G DATA INTERNET SECURITY (20240305)","K7 Total Security (20240305)","Malwarebytes Premium (20240305)","Norton Security (20240305)","Panda Dome (20240305)","Quick Heal Internet Security (20240305)","Sophos Home Premium (20240305)","VIPRE Advanced Security (20240305)","VirIT eXplorer PRO (20240305)","Webroot SecureAnywhere (20240305)"],"avAllowList":["360 Total Security (20240305)","Avast Premium Security (20240305)","AVG Internet Security (20240305)","Avira Internet Security (20240305)","Kaspersky Internet Security (20240305)","McAfee Total Protection (20240305)","SpyHunter5 (20240305)","Total AV Antivirus Pro (20240305)","Trend Micro Internet Security (20240305)","Windows Defender (20240305)"]},{"isRevoked":"False","fileName":"utweb_installer_231027.exe","isInstaller":"True","fileVersion":"1.4","hashMD5":"c61edd4e06c593d961fd5faff57c6325","hashSHA1":"5862c9987045a774e37793d9d287d98f86660725","hashSHA256":"e6a1f71cb35d378166f230afacda44d75b0917f12c06b31db0cda7d30a1b3325","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"788","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"utweb_installer_231031.exe","isInstaller":"True","fileVersion":"1.4","hashMD5":"c3a5222af4e23219a709ac1051de9ba6","hashSHA1":"abd087f2cc60a640de5d81a621a39e73ddda37fa","hashSHA256":"d73c1c18646285ef6bf4ecaef811c3013c13ba80ae62cbe6376c3c36d8ee5abd","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"788","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"utweb_installer_231031_1.exe","isInstaller":"True","fileVersion":"1.3","hashMD5":"d2edd3dfe864a7c9f404eeaf31876b54","hashSHA1":"78bd37c62d63696bc709bb8cf5606efa6e99acfa","hashSHA256":"7f55c694a91d6fe4fb57e0becbe0a2494d2a7b16cb7b72e01dc5b8e3205fb3af","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"788","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"utweb_installer_231102.exe","isInstaller":"True","fileVersion":"1.4","hashMD5":"d41cf18848dc10efcb039119fa352647","hashSHA1":"24fae0275965cabde0b4699ebd8e00c0a460afa5","hashSHA256":"35993f6708a6035a484dc54cf98514fdf42342ddfe42c98cb85d5a08014f20c9","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"788","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"utweb_installer_231103.exe","isInstaller":"True","fileVersion":"1.3","hashMD5":"37e87ccd678cb0dc477ac51ed25bb110","hashSHA1":"2d50b1f6476c4c67109197ec2f7dae3202c345f5","hashSHA256":"cfa62cde372fd31497d79ba60c4f5d745dd9518244585279864949e0072796cc","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"788","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"utweb_installer_1.exe","isInstaller":"True","fileVersion":"1.4","hashMD5":"5d0f78072cb9a2b13ebda8f24c086d1e","hashSHA1":"295caa4a2b92a6aa6572fdacc26f3346008f1485","hashSHA256":"55e8447c47177c26d61cbdf07fa2abc6663e770418a921dfd1f4e04316544cd9","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"788","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"utweb_installer_231113.exe","isInstaller":"True","fileVersion":"1.4","hashMD5":"b02bc623dbc269a248a5a73786a1333c","hashSHA1":"016ba17afb8bedba6ab3578ac807583c7c668a1a","hashSHA256":"4e1f8de01bc8843e64edfb685eff998657e2f0e8e8e7bd75d52fc3580fcbb044","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"788","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"utweb_installer_231115.exe","isInstaller":"True","fileVersion":"1.4","hashMD5":"4f8bd6c21fb197476dd951eb4be123e6","hashSHA1":"7e062e368254039f813633109f648c38187807c1","hashSHA256":"b9b036790d840c82ef0bb9b75461fd8980d64e21c346ebba38f10addaab2049d","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"788","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"utweb_installer_231116.exe","isInstaller":"True","fileVersion":"1.4","hashMD5":"a9b3973544c506d81b5c1383cec02476","hashSHA1":"c75291f244cc2251d4157c28beb38b6db596b48c","hashSHA256":"e8bb661841258ffefe8939404a4f5941d0faef761ada551bebb7e3a32def20fd","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"788","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"utweb_installer_231116_2.exe","isInstaller":"True","fileVersion":"1.3","hashMD5":"ed11cdefc38d4a888a4b8a2a95eae678","hashSHA1":"943b5d19c04c4a5d67547dd6cf90861d0c47102f","hashSHA256":"55af1c825fea790e819d34c4adc43f5a737bf290cc10adcaff3c780ba74ae295","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"788","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"utweb_installer_231117.exe","isInstaller":"True","fileVersion":"1.4","hashMD5":"d3efd50a3d1cd50822f2d95e69e14dc0","hashSHA1":"47335fcf91e4b529d375b7ca021ed06e420a1402","hashSHA256":"b25f7a598b0cf917cac5985f204e9d3132b5b0f25c99d9ced0ade600b0ec94a6","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"788","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"utweb_installer_231120.exe","isInstaller":"True","fileVersion":"1.4","hashMD5":"bda45bc68b9bbfe5f674ce7bbdbaa8cc","hashSHA1":"503d17fd0bb744c0832637c9f029aa7b33d28a58","hashSHA256":"e6a09acf7b5e24742185af46e7815dd2ca73ba7193165af6f4c5893c98398cfa","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"788","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"utweb_installer_231124.exe","isInstaller":"True","fileVersion":"1.4","hashMD5":"eb462677d3eabf4463228afcf31967dc","hashSHA1":"b28be6d6a38a4b0de2ceea8534f5f8d7e45f92d9","hashSHA256":"5db295f7f7999a576a7ca4009549e02821d77454f4fd1e5a432208c450e32a48","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"788","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"utweb_installer_231204.exe","isInstaller":"True","fileVersion":"1.4","hashMD5":"bdc5913465d8c46ca98ec13bd2e1f068","hashSHA1":"6c960be634c547c57595c4add73294b8efc8ef8d","hashSHA256":"4a313fdbe3e0a822d872ee60930d979ff760fcdf20dac959148ed0f169796ba3","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"788","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"utweb_installer_231211.exe","isInstaller":"True","fileVersion":"1.4","hashMD5":"019a2d352f3051b0522c2a1cad0574e8","hashSHA1":"f80290a19295a3958ab8bbcad0d85bc7273e3f69","hashSHA256":"36f00c0d2338bdff22d4a0a383942c1746212d1825ed5189ea751a470be75031","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"788","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on torrent app","reference":"","landingPage":"https://www.utorrent.com/web/","directDownloadingLink":"https://www.utorrent.com/web/downloads/complete/track/stable/os/win/","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.utorrent.com/web/downloads/complete/track/stable/os/win/","sourceIndex":"788"}],"sampleFiles":["231211/uTorrentWeb-211126/1.4.0.5714/Samples/utweb_installer.exe","231211/uTorrentWeb-211126/1.4.0.5714/Samples/utweb_installer_231027.exe","231211/uTorrentWeb-211126/1.4.0.5714/Samples/utweb_installer_231031.exe","231211/uTorrentWeb-211126/1.4.0.5714/Samples/utweb_installer_231031_1.exe","231211/uTorrentWeb-211126/1.4.0.5714/Samples/utweb_installer_231102.exe","231211/uTorrentWeb-211126/1.4.0.5714/Samples/utweb_installer_231103.exe","231211/uTorrentWeb-211126/1.4.0.5714/Samples/utweb_installer_1.exe","231211/uTorrentWeb-211126/1.4.0.5714/Samples/utweb_installer_231113.exe","231211/uTorrentWeb-211126/1.4.0.5714/Samples/utweb_installer_231115.exe","231211/uTorrentWeb-211126/1.4.0.5714/Samples/utweb_installer_231116.exe","231211/uTorrentWeb-211126/1.4.0.5714/Samples/utweb_installer_231116_2.exe","231211/uTorrentWeb-211126/1.4.0.5714/Samples/utweb_installer_231117.exe","231211/uTorrentWeb-211126/1.4.0.5714/Samples/utweb_installer_231120.exe","231211/uTorrentWeb-211126/1.4.0.5714/Samples/utweb_installer_231124.exe","231211/uTorrentWeb-211126/1.4.0.5714/Samples/utweb_installer_231204.exe","231211/uTorrentWeb-211126/1.4.0.5714/Samples/utweb_installer_231211.exe"],"imageFiles":["231211/uTorrentWeb-211126/1.4.0.5714/Images/ACR-042/ACR-042_Install_1.png","231211/uTorrentWeb-211126/1.4.0.5714/Images/ACR-048/ACR-048.PNG","231211/uTorrentWeb-211126/1.4.0.5714/Images/ACR-084/ACR-084.PNG","231211/uTorrentWeb-211126/1.4.0.5714/Images/ACR-097/ACR-097.PNG","231211/uTorrentWeb-211126/1.4.0.5714/Images/ACR-118/ACR-118.PNG","231211/uTorrentWeb-211126/1.4.0.5714/Images/ACR-013/ACR-013.PNG","231211/uTorrentWeb-211126/1.4.0.5714/Images/ACR-013/ACR-013_1.PNG","231211/uTorrentWeb-211126/1.4.0.5714/Images/ACR-013/ACR-013_2.PNG","231211/uTorrentWeb-211126/1.4.0.5714/Images/ACR-060/ACR-060.PNG","231211/uTorrentWeb-211126/1.4.0.5714/Images/ACR-060/ACR-060_1.PNG","231211/uTorrentWeb-211126/1.4.0.5714/Images/ACR-060/ACR-060_2.PNG"],"nonDeceptorImageFiles":["231211/uTorrentWeb-211126/1.4.0.5714/Images/ACR-123/ACR-123.PNG"],"guid":"2809ba07-e9d6-4ab2-8748-339512fba3b7_1.4.0.5714_1","appID":"uTorrentWeb-211126","dateAdded":"260205","deceptorType":"App","name":"u Torrent Web","company":"BitTorrent, Inc","version":"1.4.0.5714","lastKnownStatus":"1.2.6.3977;1.2.7.4186;1.2.8.4523;1.3.0.5649;1.3.0.5665;1.3.0.5666;1.3.0.5668;1.3.0.5669;1.3.0.5670;1.3.0.5671;1.3.0.5672;1.3.0.5673;1.4.0.5714;1.4.0.5759;1.4.0.5828;1.4.0.5871;1.5.0.6335","lastKnownDate":"260205","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 10,Windows 8,Windows Server","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2026-05-12T22:59:58.5661742+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":18,"sortOrder":78},{"violations":{"ACR-042":"App drops hidden file/potential offer app info in hidden folder without user permission.\n","ACR-043":"The \"uTorrent Web\" components get dropped in one click without asking the user's permission and disclosing the installation path.\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software. \n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software.\n","ACR-084":"On closing the app, application doesn't exit completely. It runs silently in the background, hiding the fact that it is active from the consumer without any notification.\n","ACR-097":"App adds an exception for Windows firewall to evade the default system security guard.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components on the device without the consumer's consent. \n"},"nonDeceptorViolations":{"ACR-123":"The app does not remove the startup even after uninstall and reboot. \n"},"samples":[{"isRevoked":"False","fileName":"C:\\Users\\User\\AppData\\Roaming\\uTorrent Web\\utweb.exe","companyName":"BitTorrent Inc.","productName":"µTorrent Web","productVersion":"1.3.0.5669","fileVersion":"1.3.0.5669","hashMD5":"72d76c1a0962a571cc69623970caa70c","hashSHA1":"43b77525279f70e3d6dd871a38f3d918d1ba849f","hashSHA256":"931b2b92f20ac08e304bc6f5008a2f2bb23121e85dc88e0463fe1e7ef79ee07d","digitalCertThumbprint":"09AFB68255629E565090CAC7EA49AAD67143FA93","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Rainberry Inc","storeId":"","sourceIndex":"969","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"utweb_installer.exe","isInstaller":"True","companyName":"                                                            ","productName":"uTorrent Web®                                               ","productVersion":"1.3                                               ","fileVersion":"1.3                 ","hashMD5":"6a8af5d129a6ca4f9dbda51dd928a7af","hashSHA1":"2b91cea230389c307a9b0595f605ad000ed9f5c9","hashSHA256":"877dfff0aa2d611c59c7c380e7076260e7b60e40deb0cc35b43e95f8128f0980","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Rainberry Inc","storeId":"","sourceIndex":"969","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on windows app","reference":"","landingPage":"https://www.utorrent.com/web/","directDownloadingLink":"https://www.utorrent.com/web/downloads/complete/track/stable/os/win/","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.utorrent.com/web/downloads/complete/track/stable/os/win/","sourceIndex":"969"}],"sampleFiles":["230724/uTorrentWeb-211126/1.3.0.5669/Samples/utweb_installer.exe"],"imageFiles":["230724/uTorrentWeb-211126/1.3.0.5669/Images/ACR-043/ACR-043.PNG","230724/uTorrentWeb-211126/1.3.0.5669/Images/ACR-042/ACR-042.PNG","230724/uTorrentWeb-211126/1.3.0.5669/Images/ACR-084/ACR-084.PNG","230724/uTorrentWeb-211126/1.3.0.5669/Images/ACR-097/ACR-097.PNG","230724/uTorrentWeb-211126/1.3.0.5669/Images/ACR-118/ACR-118.PNG","230724/uTorrentWeb-211126/1.3.0.5669/Images/ACR-013/ACR-013.PNG","230724/uTorrentWeb-211126/1.3.0.5669/Images/ACR-013/ACR-013_1.PNG","230724/uTorrentWeb-211126/1.3.0.5669/Images/ACR-013/ACR-013_2.PNG","230724/uTorrentWeb-211126/1.3.0.5669/Images/ACR-060/ACR-060.PNG","230724/uTorrentWeb-211126/1.3.0.5669/Images/ACR-060/ACR-060_1.PNG","230724/uTorrentWeb-211126/1.3.0.5669/Images/ACR-060/ACR-060_2.PNG"],"nonDeceptorImageFiles":["230724/uTorrentWeb-211126/1.3.0.5669/Images/ACR-123/ACR-123.PNG"],"guid":"2809ba07-e9d6-4ab2-8748-339512fba3b7_1.3.0.5669_1","appID":"uTorrentWeb-211126","dateAdded":"260205","deceptorType":"App","name":"u Torrent Web","company":"BitTorrent, Inc","version":"1.3.0.5669","lastKnownStatus":"1.2.6.3977;1.2.7.4186;1.2.8.4523;1.3.0.5649;1.3.0.5665;1.3.0.5666;1.3.0.5668;1.3.0.5669;1.3.0.5670;1.3.0.5671;1.3.0.5672;1.3.0.5673;1.4.0.5714;1.4.0.5759;1.4.0.5828;1.4.0.5871;1.5.0.6335","lastKnownDate":"260205","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 10,Windows 8,Windows Server","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2026-05-12T23:00:03.4638781+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":18,"sortOrder":83},{"violations":{"ACR-017":"The 3rd party endorsement ( https://bit.ly/3xwP0zF ) is not verifiable.\n","ACR-084":"On closing the app, application doesn't exit completely. It runs silently in the background, hiding the fact that it is active from the consumer without any notification.\n","ACR-057":"Offers don't have clear way for user to accept or decline\n","ACR-055":"The accept/Decline options are not consistent for offers. \n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"C:\\Users\\User\\AppData\\Roaming\\uTorrent Web\\utweb.exe","companyName":"BitTorrent Inc.","productName":"µTorrent Web","productVersion":"1.2.6.3977","fileVersion":"1.2.6.3977","hashMD5":"f2335d97abe90f4c3e977479de2fec21","hashSHA1":"9b00c6c02956d8b12944aa9224005d2e32d1888b","hashSHA256":"dc4f5107c56ada95fb763000078924869a7e4b065f68a87db887247337887662","digitalCertThumbprint":"94B5B937366BAF324364380B0694A0D8E32A08E2","digitalCertIssuer":"Symantec Class 3 SHA256 Code Signing CA","digitalCertIssuedTo":"BitTorrent Inc","storeId":"","sourceIndex":"1782","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"utweb_installer.exe","isInstaller":"True","companyName":"BitTorrent Inc.","productName":"uTorrent Web","productVersion":"1.2.6.3977","fileVersion":"1.2.6.3977","hashMD5":"3ca60498e14993701ac05be96f769451","hashSHA1":"e66307d9783c000d77ff4078dd3dbc41f9d351cb","hashSHA256":"bf2647b0626771c65860cbe27d750b35fd22e9edaea73d19945962e1ab6ac38a","digitalCertThumbprint":"680463B23D34E23AC40F45E062C9296878995188","digitalCertIssuer":"Entrust Extended Validation Code Signing CA - EVCS1","digitalCertIssuedTo":"BitTorrent Inc.","storeId":"","sourceIndex":"1782","avBlockList":["360 Total Security (20240404)","Bitdefender Internet Security (20240404)","COMODO Antivirus (20240404)","Dr.Web Security Space (20240404)","ESET Internet Security (20240404)","G DATA INTERNET SECURITY (20240404)","K7 Total Security (20240404)","Malwarebytes Premium (20240404)","McAfee Total Protection (20240404)","Norton Security (20240404)","Panda Dome (20240404)","Quick Heal Internet Security (20240404)","Sophos Home Premium (20240404)","Tencent PC Manager (20211209)","VIPRE Advanced Security (20240404)","VirIT eXplorer PRO (20240404)","Webroot SecureAnywhere (20240404)"],"avAllowList":["Avast Premium Security (20240404)","AVG Internet Security (20240404)","Avira Internet Security (20240404)","Kaspersky Internet Security (20240404)","SpyHunter5 (20240404)","Total AV Antivirus Pro (20240404)","Trend Micro Internet Security (20240404)","Windows Defender (20240404)"]}],"additionalFiles":[],"sources":[{"howFound":"Customer report","reference":"Opera offer bundled","landingPage":"https://www.utorrent.com","directDownloadingLink":"https://www.utorrent.com/web/downloads/complete/track/stable/os/win/","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.utorrent.com/web/downloads/complete/track/stable/os/win/","sourceIndex":"1782"}],"sampleFiles":["211129/uTorrentWeb-211126/1.2.6.3977/Samples/utweb_installer.exe"],"imageFiles":["211129/uTorrentWeb-211126/1.2.6.3977/Images/ACR-084/ACR-084_Software_BackgroundProcess.JPG","211129/uTorrentWeb-211126/1.2.6.3977/Images/ACR-057/ACR-057_BundlerMadeOffers_No_Accept_Decline_Option.JPG","211129/uTorrentWeb-211126/1.2.6.3977/Images/ACR-055/ACR-055_BundlerMadeOffers_Inconsistent_Accept_Decline_Option.JPG","211129/uTorrentWeb-211126/1.2.6.3977/Images/ACR-055/ACR-055_BundlerMadeOffers_Inconsistent_Accept_Decline_Option_1.JPG","211129/uTorrentWeb-211126/1.2.6.3977/Images/ACR-017/ACR-017_InternalOffers_Logo_Unverifiable.JPG"],"nonDeceptorImageFiles":[],"guid":"2809ba07-e9d6-4ab2-8748-339512fba3b7_1.2.6.3977_1","appID":"uTorrentWeb-211126","dateAdded":"260205","deceptorType":"App","name":"u Torrent Web","company":"BitTorrent, Inc","version":"1.2.6.3977","sigName":"Deceptor:Win32/uTorrentWeb!084057055017","lastKnownStatus":"1.2.6.3977;1.2.7.4186;1.2.8.4523;1.3.0.5649;1.3.0.5665;1.3.0.5666;1.3.0.5668;1.3.0.5669;1.3.0.5670;1.3.0.5671;1.3.0.5672;1.3.0.5673;1.4.0.5714;1.4.0.5759;1.4.0.5828;1.4.0.5871;1.5.0.6335","lastKnownDate":"260205","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 10,Windows 8,Windows Server","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2026-02-05T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":18,"sortOrder":90},{"violations":{"ACR-042":"App drops hidden file/potential offer app info in hidden folder without user permission.\n","ACR-043":"The \"uTorrent Web\" components get dropped in one click without asking the user's permission and disclosing the installation path.\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software. \n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software.\n","ACR-084":"On closing the app, application doesn't exit completely. It runs silently in the background, hiding the fact that it is active from the consumer without any notification.\n","ACR-097":"App adds an exception for Windows firewall to evade the default system security guard.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components on the device without the consumer's consent. \n"},"nonDeceptorViolations":{"ACR-123":"The app does not remove the startup even after uninstall and reboot. \n"},"samples":[{"isRevoked":"False","fileName":"utweb_installer.exe","isInstaller":"True","fileVersion":"1.3","hashMD5":"7cdf06b512a522d8abc5eef31c1231b8","hashSHA1":"a4c48b7ae9a3e809e77184a60d0556945b7c0518","hashSHA256":"fb557fce26985de5641113c004e62c39bf42b2c5fcef5ed94a5244ad27362f5b","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"955","avBlockList":["COMODO Antivirus (20231116)","Dr.Web Security Space (20231116)","ESET Internet Security (20231116)","G DATA INTERNET SECURITY (20231116)","K7 Total Security (20231116)","Malwarebytes Premium (20231116)","Norton Security (20231116)","Panda Dome (20231116)","Quick Heal Internet Security (20231116)","Sophos Home Premium (20231116)","VirIT eXplorer PRO (20231116)","Webroot SecureAnywhere (20231116)"],"avAllowList":["360 Total Security (20231116)","Avast Premium Security (20231116)","AVG Internet Security (20231116)","Avira Internet Security (20231116)","Bitdefender Internet Security (20231116)","Kaspersky Internet Security (20231116)","McAfee Total Protection (20231116)","SpyHunter5 (20231116)","Total AV Antivirus Pro (20231116)","Trend Micro Internet Security (20231116)","VIPRE Advanced Security (20231116)","Windows Defender (20231116)"]},{"isRevoked":"False","fileName":"utweb.exe","companyName":"BitTorrent Inc.","fileVersion":"1.3","hashMD5":"fb2840df59b1d60b8b5caff94abc6b93","hashSHA1":"698ed16e6b8b7311873ea67ea9aebdec8551ff9e","hashSHA256":"7ff251e916d6e5953d9e206f92518ef0d99e6b19a6212d89bc37455eb9093009","digitalCertThumbprint":"09AFB68255629E565090CAC7EA49AAD67143FA93","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"955","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"Google Chrome offer bundled","landingPage":"https://www.utorrent.com","directDownloadingLink":"https://download-new.utorrent.com/endpoint/utweb/track/stable/os/win","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://download-new.utorrent.com/endpoint/utweb/track/stable/os/win","sourceIndex":"955"}],"sampleFiles":["230725/uTorrentWeb-211126/1.3.0.5670/Samples/utweb_installer.exe","230725/uTorrentWeb-211126/1.3.0.5670/Samples/utweb.exe"],"imageFiles":["230725/uTorrentWeb-211126/1.3.0.5670/Images/ACR-043/Screen Shot 2023-07-25 at 9.40.02 PM.png","230725/uTorrentWeb-211126/1.3.0.5670/Images/ACR-042/Screen Shot 2023-07-25 at 9.40.02 PM.png","230725/uTorrentWeb-211126/1.3.0.5670/Images/ACR-084/Screen Shot 2023-07-25 at 9.37.02 PM.png","230725/uTorrentWeb-211126/1.3.0.5670/Images/ACR-097/Screen Shot 2023-07-25 at 9.45.53 PM.png","230725/uTorrentWeb-211126/1.3.0.5670/Images/ACR-118/Screen Shot 2023-07-25 at 9.48.04 PM.png","230725/uTorrentWeb-211126/1.3.0.5670/Images/ACR-013/Screen Shot 2023-07-25 at 9.34.53 PM.png","230725/uTorrentWeb-211126/1.3.0.5670/Images/ACR-060/Screen Shot 2023-07-25 at 9.34.53 PM.png"],"nonDeceptorImageFiles":["230725/uTorrentWeb-211126/1.3.0.5670/Images/ACR-123/Screen Shot 2023-07-25 at 10.00.05 PM.png"],"guid":"2809ba07-e9d6-4ab2-8748-339512fba3b7_1.3.0.5670_1","appID":"uTorrentWeb-211126","dateAdded":"260205","deceptorType":"App","name":"u Torrent Web","company":"BitTorrent, Inc","version":"1.3.0.5670","lastKnownStatus":"1.2.6.3977;1.2.7.4186;1.2.8.4523;1.3.0.5649;1.3.0.5665;1.3.0.5666;1.3.0.5668;1.3.0.5669;1.3.0.5670;1.3.0.5671;1.3.0.5672;1.3.0.5673;1.4.0.5714;1.4.0.5759;1.4.0.5828;1.4.0.5871;1.5.0.6335","lastKnownDate":"260205","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 10,Windows 8,Windows Server","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2026-05-12T23:00:03.3294429+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":18,"sortOrder":82},{"violations":{"ACR-042":"The \"Adaware\" components get dropped without asking the user's permission.\n","ACR-043":"The \"utorrent\" components and \"Adaware\" components get dropped in one click without disclosing.\n","ACR-048":"The app does not provide any control to cancel the installation. Even on canceling it installs the application.\nThe app does not provide any control to close the app completely within the app's settings.\n","ACR-084":"On closing the app, application doesn't exit completely. It runs silently in the background, hiding the fact that it is active from the consumer without any notification.\n","ACR-097":"During installation the app checks for a list of AVs and acts as if it is trying to evade the security product detections.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it leaves \"Un_A.exe\" on the device without the consumer's consent.\n"},"nonDeceptorViolations":{"ACR-123":"The app didn't remove the startup even after uninstall and reboot.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Users\\User\\AppData\\Roaming\\uTorrent Web\\utweb.exe","companyName":"BitTorrent Inc.","productName":"µTorrent Web","productVersion":"1.2.8.4523","fileVersion":"1.2.8.4523","hashMD5":"752e3562d639bd738d52a0ef5bcd3c50","hashSHA1":"2c7c95f9fd4590445f719ffc384f2de72ffc087f","hashSHA256":"2cd5e28a2fdba91116fa8bb67111981cb5f352bc0c29a07184a4884ebc8b967f","digitalCertThumbprint":"94B5B937366BAF324364380B0694A0D8E32A08E2","digitalCertIssuer":"Symantec Class 3 SHA256 Code Signing CA","digitalCertIssuedTo":"BitTorrent Inc","storeId":"","sourceIndex":"1579","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Users\\User\\AppData\\Roaming\\uTorrent Web\\helper\\helper.exe","companyName":"BitTorrent Inc.","productName":"µTorrent Helper","productVersion":"2.1.4.2372","fileVersion":"2.1.4.2372","hashMD5":"0c837d99d77466bb61788fa30b4470fe","hashSHA1":"02d1d3ab0b30b77a3ecae78058a672ba1ea5076d","hashSHA256":"dbedd973360c6952a406ec765e7c766c3940a5e8c5aa9763172497bea51d1e93","digitalCertThumbprint":"94B5B937366BAF324364380B0694A0D8E32A08E2","digitalCertIssuer":"Symantec Class 3 SHA256 Code Signing CA","digitalCertIssuedTo":"BitTorrent Inc","storeId":"","sourceIndex":"1579","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"utweb_installer.exe","isInstaller":"True","companyName":"Rainberry Inc.","productName":"uTorrent Web","productVersion":"1.2.8.4523","fileVersion":"1.2.8.4523","hashMD5":"7d70eb7a3ed9209a17a4e80ca5cb0c36","hashSHA1":"61b107e84e9d17ab1a45815c8613e7c5d3176957","hashSHA256":"b4eccd0128a27d1eac5ff38aa451d7aafbbc2c46a93f929362661c4255957699","digitalCertThumbprint":"680463B23D34E23AC40F45E062C9296878995188","digitalCertIssuer":"Entrust Extended Validation Code Signing CA - EVCS1","digitalCertIssuedTo":"BitTorrent Inc.","storeId":"","sourceIndex":"1579","avBlockList":["360 Total Security (20240820)","Bitdefender Internet Security (20240820)","COMODO Antivirus (20240820)","Dr.Web Security Space (20240820)","ESET Internet Security (20240820)","G DATA INTERNET SECURITY (20240820)","K7 Total Security (20240820)","Malwarebytes Premium (20240820)","McAfee Total Protection (20240820)","Norton Security (20240820)","Panda Dome (20240820)","Quick Heal Internet Security (20240820)","Sophos Home Premium (20240820)","Trend Micro Internet Security (20240820)","VIPRE Advanced Security (20240820)","VirIT eXplorer PRO (20240820)","Webroot SecureAnywhere (20240820)","FortectPremium (20240820)"],"avAllowList":["Avast Premium Security (20240820)","AVG Internet Security (20240820)","Avira Internet Security (20240820)","Kaspersky Internet Security (20231031)","SpyHunter5 (20240820)","Total AV Antivirus Pro (20240820)","Windows Defender (20240820)","KasperskyPremium (20240820)"]}],"additionalFiles":[],"sources":[{"howFound":"Google search- utorrent","reference":"","landingPage":"https://www.utorrent.com/web/","directDownloadingLink":"https://www.utorrent.com/web/downloads/complete/track/stable/os/win/","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.utorrent.com/web/downloads/complete/track/stable/os/win/","sourceIndex":"1579"}],"sampleFiles":["220601/uTorrentWeb-211126/1.2.8.4523/Samples/utweb_installer.exe"],"imageFiles":["220601/uTorrentWeb-211126/1.2.8.4523/Images/ACR-043/ACR-043_Install.JPG","220601/uTorrentWeb-211126/1.2.8.4523/Images/ACR-043/ACR-043_Install_1.JPG","220601/uTorrentWeb-211126/1.2.8.4523/Images/ACR-042/ACR-042_Install.JPG","220601/uTorrentWeb-211126/1.2.8.4523/Images/ACR-048/ACR-048_Install.JPG","220601/uTorrentWeb-211126/1.2.8.4523/Images/ACR-084/ACR-084_Software.JPG","220601/uTorrentWeb-211126/1.2.8.4523/Images/ACR-097/ACR-097_Software.JPG","220601/uTorrentWeb-211126/1.2.8.4523/Images/ACR-097/ACR-097_Software_1.JPG","220601/uTorrentWeb-211126/1.2.8.4523/Images/ACR-048/ACR-048_Software_1.JPG","220601/uTorrentWeb-211126/1.2.8.4523/Images/ACR-048/ACR-048_Software.JPG","220601/uTorrentWeb-211126/1.2.8.4523/Images/ACR-118/ACR-118_Uninstall.JPG"],"nonDeceptorImageFiles":["220601/uTorrentWeb-211126/1.2.8.4523/Images/ACR-123/ACR-123_Uninstall.JPG"],"guid":"2809ba07-e9d6-4ab2-8748-339512fba3b7_1.2.8.4523_1","appID":"uTorrentWeb-211126","dateAdded":"260205","deceptorType":"App","name":"u Torrent Web","company":"BitTorrent, Inc","version":"1.2.8.4523","lastKnownStatus":"1.2.6.3977;1.2.7.4186;1.2.8.4523;1.3.0.5649;1.3.0.5665;1.3.0.5666;1.3.0.5668;1.3.0.5669;1.3.0.5670;1.3.0.5671;1.3.0.5672;1.3.0.5673;1.4.0.5714;1.4.0.5759;1.4.0.5828;1.4.0.5871;1.5.0.6335","lastKnownDate":"260205","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 10,Windows 8,Windows Server","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2026-02-05T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":18,"sortOrder":88},{"violations":{"ACR-043":"The \"u Torrent Web\" components get dropped in one click without asking the user's permission and disclosing the installation path.\n","ACR-048":"The app does not provide any control to cancel the installation. Even on canceling it installs the application.\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software. \n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software.\n","ACR-084":"On closing the app, application doesn't exit completely. It runs silently in the background, hiding the fact that it is active from the consumer without any notification.\n","ACR-097":"App adds an exception for Windows firewall to evade the default system security guard.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components on the device without the consumer's consent. \n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"helper.exe-dbedd973360c6952a406ec765e7c766c3940a5e8c5aa9763172497bea51d1e93","companyName":"BitTorrent Inc.","fileVersion":"2.1","hashMD5":"0c837d99d77466bb61788fa30b4470fe","hashSHA1":"02d1d3ab0b30b77a3ecae78058a672ba1ea5076d","hashSHA256":"dbedd973360c6952a406ec765e7c766c3940a5e8c5aa9763172497bea51d1e93","digitalCertThumbprint":"94B5B937366BAF324364380B0694A0D8E32A08E2","digitalCertIssuer":"CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US","digitalCertIssuedTo":"CN=BitTorrent Inc, O=BitTorrent Inc, L=San Francisco, S=California, C=US","sourceIndex":"1182","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"utweb.exe-fcdfdc2b66f5c923d9b96baff4c14bd1cda92df32acec9d872768877ee016aab","companyName":"BitTorrent Inc.","fileVersion":"1.3","hashMD5":"4de13af5287ccc91f8f640141e766f1c","hashSHA1":"4506b6540c61d2937393b40409d65c2caa4ef640","hashSHA256":"fcdfdc2b66f5c923d9b96baff4c14bd1cda92df32acec9d872768877ee016aab","digitalCertThumbprint":"8AA7548C2D041AA6E6EEEF1E0910EC8B959BEBA9","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=BitTorrent Inc, O=BitTorrent Inc, L=San Francisco, S=California, C=US","sourceIndex":"1182","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"utweb_installer.exe-91bfb22e09589199c5b4d5ec665b49d68efff21e59bf4660a3fb9a533afb8192","isInstaller":"True","fileVersion":"1.3","hashMD5":"aa28c6ab66f316f9ca24e34171fd79f9","hashSHA1":"9a85cb527dc06146474410e232c83e88c29fc6b5","hashSHA256":"91bfb22e09589199c5b4d5ec665b49d68efff21e59bf4660a3fb9a533afb8192","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"1182","avBlockList":["COMODO Antivirus (20231003)","Dr.Web Security Space (20231003)","ESET Internet Security (20231003)","G DATA INTERNET SECURITY (20231003)","K7 Total Security (20231003)","Malwarebytes Premium (20231003)","McAfee Total Protection (20231003)","Norton Security (20231003)","Panda Dome (20231003)","Sophos Home Premium (20231003)","VirIT eXplorer PRO (20231003)","Webroot SecureAnywhere (20231003)"],"avAllowList":["360 Total Security (20231003)","Avast Premium Security (20231003)","AVG Internet Security (20231003)","Avira Internet Security (20231003)","Bitdefender Internet Security (20231003)","Kaspersky Internet Security (20231003)","Quick Heal Internet Security (20231003)","SpyHunter5 (20231003)","Total AV Antivirus Pro (20231003)","Trend Micro Internet Security (20231003)","VIPRE Advanced Security (20231003)","Windows Defender (20231003)"]},{"isRevoked":"False","fileName":"utweb_installer (1).exe","isInstaller":"True","fileVersion":"1.3","hashMD5":"f4f238302d3529b21c6a8bf9ed4f5276","hashSHA1":"c192e6a15db8f12a7a70e15477a5d984f581472f","hashSHA256":"52bbb9086d5e454b3606b20aaaf380c623f700d529fb6da788ffce78432d7d07","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"1182","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"uTorrent Web","reference":"","landingPage":"https://www.utorrent.com/web/","directDownloadingLink":"https://download-new.utorrent.com/endpoint/utweb/track/stable/os/win","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://download-new.utorrent.com/endpoint/utweb/track/stable/os/win","sourceIndex":"1182"}],"sampleFiles":["230402/uTorrentWeb-211126/1.3.0.5649/Samples/helper.exe-dbedd973360c6952a406ec765e7c766c3940a5e8c5aa9763172497bea51d1e93","230402/uTorrentWeb-211126/1.3.0.5649/Samples/utweb.exe-fcdfdc2b66f5c923d9b96baff4c14bd1cda92df32acec9d872768877ee016aab","230402/uTorrentWeb-211126/1.3.0.5649/Samples/utweb_installer.exe-91bfb22e09589199c5b4d5ec665b49d68efff21e59bf4660a3fb9a533afb8192","230402/uTorrentWeb-211126/1.3.0.5649/Samples/utweb_installer (1).exe"],"imageFiles":["230402/uTorrentWeb-211126/1.3.0.5649/Images/ACR-043/ACR-043.png","230402/uTorrentWeb-211126/1.3.0.5649/Images/ACR-048/ACR-048.png","230402/uTorrentWeb-211126/1.3.0.5649/Images/ACR-084/ACR-084.png","230402/uTorrentWeb-211126/1.3.0.5649/Images/ACR-097/ACR-097.png","230402/uTorrentWeb-211126/1.3.0.5649/Images/ACR-118/ACR-118.png","230402/uTorrentWeb-211126/1.3.0.5649/Images/ACR-013/ACR-013_1.png","230402/uTorrentWeb-211126/1.3.0.5649/Images/ACR-013/ACR-013_2.png","230402/uTorrentWeb-211126/1.3.0.5649/Images/ACR-013/ACR-013_3.png","230402/uTorrentWeb-211126/1.3.0.5649/Images/ACR-013/ACR-013_4.png","230402/uTorrentWeb-211126/1.3.0.5649/Images/ACR-060/ACR-060_1.png","230402/uTorrentWeb-211126/1.3.0.5649/Images/ACR-060/ACR-060_2.png","230402/uTorrentWeb-211126/1.3.0.5649/Images/ACR-060/ACR-060_3.png","230402/uTorrentWeb-211126/1.3.0.5649/Images/ACR-060/ACR-060_4.png"],"nonDeceptorImageFiles":[],"guid":"2809ba07-e9d6-4ab2-8748-339512fba3b7_1.3.0.5649_1","appID":"uTorrentWeb-211126","dateAdded":"260205","deceptorType":"App","name":"u Torrent Web","company":"BitTorrent, Inc","version":"1.3.0.5649","lastKnownStatus":"1.2.6.3977;1.2.7.4186;1.2.8.4523;1.3.0.5649;1.3.0.5665;1.3.0.5666;1.3.0.5668;1.3.0.5669;1.3.0.5670;1.3.0.5671;1.3.0.5672;1.3.0.5673;1.4.0.5714;1.4.0.5759;1.4.0.5828;1.4.0.5871;1.5.0.6335","lastKnownDate":"260205","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 10,Windows 8,Windows Server","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2026-05-12T23:00:10.3509841+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":18,"sortOrder":87},{"violations":{"ACR-048":"The app does not provide any control to cancel the installation. Even on canceling it installs the application.\n","ACR-017":"The 3rd party endorsement ( https://bit.ly/3lVawcN ) is not verifiable.\n","ACR-084":"On closing the app, application doesn't exit completely. It runs silently in the background, hiding the fact that it is active from the consumer without any notification.\n","ACR-097":"During installation the app checks for a list of AVs and acts as if it is trying to evade the security product detections.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it leaves \"Un_A.exe\" on the device without the consumer's consent.\n","ACR-057":"Offers don't have clear way for user to accept or decline\n","ACR-055":"The accept/Decline options are not consistent for offers. \n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"C:\\Users\\User\\AppData\\Roaming\\uTorrent Web\\utweb.exe","companyName":"BitTorrent Inc.","productName":"µTorrent Web","productVersion":"1.2.7.4186","fileVersion":"1.2.7.4186","hashMD5":"c46b7ec351ff1d7151bee5d4b75a0dae","hashSHA1":"24bc16728f5d299d5a3c97466b44fb2997b2ddbe","hashSHA256":"de0fbc64b9d719210f11a2918059fc0cf6bf1f46d21e1b8d7cb53c7fc0cf68bd","digitalCertThumbprint":"94B5B937366BAF324364380B0694A0D8E32A08E2","digitalCertIssuer":"Symantec Class 3 SHA256 Code Signing CA","digitalCertIssuedTo":"BitTorrent Inc","storeId":"","sourceIndex":"1769","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"utweb_installer (1).exe","isInstaller":"True","companyName":"BitTorrent Inc.","productName":"uTorrent Web","productVersion":"1.2.7.4186","fileVersion":"1.2.7.4186","hashMD5":"0a6a273312eabf4d971fb55b52b781ae","hashSHA1":"2b887c32a8061ddccc94aee79ac2a0fb9adae783","hashSHA256":"d4e60be1204df950e20b1968e14458e3a9ccf40a7fe7b0a6d2c2b4e01d646fc6","digitalCertThumbprint":"680463B23D34E23AC40F45E062C9296878995188","digitalCertIssuer":"Entrust Extended Validation Code Signing CA - EVCS1","digitalCertIssuedTo":"BitTorrent Inc.","storeId":"","sourceIndex":"1769","avBlockList":["360 Total Security (20240423)","COMODO Antivirus (20240423)","Dr.Web Security Space (20240423)","ESET Internet Security (20240423)","G DATA INTERNET SECURITY (20240423)","K7 Total Security (20240423)","Malwarebytes Premium (20240423)","McAfee Total Protection (20240423)","Norton Security (20240423)","Panda Dome (20240423)","Quick Heal Internet Security (20240423)","Sophos Home Premium (20240423)","VirIT eXplorer PRO (20240423)","Webroot SecureAnywhere (20240423)"],"avAllowList":["Avast Premium Security (20240423)","AVG Internet Security (20240423)","Avira Internet Security (20240423)","Bitdefender Internet Security (20240423)","Kaspersky Internet Security (20240423)","SpyHunter5 (20240423)","Tencent PC Manager (20211223)","Total AV Antivirus Pro (20240423)","Trend Micro Internet Security (20240423)","VIPRE Advanced Security (20240423)","Windows Defender (20240423)"]}],"additionalFiles":[],"sources":[{"howFound":"Customer report","reference":"Opera offer bundled","landingPage":"https://www.utorrent.com","directDownloadingLink":"https://www.utorrent.com/web/downloads/complete/track/stable/os/win/","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.utorrent.com/web/downloads/complete/track/stable/os/win/","sourceIndex":"1769"}],"sampleFiles":["211210/uTorrentWeb-211126/1.2.7.4186/Samples/utweb_installer (1).exe"],"imageFiles":["211210/uTorrentWeb-211126/1.2.7.4186/Images/ACR-048/ACR-048_Software_No_Control.JPG","211210/uTorrentWeb-211126/1.2.7.4186/Images/ACR-084/ACR-084_Software_BackgroundProcess.JPG","211210/uTorrentWeb-211126/1.2.7.4186/Images/ACR-097/ACR-097_Software.JPG","211210/uTorrentWeb-211126/1.2.7.4186/Images/ACR-097/ACR-097_Software_1.JPG","211210/uTorrentWeb-211126/1.2.7.4186/Images/ACR-118/ACR-118.J_Uninstall_Retains_Component.jPG","211210/uTorrentWeb-211126/1.2.7.4186/Images/ACR-057/ACR-057_BundlerMadeOffers_No_Accept_Decline_Option.JPG","211210/uTorrentWeb-211126/1.2.7.4186/Images/ACR-057/ACR-057_BundlerMadeOffers_No_Accept_Decline_Option_3.JPG","211210/uTorrentWeb-211126/1.2.7.4186/Images/ACR-057/ACR-057_BundlerMadeOffers_No_Accept_Decline_Option_4.JPG","211210/uTorrentWeb-211126/1.2.7.4186/Images/ACR-055/ACR-055_BundlerMadeOffers_Inconsistent_Accept_Decline_Option.JPG","211210/uTorrentWeb-211126/1.2.7.4186/Images/ACR-055/ACR-055_BundlerMadeOffers_Inconsistent_Accept_Decline_Option_1.JPG","211210/uTorrentWeb-211126/1.2.7.4186/Images/ACR-055/ACR-055_BundlerMadeOffers_Inconsistent_Accept_Decline_Option_2.JPG","211210/uTorrentWeb-211126/1.2.7.4186/Images/ACR-055/ACR-055_BundlerMadeOffers_Inconsistent_Accept_Decline_Option_3.JPG","211210/uTorrentWeb-211126/1.2.7.4186/Images/ACR-055/ACR-055_BundlerMadeOffers_Inconsistent_Accept_Decline_Option_4.JPG","211210/uTorrentWeb-211126/1.2.7.4186/Images/ACR-017/ACR-017_InternalOffers_Unverifiable.JPG"],"nonDeceptorImageFiles":[],"guid":"2809ba07-e9d6-4ab2-8748-339512fba3b7_1.2.7.4186_1","appID":"uTorrentWeb-211126","dateAdded":"260205","deceptorType":"App","name":"u Torrent Web","company":"BitTorrent, Inc","version":"1.2.7.4186","sigName":"Deceptor:Win32/uTorrentWeb!048084097118057055017","lastKnownStatus":"1.2.6.3977;1.2.7.4186;1.2.8.4523;1.3.0.5649;1.3.0.5665;1.3.0.5666;1.3.0.5668;1.3.0.5669;1.3.0.5670;1.3.0.5671;1.3.0.5672;1.3.0.5673;1.4.0.5714;1.4.0.5759;1.4.0.5828;1.4.0.5871;1.5.0.6335","lastKnownDate":"260205","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 10,Windows 8,Windows Server","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2026-02-05T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":18,"sortOrder":89},{"violations":{"ACR-042":"App drops hidden file/potential offer app info in hidden folder without user permission.\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software. \n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software.\n","ACR-084":"On closing the app, application doesn't exit completely. It runs silently in the background, hiding the fact that it is active from the consumer without any notification.\n","ACR-097":"App adds an exception for Windows firewall to evade the default system security guard.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components on the device without the consumer's consent. \n"},"nonDeceptorViolations":{"ACR-123":"The app does not remove the startup even after uninstall and reboot. \n"},"samples":[{"isRevoked":"False","fileName":"utweb.exe","companyName":"BitTorrent Inc.","fileVersion":"1.3","hashMD5":"12177fdedcf10b26a743db59e2e557f2","hashSHA1":"00453d049cb864843511f700f7dc4d9db7e463ca","hashSHA256":"c0a6a00c0ebff578d676ac41aab14424b31fbe8b275da1415cb0d4e270f9851a","digitalCertThumbprint":"09AFB68255629E565090CAC7EA49AAD67143FA93","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"1001","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"utweb_installer.exe","isInstaller":"True","fileVersion":"1.3","hashMD5":"f96157e1e760a67d87881b1d6d6d212c","hashSHA1":"d55f02d9a3de815fee0b79f3b4c6dccfc6023933","hashSHA256":"cf3473f9af60276874957585cc30ba4e24c9a98dad38113953ef0682411e6f32","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"1001","avBlockList":["COMODO Antivirus (20240402)","Dr.Web Security Space (20240402)","ESET Internet Security (20240402)","G DATA INTERNET SECURITY (20240402)","K7 Total Security (20240402)","Malwarebytes Premium (20240402)","Norton Security (20240402)","Panda Dome (20240402)","Quick Heal Internet Security (20240402)","Sophos Home Premium (20240402)","VirIT eXplorer PRO (20240402)","Webroot SecureAnywhere (20240402)"],"avAllowList":["360 Total Security (20240402)","Avast Premium Security (20240402)","AVG Internet Security (20240402)","Avira Internet Security (20240402)","Bitdefender Internet Security (20240402)","Kaspersky Internet Security (20240402)","McAfee Total Protection (20240402)","SpyHunter5 (20240402)","Total AV Antivirus Pro (20240402)","Trend Micro Internet Security (20240402)","VIPRE Advanced Security (20240402)","Windows Defender (20240402)"]},{"isRevoked":"False","fileName":"utweb_installer_062923.exe","isInstaller":"True","fileVersion":"1.3","hashMD5":"7db2e513e60633e04c519d281896df65","hashSHA1":"d5085198d5acfc4b9bb19feb1e58fac449220d31","hashSHA256":"8f5128bc895da865331ed573d0a3654682b1e0e7c59465dd000d4e0bac5baf64","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"1001","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Customer report","reference":"Opera offer bundled","landingPage":"https://www.utorrent.com","directDownloadingLink":"https://www.utorrent.com/web/downloads/complete/track/stable/os/win/","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.utorrent.com/web/downloads/complete/track/stable/os/win/","sourceIndex":"1001"}],"sampleFiles":["230711/uTorrentWeb-211126/1.3.0.5666/Samples/utweb.exe","230711/uTorrentWeb-211126/1.3.0.5666/Samples/utweb_installer.exe","230711/uTorrentWeb-211126/1.3.0.5666/Samples/utweb_installer_062923.exe"],"imageFiles":["230711/uTorrentWeb-211126/1.3.0.5666/Images/ACR-042/ACR-042_UTW.png","230711/uTorrentWeb-211126/1.3.0.5666/Images/ACR-084/ACR-084.png","230711/uTorrentWeb-211126/1.3.0.5666/Images/ACR-097/ACR-097.png","230711/uTorrentWeb-211126/1.3.0.5666/Images/ACR-118/ACR-118.png","230711/uTorrentWeb-211126/1.3.0.5666/Images/ACR-013/ACR-013_060_UTW.png","230711/uTorrentWeb-211126/1.3.0.5666/Images/ACR-060/ACR-013_060_UTW.png"],"nonDeceptorImageFiles":["230711/uTorrentWeb-211126/1.3.0.5666/Images/ACR-123/ACR-123.png"],"guid":"2809ba07-e9d6-4ab2-8748-339512fba3b7_1.3.0.5666_1","appID":"uTorrentWeb-211126","dateAdded":"260205","deceptorType":"App","name":"u Torrent Web","company":"BitTorrent, Inc","version":"1.3.0.5666","lastKnownStatus":"1.2.6.3977;1.2.7.4186;1.2.8.4523;1.3.0.5649;1.3.0.5665;1.3.0.5666;1.3.0.5668;1.3.0.5669;1.3.0.5670;1.3.0.5671;1.3.0.5672;1.3.0.5673;1.4.0.5714;1.4.0.5759;1.4.0.5828;1.4.0.5871;1.5.0.6335","lastKnownDate":"260205","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 10,Windows 8,Windows Server","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2026-05-12T23:00:04.3271928+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":18,"sortOrder":85},{"violations":{"ACR-042":"App drops hidden file/potential offer app info in hidden folder without user permission.\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software. \n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software.\n","ACR-084":"On closing the app, application doesn't exit completely. It runs silently in the background, hiding the fact that it is active from the consumer without any notification.\n","ACR-097":"App adds an exception for Windows firewall to evade the default system security guard.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components on the device without the consumer's consent. \n"},"nonDeceptorViolations":{"ACR-123":"The app does not remove the startup even after uninstall and reboot. \n"},"samples":[{"isRevoked":"False","fileName":"utweb.exe","companyName":"BitTorrent Inc.","fileVersion":"1.3","hashMD5":"69b95d5acc34cddc331fff68924a99bd","hashSHA1":"59dd48b931eae86d898082f23d626218f7e6c07b","hashSHA256":"29f5156f682ed2429cc2d1441184c6d42d1f11600e915e8eb5c9008fcc8d577e","digitalCertThumbprint":"09AFB68255629E565090CAC7EA49AAD67143FA93","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"991","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"utweb_installer.exe","isInstaller":"True","fileVersion":"1.3","hashMD5":"75de69afbf38478194c29d8a7ac8de65","hashSHA1":"9c32ecbe1da8f6168026087e9a5fddc562107037","hashSHA256":"c719bca45bc7395c0a173ccced81b613c49214f3883bcb32ca32e74098e9b9da","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"991","avBlockList":["COMODO Antivirus (20230720)","Dr.Web Security Space (20230720)","ESET Internet Security (20230720)","G DATA INTERNET SECURITY (20230720)","K7 Total Security (20230720)","Malwarebytes Premium (20230720)","Norton Security (20230720)","Quick Heal Internet Security (20230720)","Sophos Home Premium (20230720)","SpyHunter5 (20230720)","VirIT eXplorer PRO (20230720)","Webroot SecureAnywhere (20230720)"],"avAllowList":["360 Total Security (20230720)","Avast Premium Security (20230720)","AVG Internet Security (20230720)","Avira Internet Security (20230720)","Bitdefender Internet Security (20230720)","Kaspersky Internet Security (20230720)","McAfee Total Protection (20230720)","Panda Dome (20230720)","Total AV Antivirus Pro (20230720)","Trend Micro Internet Security (20230720)","VIPRE Advanced Security (20230720)","Windows Defender (20230720)"]}],"additionalFiles":[],"sources":[{"howFound":"Customer report","reference":"Opera offer bundled","landingPage":"https://www.utorrent.com","directDownloadingLink":"https://www.utorrent.com/web/downloads/complete/track/stable/os/win/","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.utorrent.com/web/downloads/complete/track/stable/os/win/","sourceIndex":"991"}],"sampleFiles":["230712/uTorrentWeb-211126/1.3.0.5668/Samples/utweb.exe","230712/uTorrentWeb-211126/1.3.0.5668/Samples/utweb_installer.exe"],"imageFiles":["230712/uTorrentWeb-211126/1.3.0.5668/Images/ACR-042/uTW-ACR-042.jpg","230712/uTorrentWeb-211126/1.3.0.5668/Images/ACR-084/UTW-Process.jpg","230712/uTorrentWeb-211126/1.3.0.5668/Images/ACR-097/FirewallException.jpg","230712/uTorrentWeb-211126/1.3.0.5668/Images/ACR-118/ACR-118.jpg","230712/uTorrentWeb-211126/1.3.0.5668/Images/ACR-013/uTW-OptionalOffer.jpg","230712/uTorrentWeb-211126/1.3.0.5668/Images/ACR-060/uTW-OptionalOffer.jpg"],"nonDeceptorImageFiles":["230712/uTorrentWeb-211126/1.3.0.5668/Images/ACR-123/Startup.jpg"],"guid":"2809ba07-e9d6-4ab2-8748-339512fba3b7_1.3.0.5668_1","appID":"uTorrentWeb-211126","dateAdded":"260205","deceptorType":"App","name":"u Torrent Web","company":"BitTorrent, Inc","version":"1.3.0.5668","lastKnownStatus":"1.2.6.3977;1.2.7.4186;1.2.8.4523;1.3.0.5649;1.3.0.5665;1.3.0.5666;1.3.0.5668;1.3.0.5669;1.3.0.5670;1.3.0.5671;1.3.0.5672;1.3.0.5673;1.4.0.5714;1.4.0.5759;1.4.0.5828;1.4.0.5871;1.5.0.6335","lastKnownDate":"260205","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 10,Windows 8,Windows Server","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2026-05-12T23:00:04.230847+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":18,"sortOrder":84},{"violations":{"ACR-043":"The \"u Torrent Web\" components get dropped in one click without asking the user's permission and disclosing the installation path.\n","ACR-048":"The app does not provide any control to cancel the installation. Even on canceling it installs the application.\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software. \n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software.\n","ACR-084":"On closing the app, application doesn't exit completely. It runs silently in the background, hiding the fact that it is active from the consumer without any notification.\n","ACR-097":"App adds an exception for Windows firewall to evade the default system security guard.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components on the device without the consumer's consent. \n"},"nonDeceptorViolations":{"ACR-123":"The app does not remove the startup even after uninstall and reboot. \n"},"samples":[{"isRevoked":"False","fileName":"C:\\Users\\User\\AppData\\Roaming\\uTorrent Web\\helper\\helper.exe","companyName":"BitTorrent Inc.","productName":"µTorrent Helper","productVersion":"2.1.4.2372","fileVersion":"2.1.4.2372","hashMD5":"0c837d99d77466bb61788fa30b4470fe","hashSHA1":"02d1d3ab0b30b77a3ecae78058a672ba1ea5076d","hashSHA256":"dbedd973360c6952a406ec765e7c766c3940a5e8c5aa9763172497bea51d1e93","digitalCertThumbprint":"94B5B937366BAF324364380B0694A0D8E32A08E2","digitalCertIssuer":"Symantec Class 3 SHA256 Code Signing CA","digitalCertIssuedTo":"BitTorrent Inc","storeId":"","sourceIndex":"1131","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Users\\User\\AppData\\Roaming\\uTorrent Web\\utweb.exe","companyName":"BitTorrent Inc.","productName":"µTorrent Web","productVersion":"1.3.0.5665","fileVersion":"1.3.0.5665","hashMD5":"9d32f4b4925580a2bd98ef6ea8a096f5","hashSHA1":"2674d57eabfd11fae31029070120ec7856e8605c","hashSHA256":"f530a7b3aeb71928250e2d72807175e15099c5231ca80e7ca535b2eea23cd733","digitalCertThumbprint":"09AFB68255629E565090CAC7EA49AAD67143FA93","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Rainberry Inc","storeId":"","sourceIndex":"1131","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"utweb_installer.exe","isInstaller":"True","companyName":"                                                            ","productName":"uTorrent Web®                                               ","productVersion":"1.3                                               ","fileVersion":"1.3                 ","hashMD5":"57d8b657a4b3bd3955756de98786629d","hashSHA1":"3cb11ca9648234f27977ba57b2362688fa4117a3","hashSHA256":"f1e1233da78ada22a2a84660ef213c1162a35dc2091810cfadaf11dd38222efc","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Rainberry Inc","storeId":"","sourceIndex":"1131","avBlockList":["360 Total Security (20230518)","COMODO Antivirus (20230518)","Dr.Web Security Space (20230518)","ESET Internet Security (20230518)","G DATA INTERNET SECURITY (20230518)","K7 Total Security (20230518)","Malwarebytes Premium (20230518)","Norton Security (20230518)","Panda Dome (20230518)","Quick Heal Internet Security (20230518)","Sophos Home Premium (20230518)","VirIT eXplorer PRO (20230518)","Webroot SecureAnywhere (20230518)"],"avAllowList":["Avast Premium Security (20230518)","AVG Internet Security (20230518)","Avira Internet Security (20230518)","Bitdefender Internet Security (20230518)","Kaspersky Internet Security (20230518)","McAfee Total Protection (20230518)","SpyHunter5 (20230518)","Total AV Antivirus Pro (20230518)","Trend Micro Internet Security (20230518)","VIPRE Advanced Security (20230518)","Windows Defender (20230518)"]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on torrent app","reference":"","landingPage":"https://www.utorrent.com/web/","directDownloadingLink":"https://www.utorrent.com/web/downloads/complete/track/stable/os/win/","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.utorrent.com/web/downloads/complete/track/stable/os/win/","sourceIndex":"1131"}],"sampleFiles":["230502/uTorrentWeb-211126/1.3.0.5665/Samples/utweb_installer.exe"],"imageFiles":["230502/uTorrentWeb-211126/1.3.0.5665/Images/ACR-043/ACR-043.JPG","230502/uTorrentWeb-211126/1.3.0.5665/Images/ACR-048/ACR-048.JPG","230502/uTorrentWeb-211126/1.3.0.5665/Images/ACR-084/ACR-084.JPG","230502/uTorrentWeb-211126/1.3.0.5665/Images/ACR-097/ACR-097.JPG","230502/uTorrentWeb-211126/1.3.0.5665/Images/ACR-118/ACR-118.JPG","230502/uTorrentWeb-211126/1.3.0.5665/Images/ACR-013/ACR-013.JPG","230502/uTorrentWeb-211126/1.3.0.5665/Images/ACR-013/ACR-013_1.JPG","230502/uTorrentWeb-211126/1.3.0.5665/Images/ACR-060/ACR-060.JPG","230502/uTorrentWeb-211126/1.3.0.5665/Images/ACR-060/ACR-060_1.JPG"],"nonDeceptorImageFiles":["230502/uTorrentWeb-211126/1.3.0.5665/Images/ACR-123/ACR-123.JPG"],"guid":"2809ba07-e9d6-4ab2-8748-339512fba3b7_1.3.0.5665_1","appID":"uTorrentWeb-211126","dateAdded":"260205","deceptorType":"App","name":"u Torrent Web","company":"BitTorrent, Inc","version":"1.3.0.5665","lastKnownStatus":"1.2.6.3977;1.2.7.4186;1.2.8.4523;1.3.0.5649;1.3.0.5665;1.3.0.5666;1.3.0.5668;1.3.0.5669;1.3.0.5670;1.3.0.5671;1.3.0.5672;1.3.0.5673;1.4.0.5714;1.4.0.5759;1.4.0.5828;1.4.0.5871;1.5.0.6335","lastKnownDate":"260205","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 10,Windows 8,Windows Server","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2026-05-12T23:00:08.6627532+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":18,"sortOrder":86},{"violations":{"ACR-042":"App drops hidden file/potential offer app info in hidden folder without user permission.\n","ACR-043":"The \"Bit Torrent Web\" components get dropped in one click without asking the user's permission and disclosing the installation path.\n","ACR-048":"The app does not provide any control to cancel the installation. Even on canceling it installs the application.\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software. \n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software.\n","ACR-084":"On closing the app, application doesn't exit completely. It runs silently in the background, hiding the fact that it is active from the consumer without any notification. \n","ACR-097":"The app adds an exception for Windows firewall to evade the default system security guard.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components on the device without the consumer's consent. \n"},"nonDeceptorViolations":{"ACR-123":"The app does not remove the startup even after uninstall and reboot. \n"},"samples":[{"isRevoked":"False","fileName":"btweb.exe","companyName":"BitTorrent Inc.","fileVersion":"1.3","hashMD5":"aaae33c005dd2c7f92312585115e573c","hashSHA1":"dca42a408beaedf06a689b4987da7123debabb03","hashSHA256":"a9d5baf37cd8a94280bc11d23c2a9752187473fedda3e11cee36831839a5e460","digitalCertThumbprint":"09AFB68255629E565090CAC7EA49AAD67143FA93","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"954","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"btweb_installer.exe","isInstaller":"True","fileVersion":"1.3","hashMD5":"43d99d65d9d4b9032de43c69dae64634","hashSHA1":"b646d81cee3ff0b332b99262ce0f923af756fe6d","hashSHA256":"0dad61eb242e390be7148d733bcd32b8868ffa0437623c722562b745fe8c970c","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"954","avBlockList":["COMODO Antivirus (20231214)","Dr.Web Security Space (20231214)","ESET Internet Security (20231214)","G DATA INTERNET SECURITY (20231214)","K7 Total Security (20231214)","Malwarebytes Premium (20231214)","Norton Security (20231214)","Panda Dome (20231214)","Quick Heal Internet Security (20231214)","Sophos Home Premium (20231214)","VirIT eXplorer PRO (20231214)","Webroot SecureAnywhere (20231214)"],"avAllowList":["360 Total Security (20231214)","Avast Premium Security (20231214)","AVG Internet Security (20231214)","Avira Internet Security (20231214)","Bitdefender Internet Security (20231214)","Kaspersky Internet Security (20231214)","McAfee Total Protection (20231214)","SpyHunter5 (20231214)","Total AV Antivirus Pro (20231214)","Trend Micro Internet Security (20231214)","VIPRE Advanced Security (20231214)","Windows Defender (20231214)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt on torrent applications","reference":"","landingPage":"https://www.bittorrent.com/","directDownloadingLink":"https://www.bittorrent.com/downloads/complete/","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.bittorrent.com/downloads/complete/","sourceIndex":"954"}],"sampleFiles":["231116/bittorrentweb-211217/1.3.0.5670/Samples/btweb.exe","231116/bittorrentweb-211217/1.3.0.5670/Samples/btweb_installer.exe"],"imageFiles":["231116/bittorrentweb-211217/1.3.0.5670/Images/ACR-043/ACR-043.jpg","231116/bittorrentweb-211217/1.3.0.5670/Images/ACR-042/ACR-043_042.jpg","231116/bittorrentweb-211217/1.3.0.5670/Images/ACR-048/ACR-048.jpg","231116/bittorrentweb-211217/1.3.0.5670/Images/ACR-084/ACR-084.jpg","231116/bittorrentweb-211217/1.3.0.5670/Images/ACR-097/FirewallException.jpg","231116/bittorrentweb-211217/1.3.0.5670/Images/ACR-118/ACR-118.jpg","231116/bittorrentweb-211217/1.3.0.5670/Images/ACR-013/OptionalOffer.jpg","231116/bittorrentweb-211217/1.3.0.5670/Images/ACR-060/OptionalOffer.jpg"],"nonDeceptorImageFiles":["231116/bittorrentweb-211217/1.3.0.5670/Images/ACR-123/ACR-123.jpg"],"guid":"816175c9-984e-4c84-a8a4-98c0bd8788dd_1.3.0.5670_1","appID":"bittorrentweb-211217","dateAdded":"260204","deceptorType":"App","name":"Bit Torrent Web","company":"BitTorrent Inc.","version":"1.3.0.5670","lastKnownStatus":"1.2.7.4186;1.2.8.4523;1.2.9.4938;1.2.10.5208;1.3.0.5655;1.3.0.5665;1.3.0.5666;1.3.0.5669;1.3.0.5670;1.3.0.5671;1.3.0.5672;1.4.0.5714;1.4.0.5759;1.4.0.5768;1.4.0.5822;1.4.0.5825;1.4.0.5828;1.4.0.5871;1.5.0.6335","lastKnownDate":"260204","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2026-05-12T23:00:03.2926089+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":19,"sortOrder":122},{"violations":{"ACR-048":"The app does not provide any control to cancel the installation. Even on canceling it installs the application.\n","ACR-084":"On closing the app, application doesn't exit completely. It runs silently in the background, hiding the fact that it is active from the consumer without any notification.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it leaves \"Un_A.exe\" on the device without the consumer's consent.\n","ACR-057":"Offers don't have clear way for user to accept or decline.\n","ACR-055":"The accept/Decline options are not consistent for offers.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"C:\\Users\\User\\AppData\\Roaming\\BitTorrent Web\\btweb.exe","companyName":"BitTorrent Inc.","productName":"BitTorrent Web","productVersion":"1.2.7.4186","fileVersion":"1.2.7.4186","hashMD5":"c728d6c88e7134ea0edd361a1bd88da6","hashSHA1":"59b1f6858c7799ae591001ef3f44ffc9b460d82d","hashSHA256":"a85b9c15c0e76ea00d0a3906dc69c2d37bc8ee8fbd96c19f221f69698a5ef3f2","digitalCertThumbprint":"94B5B937366BAF324364380B0694A0D8E32A08E2","digitalCertIssuer":"Symantec Class 3 SHA256 Code Signing CA","digitalCertIssuedTo":"BitTorrent Inc","storeId":"","sourceIndex":"1652","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"btweb_installer.exe","isInstaller":"True","companyName":"BitTorrent Inc.","productName":"BitTorrent Web","productVersion":"1.2.7.4186","fileVersion":"1.2.7.4186","hashMD5":"76edfebeb9288fd77d32e0db0ad2f666","hashSHA1":"a3c9c6f1e0a9cc532737f91d35f8e48a615a131a","hashSHA256":"94469fec615b685aab656ef8e11f863226577342b3242d9d69d094ecf9667798","digitalCertThumbprint":"680463B23D34E23AC40F45E062C9296878995188","digitalCertIssuer":"Entrust Extended Validation Code Signing CA - EVCS1","digitalCertIssuedTo":"BitTorrent Inc.","storeId":"","sourceIndex":"1652","avBlockList":["COMODO Antivirus (20240718)","Dr.Web Security Space (20240718)","ESET Internet Security (20240718)","G DATA INTERNET SECURITY (20240718)","K7 Total Security (20240718)","Malwarebytes Premium (20240718)","McAfee Total Protection (20240718)","Norton Security (20240718)","Panda Dome (20240718)","Quick Heal Internet Security (20240718)","Sophos Home Premium (20240718)","Trend Micro Internet Security (20240718)","VirIT eXplorer PRO (20240718)","Webroot SecureAnywhere (20240718)","FortectPremium (20240718)"],"avAllowList":["360 Total Security (20240718)","Avast Premium Security (20240718)","AVG Internet Security (20240718)","Avira Internet Security (20240718)","Bitdefender Internet Security (20240718)","Kaspersky Internet Security (20240718)","SpyHunter5 (20240718)","Tencent PC Manager (20220419)","Total AV Antivirus Pro (20240718)","VIPRE Advanced Security (20240718)","Windows Defender (20240718)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt on torrent applications","reference":"","landingPage":"https://www.bittorrent.com/","directDownloadingLink":"https://www.bittorrent.com/downloads/complete/","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.bittorrent.com/downloads/complete/","sourceIndex":"1652"}],"sampleFiles":["220407/bittorrentweb-211217/1.2.7.4186/Samples/btweb_installer.exe"],"imageFiles":["220407/bittorrentweb-211217/1.2.7.4186/Images/ACR-048/ACR-048_Software_No_Control.JPG","220407/bittorrentweb-211217/1.2.7.4186/Images/ACR-084/ACR-084_Software_BackgroundProcess.JPG","220407/bittorrentweb-211217/1.2.7.4186/Images/ACR-118/ACR-118_Uninstall_Retains_Component.JPG","220407/bittorrentweb-211217/1.2.7.4186/Images/ACR-057/ACR-057_Bundler-MadeOffers_No_Accept_Decline_Option.JPG","220407/bittorrentweb-211217/1.2.7.4186/Images/ACR-057/ACR-057_Bundler-MadeOffers_No_Accept_Decline_Option_1.JPG","220407/bittorrentweb-211217/1.2.7.4186/Images/ACR-057/ACR-057_Bundler-MadeOffers_No_Accept_Decline_Option_2.JPG","220407/bittorrentweb-211217/1.2.7.4186/Images/ACR-055/ACR-055_Bundler-MadeOffers_Inconsistent_Accept_Decline_Option.JPG","220407/bittorrentweb-211217/1.2.7.4186/Images/ACR-055/ACR-055_Bundler-MadeOffers_Inconsistent_Accept_Decline_Option_1.JPG","220407/bittorrentweb-211217/1.2.7.4186/Images/ACR-055/ACR-055_Bundler-MadeOffers_Inconsistent_Accept_Decline_Option_2.JPG","220407/bittorrentweb-211217/1.2.7.4186/Images/ACR-055/ACR-055_Bundler-MadeOffers_Inconsistent_Accept_Decline_Option_3.JPG"],"nonDeceptorImageFiles":[],"guid":"816175c9-984e-4c84-a8a4-98c0bd8788dd_1.2.7.4186_1","appID":"bittorrentweb-211217","dateAdded":"260204","deceptorType":"App","name":"Bit Torrent Web","company":"BitTorrent Inc.","version":"1.2.7.4186","sigName":"","lastKnownStatus":"1.2.7.4186;1.2.8.4523;1.2.9.4938;1.2.10.5208;1.3.0.5655;1.3.0.5665;1.3.0.5666;1.3.0.5669;1.3.0.5670;1.3.0.5671;1.3.0.5672;1.4.0.5714;1.4.0.5759;1.4.0.5768;1.4.0.5822;1.4.0.5825;1.4.0.5828;1.4.0.5871;1.5.0.6335","lastKnownDate":"260204","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2026-02-04T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":19,"sortOrder":130},{"violations":{"ACR-042":"The \"Adaware\" components get dropped without asking the user's permission and disclosing the installation path. \n","ACR-043":"The \"Bittorrent\" components and \"Adaware\" components get dropped in one click without asking the user's permission and disclosing the installation path.\n","ACR-048":"The app does not provide any control to cancel the installation. Even on canceling it installs the application.\nThe app does not provide any control to close the app completely within the app's settings.\n","ACR-084":"On closing the app, application doesn't exit completely. It runs silently in the background, hiding the fact that it is active from the consumer without any notification.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it leaves \"Un_A.exe\" on the device without the consumer's consent.\n","ACR-057":"Offers don't have clear way for user to accept or decline.\n","ACR-055":"The accept/Decline options are not consistent for offers.\n","ACR-059":"The recommended by \"who\" is not clear in the Offer. \n"},"nonDeceptorViolations":{"ACR-123":"The app didn't remove the startup even after uninstall and reboot.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Users\\User\\AppData\\Roaming\\BitTorrent Web\\btweb.exe","companyName":"BitTorrent Inc.","productName":"BitTorrent Web","productVersion":"1.2.8.4523","fileVersion":"1.2.8.4523","hashMD5":"4bc77314827bbdc170d32df3f84798b2","hashSHA1":"caa7e57f72aed88a8a06b762fb18f7221ac5d164","hashSHA256":"f962bfdea47e3b59a29114f438720af270ad311f913aa35b617325c3d9b7c7d3","digitalCertThumbprint":"94B5B937366BAF324364380B0694A0D8E32A08E2","digitalCertIssuer":"Symantec Class 3 SHA256 Code Signing CA","digitalCertIssuedTo":"BitTorrent Inc","storeId":"","sourceIndex":"1651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Users\\User\\AppData\\Roaming\\BitTorrent Web\\helper\\helper.exe","companyName":"BitTorrent Inc.","productName":"µTorrent Helper","productVersion":"2.1.3.1957","fileVersion":"2.1.3.1957","hashMD5":"b13c3cbf6ac3fee83ea38fa1164376ba","hashSHA1":"440956cf95926e7d7cb2dba57a5de4bba87ed06c","hashSHA256":"9baee772391167e729cbf149a29a4eed8f1c99b74034361ca95df54b1308893a","digitalCertThumbprint":"94B5B937366BAF324364380B0694A0D8E32A08E2","digitalCertIssuer":"Symantec Class 3 SHA256 Code Signing CA","digitalCertIssuedTo":"BitTorrent Inc","storeId":"","sourceIndex":"1651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"btweb_installer.exe","isInstaller":"True","companyName":"Rainberry Inc.","productName":"BitTorrent Web","productVersion":"1.2.8.4523","fileVersion":"1.2.8.4523","hashMD5":"3f6674e771e367449914996b1b119d96","hashSHA1":"fae1f2a9a80b0eea4602fbc2b2338978f0153b6e","hashSHA256":"b0d12dab25c59ae9482e75e70989c2557727d769efdcbc0cdbdae165b102b48e","digitalCertThumbprint":"680463B23D34E23AC40F45E062C9296878995188","digitalCertIssuer":"Entrust Extended Validation Code Signing CA - EVCS1","digitalCertIssuedTo":"BitTorrent Inc.","storeId":"","sourceIndex":"1651","avBlockList":["Avira Internet Security (20220428)","COMODO Antivirus (20220428)","Dr.Web Security Space (20220428)","ESET Internet Security (20220428)","G DATA INTERNET SECURITY (20220428)","K7 Total Security (20220428)","Malwarebytes Premium (20220428)","McAfee Total Protection (20220428)","Norton Security (20220428)","Panda Dome (20220428)","Quick Heal Internet Security (20220428)","Sophos Home Premium (20220428)","SpyHunter5 (20220428)","Total AV Antivirus Pro (20220428)","VirIT eXplorer PRO (20220428)","Webroot SecureAnywhere (20220428)"],"avAllowList":["360 Total Security (20220428)","Avast Premium Security (20220428)","AVG Internet Security (20220428)","Bitdefender Internet Security (20220428)","Kaspersky Internet Security (20220428)","Tencent PC Manager (20220428)","Trend Micro Internet Security (20220428)","VIPRE Advanced Security (20220428)","Windows Defender (20220428)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt on torrent applications","reference":"","landingPage":"https://www.bittorrent.com/products/win/bittorrent-web-free/","directDownloadingLink":"https://www.bittorrent.com/downloads/complete/","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.bittorrent.com/downloads/complete/","sourceIndex":"1651"}],"sampleFiles":["220407/bittorrentweb-211217/1.2.8.4523/Samples/btweb_installer.exe"],"imageFiles":["220407/bittorrentweb-211217/1.2.8.4523/Images/ACR-043/ACR-043_Install.JPG","220407/bittorrentweb-211217/1.2.8.4523/Images/ACR-043/ACR-043_Install_1.JPG","220407/bittorrentweb-211217/1.2.8.4523/Images/ACR-042/ACR-042_Install.JPG","220407/bittorrentweb-211217/1.2.8.4523/Images/ACR-048/ACR-048_Install_No_Control.JPG","220407/bittorrentweb-211217/1.2.8.4523/Images/ACR-084/ACR-084_Software_Process.JPG","220407/bittorrentweb-211217/1.2.8.4523/Images/ACR-048/ACR-048_Software_No_Control.JPG","220407/bittorrentweb-211217/1.2.8.4523/Images/ACR-048/ACR-048_Software_No_Control_1.JPG","220407/bittorrentweb-211217/1.2.8.4523/Images/ACR-118/ACR-118_Uninstall.JPG","220407/bittorrentweb-211217/1.2.8.4523/Images/ACR-057/ACR-057_Bundler-madeOffers_No_Accept_Decline_Option.JPG","220407/bittorrentweb-211217/1.2.8.4523/Images/ACR-059/ACR-059_Bundler-madeOffers_Recommended.JPG","220407/bittorrentweb-211217/1.2.8.4523/Images/ACR-055/ACR-055_Bundler-madeOffers_Inconsistent_Accept_Decline_Option.JPG","220407/bittorrentweb-211217/1.2.8.4523/Images/ACR-055/ACR-055_Bundler-madeOffers_Inconsistent_Accept_Decline_Option_1.JPG"],"nonDeceptorImageFiles":["220407/bittorrentweb-211217/1.2.8.4523/Images/ACR-123/ACR-123_Uninstall.JPG"],"guid":"816175c9-984e-4c84-a8a4-98c0bd8788dd_1.2.8.4523_1","appID":"bittorrentweb-211217","dateAdded":"260204","deceptorType":"App","name":"Bit Torrent Web","company":"BitTorrent Inc.","version":"1.2.8.4523","sigName":"Deceptor:Win32/BitTorrentWeb!048084118057055","lastKnownStatus":"1.2.7.4186;1.2.8.4523;1.2.9.4938;1.2.10.5208;1.3.0.5655;1.3.0.5665;1.3.0.5666;1.3.0.5669;1.3.0.5670;1.3.0.5671;1.3.0.5672;1.4.0.5714;1.4.0.5759;1.4.0.5768;1.4.0.5822;1.4.0.5825;1.4.0.5828;1.4.0.5871;1.5.0.6335","lastKnownDate":"260204","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2026-02-04T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":19,"sortOrder":129},{"violations":{"ACR-043":"The \"Bittorrent\" components get dropped in one click without asking the user's permission and disclosing the installation path.\n","ACR-048":"The app does not provide any control to cancel the installation. Even on canceling it installs the application.\nThe app does not provide any control to close the app completely within the app's settings.\n","ACR-084":"On closing the app, application doesn't exit completely. It runs silently in the background, hiding the fact that it is active from the consumer without any notification.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it leaves some of its components on the device without the consumer's consent.\n","ACR-057":"Offers don't have clear way for user to accept or decline.\n","ACR-055":"The accept/Decline options are not consistent for offers.\n"},"nonDeceptorViolations":{"ACR-123":"The app didn't remove the startup even after uninstall and reboot.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Users\\User\\AppData\\Roaming\\BitTorrent Web\\btweb.exe","companyName":"BitTorrent Inc.","productName":"BitTorrent Web","productVersion":"1.2.10.5208","fileVersion":"1.2.10.5208","hashMD5":"42f6c5e24e07c7b168bed22ee61ebabb","hashSHA1":"f4626ab39ea2922e0baeac766f46a2cc95dadb29","hashSHA256":"1b29cb9e05bfc9aa479990c264205e77214af71f9ece20a58375b4a3570ca34d","digitalCertThumbprint":"94B5B937366BAF324364380B0694A0D8E32A08E2","digitalCertIssuer":"Symantec Class 3 SHA256 Code Signing CA","digitalCertIssuedTo":"BitTorrent Inc","storeId":"","sourceIndex":"1342","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Users\\User\\AppData\\Roaming\\BitTorrent Web\\helper\\helper.exe","companyName":"BitTorrent Inc.","productName":"µTorrent Helper","productVersion":"2.1.4.2372","fileVersion":"2.1.4.2372","hashMD5":"0c837d99d77466bb61788fa30b4470fe","hashSHA1":"02d1d3ab0b30b77a3ecae78058a672ba1ea5076d","hashSHA256":"dbedd973360c6952a406ec765e7c766c3940a5e8c5aa9763172497bea51d1e93","digitalCertThumbprint":"94B5B937366BAF324364380B0694A0D8E32A08E2","digitalCertIssuer":"Symantec Class 3 SHA256 Code Signing CA","digitalCertIssuedTo":"BitTorrent Inc","storeId":"","sourceIndex":"1342","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"btweb_installer.exe","isInstaller":"True","companyName":"Rainberry Inc.","productName":"BitTorrent Web","productVersion":"1.2.10.5208","fileVersion":"1.2.10.5208","hashMD5":"970311e865d24e8924600241fcbcaa91","hashSHA1":"eb0d578d02d597ceb79242059562b13069e6dca4","hashSHA256":"17a9c5749842d3ed9400a84bf76927fa8b73626f64c46f3fecf84a42f6e3378a","digitalCertThumbprint":"6210E153E85031347F0884CBC539E100D920A5B5","digitalCertIssuer":"Entrust Extended Validation Code Signing CA - EVCS2","digitalCertIssuedTo":"Rainberry Inc.","storeId":"","sourceIndex":"1342","avBlockList":["COMODO Antivirus (20231207)","Dr.Web Security Space (20231207)","ESET Internet Security (20231207)","K7 Total Security (20231207)","Malwarebytes Premium (20231207)","McAfee Total Protection (20231207)","Norton Security (20231207)","Panda Dome (20231207)","Quick Heal Internet Security (20231207)","Sophos Home Premium (20231207)","VirIT eXplorer PRO (20231207)","Webroot SecureAnywhere (20231207)"],"avAllowList":["360 Total Security (20231207)","Avast Premium Security (20231207)","AVG Internet Security (20231207)","Avira Internet Security (20231207)","Bitdefender Internet Security (20231207)","G DATA INTERNET SECURITY (20231207)","Kaspersky Internet Security (20231207)","SpyHunter5 (20231207)","Total AV Antivirus Pro (20231207)","Trend Micro Internet Security (20231207)","VIPRE Advanced Security (20231207)","Windows Defender (20231207)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt on torrent applications","reference":"","landingPage":"https://www.bittorrent.com/","directDownloadingLink":"https://www.bittorrent.com/downloads/complete/","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.bittorrent.com/downloads/complete/","sourceIndex":"1342"}],"sampleFiles":["221025/bittorrentweb-211217/1.2.10.5208/Samples/btweb_installer.exe"],"imageFiles":["221025/bittorrentweb-211217/1.2.10.5208/Images/ACR-043/ACR-043_Install.JPG","221025/bittorrentweb-211217/1.2.10.5208/Images/ACR-048/ACR-048_Install.JPG","221025/bittorrentweb-211217/1.2.10.5208/Images/ACR-084/ACR-084_Software.JPG","221025/bittorrentweb-211217/1.2.10.5208/Images/ACR-048/ACR-048_Software.JPG","221025/bittorrentweb-211217/1.2.10.5208/Images/ACR-048/ACR-048_Software_1.JPG","221025/bittorrentweb-211217/1.2.10.5208/Images/ACR-118/ACR-118_Uninstall.JPG","221025/bittorrentweb-211217/1.2.10.5208/Images/ACR-118/ACR-118_Uninstall_1.JPG","221025/bittorrentweb-211217/1.2.10.5208/Images/ACR-057/BitTorrentWeb_Offer2.JPG","221025/bittorrentweb-211217/1.2.10.5208/Images/ACR-055/ACR-055_Bundler-madeOffers_Inconsistent_Accept_Decline_Option.JPG","221025/bittorrentweb-211217/1.2.10.5208/Images/ACR-055/BitTorrentWeb_Offer2.JPG"],"nonDeceptorImageFiles":["221025/bittorrentweb-211217/1.2.10.5208/Images/ACR-123/ACR-123_Uninstall.JPG"],"guid":"816175c9-984e-4c84-a8a4-98c0bd8788dd_1.2.10.5208_1","appID":"bittorrentweb-211217","dateAdded":"260204","deceptorType":"App","name":"Bit Torrent Web","company":"BitTorrent Inc.","version":"1.2.10.5208","lastKnownStatus":"1.2.7.4186;1.2.8.4523;1.2.9.4938;1.2.10.5208;1.3.0.5655;1.3.0.5665;1.3.0.5666;1.3.0.5669;1.3.0.5670;1.3.0.5671;1.3.0.5672;1.4.0.5714;1.4.0.5759;1.4.0.5768;1.4.0.5822;1.4.0.5825;1.4.0.5828;1.4.0.5871;1.5.0.6335","lastKnownDate":"260204","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2026-02-04T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":19,"sortOrder":128},{"violations":{"ACR-043":"The \"Bittorrent\" components get dropped in one click without asking the user's permission and disclosing the installation path.\n","ACR-048":"The app does not provide any control to cancel the installation. Even on canceling it installs the application.\nThe app does not provide any control to close the app completely within the app's settings.\n","ACR-084":"On closing the app, application doesn't exit completely. It runs silently in the background, hiding the fact that it is active from the consumer without any notification.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it leaves \"Un_A.exe\" on the device without the consumer's consent.\n","ACR-057":"Offers don't have clear way for user to accept or decline.\n","ACR-055":"The accept/Decline options are not consistent for offers.\n"},"nonDeceptorViolations":{"ACR-123":"The app didn't remove the startup even after uninstall and reboot.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Users\\User\\AppData\\Roaming\\BitTorrent Web\\btweb.exe","companyName":"BitTorrent Inc.","productName":"BitTorrent Web","productVersion":"1.2.9.4938","fileVersion":"1.2.9.4938","hashMD5":"d8cf7dd66348d1de4b4b1b8cf1aa0f05","hashSHA1":"d5340b82cbfc4a867b3af177ef5a31dc82e8a9d6","hashSHA256":"38c61a12937d55ceec25d5b783dc563f80bca91cb8e834987a9e9fbb0237a9b4","digitalCertThumbprint":"94B5B937366BAF324364380B0694A0D8E32A08E2","digitalCertIssuer":"Symantec Class 3 SHA256 Code Signing CA","digitalCertIssuedTo":"BitTorrent Inc","storeId":"","sourceIndex":"1341","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Users\\User\\AppData\\Roaming\\BitTorrent Web\\helper\\helper.exe","companyName":"BitTorrent Inc.","productName":"µTorrent Helper","productVersion":"2.1.4.2372","fileVersion":"2.1.4.2372","hashMD5":"0c837d99d77466bb61788fa30b4470fe","hashSHA1":"02d1d3ab0b30b77a3ecae78058a672ba1ea5076d","hashSHA256":"dbedd973360c6952a406ec765e7c766c3940a5e8c5aa9763172497bea51d1e93","digitalCertThumbprint":"94B5B937366BAF324364380B0694A0D8E32A08E2","digitalCertIssuer":"Symantec Class 3 SHA256 Code Signing CA","digitalCertIssuedTo":"BitTorrent Inc","storeId":"","sourceIndex":"1341","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"btweb_installer.exe","isInstaller":"True","companyName":"Rainberry Inc.","productName":"BitTorrent Web","productVersion":"1.2.9.4938","fileVersion":"1.2.9.4938","hashMD5":"ced1ba6631f34b8ee9e18b1e6fe4f154","hashSHA1":"f5c750f7358a58612b528e2d048070e37fe758a3","hashSHA256":"bc21622960cada3b8660a44e3e58336d6db97294546d10fad094ffb13605cc17","digitalCertThumbprint":"6210E153E85031347F0884CBC539E100D920A5B5","digitalCertIssuer":"Entrust Extended Validation Code Signing CA - EVCS2","digitalCertIssuedTo":"Rainberry Inc.","storeId":"","sourceIndex":"1341","avBlockList":["Bitdefender Internet Security (20231003)","COMODO Antivirus (20231003)","Dr.Web Security Space (20231003)","ESET Internet Security (20231003)","G DATA INTERNET SECURITY (20231003)","K7 Total Security (20231003)","Malwarebytes Premium (20231003)","McAfee Total Protection (20231003)","Norton Security (20231003)","Panda Dome (20231003)","Quick Heal Internet Security (20231003)","Sophos Home Premium (20231003)","VIPRE Advanced Security (20231003)","VirIT eXplorer PRO (20231003)","Webroot SecureAnywhere (20231003)"],"avAllowList":["360 Total Security (20231003)","Avast Premium Security (20231003)","AVG Internet Security (20231003)","Avira Internet Security (20231003)","Kaspersky Internet Security (20231003)","SpyHunter5 (20231003)","Total AV Antivirus Pro (20231003)","Trend Micro Internet Security (20231003)","Windows Defender (20231003)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt on torrent applications","reference":"","landingPage":"https://www.bittorrent.com/","directDownloadingLink":"https://www.bittorrent.com/downloads/complete/","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.bittorrent.com/downloads/complete/","sourceIndex":"1341"}],"sampleFiles":["221025/bittorrentweb-211217/1.2.9.4938/Samples/btweb_installer.exe"],"imageFiles":["221025/bittorrentweb-211217/1.2.9.4938/Images/ACR-043/ACR-043.JPG","221025/bittorrentweb-211217/1.2.9.4938/Images/ACR-048/ACR-048.JPG","221025/bittorrentweb-211217/1.2.9.4938/Images/ACR-084/ACR-084_Software.JPG","221025/bittorrentweb-211217/1.2.9.4938/Images/ACR-048/ACR-048_Software.JPG","221025/bittorrentweb-211217/1.2.9.4938/Images/ACR-048/ACR-048_Software_1.JPG","221025/bittorrentweb-211217/1.2.9.4938/Images/ACR-118/ACR-118.JPG","221025/bittorrentweb-211217/1.2.9.4938/Images/ACR-057/BitTorrentWeb_Offer2.JPG","221025/bittorrentweb-211217/1.2.9.4938/Images/ACR-055/ACR-055_Bundler-madeOffers_Inconsistent_Accept_Decline_Option.JPG","221025/bittorrentweb-211217/1.2.9.4938/Images/ACR-055/BitTorrentWeb_Offer2.JPG"],"nonDeceptorImageFiles":["221025/bittorrentweb-211217/1.2.9.4938/Images/ACR-123/ACR-123.JPG"],"guid":"816175c9-984e-4c84-a8a4-98c0bd8788dd_1.2.9.4938_1","appID":"bittorrentweb-211217","dateAdded":"260204","deceptorType":"App","name":"Bit Torrent Web","company":"BitTorrent Inc.","version":"1.2.9.4938","lastKnownStatus":"1.2.7.4186;1.2.8.4523;1.2.9.4938;1.2.10.5208;1.3.0.5655;1.3.0.5665;1.3.0.5666;1.3.0.5669;1.3.0.5670;1.3.0.5671;1.3.0.5672;1.4.0.5714;1.4.0.5759;1.4.0.5768;1.4.0.5822;1.4.0.5825;1.4.0.5828;1.4.0.5871;1.5.0.6335","lastKnownDate":"260204","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2026-02-04T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":19,"sortOrder":127},{"violations":{"ACR-043":"The \"Bit Torrent Web\" components get dropped in one click without asking the user's permission and disclosing the installation path.\n","ACR-048":"The app does not provide any control to cancel the installation. Even on canceling it installs the application.\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software. \n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software.\n","ACR-084":"On closing the app, application doesn't exit completely. It runs silently in the background, hiding the fact that it is active from the consumer without any notification. \n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components on the device without the consumer's consent. \n"},"nonDeceptorViolations":{"ACR-123":"The app does not remove the startup even after uninstall and reboot. \n"},"samples":[{"isRevoked":"False","fileName":"C:\\Users\\User\\AppData\\Roaming\\BitTorrent Web\\btweb.exe","companyName":"BitTorrent Inc.","productName":"BitTorrent Web","productVersion":"1.3.0.5665","fileVersion":"1.3.0.5665","hashMD5":"9625f8f65243e19ace1f9c9eedb8d916","hashSHA1":"f862f2e65421584b9b3316ba313e80b002f16092","hashSHA256":"1d4d7f93e77f1ad1b04859d1eb96ff72091cdd524250efd5a81abff26f73fa8a","digitalCertThumbprint":"09AFB68255629E565090CAC7EA49AAD67143FA93","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Rainberry Inc","storeId":"","sourceIndex":"1130","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Users\\User\\AppData\\Roaming\\BitTorrent Web\\helper\\helper.exe","companyName":"BitTorrent Inc.","productName":"µTorrent Helper","productVersion":"2.1.4.2372","fileVersion":"2.1.4.2372","hashMD5":"0c837d99d77466bb61788fa30b4470fe","hashSHA1":"02d1d3ab0b30b77a3ecae78058a672ba1ea5076d","hashSHA256":"dbedd973360c6952a406ec765e7c766c3940a5e8c5aa9763172497bea51d1e93","digitalCertThumbprint":"94B5B937366BAF324364380B0694A0D8E32A08E2","digitalCertIssuer":"Symantec Class 3 SHA256 Code Signing CA","digitalCertIssuedTo":"BitTorrent Inc","storeId":"","sourceIndex":"1130","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"btweb_installer.exe","isInstaller":"True","companyName":"                                                            ","productName":"BitTorrent Web®                                             ","productVersion":"1.3                                               ","fileVersion":"1.3                 ","hashMD5":"27c85792a8de13cce96f40bd17531282","hashSHA1":"d91f519ed5fb39d0e4857c941678fae1111276fd","hashSHA256":"d8c1a188c4ce8b931f159e0d5fcf5797b3ccc11b197f08b1a4017b40a4cd1ec7","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Rainberry Inc","storeId":"","sourceIndex":"1130","avBlockList":["360 Total Security (20230831)","COMODO Antivirus (20230831)","Dr.Web Security Space (20230831)","ESET Internet Security (20230831)","G DATA INTERNET SECURITY (20230831)","K7 Total Security (20230831)","Malwarebytes Premium (20230831)","Norton Security (20230831)","Panda Dome (20230831)","Quick Heal Internet Security (20230831)","Sophos Home Premium (20230831)","VirIT eXplorer PRO (20230831)","Webroot SecureAnywhere (20230831)"],"avAllowList":["Avast Premium Security (20230831)","AVG Internet Security (20230831)","Avira Internet Security (20230831)","Bitdefender Internet Security (20230831)","Kaspersky Internet Security (20230831)","McAfee Total Protection (20230831)","SpyHunter5 (20230831)","Total AV Antivirus Pro (20230831)","Trend Micro Internet Security (20230831)","VIPRE Advanced Security (20230831)","Windows Defender (20230831)"]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on torrent app","reference":"","landingPage":"https://www.bittorrent.com/products/win/bittorrent-web-free","directDownloadingLink":"https://www.bittorrent.com/downloads/complete","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.bittorrent.com/downloads/complete","sourceIndex":"1130"}],"sampleFiles":["230503/bittorrentweb-211217/1.3.0.5665/Samples/btweb_installer.exe"],"imageFiles":["230503/bittorrentweb-211217/1.3.0.5665/Images/ACR-043/ACR-043.JPG","230503/bittorrentweb-211217/1.3.0.5665/Images/ACR-048/ACR-048.JPG","230503/bittorrentweb-211217/1.3.0.5665/Images/ACR-084/ACR-084.JPG","230503/bittorrentweb-211217/1.3.0.5665/Images/ACR-118/ACR-118.JPG","230503/bittorrentweb-211217/1.3.0.5665/Images/ACR-013/ACR-013.JPG","230503/bittorrentweb-211217/1.3.0.5665/Images/ACR-013/ACR-013_1.JPG","230503/bittorrentweb-211217/1.3.0.5665/Images/ACR-060/ACR-060.JPG","230503/bittorrentweb-211217/1.3.0.5665/Images/ACR-060/ACR-060_1.JPG"],"nonDeceptorImageFiles":["230503/bittorrentweb-211217/1.3.0.5665/Images/ACR-123/ACR-123.JPG"],"guid":"816175c9-984e-4c84-a8a4-98c0bd8788dd_1.3.0.5665_1","appID":"bittorrentweb-211217","dateAdded":"260204","deceptorType":"App","name":"Bit Torrent Web","company":"BitTorrent Inc.","version":"1.3.0.5665","lastKnownStatus":"1.2.7.4186;1.2.8.4523;1.2.9.4938;1.2.10.5208;1.3.0.5655;1.3.0.5665;1.3.0.5666;1.3.0.5669;1.3.0.5670;1.3.0.5671;1.3.0.5672;1.4.0.5714;1.4.0.5759;1.4.0.5768;1.4.0.5822;1.4.0.5825;1.4.0.5828;1.4.0.5871;1.5.0.6335","lastKnownDate":"260204","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2026-05-12T23:00:08.6174337+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":19,"sortOrder":125},{"violations":{"ACR-042":"App drops hidden file/potential offer app info in hidden folder without user permission.\n","ACR-043":"The \"Bit Torrent Web\" components get dropped in one click without asking the user's permission and disclosing the installation path.\n","ACR-048":"The app does not provide any control to cancel the installation. Even on canceling it installs the application.\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software. \n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software.\n","ACR-084":"On closing the app, application doesn't exit completely. It runs silently in the background, hiding the fact that it is active from the consumer without any notification. \n","ACR-097":"The app adds an exception for Windows firewall to evade the default system security guard.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components on the device without the consumer's consent. \n"},"nonDeceptorViolations":{"ACR-123":"The app does not remove the startup even after uninstall and reboot. \n"},"samples":[],"additionalFiles":[],"sources":[{"howFound":"Random hunt on windows app","reference":"","landingPage":"https://www.bittorrent.com/products/win/bittorrent-web-free","directDownloadingLink":"https://www.bittorrent.com/downloads/complete","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.bittorrent.com/downloads/complete","sourceIndex":"983"}],"sampleFiles":[],"imageFiles":["230713/bittorrentweb-211217/1.3.0.5666/Images/ACR-043/ACR-043_Install_1.png","230713/bittorrentweb-211217/1.3.0.5666/Images/ACR-042/ACR-042_Install_1.png","230713/bittorrentweb-211217/1.3.0.5666/Images/ACR-048/ACR-048.JPG","230713/bittorrentweb-211217/1.3.0.5666/Images/ACR-084/ACR-084.JPG","230713/bittorrentweb-211217/1.3.0.5666/Images/ACR-097/ACR-097_Software_1.png","230713/bittorrentweb-211217/1.3.0.5666/Images/ACR-118/ACR-118_Uninstall_1.png","230713/bittorrentweb-211217/1.3.0.5666/Images/ACR-013/ACR-013.JPG","230713/bittorrentweb-211217/1.3.0.5666/Images/ACR-013/ACR-013_1.JPG","230713/bittorrentweb-211217/1.3.0.5666/Images/ACR-013/ACR-013_2.JPG","230713/bittorrentweb-211217/1.3.0.5666/Images/ACR-060/ACR-060.JPG","230713/bittorrentweb-211217/1.3.0.5666/Images/ACR-060/ACR-060_1.JPG","230713/bittorrentweb-211217/1.3.0.5666/Images/ACR-060/ACR-060_2.JPG"],"nonDeceptorImageFiles":["230713/bittorrentweb-211217/1.3.0.5666/Images/ACR-123/ACR-123.JPG"],"guid":"816175c9-984e-4c84-a8a4-98c0bd8788dd_1.3.0.5666_1","appID":"bittorrentweb-211217","dateAdded":"260204","deceptorType":"App","name":"Bit Torrent Web","company":"BitTorrent Inc.","version":"1.3.0.5666","lastKnownStatus":"1.2.7.4186;1.2.8.4523;1.2.9.4938;1.2.10.5208;1.3.0.5655;1.3.0.5665;1.3.0.5666;1.3.0.5669;1.3.0.5670;1.3.0.5671;1.3.0.5672;1.4.0.5714;1.4.0.5759;1.4.0.5768;1.4.0.5822;1.4.0.5825;1.4.0.5828;1.4.0.5871;1.5.0.6335","lastKnownDate":"260204","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2026-05-12T23:00:03.9238682+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":19,"sortOrder":124},{"violations":{"ACR-042":"App drops hidden file/potential offer app info in hidden folder without user permission.\n","ACR-043":"The \"Bit Torrent Web\" components get dropped in one click without asking the user's permission and disclosing the installation path.\n","ACR-048":"The app does not provide any control to cancel the installation. Even on canceling it installs the application.\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software. \n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software.\n","ACR-084":"On closing the app, application doesn't exit completely. It runs silently in the background, hiding the fact that it is active from the consumer without any notification. \n","ACR-097":"The app adds an exception for Windows firewall to evade the default system security guard.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components on the device without the consumer's consent. \n"},"nonDeceptorViolations":{"ACR-123":"The app does not remove the startup even after uninstall and reboot. \n"},"samples":[{"isRevoked":"False","fileName":"C:\\Users\\User\\AppData\\Roaming\\BitTorrent Web\\btweb.exe","companyName":"BitTorrent Inc.","productName":"BitTorrent Web","productVersion":"1.3.0.5669","fileVersion":"1.3.0.5669","hashMD5":"00e233327f9df55b17f9b4c147fa72ee","hashSHA1":"6ee498c42c74a89d2739f9147bddbb6b0e1b4857","hashSHA256":"90eb9866a026352846ef2064137206294428aebde3bbce3059a9fb7147e462f3","digitalCertThumbprint":"09AFB68255629E565090CAC7EA49AAD67143FA93","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Rainberry Inc","storeId":"","sourceIndex":"968","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"btweb_installer.exe","isInstaller":"True","companyName":"                                                            ","productName":"BitTorrent Web®                                             ","productVersion":"1.3                                               ","fileVersion":"1.3                 ","hashMD5":"43d99d65d9d4b9032de43c69dae64634","hashSHA1":"b646d81cee3ff0b332b99262ce0f923af756fe6d","hashSHA256":"0dad61eb242e390be7148d733bcd32b8868ffa0437623c722562b745fe8c970c","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Rainberry Inc","storeId":"","sourceIndex":"968","avBlockList":["COMODO Antivirus (20231214)","Dr.Web Security Space (20231214)","ESET Internet Security (20231214)","G DATA INTERNET SECURITY (20231214)","K7 Total Security (20231214)","Malwarebytes Premium (20231214)","Norton Security (20231214)","Panda Dome (20231214)","Quick Heal Internet Security (20231214)","Sophos Home Premium (20231214)","VirIT eXplorer PRO (20231214)","Webroot SecureAnywhere (20231214)"],"avAllowList":["360 Total Security (20231214)","Avast Premium Security (20231214)","AVG Internet Security (20231214)","Avira Internet Security (20231214)","Bitdefender Internet Security (20231214)","Kaspersky Internet Security (20231214)","McAfee Total Protection (20231214)","SpyHunter5 (20231214)","Total AV Antivirus Pro (20231214)","Trend Micro Internet Security (20231214)","VIPRE Advanced Security (20231214)","Windows Defender (20231214)"]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on windows app","reference":"","landingPage":"https://www.bittorrent.com/products/win/bittorrent-web-free/","directDownloadingLink":"https://www.bittorrent.com/downloads/complete","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.bittorrent.com/downloads/complete","sourceIndex":"968"}],"sampleFiles":["230724/bittorrentweb-211217/1.3.0.5669/Samples/btweb_installer.exe"],"imageFiles":["230724/bittorrentweb-211217/1.3.0.5669/Images/ACR-043/ACR-043.PNG","230724/bittorrentweb-211217/1.3.0.5669/Images/ACR-042/ACR-042.PNG","230724/bittorrentweb-211217/1.3.0.5669/Images/ACR-048/ACR-048.PNG","230724/bittorrentweb-211217/1.3.0.5669/Images/ACR-084/ACR-084.PNG","230724/bittorrentweb-211217/1.3.0.5669/Images/ACR-097/ACR-097.PNG","230724/bittorrentweb-211217/1.3.0.5669/Images/ACR-118/ACR-118.PNG","230724/bittorrentweb-211217/1.3.0.5669/Images/ACR-013/ACR-013.PNG","230724/bittorrentweb-211217/1.3.0.5669/Images/ACR-013/ACR-013_1.PNG","230724/bittorrentweb-211217/1.3.0.5669/Images/ACR-013/ACR-013_2.PNG","230724/bittorrentweb-211217/1.3.0.5669/Images/ACR-060/ACR-060.PNG","230724/bittorrentweb-211217/1.3.0.5669/Images/ACR-060/ACR-060_1.PNG","230724/bittorrentweb-211217/1.3.0.5669/Images/ACR-060/ACR-060_2.PNG"],"nonDeceptorImageFiles":["230724/bittorrentweb-211217/1.3.0.5669/Images/ACR-123/ACR-123.PNG"],"guid":"816175c9-984e-4c84-a8a4-98c0bd8788dd_1.3.0.5669_1","appID":"bittorrentweb-211217","dateAdded":"260204","deceptorType":"App","name":"Bit Torrent Web","company":"BitTorrent Inc.","version":"1.3.0.5669","lastKnownStatus":"1.2.7.4186;1.2.8.4523;1.2.9.4938;1.2.10.5208;1.3.0.5655;1.3.0.5665;1.3.0.5666;1.3.0.5669;1.3.0.5670;1.3.0.5671;1.3.0.5672;1.4.0.5714;1.4.0.5759;1.4.0.5768;1.4.0.5822;1.4.0.5825;1.4.0.5828;1.4.0.5871;1.5.0.6335","lastKnownDate":"260204","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2026-05-12T23:00:03.4321866+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":19,"sortOrder":123},{"violations":{"ACR-042":"App drops hidden file/potential offer app info in hidden folder without user permission.\n","ACR-043":"The \"Bit Torrent Web\" components get dropped in one click without asking the user's permission and disclosing the installation path.\n","ACR-048":"The app does not provide any control to cancel the installation. Even on canceling it installs the application.\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software. \n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software.\n","ACR-084":"On closing the app, application doesn't exit completely. It runs silently in the background, hiding the fact that it is active from the consumer without any notification. \n","ACR-097":"The app adds an exception for Windows firewall to evade the default system security guard.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components on the device without the consumer's consent. \n"},"nonDeceptorViolations":{"ACR-123":"The app does not remove the startup even after uninstall and reboot. \n"},"samples":[{"isRevoked":"False","fileName":"btweb.exe","companyName":"BitTorrent Inc.","fileVersion":"1.3","hashMD5":"9ef817010027ca56e06e405864da534c","hashSHA1":"094b8955eccf1673c8e67390ff701849a0f071d8","hashSHA256":"464226174594698570d19e690055155577cd43e8d6d046b049b9867fc93d69c4","digitalCertThumbprint":"09AFB68255629E565090CAC7EA49AAD67143FA93","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"931","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"btweb_installer.exe","isInstaller":"True","fileVersion":"1.3","hashMD5":"40b9e2a146949767907a52e327f11d9e","hashSHA1":"c078450977d2e981955852d63739668d5772c218","hashSHA256":"8d1c7db73682627fdafa022916fc545a4c63c9b3d84121da5aa511b96070e1df","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"931","avBlockList":["COMODO Antivirus (20230803)","Dr.Web Security Space (20230803)","ESET Internet Security (20230803)","G DATA INTERNET SECURITY (20230803)","K7 Total Security (20230803)","Malwarebytes Premium (20230803)","Norton Security (20230803)","Sophos Home Premium (20230803)","SpyHunter5 (20230803)","VirIT eXplorer PRO (20230803)","Webroot SecureAnywhere (20230803)"],"avAllowList":["360 Total Security (20230803)","Avast Premium Security (20230803)","AVG Internet Security (20230803)","Avira Internet Security (20230803)","Bitdefender Internet Security (20230803)","Kaspersky Internet Security (20230803)","McAfee Total Protection (20230803)","Panda Dome (20230803)","Quick Heal Internet Security (20230803)","Total AV Antivirus Pro (20230803)","Trend Micro Internet Security (20230803)","VIPRE Advanced Security (20230803)","Windows Defender (20230803)"]},{"isRevoked":"False","fileName":"btweb_installer1.exe","isInstaller":"True","fileVersion":"1.3","hashMD5":"fbfc3977bf50a4cdd1ae5f631bd0c97b","hashSHA1":"b26dc0de3011b87040f261fa5974470be6799f09","hashSHA256":"d49e4b69ec14610ab71c05001578df3ea895843b6885054c4f88f3da4d865d52","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"931","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt on torrent applications","reference":"","landingPage":"https://www.bittorrent.com/","directDownloadingLink":"https://www.bittorrent.com/downloads/complete/","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.bittorrent.com/downloads/complete/","sourceIndex":"931"}],"sampleFiles":["231116/bittorrentweb-211217/1.3.0.5671/Samples/btweb.exe","231116/bittorrentweb-211217/1.3.0.5671/Samples/btweb_installer.exe","231116/bittorrentweb-211217/1.3.0.5671/Samples/btweb_installer1.exe"],"imageFiles":["231116/bittorrentweb-211217/1.3.0.5671/Images/ACR-043/BTW_ACR-043.jpg","231116/bittorrentweb-211217/1.3.0.5671/Images/ACR-042/BTW_ACR-042_043.jpg","231116/bittorrentweb-211217/1.3.0.5671/Images/ACR-048/ACR-048.jpg","231116/bittorrentweb-211217/1.3.0.5671/Images/ACR-084/backgroundprocess.jpg","231116/bittorrentweb-211217/1.3.0.5671/Images/ACR-097/FirewallException.jpg","231116/bittorrentweb-211217/1.3.0.5671/Images/ACR-118/ACR-118.jpg","231116/bittorrentweb-211217/1.3.0.5671/Images/ACR-013/OptionalOffer.jpg","231116/bittorrentweb-211217/1.3.0.5671/Images/ACR-060/OptionalOffer.jpg"],"nonDeceptorImageFiles":["231116/bittorrentweb-211217/1.3.0.5671/Images/ACR-123/ACR-123.jpg"],"guid":"816175c9-984e-4c84-a8a4-98c0bd8788dd_1.3.0.5671_1","appID":"bittorrentweb-211217","dateAdded":"260204","deceptorType":"App","name":"Bit Torrent Web","company":"BitTorrent Inc.","version":"1.3.0.5671","lastKnownStatus":"1.2.7.4186;1.2.8.4523;1.2.9.4938;1.2.10.5208;1.3.0.5655;1.3.0.5665;1.3.0.5666;1.3.0.5669;1.3.0.5670;1.3.0.5671;1.3.0.5672;1.4.0.5714;1.4.0.5759;1.4.0.5768;1.4.0.5822;1.4.0.5825;1.4.0.5828;1.4.0.5871;1.5.0.6335","lastKnownDate":"260204","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2026-05-12T23:00:02.8263497+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":19,"sortOrder":121},{"violations":{"ACR-043":"The \"Bit Torrent Web\" components get dropped in one click without asking the user's permission and disclosing the installation path.\n","ACR-048":"The app does not provide any control to cancel the installation. Even on canceling it installs the application.\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software. \n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software.\n","ACR-084":"On closing the app, application doesn't exit completely. It runs silently in the background, hiding the fact that it is active from the consumer without any notification. \n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components on the device without the consumer's consent. \n"},"nonDeceptorViolations":{"ACR-123":"The app does not remove the non-executable files even after uninstall and reboot. \n"},"samples":[{"isRevoked":"False","fileName":"btweb_installer.exe-60d23f44909c285f7307d3b630f79c117f1332a9e37dc75ecfa72f4b51eec21a","isInstaller":"True","fileVersion":"1.3","hashMD5":"0cb9101da3c390db15e13219166c8fc1","hashSHA1":"cfb9ab8d2bcb88fba04c16e99becde2a374e7a97","hashSHA256":"60d23f44909c285f7307d3b630f79c117f1332a9e37dc75ecfa72f4b51eec21a","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"1181","avBlockList":["COMODO Antivirus (20230328)","Dr.Web Security Space (20230328)","ESET Internet Security (20230328)","K7 Total Security (20230328)","Malwarebytes Premium (20230328)","Norton Security (20230328)","Panda Dome (20230328)","Quick Heal Internet Security (20230328)","Sophos Home Premium (20230328)","VirIT eXplorer PRO (20230328)","Webroot SecureAnywhere (20230328)"],"avAllowList":["360 Total Security (20230328)","Avast Premium Security (20230328)","AVG Internet Security (20230328)","Avira Internet Security (20230328)","Bitdefender Internet Security (20230328)","G DATA INTERNET SECURITY (20230328)","Kaspersky Internet Security (20230328)","McAfee Total Protection (20230328)","SpyHunter5 (20230328)","Total AV Antivirus Pro (20230328)","Trend Micro Internet Security (20230328)","VIPRE Advanced Security (20230328)","Windows Defender (20230328)"]},{"isRevoked":"False","fileName":"btweb.exe-2cdcc1c24ba6f62d153c1b23674261bd0ede0b686d1ee8a423f986a0ee8cc728","companyName":"BitTorrent Inc.","fileVersion":"1.3","hashMD5":"b2f369da8f56b1adc3fe3b071a5b5d4a","hashSHA1":"479be442cef3633fabb37f2b61b7731def27e0f5","hashSHA256":"2cdcc1c24ba6f62d153c1b23674261bd0ede0b686d1ee8a423f986a0ee8cc728","digitalCertThumbprint":"8AA7548C2D041AA6E6EEEF1E0910EC8B959BEBA9","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=BitTorrent Inc, O=BitTorrent Inc, L=San Francisco, S=California, C=US","sourceIndex":"1181","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"helper.exe-dbedd973360c6952a406ec765e7c766c3940a5e8c5aa9763172497bea51d1e93","companyName":"BitTorrent Inc.","fileVersion":"2.1","hashMD5":"0c837d99d77466bb61788fa30b4470fe","hashSHA1":"02d1d3ab0b30b77a3ecae78058a672ba1ea5076d","hashSHA256":"dbedd973360c6952a406ec765e7c766c3940a5e8c5aa9763172497bea51d1e93","digitalCertThumbprint":"94B5B937366BAF324364380B0694A0D8E32A08E2","digitalCertIssuer":"CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US","digitalCertIssuedTo":"CN=BitTorrent Inc, O=BitTorrent Inc, L=San Francisco, S=California, C=US","sourceIndex":"1181","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"btweb_installer.exe","isInstaller":"True","fileVersion":"1.3","hashMD5":"02becd6db70e149d4e812acbaca65618","hashSHA1":"5a3d778b829c0682d468b6c7d73891d0e5fae6fa","hashSHA256":"94c8b7b8286cfb0a56f388ef7723f4f6cf3e06f9522a94b788ca7e4847c80ca7","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"1181","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt on torrent applications","reference":"","landingPage":"https://www.bittorrent.com/products/win/bittorrent-web-free/","directDownloadingLink":"https://download-new.utorrent.com/endpoint/btweb/os/windows/track/stable","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://download-new.utorrent.com/endpoint/btweb/os/windows/track/stable","sourceIndex":"1181"}],"sampleFiles":["230402/bittorrentweb-211217/1.3.0.5655/Samples/btweb_installer.exe-60d23f44909c285f7307d3b630f79c117f1332a9e37dc75ecfa72f4b51eec21a","230402/bittorrentweb-211217/1.3.0.5655/Samples/btweb.exe-2cdcc1c24ba6f62d153c1b23674261bd0ede0b686d1ee8a423f986a0ee8cc728","230402/bittorrentweb-211217/1.3.0.5655/Samples/helper.exe-dbedd973360c6952a406ec765e7c766c3940a5e8c5aa9763172497bea51d1e93","230402/bittorrentweb-211217/1.3.0.5655/Samples/btweb_installer.exe"],"imageFiles":["230402/bittorrentweb-211217/1.3.0.5655/Images/ACR-043/ACR-043.png","230402/bittorrentweb-211217/1.3.0.5655/Images/ACR-048/ACR-048.png","230402/bittorrentweb-211217/1.3.0.5655/Images/ACR-084/ACR-084.png","230402/bittorrentweb-211217/1.3.0.5655/Images/ACR-118/ACR-118.png","230402/bittorrentweb-211217/1.3.0.5655/Images/ACR-013/ACR-013_1.png","230402/bittorrentweb-211217/1.3.0.5655/Images/ACR-013/ACR-013_2.png","230402/bittorrentweb-211217/1.3.0.5655/Images/ACR-013/ACR-013_3.png","230402/bittorrentweb-211217/1.3.0.5655/Images/ACR-060/ACR-060_1.png","230402/bittorrentweb-211217/1.3.0.5655/Images/ACR-060/ACR-060_2.png","230402/bittorrentweb-211217/1.3.0.5655/Images/ACR-060/ACR-060_3.png"],"nonDeceptorImageFiles":["230402/bittorrentweb-211217/1.3.0.5655/Images/ACR-123/ACR-123.png"],"guid":"816175c9-984e-4c84-a8a4-98c0bd8788dd_1.3.0.5655_1","appID":"bittorrentweb-211217","dateAdded":"260204","deceptorType":"App","name":"Bit Torrent Web","company":"BitTorrent Inc.","version":"1.3.0.5655","lastKnownStatus":"1.2.7.4186;1.2.8.4523;1.2.9.4938;1.2.10.5208;1.3.0.5655;1.3.0.5665;1.3.0.5666;1.3.0.5669;1.3.0.5670;1.3.0.5671;1.3.0.5672;1.4.0.5714;1.4.0.5759;1.4.0.5768;1.4.0.5822;1.4.0.5825;1.4.0.5828;1.4.0.5871;1.5.0.6335","lastKnownDate":"260204","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2026-05-12T23:00:10.3181324+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":19,"sortOrder":126},{"violations":{"ACR-042":"The app initiates network communications with 3rd party offer provider before obtaining user consent.\n","ACR-048":"The app does not provide any control to cancel the installation.\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software. \n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software.\n","ACR-084":"On closing the app, application doesn't exit completely. It runs silently in the background, hiding the fact that it is active from the consumer without any notification. \n","ACR-097":"The app adds an exception for Windows firewall to evade the default system security guard.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components on the device without the consumer's consent. \n"},"nonDeceptorViolations":{"ACR-123":"The app does not remove the startup even after uninstall and reboot. \n"},"samples":[{"isRevoked":"False","fileName":"C:\\Users\\User\\AppData\\Roaming\\BitTorrent Web\\btweb.exe","companyName":"Rainberry Inc.","productName":"BitTorrent Web","productVersion":"1.4.0.5714","fileVersion":"1.4.0.5714","hashMD5":"843fec5937e94f75764201ceef51cb0d","hashSHA1":"8b64c7f4d0fdbb3461468955c3549c378ed09fd6","hashSHA256":"c65658bda4c9e4a9d684d949e2f6ab2956236a309fc451e7aa73c85b192146fc","digitalCertThumbprint":"09AFB68255629E565090CAC7EA49AAD67143FA93","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Rainberry Inc","storeId":"","sourceIndex":"787","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"btweb_installer.exe","isInstaller":"True","companyName":"                                                            ","productName":"BіtТorrеnt Web®                                             ","productVersion":"1.4                                               ","fileVersion":"1.4                 ","hashMD5":"c17b82dc918c8b81fd64245b58d56f0b","hashSHA1":"ad0971a6a54fcebb5ac21227169dcb668eb89f28","hashSHA256":"1d73c3b830dc141dfbc80865c4454d46ff2fd1afd9d3f0ba0ba10733574b101d","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Rainberry Inc","storeId":"","sourceIndex":"787","avBlockList":["Bitdefender Internet Security (20240606)","COMODO Antivirus (20240606)","Dr.Web Security Space (20240606)","ESET Internet Security (20240606)","G DATA INTERNET SECURITY (20240606)","K7 Total Security (20240606)","Malwarebytes Premium (20240606)","Norton Security (20240606)","Panda Dome (20240606)","Quick Heal Internet Security (20240606)","Sophos Home Premium (20240606)","VIPRE Advanced Security (20240606)","VirIT eXplorer PRO (20240606)","Webroot SecureAnywhere (20240606)"],"avAllowList":["360 Total Security (20240606)","Avast Premium Security (20240606)","AVG Internet Security (20240606)","Avira Internet Security (20240606)","Kaspersky Internet Security (20240606)","McAfee Total Protection (20240606)","SpyHunter5 (20240606)","Total AV Antivirus Pro (20240606)","Trend Micro Internet Security (20240606)","Windows Defender (20240606)"]},{"isRevoked":"False","fileName":"btweb_installer_231027.exe","isInstaller":"True","fileVersion":"1.4","hashMD5":"574595d96616423d0b0db6d6d3b5172b","hashSHA1":"c4c85a3da62ab6c2e8e5ff1cfe540079687290a4","hashSHA256":"d63dc4572faf076069f8228a401e43150795c087c733c9d44d8fc80ac48c430d","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"787","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"btweb_installer_231030.exe","isInstaller":"True","fileVersion":"1.4","hashMD5":"7c2174b8a1b3d9a3a52bba93e98c0442","hashSHA1":"0bf1a2f2c07e3eea7d8d8b7f903bbc7420a79e9e","hashSHA256":"005eef170e4d5d7a5beb735945a0f7c93b4815b269b2248edd07af4b57bf9cef","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"787","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"btweb_installer_231031.exe","isInstaller":"True","fileVersion":"1.4","hashMD5":"8d2712ecd587d19fb8b66dd3ee40161b","hashSHA1":"ae6abbaf399b76e42fa34ff7d1e720e185201adf","hashSHA256":"fc63a57f772f79b8fd4c3b170b1bee808227caae55b68551c9d39e828cf218fc","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"787","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"btweb_installer_231031_1.exe","isInstaller":"True","fileVersion":"1.3","hashMD5":"dee98aafa8278f654b13d70b91bf176e","hashSHA1":"28a6f87b4d169aa925c5ffcf4d092116b6ca7117","hashSHA256":"681f3c20e6b870d5ecbe88522d4e4b4e7506fc28b366d78300cc032c2194f149","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"787","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"btweb_installer_231102.exe","isInstaller":"True","fileVersion":"1.4","hashMD5":"b225495f32a078b0b49265a79089d829","hashSHA1":"5252b47834caae48bae5a3a0877fd52f0ac792d5","hashSHA256":"fe69cb414c5da0cc9a95fc3ed9ac9836b9be350825f191a828cb8291f4cc733f","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"787","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"btweb_installer_231103.exe","isInstaller":"True","fileVersion":"1.3","hashMD5":"599986ff19b85d2f76a257493c674dde","hashSHA1":"65c219d0f2c3aaa4b2cefc95bfe6b115a4a6d57c","hashSHA256":"72a3ed44045a94be3de8667d5945d31b64075aa188e27a48a10fed3a86eb82eb","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"787","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"btweb_installer_1.exe","isInstaller":"True","fileVersion":"1.4","hashMD5":"c7848e55b0883548fed699baa89486bf","hashSHA1":"b4665bbca06c579615dede0d56a415e67c741316","hashSHA256":"85b2623fb1851b2e86701030e13e5fc41301551c29b00715be5871fd74d49eb9","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"787","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"btweb_installer_231108.exe","isInstaller":"True","fileVersion":"1.4","hashMD5":"6128f01f81531f9f63ab2e3a4f44af89","hashSHA1":"1355e60fb92a63034be06f1fbecd80ebb478a673","hashSHA256":"a7340f3fdc75b2206704337939ea1b9e383a2de5f432f5aeb7156942ab8f83c3","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"787","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"btweb_installer_231113.exe","isInstaller":"True","fileVersion":"1.4","hashMD5":"0a6e3332c3526c642eb52387c95731c5","hashSHA1":"856a1ab0681c19a679fa53e75d0b307d55df517c","hashSHA256":"212546cc560442feac890e6342b1bacd895eac775fe2fd690d0fd74d58e990f2","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"787","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"btweb_installer_231114.exe","isInstaller":"True","fileVersion":"1.4","hashMD5":"c7bf68e79949e40ad79d8b6f23876206","hashSHA1":"5bf35091c9f898b9c1f0d32a9f3f3f378be42e87","hashSHA256":"2d8d6793c3527b2b3e4e81868cb19ab1aec4fccc818ef80690751feb19ce37bc","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"787","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"btweb_installer_231115.exe","isInstaller":"True","fileVersion":"1.4","hashMD5":"926f0a5d14255c73d209415608b5d02d","hashSHA1":"95d7218afe0c88b625710b6ecc005c110cff7768","hashSHA256":"fab642d23384cb701a769adeeb52f944339a603ecbed3221e495031a5c290f79","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"787","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"btweb_installer_231116.exe","isInstaller":"True","fileVersion":"1.4","hashMD5":"f428375a4abea3c8c8ccd4c0e3fc95ab","hashSHA1":"986fd2ae3dc1e8db0ee94b3249a7f0129c8f1cb7","hashSHA256":"ddb68d8aebadf7af72d1668977f245a9fc12a21deb41af9de69e4bf7cffd0cf6","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"787","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"btweb_installer_231116_2.exe","isInstaller":"True","fileVersion":"1.3","hashMD5":"9834bf388e674b1f30434ebf93016b7b","hashSHA1":"49da30dee1011ac27812a39d18a42140eba37f48","hashSHA256":"7ac37751ea62744d780ecaddc4d649e6130ff3a0f3b472badda3fa3e01ef302c","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"787","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"btweb_installer_231120.exe","isInstaller":"True","fileVersion":"1.4","hashMD5":"43fa7ac5f771f88847c2ed076acf35a1","hashSHA1":"78d3186e9768a3956e853f93bbe16609b976a263","hashSHA256":"5b4ec55c45a7d333c6cacc66ed5220397da0b10af654418e068f3f3fe9c21cd3","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"787","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"btweb_installer_231124.exe","isInstaller":"True","fileVersion":"1.4","hashMD5":"6a036532537407d3946e267b8a494342","hashSHA1":"686ee80a1553739ab0c997fd63995d67b674bb75","hashSHA256":"25418c361e9a779c48eb862821b78046bf777186762d18088876aa6a3dbf1aba","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"787","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"btweb_installer_231204.exe","isInstaller":"True","fileVersion":"1.4","hashMD5":"91c9340b4f11c9dbd7acb658dc2774cd","hashSHA1":"945776861a3eeca8495d93e6bccf20c4fbe9b902","hashSHA256":"f0368d67d70e8ccb216f708a0ce470f83ce85ebab5574810ae585e5ddf0fd3ff","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"787","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"btweb_installer_231211.exe","isInstaller":"True","fileVersion":"1.4","hashMD5":"4fac565325a98a3f6effeec552647c9f","hashSHA1":"356cd29cbdb43e7a5647dba4b4000a39a6fbadbf","hashSHA256":"20f57b91e4bc25cd8a917c6e5ecb6aae9ade392fd5c73502b63d3b8035a04f84","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"787","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on torrent app","reference":"","landingPage":"https://www.bittorrent.com/products/win/bittorrent-web-free/","directDownloadingLink":"https://www.bittorrent.com/downloads/complete","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.bittorrent.com/downloads/complete","sourceIndex":"787"}],"sampleFiles":["231211/bittorrentweb-211217/1.4.0.5714/Samples/btweb_installer.exe","231211/bittorrentweb-211217/1.4.0.5714/Samples/btweb_installer_231027.exe","231211/bittorrentweb-211217/1.4.0.5714/Samples/btweb_installer_231030.exe","231211/bittorrentweb-211217/1.4.0.5714/Samples/btweb_installer_231031.exe","231211/bittorrentweb-211217/1.4.0.5714/Samples/btweb_installer_231031_1.exe","231211/bittorrentweb-211217/1.4.0.5714/Samples/btweb_installer_231102.exe","231211/bittorrentweb-211217/1.4.0.5714/Samples/btweb_installer_231103.exe","231211/bittorrentweb-211217/1.4.0.5714/Samples/btweb_installer_1.exe","231211/bittorrentweb-211217/1.4.0.5714/Samples/btweb_installer_231108.exe","231211/bittorrentweb-211217/1.4.0.5714/Samples/btweb_installer_231113.exe","231211/bittorrentweb-211217/1.4.0.5714/Samples/btweb_installer_231114.exe","231211/bittorrentweb-211217/1.4.0.5714/Samples/btweb_installer_231115.exe","231211/bittorrentweb-211217/1.4.0.5714/Samples/btweb_installer_231116.exe","231211/bittorrentweb-211217/1.4.0.5714/Samples/btweb_installer_231116_2.exe","231211/bittorrentweb-211217/1.4.0.5714/Samples/btweb_installer_231120.exe","231211/bittorrentweb-211217/1.4.0.5714/Samples/btweb_installer_231124.exe","231211/bittorrentweb-211217/1.4.0.5714/Samples/btweb_installer_231204.exe","231211/bittorrentweb-211217/1.4.0.5714/Samples/btweb_installer_231211.exe"],"imageFiles":["231211/bittorrentweb-211217/1.4.0.5714/Images/ACR-042/ACR-042.PNG","231211/bittorrentweb-211217/1.4.0.5714/Images/ACR-048/ACR-048.PNG","231211/bittorrentweb-211217/1.4.0.5714/Images/ACR-084/ACR-084.PNG","231211/bittorrentweb-211217/1.4.0.5714/Images/ACR-097/ACR-097.PNG","231211/bittorrentweb-211217/1.4.0.5714/Images/ACR-118/ACR-118.PNG","231211/bittorrentweb-211217/1.4.0.5714/Images/ACR-013/ACR-013.PNG","231211/bittorrentweb-211217/1.4.0.5714/Images/ACR-013/ACR-013_1.PNG","231211/bittorrentweb-211217/1.4.0.5714/Images/ACR-013/ACR-013_2.PNG","231211/bittorrentweb-211217/1.4.0.5714/Images/ACR-060/ACR-060.PNG","231211/bittorrentweb-211217/1.4.0.5714/Images/ACR-060/ACR-060_1.PNG","231211/bittorrentweb-211217/1.4.0.5714/Images/ACR-060/ACR-060_2.PNG"],"nonDeceptorImageFiles":["231211/bittorrentweb-211217/1.4.0.5714/Images/ACR-123/ACR-123.PNG"],"guid":"816175c9-984e-4c84-a8a4-98c0bd8788dd_1.4.0.5714_1","appID":"bittorrentweb-211217","dateAdded":"260204","deceptorType":"App","name":"Bit Torrent Web","company":"BitTorrent Inc.","version":"1.4.0.5714","lastKnownStatus":"1.2.7.4186;1.2.8.4523;1.2.9.4938;1.2.10.5208;1.3.0.5655;1.3.0.5665;1.3.0.5666;1.3.0.5669;1.3.0.5670;1.3.0.5671;1.3.0.5672;1.4.0.5714;1.4.0.5759;1.4.0.5768;1.4.0.5822;1.4.0.5825;1.4.0.5828;1.4.0.5871;1.5.0.6335","lastKnownDate":"260204","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2026-05-12T22:59:58.5356899+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":19,"sortOrder":119},{"violations":{"ACR-042":"The app initiates network communications with 3rd party offer provider before obtaining user consent.\n","ACR-048":"The app does not provide any control to cancel the installation.\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software. \n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software.\n","ACR-084":"On closing the app, application doesn't exit completely. It runs silently in the background, hiding the fact that it is active from the consumer without any notification. \n","ACR-097":"The app adds an exception for Windows firewall to evade the default system security guard.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components on the device without the consumer's consent. \n","ACR-014":"The \"Accept\" button on the Opera Browser offer is used for two things: accepting an offer and accepting opera as the default browser. The \"Accept\" button is misleading and confusing because the user is easily led to believe that \"accept\" is only for installing Opera and not for changing his system browser default settings.\n"},"nonDeceptorViolations":{"ACR-123":"The app does not remove the startup even after uninstall and reboot. \n"},"samples":[{"isRevoked":"False","fileName":"btweb_installer.exe","isInstaller":"True","companyName":"                                                            ","productName":"BitTorrent Web®                                             ","productVersion":"1.3                                               ","fileVersion":"1.3                 ","hashMD5":"34310ad5f34b0634eea7aba3dc4d6206","hashSHA1":"67a697ddf617531f99d64e1f00d00121f43746c5","hashSHA256":"752473427c2ef04856e413e070a62569056e7bf4e9ac801e0aa7f7dd74c61627","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Rainberry Inc","storeId":"","sourceIndex":"705","avBlockList":["COMODO Antivirus (20240507)","Dr.Web Security Space (20240507)","ESET Internet Security (20240507)","G DATA INTERNET SECURITY (20240507)","K7 Total Security (20240507)","Malwarebytes Premium (20240507)","Norton Security (20240507)","Panda Dome (20240507)","Quick Heal Internet Security (20240507)","Sophos Home Premium (20240507)","VirIT eXplorer PRO (20240507)","Webroot SecureAnywhere (20240507)"],"avAllowList":["360 Total Security (20240507)","Avast Premium Security (20240507)","AVG Internet Security (20240507)","Avira Internet Security (20240507)","Bitdefender Internet Security (20240507)","Kaspersky Internet Security (20240507)","McAfee Total Protection (20240507)","SpyHunter5 (20240507)","Total AV Antivirus Pro (20240507)","Trend Micro Internet Security (20240507)","VIPRE Advanced Security (20240507)","Windows Defender (20240507)"]},{"isRevoked":"False","fileName":"btweb_installer_240103.exe","isInstaller":"True","fileVersion":"1.4","hashMD5":"5bf4ea7eb22a95c8d3a43d9a0f8c007d","hashSHA1":"21fcf6d66a4e7a245479577c6251554558bf1a98","hashSHA256":"67e2f8a9bca4e2e2bff12876ed2e4c410001d5ce4390b8a74b4fb03825d9559a","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"705","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"btweb_installer_240109.exe","isInstaller":"True","fileVersion":"1.3","hashMD5":"ae83a93c310106117ff20c746ff30e21","hashSHA1":"b5a3ac8e3972591405ffe96f014a3a941686142f","hashSHA256":"b18bcbbfb660a7b58fdf687fea9108f5bef7929c158aa2a502b860be7e0a7115","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"705","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"btweb_installer_220124.exe","isInstaller":"True","fileVersion":"1.3","hashMD5":"19fd9713007d0fae0fbf8b8fdab256c3","hashSHA1":"f8f1e4650c99f52fe10663ca0b9a98a4148e5a99","hashSHA256":"af3f1c47ff42ef3e30e2d7df2501716a80e57169d21344a1509ec299aa56aaca","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"705","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"btweb_installer_240130.exe","isInstaller":"True","fileVersion":"1.4","hashMD5":"14c7ce858604b87a911a4e247e72bb19","hashSHA1":"06fc6370428f8b503369c389bacd05dcf445a357","hashSHA256":"ee8819a8081df3a7de82de6e2272eba108b90a412628da9f4a0da440901e9ee1","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"705","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"btweb_installer-240202.exe","isInstaller":"True","fileVersion":"1.4","hashMD5":"96eeb17d34f40155c6c82f49a00738f4","hashSHA1":"faa30603433df2c990e8f08eb35965832c894d35","hashSHA256":"01a62bef97ce0e94822c44b8e33dfb57720c8f2c8a793b2e786583920c7ea319","digitalCertThumbprint":"2454B8E0EA6E609AEF03C83090EE29C284BA586C","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, OU=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"705","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"btweb_installer_240206.exe","isInstaller":"True","fileVersion":"1.4","hashMD5":"c17c937a772d57a1620850c2f4b46e7b","hashSHA1":"507e805f2c75bc5698174acfdd8ec5497117c979","hashSHA256":"c660450288bf0c13358e852821f2d4833c91f98e84b468118ab7e11dd06fba03","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"705","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"btweb_installer_240207.exe","isInstaller":"True","fileVersion":"1.4","hashMD5":"0a2adcac3e3701adcffdb59d83412130","hashSHA1":"ca9478368eb956d726b819e7f28eba37fb943bcd","hashSHA256":"42619e7b8065e2f8484a9f1e5f36454f27ec88919ea9d2a6b45346ad54e9fe0a","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"705","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"btweb_installer_240208.exe","isInstaller":"True","fileVersion":"1.4","hashMD5":"9852103c55831400fbfb41ae7f9c2d21","hashSHA1":"4d1f88566e4b9e401828da9e4b21e1d57b7ef18a","hashSHA256":"584cb04d8b5e84d410231f201ace1f70002136f3f00fd668216bb78f8ac06735","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"705","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"btweb_installer_240213.exe","isInstaller":"True","fileVersion":"1.3","hashMD5":"cb1432bf184a02298761e170d6b07c6e","hashSHA1":"85b0877cba06ca900f8a8a36e00daaa362a2542a","hashSHA256":"6766df97f4b38ac265746360dbb0c759a2ea50aec2b740fd2eeb35599b00fc24","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"705","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"btweb_installer_240214.exe","isInstaller":"True","fileVersion":"1.4","hashMD5":"1525dbd62f60cd909877607c72c00201","hashSHA1":"05fc87ef3862725ba643705b5c501f744ed56e98","hashSHA256":"00061334f474eb35a12a1f9051b452db3bd9a426b98a57a698e3e1167e2d8941","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"705","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"btweb_installer_240215.exe","isInstaller":"True","fileVersion":"1.4","hashMD5":"71e177c4ae71077b904dd8aba4ef18c4","hashSHA1":"d68f6fc2975e6b9e7302ba40f5dbb83f1a6cfd1f","hashSHA256":"b53bb8f0bdfa08c1000c721a0289234b9ddc7d300c4d2b3b43e0f11835a96823","digitalCertThumbprint":"2454B8E0EA6E609AEF03C83090EE29C284BA586C","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, OU=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"705","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"btweb_installer_240301.exe","isInstaller":"True","fileVersion":"1.4","hashMD5":"b2919ccca8bbbd5a1431d5213026066f","hashSHA1":"c3f7c696529c769807eb7aaa955f4bf7c03816d6","hashSHA256":"0834a7625567235f074c2490dc1f1c8714e22d75acf5112999f1f38c6a9261f2","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"705","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"btweb_installer_240307.exe","isInstaller":"True","fileVersion":"1.4","hashMD5":"5efa87f83c62d67aaea96f6c74cd486b","hashSHA1":"fe197606df6dce0194554732d7e7fe1017a0c378","hashSHA256":"273bd527ac506ef4c5b5830ac1b13eb423d431f96c81fde1282c98b267b4de47","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"705","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"btweb_installer_240311.exe","isInstaller":"True","fileVersion":"1.4","hashMD5":"fd6fd1ce8fbcf43faa48601fc38bae6b","hashSHA1":"15ce0a466f48b28d44342d8ce42ffc134b2119d7","hashSHA256":"20dd847ac9f5251cf884844ad0b2dc34637c40efa7737e8ef7394271957d6599","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"705","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"btweb_installer_240321.exe","isInstaller":"True","fileVersion":"1.4","hashMD5":"f12f25f41a7c8c29bf896347a5f233f2","hashSHA1":"9615251d36c21b4c8b19cd0e4d04691df681f47b","hashSHA256":"169911e4f24793c1fc8881970f5a9e8bd5e9e12819a568f978173723d9d436f6","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"705","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt on torrent applications","reference":"","landingPage":"https://www.bittorrent.com/","directDownloadingLink":"https://www.bittorrent.com/downloads/complete/","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.bittorrent.com/downloads/complete/","sourceIndex":"705"}],"sampleFiles":["240321/bittorrentweb-211217/1.4.0.5759/Samples/btweb_installer.exe","240321/bittorrentweb-211217/1.4.0.5759/Samples/btweb_installer_240103.exe","240321/bittorrentweb-211217/1.4.0.5759/Samples/btweb_installer_240109.exe","240321/bittorrentweb-211217/1.4.0.5759/Samples/btweb_installer_220124.exe","240321/bittorrentweb-211217/1.4.0.5759/Samples/btweb_installer_240130.exe","240321/bittorrentweb-211217/1.4.0.5759/Samples/btweb_installer-240202.exe","240321/bittorrentweb-211217/1.4.0.5759/Samples/btweb_installer_240206.exe","240321/bittorrentweb-211217/1.4.0.5759/Samples/btweb_installer_240207.exe","240321/bittorrentweb-211217/1.4.0.5759/Samples/btweb_installer_240208.exe","240321/bittorrentweb-211217/1.4.0.5759/Samples/btweb_installer_240213.exe","240321/bittorrentweb-211217/1.4.0.5759/Samples/btweb_installer_240214.exe","240321/bittorrentweb-211217/1.4.0.5759/Samples/btweb_installer_240215.exe","240321/bittorrentweb-211217/1.4.0.5759/Samples/btweb_installer_240301.exe","240321/bittorrentweb-211217/1.4.0.5759/Samples/btweb_installer_240307.exe","240321/bittorrentweb-211217/1.4.0.5759/Samples/btweb_installer_240311.exe","240321/bittorrentweb-211217/1.4.0.5759/Samples/btweb_installer_240321.exe"],"imageFiles":["240321/bittorrentweb-211217/1.4.0.5759/Images/ACR-042/ACR-042_Install_1.png","240321/bittorrentweb-211217/1.4.0.5759/Images/ACR-048/ACR-048_Install_1.png","240321/bittorrentweb-211217/1.4.0.5759/Images/ACR-014/ACR-014_Install_1.png","240321/bittorrentweb-211217/1.4.0.5759/Images/ACR-084/ACR-084_Software_1.png","240321/bittorrentweb-211217/1.4.0.5759/Images/ACR-097/ACR-097_Software_1.png","240321/bittorrentweb-211217/1.4.0.5759/Images/ACR-118/ACR-118_Uninstall_1.png","240321/bittorrentweb-211217/1.4.0.5759/Images/ACR-013/ACR-013_Install_1.png","240321/bittorrentweb-211217/1.4.0.5759/Images/ACR-013/ACR-013_Install_2.png","240321/bittorrentweb-211217/1.4.0.5759/Images/ACR-060/ACR-060_Bundler-made offers_1.png","240321/bittorrentweb-211217/1.4.0.5759/Images/ACR-060/ACR-060_Bundler-made offers_2.png"],"nonDeceptorImageFiles":["240321/bittorrentweb-211217/1.4.0.5759/Images/ACR-123/ACR-123_Uninstall_1.png"],"guid":"816175c9-984e-4c84-a8a4-98c0bd8788dd_1.4.0.5759_1","appID":"bittorrentweb-211217","dateAdded":"260204","deceptorType":"App","name":"Bit Torrent Web","company":"BitTorrent Inc.","version":"1.4.0.5759","lastKnownStatus":"1.2.7.4186;1.2.8.4523;1.2.9.4938;1.2.10.5208;1.3.0.5655;1.3.0.5665;1.3.0.5666;1.3.0.5669;1.3.0.5670;1.3.0.5671;1.3.0.5672;1.4.0.5714;1.4.0.5759;1.4.0.5768;1.4.0.5822;1.4.0.5825;1.4.0.5828;1.4.0.5871;1.5.0.6335","lastKnownDate":"260204","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2026-05-12T22:59:56.2639969+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":19,"sortOrder":118},{"violations":{"ACR-048":"The app does not provide any control to cancel the installation.\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software. \n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software.\n","ACR-084":"On closing the app, application doesn't exit completely. It runs silently in the background, hiding the fact that it is active from the consumer without any notification. \n","ACR-097":"The app adds an exception for Windows firewall to evade the default system security guard.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components on the device without the consumer's consent. \n","ACR-014":"The \"Accept\" button on the Opera Browser offer is used for two things: accepting an offer and accepting opera as the default browser. The \"Accept\" button is misleading and confusing because the user is easily led to believe that \"accept\" is only for installing Opera and not for changing his system browser default settings.\n"},"nonDeceptorViolations":{"ACR-123":"The app does not remove the startup even after uninstall and reboot. \n"},"samples":[{"isRevoked":"False","fileName":"btweb_installer.exe","isInstaller":"True","companyName":"                                                            ","productName":"BіtТorrеnt Web®                                             ","productVersion":"1.4                                               ","fileVersion":"1.4                 ","hashMD5":"fea79d2a2708a6bd0ef13c7e036e409e","hashSHA1":"0bc8fc5255e82ce9cd95ac047f4219013ff6f771","hashSHA256":"5c90228823fbd9c277130f15da8ad754f5b207cb5626aded1e6db6f1ab2242d3","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Rainberry Inc","storeId":"","sourceIndex":"644","avBlockList":["COMODO Antivirus (20240418)","Dr.Web Security Space (20240418)","ESET Internet Security (20240418)","K7 Total Security (20240418)","Malwarebytes Premium (20240418)","Norton Security (20240418)","Sophos Home Premium (20240418)","VirIT eXplorer PRO (20240418)","Webroot SecureAnywhere (20240418)"],"avAllowList":["360 Total Security (20240418)","Avast Premium Security (20240418)","AVG Internet Security (20240418)","Avira Internet Security (20240418)","Bitdefender Internet Security (20240418)","G DATA INTERNET SECURITY (20240418)","Kaspersky Internet Security (20240418)","McAfee Total Protection (20240418)","Panda Dome (20240418)","Quick Heal Internet Security (20240418)","SpyHunter5 (20240418)","Total AV Antivirus Pro (20240418)","Trend Micro Internet Security (20240418)","VIPRE Advanced Security (20240418)","Windows Defender (20240418)"]},{"isRevoked":"False","fileName":"btweb_installer_240403.exe","isInstaller":"True","fileVersion":"1.4","hashMD5":"90c65f2eef4fb0fde06e4438516fc7bf","hashSHA1":"95f0c89074a6f3836f599a683ab97df24fcc0f37","hashSHA256":"17ab35a9af6f01a416780732ea5a4e913264de38815a81942570a96ad6fa035d","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"644","avBlockList":["COMODO Antivirus (20240820)","Dr.Web Security Space (20240820)","ESET Internet Security (20240820)","FortectPremium (20240820)","K7 Total Security (20240820)","Malwarebytes Premium (20240820)","Norton Security (20240820)","Quick Heal Internet Security (20240820)","Sophos Home Premium (20240820)","Total AV Antivirus Pro (20240820)","VirIT eXplorer PRO (20240820)","Webroot SecureAnywhere (20240820)"],"avAllowList":["360 Total Security (20240820)","Avast Premium Security (20240820)","AVG Internet Security (20240820)","Avira Internet Security (20240820)","Bitdefender Internet Security (20240820)","G DATA INTERNET SECURITY (20240820)","KasperskyPremium (20240820)","McAfee Total Protection (20240820)","Panda Dome (20240820)","SpyHunter5 (20240820)","Trend Micro Internet Security (20240820)","VIPRE Advanced Security (20240820)","Windows Defender (20240820)"]},{"isRevoked":"False","fileName":"btweb_installer_240405.exe","isInstaller":"True","fileVersion":"1.4","hashMD5":"4f703da2d3ec46740a47d99700901200","hashSHA1":"859da0b9e19cd9d9ceac593e017cc4e3fcdb1366","hashSHA256":"0eb430f432882988b4daf11381d74f8908b976dece37ae12102de51c42a8ee94","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"644","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"btweb_installer_240408.exe","isInstaller":"True","fileVersion":"1.4","hashMD5":"6521003dc3a754efa45488de755aa668","hashSHA1":"84eda07e20228b7840ebccb62ab75631a1be7609","hashSHA256":"77e763b5038298d9a8e0fca92c50f44ed579ee53569bcac278c38e04db4e8ec7","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"644","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"btweb_installer_240410.exe","isInstaller":"True","fileVersion":"1.4","hashMD5":"fa1294d0f1ec079ab22981fd28a4bba9","hashSHA1":"6c2bc45d776100b4c24358449a95ab8eec06a9b3","hashSHA256":"6edce25fd334402abb67ab74e928317cbc0aa19fa6a9be4c6cf13f5d4f0070fd","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"644","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"btweb_installer_240412.exe","isInstaller":"True","fileVersion":"1.4","hashMD5":"1a87e758e0ca4465aa9627f614d1e21a","hashSHA1":"39e7c5251e4f8369d7abe80952ced304472c633c","hashSHA256":"46c8199f91013cb2b13882658c433dda04a991665869d3c677009ddfc1965af1","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"644","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"btweb_installer_240418.exe","isInstaller":"True","fileVersion":"1.4","hashMD5":"d4a246b11f90dcde0590bf609fd817a6","hashSHA1":"37d546136ea00562a8b59b6a08e10157e12cc5a2","hashSHA256":"32457194643e2a93fc9e10e5b94496d37320bd7c8a4a9554cbfc1ea2ac812636","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"644","avBlockList":["COMODO Antivirus (20240806)","Dr.Web Security Space (20240806)","ESET Internet Security (20240806)","FortectPremium (20240806)","K7 Total Security (20240806)","Malwarebytes Premium (20240806)","Norton Security (20240806)","Quick Heal Internet Security (20240806)","Sophos Home Premium (20240806)","VirIT eXplorer PRO (20240806)","Webroot SecureAnywhere (20240806)"],"avAllowList":["360 Total Security (20240806)","Avast Premium Security (20240806)","AVG Internet Security (20240806)","Avira Internet Security (20240806)","Bitdefender Internet Security (20240806)","G DATA INTERNET SECURITY (20240806)","KasperskyPremium (20240806)","McAfee Total Protection (20240806)","Panda Dome (20240806)","SpyHunter5 (20240806)","Total AV Antivirus Pro (20240806)","Trend Micro Internet Security (20240806)","VIPRE Advanced Security (20240806)","Windows Defender (20240806)"]},{"isRevoked":"False","fileName":"btweb_installer_240422.exe","isInstaller":"True","fileVersion":"1.4","hashMD5":"a0af78d3d8e14da139a3a7d9d751efe4","hashSHA1":"c1bc52c8f76d40f26c36250aa90a2c41d5f58a46","hashSHA256":"c1e761ffcd82c3b1f4b0d40ec9bccead982999031ae9bae84a5e7464d3b3dc7a","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"644","avBlockList":["COMODO Antivirus (20240604)","Dr.Web Security Space (20240604)","ESET Internet Security (20240604)","K7 Total Security (20240604)","Malwarebytes Premium (20240604)","Norton Security (20240604)","Panda Dome (20240604)","Quick Heal Internet Security (20240604)","Sophos Home Premium (20240604)","VirIT eXplorer PRO (20240604)","Webroot SecureAnywhere (20240604)"],"avAllowList":["360 Total Security (20240604)","Avast Premium Security (20240604)","AVG Internet Security (20240604)","Avira Internet Security (20240604)","Bitdefender Internet Security (20240604)","G DATA INTERNET SECURITY (20240604)","Kaspersky Internet Security (20240604)","McAfee Total Protection (20240604)","SpyHunter5 (20240604)","Total AV Antivirus Pro (20240604)","Trend Micro Internet Security (20240604)","VIPRE Advanced Security (20240604)","Windows Defender (20240604)"]},{"isRevoked":"False","fileName":"btweb_installer_240510.exe","isInstaller":"True","fileVersion":"1.4","hashMD5":"25938d1a2c77cf00c47719bac2bd2eda","hashSHA1":"4384c49bd461a3e24590497677349dbc23cb8b7c","hashSHA256":"88a12181a722e8dca5cf65f7e0277601d7731ee5ac5a404e1c3818df5da1d2f1","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"644","avBlockList":["COMODO Antivirus (20240903)","Dr.Web Security Space (20240903)","ESET Internet Security (20240903)","FortectPremium (20240903)","G DATA INTERNET SECURITY (20240903)","Malwarebytes Premium (20240903)","Norton Security (20240903)","Panda Dome (20240903)","Sophos Home Premium (20240903)","VirIT eXplorer PRO (20240903)","Webroot SecureAnywhere (20240903)"],"avAllowList":["360 Total Security (20240903)","Avast Premium Security (20240903)","AVG Internet Security (20240903)","Avira Internet Security (20240903)","Bitdefender Internet Security (20240903)","K7 Total Security (20240903)","KasperskyPremium (20240903)","McAfee Total Protection (20240903)","Quick Heal Internet Security (20240903)","SpyHunter5 (20240903)","Total AV Antivirus Pro (20240903)","Trend Micro Internet Security (20240903)","VIPRE Advanced Security (20240903)","Windows Defender (20240903)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt on torrent applications","reference":"","landingPage":"https://www.bittorrent.com/","directDownloadingLink":"https://www.bittorrent.com/downloads/complete/","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.bittorrent.com/downloads/complete/","sourceIndex":"644"}],"sampleFiles":["240521/bittorrentweb-211217/1.4.0.5768/Samples/btweb_installer.exe","240521/bittorrentweb-211217/1.4.0.5768/Samples/btweb_installer_240403.exe","240521/bittorrentweb-211217/1.4.0.5768/Samples/btweb_installer_240405.exe","240521/bittorrentweb-211217/1.4.0.5768/Samples/btweb_installer_240408.exe","240521/bittorrentweb-211217/1.4.0.5768/Samples/btweb_installer_240410.exe","240521/bittorrentweb-211217/1.4.0.5768/Samples/btweb_installer_240412.exe","240521/bittorrentweb-211217/1.4.0.5768/Samples/btweb_installer_240418.exe","240521/bittorrentweb-211217/1.4.0.5768/Samples/btweb_installer_240422.exe","240521/bittorrentweb-211217/1.4.0.5768/Samples/btweb_installer_240510.exe"],"imageFiles":["240521/bittorrentweb-211217/1.4.0.5768/Images/ACR-048/ACR-048.PNG","240521/bittorrentweb-211217/1.4.0.5768/Images/ACR-084/ACR-084.PNG","240521/bittorrentweb-211217/1.4.0.5768/Images/ACR-097/ACR-097.PNG","240521/bittorrentweb-211217/1.4.0.5768/Images/ACR-118/ACR-118.PNG","240521/bittorrentweb-211217/1.4.0.5768/Images/ACR-014/ACR-014.PNG","240521/bittorrentweb-211217/1.4.0.5768/Images/ACR-013/ACR-013.PNG","240521/bittorrentweb-211217/1.4.0.5768/Images/ACR-013/ACR-013_1.PNG","240521/bittorrentweb-211217/1.4.0.5768/Images/ACR-013/ACR-013_2.PNG","240521/bittorrentweb-211217/1.4.0.5768/Images/ACR-060/ACR-060.PNG","240521/bittorrentweb-211217/1.4.0.5768/Images/ACR-060/ACR-060_1.PNG","240521/bittorrentweb-211217/1.4.0.5768/Images/ACR-060/ACR-060_2.PNG"],"nonDeceptorImageFiles":["240521/bittorrentweb-211217/1.4.0.5768/Images/ACR-123/ACR-123.PNG"],"guid":"816175c9-984e-4c84-a8a4-98c0bd8788dd_1.4.0.5768_1","appID":"bittorrentweb-211217","dateAdded":"260204","deceptorType":"App","name":"Bit Torrent Web","company":"BitTorrent Inc.","version":"1.4.0.5768","lastKnownStatus":"1.2.7.4186;1.2.8.4523;1.2.9.4938;1.2.10.5208;1.3.0.5655;1.3.0.5665;1.3.0.5666;1.3.0.5669;1.3.0.5670;1.3.0.5671;1.3.0.5672;1.4.0.5714;1.4.0.5759;1.4.0.5768;1.4.0.5822;1.4.0.5825;1.4.0.5828;1.4.0.5871;1.5.0.6335","lastKnownDate":"260204","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2026-05-12T22:59:54.5563604+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":19,"sortOrder":117},{"violations":{"ACR-048":"The app does not provide any control to cancel the installation.\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software. \n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software.\n","ACR-084":"On closing the app, application doesn't exit completely. It runs silently in the background, hiding the fact that it is active from the consumer without any notification. \n","ACR-097":"The app adds an exception for Windows firewall to evade the default system security guard.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components on the device without the consumer's consent. \n","ACR-014":"The \"Accept\" button on the Opera Browser offer is used for two things: accepting an offer and accepting opera as the default browser. The \"Accept\" button is misleading and confusing because the user is easily led to believe that \"accept\" is only for installing Opera and not for changing his system browser default settings.\n"},"nonDeceptorViolations":{"ACR-123":"The app does not remove the startup even after uninstall and reboot. \n"},"samples":[{"isRevoked":"False","fileName":"btweb_installer.exe","isInstaller":"True","companyName":"                                                            ","productName":"BіtТorrеnt Web®                                             ","productVersion":"1.4                                               ","fileVersion":"1.4                 ","hashMD5":"a0af78d3d8e14da139a3a7d9d751efe4","hashSHA1":"c1bc52c8f76d40f26c36250aa90a2c41d5f58a46","hashSHA256":"c1e761ffcd82c3b1f4b0d40ec9bccead982999031ae9bae84a5e7464d3b3dc7a","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Rainberry Inc","storeId":"","sourceIndex":"611","avBlockList":["COMODO Antivirus (20240604)","Dr.Web Security Space (20240604)","ESET Internet Security (20240604)","K7 Total Security (20240604)","Malwarebytes Premium (20240604)","Norton Security (20240604)","Panda Dome (20240604)","Quick Heal Internet Security (20240604)","Sophos Home Premium (20240604)","VirIT eXplorer PRO (20240604)","Webroot SecureAnywhere (20240604)"],"avAllowList":["360 Total Security (20240604)","Avast Premium Security (20240604)","AVG Internet Security (20240604)","Avira Internet Security (20240604)","Bitdefender Internet Security (20240604)","G DATA INTERNET SECURITY (20240604)","Kaspersky Internet Security (20240604)","McAfee Total Protection (20240604)","SpyHunter5 (20240604)","Total AV Antivirus Pro (20240604)","Trend Micro Internet Security (20240604)","VIPRE Advanced Security (20240604)","Windows Defender (20240604)"]},{"isRevoked":"False","fileName":"btweb_installer_240528.exe","isInstaller":"True","fileVersion":"1.4","hashMD5":"d4a246b11f90dcde0590bf609fd817a6","hashSHA1":"37d546136ea00562a8b59b6a08e10157e12cc5a2","hashSHA256":"32457194643e2a93fc9e10e5b94496d37320bd7c8a4a9554cbfc1ea2ac812636","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"611","avBlockList":["COMODO Antivirus (20240806)","Dr.Web Security Space (20240806)","ESET Internet Security (20240806)","FortectPremium (20240806)","K7 Total Security (20240806)","Malwarebytes Premium (20240806)","Norton Security (20240806)","Quick Heal Internet Security (20240806)","Sophos Home Premium (20240806)","VirIT eXplorer PRO (20240806)","Webroot SecureAnywhere (20240806)"],"avAllowList":["360 Total Security (20240806)","Avast Premium Security (20240806)","AVG Internet Security (20240806)","Avira Internet Security (20240806)","Bitdefender Internet Security (20240806)","G DATA INTERNET SECURITY (20240806)","KasperskyPremium (20240806)","McAfee Total Protection (20240806)","Panda Dome (20240806)","SpyHunter5 (20240806)","Total AV Antivirus Pro (20240806)","Trend Micro Internet Security (20240806)","VIPRE Advanced Security (20240806)","Windows Defender (20240806)"]},{"isRevoked":"False","fileName":"btweb_installer_240530.exe","isInstaller":"True","fileVersion":"1.4","hashMD5":"1a87e758e0ca4465aa9627f614d1e21a","hashSHA1":"39e7c5251e4f8369d7abe80952ced304472c633c","hashSHA256":"46c8199f91013cb2b13882658c433dda04a991665869d3c677009ddfc1965af1","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"611","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"btweb_installer_240530_1.exe","isInstaller":"True","fileVersion":"1.4","hashMD5":"25938d1a2c77cf00c47719bac2bd2eda","hashSHA1":"4384c49bd461a3e24590497677349dbc23cb8b7c","hashSHA256":"88a12181a722e8dca5cf65f7e0277601d7731ee5ac5a404e1c3818df5da1d2f1","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"611","avBlockList":["COMODO Antivirus (20240903)","Dr.Web Security Space (20240903)","ESET Internet Security (20240903)","FortectPremium (20240903)","G DATA INTERNET SECURITY (20240903)","Malwarebytes Premium (20240903)","Norton Security (20240903)","Panda Dome (20240903)","Sophos Home Premium (20240903)","VirIT eXplorer PRO (20240903)","Webroot SecureAnywhere (20240903)"],"avAllowList":["360 Total Security (20240903)","Avast Premium Security (20240903)","AVG Internet Security (20240903)","Avira Internet Security (20240903)","Bitdefender Internet Security (20240903)","K7 Total Security (20240903)","KasperskyPremium (20240903)","McAfee Total Protection (20240903)","Quick Heal Internet Security (20240903)","SpyHunter5 (20240903)","Total AV Antivirus Pro (20240903)","Trend Micro Internet Security (20240903)","VIPRE Advanced Security (20240903)","Windows Defender (20240903)"]},{"isRevoked":"False","fileName":"btweb_installer_240605.exe","isInstaller":"True","fileVersion":"1.4","hashMD5":"6521003dc3a754efa45488de755aa668","hashSHA1":"84eda07e20228b7840ebccb62ab75631a1be7609","hashSHA256":"77e763b5038298d9a8e0fca92c50f44ed579ee53569bcac278c38e04db4e8ec7","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"611","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"btweb_installer_240607.exe","isInstaller":"True","fileVersion":"1.4","hashMD5":"90c65f2eef4fb0fde06e4438516fc7bf","hashSHA1":"95f0c89074a6f3836f599a683ab97df24fcc0f37","hashSHA256":"17ab35a9af6f01a416780732ea5a4e913264de38815a81942570a96ad6fa035d","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"611","avBlockList":["COMODO Antivirus (20240820)","Dr.Web Security Space (20240820)","ESET Internet Security (20240820)","FortectPremium (20240820)","K7 Total Security (20240820)","Malwarebytes Premium (20240820)","Norton Security (20240820)","Quick Heal Internet Security (20240820)","Sophos Home Premium (20240820)","Total AV Antivirus Pro (20240820)","VirIT eXplorer PRO (20240820)","Webroot SecureAnywhere (20240820)"],"avAllowList":["360 Total Security (20240820)","Avast Premium Security (20240820)","AVG Internet Security (20240820)","Avira Internet Security (20240820)","Bitdefender Internet Security (20240820)","G DATA INTERNET SECURITY (20240820)","KasperskyPremium (20240820)","McAfee Total Protection (20240820)","Panda Dome (20240820)","SpyHunter5 (20240820)","Trend Micro Internet Security (20240820)","VIPRE Advanced Security (20240820)","Windows Defender (20240820)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt on torrent applications","reference":"","landingPage":"https://www.bittorrent.com/","directDownloadingLink":"https://www.bittorrent.com/downloads/complete/","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.bittorrent.com/downloads/complete/","sourceIndex":"611"}],"sampleFiles":["240709/bittorrentweb-211217/1.4.0.5822/Samples/btweb_installer.exe","240709/bittorrentweb-211217/1.4.0.5822/Samples/btweb_installer_240528.exe","240709/bittorrentweb-211217/1.4.0.5822/Samples/btweb_installer_240530.exe","240709/bittorrentweb-211217/1.4.0.5822/Samples/btweb_installer_240530_1.exe","240709/bittorrentweb-211217/1.4.0.5822/Samples/btweb_installer_240605.exe","240709/bittorrentweb-211217/1.4.0.5822/Samples/btweb_installer_240607.exe"],"imageFiles":["240709/bittorrentweb-211217/1.4.0.5822/Images/ACR-048/ACR-048.PNG","240709/bittorrentweb-211217/1.4.0.5822/Images/ACR-084/ACR-084.PNG","240709/bittorrentweb-211217/1.4.0.5822/Images/ACR-097/ACR-097.PNG","240709/bittorrentweb-211217/1.4.0.5822/Images/ACR-118/ACR-118.PNG","240709/bittorrentweb-211217/1.4.0.5822/Images/ACR-014/ACR-014.PNG","240709/bittorrentweb-211217/1.4.0.5822/Images/ACR-013/ACR-013.PNG","240709/bittorrentweb-211217/1.4.0.5822/Images/ACR-013/ACR-013_1.PNG","240709/bittorrentweb-211217/1.4.0.5822/Images/ACR-013/ACR-013_2.PNG","240709/bittorrentweb-211217/1.4.0.5822/Images/ACR-060/ACR-060.PNG","240709/bittorrentweb-211217/1.4.0.5822/Images/ACR-060/ACR-060_1.PNG","240709/bittorrentweb-211217/1.4.0.5822/Images/ACR-060/ACR-060_2.PNG"],"nonDeceptorImageFiles":["240709/bittorrentweb-211217/1.4.0.5822/Images/ACR-123/ACR-123.PNG"],"guid":"816175c9-984e-4c84-a8a4-98c0bd8788dd_1.4.0.5822_1","appID":"bittorrentweb-211217","dateAdded":"260204","deceptorType":"App","name":"Bit Torrent Web","company":"BitTorrent Inc.","version":"1.4.0.5822","lastKnownStatus":"1.2.7.4186;1.2.8.4523;1.2.9.4938;1.2.10.5208;1.3.0.5655;1.3.0.5665;1.3.0.5666;1.3.0.5669;1.3.0.5670;1.3.0.5671;1.3.0.5672;1.4.0.5714;1.4.0.5759;1.4.0.5768;1.4.0.5822;1.4.0.5825;1.4.0.5828;1.4.0.5871;1.5.0.6335","lastKnownDate":"260204","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2026-05-12T22:59:53.4219613+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":19,"sortOrder":116},{"violations":{"ACR-048":"The app does not provide any control to cancel the installation.\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software. \n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software.\n","ACR-084":"On closing the app, application doesn't exit completely. It runs silently in the background, hiding the fact that it is active from the consumer without any notification. \n","ACR-097":"The app adds an exception for Windows firewall to evade the default system security guard.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components on the device without the consumer's consent. \n","ACR-014":"The \"Accept\" button on the Opera Browser offer is used for two things: accepting an offer and accepting opera as the default browser. The \"Accept\" button is misleading and confusing because the user is easily led to believe that \"accept\" is only for installing Opera and not for changing his system browser default settings.\n"},"nonDeceptorViolations":{"ACR-123":"The app does not remove the startup even after uninstall and reboot. \n"},"samples":[{"isRevoked":"False","fileName":"btweb_installer.exe","isInstaller":"True","companyName":"                                                            ","productName":"BіtТorrеnt Web®                                             ","productVersion":"1.4                                               ","fileVersion":"1.4                 ","hashMD5":"d4a246b11f90dcde0590bf609fd817a6","hashSHA1":"37d546136ea00562a8b59b6a08e10157e12cc5a2","hashSHA256":"32457194643e2a93fc9e10e5b94496d37320bd7c8a4a9554cbfc1ea2ac812636","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Rainberry Inc","storeId":"","sourceIndex":"595","avBlockList":["COMODO Antivirus (20240806)","Dr.Web Security Space (20240806)","ESET Internet Security (20240806)","FortectPremium (20240806)","K7 Total Security (20240806)","Malwarebytes Premium (20240806)","Norton Security (20240806)","Quick Heal Internet Security (20240806)","Sophos Home Premium (20240806)","VirIT eXplorer PRO (20240806)","Webroot SecureAnywhere (20240806)"],"avAllowList":["360 Total Security (20240806)","Avast Premium Security (20240806)","AVG Internet Security (20240806)","Avira Internet Security (20240806)","Bitdefender Internet Security (20240806)","G DATA INTERNET SECURITY (20240806)","KasperskyPremium (20240806)","McAfee Total Protection (20240806)","Panda Dome (20240806)","SpyHunter5 (20240806)","Total AV Antivirus Pro (20240806)","Trend Micro Internet Security (20240806)","VIPRE Advanced Security (20240806)","Windows Defender (20240806)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt on torrent applications","reference":"","landingPage":"https://www.bittorrent.com/","directDownloadingLink":"https://www.bittorrent.com/downloads/complete/","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.bittorrent.com/downloads/complete/","sourceIndex":"595"}],"sampleFiles":["240715/bittorrentweb-211217/1.4.0.5825/Samples/btweb_installer.exe"],"imageFiles":["240715/bittorrentweb-211217/1.4.0.5825/Images/ACR-048/ACR-048.PNG","240715/bittorrentweb-211217/1.4.0.5825/Images/ACR-084/ACR-084.PNG","240715/bittorrentweb-211217/1.4.0.5825/Images/ACR-097/ACR-097.PNG","240715/bittorrentweb-211217/1.4.0.5825/Images/ACR-118/ACR-118.PNG","240715/bittorrentweb-211217/1.4.0.5825/Images/ACR-014/ACR-014.PNG","240715/bittorrentweb-211217/1.4.0.5825/Images/ACR-013/ACR-013.PNG","240715/bittorrentweb-211217/1.4.0.5825/Images/ACR-013/ACR-013_1.PNG","240715/bittorrentweb-211217/1.4.0.5825/Images/ACR-013/ACR-013_2.PNG","240715/bittorrentweb-211217/1.4.0.5825/Images/ACR-060/ACR-060.PNG","240715/bittorrentweb-211217/1.4.0.5825/Images/ACR-060/ACR-060_1.PNG","240715/bittorrentweb-211217/1.4.0.5825/Images/ACR-060/ACR-060_2.PNG"],"nonDeceptorImageFiles":["240715/bittorrentweb-211217/1.4.0.5825/Images/ACR-123/ACR-123.PNG"],"guid":"816175c9-984e-4c84-a8a4-98c0bd8788dd_1.4.0.5825_1","appID":"bittorrentweb-211217","dateAdded":"260204","deceptorType":"App","name":"Bit Torrent Web","company":"BitTorrent Inc.","version":"1.4.0.5825","lastKnownStatus":"1.2.7.4186;1.2.8.4523;1.2.9.4938;1.2.10.5208;1.3.0.5655;1.3.0.5665;1.3.0.5666;1.3.0.5669;1.3.0.5670;1.3.0.5671;1.3.0.5672;1.4.0.5714;1.4.0.5759;1.4.0.5768;1.4.0.5822;1.4.0.5825;1.4.0.5828;1.4.0.5871;1.5.0.6335","lastKnownDate":"260204","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2026-05-12T22:59:52.4263528+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":19,"sortOrder":115},{"violations":{"ACR-048":"The app does not provide any control to cancel the installation.\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software. \n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software.\n","ACR-084":"On closing the app, application doesn't exit completely. It runs silently in the background, hiding the fact that it is active from the consumer without any notification. \n","ACR-097":"The app adds an exception for Windows firewall to evade the default system security guard.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components on the device without the consumer's consent. \n","ACR-014":"The \"Accept\" button on the Opera Browser offer is used for two things: accepting an offer and accepting opera as the default browser. The \"Accept\" button is misleading and confusing because the user is easily led to believe that \"accept\" is only for installing Opera and not for changing his system browser default settings.\n"},"nonDeceptorViolations":{"ACR-123":"The app does not remove the startup even after uninstall and reboot. \n"},"samples":[{"isRevoked":"False","fileName":"btweb_installer.exe","isInstaller":"True","companyName":"                                                            ","productName":"BіtТorrеnt Web®                                             ","productVersion":"1.4                                               ","fileVersion":"1.4                 ","hashMD5":"25938d1a2c77cf00c47719bac2bd2eda","hashSHA1":"4384c49bd461a3e24590497677349dbc23cb8b7c","hashSHA256":"88a12181a722e8dca5cf65f7e0277601d7731ee5ac5a404e1c3818df5da1d2f1","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Rainberry Inc","storeId":"","sourceIndex":"578","avBlockList":["COMODO Antivirus (20240903)","Dr.Web Security Space (20240903)","ESET Internet Security (20240903)","FortectPremium (20240903)","G DATA INTERNET SECURITY (20240903)","Malwarebytes Premium (20240903)","Norton Security (20240903)","Panda Dome (20240903)","Sophos Home Premium (20240903)","VirIT eXplorer PRO (20240903)","Webroot SecureAnywhere (20240903)"],"avAllowList":["360 Total Security (20240903)","Avast Premium Security (20240903)","AVG Internet Security (20240903)","Avira Internet Security (20240903)","Bitdefender Internet Security (20240903)","K7 Total Security (20240903)","KasperskyPremium (20240903)","McAfee Total Protection (20240903)","Quick Heal Internet Security (20240903)","SpyHunter5 (20240903)","Total AV Antivirus Pro (20240903)","Trend Micro Internet Security (20240903)","VIPRE Advanced Security (20240903)","Windows Defender (20240903)"]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on windows app","reference":"","landingPage":"https://www.bittorrent.com/","directDownloadingLink":"https://www.bittorrent.com/downloads/complete/","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.bittorrent.com/downloads/complete/","sourceIndex":"578"}],"sampleFiles":["240805/bittorrentweb-211217/1.4.0.5828/Samples/btweb_installer.exe"],"imageFiles":["240805/bittorrentweb-211217/1.4.0.5828/Images/ACR-048/ACR-048.PNG","240805/bittorrentweb-211217/1.4.0.5828/Images/ACR-084/ACR-084.PNG","240805/bittorrentweb-211217/1.4.0.5828/Images/ACR-097/ACR-097.PNG","240805/bittorrentweb-211217/1.4.0.5828/Images/ACR-118/ACR-118.PNG","240805/bittorrentweb-211217/1.4.0.5828/Images/ACR-014/ACR-014.PNG","240805/bittorrentweb-211217/1.4.0.5828/Images/ACR-013/ACR-013.PNG","240805/bittorrentweb-211217/1.4.0.5828/Images/ACR-013/ACR-013_1.PNG","240805/bittorrentweb-211217/1.4.0.5828/Images/ACR-013/ACR-013_2.PNG","240805/bittorrentweb-211217/1.4.0.5828/Images/ACR-060/ACR-060.PNG","240805/bittorrentweb-211217/1.4.0.5828/Images/ACR-060/ACR-060_1.PNG","240805/bittorrentweb-211217/1.4.0.5828/Images/ACR-060/ACR-060_2.PNG"],"nonDeceptorImageFiles":["240805/bittorrentweb-211217/1.4.0.5828/Images/ACR-123/ACR-123.PNG"],"guid":"816175c9-984e-4c84-a8a4-98c0bd8788dd_1.4.0.5828_1","appID":"bittorrentweb-211217","dateAdded":"260204","deceptorType":"App","name":"Bit Torrent Web","company":"BitTorrent Inc.","version":"1.4.0.5828","lastKnownStatus":"1.2.7.4186;1.2.8.4523;1.2.9.4938;1.2.10.5208;1.3.0.5655;1.3.0.5665;1.3.0.5666;1.3.0.5669;1.3.0.5670;1.3.0.5671;1.3.0.5672;1.4.0.5714;1.4.0.5759;1.4.0.5768;1.4.0.5822;1.4.0.5825;1.4.0.5828;1.4.0.5871;1.5.0.6335","lastKnownDate":"260204","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2026-05-12T22:59:51.732004+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":19,"sortOrder":114},{"violations":{"ACR-048":"The app does not provide any control to cancel the installation.\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software. \n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software.\n","ACR-084":"On closing the app, application doesn't exit completely. It runs silently in the background, hiding the fact that it is active from the consumer without any notification. \n","ACR-097":"The app adds an exception for Windows firewall to evade the default system security guard.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components on the device without the consumer's consent. \n","ACR-014":"The \"Accept\" button on the Opera Browser offer is used for two things: accepting an offer and accepting opera as the default browser. The \"Accept\" button is misleading and confusing because the user is easily led to believe that \"accept\" is only for installing Opera and not for changing his system browser default settings.\n"},"nonDeceptorViolations":{"ACR-123":"The app does not remove the startup even after uninstall and reboot. \n"},"samples":[{"isRevoked":"False","fileName":"btweb_installer.exe","isInstaller":"True","companyName":"                                                            ","productName":"BіtТorrеnt Web®                                             ","productVersion":"1.4                                               ","fileVersion":"1.4                 ","hashMD5":"13dbfeb74ba504b96a297ec4e7962b2a","hashSHA1":"dabdf7fc4de85016bb6b88f46493ac4c9a37ddde","hashSHA256":"208b2c6cd28f96a824f6e3ab53b5b60d703e6a932b37e15f3c4ab4bc8b6301e0","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Rainberry Inc","storeId":"","sourceIndex":"559","avBlockList":["COMODO Antivirus (20260205)","Dr.Web Security Space (20260205)","ESET Internet Security (20260205)","Malwarebytes Premium (20260205)","Panda Dome (20260205)","Sophos Home Premium (20260205)","VirIT eXplorer PRO (20260205)","Webroot SecureAnywhere (20260205)","Windows Defender (20260205)"],"avAllowList":["360 Total Security (20260205)","Avast Premium Security (20260205)","AVG Internet Security (20260205)","Avira Internet Security (20260205)","Bitdefender Internet Security (20260205)","FortectPremium (20260205)","G DATA INTERNET SECURITY (20260205)","K7 Total Security (20260205)","KasperskyPremium (20260205)","McAfee Total Protection (20260205)","Norton Security (20260205)","Quick Heal Internet Security (20260205)","SpyHunter5 (20260205)","Total AV Antivirus Pro (20260205)","Trend Micro Internet Security (20260205)","VIPRE Advanced Security (20260205)"]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on windows app","reference":"","landingPage":"https://www.bittorrent.com/","directDownloadingLink":"https://www.bittorrent.com/downloads/complete/","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.bittorrent.com/downloads/complete/","sourceIndex":"559"}],"sampleFiles":["240905/bittorrentweb-211217/1.4.0.5871/Samples/btweb_installer.exe"],"imageFiles":["240905/bittorrentweb-211217/1.4.0.5871/Images/ACR-048/ACR-048.PNG","240905/bittorrentweb-211217/1.4.0.5871/Images/ACR-084/ACR-084.PNG","240905/bittorrentweb-211217/1.4.0.5871/Images/ACR-097/ACR-097.PNG","240905/bittorrentweb-211217/1.4.0.5871/Images/ACR-118/ACR-118.PNG","240905/bittorrentweb-211217/1.4.0.5871/Images/ACR-014/ACR-014.PNG","240905/bittorrentweb-211217/1.4.0.5871/Images/ACR-013/ACR-013.PNG","240905/bittorrentweb-211217/1.4.0.5871/Images/ACR-013/ACR-013_1.PNG","240905/bittorrentweb-211217/1.4.0.5871/Images/ACR-013/ACR-013_2.PNG","240905/bittorrentweb-211217/1.4.0.5871/Images/ACR-060/ACR-060.PNG","240905/bittorrentweb-211217/1.4.0.5871/Images/ACR-060/ACR-060_1.PNG","240905/bittorrentweb-211217/1.4.0.5871/Images/ACR-060/ACR-060_2.PNG"],"nonDeceptorImageFiles":["240905/bittorrentweb-211217/1.4.0.5871/Images/ACR-123/ACR-123.PNG"],"guid":"816175c9-984e-4c84-a8a4-98c0bd8788dd_1.4.0.5871_1","appID":"bittorrentweb-211217","dateAdded":"260204","deceptorType":"App","name":"Bit Torrent Web","company":"BitTorrent Inc.","version":"1.4.0.5871","lastKnownStatus":"1.2.7.4186;1.2.8.4523;1.2.9.4938;1.2.10.5208;1.3.0.5655;1.3.0.5665;1.3.0.5666;1.3.0.5669;1.3.0.5670;1.3.0.5671;1.3.0.5672;1.4.0.5714;1.4.0.5759;1.4.0.5768;1.4.0.5822;1.4.0.5825;1.4.0.5828;1.4.0.5871;1.5.0.6335","lastKnownDate":"260204","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2026-05-12T22:59:50.8126652+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":19,"sortOrder":113},{"violations":{"ACR-048":"The app does not provide any control to cancel the installation.\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software. \n","ACR-084":"On closing the app, application doesn't exit completely. It runs silently in the background, hiding the fact that it is active from the consumer without any notification. \n","ACR-097":"The app adds an exception for Windows firewall to evade the default system security guard.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components on the device without the consumer's consent. \n"},"nonDeceptorViolations":{"ACR-040":"The app installs its components in \"C:\\Users\\User\\AppData\\Roaming\" path, instead of a standard location.\n","ACR-123":"The app does not remove the startup even after uninstall and reboot. \n"},"samples":[{"isRevoked":"False","fileName":"btweb_installer.exe","isInstaller":"True","productName":"ΒitTοrrent Web®","productVersion":"1.4.0","fileVersion":"1.4.0","hashMD5":"2903d9371d9470fc24aa12a9661f570d","hashSHA1":"2c44e0dadb9b23fd4a56892cc4bd19e5cc7e4de5","hashSHA256":"0fd55b0101b713f2e0afe5ef1117d8ecf4753a036f9ffef8dec45cda9af255a8","digitalCertThumbprint":"03F072F141084FFE88CF28E65258CEE35071F961","digitalCertIssuer":"CN=Sectigo Public Code Signing CA EV R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=Cassini Labs Ltd, O=Cassini Labs Ltd, S=Tel Aviv, C=IL, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=IL, SERIALNUMBER=514758457","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"124","avBlockList":["360 Total Security (20260428)","Bitdefender Internet Security (20260428)","COMODO Antivirus (20260428)","ESET Internet Security (20260428)","FortectPremium (20260428)","G DATA INTERNET SECURITY (20260428)","K7 Total Security (20260428)","Malwarebytes Premium (20260428)","Panda Dome (20260428)","Quick Heal Internet Security (20260428)","Sophos Home Premium (20260428)","SpyHunter5 (20260428)","VIPRE Advanced Security (20260428)","VirIT eXplorer PRO (20260428)","Webroot SecureAnywhere (20260428)","Windows Defender (20260428)"],"avAllowList":["Avast Premium Security (20260428)","AVG Internet Security (20260428)","Avira Internet Security (20260428)","Dr.Web Security Space (20260428)","KasperskyPremium (20260428)","McAfee Total Protection (20260428)","Norton Security (20260428)","Total AV Antivirus Pro (20260428)","Trend Micro Internet Security (20260428)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt on torrent applications","reference":"","landingPage":"https://www.bittorrent.com/","directDownloadingLink":"https://www.bittorrent.com/bea2b202-165d-46a5-b153-6bc219165a15","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.bittorrent.com/bea2b202-165d-46a5-b153-6bc219165a15","sourceIndex":"124"}],"sampleFiles":["260204/bittorrentweb-211217/1.5.0.6335/Samples/btweb_installer.exe"],"imageFiles":["260204/bittorrentweb-211217/1.5.0.6335/Images/ACR-048/ACR-048.png","260204/bittorrentweb-211217/1.5.0.6335/Images/ACR-084/ACR-084.png","260204/bittorrentweb-211217/1.5.0.6335/Images/ACR-097/ACR-097.png","260204/bittorrentweb-211217/1.5.0.6335/Images/ACR-118/ACR-118.png","260204/bittorrentweb-211217/1.5.0.6335/Images/ACR-013/offer1.png","260204/bittorrentweb-211217/1.5.0.6335/Images/ACR-013/offer2.png"],"nonDeceptorImageFiles":["260204/bittorrentweb-211217/1.5.0.6335/Images/ACR-040/ACR-040.png","260204/bittorrentweb-211217/1.5.0.6335/Images/ACR-123/ACR-123.png"],"guid":"816175c9-984e-4c84-a8a4-98c0bd8788dd_1.5.0.6335_1","appID":"bittorrentweb-211217","dateAdded":"260204","deceptorType":"App","name":"Bit Torrent Web","company":"BitTorrent Inc.","version":"1.5.0.6335","lastKnownStatus":"1.2.7.4186;1.2.8.4523;1.2.9.4938;1.2.10.5208;1.3.0.5655;1.3.0.5665;1.3.0.5666;1.3.0.5669;1.3.0.5670;1.3.0.5671;1.3.0.5672;1.4.0.5714;1.4.0.5759;1.4.0.5768;1.4.0.5822;1.4.0.5825;1.4.0.5828;1.4.0.5871;1.5.0.6335","lastKnownDate":"260204","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2026-05-12T22:59:37.6975176+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":19,"sortOrder":112},{"violations":{"ACR-048":"The app does not provide any control to cancel the installation. Even on canceling it installs the application.\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software. \n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software.\n","ACR-084":"On closing the app, application doesn't exit completely. It runs silently in the background, hiding the fact that it is active from the consumer without any notification. \n","ACR-097":"The app adds an exception for Windows firewall to evade the default system security guard.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components on the device without the consumer's consent. \n"},"nonDeceptorViolations":{"ACR-123":"The app does not remove the startup even after uninstall and reboot. \n"},"samples":[{"isRevoked":"False","fileName":"C:\\Users\\User\\AppData\\Roaming\\BitTorrent Web\\btweb.exe","companyName":"BitTorrent Inc.","productName":"BitTorrent Web","productVersion":"1.3.0.5672","fileVersion":"1.3.0.5672","hashMD5":"ec03f7797d56ff1f8a0362da7abd6ee8","hashSHA1":"647dfd7548a52b0cbb5a9158eb205527734db787","hashSHA256":"5e50a17acfa2fd781c2dc042bec64694ff58a10e1e1bc226f8b93f014a9ad3fe","digitalCertThumbprint":"09AFB68255629E565090CAC7EA49AAD67143FA93","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Rainberry Inc","storeId":"","sourceIndex":"838","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"btweb_installer.exe","isInstaller":"True","companyName":"                                                            ","productName":"BіtTorrent Web®                                         ","productVersion":"1.3                                          ","fileVersion":"1.3                 ","hashMD5":"113f239ad9036810ee3a54687c87d604","hashSHA1":"0501131a733948444f8aafc832bf94fd788f6f24","hashSHA256":"39637b6bfb998aef33ee067095ade1095cfb8ebe11db7a11af9b3291893cbacc","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Rainberry Inc","storeId":"","sourceIndex":"838","avBlockList":["COMODO Antivirus (20240625)","Dr.Web Security Space (20240625)","ESET Internet Security (20240625)","G DATA INTERNET SECURITY (20240625)","K7 Total Security (20240625)","Malwarebytes Premium (20240625)","Norton Security (20240625)","Panda Dome (20240625)","Quick Heal Internet Security (20240625)","Sophos Home Premium (20240625)","VirIT eXplorer PRO (20240625)","Webroot SecureAnywhere (20240625)"],"avAllowList":["360 Total Security (20240625)","Avast Premium Security (20240625)","AVG Internet Security (20240625)","Avira Internet Security (20240625)","Bitdefender Internet Security (20240625)","Kaspersky Internet Security (20240625)","McAfee Total Protection (20240625)","SpyHunter5 (20240625)","Total AV Antivirus Pro (20240625)","Trend Micro Internet Security (20240625)","VIPRE Advanced Security (20240625)","Windows Defender (20240625)"]},{"isRevoked":"False","fileName":"btweb_installer_230814.exe","isInstaller":"True","productName":"BіtTorrent Web®","productVersion":"1.3","fileVersion":"1.3","hashMD5":"be669526b53fdc2df31747f4127f1fb1","hashSHA1":"a36bccb2946e7157fe3e6eb1d32c15b0a11921e5","hashSHA256":"87d1615f8869a7d12a0196f3a262e7cc066499d9dd34408131db6e0fbbefca7b","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"838","avBlockList":["COMODO Antivirus (20240808)","Dr.Web Security Space (20240808)","ESET Internet Security (20240808)","FortectPremium (20240808)","G DATA INTERNET SECURITY (20240808)","K7 Total Security (20240808)","Malwarebytes Premium (20240808)","Norton Security (20240808)","Panda Dome (20240808)","Quick Heal Internet Security (20240808)","Sophos Home Premium (20240808)","VirIT eXplorer PRO (20240808)","Webroot SecureAnywhere (20240808)"],"avAllowList":["360 Total Security (20240808)","Avast Premium Security (20240808)","AVG Internet Security (20240808)","Avira Internet Security (20240808)","Bitdefender Internet Security (20240808)","KasperskyPremium (20240808)","McAfee Total Protection (20240808)","SpyHunter5 (20240808)","Total AV Antivirus Pro (20240808)","Trend Micro Internet Security (20240808)","VIPRE Advanced Security (20240808)","Windows Defender (20240808)"]},{"isRevoked":"False","fileName":"btweb_installer_230815.exe","isInstaller":"True","productName":"BіtTorrent Web®","productVersion":"1.3","fileVersion":"1.3","hashMD5":"bf451198883666440143320fd6a01eac","hashSHA1":"f454b950440412872b4d376011e50f6e8bc9289f","hashSHA256":"0129c5ac825784b2b38a91713afd90152d1e3d23d8a69946c0e1235c4942f48b","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"838","avBlockList":["COMODO Antivirus (20240815)","Dr.Web Security Space (20240815)","ESET Internet Security (20240815)","FortectPremium (20240815)","G DATA INTERNET SECURITY (20240815)","K7 Total Security (20240815)","Malwarebytes Premium (20240815)","Norton Security (20240815)","Panda Dome (20240815)","Quick Heal Internet Security (20240815)","Sophos Home Premium (20240815)","Total AV Antivirus Pro (20240815)","Trend Micro Internet Security (20240815)","VirIT eXplorer PRO (20240815)","Webroot SecureAnywhere (20240815)"],"avAllowList":["360 Total Security (20240815)","Avast Premium Security (20240815)","AVG Internet Security (20240815)","Avira Internet Security (20240815)","Bitdefender Internet Security (20240815)","KasperskyPremium (20240815)","McAfee Total Protection (20240815)","SpyHunter5 (20240815)","VIPRE Advanced Security (20240815)","Windows Defender (20240815)"]},{"isRevoked":"False","fileName":"btweb_installer_230816.exe","isInstaller":"True","productName":"BіtTorrent Web®   ","productVersion":"1.3","fileVersion":"1.3","hashMD5":"7ce4f35fcc0ac7a9dc8ae0218c9c7e69","hashSHA1":"3eb66d0213f28836a8bd2c6a520988c998c200f3","hashSHA256":"ba6422748c47d7fe4930f05cad2bbc8474f9109e8dbf48c501ff9dd1061b093a","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"838","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"btweb_installer_230818.exe","isInstaller":"True","productName":"BіtTorrent Web®  ","productVersion":"1.3","fileVersion":"1.3","hashMD5":"cd5b1cb0f6028218e97371372e2a39fb","hashSHA1":"f34e3856020798e847ec294572aba132d156a5d6","hashSHA256":"f48dfda671c9a06098e450583348618f38b0a038edc278ecd9ce19eda01ae7fe","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"838","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"btweb_installer_230822.exe","isInstaller":"True","productName":"BіtTorrent Web® ","productVersion":"1.3","fileVersion":"1.3","hashMD5":"df7d8049ba636943ec3774f642158888","hashSHA1":"f4378bfe64f6b4f7dbb77d7109d2cf9a9f1548f5","hashSHA256":"94cb8ba7b16b157f113a65def94eb9d7d8d7777d3a7fff077b5bf166ed0b447d","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"838","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"btweb_installer_230829.exe","isInstaller":"True","productName":"BіtTorrent Web®","productVersion":"1.3","fileVersion":"1.3","hashMD5":"c70664f30983ad1ff62d614d92022040","hashSHA1":"33c2b48e01247e5106bdacc48b54001e3e0dedeb","hashSHA256":"690b572ef919e2ffc7f3a45c2ee208bfd4068d9d7ad6520fb0f8b24ec1d688ee","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"838","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"btweb_installer230831.exe","isInstaller":"True","productName":"BіtTorrent Web®","productVersion":"1.3","fileVersion":"1.3","hashMD5":"23fe0aa072a296ae26e69f3258428c6a","hashSHA1":"23f5335c0eba8f6496a7bb9c6f99c4c4d5312187","hashSHA256":"a33dcbd5b7c0b1d72c5156d4da37b6b8377a7d62748ec95869b4b0348879d4dd","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"838","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"btweb_installer_230904.exe","isInstaller":"True","productName":"BіtTorrent Web®","productVersion":"1.3","fileVersion":"1.3","hashMD5":"e413ba9c41bf9b722c3b30aed4cb12e1","hashSHA1":"e6071b6aa0db7ef6c64e12af55851ea9a749069b","hashSHA256":"62b03bdcc3ccfdd77729c804e351a376dec7ee279cba9579914bfb3538a1a23a","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"838","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"btweb_installerr_230911.exe","isInstaller":"True","productName":"BіtTorrent Web®","productVersion":"1.3","fileVersion":"1.3","hashMD5":"3e62688264fa886497f8cedc8064e963","hashSHA1":"f832195a31d1421be99b56e30ec5c216f7bdc174","hashSHA256":"07776cb64160fd4dc8542f6b702b7a22c1879af145b635a6263c7b922876317b","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"838","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"btweb_installer_230912.exe","isInstaller":"True","productName":"BіtTorrent Web®","productVersion":"1.3","fileVersion":"1.3","hashMD5":"2b6f9cf6d20b897e3378758c4406a942","hashSHA1":"be40222072d5e2eeadf5a87b60e170ceba1047e8","hashSHA256":"cfe5d0431346c24a9a57ecb217e13a0d5f6ff785b719ddb19866d2e3cda8b5b8","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"838","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"btweb_installer_20230915.exe","isInstaller":"True","productName":"BіtTorrent Web®","productVersion":"1.3","fileVersion":"1.3","hashMD5":"c647bde45b8cd105de88b832f121d4c5","hashSHA1":"759a3e2095948a28248ff240ee3a1afa29ac26ea","hashSHA256":"1ea6814ad626efb231bc7b1711fed0d491d350eec9198cd6d1fa7a36b4cd5917","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"838","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"btweb_installer_20230919.exe","isInstaller":"True","productName":"BіtTorrent Web®","productVersion":"1.3","fileVersion":"1.3","hashMD5":"2e560c3397adc2dc8632e0943de4f6bd","hashSHA1":"f75f260f15e75032b4da4bc49b88a2736c279ee3","hashSHA256":"51cb3a3d2a43a26ad95be7878b3174d9c4ba525c0566c76c2b4aee923c130558","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"838","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"btweb_installer_230921.exe","isInstaller":"True","productName":"BіtTorrent Web®","productVersion":"1.3","fileVersion":"1.3","hashMD5":"1e61ae2b5c30ce17f56870a5e3dd9f94","hashSHA1":"4a55752d1aad5cc47260b9389bcbede99557a17f","hashSHA256":"589fc29b8a0fafbb96ce4de4a9feec5f8d3ddef3df8d207f687a6df6e65e5202","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"838","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"btweb_installer_230926.exe","isInstaller":"True","fileVersion":"1.3","hashMD5":"2aa5c0243d175f815b602fadf0b7653d","hashSHA1":"9a469c80d15dd206bd23023fd95c2049ba279ad9","hashSHA256":"421193b140c3e1bd20ed3df23a28b27f9f925cec48a9c45eb8cd42641d6ca88a","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"838","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"btweb_installer-230928.exe","isInstaller":"True","fileVersion":"1.3","hashMD5":"dee98aafa8278f654b13d70b91bf176e","hashSHA1":"28a6f87b4d169aa925c5ffcf4d092116b6ca7117","hashSHA256":"681f3c20e6b870d5ecbe88522d4e4b4e7506fc28b366d78300cc032c2194f149","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"838","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"btweb_installer_231006.exe","isInstaller":"True","fileVersion":"1.3","hashMD5":"356ad79bb75ddc58956aca6e2720ffb0","hashSHA1":"cb39d687ce1e5ad3d835293155b204d00b4d27c0","hashSHA256":"24b0c91c872eb815cc8497fd32c73ba0da96efb6437318d0b6418d9191806091","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"838","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"btweb_installer_231009.exe","isInstaller":"True","fileVersion":"1.3","hashMD5":"e5a95e37435a115385140d4dba05b3c1","hashSHA1":"37168ee4eab78d0581a6d9c2c331c12a5ecf20df","hashSHA256":"b68300f796cb773137ad3be405e2ecdb8b7a9ceceba0084d67e119e241405b17","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"838","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"btweb_installer_231010.exe","isInstaller":"True","fileVersion":"1.3","hashMD5":"55b218f754313cda9d8802c95de9f8ae","hashSHA1":"04e3089cde566e9ef922090a9acb0facb6c0199a","hashSHA256":"f12185813fa57049943f12d48da28948f64a09ff640fa21609b8cf29faa09d83","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"838","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"btweb_installer_231011.exe","isInstaller":"True","fileVersion":"1.3","hashMD5":"887a8b5e1c6fc671bb6a9b7f35ea3452","hashSHA1":"ef9939b98b78a53122d79ecabcd48c6bf9efe6d8","hashSHA256":"4c469df93b6555af03bfefe673cb61777cce6bdb6461c2171d24269b97999eec","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"838","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"btweb_installer_231013.exe","isInstaller":"True","fileVersion":"1.3","hashMD5":"e5eeee13efc1db8eb4072b9043b1c00c","hashSHA1":"d2662be97ed86405e946719ce5a7fc76b8ca28ba","hashSHA256":"44d380587394648f57b8bc30b159b1129fe5d242dda50207a8fe1f35b8ab7641","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"838","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt on torrent applications","reference":"","landingPage":"https://www.bittorrent.com/","directDownloadingLink":"https://www.bittorrent.com/downloads/complete/","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.bittorrent.com/downloads/complete/","sourceIndex":"838"}],"sampleFiles":["231028/bittorrentweb-211217/1.3.0.5672/Samples/btweb_installer.exe","231028/bittorrentweb-211217/1.3.0.5672/Samples/btweb_installer_230814.exe","231028/bittorrentweb-211217/1.3.0.5672/Samples/btweb_installer_230815.exe","231028/bittorrentweb-211217/1.3.0.5672/Samples/btweb_installer_230816.exe","231028/bittorrentweb-211217/1.3.0.5672/Samples/btweb_installer_230818.exe","231028/bittorrentweb-211217/1.3.0.5672/Samples/btweb_installer_230822.exe","231028/bittorrentweb-211217/1.3.0.5672/Samples/btweb_installer_230829.exe","231028/bittorrentweb-211217/1.3.0.5672/Samples/btweb_installer230831.exe","231028/bittorrentweb-211217/1.3.0.5672/Samples/btweb_installer_230904.exe","231028/bittorrentweb-211217/1.3.0.5672/Samples/btweb_installerr_230911.exe","231028/bittorrentweb-211217/1.3.0.5672/Samples/btweb_installer_230912.exe","231028/bittorrentweb-211217/1.3.0.5672/Samples/btweb_installer_20230915.exe","231028/bittorrentweb-211217/1.3.0.5672/Samples/btweb_installer_20230919.exe","231028/bittorrentweb-211217/1.3.0.5672/Samples/btweb_installer_230921.exe","231028/bittorrentweb-211217/1.3.0.5672/Samples/btweb_installer_230926.exe","231028/bittorrentweb-211217/1.3.0.5672/Samples/btweb_installer-230928.exe","231028/bittorrentweb-211217/1.3.0.5672/Samples/btweb_installer_231006.exe","231028/bittorrentweb-211217/1.3.0.5672/Samples/btweb_installer_231009.exe","231028/bittorrentweb-211217/1.3.0.5672/Samples/btweb_installer_231010.exe","231028/bittorrentweb-211217/1.3.0.5672/Samples/btweb_installer_231011.exe","231028/bittorrentweb-211217/1.3.0.5672/Samples/btweb_installer_231013.exe"],"imageFiles":["231028/bittorrentweb-211217/1.3.0.5672/Images/ACR-048/ACR-048_Install_1.png","231028/bittorrentweb-211217/1.3.0.5672/Images/ACR-084/ACR-084_Software_1.png","231028/bittorrentweb-211217/1.3.0.5672/Images/ACR-097/ACR-097_Software_1.png","231028/bittorrentweb-211217/1.3.0.5672/Images/ACR-118/ACR-118_Uninstall_1.png","231028/bittorrentweb-211217/1.3.0.5672/Images/ACR-013/ACR-013_Install_1.png","231028/bittorrentweb-211217/1.3.0.5672/Images/ACR-013/ACR-013_Install_2.png","231028/bittorrentweb-211217/1.3.0.5672/Images/ACR-013/ACR-013_Install_3.png","231028/bittorrentweb-211217/1.3.0.5672/Images/ACR-060/ACR-060_In-bundle offers_1.png","231028/bittorrentweb-211217/1.3.0.5672/Images/ACR-060/ACR-060_In-bundle offers_2.png","231028/bittorrentweb-211217/1.3.0.5672/Images/ACR-060/ACR-060_In-bundle offers_3.png"],"nonDeceptorImageFiles":["231028/bittorrentweb-211217/1.3.0.5672/Images/ACR-123/ACR-123_Uninstall_1.png"],"guid":"816175c9-984e-4c84-a8a4-98c0bd8788dd_1.3.0.5672_1","appID":"bittorrentweb-211217","dateAdded":"260204","deceptorType":"App","name":"Bit Torrent Web","company":"BitTorrent Inc.","version":"1.3.0.5672","lastKnownStatus":"1.2.7.4186;1.2.8.4523;1.2.9.4938;1.2.10.5208;1.3.0.5655;1.3.0.5665;1.3.0.5666;1.3.0.5669;1.3.0.5670;1.3.0.5671;1.3.0.5672;1.4.0.5714;1.4.0.5759;1.4.0.5768;1.4.0.5822;1.4.0.5825;1.4.0.5828;1.4.0.5871;1.5.0.6335","lastKnownDate":"260204","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2026-05-12T22:59:59.4870643+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":19,"sortOrder":120},{"violations":{"ACR-004":"The app offers no free fix/recovery instead requires a paid subscription to address the issues.\n","ACR-118":"In the attempt to uninstal, it retains executables and its other components.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"cool-data-recovery.exe","isInstaller":"True","hashMD5":"13558a0a6c7bf8ce736f5d83c0a0ef1c","hashSHA1":"cab77f2b204c850679244562355ec8e4d0111bc0","hashSHA256":"382ded8026bc229e58073c5bba706e6b19ad14a9b29a892fdaf3a1e5e79c0b95","digitalCertThumbprint":"09D40BDB67F06A8D17AED0B66EE1E9F50263A2BD","digitalCertIssuer":"CN=Sectigo Public Code Signing CA EV R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=\"SHENZHEN QIXINGSHI TECHNOLOGY CO.,LTD\", O=\"SHENZHEN QIXINGSHI TECHNOLOGY CO.,LTD\", S=广东省, C=CN, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=CN, SERIALNUMBER=91440300695594115R","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"125","avBlockList":["360 Total Security (20260428)","Avast Premium Security (20260428)","AVG Internet Security (20260428)","Avira Internet Security (20260428)","ESET Internet Security (20260428)","FortectPremium (20260428)","K7 Total Security (20260428)","Malwarebytes Premium (20260428)","Norton Security (20260428)","Panda Dome (20260428)","Quick Heal Internet Security (20260428)","Sophos Home Premium (20260428)","SpyHunter5 (20260428)","Total AV Antivirus Pro (20260428)","VirIT eXplorer PRO (20260428)","Webroot SecureAnywhere (20260428)"],"avAllowList":["Bitdefender Internet Security (20260428)","COMODO Antivirus (20260428)","Dr.Web Security Space (20260428)","G DATA INTERNET SECURITY (20260428)","KasperskyPremium (20260428)","McAfee Total Protection (20260428)","Trend Micro Internet Security (20260428)","VIPRE Advanced Security (20260428)","Windows Defender (20260428)"]},{"isRevoked":"False","fileName":"Coolmuster%20Data%20Recovery.exe","productName":"DiskDataRecoveryManager Module","productVersion":"1.0.2.1","fileVersion":"1.0.2.1","hashMD5":"8de4a077a32154e4d6819f74a8125782","hashSHA1":"904a03deea7651a7af8cc0d18afc1425de6444c2","hashSHA256":"7810bf6ffde1b6913d9bd7dd495f3e1b25abe07c55aaa577d6481b5b6e218889","digitalCertThumbprint":"09D40BDB67F06A8D17AED0B66EE1E9F50263A2BD","digitalCertIssuer":"CN=Sectigo Public Code Signing CA EV R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=\"SHENZHEN QIXINGSHI TECHNOLOGY CO.,LTD\", O=\"SHENZHEN QIXINGSHI TECHNOLOGY CO.,LTD\", S=广东省, C=CN, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=CN, SERIALNUMBER=91440300695594115R","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"125","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"DiskDataRecovery.exe","companyName":"TODO: <公司名>","productName":"TODO: <产品名>","productVersion":"2.1.0.1","fileVersion":"2.1.0.1","hashMD5":"468bd89cac88cff538eec02909523c5f","hashSHA1":"6a7bfc58f3f5e9ee4765159a3d6f9c81625fa7e6","hashSHA256":"a2ab0dd42492792cefde7a7e95897b0ce7e654f01cc1fc05d071a1c1762d1a39","digitalCertThumbprint":"09D40BDB67F06A8D17AED0B66EE1E9F50263A2BD","digitalCertIssuer":"CN=Sectigo Public Code Signing CA EV R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=\"SHENZHEN QIXINGSHI TECHNOLOGY CO.,LTD\", O=\"SHENZHEN QIXINGSHI TECHNOLOGY CO.,LTD\", S=广东省, C=CN, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=CN, SERIALNUMBER=91440300695594115R","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"125","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.search","reference":"","landingPage":"https://www.coolmuster.com/data-recovery.html","directDownloadingLink":"https://www.coolmuster.com/downloads/cool-data-recovery.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.coolmuster.com/downloads/cool-data-recovery.exe","sourceIndex":"125"}],"sampleFiles":["260202/CoolmusterDataRecovery-260128/3.0.55/Samples/cool-data-recovery.exe","260202/CoolmusterDataRecovery-260128/3.0.55/Samples/Coolmuster%20Data%20Recovery.exe","260202/CoolmusterDataRecovery-260128/3.0.55/Samples/DiskDataRecovery.exe"],"imageFiles":["260202/CoolmusterDataRecovery-260128/3.0.55/Images/ACR-004/ACR-004_Software_1.png","260202/CoolmusterDataRecovery-260128/3.0.55/Images/ACR-004/ACR-004_Software_2.png","260202/CoolmusterDataRecovery-260128/3.0.55/Images/ACR-118/ACR-118_Uninstall_1.png","260202/CoolmusterDataRecovery-260128/3.0.55/Images/ACR-118/ACR-118_Uninstall_2.png"],"nonDeceptorImageFiles":[],"guid":"bfc38788-3cfa-4f38-bbb1-558f998c673c_3.0.55_1","appID":"CoolmusterDataRecovery-260128","dateAdded":"260202","deceptorType":"App","name":"Coolmuster Data Recovery","company":"Coolmuster","version":"3.0.55","lastKnownStatus":"3.0.55","lastKnownDate":"260202","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10,Windows 11","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2026-02-02T20:06:16.3170413+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":131},{"violations":{"ACR-004":"The app presents numerical claims without substantiation and differentiates issues vs no issues with color.\n","ACR-008":"The free option is not clearly described in the scan summary, and clicking Update All directs users to a paid option. Additionally, the manual fix process requires a computer restart after each update, creating unnecessary friction.\n"},"nonDeceptorViolations":{"ACR-099":"The app does not disclose uninstall info in the landing page\n"},"samples":[{"isRevoked":"False","fileName":"ashampoo_driver_updater_2.5.0.exe","isInstaller":"True","companyName":"Ashampoo GmbH & Co. KG                                      ","productName":"Ashampoo Driver Updater","productVersion":"2.5.0","fileVersion":"2.5.0","hashMD5":"ef9dc80513000d2a339a7a067af58171","hashSHA1":"7e1e85ee4aafb885623255cf307dae04b02143b4","hashSHA256":"9aa5290e66b1dfdc95c74e2ef9e04a10334936ec44345de3a97d44f4a5e0f498","digitalCertThumbprint":"A9968551067DC73A210FBA0C5E7CADD0D059F09A","digitalCertIssuer":"CN=GlobalSign GCC R45 EV CodeSigning CA 2020, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"E=admins@ashampoo.com, CN=Ashampoo GmbH & Co. KG, O=Ashampoo GmbH & Co. KG, STREET=Schafjückenweg 2, L=Rastede, S=Niedersachsen, C=DE, OID.1.3.6.1.4.1.311.60.2.1.1=Oldenburg (Oldenburg), OID.1.3.6.1.4.1.311.60.2.1.2=Niedersachsen, OID.1.3.6.1.4.1.311.60.2.1.3=DE, SERIALNUMBER=HRA 3618, OID.2.5.4.15=Private Organization","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"126","avBlockList":["Dr.Web Security Space (20260430)","ESET Internet Security (20260430)","Panda Dome (20260430)","Quick Heal Internet Security (20260430)","Sophos Home Premium (20260430)","SpyHunter5 (20260430)","VirIT eXplorer PRO (20260430)","Webroot SecureAnywhere (20260430)"],"avAllowList":["360 Total Security (20260430)","Avast Premium Security (20260430)","AVG Internet Security (20260430)","Avira Internet Security (20260430)","Bitdefender Internet Security (20260430)","COMODO Antivirus (20260430)","FortectPremium (20260430)","G DATA INTERNET SECURITY (20260430)","K7 Total Security (20260430)","KasperskyPremium (20260430)","Malwarebytes Premium (20260430)","McAfee Total Protection (20260430)","Norton Security (20260430)","Total AV Antivirus Pro (20260430)","Trend Micro Internet Security (20260430)","VIPRE Advanced Security (20260430)","Windows Defender (20260430)"]},{"isRevoked":"False","fileName":"ashpdu.exe","companyName":"Ashampoo","productName":"Ashampoo Driver Updater","productVersion":"2.5.0.0","fileVersion":"2.5.0.0","hashMD5":"f54de7d3e381ca765d665fbaf3ce8820","hashSHA1":"50f008209d631f4fabac27c7881df35a4ec68cdf","hashSHA256":"ecc90cf91418a03009ecf6ec7c5fa1a36d30f0baffbd5d6e388120418219b256","digitalCertThumbprint":"A9968551067DC73A210FBA0C5E7CADD0D059F09A","digitalCertIssuer":"CN=GlobalSign GCC R45 EV CodeSigning CA 2020, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"E=admins@ashampoo.com, CN=Ashampoo GmbH & Co. KG, O=Ashampoo GmbH & Co. KG, STREET=Schafjückenweg 2, L=Rastede, S=Niedersachsen, C=DE, OID.1.3.6.1.4.1.311.60.2.1.1=Oldenburg (Oldenburg), OID.1.3.6.1.4.1.311.60.2.1.2=Niedersachsen, OID.1.3.6.1.4.1.311.60.2.1.3=DE, SERIALNUMBER=HRA 3618, OID.2.5.4.15=Private Organization","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"126","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"","landingPage":"https://www.ashampoo.com/de-de/driver-updater","directDownloadingLink":"https://dl1.ashcdn.net/ASH/0095/ASHS/ashampoo_driver_updater_2.5.0.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://dl1.ashcdn.net/ASH/0095/ASHS/ashampoo_driver_updater_2.5.0.exe","sourceIndex":"126"}],"sampleFiles":["260201/Ashampoo Driver Updater-2017926/2.5.0/Samples/ashampoo_driver_updater_2.5.0.exe","260201/Ashampoo Driver Updater-2017926/2.5.0/Samples/ashpdu.exe"],"imageFiles":["260201/Ashampoo Driver Updater-2017926/2.5.0/Images/ACR-004/ACR-004_Software_1.png","260201/Ashampoo Driver Updater-2017926/2.5.0/Images/ACR-004/ACR-004_Software_2.png","260201/Ashampoo Driver Updater-2017926/2.5.0/Images/ACR-004/ACR-004_Software_3.png","260201/Ashampoo Driver Updater-2017926/2.5.0/Images/ACR-008/ACR-008_Software_1.png","260201/Ashampoo Driver Updater-2017926/2.5.0/Images/ACR-008/ACR-008_Software_2.png"],"nonDeceptorImageFiles":["260201/Ashampoo Driver Updater-2017926/2.5.0/Images/ACR-099/ACR-099_Landing page_1.png"],"guid":"801e872d-8934-46eb-867a-649541debce4_2.5.0_1","appID":"Ashampoo Driver Updater-2017926","dateAdded":"260201","deceptorType":"App","name":"Ashampoo Driver Updater","company":"Ashampoo GmbH ","version":"2.5.0","firstResolvedVersion":"","lastKnownStatus":"","lastKnownDate":"260201","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2026-02-02T19:34:41.5267266+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":132},{"violations":{"ACR-004":"The app uses color graphic to represent the identified issues which raises exaggerated sense of urgency to the consumer\n","ACR-017":"The app elevates its consumer trust level by displaying unverifiable Microsoft logo\n"},"nonDeceptorViolations":{"ACR-045":"\"Free Download\" highlights \"Free\" which misleads the consumer\n","ACR-065":"The app does not disclose Privacy Policy during installation\n","ACR-099":"The app does not disclose uninstall info in the landing page\n","ACR-035":"The app does not disclose app name in all the docs\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files\\Ashampoo\\Ashampoo Driver Updater\\ashpdu.exe","companyName":"Ashampoo","productName":"Ashampoo Driver Updater","productVersion":"1.2.1.53382","fileVersion":"1.2.1.53382","hashMD5":"0a90923c9a7c59fece24f5b463d64d11","hashSHA1":"c217a204fb81f3e748a2286ea7e23fdb7d232b31","hashSHA256":"45ce59dc22c88e0d0382bce202bfee1fb1e922bbcc3e27d3082a33eafceeb062","digitalCertThumbprint":"58A361D3F4390C63145FAF22D977181E056A8089","digitalCertIssuer":"DigiCert EV Code Signing CA (SHA2)","digitalCertIssuedTo":"Ashampoo GmbH & Co. KG","storeId":"","sourceIndex":"2426","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"ashampoo_driver_updater_1.2.1_sm.exe","isInstaller":"True","companyName":"Ashampoo GmbH & Co. KG                                      ","productName":"Ashampoo Driver Updater                                     ","productVersion":"1.2.1                                             ","fileVersion":"Ashampoo Driver Upda","hashMD5":"81d26f74e610cb0bdaa6bdb5fde56b0e","hashSHA1":"9443f3e861c89c0ce5c306763a7aaaab50ce2038","hashSHA256":"e3ec179efffd6cd69cdaa809fff60985771ba4306c834ff51e2f225bdfb09c38","digitalCertThumbprint":"58A361D3F4390C63145FAF22D977181E056A8089","digitalCertIssuer":"DigiCert EV Code Signing CA (SHA2)","digitalCertIssuedTo":"Ashampoo GmbH & Co. KG","storeId":"","sourceIndex":"2426","avBlockList":["Bitdefender Internet Security (20260203)","Dr.Web Security Space (20260203)","ESET Internet Security (20260203)","G DATA INTERNET SECURITY (20260203)","McAfee Total Protection (20260203)","Panda Dome (20260203)","Quick Heal Internet Security (20260203)","SpyHunter5 (20260203)","VIPRE Advanced Security (20260203)","VirIT eXplorer PRO (20260203)","Webroot SecureAnywhere (20260203)","Windows Defender (20260203)"],"avAllowList":["360 Total Security (20260203)","Avast Premium Security (20260203)","AVG Internet Security (20260203)","Avira Internet Security (20260203)","COMODO Antivirus (20260203)","K7 Total Security (20260203)","Kaspersky Internet Security (20200519)","Malwarebytes Premium (20260203)","Norton Security (20260203)","Sophos Home Premium (20260203)","Tencent PC Manager (20200519)","Total AV Antivirus Pro (20260203)","Trend Micro Internet Security (20260203)","FortectPremium (20260203)","KasperskyPremium (20260203)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"Affiliate monitor ","landingPage":"https://www.ashampoo.com/en/usd/pin/0095/system-software/driver-updater","directDownloadingLink":"https://www.ashampoo.com/en/usd/dld/0095/driver-updater/","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.ashampoo.com/en/usd/dld/0095/driver-updater/","sourceIndex":"2426"}],"sampleFiles":["200511/Ashampoo Driver Updater-2017926/1.2.1/Samples/ashampoo_driver_updater_1.2.1_sm.exe"],"imageFiles":["200511/Ashampoo Driver Updater-2017926/1.2.1/Images/ACR-017/ACR-017_Software_MS_Logo_Can't_Verify.JPG","200511/Ashampoo Driver Updater-2017926/1.2.1/Images/ACR-004/ACR-004_Software_Uses_Color_Graphic.JPG"],"nonDeceptorImageFiles":["200511/Ashampoo Driver Updater-2017926/1.2.1/Images/ACR-035/ACR-035_Docs_Misses_App_Name.JPG","200511/Ashampoo Driver Updater-2017926/1.2.1/Images/ACR-045/ACR-045_LandingPage_FreeDownload_Is_Misleading.JPG","200511/Ashampoo Driver Updater-2017926/1.2.1/Images/ACR-099/ACR-099_LandingPage_Uninstall_Info_Is_Missing.JPG","200511/Ashampoo Driver Updater-2017926/1.2.1/Images/ACR-065/ACR-065_Install_PrivacyPolicy_Is_Missing.JPG"],"guid":"801e872d-8934-46eb-867a-649541debce4_1.2.1_1","appID":"Ashampoo Driver Updater-2017926","dateAdded":"260201","deceptorType":"App","name":"Ashampoo Driver Updater","company":"Ashampoo GmbH ","version":"1.2.1","sigName":"Deceptor:Win32/AshampooDriverUpdater!017004","firstResolvedVersion":"","lastKnownStatus":"","lastKnownDate":"260201","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2026-02-01T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":133},{"violations":{},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"zipsoft-2-install__133779%20(1).exe","isInstaller":"True","productName":"ZipSoft","productVersion":"4.2.2.0","fileVersion":"4.2.2.0","hashMD5":"d5d87a08f71debccf81bbad88435211e","hashSHA1":"ac5048473935c6e5a2a3e10b05a395ce51f28399","hashSHA256":"cb9e067ad2502cd764ed09b9511eaaab0e8162de4be289aba8c4424f15dbe7e5","digitalCertThumbprint":"07B323EF14822FF1C5DACA8AC98C8EFCD6720C22","digitalCertIssuer":"CN=GlobalSign GCC R45 EV CodeSigning CA 2020, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"CN=ROSTPAY LLC, O=ROSTPAY LLC, STREET=\"per Dolomanovskiy, 70D 1(10 etazh)\", L=Rostov-on-Don, S=Rostov Oblast, C=RU, OID.1.3.6.1.4.1.311.60.2.1.2=Rostov Oblast, OID.1.3.6.1.4.1.311.60.2.1.3=RU, SERIALNUMBER=1086168004669, OID.2.5.4.15=Private Organization","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"129","avBlockList":["Avast Premium Security (20260421)","AVG Internet Security (20260421)","Avira Internet Security (20260421)","Bitdefender Internet Security (20260421)","Dr.Web Security Space (20260421)","ESET Internet Security (20260421)","G DATA INTERNET SECURITY (20260421)","K7 Total Security (20260421)","KasperskyPremium (20260421)","Malwarebytes Premium (20260421)","McAfee Total Protection (20260421)","Norton Security (20260421)","Panda Dome (20260421)","Quick Heal Internet Security (20260421)","Sophos Home Premium (20260421)","SpyHunter5 (20260421)","Total AV Antivirus Pro (20260421)","VIPRE Advanced Security (20260421)","VirIT eXplorer PRO (20260421)","Webroot SecureAnywhere (20260421)","Windows Defender (20260421)"],"avAllowList":["360 Total Security (20260421)","COMODO Antivirus (20260421)","FortectPremium (20260421)","Trend Micro Internet Security (20260421)"]},{"isRevoked":"False","fileName":"PDClient.exe","companyName":"ProxymaData","productName":"ProxymaData","productVersion":"2.0.1.0","fileVersion":"2.0.1.0","hashMD5":"9ba4385c28f419cc488edc87fbd45976","hashSHA1":"1a640e91dd8fae6702f0d5be58887a3dbf9adcd4","hashSHA256":"eafcca22f0234dff75f317c8f7e4da46ae619b5b2b5414847d684e793e80c5da","sourceIndex":"129","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"ZipSoft.exe","companyName":"ROSTPAY LTD","productName":"ZipSoft","productVersion":"2.2.4.0","fileVersion":"2.2.4.0","hashMD5":"a6a7749d48c3bd85d180781d92a675a5","hashSHA1":"c2a6bbb4fa58077868d5b5e6d272a84a5a4dc5d0","hashSHA256":"4137fc4e2a81bb96663b9654c9c0adf4f2f1a1548d52bb92593ab1e0eec8cd5d","digitalCertThumbprint":"07B323EF14822FF1C5DACA8AC98C8EFCD6720C22","digitalCertIssuer":"CN=GlobalSign GCC R45 EV CodeSigning CA 2020, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"CN=ROSTPAY LLC, O=ROSTPAY LLC, STREET=\"per Dolomanovskiy, 70D 1(10 etazh)\", L=Rostov-on-Don, S=Rostov Oblast, C=RU, OID.1.3.6.1.4.1.311.60.2.1.2=Rostov Oblast, OID.1.3.6.1.4.1.311.60.2.1.3=RU, SERIALNUMBER=1086168004669, OID.2.5.4.15=Private Organization","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"129","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"ZipSoftUpdateChecker.exe","companyName":"ROSTPAY LTD","productName":"ZipSoft","productVersion":"2.0.7.0","fileVersion":"2.0.7.0","hashMD5":"b2b6281e931f483a8726e4a454a6d8f3","hashSHA1":"be8faecd21827fa7ae37accdd91efe124c5e908c","hashSHA256":"c03c2e1a79ebbf19d665bc2f3ad6ec47d10aaddb777fbc59d764db2c55a6efff","digitalCertThumbprint":"07B323EF14822FF1C5DACA8AC98C8EFCD6720C22","digitalCertIssuer":"CN=GlobalSign GCC R45 EV CodeSigning CA 2020, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"CN=ROSTPAY LLC, O=ROSTPAY LLC, STREET=\"per Dolomanovskiy, 70D 1(10 etazh)\", L=Rostov-on-Don, S=Rostov Oblast, C=RU, OID.1.3.6.1.4.1.311.60.2.1.2=Rostov Oblast, OID.1.3.6.1.4.1.311.60.2.1.3=RU, SERIALNUMBER=1086168004669, OID.2.5.4.15=Private Organization","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"129","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"ZSUpdater.exe","companyName":"ROSTPAY LTD","productName":"ZSUpdater","productVersion":"1.0.2.0","fileVersion":"1.0.2.0","hashMD5":"610fece57d621b25a2921c6c6a094d7c","hashSHA1":"8f401609f88e5527344574a409276d366708eb25","hashSHA256":"66fce24cca01bc66246ac87657303844b3ad78e48ce219ab3f638386e2f5edec","digitalCertThumbprint":"07B323EF14822FF1C5DACA8AC98C8EFCD6720C22","digitalCertIssuer":"CN=GlobalSign GCC R45 EV CodeSigning CA 2020, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"CN=ROSTPAY LLC, O=ROSTPAY LLC, STREET=\"per Dolomanovskiy, 70D 1(10 etazh)\", L=Rostov-on-Don, S=Rostov Oblast, C=RU, OID.1.3.6.1.4.1.311.60.2.1.2=Rostov Oblast, OID.1.3.6.1.4.1.311.60.2.1.3=RU, SERIALNUMBER=1086168004669, OID.2.5.4.15=Private Organization","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"129","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"IndexingManager.exe","productName":"Indexing manager","productVersion":"1.4.0.0","fileVersion":"1.4.0.0","hashMD5":"6b1f1e2b742c77579938402e303cd294","hashSHA1":"f21dc2f072179d321316dd71e1a6666435aaecdc","hashSHA256":"612b1b31393bd885913dccfc0725aff97d65588ab446e39ab7a00f7b6e2a28dc","sourceIndex":"129","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Proxymadata","reference":"","landingPage":"https://ru.zip-soft.net/","directDownloadingLink":"https://www.az-partners.net/apps/zipsoft-2/download?ap=133779&name=zipsoft-2-install.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.az-partners.net/apps/zipsoft-2/download?ap=133779&name=zipsoft-2-install.exe","sourceIndex":"129"}],"sampleFiles":["260129/ZipSoft-250708/4.2.2.0/Samples/zipsoft-2-install__133779%20(1).exe"],"imageFiles":[],"nonDeceptorImageFiles":[],"guid":"07a3ec81-9f96-4a57-904c-02a6012579d8_4.2.2.0_1","appID":"ZipSoft-250708","dateAdded":"260129","deceptorType":"App","name":"ZipSoft","company":"ROSTPAY LTD","version":"4.2.2.0","lastKnownStatus":"4.1.1.0;2.2.3.0;4.2.2.0","lastKnownDate":"260129","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 10,Windows 11","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"net proxy,install offers","lastUpdate":"2026-01-29T21:04:12.7097339+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":3,"sortOrder":134},{"violations":{"ACR-048":"With application closed, the resource borrowing process is running in background without notifying user. There is no options for user to cancel resource borrowing process immediately.\n","ACR-006":"Resource borrowing process is not clearly attributed. \n","ACR-084":"The application is not clearly indicating the borrowing is active. \n","ACR-118":"ProxymaData doesn't removed after ZipSoft application being uninstalled completed.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"zipsoft-2-install__133779.exe","isInstaller":"True","productName":"ZipSoft","productVersion":"4.2.0.0","fileVersion":"4.2.0.0","hashMD5":"ad40564b34061e58d3f4d92f32241bff","hashSHA1":"0eb3189548fa1d830c46512e8eb5be8aa1cf0f3b","hashSHA256":"1b3c31d81d493b2c8e78476fb50622f50c8303971879cf0247261a47185bab88","digitalCertThumbprint":"07B323EF14822FF1C5DACA8AC98C8EFCD6720C22","digitalCertIssuer":"CN=GlobalSign GCC R45 EV CodeSigning CA 2020, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"CN=ROSTPAY LLC, O=ROSTPAY LLC, STREET=\"per Dolomanovskiy, 70D 1(10 etazh)\", L=Rostov-on-Don, S=Rostov Oblast, C=RU, OID.1.3.6.1.4.1.311.60.2.1.2=Rostov Oblast, OID.1.3.6.1.4.1.311.60.2.1.3=RU, SERIALNUMBER=1086168004669, OID.2.5.4.15=Private Organization","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"156","avBlockList":["Avast Premium Security (20260120)","AVG Internet Security (20260120)","Avira Internet Security (20260120)","Bitdefender Internet Security (20260120)","Dr.Web Security Space (20260120)","ESET Internet Security (20260120)","FortectPremium (20260120)","G DATA INTERNET SECURITY (20260120)","K7 Total Security (20260120)","KasperskyPremium (20260120)","Malwarebytes Premium (20260120)","McAfee Total Protection (20260120)","Norton Security (20260120)","Panda Dome (20260120)","Quick Heal Internet Security (20260120)","Sophos Home Premium (20260120)","SpyHunter5 (20260120)","Total AV Antivirus Pro (20260120)","VIPRE Advanced Security (20260120)","VirIT eXplorer PRO (20260120)","Webroot SecureAnywhere (20260120)","Windows Defender (20260120)"],"avAllowList":["360 Total Security (20260120)","COMODO Antivirus (20260120)","Trend Micro Internet Security (20260120)"]},{"isRevoked":"False","fileName":"PDClient.exe","companyName":"ProxymaData","productName":"ProxymaData","productVersion":"2.0.1.0","fileVersion":"2.0.1.0","hashMD5":"975edd06fe9f963360be731aaae3265b","hashSHA1":"c99804c9814b05914d51958bb4f0d621676f6557","hashSHA256":"069bde2b1aed99d808a0d1e6d90b01dd0b14be4785698cb2ba043fa102b750d7","digitalCertThumbprint":"07B323EF14822FF1C5DACA8AC98C8EFCD6720C22","digitalCertIssuer":"CN=GlobalSign GCC R45 EV CodeSigning CA 2020, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"CN=ROSTPAY LLC, O=ROSTPAY LLC, STREET=\"per Dolomanovskiy, 70D 1(10 etazh)\", L=Rostov-on-Don, S=Rostov Oblast, C=RU, OID.1.3.6.1.4.1.311.60.2.1.2=Rostov Oblast, OID.1.3.6.1.4.1.311.60.2.1.3=RU, SERIALNUMBER=1086168004669, OID.2.5.4.15=Private Organization","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"156","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"ZipSoft.exe","companyName":"ROSTPAY LTD","productName":"ZipSoft","productVersion":"2.2.3.0","fileVersion":"2.2.3.0","hashMD5":"8332138af6b23ac62b5108f91a1b850c","hashSHA1":"ecaa0b87a81903b02ac1d95b14371394bd9307b0","hashSHA256":"9ea80b9d27cd2d1b4e68bc76ae936913af5443292115f6939ff87631042a026c","digitalCertThumbprint":"07B323EF14822FF1C5DACA8AC98C8EFCD6720C22","digitalCertIssuer":"CN=GlobalSign GCC R45 EV CodeSigning CA 2020, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"CN=ROSTPAY LLC, O=ROSTPAY LLC, STREET=\"per Dolomanovskiy, 70D 1(10 etazh)\", L=Rostov-on-Don, S=Rostov Oblast, C=RU, OID.1.3.6.1.4.1.311.60.2.1.2=Rostov Oblast, OID.1.3.6.1.4.1.311.60.2.1.3=RU, SERIALNUMBER=1086168004669, OID.2.5.4.15=Private Organization","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"156","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"ZipSoftUninstaller.exe","productName":"ZipSoft","productVersion":"4.2.0.0","fileVersion":"4.2.0.0","hashMD5":"b98926439e140fd1877d1acd80ecd0a9","hashSHA1":"7ffd5376c9ddccf067d220c343e968af08c5deb5","hashSHA256":"13548ab987d639921c998c7916dfeb34c0ed4b78747468007b90196ffead04a6","digitalCertThumbprint":"07B323EF14822FF1C5DACA8AC98C8EFCD6720C22","digitalCertIssuer":"CN=GlobalSign GCC R45 EV CodeSigning CA 2020, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"CN=ROSTPAY LLC, O=ROSTPAY LLC, STREET=\"per Dolomanovskiy, 70D 1(10 etazh)\", L=Rostov-on-Don, S=Rostov Oblast, C=RU, OID.1.3.6.1.4.1.311.60.2.1.2=Rostov Oblast, OID.1.3.6.1.4.1.311.60.2.1.3=RU, SERIALNUMBER=1086168004669, OID.2.5.4.15=Private Organization","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"156","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"ZipSoftUpdateChecker.exe","companyName":"ROSTPAY LTD","productName":"ZipSoft","productVersion":"2.0.6.0","fileVersion":"2.0.6.0","hashMD5":"35a8deb4d0df010be2724a8d13974855","hashSHA1":"95b7d809cba6bc235d6c6dd94db4b31fe9491440","hashSHA256":"73ec545e72d939139b55b4dd4fa449287ca5a08bf8243a352db74d02096a7019","digitalCertThumbprint":"07B323EF14822FF1C5DACA8AC98C8EFCD6720C22","digitalCertIssuer":"CN=GlobalSign GCC R45 EV CodeSigning CA 2020, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"CN=ROSTPAY LLC, O=ROSTPAY LLC, STREET=\"per Dolomanovskiy, 70D 1(10 etazh)\", L=Rostov-on-Don, S=Rostov Oblast, C=RU, OID.1.3.6.1.4.1.311.60.2.1.2=Rostov Oblast, OID.1.3.6.1.4.1.311.60.2.1.3=RU, SERIALNUMBER=1086168004669, OID.2.5.4.15=Private Organization","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"156","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"PDInterface.dll","productName":"PDInterfaceCS","productVersion":"1.0.0.0","fileVersion":"1.0.0.0","hashMD5":"fdf4a4a4bce6a22a8f0344a20a6fd27a","hashSHA1":"878f7f20e8b3bfd84314a72746d02f54780546de","hashSHA256":"ce013cc7f80d966737830dedde081822b7bafe7f5a6f920ec88fe5f56c8530e6","digitalCertThumbprint":"07B323EF14822FF1C5DACA8AC98C8EFCD6720C22","digitalCertIssuer":"CN=GlobalSign GCC R45 EV CodeSigning CA 2020, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"CN=ROSTPAY LLC, O=ROSTPAY LLC, STREET=\"per Dolomanovskiy, 70D 1(10 etazh)\", L=Rostov-on-Don, S=Rostov Oblast, C=RU, OID.1.3.6.1.4.1.311.60.2.1.2=Rostov Oblast, OID.1.3.6.1.4.1.311.60.2.1.3=RU, SERIALNUMBER=1086168004669, OID.2.5.4.15=Private Organization","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"156","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"ZipSoft%20Launcher.exe","companyName":"ROSTPAY LTD","productName":"ZipSoft Launcher","productVersion":"1.0.3.0","fileVersion":"1.0.3.0","hashMD5":"1cfbac57d1e8b0e399cb5a6652c48d21","hashSHA1":"06072bd1f312549a44f919480466ada704ff71d3","hashSHA256":"0e2095a948b1397917754ee058262155d530df947e6b2c8a05bc051128dde05e","digitalCertThumbprint":"07B323EF14822FF1C5DACA8AC98C8EFCD6720C22","digitalCertIssuer":"CN=GlobalSign GCC R45 EV CodeSigning CA 2020, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"CN=ROSTPAY LLC, O=ROSTPAY LLC, STREET=\"per Dolomanovskiy, 70D 1(10 etazh)\", L=Rostov-on-Don, S=Rostov Oblast, C=RU, OID.1.3.6.1.4.1.311.60.2.1.2=Rostov Oblast, OID.1.3.6.1.4.1.311.60.2.1.3=RU, SERIALNUMBER=1086168004669, OID.2.5.4.15=Private Organization","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"156","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"ZipSoftLauncherUninstaller.exe","productName":"ZipSoft","productVersion":"4.2.0.0","fileVersion":"4.2.0.0","hashMD5":"1146150a105c26853e17b49ee10abf7a","hashSHA1":"116b1fe0074ec12e82135ccfb74241066a1f051c","hashSHA256":"40742a938baeec0ec83a6b0c4dd7dad628748567947d038fc5ca066fba39136a","digitalCertThumbprint":"07B323EF14822FF1C5DACA8AC98C8EFCD6720C22","digitalCertIssuer":"CN=GlobalSign GCC R45 EV CodeSigning CA 2020, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"CN=ROSTPAY LLC, O=ROSTPAY LLC, STREET=\"per Dolomanovskiy, 70D 1(10 etazh)\", L=Rostov-on-Don, S=Rostov Oblast, C=RU, OID.1.3.6.1.4.1.311.60.2.1.2=Rostov Oblast, OID.1.3.6.1.4.1.311.60.2.1.3=RU, SERIALNUMBER=1086168004669, OID.2.5.4.15=Private Organization","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"156","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"ZSUpdater.exe","companyName":"ROSTPAY LTD","productName":"ZSUpdater","productVersion":"1.0.1.0","fileVersion":"1.0.1.0","hashMD5":"fe69cc0b75cb9ce4bc8bac38386cca4e","hashSHA1":"9ea7645f5da4424654d3f5c91f290f4ae0b8f6ce","hashSHA256":"5252680426e8078012692522d5eb018eac4c732e099e43a40194353aff6f4d9b","digitalCertThumbprint":"07B323EF14822FF1C5DACA8AC98C8EFCD6720C22","digitalCertIssuer":"CN=GlobalSign GCC R45 EV CodeSigning CA 2020, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"CN=ROSTPAY LLC, O=ROSTPAY LLC, STREET=\"per Dolomanovskiy, 70D 1(10 etazh)\", L=Rostov-on-Don, S=Rostov Oblast, C=RU, OID.1.3.6.1.4.1.311.60.2.1.2=Rostov Oblast, OID.1.3.6.1.4.1.311.60.2.1.3=RU, SERIALNUMBER=1086168004669, OID.2.5.4.15=Private Organization","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"156","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"IndexingManager.exe","productName":"Indexing manager","productVersion":"1.4.0.0","fileVersion":"1.4.0.0","hashMD5":"6b1f1e2b742c77579938402e303cd294","hashSHA1":"f21dc2f072179d321316dd71e1a6666435aaecdc","hashSHA256":"612b1b31393bd885913dccfc0725aff97d65588ab446e39ab7a00f7b6e2a28dc","sourceIndex":"156","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Proxymadata","reference":"","landingPage":"https://ru.zip-soft.net/","directDownloadingLink":"https://www.az-partners.net/apps/zipsoft-2/download?ap=133779&name=zipsoft-2-install.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.az-partners.net/apps/zipsoft-2/download?ap=133779&name=zipsoft-2-install.exe","sourceIndex":"156"}],"sampleFiles":["251030/ZipSoft-250708/2.2.3.0/Samples/zipsoft-2-install__133779.exe"],"imageFiles":["251030/ZipSoft-250708/2.2.3.0/Images/ACR-084/ACR-084_Software_1.png","251030/ZipSoft-250708/2.2.3.0/Images/ACR-048/ACR-048_Software_1.png","251030/ZipSoft-250708/2.2.3.0/Images/ACR-006/ACR-006_Software_1.png","251030/ZipSoft-250708/2.2.3.0/Images/ACR-118/ACR-118_Uninstall_1.png","251030/ZipSoft-250708/2.2.3.0/Images/ACR-118/ACR-118_Uninstall_2.png","251030/ZipSoft-250708/2.2.3.0/Images/ACR-118/ACR-118_Uninstall_3.png"],"nonDeceptorImageFiles":[],"guid":"07a3ec81-9f96-4a57-904c-02a6012579d8_2.2.3.0_1","appID":"ZipSoft-250708","dateAdded":"260129","deceptorType":"App","name":"ZipSoft","company":"ROSTPAY LTD","version":"2.2.3.0","lastKnownStatus":"4.1.1.0;2.2.3.0;4.2.2.0","lastKnownDate":"260129","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 10,Windows 11","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"net proxy,install offers","lastUpdate":"2026-01-29T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":3,"sortOrder":135},{"violations":{"ACR-048":"With application closed, the resource borrowing process is running in background without notifying user. There is no options for user to cancel resource borrowing process immediately.\n","ACR-006":"Resource borrowing process is not clearly attributed. \n","ACR-013":"User workflow is interrupted by offer.\n","ACR-060":"The offer is misleading. It is presented from ZipSoft, instead of from ProxymaData\n","ACR-084":"The application is not clearly indicating the borrowing is active. \n","ACR-118":"ProxymaData doesn't removed after ZipSoft application being uninstalled completed.\n","ACR-057":"Offer doesn't provide a clear way for user to decline/accept\n","ACR-055":"Offer doesn't have clear accept/decline. Instead it presents as a feature for user to make decision.\n","ACR-059":"Offer doesn't mark it clearly that it is optional\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"zipsoft-2-install__133779.exe","isInstaller":"True","productName":"ZipSoft","productVersion":"4.1.1.0","fileVersion":"4.1","hashMD5":"aa0230208c16c57ad4da4b1cfec00a36","hashSHA1":"66c7c476f3ef995915d23457671e6d2838dbeb03","hashSHA256":"7536cf9cbe9af4a50206b502f312adaca4814ce49b931681e69e476731e00a02","digitalCertThumbprint":"C3C709B7E01318BA74D48BD64D05F48DECA5CD80","digitalCertIssuer":"CN=GlobalSign GCC R45 EV CodeSigning CA 2020, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"E=support@rostpay.ru, CN=ROSTPAY LLC, O=ROSTPAY LLC, STREET=\"Dolomanovsky lane, 70D apt.1(10th floor)\", L=Rostov-on-Don, S=Rostov Oblast, C=RU, OID.1.3.6.1.4.1.311.60.2.1.2=Rostov Oblast, OID.1.3.6.1.4.1.311.60.2.1.3=RU, SERIALNUMBER=1086168004669, OID.2.5.4.15=Private Organization","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"184","avBlockList":["360 Total Security (20251007)","Avast Premium Security (20251007)","AVG Internet Security (20251007)","Avira Internet Security (20251007)","Bitdefender Internet Security (20251007)","COMODO Antivirus (20251007)","Dr.Web Security Space (20251007)","ESET Internet Security (20251007)","FortectPremium (20251007)","G DATA INTERNET SECURITY (20251007)","K7 Total Security (20251007)","KasperskyPremium (20251007)","Malwarebytes Premium (20251007)","McAfee Total Protection (20251007)","Norton Security (20251007)","Panda Dome (20251007)","Quick Heal Internet Security (20251007)","Sophos Home Premium (20251007)","SpyHunter5 (20251007)","Total AV Antivirus Pro (20251007)","Trend Micro Internet Security (20251007)","VIPRE Advanced Security (20251007)","VirIT eXplorer PRO (20251007)","Webroot SecureAnywhere (20251007)","Windows Defender (20251007)"],"avAllowList":[]},{"isRevoked":"False","fileName":"IndexingManager.exe","productName":"Indexing manager","productVersion":"1.4.0.0","fileVersion":"1.4","hashMD5":"6b1f1e2b742c77579938402e303cd294","hashSHA1":"f21dc2f072179d321316dd71e1a6666435aaecdc","hashSHA256":"612b1b31393bd885913dccfc0725aff97d65588ab446e39ab7a00f7b6e2a28dc","sourceIndex":"184","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"PDClient.exe","companyName":"ProxymaData","productName":"ProxymaData","productVersion":"2.0.0.0","fileVersion":"2.0","hashMD5":"8568211dd3ebd8f4e25d24cdbf865256","hashSHA1":"241ca16436067c67993bdf059bd63a19f22bd2a3","hashSHA256":"942e7f147ffca11881d5c1fb464bd77a195f68b9ea99b35de4e43a23a274d259","sourceIndex":"184","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"ZipSoft.exe","companyName":"ROSTPAY LTD","productName":"ZipSoft","productVersion":"2.0.15.0","fileVersion":"2.0","hashMD5":"64e153021eda0235b09734538fd918a3","hashSHA1":"fafdcb5861c655025aa7ded75eb86f0f69485694","hashSHA256":"8ff175990f118d4a0ed8e17e8e2b88bd8b1ce1fb6ccbd47542a7697dc05b827a","digitalCertThumbprint":"C3C709B7E01318BA74D48BD64D05F48DECA5CD80","digitalCertIssuer":"CN=GlobalSign GCC R45 EV CodeSigning CA 2020, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"E=support@rostpay.ru, CN=ROSTPAY LLC, O=ROSTPAY LLC, STREET=\"Dolomanovsky lane, 70D apt.1(10th floor)\", L=Rostov-on-Don, S=Rostov Oblast, C=RU, OID.1.3.6.1.4.1.311.60.2.1.2=Rostov Oblast, OID.1.3.6.1.4.1.311.60.2.1.3=RU, SERIALNUMBER=1086168004669, OID.2.5.4.15=Private Organization","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"184","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"ZipSoftUninstaller.exe","productName":"ZipSoft","productVersion":"4.0.4.0","fileVersion":"4.0","hashMD5":"20d0da565210011c7fb7c6afeb1e4a4f","hashSHA1":"cf54ff16fccb83ca12fb11c2ade910f06f51c769","hashSHA256":"472a616483e555d9e349cddcc9fbb178f76652e1744f34a506f3f7cf56c6605a","digitalCertThumbprint":"C3C709B7E01318BA74D48BD64D05F48DECA5CD80","digitalCertIssuer":"CN=GlobalSign GCC R45 EV CodeSigning CA 2020, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"E=support@rostpay.ru, CN=ROSTPAY LLC, O=ROSTPAY LLC, STREET=\"Dolomanovsky lane, 70D apt.1(10th floor)\", L=Rostov-on-Don, S=Rostov Oblast, C=RU, OID.1.3.6.1.4.1.311.60.2.1.2=Rostov Oblast, OID.1.3.6.1.4.1.311.60.2.1.3=RU, SERIALNUMBER=1086168004669, OID.2.5.4.15=Private Organization","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"184","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"ZipSoftUpdateChecker.exe","companyName":"ROSTPAY LTD","productName":"ZipSoft","productVersion":"2.0.3.0","fileVersion":"2.0","hashMD5":"eabdcd2a44e2bf84313da41d6aa60449","hashSHA1":"214696f0d3abc23094e528c5308feb9317a51b00","hashSHA256":"cea44b33ca107fdd9518f77338c80554db8a597f2415b17c3fd44b2ec839c06e","digitalCertThumbprint":"C3C709B7E01318BA74D48BD64D05F48DECA5CD80","digitalCertIssuer":"CN=GlobalSign GCC R45 EV CodeSigning CA 2020, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"E=support@rostpay.ru, CN=ROSTPAY LLC, O=ROSTPAY LLC, STREET=\"Dolomanovsky lane, 70D apt.1(10th floor)\", L=Rostov-on-Don, S=Rostov Oblast, C=RU, OID.1.3.6.1.4.1.311.60.2.1.2=Rostov Oblast, OID.1.3.6.1.4.1.311.60.2.1.3=RU, SERIALNUMBER=1086168004669, OID.2.5.4.15=Private Organization","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"184","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Proxymadata","reference":"","landingPage":"https://ru.zip-soft.net/","directDownloadingLink":"https://www.az-partners.net/apps/zipsoft-2/download?ap=133779&name=zipsoft-2-install.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.az-partners.net/apps/zipsoft-2/download?ap=133779&name=zipsoft-2-install.exe","sourceIndex":"184"}],"sampleFiles":["250709/ZipSoft-250708/4.1.1.0/Samples/zipsoft-2-install__133779.exe"],"imageFiles":["250709/ZipSoft-250708/4.1.1.0/Images/ACR-084/ACR-084_Software_1.png","250709/ZipSoft-250708/4.1.1.0/Images/ACR-048/ACR-048_Software_1.png","250709/ZipSoft-250708/4.1.1.0/Images/ACR-006/ACR-006_Software_1.png","250709/ZipSoft-250708/4.1.1.0/Images/ACR-013/ACR-013_Software_1.png","250709/ZipSoft-250708/4.1.1.0/Images/ACR-118/ACR-118_Uninstall_1.png","250709/ZipSoft-250708/4.1.1.0/Images/ACR-118/ACR-118_Uninstall_2.png","250709/ZipSoft-250708/4.1.1.0/Images/ACR-057/ACR-057_Inline offers_1.png","250709/ZipSoft-250708/4.1.1.0/Images/ACR-059/ACR-059_Inline offers_1.png","250709/ZipSoft-250708/4.1.1.0/Images/ACR-060/ACR-060_Inline offers_1.png","250709/ZipSoft-250708/4.1.1.0/Images/ACR-055/ACR-055_Inline offers_1.png"],"nonDeceptorImageFiles":[],"guid":"07a3ec81-9f96-4a57-904c-02a6012579d8_4.1.1.0_1","appID":"ZipSoft-250708","dateAdded":"260129","deceptorType":"App","name":"ZipSoft","company":"ROSTPAY LTD","version":"4.1.1.0","lastKnownStatus":"4.1.1.0;2.2.3.0;4.2.2.0","lastKnownDate":"260129","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 10,Windows 11","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"net proxy,install offers","lastUpdate":"2026-01-29T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":3,"sortOrder":136},{"violations":{"ACR-004":"The application doesn't provide a free fix (recovery) instead offering a subscription that the user needs to pay to fix it.\n","ACR-071":"The shopping cart contains additional item (Cloud Backup) that is pre-selected without prior disclosure.\n","ACR-165":"The app doesn't provide sufficient information for the following in the shopping cart: 1. What will the price be in the auto-renewal payment given the first payment is a discounted price. 2. when the user receives a notification for renewal.\n"},"nonDeceptorViolations":{"ACR-045":"\"Try it Free\" highlights \"Free\" misleads user. The functionality that requires consumer payment to be activated needs to be marked clearly in landing page. Otherwise, app should remove \"free\" word.\n","ACR-161":"The landing page currently shows featured endorsements and user reviews without links to the original sources.\n"},"samples":[{"isRevoked":"False","fileName":"appAutoUpdate.exe","productName":"Live Update","productVersion":"2.6.0.2","fileVersion":"2.6.0.2","hashMD5":"72cdd3a7157a3839a4434ccbc6b0f558","hashSHA1":"c440338f551679cc93c244d077de3f582f14cdf4","hashSHA256":"1124c3e252bf9227275832816d07f4e240954dcc51b5186ef4caa411ea58607f","digitalCertThumbprint":"EDD8199F09F517C3BDF6816AE2771C0D4FD8C37E","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=\"Shenzhen iMyFone Technology Co., Ltd\", O=\"Shenzhen iMyFone Technology Co., Ltd\", L=深圳市, S=广东省, C=CN, SERIALNUMBER=914403003425095958, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.1=南山区, OID.1.3.6.1.4.1.311.60.2.1.2=广东省, OID.1.3.6.1.4.1.311.60.2.1.3=CN","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"128","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"D-Back.exe","companyName":"Shenzhen iMyFone Technology Co., Ltd.","productName":"iMyFone D-Back","productVersion":"9.2.6.1","fileVersion":"9.2.6.1","hashMD5":"d337dd4e7f40f9230b6d1ca231fe732b","hashSHA1":"bb40dbfd74b7ba128caa0ba5b09d1c24536c6181","hashSHA256":"70d9f9ed43a80e7dac42452570eb46cc5508b4cfd7f1831e3bc33d35622b01e2","digitalCertThumbprint":"EDD8199F09F517C3BDF6816AE2771C0D4FD8C37E","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=\"Shenzhen iMyFone Technology Co., Ltd\", O=\"Shenzhen iMyFone Technology Co., Ltd\", L=深圳市, S=广东省, C=CN, SERIALNUMBER=914403003425095958, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.1=南山区, OID.1.3.6.1.4.1.311.60.2.1.2=广东省, OID.1.3.6.1.4.1.311.60.2.1.3=CN","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"128","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"imyfone-d-back_setup.exe","isInstaller":"True","productName":"iMyFone D-Back","productVersion":"4.4.0.1","fileVersion":"4.4.0.1","hashMD5":"c58d2cbf324c49a0955354e66bc0aada","hashSHA1":"c211389d28dc7f4e483a1a7a2213c63ae9fad9eb","hashSHA256":"b07547e1d39985b5927b427400c48a6f6cd07d8a2c3e07cc409b67ce09f6c19e","digitalCertThumbprint":"EDD8199F09F517C3BDF6816AE2771C0D4FD8C37E","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=\"Shenzhen iMyFone Technology Co., Ltd\", O=\"Shenzhen iMyFone Technology Co., Ltd\", L=深圳市, S=广东省, C=CN, SERIALNUMBER=914403003425095958, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.1=南山区, OID.1.3.6.1.4.1.311.60.2.1.2=广东省, OID.1.3.6.1.4.1.311.60.2.1.3=CN","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"128","avBlockList":["Avast Premium Security (20260421)","AVG Internet Security (20260421)","Dr.Web Security Space (20260421)","ESET Internet Security (20260421)","FortectPremium (20260421)","K7 Total Security (20260421)","Norton Security (20260421)","Panda Dome (20260421)","Quick Heal Internet Security (20260421)","Sophos Home Premium (20260421)","SpyHunter5 (20260421)","VirIT eXplorer PRO (20260421)","Webroot SecureAnywhere (20260421)"],"avAllowList":["360 Total Security (20260421)","Avira Internet Security (20260421)","Bitdefender Internet Security (20260421)","COMODO Antivirus (20260421)","G DATA INTERNET SECURITY (20260421)","KasperskyPremium (20260421)","Malwarebytes Premium (20260421)","McAfee Total Protection (20260421)","Total AV Antivirus Pro (20260421)","Trend Micro Internet Security (20260421)","VIPRE Advanced Security (20260421)","Windows Defender (20260421)"]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"","landingPage":"https://www.imyfone.com/data-recovery-software/","directDownloadingLink":"https://download-new.imyfone.com/imyfone-d-back_setup.exe ","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://download-new.imyfone.com/imyfone-d-back_setup.exe ","sourceIndex":"128"}],"sampleFiles":["260129/iMyFoneDBackWindows-260129/9.2.6/Samples/appAutoUpdate.exe","260129/iMyFoneDBackWindows-260129/9.2.6/Samples/D-Back.exe","260129/iMyFoneDBackWindows-260129/9.2.6/Samples/imyfone-d-back_setup.exe"],"imageFiles":["260129/iMyFoneDBackWindows-260129/9.2.6/Images/ACR-004/app4.png","260129/iMyFoneDBackWindows-260129/9.2.6/Images/ACR-004/app8.png","260129/iMyFoneDBackWindows-260129/9.2.6/Images/ACR-004/checkout.png","260129/iMyFoneDBackWindows-260129/9.2.6/Images/ACR-071/Offerpage.png","260129/iMyFoneDBackWindows-260129/9.2.6/Images/ACR-071/checkout.png","260129/iMyFoneDBackWindows-260129/9.2.6/Images/ACR-165/checkout.png"],"nonDeceptorImageFiles":["260129/iMyFoneDBackWindows-260129/9.2.6/Images/ACR-161/ACR-161_1.png","260129/iMyFoneDBackWindows-260129/9.2.6/Images/ACR-161/ACR-161_2.png","260129/iMyFoneDBackWindows-260129/9.2.6/Images/ACR-161/ACR-161_3.png","260129/iMyFoneDBackWindows-260129/9.2.6/Images/ACR-045/ACR-045.png"],"guid":"d571752f-7ae7-4dbc-afa3-0e58113c307c_9.2.6_1","appID":"iMyFoneDBackWindows-260129","dateAdded":"260129","deceptorType":"App","name":"iMyFone D-Back for Windows","company":"iMyFone Technology Co. Limited","version":"9.2.6","lastKnownStatus":"9.2.6","lastKnownDate":"260129","type":"Windows Executable","lastUpdate":"2026-01-29T23:33:23.8462981+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":137},{"violations":{"ACR-004":"The application doesn't provide a free fix (recovery) instead offering a subscription that the user needs to pay to fix it.\n","ACR-071":"The shopping cart contains additional item (Cloud Backup) that is pre-selected without prior disclosure.\n"},"nonDeceptorViolations":{"ACR-045":"\"Try it Free\" highlights \"Free\" misleads user. The functionality that requires consumer payment to be activated needs to be marked clearly in landing page. Otherwise, app should remove \"free\" word.\n","ACR-161":"The landing page currently shows featured endorsements and user reviews without links to the original sources.\n"},"samples":[],"additionalFiles":[],"sources":[{"howFound":"","reference":"","landingPage":"https://www.imyfone.com/data-recovery-software/","directDownloadingLink":"https://download-new.imyfone.com/imyfone-d-back-mac.zip","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://download-new.imyfone.com/imyfone-d-back-mac.zip","sourceIndex":"127"}],"sampleFiles":[],"imageFiles":["260129/iMyFoneDBack-251003/9.1.8/Images/ACR-004/app4.png","260129/iMyFoneDBack-251003/9.1.8/Images/ACR-004/app6.png","260129/iMyFoneDBack-251003/9.1.8/Images/ACR-004/app7.png","260129/iMyFoneDBack-251003/9.1.8/Images/ACR-004/checkout.png","260129/iMyFoneDBack-251003/9.1.8/Images/ACR-071/Offerpage.png","260129/iMyFoneDBack-251003/9.1.8/Images/ACR-071/checkout.png"],"nonDeceptorImageFiles":["260129/iMyFoneDBack-251003/9.1.8/Images/ACR-045/ACR-045.png","260129/iMyFoneDBack-251003/9.1.8/Images/ACR-161/ACR-161_1.png","260129/iMyFoneDBack-251003/9.1.8/Images/ACR-161/ACR-161_2.png","260129/iMyFoneDBack-251003/9.1.8/Images/ACR-161/ACR-161_3.png"],"guid":"d7188464-4264-46e0-a885-4201d9d54577_9.1.8_1","appID":"iMyFoneDBack-251003","dateAdded":"260129","deceptorType":"MacOS App","name":"iMyFone D-Back","company":"iMyFone Technology Co. Limited","version":"9.1.8","lastKnownStatus":"9.1.8","lastKnownDate":"260129","type":"MacOS App","category":"SysTools & Utilities","targetOS":"Windows 10,Windows 11","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2026-01-29T23:35:38.3343558+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":138},{"violations":{"ACR-004":"The application doesn't provide a free fix (recovery) instead offering a subscription that the user needs to pay to fix it.\n"},"nonDeceptorViolations":{"ACR-045":"\"Free Download\" and \"Try it Free\" highlights \"Free\" misleads user. The functionality that requires consumer payment in order to be activated needs to be marked clearly in landing page. Otherwise app should remove \"free\" word.\n"},"samples":[],"additionalFiles":[],"sources":[{"howFound":"","reference":"","landingPage":"https://www.imyfone.com/data-recovery-software/","directDownloadingLink":"https://download-new.imyfone.com/imyfone-d-back-mac.zip ","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://download-new.imyfone.com/imyfone-d-back-mac.zip ","sourceIndex":"162"}],"sampleFiles":[],"imageFiles":["251003/iMyFoneDBack-251003/9.1.7/Images/ACR-004/app3.png","251003/iMyFoneDBack-251003/9.1.7/Images/ACR-004/app4.png","251003/iMyFoneDBack-251003/9.1.7/Images/ACR-004/app5.png"],"nonDeceptorImageFiles":["251003/iMyFoneDBack-251003/9.1.7/Images/ACR-045/ACR-045_1.png","251003/iMyFoneDBack-251003/9.1.7/Images/ACR-045/ACR-045_2.png"],"guid":"d7188464-4264-46e0-a885-4201d9d54577_9.1.7_1","appID":"iMyFoneDBack-251003","dateAdded":"260129","deceptorType":"MacOS App","name":"iMyFone D-Back","company":"iMyFone Technology Co. Limited","version":"9.1.7","lastKnownStatus":"9.1.8","lastKnownDate":"260129","type":"MacOS App","category":"SysTools & Utilities","targetOS":"Windows 10,Windows 11","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2026-01-29T00:00:00+00:00","notDistributed":false,"numInFamily":0,"numInAppID":2,"sortOrder":139},{"violations":{"ACR-046":"Collecting data via \"Join customer experience improvement program\" is checked by default and not visible to the user by default. No relevant disclosure of what data it collects.\n","ACR-048":"The app does not provide any control to cancel the installation.\n","ACR-004":"The application doesn't provide a free fix (recovery) instead offering a subscription that the user needs to pay to fix it.\n","ACR-165":"The app doesn't provide sufficient information for the following in the shopping cart: 1. What will the price be in the auto-renewal payment given the first payment is a discounted price. 2. when the user receives a notification for renewal.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"data-recovery.exe","isInstaller":"True","companyName":"                                                            ","productName":"                                                            ","productVersion":"1.5.10                                            ","fileVersion":"1.5.10              ","hashMD5":"8d7f8d03fa283401c7e79c40155e9259","hashSHA1":"e0353fd3c2038740a78d4b58ee63e75880f2e017","hashSHA256":"a259609e7d07a44eba1cdcf960cae0a11fd9b0d520b8b465c5696789e77abff2","digitalCertThumbprint":"52F49981677411BC8FC35A53980F4423E42E2316","digitalCertIssuer":"GlobalSign CodeSigning CA - SHA256 - G3","digitalCertIssuedTo":"Keysun Software Co.Ltd","storeId":"","sourceIndex":"656","avBlockList":["Bitdefender Internet Security (20260129)","ESET Internet Security (20260129)","G DATA INTERNET SECURITY (20260129)","K7 Total Security (20260129)","Malwarebytes Premium (20260129)","Sophos Home Premium (20260129)","SpyHunter5 (20260129)","VIPRE Advanced Security (20260129)","VirIT eXplorer PRO (20260129)","Webroot SecureAnywhere (20260129)","Windows Defender (20260129)"],"avAllowList":["360 Total Security (20260129)","Avast Premium Security (20260129)","AVG Internet Security (20260129)","Avira Internet Security (20260129)","COMODO Antivirus (20260129)","Dr.Web Security Space (20260129)","Kaspersky Internet Security (20240530)","McAfee Total Protection (20260129)","Norton Security (20260129)","Panda Dome (20260129)","Quick Heal Internet Security (20260129)","Total AV Antivirus Pro (20260129)","Trend Micro Internet Security (20260129)","FortectPremium (20260129)","KasperskyPremium (20260129)"]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on windows app","reference":"","landingPage":"https://www.apeaksoft.com/data-recovery/","directDownloadingLink":"https://downloads.apeaksoft.com/data-recovery.exe?_ga=2.142746421.1429374740.1712918955-946157535.1712918949","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://downloads.apeaksoft.com/data-recovery.exe?_ga=2.142746421.1429374740.1712918955-946157535.1712918949","sourceIndex":"656"}],"sampleFiles":["240416/ApeaksoftDataRecovery-240412/1.6.8/Samples/data-recovery.exe"],"imageFiles":["240416/ApeaksoftDataRecovery-240412/1.6.8/Images/ACR-046/ACR-046.PNG","240416/ApeaksoftDataRecovery-240412/1.6.8/Images/ACR-046/ACR-046_1.PNG","240416/ApeaksoftDataRecovery-240412/1.6.8/Images/ACR-048/ACR-048.PNG","240416/ApeaksoftDataRecovery-240412/1.6.8/Images/ACR-004/ACR-004.PNG","240416/ApeaksoftDataRecovery-240412/1.6.8/Images/ACR-004/ACR-004_1.PNG","240416/ApeaksoftDataRecovery-240412/1.6.8/Images/ACR-165/ACR-165.PNG"],"nonDeceptorImageFiles":[],"guid":"872a6525-c991-430c-803b-f4e66739b75b_1.6.8_1","appID":"ApeaksoftDataRecovery-240412","dateAdded":"260127","deceptorType":"App","name":"Apeaksoft Data Recovery","company":"Apeaksoft Studio","version":"1.6.8","lastKnownStatus":"1.6.8;1.6.10;3.0.32","lastKnownDate":"260127","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10,Windows 11","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2026-01-27T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":3,"sortOrder":143},{"violations":{"ACR-046":"Collecting data via \"Join customer experience improvement program\" is checked by default and not visible to the user by default. No relevant disclosure of what data it collects.\n","ACR-048":"The app does not provide any control to cancel the installation.\n","ACR-004":"The application doesn't provide a free fix (recovery) instead offering a subscription that the user needs to pay to fix it.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components on the device without the consumer's consent or notifying the user.\n","ACR-165":"The app doesn't provide sufficient information for the following in the shopping cart: 1. What will the price be in the auto-renewal payment given the first payment is a discounted price. 2. when the user receives a notification for renewal.\n"},"nonDeceptorViolations":{"ACR-040":"The app drops some of its components in a hidden folder.\n"},"samples":[{"isRevoked":"False","fileName":"data-recovery.exe","isInstaller":"True","companyName":"                                                            ","productName":"                                                            ","productVersion":"1.5.10                                            ","fileVersion":"1.5.10              ","hashMD5":"8d7f8d03fa283401c7e79c40155e9259","hashSHA1":"e0353fd3c2038740a78d4b58ee63e75880f2e017","hashSHA256":"a259609e7d07a44eba1cdcf960cae0a11fd9b0d520b8b465c5696789e77abff2","digitalCertThumbprint":"52F49981677411BC8FC35A53980F4423E42E2316","digitalCertIssuer":"GlobalSign CodeSigning CA - SHA256 - G3","digitalCertIssuedTo":"Keysun Software Co.Ltd","storeId":"","sourceIndex":"645","avBlockList":["Bitdefender Internet Security (20260129)","ESET Internet Security (20260129)","G DATA INTERNET SECURITY (20260129)","K7 Total Security (20260129)","Malwarebytes Premium (20260129)","Sophos Home Premium (20260129)","SpyHunter5 (20260129)","VIPRE Advanced Security (20260129)","VirIT eXplorer PRO (20260129)","Webroot SecureAnywhere (20260129)","Windows Defender (20260129)"],"avAllowList":["360 Total Security (20260129)","Avast Premium Security (20260129)","AVG Internet Security (20260129)","Avira Internet Security (20260129)","COMODO Antivirus (20260129)","Dr.Web Security Space (20260129)","Kaspersky Internet Security (20240530)","McAfee Total Protection (20260129)","Norton Security (20260129)","Panda Dome (20260129)","Quick Heal Internet Security (20260129)","Total AV Antivirus Pro (20260129)","Trend Micro Internet Security (20260129)","FortectPremium (20260129)","KasperskyPremium (20260129)"]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on windows app","reference":"","landingPage":"https://www.apeaksoft.com/data-recovery/","directDownloadingLink":"https://downloads.apeaksoft.com/data-recovery.exe?_ga=2.29372479.1492447044.1714740693-1013274559.1714740693","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://downloads.apeaksoft.com/data-recovery.exe?_ga=2.29372479.1492447044.1714740693-1013274559.1714740693","sourceIndex":"645"}],"sampleFiles":["240512/ApeaksoftDataRecovery-240412/1.6.10/Samples/data-recovery.exe"],"imageFiles":["240512/ApeaksoftDataRecovery-240412/1.6.10/Images/ACR-046/ACR-046.PNG","240512/ApeaksoftDataRecovery-240412/1.6.10/Images/ACR-046/ACR-046_1.PNG","240512/ApeaksoftDataRecovery-240412/1.6.10/Images/ACR-048/ACR-048.PNG","240512/ApeaksoftDataRecovery-240412/1.6.10/Images/ACR-004/ACR-004.PNG","240512/ApeaksoftDataRecovery-240412/1.6.10/Images/ACR-004/ACR-004_1.PNG","240512/ApeaksoftDataRecovery-240412/1.6.10/Images/ACR-118/ACR-118.PNG","240512/ApeaksoftDataRecovery-240412/1.6.10/Images/ACR-165/ACR-165.PNG"],"nonDeceptorImageFiles":["240512/ApeaksoftDataRecovery-240412/1.6.10/Images/ACR-040/ACR-040.PNG","240512/ApeaksoftDataRecovery-240412/1.6.10/Images/ACR-040/ACR-040_1.PNG"],"guid":"872a6525-c991-430c-803b-f4e66739b75b_1.6.10_1","appID":"ApeaksoftDataRecovery-240412","dateAdded":"260127","deceptorType":"App","name":"Apeaksoft Data Recovery","company":"Apeaksoft Studio","version":"1.6.10","lastKnownStatus":"1.6.8;1.6.10;3.0.32","lastKnownDate":"260127","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10,Windows 11","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2026-01-27T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":3,"sortOrder":142},{"violations":{"ACR-004":"The application doesn't provide a free fix (recovery) instead offering a subscription that the user needs to pay to fix it.\n","ACR-165":"The app doesn't provide sufficient information for the following in the shopping cart: 1. What will the price be in the auto-renewal payment given the first payment is a discounted price. 2. when the user receives a notification for renewal.\n"},"nonDeceptorViolations":{"ACR-045":"\"Free Download\" highlights \"Free\" misleads user. The functionality that requires consumer payment in order to be activated needs to be marked clearly in landing page. Otherwise app should remove \"free\" word.\n","ACR-161":"The landing page currently shows featured endorsements and user reviews without links to the original sources.\n"},"samples":[{"isRevoked":"False","fileName":"data-recovery-for-mac.dmg","isInstaller":"True","hashMD5":"c503c9ed531b8650f9623b83c974de0e","hashSHA1":"4ef89bef3ba64cc620ea87fbc71f24d7599ead18","hashSHA256":"6020e00adf310577990a76bea116c53c44ec911df19175c8717bbf4cd316753b","sourceIndex":"132","avBlockList":["Avast Security for Mac (20260414)","Avira Security for Mac (20260414)","ESET Cyber Security Pro for Mac (20260414)","McAfee Internet Security for Mac (20260414)","Norton Security for Mac (20260414)","Sophos Home Premium For Mac (20260414)","SpyHunterforMac (20260414)","Trend Micro Antivirus for Mac (20260414)"],"avAllowList":["Bitdefender Antivirus for Mac (20260414)","G DATA AntiVirus for Mac (20260414)","K7 Antivirus for Mac (20260414)","Kaspersky Internet Security for Mac (20260414)"]},{"isRevoked":"False","fileName":"Loader","fileVersion":"10.7.0","hashMD5":"113587c9f724f6a01aed7543d4c83a14","hashSHA1":"75c6b24b6c352e553788f3d522815da6cba20347","hashSHA256":"207be36b96f27c6e1e10e444427652be0eb9c53d2c7509b3ba5e2fecef334be0","sourceIndex":"132","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"https://www.apeaksoft.com/data-recovery/","landingPage":"https://www.apeaksoft.com/data-recovery/","directDownloadingLink":"https://downloads.apeaksoft.com/mac/data-recovery-for-mac.dmg?_ga=2.202845841.1268215733.1769426027-1338123417.1769426027","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://downloads.apeaksoft.com/mac/data-recovery-for-mac.dmg?_ga=2.202845841.1268215733.1769426027-1338123417.1769426027","sourceIndex":"132"}],"sampleFiles":["260127/ApeaksoftMacDataRecovery-260127/1.6.26/Samples/data-recovery-for-mac.dmg","260127/ApeaksoftMacDataRecovery-260127/1.6.26/Samples/Loader"],"imageFiles":["260127/ApeaksoftMacDataRecovery-260127/1.6.26/Images/ACR-004/app3.png","260127/ApeaksoftMacDataRecovery-260127/1.6.26/Images/ACR-004/Purchase Data Recovery for Mac.png","260127/ApeaksoftMacDataRecovery-260127/1.6.26/Images/ACR-165/Purchase Data Recovery for Mac.png"],"nonDeceptorImageFiles":["260127/ApeaksoftMacDataRecovery-260127/1.6.26/Images/ACR-045/ACR-045_1.png","260127/ApeaksoftMacDataRecovery-260127/1.6.26/Images/ACR-161/ACR-161_1.png","260127/ApeaksoftMacDataRecovery-260127/1.6.26/Images/ACR-161/ACR-161_2.png"],"guid":"76d22d2e-0cd0-4bd8-9d4d-ab0ad33f6a1d_1.6.26_1","appID":"ApeaksoftMacDataRecovery-260127","dateAdded":"260127","deceptorType":"MacOS App","name":"Apeaksoft Data Recovery for Mac","company":"Apeaksoft Studio","version":"1.6.26","lastKnownDate":"260127","type":"MacOS App","lastUpdate":"2026-01-27T19:31:11.6491683+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":140},{"violations":{"ACR-046":"Collecting data via \"Join customer experience improvement program\" is checked by default and not visible to the user by default. No relevant disclosure of what data it collects.\n","ACR-048":"The app does not provide any control to cancel the installation.\n","ACR-004":"The application doesn't provide a free fix (recovery) instead offering a subscription that the user needs to pay to fix it.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components on the device without the consumer's consent or notifying the user.\n","ACR-165":"The app doesn't provide sufficient information for the following in the shopping cart: 1. What will the price be in the auto-renewal payment given the first payment is a discounted price. 2. when the user receives a notification for renewal.\n"},"nonDeceptorViolations":{"ACR-040":"The app drops some of its components in a hidden folder.\n","ACR-045":"\"Free Download\" highlights \"Free\" misleads user. The functionality that requires consumer payment in order to be activated needs to be marked clearly in landing page. Otherwise app should remove \"free\" word.\n","ACR-161":"The landing page currently shows featured endorsements and user reviews without links to the original sources.\n"},"samples":[{"isRevoked":"False","fileName":"Apeaksoft%20Data%20Recovery.exe","companyName":"Apeaksoft","productName":"Apeaksoft Data Recovery","productVersion":"3.0.32.158400","fileVersion":"3.0.32.158400","hashMD5":"0788d9e304b9fb4d6246ca034456ae49","hashSHA1":"2d6342f7b5d033906cdcc148ae7ea50a5f0debbe","hashSHA256":"4728015b6d75b4810f1fbae9ab9b07a86e57b58fe4a70dd8d3baba7499d04c56","digitalCertThumbprint":"EF69F68F657DB7A9D160358470C1DCE76238DA98","digitalCertIssuer":"CN=GlobalSign GCC R45 CodeSigning CA 2020, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"CN=\"Keysun Software Co.,Ltd\", O=\"Keysun Software Co.,Ltd\", L=Nanjing, S=Jiangsu, C=CN","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"133","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"data-recovery.exe","isInstaller":"True","productVersion":"2.1.16","fileVersion":"2.1.16","hashMD5":"497c7ca1775ddc8372839daa858a72b9","hashSHA1":"4176e8b5fcc5056529fdd66097ba10c11676ca4a","hashSHA256":"ee267e78c3c01f95d4ae36cf1b449acdf0d35e7cc6cca1067951eaa7985fab57","digitalCertThumbprint":"EF69F68F657DB7A9D160358470C1DCE76238DA98","digitalCertIssuer":"CN=GlobalSign GCC R45 CodeSigning CA 2020, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"CN=\"Keysun Software Co.,Ltd\", O=\"Keysun Software Co.,Ltd\", L=Nanjing, S=Jiangsu, C=CN","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"133","avBlockList":["Avast Premium Security (20260421)","AVG Internet Security (20260421)","Avira Internet Security (20260421)","ESET Internet Security (20260421)","FortectPremium (20260421)","K7 Total Security (20260421)","Malwarebytes Premium (20260421)","Norton Security (20260421)","Panda Dome (20260421)","Quick Heal Internet Security (20260421)","Sophos Home Premium (20260421)","SpyHunter5 (20260421)","Total AV Antivirus Pro (20260421)","VirIT eXplorer PRO (20260421)","Webroot SecureAnywhere (20260421)"],"avAllowList":["360 Total Security (20260421)","Bitdefender Internet Security (20260421)","COMODO Antivirus (20260421)","Dr.Web Security Space (20260421)","G DATA INTERNET SECURITY (20260421)","KasperskyPremium (20260421)","McAfee Total Protection (20260421)","Trend Micro Internet Security (20260421)","VIPRE Advanced Security (20260421)","Windows Defender (20260421)"]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on windows app","reference":"","landingPage":"https://www.apeaksoft.com/data-recovery/","directDownloadingLink":"https://downloads.apeaksoft.com/data-recovery.exe?_ga=2.214083671.1709733589.1769401040-1056578096.1769401040","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://downloads.apeaksoft.com/data-recovery.exe?_ga=2.214083671.1709733589.1769401040-1056578096.1769401040","sourceIndex":"133"}],"sampleFiles":["260127/ApeaksoftDataRecovery-240412/3.0.32/Samples/Apeaksoft%20Data%20Recovery.exe","260127/ApeaksoftDataRecovery-240412/3.0.32/Samples/data-recovery.exe"],"imageFiles":["260127/ApeaksoftDataRecovery-240412/3.0.32/Images/ACR-046/install1.png","260127/ApeaksoftDataRecovery-240412/3.0.32/Images/ACR-046/install2.png","260127/ApeaksoftDataRecovery-240412/3.0.32/Images/ACR-048/install3.png","260127/ApeaksoftDataRecovery-240412/3.0.32/Images/ACR-004/app7.png","260127/ApeaksoftDataRecovery-240412/3.0.32/Images/ACR-004/Purchase Apeaksoft Data Recovery.png","260127/ApeaksoftDataRecovery-240412/3.0.32/Images/ACR-118/ACR-118.png","260127/ApeaksoftDataRecovery-240412/3.0.32/Images/ACR-165/Purchase Apeaksoft Data Recovery.png","260127/ApeaksoftDataRecovery-240412/3.0.32/Images/ACR-165/Checkout - Your online payment solution.png"],"nonDeceptorImageFiles":["260127/ApeaksoftDataRecovery-240412/3.0.32/Images/ACR-040/ACR-118.png","260127/ApeaksoftDataRecovery-240412/3.0.32/Images/ACR-045/ACR-045_1.png","260127/ApeaksoftDataRecovery-240412/3.0.32/Images/ACR-161/ACR-161_1.png","260127/ApeaksoftDataRecovery-240412/3.0.32/Images/ACR-161/ACR-161_2.png"],"guid":"872a6525-c991-430c-803b-f4e66739b75b_3.0.32_1","appID":"ApeaksoftDataRecovery-240412","dateAdded":"260127","deceptorType":"App","name":"Apeaksoft Data Recovery","company":"Apeaksoft Studio","version":"3.0.32","lastKnownStatus":"1.6.8;1.6.10;3.0.32","lastKnownDate":"260127","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10,Windows 11","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2026-01-27T19:29:07.1396823+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":3,"sortOrder":141},{"violations":{"ACR-048":"The app does not provide clear control to decline the recommended offer.\n","ACR-013":"During installation, the user is interrupted by non-consented offer to silently install unrelated software.\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software.\n","ACR-057":"The app does not provide a clear way to accept and decline optional offers.\n","ACR-014":"The OBS installer installs a software that is different from what is advertised on the website. Instead, it launches Softcross and includes preselected recommended software.\n","ACR-059":"The Offer is not clearly marked as an offer. It is unclear who is recommending the offer.\n","ACR-155":"Offers is designed to look like part of the install workflow.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"OBS%20loader%20starter.exe","isInstaller":"True","companyName":"EEF                                                         ","productName":"OBSream","productVersion":"3.8","hashMD5":"58c8e6efd3b9c9d6c9e0f8d88f665f61","hashSHA1":"135e43c252bade7356782fa0cede6deb318e8229","hashSHA256":"2eccbf908d2cedefa3a50d62e79a4659d07f29e2a579f761e52903d73d433d9c","digitalCertThumbprint":"925910EDB5C1577F4417FA374F6F2FF794847483","digitalCertIssuer":"CN=GlobalSign GCC R45 EV CodeSigning CA 2020, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"CN=ИП Чуйко Дмитрий Александрович, O=ИП Чуйко Дмитрий Александрович, L=Санкт-Петербург, S=Санкт-Петербург, C=RU, OID.1.3.6.1.4.1.311.60.2.1.2=Saint Petersburg, OID.1.3.6.1.4.1.311.60.2.1.3=RU, SERIALNUMBER=325784700214134, OID.2.5.4.15=Business Entity","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"135","avBlockList":["360 Total Security (20260409)","Avast Premium Security (20260409)","AVG Internet Security (20260409)","Avira Internet Security (20260409)","Bitdefender Internet Security (20260409)","COMODO Antivirus (20260409)","Dr.Web Security Space (20260409)","ESET Internet Security (20260409)","FortectPremium (20260409)","G DATA INTERNET SECURITY (20260409)","K7 Total Security (20260409)","KasperskyPremium (20260409)","Malwarebytes Premium (20260409)","McAfee Total Protection (20260409)","Norton Security (20260409)","Panda Dome (20260409)","Quick Heal Internet Security (20260409)","Sophos Home Premium (20260409)","SpyHunter5 (20260409)","Total AV Antivirus Pro (20260409)","Trend Micro Internet Security (20260409)","VIPRE Advanced Security (20260409)","VirIT eXplorer PRO (20260409)","Webroot SecureAnywhere (20260409)","Windows Defender (20260409)"],"avAllowList":[]},{"isRevoked":"False","fileName":"progs.exe","companyName":"Artiesy","productName":"selauncher","productVersion":"1.0.0","fileVersion":"1.0.0","hashMD5":"02efc23b2fe4c9cd461645e446435583","hashSHA1":"b3f5572a196fee0c3e8d37c41587995a25185371","hashSHA256":"3fa12f30a0acbf48939e62d33235c2522443f030c9c3612039939dbb7ea9a752","digitalCertThumbprint":"925910EDB5C1577F4417FA374F6F2FF794847483","digitalCertIssuer":"CN=GlobalSign GCC R45 EV CodeSigning CA 2020, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"CN=ИП Чуйко Дмитрий Александрович, O=ИП Чуйко Дмитрий Александрович, L=Санкт-Петербург, S=Санкт-Петербург, C=RU, OID.1.3.6.1.4.1.311.60.2.1.2=Saint Petersburg, OID.1.3.6.1.4.1.311.60.2.1.3=RU, SERIALNUMBER=325784700214134, OID.2.5.4.15=Business Entity","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"135","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"deceptor report","reference":"","landingPage":"https://obs.automaqv.com/","directDownloadingLink":"https://cdn.automaqv.com/OBS%20loader%20starter.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://cdn.automaqv.com/OBS%20loader%20starter.exe","sourceIndex":"135"}],"sampleFiles":["260119/OBSream-260109/3.8/Samples/OBS%20loader%20starter.exe","260119/OBSream-260109/3.8/Samples/progs.exe"],"imageFiles":["260119/OBSream-260109/3.8/Images/ACR-048/ACR-048_Install_1.png","260119/OBSream-260109/3.8/Images/ACR-013/ACR-013_Install_1.png","260119/OBSream-260109/3.8/Images/ACR-014/ACR-014_Software_2.png","260119/OBSream-260109/3.8/Images/ACR-014/ACR-014_Software_1.png","260119/OBSream-260109/3.8/Images/ACR-057/ACR-057_Bundler-made offers_1.png","260119/OBSream-260109/3.8/Images/ACR-059/ACR-059_Bundler-made offers_1.png","260119/OBSream-260109/3.8/Images/ACR-060/ACR-060_Bundler-made offers_1.png","260119/OBSream-260109/3.8/Images/ACR-155/ACR-155_Bundler-made offers_1.png"],"nonDeceptorImageFiles":[],"guid":"efdb534a-ebd7-4f25-bb7e-2cfeaff87d32_3.8_1","appID":"OBSream-260109","dateAdded":"260119","deceptorType":"App","name":"OBSream","company":"EEF","version":"3.8","lastKnownDate":"260119","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10,Windows 11","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"install offers","lastUpdate":"2026-01-19T19:59:44.6693043+00:00","notDistributed":false,"familyName":"SpoofedOBSStudio","numInFamily":2,"numInAppID":1,"sortOrder":144},{"violations":{"ACR-048":" The app does not provide a clear way control to quit the background process completely within the app settings.\n","ACR-004":"The app differentiates urgency with color and presents numerical claims without substantiation.\n","ACR-084":"Quitting the app leaves a background process running without any notification to the user.\n","ACR-071":"The shopping cart contains additional item(Premium Support) that is pre-selected without prior disclosure. \n","ACR-014":"The app presents unsubstantiated claims. The labels associated with the numbers displayed are confusing and do not clearly indicate what they refer to. The wording “Not set as recommended” is unclear and misleading, as it refers to items that have not been cleaned, even though the settings themselves have been restored to the recommended configuration.\n"},"nonDeceptorViolations":{"ACR-161":"The landing page includes testimonials that lack links to verifiable sources.\n","ACR-017":"The 3rd-party endorsements do not link to its source for verification.\n"},"samples":[{"isRevoked":"False","fileName":"gclean-setup.exe","isInstaller":"True","companyName":"Abelssoft                                                   ","productName":"GClean","productVersion":"1.0.0.0","fileVersion":"1.0.0.0","hashMD5":"3a056f41ec2f3bdd682d7667f68e60a6","hashSHA1":"79f5be6d9278e3543e550b77c2c15e338770b3f7","hashSHA256":"9618f852b1df621c4ad8bd02edb691c982f24dd380a91f58f73ecb099e471d13","digitalCertThumbprint":"763F3E747842B5897FA93EAEF407C87BBD63F0C5","digitalCertIssuer":"CN=GlobalSign GCC R45 EV CodeSigning CA 2020, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"CN=Ascora GmbH, O=Ascora GmbH, STREET=Birkenallee 43, L=Ganderkesee, S=Niedersachsen, C=DE, OID.1.3.6.1.4.1.311.60.2.1.1=Oldenburg (Oldenburg), OID.1.3.6.1.4.1.311.60.2.1.2=Niedersachsen, OID.1.3.6.1.4.1.311.60.2.1.3=DE, SERIALNUMBER=HRB 201973, OID.2.5.4.15=Private Organization","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"111","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"GClean.exe","productName":"GClean","productVersion":"1.0.0.0","fileVersion":"1.0.0.0","hashMD5":"a30eb15e874f0902c5b4db8042906614","hashSHA1":"53544d8eb0417bb916bc53facdfc37ee50f8edf5","hashSHA256":"8fbd4412ef79a12a2c6f7256ce0fcf40768b7bcdb86dd6d53ec5cd007db881d3","digitalCertThumbprint":"763F3E747842B5897FA93EAEF407C87BBD63F0C5","digitalCertIssuer":"CN=GlobalSign GCC R45 EV CodeSigning CA 2020, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"CN=Ascora GmbH, O=Ascora GmbH, STREET=Birkenallee 43, L=Ganderkesee, S=Niedersachsen, C=DE, OID.1.3.6.1.4.1.311.60.2.1.1=Oldenburg (Oldenburg), OID.1.3.6.1.4.1.311.60.2.1.2=Niedersachsen, OID.1.3.6.1.4.1.311.60.2.1.3=DE, SERIALNUMBER=HRB 201973, OID.2.5.4.15=Private Organization","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"111","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"random search","reference":"","landingPage":"","directDownloadingLink":"https://www.abelssoft.de/gclean-setup.exe","ipv4":"","ipv6":"","landingPageWildChar":"","directDownloadingLinkWildChar":"https://www.abelssoft.de/gclean-setup.exe","sourceIndex":"111"}],"sampleFiles":["260115/GClean-260114/225.02/Samples/gclean-setup.exe","260115/GClean-260114/225.02/Samples/GClean.exe"],"imageFiles":["260115/GClean-260114/225.02/Images/ACR-004/ACR-004_Software_1.png","260115/GClean-260114/225.02/Images/ACR-004/ACR-004_Software_2.png","260115/GClean-260114/225.02/Images/ACR-084/ACR-084_Software_1.png","260115/GClean-260114/225.02/Images/ACR-048/ACR-048_Software_1.png","260115/GClean-260114/225.02/Images/ACR-048/ACR-048_Software_2.png","260115/GClean-260114/225.02/Images/ACR-014/ACR-014_Software_1.png","260115/GClean-260114/225.02/Images/ACR-014/ACR-014_Software_2.png","260115/GClean-260114/225.02/Images/ACR-071/ACR-071_Internal offers_1.png"],"nonDeceptorImageFiles":["260115/GClean-260114/225.02/Images/ACR-017/ACR-017_Landing page_1.png","260115/GClean-260114/225.02/Images/ACR-161/ACR-161_Landing page_1.png"],"guid":"548750de-1d1b-418f-9f95-de575e26bd4a_225.02_1","appID":"GClean-260114","dateAdded":"260115","deceptorType":"App","name":"GClean","company":"Abelssoft","version":"225.02","firstVendorContactDate":"260115","firstAppEsteemReplyDate":"260115","firstResolvedDate":"260320","resolved":"TRUE","lastKnownStatus":"225.02","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10,Windows 11","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,paid","lastUpdate":"2026-03-20T19:40:30.0289875+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":146},{"violations":{"ACR-048":"The app didn't provide control to enable/disable the \"Internet Traffic sharing\" process.\n","ACR-007":"The app does not obtain user consent which reduces the consumer's security posture caused by selling the user's traffic and performing monetization.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"Launcher","fileVersion":"10.14.0","hashMD5":"775cce409b9c3700f2e24b3ea1d5cdd1","hashSHA1":"10cb575e429bc98ae9906f676fd5ba4a1e8757ef","hashSHA256":"43fb203f4ef5958ce85655fef5bb9226b4b4f8bf0c0d593ba20c6675ab9669bc","sourceIndex":"137","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"traffmonetizer","fileVersion":"10.14.0","hashMD5":"dc3b5b2235ec88ace2c2bb9d61f22c9b","hashSHA1":"435472aa1d89bc40bc3179d0e707a49aeb779436","hashSHA256":"dbaed04ad0dbeacd6f7331945ab0f3d2073fe30ea9d5e3c7bae8f0007a37660c","sourceIndex":"137","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"traffmonetizer.dmg","isInstaller":"True","hashMD5":"732c3a882586e94263845e18e07490bc","hashSHA1":"45f763a2c4dc10ec2f4e2429b839194e5e7e6037","hashSHA256":"e521a6e0103d15fba01c9256ba62290ff93ae693fb8fc4afbb56fd259737334c","sourceIndex":"137","avBlockList":["Avast Security for Mac (20260414)","Avira Security for Mac (20260414)","Bitdefender Antivirus for Mac (20260414)","ESET Cyber Security Pro for Mac (20260414)","G DATA AntiVirus for Mac (20260414)","Kaspersky Internet Security for Mac (20260414)","McAfee Internet Security for Mac (20260414)","Norton Security for Mac (20260414)","Sophos Home Premium For Mac (20260414)","SpyHunterforMac (20260414)","Trend Micro Antivirus for Mac (20260414)"],"avAllowList":["K7 Antivirus for Mac (20260414)"]}],"additionalFiles":[],"sources":[{"howFound":"https://traffmonetizer.com","reference":"","landingPage":"https://traffmonetizer.com","directDownloadingLink":"https://data.traffmonetizer.com/downloads/macos/traffmonetizer.dmg","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://data.traffmonetizer.com/downloads/macos/traffmonetizer.dmg","sourceIndex":"137"}],"sampleFiles":["260114/TraffmonetizerMac-260113/1.2.0/Samples/Launcher","260114/TraffmonetizerMac-260113/1.2.0/Samples/traffmonetizer","260114/TraffmonetizerMac-260113/1.2.0/Samples/traffmonetizer.dmg"],"imageFiles":["260114/TraffmonetizerMac-260113/1.2.0/Images/ACR-007/app1.png","260114/TraffmonetizerMac-260113/1.2.0/Images/ACR-007/install.png","260114/TraffmonetizerMac-260113/1.2.0/Images/ACR-048/service_stopped1.png"],"nonDeceptorImageFiles":[],"guid":"cf295f05-cedf-4d09-b306-3fd7b3974d6b_1.2.0_1","appID":"TraffmonetizerMac-260113","dateAdded":"260114","deceptorType":"MacOS App","name":"TraffMonetizer","company":"TraffMonetizer","version":"1.2.0","lastKnownStatus":"1.2.0","lastKnownDate":"260114","type":"MacOS App","category":"Business Developer Tools","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Adults only","monetization":"mining","lastUpdate":"2026-01-14T22:26:19.5801476+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":147},{"violations":{"ACR-004":"The app does not offer a free trial and instead requires a paid subscription to resolve the issue.\n","ACR-118":"After uninstall, it retains some executables and its other components.\n","ACR-014":"1. The app’s website states “Try It Free,” but there is no free trial. Resolving the issue requires a paid subscription.\n2. The uninstall button is greyed out, making it appear disabled.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"ScreenUnlockSetup_1111_2_0_0_6%20(1).exe","isInstaller":"True","companyName":"TECHVISTA Co., Ltd.","productName":"PcGoGo Screen Unlock","productVersion":"2.0.0.6","fileVersion":"2.0.0.6","hashMD5":"4c7ac51d61617d27ec815f0b4fbdd555","hashSHA1":"a4fc69a9c80bfecdc5555d460dca7dd2ae7a38e4","hashSHA256":"27f41d78146a562175c428b66c6be7320a29a7070931e6eb8e6cf5790e0ca745","digitalCertThumbprint":"77DE2D3F676105EEC6D3E857B0DC528E8B64F852","digitalCertIssuer":"CN=GlobalSign GCC R45 EV CodeSigning CA 2020, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"CN=TechVista Company Limited, O=TechVista Company Limited, L=Yau Tsim Mong, S=Kowloon, C=HK, OID.1.3.6.1.4.1.311.60.2.1.3=HK, SERIALNUMBER=76926044, OID.2.5.4.15=Private Organization","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"139","avBlockList":["360 Total Security (20260331)","Avast Premium Security (20260331)","AVG Internet Security (20260331)","Avira Internet Security (20260331)","ESET Internet Security (20260331)","FortectPremium (20260331)","K7 Total Security (20260331)","Malwarebytes Premium (20260331)","Norton Security (20260331)","Panda Dome (20260331)","Quick Heal Internet Security (20260331)","Sophos Home Premium (20260331)","SpyHunter5 (20260331)","Total AV Antivirus Pro (20260331)","VirIT eXplorer PRO (20260331)","Webroot SecureAnywhere (20260331)"],"avAllowList":["Bitdefender Internet Security (20260331)","COMODO Antivirus (20260331)","Dr.Web Security Space (20260331)","G DATA INTERNET SECURITY (20260331)","KasperskyPremium (20260331)","McAfee Total Protection (20260331)","Trend Micro Internet Security (20260331)","VIPRE Advanced Security (20260331)","Windows Defender (20260331)"]},{"isRevoked":"False","fileName":"ScreenUnlock.exe","companyName":"TECHVISTA Co., Ltd.","productName":"PcGoGo Screen Unlock","productVersion":"2.0.0.6","fileVersion":"2.0.0.6","hashMD5":"87670898a4b39c5221c493001c2f3890","hashSHA1":"41d370f9958c434871c7913188abfa422d8d82ad","hashSHA256":"0577cc46312c7364ce25b53a9f9926d354a424182a6a86268249130083fcac6a","digitalCertThumbprint":"77DE2D3F676105EEC6D3E857B0DC528E8B64F852","digitalCertIssuer":"CN=GlobalSign GCC R45 EV CodeSigning CA 2020, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"CN=TechVista Company Limited, O=TechVista Company Limited, L=Yau Tsim Mong, S=Kowloon, C=HK, OID.1.3.6.1.4.1.311.60.2.1.3=HK, SERIALNUMBER=76926044, OID.2.5.4.15=Private Organization","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"139","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.search","reference":"","landingPage":"https://www.pcgogo.com/screen-unlock","directDownloadingLink":"https://file1.pcgogo.com/soft_intl/ScreenUnlockSetup/2_0_0_6/ScreenUnlockSetup_1111_2_0_0_6.exe?_gl=1*1fdwxhf*_gcl_au*MTY1NjI3MDg3Ny4xNzYyODEyMjYz","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://file1.pcgogo.com/soft_intl/ScreenUnlockSetup/2_0_0_6/ScreenUnlockSetup_1111_2_0_0_6.exe?_gl=1*1fdwxhf*_gcl_au*MTY1NjI3MDg3Ny4xNzYyODEyMjYz","sourceIndex":"139"}],"sampleFiles":["260105/PcGoGoScreenUnlock-260102/2.0.0.6/Samples/ScreenUnlockSetup_1111_2_0_0_6%20(1).exe","260105/PcGoGoScreenUnlock-260102/2.0.0.6/Samples/ScreenUnlock.exe"],"imageFiles":["260105/PcGoGoScreenUnlock-260102/2.0.0.6/Images/ACR-004/ACR-004_Software_2.png","260105/PcGoGoScreenUnlock-260102/2.0.0.6/Images/ACR-004/ACR-004_Software_1.jpeg","260105/PcGoGoScreenUnlock-260102/2.0.0.6/Images/ACR-004/ACR-004_Software_3.jpeg","260105/PcGoGoScreenUnlock-260102/2.0.0.6/Images/ACR-014/ACR-014_Software_1.png","260105/PcGoGoScreenUnlock-260102/2.0.0.6/Images/ACR-014/ACR-014_Software_2.png","260105/PcGoGoScreenUnlock-260102/2.0.0.6/Images/ACR-014/ACR-014_Software_3.png","260105/PcGoGoScreenUnlock-260102/2.0.0.6/Images/ACR-118/ACR-118_Uninstall_1.png"],"nonDeceptorImageFiles":[],"guid":"5456afce-0896-4475-9064-41a4379a775f_2.0.0.6_1","appID":"PcGoGoScreenUnlock-260102","dateAdded":"260105","deceptorType":"App","name":"PcGoGo Screen Unlock","company":"TECHVISTA Co., Ltd.","version":"2.0.0.6","lastKnownDate":"260105","type":"Windows Executable","lastUpdate":"2026-01-05T20:09:49.4312724+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":148},{"violations":{"ACR-004":"Application doesn't provide the free fix for the items reported, only allow to remove first 15 items. It requires subscription payment to delete the duplicate items.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"PassFab%20Duplicate%20File%20Deleter","fileVersion":"10.12.0","hashMD5":"41de05f360f20241653641bfe4600bad","hashSHA1":"f2da3b6d84671c5dcf80612e19eb56dd62228764","hashSHA256":"4916ed1a448dce8d9d271f8097356ac9afc1088ddb6e5b724dbe290d90a49d56","sourceIndex":"138","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"passfab-duplicate-file-deleter-mac_11767337995623265901.dmg","isInstaller":"True","hashMD5":"7ce20d9f825a78edabe1b5931721158c","hashSHA1":"897a94f90fce613d8c0c961a75964db04e6c3034","hashSHA256":"0aa727c193892eca783fc4ac67ee68027bf63387c64fe3ed070b9f3fa17978be","sourceIndex":"138","avBlockList":["Avast Security for Mac (20260312)","Avira Security for Mac (20260312)","Norton Security for Mac (20260312)","Sophos Home Premium For Mac (20260312)","SpyHunterforMac (20260312)","Trend Micro Antivirus for Mac (20260312)"],"avAllowList":["Bitdefender Antivirus for Mac (20260312)","ESET Cyber Security Pro for Mac (20260312)","G DATA AntiVirus for Mac (20260312)","K7 Antivirus for Mac (20260312)","Kaspersky Internet Security for Mac (20260312)","McAfee Internet Security for Mac (20260312)"]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"https://www.passfab.net","landingPage":"https://www.passfab.net","directDownloadingLink":"https://download.passfab.net/downloads/passfab-duplicate-file-deleter-mac_4879.dmg?rnclid=11767337995623265901","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://download.passfab.net/downloads/passfab-duplicate-file-deleter-mac_4879.dmg?rnclid=11767337995623265901","sourceIndex":"138"}],"sampleFiles":["260105/PassFabMacDuplicateFile-260102/2.2.6/Samples/PassFab%20Duplicate%20File%20Deleter","260105/PassFabMacDuplicateFile-260102/2.2.6/Samples/passfab-duplicate-file-deleter-mac_11767337995623265901.dmg"],"imageFiles":["260105/PassFabMacDuplicateFile-260102/2.2.6/Images/ACR-004/app7.png","260105/PassFabMacDuplicateFile-260102/2.2.6/Images/ACR-004/Official Buy PassFab Duplicate File Deleter(Mac).png","260105/PassFabMacDuplicateFile-260102/2.2.6/Images/ACR-004/Official Buy PassFab Duplicate File Deleter(Mac)2.png"],"nonDeceptorImageFiles":[],"guid":"99915da2-2322-45cb-ba96-095f36a72116_2.2.6_1","appID":"PassFabMacDuplicateFile-260102","dateAdded":"260105","deceptorType":"MacOS App","name":"PassFab Mac Duplicate File Deleter","company":"PassFab","version":"2.2.6","lastKnownDate":"260105","type":"MacOS App","lastUpdate":"2026-01-05T20:17:22.0212839+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":149},{"violations":{"ACR-004":"The app shows scan results for free, but when the user tries to recover the data, the app requires a purchase of an auto-renewing subscription.\n"},"nonDeceptorViolations":{"ACR-045":"“Free Download\" highlights \"Free\" misleads user. The functionality that requires consumer payment in order to be activated needs to be marked clearly in landing page. Otherwise app should remove \"free\" word.\n","ACR-065":"The install does not display links to the EULA or the Privacy Policy. \nThe app does not display links to the EULA or the Privacy Policy.\n"},"samples":[{"isRevoked":"False","fileName":"mac-data-recovery.dmg","isInstaller":"True","fileVersion":"0.","hashMD5":"a862ed706affa1cdecc58160d7ec0006","hashSHA1":"2f73264a340dc66a1db1d5ddc9fcd1fd34744a6d","hashSHA256":"dd37e8a64d94facc02cb1b5a335a4f1eb8b38c9e596fe341002a2d8c28c93ead","sourceIndex":"547","avBlockList":["Avast Security for Mac (20241210)","Avira Security for Mac (20241210)","Bitdefender Antivirus for Mac (20241210)","ESET Cyber Security Pro for Mac (20241210)","G DATA AntiVirus for Mac (20241210)","Norton Security for Mac (20241210)","Trend Micro Antivirus for Mac (20241210)"],"avAllowList":["K7 Antivirus for Mac (20241210)","Kaspersky Internet Security for Mac (20241210)","McAfee Internet Security for Mac (20241210)","Sophos Home Premium For Mac (20241112)","SpyHunterforMac (20241210)"]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"","landingPage":"https://www.aiseesoft.com/data-recovery/","directDownloadingLink":"https://download.aiseesoft.com/mac/mac-data-recovery.dmg?_gl=1*1maneto*_ga*NzQzNjk4ODk3LjE3MjYxOTQxNTQ.*_ga_M4E51HTXR8*MTcyNjE5NDE1NC4xLjEuMTcyNjE5NTA2MC4wLjAuMA..","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://download.aiseesoft.com/mac/mac-data-recovery.dmg?_gl=1*1maneto*_ga*NzQzNjk4ODk3LjE3MjYxOTQxNTQ.*_ga_M4E51HTXR8*MTcyNjE5NDE1NC4xLjEuMTcyNjE5NTA2MC4wLjAuMA..","sourceIndex":"547"}],"sampleFiles":["240916/AiseesoftMacDataRecovery-240913/1.8.22/Samples/mac-data-recovery.dmg"],"imageFiles":["240916/AiseesoftMacDataRecovery-240913/1.8.22/Images/ACR-004/App3.png","240916/AiseesoftMacDataRecovery-240913/1.8.22/Images/ACR-004/Purchase Aiseesoft Mac Data Recovery.png","240916/AiseesoftMacDataRecovery-240913/1.8.22/Images/ACR-004/offerpage1.png","240916/AiseesoftMacDataRecovery-240913/1.8.22/Images/ACR-004/offerpage2.png"],"nonDeceptorImageFiles":["240916/AiseesoftMacDataRecovery-240913/1.8.22/Images/ACR-065/install.png","240916/AiseesoftMacDataRecovery-240913/1.8.22/Images/ACR-065/App6.png","240916/AiseesoftMacDataRecovery-240913/1.8.22/Images/ACR-065/ACR-065_Software_1.png","240916/AiseesoftMacDataRecovery-240913/1.8.22/Images/ACR-045/Aiseesoft Data Recovery - Best Recovery Tool to Recover Deleted Data2.png"],"guid":"eb49bbe9-deb5-4516-8ff5-d9230b9326d3_1.8.22_1","appID":"AiseesoftMacDataRecovery-240913","dateAdded":"251211","deceptorType":"MacOS App","name":"Aiseesoft Mac Data Recovery","company":"Aiseesoft Studio","version":"1.8.22","lastKnownStatus":"1.8.22;1.8.32","lastKnownDate":"251211","type":"MacOS App","lastUpdate":"2025-12-11T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":151},{"violations":{"ACR-004":"The app shows scan results for free, but when the user tries to recover the data, the app requires a purchase of an auto-renewing subscription.\n"},"nonDeceptorViolations":{"ACR-045":"“Free Download\" highlights \"Free\" misleads user. The functionality that requires consumer payment in order to be activated needs to be marked clearly in landing page. Otherwise app should remove \"free\" word.\n"},"samples":[{"isRevoked":"False","fileName":"mac-data-recovery.dmg","isInstaller":"True","hashMD5":"cd684dda1e4b932a2ead5ad2bc43720f","hashSHA1":"a5f09d08065918367f4055ba42fadfaea56ee93a","hashSHA256":"8d309047642abc5894ae6a47dcabf2fb111a922b8a7d422a3ec35b6e28cb06a6","sourceIndex":"140","avBlockList":["Avast Security for Mac (20260210)","Avira Security for Mac (20260210)","Norton Security for Mac (20260210)","Sophos Home Premium For Mac (20260210)","SpyHunterforMac (20260210)","Trend Micro Antivirus for Mac (20260210)"],"avAllowList":["Bitdefender Antivirus for Mac (20260210)","ESET Cyber Security Pro for Mac (20260210)","G DATA AntiVirus for Mac (20260210)","K7 Antivirus for Mac (20260210)","Kaspersky Internet Security for Mac (20260210)","McAfee Internet Security for Mac (20260210)"]},{"isRevoked":"False","fileName":"Loader","fileVersion":"10.7.0","hashMD5":"4df5c1da97611bbeeaf07669888f69f0","hashSHA1":"606e0124f14e32f8004aafa7789a7b263b840be8","hashSHA256":"7937bae5d8b8828e9f4b97f9259c11f4203d3b95e905ba85b743631c9675c720","sourceIndex":"140","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"crashpad","fileVersion":"10.9.0","hashMD5":"c5e53709a7705c77f015be2eef3ce59a","hashSHA1":"7ff0df72f58c2049facd4f8172608f874a3cf177","hashSHA256":"fd649bf41fb6a60561147d84315460fb09e5489c40ce57980106aedf71a7dad1","sourceIndex":"140","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"Feedback","fileVersion":"10.7.0","hashMD5":"2016d2bb53674778240ba38024f8fd60","hashSHA1":"b8b05acab6e476e81cfb7175dcd94b6bf5d409fd","hashSHA256":"f1decb83c6e60e908f762588f07a92bc41e3d9ce17204069d52c9d6a79953eed","sourceIndex":"140","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"","landingPage":"https://www.aiseesoft.com/data-recovery/","directDownloadingLink":"https://download.aiseesoft.com/mac/mac-data-recovery.dmg?_gl=1*sk1o7h*_ga*NTUzOTcxMDMxLjE3NjUyNzA4MDE.*_ga_M4E51HTXR8*czE3NjUyNzA4MDEkbzEkZzAkdDE3NjUyNzA4MDEkajYwJGwwJGgw","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://download.aiseesoft.com/mac/mac-data-recovery.dmg?_gl=1*sk1o7h*_ga*NTUzOTcxMDMxLjE3NjUyNzA4MDE.*_ga_M4E51HTXR8*czE3NjUyNzA4MDEkbzEkZzAkdDE3NjUyNzA4MDEkajYwJGwwJGgw","sourceIndex":"140"}],"sampleFiles":["251211/AiseesoftMacDataRecovery-240913/1.8.32/Samples/mac-data-recovery.dmg","251211/AiseesoftMacDataRecovery-240913/1.8.32/Samples/Loader","251211/AiseesoftMacDataRecovery-240913/1.8.32/Samples/crashpad","251211/AiseesoftMacDataRecovery-240913/1.8.32/Samples/Feedback"],"imageFiles":["251211/AiseesoftMacDataRecovery-240913/1.8.32/Images/ACR-004/app2.png","251211/AiseesoftMacDataRecovery-240913/1.8.32/Images/ACR-004/offerpage1.png","251211/AiseesoftMacDataRecovery-240913/1.8.32/Images/ACR-004/offerpage3.png"],"nonDeceptorImageFiles":["251211/AiseesoftMacDataRecovery-240913/1.8.32/Images/ACR-045/landingpage.png"],"guid":"eb49bbe9-deb5-4516-8ff5-d9230b9326d3_1.8.32_1","appID":"AiseesoftMacDataRecovery-240913","dateAdded":"251211","deceptorType":"MacOS App","name":"Aiseesoft Mac Data Recovery","company":"Aiseesoft Studio","version":"1.8.32","lastKnownStatus":"1.8.22;1.8.32","lastKnownDate":"251211","type":"MacOS App","lastUpdate":"2025-12-11T20:17:00.5539782+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":150},{"violations":{"ACR-048":"A scheduled task was added without the user's knowledge and the app does not offer any option within an app setting to control it.\n","ACR-084":"Application creates scheduled task to perform auto update without providing option for user to disable it.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains its executables and active scheduled task on the device\n"},"nonDeceptorViolations":{"ACR-040":"Application is installed default in system hidden folder without disclosing it during installation. %Appdata%\n","ACR-065":"There are no links on the software that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\n"},"samples":[{"isRevoked":"False","fileName":"pdfclick.exe","isInstaller":"True","productName":"PDFClick","productVersion":"1.3.0.8","fileVersion":"1.3.0.8","hashMD5":"a03b74158ea440cebe66fab1d6ae2b21","hashSHA1":"eb68d3cd1a9a40cc7b860d5406fa4a20f37399e3","hashSHA256":"09474277051fc387a9b43f7f08a9bf4f6817c24768719b21f9f7163d9c5c8f74","sourceIndex":"141","avBlockList":["360 Total Security (20260303)","Avast Premium Security (20260303)","AVG Internet Security (20260303)","Avira Internet Security (20260303)","Bitdefender Internet Security (20260303)","COMODO Antivirus (20260303)","Dr.Web Security Space (20260303)","ESET Internet Security (20260303)","FortectPremium (20260303)","G DATA INTERNET SECURITY (20260303)","K7 Total Security (20260303)","KasperskyPremium (20260303)","Malwarebytes Premium (20260303)","McAfee Total Protection (20260303)","Norton Security (20260303)","Panda Dome (20260303)","Quick Heal Internet Security (20260303)","Sophos Home Premium (20260303)","SpyHunter5 (20260303)","Total AV Antivirus Pro (20260303)","Trend Micro Internet Security (20260303)","VIPRE Advanced Security (20260303)","VirIT eXplorer PRO (20260303)","Webroot SecureAnywhere (20260303)","Windows Defender (20260303)"],"avAllowList":[]},{"isRevoked":"False","fileName":"PDFClickUpdater.exe","productName":"PDFClickUpdater","productVersion":"1.3.0.10","fileVersion":"1.3.0.10","hashMD5":"0cb13d665df4fa0fb8a401d447d283b0","hashSHA1":"affd57e48a8a6920fcabb9374376c06599e21f81","hashSHA256":"bd06d788b4384dd0d8640129746aa4c0826e63f409743f65000929702a417519","sourceIndex":"141","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"PDFClic%20k.exe","productName":"PDFClick","productVersion":"1.3.0.8","fileVersion":"1.3.0.8","hashMD5":"7f51f7c64126ddfcc94e95281a33de84","hashSHA1":"9b3c16b7d28196766a01e808c1902e20043eacdd","hashSHA256":"644816aec263951f3f66e07d4a064c92b9713daa6fb1e7dddea602a89c243f72","sourceIndex":"141","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"","landingPage":"https://www.pdfclickapp.com","directDownloadingLink":"https://runeton.com/clic?fofk=c231203a-742a-4d11-a329-a3270e1bb11d&_gcl_au=1.1.1447609291.1764728070&lastVisitReport=2025-12-03T02%3A14%3A32.356Z&_ga=GA1.1.407334879.1764728070&_ga_JT8097F7EC=GS2.1.s1764736766%24o3%24g1%24t1764737153%24j2%24l0%24h1838032104","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://runeton.com/clic?fofk=c231203a-742a-4d11-a329-a3270e1bb11d&_gcl_au=1.1.1447609291.1764728070&lastVisitReport=2025-12-03T02%3A14%3A32.356Z&_ga=GA1.1.407334879.1764728070&_ga_JT8097F7EC=GS2.1.s1764736766%24o3%24g1%24t1764737153%24j2%24l0%24h1838032104","sourceIndex":"141"}],"sampleFiles":["251203/PDFClick-251203/1.3.0.8/Samples/pdfclick.exe","251203/PDFClick-251203/1.3.0.8/Samples/PDFClickUpdater.exe","251203/PDFClick-251203/1.3.0.8/Samples/PDFClic%20k.exe"],"imageFiles":["251203/PDFClick-251203/1.3.0.8/Images/ACR-084/schedule task.png","251203/PDFClick-251203/1.3.0.8/Images/ACR-084/app1.png","251203/PDFClick-251203/1.3.0.8/Images/ACR-048/schedule task.png","251203/PDFClick-251203/1.3.0.8/Images/ACR-048/app1.png","251203/PDFClick-251203/1.3.0.8/Images/ACR-118/retained files.png","251203/PDFClick-251203/1.3.0.8/Images/ACR-118/ACR-118_Uninstall_1.png"],"nonDeceptorImageFiles":["251203/PDFClick-251203/1.3.0.8/Images/ACR-040/files.png","251203/PDFClick-251203/1.3.0.8/Images/ACR-040/install1.png","251203/PDFClick-251203/1.3.0.8/Images/ACR-040/install2.png","251203/PDFClick-251203/1.3.0.8/Images/ACR-065/app1.png"],"guid":"83e456a6-a13d-4b72-8fdb-d04718203046_1.3.0.8_1","appID":"PDFClick-251203","dateAdded":"251203","deceptorType":"App","name":"PDFClick","company":"PDFClick","version":"1.3.0.8","lastKnownStatus":"1.3.0.8","lastKnownDate":"251203","type":"Windows Executable","category":"SysTools & Utilities","targetCustomer":"consumer","ageAppropriate":"Adults only","monetization":"none","lastUpdate":"2025-12-03T22:36:35.7934477+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":152},{"violations":{"ACR-042":"Application drops Mysterium node network components and starts running node service before user is presented with Term and agree it. \n","ACR-048":"Application doesn't provide control user to disable/cancel sharing node.\n","ACR-007":"Application installs Mysterium network components without disclosing the potential risks related with sharing network resource (IP/Bandwidth) by joining Mysterium node network, and obtaining user's explicit consent. \n","ACR-084":"Application doesn't provide any visible indication that Mysterium node sharing is active. The node service process keeps running in background without notifying user.\n","ACR-118":"Application leaves its executables in system even it has been uninstalled.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"MysteriumDark-Setup-10.17.10.exe","isInstaller":"True","companyName":"Mysterium Network","productName":"MysteriumDark","productVersion":"10.17.10","fileVersion":"10.17.10","hashMD5":"6b29d0e5e5297f5a8c818c8397826cbd","hashSHA1":"092ba736d424a73bb8173861899f81dd12d472b3","hashSHA256":"dab21a4d5241222cdd1c8fb2d43e41bbd77ec931583c438e3a029590532a507e","sourceIndex":"143","avBlockList":["Avast Premium Security (20260219)","AVG Internet Security (20260219)","Avira Internet Security (20260219)","Bitdefender Internet Security (20260219)","ESET Internet Security (20260219)","G DATA INTERNET SECURITY (20260219)","K7 Total Security (20260219)","Malwarebytes Premium (20260219)","McAfee Total Protection (20260219)","Norton Security (20260219)","Panda Dome (20260219)","Quick Heal Internet Security (20260219)","Sophos Home Premium (20260219)","SpyHunter5 (20260219)","Total AV Antivirus Pro (20260219)","VIPRE Advanced Security (20260219)","VirIT eXplorer PRO (20260219)","Webroot SecureAnywhere (20260219)","Windows Defender (20260219)"],"avAllowList":["360 Total Security (20260219)","COMODO Antivirus (20260219)","Dr.Web Security Space (20260219)","FortectPremium (20260219)","KasperskyPremium (20260219)","Trend Micro Internet Security (20260219)"]},{"isRevoked":"False","fileName":"MysteriumDark.exe","companyName":"Mysterium Network","productName":"MysteriumDark","productVersion":"10.17.10.0","fileVersion":"10.17.10","hashMD5":"769550123f50aea79cd754aa062fc0de","hashSHA1":"2226a94da471567e7d8d27943ad9b08a794ed803","hashSHA256":"24649c58259b4010079250913c669b25170e5bce155c8378776fd6c21fe48be3","sourceIndex":"143","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Resrouce sharing","reference":"","landingPage":"https://www.mysteriumdark.com/downloads-dark","directDownloadingLink":"https://github.com/mysteriumnetwork/mysterium-vpn-desktop/releases/download/10.17.10/MysteriumDark-Setup-10.17.10.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://github.com/mysteriumnetwork/mysterium-vpn-desktop/releases/download/10.17.10/MysteriumDark-Setup-10.17.10.exe","sourceIndex":"143"}],"sampleFiles":["251125/MysteriumDark-251125/10.17.10/Samples/MysteriumDark-Setup-10.17.10.exe"],"imageFiles":["251125/MysteriumDark-251125/10.17.10/Images/ACR-042/ACR-042_Install_1.png","251125/MysteriumDark-251125/10.17.10/Images/ACR-042/ACR-042_Install_2.png","251125/MysteriumDark-251125/10.17.10/Images/ACR-007/ACR-007_Install_1.png","251125/MysteriumDark-251125/10.17.10/Images/ACR-084/ACR-084_Software_1.png","251125/MysteriumDark-251125/10.17.10/Images/ACR-048/ACR-048_Software_1.png","251125/MysteriumDark-251125/10.17.10/Images/ACR-118/ACR-118_Uninstall_1.png","251125/MysteriumDark-251125/10.17.10/Images/ACR-118/ACR-118_Uninstall_2.png","251125/MysteriumDark-251125/10.17.10/Images/ACR-118/ACR-118_Uninstall_3.png"],"nonDeceptorImageFiles":[],"guid":"ee406d96-cb43-4018-8a7f-5a34d9d77f1a_10.17.10_1","appID":"MysteriumDark-251125","dateAdded":"251125","deceptorType":"App","name":"MysteriumDark","company":"Mysterium Network","version":"10.17.10","lastKnownStatus":"10.17.10","lastKnownDate":"251125","type":"Windows Executable","category":"Personalization & Search","targetOS":"Windows 10,Windows 11","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"net proxy","lastUpdate":"2025-11-26T05:50:19.1551615+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":153},{"violations":{"ACR-043":" The app drops components of \"Bright data\" before user agrees and consents.\n\n","ACR-046":"The options are not conspicuous and the consumer gets to see \"Add Windows Firewall exception\" only when clicked on \"Installation Options\"\n","ACR-107":" The app installs \"The QT Company Ltd\", \"ffmpeg\" package and doesn't include the open source license or the source code or link to the source code. \n","ACR-048":"When the app is minimized, the app hides itself in tray instead of showing in task bar.\nThe app didn't provide any control to cancel the installation process.\n","ACR-007":"App does not obtain user consent to reduce the consumer's security posture caused by sharing resources.\n","ACR-084":"On quitting the app completely, one of the processes still runs in the background hiding the fact that it is active from the consumer. \n","ACR-085":"The app collects user behavior information without user consent\n\n","ACR-097":"During the install, the app prompts the user to exclude it from Windows Firewall Protection.\n","ACR-057":"Offers don't have a clear way for users to accept or decline as it is greyed out.\n","ACR-155":"The offer is inserted to masquerade as part of existing committed install workflow\n"},"nonDeceptorViolations":{"ACR-054":"The app does not provide equal prominence to the \"Accept\" and \"Decline\" options in the offer.\n"},"samples":[{"isRevoked":"False","fileName":"MediaGet_id2198544ids1s.exe","isInstaller":"True","companyName":"","productName":"","productVersion":"1.0","fileVersion":"1.0","hashMD5":"431f1e00552f2264118ab220289c5cc9","hashSHA1":"b93f36de43e121f3c1a8b058f0e4fe68737911cf","hashSHA256":"c014a89a52ce6df93b92c57813961e344f4860baf207b9ee92105abaca6cd47a","digitalCertThumbprint":"7B6E285393B4F4A57241D0AFD183649D83EFAB30","digitalCertIssuer":"thawte SHA256 Code Signing CA","digitalCertIssuedTo":"Global Microtrading PTE. LTD","storeId":"","sourceIndex":"1735","avBlockList":["Avast Premium Security (20240723)","AVG Internet Security (20240723)","Avira Internet Security (20240723)","Bitdefender Internet Security (20240723)","COMODO Antivirus (20240723)","Dr.Web Security Space (20240723)","ESET Internet Security (20240723)","G DATA INTERNET SECURITY (20240723)","K7 Total Security (20240723)","Kaspersky Internet Security (20240723)","Malwarebytes Premium (20240723)","McAfee Total Protection (20240723)","Norton Security (20240723)","Panda Dome (20240723)","Quick Heal Internet Security (20240723)","Sophos Home Premium (20240723)","SpyHunter5 (20240723)","Tencent PC Manager (20220125)","Total AV Antivirus Pro (20240723)","Trend Micro Internet Security (20240723)","VIPRE Advanced Security (20240723)","VirIT eXplorer PRO (20240723)","Webroot SecureAnywhere (20240723)","Windows Defender (20240723)","FortectPremium (20240723)"],"avAllowList":["360 Total Security (20240723)"]},{"isRevoked":"False","fileName":"C:\\Users\\User\\MediaGet2\\mediaget.exe","companyName":"","productName":"","productVersion":"","fileVersion":"","hashMD5":"47d4578388c5806d8ced2b69331d579f","hashSHA1":"8ae41b6bb8870f1b4eb688a09f3fb82a78b2fcf0","hashSHA256":"735937e257e2db23f27d12358b3a196e64ad973bad1191b235d9d0923c3d8044","digitalCertThumbprint":"7B6E285393B4F4A57241D0AFD183649D83EFAB30","digitalCertIssuer":"thawte SHA256 Code Signing CA","digitalCertIssuedTo":"Global Microtrading PTE. LTD","storeId":"","sourceIndex":"1735","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"MediaGet_id1444797ids1s.exe","isInstaller":"True","fileVersion":"1.0","hashMD5":"4a11a46a009d80a3e6ddeee370538bb6","hashSHA1":"f3f7c29e5a7644faefa984117f3c88224114439f","hashSHA256":"6f50e5d10daa1d04689dff4743f10f27d522e4aee7dfffec9b1c1dfd622cb4aa","digitalCertThumbprint":"A102DB570CF7D133AF4305B79184095923264668","digitalCertIssuer":"CN=thawte SHA256 Code Signing CA, O=\"thawte, Inc.\", C=US","digitalCertIssuedTo":"CN=GLOBAL MICROTRADING PTE. LTD., OU=IT, O=GLOBAL MICROTRADING PTE. LTD., L=Singapore, C=SG","sourceIndex":"1735","avBlockList":["Avast Premium Security (20220125)","AVG Internet Security (20220125)","Avira Internet Security (20220125)","Bitdefender Internet Security (20220125)","COMODO Antivirus (20220125)","Dr.Web Security Space (20220125)","ESET Internet Security (20220125)","G DATA INTERNET SECURITY (20220125)","K7 Total Security (20220125)","Kaspersky Internet Security (20220125)","Malwarebytes Premium (20220125)","McAfee Total Protection (20220125)","Norton Security (20220125)","Panda Dome (20220125)","Quick Heal Internet Security (20220125)","Sophos Home Premium (20220125)","SpyHunter5 (20220125)","Tencent PC Manager (20220125)","Total AV Antivirus Pro (20220125)","VIPRE Advanced Security (20220125)","VirIT eXplorer PRO (20220125)","Webroot SecureAnywhere (20220125)","Windows Defender (20220125)"],"avAllowList":["360 Total Security (20220125)","Trend Micro Internet Security (20220125)"]}],"additionalFiles":[],"sources":[{"howFound":"BrightData SDK bundler, opera offer, uTorrent client, ","reference":"","landingPage":"","directDownloadingLink":"https://www.malavida.com/en/soft/mediaget/download","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.malavida.com/en/soft/mediaget/download","sourceIndex":"1735"}],"sampleFiles":["220114/MediaGet2-220107/1.0/Samples/MediaGet_id2198544ids1s.exe","220114/MediaGet2-220107/1.0/Samples/mediaget.exe","220114/MediaGet2-220107/1.0/Samples/MediaGet_id1444797ids1s.exe"],"imageFiles":["220114/MediaGet2-220107/1.0/Images/ACR-085/ACR-085_Software.JPG","220114/MediaGet2-220107/1.0/Images/ACR-048/ACR-048_Software.mp4","220114/MediaGet2-220107/1.0/Images/ACR-043/ACR-043_Install.JPG","220114/MediaGet2-220107/1.0/Images/ACR-046/ACR-046_Install.JPG","220114/MediaGet2-220107/1.0/Images/ACR-046/ACR-046_Install_1.JPG","220114/MediaGet2-220107/1.0/Images/ACR-107/ACR-107_Install.JPG","220114/MediaGet2-220107/1.0/Images/ACR-107/ACR-107_Install_2.JPG","220114/MediaGet2-220107/1.0/Images/ACR-048/ACR-048_Install_No_Control.JPG","220114/MediaGet2-220107/1.0/Images/ACR-007/ACR-007_Install.JPG","220114/MediaGet2-220107/1.0/Images/ACR-084/ACR-084_Background_Process.JPG","220114/MediaGet2-220107/1.0/Images/ACR-097/ACR-097_Software.JPG","220114/MediaGet2-220107/1.0/Images/ACR-057/ACR-057_BundlerMadeOffers_No_Accept_Decline_Option.JPG","220114/MediaGet2-220107/1.0/Images/ACR-155/ACR-155_BundlerMadeOffers_MasquerededOffer.JPG"],"nonDeceptorImageFiles":["220114/MediaGet2-220107/1.0/Images/ACR-054/ACR-054_BundlerMadeOffers_No_EqualProminence.JPG"],"guid":"0a8d675f-91d2-4dc7-9368-038af45c0f0c_1.0_1","appID":"MediaGet2-220107","dateAdded":"251118","deceptorType":"Bundler","name":"MediaGet2","company":"GLOBAL MICROTRADING PTE. LTD","version":"1.0","sigName":"Deceptor:Win32/MediaGet2!085048043046107007084097057155","lastKnownStatus":"1.0","lastKnownDate":"251118","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 10,Windows 8,Windows 7,Windows Vista,Windows XP","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2025-11-18T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":3,"sortOrder":157},{"violations":{"ACR-004":"The app does not offer free fix, instead requires a paid subscription to address the issues reported. It also uses alarming colors (red & orange) and exclamation symbols to raise urgency and priority to the consumer.\n","ACR-118":"After uninstall, it retains some executables and its other components.\n","ACR-014":"The uninstall button is greyed out, making it appear disabled.\n","ACR-165":"The app doesn't provide the following information in the shopping cart: 1. Cancellation of Auto-renewal via online. 2. when the user receives a notification for renewal.\n"},"nonDeceptorViolations":{"ACR-065":"The User License Agreement link leads to the Terms Of Use  for the website rather than the EULA for software. The app's About page does not display links to the EULA and/or Terms of Service, Returns and Cancellation Policy, or Privacy Policy.\n"},"samples":[{"isRevoked":"False","fileName":"DLLFixerSetup_1111_2_0_4_76.exe","isInstaller":"True","companyName":"TECHVISTA Co., Ltd.","productName":"PcGoGo DLL Fixer","productVersion":"2.0.4.76","fileVersion":"2.0.4.76","hashMD5":"91511b11d2c06080fd9481d3dfa374a5","hashSHA1":"019e4a6b0eab5d4f9094776f7f12d1eb67cbb03f","hashSHA256":"e35f7ec640604db9d7869804ba3effa1f67fe83d8621d47a847a4c6868ed3f34","digitalCertThumbprint":"77DE2D3F676105EEC6D3E857B0DC528E8B64F852","digitalCertIssuer":"CN=GlobalSign GCC R45 EV CodeSigning CA 2020, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"CN=TechVista Company Limited, O=TechVista Company Limited, L=Yau Tsim Mong, S=Kowloon, C=HK, OID.1.3.6.1.4.1.311.60.2.1.3=HK, SERIALNUMBER=76926044, OID.2.5.4.15=Private Organization","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"145","avBlockList":["360 Total Security (20260205)","Avast Premium Security (20260205)","AVG Internet Security (20260205)","Avira Internet Security (20260205)","Bitdefender Internet Security (20260205)","FortectPremium (20260205)","G DATA INTERNET SECURITY (20260205)","K7 Total Security (20260205)","Malwarebytes Premium (20260205)","McAfee Total Protection (20260205)","Norton Security (20260205)","Panda Dome (20260205)","Quick Heal Internet Security (20260205)","Sophos Home Premium (20260205)","SpyHunter5 (20260205)","Total AV Antivirus Pro (20260205)","VIPRE Advanced Security (20260205)","VirIT eXplorer PRO (20260205)","Webroot SecureAnywhere (20260205)","Windows Defender (20260205)"],"avAllowList":["COMODO Antivirus (20260205)","Dr.Web Security Space (20260205)","ESET Internet Security (20260205)","KasperskyPremium (20260205)","Trend Micro Internet Security (20260205)"]},{"isRevoked":"False","fileName":"DllFixer.exe","companyName":"TECHVISTA Co., Ltd.","productName":"PcGoGo DLL Fixer","productVersion":"2.0.4.76","fileVersion":"2.0.4.76","hashMD5":"4496a8e092ac24df2fc9c5401d5fd5b0","hashSHA1":"a743830e36f0f06b3d553bd7ebc73e0f6eb5f8b1","hashSHA256":"49b564b625dd7a4bfa7605ecab603a0b2b2be9951dca478aacfb4ac72711d042","digitalCertThumbprint":"77DE2D3F676105EEC6D3E857B0DC528E8B64F852","digitalCertIssuer":"CN=GlobalSign GCC R45 EV CodeSigning CA 2020, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"CN=TechVista Company Limited, O=TechVista Company Limited, L=Yau Tsim Mong, S=Kowloon, C=HK, OID.1.3.6.1.4.1.311.60.2.1.3=HK, SERIALNUMBER=76926044, OID.2.5.4.15=Private Organization","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"145","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.search","reference":"","landingPage":"https://www.pcgogo.com/stardll","directDownloadingLink":"https://file1.pcgogo.com/soft_intl/DLLFixerSetup/2_0_4_76/DLLFixerSetup_1111_2_0_4_76.exe?_gl=1*1auvq2w*_gcl_au*MTEwMTcxOTIyNC4xNzYzMTU0Nzk4","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://file1.pcgogo.com/soft_intl/DLLFixerSetup/2_0_4_76/DLLFixerSetup_1111_2_0_4_76.exe?_gl=1*1auvq2w*_gcl_au*MTEwMTcxOTIyNC4xNzYzMTU0Nzk4","sourceIndex":"145"}],"sampleFiles":["251118/PcGoGoDLLFixer-251114/2.9.4.76/Samples/DLLFixerSetup_1111_2_0_4_76.exe","251118/PcGoGoDLLFixer-251114/2.9.4.76/Samples/DllFixer.exe"],"imageFiles":["251118/PcGoGoDLLFixer-251114/2.9.4.76/Images/ACR-004/ACR-004_Software_1.png","251118/PcGoGoDLLFixer-251114/2.9.4.76/Images/ACR-004/ACR-004_Software_2.png","251118/PcGoGoDLLFixer-251114/2.9.4.76/Images/ACR-004/ACR-004_Software_3.png","251118/PcGoGoDLLFixer-251114/2.9.4.76/Images/ACR-004/ACR-004_Software_4.png","251118/PcGoGoDLLFixer-251114/2.9.4.76/Images/ACR-004/ACR-004_Software_5.png","251118/PcGoGoDLLFixer-251114/2.9.4.76/Images/ACR-118/ACR-118_Uninstall_1.png","251118/PcGoGoDLLFixer-251114/2.9.4.76/Images/ACR-118/ACR-118_Uninstall_2.png","251118/PcGoGoDLLFixer-251114/2.9.4.76/Images/ACR-118/ACR-118_Uninstall_3.png","251118/PcGoGoDLLFixer-251114/2.9.4.76/Images/ACR-014/ACR-014_Uninstall_1.png","251118/PcGoGoDLLFixer-251114/2.9.4.76/Images/ACR-014/ACR-014_Uninstall_2.png","251118/PcGoGoDLLFixer-251114/2.9.4.76/Images/ACR-165/ACR-165_Internal offers_1.jpeg"],"nonDeceptorImageFiles":["251118/PcGoGoDLLFixer-251114/2.9.4.76/Images/ACR-065/ACR-065_Landing page_1.png","251118/PcGoGoDLLFixer-251114/2.9.4.76/Images/ACR-065/ACR-065_Landing page_2.png"],"guid":"b13b3a80-a5fd-4fad-898a-7eaa4456754c_2.9.4.76_1","appID":"PcGoGoDLLFixer-251114","dateAdded":"251118","deceptorType":"App","name":"PcGoGo DLL Fixer","company":"TECHVISTA Co., Ltd.","version":"2.9.4.76","lastKnownStatus":"2.9.4.76","lastKnownDate":"251118","type":"Windows Executable","lastUpdate":"2025-11-18T21:41:49.4545313+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":154},{"violations":{"ACR-046":"The options are not conspicuous and the consumer gets to see the \"Add Windows Firewall exception\" only when the \"Settings\" Option is clicked also, the decline option provided in the offers seems to be greyed out or hidden.\n","ACR-048":"User can't stop/cancel resource sharing when application exit (the resource sharing process keeps running in background)\nThe app didn't provide any control to cancel the installation process.\n","ACR-007":"The offer doesn't explicitly inform user about the reduction in security associated with its resource borrowing.\nApplication doesn't prompt the clear message to inform get consent from user about the reduction in security associated with its resource borrowing feature turn on. (when user check the hide ads in media and share device resource)\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software.\n","ACR-084":"The resource sharing process keeps running in background without notifying user when application close and exit. \n","ACR-085":"The app collects user behavior information without user consent\n\n","ACR-097":"During the install, the app prompts the user to exclude it from Windows Firewall Protection without giving reason or details\n","ACR-118":"Application leaves resource sharing components in system and keep its process running in background after it uninstallation completes.\n","ACR-057":"Offers don't have a clear way for users to accept or decline as it is greyed out.\n","ACR-053":"The app doesn’t allow the consumer to skip all offers at once.\n","ACR-059":"Offers that are not related to the main app are not marked as \"Optional Offer\".\n"},"nonDeceptorViolations":{"ACR-123":"Application did not remove itself from the firewall exception and the startup that was added/created during installation. And leave the resource sharing components in system and process running.\n","ACR-054":"The app does not provide equal prominence to the \"Accept\" and \"Decline\" options in the offer.\n"},"samples":[{"isRevoked":"False","fileName":"MediaGet_id2764411ids1s.exe","isInstaller":"True","productName":",\u0004\u0001ProductVersion","productVersion":"1.0","fileVersion":"1.0","hashMD5":"a849faf8565bb021a6c0572fa6814e6c","hashSHA1":"492df506e9abbac8b5d401667fe21221686ee3c9","hashSHA256":"8561a75684c49a954c4efd5f16a67dbe33db70355ac3aa7a4523f37f86e8ce43","digitalCertThumbprint":"9D89FED0AE39E69667052E8AF214520E135C3CE8","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Global Microtrading PTE. LTD, O=Global Microtrading PTE. LTD, L=Singapore, C=SG","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"144","avBlockList":["Avast Premium Security (20260129)","AVG Internet Security (20260129)","Avira Internet Security (20260129)","Bitdefender Internet Security (20260129)","COMODO Antivirus (20260129)","Dr.Web Security Space (20260129)","ESET Internet Security (20260129)","FortectPremium (20260129)","G DATA INTERNET SECURITY (20260129)","K7 Total Security (20260129)","KasperskyPremium (20260129)","Malwarebytes Premium (20260129)","McAfee Total Protection (20260129)","Norton Security (20260129)","Panda Dome (20260129)","Quick Heal Internet Security (20260129)","Sophos Home Premium (20260129)","SpyHunter5 (20260129)","Total AV Antivirus Pro (20260129)","Trend Micro Internet Security (20260129)","VIPRE Advanced Security (20260129)","VirIT eXplorer PRO (20260129)","Webroot SecureAnywhere (20260129)","Windows Defender (20260129)"],"avAllowList":["360 Total Security (20260129)"]},{"isRevoked":"False","fileName":"proxy-sdk.exe","productName":"proxy-sdk","productVersion":"$\u0002\u0001SpecialBuild","fileVersion":"4\n\u0001InternalName","hashMD5":"57e5e1fc437aacc0c0924e7c466387dd","hashSHA1":"5c0d8f4194d0b93cfaff2bcd65558f986e6f355b","hashSHA256":"a3b91ed400bd2115d9a21c57c150d0fa87db3a9680a7033e581a3ccdb1abd432","digitalCertThumbprint":"849DA21B7963CA4D7CC5F364051830456F21D85F","digitalCertIssuer":"CN=Sectigo Public Code Signing CA E36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=DATACOLLECT LIMITED, O=DATACOLLECT LIMITED, S=Hertfordshire, C=GB","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"144","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"neunative-m.exe","hashMD5":"88504d4dfaa260a8006b362056e0de86","hashSHA1":"de76aba202571739251b999754357094eadc4951","hashSHA256":"6f072380a22e49e878caa0428db57682c50ffdbb8c2fd0108f079b0f1d353c5e","digitalCertThumbprint":"9D89FED0AE39E69667052E8AF214520E135C3CE8","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Global Microtrading PTE. LTD, O=Global Microtrading PTE. LTD, L=Singapore, C=SG","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"144","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"neunative_setup.exe","companyName":"neunative                                                   ","productName":"neunative-m","productVersion":"2.0","hashMD5":"123a40d049595397c765a2ca1f4e4aea","hashSHA1":"62c117234f76b2ceb6d9515ed78f7e2053893046","hashSHA256":"23c485023d4a37a870b27f6eedf4c5bb925a8b54338a994f9e57c3268c8f645e","digitalCertThumbprint":"9D89FED0AE39E69667052E8AF214520E135C3CE8","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Global Microtrading PTE. LTD, O=Global Microtrading PTE. LTD, L=Singapore, C=SG","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"144","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"proxy-sdk%20setup.exe","companyName":"Datacollect Limited                                         ","productName":"proxy-sdk","productVersion":"111","hashMD5":"30c52dfba80dabdfa379315b30e26f4c","hashSHA1":"582b3b6639163699decf5ce00819f7488bba9515","hashSHA256":"9752d13cc4eda5baef131182f81c084584675bc2fbd64037bf65b1b3341524c1","digitalCertThumbprint":"849DA21B7963CA4D7CC5F364051830456F21D85F","digitalCertIssuer":"CN=Sectigo Public Code Signing CA E36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=DATACOLLECT LIMITED, O=DATACOLLECT LIMITED, S=Hertfordshire, C=GB","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"144","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"mediaget.exe","isInstaller":"True","productName":"MediaGet","productVersion":"2.6.12.626","fileVersion":"7.23.24.756","hashMD5":"5e383a9fbedd1ee3c7aef50503e0fc97","hashSHA1":"bc1c63a07a9c49ca4f4d857742945073e1edd3a5","hashSHA256":"a3aecf1c3aebdcbd21a8744979aadb81d8d6b19ea0f6e932b03d0cf1076d7a42","digitalCertThumbprint":"7A37E1D5546A7781D8FC077D6892CF5CF83A3D90","digitalCertIssuer":"CN=GlobalSign GCC R45 CodeSigning CA 2020, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"CN=RA DELTA LLC, O=RA DELTA LLC, L=Sergiyev Posad, S=Moscow Oblast, C=RU","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"144","avBlockList":["360 Total Security (20260203)","Avast Premium Security (20260203)","AVG Internet Security (20260203)","Avira Internet Security (20260203)","Bitdefender Internet Security (20260203)","COMODO Antivirus (20260203)","Dr.Web Security Space (20260203)","ESET Internet Security (20260203)","FortectPremium (20260203)","G DATA INTERNET SECURITY (20260203)","K7 Total Security (20260203)","KasperskyPremium (20260203)","Malwarebytes Premium (20260203)","McAfee Total Protection (20260203)","Norton Security (20260203)","Panda Dome (20260203)","Quick Heal Internet Security (20260203)","Sophos Home Premium (20260203)","SpyHunter5 (20260203)","Total AV Antivirus Pro (20260203)","Trend Micro Internet Security (20260203)","VIPRE Advanced Security (20260203)","VirIT eXplorer PRO (20260203)","Webroot SecureAnywhere (20260203)","Windows Defender (20260203)"],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"BrightData SDK bundler, opera offer, uTorrent client, ","reference":"","landingPage":"","directDownloadingLink":"https://www.malavida.com/en/soft/mediaget/download","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.malavida.com/en/soft/mediaget/download","sourceIndex":"144"}],"sampleFiles":["251118/MediaGet2-220107/1.0.0.0/Samples/MediaGet_id2764411ids1s.exe","251118/MediaGet2-220107/1.0.0.0/Samples/mediaget.exe"],"imageFiles":["251118/MediaGet2-220107/1.0.0.0/Images/ACR-085/ACR-085_Software_1.png","251118/MediaGet2-220107/1.0.0.0/Images/ACR-048/ACR-048_Software_1.png","251118/MediaGet2-220107/1.0.0.0/Images/ACR-048/ACR-048_Software_2.png","251118/MediaGet2-220107/1.0.0.0/Images/ACR-053/ACR-053.PNG","251118/MediaGet2-220107/1.0.0.0/Images/ACR-053/ACR-053_1.PNG","251118/MediaGet2-220107/1.0.0.0/Images/ACR-053/ACR-053_Install_1.png","251118/MediaGet2-220107/1.0.0.0/Images/ACR-053/ACR-053_Install_2.png","251118/MediaGet2-220107/1.0.0.0/Images/ACR-046/ACR-046.PNG","251118/MediaGet2-220107/1.0.0.0/Images/ACR-046/ACR-046_1.PNG","251118/MediaGet2-220107/1.0.0.0/Images/ACR-046/ACR-046_2.PNG","251118/MediaGet2-220107/1.0.0.0/Images/ACR-046/ACR-046_3.PNG","251118/MediaGet2-220107/1.0.0.0/Images/ACR-046/ACR-046_4.PNG","251118/MediaGet2-220107/1.0.0.0/Images/ACR-048/ACR-048.PNG","251118/MediaGet2-220107/1.0.0.0/Images/ACR-007/ACR-007_Install_1.png","251118/MediaGet2-220107/1.0.0.0/Images/ACR-084/ACR-084_Software_2.png","251118/MediaGet2-220107/1.0.0.0/Images/ACR-084/ACR-084_Software_3.png","251118/MediaGet2-220107/1.0.0.0/Images/ACR-097/ACR-097.PNG","251118/MediaGet2-220107/1.0.0.0/Images/ACR-097/ACR-097_1.PNG","251118/MediaGet2-220107/1.0.0.0/Images/ACR-007/ACR-007_Software_1.png","251118/MediaGet2-220107/1.0.0.0/Images/ACR-118/ACR-118_Uninstall_1.png","251118/MediaGet2-220107/1.0.0.0/Images/ACR-118/ACR-118_Uninstall_2.png","251118/MediaGet2-220107/1.0.0.0/Images/ACR-057/ACR-057.PNG","251118/MediaGet2-220107/1.0.0.0/Images/ACR-057/ACR-057_1.PNG","251118/MediaGet2-220107/1.0.0.0/Images/ACR-057/ACR-057_2.PNG","251118/MediaGet2-220107/1.0.0.0/Images/ACR-059/ACR-059.PNG","251118/MediaGet2-220107/1.0.0.0/Images/ACR-059/ACR-059_1.PNG","251118/MediaGet2-220107/1.0.0.0/Images/ACR-060/ACR-060.PNG","251118/MediaGet2-220107/1.0.0.0/Images/ACR-060/ACR-060_1.PNG"],"nonDeceptorImageFiles":["251118/MediaGet2-220107/1.0.0.0/Images/ACR-123/ACR-123.PNG","251118/MediaGet2-220107/1.0.0.0/Images/ACR-123/ACR-123_1.PNG","251118/MediaGet2-220107/1.0.0.0/Images/ACR-123/ACR-123_Uninstall_1.png","251118/MediaGet2-220107/1.0.0.0/Images/ACR-054/ACR-054.PNG","251118/MediaGet2-220107/1.0.0.0/Images/ACR-054/ACR-054_1.PNG"],"guid":"0a8d675f-91d2-4dc7-9368-038af45c0f0c_1.0.0.0_1","appID":"MediaGet2-220107","dateAdded":"251118","deceptorType":"Bundler","name":"MediaGet2","company":"GLOBAL MICROTRADING PTE. LTD","version":"1.0.0.0","lastKnownStatus":"1.0","lastKnownDate":"251118","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 10,Windows 8,Windows 7,Windows Vista,Windows XP,Windows 11","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid,net proxy,install offers","lastUpdate":"2025-11-18T23:26:40.2605913+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":3,"sortOrder":155},{"violations":{"ACR-046":"The options are not conspicuous and the consumer gets to see the \"Add Windows Firewall exception\" only when the \"Settings\" Option is clicked also, the decline option provided in the offers seems to be greyed out or hidden.\n","ACR-048":"The app didn't provide any control to cancel the installation process.\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software.\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software.\n","ACR-085":"The app collects user behavior information without user consent\n\n","ACR-097":"During the install, the app prompts the user to exclude it from Windows Firewall Protection without giving reason or details\n","ACR-057":"Offers don't have a clear way for users to accept or decline as it is greyed out.\n","ACR-053":"The app doesn’t allow the consumer to skip all offers at once.\n","ACR-059":"Offers that are not related to the main app are not marked as \"Optional Offer\".\n","ACR-155":"The offer is inserted to masquerade as part of existing committed install workflow\n"},"nonDeceptorViolations":{"ACR-123":"Even after a reboot and uninstall, the application did not remove itself from the firewall exception and the startup that was added/created during installation.\n\n","ACR-054":"The app does not provide equal prominence to the \"Accept\" and \"Decline\" options in the offer.\n"},"samples":[{"isRevoked":"False","fileName":"starsector_id4706737ids1s.exe","isInstaller":"True","companyName":"","productName":"","productVersion":"1.0","fileVersion":"1.0","hashMD5":"69897600293799cd8d06d8cd16081143","hashSHA1":"e052ff1b58329aa6871a41f63567ea9057a5ec47","hashSHA256":"f407bc3f5ff784a9b614d96ff56f99625b4fbd3f62bd00edd04c7a1cc36d88d1","digitalCertThumbprint":"9D89FED0AE39E69667052E8AF214520E135C3CE8","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Global Microtrading PTE. LTD","storeId":"","sourceIndex":"719","avBlockList":["Avast Premium Security (20251002)","AVG Internet Security (20251002)","Avira Internet Security (20251002)","Bitdefender Internet Security (20251002)","COMODO Antivirus (20251002)","Dr.Web Security Space (20251002)","ESET Internet Security (20251002)","G DATA INTERNET SECURITY (20251002)","K7 Total Security (20251002)","Kaspersky Internet Security (20240620)","Malwarebytes Premium (20251002)","McAfee Total Protection (20251002)","Norton Security (20251002)","Panda Dome (20251002)","Quick Heal Internet Security (20251002)","Sophos Home Premium (20251002)","SpyHunter5 (20251002)","Total AV Antivirus Pro (20251002)","VIPRE Advanced Security (20251002)","VirIT eXplorer PRO (20251002)","Webroot SecureAnywhere (20251002)","Windows Defender (20251002)","FortectPremium (20251002)","KasperskyPremium (20251002)"],"avAllowList":["360 Total Security (20251002)","Trend Micro Internet Security (20251002)"]},{"isRevoked":"False","fileName":"mediaget_installer_485.exe","isInstaller":"True","fileVersion":"1.0","hashMD5":"c6a8d4294c7fc378bc6c1996ad397b59","hashSHA1":"979f0e29b779eb0f81bdca0eb776f6cbec2480b4","hashSHA256":"0d7981c2707784d0c86f8484e5143008f827057318c5f9fae028d8bfe2fd2231","digitalCertThumbprint":"9D89FED0AE39E69667052E8AF214520E135C3CE8","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Global Microtrading PTE. LTD, O=Global Microtrading PTE. LTD, L=Singapore, C=SG","sourceIndex":"719","avBlockList":["Avast Premium Security (20251120)","AVG Internet Security (20251120)","Avira Internet Security (20251120)","Bitdefender Internet Security (20251120)","COMODO Antivirus (20251120)","Dr.Web Security Space (20251120)","ESET Internet Security (20251120)","FortectPremium (20251120)","G DATA INTERNET SECURITY (20251120)","K7 Total Security (20251120)","KasperskyPremium (20251120)","Malwarebytes Premium (20251120)","McAfee Total Protection (20251120)","Norton Security (20251120)","Panda Dome (20251120)","Quick Heal Internet Security (20251120)","Sophos Home Premium (20251120)","SpyHunter5 (20251120)","Total AV Antivirus Pro (20251120)","VIPRE Advanced Security (20251120)","VirIT eXplorer PRO (20251120)","Webroot SecureAnywhere (20251120)","Windows Defender (20251120)"],"avAllowList":["360 Total Security (20251120)","Trend Micro Internet Security (20251120)"]}],"additionalFiles":[],"sources":[{"howFound":"BrightData SDK bundler, opera offer, uTorrent client, ","reference":"","landingPage":"https://mediaget.com","directDownloadingLink":"https://mediaget.com/installer/mediaget_installer_484.exe?filename=starsector_id4706737ids1s.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://mediaget.com/installer/mediaget_installer_484.exe?filename=starsector_id4706737ids1s.exe","sourceIndex":"719"}],"sampleFiles":["240306/MediaGet2-220107/1.0.0/Samples/starsector_id4706737ids1s.exe","240306/MediaGet2-220107/1.0.0/Samples/mediaget_installer_485.exe"],"imageFiles":["240306/MediaGet2-220107/1.0.0/Images/ACR-085/ACR-085.PNG","240306/MediaGet2-220107/1.0.0/Images/ACR-053/ACR-053.PNG","240306/MediaGet2-220107/1.0.0/Images/ACR-053/ACR-053_1.PNG","240306/MediaGet2-220107/1.0.0/Images/ACR-053/ACR-053_2.PNG","240306/MediaGet2-220107/1.0.0/Images/ACR-046/ACR-046.PNG","240306/MediaGet2-220107/1.0.0/Images/ACR-046/ACR-046_1.PNG","240306/MediaGet2-220107/1.0.0/Images/ACR-046/ACR-046_2.PNG","240306/MediaGet2-220107/1.0.0/Images/ACR-046/ACR-046_3.PNG","240306/MediaGet2-220107/1.0.0/Images/ACR-046/ACR-046_4.PNG","240306/MediaGet2-220107/1.0.0/Images/ACR-048/ACR-048.PNG","240306/MediaGet2-220107/1.0.0/Images/ACR-097/ACR-097.PNG","240306/MediaGet2-220107/1.0.0/Images/ACR-097/ACR-097_1.PNG","240306/MediaGet2-220107/1.0.0/Images/ACR-057/ACR-057.PNG","240306/MediaGet2-220107/1.0.0/Images/ACR-057/ACR-057_1.PNG","240306/MediaGet2-220107/1.0.0/Images/ACR-057/ACR-057_2.PNG","240306/MediaGet2-220107/1.0.0/Images/ACR-059/ACR-059.PNG","240306/MediaGet2-220107/1.0.0/Images/ACR-059/ACR-059_1.PNG","240306/MediaGet2-220107/1.0.0/Images/ACR-059/ACR-059_2.PNG","240306/MediaGet2-220107/1.0.0/Images/ACR-155/ACR-155.PNG","240306/MediaGet2-220107/1.0.0/Images/ACR-155/ACR-155_1.PNG","240306/MediaGet2-220107/1.0.0/Images/ACR-155/ACR-155_2.PNG","240306/MediaGet2-220107/1.0.0/Images/ACR-013/ACR-013.PNG","240306/MediaGet2-220107/1.0.0/Images/ACR-013/ACR-013_1.PNG","240306/MediaGet2-220107/1.0.0/Images/ACR-013/ACR-013_2.PNG","240306/MediaGet2-220107/1.0.0/Images/ACR-060/ACR-060.PNG","240306/MediaGet2-220107/1.0.0/Images/ACR-060/ACR-060_1.PNG","240306/MediaGet2-220107/1.0.0/Images/ACR-060/ACR-060_2.PNG"],"nonDeceptorImageFiles":["240306/MediaGet2-220107/1.0.0/Images/ACR-123/ACR-123.PNG","240306/MediaGet2-220107/1.0.0/Images/ACR-123/ACR-123_1.PNG","240306/MediaGet2-220107/1.0.0/Images/ACR-054/ACR-054.PNG","240306/MediaGet2-220107/1.0.0/Images/ACR-054/ACR-054_1.PNG","240306/MediaGet2-220107/1.0.0/Images/ACR-054/ACR-054_2.PNG"],"guid":"0a8d675f-91d2-4dc7-9368-038af45c0f0c_1.0.0_1","appID":"MediaGet2-220107","dateAdded":"251118","deceptorType":"Bundler","name":"MediaGet2","company":"GLOBAL MICROTRADING PTE. LTD","version":"1.0.0","lastKnownStatus":"1.0","lastKnownDate":"251118","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 10,Windows 8,Windows 7,Windows Vista,Windows XP","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2025-11-18T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":3,"sortOrder":156},{"violations":{"ACR-048":"Application creates autostart entry and scheduled tasks without user awareness. And doesn't provide the control setting to disable autostart entry, scheduled tasks and background running processes.\n","ACR-007":"Application doesn't disclose the potential risks related with sharing network resource (IP/Bandwidth) by joining Mysterium node network. \n","ACR-084":"The process running in background without notifying user after user close the application.\n","ACR-118":"Application doesn't delete Mysterium node components after uninstallation completes. Application doesn't delete its auto start entry after uninstallation completes.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"kryptex-setup-5.2.21.exe","isInstaller":"True","companyName":"Kryptex","productName":"Kryptex","productVersion":"5.2.21","fileVersion":"5.2.21","hashMD5":"c9d016277463d08a971a1f7608f30b5a","hashSHA1":"a4cbe6032f6e29aecb0b5223319b79fdbb62189b","hashSHA256":"13bb712eeacc5438e2577100b900456c1aef2f1de93189a5a91292c777b7e272","digitalCertThumbprint":"C43BF342CBAB1D909BBB53A1CD061C16630CBAB2","digitalCertIssuer":"CN=Sectigo Public Code Signing CA R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=xBlock Ventures OÜ, O=xBlock Ventures OÜ, S=Harjumaa, C=EE","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"146","avBlockList":["360 Total Security (20260205)","Avast Premium Security (20260205)","AVG Internet Security (20260205)","Avira Internet Security (20260205)","Bitdefender Internet Security (20260205)","FortectPremium (20260205)","G DATA INTERNET SECURITY (20260205)","K7 Total Security (20260205)","KasperskyPremium (20260205)","Malwarebytes Premium (20260205)","McAfee Total Protection (20260205)","Norton Security (20260205)","Panda Dome (20260205)","Quick Heal Internet Security (20260205)","Sophos Home Premium (20260205)","SpyHunter5 (20260205)","Total AV Antivirus Pro (20260205)","VIPRE Advanced Security (20260205)","VirIT eXplorer PRO (20260205)","Webroot SecureAnywhere (20260205)"],"avAllowList":["COMODO Antivirus (20260205)","Dr.Web Security Space (20260205)","ESET Internet Security (20260205)","Trend Micro Internet Security (20260205)","Windows Defender (20260205)"]},{"isRevoked":"False","fileName":"kryptex-setup-latest-v5.exe","isInstaller":"True","companyName":"Kryptex","productName":"Kryptex","productVersion":"1.0.2.0","fileVersion":"1.0.2.0","hashMD5":"e2c8d3a49cd53c45bcdd2eb8d3cf0a7d","hashSHA1":"4722c2bc2b7a1ada57bd43b25ede80e7dba205e9","hashSHA256":"5363a1928a9a187ce5ed694fad32eea6b399e85d0aa2932536b986bae1b6518d","digitalCertThumbprint":"C43BF342CBAB1D909BBB53A1CD061C16630CBAB2","digitalCertIssuer":"CN=Sectigo Public Code Signing CA R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=xBlock Ventures OÜ, O=xBlock Ventures OÜ, S=Harjumaa, C=EE","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"146","avBlockList":["360 Total Security (20260212)","Avast Premium Security (20260212)","AVG Internet Security (20260212)","Avira Internet Security (20260212)","Bitdefender Internet Security (20260212)","COMODO Antivirus (20260212)","Dr.Web Security Space (20260212)","ESET Internet Security (20260212)","FortectPremium (20260212)","G DATA INTERNET SECURITY (20260212)","K7 Total Security (20260212)","McAfee Total Protection (20260212)","Norton Security (20260212)","Panda Dome (20260212)","Quick Heal Internet Security (20260212)","Sophos Home Premium (20260212)","SpyHunter5 (20260212)","Total AV Antivirus Pro (20260212)","VIPRE Advanced Security (20260212)","VirIT eXplorer PRO (20260212)","Webroot SecureAnywhere (20260212)"],"avAllowList":["KasperskyPremium (20260212)","Malwarebytes Premium (20260212)","Trend Micro Internet Security (20260212)","Windows Defender (20260212)"]},{"isRevoked":"False","fileName":"Kryptex.exe","companyName":"Kryptex","productName":"Kryptex","productVersion":"5.2.21.0","fileVersion":"5.2.21","hashMD5":"fed2ea76300da8d2b09d67b74f3d95a1","hashSHA1":"48fb6f06faa16fd20b4f5d7eee15190d2e38c2db","hashSHA256":"1ba49f9e59af45d8e75d13297a6a2109e4704cf802a9e55489a289ae0b72dafb","digitalCertThumbprint":"C43BF342CBAB1D909BBB53A1CD061C16630CBAB2","digitalCertIssuer":"CN=Sectigo Public Code Signing CA R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=xBlock Ventures OÜ, O=xBlock Ventures OÜ, S=Harjumaa, C=EE","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"146","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"KryptexService.exe","companyName":"Kryptex","productName":"Kryptex","productVersion":"5.2.21","fileVersion":"5.2.21.0","hashMD5":"46b95229e06002e3841e8ee953d22044","hashSHA1":"1be8067057145758023fb5902098cf536956ebd2","hashSHA256":"0ab41de90b96841a18d036b0b1c0e98cadd6c393a6d231a31b431237aa0a349b","digitalCertThumbprint":"C43BF342CBAB1D909BBB53A1CD061C16630CBAB2","digitalCertIssuer":"CN=Sectigo Public Code Signing CA R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=xBlock Ventures OÜ, O=xBlock Ventures OÜ, S=Harjumaa, C=EE","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"146","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"P2P VPN","reference":"","landingPage":"https://www.kryptex.com/en/","directDownloadingLink":"https://www.kryptex.com/download?source=landing_v5","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.kryptex.com/download?source=landing_v5","sourceIndex":"146"}],"sampleFiles":["251117/Kryptex-251116/5.2.21/Samples/kryptex-setup-5.2.21.exe","251117/Kryptex-251116/5.2.21/Samples/kryptex-setup-latest-v5.exe"],"imageFiles":["251117/Kryptex-251116/5.2.21/Images/ACR-007/ACR-007_Install_2.png","251117/Kryptex-251116/5.2.21/Images/ACR-007/ACR-007_Install_3.png","251117/Kryptex-251116/5.2.21/Images/ACR-007/ACR-007_Install_4.png","251117/Kryptex-251116/5.2.21/Images/ACR-084/ACR-084_Software_1.png","251117/Kryptex-251116/5.2.21/Images/ACR-048/ACR-048_Software_1.png","251117/Kryptex-251116/5.2.21/Images/ACR-048/ACR-048_Software_2.png","251117/Kryptex-251116/5.2.21/Images/ACR-048/ACR-048_Software_3.png","251117/Kryptex-251116/5.2.21/Images/ACR-118/ACR-118_Uninstall_1.png","251117/Kryptex-251116/5.2.21/Images/ACR-118/ACR-118_Uninstall_2.png","251117/Kryptex-251116/5.2.21/Images/ACR-118/ACR-118_Uninstall_3.png"],"nonDeceptorImageFiles":[],"guid":"1a5d0357-7440-4f59-858f-bf83a7dcb19c_5.2.21_1","appID":"Kryptex-251116","dateAdded":"251117","deceptorType":"App","name":"Kryptex","company":"Kryptex","version":"5.2.21","lastKnownStatus":"5.2.21","lastKnownDate":"251117","type":"Windows Executable","category":"Productivity","targetOS":"Windows 10,Windows 11","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"mining,net proxy","lastUpdate":"2025-11-17T23:06:41.7648814+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":158},{"violations":{"ACR-016":"Displayed ads lead to direct downloading and installation of the applications instead of redirecting to a landing page which would have allowed the user to make an informed decision whether to accept or decline the offer.\n","ACR-055":"The obvious accept/decline options are not provided for offers.\n","ACR-059":"The offers are not marked as option during installation offering time. There is no clear information about what the Alliance agreement for user, confusing users.\n"},"nonDeceptorViolations":{"ACR-099":"The application has no link to a webpage that shows how to uninstall the app.\n"},"samples":[{"isRevoked":"False","fileName":"DriverTalent_net_ostoto.exe","isInstaller":"True","companyName":"OSToto Co., Ltd.","productName":"Driver Talent","productVersion":"7, 0, 1, 8","fileVersion":"7, 0, 1, 8","hashMD5":"4e06dcfd0a4279408f5fdc2d0adf66a9","hashSHA1":"f799ec23a5c37b86c5098f13dd3e2e0abf37eb3f","hashSHA256":"95a29837cd549dfbfeb14f5790580229963fb93ed79abfffb84f57d80dfa01e5","digitalCertThumbprint":"1439D6BD763B63B3FCDA5393B1998A17EAA7898B","digitalCertIssuer":"CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O=\"VeriSign, Inc.\", C=US","digitalCertIssuedTo":"CN=OSTOTO CO. LIMITED, OU=International  DEPT, O=OSTOTO CO. LIMITED, L=HongKong, S=HongKong, C=HK","sourceIndex":"2530","avBlockList":["Avast Internet Security (20190218)","AVG Internet Security (20190218)","Avira Internet Security (20190218)","ESET Internet Security (20190218)","K7 Total Security (20190218)","Malwarebytes Premium (20190218)","Norton Security (20190218)","Panda Dome (20190218)","Sophos Home Premium (20190218)","VirIT eXplorer PRO (20190218)","Webroot SecureAnywhere (20190218)"],"avAllowList":["Bitdefender Internet Security (20190218)","G DATA INTERNET SECURITY (20190218)","Kaspersky Internet Security (20190218)","McAfee Total Protection (20190218)","Trend Micro Internet Security (20190218)","Windows Defender (20190218)"]},{"isRevoked":"False","fileName":"DriverTalent.exe","companyName":"OSToto Co., Ltd.","productName":"Driver Talent","productVersion":"7.0.1.8","fileVersion":"7.0.1.8","hashMD5":"ea3bd4db8365760e98a95027147784dc","hashSHA1":"bdca40d6c87d9e2b0678615d06c5903917391adc","hashSHA256":"d883984a811a26d58bb263602f9d7c2deef18fcf34c970903bce65932a7129d9","digitalCertThumbprint":"1439D6BD763B63B3FCDA5393B1998A17EAA7898B","digitalCertIssuer":"CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O=\"VeriSign, Inc.\", C=US","digitalCertIssuedTo":"CN=OSTOTO CO. LIMITED, OU=International  DEPT, O=OSTOTO CO. LIMITED, L=HongKong, S=HongKong, C=HK","sourceIndex":"2530","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.search","reference":"","landingPage":"http://www.ostoto.com/products/driver-talent-for-network-card.html","directDownloadingLink":"http://file.ostoto.com/download/20180327/DriverTalent_net_ostoto.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://file.ostoto.com/download/20180327/DriverTalent_net_ostoto.exe","sourceIndex":"2530"}],"sampleFiles":["181031/DriverTalent-181031/7.0.1.8/Samples/DriverTalent_net_ostoto.exe","181031/DriverTalent-181031/7.0.1.8/Samples/DriverTalent.exe"],"imageFiles":["181031/DriverTalent-181031/7.0.1.8/Images/ACR-055/avastOffer.PNG","181031/DriverTalent-181031/7.0.1.8/Images/ACR-055/OperaOffer.PNG","181031/DriverTalent-181031/7.0.1.8/Images/ACR-059/avastOffer.PNG","181031/DriverTalent-181031/7.0.1.8/Images/ACR-059/OperaOffer.PNG","181031/DriverTalent-181031/7.0.1.8/Images/ACR-016/ACR-016_software.mp4"],"nonDeceptorImageFiles":["181031/DriverTalent-181031/7.0.1.8/Images/ACR-099/ACR-099_software.JPG"],"guid":"64868de9-f11c-4ab1-ba42-1971a3b0ab74_7.0.1.8_1","appID":"DriverTalent-181031","dateAdded":"251113","deceptorType":"App","name":"Driver Talent","company":"OSToto Co., Ltd.","version":"7.0.1.8","sigName":"Deceptor:Win32/DriverTalent!016059055","firstResolvedVersion":"","lastKnownStatus":"7.0.1.8;8.0.10.58;8.1.9.20;10.0.23.74;10.0.31.86","lastKnownDate":"251113","type":"Windows Executable","targetOS":"Windows XP,Windows Vista,Windows 8,Windows 7,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid,cross-sell other apps","lastUpdate":"2025-11-13T00:00:00+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":5,"sortOrder":163},{"violations":{"ACR-004":"The app uses alarming colors with exclamation symbol to raise urgency and priority to the consumer. It does not provide fix to free scanned cleanable items at cleanup and displays C Drive is full when only 43% of the drive is used, misleading user to take action. \n\n"},"nonDeceptorViolations":{"ACR-045":"\"Free Download\" highlights \"Free\" misleads users. The functionality that requires consumer payment in order to be activated needs to be marked clearly in the landing page. Otherwise, the app should remove the \"free\" word.\n\n\"Free Download\" highlights \"Free\" misleads users. The functionality that requires consumer payment in order to be activated needs to be marked clearly in the landing page. Otherwise, the app should remove the \"free\" word.\n\n","ACR-065":"The app needs to disclose the Privacy Policy during installation.\n\n","ACR-099":"The app does not disclose uninstall info in the app's about page.\nThe app does not disclose uninstall info in the landing page.\n"},"samples":[{"isRevoked":"False","fileName":"DriverTalent.exe","companyName":"OSToto Co. , Ltd.","fileVersion":"8.1","hashMD5":"52b796b868cbebb712a205aa2d39c461","hashSHA1":"75eecb68a9b12bcc711f9f50d26d4216df828fa8","hashSHA256":"2c09539803c3789392f761134cb46deac9cc61870e5a3f3e5b91a102ae032744","digitalCertThumbprint":"E13DF38FA38154C0F55353A1AB0FD5411C6D19E3","digitalCertIssuer":"CN=DigiCert Assured ID Code Signing CA-1, OU=www.digicert.com, O=DigiCert Inc, C=US","digitalCertIssuedTo":"CN=Shenzhen DriveTheLife Software Technology Co.Ltd, O=Shenzhen DriveTheLife Software Technology Co.Ltd, L=Shenzhen, S=Guangdong Province, C=CN","sourceIndex":"1058","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"DriverTalent_ostoto_setup_8_1_9.20.exe","isInstaller":"True","companyName":"OSToto Co., Ltd.","fileVersion":"8.1","hashMD5":"7c3dc80884f2f6789c9dcf1370c4e0b7","hashSHA1":"eb3d375d1e8d5e2973b61fd913ae08de684fa19d","hashSHA256":"4079ffd156ed938495ee49f742baceb13576bb748664c5da1b4c88562ecb14e0","digitalCertThumbprint":"E13DF38FA38154C0F55353A1AB0FD5411C6D19E3","digitalCertIssuer":"CN=DigiCert Assured ID Code Signing CA-1, OU=www.digicert.com, O=DigiCert Inc, C=US","digitalCertIssuedTo":"CN=Shenzhen DriveTheLife Software Technology Co.Ltd, O=Shenzhen DriveTheLife Software Technology Co.Ltd, L=Shenzhen, S=Guangdong Province, C=CN","sourceIndex":"1058","avBlockList":["360 Total Security (20230829)","Avast Premium Security (20230829)","AVG Internet Security (20230829)","Avira Internet Security (20230829)","Bitdefender Internet Security (20230829)","ESET Internet Security (20230829)","K7 Total Security (20230829)","Malwarebytes Premium (20230829)","McAfee Total Protection (20230829)","Norton Security (20230829)","Panda Dome (20230829)","Quick Heal Internet Security (20230829)","Sophos Home Premium (20230829)","SpyHunter5 (20230829)","Total AV Antivirus Pro (20230829)","VIPRE Advanced Security (20230829)","VirIT eXplorer PRO (20230829)","Webroot SecureAnywhere (20230829)"],"avAllowList":["COMODO Antivirus (20230829)","Dr.Web Security Space (20230829)","G DATA INTERNET SECURITY (20230829)","Kaspersky Internet Security (20230829)","Trend Micro Internet Security (20230829)","Windows Defender (20230829)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.search","reference":"","landingPage":"https://www.drivethelife.com/","directDownloadingLink":"https://www.drivethelife.com/thankspage/Driver%20Talent.html?d=https://www.drivethelife.com/download/driver-talent.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.drivethelife.com/thankspage/Driver%20Talent.html?d=https://www.drivethelife.com/download/driver-talent.exe","sourceIndex":"1058"}],"sampleFiles":["230606/DriverTalent-181031/8.1.9.20/Samples/DriverTalent.exe","230606/DriverTalent-181031/8.1.9.20/Samples/DriverTalent_ostoto_setup_8_1_9.20.exe"],"imageFiles":["230606/DriverTalent-181031/8.1.9.20/Images/ACR-004/ACR-004_NotBackedUp.png","230606/DriverTalent-181031/8.1.9.20/Images/ACR-004/ACR-004.png"],"nonDeceptorImageFiles":["230606/DriverTalent-181031/8.1.9.20/Images/ACR-045/DT_Free.png","230606/DriverTalent-181031/8.1.9.20/Images/ACR-045/DT_Upgrade.png","230606/DriverTalent-181031/8.1.9.20/Images/ACR-045/DT_Free.png","230606/DriverTalent-181031/8.1.9.20/Images/ACR-065/NoLinktoPP.png","230606/DriverTalent-181031/8.1.9.20/Images/ACR-099/DriverTalent+AboutUs.jpg","230606/DriverTalent-181031/8.1.9.20/Images/ACR-099/DriverTalent_HowTo.jpeg","230606/DriverTalent-181031/8.1.9.20/Images/ACR-099/LP_NoUninstallLink.png"],"guid":"64868de9-f11c-4ab1-ba42-1971a3b0ab74_8.1.9.20_1","appID":"DriverTalent-181031","dateAdded":"251113","deceptorType":"App","name":"Driver Talent","company":"OSToto Co., Ltd.","version":"8.1.9.20","firstResolvedVersion":"","lastKnownStatus":"7.0.1.8;8.0.10.58;8.1.9.20;10.0.23.74;10.0.31.86","lastKnownDate":"251113","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 8,Windows 7,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"paid,up-sell to paid,cross-sell other apps","lastUpdate":"2025-11-13T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":5,"sortOrder":161},{"violations":{"ACR-004":"The app uses alarming colors with exclamation symbol to raise urgency and priority to the consumer for cleanup. It does not provide fix to free scanned cleanable items and displays C Drive is full when only 35% of the drive is used, misleading user to take action. \n\n"},"nonDeceptorViolations":{"ACR-045":"\"Free Download\" highlights \"Free\" misleads users. The functionality that requires consumer payment in order to be activated needs to be marked clearly in the landing page. Otherwise, the app should remove the \"free\" word.\n\n\"Free Download\" highlights \"Free\" misleads users. The functionality that requires consumer payment in order to be activated needs to be marked clearly in the landing page. Otherwise, the app should remove the \"free\" word.\n\n","ACR-065":"The app needs to disclose the Privacy Policy during installation.\n\n","ACR-099":"The app does not disclose uninstall info in the app's about page.\nThe app does not disclose uninstall info in the landing page.\n","ACR-167":"The app does not offer a 30-day refund policy.\n"},"samples":[{"isRevoked":"False","fileName":"DriverTalent.exe","companyName":"OSToto Co., Ltd.","productName":"Driver Talent","fileVersion":"8.0.10.58","hashMD5":"6e1d4b441b307b72e2652b67ad23c53c","hashSHA1":"158ec31580b50e423d94c27b6789f48f429d1f8e","hashSHA256":"dcbd71b4c0c0ba38e03435af2ec566db15d533d6b5bd95f78f159db94ad4e1c7","digitalCertThumbprint":"E13DF38FA38154C0F55353A1AB0FD5411C6D19E3","digitalCertIssuer":"CN=DigiCert Assured ID Code Signing CA-1, OU=www.digicert.com, O=DigiCert Inc, C=US","digitalCertIssuedTo":"CN=Shenzhen DriveTheLife Software Technology Co.Ltd, O=Shenzhen DriveTheLife Software Technology Co.Ltd, L=Shenzhen, S=Guangdong Province, C=CN","sourceIndex":"1434","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"DriverTalent_setup_8.0.10.58.exe","isInstaller":"True","companyName":"OSToto Co., Ltd.","productName":"Driver Talent","fileVersion":"8.0.10.58","hashMD5":"5a66fd4bff264e8bfec4c0cd6d8c74af","hashSHA1":"c18ec9bf7ce46ebdd51dc6dc42f0e3fb811c5b75","hashSHA256":"1f72a6392fdf3b5d30ad6465b300af5c95f7f9e314be9af7c3562c670f157570","digitalCertThumbprint":"E13DF38FA38154C0F55353A1AB0FD5411C6D19E3","digitalCertIssuer":"CN=DigiCert Assured ID Code Signing CA-1, OU=www.digicert.com, O=DigiCert Inc, C=US","digitalCertIssuedTo":"CN=Shenzhen DriveTheLife Software Technology Co.Ltd, O=Shenzhen DriveTheLife Software Technology Co.Ltd, L=Shenzhen, S=Guangdong Province, C=CN","sourceIndex":"1434","avBlockList":["360 Total Security (20220920)","Avast Premium Security (20220920)","AVG Internet Security (20220920)","Avira Internet Security (20220920)","Bitdefender Internet Security (20220920)","COMODO Antivirus (20220920)","ESET Internet Security (20220920)","K7 Total Security (20220920)","McAfee Total Protection (20220920)","Norton Security (20220920)","Panda Dome (20220920)","Quick Heal Internet Security (20220920)","Sophos Home Premium (20220920)","SpyHunter5 (20220920)","Total AV Antivirus Pro (20220920)","VIPRE Advanced Security (20220920)","VirIT eXplorer PRO (20220920)","Webroot SecureAnywhere (20220920)","Windows Defender (20220920)"],"avAllowList":["Dr.Web Security Space (20220920)","G DATA INTERNET SECURITY (20220920)","Kaspersky Internet Security (20220920)","Malwarebytes Premium (20220920)","Trend Micro Internet Security (20220920)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.search","reference":"","landingPage":"http://www.ostoto.com/products/driver-talent-for-network-card.html","directDownloadingLink":"http://file.ostoto.com/download/20180327/DriverTalent_net_ostoto.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://file.ostoto.com/download/20180327/DriverTalent_net_ostoto.exe","sourceIndex":"1434"},{"howFound":"Hunt.search","reference":"","landingPage":"https://www.drivethelife.com/","directDownloadingLink":"https://www.drivethelife.com/download/driver-talent.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.drivethelife.com/download/driver-talent.exe","sourceIndex":"1435"}],"sampleFiles":["220908/DriverTalent-181031/8.0.10.58/Samples/DriverTalent.exe","220908/DriverTalent-181031/8.0.10.58/Samples/DriverTalent_setup_8.0.10.58.exe"],"imageFiles":["220908/DriverTalent-181031/8.0.10.58/Images/ACR-004/ACR-004_Alert_Exaggeration.jpg"],"nonDeceptorImageFiles":["220908/DriverTalent-181031/8.0.10.58/Images/ACR-045/ACR-045_Free_Word_LandingPage.jpg","220908/DriverTalent-181031/8.0.10.58/Images/ACR-045/ACR-045_Software.jpg","220908/DriverTalent-181031/8.0.10.58/Images/ACR-045/ACR-045_Free_Word_LandingPage.jpg","220908/DriverTalent-181031/8.0.10.58/Images/ACR-065/ACR-065_PrivacyPolicy_Installation.jpg","220908/DriverTalent-181031/8.0.10.58/Images/ACR-099/ACR-099_Uninstall_Software.jpg","220908/DriverTalent-181031/8.0.10.58/Images/ACR-099/ACR-099_Uninstall_LandingPage.jpg","220908/DriverTalent-181031/8.0.10.58/Images/ACR-099/ACR-099_DriverTalent_LandingPage.png","220908/DriverTalent-181031/8.0.10.58/Images/ACR-167/DriverTalent_OfferPage_ReturnPolicy.jpg"],"guid":"64868de9-f11c-4ab1-ba42-1971a3b0ab74_8.0.10.58_1","appID":"DriverTalent-181031","dateAdded":"251113","deceptorType":"App","name":"Driver Talent","company":"OSToto Co., Ltd.","version":"8.0.10.58","firstResolvedVersion":"","lastKnownStatus":"7.0.1.8;8.0.10.58;8.1.9.20;10.0.23.74;10.0.31.86","lastKnownDate":"251113","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 8,Windows 7,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"paid,up-sell to paid,cross-sell other apps","lastUpdate":"2025-11-13T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":5,"sortOrder":162},{"violations":{"ACR-109":"Offers are s automatically downloaded and installed with a single click, without obtaining the user’s consent.\n","ACR-004":"The app uses alarming colors and exclamation symbols to raise urgency and priority to the consumer and does not provide fix to free scanned cleanable items.  It differentiates issues using traffic light colors. Additionally, it displays message “Driver issue detected - urgent fix needed!” in red text, which cause misleading sense of urgency.\n","ACR-060":"The app must disclose the provider of any unrelated offers if they come from a third party.\n","ACR-084":"The application process running in background silently without notifying user about its running when application is closed and minimized to systray.  \n","ACR-118":"After uninstall, it retains some executables and its other components.\n","ACR-014":"The app claims that Driver Updates and Driver Restore are included in the Free Trial, but these features don’t appear to work or provide any fixes.\n","ACR-059":"The offered app is not clearly labeled as optional and is not recognizable as an offer.\n","ACR-165":"The app doesn't provide the following information in the shopping cart: 1. Cancellation of Auto-renewal via online. 2. when the user receives a notification for renewal.\n"},"nonDeceptorViolations":{"ACR-045":"\"Free Download\" highlights \"Free\" misleads users. The functionality that requires consumer payment in order to be activated needs to be marked clearly in the landing page. Otherwise, the app should remove the \"free\" word.\n\n"},"samples":[{"isRevoked":"False","fileName":"DriverTalent_2222_10_0_31_86.exe","isInstaller":"True","companyName":"OSToto Co. , Ltd.","productName":"DriverTalentX","productVersion":"10.0.31.86","fileVersion":"10.0.31.86","hashMD5":"731c772d5e1f63eb439d6b1857e7595e","hashSHA1":"7d947db65e5c2934946199bb7573062d68af3690","hashSHA256":"241bc4103ef305c1e163e9c20e5a50197bb59a09538a06814ba5a526fa0e4907","digitalCertThumbprint":"C6B656C5145D01775F829520873B806370B9F9E2","digitalCertIssuer":"CN=GlobalSign GCC R45 EV CodeSigning CA 2020, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"CN=\"OSTOTO CO., LIMITED\", O=\"OSTOTO CO., LIMITED\", L=Sham Shui Po, S=Kowloon, C=HK, OID.1.3.6.1.4.1.311.60.2.1.3=HK, SERIALNUMBER=65731523, OID.2.5.4.15=Private Organization","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"147","avBlockList":["360 Total Security (20260205)","Avast Premium Security (20260205)","AVG Internet Security (20260205)","Avira Internet Security (20260205)","Bitdefender Internet Security (20260205)","Dr.Web Security Space (20260205)","ESET Internet Security (20260205)","G DATA INTERNET SECURITY (20260205)","K7 Total Security (20260205)","KasperskyPremium (20260205)","Malwarebytes Premium (20260205)","McAfee Total Protection (20260205)","Norton Security (20260205)","Panda Dome (20260205)","Quick Heal Internet Security (20260205)","Sophos Home Premium (20260205)","SpyHunter5 (20260205)","Total AV Antivirus Pro (20260205)","VIPRE Advanced Security (20260205)","VirIT eXplorer PRO (20260205)","Webroot SecureAnywhere (20260205)","Windows Defender (20260205)"],"avAllowList":["COMODO Antivirus (20260205)","FortectPremium (20260205)","Trend Micro Internet Security (20260205)"]},{"isRevoked":"False","fileName":"DriverTalentXWebSetup_b2222b%20(1).exe","isInstaller":"True","companyName":"OSToto Co. , Ltd.","productName":"DriverTalentX","productVersion":"1.0.0.16","fileVersion":"1.0.0.16","hashMD5":"da37771b8ad070a5afb2cee5a8a499d1","hashSHA1":"d7e75a7cdeb2e2e6926550f3cdea87dfa9d7f70f","hashSHA256":"95de54ce74d8ad7343c2c2838e143c82b251783067832110193854ca4b9f9293","digitalCertThumbprint":"C6B656C5145D01775F829520873B806370B9F9E2","digitalCertIssuer":"CN=GlobalSign GCC R45 EV CodeSigning CA 2020, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"CN=\"OSTOTO CO., LIMITED\", O=\"OSTOTO CO., LIMITED\", L=Sham Shui Po, S=Kowloon, C=HK, OID.1.3.6.1.4.1.311.60.2.1.3=HK, SERIALNUMBER=65731523, OID.2.5.4.15=Private Organization","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"147","avBlockList":["360 Total Security (20260129)","Avast Premium Security (20260129)","AVG Internet Security (20260129)","Avira Internet Security (20260129)","Bitdefender Internet Security (20260129)","Dr.Web Security Space (20260129)","ESET Internet Security (20260129)","FortectPremium (20260129)","G DATA INTERNET SECURITY (20260129)","K7 Total Security (20260129)","KasperskyPremium (20260129)","Malwarebytes Premium (20260129)","McAfee Total Protection (20260129)","Norton Security (20260129)","Panda Dome (20260129)","Quick Heal Internet Security (20260129)","Sophos Home Premium (20260129)","SpyHunter5 (20260129)","Total AV Antivirus Pro (20260129)","VIPRE Advanced Security (20260129)","VirIT eXplorer PRO (20260129)","Webroot SecureAnywhere (20260129)","Windows Defender (20260129)"],"avAllowList":["COMODO Antivirus (20260129)","Trend Micro Internet Security (20260129)"]},{"isRevoked":"False","fileName":"DriverTalentX.exe","companyName":"OSToto Co. , Ltd.","productName":"DriverTalentX","productVersion":"10.0.31.86","fileVersion":"10.0.31.86","hashMD5":"0d7e2eacff9e93ef81a5894d9362dc3a","hashSHA1":"1e8d4726775b7d602719ef48f096d5b44092871a","hashSHA256":"dbd97065c5f20507b792cb4fd89f2a80c7f9cd7fea7c12407d4fd0c2dfeb0a54","digitalCertThumbprint":"C6B656C5145D01775F829520873B806370B9F9E2","digitalCertIssuer":"CN=GlobalSign GCC R45 EV CodeSigning CA 2020, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"CN=\"OSTOTO CO., LIMITED\", O=\"OSTOTO CO., LIMITED\", L=Sham Shui Po, S=Kowloon, C=HK, OID.1.3.6.1.4.1.311.60.2.1.3=HK, SERIALNUMBER=65731523, OID.2.5.4.15=Private Organization","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"147","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.search","reference":"","landingPage":"https://www.drivertalent.com/","directDownloadingLink":"https://file1.drivertalent.com/soft_intl/DriverTalent/Web/DriverTalentXWebSetup_b2222b.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://file1.drivertalent.com/soft_intl/DriverTalent/Web/DriverTalentXWebSetup_b2222b.exe","sourceIndex":"147"}],"sampleFiles":["251113/DriverTalent-181031/10.0.31.86/Samples/DriverTalent_2222_10_0_31_86.exe","251113/DriverTalent-181031/10.0.31.86/Samples/DriverTalentXWebSetup_b2222b%20(1).exe","251113/DriverTalent-181031/10.0.31.86/Samples/DriverTalentX.exe"],"imageFiles":["251113/DriverTalent-181031/10.0.31.86/Images/ACR-109/ACR-109_Install_1.png","251113/DriverTalent-181031/10.0.31.86/Images/ACR-014/ACR-014_Software_1.png","251113/DriverTalent-181031/10.0.31.86/Images/ACR-014/ACR-014_Software_2.png","251113/DriverTalent-181031/10.0.31.86/Images/ACR-014/ACR-014_Software_3.png","251113/DriverTalent-181031/10.0.31.86/Images/ACR-004/ACR-004_Software_1.png","251113/DriverTalent-181031/10.0.31.86/Images/ACR-004/ACR-004_Software_2.png","251113/DriverTalent-181031/10.0.31.86/Images/ACR-004/ACR-004_Software_3.png","251113/DriverTalent-181031/10.0.31.86/Images/ACR-004/ACR-004_Software_4.png","251113/DriverTalent-181031/10.0.31.86/Images/ACR-084/ACR-084_Software_1.png","251113/DriverTalent-181031/10.0.31.86/Images/ACR-118/ACR-118_Uninstall_1.png","251113/DriverTalent-181031/10.0.31.86/Images/ACR-118/ACR-118_Uninstall_2.png","251113/DriverTalent-181031/10.0.31.86/Images/ACR-118/ACR-118_Uninstall_3.png","251113/DriverTalent-181031/10.0.31.86/Images/ACR-059/ACR-059_Inline offers_1.png","251113/DriverTalent-181031/10.0.31.86/Images/ACR-165/ACR-165_Internal offers_1.png","251113/DriverTalent-181031/10.0.31.86/Images/ACR-060/ACR-060_Inline offers_1.png","251113/DriverTalent-181031/10.0.31.86/Images/ACR-060/ACR-060_Inline offers_2.png"],"nonDeceptorImageFiles":["251113/DriverTalent-181031/10.0.31.86/Images/ACR-045/ACR-045_Landing page_1.png"],"guid":"64868de9-f11c-4ab1-ba42-1971a3b0ab74_10.0.31.86_1","appID":"DriverTalent-181031","dateAdded":"251113","deceptorType":"App","name":"Driver Talent","company":"OSToto Co., Ltd.","version":"10.0.31.86","firstResolvedVersion":"","lastKnownStatus":"7.0.1.8;8.0.10.58;8.1.9.20;10.0.23.74;10.0.31.86","lastKnownDate":"251113","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 8,Windows 7,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"paid,up-sell to paid,cross-sell other apps","lastUpdate":"2025-11-13T17:29:51.6097237+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":5,"sortOrder":159},{"violations":{"ACR-004":"The app uses alarming colors with exclamation symbol to raise urgency and priority to the consumer. It does not provide fix to free scanned cleanable items. \n","ACR-084":"The application process running in background silently without notifying user about its running when application is closed and minimized to systray.  \n"},"nonDeceptorViolations":{"ACR-045":"\"Free Download\" highlights \"Free\" misleads users. The functionality that requires consumer payment in order to be activated needs to be marked clearly in the landing page. Otherwise, the app should remove the \"free\" word.\n\n"},"samples":[{"isRevoked":"False","fileName":"DriverTalent_2222_10_0_23_74.exe","isInstaller":"True","companyName":"OSToto Co. , Ltd.","productName":"DriverTalentX","productVersion":"10.0.23.74","fileVersion":"10.0.23.74","hashMD5":"86984bb56b34d2fa777840cd252260e0","hashSHA1":"29bb32f7cca69d497e83105e0d955f88416a19e1","hashSHA256":"4b951ced7193d4051015374aa868345c9c9fa1750e0b3039e1fc564f7097c746","digitalCertThumbprint":"C6B656C5145D01775F829520873B806370B9F9E2","digitalCertIssuer":"CN=GlobalSign GCC R45 EV CodeSigning CA 2020, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"CN=\"OSTOTO CO., LIMITED\", O=\"OSTOTO CO., LIMITED\", L=Sham Shui Po, S=Kowloon, C=HK, OID.1.3.6.1.4.1.311.60.2.1.3=HK, SERIALNUMBER=65731523, OID.2.5.4.15=Private Organization","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"178","avBlockList":["360 Total Security (20251111)","Avast Premium Security (20251111)","AVG Internet Security (20251111)","Avira Internet Security (20251111)","Bitdefender Internet Security (20251111)","Dr.Web Security Space (20251111)","ESET Internet Security (20251111)","FortectPremium (20251111)","G DATA INTERNET SECURITY (20251111)","K7 Total Security (20251111)","Malwarebytes Premium (20251111)","McAfee Total Protection (20251111)","Norton Security (20251111)","Panda Dome (20251111)","Quick Heal Internet Security (20251111)","Sophos Home Premium (20251111)","SpyHunter5 (20251111)","Total AV Antivirus Pro (20251111)","VIPRE Advanced Security (20251111)","VirIT eXplorer PRO (20251111)","Webroot SecureAnywhere (20251111)","Windows Defender (20251111)"],"avAllowList":["COMODO Antivirus (20251111)","KasperskyPremium (20251111)","Trend Micro Internet Security (20251111)"]},{"isRevoked":"False","fileName":"DriverTalentXWebSetup_b2222b.exe","isInstaller":"True","companyName":"OSToto Co. , Ltd.","productName":"DriverTalentX","productVersion":"1.0.0.12","fileVersion":"1.0.0.12","hashMD5":"d0de2ab20d4249e7d260efbf1add0468","hashSHA1":"585dec424eb95f21aa35605adca9d38bc59db847","hashSHA256":"9776e72dcaa57a182495fda0a82547bec869fb63363ea20681fe6c991ac0a1e6","digitalCertThumbprint":"C6B656C5145D01775F829520873B806370B9F9E2","digitalCertIssuer":"CN=GlobalSign GCC R45 EV CodeSigning CA 2020, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"CN=\"OSTOTO CO., LIMITED\", O=\"OSTOTO CO., LIMITED\", L=Sham Shui Po, S=Kowloon, C=HK, OID.1.3.6.1.4.1.311.60.2.1.3=HK, SERIALNUMBER=65731523, OID.2.5.4.15=Private Organization","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"178","avBlockList":["360 Total Security (20251106)","Bitdefender Internet Security (20251106)","COMODO Antivirus (20251106)","Dr.Web Security Space (20251106)","ESET Internet Security (20251106)","FortectPremium (20251106)","G DATA INTERNET SECURITY (20251106)","K7 Total Security (20251106)","Malwarebytes Premium (20251106)","McAfee Total Protection (20251106)","Panda Dome (20251106)","Quick Heal Internet Security (20251106)","Sophos Home Premium (20251106)","SpyHunter5 (20251106)","Total AV Antivirus Pro (20251106)","Trend Micro Internet Security (20251106)","VIPRE Advanced Security (20251106)","VirIT eXplorer PRO (20251106)","Webroot SecureAnywhere (20251106)","Windows Defender (20251106)"],"avAllowList":["Avast Premium Security (20251106)","AVG Internet Security (20251106)","Avira Internet Security (20251106)","KasperskyPremium (20251106)","Norton Security (20251106)"]},{"isRevoked":"False","fileName":"DriverTalentX.exe","companyName":"OSToto Co. , Ltd.","productName":"DriverTalentX","productVersion":"10.0.23.74","fileVersion":"10.0.23.74","hashMD5":"be7e78968863b6a2069444de77d0b6eb","hashSHA1":"79c1368d38ff3fe980b9b0a6034189482ed5a446","hashSHA256":"b40fa196570c251cc1c1e15d9051506f4cde7fdc6302cb5ece9866f74ced4bd7","digitalCertThumbprint":"C6B656C5145D01775F829520873B806370B9F9E2","digitalCertIssuer":"CN=GlobalSign GCC R45 EV CodeSigning CA 2020, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"CN=\"OSTOTO CO., LIMITED\", O=\"OSTOTO CO., LIMITED\", L=Sham Shui Po, S=Kowloon, C=HK, OID.1.3.6.1.4.1.311.60.2.1.3=HK, SERIALNUMBER=65731523, OID.2.5.4.15=Private Organization","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"178","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.search","reference":"","landingPage":"https://www.drivethelife.com/driver-installation-software/","directDownloadingLink":"https://www.drivethelife.com/download/driver-talent.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.drivethelife.com/download/driver-talent.exe","sourceIndex":"178"}],"sampleFiles":["250814/DriverTalent-181031/10.0.23.74/Samples/DriverTalent_2222_10_0_23_74.exe","250814/DriverTalent-181031/10.0.23.74/Samples/DriverTalentXWebSetup_b2222b.exe"],"imageFiles":["250814/DriverTalent-181031/10.0.23.74/Images/ACR-004/ACR-004_Software_1.png","250814/DriverTalent-181031/10.0.23.74/Images/ACR-004/ACR-004_Software_2.png","250814/DriverTalent-181031/10.0.23.74/Images/ACR-084/ACR-084_Software_1.png"],"nonDeceptorImageFiles":["250814/DriverTalent-181031/10.0.23.74/Images/ACR-045/ACR-045_Landing page_1.png"],"guid":"64868de9-f11c-4ab1-ba42-1971a3b0ab74_10.0.23.74_1","appID":"DriverTalent-181031","dateAdded":"251113","deceptorType":"App","name":"Driver Talent","company":"OSToto Co., Ltd.","version":"10.0.23.74","firstResolvedVersion":"","lastKnownStatus":"7.0.1.8;8.0.10.58;8.1.9.20;10.0.23.74;10.0.31.86","lastKnownDate":"251113","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 8,Windows 7,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"paid,up-sell to paid,cross-sell other apps","lastUpdate":"2025-11-13T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":5,"sortOrder":160},{"violations":{"ACR-042":"Application installs Mystnodes components and runs silently in background without obtaining the user's permission through explicit user action.\n","ACR-048":"Application hides the Mystnodes process running in background after user quit the application, doesn't provide any control option for user to close Mystnodes process or cancel Mystnodes activity..\n","ACR-007":"The app does not obtain user explicit consent about joining Mystnodes P2P network and reducing the consumer system's security posture caused by sharing the user's internet resource.\n","ACR-084":"Application hides the Mystnodes process running in background without notifying user even after user quit the application. Mystnodes stays active with no visual indicator.\n","ACR-118":"Application leaves updating components after uninstallation completes.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"Portals-Setup-3.1.12.exe","isInstaller":"True","companyName":"PortalsVPN","productName":"Portals","productVersion":"3.1.12","fileVersion":"3.1.12","hashMD5":"41c69d53a6cbe28a6a7284b5f9880d6d","hashSHA1":"f0330e411adcec07a429afc626265c8ff848a7e0","hashSHA256":"bbb845f3fbf65aefb8476b04836f4f0eda38f9e4b5991483b05261b1f0e88b9b","digitalCertThumbprint":"4E9782E706576D3D9DA3930D2C744052F113DAD5","digitalCertIssuer":"CN=Sectigo Public Code Signing CA EV R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=Application One Inc., O=Application One Inc., S=Delaware, C=US, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.2=Delaware, OID.1.3.6.1.4.1.311.60.2.1.3=US, SERIALNUMBER=6021569","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"149","avBlockList":["360 Total Security (20260205)","Avast Premium Security (20260205)","AVG Internet Security (20260205)","Avira Internet Security (20260205)","Bitdefender Internet Security (20260205)","COMODO Antivirus (20260205)","FortectPremium (20260205)","G DATA INTERNET SECURITY (20260205)","K7 Total Security (20260205)","KasperskyPremium (20260205)","Malwarebytes Premium (20260205)","McAfee Total Protection (20260205)","Norton Security (20260205)","Panda Dome (20260205)","Quick Heal Internet Security (20260205)","Sophos Home Premium (20260205)","SpyHunter5 (20260205)","Total AV Antivirus Pro (20260205)","VIPRE Advanced Security (20260205)","VirIT eXplorer PRO (20260205)","Webroot SecureAnywhere (20260205)"],"avAllowList":["Dr.Web Security Space (20260205)","ESET Internet Security (20260205)","Trend Micro Internet Security (20260205)","Windows Defender (20260205)"]},{"isRevoked":"False","fileName":"myst.exe","hashMD5":"2ed01421c01b9f37398fe7dfd36a3c35","hashSHA1":"6a74ef8833b8b60fdc1997a8ac43685b003b6398","hashSHA256":"be8d81accba1e679bc1fd135ed1a3c35d8fd252f6ca94b9ff6e9deb9763b1bbf","sourceIndex":"149","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"myst_supervisor.exe","hashMD5":"f0d9f5ebcb4b4250fcd9753742f32fed","hashSHA1":"45d6f4795caab8e0579d6c7f6718a604d201314b","hashSHA256":"280256b16f515a3da7163db3654b09c1268e0280cede6db2e27b588e39c74e6e","sourceIndex":"149","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"Portals.exe","companyName":"PortalsVPN","productName":"Portals","productVersion":"3.1.12.0","fileVersion":"3.1.12","hashMD5":"8c624271296deca18f871fd942edcdb2","hashSHA1":"7779f3c9e1745536f660236b5892eb8e4a8decb4","hashSHA256":"b10c7eab5ed37f8d66e2425b04052f47ab06814193a9661f498c41cac0c83701","sourceIndex":"149","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"P2P","reference":"","landingPage":"https://www.portalsvpn.com/","directDownloadingLink":"https://www.portalsvpn.com/?wpdmdl=6771","ipv4":"","ipv6":"","sourceIndex":"149"}],"sampleFiles":["251112/PortalsVPN-251111/3.1.12/Samples/Portals-Setup-3.1.12.exe"],"imageFiles":["251112/PortalsVPN-251111/3.1.12/Images/ACR-042/ACR-042_Install_1.png","251112/PortalsVPN-251111/3.1.12/Images/ACR-042/ACR-042_Install_2.png","251112/PortalsVPN-251111/3.1.12/Images/ACR-007/ACR-007_Install_1.png","251112/PortalsVPN-251111/3.1.12/Images/ACR-007/ACR-007_Install_2.png","251112/PortalsVPN-251111/3.1.12/Images/ACR-084/ACR-084_Software_1.png","251112/PortalsVPN-251111/3.1.12/Images/ACR-048/ACR-048_Software_1.png","251112/PortalsVPN-251111/3.1.12/Images/ACR-048/ACR-048_Software_2.png","251112/PortalsVPN-251111/3.1.12/Images/ACR-118/ACR-118_Uninstall_1.png"],"nonDeceptorImageFiles":[],"guid":"b6feae4d-5a33-4258-b7d2-ca2d59471141_3.1.12_1","appID":"PortalsVPN-251111","dateAdded":"251112","deceptorType":"App","name":"PortalsVPN","company":"Application One Inc","version":"3.1.12","lastKnownStatus":"3.1.12","lastKnownDate":"251112","type":"Windows Executable","category":"Personalization & Search","targetOS":"Windows 11,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"net proxy","lastUpdate":"2025-11-12T23:08:12.4808491+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":164},{"violations":{"ACR-004":"The app offers no free fix/recovery instead requires a paid subscription to address the issues.\n","ACR-118":"After uninstall, it retains some executables and its other components. \n","ACR-014":"The uninstall button is greyed out, making it appear disabled.\n"},"nonDeceptorViolations":{"ACR-065":"The User License Agreement link leads to the Privacy Policy rather than the EULA.\nThe app's About page does not display links to the EULA and/or Terms of Service, Returns and Cancellation Policy, or Privacy Policy.\n","ACR-002":"The app's name is not consistent across all user interactions.\nThe app's name is not consistent across all user interactions.\nThe company name on the offer page is inconsistent with the name shown in the software.\n","ACR-161":"The app’s landing page has testimonials that have no links back to a source so consumers can verify if they're real. \n","ACR-035":"No EULA is provided for the app.\n"},"samples":[{"isRevoked":"False","fileName":"DataSaviourSetup_1111_2_0_1_24.exe","isInstaller":"True","companyName":"TECHVISTA Co., Ltd.","productName":"PcGoGo Data Recovery","productVersion":"2.0.1.24","fileVersion":"2.0.1.24","hashMD5":"1d7f2354c4668d59fb08eda06b3325d4","hashSHA1":"290dfe5174b58bdca656496bb7ddfd5d4ebeca55","hashSHA256":"dbf56149417a70a37b1dacdc483d1cc1d56edaf0d463327254b67867d9303d64","digitalCertThumbprint":"77DE2D3F676105EEC6D3E857B0DC528E8B64F852","digitalCertIssuer":"CN=GlobalSign GCC R45 EV CodeSigning CA 2020, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"CN=TechVista Company Limited, O=TechVista Company Limited, L=Yau Tsim Mong, S=Kowloon, C=HK, OID.1.3.6.1.4.1.311.60.2.1.3=HK, SERIALNUMBER=76926044, OID.2.5.4.15=Private Organization","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"148","avBlockList":["360 Total Security (20260205)","Avast Premium Security (20260205)","AVG Internet Security (20260205)","Avira Internet Security (20260205)","Bitdefender Internet Security (20260205)","FortectPremium (20260205)","G DATA INTERNET SECURITY (20260205)","K7 Total Security (20260205)","Malwarebytes Premium (20260205)","Norton Security (20260205)","Panda Dome (20260205)","Quick Heal Internet Security (20260205)","Sophos Home Premium (20260205)","SpyHunter5 (20260205)","Total AV Antivirus Pro (20260205)","VIPRE Advanced Security (20260205)","VirIT eXplorer PRO (20260205)","Webroot SecureAnywhere (20260205)"],"avAllowList":["COMODO Antivirus (20260205)","Dr.Web Security Space (20260205)","ESET Internet Security (20260205)","KasperskyPremium (20260205)","McAfee Total Protection (20260205)","Trend Micro Internet Security (20260205)","Windows Defender (20260205)"]},{"isRevoked":"False","fileName":"DataSaviourUI.exe","companyName":"TECHVISTA Co., Ltd.","productName":"DataSaviourUI.exe","productVersion":"2.0.1.24","fileVersion":"2.0.1.24","hashMD5":"c3d5739cf85a5a0f5148469ec2bb430d","hashSHA1":"9d9bc45cf6562f2fb35f8542421bd77e0bd7718f","hashSHA256":"676ec1122fc172f98f563eefa914fad2a5089d433d529196d595193d8b77cd89","digitalCertThumbprint":"77DE2D3F676105EEC6D3E857B0DC528E8B64F852","digitalCertIssuer":"CN=GlobalSign GCC R45 EV CodeSigning CA 2020, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"CN=TechVista Company Limited, O=TechVista Company Limited, L=Yau Tsim Mong, S=Kowloon, C=HK, OID.1.3.6.1.4.1.311.60.2.1.3=HK, SERIALNUMBER=76926044, OID.2.5.4.15=Private Organization","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"148","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.search","reference":"","landingPage":"https://www.pcgogo.com/datarecovery","directDownloadingLink":"https://file1.pcgogo.com/soft_intl/DataSaviourSetup/2_0_1_24/DataSaviourSetup_1111_2_0_1_24.exe?_gl=1*kdv0s*_gcl_au*NjcxNDI0NjE1LjE3NjI4NzUwMDI.","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://file1.pcgogo.com/soft_intl/DataSaviourSetup/2_0_1_24/DataSaviourSetup_1111_2_0_1_24.exe?_gl=1*kdv0s*_gcl_au*NjcxNDI0NjE1LjE3NjI4NzUwMDI.","sourceIndex":"148"}],"sampleFiles":["251112/PcGoGoDataRecovery-251112/2.0.1.24/Samples/DataSaviourSetup_1111_2_0_1_24.exe","251112/PcGoGoDataRecovery-251112/2.0.1.24/Samples/DataSaviourUI.exe"],"imageFiles":["251112/PcGoGoDataRecovery-251112/2.0.1.24/Images/ACR-004/ACR-004_Software_1.png","251112/PcGoGoDataRecovery-251112/2.0.1.24/Images/ACR-004/ACR-004_Software_2.png","251112/PcGoGoDataRecovery-251112/2.0.1.24/Images/ACR-118/ACR-118_Uninstall_1.png","251112/PcGoGoDataRecovery-251112/2.0.1.24/Images/ACR-118/ACR-118_Uninstall_2.png","251112/PcGoGoDataRecovery-251112/2.0.1.24/Images/ACR-014/ACR-014_Uninstall_1.png"],"nonDeceptorImageFiles":["251112/PcGoGoDataRecovery-251112/2.0.1.24/Images/ACR-065/ACR-065_Install_1.png","251112/PcGoGoDataRecovery-251112/2.0.1.24/Images/ACR-002/ACR-002_Install_1.png","251112/PcGoGoDataRecovery-251112/2.0.1.24/Images/ACR-002/ACR-002_Install_2.png","251112/PcGoGoDataRecovery-251112/2.0.1.24/Images/ACR-002/ACR-002_Install_3.png","251112/PcGoGoDataRecovery-251112/2.0.1.24/Images/ACR-065/ACR-065_Software_1.png","251112/PcGoGoDataRecovery-251112/2.0.1.24/Images/ACR-002/ACR-002_Software_1.png","251112/PcGoGoDataRecovery-251112/2.0.1.24/Images/ACR-002/ACR-002_Software_2.png","251112/PcGoGoDataRecovery-251112/2.0.1.24/Images/ACR-002/ACR-002_Software_3.png","251112/PcGoGoDataRecovery-251112/2.0.1.24/Images/ACR-161/ACR-161_Landing page_1.png","251112/PcGoGoDataRecovery-251112/2.0.1.24/Images/ACR-002/ACR-002_Internal offers_1.png"],"guid":"846c3610-a5e9-41e0-8f76-767dd0036c90_2.0.1.24_1","appID":"PcGoGoDataRecovery-251112","dateAdded":"251112","deceptorType":"App","name":"PcGoGo Data Recovery","company":"TECHVISTA Co., Ltd.","version":"2.0.1.24","lastKnownStatus":"2.0.1.24","lastKnownDate":"251112","type":"Windows Executable","lastUpdate":"2025-11-12T23:14:09.2796997+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":165},{"violations":{"ACR-109":"An offer is automatically downloaded and installed with a single click, without obtaining the user’s consent.\n","ACR-004":"The app uses alarming colors and exclamation symbols to raise urgency and priority to the consumer. It differentiates issues using traffic light colors. Additionally, it displays messages such as “Computer Environment Abnormality...” and “...Detected Driver Issues in Need of Urgent Repair!” in red text, which cause misleading sense of urgency.\n","ACR-060":"The app must disclose the provider of any unrelated offers if they come from a third party.\n","ACR-084":"The application process running in background silently without notifying user about its running when application is closed and minimized to systray.\n","ACR-118":"After uninstall, it retains some executables and its other components.\n","ACR-059":"The offered app is not clearly labeled as optional and is not recognizable as an offer.\n","ACR-165":"The app doesn't provide the following information in the shopping cart: 1. Cancellation of Auto-renewal via online. 2. when the user receives a notification for renewal.\n"},"nonDeceptorViolations":{"ACR-002":"The company name on the offer page is inconsistent with the name shown in the EULA and throughout the app.\n","ACR-161":"The app’s landing page has testimonials that have no links back to a source so consumers can verify if they're real.\n","ACR-064":"Upon clicking the icon, the app's download and installation starts automatically. The download and installation shouldn't happen unless it is labeled as the \"Download\" or \"Install\" button.\n","ACR-017":"The app elevates its consumer trust level by displaying unverifiable logos and endorsements in the landing page.\n"},"samples":[{"isRevoked":"False","fileName":"DriverSentry.exe","companyName":"TECHVISTA Co., Ltd.","productName":"Driver Sentry","productVersion":"10.0.12.30","fileVersion":"10.0.12.30","hashMD5":"b001ed895a2b5cbffb6b667f5053a8e0","hashSHA1":"011369c6e5e81c8401100d8c1492e48a5abe4991","hashSHA256":"46dfdceff831ce7ca9bfecc2aad54db4b2df9ac134c3410f23250a36ba2be343","digitalCertThumbprint":"8F2E00256A92F4BFB758FFF8BEF2F9E21F079676","digitalCertIssuer":"CN=GlobalSign GCC R45 CodeSigning CA 2020, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"CN=TechVista Company Limited, O=TechVista Company Limited, L=Yau Tsim Mong, S=Kowloon, C=HK","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"150","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"DriverSentry_1111_10_0_12_30.exe","isInstaller":"True","companyName":"TECHVISTA Co., Ltd.","productName":"Driver Sentry","productVersion":"10.0.12.30","fileVersion":"10.0.12.30","hashMD5":"8d88e1b6635eff974fef9429c5af101e","hashSHA1":"35bafba138d8d0903bd3bcf1bbfd774e8ff48c69","hashSHA256":"1e190b03694c55de52fe0b09465c1ad606d00e6a5a7d0d235cf8928ad8f41e9e","digitalCertThumbprint":"8F2E00256A92F4BFB758FFF8BEF2F9E21F079676","digitalCertIssuer":"CN=GlobalSign GCC R45 CodeSigning CA 2020, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"CN=TechVista Company Limited, O=TechVista Company Limited, L=Yau Tsim Mong, S=Kowloon, C=HK","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"150","avBlockList":["360 Total Security (20260127)","Avast Premium Security (20260127)","AVG Internet Security (20260127)","Avira Internet Security (20260127)","Bitdefender Internet Security (20260127)","ESET Internet Security (20260127)","FortectPremium (20260127)","G DATA INTERNET SECURITY (20260127)","K7 Total Security (20260127)","KasperskyPremium (20260127)","Malwarebytes Premium (20260127)","Norton Security (20260127)","Panda Dome (20260127)","Quick Heal Internet Security (20260127)","Sophos Home Premium (20260127)","SpyHunter5 (20260127)","Total AV Antivirus Pro (20260127)","VIPRE Advanced Security (20260127)","VirIT eXplorer PRO (20260127)","Webroot SecureAnywhere (20260127)"],"avAllowList":["COMODO Antivirus (20260127)","Dr.Web Security Space (20260127)","McAfee Total Protection (20260127)","Trend Micro Internet Security (20260127)","Windows Defender (20260127)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.search","reference":"","landingPage":"https://www.pcgogo.com/download.html","directDownloadingLink":"https://file.updrv.com/soft_intl/DriverSentry/10_0_12_30/DriverSentry_1111_10_0_12_30.exe?t=1762814165&sign=1f2b4b77e6d966e93b3f8a78e453dd4d","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://file.updrv.com/soft_intl/DriverSentry/10_0_12_30/DriverSentry_1111_10_0_12_30.exe?t=1762814165&sign=1f2b4b77e6d966e93b3f8a78e453dd4d","sourceIndex":"150"}],"sampleFiles":["251112/DriverSentry-251110/10.0.12.30/Samples/DriverSentry.exe","251112/DriverSentry-251110/10.0.12.30/Samples/DriverSentry_1111_10_0_12_30.exe"],"imageFiles":["251112/DriverSentry-251110/10.0.12.30/Images/ACR-109/ACR-109_Install_1.png","251112/DriverSentry-251110/10.0.12.30/Images/ACR-004/ACR-004_Software_1.png","251112/DriverSentry-251110/10.0.12.30/Images/ACR-004/ACR-004_Software_2.png","251112/DriverSentry-251110/10.0.12.30/Images/ACR-004/ACR-004_Software_3.png","251112/DriverSentry-251110/10.0.12.30/Images/ACR-004/ACR-004_Software_4.png","251112/DriverSentry-251110/10.0.12.30/Images/ACR-004/ACR-004_Software_5.png","251112/DriverSentry-251110/10.0.12.30/Images/ACR-084/ACR-084_Software_1.png","251112/DriverSentry-251110/10.0.12.30/Images/ACR-118/ACR-118_Uninstall_1.png","251112/DriverSentry-251110/10.0.12.30/Images/ACR-118/ACR-118_Uninstall_2.png","251112/DriverSentry-251110/10.0.12.30/Images/ACR-059/ACR-059_Inline offers_1.png","251112/DriverSentry-251110/10.0.12.30/Images/ACR-060/ACR-060_Inline offers_1.png","251112/DriverSentry-251110/10.0.12.30/Images/ACR-165/ACR-165_Internal offers_1.jpeg"],"nonDeceptorImageFiles":["251112/DriverSentry-251110/10.0.12.30/Images/ACR-017/ACR-017_Landing page_1.png","251112/DriverSentry-251110/10.0.12.30/Images/ACR-161/ACR-161_Landing page_1.png","251112/DriverSentry-251110/10.0.12.30/Images/ACR-064/ACR-064_Inline offers_1.png","251112/DriverSentry-251110/10.0.12.30/Images/ACR-002/ACR-002_Internal offers_1.png"],"guid":"cfde2b0f-f73a-4b9d-bd77-bd9521327789_10.0.12.30_1","appID":"DriverSentry-251110","dateAdded":"251112","deceptorType":"App","name":"Driver Sentry","company":"TECHVISTA Co., Ltd.","version":"10.0.12.30","lastKnownDate":"251112","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10,Windows 11","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,install offers","lastUpdate":"2025-11-12T19:07:51.0391623+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":166},{"violations":{"ACR-048":"The App remaps the \"application close\" functionality to \"minimize\" and stay in the system dock.\n","ACR-004":"App doesn't provide free fix or free trial fix for the issues identified during free scan.\n","ACR-084":"App does not provide a way to disable the auto-launch of the app.\n"},"nonDeceptorViolations":{"ACR-065":"The application has no link or information that shows how it can be uninstalled. \nThe application has no link or information that shows how it can be uninstalled. \n","ACR-092":"The application installer file does not have a digital signature.\n","ACR-099":"The application has no link or information that shows how it can be uninstalled. \nThe application has no link or information that shows how it can be uninstalled. \n"},"samples":[{"isRevoked":"False","fileName":"MacClean360Trial.dmg","isInstaller":"True","companyName":"DoYourData","productName":"MacClean360","productVersion":"4.3","fileVersion":"4.3","hashMD5":"c8987bce923f896475d9c0083015ac95","hashSHA1":"b915dd74fd521478e2f5acb7a90d59389b2dd7f7","hashSHA256":"979e6570b3878c381fef455ced7b4f76245e23e67ee4d85882d327a3500a562a","sourceIndex":"2645","avBlockList":["Avast Security for Mac (20220712)","Avira Security for Mac (20220712)","Bitdefender Antivirus for Mac (20220712)","ESET Cyber Security Pro for Mac (20220712)","K7 Antivirus for Mac (20220712)","Kaspersky Internet Security for Mac (20220712)","McAfee Internet Security for Mac (20220712)","Norton Security for Mac (20220712)","Sophos Home Premium For Mac (20220712)","Trend Micro Antivirus for Mac (20220712)"],"avAllowList":["G DATA AntiVirus for Mac (20220712)"]},{"isRevoked":"False","fileName":"/Applications/MacClean360.app/Contents/MacOS/MacClean360","companyName":"DoYourData","productName":"MacClean360","productVersion":"4.3","fileVersion":"4.3","hashMD5":"fc05a3de0c95c9ca74e7a53a4700a4ed","hashSHA1":"2e006375782f2f70bb832d72706bf8fa52e5b1bc","hashSHA256":"de6397175084d939cd94dbb64fc7517209be88e8fb3bc2840006a302706c9169","digitalCertIssuer":"Apple Root CA","digitalCertIssuedTo":"FENG TAO (92Z5UVVL5Y)","sourceIndex":"2645","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"google search \"Clean up Gigabytes of Junk\"","reference":"https://www.doyourdata.com/clean-mac/macclean360.html","landingPage":"https://www.doyourdata.com/clean-mac/macclean360.html","directDownloadingLink":"https://www.doyourdata.com/trial/MacClean360Trial.dmg","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.doyourdata.com/trial/MacClean360Trial.dmg","sourceIndex":"2645"}],"sampleFiles":["191101/MacClean360-191029/4.3/Samples/MacClean360Trial.dmg","191101/MacClean360-191029/4.3/Samples/MacClean360"],"imageFiles":["191101/MacClean360-191029/4.3/Images/ACR-004/junk_cleaner.png","191101/MacClean360-191029/4.3/Images/ACR-004/004.png","191101/MacClean360-191029/4.3/Images/ACR-004/buy.png","191101/MacClean360-191029/4.3/Images/ACR-004/buy2.png","191101/MacClean360-191029/4.3/Images/ACR-084/084.png"],"nonDeceptorImageFiles":["191101/MacClean360-191029/4.3/Images/ACR-065/install.png","191101/MacClean360-191029/4.3/Images/ACR-065/about.png"],"guid":"b42a485b-35a0-4c7c-8de1-fd6e31b67965_4.3_1","appID":"MacClean360-191029","dateAdded":"251111","deceptorType":"MacOS App","name":"MacClean360","company":"DoYourData","version":"4.3","sigName":"Deceptor:MacOS/MacClean360!004048084","lastKnownStatus":"Deceptor:4.3;4.5;4.6;4.7;4.8;4.9;5.0;5.1;5.2;5.3;5.4;5.5;5.9;6.0;6.1","lastKnownDate":"251111","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,paid","lastUpdate":"2025-11-11T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":15,"sortOrder":182},{"violations":{"ACR-004":"The app does not provide a fully functioning free trial. The app does not provide free fixes for the results identified during the free scan.\n","ACR-084":"The app does not provide a way to disable the auto-launch of the app.\n"},"nonDeceptorViolations":{"ACR-065":"The app's install does not provide links to the app's EULA, Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThe app's about page does not have links to the app's EULA, Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThe app's landing page does not have links to the app's Terms of Service, Returns and Cancellations Policy.\n","ACR-099":"The app's About page does not contain links to uninstall information.\nThe app's landing page does not contain links to uninstall information.\nThe internal offers page does not contain links to uninstall information.\n"},"samples":[{"isRevoked":"False","fileName":"MacClean360Trial.dmg","isInstaller":"True","fileVersion":"0.","hashMD5":"75ea90369cc63c19bed97a84239d62e8","hashSHA1":"3aa1f6ab0511745acfc40a8c983de2c85e170ca3","hashSHA256":"ae531e3c9a4993e993bdb752a5b6257f418abbf07d93974b04d81b3bc6373afa","sourceIndex":"2542","avBlockList":["Avast Security for Mac (20211214)","Avira Security for Mac (20211214)","Bitdefender Antivirus for Mac (20211214)","ESET Cyber Security Pro for Mac (20211214)","G DATA AntiVirus for Mac (20211214)","K7 Antivirus for Mac (20211214)","Kaspersky Internet Security for Mac (20211214)","McAfee Internet Security for Mac (20211214)","Norton Security for Mac (20211214)","Sophos Home Premium For Mac (20211214)","Trend Micro Antivirus for Mac (20211214)"],"avAllowList":[]},{"isRevoked":"False","fileName":"MacClean360","fileVersion":"0.","hashMD5":"676997536d2f6599fafe064323a2aecf","hashSHA1":"0f165b69099ff0f0639d305e5a94cbf0fc55987b","hashSHA256":"b1f48267b0ccc8e97914116275c703f4b91ff8bd0184c4a0a6ce36bb851cbe5c","sourceIndex":"2542","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"google search \"Clean up Gigabytes of Junk\"","reference":"https://www.doyourdata.com/clean-mac/macclean360.html","landingPage":"https://www.doyourdata.com/clean-mac/macclean360.html","directDownloadingLink":"https://www.doyourdata.com/trial/MacClean360Trial.dmg","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.doyourdata.com/trial/MacClean360Trial.dmg","sourceIndex":"2542"}],"sampleFiles":["200212/MacClean360-191029/4.5/Samples/MacClean360Trial.dmg","200212/MacClean360-191029/4.5/Samples/MacClean360"],"imageFiles":["200212/MacClean360-191029/4.5/Images/ACR-004/MacClean360 ACR-004.gif","200212/MacClean360-191029/4.5/Images/ACR-084/MacClean360 ACR-084.png"],"nonDeceptorImageFiles":["200212/MacClean360-191029/4.5/Images/ACR-099/About Page.png","200212/MacClean360-191029/4.5/Images/ACR-099/Screen Shot 2020-02-03 at 5.22.41 PM.png","200212/MacClean360-191029/4.5/Images/ACR-065/ACR-065 Install.png","200212/MacClean360-191029/4.5/Images/ACR-065/About Page.png","200212/MacClean360-191029/4.5/Images/ACR-065/Screen Shot 2020-02-03 at 5.22.41 PM.png","200212/MacClean360-191029/4.5/Images/ACR-099/Internal Offers.png"],"guid":"b42a485b-35a0-4c7c-8de1-fd6e31b67965_4.5_1","appID":"MacClean360-191029","dateAdded":"251111","deceptorType":"MacOS App","name":"MacClean360","company":"DoYourData","version":"4.5","sigName":"Deceptor:MacOS/MacClean360!004084","lastKnownStatus":"Deceptor:4.3;4.5;4.6;4.7;4.8;4.9;5.0;5.1;5.2;5.3;5.4;5.5;5.9;6.0;6.1","lastKnownDate":"251111","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,paid","lastUpdate":"2025-11-11T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":15,"sortOrder":181},{"violations":{"ACR-004":"The app provides free scan results, but does not provide a fully functional trial before requiring consumer to pay.\n","ACR-084":"The app does not provide a way to disable the auto-launch of the app.\n"},"nonDeceptorViolations":{"ACR-045":"\"Free Trial\" highlights \"Free\" misleads user. The functionality that requires consumer payment in order to be activated needs to be marked clearly in landing page. Otherwise app should remove \"free\" word.\n","ACR-065":"The app's install does not provide links to the app's EULA, Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThe app's about page does not have links to the app's EULA, Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThe app's landing page does not have links to the app's Terms of Service, Returns and Cancellations Policy.\n","ACR-099":"The app's About page does not contain links to uninstall information.\nThe app's landing page does not contain links to uninstall information.\nThe internal offers page does not contain links to uninstall information.\n"},"samples":[{"isRevoked":"False","fileName":"MacClean360","fileVersion":"0.","hashMD5":"a2d0a90d334b3ad3c97ee002b15c161e","hashSHA1":"6f26adf9a6e416cdec25a0e4e1db324d9138b756","hashSHA256":"7f3bb61d04a412fb10820b73895ad8de2e63de1094145ec9985905940d2b45b8","sourceIndex":"2140","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"MacClean360Trial.dmg","isInstaller":"True","fileVersion":"0.","hashMD5":"b2615aa3b7f6d91914b4d3ee53b757aa","hashSHA1":"d764b72d30a9183d21d603b90283157a8d8c9a56","hashSHA256":"624a3b89f999ee0eeefd4574ccc86a438184f605c09358573d1fcd8f6d33f726","sourceIndex":"2140","avBlockList":["Avast Security for Mac (20220913)","Avira Security for Mac (20220913)","Bitdefender Antivirus for Mac (20220913)","ESET Cyber Security Pro for Mac (20220913)","G DATA AntiVirus for Mac (20220913)","McAfee Internet Security for Mac (20220913)","Norton Security for Mac (20220913)","Sophos Home Premium For Mac (20220913)","Trend Micro Antivirus for Mac (20220913)"],"avAllowList":["K7 Antivirus for Mac (20220913)","Kaspersky Internet Security for Mac (20220913)"]}],"additionalFiles":[],"sources":[{"howFound":"google search \"Clean up Gigabytes of Junk\"","reference":"https://www.doyourdata.com/clean-mac/macclean360.html","landingPage":"https://www.doyourdata.com/clean-mac/macclean360.html","directDownloadingLink":"https://www.doyourdata.com/trial/MacClean360Trial.dmg","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.doyourdata.com/trial/MacClean360Trial.dmg","sourceIndex":"2140"}],"sampleFiles":["200805/MacClean360-191029/4.7/Samples/MacClean360","200805/MacClean360-191029/4.7/Samples/MacClean360Trial.dmg"],"imageFiles":["200805/MacClean360-191029/4.7/Images/ACR-004/MacClean360_Interaction [1].png","200805/MacClean360-191029/4.7/Images/ACR-004/MacClean360_Interaction [2].png","200805/MacClean360-191029/4.7/Images/ACR-004/MacClean360_Interaction [3].png","200805/MacClean360-191029/4.7/Images/ACR-004/MacClean360_Interaction [4].png","200805/MacClean360-191029/4.7/Images/ACR-004/MacClean360_Interaction [5] Activation.png","200805/MacClean360-191029/4.7/Images/ACR-084/MacClean360_About [1].png","200805/MacClean360-191029/4.7/Images/ACR-084/MacClean360_Interaction [1].png","200805/MacClean360-191029/4.7/Images/ACR-084/MacClean360_LogIn[1].png","200805/MacClean360-191029/4.7/Images/ACR-084/MacClean360_KnockKnockLog [2].png"],"nonDeceptorImageFiles":["200805/MacClean360-191029/4.7/Images/ACR-099/MacClean360_About [1].png","200805/MacClean360-191029/4.7/Images/ACR-099/MacClean360_LandingPage [1].jpg","200805/MacClean360-191029/4.7/Images/ACR-065/MacClean360_Install [1].png","200805/MacClean360-191029/4.7/Images/ACR-065/MacClean360_About [1].png","200805/MacClean360-191029/4.7/Images/ACR-065/MacClean360_LandingPage [1].jpg","200805/MacClean360-191029/4.7/Images/ACR-099/MacClean360_OfferPage [1].png","200805/MacClean360-191029/4.7/Images/ACR-099/MacClean360_OfferPage [2].png","200805/MacClean360-191029/4.7/Images/ACR-099/MacClean360_OfferPage [3].png"],"guid":"b42a485b-35a0-4c7c-8de1-fd6e31b67965_4.7_1","appID":"MacClean360-191029","dateAdded":"251111","deceptorType":"MacOS App","name":"MacClean360","company":"DoYourData","version":"4.7","sigName":"Deceptor:MacOS/MacClean360!004084","lastKnownStatus":"Deceptor:4.3;4.5;4.6;4.7;4.8;4.9;5.0;5.1;5.2;5.3;5.4;5.5;5.9;6.0;6.1","lastKnownDate":"251111","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,paid","lastUpdate":"2025-11-11T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":15,"sortOrder":179},{"violations":{"ACR-004":"App does not provide free fixes for the scan results that can't be permanently fixed. It uses issues identified during free scanning to upsell user the fix, requiring user to purchase subscription service to fix all results identified during free scan.\n","ACR-084":"The app does not provide a way to disable the auto-launch of the app.\n"},"nonDeceptorViolations":{"ACR-045":"\"Free Trial\" highlights \"Free\" misleads user. The functionality that requires consumer payment in order to be activated needs to be marked clearly in landing page. Otherwise app should remove \"free\" word.\n","ACR-065":"The app's install does not provide links to the app's EULA, Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThe app's about page does not have links to the app's EULA, Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThe app's landing page does not have links to the app's Returns and Cancellations Policy.\nThe app's internal offer page does not have links to the app's Returns and Cancellations Policy.\n","ACR-161":"The landing page displays an unverifiable testimonial.\n","ACR-099":"The app's About page does not contain links to uninstall information.\nThe app's landing page does not contain links to uninstall information.\nThe internal offers page does not contain links to uninstall information.\n"},"samples":[{"isRevoked":"False","fileName":"MacClean360","fileVersion":"0.","hashMD5":"aa7b14d010fc60d08bf01d2ec6c0bc2d","hashSHA1":"f67610bf4fa847a0b734850d9cfdc90a1d7471c9","hashSHA256":"38280c1181851f0fd17e0264a322b7a9c0469c6da688218b493b9b056a6a6d41","sourceIndex":"2108","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"MacClean360Trial.dmg","isInstaller":"True","fileVersion":"0.","hashMD5":"ff70f1d439fbb5076c749e53e4c4463d","hashSHA1":"718bd6f762f6653b1d6cf8b6370923581090be19","hashSHA256":"0211ee2d1b1138d2111fd7e5ce229e95b10741890deb302a8001c844c5f28fb0","sourceIndex":"2108","avBlockList":["Avast Security for Mac (20240514)","Avira Security for Mac (20240514)","Bitdefender Antivirus for Mac (20240514)","ESET Cyber Security Pro for Mac (20240514)","G DATA AntiVirus for Mac (20240514)","K7 Antivirus for Mac (20240514)","Kaspersky Internet Security for Mac (20240514)","Norton Security for Mac (20240514)","Sophos Home Premium For Mac (20240514)","Trend Micro Antivirus for Mac (20240514)","SpyHunterforMac (20240514)"],"avAllowList":["McAfee Internet Security for Mac (20240514)"]}],"additionalFiles":[],"sources":[{"howFound":"google search \"Clean up Gigabytes of Junk\"","reference":"https://www.doyourdata.com/clean-mac/macclean360.html","landingPage":"https://www.doyourdata.com/clean-mac/macclean360.html","directDownloadingLink":"https://www.doyourdata.com/trial/MacClean360Trial.dmg","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.doyourdata.com/trial/MacClean360Trial.dmg","sourceIndex":"2108"}],"sampleFiles":["200924/MacClean360-191029/4.8/Samples/MacClean360","200924/MacClean360-191029/4.8/Samples/MacClean360Trial.dmg"],"imageFiles":["200924/MacClean360-191029/4.8/Images/ACR-004/MacClean360_Interactions [1].png","200924/MacClean360-191029/4.8/Images/ACR-004/MacClean360_Interactions [2].png","200924/MacClean360-191029/4.8/Images/ACR-004/MacClean360_Interactions [3] ScanResults.png","200924/MacClean360-191029/4.8/Images/ACR-004/MacClean360_Interactions [4] Activate.png","200924/MacClean360-191029/4.8/Images/ACR-084/MacClean360_Autologin [1].png"],"nonDeceptorImageFiles":["200924/MacClean360-191029/4.8/Images/ACR-099/MacClean360_About [1].png","200924/MacClean360-191029/4.8/Images/ACR-099/MacClean360_LandingPage [3].jpg","200924/MacClean360-191029/4.8/Images/ACR-099/MacClean360_LandingPage [4].png","200924/MacClean360-191029/4.8/Images/ACR-065/MacClean360_Install [1].png","200924/MacClean360-191029/4.8/Images/ACR-065/MacClean360_About [1].png","200924/MacClean360-191029/4.8/Images/ACR-065/MacClean360_LandingPage [3].jpg","200924/MacClean360-191029/4.8/Images/ACR-065/MacClean360_LandingPage [4].png","200924/MacClean360-191029/4.8/Images/ACR-045/MacClean360_LandingPage [1] FreeTrial.png","200924/MacClean360-191029/4.8/Images/ACR-161/MacClean360_LandingPage [2] Testimonial.png","200924/MacClean360-191029/4.8/Images/ACR-065/MacClean360_OfferPage [1].png","200924/MacClean360-191029/4.8/Images/ACR-065/MacClean360_OfferPage [2].png","200924/MacClean360-191029/4.8/Images/ACR-099/MacClean360_OfferPage [1].png","200924/MacClean360-191029/4.8/Images/ACR-099/MacClean360_OfferPage [2].png","200924/MacClean360-191029/4.8/Images/ACR-099/MacClean360_OfferPage [3].png"],"guid":"b42a485b-35a0-4c7c-8de1-fd6e31b67965_4.8_1","appID":"MacClean360-191029","dateAdded":"251111","deceptorType":"MacOS App","name":"MacClean360","company":"DoYourData","version":"4.8","sigName":"Deceptor:MacOS/MacClean360!004084","lastKnownStatus":"Deceptor:4.3;4.5;4.6;4.7;4.8;4.9;5.0;5.1;5.2;5.3;5.4;5.5;5.9;6.0;6.1","lastKnownDate":"251111","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,paid","lastUpdate":"2025-11-11T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":15,"sortOrder":178},{"violations":{"ACR-004":"App does not provide free fixes for the scan results that can't be permanently fixed. It uses issues identified during free scanning to upsell user the fix, requiring user to purchase subscription service to fix all results identified during free scan.\n","ACR-084":"The app does not provide a way to disable the auto-launch of the app.\n"},"nonDeceptorViolations":{"ACR-045":"\"Free Trial\" highlights \"Free\" misleads user. The functionality that requires consumer payment in order to be activated needs to be marked clearly in landing page. Otherwise app should remove \"free\" word.\n","ACR-065":"The app's install does not provide links to the app's EULA or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThe app's about page does not have links to the app's EULA, Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThe app's landing page does not have links to the app's Returns and Cancellations Policy.\nThe app's internal offer page does not have links to the app's Returns and Cancellations Policy.\n","ACR-161":"The app’s landing page has testimonials that have no links back to a source so consumers can verify if they're real.\n","ACR-099":"The app's About page does not contain links to uninstall information.\nThe app's landing page does not contain links to uninstall information.\nThe internal offers page does not contain links to uninstall information.\n"},"samples":[{"isRevoked":"False","fileName":"MacClean360","fileVersion":"0.","hashMD5":"b94cff913bc396b3b9acad3e6438b029","hashSHA1":"b1143fa441ff51aedb0f046c352f82c07ff344f1","hashSHA256":"9084108edb28e282bd9145518f6184364059a20b552ed9e2b7cd58fbe439d4ae","sourceIndex":"2022","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"MacClean360Trial.dmg","isInstaller":"True","fileVersion":"0.","hashMD5":"049b7969066e18234886586f5a39715c","hashSHA1":"243abc18963615dfacf4e02e7db274e0ce6f692a","hashSHA256":"fe97fb060768c0806a70b0138371ebe3327fa8936ed347fab7c21c7d468d1be9","sourceIndex":"2022","avBlockList":["Avast Security for Mac (20210511)","Avira Security for Mac (20210511)","Bitdefender Antivirus for Mac (20210511)","ESET Cyber Security Pro for Mac (20210511)","G DATA AntiVirus for Mac (20210511)","K7 Antivirus for Mac (20210511)","McAfee Internet Security for Mac (20210511)","Norton Security for Mac (20210511)","Sophos Home Premium For Mac (20210511)","Trend Micro Antivirus for Mac (20210511)"],"avAllowList":["Kaspersky Internet Security for Mac (20210511)"]}],"additionalFiles":[],"sources":[{"howFound":"google search \"Clean up Gigabytes of Junk\"","reference":"https://www.doyourdata.com/clean-mac/macclean360.html","landingPage":"https://www.doyourdata.com/clean-mac/macclean360.html","directDownloadingLink":"https://www.doyourdata.com/trial/MacClean360Trial.dmg","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.doyourdata.com/trial/MacClean360Trial.dmg","sourceIndex":"2022"}],"sampleFiles":["201224/MacClean360-191029/4.9/Samples/MacClean360","201224/MacClean360-191029/4.9/Samples/MacClean360Trial.dmg"],"imageFiles":["201224/MacClean360-191029/4.9/Images/ACR-004/MacClean360_Interactions [2].png","201224/MacClean360-191029/4.9/Images/ACR-004/MacClean360_Interactions [1].png","201224/MacClean360-191029/4.9/Images/ACR-004/MacClean360_Interactions [2].png","201224/MacClean360-191029/4.9/Images/ACR-004/MacClean360_Interactions [3].png","201224/MacClean360-191029/4.9/Images/ACR-004/MacClean360_Interactions [4] ScanResults.png","201224/MacClean360-191029/4.9/Images/ACR-004/MacClean360_Interactions [5] Activate.png","201224/MacClean360-191029/4.9/Images/ACR-084/MacClean360_AutoLaunch [1].png"],"nonDeceptorImageFiles":["201224/MacClean360-191029/4.9/Images/ACR-099/MacClean360_About [1].png","201224/MacClean360-191029/4.9/Images/ACR-099/MacClean360_LandingPage [3].jpg","201224/MacClean360-191029/4.9/Images/ACR-099/MacClean360_LandingPage [4].png","201224/MacClean360-191029/4.9/Images/ACR-065/MacClean360_Install [1].png","201224/MacClean360-191029/4.9/Images/ACR-065/MacClean360_About [1].png","201224/MacClean360-191029/4.9/Images/ACR-065/MacClean360_LandingPage [3].jpg","201224/MacClean360-191029/4.9/Images/ACR-045/MacClean360_LandingPage [1] FreeTrial.png","201224/MacClean360-191029/4.9/Images/ACR-161/MacClean360_LandingPage [2] Testimonials.png","201224/MacClean360-191029/4.9/Images/ACR-065/MacClean360_OfferPage [1].png","201224/MacClean360-191029/4.9/Images/ACR-099/MacClean360_OfferPage [1].png","201224/MacClean360-191029/4.9/Images/ACR-099/MacClean360_OfferPage [2].png","201224/MacClean360-191029/4.9/Images/ACR-099/MacClean360_OfferPage [3].png"],"guid":"b42a485b-35a0-4c7c-8de1-fd6e31b67965_4.9_1","appID":"MacClean360-191029","dateAdded":"251111","deceptorType":"MacOS App","name":"MacClean360","company":"DoYourData","version":"4.9","lastKnownStatus":"Deceptor:4.3;4.5;4.6;4.7;4.8;4.9;5.0;5.1;5.2;5.3;5.4;5.5;5.9;6.0;6.1","lastKnownDate":"251111","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,paid","lastUpdate":"2025-11-11T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":15,"sortOrder":177},{"violations":{"ACR-004":"The app does not provide a fully functioning free trial. The app does not provide free fixes for the results identified during the free scan.\n","ACR-084":"The app does not provide a way to disable the auto-launch of the app.\n"},"nonDeceptorViolations":{"ACR-045":"\"Free Trial\" highlights \"Free\" misleads user. The functionality that requires consumer payment in order to be activated needs to be marked clearly in landing page. Otherwise app should remove \"free\" word.\n","ACR-065":"The app's install does not provide links to the app's EULA or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThe app's about page does not have links to the app's EULA, Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThe app's landing page does not have links to the app's Returns and Cancellations Policy.\nThe app's internal offer page does not have links to the app's Returns and Cancellations Policy.\n","ACR-161":"The app’s landing page has testimonials that have no links back to a source so consumers can verify if they're real.\n","ACR-099":"The app's About page does not contain links to uninstall information.\nThe app's landing page does not contain links to uninstall information.\nThe internal offers page does not contain links to uninstall information.\n"},"samples":[{"isRevoked":"False","fileName":"MacClean360","fileVersion":"0.","hashMD5":"ea02af39e969157f9e4061bd45ace773","hashSHA1":"318cf1631afd5bc7dbfc6f7a015703484e5d07f4","hashSHA256":"de607098925b9d326e47118a0bbcae7d4726c790bf41807e45f381b33132d1a2","sourceIndex":"1927","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"MacClean360Trial.dmg","isInstaller":"True","fileVersion":"0.","hashMD5":"812aee396ccc9bcd23f88f0639875899","hashSHA1":"2abcaf0cc19211fc36c2afd5bfb942fb98800ab4","hashSHA256":"c00bea0ad5cd10297f37796061305ba4385bd14dcbcfbfbd3fff51c765803c31","sourceIndex":"1927","avBlockList":["Avast Security for Mac (20210713)","Avira Security for Mac (20210713)","ESET Cyber Security Pro for Mac (20210713)","K7 Antivirus for Mac (20210713)","Norton Security for Mac (20210713)","Sophos Home Premium For Mac (20210713)","Trend Micro Antivirus for Mac (20210713)"],"avAllowList":["Bitdefender Antivirus for Mac (20210713)","G DATA AntiVirus for Mac (20210713)","Kaspersky Internet Security for Mac (20210713)","McAfee Internet Security for Mac (20210713)"]}],"additionalFiles":[],"sources":[{"howFound":"google search \"Clean up Gigabytes of Junk\"","reference":"https://www.doyourdata.com/clean-mac/macclean360.html","landingPage":"https://www.doyourdata.com/clean-mac/macclean360.html","directDownloadingLink":"https://www.doyourdata.com/trial/MacClean360Trial.dmg","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.doyourdata.com/trial/MacClean360Trial.dmg","sourceIndex":"1927"}],"sampleFiles":["210516/MacClean360-191029/5.0/Samples/MacClean360","210516/MacClean360-191029/5.0/Samples/MacClean360Trial.dmg"],"imageFiles":["210516/MacClean360-191029/5.0/Images/ACR-004/MacClean360_Interactions [1].png","210516/MacClean360-191029/5.0/Images/ACR-004/MacClean360_Interactions [2].png","210516/MacClean360-191029/5.0/Images/ACR-004/MacClean360_Interactions [3].png","210516/MacClean360-191029/5.0/Images/ACR-004/MacClean360_Interactions [4].png","210516/MacClean360-191029/5.0/Images/ACR-084/MacClean360_Login [3].png"],"nonDeceptorImageFiles":["210516/MacClean360-191029/5.0/Images/ACR-099/MacClean360_About [1].png","210516/MacClean360-191029/5.0/Images/ACR-099/MacClean360_LandingPage [1].png","210516/MacClean360-191029/5.0/Images/ACR-065/MacClean360_Install [1].png","210516/MacClean360-191029/5.0/Images/ACR-065/MacClean360_About [1].png","210516/MacClean360-191029/5.0/Images/ACR-065/MacClean360_LandingPage [1].png","210516/MacClean360-191029/5.0/Images/ACR-045/MacClean360_LandingPage [5].png","210516/MacClean360-191029/5.0/Images/ACR-161/MacClean360_LandingPage [3].png","210516/MacClean360-191029/5.0/Images/ACR-161/MacClean360_LandingPage [4].png","210516/MacClean360-191029/5.0/Images/ACR-065/MacClean360_OfferPage [1].png","210516/MacClean360-191029/5.0/Images/ACR-099/MacClean360_OfferPage [1].png"],"guid":"b42a485b-35a0-4c7c-8de1-fd6e31b67965_5.0_1","appID":"MacClean360-191029","dateAdded":"251111","deceptorType":"MacOS App","name":"MacClean360","company":"DoYourData","version":"5.0","lastKnownStatus":"Deceptor:4.3;4.5;4.6;4.7;4.8;4.9;5.0;5.1;5.2;5.3;5.4;5.5;5.9;6.0;6.1","lastKnownDate":"251111","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,paid","lastUpdate":"2025-11-11T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":15,"sortOrder":176},{"violations":{"ACR-004":"The app does not provide a fully functioning free trial. The app does not provide free fixes for the results identified during the free scan.\n","ACR-084":"The app does not provide a way to disable the auto-launch of the app.\n"},"nonDeceptorViolations":{"ACR-045":"\"Free Trial\" highlights \"Free\" misleads user. The functionality that requires consumer payment in order to be activated needs to be marked clearly in landing page. Otherwise app should remove \"free\" word.\n","ACR-065":"The app's install does not provide links to the app's EULA or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThe app's about page does not have links to the app's EULA, Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThe app's landing page does not have links to the app's Returns and Cancellations Policy.\nThe app's internal offer page does not have links to the app's Returns and Cancellations Policy.\n","ACR-161":"The app’s landing page has testimonials that have no links back to a source so consumers can verify if they're real.\n","ACR-099":"The app's About page does not contain links to uninstall information.\nThe app's landing page does not contain links to uninstall information.\nThe internal offers page does not contain links to uninstall information.\n"},"samples":[{"isRevoked":"False","fileName":"MacClean360","fileVersion":"0.","hashMD5":"e7d4ac8134c1ce7034625652765a344e","hashSHA1":"b04069355baf9e37e7a029f92d062acbe02ce904","hashSHA256":"f70c8c92e9b1e7910d3c0ff1c1a02eabae9ae92ce9103c6611b945ebe7d08044","sourceIndex":"1780","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"MacClean360Trial.dmg","isInstaller":"True","fileVersion":"0.","hashMD5":"fe09c98ecf6be2c41d2cdeec6ac505fd","hashSHA1":"1b5a0de6ed1bb9e45a61c5390d0e33f149b5a546","hashSHA256":"a4327830e90a7713e8e91a8577edbb0c9dfc9f10cfd3748aefb9c5f27098ba47","sourceIndex":"1780","avBlockList":["Avast Security for Mac (20240214)","Avira Security for Mac (20240214)","ESET Cyber Security Pro for Mac (20240214)","K7 Antivirus for Mac (20240214)","Kaspersky Internet Security for Mac (20240214)","McAfee Internet Security for Mac (20240214)","Norton Security for Mac (20240214)","Sophos Home Premium For Mac (20240214)","Trend Micro Antivirus for Mac (20240214)","SpyHunterforMac (20240214)"],"avAllowList":["Bitdefender Antivirus for Mac (20240214)","G DATA AntiVirus for Mac (20240214)"]}],"additionalFiles":[],"sources":[{"howFound":"google search \"Clean up Gigabytes of Junk\"","reference":"https://www.doyourdata.com/clean-mac/macclean360.html","landingPage":"https://www.doyourdata.com/clean-mac/macclean360.html","directDownloadingLink":"https://www.doyourdata.com/trial/MacClean360Trial.dmg","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.doyourdata.com/trial/MacClean360Trial.dmg","sourceIndex":"1780"}],"sampleFiles":["211130/MacClean360-191029/5.1/Samples/MacClean360","211130/MacClean360-191029/5.1/Samples/MacClean360Trial.dmg"],"imageFiles":["211130/MacClean360-191029/5.1/Images/ACR-004/MacClean360_Interactions [1].png","211130/MacClean360-191029/5.1/Images/ACR-004/MacClean360_Interactions [2].png","211130/MacClean360-191029/5.1/Images/ACR-004/MacClean360_Interactions [3].png","211130/MacClean360-191029/5.1/Images/ACR-084/MacClean360_AutoLaunch [1].png"],"nonDeceptorImageFiles":["211130/MacClean360-191029/5.1/Images/ACR-099/MacClean360_About.png","211130/MacClean360-191029/5.1/Images/ACR-099/MacClean360_LandingPage [1].png","211130/MacClean360-191029/5.1/Images/ACR-065/MacClean360_Install [1].png","211130/MacClean360-191029/5.1/Images/ACR-065/MacClean360_About.png","211130/MacClean360-191029/5.1/Images/ACR-065/MacClean360_LandingPage [1].png","211130/MacClean360-191029/5.1/Images/ACR-045/MacClean360_LandingPage [2].png","211130/MacClean360-191029/5.1/Images/ACR-045/MacClean360_LandingPage [3].png","211130/MacClean360-191029/5.1/Images/ACR-161/MacClean360_LandingPage [4].png","211130/MacClean360-191029/5.1/Images/ACR-065/MacClean360_OfferPage [1].png","211130/MacClean360-191029/5.1/Images/ACR-099/MacClean360_OfferPage [1].png","211130/MacClean360-191029/5.1/Images/ACR-099/MacClean360_OfferPage [1].png"],"guid":"b42a485b-35a0-4c7c-8de1-fd6e31b67965_5.1_1","appID":"MacClean360-191029","dateAdded":"251111","deceptorType":"MacOS App","name":"MacClean360","company":"DoYourData","version":"5.1","lastKnownStatus":"Deceptor:4.3;4.5;4.6;4.7;4.8;4.9;5.0;5.1;5.2;5.3;5.4;5.5;5.9;6.0;6.1","lastKnownDate":"251111","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,paid","lastUpdate":"2025-11-11T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":15,"sortOrder":175},{"violations":{"ACR-004":"The app does not provide a fully functioning free trial. The app does not provide free fixes for the results identified during the free scan.\n","ACR-084":"The app does not provide a way to disable the auto-launch of the app.\n","ACR-165":"App doesn't provide following information in shopping cart: 1. Cancellation of Auto-renewal via online. 2. Notifying the user about auto renewal payment.\n"},"nonDeceptorViolations":{"ACR-045":"\"Free Trial\" highlights \"Free\" misleads user. The functionality that requires consumer payment in order to be activated needs to be marked clearly in landing page. Otherwise app should remove \"free\" word.\n","ACR-065":"The app's install does not provide links to the app's EULA or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThe app's about page does not have links to the app's EULA or  Terms of Service, Returns and Cancellation Policy, Privacy Policy.\n","ACR-161":"The app’s landing page has testimonials that have no links back to a source so consumers can verify if they're real.\n","ACR-099":"The app's About page does not contain links to uninstall information.\n"},"samples":[{"isRevoked":"False","fileName":"MacClean360","fileVersion":"0.","hashMD5":"051b48699e779e16f90b668679a3ebb2","hashSHA1":"03fc2549f8d2c18fad33579fce718cf4e2745ac0","hashSHA256":"f343d6891a86499c8ba1ef69bdacd37d4265c5bf6760f0e2e23e60b7f955b97b","sourceIndex":"1733","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"MacClean360Trial.dmg","isInstaller":"True","fileVersion":"0.","hashMD5":"c33ee93063f9787b30a916876e610851","hashSHA1":"4ab52fbe79331618a5918d295e75ef9871c3c90f","hashSHA256":"5368531e6ad9bada8ccf6d2f9a54c3f1746f522c3e6adcd7ac975d5924040a8a","sourceIndex":"1733","avBlockList":["Avast Security for Mac (20230112)","Avira Security for Mac (20230112)","ESET Cyber Security Pro for Mac (20230112)","K7 Antivirus for Mac (20230112)","Kaspersky Internet Security for Mac (20230112)","Norton Security for Mac (20230112)","Sophos Home Premium For Mac (20230112)","Trend Micro Antivirus for Mac (20230112)"],"avAllowList":["Bitdefender Antivirus for Mac (20230112)","G DATA AntiVirus for Mac (20230112)","McAfee Internet Security for Mac (20230112)"]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"https://www.doyourdata.com/clean-mac/macclean360.html","landingPage":"https://www.doyourdata.com/clean-mac/macclean360.html","directDownloadingLink":"https://www.doyourdata.com/trial/MacClean360Trial.dmg","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.doyourdata.com/trial/MacClean360Trial.dmg","sourceIndex":"1733"}],"sampleFiles":["220119/MacClean360-191029/5.2/Samples/MacClean360","220119/MacClean360-191029/5.2/Samples/MacClean360Trial.dmg"],"imageFiles":["220119/MacClean360-191029/5.2/Images/ACR-004/MacClean360_Interactions [1].png","220119/MacClean360-191029/5.2/Images/ACR-004/MacClean360_Interactions [2].png","220119/MacClean360-191029/5.2/Images/ACR-004/MacClean360_Interactions [3].png","220119/MacClean360-191029/5.2/Images/ACR-004/MacClean360_Interactions [4].png","220119/MacClean360-191029/5.2/Images/ACR-084/KnockKnock [2].png","220119/MacClean360-191029/5.2/Images/ACR-165/MacClean360_OfferPage [2].png","220119/MacClean360-191029/5.2/Images/ACR-165/MacClean360_OfferPage [3].png"],"nonDeceptorImageFiles":["220119/MacClean360-191029/5.2/Images/ACR-099/MacClean360_About [1].png","220119/MacClean360-191029/5.2/Images/ACR-065/MacClean360_Install [1].png","220119/MacClean360-191029/5.2/Images/ACR-065/MacClean360_About [1].png","220119/MacClean360-191029/5.2/Images/ACR-045/MacClean360_LandingPage [2].png","220119/MacClean360-191029/5.2/Images/ACR-161/MacClean360_LandingPage [3].png","220119/MacClean360-191029/5.2/Images/ACR-161/MacClean360_LandingPage [4].png"],"guid":"b42a485b-35a0-4c7c-8de1-fd6e31b67965_5.2_1","appID":"MacClean360-191029","dateAdded":"251111","deceptorType":"MacOS App","name":"MacClean360","company":"DoYourData","version":"5.2","lastKnownStatus":"Deceptor:4.3;4.5;4.6;4.7;4.8;4.9;5.0;5.1;5.2;5.3;5.4;5.5;5.9;6.0;6.1","lastKnownDate":"251111","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,paid","lastUpdate":"2025-11-11T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":15,"sortOrder":174},{"violations":{"ACR-004":"The app does not provide a fully functioning free trial. The app does not provide free fixes for the results identified during the free scan.\n","ACR-084":"The app does not provide a way to disable the auto-launch of the app.\n"},"nonDeceptorViolations":{"ACR-065":"The app's install does not provide links to the app's EULA, Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThe app's about page does not have links to the app's EULA, Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThe app's landing page does not have links to the app's Terms of Service, Returns and Cancellations Policy.\n","ACR-099":"The app's About page does not contain links to uninstall information.\nThe app's landing page does not contain links to uninstall information.\nThe internal offers page does not contain links to uninstall information.\n"},"samples":[{"isRevoked":"False","fileName":"MacClean360Trial.dmg","isInstaller":"True","fileVersion":"0.","hashMD5":"2a48fb3f94da62ed53c096fb8deed4b7","hashSHA1":"6b3f26a3a3d61c04d5c66bb01ff41466b12a9d63","hashSHA256":"77ce908a13c8702558eb01b2362bbb1c1e071c1b5cf74a1dc4a19c9977df7bcf","sourceIndex":"2437","avBlockList":["Avast Security for Mac (20220412)","Avira Security for Mac (20220412)","Bitdefender Antivirus for Mac (20220412)","ESET Cyber Security Pro for Mac (20220412)","G DATA AntiVirus for Mac (20220412)","K7 Antivirus for Mac (20220412)","McAfee Internet Security for Mac (20220412)","Norton Security for Mac (20220412)","Sophos Home Premium For Mac (20220412)","Trend Micro Antivirus for Mac (20220412)"],"avAllowList":["Kaspersky Internet Security for Mac (20220412)"]},{"isRevoked":"False","fileName":"MacClean360","fileVersion":"0.","hashMD5":"4d80b7b87b46088e77f8a5f06c963b48","hashSHA1":"a9c7fd9a18592fe12f89bf101bf7eab1a42b300e","hashSHA256":"61b5150f586d0af0e1f269b981bc07bbe9d89d1e1f7d1ef6801e67acdbfcaa8d","sourceIndex":"2437","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"google search : \"free mac app optimizer\"","reference":"https://www.doyourdata.com","landingPage":"https://www.doyourdata.com","directDownloadingLink":"https://www.doyourdata.com/trial/MacClean360Trial.dmg","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.doyourdata.com/trial/MacClean360Trial.dmg","sourceIndex":"2437"}],"sampleFiles":["200519/MacClean360-191029/4.6/Samples/MacClean360Trial.dmg","200519/MacClean360-191029/4.6/Samples/MacClean360"],"imageFiles":["200519/MacClean360-191029/4.6/Images/ACR-004/MacClean360_Interaction [1].png","200519/MacClean360-191029/4.6/Images/ACR-004/MacClean360_Interaction [2].png","200519/MacClean360-191029/4.6/Images/ACR-004/MacClean360_Scanning [1].png","200519/MacClean360-191029/4.6/Images/ACR-004/MacClean360_Scanning Report [2].png","200519/MacClean360-191029/4.6/Images/ACR-004/MacClean360_Scanning Report - purchase [3].png","200519/MacClean360-191029/4.6/Images/ACR-084/MacClean360_Interaction [1].png","200519/MacClean360-191029/4.6/Images/ACR-084/MacClean360_AutoLaunch.png","200519/MacClean360-191029/4.6/Images/ACR-084/MacClean360_KnockKnock_log.png"],"nonDeceptorImageFiles":["200519/MacClean360-191029/4.6/Images/ACR-099/MacClean360_About [1].png","200519/MacClean360-191029/4.6/Images/ACR-099/MacClean360_LandingPage [1].png","200519/MacClean360-191029/4.6/Images/ACR-099/MacClean360_LandingPage [2].png","200519/MacClean360-191029/4.6/Images/ACR-065/MacClean360_Installs [1].png","200519/MacClean360-191029/4.6/Images/ACR-065/MacClean360_About [1].png","200519/MacClean360-191029/4.6/Images/ACR-065/MacClean360_Interaction [1].png","200519/MacClean360-191029/4.6/Images/ACR-065/MacClean360_LandingPage [1].png","200519/MacClean360-191029/4.6/Images/ACR-065/MacClean360_LandingPage [2].png","200519/MacClean360-191029/4.6/Images/ACR-099/MacClean360_OfferPage [1].png","200519/MacClean360-191029/4.6/Images/ACR-099/MacClean360_OfferPage [2].png","200519/MacClean360-191029/4.6/Images/ACR-099/MacClean360_OfferPage [3].png","200519/MacClean360-191029/4.6/Images/ACR-099/MacClean360_OfferPage [4].png"],"guid":"b42a485b-35a0-4c7c-8de1-fd6e31b67965_4.6_1","appID":"MacClean360-191029","dateAdded":"251111","deceptorType":"MacOS App","name":"MacClean360","company":"DoYourData","version":"4.6","lastKnownStatus":"Deceptor:4.3;4.5;4.6;4.7;4.8;4.9;5.0;5.1;5.2;5.3;5.4;5.5;5.9;6.0;6.1","lastKnownDate":"251111","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,paid","lastUpdate":"2025-11-11T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":15,"sortOrder":180},{"violations":{"ACR-004":"The app does not provide a fully functioning free trial. The app does not provide free fixes & substantiate the results identified during the free scan.\n","ACR-165":"App doesn't provide following information in shopping cart: 1. Cancellation of Auto-renewal via online. 2. Notifying the user about auto renewal payment.\n"},"nonDeceptorViolations":{"ACR-045":"\"Free Trial\" highlights \"Free\" misleads user. The functionality that requires consumer payment in order to be activated needs to be marked clearly in landing page. Otherwise app should remove \"free\" word.\n","ACR-161":"The app’s landing page has testimonials that have no links back to a source so consumers can verify if they're real.\n"},"samples":[{"isRevoked":"False","fileName":"MacClean360Trial.dmg","isInstaller":"True","fileVersion":"0.","hashMD5":"7824720723f63e656caefe3b42d754a5","hashSHA1":"0e8d20232d0a0eda7be5ee3f8b89d9ea9e79d7bd","hashSHA256":"81d3a4a473ce4b4514a80f85449782b470654937be455248e8a0a4f7cf5b5196","digitalCertThumbprint":"DDBE1E1D-6127-21F5-06A8-EA6F055970D8","sourceIndex":"1441","avBlockList":["Avast Security for Mac (20240409)","Avira Security for Mac (20240409)","ESET Cyber Security Pro for Mac (20240409)","K7 Antivirus for Mac (20240409)","Kaspersky Internet Security for Mac (20240409)","McAfee Internet Security for Mac (20240409)","Norton Security for Mac (20240409)","Sophos Home Premium For Mac (20240409)","SpyHunterforMac (20240409)","Trend Micro Antivirus for Mac (20240409)"],"avAllowList":["Bitdefender Antivirus for Mac (20240409)","G DATA AntiVirus for Mac (20240409)"]},{"isRevoked":"False","fileName":"MacClean360","fileVersion":"0.","hashMD5":"d92e9b465d9ceae54fca8a3d1e3e0782","hashSHA1":"a7091f4230f4e66b08f8878106c92360e20fcda9","hashSHA256":"53f79505d69e2003251b3e6da834ccecec306d38611d334689eef4d95fa8e0c8","digitalCertThumbprint":"DDBE1E1D-6127-21F5-06A8-EA6F055970D8","sourceIndex":"1441","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"google search \"Clean up Gigabytes of Junk\"","reference":"https://www.doyourdata.com/clean-mac/macclean360.html","landingPage":"https://www.doyourdata.com/clean-mac/macclean360.html","directDownloadingLink":"https://www.doyourdata.com/trial/MacClean360Trial.dmg","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.doyourdata.com/trial/MacClean360Trial.dmg","sourceIndex":"1441"}],"sampleFiles":["220907/MacClean360-191029/5.4/Samples/MacClean360Trial.dmg","220907/MacClean360-191029/5.4/Samples/MacClean360"],"imageFiles":["220907/MacClean360-191029/5.4/Images/ACR-004/ACR-004.png","220907/MacClean360-191029/5.4/Images/ACR-004/ACR-004_1.png","220907/MacClean360-191029/5.4/Images/ACR-004/ACR-004_2.png","220907/MacClean360-191029/5.4/Images/ACR-165/ACR-165.jpeg","220907/MacClean360-191029/5.4/Images/ACR-165/ACR-165_1.png"],"nonDeceptorImageFiles":["220907/MacClean360-191029/5.4/Images/ACR-045/ACR-045.jpeg","220907/MacClean360-191029/5.4/Images/ACR-045/ACR-045__2.PNG","220907/MacClean360-191029/5.4/Images/ACR-161/ACR-161.PNG","220907/MacClean360-191029/5.4/Images/ACR-161/ACR-161_1.jpeg"],"guid":"b42a485b-35a0-4c7c-8de1-fd6e31b67965_5.4_1","appID":"MacClean360-191029","dateAdded":"251111","deceptorType":"MacOS App","name":"MacClean360","company":"DoYourData","version":"5.4","lastKnownStatus":"Deceptor:4.3;4.5;4.6;4.7;4.8;4.9;5.0;5.1;5.2;5.3;5.4;5.5;5.9;6.0;6.1","lastKnownDate":"251111","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,paid","lastUpdate":"2025-11-11T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":15,"sortOrder":172},{"violations":{"ACR-004":"While the app provides free scan results via its \"Junk Cleaner\" Function, it does not provide any free fix for the scan. The app prompts the user to purchase a license in order to perform app cleanup.\n","ACR-084":"After installing application, the app creates an autorun entry on user login. This is enabled by default, and user is not informed about this action. In addition, there is no way to disable this autorun within the app interface.\n"},"nonDeceptorViolations":{"ACR-045":"\"Free Trial\" highlights \"Free\" misleads user. The functionality that requires consumer payment in order to be activated needs to be marked clearly in landing page. Otherwise app should remove \"free\" word.\n","ACR-161":"The testimonials included in their landing page does not link back to the original source, and thus cannot be confirmed by the consumer.\n"},"samples":[{"isRevoked":"False","fileName":"MacClean360","fileVersion":"0.","hashMD5":"dd55b5fdda7d6bdc5573d65bc3109d1f","hashSHA1":"641c7edd56197a9c63bc637fd618916d1f6c4d63","hashSHA256":"9f599c702d1271a5da6a5445e7b7c4f2a1155c4a922cd00e7210e07fffa27efa","sourceIndex":"1269","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"MacClean360Trial.dmg","isInstaller":"True","fileVersion":"0.","hashMD5":"e4a2b70ca49de6edce3499721a3a3fd8","hashSHA1":"68410ad529a4f7d1652e8b3561d718ac89cb2e4d","hashSHA256":"2c58de438afd53993c25d5600267a05cb0288249766db1f6e555163752e07019","sourceIndex":"1269","avBlockList":["Avast Security for Mac (20230511)","Avira Security for Mac (20230511)","Bitdefender Antivirus for Mac (20230511)","ESET Cyber Security Pro for Mac (20230511)","G DATA AntiVirus for Mac (20230511)","K7 Antivirus for Mac (20230511)","Kaspersky Internet Security for Mac (20230511)","McAfee Internet Security for Mac (20230511)","Norton Security for Mac (20230511)","Sophos Home Premium For Mac (20230511)","Trend Micro Antivirus for Mac (20230511)"],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"searching for utilities via download sites","reference":"","landingPage":"https://www.doyourdata.com/clean-mac/macclean360.html","directDownloadingLink":"https://www.doyourdata.com/trial/MacClean360Trial.dmg","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.doyourdata.com/trial/MacClean360Trial.dmg","sourceIndex":"1269"}],"sampleFiles":["221214/MacClean360-191029/5.5/Samples/MacClean360","221214/MacClean360-191029/5.5/Samples/MacClean360Trial.dmg"],"imageFiles":["221214/MacClean360-191029/5.5/Images/ACR-004/ACR004-1.png","221214/MacClean360-191029/5.5/Images/ACR-004/ACR004-2.png","221214/MacClean360-191029/5.5/Images/ACR-004/ACR004.mp4","221214/MacClean360-191029/5.5/Images/ACR-084/ACR084.png","221214/MacClean360-191029/5.5/Images/ACR-084/ACR084-1.png"],"nonDeceptorImageFiles":["221214/MacClean360-191029/5.5/Images/ACR-165/ACR165.png","221214/MacClean360-191029/5.5/Images/ACR-045/ACR045.png","221214/MacClean360-191029/5.5/Images/ACR-161/ACR161.png"],"guid":"b42a485b-35a0-4c7c-8de1-fd6e31b67965_5.5_1","appID":"MacClean360-191029","dateAdded":"251111","deceptorType":"MacOS App","name":"MacClean360","company":"DoYourData","version":"5.5","lastKnownStatus":"Deceptor:4.3;4.5;4.6;4.7;4.8;4.9;5.0;5.1;5.2;5.3;5.4;5.5;5.9;6.0;6.1","lastKnownDate":"251111","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2026-05-12T23:00:13.2789189+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":15,"sortOrder":171},{"violations":{"ACR-004":"While the app provides free scan results via its \"Junk Cleaner\"  and \"Internet Cleaner\" Function, it does not provide any free fix for the scan. The app prompts the user to purchase a license in order to perform app cleanup.\n"},"nonDeceptorViolations":{"ACR-045":"Free Trial\" highlights \"Free\" misleads user. The functionality that requires consumer payment in order to be activated needs to be marked clearly in landing page. Otherwise app should remove \"free\" word.\n","ACR-161":"The testimonials included in their landing page does not link back to the original source, and thus cannot be confirmed by the consumer.\n"},"samples":[{"isRevoked":"False","fileName":"MacClean360","fileVersion":"0.","hashMD5":"66d992838c6f1515d5fbd94657a771fb","hashSHA1":"a4a93e2ebe06e9d33a88b4e9bb2c3b079acc0739","hashSHA256":"0be900afacddea3dcfbdb9b61e807f75e9403b1102ceece97f6e8a27beb468fc","sourceIndex":"762","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"MacClean360Trial.dmg","isInstaller":"True","fileVersion":"0.","hashMD5":"2356896073bfbe80fb6e1162ea2dec35","hashSHA1":"5c510488642dc2640afdc8b30e6f000f18414147","hashSHA256":"56963fb67f462405ff765a894f7c6e30a4b095a886db006f4d7011d348360e65","sourceIndex":"762","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"google search \"Clean up Gigabytes of Junk\"","reference":"https://www.doyourdata.com/clean-mac/macclean360.html","landingPage":"https://www.doyourdata.com/clean-mac/macclean360.html","directDownloadingLink":"https://www.doyourdata.com/trial/MacClean360Trial.dmg","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.doyourdata.com/trial/MacClean360Trial.dmg","sourceIndex":"762"}],"sampleFiles":["240110/MacClean360-191029/5.9/Samples/MacClean360","240110/MacClean360-191029/5.9/Samples/MacClean360Trial.dmg"],"imageFiles":["240110/MacClean360-191029/5.9/Images/ACR-004/004_1.png","240110/MacClean360-191029/5.9/Images/ACR-004/004_2.png","240110/MacClean360-191029/5.9/Images/ACR-004/004_3.png","240110/MacClean360-191029/5.9/Images/ACR-004/004_4.png"],"nonDeceptorImageFiles":["240110/MacClean360-191029/5.9/Images/ACR-045/landingpage_045.png","240110/MacClean360-191029/5.9/Images/ACR-161/landingpage_161.png"],"guid":"b42a485b-35a0-4c7c-8de1-fd6e31b67965_5.9_1","appID":"MacClean360-191029","dateAdded":"251111","deceptorType":"MacOS App","name":"MacClean360","company":"DoYourData","version":"5.9","lastKnownStatus":"Deceptor:4.3;4.5;4.6;4.7;4.8;4.9;5.0;5.1;5.2;5.3;5.4;5.5;5.9;6.0;6.1","lastKnownDate":"251111","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2026-05-12T22:59:58.1921854+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":15,"sortOrder":170},{"violations":{"ACR-004":"While the app provides free scan results via its \"Junk Cleaner\"  and \"Internet Cleaner\" Function, it does not provide any free fix for the scan. The app prompts the user to purchase a license in order to perform app cleanup.\n"},"nonDeceptorViolations":{"ACR-045":"Free Trial\" highlights \"Free\" misleads user. The functionality that requires consumer payment in order to be activated needs to be marked clearly in landing page. Otherwise app should remove \"free\" word.\n","ACR-161":"The testimonials included in their landing page does not link back to the original source, and thus cannot be confirmed by the consumer.\n"},"samples":[{"isRevoked":"False","fileName":"MacClean360","fileVersion":"0.","hashMD5":"01e4b3a1e2604b75463735a376207d64","hashSHA1":"d14bb1765f40c7344a63f53fa5272a12c552136a","hashSHA256":"4aed8eee0ec92902454e856fd040b83db9c789505215b7e94826e05c4e1590af","sourceIndex":"563","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"MacClean360Trial.dmg","isInstaller":"True","fileVersion":"0.","hashMD5":"c361d8b639ab6265dd2dcc70cbd63117","hashSHA1":"74f92fdaeb4dc1b13432510b46706950207bf0cf","hashSHA256":"f52da9835bd6485c67b0ca24918cc29fbc035966efb82359c7190f2cf2073bf8","sourceIndex":"563","avBlockList":["Avast Security for Mac (20251113)","Avira Security for Mac (20251113)","ESET Cyber Security Pro for Mac (20251113)","Kaspersky Internet Security for Mac (20251113)","Norton Security for Mac (20251113)","SpyHunterforMac (20251113)","Trend Micro Antivirus for Mac (20251113)","Sophos Home Premium For Mac (20251113)"],"avAllowList":["Bitdefender Antivirus for Mac (20251113)","G DATA AntiVirus for Mac (20251113)","K7 Antivirus for Mac (20251113)","McAfee Internet Security for Mac (20251113)"]}],"additionalFiles":[],"sources":[{"howFound":"google search \"Clean up Gigabytes of Junk\"","reference":"https://www.doyourdata.com/clean-mac/macclean360.html","landingPage":"https://www.doyourdata.com/clean-mac/macclean360.html","directDownloadingLink":"https://www.doyourdata.com/trial/MacClean360Trial.dmg","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.doyourdata.com/trial/MacClean360Trial.dmg","sourceIndex":"563"}],"sampleFiles":["240903/MacClean360-191029/6.0/Samples/MacClean360","240903/MacClean360-191029/6.0/Samples/MacClean360Trial.dmg"],"imageFiles":["240903/MacClean360-191029/6.0/Images/ACR-004/App12.png","240903/MacClean360-191029/6.0/Images/ACR-004/App13.png","240903/MacClean360-191029/6.0/Images/ACR-004/App14.png","240903/MacClean360-191029/6.0/Images/ACR-004/App17.png","240903/MacClean360-191029/6.0/Images/ACR-004/App18.png"],"nonDeceptorImageFiles":["240903/MacClean360-191029/6.0/Images/ACR-045/LandingPage.png","240903/MacClean360-191029/6.0/Images/ACR-161/Best Mac Cleaner and Manager to Speed up and Manage Mac MacClean360 macOS Sequoia Ready1.png"],"guid":"b42a485b-35a0-4c7c-8de1-fd6e31b67965_6.0_1","appID":"MacClean360-191029","dateAdded":"251111","deceptorType":"MacOS App","name":"MacClean360","company":"DoYourData","version":"6.0","lastKnownStatus":"Deceptor:4.3;4.5;4.6;4.7;4.8;4.9;5.0;5.1;5.2;5.3;5.4;5.5;5.9;6.0;6.1","lastKnownDate":"251111","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2026-05-12T22:59:50.9591828+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":15,"sortOrder":169},{"violations":{"ACR-004":"While the app provides free scan results via its \"Junk Cleaner\"  and \"Internet Cleaner\" Function, it does not provide any free fix for the scan. The app prompts the user to purchase a license in order to perform app cleanup.\n"},"nonDeceptorViolations":{"ACR-045":"Free Trial\" highlights \"Free\" misleads user. The functionality that requires consumer payment in order to be activated needs to be marked clearly in landing page. Otherwise app should remove \"free\" word.\n","ACR-161":"The testimonials included in their landing page does not link back to the original source, and thus cannot be confirmed by the consumer.\n"},"samples":[{"isRevoked":"False","fileName":"MacClean360","fileVersion":"10.9.0","hashMD5":"5d4d03bbfdd380ec31fddb781a355845","hashSHA1":"10d45fa3371aa904beee1b0309fbc32b2ae750d2","hashSHA256":"aa33ed026688c8fe132637d170d11b9c5bca87dd8a1be5dae38c190ef9f0e3df","sourceIndex":"151","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"MacClean360Trial.dmg","isInstaller":"True","hashMD5":"be628970b40fd047a5e1bf6516e020b3","hashSHA1":"e41a22c2567479da941db7ff2e083d09cd3a911f","hashSHA256":"2afeca086a76a35f8bdcdafa0dbb9557e1aeb9c15c29f98132e1bc3ba92031c5","sourceIndex":"151","avBlockList":["Avast Security for Mac (20260113)","Avira Security for Mac (20260113)","ESET Cyber Security Pro for Mac (20260113)","Kaspersky Internet Security for Mac (20260113)","Norton Security for Mac (20260113)","Sophos Home Premium For Mac (20260113)","SpyHunterforMac (20260113)","Trend Micro Antivirus for Mac (20260113)"],"avAllowList":["Bitdefender Antivirus for Mac (20260113)","G DATA AntiVirus for Mac (20260113)","K7 Antivirus for Mac (20260113)","McAfee Internet Security for Mac (20260113)"]}],"additionalFiles":[],"sources":[{"howFound":"google search \"Clean up Gigabytes of Junk\"","reference":"https://www.doyourdata.com/clean-mac/macclean360.html","landingPage":"https://www.doyourdata.com/clean-mac/macclean360.html","directDownloadingLink":"https://www.doyourdata.com/trial/MacClean360Trial.dmg","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.doyourdata.com/trial/MacClean360Trial.dmg","sourceIndex":"151"}],"sampleFiles":["251111/MacClean360-191029/6.1/Samples/MacClean360","251111/MacClean360-191029/6.1/Samples/MacClean360Trial.dmg"],"imageFiles":["251111/MacClean360-191029/6.1/Images/ACR-004/app12.png","251111/MacClean360-191029/6.1/Images/ACR-004/app13.png","251111/MacClean360-191029/6.1/Images/ACR-004/app14.png","251111/MacClean360-191029/6.1/Images/ACR-004/app15.png"],"nonDeceptorImageFiles":["251111/MacClean360-191029/6.1/Images/ACR-045/ACR-045_1.png","251111/MacClean360-191029/6.1/Images/ACR-161/ACR-161.png"],"guid":"b42a485b-35a0-4c7c-8de1-fd6e31b67965_6.1_1","appID":"MacClean360-191029","dateAdded":"251111","deceptorType":"MacOS App","name":"MacClean360","company":"DoYourData","version":"6.1","lastKnownStatus":"Deceptor:4.3;4.5;4.6;4.7;4.8;4.9;5.0;5.1;5.2;5.3;5.4;5.5;5.9;6.0;6.1","lastKnownDate":"251111","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2026-05-12T22:59:38.5645106+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":15,"sortOrder":168},{"violations":{"ACR-007":"The app does not obtain user explicit consent about reducing the consumer system's security posture caused by sharing the user's internet resource.\n","ACR-084":"The application running in background without notifying user when user close (x)the application.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"MystNodesLauncher.dmg","isInstaller":"True","hashMD5":"57920f9d13cb885a682eabdf4ca9a645","hashSHA1":"0eed4fc762e5eaee01b64f8da23c05b5d1b00a95","hashSHA256":"18ad077f3c49c6027a5fdcf7d67d3d2d0eb57d819b47cc42dc70dd17920f6bf1","sourceIndex":"152","avBlockList":["Avast Security for Mac (20260113)","Avira Security for Mac (20260113)","McAfee Internet Security for Mac (20260113)","Norton Security for Mac (20260113)","SpyHunterforMac (20260113)","Trend Micro Antivirus for Mac (20260113)"],"avAllowList":["Bitdefender Antivirus for Mac (20260113)","ESET Cyber Security Pro for Mac (20260113)","G DATA AntiVirus for Mac (20260113)","K7 Antivirus for Mac (20260113)","Kaspersky Internet Security for Mac (20260113)","Sophos Home Premium For Mac (20260113)"]},{"isRevoked":"False","fileName":"MystNodes%20Launcher","fileVersion":"12.0.0","hashMD5":"c61c4fd0b1c695d4e08d716983cdc925","hashSHA1":"2634da0d4221694ef9c1c8f88a22b8942904c0a8","hashSHA256":"5fcb58cae3c60748e9e85cf67b4543d6afaeb5a1d434e56c98132e89f6fb3b8f","sourceIndex":"152","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"P2P","reference":"","landingPage":"","ipv4":"","ipv6":"","sourceIndex":"152"}],"sampleFiles":["251111/Mystnodes-251111/12.0/Samples/MystNodesLauncher.dmg"],"imageFiles":["251111/Mystnodes-251111/12.0/Images/ACR-007/ACR-007_Install_1.png","251111/Mystnodes-251111/12.0/Images/ACR-007/ACR-007_Install_2.png","251111/Mystnodes-251111/12.0/Images/ACR-084/ACR-084_Software_1.png"],"nonDeceptorImageFiles":[],"guid":"8137488e-2de3-46e5-b47e-1edfd11e27e4_12.0_1","appID":"Mystnodes-251111","dateAdded":"251111","deceptorType":"MacOS App","name":"Mystnodes","company":"NetSys Inc","version":"12.0","lastKnownStatus":"12.0","lastKnownDate":"251111","type":"MacOS App","category":"Business Developer Tools","targetOS":"MacOS","targetBrowser":"None","ageAppropriate":"12+ appropriate","monetization":"net proxy","lastUpdate":"2025-11-11T22:45:44.6519845+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":167},{"violations":{"ACR-004":"The app does not provide a fully functioning free trial. The app does not provide free fixes for the results identified during the free scan.\n","ACR-084":"The app does not provide a way to disable the auto-launch of the app.\n","ACR-165":"App doesn't provide following information in shopping cart: 1. Cancellation of Auto-renewal via online. 2. Notifying the user about auto renewal payment.\n"},"nonDeceptorViolations":{"ACR-045":"\"Free Trial\" highlights \"Free\" misleads user. The functionality that requires consumer payment in order to be activated needs to be marked clearly in landing page. Otherwise app should remove \"free\" word.\n","ACR-161":"The app’s landing page has testimonials that have no links back to a source so consumers can verify if they're real.\n"},"samples":[{"isRevoked":"False","fileName":"MacClean360","fileVersion":"0.","hashMD5":"67c4545ae57e70c9af08c51884032b12","hashSHA1":"fe696b8ea333bbd5a3bc60278802a08dcf84838f","hashSHA256":"40cc880fa94dc4c66086fda29cf18137aa2796b526a9ee866410d44e226ae623","sourceIndex":"1637","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"MacClean360Trial.dmg","isInstaller":"True","fileVersion":"0.","hashMD5":"0c8ad50644a2b12add93adbe258244e4","hashSHA1":"7f503326749f503379d2c5edfc29d156a907260d","hashSHA256":"680a6b75006e15fcd6ed6b06bb864d076f0cd3b82653ecc865deaa00b92eb065","sourceIndex":"1637","avBlockList":["Avast Security for Mac (20220809)","Avira Security for Mac (20220809)","ESET Cyber Security Pro for Mac (20220809)","K7 Antivirus for Mac (20220809)","McAfee Internet Security for Mac (20220809)","Norton Security for Mac (20220809)","Sophos Home Premium For Mac (20220809)","Trend Micro Antivirus for Mac (20220809)"],"avAllowList":["Bitdefender Antivirus for Mac (20220809)","G DATA AntiVirus for Mac (20220809)","Kaspersky Internet Security for Mac (20220809)"]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"https://www.doyourdata.com/clean-mac/macclean360.html","landingPage":"https://www.doyourdata.com/clean-mac/macclean360.html","directDownloadingLink":"https://www.doyourdata.com/trial/MacClean360Trial.dmg","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.doyourdata.com/trial/MacClean360Trial.dmg","sourceIndex":"1637"}],"sampleFiles":["220426/MacClean360-191029/5.3/Samples/MacClean360","220426/MacClean360-191029/5.3/Samples/MacClean360Trial.dmg"],"imageFiles":["220426/MacClean360-191029/5.3/Images/ACR-004/MacClean360_Interactions [1].png","220426/MacClean360-191029/5.3/Images/ACR-004/MacClean360_Interactions [2].png","220426/MacClean360-191029/5.3/Images/ACR-004/MacClean360_Interactions [3].png","220426/MacClean360-191029/5.3/Images/ACR-084/MacClean360_AutoLaunch [1].png","220426/MacClean360-191029/5.3/Images/ACR-165/MacClean360_OfferPage [1].png","220426/MacClean360-191029/5.3/Images/ACR-165/MacClean360_OfferPage [2].png"],"nonDeceptorImageFiles":["220426/MacClean360-191029/5.3/Images/ACR-045/MacClean360_LandingPage [2].png","220426/MacClean360-191029/5.3/Images/ACR-045/MacClean360_LandingPage [3].png","220426/MacClean360-191029/5.3/Images/ACR-161/MacClean360_LandingPage [4].png","220426/MacClean360-191029/5.3/Images/ACR-161/MacClean360_LandingPage [5].png"],"guid":"b42a485b-35a0-4c7c-8de1-fd6e31b67965_5.3_1","appID":"MacClean360-191029","dateAdded":"251111","deceptorType":"MacOS App","name":"MacClean360","company":"DoYourData","version":"5.3","lastKnownStatus":"Deceptor:4.3;4.5;4.6;4.7;4.8;4.9;5.0;5.1;5.2;5.3;5.4;5.5;5.9;6.0;6.1","lastKnownDate":"251111","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,paid","lastUpdate":"2025-11-11T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":15,"sortOrder":173},{"violations":{"ACR-048":"During install, the user is unable to cancel or close the window on this screen\n","ACR-003":"App claims the user's IP is exposed whenever it is disabled, even if another VPN is running.\n","ACR-084":"Upon closing the app, it continues to run in the background without providing any notification to the user.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"X-VPN_Installer77.0_4545_119c0990_2025-02-12-06-41-32.exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"aac21b98a8bf6a8fc24afb6ae288960c","hashSHA1":"a3105e34358196f3b136d676d81098781f32cf4c","hashSHA256":"af5d5048631279c3c0aab79542e863d900ec6cec6676a0deab95e5f277d0a103","digitalCertThumbprint":"8FD5EFB150A07271A9EDF85182CC38917E5D4B25","digitalCertIssuer":"CN=SSL.com EV Code Signing Intermediate CA ECC R2, O=SSL Corp, L=Houston, S=Texas, C=US","digitalCertIssuedTo":"OID.1.3.6.1.4.1.311.60.2.1.3=HK, OID.2.5.4.15=Private Organization, CN=Free Connected Limited, SERIALNUMBER=2553621, O=Free Connected Limited, L=Admiralty, C=HK","sourceIndex":"130","avBlockList":["FortectPremium (20250529)","K7 Total Security (20250529)","Malwarebytes Premium (20250529)","Panda Dome (20250529)","Quick Heal Internet Security (20250529)","Sophos Home Premium (20250529)","SpyHunter5 (20250529)","VirIT eXplorer PRO (20250529)","Webroot SecureAnywhere (20250529)","Windows Defender (20250529)"],"avAllowList":["360 Total Security (20250529)","Avast Premium Security (20250529)","AVG Internet Security (20250529)","Avira Internet Security (20250529)","Bitdefender Internet Security (20250529)","COMODO Antivirus (20250529)","Dr.Web Security Space (20250529)","ESET Internet Security (20250529)","G DATA INTERNET SECURITY (20250529)","KasperskyPremium (20250529)","McAfee Total Protection (20250529)","Norton Security (20250529)","Total AV Antivirus Pro (20250529)","Trend Micro Internet Security (20250529)","VIPRE Advanced Security (20250529)"]},{"isRevoked":"False","fileName":"X-VPN.exe","fileVersion":"0.0","hashMD5":"9f12205bb856625fd3ce532f9c8b1a2b","hashSHA1":"a6a07503a2ddc1416b6e085a5a943f420dc9b78f","hashSHA256":"eeb8e0af1823a2d9becf2f50dea361b1b04c83a1c6d649e6295c0e17b27a6bd5","digitalCertThumbprint":"8FD5EFB150A07271A9EDF85182CC38917E5D4B25","digitalCertIssuer":"CN=SSL.com EV Code Signing Intermediate CA ECC R2, O=SSL Corp, L=Houston, S=Texas, C=US","digitalCertIssuedTo":"OID.1.3.6.1.4.1.311.60.2.1.3=HK, OID.2.5.4.15=Private Organization, CN=Free Connected Limited, SERIALNUMBER=2553621, O=Free Connected Limited, L=Admiralty, C=HK","sourceIndex":"130","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"hunting","reference":"","landingPage":"https://xvpn.io/download/vpn-win","directDownloadingLink":"https://xvpn.io/download/vpn-win?isAutoDownload=true&os=win","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://xvpn.io/download/vpn-win?isAutoDownload=true&os=win","sourceIndex":"130"}],"sampleFiles":["251110/XVPN-250306/77.0_4545_119c0990/Samples/X-VPN_Installer77.0_4545_119c0990_2025-02-12-06-41-32.exe","251110/XVPN-250306/77.0_4545_119c0990/Samples/X-VPN.exe"],"imageFiles":["251110/XVPN-250306/77.0_4545_119c0990/Images/ACR-003/ipexposed.png","251110/XVPN-250306/77.0_4545_119c0990/Images/ACR-048/unable to close.png","251110/XVPN-250306/77.0_4545_119c0990/Images/ACR-084/notification.gif"],"nonDeceptorImageFiles":[],"guid":"b5381837-69f1-4cdf-9ab6-0c5549034938_77.0_4545_119c0990_1","appID":"XVPN-250306","dateAdded":"251110","deceptorType":"App","name":"X-VPN","company":"Free Connected Limited","version":"77.0_4545_119c0990","firstVendorContactDate":"250821","firstAppEsteemReplyDate":"250822","firstResolvedDate":"260128","firstResolvedVersion":"77.5.2_5365","resolved":"TRUE","lastKnownStatus":"77.0_4545_119c0990;77.3.0_4913","lastKnownDate":"251110","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 10,Windows 11","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,net proxy","lastUpdate":"2026-01-28T22:20:25.8649826+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":183},{"violations":{"ACR-048":"1. Application doesn't provide any control option for user to terminate the background running process.\n2. Application auto start whenever user login. The auto start item can't be disabled by user via application setting.\n","ACR-003":"App claims the user's IP may be exposed with red alarming color whenever it is disabled, even if another VPN is running. The claim is unfair to user.\n","ACR-084":"The background keeps running without providing any information in appication notification or setting about how to terminate it to the user. The \"Quit App\" prompt misleads user that application completely quit while X-VPN_root hides and keeps running in background.\n","ACR-014":"App claims the user's IP may be exposed with red alarming color whenever it is disabled, even if another VPN is running. The claim is unfair to user.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"X-VPN_Installer77.3.0_4913_c1bbad5b_2025-09-01-10-10-44.exe","isInstaller":"True","hashMD5":"cd6dadae3a9672fb85aca621a16b9bd5","hashSHA1":"49b520a1a92c2c47d5c5a3b0df18186be814e672","hashSHA256":"c8b61d829bcf82854459afae0c5478b1b76ea91a5004372f7f367b160c831e07","digitalCertThumbprint":"8FD5EFB150A07271A9EDF85182CC38917E5D4B25","digitalCertIssuer":"CN=SSL.com EV Code Signing Intermediate CA ECC R2, O=SSL Corp, L=Houston, S=Texas, C=US","digitalCertIssuedTo":"OID.1.3.6.1.4.1.311.60.2.1.3=HK, OID.2.5.4.15=Private Organization, CN=Free Connected Limited, SERIALNUMBER=2553621, O=Free Connected Limited, L=Admiralty, C=HK","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"131","avBlockList":["Bitdefender Internet Security (20260127)","G DATA INTERNET SECURITY (20260127)","K7 Total Security (20260127)","Malwarebytes Premium (20260127)","Panda Dome (20260127)","Sophos Home Premium (20260127)","SpyHunter5 (20260127)","VIPRE Advanced Security (20260127)","VirIT eXplorer PRO (20260127)","Webroot SecureAnywhere (20260127)"],"avAllowList":["360 Total Security (20260127)","Avast Premium Security (20260127)","AVG Internet Security (20260127)","Avira Internet Security (20260127)","COMODO Antivirus (20260127)","Dr.Web Security Space (20260127)","ESET Internet Security (20260127)","FortectPremium (20260127)","KasperskyPremium (20260127)","McAfee Total Protection (20260127)","Norton Security (20260127)","Quick Heal Internet Security (20260127)","Total AV Antivirus Pro (20260127)","Trend Micro Internet Security (20260127)","Windows Defender (20260127)"]},{"isRevoked":"False","fileName":"X-VPN.exe","hashMD5":"fe527b7b6a1f82264419c13498adf7e8","hashSHA1":"d1b6fbb139b76175e82663cad42c31a0a17f7dde","hashSHA256":"52532007d5571dfe1d9fa609eaf84c2085ab5b31026e100f1e83fada8fd8fa7c","digitalCertThumbprint":"8FD5EFB150A07271A9EDF85182CC38917E5D4B25","digitalCertIssuer":"CN=SSL.com EV Code Signing Intermediate CA ECC R2, O=SSL Corp, L=Houston, S=Texas, C=US","digitalCertIssuedTo":"OID.1.3.6.1.4.1.311.60.2.1.3=HK, OID.2.5.4.15=Private Organization, CN=Free Connected Limited, SERIALNUMBER=2553621, O=Free Connected Limited, L=Admiralty, C=HK","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"131","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"X-VPN_notification.exe","hashMD5":"2f437ccc8541e9ba6c40b823e6234d69","hashSHA1":"84962944cae78de3f04fbb3fbba96916ddf24a8f","hashSHA256":"4e03420334dfbbe44f5845c3766b53d05427b5f68a9c82286a09c3e0b75709a9","digitalCertThumbprint":"8FD5EFB150A07271A9EDF85182CC38917E5D4B25","digitalCertIssuer":"CN=SSL.com EV Code Signing Intermediate CA ECC R2, O=SSL Corp, L=Houston, S=Texas, C=US","digitalCertIssuedTo":"OID.1.3.6.1.4.1.311.60.2.1.3=HK, OID.2.5.4.15=Private Organization, CN=Free Connected Limited, SERIALNUMBER=2553621, O=Free Connected Limited, L=Admiralty, C=HK","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"131","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"X-VPN_root.exe","hashMD5":"501a1bff880cdb2ebc40343f2221ec91","hashSHA1":"ce54755d4eca99ffc02ef19ede52b5d7f471b238","hashSHA256":"29701ba3bb543bd834f5e1338b7ddd02c69718dc732c7ee9a8637b277913d5a1","digitalCertThumbprint":"8FD5EFB150A07271A9EDF85182CC38917E5D4B25","digitalCertIssuer":"CN=SSL.com EV Code Signing Intermediate CA ECC R2, O=SSL Corp, L=Houston, S=Texas, C=US","digitalCertIssuedTo":"OID.1.3.6.1.4.1.311.60.2.1.3=HK, OID.2.5.4.15=Private Organization, CN=Free Connected Limited, SERIALNUMBER=2553621, O=Free Connected Limited, L=Admiralty, C=HK","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"131","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"hunting","reference":"","landingPage":"https://xvpn.io/download/vpn-win","directDownloadingLink":"https://xvpn.io/download/vpn-win?isAutoDownload=true&os=win","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://xvpn.io/download/vpn-win?isAutoDownload=true&os=win","sourceIndex":"131"}],"sampleFiles":["251110/XVPN-250306/77.3.0_4913/Samples/X-VPN_Installer77.3.0_4913_c1bbad5b_2025-09-01-10-10-44.exe"],"imageFiles":["251110/XVPN-250306/77.3.0_4913/Images/ACR-003/ACR-003_Software_1.png","251110/XVPN-250306/77.3.0_4913/Images/ACR-048/ACR-048_Install_1.png","251110/XVPN-250306/77.3.0_4913/Images/ACR-048/ACR-048_Install_2.png","251110/XVPN-250306/77.3.0_4913/Images/ACR-048/ACR-048_Install_3.png","251110/XVPN-250306/77.3.0_4913/Images/ACR-084/ACR-084_Software_1.png","251110/XVPN-250306/77.3.0_4913/Images/ACR-084/ACR-084_Software_2.png","251110/XVPN-250306/77.3.0_4913/Images/ACR-084/ACR-084_Software_3.png","251110/XVPN-250306/77.3.0_4913/Images/ACR-014/ACR-014_Software_1.png"],"nonDeceptorImageFiles":[],"guid":"b5381837-69f1-4cdf-9ab6-0c5549034938_77.3.0_4913_1","appID":"XVPN-250306","dateAdded":"251110","deceptorType":"App","name":"X-VPN","company":"Free Connected Limited","version":"77.3.0_4913","firstVendorContactDate":"250821","firstAppEsteemReplyDate":"250822","firstResolvedDate":"260128","firstResolvedVersion":"77.5.2_5365","resolved":"TRUE","lastKnownStatus":"77.0_4545_119c0990;77.3.0_4913","lastKnownDate":"251110","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 10,Windows 11","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,net proxy","lastUpdate":"2026-01-28T22:19:48.6749698+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":184},{"violations":{"ACR-046":"Application doesn't disclose the unexpected behavior setting (auto start when computer starts) for browser.\n","ACR-048":"DBar.exe process is still running in background silently after user choose to exit the application. No control option available for user to terminate Dbar process.\n","ACR-006":"The app does not disclose its monetization approach using Yahoo Search. The app does not disclose its monetization approach using Yahoo Search.\n","ACR-007":"The app's attribution is not clear misleading user about their search provider. It redirects user searches to onestart.ai before calling Yahoo search. \n","ACR-084":"The app creates undisclosed scheduled task and startup items to perform actions without the consumer's knowledge and consent. The app continuously run in the background without notification.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"OneStartInstaller-v5.5.238.0.msi","isInstaller":"True","fileVersion":"0.","hashMD5":"098488a18456b92129aa55329699e930","hashSHA1":"f616270393e451aa8fa6f5e53377899edcfec9ae","hashSHA256":"4037808995b703a7279258918fd1c5adc388c9b0bd4c140f876093f057f90b87","sourceIndex":"153","avBlockList":["360 Total Security (20260127)","Avast Premium Security (20260127)","AVG Internet Security (20260127)","Avira Internet Security (20260127)","Bitdefender Internet Security (20260127)","ESET Internet Security (20260127)","FortectPremium (20260127)","G DATA INTERNET SECURITY (20260127)","K7 Total Security (20260127)","KasperskyPremium (20260127)","Malwarebytes Premium (20260127)","McAfee Total Protection (20260127)","Norton Security (20260127)","Panda Dome (20260127)","Quick Heal Internet Security (20260127)","Sophos Home Premium (20260127)","SpyHunter5 (20260127)","Total AV Antivirus Pro (20260127)","VIPRE Advanced Security (20260127)","VirIT eXplorer PRO (20260127)","Webroot SecureAnywhere (20260127)","Windows Defender (20260127)"],"avAllowList":["COMODO Antivirus (20260127)","Dr.Web Security Space (20260127)","Trend Micro Internet Security (20260127)"]},{"isRevoked":"False","fileName":"onestart.exe","companyName":"OneStart.ai","fileVersion":"126.0","hashMD5":"ab3074be21cbee95a135cf138191cf81","hashSHA1":"5979ee0d7c60155091af6924021090ef0425c0f9","hashSHA256":"21da4fbf4d18ddeb8dc9ba37943c2fa6778e3ee082641881f2cf3872a3cdfd69","digitalCertThumbprint":"EB5A7872B0563D261362F00BC6AF0AFC36877A89","digitalCertIssuer":"CN=SSL.com EV Code Signing Intermediate CA RSA R3, O=SSL Corp, L=Houston, S=Texas, C=US","digitalCertIssuedTo":"OID.1.3.6.1.4.1.311.60.2.1.3=PA, OID.2.5.4.15=Private Organization, CN=Apollo Technologies Inc, SERIALNUMBER=155722923, O=Apollo Technologies Inc, L=Panama City, C=PA","sourceIndex":"153","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"onestartupdater.exe","companyName":"OneStart.ai","fileVersion":"126.0","hashMD5":"a84153dea375d661a2fb566a9ddeac08","hashSHA1":"7dfcebed111d7a1dbcd3c52d6a66fafde51dc465","hashSHA256":"87c4162ba39a825045411fdedf31945b7f1f49b37073b306e128bc34ecfe5320","digitalCertThumbprint":"EB5A7872B0563D261362F00BC6AF0AFC36877A89","digitalCertIssuer":"CN=SSL.com EV Code Signing Intermediate CA RSA R3, O=SSL Corp, L=Houston, S=Texas, C=US","digitalCertIssuedTo":"OID.1.3.6.1.4.1.311.60.2.1.3=PA, OID.2.5.4.15=Private Organization, CN=Apollo Technologies Inc, SERIALNUMBER=155722923, O=Apollo Technologies Inc, L=Panama City, C=PA","sourceIndex":"153","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"random search","reference":"","landingPage":"https://onestart.ai/","directDownloadingLink":"https://onestart.ai/resources/files/OneStartInstaller-v5.5.238.0.msi","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://onestart.ai/resources/files/OneStartInstaller-v5.5.238.0.msi","sourceIndex":"153"}],"sampleFiles":["251105/OneStartBrowser-240905/126.0.6478.118/Samples/OneStartInstaller-v5.5.238.0.msi","251105/OneStartBrowser-240905/126.0.6478.118/Samples/onestart.exe","251105/OneStartBrowser-240905/126.0.6478.118/Samples/onestartupdater.exe"],"imageFiles":["251105/OneStartBrowser-240905/126.0.6478.118/Images/ACR-046/ACR-046_Install_1.png","251105/OneStartBrowser-240905/126.0.6478.118/Images/ACR-046/ACR-046_Install_2.png","251105/OneStartBrowser-240905/126.0.6478.118/Images/ACR-046/ACR-046_Install_3.png","251105/OneStartBrowser-240905/126.0.6478.118/Images/ACR-046/ACR-046_Install_4.png","251105/OneStartBrowser-240905/126.0.6478.118/Images/ACR-084/ACR-084_Software_1.png","251105/OneStartBrowser-240905/126.0.6478.118/Images/ACR-084/ACR-084_Software_2.png","251105/OneStartBrowser-240905/126.0.6478.118/Images/ACR-084/ACR-084_Software_3.png","251105/OneStartBrowser-240905/126.0.6478.118/Images/ACR-048/ACR-048_Software_1.png","251105/OneStartBrowser-240905/126.0.6478.118/Images/ACR-048/ACR-048_Software_2.png","251105/OneStartBrowser-240905/126.0.6478.118/Images/ACR-006/redirect.gif","251105/OneStartBrowser-240905/126.0.6478.118/Images/ACR-007/ACR-007_Software_1.png","251105/OneStartBrowser-240905/126.0.6478.118/Images/ACR-007/redirect.gif","251105/OneStartBrowser-240905/126.0.6478.118/Images/ACR-007/ACR-007_Software_2.png"],"nonDeceptorImageFiles":[],"guid":"9ba975bc-a602-47db-8c65-274b286c8e28_126.0.6478.118_1","appID":"OneStartBrowser-240905","dateAdded":"251105","deceptorType":"App","name":"OneStart Browser","company":"OneStart Technologies","version":"126.0.6478.118","lastKnownDate":"251105","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10,Windows 11","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"search","lastUpdate":"2025-11-05T18:22:46.1531212+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":185},{"violations":{"ACR-048":"The app does not provide control to remove its startup and background process completely within the app's settings.\n","ACR-007":"During installation, app doesn't explicitly disclose that user needs to join P2P network to use app,  doesn't obtain explicit user consent about joining P2P network which can reduce the consumer's security posture.\n","ACR-084":"On quitting the app, the \"urbanvpnserv.exe\" process runs silently in the background, hiding the fact that it is active from the consumer.\n","ACR-039":"The app silently installs Tap windows program without disclosing the relationship to the app during installation. \n"},"nonDeceptorViolations":{"ACR-099":"The app does not display links to uninstall information inside software. \nThe landing page ( https://www.urban-vpn.com ) does not display links to uninstall information.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files\\UrbanVPN\\bin\\urbanvpn-gui.exe","companyName":"UrbanVPN GUI","productName":"UrbanVPN GUI","productVersion":"2.2.0.0","fileVersion":"2.2.0.0","hashMD5":"fcc77e9e68c2e9337a929b991a9fa875","hashSHA1":"54e964e188a9bd6e654f203d027f989639598c94","hashSHA256":"488094fd86bde8c05b0307e782802a49e8922c1f1cfb8a124d9d251b0cf238a5","digitalCertThumbprint":"B37E9B6354C8410A7530625C75ECA12155CDBA2C","digitalCertIssuer":"DigiCert SHA2 Assured ID Code Signing CA","digitalCertIssuedTo":"Urban Cyber Security Inc.","storeId":"","sourceIndex":"1684","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"UrbanVPN2.exe","isInstaller":"True","companyName":"Urban Security","productName":"UrbanVPN","productVersion":"2.2.4","fileVersion":"2.2.4","hashMD5":"be50ecab0700fffccc1864ee16e7419a","hashSHA1":"052c8cce2c58c4bab37510b64a624b64cd46fad2","hashSHA256":"5188a0f304dac9935f8830a4c3411f4aeef306b344622801901c3e678e3003fb","digitalCertThumbprint":"B37E9B6354C8410A7530625C75ECA12155CDBA2C","digitalCertIssuer":"DigiCert SHA2 Assured ID Code Signing CA","digitalCertIssuedTo":"Urban Cyber Security Inc.","storeId":"","sourceIndex":"1684","avBlockList":["Avira Internet Security (20220329)","ESET Internet Security (20220329)","K7 Total Security (20220329)","Kaspersky Internet Security (20220329)","McAfee Total Protection (20220329)","Norton Security (20220329)","Panda Dome (20220329)","Sophos Home Premium (20220329)","SpyHunter5 (20220329)","Total AV Antivirus Pro (20220329)","VirIT eXplorer PRO (20220329)","Windows Defender (20220329)"],"avAllowList":["360 Total Security (20220329)","Avast Premium Security (20220329)","AVG Internet Security (20220329)","Bitdefender Internet Security (20220329)","COMODO Antivirus (20220329)","Dr.Web Security Space (20220329)","G DATA INTERNET SECURITY (20220329)","Malwarebytes Premium (20220329)","Quick Heal Internet Security (20220329)","Tencent PC Manager (20220329)","Trend Micro Internet Security (20220329)","VIPRE Advanced Security (20220329)","Webroot SecureAnywhere (20220329)"]}],"additionalFiles":[],"sources":[{"howFound":"VPN in blur BI data","reference":"","landingPage":"https://www.urban-vpn.com/","directDownloadingLink":"https://download.urban-vpn.com/latest/UrbanVPN2.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://download.urban-vpn.com/latest/UrbanVPN2.exe","sourceIndex":"1684"}],"sampleFiles":["220315/UrbanVPN-220312/2.2.4/Samples/UrbanVPN2.exe"],"imageFiles":["220315/UrbanVPN-220312/2.2.4/Images/ACR-039/ACR-039_Install.JPG","220315/UrbanVPN-220312/2.2.4/Images/ACR-039/ACR-039_Install_1.JPG","220315/UrbanVPN-220312/2.2.4/Images/ACR-084/ACR-084_Software_Process.JPG","220315/UrbanVPN-220312/2.2.4/Images/ACR-048/ACR-048_Software_No_Control.JPG","220315/UrbanVPN-220312/2.2.4/Images/ACR-048/ACR-048_Software_No_Control_1.JPG","220315/UrbanVPN-220312/2.2.4/Images/ACR-007/Urban_VPN_free.JPG","220315/UrbanVPN-220312/2.2.4/Images/ACR-007/Urban_VPN_free_NoDisclose.JPG"],"nonDeceptorImageFiles":["220315/UrbanVPN-220312/2.2.4/Images/ACR-099/ACR-099_Software_No_UninstallInfo.JPG","220315/UrbanVPN-220312/2.2.4/Images/ACR-099/ACR-099_Landingpage_No_UninstallInfo.JPG"],"guid":"1940a222-c960-47bb-b3f2-a92c5e8f174c_2.2.4_1","appID":"UrbanVPN-220312","dateAdded":"251103","deceptorType":"App","name":"UrbanVPN","company":"Urban Security","version":"2.2.4","sigName":"Deceptor:Win32/UrbanVPN!039084048007","firstResolvedVersion":"","lastKnownStatus":"2.2.4;2.2.9;2.2.10;2.2.11;2.2.12;2.2.12.1;4.0.4.0","lastKnownDate":"251103","type":"Windows Executable","targetOS":"Windows XP,Windows Vista","lastUpdate":"2025-11-03T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":7,"sortOrder":192},{"violations":{"ACR-048":"The app does not provide control to remove its startup and background process completely within the app's settings. The control to the \"urbanvpnserv.exe\" seems obscure in the settings and requires admin rights & reboot and Urban VPN can't run unless this process is running. Even though it's turned off it enables automatically after reboot.\n","ACR-007":"During installation, app doesn't explicitly disclose that user needs to join P2P network to use app,  doesn't obtain explicit user consent about joining P2P network which can reduce the consumer's security posture.\n","ACR-084":"On quitting & rebooting, the \"urbanvpnserv.exe\" process runs silently in the background, hiding the fact that it is active from the consumer, even after it is turned off in the settings.\n","ACR-039":"The app silently installs Tap windows program without disclosing the relationship to the app during installation. \n"},"nonDeceptorViolations":{"ACR-099":"The app does not display links to uninstall information inside software. \nThe landing page ( https://www.urban-vpn.com ) does not display links to uninstall information.\n","ACR-018":"The app is promoted using articles that offer to help the consumer break the law across the Landing Pages(https://www.urban-vpn.com/blog/)\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files\\UrbanVPN\\bin\\urbanvpn-gui.exe","companyName":"UrbanVPN GUI","productName":"UrbanVPN GUI","productVersion":"2.2.9.0","fileVersion":"2.2.9.0","hashMD5":"452df1387869d69e710cd464914d0aa1","hashSHA1":"79467dc79e93f8d83eae18ef77bff57b84027920","hashSHA256":"1cd0ddf692a50b078ead4255850f2ead2d249d2639e1bf8a0a0f4fd18eda6591","digitalCertThumbprint":"608A130F2C5D7356ED7AE2BA26137DC1104C27F2","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Urban Cyber Security Inc.","storeId":"","sourceIndex":"1367","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Program Files\\UrbanVPN\\bin\\urbanvpnserv.exe","companyName":"","productName":"","productVersion":"","fileVersion":"","hashMD5":"db488d1f572b1907cf0c1bc00f870ffd","hashSHA1":"d7fb677007e1efb97c334895a47f931b45158889","hashSHA256":"b072f74b04cabddb528d29f4940b56c542050103c09bfb356da34c57308714d4","digitalCertThumbprint":"608A130F2C5D7356ED7AE2BA26137DC1104C27F2","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Urban Cyber Security Inc.","storeId":"","sourceIndex":"1367","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"UrbanVPN2.exe","isInstaller":"True","companyName":"Urban Security","productName":"UrbanVPN","productVersion":"2.2.9","fileVersion":"2.2.9","hashMD5":"9879d2c79047ffedd1baeca6fc52b4a8","hashSHA1":"fd99bbd8d304e22159d62334a70c60f2ff667eaf","hashSHA256":"28665cf43702457b70abc5b21d23873a5b7387799aa7083889f8f7a276431608","digitalCertThumbprint":"608A130F2C5D7356ED7AE2BA26137DC1104C27F2","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Urban Cyber Security Inc.","storeId":"","sourceIndex":"1367","avBlockList":["360 Total Security (20230124)","Avast Premium Security (20230124)","AVG Internet Security (20230124)","Avira Internet Security (20230124)","ESET Internet Security (20230124)","K7 Total Security (20230124)","Kaspersky Internet Security (20230124)","McAfee Total Protection (20230124)","Norton Security (20230124)","Panda Dome (20230124)","Quick Heal Internet Security (20230124)","Sophos Home Premium (20230124)","SpyHunter5 (20230124)","Total AV Antivirus Pro (20230124)","VirIT eXplorer PRO (20230124)","Webroot SecureAnywhere (20230124)"],"avAllowList":["Bitdefender Internet Security (20230124)","COMODO Antivirus (20230124)","Dr.Web Security Space (20230124)","G DATA INTERNET SECURITY (20230124)","Malwarebytes Premium (20230124)","Trend Micro Internet Security (20230124)","VIPRE Advanced Security (20230124)","Windows Defender (20230124)"]}],"additionalFiles":[],"sources":[{"howFound":"VPN in blur BI data","reference":"","landingPage":"https://www.urban-vpn.com/","directDownloadingLink":"https://download.urban-vpn.com/latest/UrbanVPN2.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://download.urban-vpn.com/latest/UrbanVPN2.exe","sourceIndex":"1367"}],"sampleFiles":["221017/UrbanVPN-220312/2.2.9/Samples/UrbanVPN2.exe"],"imageFiles":["221017/UrbanVPN-220312/2.2.9/Images/ACR-039/ACR-039_1.JPG","221017/UrbanVPN-220312/2.2.9/Images/ACR-039/ACR-039_2.JPG","221017/UrbanVPN-220312/2.2.9/Images/ACR-084/ACR-084.JPG","221017/UrbanVPN-220312/2.2.9/Images/ACR-048/ACR-048.JPG","221017/UrbanVPN-220312/2.2.9/Images/ACR-007/ACR-007.JPG","221017/UrbanVPN-220312/2.2.9/Images/ACR-007/ACR-007_2.JPG"],"nonDeceptorImageFiles":["221017/UrbanVPN-220312/2.2.9/Images/ACR-099/ACR-099_Software.JPG","221017/UrbanVPN-220312/2.2.9/Images/ACR-099/ACR-099_Landingpage.JPG","221017/UrbanVPN-220312/2.2.9/Images/ACR-018/ACR-018.jpg"],"guid":"1940a222-c960-47bb-b3f2-a92c5e8f174c_2.2.9_1","appID":"UrbanVPN-220312","dateAdded":"251103","deceptorType":"App","name":"UrbanVPN","company":"Urban Security","version":"2.2.9","firstResolvedVersion":"","lastKnownStatus":"2.2.4;2.2.9;2.2.10;2.2.11;2.2.12;2.2.12.1;4.0.4.0","lastKnownDate":"251103","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid","lastUpdate":"2025-11-03T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":7,"sortOrder":191},{"violations":{"ACR-046":"The \"UrbanVPN Proxy Extension for Chrome\" offer requires the user to uncheck a checkbox in order to decline the offer. The checkbox is not obvious to the user. \n","ACR-048":"The app does not provide control to remove its startup and background process completely within the app's settings. The control to the \"urbanvpnserv.exe\" seems obscure in the settings and requires admin rights & reboot and Urban VPN can't run unless this process is running. Even though it's turned off it enables automatically after reboot.\n","ACR-007":"During installation, app doesn't explicitly disclose that user needs to join P2P network to use app,  doesn't obtain explicit user consent about joining P2P network which can reduce the consumer's security posture.\n","ACR-084":"On quitting & rebooting, the \"urbanvpnserv.exe\" process runs silently in the background, hiding the fact that it is active from the consumer, even after it is turned off in the settings.\n","ACR-057":"The app doesn't provide a clear way for users to Accept/Decline the \"UrbanVPNProxy Extension for Chrome\" offer.\n","ACR-055":"The \"UrbanVPN Proxy Extension for Chrome\" offer requires the user to uncheck a checkbox in order to decline the offer. The accept/decline options are not made obvious to the consumer in the offers.\n","ACR-059":"The \"UrbanVPN Proxy Extension for Chrome\" Offer is not clearly marked as an offer.\n","ACR-039":"The app silently installs Tap windows program without disclosing the relationship to the app during installation. \n","ACR-155":"The \"UrbanVPN Proxy Extension for Chrome\" offer was inserted to masquerade as a part of the installation workflow.\n"},"nonDeceptorViolations":{"ACR-099":"The app does not display links to uninstall information inside software. \nThe landing page ( https://www.urban-vpn.com ) does not display links to uninstall information.\n","ACR-018":"The app is promoted using articles that offer to help the consumer break the law across the Landing Pages(https://www.urban-vpn.com/blog/)\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files\\UrbanVPN\\bin\\urbanvpn-gui.exe","companyName":"UrbanVPN GUI","productName":"UrbanVPN GUI","productVersion":"2.2.10.0","fileVersion":"2.2.10.0","hashMD5":"242edd3904bccbebdde25a7afa6d3cfd","hashSHA1":"fce9d53b4c563875dd614353d772d602ec189dfb","hashSHA256":"e26487d2a62ce2b14c452e0d6e626285c26c770630bfbd529e1e6635facb98df","digitalCertThumbprint":"608A130F2C5D7356ED7AE2BA26137DC1104C27F2","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Urban Cyber Security Inc.","storeId":"","sourceIndex":"1270","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Program Files\\UrbanVPN\\bin\\urbanvpnserv.exe","companyName":"","productName":"","productVersion":"","fileVersion":"","hashMD5":"62b057427c4bee906efd6229615d8e80","hashSHA1":"396743e3a634c48dcf49f0b36128ce06085bffa5","hashSHA256":"013f43bd43bb173ee44cff20eb699ce50935ada810008534ec18fedbfcad562e","digitalCertThumbprint":"608A130F2C5D7356ED7AE2BA26137DC1104C27F2","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Urban Cyber Security Inc.","storeId":"","sourceIndex":"1270","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"UrbanVPN2.exe","isInstaller":"True","companyName":"Urban Security","productName":"UrbanVPN","productVersion":"2.2.10","fileVersion":"2.2.10","hashMD5":"87d504827ef7eb568d6dcecfad38d1f9","hashSHA1":"e7b8e8bfd973a932b3a32422b1d5e58924ea1955","hashSHA256":"f715fd70ffa8bae01641ab0954dddfb4604586b63361b49f681801e68252eee3","digitalCertThumbprint":"608A130F2C5D7356ED7AE2BA26137DC1104C27F2","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Urban Cyber Security Inc.","storeId":"","sourceIndex":"1270","avBlockList":["360 Total Security (20230105)","Avast Premium Security (20230105)","AVG Internet Security (20230105)","Avira Internet Security (20230105)","Bitdefender Internet Security (20230105)","ESET Internet Security (20230105)","K7 Total Security (20230105)","Kaspersky Internet Security (20230105)","McAfee Total Protection (20230105)","Norton Security (20230105)","Panda Dome (20230105)","Quick Heal Internet Security (20230105)","Sophos Home Premium (20230105)","SpyHunter5 (20230105)","Total AV Antivirus Pro (20230105)","VIPRE Advanced Security (20230105)","VirIT eXplorer PRO (20230105)","Webroot SecureAnywhere (20230105)"],"avAllowList":["COMODO Antivirus (20230105)","Dr.Web Security Space (20230105)","G DATA INTERNET SECURITY (20230105)","Malwarebytes Premium (20230105)","Trend Micro Internet Security (20230105)","Windows Defender (20230105)"]}],"additionalFiles":[],"sources":[{"howFound":"VPN in blur BI data","reference":"","landingPage":"https://www.urban-vpn.com/","directDownloadingLink":"https://download.urban-vpn.com/latest/UrbanVPN2.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://download.urban-vpn.com/latest/UrbanVPN2.exe","sourceIndex":"1270"}],"sampleFiles":["221214/UrbanVPN-220312/2.2.10/Samples/UrbanVPN2.exe"],"imageFiles":["221214/UrbanVPN-220312/2.2.10/Images/ACR-039/ACR-039_1.JPG","221214/UrbanVPN-220312/2.2.10/Images/ACR-039/ACR-039_2.JPG","221214/UrbanVPN-220312/2.2.10/Images/ACR-046/ACR-046.JPG","221214/UrbanVPN-220312/2.2.10/Images/ACR-055/ACR-055.JPG","221214/UrbanVPN-220312/2.2.10/Images/ACR-084/ACR-084.JPG","221214/UrbanVPN-220312/2.2.10/Images/ACR-048/ACR-048.JPG","221214/UrbanVPN-220312/2.2.10/Images/ACR-048/ACR-048_1.JPG","221214/UrbanVPN-220312/2.2.10/Images/ACR-048/ACR-048_2.JPG","221214/UrbanVPN-220312/2.2.10/Images/ACR-007/ACR-007_1.JPG","221214/UrbanVPN-220312/2.2.10/Images/ACR-007/ACR-007_2.JPG","221214/UrbanVPN-220312/2.2.10/Images/ACR-057/ACR-057.JPG","221214/UrbanVPN-220312/2.2.10/Images/ACR-059/ACR-059.JPG","221214/UrbanVPN-220312/2.2.10/Images/ACR-155/ACR-155.JPG"],"nonDeceptorImageFiles":["221214/UrbanVPN-220312/2.2.10/Images/ACR-099/ACR-099.JPG","221214/UrbanVPN-220312/2.2.10/Images/ACR-099/ACR-099_1.JPG","221214/UrbanVPN-220312/2.2.10/Images/ACR-018/ACR-018.jpg"],"guid":"1940a222-c960-47bb-b3f2-a92c5e8f174c_2.2.10_1","appID":"UrbanVPN-220312","dateAdded":"251103","deceptorType":"App","name":"UrbanVPN","company":"Urban Security","version":"2.2.10","firstResolvedVersion":"","lastKnownStatus":"2.2.4;2.2.9;2.2.10;2.2.11;2.2.12;2.2.12.1;4.0.4.0","lastKnownDate":"251103","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid","lastUpdate":"2025-11-03T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":7,"sortOrder":190},{"violations":{"ACR-048":"The app does not provide control to remove the background processes completely within the app's settings. The control to the \"urbanvpnserv.exe\" seems obscure in the settings and requires admin rights & reboot and Urban VPN can't run unless this process is running. Even though it's turned off it enables automatically after reboot.\n","ACR-007":"App does not obtain user explicit consent to reduce the consumer's security posture caused by resource sharing. \n","ACR-084":"On quitting & rebooting, the \"urbanvpnserv.exe\" process runs silently in the background, hiding the fact that it is active from the consumer, even after it is turned off in the settings.\n","ACR-057":"The app doesn't provide a clear way for users to Accept/Decline the \"UrbanVPNProxy Extension for Chrome\" offer.\n","ACR-055":"The \"UrbanVPN Proxy Extension for Chrome\" offer requires the user to uncheck a checkbox in order to decline the offer. The accept/decline options are not made obvious to the consumer in the offers.\n","ACR-059":"The \"UrbanVPN Proxy Extension for Chrome\" Offer is not clearly marked as an offer.\n","ACR-039":"The app silently installs Tap windows program without disclosing the relationship to the app during installation. \n","ACR-155":"The \"UrbanVPN Proxy Extension for Chrome\" offer was inserted to masquerade as a part of the installation workflow.\n"},"nonDeceptorViolations":{"ACR-099":"The app does not display links to uninstall information inside software. \nThe landing page ( https://www.urban-vpn.com ) does not display links to uninstall information.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files\\UrbanVPN\\bin\\urbanvpn-gui.exe","companyName":"UrbanVPN GUI","productName":"UrbanVPN GUI","productVersion":"2.2.11.0","fileVersion":"2.2.11.0","hashMD5":"8f9933b8bf3cb7f9b357fc04fd88913e","hashSHA1":"4a9efc9fefe8f29b1bbd025932d0fb35fee50ce0","hashSHA256":"8aa3299a47333f2b7ee53921136050884aaac7346c89211bc47028a45741be4b","digitalCertThumbprint":"608A130F2C5D7356ED7AE2BA26137DC1104C27F2","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Urban Cyber Security Inc.","storeId":"","sourceIndex":"1213","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Program Files\\UrbanVPN\\bin\\urbanvpn.exe","companyName":"Urban Cyber Security Inc.","productName":"UrbanVPN","productVersion":"2.2.11.0","fileVersion":"2.2.11.0","hashMD5":"2d902e224c0d2cd2b288d743f8d0b6c5","hashSHA1":"bafba78c9a59a7fd96755c703055ddcfe65a61c1","hashSHA256":"311840b524c32aa6594d2d5960fa323afe9cbcff00c333bc6cbdfd3099fdfbe3","digitalCertThumbprint":"608A130F2C5D7356ED7AE2BA26137DC1104C27F2","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Urban Cyber Security Inc.","storeId":"","sourceIndex":"1213","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Program Files\\UrbanVPN\\bin\\urbanvpnserv.exe","companyName":"","productName":"","productVersion":"","fileVersion":"","hashMD5":"3921570ed1c271868d4564fd545805e6","hashSHA1":"cb8967eefe9d736f2fae26d9c63f31c06d27db70","hashSHA256":"baa8ff370300b8d5ec052d1adf46aeda966fde8877ea18590a26ac82c1d8fcce","digitalCertThumbprint":"608A130F2C5D7356ED7AE2BA26137DC1104C27F2","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Urban Cyber Security Inc.","storeId":"","sourceIndex":"1213","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"UrbanVPN2.exe","isInstaller":"True","companyName":"Urban Security","productName":"UrbanVPN","productVersion":"2.2.11","fileVersion":"2.2.11","hashMD5":"401ae8a7c8a882dd7846fd4c62b99f60","hashSHA1":"4b77e688de4234376cf18f5c9db5466cd012b945","hashSHA256":"88fa1a52922482a0e80c5c410421c38e557514796a53f9e6839304fd049cd753","digitalCertThumbprint":"608A130F2C5D7356ED7AE2BA26137DC1104C27F2","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Urban Cyber Security Inc.","storeId":"","sourceIndex":"1213","avBlockList":["360 Total Security (20230420)","Avast Premium Security (20230420)","AVG Internet Security (20230420)","Avira Internet Security (20230420)","ESET Internet Security (20230420)","G DATA INTERNET SECURITY (20230420)","K7 Total Security (20230420)","Kaspersky Internet Security (20230420)","McAfee Total Protection (20230420)","Norton Security (20230420)","Panda Dome (20230420)","Quick Heal Internet Security (20230420)","Sophos Home Premium (20230420)","SpyHunter5 (20230420)","Total AV Antivirus Pro (20230420)","VirIT eXplorer PRO (20230420)","Webroot SecureAnywhere (20230420)"],"avAllowList":["Bitdefender Internet Security (20230420)","COMODO Antivirus (20230420)","Dr.Web Security Space (20230420)","Malwarebytes Premium (20230420)","Trend Micro Internet Security (20230420)","VIPRE Advanced Security (20230420)","Windows Defender (20230420)"]}],"additionalFiles":[],"sources":[{"howFound":"VPN in blur BI data","reference":"","landingPage":"https://www.urban-vpn.com/","directDownloadingLink":"https://download.urban-vpn.com/latest/UrbanVPN2.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://download.urban-vpn.com/latest/UrbanVPN2.exe","sourceIndex":"1213"}],"sampleFiles":["230301/UrbanVPN-220312/2.2.11/Samples/UrbanVPN2.exe"],"imageFiles":["230301/UrbanVPN-220312/2.2.11/Images/ACR-039/ACR-039_2.JPG","230301/UrbanVPN-220312/2.2.11/Images/ACR-039/ACR-039.JPG","230301/UrbanVPN-220312/2.2.11/Images/ACR-055/ACR-055.JPG","230301/UrbanVPN-220312/2.2.11/Images/ACR-084/ACR-084.JPG","230301/UrbanVPN-220312/2.2.11/Images/ACR-048/ACR-048_1.JPG","230301/UrbanVPN-220312/2.2.11/Images/ACR-048/ACR-048_2.JPG","230301/UrbanVPN-220312/2.2.11/Images/ACR-007/ACR-007_1.JPG","230301/UrbanVPN-220312/2.2.11/Images/ACR-007/ACR-007_2.JPG","230301/UrbanVPN-220312/2.2.11/Images/ACR-007/ACR_007.JPG","230301/UrbanVPN-220312/2.2.11/Images/ACR-057/ACR-057.JPG","230301/UrbanVPN-220312/2.2.11/Images/ACR-059/ACR-059.JPG","230301/UrbanVPN-220312/2.2.11/Images/ACR-155/ACR-155.JPG"],"nonDeceptorImageFiles":["230301/UrbanVPN-220312/2.2.11/Images/ACR-099/ACR-099.JPG","230301/UrbanVPN-220312/2.2.11/Images/ACR-099/ACR-099_1.JPG"],"guid":"1940a222-c960-47bb-b3f2-a92c5e8f174c_2.2.11_1","appID":"UrbanVPN-220312","dateAdded":"251103","deceptorType":"App","name":"UrbanVPN","company":"Urban Security","version":"2.2.11","firstResolvedVersion":"","lastKnownStatus":"2.2.4;2.2.9;2.2.10;2.2.11;2.2.12;2.2.12.1;4.0.4.0","lastKnownDate":"251103","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid","lastUpdate":"2025-11-03T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":7,"sortOrder":189},{"violations":{"ACR-048":"The app does not provide control to remove the background processes completely within the app's settings. The control to the \"urbanvpnserv.exe\" seems obscure in the settings and requires admin rights & reboot and Urban VPN can't run unless this process is running. Even though it's turned off it enables automatically after reboot.\n","ACR-007":"App does not obtain user explicit consent to reduce the consumer's security posture caused by resource sharing. \n","ACR-084":"On quitting & rebooting, the \"urbanvpnserv.exe\" and \"urbanvpn-gui.exe\" processes run silently in the background, hiding the fact that it is active from the consumer, even after it is turned off in the settings.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files\\UrbanVPN\\bin\\urbanvpn-gui.exe","companyName":"UrbanVPN GUI","productName":"UrbanVPN GUI","productVersion":"2.2.12.1","fileVersion":"2.2.12.1","hashMD5":"da99b08fbcbc94c4750d9e1a5d7e3dbf","hashSHA1":"32688cb510fc6343051b5eb47dc35080d5c57de8","hashSHA256":"892251cdcdfd8b402fa5f3c470a7bb2d8bfad3fe87ed05eee337dc8e46852537","digitalCertThumbprint":"74041F7051F4B8F42E9365A2B887FA5E8871B669","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Urban Cyber Security Inc.","storeId":"","sourceIndex":"804","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Program Files\\UrbanVPN\\bin\\urbanvpn.exe","companyName":"Urban Cyber Security Inc.","productName":"UrbanVPN","productVersion":"2.2.12.0","fileVersion":"2.2.12.0","hashMD5":"64d1f876054b648e0a11e83038b2a0a0","hashSHA1":"f58eb92a377c30c34fb4a28aaa62e4f90ed35d2b","hashSHA256":"776aa293542e1fd6d9cf5f147b79949b1cc73ce8b56ad5f6851c4c717d508560","digitalCertThumbprint":"74041F7051F4B8F42E9365A2B887FA5E8871B669","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Urban Cyber Security Inc.","storeId":"","sourceIndex":"804","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Program Files\\UrbanVPN\\bin\\urbanvpnserv.exe","companyName":"","productName":"","productVersion":"","fileVersion":"","hashMD5":"722cc69cfe06e6aa5408e80e95cd4bac","hashSHA1":"0c6f38fb2bae6dffbfac7b3ea66e8c486ea6e7ca","hashSHA256":"32d84521a8ba69bba2306670d61ef1973a8c27345c37245cf0af0466b20bcabc","digitalCertThumbprint":"74041F7051F4B8F42E9365A2B887FA5E8871B669","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Urban Cyber Security Inc.","storeId":"","sourceIndex":"804","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"UrbanVPN2.exe","isInstaller":"True","companyName":"Urban Security","productName":"UrbanVPN","productVersion":"2.2.12.1","fileVersion":"2.2.12.1","hashMD5":"ddc5a4819ff054fdec3b4a067a687a45","hashSHA1":"aeed09601a0791234350bac293acf9342046edd7","hashSHA256":"25d1ece063e1c25b14842f8f95b24c560bc252ef7f35e1a125c52bf4d7c4e92c","digitalCertThumbprint":"74041F7051F4B8F42E9365A2B887FA5E8871B669","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Urban Cyber Security Inc.","storeId":"","sourceIndex":"804","avBlockList":["360 Total Security (20251104)","ESET Internet Security (20251104)","Kaspersky Internet Security (20230829)","Malwarebytes Premium (20251104)","McAfee Total Protection (20251104)","Panda Dome (20251104)","Quick Heal Internet Security (20251104)","Sophos Home Premium (20251104)","Trend Micro Internet Security (20251104)","VirIT eXplorer PRO (20251104)","Webroot SecureAnywhere (20251104)","FortectPremium (20251104)","KasperskyPremium (20251104)"],"avAllowList":["Avast Premium Security (20251104)","AVG Internet Security (20251104)","Avira Internet Security (20251104)","Bitdefender Internet Security (20251104)","COMODO Antivirus (20251104)","Dr.Web Security Space (20251104)","G DATA INTERNET SECURITY (20251104)","K7 Total Security (20251104)","Norton Security (20251104)","SpyHunter5 (20251104)","Total AV Antivirus Pro (20251104)","VIPRE Advanced Security (20251104)","Windows Defender (20251104)"]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on VPN app","reference":"","landingPage":"https://www.urban-vpn.com/","directDownloadingLink":"https://download.urban-vpn.com/latest/UrbanVPN2.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://download.urban-vpn.com/latest/UrbanVPN2.exe","sourceIndex":"804"}],"sampleFiles":["230530/UrbanVPN-220312/2.2.12.1/Samples/UrbanVPN2.exe"],"imageFiles":["230530/UrbanVPN-220312/2.2.12.1/Images/ACR-084/ACR-084.JPG","230530/UrbanVPN-220312/2.2.12.1/Images/ACR-048/ACR-048.JPG","230530/UrbanVPN-220312/2.2.12.1/Images/ACR-048/ACR-048_1.JPG","230530/UrbanVPN-220312/2.2.12.1/Images/ACR-007/ACR-007.JPG","230530/UrbanVPN-220312/2.2.12.1/Images/ACR-007/ACR-007_1.JPG","230530/UrbanVPN-220312/2.2.12.1/Images/ACR-007/ACR-007_2.JPG"],"nonDeceptorImageFiles":[],"guid":"1940a222-c960-47bb-b3f2-a92c5e8f174c_2.2.12.1_1","appID":"UrbanVPN-220312","dateAdded":"251103","deceptorType":"App","name":"UrbanVPN","company":"Urban Security","version":"2.2.12.1","firstResolvedVersion":"","lastKnownStatus":"2.2.4;2.2.9;2.2.10;2.2.11;2.2.12;2.2.12.1;4.0.4.0","lastKnownDate":"251103","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid","lastUpdate":"2025-11-03T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":7,"sortOrder":187},{"violations":{"ACR-048":"The background service keeps running when application is closed even user to turn it off in the application setting.\n","ACR-118":"The TAP components installed by UrbanVPN are not removed during uninstallation.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"UrbanVPN.exe","isInstaller":"True","companyName":"Urban Cyber Security","productName":"UrbanVPN","productVersion":"4.0.4.0","fileVersion":"4.0.4.0","hashMD5":"ba3eb1aeed9e827cd5cc965693963527","hashSHA1":"93f0a27f4766003ec49e0a34b5b8b7f52fc8b59f","hashSHA256":"9bc24ec047408252caac3ab36b6a6ee3c9f254de7e6b3d16d1d85f9608c7a34a","digitalCertThumbprint":"D77A7D36C5D39DDEA67875DF52882C3278CC77B9","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Urban Cyber Security Inc., OU=IT, O=Urban Cyber Security Inc., L=Wilmington, S=Delaware, C=US","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"155","avBlockList":["360 Total Security (20260127)","Bitdefender Internet Security (20260127)","G DATA INTERNET SECURITY (20260127)","K7 Total Security (20260127)","KasperskyPremium (20260127)","Panda Dome (20260127)","Quick Heal Internet Security (20260127)","Sophos Home Premium (20260127)","SpyHunter5 (20260127)","VIPRE Advanced Security (20260127)","VirIT eXplorer PRO (20260127)","Webroot SecureAnywhere (20260127)"],"avAllowList":["Avast Premium Security (20260127)","AVG Internet Security (20260127)","Avira Internet Security (20260127)","COMODO Antivirus (20260127)","Dr.Web Security Space (20260127)","ESET Internet Security (20260127)","FortectPremium (20260127)","Malwarebytes Premium (20260127)","McAfee Total Protection (20260127)","Norton Security (20260127)","Total AV Antivirus Pro (20260127)","Trend Micro Internet Security (20260127)","Windows Defender (20260127)"]},{"isRevoked":"False","fileName":"urban-vpn-app.exe","companyName":"Urban Cyber Security","productName":"UrbanVPN","productVersion":"4.0.4.0","fileVersion":"4.0.4.0","hashMD5":"d03601c7737aaa9ff60c13bb3fd2aa4a","hashSHA1":"a68fdb5388e9c384e55e2a1998619757b86ad54e","hashSHA256":"1af301b35d6e167c2fe50a5f55199b7e876084a535899c65a87cc9097f63eda8","digitalCertThumbprint":"D77A7D36C5D39DDEA67875DF52882C3278CC77B9","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Urban Cyber Security Inc., OU=IT, O=Urban Cyber Security Inc., L=Wilmington, S=Delaware, C=US","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"155","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"urban-vpn-service.exe","companyName":"Urban Cyber Security","productName":"UrbanVPN","productVersion":"4.0.4.0","fileVersion":"4.0.4.0","hashMD5":"c9e68111d38ceec68e179a10213e0da3","hashSHA1":"5938cee5fc99d721d38209cb92941f7eccf30d21","hashSHA256":"09a7caa609471c7560f1d3947d49c0e4830fa2de1a88d511f9a1e5b63e4ae1a2","digitalCertThumbprint":"D77A7D36C5D39DDEA67875DF52882C3278CC77B9","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Urban Cyber Security Inc., OU=IT, O=Urban Cyber Security Inc., L=Wilmington, S=Delaware, C=US","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"155","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"VPN in blur BI data","reference":"","landingPage":"https://www.urban-vpn.com/","directDownloadingLink":"https://download.urban-vpn.com/latest/UrbanVPN2.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://download.urban-vpn.com/latest/UrbanVPN2.exe","sourceIndex":"155"}],"sampleFiles":["251103/UrbanVPN-220312/4.0.4.0/Samples/UrbanVPN.exe"],"imageFiles":["251103/UrbanVPN-220312/4.0.4.0/Images/ACR-048/ACR-048_Software_1.png","251103/UrbanVPN-220312/4.0.4.0/Images/ACR-048/ACR-048_Software_2.png","251103/UrbanVPN-220312/4.0.4.0/Images/ACR-118/ACR-118_Uninstall_1.png","251103/UrbanVPN-220312/4.0.4.0/Images/ACR-118/ACR-118_Uninstall_2.png"],"nonDeceptorImageFiles":[],"guid":"1940a222-c960-47bb-b3f2-a92c5e8f174c_4.0.4.0_1","appID":"UrbanVPN-220312","dateAdded":"251103","deceptorType":"App","name":"UrbanVPN","company":"Urban Security","version":"4.0.4.0","firstResolvedVersion":"","lastKnownStatus":"2.2.4;2.2.9;2.2.10;2.2.11;2.2.12;2.2.12.1;4.0.4.0","lastKnownDate":"251103","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid","lastUpdate":"2025-11-03T18:52:23.2276592+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":7,"sortOrder":186},{"violations":{"ACR-048":"The app does not provide control to remove the background processes completely within the app's settings. The control to the \"urbanvpnserv.exe\" seems obscure in the settings and requires admin rights & reboot and Urban VPN can't run unless this process is running. Even though it's turned off it enables automatically after reboot.\n","ACR-007":"App does not obtain user explicit consent to reduce the consumer's security posture caused by resource sharing. \n","ACR-084":"On quitting & rebooting, the \"urbanvpnserv.exe\" and \"urbanvpn-gui.exe\" processes run silently in the background, hiding the fact that it is active from the consumer, even after it is turned off in the settings.\n"},"nonDeceptorViolations":{"ACR-099":"The app does not display links to uninstall information inside software. \nThe landing page ( https://www.urban-vpn.com ) does not display links to uninstall information.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files\\UrbanVPN\\bin\\urbanvpn-gui.exe","companyName":"UrbanVPN GUI","productName":"UrbanVPN GUI","productVersion":"2.2.12.0","fileVersion":"2.2.12.0","hashMD5":"97fa827bdfcbe9b966029fb67451626a","hashSHA1":"9ba86b02766aa1192529ec60c4c8699c0354d7f4","hashSHA256":"059ad52086a4b49196147d9ceeddde6b4a961df5160f770fad81cee07d8eb320","digitalCertThumbprint":"608A130F2C5D7356ED7AE2BA26137DC1104C27F2","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Urban Cyber Security Inc.","storeId":"","sourceIndex":"1147","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Program Files\\UrbanVPN\\bin\\urbanvpn.exe","companyName":"Urban Cyber Security Inc.","productName":"UrbanVPN","productVersion":"2.2.12.0","fileVersion":"2.2.12.0","hashMD5":"ab40d36c9be29c5494f87d1bb396693d","hashSHA1":"d5cb98c7cb71cdbaffa1c241f33b3fc9bf5cb216","hashSHA256":"a18661153631312f37b90a49ef8b872afc57490f482a6e09fd8143928db2037e","digitalCertThumbprint":"608A130F2C5D7356ED7AE2BA26137DC1104C27F2","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Urban Cyber Security Inc.","storeId":"","sourceIndex":"1147","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Program Files\\UrbanVPN\\bin\\urbanvpnserv.exe","companyName":"","productName":"","productVersion":"","fileVersion":"","hashMD5":"86316a6deea89bd9a51a3883dea12399","hashSHA1":"91b411ed7f2f355c691b35793462d381de5676e3","hashSHA256":"3e8f3e6abfcee601edf38aff4a0c62c526daeab75cf49a81dcc466691cc3e125","digitalCertThumbprint":"608A130F2C5D7356ED7AE2BA26137DC1104C27F2","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Urban Cyber Security Inc.","storeId":"","sourceIndex":"1147","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Program Files\\UrbanVPN\\UrbanVPNUpdater.exe","companyName":"Urban Security","productName":"UrbanVPN","productVersion":"2.2.12","fileVersion":"2.2.12","hashMD5":"13c580c16f0e2d560dea0a98b2d1b414","hashSHA1":"8b442e58fdaa912d19f13a0681c53011bf41a734","hashSHA256":"b23a6e59d0e60687b9f620ec8ecfb766b67974625ca463738fc989f8a778085c","digitalCertThumbprint":"608A130F2C5D7356ED7AE2BA26137DC1104C27F2","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Urban Cyber Security Inc.","storeId":"","sourceIndex":"1147","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"UrbanVPN2.exe","isInstaller":"True","companyName":"Urban Security","productName":"UrbanVPN","productVersion":"2.2.12","fileVersion":"2.2.12","hashMD5":"7b1c620592cfb400f0b51ece08c113f7","hashSHA1":"72fcdc4eb749b8546687ccf86e70ec246bbe1ee6","hashSHA256":"5d8c281bf72629746f0cd88d1aae543ab428e08a797ffca3635583509a9bb690","digitalCertThumbprint":"608A130F2C5D7356ED7AE2BA26137DC1104C27F2","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Urban Cyber Security Inc.","storeId":"","sourceIndex":"1147","avBlockList":["360 Total Security (20230530)","Avira Internet Security (20230530)","Bitdefender Internet Security (20230530)","ESET Internet Security (20230530)","G DATA INTERNET SECURITY (20230530)","K7 Total Security (20230530)","Kaspersky Internet Security (20230530)","McAfee Total Protection (20230530)","Norton Security (20230530)","Panda Dome (20230530)","Quick Heal Internet Security (20230530)","Sophos Home Premium (20230530)","SpyHunter5 (20230530)","Total AV Antivirus Pro (20230530)","VIPRE Advanced Security (20230530)","VirIT eXplorer PRO (20230530)","Webroot SecureAnywhere (20230530)"],"avAllowList":["Avast Premium Security (20230530)","AVG Internet Security (20230530)","COMODO Antivirus (20230530)","Dr.Web Security Space (20230530)","Malwarebytes Premium (20230530)","Trend Micro Internet Security (20230530)","Windows Defender (20230530)"]}],"additionalFiles":[],"sources":[{"howFound":"VPN in blur BI data","reference":"","landingPage":"https://www.urban-vpn.com/","directDownloadingLink":"https://download.urban-vpn.com/latest/UrbanVPN2.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://download.urban-vpn.com/latest/UrbanVPN2.exe","sourceIndex":"1147"}],"sampleFiles":["230426/UrbanVPN-220312/2.2.12/Samples/UrbanVPN2.exe"],"imageFiles":["230426/UrbanVPN-220312/2.2.12/Images/ACR-084/ACR-084.JPG","230426/UrbanVPN-220312/2.2.12/Images/ACR-048/ACR-048.JPG","230426/UrbanVPN-220312/2.2.12/Images/ACR-048/ACR-048_1.JPG","230426/UrbanVPN-220312/2.2.12/Images/ACR-007/ACR-007.JPG","230426/UrbanVPN-220312/2.2.12/Images/ACR-007/ACR-007_1.JPG","230426/UrbanVPN-220312/2.2.12/Images/ACR-007/ACR-007_2.JPG"],"nonDeceptorImageFiles":["230426/UrbanVPN-220312/2.2.12/Images/ACR-099/ACR-099.JPG","230426/UrbanVPN-220312/2.2.12/Images/ACR-099/ACR-099_1.JPG"],"guid":"1940a222-c960-47bb-b3f2-a92c5e8f174c_2.2.12_1","appID":"UrbanVPN-220312","dateAdded":"251103","deceptorType":"App","name":"UrbanVPN","company":"Urban Security","version":"2.2.12","firstResolvedVersion":"","lastKnownStatus":"2.2.4;2.2.9;2.2.10;2.2.11;2.2.12;2.2.12.1;4.0.4.0","lastKnownDate":"251103","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid","lastUpdate":"2025-11-03T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":7,"sortOrder":188},{"violations":{"ACR-048":"User has no option to disable system resource borrowing process. \n","ACR-007":"During installation application doesn't disclose the potential risks related with sharing network resource (IP/Bandwidth), doesn't disclose how application team manage the potential risks, and obtain user's explicit consent for borrowing network resource. \nApplication doesn't provide straightforward approach in application how to disable the network resource sharing. \n","ACR-084":"The application is minimized to systray when it is closed. It doesn't provide any notification to user that it is still running. The application icon in systray is almost invisible. (The icon is white and no tooltip) \n","ACR-118":"Application uninstallation doesn't work. The application files are left in the system and scheduled task is still enabled.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"Bitping%20Desktop_25.10.21-2_x64-setup.exe","isInstaller":"True","productName":"Bitping Desktop","productVersion":"25.10.21-2","fileVersion":"25.10.21-2","hashMD5":"92cf6417881cf1a4c39f145318563ccd","hashSHA1":"2cc0d0744b1bcfb91e722ce02f5a0c3f53200f66","hashSHA256":"9f2f28a02c0efe273adad93c57dfaf61ff8d7a3ff87cde538d33ab9c7ca2745f","sourceIndex":"157","avBlockList":["360 Total Security (20260120)","Avast Premium Security (20260120)","AVG Internet Security (20260120)","Avira Internet Security (20260120)","Bitdefender Internet Security (20260120)","COMODO Antivirus (20260120)","Dr.Web Security Space (20260120)","ESET Internet Security (20260120)","FortectPremium (20260120)","G DATA INTERNET SECURITY (20260120)","K7 Total Security (20260120)","KasperskyPremium (20260120)","Malwarebytes Premium (20260120)","McAfee Total Protection (20260120)","Norton Security (20260120)","Panda Dome (20260120)","Quick Heal Internet Security (20260120)","Sophos Home Premium (20260120)","SpyHunter5 (20260120)","Total AV Antivirus Pro (20260120)","Trend Micro Internet Security (20260120)","VIPRE Advanced Security (20260120)","VirIT eXplorer PRO (20260120)","Webroot SecureAnywhere (20260120)","Windows Defender (20260120)"],"avAllowList":[]},{"isRevoked":"False","fileName":"Bitping%20Desktop.exe","companyName":"bitping","productName":"Bitping Desktop","productVersion":"0.0.1","fileVersion":"0.0.1","hashMD5":"6915ec0876b5ee910fe12d6901d89cd5","hashSHA1":"cf153608ed24683d1eff8378409fe237edee1526","hashSHA256":"a1eebad618860eaa6d32e8429b2bbd12cfa3de1ab755a3a56644c3af7c581738","sourceIndex":"157","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"bitping.vbs","hashMD5":"f4922be1daf106fcafd58d71eeb3aa13","hashSHA1":"fb198b6db52efd09c65e06f146562bf1ce22aa02","hashSHA256":"653f5669d086c668b5c10016b7247e84d154e6770165fe145771fb6e1c31606c","sourceIndex":"157","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"uninstall.exe","productName":"Bitping Desktop","productVersion":"25.10.21-2","fileVersion":"25.10.21-2","hashMD5":"6dbccd65e2784b7ff84377ccad3fcf8a","hashSHA1":"bad052eb1ac1d27ba33ffbec6c629e6144ad561a","hashSHA256":"36d00bbbb0310b43de448eeb1748c6a5c2f196d034940404d51e303a48b49dc6","sourceIndex":"157","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Resource sharing app","reference":"","landingPage":"https://bitping.com/earn","directDownloadingLink":"https://bitping.com/earn#downloads","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://bitping.com/earn#downloads","sourceIndex":"157"}],"sampleFiles":["251030/Bitping-250706/25.10.21-2/Samples/Bitping%20Desktop_25.10.21-2_x64-setup.exe"],"imageFiles":["251030/Bitping-250706/25.10.21-2/Images/ACR-084/ACR-084_Software_1.png","251030/Bitping-250706/25.10.21-2/Images/ACR-048/ACR-048_Software_2.png","251030/Bitping-250706/25.10.21-2/Images/ACR-048/ACR-048_Software_1.png","251030/Bitping-250706/25.10.21-2/Images/ACR-007/ACR-007_Software_1.png","251030/Bitping-250706/25.10.21-2/Images/ACR-007/ACR-007_Software_2.png","251030/Bitping-250706/25.10.21-2/Images/ACR-118/ACR-118_Uninstall_1.png","251030/Bitping-250706/25.10.21-2/Images/ACR-118/ACR-118_Uninstall_2.png","251030/Bitping-250706/25.10.21-2/Images/ACR-118/ACR-118_Uninstall_3.png"],"nonDeceptorImageFiles":[],"guid":"e48e5a54-715e-4e5c-97d0-fa77666106ac_25.10.21-2_1","appID":"Bitping-250706","dateAdded":"251030","deceptorType":"App","name":"Bitping","company":"Bitping Pty. Ltd","version":"25.10.21-2","lastKnownStatus":"25.7.28-1;25.10.21-2","lastKnownDate":"251030","type":"Windows Executable","category":"Business Developer Tools","targetOS":"Windows 10,Windows 11","targetCustomer":"consumer","ageAppropriate":"Adults only","monetization":"mining,net proxy","lastUpdate":"2025-10-30T18:19:03.7394512+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":193},{"violations":{"ACR-048":"User has no option to disable system resource borrowing process. \n","ACR-007":"During installation application doesn't disclose the potential risks related with sharing network resource (IP/Bandwidth), doesn't disclose how application team manage the potential risks, and obtain user's explicit consent for borrowing network resource. \nApplication doesn't provide straightforward approach in application how to disable the network resource sharing. \n","ACR-084":"The application is minimized to systray when it is closed. It doesn't provide any notification to user that it is still running. The application icon in systray is almost invisible. (The icon is white and no tooltip) \n","ACR-118":"Application uninstallation doesn't work. The application files are left in the system and process is still running.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"Bitping%20Desktop_25.7.28-1_x64-setup.exe","isInstaller":"True","productName":"Bitping Desktop","productVersion":"25.7.28-1","fileVersion":"25.7.28-1","hashMD5":"0648d1d05fb0f5e73f080a2b0b638ffa","hashSHA1":"accf105521251e0c55d5cedeb04d68981e70936e","hashSHA256":"307c2bc07ea9a7e68d9cc6e2c29d18efd17e477390c16fd95e9428fe67ba4980","sourceIndex":"170","avBlockList":["360 Total Security (20251028)","Avast Premium Security (20251028)","AVG Internet Security (20251028)","Avira Internet Security (20251028)","Bitdefender Internet Security (20251028)","COMODO Antivirus (20251028)","ESET Internet Security (20251028)","FortectPremium (20251028)","G DATA INTERNET SECURITY (20251028)","K7 Total Security (20251028)","KasperskyPremium (20251028)","Malwarebytes Premium (20251028)","McAfee Total Protection (20251028)","Norton Security (20251028)","Panda Dome (20251028)","Quick Heal Internet Security (20251028)","Sophos Home Premium (20251028)","SpyHunter5 (20251028)","Total AV Antivirus Pro (20251028)","Trend Micro Internet Security (20251028)","VIPRE Advanced Security (20251028)","VirIT eXplorer PRO (20251028)","Webroot SecureAnywhere (20251028)","Windows Defender (20251028)"],"avAllowList":["Dr.Web Security Space (20251028)"]},{"isRevoked":"False","fileName":"Bitping%20Desktop.exe","companyName":"bitping","productName":"Bitping Desktop","productVersion":"0.0.1","fileVersion":"0.0.1","hashMD5":"c5fff7babb589fb3ae2075fd7618d2ad","hashSHA1":"ea9b5b8f81e2b6ec03361faece9f29ccdf3c78a2","hashSHA256":"9945924ae1eedc0916900dc3cbbd4044d19240c4f84f55d054519d9084f398a3","sourceIndex":"170","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"bitping.vbs","hashMD5":"2d51a1401cd05f7d8215c5b3a9f957ec","hashSHA1":"b75e1ae0209ed55753be70215895b11e1d8da8ff","hashSHA256":"3986f8ab6a291e9adef47b9957b4bc0cb0d83a0d3399691bd7ba3fda66a17fb1","sourceIndex":"170","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"uninstall.exe","productName":"Bitping Desktop","productVersion":"25.7.28-1","fileVersion":"25.7.28-1","hashMD5":"c093ed874be937e7e282af1d745b6905","hashSHA1":"317c24aac8fb86d0eb7e6338b13fe2e176bcc3ae","hashSHA256":"d8a55421c7f6e83e6ff2225d548e1deb1da862e58fa8539e7fa2cdd762fcff2d","sourceIndex":"170","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Resource sharing app","reference":"","landingPage":"https://bitping.com/earn","directDownloadingLink":"https://bitping.com/earn#downloads","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://bitping.com/earn#downloads","sourceIndex":"170"}],"sampleFiles":["250806/Bitping-250706/25.7.28-1/Samples/Bitping%20Desktop_25.7.28-1_x64-setup.exe"],"imageFiles":["250806/Bitping-250706/25.7.28-1/Images/ACR-084/ACR-084_Software_1.png","250806/Bitping-250706/25.7.28-1/Images/ACR-048/ACR-048_Software_2.png","250806/Bitping-250706/25.7.28-1/Images/ACR-007/ACR-007_Software_1.png","250806/Bitping-250706/25.7.28-1/Images/ACR-118/ACR-118_Uninstall_1.png","250806/Bitping-250706/25.7.28-1/Images/ACR-118/ACR-118_Uninstall_2.png","250806/Bitping-250706/25.7.28-1/Images/ACR-118/ACR-118_Uninstall_3.png"],"nonDeceptorImageFiles":[],"guid":"e48e5a54-715e-4e5c-97d0-fa77666106ac_25.7.28-1_1","appID":"Bitping-250706","dateAdded":"251030","deceptorType":"App","name":"Bitping","company":"Bitping Pty. Ltd","version":"25.7.28-1","lastKnownStatus":"25.7.28-1;25.10.21-2","lastKnownDate":"251030","type":"Windows Executable","category":"Business Developer Tools","targetOS":"Windows 10,Windows 11","targetCustomer":"consumer","ageAppropriate":"Adults only","monetization":"mining,net proxy","lastUpdate":"2025-10-30T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":194},{"violations":{"ACR-048":"Even \"share internet\" disconnected, the sharing traffic is still on. The control for share internet disconnected or connected not working as expected.\n\n","ACR-007":"The app does not obtain user explicit consent about reducing the consumer's security posture caused by sharing the user's internet resource before proceeding installation and running.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"repocket-1.3.6-arm64.dmg","isInstaller":"True","hashMD5":"874bf12718771fa0dca2c9e7255e5832","hashSHA1":"15a862dc7a22354bd01b03c127315a48e639754b","hashSHA256":"16624f3167b6355f97fe8add690f7dd75f9d4bbfc1b8350a41866cf2c69fd42c","sourceIndex":"159","avBlockList":["Sophos Home Premium For Mac (20260113)","SpyHunterforMac (20260113)"],"avAllowList":["Avast Security for Mac (20260113)","Avira Security for Mac (20260113)","Bitdefender Antivirus for Mac (20260113)","ESET Cyber Security Pro for Mac (20260113)","G DATA AntiVirus for Mac (20260113)","K7 Antivirus for Mac (20260113)","Kaspersky Internet Security for Mac (20260113)","McAfee Internet Security for Mac (20260113)","Norton Security for Mac (20260113)","Trend Micro Antivirus for Mac (20260113)"]},{"isRevoked":"False","fileName":"Repocket","fileVersion":"11.0.0","hashMD5":"16f9faa9396535178347e0c94545ee9b","hashSHA1":"4e50b280809ca2c93f5aafd6a425c9a20ebc8066","hashSHA256":"92f346604cea5f81fc1221ebac4b21ed1074b02abdbf30d9df313f164ff2a3ef","sourceIndex":"159","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Repocket","reference":"","landingPage":"repocket.co","ipv4":"","ipv6":"","sourceIndex":"159"}],"sampleFiles":["251029/Repacked-251024/1.3.6/Samples/repocket-1.3.6-arm64.dmg"],"imageFiles":["251029/Repacked-251024/1.3.6/Images/ACR-007/ACR-007_Install_1.png","251029/Repacked-251024/1.3.6/Images/ACR-048/ACR-048_Software_1.png"],"nonDeceptorImageFiles":[],"guid":"67dc63a1-04d3-4500-8699-e3438e5f8060_1.3.6_1","appID":"Repacked-251024","dateAdded":"251029","deceptorType":"MacOS App","name":"Repocket","company":"Repocket","version":"1.3.6","lastKnownStatus":"1.3.6","lastKnownDate":"251029","type":"MacOS App","category":"Personalization & Search","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"net proxy","lastUpdate":"2025-10-29T21:28:53.5024957+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":195},{"violations":{"ACR-007":"During installation application doesn't disclose the potential risks related with sharing network resource (IP/Bandwidth), doesn't disclose how application team manage the potential risks, and obtain user's explicit consent for borrowing network resource.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"packetshare_macOS_1.0.2_3.dmg","isInstaller":"True","hashMD5":"911b4b571959a34a9bbb4de2ff94e8bd","hashSHA1":"1bfea669d6e6a892d85858823567737edfe92de8","hashSHA256":"1cc70d3baa635d0fc9fb64d2ce29aced048d3091d6e692a20f12b0a6e6256480","sourceIndex":"158","avBlockList":["Avast Security for Mac (20260113)","Avira Security for Mac (20260113)","McAfee Internet Security for Mac (20260113)","Norton Security for Mac (20260113)","Sophos Home Premium For Mac (20260113)","SpyHunterforMac (20260113)","Trend Micro Antivirus for Mac (20260113)"],"avAllowList":["Bitdefender Antivirus for Mac (20260113)","ESET Cyber Security Pro for Mac (20260113)","G DATA AntiVirus for Mac (20260113)","K7 Antivirus for Mac (20260113)","Kaspersky Internet Security for Mac (20260113)"]},{"isRevoked":"False","fileName":"Packetshare","fileVersion":"11.5.0","hashMD5":"a993b0b890b24496e4dad1e3b02267af","hashSHA1":"33e6da076c26206c13fec742d82dae18336f82ff","hashSHA256":"7356669c9a1088b52263054b7b977ad5b4fbc5ae6106089553722a56a85a3181","sourceIndex":"158","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Deceptor related app","reference":"","landingPage":"https://www.packetshare.io","directDownloadingLink":"https://www.packetshare.io/download.html","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.packetshare.io/download.html","sourceIndex":"158"}],"sampleFiles":["251029/PacketShare-250506/1.0.2/Samples/packetshare_macOS_1.0.2_3.dmg"],"imageFiles":["251029/PacketShare-250506/1.0.2/Images/ACR-007/Screenshot 2025-05-07 at 9.54.19 AM.png"],"nonDeceptorImageFiles":[],"guid":"5af9f13d-69fe-4c2e-82e6-76ab52993cc1_1.0.2_1","appID":"PacketShare-250506","dateAdded":"251029","deceptorType":"MacOS App","name":"Packetshare","company":"DATALABS LIMITED","version":"1.0.2","lastKnownStatus":"1.0.1;1.0.2","lastKnownDate":"251029","type":"MacOS App","category":"Personalization & Search","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Adults only","monetization":"net proxy","lastUpdate":"2025-10-29T21:40:24.3409943+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":196},{"violations":{"ACR-007":"During installation application doesn't disclose the potential risks related with sharing network resource (IP/Bandwidth), doesn't disclose how application team manage the potential risks, and obtain user's explicit consent for borrowing network resource.\n"},"nonDeceptorViolations":{"ACR-007":"Application landing page doesn't disclose the potential risks related with sharing network resource (IP/Bandwidth), doesn't disclose how application team manage the potential risks.\n"},"samples":[{"isRevoked":"False","fileName":"packetshare_macos_v1.0.1_2.dmg","isInstaller":"True","fileVersion":"0.","hashMD5":"e3bff664fe86042ddde89ac3e393d732","hashSHA1":"6447655eb072471c1caff9271a86d8e273d20282","hashSHA256":"405d2613d91027f59d5791f6121377682d3169559335506344a6abeb5bfa7734","sourceIndex":"213","avBlockList":["ESET Cyber Security Pro for Mac (20250708)","Sophos Home Premium For Mac (20250708)","SpyHunterforMac (20250708)","Trend Micro Antivirus for Mac (20250708)"],"avAllowList":["Avast Security for Mac (20250708)","Avira Security for Mac (20250708)","Bitdefender Antivirus for Mac (20250708)","G DATA AntiVirus for Mac (20250708)","K7 Antivirus for Mac (20250708)","Kaspersky Internet Security for Mac (20250708)","McAfee Internet Security for Mac (20250708)","Norton Security for Mac (20250708)"]}],"additionalFiles":[],"sources":[{"howFound":"Deceptor related app","reference":"","landingPage":"https://www.packetshare.io","directDownloadingLink":"https://www.packetshare.io/download.html","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.packetshare.io/download.html","sourceIndex":"213"}],"sampleFiles":["250507/PacketShare-250506/1.0.1/Samples/packetshare_macos_v1.0.1_2.dmg"],"imageFiles":["250507/PacketShare-250506/1.0.1/Images/ACR-007/Screenshot 2025-05-07 at 9.54.19 AM.png"],"nonDeceptorImageFiles":["250507/PacketShare-250506/1.0.1/Images/ACR-007/Screenshot 2025-05-07 at 9.53.57 AM.png"],"guid":"5af9f13d-69fe-4c2e-82e6-76ab52993cc1_1.0.1_1","appID":"PacketShare-250506","dateAdded":"251029","deceptorType":"MacOS App","name":"Packetshare","company":"DATALABS LIMITED","version":"1.0.1","lastKnownStatus":"1.0.1;1.0.2","lastKnownDate":"251029","type":"MacOS App","category":"Personalization & Search","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Adults only","monetization":"net proxy","lastUpdate":"2025-10-29T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":197},{"violations":{"ACR-007":"The app does not obtain user explicit consent about reducing the consumer system's security posture caused by sharing the user's internet resource.\n","ACR-084":"The application running in background without notifying user when user close the application.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"mysterium_vpn.exe","companyName":"com.mysterium","productName":"mysterium_vpn","productVersion":"2.2.1+178","fileVersion":"2.2.1+178","hashMD5":"a9edaf9be7340795d3fc7a89a306d034","hashSHA1":"937643fca5293c9ff1c64c00bb69f5518eee2600","hashSHA256":"7e9509f90c90a49567ddb04b1d3411563e1d1d2d48a2f1df6d00d0e44c3a9976","sourceIndex":"161","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"UABMNTechnologijos.MysteriumVPN_2.2.1.0_x64__ncwhsn0daf7s2.Msix","isInstaller":"True","hashMD5":"0e6997b802934c4591ca8cdea8711aa3","hashSHA1":"1bd14bcfce0f401b467293279a0580494fed7c49","hashSHA256":"d007ad0c81d86a8c10f5b2b72e2611c913278d7f5e300ecca632b253cbda9e12","digitalCertThumbprint":"ECC6F37B0A3E986D17C204A95EE21491B5231665","digitalCertIssuer":"CN=Microsoft Marketplace CA G 023, OU=AOC, O=Microsoft Corporation, L=Redmond, S=Washington, C=US","digitalCertIssuedTo":"CN=B6C98289-B62E-4315-9F65-9B59DB0FC5AC","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"161","avBlockList":["360 Total Security (20251230)","Avast Premium Security (20251230)","AVG Internet Security (20251230)","Avira Internet Security (20251230)","FortectPremium (20251230)","K7 Total Security (20251230)","KasperskyPremium (20251230)","Norton Security (20251230)","Panda Dome (20251230)","Quick Heal Internet Security (20251230)","Sophos Home Premium (20251230)","SpyHunter5 (20251230)","Total AV Antivirus Pro (20251230)","Trend Micro Internet Security (20251230)","VirIT eXplorer PRO (20251230)"],"avAllowList":["Bitdefender Internet Security (20251230)","COMODO Antivirus (20251230)","Dr.Web Security Space (20251230)","ESET Internet Security (20251230)","G DATA INTERNET SECURITY (20251230)","Malwarebytes Premium (20251230)","McAfee Total Protection (20251230)","VIPRE Advanced Security (20251230)","Webroot SecureAnywhere (20251230)","Windows Defender (20251230)"]}],"additionalFiles":[],"sources":[{"howFound":"Resource sharing app","reference":"","landingPage":"https://www.mysteriumvpn.com/downloads/vpn-for-windows","ipv4":"","ipv6":"","sourceIndex":"161"}],"sampleFiles":["251003/Mysteriumvpn-251002/221.178/Samples/mysterium_vpn.exe","251003/Mysteriumvpn-251002/221.178/Samples/UABMNTechnologijos.MysteriumVPN_2.2.1.0_x64__ncwhsn0daf7s2.Msix"],"imageFiles":["251003/Mysteriumvpn-251002/221.178/Images/ACR-007/ACR-007_Install_1.png","251003/Mysteriumvpn-251002/221.178/Images/ACR-007/ACR-007_Install_2.png","251003/Mysteriumvpn-251002/221.178/Images/ACR-007/ACR-007_Install_3.png","251003/Mysteriumvpn-251002/221.178/Images/ACR-007/ACR-007_Install_4.png","251003/Mysteriumvpn-251002/221.178/Images/ACR-084/ACR-084_Software_1.png"],"nonDeceptorImageFiles":[],"guid":"0f3cd46f-b453-4dbc-8f70-17c19dc080ff_221.178_1","appID":"Mysteriumvpn-251002","dateAdded":"251003","deceptorType":"App","name":"Mysteriumvpn","company":"MN Intelligence UAB","version":"221.178","lastKnownStatus":"221.178","lastKnownDate":"251003","type":"Windows Executable","category":"Personalization & Search","targetOS":"Windows 11,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"net proxy","lastUpdate":"2025-10-11T14:49:43.2853398+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":198},{"violations":{"ACR-042":"1. The app drops a non-trusted self-signed Trusted Root Certificate without obtaining the consumer's permission through explicit user action.\n2. 2. The app drops open source components \"Open VPN\", \"QT5\", \"Tap-Windows\" and \"WireGuard LLC\" without any disclosure in EULA.\n","ACR-043":"1. The app does not provide information regarding the non-trusted self-signed Trusted Root Certificate that gets dropped after installation without the consumer's knowledge and consent.\n2. The app drops open source components \"Open VPN\", \"QT5\", \"Tap-Windows\" and \"WireGuard LLC\" without any disclosure in EULA.\n","ACR-107":"The app does not disclose relevant license information about \"Open VPN\", \"QT5\", \"Tap-Windows\" and \"WireGuard LLC\" in EULA\n","ACR-048":"The app does not provide any control to cancel the installation process.\n","ACR-007":"The app does not obtain user consent to reduce the consumer's security posture caused by the addition of the non-trusted self-signed root certificate. \n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains many of its components and the root certificate on the device without the consumer's consent.\n","ACR-119":"The app retains its monetization components after uninstall.\n","ACR-014":"The app misleads the user by stating \"You are not protected!\", while another VPN service is already active and running. \n","ACR-039":"The app installs the \"Open VPN\", \"QT5\", \"Tap-Windows\" and \"WireGuard LLC\" components without disclosing the relationship to the app in EULA during installation. \n"},"nonDeceptorViolations":{"ACR-045":"The app does not describe clearly and straightforwardly what effect is caused to the user's system due to the addition of its non-trusted self-signed Trusted Root Certificate.\n","ACR-123":"The app does not remove its root certificate even after uninstall.\n"},"samples":[{"isRevoked":"False","fileName":"torguard-setup-latest.exe","isInstaller":"True","companyName":"","productName":"","productVersion":"","fileVersion":"","hashMD5":"7861ce73ea8cb15c6f96464650b2799c","hashSHA1":"707e0f3b303b0bb9f86058ebbb7f39a1541e2f2e","hashSHA256":"4806f268412208ec817093c4cc0c63674586574c54930f0dab32eaae2b188f3a","digitalCertThumbprint":"35DF777F06BEBBCE7BBFF63D6A21A5463F985E28","digitalCertIssuer":"Sectigo Public Code Signing CA R36","digitalCertIssuedTo":"Schäuffelhut Berger GmbH","storeId":"","sourceIndex":"904","avBlockList":["360 Total Security (20230921)","Avira Internet Security (20230921)","K7 Total Security (20230921)","Norton Security (20230921)","Panda Dome (20230921)","Quick Heal Internet Security (20230921)","Sophos Home Premium (20230921)","SpyHunter5 (20230921)","Total AV Antivirus Pro (20230921)","VirIT eXplorer PRO (20230921)","Webroot SecureAnywhere (20230921)"],"avAllowList":["Avast Premium Security (20230921)","AVG Internet Security (20230921)","Bitdefender Internet Security (20230921)","COMODO Antivirus (20230921)","Dr.Web Security Space (20230921)","ESET Internet Security (20230921)","G DATA INTERNET SECURITY (20230921)","Kaspersky Internet Security (20230921)","Malwarebytes Premium (20230921)","McAfee Total Protection (20230921)","Trend Micro Internet Security (20230921)","VIPRE Advanced Security (20230921)","Windows Defender (20230921)"]}],"additionalFiles":[],"sources":[{"howFound":"Suggestion from AE","reference":"","landingPage":"https://torguard.net/vpn-software.php","directDownloadingLink":"https://updates.torguard.biz/Software/Windows/torguard-setup-latest.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://updates.torguard.biz/Software/Windows/torguard-setup-latest.exe","sourceIndex":"904"}],"sampleFiles":["230907/TorGuard-230907/4.8.22/Samples/torguard-setup-latest.exe"],"imageFiles":["230907/TorGuard-230907/4.8.22/Images/ACR-039/ACR-039.JPG","230907/TorGuard-230907/4.8.22/Images/ACR-039/ACR-039_1.JPG","230907/TorGuard-230907/4.8.22/Images/ACR-039/ACR-039_2.JPG","230907/TorGuard-230907/4.8.22/Images/ACR-039/ACR-039_3.JPG","230907/TorGuard-230907/4.8.22/Images/ACR-043/ACR-043.JPG","230907/TorGuard-230907/4.8.22/Images/ACR-043/ACR-043 (1).JPG","230907/TorGuard-230907/4.8.22/Images/ACR-043/ACR-043 (2).JPG","230907/TorGuard-230907/4.8.22/Images/ACR-043/ACR-043 (3).JPG","230907/TorGuard-230907/4.8.22/Images/ACR-107/ACR-107 (2).JPG","230907/TorGuard-230907/4.8.22/Images/ACR-107/ACR-107 (3).JPG","230907/TorGuard-230907/4.8.22/Images/ACR-107/ACR-107 (1).JPG","230907/TorGuard-230907/4.8.22/Images/ACR-042/ACR-042.JPG","230907/TorGuard-230907/4.8.22/Images/ACR-042/ACR-042 (1).JPG","230907/TorGuard-230907/4.8.22/Images/ACR-042/ACR-042 (2).JPG","230907/TorGuard-230907/4.8.22/Images/ACR-042/ACR-042 (3).JPG","230907/TorGuard-230907/4.8.22/Images/ACR-048/ACR-048.JPG","230907/TorGuard-230907/4.8.22/Images/ACR-007/ACR-007.JPG","230907/TorGuard-230907/4.8.22/Images/ACR-014/ACR-014.JPG","230907/TorGuard-230907/4.8.22/Images/ACR-118/ACR-118.JPG","230907/TorGuard-230907/4.8.22/Images/ACR-118/ACR-118_1.JPG","230907/TorGuard-230907/4.8.22/Images/ACR-118/ACR-118_2.JPG","230907/TorGuard-230907/4.8.22/Images/ACR-119/ACR-119.JPG","230907/TorGuard-230907/4.8.22/Images/ACR-119/ACR-119 (2).JPG"],"nonDeceptorImageFiles":["230907/TorGuard-230907/4.8.22/Images/ACR-045/ACR-045.JPG","230907/TorGuard-230907/4.8.22/Images/ACR-123/ACR-123.JPG"],"guid":"12006127-c4c4-4431-98f2-c6e4e2b9e9e0_4.8.22_1","appID":"TorGuard-230907","dateAdded":"251002","deceptorType":"App","name":"Tor Guard","company":"VPNetwork LLC","version":"4.8.22","lastKnownStatus":"4.8.22;4.8.29","lastKnownDate":"251002","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2025-10-02T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":3,"sortOrder":201},{"violations":{"ACR-042":"1. The app drops a non-trusted self-signed Trusted Root Certificate without obtaining the consumer's permission through explicit user action.\n2. The app drops open source components \"Open VPN\", \"QT5\", \"Tap-Windows\" and \"WireGuard LLC\" without any disclosure in EULA.\n","ACR-043":"1. The app does not provide information regarding the non-trusted self-signed Trusted Root Certificate that gets dropped after installation without the consumer's knowledge and consent.\n2. The app drops open source components \"Open VPN\", \"QT5\", \"Tap-Windows\" and \"WireGuard LLC\" without any disclosure in EULA.\n","ACR-107":"The app does not disclose relevant license information about \"Open VPN\", \"QT5\", \"Tap-Windows\" and \"WireGuard LLC\" in EULA\n","ACR-048":"The app does not provide any control to cancel the installation process.\n","ACR-007":"The app does not obtain user consent to reduce the consumer's security posture caused by the addition of the non-trusted self-signed root certificate. \n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains many of its components and the root certificate on the device without the consumer's consent.\n","ACR-119":"The app retains its monetization components after uninstall.\n","ACR-014":"The app misleads the user by stating \"You are not protected!\", while another VPN service is already active and running. \n","ACR-039":"The app installs the \"Open VPN\", \"QT5\", \"Tap-Windows\" and \"WireGuard LLC\" components without disclosing the relationship to the app in EULA during installation. \n"},"nonDeceptorViolations":{"ACR-045":"The app does not describe clearly and straightforwardly what effect is caused to the user's system due to the addition of its non-trusted self-signed Trusted Root Certificate.\n","ACR-123":"The app does not remove its root certificate even after uninstall.\n"},"samples":[{"isRevoked":"False","fileName":"torguard-setup-latest.exe","isInstaller":"True","companyName":"","productName":"","productVersion":"","fileVersion":"","hashMD5":"5b67f6ed693f933625075a2f7ce12af6","hashSHA1":"862a663c513203c481899d40321feb3b3c40537d","hashSHA256":"f6ac9c9c7ba9f5559bb40fe2df4e91c2c89ebc44c64f3939015c3d661333644e","digitalCertThumbprint":"35DF777F06BEBBCE7BBFF63D6A21A5463F985E28","digitalCertIssuer":"Sectigo Public Code Signing CA R36","digitalCertIssuedTo":"Schäuffelhut Berger GmbH","storeId":"","sourceIndex":"793","avBlockList":["360 Total Security (20240222)","Avast Premium Security (20240222)","AVG Internet Security (20240222)","Avira Internet Security (20240222)","K7 Total Security (20240222)","Norton Security (20240222)","Panda Dome (20240222)","Quick Heal Internet Security (20240222)","Sophos Home Premium (20240222)","SpyHunter5 (20240222)","Total AV Antivirus Pro (20240222)","VirIT eXplorer PRO (20240222)","Webroot SecureAnywhere (20240222)","Windows Defender (20240222)"],"avAllowList":["Bitdefender Internet Security (20240222)","COMODO Antivirus (20240222)","Dr.Web Security Space (20240222)","ESET Internet Security (20240222)","G DATA INTERNET SECURITY (20240222)","Kaspersky Internet Security (20240222)","Malwarebytes Premium (20240222)","McAfee Total Protection (20240222)","Trend Micro Internet Security (20240222)","VIPRE Advanced Security (20240222)"]}],"additionalFiles":[],"sources":[{"howFound":"Suggestion from AE","reference":"","landingPage":"https://torguard.net/vpn-software.php","directDownloadingLink":"https://updates.torguard.biz/Software/Windows/torguard-setup-latest.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://updates.torguard.biz/Software/Windows/torguard-setup-latest.exe","sourceIndex":"793"}],"sampleFiles":["230907/TorGuard-230907/4.8.26/Samples/torguard-setup-latest.exe"],"imageFiles":["230907/TorGuard-230907/4.8.26/Images/ACR-039/ACR-039_Install_1.png","230907/TorGuard-230907/4.8.26/Images/ACR-039/ACR-039_Install_2.png","230907/TorGuard-230907/4.8.26/Images/ACR-039/ACR-039_Install_3.png","230907/TorGuard-230907/4.8.26/Images/ACR-039/ACR-039_Install_4.png","230907/TorGuard-230907/4.8.26/Images/ACR-043/ACR-043_Install_1.png","230907/TorGuard-230907/4.8.26/Images/ACR-043/ACR-043_Install_2.png","230907/TorGuard-230907/4.8.26/Images/ACR-043/ACR-043_Install_3.png","230907/TorGuard-230907/4.8.26/Images/ACR-043/ACR-043_Install_4.png","230907/TorGuard-230907/4.8.26/Images/ACR-043/ACR-043_Install_5.png","230907/TorGuard-230907/4.8.26/Images/ACR-107/ACR-107_Install_1.png","230907/TorGuard-230907/4.8.26/Images/ACR-107/ACR-107_Install_2.png","230907/TorGuard-230907/4.8.26/Images/ACR-107/ACR-107_Install_3.png","230907/TorGuard-230907/4.8.26/Images/ACR-042/ACR-042_Install_1.png","230907/TorGuard-230907/4.8.26/Images/ACR-042/ACR-042_Install_2.png","230907/TorGuard-230907/4.8.26/Images/ACR-042/ACR-042_Install_3.png","230907/TorGuard-230907/4.8.26/Images/ACR-042/ACR-042_Install_4.png","230907/TorGuard-230907/4.8.26/Images/ACR-042/ACR-042_Install_5.png","230907/TorGuard-230907/4.8.26/Images/ACR-048/ACR-048.JPG","230907/TorGuard-230907/4.8.26/Images/ACR-007/ACR-007_Install_1.png","230907/TorGuard-230907/4.8.26/Images/ACR-014/ACR-014.JPG","230907/TorGuard-230907/4.8.26/Images/ACR-118/ACR-118_Uninstall_1.png","230907/TorGuard-230907/4.8.26/Images/ACR-118/ACR-118_Uninstall_2.png","230907/TorGuard-230907/4.8.26/Images/ACR-118/ACR-118_Uninstall_3.png","230907/TorGuard-230907/4.8.26/Images/ACR-119/ACR-119_Uninstall_1.png","230907/TorGuard-230907/4.8.26/Images/ACR-119/ACR-119_Uninstall_2.png"],"nonDeceptorImageFiles":["230907/TorGuard-230907/4.8.26/Images/ACR-045/ACR-045_Install_1.png","230907/TorGuard-230907/4.8.26/Images/ACR-123/ACR-123_Uninstall_1.png"],"guid":"12006127-c4c4-4431-98f2-c6e4e2b9e9e0_4.8.26_1","appID":"TorGuard-230907","dateAdded":"251002","deceptorType":"App","name":"Tor Guard","company":"VPNetwork LLC","version":"4.8.26","lastKnownStatus":"4.8.22;4.8.29","lastKnownDate":"251002","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2025-10-02T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":3,"sortOrder":200},{"violations":{"ACR-007":"The app does not obtain user explicit consent about reducing the consumer system's security posture caused by sharing the user's internet resource.\n","ACR-084":"The application running in background without notifying user when user close the application.\n"},"nonDeceptorViolations":{"ACR-123":"Application doesn't revert the system setting after its uninstallation completes. And leaves the executables behind and keep running. system.\n"},"samples":[{"isRevoked":"False","fileName":"MystNodesLauncher.msix","isInstaller":"True","hashMD5":"3bc91278eb8dcc823dfe3d7c95e52dfe","hashSHA1":"290db24d732c9f38a6448dddae6cfa27c4664599","hashSHA256":"45af9053d39db04f9a4532687803964e389c06ed1809f81a6f069fab007cae35","digitalCertThumbprint":"60662774BE7872BE10F58E4EA0FC4F97754FEF7B","digitalCertIssuer":"CN=GlobalSign GCC R45 EV CodeSigning CA 2020, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"E=support@netsys.technology, CN=NetSys Inc, O=NetSys Inc, L=Panama City, S=Panama, C=PA, OID.1.3.6.1.4.1.311.60.2.1.3=PA, SERIALNUMBER=155663282, OID.2.5.4.15=Private Organization","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"163","avBlockList":["360 Total Security (20251230)","Avast Premium Security (20251230)","AVG Internet Security (20251230)","Avira Internet Security (20251230)","COMODO Antivirus (20251230)","ESET Internet Security (20251230)","FortectPremium (20251230)","K7 Total Security (20251230)","KasperskyPremium (20251230)","Malwarebytes Premium (20251230)","Norton Security (20251230)","Panda Dome (20251230)","Quick Heal Internet Security (20251230)","Sophos Home Premium (20251230)","SpyHunter5 (20251230)","Total AV Antivirus Pro (20251230)","VirIT eXplorer PRO (20251230)","Windows Defender (20251230)"],"avAllowList":["Bitdefender Internet Security (20251230)","Dr.Web Security Space (20251230)","G DATA INTERNET SECURITY (20251230)","McAfee Total Protection (20251230)","Trend Micro Internet Security (20251230)","VIPRE Advanced Security (20251230)","Webroot SecureAnywhere (20251230)"]},{"isRevoked":"False","fileName":"mystnodes_flutter.exe","companyName":"com.mystnodes","productName":"MystNodes Launcher","productVersion":"2.1.0+20","fileVersion":"2.1.0+20","hashMD5":"8b48372096f281f4de161431ec00d1d2","hashSHA1":"ab7a30515cbe97c4979131f8541f7e87dde12dab","hashSHA256":"797553539fdeae14e03b6be355a62832a7046ad9255ffaddddcdf70fdca0fdbc","sourceIndex":"163","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"myst-launcher-svc.exe","hashMD5":"d7613440ec7bb3b0f430b1acd54079e3","hashSHA1":"adb025cd435ba98d6b33685095c393bb369f27a4","hashSHA256":"abee7da8a4821cc3bf2aa727974cd42daaec3704cc3010bece5b62d94d6fb44d","sourceIndex":"163","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"myst.exe","hashMD5":"a9a798e8130a0c34ae02bc3e9694a4e8","hashSHA1":"6304c0b6d08d01636b5581b454137c2e9aabedc6","hashSHA256":"bd8ba4469218f7ec2be637cf3fdaf510a6ed501a3622f0afb338c19194e70d16","sourceIndex":"163","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"myst_supervisor.exe","hashMD5":"50823fd21f7bdf86c122813c1d2e8475","hashSHA1":"6780b606d58f4d9ab510ebb83bd58d746a9100e8","hashSHA256":"7850d9dc641ac0ec4cb88746650355584a292c24da95b712f9ac49067c48d7fd","sourceIndex":"163","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Sharing app ","reference":"","landingPage":"https://www.mysterium.network/","directDownloadingLink":"https://mystnodes.com/","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://mystnodes.com/","sourceIndex":"163"}],"sampleFiles":["251002/Mystnode-251002/2.1.0.20/Samples/MystNodesLauncher.msix"],"imageFiles":["251002/Mystnode-251002/2.1.0.20/Images/ACR-007/ACR-007_Install_2.png","251002/Mystnode-251002/2.1.0.20/Images/ACR-007/ACR-007_Install_3.png","251002/Mystnode-251002/2.1.0.20/Images/ACR-007/ACR-007_Install_1.png","251002/Mystnode-251002/2.1.0.20/Images/ACR-084/ACR-084_Software_1.png","251002/Mystnode-251002/2.1.0.20/Images/ACR-084/ACR-084_Software_2.png","251002/Mystnode-251002/2.1.0.20/Images/ACR-084/ACR-084_Software_3.png"],"nonDeceptorImageFiles":["251002/Mystnode-251002/2.1.0.20/Images/ACR-123/ACR-123_Uninstall_1.png","251002/Mystnode-251002/2.1.0.20/Images/ACR-123/ACR-123_Uninstall_2.png"],"guid":"c4a36939-b5a9-41fd-b6a5-ed3b5c51411d_2.1.0.20_1","appID":"Mystnode-251002","dateAdded":"251002","deceptorType":"App","name":"Mystnodes","company":"NetSys Inc","version":"2.1.0.20","lastKnownStatus":"2.1.0.20","lastKnownDate":"251002","type":"Windows Executable","category":"Personalization & Search","targetOS":"Windows 10,Windows 11","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"net proxy","lastUpdate":"2025-10-02T22:21:36.851716+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":202},{"violations":{"ACR-042":"1. The app drops a non-trusted self-signed Trusted Root Certificate without obtaining the consumer's permission through explicit user action.\n2. The app drops open source components \"Open VPN\", \"QT5\", \"Tap-Windows\" and \"WireGuard LLC\" without any disclosure in EULA.\n","ACR-043":"1. The app does not provide information regarding the non-trusted self-signed Trusted Root Certificate that gets dropped after installation without the consumer's knowledge and consent.\n2. The app drops open source components \"Open VPN\", \"QT5\", \"Tap-Windows\" and \"WireGuard LLC\" without any disclosure in EULA.\n","ACR-107":"The app does not disclose relevant license information about \"Open VPN\", \"QT5\", \"Tap-Windows\" and \"WireGuard LLC\" in EULA\n","ACR-048":"The app does not provide any control to cancel the installation process.\n","ACR-007":"The app does not obtain user consent to reduce the consumer's security posture caused by the addition of the non-trusted self-signed root certificate. \n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains many of its components and the root certificate on the device without the consumer's consent.\n","ACR-119":"The app retains its monetization components after uninstall.\n","ACR-039":"The app installs the \"Open VPN\", \"QT5\", \"Tap-Windows\" and \"WireGuard LLC\" components without disclosing the relationship to the app in EULA during installation. \n"},"nonDeceptorViolations":{"ACR-045":"The app does not describe clearly and straightforwardly what effect is caused to the user's system due to the addition of its non-trusted self-signed Trusted Root Certificate.\n","ACR-123":"The app does not remove its root certificate even after uninstall.\n"},"samples":[{"isRevoked":"False","fileName":"torguard-setup-latest.exe","isInstaller":"True","hashMD5":"1098928feb7f160184fd2f70f930d06f","hashSHA1":"a110476285d55dd9c8c561f7f8cdad6dd1701483","hashSHA256":"70942966913b40fc8fbbb04e71c93f6d2e050f2f74b157fa2a41501faee03586","digitalCertThumbprint":"35DF777F06BEBBCE7BBFF63D6A21A5463F985E28","digitalCertIssuer":"CN=Sectigo Public Code Signing CA R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=Schäuffelhut Berger GmbH, O=Schäuffelhut Berger GmbH, S=Bayern, C=DE","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"164","avBlockList":["Avast Premium Security (20251230)","AVG Internet Security (20251230)","Avira Internet Security (20251230)","ESET Internet Security (20251230)","FortectPremium (20251230)","K7 Total Security (20251230)","KasperskyPremium (20251230)","Malwarebytes Premium (20251230)","Norton Security (20251230)","Panda Dome (20251230)","Quick Heal Internet Security (20251230)","Sophos Home Premium (20251230)","SpyHunter5 (20251230)","Total AV Antivirus Pro (20251230)","VirIT eXplorer PRO (20251230)","Webroot SecureAnywhere (20251230)"],"avAllowList":["360 Total Security (20251230)","Bitdefender Internet Security (20251230)","COMODO Antivirus (20251230)","Dr.Web Security Space (20251230)","G DATA INTERNET SECURITY (20251230)","McAfee Total Protection (20251230)","Trend Micro Internet Security (20251230)","VIPRE Advanced Security (20251230)","Windows Defender (20251230)"]}],"additionalFiles":[],"sources":[{"howFound":"Suggestion from AE","reference":"","landingPage":"https://torguard.net/vpn-software.php","directDownloadingLink":"https://updates.torguard.biz/Software/Windows/torguard-setup-latest.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://updates.torguard.biz/Software/Windows/torguard-setup-latest.exe","sourceIndex":"164"}],"sampleFiles":["251002/TorGuard-230907/4.8.29/Samples/torguard-setup-latest.exe"],"imageFiles":["251002/TorGuard-230907/4.8.29/Images/ACR-039/ACR-039_Install_1.png","251002/TorGuard-230907/4.8.29/Images/ACR-039/ACR-039_Install_2.png","251002/TorGuard-230907/4.8.29/Images/ACR-039/ACR-039_Install_3.png","251002/TorGuard-230907/4.8.29/Images/ACR-039/ACR-039_Install_4.png","251002/TorGuard-230907/4.8.29/Images/ACR-043/ACR-043_Install_1.png","251002/TorGuard-230907/4.8.29/Images/ACR-043/ACR-043_Install_2.png","251002/TorGuard-230907/4.8.29/Images/ACR-043/ACR-043_Install_3.png","251002/TorGuard-230907/4.8.29/Images/ACR-043/ACR-043_Install_4.png","251002/TorGuard-230907/4.8.29/Images/ACR-043/ACR-043_Install_5.png","251002/TorGuard-230907/4.8.29/Images/ACR-107/ACR-107_Install_1.png","251002/TorGuard-230907/4.8.29/Images/ACR-107/ACR-107_Install_2.png","251002/TorGuard-230907/4.8.29/Images/ACR-107/ACR-107_Install_3.png","251002/TorGuard-230907/4.8.29/Images/ACR-042/ACR-042_Install_1.png","251002/TorGuard-230907/4.8.29/Images/ACR-042/ACR-042_Install_2.png","251002/TorGuard-230907/4.8.29/Images/ACR-042/ACR-042_Install_3.png","251002/TorGuard-230907/4.8.29/Images/ACR-042/ACR-042_Install_4.png","251002/TorGuard-230907/4.8.29/Images/ACR-042/ACR-042_Install_5.png","251002/TorGuard-230907/4.8.29/Images/ACR-048/ACR-048.JPG","251002/TorGuard-230907/4.8.29/Images/ACR-007/ACR-007_Install_1.png","251002/TorGuard-230907/4.8.29/Images/ACR-118/ACR-118_Uninstall_1.png","251002/TorGuard-230907/4.8.29/Images/ACR-118/ACR-118_Uninstall_2.png","251002/TorGuard-230907/4.8.29/Images/ACR-118/ACR-118_Uninstall_3.png","251002/TorGuard-230907/4.8.29/Images/ACR-119/ACR-119_Uninstall_1.png","251002/TorGuard-230907/4.8.29/Images/ACR-119/ACR-119_Uninstall_2.png"],"nonDeceptorImageFiles":["251002/TorGuard-230907/4.8.29/Images/ACR-045/ACR-045_Install_1.png","251002/TorGuard-230907/4.8.29/Images/ACR-123/ACR-123_Uninstall_1.png"],"guid":"12006127-c4c4-4431-98f2-c6e4e2b9e9e0_4.8.29_1","appID":"TorGuard-230907","dateAdded":"251002","deceptorType":"App","name":"Tor Guard","company":"VPNetwork LLC","version":"4.8.29","lastKnownStatus":"4.8.22;4.8.29","lastKnownDate":"251002","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,net proxy","lastUpdate":"2025-10-02T18:52:43.2616755+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":3,"sortOrder":199},{"violations":{"ACR-004":"App does not provide free fixes for the scan results that can't be permanently fixed. It uses issues identified during free scanning to upsell user the fix, requiring user to purchase subscription service to fix all results identified during free scan.\n"},"nonDeceptorViolations":{"ACR-065":"The install does not display link to the EULA, Terms of Service, Returns and Cancellation Policy, or Privacy Policy.\nThe app does not display links to the EULA, Returns and Cancellation Policy, or Privacy Policy in the software\n"},"samples":[{"isRevoked":"False","fileName":"Mac_PowerSuite.dmg","isInstaller":"True","fileVersion":"0.","hashMD5":"","hashSHA1":"","hashSHA256":"989484ca5a0fa7f1056042568eee9a203c4e9a6f97201225e9b21ac8de4153b0","sourceIndex":"2409","avBlockList":["Avast Security for Mac (20220809)","Avira Security for Mac (20220809)","ESET Cyber Security Pro for Mac (20220809)","McAfee Internet Security for Mac (20220809)","Norton Security for Mac (20220809)","Sophos Home Premium For Mac (20220809)","Trend Micro Antivirus for Mac (20220809)"],"avAllowList":["Bitdefender Antivirus for Mac (20220809)","G DATA AntiVirus for Mac (20220809)","K7 Antivirus for Mac (20220809)","Kaspersky Internet Security for Mac (20220809)"]},{"isRevoked":"False","fileName":"PowerSuite","fileVersion":"0.","hashMD5":"","hashSHA1":"","hashSHA256":"cfa0321e1c5ce73db4326a76a0f9cc45518547e95bb080248f85fb82699235aa","sourceIndex":"2409","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Google Search \"clean up and optimize mac app download\"","reference":"https://www.fireebok.com","landingPage":"https://www.fireebok.com/mac-powersuite.html","directDownloadingLink":"https://www.fireebok.com/product/Mac_PowerSuite.dmg","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.fireebok.com/product/Mac_PowerSuite.dmg","sourceIndex":"2409"}],"sampleFiles":["200623/FireebokPowerSuite-200420/2.5.5/Samples/Mac_PowerSuite.dmg","200623/FireebokPowerSuite-200420/2.5.5/Samples/PowerSuite"],"imageFiles":["200623/FireebokPowerSuite-200420/2.5.5/Images/ACR-004/Fireebok PowerSuite_Scanning [4].png","200623/FireebokPowerSuite-200420/2.5.5/Images/ACR-004/Fireebok PowerSuite_Scanning [5].png","200623/FireebokPowerSuite-200420/2.5.5/Images/ACR-004/Fireebok PowerSuite_Scanning [6].png","200623/FireebokPowerSuite-200420/2.5.5/Images/ACR-004/Fireebok PowerSuite_OfferPage [3].png","200623/FireebokPowerSuite-200420/2.5.5/Images/ACR-004/Fireebok PowerSuite_OfferPage [5].png","200623/FireebokPowerSuite-200420/2.5.5/Images/ACR-004/Fireebok PowerSuite_OfferPage [1].png"],"nonDeceptorImageFiles":["200623/FireebokPowerSuite-200420/2.5.5/Images/ACR-065/Fireebok PowerSuite_Install [1].png","200623/FireebokPowerSuite-200420/2.5.5/Images/ACR-065/Fireebok PowerSuite_About [1].png","200623/FireebokPowerSuite-200420/2.5.5/Images/ACR-065/Fireebok PowerSuite_Interaction [1].png"],"guid":"15e233d7-5a50-43c6-8c25-b291ab0658b0_2.5.5_1","appID":"FireebokPowerSuite-200420","dateAdded":"251001","deceptorType":"MacOS App","name":"Fireebok PowerSuite ","company":"Fireebok Studio","version":"2.5.5","sigName":"Deceptor:MacOS/FireebokPowerSuite!004","lastKnownStatus":"2.5.4;2.5.5;2.5.7;2.5.9;2.6.0;2.6.1;2.6.3;2.6.4;2.7.0;3.0.0;3.1.1;3.2.0;3.2.5;3.3.2;3.3.4;3.3.5;3.3.7;3.3.9;3.4.0","lastKnownDate":"251001","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2025-10-01T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":19,"sortOrder":220},{"violations":{"ACR-004":"The app does not provide a fully functioning free trial. The app does not provide free fixes for the results identified during the free scan.\n"},"nonDeceptorViolations":{"ACR-065":"The install does not display link to the EULA, Terms of Service, Returns and Cancellation Policy, or Privacy Policy.\nThe app does not display links to the Terms of Service or EULA, Returns and Cancellation Policy, or Privacy Policy in the software\n"},"samples":[{"isRevoked":"False","fileName":"Mac_PowerSuite.dmg","isInstaller":"True","fileVersion":"0.","hashMD5":"f0fef74c09ffec5195dc5fcf7d6c9c58","hashSHA1":"dec28a2a58f3ebe64881c4d4e14a823fe03f2f03","hashSHA256":"6b761e765e6cafeb600f6e8448a0b90f3dc0d03f3911c3a8d3d07daa4b703174","sourceIndex":"2107","avBlockList":["Avast Security for Mac (20240312)","Avira Security for Mac (20240312)","ESET Cyber Security Pro for Mac (20240312)","Kaspersky Internet Security for Mac (20240312)","Norton Security for Mac (20240312)","Sophos Home Premium For Mac (20240312)","SpyHunterforMac (20240312)","Trend Micro Antivirus for Mac (20240312)"],"avAllowList":["Bitdefender Antivirus for Mac (20240312)","G DATA AntiVirus for Mac (20240312)","K7 Antivirus for Mac (20240312)","McAfee Internet Security for Mac (20240312)"]},{"isRevoked":"False","fileName":"PowerSuite","fileVersion":"0.","hashMD5":"eaa7ea9bb3f6c403606a28e0e376b847","hashSHA1":"5f4620150f48f25f51aeb244e4760dc045528ff9","hashSHA256":"13b75c90d70be496c788b1bf58f606917fe8038e01bd152c466813c469e50661","sourceIndex":"2107","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Google Search \"clean up and optimize mac app download\"","reference":"https://www.fireebok.com","landingPage":"https://www.fireebok.com/mac-powersuite.html","directDownloadingLink":"https://www.fireebok.com/product/Mac_PowerSuite.dmg","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.fireebok.com/product/Mac_PowerSuite.dmg","sourceIndex":"2107"}],"sampleFiles":["200924/FireebokPowerSuite-200420/2.5.7/Samples/Mac_PowerSuite.dmg","200924/FireebokPowerSuite-200420/2.5.7/Samples/PowerSuite"],"imageFiles":["200924/FireebokPowerSuite-200420/2.5.7/Images/ACR-004/Mac_PowerSuite_Interaction [1].png","200924/FireebokPowerSuite-200420/2.5.7/Images/ACR-004/Mac_PowerSuite_Interaction [2] Scanning.png","200924/FireebokPowerSuite-200420/2.5.7/Images/ACR-004/Mac_PowerSuite_Interaction [3] ScanResult.png","200924/FireebokPowerSuite-200420/2.5.7/Images/ACR-004/Mac_PowerSuite_Interaction [4] ScanResult.png","200924/FireebokPowerSuite-200420/2.5.7/Images/ACR-004/Mac_PowerSuite_Interaction [5] Activate.png"],"nonDeceptorImageFiles":["200924/FireebokPowerSuite-200420/2.5.7/Images/ACR-065/Mac_PowerSuite_Install [1].png","200924/FireebokPowerSuite-200420/2.5.7/Images/ACR-065/Mac_PowerSuite_About [1].png"],"guid":"15e233d7-5a50-43c6-8c25-b291ab0658b0_2.5.7_1","appID":"FireebokPowerSuite-200420","dateAdded":"251001","deceptorType":"MacOS App","name":"Fireebok PowerSuite ","company":"Fireebok Studio","version":"2.5.7","sigName":"Deceptor:MacOS/FireebokPowerSuite!004","lastKnownStatus":"2.5.4;2.5.5;2.5.7;2.5.9;2.6.0;2.6.1;2.6.3;2.6.4;2.7.0;3.0.0;3.1.1;3.2.0;3.2.5;3.3.2;3.3.4;3.3.5;3.3.7;3.3.9;3.4.0","lastKnownDate":"251001","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid,paid","lastUpdate":"2025-10-01T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":19,"sortOrder":219},{"violations":{"ACR-004":"The application does not provide a fully functioning free trial. The app does not provide free fixes for the results identified during the free scan.\n"},"nonDeceptorViolations":{"ACR-065":"The install does not display link to the EULA, Terms of Service, Returns and Cancellation Policy, or Privacy Policy.\nThe app does not display links to the Terms of Service or EULA, Returns and Cancellation Policy, or Privacy Policy in the software\n"},"samples":[{"isRevoked":"False","fileName":"Mac_PowerSuite.dmg","isInstaller":"True","fileVersion":"0.","hashMD5":"804d59a578f0650a54e26d6d1d1a030b","hashSHA1":"ee59b7ebfc1c3824c52eaf791f955c51ff71dd07","hashSHA256":"d9565dbf5bde114cf40fb9f81ca141d77e59fc5877764538b636689ce4b4ff93","sourceIndex":"2045","avBlockList":["Avast Security for Mac (20210413)","Avira Security for Mac (20210413)","Bitdefender Antivirus for Mac (20210413)","ESET Cyber Security Pro for Mac (20210413)","G DATA AntiVirus for Mac (20210413)","K7 Antivirus for Mac (20210413)","McAfee Internet Security for Mac (20210413)","Norton Security for Mac (20210413)","Sophos Home Premium For Mac (20210413)","Trend Micro Antivirus for Mac (20210413)"],"avAllowList":["Kaspersky Internet Security for Mac (20210413)"]},{"isRevoked":"False","fileName":"PowerSuite","fileVersion":"0.","hashMD5":"9856845cc12e7a9008a50c972bc98e24","hashSHA1":"36ad961b5327d4b6f22f9f16bbf01286e1cbcb45","hashSHA256":"eca0356c4cc3bffd71355eb1c94a041e92ba43d32c6ae565bca780536acac305","sourceIndex":"2045","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Google Search \"clean up and optimize mac app download\"","reference":"https://www.fireebok.com","landingPage":"https://www.fireebok.com/mac-powersuite.html","directDownloadingLink":"https://www.fireebok.com/product/Mac_PowerSuite.dmg","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.fireebok.com/product/Mac_PowerSuite.dmg","sourceIndex":"2045"}],"sampleFiles":["201117/FireebokPowerSuite-200420/2.5.9/Samples/Mac_PowerSuite.dmg","201117/FireebokPowerSuite-200420/2.5.9/Samples/PowerSuite"],"imageFiles":["201117/FireebokPowerSuite-200420/2.5.9/Images/ACR-004/MacPowerSuite_Interactions [1].png","201117/FireebokPowerSuite-200420/2.5.9/Images/ACR-004/MacPowerSuite_Interactions [2] Scanning.png","201117/FireebokPowerSuite-200420/2.5.9/Images/ACR-004/MacPowerSuite_Interactions [3] Results.png","201117/FireebokPowerSuite-200420/2.5.9/Images/ACR-004/MacPowerSuite_Interactions [4] Results.png","201117/FireebokPowerSuite-200420/2.5.9/Images/ACR-004/MacPowerSuite_Interactions [6] Register.png","201117/FireebokPowerSuite-200420/2.5.9/Images/ACR-004/MacPowerSuite_LandingPage [1].png","201117/FireebokPowerSuite-200420/2.5.9/Images/ACR-004/MacPowerSuite_OfferPage [1].png","201117/FireebokPowerSuite-200420/2.5.9/Images/ACR-004/MacPowerSuite_OfferPage [2].png"],"nonDeceptorImageFiles":["201117/FireebokPowerSuite-200420/2.5.9/Images/ACR-065/MacPowerSuite_Install [1].png","201117/FireebokPowerSuite-200420/2.5.9/Images/ACR-065/MacPowerSuite_About [1].png"],"guid":"15e233d7-5a50-43c6-8c25-b291ab0658b0_2.5.9_1","appID":"FireebokPowerSuite-200420","dateAdded":"251001","deceptorType":"MacOS App","name":"Fireebok PowerSuite ","company":"Fireebok Studio","version":"2.5.9","sigName":"Deceptor:MacOS/FireebokPowerSuite!004","lastKnownStatus":"2.5.4;2.5.5;2.5.7;2.5.9;2.6.0;2.6.1;2.6.3;2.6.4;2.7.0;3.0.0;3.1.1;3.2.0;3.2.5;3.3.2;3.3.4;3.3.5;3.3.7;3.3.9;3.4.0","lastKnownDate":"251001","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid,paid","lastUpdate":"2025-10-01T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":19,"sortOrder":218},{"violations":{"ACR-004":"App does not provide free fixes for the scan results that can't be permanently fixed. It uses issues identified during free scanning to upsell user the fix, requiring user to purchase subscription service to fix all results identified during free scan.\n"},"nonDeceptorViolations":{"ACR-065":"The install does not display link to the EULA or Terms of Service, Returns and Cancellation Policy, or Privacy Policy.\nThe app does not display links to the Terms of Service or EULA, Returns and Cancellation Policy, or Privacy Policy in the software\n"},"samples":[{"isRevoked":"False","fileName":"Mac_PowerSuite.dmg","isInstaller":"True","fileVersion":"0.","hashMD5":"","hashSHA1":"","hashSHA256":"6c923a64df5cb5dcfc1d6ebf7ca2d485d1bdff60306f777b6896ea7dd54dbb92","sourceIndex":"2035","avBlockList":["Avast Security for Mac (20221213)","Avira Security for Mac (20221213)","Bitdefender Antivirus for Mac (20221213)","ESET Cyber Security Pro for Mac (20221213)","G DATA AntiVirus for Mac (20221213)","Norton Security for Mac (20221213)","Sophos Home Premium For Mac (20221213)","Trend Micro Antivirus for Mac (20221213)"],"avAllowList":["K7 Antivirus for Mac (20221213)","Kaspersky Internet Security for Mac (20221213)","McAfee Internet Security for Mac (20221213)"]},{"isRevoked":"False","fileName":"PowerSuite","fileVersion":"0.","hashMD5":"","hashSHA1":"","hashSHA256":"6b350a990bd634a468e7b0c016f248aaf31015cfb84c4e721689f77d31da12ab","sourceIndex":"2035","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Google Search \"clean up and optimize mac app download\"","reference":"https://www.fireebok.com","landingPage":"https://www.fireebok.com/mac-powersuite.html","directDownloadingLink":"https://www.fireebok.com/product/Mac_PowerSuite.dmg","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.fireebok.com/product/Mac_PowerSuite.dmg","sourceIndex":"2035"}],"sampleFiles":["201207/FireebokPowerSuite-200420/2.6.0/Samples/Mac_PowerSuite.dmg","201207/FireebokPowerSuite-200420/2.6.0/Samples/PowerSuite"],"imageFiles":["201207/FireebokPowerSuite-200420/2.6.0/Images/ACR-004/Fireebok PowerSuite_Interactions [1].png","201207/FireebokPowerSuite-200420/2.6.0/Images/ACR-004/Fireebok PowerSuite_Interactions [2].png","201207/FireebokPowerSuite-200420/2.6.0/Images/ACR-004/Fireebok PowerSuite_Interactions [3].png","201207/FireebokPowerSuite-200420/2.6.0/Images/ACR-004/Fireebok PowerSuite_Interactions [4].png","201207/FireebokPowerSuite-200420/2.6.0/Images/ACR-004/Fireebok PowerSuite_LandingPage [1].png","201207/FireebokPowerSuite-200420/2.6.0/Images/ACR-004/Fireebok PowerSuite_OfferPage [1].png","201207/FireebokPowerSuite-200420/2.6.0/Images/ACR-004/Fireebok PowerSuite_OfferPage [2].png"],"nonDeceptorImageFiles":["201207/FireebokPowerSuite-200420/2.6.0/Images/ACR-065/Fireebok PowerSuite_Install [1].png","201207/FireebokPowerSuite-200420/2.6.0/Images/ACR-065/Fireebok PowerSuite_About [1].png"],"guid":"15e233d7-5a50-43c6-8c25-b291ab0658b0_2.6.0_1","appID":"FireebokPowerSuite-200420","dateAdded":"251001","deceptorType":"MacOS App","name":"Fireebok PowerSuite ","company":"Fireebok Studio","version":"2.6.0","lastKnownStatus":"2.5.4;2.5.5;2.5.7;2.5.9;2.6.0;2.6.1;2.6.3;2.6.4;2.7.0;3.0.0;3.1.1;3.2.0;3.2.5;3.3.2;3.3.4;3.3.5;3.3.7;3.3.9;3.4.0","lastKnownDate":"251001","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid,paid","lastUpdate":"2025-10-01T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":19,"sortOrder":217},{"violations":{"ACR-004":"App does not provide free fixes for the scan results that can't be permanently fixed. It uses issues identified during free scanning to upsell user the fix, requiring user to purchase subscription service to fix all results identified during free scan.\n"},"nonDeceptorViolations":{"ACR-065":"The install wizard does not display link to the EULA or Terms of Service, Returns and Cancellation Policy, or Privacy Policy.\nThe app does not display links to the Terms of Service or EULA, Returns and Cancellation Policy, or Privacy Policy in the software\n"},"samples":[{"isRevoked":"False","fileName":"Mac_PowerSuite.dmg","isInstaller":"True","fileVersion":"0.","hashMD5":"05a38a646ae53841591459b2d0ec2c86","hashSHA1":"1133305fc354272effff700621408201cbaaa086","hashSHA256":"a62030c24d7a489e9aab11d65c6e0cb0446bd13d085d0e9f9c69e74691858580","sourceIndex":"1908","avBlockList":["Avast Security for Mac (20230411)","Avira Security for Mac (20230411)","Bitdefender Antivirus for Mac (20230411)","ESET Cyber Security Pro for Mac (20230411)","G DATA AntiVirus for Mac (20230411)","Norton Security for Mac (20230411)","Sophos Home Premium For Mac (20230411)","Trend Micro Antivirus for Mac (20230411)"],"avAllowList":["K7 Antivirus for Mac (20230411)","Kaspersky Internet Security for Mac (20230411)","McAfee Internet Security for Mac (20230411)"]},{"isRevoked":"False","fileName":"PowerSuite","fileVersion":"0.","hashMD5":"9fd6c36d3f72aae1a733ea172fbfd5b0","hashSHA1":"f9f7aad3122b620b2e6bfa5f22d6798886828b49","hashSHA256":"27a338f239d604d0cb2c9435188666fca938a417680573b67187ecfc6d95334f","sourceIndex":"1908","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"Mac_PowerSuite [2].dmg","isInstaller":"True","fileVersion":"0.","hashMD5":"ee3c6372f54a8ff4f2726043cd64da86","hashSHA1":"6fc77649a532b2761c20b1be3aaf9571c1c6e16d","hashSHA256":"93dacc949ce7961763fe194404c33e6354715745770d4d33370282826a45101e","sourceIndex":"1908","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"PowerSuite [2]","fileVersion":"0.","hashMD5":"ac07ccc213fc4635facbd703587e5591","hashSHA1":"ccea2c763a993c7d30f5fa4a40e1140d52cffc2b","hashSHA256":"6f7ca253fd086761dc8d830e7fca7a55be0c53f3c92cae2fb8d6d613bba2456f","sourceIndex":"1908","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Google Search \"clean up and optimize mac app download\"","reference":"https://www.fireebok.com","landingPage":"https://www.fireebok.com/mac-powersuite.html","directDownloadingLink":"https://www.fireebok.com/product/Mac_PowerSuite.dmg","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.fireebok.com/product/Mac_PowerSuite.dmg","sourceIndex":"1908"}],"sampleFiles":["210530/FireebokPowerSuite-200420/2.6.1/Samples/Mac_PowerSuite.dmg","210530/FireebokPowerSuite-200420/2.6.1/Samples/PowerSuite","210530/FireebokPowerSuite-200420/2.6.1/Samples/Mac_PowerSuite [2].dmg","210530/FireebokPowerSuite-200420/2.6.1/Samples/PowerSuite [2]"],"imageFiles":["210530/FireebokPowerSuite-200420/2.6.1/Images/ACR-004/Mac_PowerSuite_Interactions [2].png","210530/FireebokPowerSuite-200420/2.6.1/Images/ACR-004/Mac_PowerSuite_Interactions [3].png","210530/FireebokPowerSuite-200420/2.6.1/Images/ACR-004/Mac_PowerSuite_Interactions [4].png","210530/FireebokPowerSuite-200420/2.6.1/Images/ACR-004/Mac_PowerSuite_OfferPage [1].png","210530/FireebokPowerSuite-200420/2.6.1/Images/ACR-004/Mac_PowerSuite_OfferPage [2].png"],"nonDeceptorImageFiles":["210530/FireebokPowerSuite-200420/2.6.1/Images/ACR-065/Mac_PowerSuite_Install [1].png","210530/FireebokPowerSuite-200420/2.6.1/Images/ACR-065/Mac_PowerSuite_About [1].png"],"guid":"15e233d7-5a50-43c6-8c25-b291ab0658b0_2.6.1_1","appID":"FireebokPowerSuite-200420","dateAdded":"251001","deceptorType":"MacOS App","name":"Fireebok PowerSuite ","company":"Fireebok Studio","version":"2.6.1","sigName":"Deceptor:MacOS/FireebokPowerSuite!004","lastKnownStatus":"2.5.4;2.5.5;2.5.7;2.5.9;2.6.0;2.6.1;2.6.3;2.6.4;2.7.0;3.0.0;3.1.1;3.2.0;3.2.5;3.3.2;3.3.4;3.3.5;3.3.7;3.3.9;3.4.0","lastKnownDate":"251001","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid,paid","lastUpdate":"2025-10-01T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":19,"sortOrder":216},{"violations":{"ACR-004":"App does not provide free fixes for the scan results that can't be permanently fixed. It uses issues identified during free scanning to upsell user the fix, requiring user to purchase subscription service to fix all results identified during free scan.\n"},"nonDeceptorViolations":{"ACR-065":"The install wizard does not display link to the EULA or Terms of Service, Returns and Cancellation Policy, or Privacy Policy.\nThe app does not display links to the Terms of Service or EULA, Returns and Cancellation Policy, or Privacy Policy in the software\n","ACR-167":"The app only provides a 7-day refund policy and not a 30-day refund policy.\n"},"samples":[{"isRevoked":"False","fileName":"Mac_PowerSuite.dmg","isInstaller":"True","fileVersion":"0.","hashMD5":"5ebd45897d9c5cb78779c856d3a5bb5c","hashSHA1":"5baf141dcc725d0912adf34e29013b88896d3339","hashSHA256":"9be55ff85bcd6cd9d102329fc068f99d6033a3d7b475a3d841a984d73523886d","sourceIndex":"1843","avBlockList":["Avast Security for Mac (20240409)","Avira Security for Mac (20240409)","Bitdefender Antivirus for Mac (20240409)","ESET Cyber Security Pro for Mac (20240409)","G DATA AntiVirus for Mac (20240409)","Kaspersky Internet Security for Mac (20240409)","Norton Security for Mac (20240409)","Sophos Home Premium For Mac (20240409)","SpyHunterforMac (20240409)","Trend Micro Antivirus for Mac (20240409)"],"avAllowList":["K7 Antivirus for Mac (20240409)","McAfee Internet Security for Mac (20240409)"]},{"isRevoked":"False","fileName":"PowerSuite","fileVersion":"0.","hashMD5":"ca285e0272f64effba615862a1d04eae","hashSHA1":"fd1b432198d160a896918d7e9e3c3939dcbcd114","hashSHA256":"d40d1501815ad1b2f4438d80df8d0a3bfc8052fa7833184a594989cfe48ea11b","sourceIndex":"1843","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Google Search \"clean up and optimize mac app download\"","reference":"https://www.fireebok.com","landingPage":"https://www.fireebok.com/mac-powersuite.html","directDownloadingLink":"https://www.fireebok.com/product/Mac_PowerSuite.dmg","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.fireebok.com/product/Mac_PowerSuite.dmg","sourceIndex":"1843"}],"sampleFiles":["210726/FireebokPowerSuite-200420/2.6.3/Samples/Mac_PowerSuite.dmg","210726/FireebokPowerSuite-200420/2.6.3/Samples/PowerSuite"],"imageFiles":["210726/FireebokPowerSuite-200420/2.6.3/Images/ACR-004/Fireebok PowerSuite_Interactions [2].png","210726/FireebokPowerSuite-200420/2.6.3/Images/ACR-004/Fireebok PowerSuite_Interactions [3].png","210726/FireebokPowerSuite-200420/2.6.3/Images/ACR-004/Fireebok PowerSuite_Interactions [4].png"],"nonDeceptorImageFiles":["210726/FireebokPowerSuite-200420/2.6.3/Images/ACR-065/Fireebok PowerSuite_Install [1].png","210726/FireebokPowerSuite-200420/2.6.3/Images/ACR-065/Fireebok PowerSuite_About [1].png","210726/FireebokPowerSuite-200420/2.6.3/Images/ACR-167/Fireebok PowerSuite_ Refund Policy.png"],"guid":"15e233d7-5a50-43c6-8c25-b291ab0658b0_2.6.3_1","appID":"FireebokPowerSuite-200420","dateAdded":"251001","deceptorType":"MacOS App","name":"Fireebok PowerSuite ","company":"Fireebok Studio","version":"2.6.3","lastKnownStatus":"2.5.4;2.5.5;2.5.7;2.5.9;2.6.0;2.6.1;2.6.3;2.6.4;2.7.0;3.0.0;3.1.1;3.2.0;3.2.5;3.3.2;3.3.4;3.3.5;3.3.7;3.3.9;3.4.0","lastKnownDate":"251001","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid,paid","lastUpdate":"2025-10-01T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":19,"sortOrder":215},{"violations":{"ACR-004":"App does not provide free fixes for the scan results that can't be permanently fixed. It uses issues identified during free scanning to upsell user the fix, requiring user to purchase subscription service to fix all results identified during free scan.\n"},"nonDeceptorViolations":{"ACR-065":"The install wizard does not display link to the EULA or Terms of Service, Returns and Cancellation Policy, or Privacy Policy.\nThe app does not display links to the Terms of Service or EULA, Returns and Cancellation Policy, or Privacy Policy in the software\n","ACR-167":"The app only provides a 7-day refund policy and not a 30-day refund policy.\n"},"samples":[{"isRevoked":"False","fileName":"Mac_PowerSuite.dmg","isInstaller":"True","fileVersion":"0.","hashMD5":"d2d63ca551e52df1913014740d11008b","hashSHA1":"df60692e712aa1806659b1ac3fe638bc58135ba2","hashSHA256":"5f4f359ef758608777fd8f7b9426af0ca9700dfaafbeae76ac00a1d453689a83","sourceIndex":"1818","avBlockList":["Avast Security for Mac (20230214)","Avira Security for Mac (20230214)","Bitdefender Antivirus for Mac (20230214)","ESET Cyber Security Pro for Mac (20230214)","G DATA AntiVirus for Mac (20230214)","Norton Security for Mac (20230214)","Sophos Home Premium For Mac (20230214)","Trend Micro Antivirus for Mac (20230214)"],"avAllowList":["K7 Antivirus for Mac (20230214)","Kaspersky Internet Security for Mac (20230214)","McAfee Internet Security for Mac (20230214)"]},{"isRevoked":"False","fileName":"PowerSuite","fileVersion":"0.","hashMD5":"d491df906afca601e955e4f6bb5dbe8a","hashSHA1":"3b0ce567f739c601ec1922b704532c78409d4f82","hashSHA256":"d7b63ff97d3267ee2ad80ef79d0cbd213ca085753c218769c3369919973d8d09","sourceIndex":"1818","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"https://www.fireebok.com","landingPage":"https://www.fireebok.com/mac-powersuite.html","directDownloadingLink":"https://www.fireebok.com/product/Mac_PowerSuite.dmg","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.fireebok.com/product/Mac_PowerSuite.dmg","sourceIndex":"1818"}],"sampleFiles":["210909/FireebokPowerSuite-200420/2.6.4/Samples/Mac_PowerSuite.dmg","210909/FireebokPowerSuite-200420/2.6.4/Samples/PowerSuite"],"imageFiles":["210909/FireebokPowerSuite-200420/2.6.4/Images/ACR-004/PowerSuite_Interactions [2].png","210909/FireebokPowerSuite-200420/2.6.4/Images/ACR-004/PowerSuite_Interactions [3].png","210909/FireebokPowerSuite-200420/2.6.4/Images/ACR-004/PowerSuite_Interactions [4].png","210909/FireebokPowerSuite-200420/2.6.4/Images/ACR-004/PowerSuite_Interactions [5].png"],"nonDeceptorImageFiles":["210909/FireebokPowerSuite-200420/2.6.4/Images/ACR-065/PowerSuite_Install [1].png","210909/FireebokPowerSuite-200420/2.6.4/Images/ACR-065/PowerSuite_About [1].png.png","210909/FireebokPowerSuite-200420/2.6.4/Images/ACR-167/Fireebok PowerSuite_ Refund Policy.png"],"guid":"15e233d7-5a50-43c6-8c25-b291ab0658b0_2.6.4_1","appID":"FireebokPowerSuite-200420","dateAdded":"251001","deceptorType":"MacOS App","name":"Fireebok PowerSuite ","company":"Fireebok Studio","version":"2.6.4","lastKnownStatus":"2.5.4;2.5.5;2.5.7;2.5.9;2.6.0;2.6.1;2.6.3;2.6.4;2.7.0;3.0.0;3.1.1;3.2.0;3.2.5;3.3.2;3.3.4;3.3.5;3.3.7;3.3.9;3.4.0","lastKnownDate":"251001","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid,paid","lastUpdate":"2025-10-01T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":19,"sortOrder":214},{"violations":{"ACR-004":"App does not provide free fixes for the scan results that can't be permanently fixed. It uses issues identified during free scanning to upsell user the fix, requiring user to purchase subscription service to fix all results identified during free scan.\n"},"nonDeceptorViolations":{"ACR-065":"The install wizard does not display link to the EULA or Terms of Service, Returns and Cancellation Policy, or Privacy Policy.\nThe app does not display links to the Terms of Service or EULA, Returns and Cancellation Policy, or Privacy Policy in the software\n","ACR-167":"The app only provides a 7-day refund policy and not a 30-day refund policy.\n"},"samples":[{"isRevoked":"False","fileName":"Mac_PowerSuite.dmg","isInstaller":"True","fileVersion":"0.","hashMD5":"675a6cdc59c35c788815ba778eb29be3","hashSHA1":"afa7c3f2ecc0a8ddc943accc1b43cca3650d7e35","hashSHA256":"58f7b39a2f7dcdca15f3c4b9b919d7c73af9a7dae9e47ff675aaec66409d5244","sourceIndex":"1781","avBlockList":["Avast Security for Mac (20240611)","Avira Security for Mac (20240611)","Bitdefender Antivirus for Mac (20240611)","ESET Cyber Security Pro for Mac (20240611)","G DATA AntiVirus for Mac (20240611)","Kaspersky Internet Security for Mac (20240611)","Norton Security for Mac (20240611)","Sophos Home Premium For Mac (20240611)","SpyHunterforMac (20240611)","Trend Micro Antivirus for Mac (20240611)"],"avAllowList":["K7 Antivirus for Mac (20240611)","McAfee Internet Security for Mac (20240611)"]},{"isRevoked":"False","fileName":"PowerSuite","fileVersion":"0.","hashMD5":"5a6fc397e38bf07baa587c9ca918cc12","hashSHA1":"58a308cc6fd144c79b296aed928782138c995392","hashSHA256":"30cc642c67d28093787fa3e43dd5ddde22fc764c865efa092b6505b4afd12a57","sourceIndex":"1781","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Google Search \"clean up and optimize mac app download\"","reference":"https://www.fireebok.com","landingPage":"https://www.fireebok.com/mac-powersuite.html","directDownloadingLink":"https://www.fireebok.com/product/Mac_PowerSuite.dmg ","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.fireebok.com/product/Mac_PowerSuite.dmg ","sourceIndex":"1781"}],"sampleFiles":["211129/FireebokPowerSuite-200420/2.7.0/Samples/Mac_PowerSuite.dmg","211129/FireebokPowerSuite-200420/2.7.0/Samples/PowerSuite"],"imageFiles":["211129/FireebokPowerSuite-200420/2.7.0/Images/ACR-004/PowerSuite_Interactions [5].png","211129/FireebokPowerSuite-200420/2.7.0/Images/ACR-004/Mac_PowerSuite_Interactions [1].png","211129/FireebokPowerSuite-200420/2.7.0/Images/ACR-004/Mac_PowerSuite_Interactions [2].png","211129/FireebokPowerSuite-200420/2.7.0/Images/ACR-004/Mac_PowerSuite_Interactions [3].png","211129/FireebokPowerSuite-200420/2.7.0/Images/ACR-004/Mac_PowerSuite_Interactions [4].png"],"nonDeceptorImageFiles":["211129/FireebokPowerSuite-200420/2.7.0/Images/ACR-065/Mac_PowerSuite_Install [1].png","211129/FireebokPowerSuite-200420/2.7.0/Images/ACR-065/Mac_PowerSuite_About [1].png","211129/FireebokPowerSuite-200420/2.7.0/Images/ACR-167/Fireebok PowerSuite_ Refund Policy.png"],"guid":"15e233d7-5a50-43c6-8c25-b291ab0658b0_2.7.0_1","appID":"FireebokPowerSuite-200420","dateAdded":"251001","deceptorType":"MacOS App","name":"Fireebok PowerSuite ","company":"Fireebok Studio","version":"2.7.0","lastKnownStatus":"2.5.4;2.5.5;2.5.7;2.5.9;2.6.0;2.6.1;2.6.3;2.6.4;2.7.0;3.0.0;3.1.1;3.2.0;3.2.5;3.3.2;3.3.4;3.3.5;3.3.7;3.3.9;3.4.0","lastKnownDate":"251001","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid,paid","lastUpdate":"2025-10-01T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":19,"sortOrder":213},{"violations":{"ACR-004":"App does not provide free fixes for the scan results that can't be permanently fixed. It uses issues identified during free scanning to upsell user the fix, requiring user to purchase subscription service to fix all results identified during free scan.\n"},"nonDeceptorViolations":{"ACR-065":"The install wizard does not display link to the EULA or Terms of Service, Returns and Cancellation Policy, or Privacy Policy.\nThe app does not display links to the Terms of Service or EULA, Returns and Cancellation Policy, or Privacy Policy in the software\n","ACR-167":"The app only provides a 7-day refund policy and not a 30-day refund policy.\n"},"samples":[{"isRevoked":"False","fileName":"Mac_PowerSuite.dmg","isInstaller":"True","fileVersion":"0.","hashMD5":"7ed799b92dea94283f0cd6a3893a9045","hashSHA1":"13037133f127af34f918ba7b35652cd9786a6c43","hashSHA256":"8e76efd97e7f454157076ade997469c46a3b25a970139da820ad98bfdfd193f7","sourceIndex":"1775","avBlockList":["Avast Security for Mac (20240514)","Avira Security for Mac (20240514)","Bitdefender Antivirus for Mac (20240514)","ESET Cyber Security Pro for Mac (20240514)","G DATA AntiVirus for Mac (20240514)","Kaspersky Internet Security for Mac (20240514)","Norton Security for Mac (20240514)","Sophos Home Premium For Mac (20240514)","Trend Micro Antivirus for Mac (20240514)","SpyHunterforMac (20240514)"],"avAllowList":["K7 Antivirus for Mac (20240514)","McAfee Internet Security for Mac (20240514)"]},{"isRevoked":"False","fileName":"PowerSuite","fileVersion":"0.","hashMD5":"71555914fc88b9302aae322f158c6825","hashSHA1":"b0160f261e8752c411180b6fe70a571277d960e9","hashSHA256":"7101beddc743f6500a409f59eed41db2edf19bcd7da0eb28d9b69ef14b886942","sourceIndex":"1775","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"https://www.fireebok.com","landingPage":"https://www.fireebok.com/mac-powersuite.html","directDownloadingLink":"https://www.fireebok.com/product/Mac_PowerSuite.dmg","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.fireebok.com/product/Mac_PowerSuite.dmg","sourceIndex":"1775"}],"sampleFiles":["211206/FireebokPowerSuite-200420/3.0.0/Samples/Mac_PowerSuite.dmg","211206/FireebokPowerSuite-200420/3.0.0/Samples/PowerSuite"],"imageFiles":["211206/FireebokPowerSuite-200420/3.0.0/Images/ACR-004/PowerSuite_Interactions [1].png","211206/FireebokPowerSuite-200420/3.0.0/Images/ACR-004/PowerSuite_Interactions [3].png","211206/FireebokPowerSuite-200420/3.0.0/Images/ACR-004/PowerSuite_Interactions [4].png","211206/FireebokPowerSuite-200420/3.0.0/Images/ACR-004/PowerSuite_Interactions [5].png"],"nonDeceptorImageFiles":["211206/FireebokPowerSuite-200420/3.0.0/Images/ACR-065/PowerSuite_Install [1].png","211206/FireebokPowerSuite-200420/3.0.0/Images/ACR-065/PowerSuite_About [1].png","211206/FireebokPowerSuite-200420/3.0.0/Images/ACR-167/PowerSuite_Refund Policy.png"],"guid":"15e233d7-5a50-43c6-8c25-b291ab0658b0_3.0.0_1","appID":"FireebokPowerSuite-200420","dateAdded":"251001","deceptorType":"MacOS App","name":"Fireebok PowerSuite ","company":"Fireebok Studio","version":"3.0.0","lastKnownStatus":"2.5.4;2.5.5;2.5.7;2.5.9;2.6.0;2.6.1;2.6.3;2.6.4;2.7.0;3.0.0;3.1.1;3.2.0;3.2.5;3.3.2;3.3.4;3.3.5;3.3.7;3.3.9;3.4.0","lastKnownDate":"251001","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid,paid","lastUpdate":"2025-10-01T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":19,"sortOrder":212},{"violations":{"ACR-004":"App does not provide free fixes for the scan results that can't be permanently fixed. It uses issues identified during free scanning to upsell user the fix, requiring user to purchase subscription service to fix all results identified during free scan.\n"},"nonDeceptorViolations":{"ACR-065":"The install wizard does not display link to the EULA or Terms of Service, Returns and Cancellation Policy, or Privacy Policy.\nThe app does not display links to the Terms of Service or EULA, Returns and Cancellation Policy, or Privacy Policy in the software\n","ACR-167":"The app only provides a 7-day refund policy and not a 30-day refund policy.\n"},"samples":[{"isRevoked":"False","fileName":"Mac_PowerSuite.dmg","isInstaller":"True","fileVersion":"0.","hashMD5":"ca02fd9b39ac732dbfbac79e0c6e8894","hashSHA1":"4fe9f32c732f5856c09b66a38b190a5246a05c4e","hashSHA256":"2f40072564daebf957691fa0b6f6d5b552ab93b757bf56995e7ab192890c7e86","sourceIndex":"1620","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"PowerSuite","fileVersion":"0.","hashMD5":"d4b415da37c3aaf51c941e8da3dca891","hashSHA1":"915da4888fbe5200676dd7dff99e6c529bab110f","hashSHA256":"f787f9915e3d1bf9c6d8c6074d11b59f9d64ab639c84cdd4c7d1328ff97c9a1d","sourceIndex":"1620","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Google Search \"clean up and optimize mac app download\"","reference":"https://www.fireebok.com","landingPage":"https://www.fireebok.com/mac-powersuite.html","directDownloadingLink":"https://www.fireebok.com/product/Mac_PowerSuite.dmg","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.fireebok.com/product/Mac_PowerSuite.dmg","sourceIndex":"1620"}],"sampleFiles":["220510/FireebokPowerSuite-200420/3.1.1/Samples/Mac_PowerSuite.dmg","220510/FireebokPowerSuite-200420/3.1.1/Samples/PowerSuite"],"imageFiles":["220510/FireebokPowerSuite-200420/3.1.1/Images/ACR-004/Fireebok PowerSuite_Interactions [3].png","220510/FireebokPowerSuite-200420/3.1.1/Images/ACR-004/Fireebok PowerSuite_Interactions [4].png","220510/FireebokPowerSuite-200420/3.1.1/Images/ACR-004/Fireebok PowerSuite_Interactions [5].png"],"nonDeceptorImageFiles":["220510/FireebokPowerSuite-200420/3.1.1/Images/ACR-065/Fireebok PowerSuite_Install [1].png","220510/FireebokPowerSuite-200420/3.1.1/Images/ACR-065/Fireebok PowerSuite_About [1].png","220510/FireebokPowerSuite-200420/3.1.1/Images/ACR-167/Fireebok PowerSuite_Refund Policy.png"],"guid":"15e233d7-5a50-43c6-8c25-b291ab0658b0_3.1.1_1","appID":"FireebokPowerSuite-200420","dateAdded":"251001","deceptorType":"MacOS App","name":"Fireebok PowerSuite ","company":"Fireebok Studio","version":"3.1.1","lastKnownStatus":"2.5.4;2.5.5;2.5.7;2.5.9;2.6.0;2.6.1;2.6.3;2.6.4;2.7.0;3.0.0;3.1.1;3.2.0;3.2.5;3.3.2;3.3.4;3.3.5;3.3.7;3.3.9;3.4.0","lastKnownDate":"251001","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid,paid","lastUpdate":"2025-10-01T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":19,"sortOrder":211},{"violations":{"ACR-004":"While the app can show scan results in its trial version, it does not provide any free fixes for the results shown. In order to perform a clean, user must enter a license key or buy a license first.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"Mac_PowerSuite.dmg","isInstaller":"True","fileVersion":"0.","hashMD5":"7dcb3b04ee378d7eeb3291e89a6f7126","hashSHA1":"cb19e954d1577a0b4138ab6b569f7f0f4f35ba52","hashSHA256":"11bd4fc9fe62d237026bec10e79cb3605f31dc199cca9347b3b1aa0f7be6e902","sourceIndex":"1267","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"PowerSuite","fileVersion":"0.","hashMD5":"a7742214406129bd42a93a188aa5fed1","hashSHA1":"a99a57c80b2641f0d5871868e3598caed6ed4e64","hashSHA256":"55008e274c9790cc445c2433e06c2fd5eb047643f082845ee3aac954ed95e8db","sourceIndex":"1267","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"searching for cleaner apps via download sites","reference":"https://www.fireebok.com","landingPage":"https://www.fireebok.com/mac-powersuite.html","directDownloadingLink":"https://www.fireebok.com/product/Mac_PowerSuite.dmg","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.fireebok.com/product/Mac_PowerSuite.dmg","sourceIndex":"1267"}],"sampleFiles":["221222/FireebokPowerSuite-200420/3.2.5/Samples/Mac_PowerSuite.dmg","221222/FireebokPowerSuite-200420/3.2.5/Samples/PowerSuite"],"imageFiles":["221222/FireebokPowerSuite-200420/3.2.5/Images/ACR-004/ACR004-1.png","221222/FireebokPowerSuite-200420/3.2.5/Images/ACR-004/ACR004-2.png","221222/FireebokPowerSuite-200420/3.2.5/Images/ACR-004/ACR004.mp4"],"nonDeceptorImageFiles":[],"guid":"15e233d7-5a50-43c6-8c25-b291ab0658b0_3.2.5_1","appID":"FireebokPowerSuite-200420","dateAdded":"251001","deceptorType":"MacOS App","name":"Fireebok PowerSuite ","company":"Fireebok Studio","version":"3.2.5","lastKnownStatus":"2.5.4;2.5.5;2.5.7;2.5.9;2.6.0;2.6.1;2.6.3;2.6.4;2.7.0;3.0.0;3.1.1;3.2.0;3.2.5;3.3.2;3.3.4;3.3.5;3.3.7;3.3.9;3.4.0","lastKnownDate":"251001","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2026-05-12T23:00:13.217477+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":19,"sortOrder":209},{"violations":{"ACR-004":"App does not provide free fixes for the scan results that can't be permanently fixed. It uses issues identified during free scanning to upsell user the fix, requiring user to purchase subscription service to fix all results identified during free scan.\n"},"nonDeceptorViolations":{"ACR-065":"The install wizard does not display link to the EULA or Terms of Service, Returns and Cancellation Policy, or Privacy Policy.\nThe app does not display links to the Terms of Service or EULA, Returns and Cancellation Policy, or Privacy Policy in the software\n","ACR-167":"The app only provides a 7-day refund policy and not a 30-day refund policy.\n"},"samples":[{"isRevoked":"False","fileName":"Mac_PowerSuite.dmg","isInstaller":"True","fileVersion":"0.","hashMD5":"ed2200e7e2354cf27cde487331fcfc97","hashSHA1":"b6961415d12709e2041117e8b6a549b376931ac3","hashSHA256":"93208042be7efa8ff023f7e9adedcc73c542b886ebd1bdee406a0db2e723a7c2","sourceIndex":"741","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"PowerSuite","fileVersion":"0.","hashMD5":"0a7e7d3f3ac28afe0876f10741e759de","hashSHA1":"85f90f478d08dc9677cd2de391ec4edc3884a158","hashSHA256":"3547bdcf19756359bfd8d3d516c1ad8206a46e54d518d7d315df1cbf392c28f4","sourceIndex":"741","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Google Search \"clean up and optimize mac app download\"","reference":"https://www.fireebok.com","landingPage":"https://www.fireebok.com/mac-powersuite.html","directDownloadingLink":"https://www.fireebok.com/product/Mac_PowerSuite.dmg","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.fireebok.com/product/Mac_PowerSuite.dmg","sourceIndex":"741"}],"sampleFiles":["240205/FireebokPowerSuite-200420/3.3.2/Samples/Mac_PowerSuite.dmg","240205/FireebokPowerSuite-200420/3.3.2/Samples/PowerSuite"],"imageFiles":["240205/FireebokPowerSuite-200420/3.3.2/Images/ACR-004/App1.png","240205/FireebokPowerSuite-200420/3.3.2/Images/ACR-004/app2.png","240205/FireebokPowerSuite-200420/3.3.2/Images/ACR-004/app3.png"],"nonDeceptorImageFiles":["240205/FireebokPowerSuite-200420/3.3.2/Images/ACR-065/install.png","240205/FireebokPowerSuite-200420/3.3.2/Images/ACR-065/About.png","240205/FireebokPowerSuite-200420/3.3.2/Images/ACR-167/Refund Policy.png"],"guid":"15e233d7-5a50-43c6-8c25-b291ab0658b0_3.3.2_1","appID":"FireebokPowerSuite-200420","dateAdded":"251001","deceptorType":"MacOS App","name":"Fireebok PowerSuite ","company":"Fireebok Studio","version":"3.3.2","lastKnownStatus":"2.5.4;2.5.5;2.5.7;2.5.9;2.6.0;2.6.1;2.6.3;2.6.4;2.7.0;3.0.0;3.1.1;3.2.0;3.2.5;3.3.2;3.3.4;3.3.5;3.3.7;3.3.9;3.4.0","lastKnownDate":"251001","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid,paid","lastUpdate":"2026-05-12T22:59:57.448655+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":19,"sortOrder":208},{"violations":{"ACR-004":"App does not provide free fixes for the scan results that can't be permanently fixed. It uses issues identified during free scanning to upsell user the fix, requiring user to purchase subscription service to fix all results identified during free scan.\n"},"nonDeceptorViolations":{"ACR-065":"The install wizard does not display link to the EULA or Terms of Service, Returns and Cancellation Policy, or Privacy Policy.\nThe app does not display links to the Terms of Service or EULA, Returns and Cancellation Policy, or Privacy Policy in the software\n","ACR-167":"The app only provides a 7-day refund policy and not a 30-day refund policy.\n"},"samples":[{"isRevoked":"False","fileName":"Mac_PowerSuite.dmg","isInstaller":"True","fileVersion":"0.","hashMD5":"cbe159587ee8d71f46bfec26a6fa75a7","hashSHA1":"30e7a44c1396d443f2d0193086de63386bf55dd2","hashSHA256":"fda9d1adae38c7d14f0a7166891c5c94252f8265d7de7235bdde3cbb1a3ea029","sourceIndex":"614","avBlockList":["Avast Security for Mac (20240910)","Avira Security for Mac (20240910)","Bitdefender Antivirus for Mac (20240910)","ESET Cyber Security Pro for Mac (20240910)","G DATA AntiVirus for Mac (20240910)","Kaspersky Internet Security for Mac (20240910)","Norton Security for Mac (20240910)","Sophos Home Premium For Mac (20240910)","SpyHunterforMac (20240910)","Trend Micro Antivirus for Mac (20240910)"],"avAllowList":["K7 Antivirus for Mac (20240910)","McAfee Internet Security for Mac (20240910)"]},{"isRevoked":"False","fileName":"PowerSuite","fileVersion":"0.","hashMD5":"dd83f57bd7baa858d7c12bda4ac23de4","hashSHA1":"756c37b8d8eb56b34acaee9c26da4d23d0fecdc2","hashSHA256":"7457cb3f99465092276c87eccde5efea7ebd797bb309fd1081518701d62ba7fd","sourceIndex":"614","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Google Search \"clean up and optimize mac app download\"","reference":"https://www.fireebok.com","landingPage":"https://www.fireebok.com/mac-powersuite.html","directDownloadingLink":"https://www.fireebok.com/product/Mac_PowerSuite.dmg","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.fireebok.com/product/Mac_PowerSuite.dmg","sourceIndex":"614"}],"sampleFiles":["240703/FireebokPowerSuite-200420/3.3.4/Samples/Mac_PowerSuite.dmg","240703/FireebokPowerSuite-200420/3.3.4/Samples/PowerSuite"],"imageFiles":["240703/FireebokPowerSuite-200420/3.3.4/Images/ACR-004/App2.png","240703/FireebokPowerSuite-200420/3.3.4/Images/ACR-004/App3.png","240703/FireebokPowerSuite-200420/3.3.4/Images/ACR-004/App4.png"],"nonDeceptorImageFiles":["240703/FireebokPowerSuite-200420/3.3.4/Images/ACR-065/Install.png","240703/FireebokPowerSuite-200420/3.3.4/Images/ACR-065/About.png","240703/FireebokPowerSuite-200420/3.3.4/Images/ACR-167/Refund Policy.png"],"guid":"15e233d7-5a50-43c6-8c25-b291ab0658b0_3.3.4_1","appID":"FireebokPowerSuite-200420","dateAdded":"251001","deceptorType":"MacOS App","name":"Fireebok PowerSuite ","company":"Fireebok Studio","version":"3.3.4","lastKnownStatus":"2.5.4;2.5.5;2.5.7;2.5.9;2.6.0;2.6.1;2.6.3;2.6.4;2.7.0;3.0.0;3.1.1;3.2.0;3.2.5;3.3.2;3.3.4;3.3.5;3.3.7;3.3.9;3.4.0","lastKnownDate":"251001","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid,paid","lastUpdate":"2026-05-12T22:59:53.5084508+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":19,"sortOrder":207},{"violations":{"ACR-004":"App does not provide free fixes for the scan results that can't be permanently fixed. It uses issues identified during free scanning to upsell user the fix, requiring user to purchase subscription service to fix all results identified during free scan.\n"},"nonDeceptorViolations":{"ACR-065":"The install wizard does not display link to the EULA or Terms of Service, Returns and Cancellation Policy, or Privacy Policy.\nThe app does not display links to the Terms of Service or EULA, Returns and Cancellation Policy, or Privacy Policy in the software\n","ACR-167":"The app only provides a 7-day refund policy and not a 30-day refund policy.\n"},"samples":[{"isRevoked":"False","fileName":"Mac_PowerSuite.dmg","isInstaller":"True","fileVersion":"0.","hashMD5":"b5a1c2369eb95866454d0bbc101c467d","hashSHA1":"6fa49fe3dcc0e8b870a2dd7ccba9c27a56fd364c","hashSHA256":"0ee7f9252e14e734fcd4565f073a6f2fb31329d44595ed6b8e8b52900f928d9a","sourceIndex":"348","avBlockList":["Avast Security for Mac (20241210)","Avira Security for Mac (20241210)","Bitdefender Antivirus for Mac (20241210)","ESET Cyber Security Pro for Mac (20241210)","G DATA AntiVirus for Mac (20241210)","Kaspersky Internet Security for Mac (20241210)","Norton Security for Mac (20241210)","Sophos Home Premium For Mac (20241210)","SpyHunterforMac (20241210)","Trend Micro Antivirus for Mac (20241210)"],"avAllowList":["K7 Antivirus for Mac (20241210)","McAfee Internet Security for Mac (20241210)"]},{"isRevoked":"False","fileName":"PowerSuite","fileVersion":"0.","hashMD5":"78779e7285e4a7d785c4ab0d099ca9e6","hashSHA1":"99b73f975134bc19e27a51f23aa38f77cbd4e69b","hashSHA256":"4e1d2d1a967bd905b6dd4e73d4dd99cdd6cad6d27993f129b3e1fae215f225a1","sourceIndex":"348","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Google Search \"clean up and optimize mac app download\"","reference":"https://www.fireebok.com","landingPage":"https://www.fireebok.com/mac-powersuite.html","directDownloadingLink":"https://www.fireebok.com/product/Mac_PowerSuite.dmg","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.fireebok.com/product/Mac_PowerSuite.dmg","sourceIndex":"348"}],"sampleFiles":["241121/FireebokPowerSuite-200420/3.3.5/Samples/Mac_PowerSuite.dmg","241121/FireebokPowerSuite-200420/3.3.5/Samples/PowerSuite"],"imageFiles":["241121/FireebokPowerSuite-200420/3.3.5/Images/ACR-004/App3.png","241121/FireebokPowerSuite-200420/3.3.5/Images/ACR-004/App4.png","241121/FireebokPowerSuite-200420/3.3.5/Images/ACR-004/App5.png"],"nonDeceptorImageFiles":["241121/FireebokPowerSuite-200420/3.3.5/Images/ACR-065/Install1.png","241121/FireebokPowerSuite-200420/3.3.5/Images/ACR-065/App1.png","241121/FireebokPowerSuite-200420/3.3.5/Images/ACR-167/refundpolicy_7days.png"],"guid":"15e233d7-5a50-43c6-8c25-b291ab0658b0_3.3.5_1","appID":"FireebokPowerSuite-200420","dateAdded":"251001","deceptorType":"MacOS App","name":"Fireebok PowerSuite ","company":"Fireebok Studio","version":"3.3.5","lastKnownStatus":"2.5.4;2.5.5;2.5.7;2.5.9;2.6.0;2.6.1;2.6.3;2.6.4;2.7.0;3.0.0;3.1.1;3.2.0;3.2.5;3.3.2;3.3.4;3.3.5;3.3.7;3.3.9;3.4.0","lastKnownDate":"251001","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid,paid","lastUpdate":"2026-05-12T22:59:44.9331489+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":19,"sortOrder":206},{"violations":{"ACR-004":"App does not provide free fixes for the scan results that can't be permanently fixed. It uses issues identified during free scanning to upsell user the fix, requiring user to purchase subscription service to fix all results identified during free scan.\n"},"nonDeceptorViolations":{"ACR-065":"The install wizard does not display link to the EULA or Terms of Service, Returns and Cancellation Policy, or Privacy Policy.\nThe app does not display links to the Terms of Service or EULA, Returns and Cancellation Policy, or Privacy Policy in the software\n","ACR-167":"The app only provides a 7-day refund policy and not a 30-day refund policy.\n"},"samples":[{"isRevoked":"False","fileName":"Mac_PowerSuite.dmg","isInstaller":"True","fileVersion":"0.","hashMD5":"be3d95f700f337ed2d2fceb4ea31507c","hashSHA1":"4b89545c95e5fde5fc2bbe228b11a968e952582e","hashSHA256":"2687c5368b7ef36ee45ca68135cf6ce0cb709c98ac280d9fcbde19c9606c296f","sourceIndex":"256","avBlockList":["Avast Security for Mac (20250311)","Avira Security for Mac (20250311)","Bitdefender Antivirus for Mac (20250311)","ESET Cyber Security Pro for Mac (20250311)","G DATA AntiVirus for Mac (20250311)","Kaspersky Internet Security for Mac (20250311)","McAfee Internet Security for Mac (20250311)","Norton Security for Mac (20250311)","Sophos Home Premium For Mac (20250311)","SpyHunterforMac (20250311)","Trend Micro Antivirus for Mac (20250311)"],"avAllowList":["K7 Antivirus for Mac (20250311)"]},{"isRevoked":"False","fileName":"PowerSuite","fileVersion":"0.","hashMD5":"1f81a651e331d0522f11b1d07f130f32","hashSHA1":"98eaf431911de4a09f42cc4d61c12e52ba83ad9b","hashSHA256":"a95df09cb56da7ce35e51515f62dd143fb1ddf193dfb8e1afa2f66b782730b4c","sourceIndex":"256","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Google Search \"clean up and optimize mac app download\"","reference":"https://www.fireebok.com","landingPage":"https://www.fireebok.com/mac-powersuite.html","directDownloadingLink":"https://www.fireebok.com/product/Mac_PowerSuite.dmg","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.fireebok.com/product/Mac_PowerSuite.dmg","sourceIndex":"256"}],"sampleFiles":["250103/FireebokPowerSuite-200420/3.3.7/Samples/Mac_PowerSuite.dmg","250103/FireebokPowerSuite-200420/3.3.7/Samples/PowerSuite"],"imageFiles":["250103/FireebokPowerSuite-200420/3.3.7/Images/ACR-004/app3.png","250103/FireebokPowerSuite-200420/3.3.7/Images/ACR-004/app4.png","250103/FireebokPowerSuite-200420/3.3.7/Images/ACR-004/app5.png"],"nonDeceptorImageFiles":["250103/FireebokPowerSuite-200420/3.3.7/Images/ACR-065/install1.png","250103/FireebokPowerSuite-200420/3.3.7/Images/ACR-065/app2.png","250103/FireebokPowerSuite-200420/3.3.7/Images/ACR-167/RefundPolicy.png"],"guid":"15e233d7-5a50-43c6-8c25-b291ab0658b0_3.3.7_1","appID":"FireebokPowerSuite-200420","dateAdded":"251001","deceptorType":"MacOS App","name":"Fireebok PowerSuite ","company":"Fireebok Studio","version":"3.3.7","lastKnownStatus":"2.5.4;2.5.5;2.5.7;2.5.9;2.6.0;2.6.1;2.6.3;2.6.4;2.7.0;3.0.0;3.1.1;3.2.0;3.2.5;3.3.2;3.3.4;3.3.5;3.3.7;3.3.9;3.4.0","lastKnownDate":"251001","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid,paid","lastUpdate":"2026-05-12T22:59:41.9834933+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":19,"sortOrder":205},{"violations":{"ACR-004":"App does not provide free fixes for the scan results that can't be permanently fixed. It uses issues identified during free scanning to upsell user the fix, requiring user to purchase subscription service to fix all results identified during free scan.\n"},"nonDeceptorViolations":{"ACR-065":"The install wizard does not display link to the EULA or Terms of Service, Returns and Cancellation Policy, or Privacy Policy.\nThe app does not display links to the Terms of Service or EULA, Returns and Cancellation Policy, or Privacy Policy in the software\n","ACR-167":"The app only provides a 7-day refund policy and not a 30-day refund policy.\n"},"samples":[{"isRevoked":"False","fileName":"Mac_PowerSuite.dmg","isInstaller":"True","fileVersion":"0.","hashMD5":"58c9008a4579e102167546920d9c0e58","hashSHA1":"28f1d93cd9d6fbe16d183d127ccbbc0764502f39","hashSHA256":"e23958971d445f0eb3940942b96fd0c38b772e955e3ef43670e975337534ab3c","sourceIndex":"214","avBlockList":["Avast Security for Mac (20250708)","Avira Security for Mac (20250708)","ESET Cyber Security Pro for Mac (20250708)","Kaspersky Internet Security for Mac (20250708)","Norton Security for Mac (20250708)","Sophos Home Premium For Mac (20250708)","SpyHunterforMac (20250708)","Trend Micro Antivirus for Mac (20250708)"],"avAllowList":["Bitdefender Antivirus for Mac (20250708)","G DATA AntiVirus for Mac (20250708)","K7 Antivirus for Mac (20250708)","McAfee Internet Security for Mac (20250708)"]},{"isRevoked":"False","fileName":"PowerSuite","fileVersion":"0.","hashMD5":"15c073ec2e7e0d603458ef8551f679dc","hashSHA1":"e9eb1f1e369c46707289c1621e5ab8b058761ddc","hashSHA256":"6a1e53539fa2f9a376f72e1256392ad68df13d32c5ea332e70ee79965806b97b","sourceIndex":"214","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Google Search \"clean up and optimize mac app download\"","reference":"https://www.fireebok.com","landingPage":"https://www.fireebok.com/mac-powersuite.html","directDownloadingLink":"https://www.fireebok.com/product/Mac_PowerSuite.dmg","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.fireebok.com/product/Mac_PowerSuite.dmg","sourceIndex":"214"}],"sampleFiles":["250507/FireebokPowerSuite-200420/3.3.9/Samples/Mac_PowerSuite.dmg","250507/FireebokPowerSuite-200420/3.3.9/Samples/PowerSuite"],"imageFiles":["250507/FireebokPowerSuite-200420/3.3.9/Images/ACR-004/app4.png","250507/FireebokPowerSuite-200420/3.3.9/Images/ACR-004/app5.png","250507/FireebokPowerSuite-200420/3.3.9/Images/ACR-004/app6.png"],"nonDeceptorImageFiles":["250507/FireebokPowerSuite-200420/3.3.9/Images/ACR-065/install.png","250507/FireebokPowerSuite-200420/3.3.9/Images/ACR-065/app1.png","250507/FireebokPowerSuite-200420/3.3.9/Images/ACR-167/Refund Policy.png"],"guid":"15e233d7-5a50-43c6-8c25-b291ab0658b0_3.3.9_1","appID":"FireebokPowerSuite-200420","dateAdded":"251001","deceptorType":"MacOS App","name":"Fireebok PowerSuite ","company":"Fireebok Studio","version":"3.3.9","lastKnownStatus":"2.5.4;2.5.5;2.5.7;2.5.9;2.6.0;2.6.1;2.6.3;2.6.4;2.7.0;3.0.0;3.1.1;3.2.0;3.2.5;3.3.2;3.3.4;3.3.5;3.3.7;3.3.9;3.4.0","lastKnownDate":"251001","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid,paid","lastUpdate":"2026-05-12T22:59:40.63599+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":19,"sortOrder":204},{"violations":{"ACR-004":"App does not provide free fixes for the scan results that can't be permanently fixed. It uses issues identified during free scanning to upsell user the fix, requiring user to purchase subscription service to fix all results identified during free scan.\n"},"nonDeceptorViolations":{"ACR-065":"The install wizard does not display link to the EULA or Terms of Service, Returns and Cancellation Policy, or Privacy Policy.\nThe app does not display links to the Terms of Service or EULA, Returns and Cancellation Policy, or Privacy Policy in the software\n","ACR-167":"The app only provides a 7-day refund policy and not a 30-day refund policy.\n"},"samples":[{"isRevoked":"False","fileName":"Mac_PowerSuite.dmg","isInstaller":"True","hashMD5":"1f2371701ccfceb60e59fb5d91f1ca6a","hashSHA1":"050ce4ca11e374a923fd3c320c98e6f1de533b78","hashSHA256":"108a1bf004af58149c9f258165de3c8f119772e65fbe0abc5a06cd8787edab66","sourceIndex":"166","avBlockList":["Avast Security for Mac (20251113)","Avira Security for Mac (20251113)","ESET Cyber Security Pro for Mac (20251113)","Kaspersky Internet Security for Mac (20251113)","McAfee Internet Security for Mac (20251113)","Norton Security for Mac (20251113)","Sophos Home Premium For Mac (20251113)","SpyHunterforMac (20251113)","Trend Micro Antivirus for Mac (20251113)"],"avAllowList":["Bitdefender Antivirus for Mac (20251113)","G DATA AntiVirus for Mac (20251113)","K7 Antivirus for Mac (20251113)"]},{"isRevoked":"False","fileName":"PowerSuite","fileVersion":"10.13.0","hashMD5":"4656156c8d36d4f1b67b36a59d83d08a","hashSHA1":"c5163952a0c8340766bfc36f755a543ff11b5c90","hashSHA256":"85c5ece6f4a3d4ed8a66eeb0634b049934749fe5c40753cf1764a19eb701a04f","sourceIndex":"166","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Google Search \"clean up and optimize mac app download\"","reference":"https://www.fireebok.com","landingPage":"https://www.fireebok.com/mac-powersuite.html","directDownloadingLink":"https://www.fireebok.com/product/Mac_PowerSuite.dmg","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.fireebok.com/product/Mac_PowerSuite.dmg","sourceIndex":"166"}],"sampleFiles":["251001/FireebokPowerSuite-200420/3.4.0/Samples/Mac_PowerSuite.dmg","251001/FireebokPowerSuite-200420/3.4.0/Samples/PowerSuite"],"imageFiles":["251001/FireebokPowerSuite-200420/3.4.0/Images/ACR-004/app3.png","251001/FireebokPowerSuite-200420/3.4.0/Images/ACR-004/app4.png","251001/FireebokPowerSuite-200420/3.4.0/Images/ACR-004/app5.png"],"nonDeceptorImageFiles":["251001/FireebokPowerSuite-200420/3.4.0/Images/ACR-065/install.png","251001/FireebokPowerSuite-200420/3.4.0/Images/ACR-065/app1.png","251001/FireebokPowerSuite-200420/3.4.0/Images/ACR-167/Refund Policy.png"],"guid":"15e233d7-5a50-43c6-8c25-b291ab0658b0_3.4.0_1","appID":"FireebokPowerSuite-200420","dateAdded":"251001","deceptorType":"MacOS App","name":"Fireebok PowerSuite ","company":"Fireebok Studio","version":"3.4.0","lastKnownStatus":"2.5.4;2.5.5;2.5.7;2.5.9;2.6.0;2.6.1;2.6.3;2.6.4;2.7.0;3.0.0;3.1.1;3.2.0;3.2.5;3.3.2;3.3.4;3.3.5;3.3.7;3.3.9;3.4.0","lastKnownDate":"251001","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid,paid","lastUpdate":"2026-05-12T22:59:39.2416057+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":19,"sortOrder":203},{"violations":{"ACR-004":"App does not provide free fixes for the scan results that can't be permanently fixed. It uses issues identified during free scanning to upsell user the fix, requiring user to purchase subscription service to fix all results identified during free scan.\n"},"nonDeceptorViolations":{"ACR-065":"The install wizard does not display link to the EULA or Terms of Service, Returns and Cancellation Policy, or Privacy Policy.\nThe app does not display links to the Terms of Service or EULA, Returns and Cancellation Policy, or Privacy Policy in the software\n","ACR-167":"The app only provides a 7-day refund policy and not a 30-day refund policy.\n"},"samples":[{"isRevoked":"False","fileName":"Mac_PowerSuite.dmg","isInstaller":"True","fileVersion":"0.","hashMD5":"bf9e64bd48c48a68ebbd3a75af6f9b3c","hashSHA1":"f33a971bb377d299e6b5e296dc34256fb3ace548","hashSHA256":"1ef261e8514beba2fd5e6bbb2e9a5ef22f0a01f09884612565c8cd5ee09eb6bd","sourceIndex":"1430","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"PowerSuite","fileVersion":"0.","hashMD5":"23bdb58b63ab6a726738c29adc36b156","hashSHA1":"77f88a0f2c3f4892eba5c9f701b30b4bd1c5c0f0","hashSHA256":"cb939611426817e8723e365af8422b015ef7eadfb06b51955598a4ed0cd4c727","sourceIndex":"1430","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Google Search \"clean up and optimize mac app download\"","reference":"https://www.fireebok.com","landingPage":"https://www.fireebok.com/mac-powersuite.html","directDownloadingLink":"https://www.fireebok.com/product/Mac_PowerSuite.dmg","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.fireebok.com/product/Mac_PowerSuite.dmg","sourceIndex":"1430"}],"sampleFiles":["220908/FireebokPowerSuite-200420/3.2.0/Samples/Mac_PowerSuite.dmg","220908/FireebokPowerSuite-200420/3.2.0/Samples/PowerSuite"],"imageFiles":["220908/FireebokPowerSuite-200420/3.2.0/Images/ACR-004/Mac_PowerSuite_Interactions [1].png","220908/FireebokPowerSuite-200420/3.2.0/Images/ACR-004/Mac_PowerSuite_Interactions [2].png","220908/FireebokPowerSuite-200420/3.2.0/Images/ACR-004/Mac_PowerSuite_Interactions [3].png","220908/FireebokPowerSuite-200420/3.2.0/Images/ACR-004/Mac_PowerSuite_Interactions [4].png"],"nonDeceptorImageFiles":["220908/FireebokPowerSuite-200420/3.2.0/Images/ACR-065/Mac_PowerSuite_Install.png","220908/FireebokPowerSuite-200420/3.2.0/Images/ACR-065/Mac_PowerSuite_About [1].png","220908/FireebokPowerSuite-200420/3.2.0/Images/ACR-167/Mac_PowerSuite_Refund Policy.png"],"guid":"15e233d7-5a50-43c6-8c25-b291ab0658b0_3.2.0_1","appID":"FireebokPowerSuite-200420","dateAdded":"251001","deceptorType":"MacOS App","name":"Fireebok PowerSuite ","company":"Fireebok Studio","version":"3.2.0","lastKnownStatus":"2.5.4;2.5.5;2.5.7;2.5.9;2.6.0;2.6.1;2.6.3;2.6.4;2.7.0;3.0.0;3.1.1;3.2.0;3.2.5;3.3.2;3.3.4;3.3.5;3.3.7;3.3.9;3.4.0","lastKnownDate":"251001","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid,paid","lastUpdate":"2025-10-01T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":19,"sortOrder":210},{"violations":{"ACR-004":"App does not provide free fixes for the scan results that can't be permanently fixed. It uses issues identified during free scanning to upsell user the fix, requiring user to purchase subscription service to fix all results identified during free scan.\n"},"nonDeceptorViolations":{"ACR-065":"The install does not display links to the EULA, Returns and Cancellation Policy or the Privacy Policy.\nThe app does not disclose EULA, Privacy policy and Refund policy in the software. \n"},"samples":[{"isRevoked":"False","fileName":"Mac_PowerSuite.dmg","isInstaller":"True","fileVersion":"0.","hashMD5":"2ebf1efee89d60a8700b1a640afa44df","hashSHA1":"a7f0218aa2b3e5039f3a84e71d4bf16ce1fd1452","hashSHA256":"9238586907477109a042470dcd561537ad6e53b62709467cd992c12c6d4e619e","sourceIndex":"2496","avBlockList":["Avast Security for Mac (20240813)","Avira Security for Mac (20240813)","Bitdefender Antivirus for Mac (20240813)","ESET Cyber Security Pro for Mac (20240813)","G DATA AntiVirus for Mac (20240813)","Kaspersky Internet Security for Mac (20240813)","McAfee Internet Security for Mac (20240813)","Norton Security for Mac (20240813)","Sophos Home Premium For Mac (20240813)","Trend Micro Antivirus for Mac (20240813)","SpyHunterforMac (20240813)"],"avAllowList":["K7 Antivirus for Mac (20240813)"]},{"isRevoked":"False","fileName":"PowerSuite","fileVersion":"0.","hashMD5":"29e9146cda7dc6932695499a0a490edc","hashSHA1":"6047e8906537ff1f34ceccc4b5cce147485e83c4","hashSHA256":"8b4f94b1946bcc0e596a5f6d91121a77536bec893651d708a40e882b3845b7b8","sourceIndex":"2496","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Google Search \"clean up and optimize mac app download\"","reference":"https://www.fireebok.com","landingPage":"https://www.fireebok.com/mac-powersuite.html","directDownloadingLink":"https://www.fireebok.com/product/Mac_PowerSuite.dmg","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.fireebok.com/product/Mac_PowerSuite.dmg","sourceIndex":"2496"}],"sampleFiles":["200422/FireebokPowerSuite-200420/2.5.4/Samples/Mac_PowerSuite.dmg","200422/FireebokPowerSuite-200420/2.5.4/Samples/PowerSuite"],"imageFiles":["200422/FireebokPowerSuite-200420/2.5.4/Images/ACR-004/MacPowerSuite_Scan [7].png","200422/FireebokPowerSuite-200420/2.5.4/Images/ACR-004/MacPowerSuite_Scan [8] Register.png"],"nonDeceptorImageFiles":["200422/FireebokPowerSuite-200420/2.5.4/Images/ACR-065/MacPowerSuite_Installs [1].png","200422/FireebokPowerSuite-200420/2.5.4/Images/ACR-065/MacPowerSuite_Scan [1].png"],"guid":"15e233d7-5a50-43c6-8c25-b291ab0658b0_2.5.4_1","appID":"FireebokPowerSuite-200420","dateAdded":"251001","deceptorType":"MacOS App","name":"Fireebok PowerSuite ","company":"Fireebok Studio","version":"2.5.4","sigName":"Deceptor:MacOS/FireebokPowerSuite!004","lastKnownStatus":"2.5.4;2.5.5;2.5.7;2.5.9;2.6.0;2.6.1;2.6.3;2.6.4;2.7.0;3.0.0;3.1.1;3.2.0;3.2.5;3.3.2;3.3.4;3.3.5;3.3.7;3.3.9;3.4.0","lastKnownDate":"251001","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2025-10-01T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":19,"sortOrder":221},{"violations":{"ACR-048":"Pressing the X button causes the app to hide, rather than close, and it provides no notification to the user that it is still running in the background.\n","ACR-007":"Does not inform user about the reduction in security associated with the resource borrowing.\n","ACR-084":"1. App creates startup process and provides no control to the user to disable it.\n2. App provides option to hide the fact that it is running while resource borrowing is taking place.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"Earn.FM%20Setup.exe","isInstaller":"True","companyName":"/                                                           ","fileVersion":"0.0","hashMD5":"12a278decdd92aa80b5d1a958148eedd","hashSHA1":"e633dec992f3a244a164db8e763b8fdf2c827ab1","hashSHA256":"2c041b5a9fc9f488637aa6310713329598edc1efd73072be650d80f86a6c1bd0","digitalCertThumbprint":"9721B8E9C4B029ACD781ED07B5C5C50979A8C8E9","digitalCertIssuer":"CN=Certum Code Signing 2021 CA, O=Asseco Data Systems S.A., C=PL","digitalCertIssuedTo":"CN=TeraShift GmbH, O=TeraShift GmbH, L=Appenzell, S=Appenzell Innerrhoden, C=CH","sourceIndex":"241","avBlockList":["360 Total Security (20250429)","Avast Premium Security (20250429)","AVG Internet Security (20250429)","Avira Internet Security (20250429)","Bitdefender Internet Security (20250429)","ESET Internet Security (20250429)","FortectPremium (20250429)","G DATA INTERNET SECURITY (20250429)","K7 Total Security (20250429)","KasperskyPremium (20250429)","Malwarebytes Premium (20250429)","McAfee Total Protection (20250429)","Panda Dome (20250429)","Quick Heal Internet Security (20250429)","Sophos Home Premium (20250429)","SpyHunter5 (20250429)","Total AV Antivirus Pro (20250429)","VIPRE Advanced Security (20250429)","VirIT eXplorer PRO (20250429)","Webroot SecureAnywhere (20250429)","Norton Security (20250429)"],"avAllowList":["COMODO Antivirus (20250429)","Dr.Web Security Space (20250429)","Trend Micro Internet Security (20250429)","Windows Defender (20250429)"]},{"isRevoked":"False","fileName":"Earn.FM.exe","companyName":"com.earn_fm.app","fileVersion":"1.0","hashMD5":"31f9054e295843d7956901c2df093186","hashSHA1":"f4f16cf59fb998c3f15128be22d41b5044a7c10d","hashSHA256":"f843076a525c411889b35c5f8314a9da20af56d21bbe37634d1162bccd92d132","sourceIndex":"241","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Residential Proxy","reference":"","landingPage":"https://earn.fm/en/download","directDownloadingLink":"https://cdn.earn.fm/builds/windows/Earn.FM%20Setup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://cdn.earn.fm/builds/windows/Earn.FM%20Setup.exe","sourceIndex":"241"}],"sampleFiles":["250130/Earnfm-250130/1.0.91 61/Samples/Earn.FM%20Setup.exe","250130/Earnfm-250130/1.0.91 61/Samples/Earn.FM.exe"],"imageFiles":["250130/Earnfm-250130/1.0.91 61/Images/ACR-007/DownloadPage.png","250130/Earnfm-250130/1.0.91 61/Images/ACR-007/InstallFlow1.png","250130/Earnfm-250130/1.0.91 61/Images/ACR-007/InstallFlow2.png","250130/Earnfm-250130/1.0.91 61/Images/ACR-007/InstallFlow3.png","250130/Earnfm-250130/1.0.91 61/Images/ACR-084/Startup.png","250130/Earnfm-250130/1.0.91 61/Images/ACR-084/showhide.png","250130/Earnfm-250130/1.0.91 61/Images/ACR-048/showhide.png"],"nonDeceptorImageFiles":[],"guid":"363a0fa4-cb1d-47e4-b778-2ed5ca9aa14c_1.0.91 61_1","appID":"Earnfm-250130","dateAdded":"250926","deceptorType":"App","name":"earn.fm","company":"TeraShift GmbH","version":"1.0.91 61","lastKnownStatus":"1.0.91 61;1.1.0","lastKnownDate":"250926","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 10,Windows 11","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"net proxy","lastUpdate":"2025-09-26T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":223},{"violations":{"ACR-048":"Pressing the X button causes the app to hide, rather than close, and it provides no notification to the user that it is still running in the background.\n","ACR-007":"Does not inform user about the reduction in security associated with the resource borrowing.\n","ACR-084":"1. App creates startup process and provides no control to the user to disable it.\n2. App provides option to hide the fact that it is running while resource borrowing is taking place.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"Earn.FM%20Setup.exe","isInstaller":"True","companyName":"/                                                           ","productName":"Earn.FM","productVersion":"1.1.0+62","hashMD5":"091e6fd69a995414a19f33ad5f036820","hashSHA1":"a74ec95817d850a1ba761f0e95fe729f002a26b8","hashSHA256":"cfa9cea01a11a48b41e44f7f350f9113b033418dfa8f139b9e0235b3ad797cb6","digitalCertThumbprint":"9721B8E9C4B029ACD781ED07B5C5C50979A8C8E9","digitalCertIssuer":"CN=Certum Code Signing 2021 CA, O=Asseco Data Systems S.A., C=PL","digitalCertIssuedTo":"CN=TeraShift GmbH, O=TeraShift GmbH, L=Appenzell, S=Appenzell Innerrhoden, C=CH","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"167","avBlockList":["360 Total Security (20251218)","Avast Premium Security (20251218)","AVG Internet Security (20251218)","Avira Internet Security (20251218)","ESET Internet Security (20251218)","FortectPremium (20251218)","K7 Total Security (20251218)","KasperskyPremium (20251218)","Malwarebytes Premium (20251218)","McAfee Total Protection (20251218)","Norton Security (20251218)","Panda Dome (20251218)","Quick Heal Internet Security (20251218)","Sophos Home Premium (20251218)","SpyHunter5 (20251218)","Total AV Antivirus Pro (20251218)","VirIT eXplorer PRO (20251218)","Webroot SecureAnywhere (20251218)","Windows Defender (20251218)"],"avAllowList":["Bitdefender Internet Security (20251218)","COMODO Antivirus (20251218)","Dr.Web Security Space (20251218)","G DATA INTERNET SECURITY (20251218)","Trend Micro Internet Security (20251218)","VIPRE Advanced Security (20251218)"]},{"isRevoked":"False","fileName":"Earn.FM.exe","companyName":"com.earn_fm.app","productName":"EarnFM","productVersion":"1.1.0+62","fileVersion":"1.1.0+62","hashMD5":"7fe1ec70feece3f0b86fd733fdd78b8d","hashSHA1":"e1a5d1fd633c72fb6328d99a5f4037b0d4776316","hashSHA256":"03696d34c360aaafcfda2983c6b529064fed37009984f0aabcfda7ac35db0056","sourceIndex":"167","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Residential Proxy","reference":"","landingPage":"https://earn.fm/en/download","directDownloadingLink":"https://cdn.earn.fm/builds/windows/Earn.FM%20Setup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://cdn.earn.fm/builds/windows/Earn.FM%20Setup.exe","sourceIndex":"167"}],"sampleFiles":["250926/Earnfm-250130/1.1.0/Samples/Earn.FM%20Setup.exe"],"imageFiles":["250926/Earnfm-250130/1.1.0/Images/ACR-007/DownloadPage.png","250926/Earnfm-250130/1.1.0/Images/ACR-007/ACR-007_Install_1.png","250926/Earnfm-250130/1.1.0/Images/ACR-007/ACR-007_Install_2.png","250926/Earnfm-250130/1.1.0/Images/ACR-007/ACR-007_Install_3.png","250926/Earnfm-250130/1.1.0/Images/ACR-084/Startup.png","250926/Earnfm-250130/1.1.0/Images/ACR-084/showhide.png","250926/Earnfm-250130/1.1.0/Images/ACR-048/showhide.png"],"nonDeceptorImageFiles":[],"guid":"363a0fa4-cb1d-47e4-b778-2ed5ca9aa14c_1.1.0_1","appID":"Earnfm-250130","dateAdded":"250926","deceptorType":"App","name":"earn.fm","company":"TeraShift GmbH","version":"1.1.0","lastKnownStatus":"1.0.91 61;1.1.0","lastKnownDate":"250926","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 10,Windows 11","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"net proxy","lastUpdate":"2025-09-26T19:28:18.8336727+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":222},{"violations":{"ACR-048":"With application closed, the resource borrowing process is running in background without notifying user. There is no options for user to cancel resource borrowing process immediately.\n","ACR-006":"Resource borrowing process is not clearly attributed.\n","ACR-013":"1.Application requires user to make decision about offer before it launches. User is interrupted by non-consented offers to silently install unrelated software.\n2. User is interrupted by non-consented offers during installing DLL.\n","ACR-060":"The offer is misleading. It is presented from DLLHelper, instead of from ProxymaData\n","ACR-118":"ProxymaData is not removed after DLLHelper being uninstalled completely.\n","ACR-057":"The app needs to provide a clear way to accept and decline optional offers. \n","ACR-055":"The offer is not presented with clear decline/accept option.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"file-helper-install__25.exe","isInstaller":"True","productName":"DllHelper","productVersion":"4.3.0.0","fileVersion":"4.3.0.0","hashMD5":"66178570bea8c50b1609f133d07539f0","hashSHA1":"4a8d15f36b54c2a90d4bf25fc4006b0dbf0e74e1","hashSHA256":"6905ef2a6381f7d7c8de0f729ec4116316d322bd2f6e957202d20da5fd21a755","digitalCertThumbprint":"07B323EF14822FF1C5DACA8AC98C8EFCD6720C22","digitalCertIssuer":"CN=GlobalSign GCC R45 EV CodeSigning CA 2020, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"CN=ROSTPAY LLC, O=ROSTPAY LLC, STREET=\"per Dolomanovskiy, 70D 1(10 etazh)\", L=Rostov-on-Don, S=Rostov Oblast, C=RU, OID.1.3.6.1.4.1.311.60.2.1.2=Rostov Oblast, OID.1.3.6.1.4.1.311.60.2.1.3=RU, SERIALNUMBER=1086168004669, OID.2.5.4.15=Private Organization","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"165","avBlockList":["360 Total Security (20251218)","Avast Premium Security (20251218)","AVG Internet Security (20251218)","Avira Internet Security (20251218)","Bitdefender Internet Security (20251218)","COMODO Antivirus (20251218)","Dr.Web Security Space (20251218)","ESET Internet Security (20251218)","FortectPremium (20251218)","G DATA INTERNET SECURITY (20251218)","K7 Total Security (20251218)","KasperskyPremium (20251218)","Malwarebytes Premium (20251218)","McAfee Total Protection (20251218)","Norton Security (20251218)","Panda Dome (20251218)","Quick Heal Internet Security (20251218)","Sophos Home Premium (20251218)","SpyHunter5 (20251218)","Total AV Antivirus Pro (20251218)","VIPRE Advanced Security (20251218)","VirIT eXplorer PRO (20251218)","Webroot SecureAnywhere (20251218)","Windows Defender (20251218)"],"avAllowList":["Trend Micro Internet Security (20251218)"]},{"isRevoked":"False","fileName":"DllHelper.exe","companyName":"ROSTPAY LTD","productName":"DllHelper","productVersion":"1.1.1.1712","fileVersion":"1.1.1.1712","hashMD5":"e2f5769e9864f99b6f44f992f989d0f7","hashSHA1":"1500840d23eed845baacf0150ed12325733f1df0","hashSHA256":"2a92df45780f19c24263bb214f3fb19e2928a804032639245b009b8b7a4b32b1","digitalCertThumbprint":"C3C709B7E01318BA74D48BD64D05F48DECA5CD80","digitalCertIssuer":"CN=GlobalSign GCC R45 EV CodeSigning CA 2020, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"E=support@rostpay.ru, CN=ROSTPAY LLC, O=ROSTPAY LLC, STREET=\"Dolomanovsky lane, 70D apt.1(10th floor)\", L=Rostov-on-Don, S=Rostov Oblast, C=RU, OID.1.3.6.1.4.1.311.60.2.1.2=Rostov Oblast, OID.1.3.6.1.4.1.311.60.2.1.3=RU, SERIALNUMBER=1086168004669, OID.2.5.4.15=Private Organization","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"165","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"ROSTPAY LTD apps","reference":"","landingPage":"https://www.dllhelper.net/","directDownloadingLink":"https://www.dllhelper.net/download/init","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.dllhelper.net/download/init","sourceIndex":"165"}],"sampleFiles":["250925/DLLHelper-230508/4.3.0.0/Samples/file-helper-install__25.exe"],"imageFiles":["250925/DLLHelper-230508/4.3.0.0/Images/ACR-013/ACR-013_Install_1.png","250925/DLLHelper-230508/4.3.0.0/Images/ACR-013/ACR-013_Install_2.png","250925/DLLHelper-230508/4.3.0.0/Images/ACR-013/ACR-013_Install_3.png","250925/DLLHelper-230508/4.3.0.0/Images/ACR-048/ACR-048_Software_1.png","250925/DLLHelper-230508/4.3.0.0/Images/ACR-006/ACR-006_Software_1.png","250925/DLLHelper-230508/4.3.0.0/Images/ACR-118/ACR-118_Uninstall_1.png","250925/DLLHelper-230508/4.3.0.0/Images/ACR-057/ACR-057_Inline offers_1.png","250925/DLLHelper-230508/4.3.0.0/Images/ACR-055/ACR-055_Inline offers_1.png","250925/DLLHelper-230508/4.3.0.0/Images/ACR-060/ACR-060_Bundler-made offers_1.png"],"nonDeceptorImageFiles":[],"guid":"4b62ff50-e0a6-4caf-b259-0adb50def0f2_4.3.0.0_1","appID":"DLLHelper-230508","dateAdded":"250925","deceptorType":"App","name":"DLL Helper","company":"ROSTPAY LTD","version":"4.3.0.0","firstResolvedVersion":"","lastKnownStatus":"3.0.13;3.1.0;4.2.0.0;4.3.0.0","lastKnownDate":"250925","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,install offers,net proxy","lastUpdate":"2025-10-01T16:44:32.6406777+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":4,"sortOrder":224},{"violations":{"ACR-048":"With application closed, the resource borrowing process is running in background without notifying user. There is no options for user to cancel resource borrowing process immediately.\n","ACR-006":"Resource borrowing process is not clearly attributed.\n","ACR-013":"1.Application requires user to make decision about offer before it launches. User is interrupted by non-consented offers to silently install unrelated software.\n2. User is interrupted by non-consented offers during installing DLL.\n","ACR-060":"The offer is misleading. It is presented from DLLHelper, instead of from ProxymaData\n","ACR-118":"ProxymaData is not removed after DLLHelper being uninstalled completely.\n","ACR-057":"The app needs to provide a clear way to accept and decline optional offers. \n","ACR-055":"The offer is not presented with clear decline/accept option.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"file-helper-install__25.exe","isInstaller":"True","productName":"DllHelper","productVersion":"4.2.0.0","fileVersion":"4.2.0.0","hashMD5":"87442c5b64b17c7008023ce3d84a3d45","hashSHA1":"72dc3999566ce58e6f9a7e70cfa074d6443f7239","hashSHA256":"8cda245b620f22dd14894e5a1c8e24fcbc297418ae0ed22f6a1ba331699d6191","digitalCertThumbprint":"C3C709B7E01318BA74D48BD64D05F48DECA5CD80","digitalCertIssuer":"CN=GlobalSign GCC R45 EV CodeSigning CA 2020, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"E=support@rostpay.ru, CN=ROSTPAY LLC, O=ROSTPAY LLC, STREET=\"Dolomanovsky lane, 70D apt.1(10th floor)\", L=Rostov-on-Don, S=Rostov Oblast, C=RU, OID.1.3.6.1.4.1.311.60.2.1.2=Rostov Oblast, OID.1.3.6.1.4.1.311.60.2.1.3=RU, SERIALNUMBER=1086168004669, OID.2.5.4.15=Private Organization","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"183","avBlockList":["Avast Premium Security (20250925)","AVG Internet Security (20250925)","Avira Internet Security (20250925)","Bitdefender Internet Security (20250925)","COMODO Antivirus (20250925)","Dr.Web Security Space (20250925)","ESET Internet Security (20250925)","FortectPremium (20250916)","G DATA INTERNET SECURITY (20250925)","K7 Total Security (20250925)","KasperskyPremium (20250925)","Malwarebytes Premium (20250925)","McAfee Total Protection (20250925)","Norton Security (20250925)","Panda Dome (20250925)","Quick Heal Internet Security (20250925)","Sophos Home Premium (20250925)","SpyHunter5 (20250925)","Total AV Antivirus Pro (20250925)","VIPRE Advanced Security (20250925)","VirIT eXplorer PRO (20250925)","Webroot SecureAnywhere (20250925)","Windows Defender (20250925)"],"avAllowList":["360 Total Security (20250925)","Trend Micro Internet Security (20250925)"]},{"isRevoked":"False","fileName":"DllHelper.exe","companyName":"ROSTPAY LTD","productName":"DllHelper","productVersion":"1.1.1.1712","fileVersion":"1.1.1.1712","hashMD5":"e2f5769e9864f99b6f44f992f989d0f7","hashSHA1":"1500840d23eed845baacf0150ed12325733f1df0","hashSHA256":"2a92df45780f19c24263bb214f3fb19e2928a804032639245b009b8b7a4b32b1","digitalCertThumbprint":"C3C709B7E01318BA74D48BD64D05F48DECA5CD80","digitalCertIssuer":"CN=GlobalSign GCC R45 EV CodeSigning CA 2020, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"E=support@rostpay.ru, CN=ROSTPAY LLC, O=ROSTPAY LLC, STREET=\"Dolomanovsky lane, 70D apt.1(10th floor)\", L=Rostov-on-Don, S=Rostov Oblast, C=RU, OID.1.3.6.1.4.1.311.60.2.1.2=Rostov Oblast, OID.1.3.6.1.4.1.311.60.2.1.3=RU, SERIALNUMBER=1086168004669, OID.2.5.4.15=Private Organization","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"183","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"DllHelperUninstaller.exe","productName":"DllHelper","productVersion":"4.2.0.0","fileVersion":"4.2.0.0","hashMD5":"71fb7b74aa00b57e5c12d734eb0ae24a","hashSHA1":"141db8cb7ce9d6f778d36d40e17f5d704afc1a1f","hashSHA256":"869fa4625e181c0932849d7cb044250c37cda45cf4c34f719a7de555247cf852","digitalCertThumbprint":"C3C709B7E01318BA74D48BD64D05F48DECA5CD80","digitalCertIssuer":"CN=GlobalSign GCC R45 EV CodeSigning CA 2020, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"E=support@rostpay.ru, CN=ROSTPAY LLC, O=ROSTPAY LLC, STREET=\"Dolomanovsky lane, 70D apt.1(10th floor)\", L=Rostov-on-Don, S=Rostov Oblast, C=RU, OID.1.3.6.1.4.1.311.60.2.1.2=Rostov Oblast, OID.1.3.6.1.4.1.311.60.2.1.3=RU, SERIALNUMBER=1086168004669, OID.2.5.4.15=Private Organization","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"183","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"IndexingManager.exe","productName":"Indexing manager","productVersion":"1.4.0.0","fileVersion":"1.4.0.0","hashMD5":"6b1f1e2b742c77579938402e303cd294","hashSHA1":"f21dc2f072179d321316dd71e1a6666435aaecdc","hashSHA256":"612b1b31393bd885913dccfc0725aff97d65588ab446e39ab7a00f7b6e2a28dc","sourceIndex":"183","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"PDClient.exe","companyName":"ProxymaData","productName":"ProxymaData","productVersion":"2.0.0.0","fileVersion":"2.0.0.0","hashMD5":"8568211dd3ebd8f4e25d24cdbf865256","hashSHA1":"241ca16436067c67993bdf059bd63a19f22bd2a3","hashSHA256":"942e7f147ffca11881d5c1fb464bd77a195f68b9ea99b35de4e43a23a274d259","sourceIndex":"183","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"ROSTPAY LTD apps","reference":"","landingPage":"https://www.dllhelper.net/","directDownloadingLink":"https://www.dllhelper.net/download/init","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.dllhelper.net/download/init","sourceIndex":"183"}],"sampleFiles":["250729/DLLHelper-230508/4.2.0.0/Samples/file-helper-install__25.exe"],"imageFiles":["250729/DLLHelper-230508/4.2.0.0/Images/ACR-013/ACR-013_Install_1.png","250729/DLLHelper-230508/4.2.0.0/Images/ACR-013/ACR-013_Install_2.png","250729/DLLHelper-230508/4.2.0.0/Images/ACR-013/ACR-013_Install_3.png","250729/DLLHelper-230508/4.2.0.0/Images/ACR-048/ACR-048_Software_1.png","250729/DLLHelper-230508/4.2.0.0/Images/ACR-006/ACR-006_Software_1.png","250729/DLLHelper-230508/4.2.0.0/Images/ACR-118/ACR-118_Uninstall_1.png","250729/DLLHelper-230508/4.2.0.0/Images/ACR-057/ACR-057_Inline offers_1.png","250729/DLLHelper-230508/4.2.0.0/Images/ACR-055/ACR-055_Inline offers_1.png","250729/DLLHelper-230508/4.2.0.0/Images/ACR-060/ACR-060_Bundler-made offers_1.png"],"nonDeceptorImageFiles":[],"guid":"4b62ff50-e0a6-4caf-b259-0adb50def0f2_4.2.0.0_1","appID":"DLLHelper-230508","dateAdded":"250925","deceptorType":"App","name":"DLL Helper","company":"ROSTPAY LTD","version":"4.2.0.0","firstResolvedVersion":"","lastKnownStatus":"3.0.13;3.1.0;4.2.0.0;4.3.0.0","lastKnownDate":"250925","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,install offers,net proxy","lastUpdate":"2025-09-25T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":4,"sortOrder":225},{"violations":{"ACR-042":"The app initiates network communications with 3rd party offer providers \"https://www.az-partners.net/\"  and  \"http://perr.l-err.biz/\"  before obtaining user consent or notifying what data gets transmitted to these websites. \n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software.\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"dll-helper-install__25.exe","isInstaller":"True","companyName":"ROSTPAY LTD.","fileVersion":"3.1","hashMD5":"1411c43c926a3e5c6aa0f9236e248fbd","hashSHA1":"b790480b9e1fc976c7d6dc28c5211dc39455573c","hashSHA256":"7094d246667d3956e23a1d36186418e826f221dc92e50480fa39ec18bd432f36","digitalCertThumbprint":"316294AA6980C66B0F6EC1E6F7E7FE66E383BEC6","digitalCertIssuer":"CN=GlobalSign GCC R45 EV CodeSigning CA 2020, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"E=support@rostpay.ru, CN=ROSTPAY LTD, O=ROSTPAY LTD, STREET=\"Dolomanovsky lane, 70D 1(10th floor)\", L=Rostov-on-Don, S=Rostov Oblast, C=RU, OID.1.3.6.1.4.1.311.60.2.1.2=Rostov Oblast, OID.1.3.6.1.4.1.311.60.2.1.3=RU, SERIALNUMBER=1086168004669, OID.2.5.4.15=Private Organization","sourceIndex":"913","avBlockList":["360 Total Security (20250731)","Avast Premium Security (20250731)","AVG Internet Security (20250731)","Bitdefender Internet Security (20250731)","COMODO Antivirus (20250731)","Dr.Web Security Space (20250731)","ESET Internet Security (20250731)","G DATA INTERNET SECURITY (20250731)","K7 Total Security (20250731)","Malwarebytes Premium (20250731)","Panda Dome (20250731)","Quick Heal Internet Security (20250731)","Sophos Home Premium (20250731)","SpyHunter5 (20250731)","VIPRE Advanced Security (20250731)","VirIT eXplorer PRO (20250731)","Webroot SecureAnywhere (20250731)","FortectPremium (20250731)"],"avAllowList":["Avira Internet Security (20250731)","Kaspersky Internet Security (20230727)","McAfee Total Protection (20250731)","Norton Security (20250731)","Total AV Antivirus Pro (20250731)","Trend Micro Internet Security (20250731)","Windows Defender (20250731)","KasperskyPremium (20250731)"]}],"additionalFiles":[],"sources":[{"howFound":"ROSTPAY LTD apps","reference":"","landingPage":"https://www.dllhelper.net/","directDownloadingLink":"https://www.dllhelper.net/download/init","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.dllhelper.net/download/init","sourceIndex":"913"}],"sampleFiles":["230713/DLLHelper-230508/3.1.0/Samples/dll-helper-install__25.exe"],"imageFiles":["230713/DLLHelper-230508/3.1.0/Images/ACR-042/ACR-042.JPG","230713/DLLHelper-230508/3.1.0/Images/ACR-042/ACR-042_1.JPG","230713/DLLHelper-230508/3.1.0/Images/ACR-013/ACR-013.JPG","230713/DLLHelper-230508/3.1.0/Images/ACR-013/ACR-013_1.JPG","230713/DLLHelper-230508/3.1.0/Images/ACR-060/ACR-060.JPG","230713/DLLHelper-230508/3.1.0/Images/ACR-060/ACR-060_1.JPG"],"nonDeceptorImageFiles":[],"guid":"4b62ff50-e0a6-4caf-b259-0adb50def0f2_3.1.0_1","appID":"DLLHelper-230508","dateAdded":"250925","deceptorType":"App","name":"DLL Helper","company":"ROSTPAY LTD","version":"3.1.0","firstResolvedVersion":"","lastKnownStatus":"3.0.13;3.1.0;4.2.0.0;4.3.0.0","lastKnownDate":"250925","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2025-09-25T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":4,"sortOrder":226},{"violations":{"ACR-042":"The app initiates network communications with 3rd party offer providers \"https://www.az-partners.net/\"  and  \"http://perr.l-err.biz/\"  before obtaining user consent or notifying what data gets transmitted to these websites. \n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software.\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\DllHelper\\DllHelper.exe","companyName":"ROSTPAY LTD","productName":"DllHelper","productVersion":"1.1.1.1712","fileVersion":"1.1.1.1712","hashMD5":"aa58d377046000b69cb011c5bd8151da","hashSHA1":"d861ebbe1f5d340492161ca02944bbc010699875","hashSHA256":"bb65faa286abcecd0b5c326460d5a631378ce41526f274f0ccf7a3a128d32745","digitalCertThumbprint":"316294AA6980C66B0F6EC1E6F7E7FE66E383BEC6","digitalCertIssuer":"GlobalSign GCC R45 EV CodeSigning CA 2020","digitalCertIssuedTo":"ROSTPAY LTD","storeId":"","sourceIndex":"979","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"dll-helper-install__25.exe","isInstaller":"True","companyName":"ROSTPAY LTD.","productName":"DllHelper","productVersion":"3.0.13","fileVersion":"3.0.13","hashMD5":"0c377f4796c821ea562dc7a566ef9e44","hashSHA1":"354035d288f5954703c5ddf76ebad3dabcf62950","hashSHA256":"4dddf8474d4e3ccf7bb08559559b1aa58305be8f98e5183c134413718cdcd7f0","digitalCertThumbprint":"316294AA6980C66B0F6EC1E6F7E7FE66E383BEC6","digitalCertIssuer":"GlobalSign GCC R45 EV CodeSigning CA 2020","digitalCertIssuedTo":"ROSTPAY LTD","storeId":"","sourceIndex":"979","avBlockList":["Avast Premium Security (20230815)","AVG Internet Security (20230815)","Avira Internet Security (20230815)","COMODO Antivirus (20230815)","Dr.Web Security Space (20230815)","ESET Internet Security (20230815)","K7 Total Security (20230815)","Malwarebytes Premium (20230815)","Norton Security (20230815)","Panda Dome (20230815)","Quick Heal Internet Security (20230815)","Sophos Home Premium (20230815)","SpyHunter5 (20230815)","Total AV Antivirus Pro (20230815)","VirIT eXplorer PRO (20230815)","Webroot SecureAnywhere (20230815)"],"avAllowList":["360 Total Security (20230815)","Bitdefender Internet Security (20230815)","G DATA INTERNET SECURITY (20230815)","Kaspersky Internet Security (20230815)","McAfee Total Protection (20230815)","Trend Micro Internet Security (20230815)","VIPRE Advanced Security (20230815)","Windows Defender (20230815)"]}],"additionalFiles":[],"sources":[{"howFound":"ROSTPAY LTD apps","reference":"","landingPage":"https://www.dllhelper.net/","directDownloadingLink":"https://www.dllhelper.net/download/init","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.dllhelper.net/download/init","sourceIndex":"979"}],"sampleFiles":["230713/DLLHelper-230508/3.0.13/Samples/dll-helper-install__25.exe"],"imageFiles":["230713/DLLHelper-230508/3.0.13/Images/ACR-042/ACR-042.JPG","230713/DLLHelper-230508/3.0.13/Images/ACR-042/ACR-042_1.JPG","230713/DLLHelper-230508/3.0.13/Images/ACR-013/ACR-013.JPG","230713/DLLHelper-230508/3.0.13/Images/ACR-013/ACR-013_1.JPG","230713/DLLHelper-230508/3.0.13/Images/ACR-060/ACR-060.JPG","230713/DLLHelper-230508/3.0.13/Images/ACR-060/ACR-060_1.JPG"],"nonDeceptorImageFiles":[],"guid":"4b62ff50-e0a6-4caf-b259-0adb50def0f2_3.0.13_1","appID":"DLLHelper-230508","dateAdded":"250925","deceptorType":"App","name":"DLL Helper","company":"ROSTPAY LTD","version":"3.0.13","firstResolvedVersion":"","lastKnownStatus":"3.0.13;3.1.0;4.2.0.0;4.3.0.0","lastKnownDate":"250925","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2025-09-25T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":4,"sortOrder":227},{"violations":{"ACR-043":"1. Third-party component 'FFmpeg' gets dropped without any disclosure.\n2. The \"Repocket\" components get dropped in one click without asking the user's permission and disclosing the installation path.\n","ACR-107":"The app does not disclose relevant license information about third party component 'FFmpeg' installed\n","ACR-048":" The app does not provide any control to cancel the installation process. \n","ACR-007":"The app does not obtain user explicit consent which reduces the consumer's security posture caused by sharing the user's internet resource.\n","ACR-084":"The processes related to repocket keep running in the background despite disabling the \"Sharing Internet\" option, hiding the fact that it is active from the consumer without any notification.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components on the device without the consumer's consent or notifying the user.\n"},"nonDeceptorViolations":{"ACR-040":"The app drops all its components in the hidden path \"C:\\Users\\User\\AppData\\Local\\Programs\\repocket\".\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Users\\User\\AppData\\Local\\Programs\\repocket\\repocket.exe","companyName":"Geonode Pte Ltd","productName":"Repocket","productVersion":"1.2.1.0","fileVersion":"1.2.1","hashMD5":"7e2e389071c63c04abb101087bf768a6","hashSHA1":"a000e0f511619d76cd06f58ca050473ee607e716","hashSHA256":"892e8396b7d010dfa9c6852019c23ee361939a93fc61b4abfbbd7f6ced0f9e2b","digitalCertThumbprint":"4E413A8BFF9675DF68AA52E8B10CCDBA6184C0E7","digitalCertIssuer":"Certum Extended Validation Code Signing 2021 CA","digitalCertIssuedTo":"Geonode Pte Ltd","storeId":"","sourceIndex":"773","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"repocket-1.2.1-setup.exe","isInstaller":"True","companyName":"Geonode Pte Ltd","productName":"Repocket","productVersion":"1.2.1","fileVersion":"1.2.1","hashMD5":"d92286f7275b1692b9360f05a0113cff","hashSHA1":"e5c78f914e09a3107a9447005cd43ab63365bb23","hashSHA256":"5ba6c4735eddf4913b1e7d4169c2688a8aac11f7aea88a3d88e78d39d10a02cd","digitalCertThumbprint":"4E413A8BFF9675DF68AA52E8B10CCDBA6184C0E7","digitalCertIssuer":"Certum Extended Validation Code Signing 2021 CA","digitalCertIssuedTo":"Geonode Pte Ltd","storeId":"","sourceIndex":"773","avBlockList":["360 Total Security (20240227)","Avast Premium Security (20240227)","AVG Internet Security (20240227)","Avira Internet Security (20240227)","COMODO Antivirus (20240227)","ESET Internet Security (20240227)","K7 Total Security (20240227)","Kaspersky Internet Security (20240227)","McAfee Total Protection (20240227)","Norton Security (20240227)","Panda Dome (20240227)","Quick Heal Internet Security (20240227)","Sophos Home Premium (20240227)","SpyHunter5 (20240227)","Total AV Antivirus Pro (20240227)","VirIT eXplorer PRO (20240227)","Webroot SecureAnywhere (20240227)","Windows Defender (20240227)"],"avAllowList":["Bitdefender Internet Security (20240227)","Dr.Web Security Space (20240227)","G DATA INTERNET SECURITY (20240227)","Malwarebytes Premium (20240227)","Trend Micro Internet Security (20240227)","VIPRE Advanced Security (20240227)"]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on windows app","reference":"","landingPage":"https://repocket.co/","directDownloadingLink":"https://repocket-production.s3.fr-par.scw.cloud/repocket-desktop/updates/1.2.1/repocket-1.2.1-setup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://repocket-production.s3.fr-par.scw.cloud/repocket-desktop/updates/1.2.1/repocket-1.2.1-setup.exe","sourceIndex":"773"}],"sampleFiles":["240105/Repocket-230208/1.2.1/Samples/repocket-1.2.1-setup.exe"],"imageFiles":["240105/Repocket-230208/1.2.1/Images/ACR-043/ACR-043.PNG","240105/Repocket-230208/1.2.1/Images/ACR-043/ACR-043_1.PNG","240105/Repocket-230208/1.2.1/Images/ACR-107/ACR-107.PNG","240105/Repocket-230208/1.2.1/Images/ACR-048/ACR-048.PNG","240105/Repocket-230208/1.2.1/Images/ACR-084/ACR-084.PNG","240105/Repocket-230208/1.2.1/Images/ACR-007/ACR-007.PNG","240105/Repocket-230208/1.2.1/Images/ACR-118/ACR-118.PNG","240105/Repocket-230208/1.2.1/Images/ACR-118/ACR-118_1.PNG"],"nonDeceptorImageFiles":["240105/Repocket-230208/1.2.1/Images/ACR-040/ACR-040.PNG"],"guid":"b29f1f4e-7c57-4887-a52e-9e34d40337a4_1.2.1_1","appID":"Repocket-230208","dateAdded":"250917","deceptorType":"App","name":"Repocket","company":"Repocket","version":"1.2.1","lastKnownStatus":"1.1.10;1.1.34;1.1.36;1.1.37;1.1.38;1.1.40;1.1.42;1.2.1;1.2.2;1.2.7;1.3.6","lastKnownDate":"250917","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 8,Windows 7,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"mining","lastUpdate":"2025-09-17T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":11,"sortOrder":231},{"violations":{"ACR-048":" The app does not provide any control to cancel the installation process. \n","ACR-007":"The app does not obtain user explicit consent (accept/decline) which reduces the consumer's security posture caused by sharing the user's internet resource. \n","ACR-084":"When application minimizes to systray, the processes related to repocket keep running in the background with sharing Internet enabled, hiding the fact that it is active from the consumer without any notification.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components on the device without the consumer's consent or notifying the user. \n"},"nonDeceptorViolations":{"ACR-040":"The app drops all its components in the hidden path \"C:\\Users\\User\\AppData\\Local\\Programs\\repocket\" &C:\\Users\\User\\AppData\\Roaming\\repocket\"\n"},"samples":[{"isRevoked":"False","fileName":"repocket-1.3.6-setup.exe","isInstaller":"True","companyName":"Geonode Pte Ltd","productName":"Repocket","productVersion":"1.3.6","fileVersion":"1.3.6","hashMD5":"33828223bb8206ec3188dee17f9c7fa3","hashSHA1":"278659950228c3a8108ff73bc7f98954e9617b5c","hashSHA256":"a831ce111d3fb106a289d68a74aad5594f5a6177aadf7d54ad7aa8ea139df52f","digitalCertThumbprint":"10A8138A5B407266C80FDFE56436F0E45485E0C2","digitalCertIssuer":"CN=SSL.com EV Code Signing Intermediate CA RSA R3, O=SSL Corp, L=Houston, S=Texas, C=US","digitalCertIssuedTo":"OID.1.3.6.1.4.1.311.60.2.1.3=SG, OID.2.5.4.15=Private Organization, CN=Geonode Pte Ltd, SERIALNUMBER=202105609Z, O=Geonode Pte Ltd, L=Singapore, C=SG","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"168","avBlockList":["360 Total Security (20251216)","Avast Premium Security (20251216)","AVG Internet Security (20251216)","Avira Internet Security (20251216)","FortectPremium (20251216)","K7 Total Security (20251216)","KasperskyPremium (20251216)","Malwarebytes Premium (20251216)","McAfee Total Protection (20251216)","Norton Security (20251216)","Panda Dome (20251216)","Quick Heal Internet Security (20251216)","Sophos Home Premium (20251216)","SpyHunter5 (20251216)","Total AV Antivirus Pro (20251216)","VirIT eXplorer PRO (20251216)","Webroot SecureAnywhere (20251216)","Windows Defender (20251216)"],"avAllowList":["Bitdefender Internet Security (20251216)","COMODO Antivirus (20251216)","Dr.Web Security Space (20251216)","ESET Internet Security (20251216)","G DATA INTERNET SECURITY (20251216)","Trend Micro Internet Security (20251216)","VIPRE Advanced Security (20251216)"]},{"isRevoked":"False","fileName":"repocket.exe","companyName":"Geonode Pte Ltd","productName":"Repocket","productVersion":"1.3.6.0","fileVersion":"1.3.6","hashMD5":"1506087036699e5c7c98833a66f44924","hashSHA1":"267d5acc69dff7297577d53535e437a618dc0f25","hashSHA256":"46e807a126f77831bb4fba5c2720c60405c18eddcd094a5e5f1ba561c3f6b2d5","digitalCertThumbprint":"10A8138A5B407266C80FDFE56436F0E45485E0C2","digitalCertIssuer":"CN=SSL.com EV Code Signing Intermediate CA RSA R3, O=SSL Corp, L=Houston, S=Texas, C=US","digitalCertIssuedTo":"OID.1.3.6.1.4.1.311.60.2.1.3=SG, OID.2.5.4.15=Private Organization, CN=Geonode Pte Ltd, SERIALNUMBER=202105609Z, O=Geonode Pte Ltd, L=Singapore, C=SG","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"168","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"System borrowing app","reference":"","landingPage":"https://repocket.co/download/","ipv4":"","ipv6":"","sourceIndex":"168"}],"sampleFiles":["250917/Repocket-230208/1.3.6/Samples/repocket-1.3.6-setup.exe"],"imageFiles":["250917/Repocket-230208/1.3.6/Images/ACR-048/ACR-048.PNG","250917/Repocket-230208/1.3.6/Images/ACR-084/ACR-084_Software_1.png","250917/Repocket-230208/1.3.6/Images/ACR-007/ACR-007_Software_1.png","250917/Repocket-230208/1.3.6/Images/ACR-118/ACR-118_Uninstall_1.png"],"nonDeceptorImageFiles":["250917/Repocket-230208/1.3.6/Images/ACR-040/ACR-040_Install_1.png","250917/Repocket-230208/1.3.6/Images/ACR-040/ACR-040_Install_2.png"],"guid":"b29f1f4e-7c57-4887-a52e-9e34d40337a4_1.3.6_1","appID":"Repocket-230208","dateAdded":"250917","deceptorType":"App","name":"Repocket","company":"Repocket","version":"1.3.6","lastKnownStatus":"1.1.10;1.1.34;1.1.36;1.1.37;1.1.38;1.1.40;1.1.42;1.2.1;1.2.2;1.2.7;1.3.6","lastKnownDate":"250917","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 8,Windows 7,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"mining","lastUpdate":"2025-09-18T01:19:48.28884+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":11,"sortOrder":228},{"violations":{"ACR-048":" The app does not provide any control to cancel the installation process. \n","ACR-007":"The app does not obtain user explicit consent (accept/decline) which reduces the consumer's security posture caused by sharing the user's internet resource. \n","ACR-084":"When application minimizes to systray, the processes related to repocket keep running in the background with sharing Internet enabled, hiding the fact that it is active from the consumer without any notification.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components on the device without the consumer's consent or notifying the user. \n"},"nonDeceptorViolations":{"ACR-040":"The app drops all its components in the hidden path \"C:\\Users\\User\\AppData\\Local\\Programs\\repocket\" &C:\\Users\\User\\AppData\\Roaming\\repocket\"\n"},"samples":[{"isRevoked":"False","fileName":"repocket-1.2.7-setup.exe","isInstaller":"True","companyName":"Geonode Pte Ltd","fileVersion":"1.2","hashMD5":"518a4c0356281525fc139f2bf275615c","hashSHA1":"072ef6d3c127744d155840257f053ddf86d3aa41","hashSHA256":"fc80e01d2654b60c6986234a12d5fadde80b40034c6d352de1445997bd839e31","digitalCertThumbprint":"4E413A8BFF9675DF68AA52E8B10CCDBA6184C0E7","digitalCertIssuer":"CN=Certum Extended Validation Code Signing 2021 CA, O=Asseco Data Systems S.A., C=PL","digitalCertIssuedTo":"CN=Geonode Pte Ltd, O=Geonode Pte Ltd, L=Singapore, C=SG, SERIALNUMBER=202105609Z, OID.2.5.4.15=Private Organization, STREET=\"12 Eu Tong Sen , 08-169 The Central\", PostalCode=059819, OID.1.3.6.1.4.1.311.60.2.1.3=SG","sourceIndex":"607","avBlockList":["Avast Premium Security (20240827)","AVG Internet Security (20240827)","Avira Internet Security (20240827)","ESET Internet Security (20240827)","FortectPremium (20240827)","K7 Total Security (20240827)","Kaspersky Internet Security (20240723)","Malwarebytes Premium (20240827)","McAfee Total Protection (20240827)","Norton Security (20240827)","Panda Dome (20240827)","Quick Heal Internet Security (20240827)","Sophos Home Premium (20240827)","SpyHunter5 (20240827)","Total AV Antivirus Pro (20240827)","VirIT eXplorer PRO (20240827)","Webroot SecureAnywhere (20240827)","Windows Defender (20240827)","KasperskyPremium (20240827)"],"avAllowList":["360 Total Security (20240827)","Bitdefender Internet Security (20240827)","COMODO Antivirus (20240827)","Dr.Web Security Space (20240827)","G DATA INTERNET SECURITY (20240827)","Trend Micro Internet Security (20240827)","VIPRE Advanced Security (20240827)"]},{"isRevoked":"False","fileName":"repocket.exe","companyName":"Geonode Pte Ltd","fileVersion":"1.2","hashMD5":"d17c0fa86ef478849e6442dec85f2fdd","hashSHA1":"578e8a93387d5e4dcbe1ba1027f2d6616103320a","hashSHA256":"3dfaea68ff12ed78315196b491ca41675438710ea55383f681a6a9e8d8430fe4","digitalCertThumbprint":"4E413A8BFF9675DF68AA52E8B10CCDBA6184C0E7","digitalCertIssuer":"CN=Certum Extended Validation Code Signing 2021 CA, O=Asseco Data Systems S.A., C=PL","digitalCertIssuedTo":"CN=Geonode Pte Ltd, O=Geonode Pte Ltd, L=Singapore, C=SG, SERIALNUMBER=202105609Z, OID.2.5.4.15=Private Organization, STREET=\"12 Eu Tong Sen , 08-169 The Central\", PostalCode=059819, OID.1.3.6.1.4.1.311.60.2.1.3=SG","sourceIndex":"607","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"repocket-1.2.7-setup_71024.exe","isInstaller":"True","companyName":"Geonode Pte Ltd","fileVersion":"1.2","hashMD5":"04ed1a873229e274376afbce435a648e","hashSHA1":"dfd724a6cde5f848396ccd2c6b2a120f91e67d31","hashSHA256":"c279d7ebf811c9ff2a647e016dceada9450d8cb402ff55181649a2688a8e2f84","digitalCertThumbprint":"4E413A8BFF9675DF68AA52E8B10CCDBA6184C0E7","digitalCertIssuer":"CN=Certum Extended Validation Code Signing 2021 CA, O=Asseco Data Systems S.A., C=PL","digitalCertIssuedTo":"CN=Geonode Pte Ltd, O=Geonode Pte Ltd, L=Singapore, C=SG, SERIALNUMBER=202105609Z, OID.2.5.4.15=Private Organization, STREET=\"12 Eu Tong Sen , 08-169 The Central\", PostalCode=059819, OID.1.3.6.1.4.1.311.60.2.1.3=SG","sourceIndex":"607","avBlockList":["360 Total Security (20240905)","Avast Premium Security (20240905)","AVG Internet Security (20240905)","Avira Internet Security (20240905)","ESET Internet Security (20240905)","FortectPremium (20240905)","K7 Total Security (20240905)","KasperskyPremium (20240905)","Malwarebytes Premium (20240905)","McAfee Total Protection (20240905)","Norton Security (20240905)","Panda Dome (20240905)","Quick Heal Internet Security (20240905)","Sophos Home Premium (20240905)","SpyHunter5 (20240905)","Total AV Antivirus Pro (20240905)","VirIT eXplorer PRO (20240905)","Webroot SecureAnywhere (20240905)"],"avAllowList":["Bitdefender Internet Security (20240905)","COMODO Antivirus (20240905)","Dr.Web Security Space (20240905)","G DATA INTERNET SECURITY (20240905)","Trend Micro Internet Security (20240905)","VIPRE Advanced Security (20240905)","Windows Defender (20240905)"]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on windows app","reference":"","landingPage":"https://repocket.com/","directDownloadingLink":"https://repocket.com/download","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://repocket.com/download","sourceIndex":"607"}],"sampleFiles":["240710/Repocket-230208/1.2.7/Samples/repocket-1.2.7-setup.exe","240710/Repocket-230208/1.2.7/Samples/repocket.exe","240710/Repocket-230208/1.2.7/Samples/repocket-1.2.7-setup_71024.exe"],"imageFiles":["240710/Repocket-230208/1.2.7/Images/ACR-048/ACR-048.PNG","240710/Repocket-230208/1.2.7/Images/ACR-084/ACR-084.PNG","240710/Repocket-230208/1.2.7/Images/ACR-007/ACR-007.PNG","240710/Repocket-230208/1.2.7/Images/ACR-118/ACR-118_Uninstall_1.png"],"nonDeceptorImageFiles":["240710/Repocket-230208/1.2.7/Images/ACR-040/ACR-040_Install_1.png","240710/Repocket-230208/1.2.7/Images/ACR-040/ACR-040_Install_2.png"],"guid":"b29f1f4e-7c57-4887-a52e-9e34d40337a4_1.2.7_1","appID":"Repocket-230208","dateAdded":"250917","deceptorType":"App","name":"Repocket","company":"Repocket","version":"1.2.7","lastKnownStatus":"1.1.10;1.1.34;1.1.36;1.1.37;1.1.38;1.1.40;1.1.42;1.2.1;1.2.2;1.2.7;1.3.6","lastKnownDate":"250917","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 8,Windows 7,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"mining","lastUpdate":"2025-09-17T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":11,"sortOrder":229},{"violations":{"ACR-043":"1. Third-party component 'FFmpeg' gets dropped without any disclosure.\n2. The \"Repocket\" components get dropped in one click without asking the user's permission and disclosing the installation path.\n","ACR-107":"The app does not disclose relevant license information about third party component 'FFmpeg' installed\n","ACR-048":" The app does not provide any control to cancel the installation process. \n","ACR-007":"The app does not obtain user explicit consent which reduces the consumer's security posture caused by sharing the user's internet resource.\n","ACR-084":"The processes related to repocket keep running in the background despite disabling the \"Sharing Internet\" option, hiding the fact that it is active from the consumer without any notification.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components on the device without the consumer's consent or notifying the user.\n"},"nonDeceptorViolations":{"ACR-040":"The app drops all its components in the hidden path \"C:\\Users\\User\\AppData\\Local\\Programs\\repocket\".\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Users\\User\\AppData\\Local\\Programs\\repocket\\repocket.exe","companyName":"Geonode Pte Ltd","productName":"Repocket","productVersion":"1.2.2.0","fileVersion":"1.2.2","hashMD5":"fe9089a318d0a722cbf7d9ad152aa008","hashSHA1":"b69f3cfc894858356191f20070a4c72da3eb1b00","hashSHA256":"c63d70c8b4fe37408f5ddb25219cf8630beea2aecf4ecc1cca6c660dc81faacf","digitalCertThumbprint":"4E413A8BFF9675DF68AA52E8B10CCDBA6184C0E7","digitalCertIssuer":"Certum Extended Validation Code Signing 2021 CA","digitalCertIssuedTo":"Geonode Pte Ltd","storeId":"","sourceIndex":"740","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"repocket-1.2.2-setup.exe","isInstaller":"True","companyName":"Geonode Pte Ltd","productName":"Repocket","productVersion":"1.2.2","fileVersion":"1.2.2","hashMD5":"f9ef2d1143db1f068f0c4590387803f5","hashSHA1":"471d49e1c4c2f9e5acef34219c1da055191ec87f","hashSHA256":"a10f1fda937ae652afb410a2caea8387457242977d8cee30fb6582a779806769","digitalCertThumbprint":"4E413A8BFF9675DF68AA52E8B10CCDBA6184C0E7","digitalCertIssuer":"Certum Extended Validation Code Signing 2021 CA","digitalCertIssuedTo":"Geonode Pte Ltd","storeId":"","sourceIndex":"740","avBlockList":["360 Total Security (20240307)","Avast Premium Security (20240307)","AVG Internet Security (20240307)","Avira Internet Security (20240307)","ESET Internet Security (20240307)","K7 Total Security (20240307)","Kaspersky Internet Security (20240307)","McAfee Total Protection (20240307)","Norton Security (20240307)","Panda Dome (20240307)","Quick Heal Internet Security (20240307)","Sophos Home Premium (20240307)","SpyHunter5 (20240307)","Total AV Antivirus Pro (20240307)","VirIT eXplorer PRO (20240307)","Webroot SecureAnywhere (20240307)","Windows Defender (20240307)"],"avAllowList":["Bitdefender Internet Security (20240307)","COMODO Antivirus (20240307)","Dr.Web Security Space (20240307)","G DATA INTERNET SECURITY (20240307)","Malwarebytes Premium (20240307)","Trend Micro Internet Security (20240307)","VIPRE Advanced Security (20240307)"]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on windows app","reference":"","landingPage":"https://repocket.co/","directDownloadingLink":"https://repocket-production.s3.fr-par.scw.cloud/repocket-desktop/updates/1.2.2/repocket-1.2.2-setup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://repocket-production.s3.fr-par.scw.cloud/repocket-desktop/updates/1.2.2/repocket-1.2.2-setup.exe","sourceIndex":"740"}],"sampleFiles":["240205/Repocket-230208/1.2.2/Samples/repocket-1.2.2-setup.exe"],"imageFiles":["240205/Repocket-230208/1.2.2/Images/ACR-043/ACR-043.PNG","240205/Repocket-230208/1.2.2/Images/ACR-043/ACR-043_1.PNG","240205/Repocket-230208/1.2.2/Images/ACR-107/ACR-107.PNG","240205/Repocket-230208/1.2.2/Images/ACR-048/ACR-048.PNG","240205/Repocket-230208/1.2.2/Images/ACR-084/ACR-084.PNG","240205/Repocket-230208/1.2.2/Images/ACR-007/ACR-007.PNG","240205/Repocket-230208/1.2.2/Images/ACR-118/ACR-118.PNG","240205/Repocket-230208/1.2.2/Images/ACR-118/ACR-118_1.PNG"],"nonDeceptorImageFiles":["240205/Repocket-230208/1.2.2/Images/ACR-040/ACR-040.PNG"],"guid":"b29f1f4e-7c57-4887-a52e-9e34d40337a4_1.2.2_1","appID":"Repocket-230208","dateAdded":"250917","deceptorType":"App","name":"Repocket","company":"Repocket","version":"1.2.2","lastKnownStatus":"1.1.10;1.1.34;1.1.36;1.1.37;1.1.38;1.1.40;1.1.42;1.2.1;1.2.2;1.2.7;1.3.6","lastKnownDate":"250917","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 8,Windows 7,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"mining","lastUpdate":"2025-09-17T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":11,"sortOrder":230},{"violations":{"ACR-043":"1. Third-party component 'FFmpeg' gets dropped without any disclosure.\n2. The \"Repocket\" components get dropped in one click without asking the user's permission and disclosing the installation path.\n","ACR-107":"The app does not disclose relevant license information about 3rd party component 'FFmpeg' installed\n","ACR-048":" The app does not provide any control to cancel the installation process. \n","ACR-007":"The app does not obtain user explicit consent which reduces the consumer's security posture caused by sharing the user's internet resource.\n","ACR-084":"The processes related to repocket keep running in the background despite disabling the \"Sharing Internet\" option, hiding the fact that it is active from the consumer without any notification.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components on the device without the consumer's consent or notifying the user.\n"},"nonDeceptorViolations":{"ACR-040":"The app drops all its components in the hidden path \"C:\\Users\\User\\AppData\\Local\\Programs\\repocket-desktop\".\n","ACR-092":"The app does not provide a digital signature for all the executables.\n","ACR-123":"The apps do not remove their startup item even after uninstalling.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Users\\User\\AppData\\Local\\Programs\\repocket-desktop\\Repocket.exe","companyName":"Repocket","productName":"Repocket","productVersion":"1.1.13.0","fileVersion":"1.1.13","hashMD5":"2f577a55466fa7152a9ee8a89c17c751","hashSHA1":"5f5a588af59a438f6e4bf6d22e24c727abaf5473","hashSHA256":"f899998c8243f95ffb744df8450ea2c17bdc35e7630912914017e3358be338bb","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1207","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"Repocket Setup 1.1.10.exe","isInstaller":"True","companyName":"Repocket","productName":"Repocket","productVersion":"1.1.10","fileVersion":"1.1.10","hashMD5":"d197cc9ee404e9cad006b455469a7644","hashSHA1":"092ef7636fd1186a53a9a0e5bdce97f4daa4230b","hashSHA256":"12e0b17a2a7571311d3b99d84c75fb93b50fd0a1939f76e6bd596ced8b1ba072","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1207","avBlockList":["360 Total Security (20240808)","Avast Premium Security (20240808)","AVG Internet Security (20240808)","Avira Internet Security (20240808)","COMODO Antivirus (20240808)","Dr.Web Security Space (20240808)","ESET Internet Security (20240808)","K7 Total Security (20240808)","Kaspersky Internet Security (20230831)","Malwarebytes Premium (20240808)","McAfee Total Protection (20240808)","Norton Security (20240808)","Panda Dome (20240808)","Quick Heal Internet Security (20240808)","Sophos Home Premium (20240808)","SpyHunter5 (20240808)","Total AV Antivirus Pro (20240808)","VirIT eXplorer PRO (20240808)","Webroot SecureAnywhere (20240808)","Windows Defender (20240808)","FortectPremium (20240808)","KasperskyPremium (20240808)"],"avAllowList":["Bitdefender Internet Security (20240808)","G DATA INTERNET SECURITY (20240808)","Trend Micro Internet Security (20240808)","VIPRE Advanced Security (20240808)"]}],"additionalFiles":[],"sources":[{"howFound":"System borrowing app","reference":"","landingPage":"https://repocket.co/download/","ipv4":"","ipv6":"","sourceIndex":"1207"}],"sampleFiles":["230222/Repocket-230208/1.1.10/Samples/Repocket Setup 1.1.10.exe"],"imageFiles":["230222/Repocket-230208/1.1.10/Images/ACR-043/ACR-043.JPG","230222/Repocket-230208/1.1.10/Images/ACR-043/ACR-043_1.JPG","230222/Repocket-230208/1.1.10/Images/ACR-107/ACR-107.JPG","230222/Repocket-230208/1.1.10/Images/ACR-048/ACR-048.JPG","230222/Repocket-230208/1.1.10/Images/ACR-084/ACR-084.JPG","230222/Repocket-230208/1.1.10/Images/ACR-084/ACR-084_1.JPG","230222/Repocket-230208/1.1.10/Images/ACR-007/ACR-007.JPG","230222/Repocket-230208/1.1.10/Images/ACR-118/ACR-118.JPG","230222/Repocket-230208/1.1.10/Images/ACR-118/ACR-118_1.JPG"],"nonDeceptorImageFiles":["230222/Repocket-230208/1.1.10/Images/ACR-040/ACR-040.JPG","230222/Repocket-230208/1.1.10/Images/ACR-092/ACR-092.JPG","230222/Repocket-230208/1.1.10/Images/ACR-123/ACR-123.JPG"],"guid":"b29f1f4e-7c57-4887-a52e-9e34d40337a4_1.1.10_1","appID":"Repocket-230208","dateAdded":"250917","deceptorType":"App","name":"Repocket","company":"Repocket","version":"1.1.10","lastKnownStatus":"1.1.10;1.1.34;1.1.36;1.1.37;1.1.38;1.1.40;1.1.42;1.2.1;1.2.2;1.2.7;1.3.6","lastKnownDate":"250917","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 8,Windows 7,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"mining","lastUpdate":"2025-09-17T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":11,"sortOrder":238},{"violations":{"ACR-043":"1. Third-party component 'FFmpeg' gets dropped without any disclosure.\n2. The \"Repocket\" components get dropped in one click without asking the user's permission and disclosing the installation path.\n","ACR-107":"The app does not disclose relevant license information about third party component 'FFmpeg' installed\n","ACR-048":" The app does not provide any control to cancel the installation process. \n","ACR-007":"The app does not obtain user explicit consent which reduces the consumer's security posture caused by sharing the user's internet resource.\n","ACR-084":"The processes related to repocket keep running in the background despite disabling the \"Sharing Internet\" option, hiding the fact that it is active from the consumer without any notification.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components on the device without the consumer's consent or notifying the user.\n"},"nonDeceptorViolations":{"ACR-040":"The app drops all its components in the hidden path \"C:\\Users\\User\\AppData\\Local\\Programs\\repocket-desktop\".\n","ACR-123":"The apps do not remove their startup item even after uninstalling.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Users\\User\\AppData\\Local\\Programs\\repocket-desktop\\Repocket.exe","companyName":"Repocket","productName":"Repocket","productVersion":"1.1.42.0","fileVersion":"1.1.42","hashMD5":"b5df23dd83ff31f9e6c88fb9aefb99a3","hashSHA1":"2b1bf1ad1ff396ccb5f8bfd99ae9eeddd8c7ffa1","hashSHA256":"d04b2e92cc9387fa217fcafd1d2653cfa3a41f3dbf2a72aab928edff02733dee","digitalCertThumbprint":"4E413A8BFF9675DF68AA52E8B10CCDBA6184C0E7","digitalCertIssuer":"Certum Extended Validation Code Signing 2021 CA","digitalCertIssuedTo":"Geonode Pte Ltd","storeId":"","sourceIndex":"895","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"Repocket Setup 1.1.42.exe","isInstaller":"True","companyName":"Repocket","productName":"Repocket","productVersion":"1.1.42","fileVersion":"1.1.42","hashMD5":"fb2537c27d116830d064e3997b941503","hashSHA1":"1bca82f486b6b856541bf6e1a666f39e80d089d3","hashSHA256":"7708209a1e52e04f1d0f2f895af01d9b273bf49f5e9e6d57bfd2700fd7f414b3","digitalCertThumbprint":"4E413A8BFF9675DF68AA52E8B10CCDBA6184C0E7","digitalCertIssuer":"Certum Extended Validation Code Signing 2021 CA","digitalCertIssuedTo":"Geonode Pte Ltd","storeId":"","sourceIndex":"895","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on windows app","reference":"","landingPage":"https://repocket.co/","directDownloadingLink":"https://repocket-production.s3.fr-par.scw.cloud/repocket-desktop/updates/Repocket%20Setup%201.1.42.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://repocket-production.s3.fr-par.scw.cloud/repocket-desktop/updates/Repocket%20Setup%201.1.42.exe","sourceIndex":"895"}],"sampleFiles":["230925/Repocket-230208/1.1.42/Samples/Repocket Setup 1.1.42.exe"],"imageFiles":["230925/Repocket-230208/1.1.42/Images/ACR-043/ACR-043.PNG","230925/Repocket-230208/1.1.42/Images/ACR-043/ACR-043_1.PNG","230925/Repocket-230208/1.1.42/Images/ACR-107/ACR-107.PNG","230925/Repocket-230208/1.1.42/Images/ACR-048/ACR-048.PNG","230925/Repocket-230208/1.1.42/Images/ACR-084/ACR-084.PNG","230925/Repocket-230208/1.1.42/Images/ACR-084/ACR-084_1.PNG","230925/Repocket-230208/1.1.42/Images/ACR-007/ACR-007.PNG","230925/Repocket-230208/1.1.42/Images/ACR-118/ACR-118.PNG","230925/Repocket-230208/1.1.42/Images/ACR-118/ACR-118_1.PNG"],"nonDeceptorImageFiles":["230925/Repocket-230208/1.1.42/Images/ACR-040/ACR-040.PNG","230925/Repocket-230208/1.1.42/Images/ACR-123/ACR-123.PNG"],"guid":"b29f1f4e-7c57-4887-a52e-9e34d40337a4_1.1.42_1","appID":"Repocket-230208","dateAdded":"250917","deceptorType":"App","name":"Repocket","company":"Repocket","version":"1.1.42","lastKnownStatus":"1.1.10;1.1.34;1.1.36;1.1.37;1.1.38;1.1.40;1.1.42;1.2.1;1.2.2;1.2.7;1.3.6","lastKnownDate":"250917","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 8,Windows 7,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"mining","lastUpdate":"2025-09-17T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":11,"sortOrder":232},{"violations":{"ACR-043":"1. Third-party component 'FFmpeg' gets dropped without any disclosure.\n2. The \"Repocket\" components get dropped in one click without asking the user's permission and disclosing the installation path.\n","ACR-107":"The app does not disclose relevant license information about third party component 'FFmpeg' installed\n","ACR-048":" The app does not provide any control to cancel the installation process. \n","ACR-007":"The app does not obtain user explicit consent which reduces the consumer's security posture caused by sharing the user's internet resource.\n","ACR-084":"The processes related to repocket keep running in the background despite disabling the \"Sharing Internet\" option, hiding the fact that it is active from the consumer without any notification.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components on the device without the consumer's consent or notifying the user.\n"},"nonDeceptorViolations":{"ACR-040":"The app drops all its components in the hidden path \"C:\\Users\\User\\AppData\\Local\\Programs\\repocket-desktop\".\n","ACR-123":"The apps do not remove their startup item even after uninstalling.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Users\\User\\AppData\\Local\\Programs\\repocket-desktop\\Repocket.exe","companyName":"Repocket","productName":"Repocket","productVersion":"1.1.40.0","fileVersion":"1.1.40","hashMD5":"f19bbf77c8e7f0606795f197902534c4","hashSHA1":"129a0132116bfdb1ebcf1a1bd7f27351e9219348","hashSHA256":"de7417537a107681a47b81623456fcdc5858534f1bff2d5392494c77e45a1d41","digitalCertThumbprint":"4E413A8BFF9675DF68AA52E8B10CCDBA6184C0E7","digitalCertIssuer":"Certum Extended Validation Code Signing 2021 CA","digitalCertIssuedTo":"Geonode Pte Ltd","storeId":"","sourceIndex":"920","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"Repocket Setup 1.1.40.exe","isInstaller":"True","companyName":"Repocket","productName":"Repocket","productVersion":"1.1.40","fileVersion":"1.1.40","hashMD5":"d78490560aafad51829cfa87eb5d7bb6","hashSHA1":"0a5e1706b61b07d849ea78a48d756159719e1780","hashSHA256":"041120b87a58c71989466ebf6f1658cd9d77a4630ff6547e3ec79a0272180bef","digitalCertThumbprint":"4E413A8BFF9675DF68AA52E8B10CCDBA6184C0E7","digitalCertIssuer":"Certum Extended Validation Code Signing 2021 CA","digitalCertIssuedTo":"Geonode Pte Ltd","storeId":"","sourceIndex":"920","avBlockList":["360 Total Security (20230919)","Avast Premium Security (20230919)","AVG Internet Security (20230919)","Avira Internet Security (20230919)","Bitdefender Internet Security (20230919)","COMODO Antivirus (20230919)","ESET Internet Security (20230919)","K7 Total Security (20230919)","Kaspersky Internet Security (20230919)","Malwarebytes Premium (20230919)","McAfee Total Protection (20230919)","Norton Security (20230919)","Panda Dome (20230919)","Quick Heal Internet Security (20230919)","Sophos Home Premium (20230919)","SpyHunter5 (20230919)","Total AV Antivirus Pro (20230919)","VirIT eXplorer PRO (20230919)","Webroot SecureAnywhere (20230919)"],"avAllowList":["Dr.Web Security Space (20230919)","G DATA INTERNET SECURITY (20230919)","Trend Micro Internet Security (20230919)","VIPRE Advanced Security (20230919)","Windows Defender (20230919)"]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on windows app","reference":"","landingPage":"https://repocket.co/","directDownloadingLink":"https://repocket-production.s3.fr-par.scw.cloud/repocket-desktop/updates/Repocket%20Setup%201.1.40.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://repocket-production.s3.fr-par.scw.cloud/repocket-desktop/updates/Repocket%20Setup%201.1.40.exe","sourceIndex":"920"}],"sampleFiles":["230818/Repocket-230208/1.1.40/Samples/Repocket Setup 1.1.40.exe"],"imageFiles":["230818/Repocket-230208/1.1.40/Images/ACR-043/ACR-043.PNG","230818/Repocket-230208/1.1.40/Images/ACR-043/ACR-043_1.PNG","230818/Repocket-230208/1.1.40/Images/ACR-107/ACR-107.PNG","230818/Repocket-230208/1.1.40/Images/ACR-048/ACR-048.PNG","230818/Repocket-230208/1.1.40/Images/ACR-084/ACR-084.PNG","230818/Repocket-230208/1.1.40/Images/ACR-084/ACR-084_1.PNG","230818/Repocket-230208/1.1.40/Images/ACR-007/ACR-007.JPG","230818/Repocket-230208/1.1.40/Images/ACR-118/ACR-118.PNG","230818/Repocket-230208/1.1.40/Images/ACR-118/ACR-118_1.PNG"],"nonDeceptorImageFiles":["230818/Repocket-230208/1.1.40/Images/ACR-040/ACR-040.PNG","230818/Repocket-230208/1.1.40/Images/ACR-123/ACR-123.PNG"],"guid":"b29f1f4e-7c57-4887-a52e-9e34d40337a4_1.1.40_1","appID":"Repocket-230208","dateAdded":"250917","deceptorType":"App","name":"Repocket","company":"Repocket","version":"1.1.40","lastKnownStatus":"1.1.10;1.1.34;1.1.36;1.1.37;1.1.38;1.1.40;1.1.42;1.2.1;1.2.2;1.2.7;1.3.6","lastKnownDate":"250917","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 8,Windows 7,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"mining","lastUpdate":"2025-09-17T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":11,"sortOrder":233},{"violations":{"ACR-043":"1. Third-party component 'FFmpeg' gets dropped without any disclosure.\n2. The \"Repocket\" components get dropped in one click without asking the user's permission and disclosing the installation path.\n","ACR-107":"The app does not disclose relevant license information about third party component 'FFmpeg' installed\n","ACR-048":" The app does not provide any control to cancel the installation process. \n","ACR-007":"The app does not obtain user explicit consent which reduces the consumer's security posture caused by sharing the user's internet resource.\n","ACR-084":"The processes related to repocket keep running in the background despite disabling the \"Sharing Internet\" option, hiding the fact that it is active from the consumer without any notification.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components on the device without the consumer's consent or notifying the user.\n"},"nonDeceptorViolations":{"ACR-040":"The app drops all its components in the hidden path \"C:\\Users\\User\\AppData\\Local\\Programs\\repocket-desktop\".\n","ACR-092":"The app does not provide a digital signature for its executables.\n","ACR-123":"The apps do not remove their startup item even after uninstalling.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Users\\User\\AppData\\Local\\Programs\\repocket-desktop\\Repocket.exe","companyName":"Repocket","productName":"Repocket","productVersion":"1.1.37.0","fileVersion":"1.1.37","hashMD5":"09f00723855c626be0ddcbe8c7d087bf","hashSHA1":"597ee4338236d71b8597fc1509050f068afae0b6","hashSHA256":"ee8f9f1b6ecf34f912586b4eb74f0c6e3f581db90561e7264c7b43d8fbae2002","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"985","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"Repocket Setup 1.1.37.exe","isInstaller":"True","companyName":"Repocket","productName":"Repocket","productVersion":"1.1.37","fileVersion":"1.1.37","hashMD5":"efa198d91cf67a9873d94263aa5f3ff0","hashSHA1":"54f223322e0b0d49e358b7b3963bb7da609f6a72","hashSHA256":"fffc12e2825af399a88396198f0d4a68253ce20db2a6d0965f1069c9149d79df","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"985","avBlockList":["360 Total Security (20230803)","Avast Premium Security (20230803)","AVG Internet Security (20230803)","Avira Internet Security (20230803)","ESET Internet Security (20230803)","K7 Total Security (20230803)","Kaspersky Internet Security (20230803)","McAfee Total Protection (20230803)","Norton Security (20230803)","Panda Dome (20230803)","Quick Heal Internet Security (20230803)","Sophos Home Premium (20230803)","SpyHunter5 (20230803)","Total AV Antivirus Pro (20230803)","VirIT eXplorer PRO (20230803)","Webroot SecureAnywhere (20230803)"],"avAllowList":["Bitdefender Internet Security (20230803)","COMODO Antivirus (20230803)","Dr.Web Security Space (20230803)","G DATA INTERNET SECURITY (20230803)","Malwarebytes Premium (20230803)","Trend Micro Internet Security (20230803)","VIPRE Advanced Security (20230803)","Windows Defender (20230803)"]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on windows app","reference":"","landingPage":"https://repocket.co/","directDownloadingLink":"https://repocket-production.s3.fr-par.scw.cloud/repocket-desktop/updates/Repocket%20Setup%201.1.37.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://repocket-production.s3.fr-par.scw.cloud/repocket-desktop/updates/Repocket%20Setup%201.1.37.exe","sourceIndex":"985"}],"sampleFiles":["230712/Repocket-230208/1.1.37/Samples/Repocket Setup 1.1.37.exe"],"imageFiles":["230712/Repocket-230208/1.1.37/Images/ACR-043/ACR-043.JPG","230712/Repocket-230208/1.1.37/Images/ACR-043/ACR-043_1.JPG","230712/Repocket-230208/1.1.37/Images/ACR-107/ACR-107.JPG","230712/Repocket-230208/1.1.37/Images/ACR-048/ACR-048_Install.JPG","230712/Repocket-230208/1.1.37/Images/ACR-084/ACR-084.JPG","230712/Repocket-230208/1.1.37/Images/ACR-084/ACR-084_1.JPG","230712/Repocket-230208/1.1.37/Images/ACR-007/ACR-007.JPG","230712/Repocket-230208/1.1.37/Images/ACR-118/ACR-118.JPG","230712/Repocket-230208/1.1.37/Images/ACR-118/ACR-118_1.JPG"],"nonDeceptorImageFiles":["230712/Repocket-230208/1.1.37/Images/ACR-040/ACR-040.JPG","230712/Repocket-230208/1.1.37/Images/ACR-092/ACR-092.JPG","230712/Repocket-230208/1.1.37/Images/ACR-092/ACR-092_1.JPG","230712/Repocket-230208/1.1.37/Images/ACR-123/ACR-123.JPG"],"guid":"b29f1f4e-7c57-4887-a52e-9e34d40337a4_1.1.37_1","appID":"Repocket-230208","dateAdded":"250917","deceptorType":"App","name":"Repocket","company":"Repocket","version":"1.1.37","lastKnownStatus":"1.1.10;1.1.34;1.1.36;1.1.37;1.1.38;1.1.40;1.1.42;1.2.1;1.2.2;1.2.7;1.3.6","lastKnownDate":"250917","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 8,Windows 7,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"mining","lastUpdate":"2025-09-17T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":11,"sortOrder":234},{"violations":{"ACR-043":"1. Third-party component 'FFmpeg' gets dropped without any disclosure.\n2. The \"Repocket\" components get dropped in one click without asking the user's permission and disclosing the installation path.\n","ACR-107":"The app does not disclose relevant license information about third party component 'FFmpeg' installed\n","ACR-048":" The app does not provide any control to cancel the installation process. \n","ACR-007":"The app does not obtain user explicit consent which reduces the consumer's security posture caused by sharing the user's internet resource.\n","ACR-084":"The processes related to repocket keep running in the background despite disabling the \"Sharing Internet\" option, hiding the fact that it is active from the consumer without any notification.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components on the device without the consumer's consent or notifying the user.\n"},"nonDeceptorViolations":{"ACR-040":"The app drops all its components in the hidden path \"C:\\Users\\User\\AppData\\Local\\Programs\\repocket-desktop\".\n","ACR-092":"The app does not provide a digital signature for its executables.\n","ACR-123":"The apps do not remove their startup item even after uninstalling.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Users\\User\\AppData\\Local\\Programs\\repocket-desktop\\Repocket.exe","companyName":"Repocket","productName":"Repocket","productVersion":"1.1.38.0","fileVersion":"1.1.38","hashMD5":"69ffa29bf8177fc06ba0987fa78e2e9e","hashSHA1":"e7f68031a18db622af1c4ea2bcf433874d8ec890","hashSHA256":"9e9122c316a0202fb4f1343ab1c266f35e722a7a746e1a231d6b113333ee89c5","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"986","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"Repocket Setup 1.1.38.exe","isInstaller":"True","companyName":"Repocket","productName":"Repocket","productVersion":"1.1.38","fileVersion":"1.1.38","hashMD5":"713ac54029d8c25df912eae27cf50d4b","hashSHA1":"5136b7c7366ba31f400e603b151b0808800723e6","hashSHA256":"88d4417f07b77009c2750677b38b3bed3963ad4a486b674fd33ee5b096a1d140","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"986","avBlockList":["360 Total Security (20240806)","Avast Premium Security (20240806)","AVG Internet Security (20240806)","Avira Internet Security (20240806)","Bitdefender Internet Security (20240806)","ESET Internet Security (20240806)","K7 Total Security (20240806)","Kaspersky Internet Security (20230801)","Malwarebytes Premium (20240806)","McAfee Total Protection (20240806)","Norton Security (20240806)","Panda Dome (20240806)","Quick Heal Internet Security (20240806)","Sophos Home Premium (20240806)","SpyHunter5 (20240806)","Total AV Antivirus Pro (20240806)","VirIT eXplorer PRO (20240806)","Webroot SecureAnywhere (20240806)","Windows Defender (20240806)","FortectPremium (20240806)","KasperskyPremium (20240806)"],"avAllowList":["COMODO Antivirus (20240806)","Dr.Web Security Space (20240806)","G DATA INTERNET SECURITY (20240806)","Trend Micro Internet Security (20240806)","VIPRE Advanced Security (20240806)"]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on windows app","reference":"","landingPage":"https://repocket.co/","directDownloadingLink":"https://repocket-production.s3.fr-par.scw.cloud/repocket-desktop/updates/Repocket%20Setup%201.1.38.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://repocket-production.s3.fr-par.scw.cloud/repocket-desktop/updates/Repocket%20Setup%201.1.38.exe","sourceIndex":"986"}],"sampleFiles":["230712/Repocket-230208/1.1.38/Samples/Repocket Setup 1.1.38.exe"],"imageFiles":["230712/Repocket-230208/1.1.38/Images/ACR-043/ACR-043.JPG","230712/Repocket-230208/1.1.38/Images/ACR-043/ACR-043_1.JPG","230712/Repocket-230208/1.1.38/Images/ACR-107/ACR-107.JPG","230712/Repocket-230208/1.1.38/Images/ACR-048/ACR-048.JPG","230712/Repocket-230208/1.1.38/Images/ACR-084/ACR-084.JPG","230712/Repocket-230208/1.1.38/Images/ACR-084/ACR-084_1.JPG","230712/Repocket-230208/1.1.38/Images/ACR-007/ACR-007.JPG","230712/Repocket-230208/1.1.38/Images/ACR-118/ACR-118.JPG","230712/Repocket-230208/1.1.38/Images/ACR-118/ACR-118_1.JPG"],"nonDeceptorImageFiles":["230712/Repocket-230208/1.1.38/Images/ACR-040/ACR-040.JPG","230712/Repocket-230208/1.1.38/Images/ACR-092/ACR-092.JPG","230712/Repocket-230208/1.1.38/Images/ACR-092/ACR-092_1.JPG","230712/Repocket-230208/1.1.38/Images/ACR-123/ACR-123.JPG"],"guid":"b29f1f4e-7c57-4887-a52e-9e34d40337a4_1.1.38_1","appID":"Repocket-230208","dateAdded":"250917","deceptorType":"App","name":"Repocket","company":"Repocket","version":"1.1.38","lastKnownStatus":"1.1.10;1.1.34;1.1.36;1.1.37;1.1.38;1.1.40;1.1.42;1.2.1;1.2.2;1.2.7;1.3.6","lastKnownDate":"250917","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 8,Windows 7,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"mining","lastUpdate":"2025-09-17T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":11,"sortOrder":235},{"violations":{"ACR-043":"1. Third-party component 'FFmpeg' gets dropped without any disclosure.\n2. The \"Repocket\" components get dropped in one click without asking the user's permission and disclosing the installation path.\n","ACR-107":"The app does not disclose relevant license information about third party component 'FFmpeg' installed\n","ACR-048":" The app does not provide any control to cancel the installation process. \n","ACR-007":"The app does not obtain user explicit consent which reduces the consumer's security posture caused by sharing the user's internet resource.\n","ACR-084":"The processes related to repocket keep running in the background despite disabling the \"Sharing Internet\" option, hiding the fact that it is active from the consumer without any notification.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components on the device without the consumer's consent or notifying the user.\n"},"nonDeceptorViolations":{"ACR-040":"The app drops all its components in the hidden path \"C:\\Users\\User\\AppData\\Local\\Programs\\repocket-desktop\".\n","ACR-092":"The app does not provide a digital signature for its executables.\n","ACR-123":"The apps do not remove their startup item even after uninstalling.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Users\\User\\AppData\\Local\\Programs\\repocket-desktop\\Repocket.exe","companyName":"Repocket","productName":"Repocket","productVersion":"1.1.36.0","fileVersion":"1.1.36","hashMD5":"63c27a1cd194590db636ea5160b18821","hashSHA1":"822c525da41fd8663a917ae0bb0465387e9705cd","hashSHA256":"cc075d8eff75b1270f0d247714c53ff30461e5537c5abb589b07598bd64ca4e9","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1048","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"Repocket Setup 1.1.36.exe","isInstaller":"True","companyName":"Repocket","productName":"Repocket","productVersion":"1.1.36","fileVersion":"1.1.36","hashMD5":"43df8956b5249ba889c9526a908832be","hashSHA1":"d52aa564fe681ad2f08454462e6843b1878f9a2e","hashSHA256":"50e1baccff248e1dea93de71fed2418a381f26ab1a6c932fbcd3d210408d32e3","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1048","avBlockList":["360 Total Security (20240125)","Avast Premium Security (20240125)","AVG Internet Security (20240125)","Avira Internet Security (20240125)","ESET Internet Security (20240125)","K7 Total Security (20240125)","Kaspersky Internet Security (20240125)","Malwarebytes Premium (20240125)","McAfee Total Protection (20240125)","Norton Security (20240125)","Panda Dome (20240125)","Sophos Home Premium (20240125)","SpyHunter5 (20240125)","Total AV Antivirus Pro (20240125)","VirIT eXplorer PRO (20240125)","Webroot SecureAnywhere (20240125)","Windows Defender (20240125)"],"avAllowList":["Bitdefender Internet Security (20240125)","COMODO Antivirus (20240125)","Dr.Web Security Space (20240125)","G DATA INTERNET SECURITY (20240125)","Quick Heal Internet Security (20240125)","Trend Micro Internet Security (20240125)","VIPRE Advanced Security (20240125)"]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on windows app","reference":"","landingPage":"https://repocket.co/","directDownloadingLink":"https://repocket-production.s3.fr-par.scw.cloud/repocket-desktop/updates/Repocket%20Setup%201.1.36.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://repocket-production.s3.fr-par.scw.cloud/repocket-desktop/updates/Repocket%20Setup%201.1.36.exe","sourceIndex":"1048"}],"sampleFiles":["230615/Repocket-230208/1.1.36/Samples/Repocket Setup 1.1.36.exe"],"imageFiles":["230615/Repocket-230208/1.1.36/Images/ACR-043/ACR-043.JPG","230615/Repocket-230208/1.1.36/Images/ACR-043/ACR-043_1.JPG","230615/Repocket-230208/1.1.36/Images/ACR-107/ACR-107.JPG","230615/Repocket-230208/1.1.36/Images/ACR-048/ACR-048.JPG","230615/Repocket-230208/1.1.36/Images/ACR-084/ACR-084.JPG","230615/Repocket-230208/1.1.36/Images/ACR-084/ACR-084_1.JPG","230615/Repocket-230208/1.1.36/Images/ACR-007/ACR-007.JPG","230615/Repocket-230208/1.1.36/Images/ACR-118/ACR-118.JPG","230615/Repocket-230208/1.1.36/Images/ACR-118/ACR-118_1.JPG"],"nonDeceptorImageFiles":["230615/Repocket-230208/1.1.36/Images/ACR-040/ACR-040.JPG","230615/Repocket-230208/1.1.36/Images/ACR-092/ACR-092.JPG","230615/Repocket-230208/1.1.36/Images/ACR-092/ACR-092_1.JPG","230615/Repocket-230208/1.1.36/Images/ACR-123/ACR-123.JPG"],"guid":"b29f1f4e-7c57-4887-a52e-9e34d40337a4_1.1.36_1","appID":"Repocket-230208","dateAdded":"250917","deceptorType":"App","name":"Repocket","company":"Repocket","version":"1.1.36","lastKnownStatus":"1.1.10;1.1.34;1.1.36;1.1.37;1.1.38;1.1.40;1.1.42;1.2.1;1.2.2;1.2.7;1.3.6","lastKnownDate":"250917","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 8,Windows 7,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"mining","lastUpdate":"2025-09-17T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":11,"sortOrder":236},{"violations":{"ACR-043":"1. Third-party component 'FFmpeg' gets dropped without any disclosure.\n2. The \"Repocket\" components get dropped in one click without asking the user's permission and disclosing the installation path.\n","ACR-107":"The app does not disclose relevant license information about 3rd party component 'FFmpeg' installed\n","ACR-048":" The app does not provide any control to cancel the installation process. \n","ACR-007":"The app does not obtain user explicit consent which reduces the consumer's security posture caused by sharing the user's internet resource.\n","ACR-084":"The processes related to repocket keep running in the background despite disabling the \"Sharing Internet\" option, hiding the fact that it is active from the consumer without any notification.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components on the device without the consumer's consent or notifying the user.\n"},"nonDeceptorViolations":{"ACR-040":"The app drops all its components in the hidden path \"C:\\Users\\User\\AppData\\Local\\Programs\\repocket-desktop\".\n","ACR-092":"The app does not provide a digital signature for all the executables.\n","ACR-123":"The apps do not remove their startup item even after uninstalling.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Users\\User\\AppData\\Local\\Programs\\repocket-desktop\\Repocket.exe","companyName":"Repocket","productName":"Repocket","productVersion":"1.1.34.0","fileVersion":"1.1.34","hashMD5":"dc5b57635cbdfc49290f5a3d6572ded7","hashSHA1":"b169580360a055decc1f4bc7837d209299aa429e","hashSHA256":"c6596b04426529576306cf7c3888bc460908f21f2d26956e52223e141110d8d8","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1054","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"Repocket Setup 1.1.34.exe","isInstaller":"True","companyName":"Repocket","productName":"Repocket","productVersion":"1.1.34","fileVersion":"1.1.34","hashMD5":"15ce72f70c26f4299de93b70420f4062","hashSHA1":"acd639c0cf0b59eb0dfcb44c4cfcd9859c175029","hashSHA256":"5efa70a9818b0806e534d0132c235f5da8011f5c33f5b5f15d3d3fa4a3213ff9","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1054","avBlockList":["360 Total Security (20240725)","Avast Premium Security (20240725)","AVG Internet Security (20240725)","Avira Internet Security (20240725)","ESET Internet Security (20240725)","K7 Total Security (20240725)","Kaspersky Internet Security (20240725)","Malwarebytes Premium (20240725)","McAfee Total Protection (20240725)","Norton Security (20240725)","Panda Dome (20240725)","Quick Heal Internet Security (20240725)","Sophos Home Premium (20240725)","SpyHunter5 (20240725)","Total AV Antivirus Pro (20240725)","VirIT eXplorer PRO (20240725)","Webroot SecureAnywhere (20240725)","Windows Defender (20240725)","FortectPremium (20240725)"],"avAllowList":["Bitdefender Internet Security (20240725)","COMODO Antivirus (20240725)","Dr.Web Security Space (20240725)","G DATA INTERNET SECURITY (20240725)","Trend Micro Internet Security (20240725)","VIPRE Advanced Security (20240725)"]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on windows app","reference":"","landingPage":"https://repocket.co/","directDownloadingLink":"https://repocket-production.s3.fr-par.scw.cloud/repocket-desktop/updates/Repocket%20Setup%201.1.34.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://repocket-production.s3.fr-par.scw.cloud/repocket-desktop/updates/Repocket%20Setup%201.1.34.exe","sourceIndex":"1054"}],"sampleFiles":["230609/Repocket-230208/1.1.34/Samples/Repocket Setup 1.1.34.exe"],"imageFiles":["230609/Repocket-230208/1.1.34/Images/ACR-043/ACR-043.JPG","230609/Repocket-230208/1.1.34/Images/ACR-043/ACR-043_1.JPG","230609/Repocket-230208/1.1.34/Images/ACR-107/ACR-107.JPG","230609/Repocket-230208/1.1.34/Images/ACR-048/ACR-048.JPG","230609/Repocket-230208/1.1.34/Images/ACR-084/ACR-084.JPG","230609/Repocket-230208/1.1.34/Images/ACR-084/ACR-084_1.JPG","230609/Repocket-230208/1.1.34/Images/ACR-007/ACR-007.JPG","230609/Repocket-230208/1.1.34/Images/ACR-118/ACR-118.JPG","230609/Repocket-230208/1.1.34/Images/ACR-118/ACR-118_1.JPG"],"nonDeceptorImageFiles":["230609/Repocket-230208/1.1.34/Images/ACR-040/ACR-040.JPG","230609/Repocket-230208/1.1.34/Images/ACR-092/ACR-092.JPG","230609/Repocket-230208/1.1.34/Images/ACR-092/ACR-092_1.JPG","230609/Repocket-230208/1.1.34/Images/ACR-123/ACR-123.JPG"],"guid":"b29f1f4e-7c57-4887-a52e-9e34d40337a4_1.1.34_1","appID":"Repocket-230208","dateAdded":"250917","deceptorType":"App","name":"Repocket","company":"Repocket","version":"1.1.34","lastKnownStatus":"1.1.10;1.1.34;1.1.36;1.1.37;1.1.38;1.1.40;1.1.42;1.2.1;1.2.2;1.2.7;1.3.6","lastKnownDate":"250917","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 8,Windows 7,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"mining","lastUpdate":"2025-09-17T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":11,"sortOrder":237},{"violations":{"ACR-004":"The issues (15 trackers and 16.43MB of  Junk) reported during free scan are not substantiated.\n\n","ACR-014":"Application exaggerates sense of urgency by using the alarming red color and graphs, misleads user with unfair claims. \n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"TotalPCScanSetup.exe","isInstaller":"True","companyName":"Total PC Scan","productName":"TotalPCScan","productVersion":"1.0.0","fileVersion":"1.0.0","hashMD5":"4bd612265474b18eaac28245a82d3d59","hashSHA1":"fe6514f68d156eb23c6e2f85af2290e756601c19","hashSHA256":"2a9ec7d951161ee62a71efa7874cea5152168824781aa708620167677683c760","digitalCertThumbprint":"3896D6087FD43B7FBB3701E573F5C6FCD8CAA4B9","digitalCertIssuer":"CN=Sectigo Public Code Signing CA R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=Ninja Development Service LLC, O=Ninja Development Service LLC, S=Pennsylvania, C=US","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"169","avBlockList":["360 Total Security (20251204)","Bitdefender Internet Security (20251204)","COMODO Antivirus (20251204)","ESET Internet Security (20251204)","G DATA INTERNET SECURITY (20251204)","K7 Total Security (20251204)","KasperskyPremium (20251204)","Malwarebytes Premium (20251204)","Panda Dome (20251204)","Sophos Home Premium (20251204)","SpyHunter5 (20251204)","VIPRE Advanced Security (20251204)","VirIT eXplorer PRO (20251204)","Webroot SecureAnywhere (20251204)"],"avAllowList":["Avast Premium Security (20251204)","AVG Internet Security (20251204)","Avira Internet Security (20251204)","Dr.Web Security Space (20251204)","FortectPremium (20251204)","McAfee Total Protection (20251204)","Norton Security (20251204)","Quick Heal Internet Security (20251204)","Total AV Antivirus Pro (20251204)","Trend Micro Internet Security (20251204)","Windows Defender (20251204)"]},{"isRevoked":"False","fileName":"TotalPCScan.exe","companyName":"Total PC Scan","productName":"TotalPCScan","productVersion":"1.0.0.0","fileVersion":"1.0.0","hashMD5":"ad1ad04a5aa85857602c2e1e16f48e1d","hashSHA1":"74b4a16e461f93dcda8bd6fc78a053a6e3b3499a","hashSHA256":"e363410f0dd6c27f0c253ca580f500caa8ffa849dde69c8ff02e6bf0ba276d31","sourceIndex":"169","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"","landingPage":"https://totalpcscan.com/try-now","ipv4":"","ipv6":"","sourceIndex":"169"}],"sampleFiles":["250911/TotalPCScan-250909/2.0.0/Samples/TotalPCScanSetup.exe"],"imageFiles":["250911/TotalPCScan-250909/2.0.0/Images/ACR-004/ACR-004_Software_1.png","250911/TotalPCScan-250909/2.0.0/Images/ACR-014/ACR-014_Software_1.png"],"nonDeceptorImageFiles":[],"guid":"2f9a75c9-42e0-48a1-ab8d-35ae093457af_2.0.0_1","appID":"TotalPCScan-250909","dateAdded":"250911","deceptorType":"App","name":"TotalPCScan","company":"Ninja Development Service LLC","version":"2.0.0","lastKnownStatus":"2.0.0","lastKnownDate":"250911","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 10,Windows 11","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2025-09-11T20:31:44.203144+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":239},{"violations":{"ACR-004":"Application requires register and pay to fix the issues reported during free scanning, which is not permanent fix. The option \"review and clean\" doesn't provide \"clean\" function as it claims.\n","ACR-084":"Application running in background silently without notifying user when it is closed. No clear indication and attribution what the application is running when mouse hover over the application icon in systray.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"RabidCleaner.exe","isInstaller":"True","hashMD5":"b9f3f2bd6470fb471c4ba395a171644b","hashSHA1":"0f400cfa0880a538da3a70f4b089c21e61f40f18","hashSHA256":"3d53c08dff5d5fc5ec282b78f927f734fb36126a1ea4ee4ec02493653df29bab","digitalCertThumbprint":"1E878D8CFBF6086493F20456131DF3EEE8F95EFF","digitalCertIssuer":"CN=Sectigo Public Code Signing CA EV R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=Web Flynt Technologies Private Limited, O=Web Flynt Technologies Private Limited, S=Punjab, C=IN, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=IN, SERIALNUMBER=116287","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"171","avBlockList":["360 Total Security (20251202)","Bitdefender Internet Security (20251202)","COMODO Antivirus (20251202)","ESET Internet Security (20251202)","FortectPremium (20251202)","G DATA INTERNET SECURITY (20251202)","K7 Total Security (20251202)","Malwarebytes Premium (20251202)","Panda Dome (20251202)","Quick Heal Internet Security (20251202)","Sophos Home Premium (20251202)","SpyHunter5 (20251202)","VIPRE Advanced Security (20251202)","VirIT eXplorer PRO (20251202)","Webroot SecureAnywhere (20251202)","Windows Defender (20251202)"],"avAllowList":["Avast Premium Security (20251202)","AVG Internet Security (20251202)","Avira Internet Security (20251202)","Dr.Web Security Space (20251202)","KasperskyPremium (20251202)","McAfee Total Protection (20251202)","Norton Security (20251202)","Total AV Antivirus Pro (20251202)","Trend Micro Internet Security (20251202)"]},{"isRevoked":"False","fileName":"RabidCleaner.exe","productName":"RabidCleaner","productVersion":"1.0.0.0","fileVersion":"1.0.0.0","hashMD5":"2c0453455c1d92e3277cb0ad33daf75b","hashSHA1":"3498af6890ad22f94ca4f23af68139a317618461","hashSHA256":"a52a92b5dc97c6757e3fc7a20e1acfb2b554bad782a3835ae70e70abd4e81c1c","digitalCertThumbprint":"1E878D8CFBF6086493F20456131DF3EEE8F95EFF","digitalCertIssuer":"CN=Sectigo Public Code Signing CA EV R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=Web Flynt Technologies Private Limited, O=Web Flynt Technologies Private Limited, S=Punjab, C=IN, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=IN, SERIALNUMBER=116287","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"171","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"","landingPage":"https://www.rabidcleaner.com/","directDownloadingLink":"https://www.rabidcleaner.com/download/","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.rabidcleaner.com/download/","sourceIndex":"171"}],"sampleFiles":["250904/RabidCleaner-250904/2025.06.16/Samples/RabidCleaner.exe"],"imageFiles":["250904/RabidCleaner-250904/2025.06.16/Images/ACR-004/ACR-004_Software_1.png","250904/RabidCleaner-250904/2025.06.16/Images/ACR-004/ACR-004_Software_2.png","250904/RabidCleaner-250904/2025.06.16/Images/ACR-004/ACR-004_Software_3.png","250904/RabidCleaner-250904/2025.06.16/Images/ACR-084/ACR-084_Software_1.png","250904/RabidCleaner-250904/2025.06.16/Images/ACR-084/ACR-084_Software_2.png"],"nonDeceptorImageFiles":[],"guid":"56447d3f-0589-4d67-88b3-c763f9c8ef57_2025.06.16_1","appID":"RabidCleaner-250904","dateAdded":"250904","deceptorType":"App","name":"RabidCleaner","company":"Web Flynt Technologies Private Limited","version":"2025.06.16","lastKnownStatus":"1.0.0","lastKnownDate":"250904","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 10,Windows 11","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2025-09-04T22:41:27.3523347+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":240},{"violations":{"ACR-042":"Installer installs non disclosed program: CR\nInstaller installs non disclosed program: CR\n","ACR-043":"Instead of installing OBS software, the installer installs CR program. \n","ACR-013":"User is interrupted by non-consented offers during using the software\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software.\n","ACR-055":"The accept/decline options of the offer are not obvious during installation.\n","ACR-155":"Offers are designed to look like part of the install workflow.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"OBS%20Soft%20Load.exe","isInstaller":"True","companyName":"EEF                                                         ","productName":"OBS","productVersion":"2.0","hashMD5":"8e1013cf29ed2f54d684eb67269db53a","hashSHA1":"27bd683fef703830efbb0df4032aaeb168c2efbf","hashSHA256":"98c0d6c2895deec4fb2c62a2001f12df56df5a728bd96b47e1ef0067e30a23d2","digitalCertThumbprint":"6273B1353C2A1901591FFB116688FB24BF216096","digitalCertIssuer":"CN=GlobalSign GCC R45 EV CodeSigning CA 2020, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"CN=ИП Обуховский Владислав Иосифович, O=ИП Обуховский Владислав Иосифович, L=Всеволожск, S=Ленинградская область, C=RU, OID.1.3.6.1.4.1.311.60.2.1.2=Leningrad Oblast, OID.1.3.6.1.4.1.311.60.2.1.3=RU, SERIALNUMBER=318470400036578, OID.2.5.4.15=Business Entity","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"134","avBlockList":["360 Total Security (20251120)","Avast Premium Security (20251120)","AVG Internet Security (20251120)","Avira Internet Security (20251120)","COMODO Antivirus (20251120)","Dr.Web Security Space (20251120)","ESET Internet Security (20251120)","FortectPremium (20251120)","K7 Total Security (20251120)","KasperskyPremium (20251120)","Malwarebytes Premium (20251120)","McAfee Total Protection (20251120)","Norton Security (20251120)","Panda Dome (20251120)","Quick Heal Internet Security (20251120)","Sophos Home Premium (20251120)","SpyHunter5 (20251120)","Total AV Antivirus Pro (20251120)","VIPRE Advanced Security (20251120)","VirIT eXplorer PRO (20251120)","Webroot SecureAnywhere (20251120)","Windows Defender (20251120)"],"avAllowList":["Bitdefender Internet Security (20251120)","G DATA INTERNET SECURITY (20251120)","Trend Micro Internet Security (20251120)"]},{"isRevoked":"False","fileName":"cr.exe","companyName":"Artiesy","productName":"selauncher","productVersion":"1.0.0","fileVersion":"1.0.0","hashMD5":"beb8622c203c27ba9b656ccc165cf20d","hashSHA1":"6c132336ec66e3caf97e3efd9a8e6cd026434d49","hashSHA256":"78ad23ffae0fae9e2dc36a964c766058f13bda597e2625b60c87d056440e9120","digitalCertThumbprint":"6273B1353C2A1901591FFB116688FB24BF216096","digitalCertIssuer":"CN=GlobalSign GCC R45 EV CodeSigning CA 2020, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"CN=ИП Обуховский Владислав Иосифович, O=ИП Обуховский Владислав Иосифович, L=Всеволожск, S=Ленинградская область, C=RU, OID.1.3.6.1.4.1.311.60.2.1.2=Leningrad Oblast, OID.1.3.6.1.4.1.311.60.2.1.3=RU, SERIALNUMBER=318470400036578, OID.2.5.4.15=Business Entity","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"134","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"External Deceptor Report","reference":"","landingPage":"https://obs.automaqv.com/","directDownloadingLink":"https://cdn.automaqv.com/OBS%20Soft%20Load.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://cdn.automaqv.com/OBS%20Soft%20Load.exe","sourceIndex":"134"}],"sampleFiles":["250903/SpoofedOBSStudio-250903/2.0/Samples/OBS%20Soft%20Load.exe"],"imageFiles":["250903/SpoofedOBSStudio-250903/2.0/Images/ACR-043/tmp2yfpfw.jpg","250903/SpoofedOBSStudio-250903/2.0/Images/ACR-043/ACR-043_Install_1.png","250903/SpoofedOBSStudio-250903/2.0/Images/ACR-055/tmpu0vm24.png","250903/SpoofedOBSStudio-250903/2.0/Images/ACR-042/ACR-042_Install_1.png","250903/SpoofedOBSStudio-250903/2.0/Images/ACR-013/ACR-013_Install_1.png","250903/SpoofedOBSStudio-250903/2.0/Images/ACR-013/ACR-013_Install_2.png","250903/SpoofedOBSStudio-250903/2.0/Images/ACR-013/ACR-013_Install_3.png","250903/SpoofedOBSStudio-250903/2.0/Images/ACR-042/ACR-042_Software_1.png","250903/SpoofedOBSStudio-250903/2.0/Images/ACR-155/tmpu0vm24.png"],"nonDeceptorImageFiles":[],"guid":"251d7dfe-0eff-4997-a94b-95bb30103ccd_2.0_1","appID":"SpoofedOBSStudio-250903","dateAdded":"250903","deceptorType":"App","name":"SpoofedOBSStudio","company":"ИП Обуховский Владислав Иосифович","version":"2.0","lastKnownDate":"250903","type":"Windows Executable","category":"Productivity","targetOS":"None","targetBrowser":"None","ageAppropriate":"12+ appropriate","monetization":"install offers","lastUpdate":"2026-01-19T20:01:18.8378258+00:00","notDistributed":false,"familyName":"SpoofedOBSStudio","numInFamily":2,"numInAppID":1,"sortOrder":145},{"violations":{"ACR-043":"ProxymaData components are dropped during application installation without any disclosure.\n","ACR-048":"With application closed, the resource borrowing process is running in background without notifying user. There is no options for user to cancel resource borrowing process immediately.\n","ACR-006":"Resource borrowing process is not clearly attributed.\n","ACR-013":"User is interrupted by non-consented offers during using the software\n","ACR-060":"The offer is misleading. It is presented from ScreenShooter, instead of from ProxymaData. \n","ACR-118":"ProxymaData is not removed after ScreenShooter uninstalled completely.\n","ACR-057":"The app needs to provide a clear way to accept and decline optional offers.\n","ACR-055":"The offer is not presented with clear decline/accept option.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"screenshooter-install__337.exe","isInstaller":"True","productName":"ScreenShooter","productVersion":"4.1.1.0","fileVersion":"4.1.1.0","hashMD5":"b289b8a40f764ba631687b30ebabf2c2","hashSHA1":"82357d43a4ef0b70b5aa1b8cc13f0bcdbfd607b2","hashSHA256":"8eb5123e2eae85087adb58874cb6661cf7b687afdf2c4cbb7fe792f6b504ab73","digitalCertThumbprint":"C3C709B7E01318BA74D48BD64D05F48DECA5CD80","digitalCertIssuer":"CN=GlobalSign GCC R45 EV CodeSigning CA 2020, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"E=support@rostpay.ru, CN=ROSTPAY LLC, O=ROSTPAY LLC, STREET=\"Dolomanovsky lane, 70D apt.1(10th floor)\", L=Rostov-on-Don, S=Rostov Oblast, C=RU, OID.1.3.6.1.4.1.311.60.2.1.2=Rostov Oblast, OID.1.3.6.1.4.1.311.60.2.1.3=RU, SERIALNUMBER=1086168004669, OID.2.5.4.15=Private Organization","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"172","avBlockList":["Avast Premium Security (20251125)","AVG Internet Security (20251125)","Avira Internet Security (20251125)","Bitdefender Internet Security (20251125)","Dr.Web Security Space (20251125)","ESET Internet Security (20251125)","FortectPremium (20251125)","G DATA INTERNET SECURITY (20251125)","K7 Total Security (20251125)","KasperskyPremium (20251125)","Malwarebytes Premium (20251125)","McAfee Total Protection (20251125)","Norton Security (20251125)","Panda Dome (20251125)","Quick Heal Internet Security (20251125)","Sophos Home Premium (20251125)","SpyHunter5 (20251125)","Total AV Antivirus Pro (20251125)","VIPRE Advanced Security (20251125)","VirIT eXplorer PRO (20251125)","Webroot SecureAnywhere (20251125)","Windows Defender (20251125)"],"avAllowList":["360 Total Security (20251125)","COMODO Antivirus (20251125)","Trend Micro Internet Security (20251125)"]},{"isRevoked":"False","fileName":"PDClient.exe","companyName":"ProxymaData","productName":"ProxymaData","productVersion":"2.0.0.0","fileVersion":"2.0.0.0","hashMD5":"8568211dd3ebd8f4e25d24cdbf865256","hashSHA1":"241ca16436067c67993bdf059bd63a19f22bd2a3","hashSHA256":"942e7f147ffca11881d5c1fb464bd77a195f68b9ea99b35de4e43a23a274d259","sourceIndex":"172","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"ScreenShooter.exe","companyName":"ROSTPAY LTD","productName":"ScreenShooter","productVersion":"2.7.3.1859","fileVersion":"2.7.3.1859","hashMD5":"e68987d2350a1ae0f8f3f40085d80d56","hashSHA1":"e444ff341f346f27afc00499b3ad9324d954a1b2","hashSHA256":"922299158af2828950f843f899a6abbf55b5f5be09dbb18ec635bd983059bd7d","digitalCertThumbprint":"C3C709B7E01318BA74D48BD64D05F48DECA5CD80","digitalCertIssuer":"CN=GlobalSign GCC R45 EV CodeSigning CA 2020, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"E=support@rostpay.ru, CN=ROSTPAY LLC, O=ROSTPAY LLC, STREET=\"Dolomanovsky lane, 70D apt.1(10th floor)\", L=Rostov-on-Don, S=Rostov Oblast, C=RU, OID.1.3.6.1.4.1.311.60.2.1.2=Rostov Oblast, OID.1.3.6.1.4.1.311.60.2.1.3=RU, SERIALNUMBER=1086168004669, OID.2.5.4.15=Private Organization","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"172","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"IndexingManager.exe","productName":"Indexing manager","productVersion":"1.4.0.0","fileVersion":"1.4.0.0","hashMD5":"6b1f1e2b742c77579938402e303cd294","hashSHA1":"f21dc2f072179d321316dd71e1a6666435aaecdc","hashSHA256":"612b1b31393bd885913dccfc0725aff97d65588ab446e39ab7a00f7b6e2a28dc","sourceIndex":"172","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"hunting","reference":"","landingPage":"https://www.screen-shooter.com/","directDownloadingLink":"https://www.screen-shooter.com/app/download/init","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.screen-shooter.com/app/download/init","sourceIndex":"172"}],"sampleFiles":["250827/ScreenShooter-250827/2.7.3.1859/Samples/screenshooter-install__337.exe","250827/ScreenShooter-250827/2.7.3.1859/Samples/PDClient.exe","250827/ScreenShooter-250827/2.7.3.1859/Samples/ScreenShooter.exe"],"imageFiles":["250827/ScreenShooter-250827/2.7.3.1859/Images/ACR-043/ACR-043_Install_1.png","250827/ScreenShooter-250827/2.7.3.1859/Images/ACR-048/ACR-048_Software_1.png","250827/ScreenShooter-250827/2.7.3.1859/Images/ACR-006/ACR-006_Software_1.png","250827/ScreenShooter-250827/2.7.3.1859/Images/ACR-013/ACR-013_Software_1.png","250827/ScreenShooter-250827/2.7.3.1859/Images/ACR-118/ACR-118_Uninstall_1.png","250827/ScreenShooter-250827/2.7.3.1859/Images/ACR-057/ACR-057_Inline offers_1.png","250827/ScreenShooter-250827/2.7.3.1859/Images/ACR-060/ACR-060_Inline offers_1.png","250827/ScreenShooter-250827/2.7.3.1859/Images/ACR-055/ACR-055_Inline offers_1.png"],"nonDeceptorImageFiles":[],"guid":"1dae2495-667c-4675-89e6-7acd42abf77e_2.7.3.1859_1","appID":"ScreenShooter-250827","dateAdded":"250827","deceptorType":"App","name":"ScreenShooter","company":"ROSTPAY LTD","version":"2.7.3.1859","lastKnownStatus":"2.7.3.1859","lastKnownDate":"250827","type":"Windows Executable","category":"Media editors","targetOS":"Windows 8,Windows 11,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"net proxy,install offers","lastUpdate":"2025-08-27T21:29:54.2632826+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":241},{"violations":{"ACR-004":"App does not provide free fixes for all the scan results that can't be permanently fixed, it can only clean 500MB then uses the remaining issues identified to upsell user the fix, requiring user to purchase subscription service to fix all results identified.\n"},"nonDeceptorViolations":{"ACR-045":"\"Free Download\" highlights \"Free\" misleads user. The functionality that requires consumer payment in order to be activated needs to be marked clearly in landing page. Otherwise app should remove \"free\" word.\n","ACR-065":"The install wizard does not show both links to the Returns and Cancellation Policy and Privacy Policy\nThe app's About page does not show both links to the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\n","ACR-161":"The landing offer page has testimonials that have no links back to a source so consumers can verify if they're real.\n","ACR-099":"The app does not display links to uninstall information. \nThe landing page does not display links to uninstall information.\nThe internal offers page does not display links to uninstall information.\n"},"samples":[{"isRevoked":"False","fileName":"Macube Cleaner","fileVersion":"0.","hashMD5":"f5d1f2a0cf3376b9cf69c8cbcff36879","hashSHA1":"d0b1c80049c23a9017474aea61c21ae6aedf533b","hashSHA256":"14df4397a31cdc26ef42e2fee146bd563458b39bff294a50f0fbae50dff1141e","sourceIndex":"1909","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"macube-cleaner.pkg","isInstaller":"True","fileVersion":"0.","hashMD5":"b2d8981bcabe802a024c91407a96ddd2","hashSHA1":"aa47784f0366e7d042442cc6e63b9979019735dd","hashSHA256":"5160393d458c49798f9708200c35b73e98fb8c27c288db1b72ba4f4ed550f9d9","sourceIndex":"1909","avBlockList":["Avast Security for Mac (20211109)","Avira Security for Mac (20211109)","Bitdefender Antivirus for Mac (20211109)","ESET Cyber Security Pro for Mac (20211109)","G DATA AntiVirus for Mac (20211109)","McAfee Internet Security for Mac (20211109)","Norton Security for Mac (20211109)","Sophos Home Premium For Mac (20211109)","Trend Micro Antivirus for Mac (20211109)"],"avAllowList":["K7 Antivirus for Mac (20211109)","Kaspersky Internet Security for Mac (20211109)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"https://www.fonepaw.com/","landingPage":"https://www.macube.com","directDownloadingLink":"https://dl.macube.com/macube-cleaner.pkg","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://dl.macube.com/macube-cleaner.pkg","sourceIndex":"1909"}],"sampleFiles":["210527/MacubeCleaner-210525/4.2.0/Samples/Macube Cleaner","210527/MacubeCleaner-210525/4.2.0/Samples/macube-cleaner.pkg"],"imageFiles":["210527/MacubeCleaner-210525/4.2.0/Images/ACR-004/Macube Cleaner_Interactions [1].png"],"nonDeceptorImageFiles":["210527/MacubeCleaner-210525/4.2.0/Images/ACR-065/Macube Cleaner_Install [1].png","210527/MacubeCleaner-210525/4.2.0/Images/ACR-065/Macube Cleaner_Install [2].png","210527/MacubeCleaner-210525/4.2.0/Images/ACR-065/Macube Cleaner_Install [3].png","210527/MacubeCleaner-210525/4.2.0/Images/ACR-065/Macube Cleaner_Install [6].png","210527/MacubeCleaner-210525/4.2.0/Images/ACR-065/Macube Cleaner_About [1].png","210527/MacubeCleaner-210525/4.2.0/Images/ACR-099/Macube Cleaner_About [1].png","210527/MacubeCleaner-210525/4.2.0/Images/ACR-045/Macube Cleaner_LandingPage [1].png","210527/MacubeCleaner-210525/4.2.0/Images/ACR-099/Macube Cleaner_LandingPage [2].png","210527/MacubeCleaner-210525/4.2.0/Images/ACR-161/Macube Cleaner_LandingPage [3].png","210527/MacubeCleaner-210525/4.2.0/Images/ACR-099/Macube Cleaner_OfferPage [1].png"],"guid":"c31fd72f-1b33-4afc-85f3-1714f18f405a_4.2.0_1","appID":"MacubeCleaner-210525","dateAdded":"250825","deceptorType":"MacOS App","name":"Macube Cleaner","company":"FonePaw Technology Limited","version":"4.2.0","sigName":"Deceptor:MacOS/MacubeCleaner!004","firstResolvedVersion":"","lastKnownStatus":"4.2.0;4.2.2;4.3.0;4.3.1;4.3.3","lastKnownDate":"250825","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,paid","lastUpdate":"2025-08-25T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":6,"sortOrder":247},{"violations":{"ACR-004":"App does not provide free fixes for all the scan results that can't be permanently fixed, it can only clean 500MB then uses the remaining issues identified to upsell user the fix, requiring user to purchase subscription service to fix all results identified.\n"},"nonDeceptorViolations":{"ACR-045":"\"Free Download\" highlights \"Free\" misleads user. The functionality that requires consumer payment in order to be activated needs to be marked clearly in landing page. Otherwise app should remove \"free\" word.\n","ACR-065":"The install wizard does not show both links to the Returns and Cancellation Policy and Privacy Policy\nThe app's About page does not show both links to the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\n","ACR-161":"The landing offer page has testimonials that have no links back to a source so consumers can verify if they're real.\n","ACR-099":"The app does not display links to uninstall information. \nThe landing page does not display links to uninstall information.\nThe internal offers page does not display links to uninstall information.\n"},"samples":[{"isRevoked":"False","fileName":"macube-cleaner.pkg","isInstaller":"True","fileVersion":"0.","hashMD5":"d7ae61c807659a28e2a22d4cb0362df0","hashSHA1":"e03843a6b5321cf37be8fe92bd660ba05cea4406","hashSHA256":"af9adc9c5dcffa016e9141a9bca41c2807e3b059133263332070ba97dcec9e51","sourceIndex":"1876","avBlockList":["Avast Security for Mac (20211214)","Avira Security for Mac (20211214)","Bitdefender Antivirus for Mac (20211214)","ESET Cyber Security Pro for Mac (20211214)","G DATA AntiVirus for Mac (20211214)","K7 Antivirus for Mac (20211214)","Norton Security for Mac (20211214)","Sophos Home Premium For Mac (20211214)","Trend Micro Antivirus for Mac (20211214)"],"avAllowList":["Kaspersky Internet Security for Mac (20211214)","McAfee Internet Security for Mac (20211214)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"https://www.fonepaw.com/","landingPage":"https://www.macube.com","directDownloadingLink":"https://dl.macube.com/macube-cleaner.pkg","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://dl.macube.com/macube-cleaner.pkg","sourceIndex":"1876"}],"sampleFiles":["210628/MacubeCleaner-210525/4.2.1/Samples/macube-cleaner.pkg"],"imageFiles":["210628/MacubeCleaner-210525/4.2.1/Images/ACR-004/Macube Cleaner_Interactions [1].png"],"nonDeceptorImageFiles":["210628/MacubeCleaner-210525/4.2.1/Images/ACR-065/Macube Cleaner_Install [1].png","210628/MacubeCleaner-210525/4.2.1/Images/ACR-065/Macube Cleaner_Install [2].png","210628/MacubeCleaner-210525/4.2.1/Images/ACR-065/Macube Cleaner_Install [3].png","210628/MacubeCleaner-210525/4.2.1/Images/ACR-065/Macube Cleaner_Install [6].png","210628/MacubeCleaner-210525/4.2.1/Images/ACR-099/Macube Cleaner_About [1].png","210628/MacubeCleaner-210525/4.2.1/Images/ACR-045/Macube Cleaner_LandingPage [2].png","210628/MacubeCleaner-210525/4.2.1/Images/ACR-045/Macube Cleaner_LandingPage [4].png","210628/MacubeCleaner-210525/4.2.1/Images/ACR-099/Macube Cleaner_LandingPage [1].png","210628/MacubeCleaner-210525/4.2.1/Images/ACR-161/Macube Cleaner_LandingPage [3].png"],"guid":"c31fd72f-1b33-4afc-85f3-1714f18f405a_4.2.1_1","appID":"MacubeCleaner-210525","dateAdded":"250825","deceptorType":"MacOS App","name":"Macube Cleaner","company":"FonePaw Technology Limited","version":"4.2.1","firstResolvedVersion":"","lastKnownStatus":"4.2.0;4.2.2;4.3.0;4.3.1;4.3.3","lastKnownDate":"250825","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,paid","lastUpdate":"2025-08-25T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":6,"sortOrder":246},{"violations":{"ACR-004":"App does not provide free fixes for all the scan results that can't be permanently fixed, it can only clean 500MB then uses the remaining issues identified to upsell user the fix, requiring user to purchase subscription service to fix all results identified.\n"},"nonDeceptorViolations":{"ACR-045":"\"Free Download\" highlights \"Free\" misleads user. The functionality that requires consumer payment in order to be activated needs to be marked clearly in landing page. Otherwise app should remove \"free\" word.\n","ACR-065":"The install wizard does not show both links to the Returns and Cancellation Policy and Privacy Policy\nThe app's About page does not show both links to the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\n","ACR-002":"The App's version is not consistent between App interaction and its install. (version 4.2.1  vs version 4.2.2) \nThe App's version is not consistent between App interaction and its install. (version 4.2.1  vs version 4.2.2) \n","ACR-161":"The landing offer page has testimonials that have no links back to a source so consumers can verify if they're real.\n","ACR-099":"The app does not display links to uninstall information. \nThe landing page does not display links to uninstall information.\nThe internal offers page does not display links to uninstall information.\n"},"samples":[{"isRevoked":"False","fileName":"Macube Cleaner","fileVersion":"0.","hashMD5":"f656a2028ebb89e9a396b4d4b4daede1","hashSHA1":"f17e3ccb6b76a7facf6d14554aad77279b64684d","hashSHA256":"2104afad83b88679dece51a001076941e6a2f247b446b4a7c86804c5bb8b308f","sourceIndex":"1850","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"macube-cleaner.pkg","isInstaller":"True","fileVersion":"0.","hashMD5":"20e761beeed0e090efc4aeb0fe7ef0c7","hashSHA1":"33912f97ad8bed6564e1494f6d0106629d08ee52","hashSHA256":"4f92c3d666c4be3b6f22f9132bd3c20b026e4d9e6504bc5884092a1e237c71e3","sourceIndex":"1850","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"","landingPage":"https://www.macube.com","directDownloadingLink":"https://dl.macube.com/macube-cleaner.pkg","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://dl.macube.com/macube-cleaner.pkg","sourceIndex":"1850"}],"sampleFiles":["210721/MacubeCleaner-210525/4.2.2/Samples/Macube Cleaner","210721/MacubeCleaner-210525/4.2.2/Samples/macube-cleaner.pkg"],"imageFiles":["210721/MacubeCleaner-210525/4.2.2/Images/ACR-004/Macube Cleaner_Interactions [2].png"],"nonDeceptorImageFiles":["210721/MacubeCleaner-210525/4.2.2/Images/ACR-065/Macube Cleaner_Install [1].png","210721/MacubeCleaner-210525/4.2.2/Images/ACR-065/Macube Cleaner_Install [2].png","210721/MacubeCleaner-210525/4.2.2/Images/ACR-065/Macube Cleaner_Install [3].png","210721/MacubeCleaner-210525/4.2.2/Images/ACR-065/Macube Cleaner_Install [7].png","210721/MacubeCleaner-210525/4.2.2/Images/ACR-002/Macube Cleaner_Install [2].png","210721/MacubeCleaner-210525/4.2.2/Images/ACR-002/Macube Cleaner_About [1].png","210721/MacubeCleaner-210525/4.2.2/Images/ACR-065/Macube Cleaner_About [1].png","210721/MacubeCleaner-210525/4.2.2/Images/ACR-099/Macube Cleaner_About [1].png","210721/MacubeCleaner-210525/4.2.2/Images/ACR-045/Macube Cleaner_LandingPage [2].png","210721/MacubeCleaner-210525/4.2.2/Images/ACR-045/Macube Cleaner_LandingPage [3].png","210721/MacubeCleaner-210525/4.2.2/Images/ACR-099/Macube Cleaner_LandingPage [1].png","210721/MacubeCleaner-210525/4.2.2/Images/ACR-161/Macube Cleaner_LandingPage [4].png","210721/MacubeCleaner-210525/4.2.2/Images/ACR-099/Macube Cleaner_OfferPage [1].png"],"guid":"c31fd72f-1b33-4afc-85f3-1714f18f405a_4.2.2_1","appID":"MacubeCleaner-210525","dateAdded":"250825","deceptorType":"MacOS App","name":"Macube Cleaner","company":"FonePaw Technology Limited","version":"4.2.2","sigName":"Deceptor:MacOS/MacubeCleaner!004","firstResolvedVersion":"","lastKnownStatus":"4.2.0;4.2.2;4.3.0;4.3.1;4.3.3","lastKnownDate":"250825","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,paid","lastUpdate":"2025-08-25T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":6,"sortOrder":245},{"violations":{"ACR-004":"App does not provide free fixes for all the scan results that can't be permanently fixed, it requires user to purchase subscription service to fix all results identified.\n","ACR-014":"When user tries to clean the reported issues, the app will prompt to activate the 7-day free trial. However,  after clicking the button \"Try it Free\", it will launch the offer page for subscription, the app does not provide info about the free trial.\n"},"nonDeceptorViolations":{"ACR-045":"\"Free Download\" highlights \"Free\" misleads user. The functionality that requires consumer payment to be activated needs to be marked clearly in landing page. Otherwise app should remove \"free\" word.\n","ACR-065":"The install wizard does not show both links to the Returns and Cancellation Policy and Privacy Policy\nThe app's About page does not show both links to the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\n","ACR-161":"The landing offer page has testimonials that have no links back to a source so consumers can verify if they're real.\n"},"samples":[{"isRevoked":"False","fileName":"macube-cleaner.pkg","isInstaller":"True","hashMD5":"6ef5c09639d8cf6437d15a4136cf8d5c","hashSHA1":"19238b0a6f9979a7c0721437cbfbd8c6e1ad6ee3","hashSHA256":"9250c365d59af02b121454fa773b81968f1ce64ab4deda1ddcbb10fc939c8eab","digitalCertThumbprint":"AAD357AF799895F1B18F20BAD9AFA82647C057B0","digitalCertIssuer":"C=US, O=Apple Inc., OU=Apple Certification Authority, CN=Developer ID Certification Authority","digitalCertIssuedTo":"C=HK, O=FonePaw Technology Limited, OU=GPLR6GGYXP, CN=Developer ID Installer: FonePaw Technology Limited (GPLR6GGYXP), OID.0.9.2342.19200300.100.1.1=GPLR6GGYXP","digitalCertCodeSigning":"False","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"173","avBlockList":["Avira Security for Mac (20251113)","ESET Cyber Security Pro for Mac (20251113)","Sophos Home Premium For Mac (20251113)","SpyHunterforMac (20251113)","Trend Micro Antivirus for Mac (20251113)"],"avAllowList":["Avast Security for Mac (20251113)","Bitdefender Antivirus for Mac (20251113)","G DATA AntiVirus for Mac (20251113)","K7 Antivirus for Mac (20251113)","Kaspersky Internet Security for Mac (20251113)","McAfee Internet Security for Mac (20251113)","Norton Security for Mac (20251113)"]},{"isRevoked":"False","fileName":"Macube%20Cleaner","fileVersion":"10.13.0","hashMD5":"113855f7a1f4dc413d00221eba48e5b0","hashSHA1":"eefc12d0ca360c2dba9efe11dc5997f19b608a9b","hashSHA256":"60d8e627ce75604653485f910e985cc6cd6571cb18c0392c9545cdf2a791977b","sourceIndex":"173","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"https://www.fonepaw.com/","landingPage":"https://www.macube.com","directDownloadingLink":"https://dl.macube.com/macube-cleaner.pkg","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://dl.macube.com/macube-cleaner.pkg","sourceIndex":"173"}],"sampleFiles":["250825/MacubeCleaner-210525/4.3.3/Samples/macube-cleaner.pkg","250825/MacubeCleaner-210525/4.3.3/Samples/Macube%20Cleaner"],"imageFiles":["250825/MacubeCleaner-210525/4.3.3/Images/ACR-004/app1.png","250825/MacubeCleaner-210525/4.3.3/Images/ACR-004/offerpage1.png","250825/MacubeCleaner-210525/4.3.3/Images/ACR-014/app1.png","250825/MacubeCleaner-210525/4.3.3/Images/ACR-014/offerpage1.png"],"nonDeceptorImageFiles":["250825/MacubeCleaner-210525/4.3.3/Images/ACR-065/install1.png","250825/MacubeCleaner-210525/4.3.3/Images/ACR-065/install2.png","250825/MacubeCleaner-210525/4.3.3/Images/ACR-065/install3.png","250825/MacubeCleaner-210525/4.3.3/Images/ACR-065/install4.png","250825/MacubeCleaner-210525/4.3.3/Images/ACR-065/install5.png","250825/MacubeCleaner-210525/4.3.3/Images/ACR-065/app3.png","250825/MacubeCleaner-210525/4.3.3/Images/ACR-045/landingpage1.png","250825/MacubeCleaner-210525/4.3.3/Images/ACR-045/landingpage2.png","250825/MacubeCleaner-210525/4.3.3/Images/ACR-161/landingpage3.png"],"guid":"c31fd72f-1b33-4afc-85f3-1714f18f405a_4.3.3_1","appID":"MacubeCleaner-210525","dateAdded":"250825","deceptorType":"MacOS App","name":"Macube Cleaner","company":"FonePaw Technology Limited","version":"4.3.3","firstResolvedVersion":"","lastKnownStatus":"4.2.0;4.2.2;4.3.0;4.3.1;4.3.3","lastKnownDate":"250825","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,paid","lastUpdate":"2026-05-12T22:59:39.4584562+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":6,"sortOrder":242},{"violations":{"ACR-004":"App does not provide free fixes for all the scan results that can't be permanently fixed, it can only clean 500MB then uses the remaining issues identified to upsell user the fix, requiring user to purchase subscription service to fix all results identified.\n"},"nonDeceptorViolations":{"ACR-045":"\"Free Download\" highlights \"Free\" misleads user. The functionality that requires consumer payment in order to be activated needs to be marked clearly in landing page. Otherwise app should remove \"free\" word.\n","ACR-065":"The install wizard does not show both links to the Returns and Cancellation Policy and Privacy Policy\nThe app's About page does not show both links to the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\n","ACR-161":"The landing offer page has testimonials that have no links back to a source so consumers can verify if they're real.\n","ACR-099":"The app does not display links to uninstall information. \nThe landing page does not display links to uninstall information.\nThe internal offers page does not display links to uninstall information.\n"},"samples":[{"isRevoked":"False","fileName":"Macube Cleaner","fileVersion":"0.","hashMD5":"91711ebc7ac5ccef35479e7255ae74cf","hashSHA1":"46d280d2e5170ef5a1b6f6576f17cf284511acb6","hashSHA256":"d3a264dd580023b65f42dd88feba9b2fea0c21da827384abc3c0f1a99f8a9dfb","sourceIndex":"1562","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"macube-cleaner.pkg","isInstaller":"True","fileVersion":"0.","hashMD5":"25a05e3839506e8c1ddcbbfeb2227225","hashSHA1":"c6af2ec0601861586f20c6acfe9fe34a8fe684c3","hashSHA256":"7bd9864030532df447502d65442c297db308538e71211aef9ec4c305832b5ed5","sourceIndex":"1562","avBlockList":["Avast Security for Mac (20220510)","Avira Security for Mac (20220510)","ESET Cyber Security Pro for Mac (20220510)","K7 Antivirus for Mac (20220510)","Norton Security for Mac (20220510)","Trend Micro Antivirus for Mac (20220510)"],"avAllowList":["Bitdefender Antivirus for Mac (20220510)","G DATA AntiVirus for Mac (20220510)","Kaspersky Internet Security for Mac (20220510)","McAfee Internet Security for Mac (20220510)","Sophos Home Premium For Mac (20220510)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"","landingPage":"https://www.macube.com","directDownloadingLink":"https://dl.macube.com/macube-cleaner.pkg","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://dl.macube.com/macube-cleaner.pkg","sourceIndex":"1562"}],"sampleFiles":["220228/MacubeCleaner-210525/4.3.1/Samples/Macube Cleaner","220228/MacubeCleaner-210525/4.3.1/Samples/macube-cleaner.pkg"],"imageFiles":["220228/MacubeCleaner-210525/4.3.1/Images/ACR-004/Macube Cleaner_Interactions [1].png"],"nonDeceptorImageFiles":["220228/MacubeCleaner-210525/4.3.1/Images/ACR-065/Macube Cleaner_Install [3].png","220228/MacubeCleaner-210525/4.3.1/Images/ACR-065/Macube Cleaner_Install [1].png","220228/MacubeCleaner-210525/4.3.1/Images/ACR-065/Macube Cleaner_Install [2].png","220228/MacubeCleaner-210525/4.3.1/Images/ACR-065/Macube Cleaner_Install [3].png","220228/MacubeCleaner-210525/4.3.1/Images/ACR-065/Macube Cleaner_Install [5].png","220228/MacubeCleaner-210525/4.3.1/Images/ACR-065/Macube Cleaner_Install [6].png","220228/MacubeCleaner-210525/4.3.1/Images/ACR-065/Macube Cleaner_About [1].png","220228/MacubeCleaner-210525/4.3.1/Images/ACR-099/Macube Cleaner_About [1].png","220228/MacubeCleaner-210525/4.3.1/Images/ACR-045/Macube Cleaner_LandingPage [2].png","220228/MacubeCleaner-210525/4.3.1/Images/ACR-045/Macube Cleaner_LandingPage [3].png","220228/MacubeCleaner-210525/4.3.1/Images/ACR-099/Macube Cleaner_LandingPage [1].png","220228/MacubeCleaner-210525/4.3.1/Images/ACR-161/Macube Cleaner_LandingPage [4].png","220228/MacubeCleaner-210525/4.3.1/Images/ACR-099/Macube Cleaner_OfferPage [1].png"],"guid":"c31fd72f-1b33-4afc-85f3-1714f18f405a_4.3.1_1","appID":"MacubeCleaner-210525","dateAdded":"250825","deceptorType":"MacOS App","name":"Macube Cleaner","company":"FonePaw Technology Limited","version":"4.3.1","firstResolvedVersion":"","lastKnownStatus":"4.2.0;4.2.2;4.3.0;4.3.1;4.3.3","lastKnownDate":"250825","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,paid","lastUpdate":"2025-08-25T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":6,"sortOrder":243},{"violations":{"ACR-004":"App does not provide free fixes for all the scan results that can't be permanently fixed, it can only clean 500MB then uses the remaining issues identified to upsell user the fix, requiring user to purchase subscription service to fix all results identified.\n"},"nonDeceptorViolations":{"ACR-045":"\"Free Download\" highlights \"Free\" misleads user. The functionality that requires consumer payment in order to be activated needs to be marked clearly in landing page. Otherwise app should remove \"free\" word.\n","ACR-065":"The install wizard does not show both links to the Returns and Cancellation Policy and Privacy Policy\nThe app's About page does not show both links to the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\n","ACR-161":"The landing offer page has testimonials that have no links back to a source so consumers can verify if they're real.\n","ACR-099":"The app does not display links to uninstall information. \nThe landing page does not display links to uninstall information.\nThe internal offers page does not display links to uninstall information.\n"},"samples":[{"isRevoked":"False","fileName":"Macube Cleaner","fileVersion":"0.","hashMD5":"2d249602ea8696d793f31e86aabf87e7","hashSHA1":"01f4ffe0bfaf072229d7ebe79ccce49d49529ad1","hashSHA256":"ea7aeb8fffcd78589231620a0daff1ce14c596e8dc7cfc9acb0487ae9ff0e3ac","sourceIndex":"1794","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"macube-cleaner.pkg","isInstaller":"True","fileVersion":"0.","hashMD5":"9b690570505d7a7c27b16d57dcb3ee91","hashSHA1":"76ee9d1e5739d1e243db89e735f2413b36e4b1f4","hashSHA256":"7f8006d5b01927ee073db467581a175521d7cdd2b5f41eb248e448391b537919","sourceIndex":"1794","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"https://www.fonepaw.com/","landingPage":"https://www.macube.com","directDownloadingLink":"https://dl.macube.com/macube-cleaner.pkg","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://dl.macube.com/macube-cleaner.pkg","sourceIndex":"1794"}],"sampleFiles":["211115/MacubeCleaner-210525/4.3.0/Samples/Macube Cleaner","211115/MacubeCleaner-210525/4.3.0/Samples/macube-cleaner.pkg"],"imageFiles":["211115/MacubeCleaner-210525/4.3.0/Images/ACR-004/Macube Cleaner_Interactions [1].png"],"nonDeceptorImageFiles":["211115/MacubeCleaner-210525/4.3.0/Images/ACR-065/Macube Cleaner_Install [1].png","211115/MacubeCleaner-210525/4.3.0/Images/ACR-065/Macube Cleaner_Install [2].png","211115/MacubeCleaner-210525/4.3.0/Images/ACR-065/Macube Cleaner_Install [3].png","211115/MacubeCleaner-210525/4.3.0/Images/ACR-065/Macube Cleaner_Install [4].png","211115/MacubeCleaner-210525/4.3.0/Images/ACR-065/Macube Cleaner_About [1].png","211115/MacubeCleaner-210525/4.3.0/Images/ACR-099/Macube Cleaner_About [1].png","211115/MacubeCleaner-210525/4.3.0/Images/ACR-045/Macube Cleaner_LandingPage [1].png","211115/MacubeCleaner-210525/4.3.0/Images/ACR-099/Macube Cleaner_LandingPage [3].png","211115/MacubeCleaner-210525/4.3.0/Images/ACR-161/Macube Cleaner_LandingPage [2].png","211115/MacubeCleaner-210525/4.3.0/Images/ACR-099/Macube Cleaner_OfferPage [1].png"],"guid":"c31fd72f-1b33-4afc-85f3-1714f18f405a_4.3.0_1","appID":"MacubeCleaner-210525","dateAdded":"250825","deceptorType":"MacOS App","name":"Macube Cleaner","company":"FonePaw Technology Limited","version":"4.3.0","firstResolvedVersion":"","lastKnownStatus":"4.2.0;4.2.2;4.3.0;4.3.1;4.3.3","lastKnownDate":"250825","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,paid","lastUpdate":"2025-08-25T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":6,"sortOrder":244},{"violations":{"ACR-048":"There is no option for user to immediately cancel the resource borrowing activity in application.\n","ACR-084":"The resource borrowing status is not visible in application. No clearly indicate whenever borrowing is active or inactive in application.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"Dispout.exe","isInstaller":"True","companyName":"Globalhop                                                   ","productName":"Dispout","productVersion":"1.0.8.0","fileVersion":"1.0.8.0","hashMD5":"383a9f50cadf5f73cc7984adc8cf9057","hashSHA1":"1873b79b28d27581b7dc627225f12d9fd47cf67d","hashSHA256":"cf0d241b30ce9260126b1aaa82cf825ded17b3e00ed964b393420610e4fbf179","digitalCertThumbprint":"5A7DE11C1A8C17C208B25587947E8F443AB02AC0","digitalCertIssuer":"CN=Sectigo Public Code Signing CA EV R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=Cleversort FZ-LLC, O=Cleversort FZ-LLC, S=Ras Al Khaimah, C=AE, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=AE, SERIALNUMBER=11478657","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"175","avBlockList":["360 Total Security (20251104)","ESET Internet Security (20251104)","FortectPremium (20251104)","K7 Total Security (20251104)","KasperskyPremium (20251104)","Malwarebytes Premium (20251104)","McAfee Total Protection (20251104)","Panda Dome (20251104)","Quick Heal Internet Security (20251104)","Sophos Home Premium (20251104)","SpyHunter5 (20251104)","Webroot SecureAnywhere (20251104)","VirIT eXplorer PRO (20251104)"],"avAllowList":["Avast Premium Security (20251104)","AVG Internet Security (20251104)","Avira Internet Security (20251104)","Bitdefender Internet Security (20251104)","COMODO Antivirus (20251104)","Dr.Web Security Space (20251104)","G DATA INTERNET SECURITY (20251104)","Norton Security (20251104)","Total AV Antivirus Pro (20251104)","Trend Micro Internet Security (20251104)","VIPRE Advanced Security (20251104)","Windows Defender (20251104)"]},{"isRevoked":"False","fileName":"classic.dll","companyName":"Globalhop","productName":"Dispout","productVersion":"2.0.0.0","fileVersion":"2.0.0.0","hashMD5":"354420212c99d3ad4bf6217c40b6ac19","hashSHA1":"3a57f617ca2d1b16652efcde89dc99ef823ea099","hashSHA256":"990da27669a1f49ab54a094a59b9dc0274af0df04a321060c48694aeb0b23d1b","digitalCertThumbprint":"5A7DE11C1A8C17C208B25587947E8F443AB02AC0","digitalCertIssuer":"CN=Sectigo Public Code Signing CA EV R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=Cleversort FZ-LLC, O=Cleversort FZ-LLC, S=Ras Al Khaimah, C=AE, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=AE, SERIALNUMBER=11478657","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"175","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"novel.dll","hashMD5":"5cf63611cb50c22c0984a814a3116a50","hashSHA1":"b733d61c1a1c5a4f4f52e7803f7e200611886fb1","hashSHA256":"76ca5aa0a5a0894670879d54e915880991930cb8b83c3b305cd6d4511bea7a9e","digitalCertThumbprint":"5A7DE11C1A8C17C208B25587947E8F443AB02AC0","digitalCertIssuer":"CN=Sectigo Public Code Signing CA EV R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=Cleversort FZ-LLC, O=Cleversort FZ-LLC, S=Ras Al Khaimah, C=AE, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=AE, SERIALNUMBER=11478657","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"175","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"Dispout.exe","companyName":"Globalhop","productName":"Dispout","productVersion":"1.0.8.0","fileVersion":"1.0.8.0","hashMD5":"e7c020284da7a4ec474bada38ed72358","hashSHA1":"a95be80811e68bcbd011fa3e3d9cba3c1c49f1f8","hashSHA256":"c67f21f120b273176d6524a2b035b66a494f8175788653f914692405e9e9d581","digitalCertThumbprint":"5A7DE11C1A8C17C208B25587947E8F443AB02AC0","digitalCertIssuer":"CN=Sectigo Public Code Signing CA EV R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=Cleversort FZ-LLC, O=Cleversort FZ-LLC, S=Ras Al Khaimah, C=AE, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=AE, SERIALNUMBER=11478657","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"175","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"proxyware apps, globalhop","reference":"","landingPage":"https://dispout.com/","directDownloadingLink":"https://dispout.com/download/Dispout.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://dispout.com/download/Dispout.exe","sourceIndex":"175"}],"sampleFiles":["250820/Dispout-240314/1.0.8.0/Samples/Dispout.exe"],"imageFiles":["250820/Dispout-240314/1.0.8.0/Images/ACR-084/ACR-084_Software_1.png","250820/Dispout-240314/1.0.8.0/Images/ACR-084/ACR-084_Software_2.png","250820/Dispout-240314/1.0.8.0/Images/ACR-084/ACR-084_Software_3.png","250820/Dispout-240314/1.0.8.0/Images/ACR-048/ACR-048_Software_1.png"],"nonDeceptorImageFiles":[],"guid":"49714669-87b9-485b-8e65-68598825e623_1.0.8.0_1","appID":"Dispout-240314","dateAdded":"250820","deceptorType":"App","name":"Dispout","company":"Globalhop","version":"1.0.8.0","firstResolvedVersion":"1.0.8.0","lastKnownStatus":"1.0.8.0","lastKnownDate":"250820","type":"Windows Executable","category":"SysTools & Utilities, Productivity","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10,Windows 11","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"net proxy,none","lastUpdate":"2025-08-20T19:32:48.2052346+00:00","notDistributed":false,"familyName":"Globalhop","numInFamily":17,"numInAppID":2,"sortOrder":254},{"violations":{"ACR-042":"\"GlobalHop\" SDK components are dropped without obtaining user's permission through explicit user action.\n","ACR-048":"The App does not provide an option to cancel the startup and remove the background process completely within the app's settings. Elements are also located in hidden folders making it a challenge for ordinary users to remove them manually.\n","ACR-007":"App does not obtain user consent to reduce the consumer's security posture caused by sharing ip/network connection for sharing internet resources and as proxy. \n","ACR-084":"The app runs silently in the background, hiding the fact that it is active from the consumer, and also creates a startup entry without the user's knowledge and consent. The application runs in the system tray immediately after installation with a greyed and disabled icon, thus attempting to hide its presence from the consumer.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains all of its components on the device without the consumer's consent or notifying the user.\n","ACR-155":"The GlobalHop SDK is included in the application installation by default without explicitly disclosing its usage and impacts on the user's system in a separate prompt.\n"},"nonDeceptorViolations":{"ACR-040":"The App installs itself by default in a hidden folder <Appdata/Local/Program>.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Users\\User\\AppData\\Local\\Programs\\RestMinder\\RestMinder.exe","companyName":"","productName":"RestMinder","productVersion":"1.0.0.0","fileVersion":"1.0.0.0","hashMD5":"d00c3c70471464f6f89190ca5dee8548","hashSHA1":"de47f4a3f642654382233a79973d299b8a40ce16","hashSHA256":"23b97b3099d60b8e28ac72a64b8b9f69e0062642728ffe56aa3a69847fa37326","digitalCertThumbprint":"02AE726E551C4BAA06F351EAB27853D035713619","digitalCertIssuer":"DigiCert SHA2 Assured ID Code Signing CA","digitalCertIssuedTo":"Globalhop Ltd","storeId":"","sourceIndex":"1512","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"RestMinder_1.0.0.0.exe","isInstaller":"True","companyName":"RestMinder                                                  ","productName":"RestMinder                                                  ","productVersion":"1.0.0.0                                           ","fileVersion":"1.0.0.0             ","hashMD5":"9d7d8660b4743c721793bf50ac933575","hashSHA1":"a64341e645a0fec870f633ea5f372c0e02a5a702","hashSHA256":"b1ea691fadc0f346043c322b6ac53bfff3232e9594f6df9405c2de91abe89dbf","digitalCertThumbprint":"02AE726E551C4BAA06F351EAB27853D035713619","digitalCertIssuer":"DigiCert SHA2 Assured ID Code Signing CA","digitalCertIssuedTo":"Globalhop Ltd","storeId":"","sourceIndex":"1512","avBlockList":["360 Total Security (20240625)","Avast Premium Security (20240625)","AVG Internet Security (20240625)","Avira Internet Security (20240625)","Bitdefender Internet Security (20240625)","ESET Internet Security (20240625)","G DATA INTERNET SECURITY (20240625)","Kaspersky Internet Security (20240625)","Malwarebytes Premium (20240625)","McAfee Total Protection (20240625)","Norton Security (20240625)","Panda Dome (20240625)","Quick Heal Internet Security (20240625)","Sophos Home Premium (20240625)","SpyHunter5 (20240625)","Total AV Antivirus Pro (20240625)","Trend Micro Internet Security (20240625)","VIPRE Advanced Security (20240625)","VirIT eXplorer PRO (20240625)","Webroot SecureAnywhere (20240625)","Windows Defender (20240625)"],"avAllowList":["COMODO Antivirus (20240625)","Dr.Web Security Space (20240625)","K7 Total Security (20240625)","Tencent PC Manager (20220602)"]}],"additionalFiles":[],"sources":[{"howFound":"Globalhop SDK","reference":"","landingPage":"https://restminder.com/","directDownloadingLink":"https://restminder.com/download/RestMinder_1.0.0.0.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://restminder.com/download/RestMinder_1.0.0.0.exe","sourceIndex":"1512"}],"sampleFiles":["220525/restminder-220524/1.0.0.0/Samples/RestMinder_1.0.0.0.exe"],"imageFiles":["220525/restminder-220524/1.0.0.0/Images/ACR-042/ACR-042 (1).JPG","220525/restminder-220524/1.0.0.0/Images/ACR-042/ACR-042 (2).JPG","220525/restminder-220524/1.0.0.0/Images/ACR-007/ACR-007.JPG","220525/restminder-220524/1.0.0.0/Images/ACR-084/ACR-084_Software_Hidden.JPG","220525/restminder-220524/1.0.0.0/Images/ACR-084/ACR-084_Software_Undisclosed_Startup.JPG","220525/restminder-220524/1.0.0.0/Images/ACR-084/ACR-084_Software_Hidden_1.JPG","220525/restminder-220524/1.0.0.0/Images/ACR-048/ACR-048_Software_1.JPG","220525/restminder-220524/1.0.0.0/Images/ACR-048/ACR-048_Software_2.JPG","220525/restminder-220524/1.0.0.0/Images/ACR-048/ACR-048_Software_3.JPG","220525/restminder-220524/1.0.0.0/Images/ACR-118/ACR-118_Uninstall_Retains.JPG","220525/restminder-220524/1.0.0.0/Images/ACR-155/ACR-155_1.JPG"],"nonDeceptorImageFiles":["220525/restminder-220524/1.0.0.0/Images/ACR-040/ACR-040_Install_Hidden_Location.JPG"],"guid":"195aeafe-7700-4663-aa4a-f8dc4ac4035f_1.0.0.0_1","appID":"restminder-220524","dateAdded":"250820","deceptorType":"App","name":"Restminder","company":"Globalhop Ltd","version":"1.0.0.0","firstResolvedVersion":"","lastKnownStatus":"1.0.0.0;1.0.4.0;1.0.5.0;1.0.6.0","lastKnownDate":"250820","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2025-08-20T00:00:00+00:00","notDistributed":false,"familyName":"Globalhop","numInFamily":17,"numInAppID":4,"sortOrder":253},{"violations":{"ACR-007":"The app does not obtain user explicit consent which reduces the consumer's security posture caused by sharing internet resources.\nThe app does not display explicit notification about the potential risk in security posture caused by sharing network connection, when the app is re-enabled at least for the 1st time.\n","ACR-084":"The process keeps running in the background despite disabling app and connection option. There is no clear control for borrowing resource.\n","ACR-155":"The GlobalHop SDK is included in the application installation by default without explicitly disclosing its usage and impacts on the user's system on a separate prompt.\n"},"nonDeceptorViolations":{"ACR-040":"The app installs itself by default in a hidden path \"%AppData%\\Local\\Programs\\\" \n","ACR-098":"The app needs to provide control to adjust the schedule and rate of borrowing while the \"Restminder\" process is running.\n"},"samples":[{"isRevoked":"False","fileName":"restminder-setup.exe","isInstaller":"True","companyName":"RestMinder                                                  ","fileVersion":"1.0","hashMD5":"4e98a80bf5acea96708c203fe165cd47","hashSHA1":"0cf03f5000cae7ef09b8e5af3e8ab2f7eb73d9ce","hashSHA256":"bfcbb8781693d0d9e7dbe2bfa633a7cea8bc8f7acb1c1866830717b49ab826d2","digitalCertThumbprint":"C6D0201889888E307CC1525F1F2304ADC3676DD5","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Cleversort FZ-LLC, O=Cleversort FZ-LLC, L=Ras-Al-Khaimah, S=Ras-Al-Khaimah, C=AE, SERIALNUMBER=46000244, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.2=Ras Al Khaimah, OID.1.3.6.1.4.1.311.60.2.1.3=AE","sourceIndex":"710","avBlockList":["360 Total Security (20240618)","Avast Premium Security (20240618)","AVG Internet Security (20240618)","Avira Internet Security (20240618)","Bitdefender Internet Security (20240618)","ESET Internet Security (20240618)","G DATA INTERNET SECURITY (20240618)","K7 Total Security (20240618)","Kaspersky Internet Security (20240618)","Malwarebytes Premium (20240618)","McAfee Total Protection (20240618)","Norton Security (20240618)","Panda Dome (20240618)","Quick Heal Internet Security (20240618)","Sophos Home Premium (20240618)","SpyHunter5 (20240618)","Total AV Antivirus Pro (20240618)","Trend Micro Internet Security (20240618)","VIPRE Advanced Security (20240618)","VirIT eXplorer PRO (20240618)","Webroot SecureAnywhere (20240618)"],"avAllowList":["COMODO Antivirus (20240618)","Dr.Web Security Space (20240618)","Windows Defender (20240618)"]}],"additionalFiles":[],"sources":[{"howFound":"bandwidth sharing proxy apps","reference":"","landingPage":"https://restminder.com/","directDownloadingLink":"https://restminder.com/download/restminder.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://restminder.com/download/restminder.exe","sourceIndex":"710"}],"sampleFiles":["240319/restminder-220524/1.0.4.0/Samples/restminder-setup.exe"],"imageFiles":["240319/restminder-220524/1.0.4.0/Images/ACR-007/ACR-007_Install_1.png","240319/restminder-220524/1.0.4.0/Images/ACR-084/ACR-084_Software_1.png","240319/restminder-220524/1.0.4.0/Images/ACR-007/restminder.gif","240319/restminder-220524/1.0.4.0/Images/ACR-155/ACR-155_Bundler-made offers_1.png"],"nonDeceptorImageFiles":["240319/restminder-220524/1.0.4.0/Images/ACR-040/ACR-040_Install_1.png","240319/restminder-220524/1.0.4.0/Images/ACR-098/ACR-098_Software_1.png"],"guid":"195aeafe-7700-4663-aa4a-f8dc4ac4035f_1.0.4.0_1","appID":"restminder-220524","dateAdded":"250820","deceptorType":"App","name":"Restminder","company":"Globalhop Ltd","version":"1.0.4.0","firstResolvedVersion":"","lastKnownStatus":"1.0.0.0;1.0.4.0;1.0.5.0;1.0.6.0","lastKnownDate":"250820","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"net proxy,none","lastUpdate":"2025-08-20T00:00:00+00:00","notDistributed":false,"familyName":"Globalhop","numInFamily":17,"numInAppID":4,"sortOrder":252},{"violations":{"ACR-007":"The app does not obtain user explicit consent which reduces the consumer's security posture caused by sharing internet resources.\nThe app does not display explicit notification about the potential risk in security posture caused by sharing network connection when the app is re-enabled at least for the 1st time.\n","ACR-010":"The app establishes SMTP connections and uses them to send spam email advertisements to various addresses.\n","ACR-084":"The process keeps running in the background despite disabling app and connection option. There is no clear control for borrowing resource.\n","ACR-089":"The app establishes smtp connections and uses them to send spam advertisement emails to various addresses.\n","ACR-155":"The GlobalHop SDK is included in the application installation by default without explicitly disclosing its usage and impacts on the user's system on a separate prompt. \n"},"nonDeceptorViolations":{"ACR-040":"The app installs itself by default in a hidden path \"%AppData%\\Local\\Programs\\\"\n"},"samples":[{"isRevoked":"False","fileName":"Dispout-setup.exe","isInstaller":"True","companyName":"Dispout                                                     ","fileVersion":"1.0","hashMD5":"9f5010daf2e85a3d701e39e8f7833c43","hashSHA1":"ddc9e34392774512629e574f979e202b4a8f1833","hashSHA256":"4b5bff7fbba9daa1f0a8104adc3e5411d84c61fd4dee800827261eadf01e6ff4","digitalCertThumbprint":"C6D0201889888E307CC1525F1F2304ADC3676DD5","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Cleversort FZ-LLC, O=Cleversort FZ-LLC, L=Ras-Al-Khaimah, S=Ras-Al-Khaimah, C=AE, SERIALNUMBER=46000244, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.2=Ras Al Khaimah, OID.1.3.6.1.4.1.311.60.2.1.3=AE","sourceIndex":"602","avBlockList":["360 Total Security (20250821)","Avast Premium Security (20250821)","AVG Internet Security (20250821)","Avira Internet Security (20250821)","Bitdefender Internet Security (20250821)","ESET Internet Security (20250821)","G DATA INTERNET SECURITY (20250821)","K7 Total Security (20250821)","Kaspersky Internet Security (20240618)","Malwarebytes Premium (20250821)","McAfee Total Protection (20250821)","Norton Security (20250821)","Panda Dome (20250821)","Quick Heal Internet Security (20250821)","Sophos Home Premium (20250821)","SpyHunter5 (20250821)","Total AV Antivirus Pro (20250821)","Trend Micro Internet Security (20250821)","VIPRE Advanced Security (20250821)","VirIT eXplorer PRO (20250821)","Webroot SecureAnywhere (20250821)","FortectPremium (20250821)"],"avAllowList":["COMODO Antivirus (20250821)","Dr.Web Security Space (20250821)","Windows Defender (20250821)","KasperskyPremium (20250821)"]},{"isRevoked":"False","fileName":"Dispout.exe","fileVersion":"1.0","hashMD5":"f9daaedfff02a6af744c22d64ba826e2","hashSHA1":"11bb3ad1f7448d508476ce456b6de6b8da3fc8fa","hashSHA256":"b9ff2fb7a47d0537316ca90a308ac3bdb6d91601def68ef9fe50bb87f377dde0","digitalCertThumbprint":"C6D0201889888E307CC1525F1F2304ADC3676DD5","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Cleversort FZ-LLC, O=Cleversort FZ-LLC, L=Ras-Al-Khaimah, S=Ras-Al-Khaimah, C=AE, SERIALNUMBER=46000244, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.2=Ras Al Khaimah, OID.1.3.6.1.4.1.311.60.2.1.3=AE","sourceIndex":"602","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"proxyware apps, globalhop","reference":"","landingPage":"https://dispout.com/","directDownloadingLink":"https://dispout.com/download/Dispout.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://dispout.com/download/Dispout.exe","sourceIndex":"602"}],"sampleFiles":["240627/Dispout-240314/1.0.1.0/Samples/Dispout-setup.exe","240627/Dispout-240314/1.0.1.0/Samples/Dispout.exe"],"imageFiles":["240627/Dispout-240314/1.0.1.0/Images/ACR-007/ACR-007_Install_1.png","240627/Dispout-240314/1.0.1.0/Images/ACR-007/ACR-007_Install_2.png","240627/Dispout-240314/1.0.1.0/Images/ACR-084/ACR-084_Software_1.png","240627/Dispout-240314/1.0.1.0/Images/ACR-084/ACR-084_Software_2.png","240627/Dispout-240314/1.0.1.0/Images/ACR-089/dispoutsmtpconnections.png","240627/Dispout-240314/1.0.1.0/Images/ACR-089/smtpdata.png","240627/Dispout-240314/1.0.1.0/Images/ACR-089/spamemail.png","240627/Dispout-240314/1.0.1.0/Images/ACR-089/ACR-089_Software_1.png","240627/Dispout-240314/1.0.1.0/Images/ACR-089/ACR-089_Software_2.png","240627/Dispout-240314/1.0.1.0/Images/ACR-007/Dispout.gif","240627/Dispout-240314/1.0.1.0/Images/ACR-010/dispoutsmtpconnections.png","240627/Dispout-240314/1.0.1.0/Images/ACR-010/smtpdata.png","240627/Dispout-240314/1.0.1.0/Images/ACR-010/spamemail.png","240627/Dispout-240314/1.0.1.0/Images/ACR-010/ACR-010_Software_1.png","240627/Dispout-240314/1.0.1.0/Images/ACR-010/ACR-010_Software_2.png","240627/Dispout-240314/1.0.1.0/Images/ACR-155/ACR-155_Bundler-made offers_1.png","240627/Dispout-240314/1.0.1.0/Images/ACR-155/ACR-155_Bundler-made offers_2.png"],"nonDeceptorImageFiles":["240627/Dispout-240314/1.0.1.0/Images/ACR-040/ACR-040_Install_1.png"],"guid":"49714669-87b9-485b-8e65-68598825e623_1.0.1.0_1","appID":"Dispout-240314","dateAdded":"250820","deceptorType":"App","name":"Dispout","company":"Globalhop","version":"1.0.1.0","firstResolvedVersion":"1.0.8.0","lastKnownStatus":"1.0.8.0","lastKnownDate":"250820","type":"Windows Executable","category":"SysTools & Utilities, Productivity","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10,Windows 11","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"net proxy,none","lastUpdate":"2025-08-20T00:00:00+00:00","notDistributed":false,"familyName":"Globalhop","numInFamily":17,"numInAppID":2,"sortOrder":255},{"violations":{"ACR-048":"There is no option for user to immediately cancel the resource borrowing activity in application.\n","ACR-084":"The resource borrowing status is not visible in application. No clearly indicate whenever borrowing is active or inactive in application\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"restminder.exe","isInstaller":"True","companyName":"Globalhop                                                   ","productName":"Restminder","productVersion":"1.0.6.0","fileVersion":"1.0.6.0","hashMD5":"1084a2f55aab88f0afce60a237c4f3c4","hashSHA1":"b1fb14066544ea0884811ff9f677743ab67f6322","hashSHA256":"a9b4d07704f2ffa63c4f7cdfec62658fc2f43403a76590c815b07f1843586cc0","digitalCertThumbprint":"C6D0201889888E307CC1525F1F2304ADC3676DD5","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Cleversort FZ-LLC, O=Cleversort FZ-LLC, L=Ras-Al-Khaimah, S=Ras-Al-Khaimah, C=AE, SERIALNUMBER=46000244, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.2=Ras Al Khaimah, OID.1.3.6.1.4.1.311.60.2.1.3=AE","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"174","avBlockList":["360 Total Security (20251104)","Bitdefender Internet Security (20251104)","ESET Internet Security (20251104)","FortectPremium (20251104)","G DATA INTERNET SECURITY (20251104)","K7 Total Security (20251104)","KasperskyPremium (20251104)","Malwarebytes Premium (20251104)","McAfee Total Protection (20251104)","Panda Dome (20251104)","Quick Heal Internet Security (20251104)","Sophos Home Premium (20251104)","SpyHunter5 (20251104)","Trend Micro Internet Security (20251104)","VIPRE Advanced Security (20251104)","Webroot SecureAnywhere (20251104)","VirIT eXplorer PRO (20251104)"],"avAllowList":["Avast Premium Security (20251104)","AVG Internet Security (20251104)","Avira Internet Security (20251104)","COMODO Antivirus (20251104)","Dr.Web Security Space (20251104)","Norton Security (20251104)","Total AV Antivirus Pro (20251104)","Windows Defender (20251104)"]},{"isRevoked":"False","fileName":"RestMinder.exe","companyName":"Globalhop","productName":"Restminder","productVersion":"1.0.6.0","fileVersion":"1.0.6.0","hashMD5":"cf0abd4fdb495106f7e734a98ebfb00c","hashSHA1":"b273ef6af55374367e2989125f66f30dbdb05de7","hashSHA256":"61f3bd04c63b959c149b59eb753b81505dbb88851c5f25eaef6f86a7a6cc5b0b","digitalCertThumbprint":"C6D0201889888E307CC1525F1F2304ADC3676DD5","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Cleversort FZ-LLC, O=Cleversort FZ-LLC, L=Ras-Al-Khaimah, S=Ras-Al-Khaimah, C=AE, SERIALNUMBER=46000244, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.2=Ras Al Khaimah, OID.1.3.6.1.4.1.311.60.2.1.3=AE","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"174","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"classic.dll","companyName":"Globalhop","productName":"Restminder","productVersion":"2.0.0.0","fileVersion":"2.0.0.0","hashMD5":"52f7930f10a7191bcca9e3c0dfe80e28","hashSHA1":"43d9ed6eea175ecca2a4bd7b1d640af9396a0a48","hashSHA256":"ebdfb6bf972d06878abfb2716932952434a88274ac37cb997636996c8275f747","digitalCertThumbprint":"C6D0201889888E307CC1525F1F2304ADC3676DD5","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Cleversort FZ-LLC, O=Cleversort FZ-LLC, L=Ras-Al-Khaimah, S=Ras-Al-Khaimah, C=AE, SERIALNUMBER=46000244, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.2=Ras Al Khaimah, OID.1.3.6.1.4.1.311.60.2.1.3=AE","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"174","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"novel.dll","hashMD5":"3c584654623ef75aa2069bb2e5cbd3d4","hashSHA1":"1f5ea875b0bda964a13262c9e2ddeb0538b33bd2","hashSHA256":"73e98965efa501f2c6ead90b1ae22bddfeb6728388163b8656204ec8d873975f","digitalCertThumbprint":"C6D0201889888E307CC1525F1F2304ADC3676DD5","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Cleversort FZ-LLC, O=Cleversort FZ-LLC, L=Ras-Al-Khaimah, S=Ras-Al-Khaimah, C=AE, SERIALNUMBER=46000244, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.2=Ras Al Khaimah, OID.1.3.6.1.4.1.311.60.2.1.3=AE","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"174","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Globalhop SDK","reference":"","landingPage":"https://restminder.com/","directDownloadingLink":"https://restminder.com/download/restminder.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://restminder.com/download/restminder.exe","sourceIndex":"174"}],"sampleFiles":["250820/restminder-220524/1.0.6.0/Samples/restminder.exe"],"imageFiles":["250820/restminder-220524/1.0.6.0/Images/ACR-084/ACR-084_Software_2.png","250820/restminder-220524/1.0.6.0/Images/ACR-084/ACR-084_Software_3.png","250820/restminder-220524/1.0.6.0/Images/ACR-048/ACR-048_Software_1.png"],"nonDeceptorImageFiles":[],"guid":"195aeafe-7700-4663-aa4a-f8dc4ac4035f_1.0.6.0_1","appID":"restminder-220524","dateAdded":"250820","deceptorType":"App","name":"Restminder","company":"Globalhop Ltd","version":"1.0.6.0","firstResolvedVersion":"","lastKnownStatus":"1.0.0.0;1.0.4.0;1.0.5.0;1.0.6.0","lastKnownDate":"250820","type":"Windows Executable","category":"SysTools & Utilities, Productivity","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"net proxy","lastUpdate":"2025-08-20T20:42:46.6495812+00:00","notDistributed":false,"familyName":"Globalhop","numInFamily":17,"numInAppID":4,"sortOrder":250},{"violations":{"ACR-048":"There is no option for user to immediately cancel the resource borrowing activity in application.\n","ACR-084":"The resource borrowing status is not visible in application. No clearly indicate whenever borrowing is active or inactive in application\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"Dzentime.exe","isInstaller":"True","companyName":"Globalhop                                                   ","fileVersion":"1.0","hashMD5":"26d4a85fc28bad04fae1c46b3309f031","hashSHA1":"014c516a43362df6bf649ba062b5956c47cae3e6","hashSHA256":"3ee26f088b3647d5dbb80a5cbe0ae0a1d17058ded3b1f9b9ebeaffbac8189350","digitalCertThumbprint":"C6D0201889888E307CC1525F1F2304ADC3676DD5","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Cleversort FZ-LLC, O=Cleversort FZ-LLC, L=Ras-Al-Khaimah, S=Ras-Al-Khaimah, C=AE, SERIALNUMBER=46000244, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.2=Ras Al Khaimah, OID.1.3.6.1.4.1.311.60.2.1.3=AE","sourceIndex":"176","avBlockList":["360 Total Security (20251030)","Bitdefender Internet Security (20251030)","ESET Internet Security (20251030)","FortectPremium (20251030)","G DATA INTERNET SECURITY (20251030)","K7 Total Security (20251030)","KasperskyPremium (20251030)","Malwarebytes Premium (20251030)","McAfee Total Protection (20251030)","Panda Dome (20251030)","Quick Heal Internet Security (20251030)","Sophos Home Premium (20251030)","SpyHunter5 (20251030)","Trend Micro Internet Security (20251030)","VIPRE Advanced Security (20251030)","VirIT eXplorer PRO (20251030)","Webroot SecureAnywhere (20251030)"],"avAllowList":["Avast Premium Security (20251030)","AVG Internet Security (20251030)","Avira Internet Security (20251030)","COMODO Antivirus (20251030)","Dr.Web Security Space (20251030)","Norton Security (20251030)","Total AV Antivirus Pro (20251030)","Windows Defender (20251030)"]},{"isRevoked":"False","fileName":"Dzentime.exe","companyName":"Globalhop","productName":"DzenTime","productVersion":"1.0.0.0","fileVersion":"1.0.0.0","hashMD5":"3902b7777aa777dfcab8db59ab7a3775","hashSHA1":"68a42c11e1e65a3ed6568d91a3ba2309835ab0aa","hashSHA256":"1c2545b8225d474bc424eaefde958cd9d3cd462f09a731b16393f6da06ebaf4e","digitalCertThumbprint":"C6D0201889888E307CC1525F1F2304ADC3676DD5","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Cleversort FZ-LLC, O=Cleversort FZ-LLC, L=Ras-Al-Khaimah, S=Ras-Al-Khaimah, C=AE, SERIALNUMBER=46000244, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.2=Ras Al Khaimah, OID.1.3.6.1.4.1.311.60.2.1.3=AE","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"176","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"unins000.exe","companyName":"Globalhop                                                   ","productName":"Dzentime","productVersion":"1.0.0.0","fileVersion":"51.1052.0.0","hashMD5":"f5c7e61520effcf4581c7f4a4d2e2d0d","hashSHA1":"ed1f16dfcb7cfe1945b520c78ccb34719ed443bb","hashSHA256":"401336ff048c42f4d998441331fa01ff1885e6d0e95ca393d67585240f50e5b5","digitalCertThumbprint":"C6D0201889888E307CC1525F1F2304ADC3676DD5","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Cleversort FZ-LLC, O=Cleversort FZ-LLC, L=Ras-Al-Khaimah, S=Ras-Al-Khaimah, C=AE, SERIALNUMBER=46000244, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.2=Ras Al Khaimah, OID.1.3.6.1.4.1.311.60.2.1.3=AE","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"176","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"classic.dll","companyName":"Globalhop","productName":"Dzentime","productVersion":"2.0.0.0","fileVersion":"2.0.0.0","hashMD5":"b6d4a68c920ba61c4ff99dfbfff94846","hashSHA1":"8f9f28d360cdc2e16a4a64bbde9cf2b6fe649b35","hashSHA256":"431936a05dbb166ba2a6144e876020c6181a8228e41237295596b4cdb2440ce1","digitalCertThumbprint":"C6D0201889888E307CC1525F1F2304ADC3676DD5","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Cleversort FZ-LLC, O=Cleversort FZ-LLC, L=Ras-Al-Khaimah, S=Ras-Al-Khaimah, C=AE, SERIALNUMBER=46000244, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.2=Ras Al Khaimah, OID.1.3.6.1.4.1.311.60.2.1.3=AE","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"176","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"novel.dll","hashMD5":"34204eb2f0bbf46296f6c0f04dc1ef73","hashSHA1":"2dd5f673b5001c57dc04765cf0b5de90bc3e4828","hashSHA256":"58ae68f64c49b96c2626af4e61706bb50c36551d4c6c2e0460b9548873f9142c","digitalCertThumbprint":"C6D0201889888E307CC1525F1F2304ADC3676DD5","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Cleversort FZ-LLC, O=Cleversort FZ-LLC, L=Ras-Al-Khaimah, S=Ras-Al-Khaimah, C=AE, SERIALNUMBER=46000244, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.2=Ras Al Khaimah, OID.1.3.6.1.4.1.311.60.2.1.3=AE","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"176","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"","landingPage":"https://dzentime.com/","directDownloadingLink":"https://downloads.dzentime.com/Dzentime.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://downloads.dzentime.com/Dzentime.exe","sourceIndex":"176"}],"sampleFiles":["250820/DZentime-240807/1.0.0.0/Samples/Dzentime.exe"],"imageFiles":["250820/DZentime-240807/1.0.0.0/Images/ACR-084/ACR-084_Software_1.png","250820/DZentime-240807/1.0.0.0/Images/ACR-084/ACR-084_Software_2.png","250820/DZentime-240807/1.0.0.0/Images/ACR-084/ACR-084_Software_3.png","250820/DZentime-240807/1.0.0.0/Images/ACR-048/ACR-048_Software_1.png"],"nonDeceptorImageFiles":[],"guid":"e0a04a59-47a1-41b3-ac03-b94751f4fb82_1.0.0.0_1","appID":"DZentime-240807","dateAdded":"250820","deceptorType":"App","name":"Dzentime","company":"Globalhop","version":"1.0.0.0","lastKnownStatus":"1.0.0.0","lastKnownDate":"250820","type":"Windows Executable","category":"Personalization & Search","targetOS":"None","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"net proxy","lastUpdate":"2025-08-20T19:11:54.9504641+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":249},{"violations":{"ACR-004":"Application doesn't provide free fix for scanned items, instead it offers subscription payment to recover files scanned.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"iboysoftdatarecovery_nt1755665383212.dmg","isInstaller":"True","hashMD5":"807a7b3bb247a5a9c1b40704461fc6ec","hashSHA1":"a50d32ca6ae1e7425daa8113fc7fdf558ec06abb","hashSHA256":"9dbc716b7c21fcbfa9875e7ee1ddf78c84f37f24137b772769ca10e840a2d603","sourceIndex":"177","avBlockList":["SpyHunterforMac (20251113)","Trend Micro Antivirus for Mac (20251113)","Sophos Home Premium For Mac (20251113)"],"avAllowList":["Avast Security for Mac (20251113)","Avira Security for Mac (20251113)","Bitdefender Antivirus for Mac (20251113)","ESET Cyber Security Pro for Mac (20251113)","G DATA AntiVirus for Mac (20251113)","K7 Antivirus for Mac (20251113)","Kaspersky Internet Security for Mac (20251113)","McAfee Internet Security for Mac (20251113)","Norton Security for Mac (20251113)"]},{"isRevoked":"False","fileName":"iBoysoft%20Data%20Recovery","fileVersion":"10.13.0","hashMD5":"402bc1f0919a183bdfedf745cbbd2c58","hashSHA1":"0c246d8043d026803c1274964edff3bd5c079424","hashSHA256":"1cb249a9ae300736b2e7765baa75ec3757a639f949a504c9197830f203ce8534","sourceIndex":"177","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"https://iboysoft.com/free-mac-data-recovery.html ","reference":"","landingPage":"https://iboysoft.com/free-mac-data-recovery.html ","directDownloadingLink":"https://download.iboysoft.com/download/downloadfile.php?p=macdatarecovery&d=notrial_product ","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://download.iboysoft.com/download/downloadfile.php?p=macdatarecovery&d=notrial_product ","sourceIndex":"177"}],"sampleFiles":["250820/iBoysoftDataRecoveryforMac-250820/5.2.4/Samples/iboysoftdatarecovery_nt1755665383212.dmg","250820/iBoysoftDataRecoveryforMac-250820/5.2.4/Samples/iBoysoft%20Data%20Recovery"],"imageFiles":["250820/iBoysoftDataRecoveryforMac-250820/5.2.4/Images/ACR-004/app3.png","250820/iBoysoftDataRecoveryforMac-250820/5.2.4/Images/ACR-004/app4.png","250820/iBoysoftDataRecoveryforMac-250820/5.2.4/Images/ACR-004/app5.png","250820/iBoysoftDataRecoveryforMac-250820/5.2.4/Images/ACR-004/Purchase iBoysoft Data Recovery for Mac license key online.png"],"nonDeceptorImageFiles":[],"guid":"82921b57-163a-4cd4-96b0-12e4f0672291_5.2.4_1","appID":"iBoysoftDataRecoveryforMac-250820","dateAdded":"250820","deceptorType":"MacOS App","name":"iBoysoft Data Recovery for Mac","company":"iBoysoft","version":"5.2.4","lastKnownStatus":"5.2.4","lastKnownDate":"250820","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2026-05-12T22:59:39.5816331+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":248},{"violations":{"ACR-007":"The app does not obtain user explicit consent for the reduction in the consumer's security posture caused by sharing internet resources.\n","ACR-010":"The app establishes SMTP connections and uses them to send spam email advertisements to various addresses.\n","ACR-089":"App establishes SMTP connections and uses them to send spam email advertisements to various addresses.\n","ACR-155":"The GlobalHop SDK is included in the application installation by default without explicitly disclosing its usage and impacts on the user's system on a separate prompt.\n"},"nonDeceptorViolations":{"ACR-040":"The app installs itself by default in a hidden path \"%AppData%\\Local\\Programs\\\" \n"},"samples":[{"isRevoked":"False","fileName":"restminder.exe","isInstaller":"True","companyName":"Globalhop                                                   ","fileVersion":"1.0","hashMD5":"149eace98b671ee3dfee406c7e02e789","hashSHA1":"c4452b167bbdc14fd9d1f960456153a5715be6f9","hashSHA256":"f6d52c755f871e552678b99a509bb856f3539d77320f53b2500fad701585e47a","digitalCertThumbprint":"5A7DE11C1A8C17C208B25587947E8F443AB02AC0","digitalCertIssuer":"CN=Sectigo Public Code Signing CA EV R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=Cleversort FZ-LLC, O=Cleversort FZ-LLC, S=Ras Al Khaimah, C=AE, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=AE, SERIALNUMBER=11478657","sourceIndex":"598","avBlockList":["360 Total Security (20250821)","ESET Internet Security (20250821)","FortectPremium (20250821)","G DATA INTERNET SECURITY (20250821)","K7 Total Security (20250821)","Kaspersky Internet Security (20240711)","Malwarebytes Premium (20250821)","Panda Dome (20250821)","Quick Heal Internet Security (20250821)","Sophos Home Premium (20250821)","SpyHunter5 (20250821)","Trend Micro Internet Security (20250821)","VirIT eXplorer PRO (20250821)","Webroot SecureAnywhere (20250821)","KasperskyPremium (20250821)"],"avAllowList":["Avast Premium Security (20250821)","AVG Internet Security (20250821)","Avira Internet Security (20250821)","Bitdefender Internet Security (20250821)","COMODO Antivirus (20250821)","Dr.Web Security Space (20250821)","McAfee Total Protection (20250821)","Norton Security (20250821)","Total AV Antivirus Pro (20250821)","VIPRE Advanced Security (20250821)","Windows Defender (20250821)"]},{"isRevoked":"False","fileName":"RestMinder.exe","companyName":"Globalhop","fileVersion":"1.0","hashMD5":"d8ab7a0479590a62f8f66b2d38b211f6","hashSHA1":"2e325af27747862f531b3f33bf0f840fd0d1228b","hashSHA256":"68fe20838348412951d453b24f1e7f6d9257a52e28d0aaac68df600416f2f768","digitalCertThumbprint":"5A7DE11C1A8C17C208B25587947E8F443AB02AC0","digitalCertIssuer":"CN=Sectigo Public Code Signing CA EV R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=Cleversort FZ-LLC, O=Cleversort FZ-LLC, S=Ras Al Khaimah, C=AE, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=AE, SERIALNUMBER=11478657","sourceIndex":"598","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Globalhop SDK","reference":"","landingPage":"https://restminder.com/","directDownloadingLink":"https://restminder.com/download/restminder.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://restminder.com/download/restminder.exe","sourceIndex":"598"}],"sampleFiles":["240627/restminder-220524/1.0.5.0/Samples/restminder%20(1).exe","240627/restminder-220524/1.0.5.0/Samples/RestMinder.exe"],"imageFiles":["240627/restminder-220524/1.0.5.0/Images/ACR-007/licenseagreement1.png","240627/restminder-220524/1.0.5.0/Images/ACR-007/licenseagreement2.png","240627/restminder-220524/1.0.5.0/Images/ACR-089/smtpconnections.png","240627/restminder-220524/1.0.5.0/Images/ACR-089/spamemail.png","240627/restminder-220524/1.0.5.0/Images/ACR-089/tcpstream.png","240627/restminder-220524/1.0.5.0/Images/ACR-010/smtpconnections.png","240627/restminder-220524/1.0.5.0/Images/ACR-010/spamemail.png","240627/restminder-220524/1.0.5.0/Images/ACR-010/tcpstream.png","240627/restminder-220524/1.0.5.0/Images/ACR-155/licenseagreement1.png","240627/restminder-220524/1.0.5.0/Images/ACR-155/licenseagreement2.png"],"nonDeceptorImageFiles":["240627/restminder-220524/1.0.5.0/Images/ACR-040/ACR-040_Install_1.png"],"guid":"195aeafe-7700-4663-aa4a-f8dc4ac4035f_1.0.5.0_1","appID":"restminder-220524","dateAdded":"250820","deceptorType":"App","name":"Restminder","company":"Globalhop Ltd","version":"1.0.5.0","firstResolvedVersion":"","lastKnownStatus":"1.0.0.0;1.0.4.0;1.0.5.0;1.0.6.0","lastKnownDate":"250820","type":"Windows Executable","category":"SysTools & Utilities, Productivity","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"net proxy","lastUpdate":"2025-08-20T00:00:00+00:00","notDistributed":false,"familyName":"Globalhop","numInFamily":17,"numInAppID":4,"sortOrder":251},{"violations":{"ACR-043":"All the components of \"Traffmonetizer\" get dropped immediately after inserting the Token without asking for the user's permission & disclosing its installation path. \n","ACR-048":"The app does not provide any control to cancel the installation process.\nThe app didn't provide control to disable its background process.\n","ACR-007":"The app does not obtain user consent which reduces the consumer's security posture caused by selling the user's traffic and performing monetization.\n","ACR-084":"On closing the app, the \"Traffmonetizer\" process runs in the background, hiding its presence from the consumer.\n\n"},"nonDeceptorViolations":{"ACR-040":" The app drops all its components in the hidden path \"C:\\Users\\User\\AppData\\Roaming\\\".\n","ACR-045":"The app didn't provide control to enable/disable the \"Internet Traffic sharing\" process.\n","ACR-161":"The customer review shown on the landing page (https://app.traffmonetizer.com/) is unverifiable.\n","ACR-098":"The app needs to provide control to adjust the schedule and rate while the \"Traffmonetizer\" process is running.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Users\\User\\AppData\\Roaming\\traffmonetizer\\app\\Traffmonetizer.exe","companyName":"Bytemarket","productName":"Traffmonetizer","productVersion":"1.0.0","fileVersion":"1.1.3.34","hashMD5":"90dcd050ed61796a43c6ebf3727f0837","hashSHA1":"fdd234d03ee8d65592d36d638c37ad52e7816a13","hashSHA256":"ba3d24bbab42a729f5b089a350c5ed2132fe67b52386709e03c3acb49d506810","digitalCertThumbprint":"074FBE7C90683AEC4D3FC9E25F857F68F567C1F1","digitalCertIssuer":"SSL.com EV Code Signing Intermediate CA RSA R3","digitalCertIssuedTo":"Bytemarket OÜ","storeId":"","sourceIndex":"1206","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"Installer (1).exe","isInstaller":"True","companyName":"Bytemarket","productName":"Traffmonetizer","productVersion":"1.0.0","fileVersion":"1.1.3.34","hashMD5":"dcb050a81038862531cf2e23a095dbd0","hashSHA1":"3340822daaacb341a036a062503db2691f652559","hashSHA256":"3c49e41f4e9be499f026246d0f28a6ee6649ebb12d91ad7ef5a3932a21e5842c","digitalCertThumbprint":"074FBE7C90683AEC4D3FC9E25F857F68F567C1F1","digitalCertIssuer":"SSL.com EV Code Signing Intermediate CA RSA R3","digitalCertIssuedTo":"Bytemarket OÜ","storeId":"","sourceIndex":"1206","avBlockList":["Avast Premium Security (20230328)","AVG Internet Security (20230328)","Avira Internet Security (20230328)","Bitdefender Internet Security (20230328)","ESET Internet Security (20230328)","G DATA INTERNET SECURITY (20230328)","K7 Total Security (20230328)","Kaspersky Internet Security (20230328)","Malwarebytes Premium (20230328)","McAfee Total Protection (20230328)","Norton Security (20230328)","Panda Dome (20230328)","Quick Heal Internet Security (20230328)","Sophos Home Premium (20230328)","SpyHunter5 (20230328)","Total AV Antivirus Pro (20230328)","VirIT eXplorer PRO (20230328)","Webroot SecureAnywhere (20230328)"],"avAllowList":["360 Total Security (20230328)","COMODO Antivirus (20230328)","Dr.Web Security Space (20230328)","Trend Micro Internet Security (20230328)","VIPRE Advanced Security (20230328)","Windows Defender (20230328)"]}],"additionalFiles":[],"sources":[{"howFound":"System resource borrowing","reference":"similar app as EarnApp","landingPage":"https://traffmonetizer.com/downloads/","ipv4":"","ipv6":"","sourceIndex":"1206"}],"sampleFiles":["230222/Traffmonetizer-230208/1.1.3.34/Samples/Installer (1).exe"],"imageFiles":["230222/Traffmonetizer-230208/1.1.3.34/Images/ACR-043/ACR-043.JPG","230222/Traffmonetizer-230208/1.1.3.34/Images/ACR-043/ACR-043_1.JPG","230222/Traffmonetizer-230208/1.1.3.34/Images/ACR-048/ACR-048.JPG","230222/Traffmonetizer-230208/1.1.3.34/Images/ACR-048/ACR-048_1.JPG","230222/Traffmonetizer-230208/1.1.3.34/Images/ACR-007/ACR-007.JPG","230222/Traffmonetizer-230208/1.1.3.34/Images/ACR-084/ACR-084.JPG","230222/Traffmonetizer-230208/1.1.3.34/Images/ACR-048/ACR-048-1.JPG","230222/Traffmonetizer-230208/1.1.3.34/Images/ACR-048/ACR-048-2.JPG"],"nonDeceptorImageFiles":["230222/Traffmonetizer-230208/1.1.3.34/Images/ACR-040/ACR-040.JPG","230222/Traffmonetizer-230208/1.1.3.34/Images/ACR-045/ACR-045 (1).JPG","230222/Traffmonetizer-230208/1.1.3.34/Images/ACR-045/ACR-045 (2).JPG","230222/Traffmonetizer-230208/1.1.3.34/Images/ACR-098/ACR-098.JPG","230222/Traffmonetizer-230208/1.1.3.34/Images/ACR-161/ACR-161.JPG"],"guid":"85ea3b88-d12a-4a29-9332-fee2d7f431be_1.1.3.34_1","appID":"Traffmonetizer-230208","dateAdded":"250812","deceptorType":"App","name":"Traffmonetizer","company":"Bytemarket","version":"1.1.3.34","lastKnownStatus":"1.1.3.34;1.1.3.35;1.1.3.37;1.1.3.39;1.3.41","lastKnownDate":"250812","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2025-08-12T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":5,"sortOrder":271},{"violations":{"ACR-043":"All the components of \"Traffmonetizer\" get dropped immediately after inserting the Token without asking for the user's permission & disclosing its installation path. \n","ACR-048":"The app does not provide any control to cancel the installation process.\nThe app didn't provide control to disable its background process.\n","ACR-007":"The app does not obtain user consent which reduces the consumer's security posture caused by selling the user's traffic and performing monetization.\n","ACR-084":"On closing the app, the \"Traffmonetizer\" process runs in the background, hiding its presence from the consumer.\n\n"},"nonDeceptorViolations":{"ACR-040":" The app drops all its components in the hidden path \"C:\\Users\\User\\AppData\\Roaming\\\".\n","ACR-045":"The app didn't provide control to enable/disable the \"Internet Traffic sharing\" process.\n","ACR-098":"The app needs to provide control to adjust the schedule and rate while the \"Traffmonetizer\" process is running.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Users\\User\\AppData\\Roaming\\traffmonetizer\\app\\Traffmonetizer.exe","companyName":"Bytemarket","productName":"Traffmonetizer","productVersion":"1.0.0","fileVersion":"1.1.3.35","hashMD5":"0bd9711e8566b28142dde063c0fc2e55","hashSHA1":"825114b80f32d3717a80271766d1da0afb67f76f","hashSHA256":"1701ec044ca08948619233defa56a893d6de36e1dbae7f524fe4fdf48fd9e619","digitalCertThumbprint":"074FBE7C90683AEC4D3FC9E25F857F68F567C1F1","digitalCertIssuer":"SSL.com EV Code Signing Intermediate CA RSA R3","digitalCertIssuedTo":"Bytemarket OÜ","storeId":"","sourceIndex":"1057","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"Installer.exe","isInstaller":"True","companyName":"Bytemarket","productName":"Traffmonetizer","productVersion":"1.0.0","fileVersion":"1.1.3.35","hashMD5":"7ed811b1b7b8c0f42396e997539de289","hashSHA1":"a1b8aa6cb741077e0c91e5b4f33f7263c28ae232","hashSHA256":"9b387b3a8c8c69d7359178661d01e42d6d5ce8972d539ec47e630e63d45a8206","digitalCertThumbprint":"074FBE7C90683AEC4D3FC9E25F857F68F567C1F1","digitalCertIssuer":"SSL.com EV Code Signing Intermediate CA RSA R3","digitalCertIssuedTo":"Bytemarket OÜ","storeId":"","sourceIndex":"1057","avBlockList":["360 Total Security (20240801)","Avast Premium Security (20240801)","AVG Internet Security (20240801)","Avira Internet Security (20240801)","Bitdefender Internet Security (20240801)","COMODO Antivirus (20240801)","Dr.Web Security Space (20240801)","ESET Internet Security (20240801)","G DATA INTERNET SECURITY (20240801)","K7 Total Security (20240801)","Kaspersky Internet Security (20240725)","Malwarebytes Premium (20240801)","Norton Security (20240801)","Panda Dome (20240801)","Quick Heal Internet Security (20240801)","Sophos Home Premium (20240801)","SpyHunter5 (20240801)","Total AV Antivirus Pro (20240801)","VIPRE Advanced Security (20240801)","VirIT eXplorer PRO (20240801)","Webroot SecureAnywhere (20240801)","Windows Defender (20240801)","FortectPremium (20240801)","KasperskyPremium (20240801)"],"avAllowList":["McAfee Total Protection (20240801)","Trend Micro Internet Security (20240801)"]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on windows app","reference":"","landingPage":"https://traffmonetizer.com/","directDownloadingLink":"https://data.traffmonetizer.com/downloads/Installer.exe?_gl=1*nop8cg*_ga*MTc5MDA0Mjc5MC4xNjg2MDMyMzgy*_ga_6SLKSETT5Z*MTY4NjAzMjM4Mi4xLjEuMTY4NjAzMjY2Mi41MS4wLjA.","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://data.traffmonetizer.com/downloads/Installer.exe?_gl=1*nop8cg*_ga*MTc5MDA0Mjc5MC4xNjg2MDMyMzgy*_ga_6SLKSETT5Z*MTY4NjAzMjM4Mi4xLjEuMTY4NjAzMjY2Mi41MS4wLjA.","sourceIndex":"1057"}],"sampleFiles":["230606/Traffmonetizer-230208/1.1.3.35/Samples/Installer.exe"],"imageFiles":["230606/Traffmonetizer-230208/1.1.3.35/Images/ACR-043/ACR-043.JPG","230606/Traffmonetizer-230208/1.1.3.35/Images/ACR-043/ACR-043_1.JPG","230606/Traffmonetizer-230208/1.1.3.35/Images/ACR-048/ACR-048.JPG","230606/Traffmonetizer-230208/1.1.3.35/Images/ACR-048/ACR-048_1.JPG","230606/Traffmonetizer-230208/1.1.3.35/Images/ACR-007/ACR-007.JPG","230606/Traffmonetizer-230208/1.1.3.35/Images/ACR-084/ACR-084.JPG","230606/Traffmonetizer-230208/1.1.3.35/Images/ACR-048/ACR-048_Software.JPG","230606/Traffmonetizer-230208/1.1.3.35/Images/ACR-048/ACR-048_Software_1.JPG"],"nonDeceptorImageFiles":["230606/Traffmonetizer-230208/1.1.3.35/Images/ACR-040/ACR-040.JPG","230606/Traffmonetizer-230208/1.1.3.35/Images/ACR-045/ACR-045.JPG","230606/Traffmonetizer-230208/1.1.3.35/Images/ACR-045/ACR-045_1.JPG","230606/Traffmonetizer-230208/1.1.3.35/Images/ACR-098/ACR-098.JPG"],"guid":"85ea3b88-d12a-4a29-9332-fee2d7f431be_1.1.3.35_1","appID":"Traffmonetizer-230208","dateAdded":"250812","deceptorType":"App","name":"Traffmonetizer","company":"Bytemarket","version":"1.1.3.35","lastKnownStatus":"1.1.3.34;1.1.3.35;1.1.3.37;1.1.3.39;1.3.41","lastKnownDate":"250812","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2025-08-12T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":5,"sortOrder":270},{"violations":{"ACR-043":"All the components of \"Traffmonetizer\" get dropped in a hidden folder immediately after inserting the Token without asking for the user's permission & disclosing its installation path. \n","ACR-048":"The app does not provide any control to cancel the installation process.\nThe app didn't provide control to disable its background process.\n","ACR-007":"The app does not obtain user consent which reduces the consumer's security posture caused by selling the user's traffic and performing monetization.\n","ACR-084":"On closing the app, the \"Traffmonetizer\" process runs in the background, hiding its presence from the consumer.\n\n"},"nonDeceptorViolations":{"ACR-040":" The app drops all its components in the hidden path \"C:\\Users\\User\\AppData\\Roaming\\\".\n","ACR-045":"The app didn't provide control to enable/disable the \"Internet Traffic sharing\" process.\n","ACR-098":"The app needs to provide control to adjust the schedule and rate while the \"Traffmonetizer\" process is running.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Users\\User\\AppData\\Roaming\\traffmonetizer\\app\\Traffmonetizer.exe","companyName":"Bytemarket","productName":"Traffmonetizer","productVersion":"1.0.0","fileVersion":"1.1.3.37","hashMD5":"8c93a5d0dadfb019cf35026abbca8b4f","hashSHA1":"0ea93adf2445635d72d0165b7a7029048b37717f","hashSHA256":"af16910124b244bb3c03d972ecc372cc2480819a12b3ae2274c60423c5434c68","digitalCertThumbprint":"074FBE7C90683AEC4D3FC9E25F857F68F567C1F1","digitalCertIssuer":"SSL.com EV Code Signing Intermediate CA RSA R3","digitalCertIssuedTo":"Bytemarket OÜ","storeId":"","sourceIndex":"794","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"Installer.exe","isInstaller":"True","companyName":"Bytemarket","productName":"Traffmonetizer","productVersion":"1.0.0","fileVersion":"1.1.3.37","hashMD5":"1b521d24cfb43f6562ad4155672e57b9","hashSHA1":"163bd64b162679ec6d4400342beec32636162b9a","hashSHA256":"0e7cbda7db2e3a1ff3b7b82f859648e2569ee4a74ed9893dc26486f8768d01d7","digitalCertThumbprint":"074FBE7C90683AEC4D3FC9E25F857F68F567C1F1","digitalCertIssuer":"SSL.com EV Code Signing Intermediate CA RSA R3","digitalCertIssuedTo":"Bytemarket OÜ","storeId":"","sourceIndex":"794","avBlockList":["360 Total Security (20240808)","Avast Premium Security (20240808)","AVG Internet Security (20240808)","Avira Internet Security (20240808)","Bitdefender Internet Security (20240808)","COMODO Antivirus (20240808)","Dr.Web Security Space (20240808)","ESET Internet Security (20240808)","G DATA INTERNET SECURITY (20240808)","K7 Total Security (20240808)","Kaspersky Internet Security (20240116)","Malwarebytes Premium (20240808)","Norton Security (20240808)","Panda Dome (20240808)","Quick Heal Internet Security (20240808)","Sophos Home Premium (20240808)","SpyHunter5 (20240808)","Total AV Antivirus Pro (20240808)","Trend Micro Internet Security (20240808)","VIPRE Advanced Security (20240808)","VirIT eXplorer PRO (20240808)","Webroot SecureAnywhere (20240808)","Windows Defender (20240808)","FortectPremium (20240808)","KasperskyPremium (20240808)"],"avAllowList":["McAfee Total Protection (20240808)"]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on windows app","reference":"","landingPage":"https://traffmonetizer.com/","directDownloadingLink":"https://data.traffmonetizer.com/downloads/Installer.exe?_gl=1*102cao5*_ga*MTYyNjI3MDU5Ny4xNzAwODA2NDE2*_ga_6SLKSETT5Z*MTcwMDgwOTY1OS4yLjEuMTcwMDgwOTY4MC4zOS4wLjA.","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://data.traffmonetizer.com/downloads/Installer.exe?_gl=1*102cao5*_ga*MTYyNjI3MDU5Ny4xNzAwODA2NDE2*_ga_6SLKSETT5Z*MTcwMDgwOTY1OS4yLjEuMTcwMDgwOTY4MC4zOS4wLjA.","sourceIndex":"794"}],"sampleFiles":["231128/Traffmonetizer-230208/1.1.3.37/Samples/Installer.exe"],"imageFiles":["231128/Traffmonetizer-230208/1.1.3.37/Images/ACR-043/ACR-043.PNG","231128/Traffmonetizer-230208/1.1.3.37/Images/ACR-043/ACR-043_1.PNG","231128/Traffmonetizer-230208/1.1.3.37/Images/ACR-048/ACR-048.PNG","231128/Traffmonetizer-230208/1.1.3.37/Images/ACR-048/ACR-048_1.PNG","231128/Traffmonetizer-230208/1.1.3.37/Images/ACR-007/ACR-007.PNG","231128/Traffmonetizer-230208/1.1.3.37/Images/ACR-084/ACR-084.PNG","231128/Traffmonetizer-230208/1.1.3.37/Images/ACR-048/ACR-048_Software_1.PNG","231128/Traffmonetizer-230208/1.1.3.37/Images/ACR-048/ACR-048_Software.PNG"],"nonDeceptorImageFiles":["231128/Traffmonetizer-230208/1.1.3.37/Images/ACR-040/ACR-040.PNG","231128/Traffmonetizer-230208/1.1.3.37/Images/ACR-045/ACR-045.PNG","231128/Traffmonetizer-230208/1.1.3.37/Images/ACR-045/ACR-045_1.PNG","231128/Traffmonetizer-230208/1.1.3.37/Images/ACR-098/ACR-098.PNG"],"guid":"85ea3b88-d12a-4a29-9332-fee2d7f431be_1.1.3.37_1","appID":"Traffmonetizer-230208","dateAdded":"250812","deceptorType":"App","name":"Traffmonetizer","company":"Bytemarket","version":"1.1.3.37","lastKnownStatus":"1.1.3.34;1.1.3.35;1.1.3.37;1.1.3.39;1.3.41","lastKnownDate":"250812","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2025-08-12T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":5,"sortOrder":269},{"violations":{"ACR-043":"All the components of \"Traffmonetizer\" get dropped in a hidden folder immediately after inserting the Token without asking for the user's permission & disclosing its installation path. \n","ACR-048":"The app does not provide any control to cancel the installation process.\nThe app didn't provide control to disable its background process.\n","ACR-007":"The app does not obtain user consent which reduces the consumer's security posture caused by selling the user's traffic and performing monetization.\n","ACR-084":"On closing the app, the \"Traffmonetizer\" process runs in the background, hiding its presence from the consumer.\n\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components on the device without the consumer's consent or notifying the user.\n"},"nonDeceptorViolations":{"ACR-040":" The app drops all its components in the hidden path \"C:\\Users\\User\\AppData\\Roaming\\\".\n","ACR-045":"The app didn't provide control to enable/disable the \"Internet Traffic sharing\" process.\n","ACR-098":"The app needs to provide control to adjust the schedule and rate while the \"Traffmonetizer\" process is running.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Users\\User\\AppData\\Roaming\\traffmonetizer\\app\\Traffmonetizer.exe","companyName":"Bytemarket","productName":"Traffmonetizer","productVersion":"1.0.0+e438fd51e454af9cedd7d5ce6c01f37bc1e9922d","fileVersion":"1.1.3.39","hashMD5":"76ad5b4c7089405ca32b0e78107f5843","hashSHA1":"59a1130aab90c81dff8f433c25c4e62f9d9740bd","hashSHA256":"8214dd62e85a1eb864a87a044dea384d86ae77bf686acdc26617e4d12181b476","digitalCertThumbprint":"099085AC74642B7A5CAB208622C671B1E723412C","digitalCertIssuer":"SSL.com EV Code Signing Intermediate CA RSA R3","digitalCertIssuedTo":"Bytemarket OÜ","storeId":"","sourceIndex":"588","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"Installer.exe","isInstaller":"True","companyName":"Bytemarket","productName":"Traffmonetizer","productVersion":"1.0.0+e438fd51e454af9cedd7d5ce6c01f37bc1e9922d","fileVersion":"1.1.3.39","hashMD5":"5d35163029a29a28387bd696293ac3b7","hashSHA1":"3775491d5ee3ef728bf3ad703239f8cf99969f95","hashSHA256":"583d04b8bbc236de13ea34e48c8f7ccd0d24e8e4c96e801f3c913277a26ff9e0","digitalCertThumbprint":"099085AC74642B7A5CAB208622C671B1E723412C","digitalCertIssuer":"SSL.com EV Code Signing Intermediate CA RSA R3","digitalCertIssuedTo":"Bytemarket OÜ","storeId":"","sourceIndex":"588","avBlockList":["360 Total Security (20250814)","Avast Premium Security (20250814)","AVG Internet Security (20250814)","Avira Internet Security (20250814)","Bitdefender Internet Security (20250814)","COMODO Antivirus (20250814)","Dr.Web Security Space (20250814)","ESET Internet Security (20250814)","FortectPremium (20250814)","G DATA INTERNET SECURITY (20250814)","K7 Total Security (20250814)","KasperskyPremium (20250814)","Malwarebytes Premium (20250814)","McAfee Total Protection (20250814)","Norton Security (20250814)","Panda Dome (20250814)","Quick Heal Internet Security (20250814)","Sophos Home Premium (20250814)","SpyHunter5 (20250814)","Total AV Antivirus Pro (20250814)","VIPRE Advanced Security (20250814)","VirIT eXplorer PRO (20250814)","Webroot SecureAnywhere (20250814)"],"avAllowList":["Trend Micro Internet Security (20250814)","Windows Defender (20250814)"]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on windows app","reference":"similar app as EarnApp","landingPage":"https://traffmonetizer.com/\t","directDownloadingLink":"https://data.traffmonetizer.com/downloads/Installer.exe?_gl=1*102cao5*_ga*MTYyNjI3MDU5Ny4xNzAwODA2NDE2*_ga_6SLKSETT5Z*MTcwMDgwOTY1OS4yLjEuMTcwMDgwOTY4MC4zOS4wLjA.\t","ipv4":"","ipv6":"","landingPageWildChar":"","directDownloadingLinkWildChar":"https://data.traffmonetizer.com/downloads/Installer.exe?_gl=1*102cao5*_ga*MTYyNjI3MDU5Ny4xNzAwODA2NDE2*_ga_6SLKSETT5Z*MTcwMDgwOTY1OS4yLjEuMTcwMDgwOTY4MC4zOS4wLjA.\t","sourceIndex":"588"}],"sampleFiles":["240722/Traffmonetizer-230208/1.1.3.39/Samples/Installer.exe"],"imageFiles":["240722/Traffmonetizer-230208/1.1.3.39/Images/ACR-043/ACR-043.PNG","240722/Traffmonetizer-230208/1.1.3.39/Images/ACR-043/ACR-043_1.PNG","240722/Traffmonetizer-230208/1.1.3.39/Images/ACR-048/ACR-048_Install.PNG","240722/Traffmonetizer-230208/1.1.3.39/Images/ACR-048/ACR-048_Install_1.PNG","240722/Traffmonetizer-230208/1.1.3.39/Images/ACR-007/ACR-007.PNG","240722/Traffmonetizer-230208/1.1.3.39/Images/ACR-084/ACR-084.PNG","240722/Traffmonetizer-230208/1.1.3.39/Images/ACR-048/ACR-048.PNG","240722/Traffmonetizer-230208/1.1.3.39/Images/ACR-048/ACR-048_1.PNG","240722/Traffmonetizer-230208/1.1.3.39/Images/ACR-118/ACR-118.PNG"],"nonDeceptorImageFiles":["240722/Traffmonetizer-230208/1.1.3.39/Images/ACR-040/ACR-040.PNG","240722/Traffmonetizer-230208/1.1.3.39/Images/ACR-045/ACR-045.PNG","240722/Traffmonetizer-230208/1.1.3.39/Images/ACR-045/ACR-045_1.PNG","240722/Traffmonetizer-230208/1.1.3.39/Images/ACR-098/ACR-098.PNG"],"guid":"85ea3b88-d12a-4a29-9332-fee2d7f431be_1.1.3.39_1","appID":"Traffmonetizer-230208","dateAdded":"250812","deceptorType":"App","name":"Traffmonetizer","company":"Bytemarket","version":"1.1.3.39","lastKnownStatus":"1.1.3.34;1.1.3.35;1.1.3.37;1.1.3.39;1.3.41","lastKnownDate":"250812","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2025-08-12T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":5,"sortOrder":268},{"violations":{"ACR-043":"All the components of \"Traffmonetizer\" get dropped in a hidden folder immediately after inserting the Token without asking for the user's permission & disclosing its installation path. \n","ACR-048":"The app does not provide any control to cancel the installation process.\nThe app didn't provide control to enable/disable the \"Internet Traffic sharing\" process.\n","ACR-007":"The app does not obtain user consent which reduces the consumer's security posture caused by selling the user's traffic and performing monetization.\n","ACR-084":"On closing the app, the \"Traffmonetizer\" process runs in the background, hiding its presence from the consumer.\n\n"},"nonDeceptorViolations":{"ACR-040":" The app drops all its components in the hidden path \"C:\\Users\\User\\AppData\\Roaming\\\".\n"},"samples":[{"isRevoked":"False","fileName":"Installer.exe","isInstaller":"True","companyName":"Bytemarket","productName":"Traffmonetizer","productVersion":"1.0.0+f779392360575e1bd8c43238934b6102605bd231","fileVersion":"1.1.3.41","hashMD5":"115530fd7ec7fcabcd8bd9886e41ed7f","hashSHA1":"257388e112588287a4dea465acdabc25acfcab2e","hashSHA256":"7c794d927194b7fe9a6c0a72f719baff9b6b4559264dfcdd9476dec7f12ab295","digitalCertThumbprint":"099085AC74642B7A5CAB208622C671B1E723412C","digitalCertIssuer":"CN=SSL.com EV Code Signing Intermediate CA RSA R3, O=SSL Corp, L=Houston, S=Texas, C=US","digitalCertIssuedTo":"OID.1.3.6.1.4.1.311.60.2.1.3=EE, OID.2.5.4.15=Private Organization, CN=Bytemarket OÜ, SERIALNUMBER=16363621, O=Bytemarket OÜ, L=Tallinn, S=Harju maakond, C=EE","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"179","avBlockList":["360 Total Security (20251106)","Avast Premium Security (20251106)","AVG Internet Security (20251106)","Avira Internet Security (20251106)","Bitdefender Internet Security (20251106)","Dr.Web Security Space (20251106)","ESET Internet Security (20251106)","FortectPremium (20251106)","G DATA INTERNET SECURITY (20251106)","K7 Total Security (20251106)","KasperskyPremium (20251106)","Malwarebytes Premium (20251106)","McAfee Total Protection (20251106)","Norton Security (20251106)","Panda Dome (20251106)","Quick Heal Internet Security (20251106)","Sophos Home Premium (20251106)","SpyHunter5 (20251106)","Total AV Antivirus Pro (20251106)","VIPRE Advanced Security (20251106)","VirIT eXplorer PRO (20251106)","Webroot SecureAnywhere (20251106)","Windows Defender (20251106)"],"avAllowList":["COMODO Antivirus (20251106)","Trend Micro Internet Security (20251106)"]},{"isRevoked":"False","fileName":"Traffmonetizer.exe","companyName":"Bytemarket","productName":"Traffmonetizer","productVersion":"1.0.0+f779392360575e1bd8c43238934b6102605bd231","fileVersion":"1.1.3.41","hashMD5":"f7e0afc7010467066205b6116db73b96","hashSHA1":"e5e5c446c726f2b1c84c27861e062e8d1d7d5462","hashSHA256":"ea7e2bad4d0d3d7a862ddf1bed0d5e8c3b81021e4e3e1235cdb73005da0a5e7a","digitalCertThumbprint":"099085AC74642B7A5CAB208622C671B1E723412C","digitalCertIssuer":"CN=SSL.com EV Code Signing Intermediate CA RSA R3, O=SSL Corp, L=Houston, S=Texas, C=US","digitalCertIssuedTo":"OID.1.3.6.1.4.1.311.60.2.1.3=EE, OID.2.5.4.15=Private Organization, CN=Bytemarket OÜ, SERIALNUMBER=16363621, O=Bytemarket OÜ, L=Tallinn, S=Harju maakond, C=EE","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"179","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"Uninstall.exe","companyName":"Uninstall","productName":"Uninstall","productVersion":"1.0.0+f779392360575e1bd8c43238934b6102605bd231","fileVersion":"1.0.0.0","hashMD5":"9f1c865b109c7d0f93c1e4095c63a14e","hashSHA1":"620effaa5906a4b299043d7f781e01e3b5644c6a","hashSHA256":"66ecd6a1e2a671262a765be94f3d2fe7da2f11a5cb560d651d57e5ffa2b87fe1","digitalCertThumbprint":"099085AC74642B7A5CAB208622C671B1E723412C","digitalCertIssuer":"CN=SSL.com EV Code Signing Intermediate CA RSA R3, O=SSL Corp, L=Houston, S=Texas, C=US","digitalCertIssuedTo":"OID.1.3.6.1.4.1.311.60.2.1.3=EE, OID.2.5.4.15=Private Organization, CN=Bytemarket OÜ, SERIALNUMBER=16363621, O=Bytemarket OÜ, L=Tallinn, S=Harju maakond, C=EE","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"179","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"System resource borrowing","reference":"similar app as EarnApp","landingPage":"https://traffmonetizer.com/downloads/","ipv4":"","ipv6":"","sourceIndex":"179"}],"sampleFiles":["250812/Traffmonetizer-230208/1.1.3.41/Samples/Installer.exe","250812/Traffmonetizer-230208/1.1.3.41/Samples/Traffmonetizer.exe"],"imageFiles":["250812/Traffmonetizer-230208/1.1.3.41/Images/ACR-043/ACR-043.PNG","250812/Traffmonetizer-230208/1.1.3.41/Images/ACR-043/ACR-043_Install_1.png","250812/Traffmonetizer-230208/1.1.3.41/Images/ACR-048/ACR-048_Install.PNG","250812/Traffmonetizer-230208/1.1.3.41/Images/ACR-007/ACR-007_Install_2.png","250812/Traffmonetizer-230208/1.1.3.41/Images/ACR-084/ACR-084.PNG","250812/Traffmonetizer-230208/1.1.3.41/Images/ACR-048/ACR-048_Software_1.png"],"nonDeceptorImageFiles":["250812/Traffmonetizer-230208/1.1.3.41/Images/ACR-040/ACR-040_Install_1.png"],"guid":"85ea3b88-d12a-4a29-9332-fee2d7f431be_1.1.3.41_1","appID":"Traffmonetizer-230208","dateAdded":"250812","deceptorType":"App","name":"Traffmonetizer","company":"Bytemarket","version":"1.1.3.41","lastKnownStatus":"1.1.3.34;1.1.3.35;1.1.3.37;1.1.3.39;1.3.41","lastKnownDate":"250812","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2025-08-12T21:17:49.5315177+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":5,"sortOrder":267},{"violations":{"ACR-042":"The components get installed in one-click, without presenting EULA and obtaining the user's permission.\n","ACR-048":"The app does not provide control to enable/disable the created startup item within the app's settings.\n","ACR-007":"The app does not obtain user explicit consent to reduce the consumer's security posture caused by resource sharing.\n","ACR-084":"The app creates undisclosed startup item without the consumer's knowledge and consent.\n"},"nonDeceptorViolations":{"ACR-040":"The app installs itself under %Appdata%\\Local\\ by default, which is a hidden folder and was not disclosed.\n"},"samples":[{"isRevoked":"False","fileName":"LoadTeam.exe","productName":"LoadTeam","productVersion":"4.2.0.0","fileVersion":"4.2.0.0","hashMD5":"d8c863b2cc2442b978f9224ddb2f612e","hashSHA1":"5e443ec10b12d70e5897e837beb5c7c6aeb062f5","hashSHA256":"cf53b341aaf70f5fd3c418bed74ffeb5dfde422a02ea00103678e1e347870f39","digitalCertThumbprint":"81E477F74F07450273ADBAAF15477B124D16865A","digitalCertIssuer":"CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O=\"GoDaddy.com, Inc.\", L=Scottsdale, S=Arizona, C=US","digitalCertIssuedTo":"CN=LoadTeam, O=LoadTeam, L=Thorndon, S=Wellington, C=NZ","sourceIndex":"180","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"LoadTeamSetup.exe","isInstaller":"True","productName":"LoadTeam","productVersion":"3.0.111.0","fileVersion":" 3.0.111.0","hashMD5":"55db07e30b619f2089f88ad3f3b3c7cf","hashSHA1":"1f4a7ba9521fc58685f753430238047aa99de1a9","hashSHA256":"a63f22101a4c8c1f65c2f7ac17363db7d417b231da4ac9bcf6fae955e043d736","digitalCertThumbprint":"81E477F74F07450273ADBAAF15477B124D16865A","digitalCertIssuer":"CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O=\"GoDaddy.com, Inc.\", L=Scottsdale, S=Arizona, C=US","digitalCertIssuedTo":"CN=LoadTeam, O=LoadTeam, L=Thorndon, S=Wellington, C=NZ","sourceIndex":"180","avBlockList":["Avast Premium Security (20251106)","AVG Internet Security (20251106)","Avira Internet Security (20251106)","Bitdefender Internet Security (20251106)","Dr.Web Security Space (20251106)","ESET Internet Security (20251106)","FortectPremium (20251106)","G DATA INTERNET SECURITY (20251106)","K7 Total Security (20251106)","KasperskyPremium (20251106)","Malwarebytes Premium (20251106)","McAfee Total Protection (20251106)","Norton Security (20251106)","Panda Dome (20251106)","Quick Heal Internet Security (20251106)","Sophos Home Premium (20251106)","SpyHunter5 (20251106)","Total AV Antivirus Pro (20251106)","Trend Micro Internet Security (20251106)","VIPRE Advanced Security (20251106)","VirIT eXplorer PRO (20251106)","Webroot SecureAnywhere (20251106)","Windows Defender (20251106)"],"avAllowList":["360 Total Security (20251106)","COMODO Antivirus (20251106)"]},{"isRevoked":"False","fileName":"LoadTeam_231016.exe","isInstaller":"True","fileVersion":"4.0","hashMD5":"17a77f91c6ca39ff33d3d9eed2de24b6","hashSHA1":"9896f070469b3d9d02c9b9532c698d7b649c7bf2","hashSHA256":"c5ff536eb51b5e14f6d6b332eef01a968584a104b9e92a7d2a9371c5ec1cbd49","digitalCertThumbprint":"81E477F74F07450273ADBAAF15477B124D16865A","digitalCertIssuer":"CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O=\"GoDaddy.com, Inc.\", L=Scottsdale, S=Arizona, C=US","digitalCertIssuedTo":"CN=LoadTeam, O=LoadTeam, L=Thorndon, S=Wellington, C=NZ","sourceIndex":"180","avBlockList":["360 Total Security (20251030)","Avast Premium Security (20251030)","AVG Internet Security (20251030)","Avira Internet Security (20251030)","Bitdefender Internet Security (20251030)","Dr.Web Security Space (20251030)","ESET Internet Security (20251030)","FortectPremium (20251030)","G DATA INTERNET SECURITY (20251030)","K7 Total Security (20251030)","KasperskyPremium (20251030)","Malwarebytes Premium (20251030)","McAfee Total Protection (20251030)","Norton Security (20251030)","Panda Dome (20251030)","Quick Heal Internet Security (20251030)","Sophos Home Premium (20251030)","SpyHunter5 (20251030)","Total AV Antivirus Pro (20251030)","Trend Micro Internet Security (20251030)","VIPRE Advanced Security (20251030)","VirIT eXplorer PRO (20251030)","Webroot SecureAnywhere (20251030)","Windows Defender (20251030)"],"avAllowList":["COMODO Antivirus (20251030)"]},{"isRevoked":"False","fileName":"LoadTeam%20-%20Copy.exe","companyName":"LoadTeam","productName":"LoadTeam.WindowsClient","productVersion":"4.2.0.0","fileVersion":"4.2.0.0","hashMD5":"148cef6ea04ddaa54b0fa4cc476189d1","hashSHA1":"b2839658826c6488b01bb3f2763832d7c8ab4c20","hashSHA256":"597fe42d48b08231648a36f94561b69ea5d704ac1c4b5b7dec6998024ced914f","digitalCertThumbprint":"81E477F74F07450273ADBAAF15477B124D16865A","digitalCertIssuer":"CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O=\"GoDaddy.com, Inc.\", L=Scottsdale, S=Arizona, C=US","digitalCertIssuedTo":"CN=LoadTeam, O=LoadTeam, L=Thorndon, S=Wellington, C=NZ","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"180","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"bandwidth sharing app for windows","reference":"","landingPage":"https://www.loadteam.com","directDownloadingLink":"https://www.loadteam.com/download/LoadTeamSetup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.loadteam.com/download/LoadTeamSetup.exe","sourceIndex":"180"}],"sampleFiles":["250811/LoadTeam-230308/4.2.0.0/Samples/LoadTeam.exe","250811/LoadTeam-230308/4.2.0.0/Samples/LoadTeamSetup.exe","250811/LoadTeam-230308/4.2.0.0/Samples/LoadTeam_231016.exe","250811/LoadTeam-230308/4.2.0.0/Samples/LoadTeam%20-%20Copy.exe"],"imageFiles":["250811/LoadTeam-230308/4.2.0.0/Images/ACR-042/ACR-042_Installation.gif","250811/LoadTeam-230308/4.2.0.0/Images/ACR-007/LoadTeam_.jpg","250811/LoadTeam-230308/4.2.0.0/Images/ACR-084/ACR-048_084_Startup.jpg","250811/LoadTeam-230308/4.2.0.0/Images/ACR-048/ACR-048_084_Startup.jpg"],"nonDeceptorImageFiles":["250811/LoadTeam-230308/4.2.0.0/Images/ACR-040/ACR-040_HiddenFolder.jpg"],"guid":"c0e30a1c-4659-4027-953e-60f7f24db797_4.2.0.0_1","appID":"LoadTeam-230308","dateAdded":"250811","deceptorType":"App","name":"LoadTeam","company":"LoadTeam Ltd.","version":"4.2.0.0","lastKnownStatus":"4.2.0.0","lastKnownDate":"250811","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 8,Windows 10,Windows 7","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"mining","lastUpdate":"2025-08-11T22:05:08.7076066+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":272},{"violations":{"ACR-048":"The app does not provide any control to enable/disable sharing network connection in software.\n","ACR-007":"During installation application doesn't disclose the potential risks related with sharing network resource (IP/Bandwidth), doesn't disclose how application team manage the potential risks, and obtain user's explicit consent for borrowing network resource.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"Honeygain_1.5.1.dmg","isInstaller":"True","hashMD5":"665bd7a8220f3ed475a52b4d2514af5f","hashSHA1":"a6eb651eaf8061acdc89c13039398d239faff5a7","hashSHA256":"859bbbbe09b2907f522db33651e8528af170df6ffc0d3484ed06e099d5cb5b8a","sourceIndex":"136","avBlockList":["Avast Security for Mac (20251014)","Avira Security for Mac (20251014)","ESET Cyber Security Pro for Mac (20251014)","McAfee Internet Security for Mac (20251014)","Norton Security for Mac (20251014)","Sophos Home Premium For Mac (20251014)","SpyHunterforMac (20251014)","Trend Micro Antivirus for Mac (20251014)"],"avAllowList":["Bitdefender Antivirus for Mac (20251014)","G DATA AntiVirus for Mac (20251014)","K7 Antivirus for Mac (20251014)","Kaspersky Internet Security for Mac (20251014)"]},{"isRevoked":"False","fileName":"Honeygain","fileVersion":"10.15.0","hashMD5":"655f254da3d593da2da3c1312bca4926","hashSHA1":"e4ba47c041661b08ca9c2cf37f275ca63c70546d","hashSHA256":"1f70a26ffb492171d2e37a7396a9aafbf7c1c75f209e039b19eaf3f256b53e4c","sourceIndex":"136","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Proxyware","reference":"","landingPage":"https://www.honeygain.com/","ipv4":"","ipv6":"","sourceIndex":"136"}],"sampleFiles":["250808/HoneyGain-250808/1.5.1/Samples/Honeygain_1.5.1.dmg"],"imageFiles":["250808/HoneyGain-250808/1.5.1/Images/ACR-007/ACR-007_Install_1.png","250808/HoneyGain-250808/1.5.1/Images/ACR-048/ACR-048_Software_1.png"],"nonDeceptorImageFiles":[],"guid":"9155068b-ce3f-491b-b90c-c2f58cddcc1b_1.5.1_1","appID":"HoneyGain-250808","dateAdded":"250808","deceptorType":"MacOS App","name":"HoneyGain","company":"HoneyGain","version":"1.5.1","firstVendorContactDate":"251007","firstAppEsteemReplyDate":"251008","firstResolvedDate":"260114","firstResolvedVersion":"1.5.3_n","resolved":"TRUE","lastKnownDate":"250808","type":"MacOS App","category":"Personalization & Search, Business Developer Tools","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"net proxy","lastUpdate":"2026-01-14T22:39:16.7971585+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":273},{"violations":{"ACR-007":"During installation application doesn't disclose the potential risks related with sharing network resource (IP/Bandwidth), doesn't disclose how application team manage the potential risks, and obtain user's explicit consent for borrowing network resource.\n","ACR-084":"1. Application creates auto start up when windows starts entry without disclosing it to user during installation.\n2. Application doesn't notify user when it is close to systray and continues running (sharing network resource is active) in background\n3. Application doesn't have control option both in application setting or menu from minimized icon in systray for user to disable sharing immediately \n"},"nonDeceptorViolations":{"ACR-007":"Application landing page doesn't disclose the potential risks related with sharing network resource (IP/Bandwidth), doesn't disclose how application team manage the potential risks.\n"},"samples":[{"isRevoked":"False","fileName":"packetshare_win_2.0.7_32.exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"fefac12138d1dc5f8537d435aa21f8ff","hashSHA1":"49b0d325ca54556106f223fc4c87dae5c3d603d9","hashSHA256":"be96bf9cb6fc15b07abe0fd5e1473be76a5968dca78889f4cd379d457d900390","digitalCertThumbprint":"7FC4A6FB97D06A48B8BB115E97D6635E979DA85D","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=DATALABS LIMITED, O=DATALABS LIMITED, L=WAN CHAI, C=HK, SERIALNUMBER=3222394, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=HK","sourceIndex":"215","avBlockList":["360 Total Security (20250605)","Avast Premium Security (20250605)","AVG Internet Security (20250605)","Avira Internet Security (20250605)","COMODO Antivirus (20250605)","Dr.Web Security Space (20250605)","ESET Internet Security (20250605)","FortectPremium (20250605)","G DATA INTERNET SECURITY (20250605)","K7 Total Security (20250605)","KasperskyPremium (20250605)","Malwarebytes Premium (20250605)","McAfee Total Protection (20250605)","Norton Security (20250605)","Panda Dome (20250605)","Quick Heal Internet Security (20250605)","Sophos Home Premium (20250605)","SpyHunter5 (20250605)","Total AV Antivirus Pro (20250605)","VirIT eXplorer PRO (20250605)","Webroot SecureAnywhere (20250605)","Windows Defender (20250605)"],"avAllowList":["Bitdefender Internet Security (20250605)","Trend Micro Internet Security (20250605)","VIPRE Advanced Security (20250605)"]},{"isRevoked":"False","fileName":"PacketShare.exe","fileVersion":"0.0","hashMD5":"618737b2a90a1849b9378cb579a5f815","hashSHA1":"0e4d8346ca6e7798398b53a946a24ccc81ee070d","hashSHA256":"2ffd383ea4ebce2c5587048252a07f8ea8d468e24a57de661b75d9f648587ff4","digitalCertThumbprint":"7FC4A6FB97D06A48B8BB115E97D6635E979DA85D","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=DATALABS LIMITED, O=DATALABS LIMITED, L=WAN CHAI, C=HK, SERIALNUMBER=3222394, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=HK","sourceIndex":"215","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"sharing","reference":"","landingPage":"https://www.packetshare.io/","directDownloadingLink":"https://www.packetshare.io/download.html","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.packetshare.io/download.html","sourceIndex":"215"}],"sampleFiles":["250506/Packetshare-250211/2.0.7/Samples/packetshare_win_2.0.7_32.exe"],"imageFiles":["250506/Packetshare-250211/2.0.7/Images/ACR-007/Screenshot 2025-05-06 at 3.21.12 PM.png","250506/Packetshare-250211/2.0.7/Images/ACR-084/Screenshot 2025-05-06 at 3.23.42 PM.png"],"nonDeceptorImageFiles":["250506/Packetshare-250211/2.0.7/Images/ACR-007/website.png"],"guid":"206ecd2e-f23d-41f2-b969-106948fe825c_2.0.7_1","appID":"Packetshare-250211","dateAdded":"250807","deceptorType":"App","name":"Packetshare","company":"DATALABS LIMITED","version":"2.0.7","lastKnownStatus":"2.0.3;2.0.5.30;2.0.6;2.0.7;2.0.9;2.1.0","lastKnownDate":"250807","type":"Windows Executable","category":"Productivity, Business Developer Tools","targetOS":"Windows 7,Windows 8,Windows 10,Windows 11","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"net proxy","lastUpdate":"2025-08-07T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":6,"sortOrder":276},{"violations":{"ACR-007":"During installation application doesn't disclose the potential risks related with sharing network resource (IP/Bandwidth), doesn't disclose how application team manage the potential risks, and obtain user's explicit consent for borrowing network resource.\n","ACR-084":"1. Application creates auto start up when windows starts entry without disclosing it to user during installation.\n2. Application doesn't notify user when it is close to systray and continues running (sharing network resource is active) in background\n3. Application doesn't have control option both in application setting or menu from minimized icon in systray for user to disable sharing immediately \n"},"nonDeceptorViolations":{"ACR-007":"Application landing page doesn't disclose the potential risks related with sharing network resource (IP/Bandwidth), doesn't disclose how application team manage the potential risks.\n"},"samples":[{"isRevoked":"False","fileName":"packetshare_win_2.0.6_31.exe","isInstaller":"True","companyName":"DATALABS LIMITED                                            ","fileVersion":"0.0","hashMD5":"741344e41e1a4011341e9b85cbc54f16","hashSHA1":"5a9132271eb06f99985d0c613d78f7d707dd5cf4","hashSHA256":"6856760a154d9e8a5dcecae6a9f64063e7631d308ea30fdb5d00ccb3fe244ac6","digitalCertThumbprint":"7FC4A6FB97D06A48B8BB115E97D6635E979DA85D","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=DATALABS LIMITED, O=DATALABS LIMITED, L=WAN CHAI, C=HK, SERIALNUMBER=3222394, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=HK","sourceIndex":"225","avBlockList":["360 Total Security (20250501)","Avast Premium Security (20250501)","AVG Internet Security (20250501)","Avira Internet Security (20250501)","Bitdefender Internet Security (20250501)","COMODO Antivirus (20250501)","ESET Internet Security (20250501)","FortectPremium (20250501)","G DATA INTERNET SECURITY (20250501)","K7 Total Security (20250501)","KasperskyPremium (20250501)","Malwarebytes Premium (20250501)","McAfee Total Protection (20250501)","Norton Security (20250501)","Panda Dome (20250501)","Sophos Home Premium (20250501)","SpyHunter5 (20250501)","Total AV Antivirus Pro (20250501)","VIPRE Advanced Security (20250501)","VirIT eXplorer PRO (20250501)","Webroot SecureAnywhere (20250501)","Windows Defender (20250501)"],"avAllowList":["Dr.Web Security Space (20250501)","Quick Heal Internet Security (20250501)","Trend Micro Internet Security (20250501)"]},{"isRevoked":"False","fileName":"PacketShare.exe","fileVersion":"0.0","hashMD5":"fe164cb39af3d4b5ea96ae31b0f940e4","hashSHA1":"e38b73a649515b2b88fd1fb271451b282b7a89e1","hashSHA256":"88a4ceec55f44cfae70c26426248008fc5994ee11149af12fb524d89997f40b5","digitalCertThumbprint":"7FC4A6FB97D06A48B8BB115E97D6635E979DA85D","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=DATALABS LIMITED, O=DATALABS LIMITED, L=WAN CHAI, C=HK, SERIALNUMBER=3222394, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=HK","sourceIndex":"225","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"sharing","reference":"","landingPage":"https://www.packetshare.io/","directDownloadingLink":"https://www.packetshare.io/files/packetshare_win_2.0.6_31.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.packetshare.io/files/packetshare_win_2.0.6_31.exe","sourceIndex":"225"}],"sampleFiles":["250416/Packetshare-250211/2.0.6/Samples/packetshare_win_2.0.6_31.exe","250416/Packetshare-250211/2.0.6/Samples/PacketShare.exe"],"imageFiles":["250416/Packetshare-250211/2.0.6/Images/ACR-007/Install.png","250416/Packetshare-250211/2.0.6/Images/ACR-084/options.png","250416/Packetshare-250211/2.0.6/Images/ACR-084/Startup.png","250416/Packetshare-250211/2.0.6/Images/ACR-084/systray.png"],"nonDeceptorImageFiles":["250416/Packetshare-250211/2.0.6/Images/ACR-007/website.png"],"guid":"206ecd2e-f23d-41f2-b969-106948fe825c_2.0.6_1","appID":"Packetshare-250211","dateAdded":"250807","deceptorType":"App","name":"Packetshare","company":"DATALABS LIMITED","version":"2.0.6","lastKnownStatus":"2.0.3;2.0.5.30;2.0.6;2.0.7;2.0.9;2.1.0","lastKnownDate":"250807","type":"Windows Executable","category":"Productivity, Business Developer Tools","targetOS":"Windows 7,Windows 8,Windows 10,Windows 11","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"net proxy","lastUpdate":"2025-08-07T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":6,"sortOrder":277},{"violations":{"ACR-007":"During installation application doesn't disclose the potential risks related with sharing network resource (IP/Bandwidth), doesn't disclose how application team manage the potential risks, and obtain user's explicit consent for borrowing network resource.\n","ACR-084":"1. Application creates auto start up when windows starts entry without disclosing it to user during installation.\n2. Application doesn't notify user when it is close to systray and continues running (sharing network resource is active) in background\n3. Application doesn't have control option both in application setting or menu from minimized icon in systray for user to disable sharing immediately \n"},"nonDeceptorViolations":{"ACR-007":"Application landing page doesn't disclose the potential risks related with sharing network resource (IP/Bandwidth), doesn't disclose how application team manage the potential risks.\n"},"samples":[{"isRevoked":"False","fileName":"packetshare_win_2.0.9_34.exe","isInstaller":"True","productName":"PacketShare","productVersion":"2.0.9","fileVersion":"0.0","hashMD5":"d1a2c8a9d96102a65017798963efede5","hashSHA1":"cd46c6e44e5d5a3840ae5b6fc049c9294884930a","hashSHA256":"7aa27284df112868016f9320b434b54cd918aa9d679f0ff964f277b080382808","digitalCertThumbprint":"7FC4A6FB97D06A48B8BB115E97D6635E979DA85D","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=DATALABS LIMITED, O=DATALABS LIMITED, L=WAN CHAI, C=HK, SERIALNUMBER=3222394, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=HK","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"192","avBlockList":["360 Total Security (20250731)","Avast Premium Security (20250731)","AVG Internet Security (20250731)","Avira Internet Security (20250731)","Bitdefender Internet Security (20250731)","COMODO Antivirus (20250731)","Dr.Web Security Space (20250731)","ESET Internet Security (20250731)","FortectPremium (20250731)","G DATA INTERNET SECURITY (20250731)","K7 Total Security (20250731)","KasperskyPremium (20250731)","Malwarebytes Premium (20250731)","McAfee Total Protection (20250731)","Norton Security (20250731)","Panda Dome (20250731)","Quick Heal Internet Security (20250731)","Sophos Home Premium (20250731)","SpyHunter5 (20250731)","Total AV Antivirus Pro (20250731)","VIPRE Advanced Security (20250731)","VirIT eXplorer PRO (20250731)","Webroot SecureAnywhere (20250731)"],"avAllowList":["Trend Micro Internet Security (20250731)","Windows Defender (20250731)"]},{"isRevoked":"False","fileName":"PacketShare.exe","productName":"PacketShare","productVersion":"0.0.0.0","fileVersion":"0.0","hashMD5":"24f11d31cd976fc02c339aa13dc4527a","hashSHA1":"847e90ce17f5b2e4f589bdbf9df7de4f35ca7d8a","hashSHA256":"f5af7d541192f3347bf31d0611369ef7b21d09c79345fbda32608ca1aa373cce","digitalCertThumbprint":"7FC4A6FB97D06A48B8BB115E97D6635E979DA85D","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=DATALABS LIMITED, O=DATALABS LIMITED, L=WAN CHAI, C=HK, SERIALNUMBER=3222394, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=HK","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"192","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"sharing","reference":"","landingPage":"https://www.packetshare.io/","directDownloadingLink":"https://www.packetshare.io/files/packetshare_win_2.0.3_28.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.packetshare.io/files/packetshare_win_2.0.3_28.exe","sourceIndex":"192"}],"sampleFiles":["250613/Packetshare-250211/2.0.9/Samples/packetshare_win_2.0.9_34.exe"],"imageFiles":["250613/Packetshare-250211/2.0.9/Images/ACR-007/Screenshot 2025-05-06 at 3.21.12 PM.png","250613/Packetshare-250211/2.0.9/Images/ACR-084/Screenshot 2025-06-13 at 3.49.20 PM.png"],"nonDeceptorImageFiles":["250613/Packetshare-250211/2.0.9/Images/ACR-007/website.png"],"guid":"206ecd2e-f23d-41f2-b969-106948fe825c_2.0.9_1","appID":"Packetshare-250211","dateAdded":"250807","deceptorType":"App","name":"Packetshare","company":"DATALABS LIMITED","version":"2.0.9","lastKnownStatus":"2.0.3;2.0.5.30;2.0.6;2.0.7;2.0.9;2.1.0","lastKnownDate":"250807","type":"Windows Executable","category":"Productivity, Business Developer Tools","targetOS":"Windows 7,Windows 8,Windows 10,Windows 11","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"net proxy","lastUpdate":"2025-08-07T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":6,"sortOrder":275},{"violations":{"ACR-007":"During installation application doesn't disclose the potential risks related with sharing network resource (IP/Bandwidth), doesn't disclose how application team manage the potential risks, and obtain user's explicit consent for borrowing network resource.\n","ACR-084":"1. Application creates auto start up when windows starts entry without disclosing it to user during installation.\n2. Application doesn't notify user when it is close to systray and continues running (sharing network resource is active) in background\n3. Application doesn't have control option both in application setting or menu from minimized icon in systray for user to disable sharing immediately \n"},"nonDeceptorViolations":{"ACR-007":"Application landing page doesn't disclose the potential risks related with sharing network resource (IP/Bandwidth), doesn't disclose how application team manage the potential risks.\n"},"samples":[{"isRevoked":"False","fileName":"packetshare_win_2.0.3_28.exe","isInstaller":"True","companyName":"DATALABS LIMITED                                            ","fileVersion":"0.0","hashMD5":"e5b757a957c6775aa236e8bff1f474e0","hashSHA1":"cf35a3ba83d89b3b8caf9acefbabd3b6ae3ac354","hashSHA256":"0f473a36a124344893534ebf630f49446fb852a043abde4f5b70cf42d3753a29","digitalCertThumbprint":"7FC4A6FB97D06A48B8BB115E97D6635E979DA85D","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=DATALABS LIMITED, O=DATALABS LIMITED, L=WAN CHAI, C=HK, SERIALNUMBER=3222394, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=HK","sourceIndex":"238","avBlockList":["360 Total Security (20250403)","Avast Premium Security (20250403)","AVG Internet Security (20250403)","Avira Internet Security (20250403)","Bitdefender Internet Security (20250403)","COMODO Antivirus (20250403)","Dr.Web Security Space (20250403)","ESET Internet Security (20250403)","FortectPremium (20250403)","G DATA INTERNET SECURITY (20250403)","K7 Total Security (20250403)","KasperskyPremium (20250403)","Malwarebytes Premium (20250403)","McAfee Total Protection (20250403)","Norton Security (20250403)","Panda Dome (20250403)","Quick Heal Internet Security (20250403)","Sophos Home Premium (20250403)","SpyHunter5 (20250403)","Total AV Antivirus Pro (20250403)","VIPRE Advanced Security (20250403)","VirIT eXplorer PRO (20250403)","Webroot SecureAnywhere (20250403)","Windows Defender (20250403)"],"avAllowList":["Trend Micro Internet Security (20250403)"]},{"isRevoked":"False","fileName":"PacketShare.exe","fileVersion":"0.0","hashMD5":"612ea2ca8bb560efb597854db6eea4fb","hashSHA1":"7a664e074c77af0cbafa7bfb9549554f8957d0fb","hashSHA256":"442c07de96e64bca81c8bdaf7d72c407199fb5622090813abcdd43dcbf7175ab","digitalCertThumbprint":"7FC4A6FB97D06A48B8BB115E97D6635E979DA85D","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=DATALABS LIMITED, O=DATALABS LIMITED, L=WAN CHAI, C=HK, SERIALNUMBER=3222394, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=HK","sourceIndex":"238","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"sharing","reference":"","landingPage":"https://www.packetshare.io/","directDownloadingLink":"https://www.packetshare.io/files/packetshare_win_2.0.3_28.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.packetshare.io/files/packetshare_win_2.0.3_28.exe","sourceIndex":"238"}],"sampleFiles":["250226/Packetshare-250211/2.0.3/Samples/packetshare_win_2.0.3_28.exe"],"imageFiles":["250226/Packetshare-250211/2.0.3/Images/ACR-007/ACR-007_Install_1.png","250226/Packetshare-250211/2.0.3/Images/ACR-084/ACR-084_Software_1.png","250226/Packetshare-250211/2.0.3/Images/ACR-084/ACR-084_Software_2.png"],"nonDeceptorImageFiles":["250226/Packetshare-250211/2.0.3/Images/ACR-007/ACR-007_Landing page_1.png"],"guid":"206ecd2e-f23d-41f2-b969-106948fe825c_2.0.3_1","appID":"Packetshare-250211","dateAdded":"250807","deceptorType":"App","name":"Packetshare","company":"DATALABS LIMITED","version":"2.0.3","lastKnownStatus":"2.0.3;2.0.5.30;2.0.6;2.0.7;2.0.9;2.1.0","lastKnownDate":"250807","type":"Windows Executable","category":"Productivity, Business Developer Tools","targetOS":"Windows 7,Windows 8,Windows 10,Windows 11","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"net proxy","lastUpdate":"2025-08-07T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":6,"sortOrder":279},{"violations":{"ACR-007":"During installation application doesn't disclose the potential risks related with sharing network resource (IP/Bandwidth), doesn't disclose how application team manage the potential risks, and obtain user's explicit consent for borrowing network resource.\n","ACR-084":"1. Application creates auto start up when windows starts entry without disclosing it to user during installation.\n2. Application doesn't notify user when it is close to systray and continues running (sharing network resource is active) in background\n3. Application doesn't have control option both in application setting or menu from minimized icon in systray for user to disable sharing immediately \n"},"nonDeceptorViolations":{"ACR-007":"Application landing page doesn't disclose the potential risks related with sharing network resource (IP/Bandwidth), doesn't disclose how application team manage the potential risks.\n"},"samples":[{"isRevoked":"False","fileName":"packetshare_win_2.1.0_35.exe","isInstaller":"True","productName":"PacketShare","productVersion":"2.1.0","hashMD5":"7274794cc656c10dec766c3dc469dd9c","hashSHA1":"be0296e1e6c68b04d9489ef5299eaf955cafcd5f","hashSHA256":"14bcce074e9d369a225ccc5fc107567557d84fc0d6ec41ea8ff76524327d1820","digitalCertThumbprint":"7FC4A6FB97D06A48B8BB115E97D6635E979DA85D","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=DATALABS LIMITED, O=DATALABS LIMITED, L=WAN CHAI, C=HK, SERIALNUMBER=3222394, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=HK","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"181","avBlockList":["360 Total Security (20251028)","Avast Premium Security (20251028)","AVG Internet Security (20251028)","Avira Internet Security (20251028)","Bitdefender Internet Security (20251028)","COMODO Antivirus (20251028)","ESET Internet Security (20251028)","FortectPremium (20251028)","G DATA INTERNET SECURITY (20251028)","K7 Total Security (20251028)","KasperskyPremium (20251028)","Malwarebytes Premium (20251028)","McAfee Total Protection (20251028)","Norton Security (20251028)","Panda Dome (20251028)","Quick Heal Internet Security (20251028)","Sophos Home Premium (20251028)","SpyHunter5 (20251028)","Total AV Antivirus Pro (20251028)","VIPRE Advanced Security (20251028)","VirIT eXplorer PRO (20251028)","Webroot SecureAnywhere (20251028)"],"avAllowList":["Dr.Web Security Space (20251028)","Trend Micro Internet Security (20251028)","Windows Defender (20251028)"]},{"isRevoked":"False","fileName":"PacketShare.exe","hashMD5":"7f43c77d1ae05e9c37705405e361c3e5","hashSHA1":"cb21323ef4d25c023762e03b0c234768fee0b978","hashSHA256":"c321490f13a3fd221fcb08104dcadf3442c1e7a742d9c23e47cac14e8ad0200b","digitalCertThumbprint":"7FC4A6FB97D06A48B8BB115E97D6635E979DA85D","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=DATALABS LIMITED, O=DATALABS LIMITED, L=WAN CHAI, C=HK, SERIALNUMBER=3222394, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=HK","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"181","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"sharing","reference":"","landingPage":"https://www.packetshare.io/","directDownloadingLink":"https://www.packetshare.io/file/windows/packetshare_win_2.1.0_35.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.packetshare.io/file/windows/packetshare_win_2.1.0_35.exe","sourceIndex":"181"}],"sampleFiles":["250807/Packetshare-250211/2.1.0/Samples/packetshare_win_2.1.0_35.exe"],"imageFiles":["250807/Packetshare-250211/2.1.0/Images/ACR-007/ACR-007_Install_1.png","250807/Packetshare-250211/2.1.0/Images/ACR-084/ACR-084_Software_1.png","250807/Packetshare-250211/2.1.0/Images/ACR-084/ACR-084_Software_2.png","250807/Packetshare-250211/2.1.0/Images/ACR-084/ACR-084_Software_3.png"],"nonDeceptorImageFiles":["250807/Packetshare-250211/2.1.0/Images/ACR-007/ACR-007_Landing page_1.png"],"guid":"206ecd2e-f23d-41f2-b969-106948fe825c_2.1.0_1","appID":"Packetshare-250211","dateAdded":"250807","deceptorType":"App","name":"Packetshare","company":"DATALABS LIMITED","version":"2.1.0","lastKnownStatus":"2.0.3;2.0.5.30;2.0.6;2.0.7;2.0.9;2.1.0","lastKnownDate":"250807","type":"Windows Executable","category":"Productivity, Business Developer Tools","targetOS":"Windows 7,Windows 8,Windows 10,Windows 11","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"net proxy","lastUpdate":"2025-08-07T21:37:17.811481+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":6,"sortOrder":274},{"violations":{"ACR-007":"During installation application doesn't disclose the potential risks related with sharing network resource (IP/Bandwidth), doesn't disclose how application team manage the potential risks, and obtain user's explicit consent for borrowing network resource.\n","ACR-084":"1. Application creates auto start up when windows starts entry without disclosing it to user during installation.\n2. Application doesn't notify user when it is close to systray and continues running (sharing network resource is active) in background\n3. Application doesn't have control option both in application setting or menu from minimized icon in systray for user to disable sharing immediately \n"},"nonDeceptorViolations":{"ACR-007":"Application landing page doesn't disclose the potential risks related with sharing network resource (IP/Bandwidth), doesn't disclose how application team manage the potential risks.\n"},"samples":[{"isRevoked":"False","fileName":"packetshare_win_2.0.5_30.exe","isInstaller":"True","companyName":"DATALABS LIMITED                                            ","fileVersion":"0.0","hashMD5":"c33271be3ef69b2266b852e64383229c","hashSHA1":"6693526526d326e7b14bbb71c21ea32f0dfa11ea","hashSHA256":"afad6abb7f3f088b28b00f011c96f8d9a05e35243d579f515ea156052584dc5a","digitalCertThumbprint":"7FC4A6FB97D06A48B8BB115E97D6635E979DA85D","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=DATALABS LIMITED, O=DATALABS LIMITED, L=WAN CHAI, C=HK, SERIALNUMBER=3222394, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=HK","sourceIndex":"232","avBlockList":["360 Total Security (20250410)","Avast Premium Security (20250410)","AVG Internet Security (20250410)","Avira Internet Security (20250410)","COMODO Antivirus (20250410)","Dr.Web Security Space (20250410)","FortectPremium (20250410)","G DATA INTERNET SECURITY (20250410)","K7 Total Security (20250410)","KasperskyPremium (20250410)","Malwarebytes Premium (20250410)","McAfee Total Protection (20250410)","Norton Security (20250410)","Panda Dome (20250410)","Quick Heal Internet Security (20250410)","Sophos Home Premium (20250410)","SpyHunter5 (20250410)","Total AV Antivirus Pro (20250410)","VirIT eXplorer PRO (20250410)","Webroot SecureAnywhere (20250410)"],"avAllowList":["Bitdefender Internet Security (20250410)","ESET Internet Security (20250410)","Trend Micro Internet Security (20250410)","VIPRE Advanced Security (20250410)","Windows Defender (20250410)"]},{"isRevoked":"False","fileName":"PacketShare.exe","fileVersion":"0.0","hashMD5":"72e4cc690e3372a134e4459749d4d246","hashSHA1":"1873fba935a23878b5f7c749b1620d762c7093d2","hashSHA256":"948e63b9a789d8b8717d631e2d307bab2e4290ed2e3e64b827944f0a3aa03b17","digitalCertThumbprint":"7FC4A6FB97D06A48B8BB115E97D6635E979DA85D","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=DATALABS LIMITED, O=DATALABS LIMITED, L=WAN CHAI, C=HK, SERIALNUMBER=3222394, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=HK","sourceIndex":"232","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"sharing","reference":"","landingPage":"https://www.packetshare.io/","directDownloadingLink":"https://www.packetshare.io/files/packetshare_win_2.0.3_28.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.packetshare.io/files/packetshare_win_2.0.3_28.exe","sourceIndex":"232"},{"howFound":"","reference":"","landingPage":"","directDownloadingLink":"https://www.packetshare.io/download.html","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"","sourceIndex":"233"}],"sampleFiles":["250401/Packetshare-250211/2.0.5.30/Samples/packetshare_win_2.0.5_30.exe","250401/Packetshare-250211/2.0.5.30/Samples/PacketShare.exe"],"imageFiles":["250401/Packetshare-250211/2.0.5.30/Images/ACR-007/ACR-007_Install_1.png","250401/Packetshare-250211/2.0.5.30/Images/ACR-084/ACR-084_Software_1.png","250401/Packetshare-250211/2.0.5.30/Images/ACR-084/ACR-084_Software_2.png"],"nonDeceptorImageFiles":["250401/Packetshare-250211/2.0.5.30/Images/ACR-007/ACR-007_Landing page_1.png"],"guid":"206ecd2e-f23d-41f2-b969-106948fe825c_2.0.5.30_1","appID":"Packetshare-250211","dateAdded":"250807","deceptorType":"App","name":"Packetshare","company":"DATALABS LIMITED","version":"2.0.5.30","lastKnownStatus":"2.0.3;2.0.5.30;2.0.6;2.0.7;2.0.9;2.1.0","lastKnownDate":"250807","type":"Windows Executable","category":"Productivity, Business Developer Tools","targetOS":"Windows 7,Windows 8,Windows 10,Windows 11","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"net proxy","lastUpdate":"2025-08-07T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":6,"sortOrder":278},{"violations":{"ACR-042":"Infatica service (system resource borrowing) components are installed without obtaining user permission through explicit user action.\n","ACR-043":"Application installs the system resource borrowing components without disclosing to user.\n","ACR-046":"Application doesn't present any EULA, Privacy Policy and disclose the non-expected behaviors (system resource borrowing) during installation. \n","ACR-048":"User has no option to disable system resource borrowing process.\n","ACR-007":"During installation application doesn't disclose the potential risks related with sharing network resource (IP/Bandwidth), doesn't disclose how application team manage the potential risks, and obtain user's explicit consent for borrowing network resource. Application doesn't provide straightforward approach how to disable the network resource sharing.\n","ACR-084":"Application doesn't provide any notification to user that Infatica service running (system resource borrowing) in background.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"NinjaVPN.msi","isInstaller":"True","hashMD5":"fccd431478bacaf53bd9ec13296a999f","hashSHA1":"23783e0ae4945746d021105c45b2ac65c3f0ced5","hashSHA256":"0eb8d760a5623c5f2e42eb56083e679824717281dae2e7cb08580522f60c0776","sourceIndex":"182","avBlockList":["360 Total Security (20251023)","Avast Premium Security (20251023)","AVG Internet Security (20251023)","Avira Internet Security (20251023)","COMODO Antivirus (20251023)","Dr.Web Security Space (20251023)","ESET Internet Security (20251023)","G DATA INTERNET SECURITY (20251023)","K7 Total Security (20251023)","KasperskyPremium (20251023)","Malwarebytes Premium (20251023)","McAfee Total Protection (20251023)","Norton Security (20251023)","Panda Dome (20251023)","Quick Heal Internet Security (20251023)","Sophos Home Premium (20251023)","SpyHunter5 (20251023)","Total AV Antivirus Pro (20251023)","VirIT eXplorer PRO (20251023)","Webroot SecureAnywhere (20251023)","Windows Defender (20251023)"],"avAllowList":["Bitdefender Internet Security (20251023)","FortectPremium (20251023)","Trend Micro Internet Security (20251023)","VIPRE Advanced Security (20251023)"]},{"isRevoked":"False","fileName":"NinjaVPN.exe","companyName":"Infatica Pte. Ltd","productName":"NinjaVPN","productVersion":"1.0.5.0","fileVersion":"1.0.5.0","hashMD5":"d301a26564cd395f1604a9debfdbc0ec","hashSHA1":"6f5f0d4006869dfdd14070d75e4df0b09b45ff20","hashSHA256":"19bd0090a3230bfd279822fff2d58d32561f53e20e97eaec93734ac7f3532ebf","sourceIndex":"182","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"UninstallHelper.exe","productName":"UninstallHelper","productVersion":"1.0.0.0","fileVersion":"1.0.0.0","hashMD5":"47862291ec8b3274614d53a1b20e9a29","hashSHA1":"2fcf3f5ffd542811c674cfcc5598f493e64b5ba9","hashSHA256":"66754372a58c140d91de382071bb58a69a924f065e78c5f42836e0d416a7da1c","sourceIndex":"182","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"infatica-service-app.exe","productName":"Infatica Service","productVersion":"1.0.5","hashMD5":"0e3382aab10a63f6a24a7618baaf0f99","hashSHA1":"b4091591c02a925f5b7bfffd07da2d2fd385ee29","hashSHA256":"2cc1166bb981ddcf07117c099c9146c019423691c9ab63e4da7e4f868ef5cb44","digitalCertThumbprint":"78845D96DC775C83C4CBBADEFA54253F099336E0","digitalCertIssuer":"CN=DigiCert SHA2 Assured ID Code Signing CA, OU=www.digicert.com, O=DigiCert Inc, C=US","digitalCertIssuedTo":"CN=Infatica pte ltd, OU=Infatica pte ltd, O=Infatica pte ltd, L=Singapore, C=SG","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"182","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"infatica-service.dll","productName":"Infatica Service","productVersion":"1.0.5","hashMD5":"786effa553cd1ee519145aed401543e1","hashSHA1":"d42fc9fbe950319e98e15e568e4327866cd50ca9","hashSHA256":"6be2ca2dc8767c31960043af92163a73861969b8b22f0ebd7d1fa2bbe0caa6db","digitalCertThumbprint":"78845D96DC775C83C4CBBADEFA54253F099336E0","digitalCertIssuer":"CN=DigiCert SHA2 Assured ID Code Signing CA, OU=www.digicert.com, O=DigiCert Inc, C=US","digitalCertIssuedTo":"CN=Infatica pte ltd, OU=Infatica pte ltd, O=Infatica pte ltd, L=Singapore, C=SG","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"182","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"proxy.exe","hashMD5":"42f8636278300dc2f85acf45a5eb670b","hashSHA1":"f6d1c69df1c730db957f9a0ee45fb96f61dc8a24","hashSHA256":"55c5a4b4207da0ec23ed1caad79a3a5f9ac14c4f454752bd0201e6199963814a","sourceIndex":"182","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Security partner report","reference":"Infatica","landingPage":"https://infatica-sdk.io/","ipv4":"","ipv6":"","sourceIndex":"182"}],"sampleFiles":["250731/NinjaVPN-250729/1.0.5.0/Samples/NinjaVPN.msi"],"imageFiles":["250731/NinjaVPN-250729/1.0.5.0/Images/ACR-043/ACR-043_Install_1.png","250731/NinjaVPN-250729/1.0.5.0/Images/ACR-042/ACR-042_Install_1.png","250731/NinjaVPN-250729/1.0.5.0/Images/ACR-048/ACR-048_Software_1.png","250731/NinjaVPN-250729/1.0.5.0/Images/ACR-048/ACR-048_Software_2.png","250731/NinjaVPN-250729/1.0.5.0/Images/ACR-084/ACR-084_Software_1.png"],"nonDeceptorImageFiles":[],"guid":"ea5167d4-735d-4cb3-826b-2d074dd5bbab_1.0.5.0_1","appID":"NinjaVPN-250729","dateAdded":"250731","deceptorType":"App","name":"NinjaVPN","company":" Infatica Pte. Ltd","version":"1.0.5.0","lastKnownStatus":"1.0.5.0","lastKnownDate":"250731","type":"Windows Executable","category":"Productivity, Personalization & Search","targetOS":"Windows 11,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"net proxy","lastUpdate":"2025-07-31T18:07:24.9099298+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":280},{"violations":{"ACR-048":"When application is running in the background, it doesn't has approach to allow user to immediately disable the borrowing activity. The network sharing activities can't be disabled even user disable the sharing.\n","ACR-007":"During installation application doesn't disclose the potential risks related with sharing network resource (IP/Bandwidth), doesn't disclose how application team manage the potential risks, and obtain user's explicit consent for borrowing network resource.\nApplication doesn't provide straightforward approach how to disable the network resource sharing.\n","ACR-084":"Application doesn't provide notification that it is still running and sharing is active when application is closed and minimized to system tray.\n","ACR-119":"Application doesn't remove the active components after uninstallation completes.\n","ACR-124":"Application make uninstallation difficult by asking unnecessary more than one confirmation\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"ByteBenefit_Setup.exe","isInstaller":"True","productName":"ByteBenefit_Setup","productVersion":"1.0.0.0","fileVersion":"1.0","hashMD5":"403d4206ccce49c1793e899018a85a44","hashSHA1":"5b07233bb42c3edf0a1d2828c7d0daf5f1e21013","hashSHA256":"b2fe7f9446d99d029418e8559bedc1858d8d347031f9b04c8bc5b37b518f2442","digitalCertThumbprint":"59B5FB55ACE3824B2A43DA14724C58A9E73E267E","digitalCertIssuer":"CN=Sectigo Public Code Signing CA R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=Infatica Pte. Ltd., O=Infatica Pte. Ltd., S=Central Singapore, C=SG","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"185","avBlockList":["Avast Premium Security (20251016)","AVG Internet Security (20251016)","Avira Internet Security (20251016)","COMODO Antivirus (20251016)","ESET Internet Security (20251016)","FortectPremium (20251016)","G DATA INTERNET SECURITY (20251016)","K7 Total Security (20251016)","KasperskyPremium (20251016)","Malwarebytes Premium (20251016)","McAfee Total Protection (20251016)","Norton Security (20251016)","Panda Dome (20251016)","Quick Heal Internet Security (20251016)","Sophos Home Premium (20251016)","SpyHunter5 (20251016)","Total AV Antivirus Pro (20251016)","VirIT eXplorer PRO (20251016)","Webroot SecureAnywhere (20251016)"],"avAllowList":["360 Total Security (20251016)","Bitdefender Internet Security (20251016)","Dr.Web Security Space (20251016)","Trend Micro Internet Security (20251016)","VIPRE Advanced Security (20251016)","Windows Defender (20251016)"]},{"isRevoked":"False","fileName":"ByteBenefit.exe","companyName":"ByteBenefit","productName":"ByteBenefit","productVersion":"1.0.2+11","fileVersion":"1.0","hashMD5":"359f80383dab93fc61033654d754af35","hashSHA1":"49cba7675543ae2590645374da1b584621169da9","hashSHA256":"91beef2dfaee0b6d7ca210d04bb8470e513b3b37b03936d95535bb0b72e13f35","digitalCertThumbprint":"59B5FB55ACE3824B2A43DA14724C58A9E73E267E","digitalCertIssuer":"CN=Sectigo Public Code Signing CA R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=Infatica Pte. Ltd., O=Infatica Pte. Ltd., S=Central Singapore, C=SG","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"185","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"ByteBenefit_Uninstaller.exe","companyName":"ByteBenefit","productName":"ByteBenefit","productVersion":"1.0.0+7","fileVersion":"1.0","hashMD5":"4321df0d9719faebf5eaadb56a8b6b84","hashSHA1":"0ff40614e631bcb054243f616200dcf14b2e4da9","hashSHA256":"bff073ab9128e2d24b018e69f76e7b39fe91ab388f3b05731266c4a38ad898e5","digitalCertThumbprint":"59B5FB55ACE3824B2A43DA14724C58A9E73E267E","digitalCertIssuer":"CN=Sectigo Public Code Signing CA R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=Infatica Pte. Ltd., O=Infatica Pte. Ltd., S=Central Singapore, C=SG","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"185","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Security partner report","reference":"P2B","landingPage":"https://bytebenefit.io","directDownloadingLink":"https://app.bytebenefit.io/ByteBenefit_Setup","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://app.bytebenefit.io/ByteBenefit_Setup","sourceIndex":"185"}],"sampleFiles":["250728/ByteBenefit-250728/1.0.2/Samples/ByteBenefit_Setup.exe","250728/ByteBenefit-250728/1.0.2/Samples/ByteBenefit.exe","250728/ByteBenefit-250728/1.0.2/Samples/ByteBenefit_Uninstaller.exe"],"imageFiles":["250728/ByteBenefit-250728/1.0.2/Images/ACR-007/ACR-007_Install_1.png","250728/ByteBenefit-250728/1.0.2/Images/ACR-007/ACR-007_Install_2.png","250728/ByteBenefit-250728/1.0.2/Images/ACR-048/Screenshot 2025-07-28 at 2.36.32 PM.png","250728/ByteBenefit-250728/1.0.2/Images/ACR-048/Screenshot 2025-07-28 at 2.42.45 PM.png","250728/ByteBenefit-250728/1.0.2/Images/ACR-007/ACR-007_Software_1.png","250728/ByteBenefit-250728/1.0.2/Images/ACR-119/ACR-119_Uninstall_1.png","250728/ByteBenefit-250728/1.0.2/Images/ACR-124/ACR-124_Uninstall_1.png","250728/ByteBenefit-250728/1.0.2/Images/ACR-124/ACR-124_Uninstall_2.png"],"nonDeceptorImageFiles":[],"guid":"67eaaffd-5a97-449d-aee7-bc9d7ee37fe1_1.0.2_1","appID":"ByteBenefit-250728","dateAdded":"250728","deceptorType":"App","name":"ByteBenefit","company":"Infatica Pte. Ltd","version":"1.0.2","lastKnownStatus":"1.0.2","lastKnownDate":"250728","type":"Windows Executable","category":"Personalization & Search","targetOS":"Windows 10,Windows 11","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"net proxy","lastUpdate":"2025-07-28T21:59:16.3641356+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":281},{"violations":{"ACR-043":"Open source project \"Open VPN\" is installed without any disclosure in EULA. \n","ACR-048":"The app does not provide control to cancel the installation process.\n","ACR-007":"The app's disclosure regarding the user's need to join the P2P network to use the app is not explained in detail which can reduce the consumer's security posture.\n","ACR-013":"The user is interrupted by non-consented offers to silently install unrelated software during the launch of the application.\n","ACR-057":"The accept/decline option is not made obvious to the consumer in the offer.\n","ACR-055":"The accept and decline options are not made consistent among the offers.\n","ACR-059":"The Offer are not clearly marked as an optional offer, who is recommending the offers are not clear\n","ACR-155":"Offers are designed to look like part of the install workflow.\n"},"nonDeceptorViolations":{"ACR-045":"The app's disclosure regarding the user's need to join the P2P network to use the app is not straightforward or explained in detail which can reduce the consumer's security posture.\n","ACR-065":"The app does not provide EULA and Privacy policy for the offered apps.\n","ACR-092":"The app's main executable does not have a digital signature.\n"},"samples":[{"isRevoked":"False","fileName":"freevpn_setup.exe","isInstaller":"True","companyName":"Keen Internet Technologies Ltd","productName":"Free VPN","productVersion":"2.01.02.00","fileVersion":"2.1","hashMD5":"e1688f100d6a1c5f0f7a08705984a9fc","hashSHA1":"1e8b86c50faf24af085fccc0ab53601cf804004a","hashSHA256":"cd4e15921e095509850e4bf456dbd0a949536d1cda6ec31bd92476d86a821eef","digitalCertThumbprint":"0D9EF1D40FFF2E9E3B76DD17B46618E806A679B6","digitalCertIssuer":"CN=SSL.com Code Signing Intermediate CA RSA R1, O=SSL Corp, L=Houston, S=Texas, C=US","digitalCertIssuedTo":"CN=Keen Internet Technologies Ltd, O=Keen Media Group, L=Rishon LeZion, C=IL","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"186","avBlockList":["360 Total Security (20251007)","Avast Premium Security (20251007)","AVG Internet Security (20251007)","Avira Internet Security (20251007)","COMODO Antivirus (20251007)","Dr.Web Security Space (20251007)","ESET Internet Security (20251007)","FortectPremium (20251007)","G DATA INTERNET SECURITY (20251007)","K7 Total Security (20251007)","KasperskyPremium (20251007)","Malwarebytes Premium (20251007)","McAfee Total Protection (20251007)","Norton Security (20251007)","Panda Dome (20251007)","Quick Heal Internet Security (20251007)","Sophos Home Premium (20251007)","SpyHunter5 (20251007)","Total AV Antivirus Pro (20251007)","Trend Micro Internet Security (20251007)","VirIT eXplorer PRO (20251007)","Webroot SecureAnywhere (20251007)","Windows Defender (20251007)"],"avAllowList":["Bitdefender Internet Security (20251007)","VIPRE Advanced Security (20251007)"]},{"isRevoked":"False","fileName":"FreeVPN.exe","companyName":"Keen Internet Technologies Ltd","productName":"FreeVPN","productVersion":"2.1.2.1","fileVersion":"2.1","hashMD5":"4ed6543c73e759ee179dbe9695789bf8","hashSHA1":"f4096c19328ef6dd1b03168524719245a0eefb5a","hashSHA256":"8bab725accbd7999dd2d4aa4a5f822db0d9187223679295e61ca52147288c3a3","sourceIndex":"186","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"expired certified app","reference":"","landingPage":"https://www.freevpn.win/","directDownloadingLink":"https://www.freevpn.win/builds/freevpn_setup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.freevpn.win/builds/freevpn_setup.exe","sourceIndex":"186"}],"sampleFiles":["250721/FreeVPN-230609/2.01.02.00/Samples/freevpn_setup.exe"],"imageFiles":["250721/FreeVPN-230609/2.01.02.00/Images/ACR-043/ACR-043.JPG","250721/FreeVPN-230609/2.01.02.00/Images/ACR-048/ACR-048.JPG","250721/FreeVPN-230609/2.01.02.00/Images/ACR-007/ACR-007_Software_1.png","250721/FreeVPN-230609/2.01.02.00/Images/ACR-013/ACR-013_Software_1.png","250721/FreeVPN-230609/2.01.02.00/Images/ACR-057/ACR-057_Bundler-made offers_1.png","250721/FreeVPN-230609/2.01.02.00/Images/ACR-059/ACR-059_Bundler-made offers_1.png","250721/FreeVPN-230609/2.01.02.00/Images/ACR-155/ACR-155_Bundler-made offers_1.png","250721/FreeVPN-230609/2.01.02.00/Images/ACR-055/ACR-055_Bundler-made offers_1.png"],"nonDeceptorImageFiles":["250721/FreeVPN-230609/2.01.02.00/Images/ACR-045/ACR-045.JPG","250721/FreeVPN-230609/2.01.02.00/Images/ACR-065/ACR-065_Bundler-made offers_1.png"],"guid":"ad1bdffe-aeca-4f8d-9e5f-262255d76b93_2.01.02.00_1","appID":"FreeVPN-230609","dateAdded":"250721","deceptorType":"App","name":"Free VPN","company":"Keen Internet Technologies Ltd","version":"2.01.02.00","lastKnownDate":"250721","type":"Windows Executable","category":"SysTools & Utilities, Bundlers & Downloaders","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 10,Windows 8","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2025-07-21T21:54:52.9058841+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":282},{"violations":{"ACR-046":"Disclosures for the optional offer are not visible.\n","ACR-013":"The offer interruptedly appears when user choose to download the driver to update without user consent.\n","ACR-060":"The offer network does not disclose itself in its offers.\n","ACR-118":"ProxymaData is not removed after DriverHub being uninstalled completely.\n","ACR-057":"The app needs to provide a clear way to accept and decline optional offers. The use of checkbox is non-rational when the only option to proceed is \"Install all recommended\" option.\n","ACR-055":"The offer is not presented with clear decline/accept option.\n","ACR-059":"The presented offers are not clear who recommended it. Offers that are not related to the main app should be marked as \"Optional Offer\" instead of identifying the offers as a Recommended Software to install.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"driver-hub-install__28.exe","isInstaller":"True","productName":"DriverHub","productVersion":"4.3.0.0","fileVersion":"4.3","hashMD5":"33f914d2a2c1d8a6f4cea578a4a76dc5","hashSHA1":"ffc43d087de95280b1d11c878a17d328a0bfebf1","hashSHA256":"838c1a1b83127539dc1483cd66741c9208810c780bfe79feba3d7787875a7e9f","digitalCertThumbprint":"8A98D1F804E5599C5AE52C82CA4272544BFE5616","digitalCertIssuer":"CN=GlobalSign GCC R45 EV CodeSigning CA 2020, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"E=support@rostpay.ru, CN=ОБЩЕСТВО С ОГРАНИЧЕННОЙ ОТВЕТСТВЕННОСТЬЮ РОСТПЭЙ, O=ОБЩЕСТВО С ОГРАНИЧЕННОЙ ОТВЕТСТВЕННОСТЬЮ РОСТПЭЙ, STREET=\"ПЕР ДОЛОМАНОВСКИЙ, ЗД. 70Д, КВ.1(10 ЭТАЖ)\", L=Ростов-на-Дону, S=Ростовская область, C=RU, OID.1.3.6.1.4.1.311.60.2.1.2=Rostov Oblast, OID.1.3.6.1.4.1.311.60.2.1.3=RU, SERIALNUMBER=1086168004669, OID.2.5.4.15=Private Organization","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"160","avBlockList":["360 Total Security (20250925)","Avast Premium Security (20250925)","AVG Internet Security (20250925)","Avira Internet Security (20250925)","Bitdefender Internet Security (20250925)","COMODO Antivirus (20250925)","Dr.Web Security Space (20250925)","ESET Internet Security (20250925)","FortectPremium (20250925)","G DATA INTERNET SECURITY (20250925)","K7 Total Security (20250925)","KasperskyPremium (20250925)","Malwarebytes Premium (20250925)","McAfee Total Protection (20250925)","Norton Security (20250925)","Panda Dome (20250925)","Quick Heal Internet Security (20250925)","Sophos Home Premium (20250925)","SpyHunter5 (20250925)","Total AV Antivirus Pro (20250925)","VIPRE Advanced Security (20250925)","VirIT eXplorer PRO (20250925)","Webroot SecureAnywhere (20250925)","Windows Defender (20250925)"],"avAllowList":["Trend Micro Internet Security (20250925)"]},{"isRevoked":"False","fileName":"DriverHub.exe","companyName":"ROSTPAY LTD","productName":"DriverHub","productVersion":"1.3.18.2147","fileVersion":"1.3","hashMD5":"85cdd0909f9ae260b024a8d5b29039af","hashSHA1":"d42dd7691babd3e7cced9476fef4fbc976e2ddde","hashSHA256":"03823d9d40a102cc742c1d3affc79689fbe725df7296654219373682f6f6135d","digitalCertThumbprint":"8A98D1F804E5599C5AE52C82CA4272544BFE5616","digitalCertIssuer":"CN=GlobalSign GCC R45 EV CodeSigning CA 2020, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"E=support@rostpay.ru, CN=ОБЩЕСТВО С ОГРАНИЧЕННОЙ ОТВЕТСТВЕННОСТЬЮ РОСТПЭЙ, O=ОБЩЕСТВО С ОГРАНИЧЕННОЙ ОТВЕТСТВЕННОСТЬЮ РОСТПЭЙ, STREET=\"ПЕР ДОЛОМАНОВСКИЙ, ЗД. 70Д, КВ.1(10 ЭТАЖ)\", L=Ростов-на-Дону, S=Ростовская область, C=RU, OID.1.3.6.1.4.1.311.60.2.1.2=Rostov Oblast, OID.1.3.6.1.4.1.311.60.2.1.3=RU, SERIALNUMBER=1086168004669, OID.2.5.4.15=Private Organization","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"160","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"DriverHubUninstaller.exe","productName":"DriverHub","productVersion":"4.2.1.0","fileVersion":"4.2","hashMD5":"80b76037f21558add4b505bc5cb7722e","hashSHA1":"af9a436325785128f74a939033d397a2115f0b79","hashSHA256":"65831cae481b3b30e76901a513070536d005ddb12859358403ca906d9492de2b","digitalCertThumbprint":"8A98D1F804E5599C5AE52C82CA4272544BFE5616","digitalCertIssuer":"CN=GlobalSign GCC R45 EV CodeSigning CA 2020, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"E=support@rostpay.ru, CN=ОБЩЕСТВО С ОГРАНИЧЕННОЙ ОТВЕТСТВЕННОСТЬЮ РОСТПЭЙ, O=ОБЩЕСТВО С ОГРАНИЧЕННОЙ ОТВЕТСТВЕННОСТЬЮ РОСТПЭЙ, STREET=\"ПЕР ДОЛОМАНОВСКИЙ, ЗД. 70Д, КВ.1(10 ЭТАЖ)\", L=Ростов-на-Дону, S=Ростовская область, C=RU, OID.1.3.6.1.4.1.311.60.2.1.2=Rostov Oblast, OID.1.3.6.1.4.1.311.60.2.1.3=RU, SERIALNUMBER=1086168004669, OID.2.5.4.15=Private Organization","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"160","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"PDClient.exe","companyName":"ProxymaData","productName":"ProxymaData","productVersion":"2.0.0.0","fileVersion":"2.0","hashMD5":"8568211dd3ebd8f4e25d24cdbf865256","hashSHA1":"241ca16436067c67993bdf059bd63a19f22bd2a3","hashSHA256":"942e7f147ffca11881d5c1fb464bd77a195f68b9ea99b35de4e43a23a274d259","sourceIndex":"160","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"Installer.exe","companyName":"ROSTPAY LTD","productName":"DriverHub","productVersion":"1.3.2.1453","fileVersion":"1.0","hashMD5":"54e9828639d39704de9ecc955a71efe1","hashSHA1":"110aff5704e13b9f81414d084d92054f3a28d970","hashSHA256":"d08d70e7059021c98e7dc1b2ed1ac3649de214d426060dbf8b61e9bac427382a","digitalCertThumbprint":"5D3831FCE274BD4312AFCB10BEDF5D55671DB13F","digitalCertIssuer":"CN=GlobalSign GCC R45 EV CodeSigning CA 2020, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"E=support@rostpay.ru, CN=ОБЩЕСТВО С ОГРАНИЧЕННОЙ ОТВЕТСТВЕННОСТЬЮ РОСТПЭЙ, O=ОБЩЕСТВО С ОГРАНИЧЕННОЙ ОТВЕТСТВЕННОСТЬЮ РОСТПЭЙ, STREET=\"ПЕР. ДОЛОМАНОВСКИЙ, Д.70 К.Д, КВ.1(10 ЭТАЖ)\", L=Ростов-на-Дону, S=Ростовская область, C=RU, OID.1.3.6.1.4.1.311.60.2.1.2=Rostov Oblast, OID.1.3.6.1.4.1.311.60.2.1.3=RU, SERIALNUMBER=1086168004669, OID.2.5.4.15=Private Organization","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"160","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"IndexingManager.exe","productName":"Indexing manager","productVersion":"1.4.0.0","fileVersion":"1.4","hashMD5":"6b1f1e2b742c77579938402e303cd294","hashSHA1":"f21dc2f072179d321316dd71e1a6666435aaecdc","hashSHA256":"612b1b31393bd885913dccfc0725aff97d65588ab446e39ab7a00f7b6e2a28dc","sourceIndex":"160","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Tesla browser ; expired certified","reference":"","landingPage":"https://www.drvhub.net/","ipv4":"","ipv6":"","sourceIndex":"160"}],"sampleFiles":["250708/DriverHub-220208/1.3.18/Samples/driver-hub-install__28.exe"],"imageFiles":["250708/DriverHub-220208/1.3.18/Images/ACR-118/ACR-118_Uninstall_1.png","250708/DriverHub-220208/1.3.18/Images/ACR-118/ACR-118_Uninstall_2.png","250708/DriverHub-220208/1.3.18/Images/ACR-046/ACR-046_Install_1.png","250708/DriverHub-220208/1.3.18/Images/ACR-059/ACR-059_Inline offers_1.png","250708/DriverHub-220208/1.3.18/Images/ACR-055/ACR-055_Inline offers_1.png","250708/DriverHub-220208/1.3.18/Images/ACR-057/ACR-057_In-bundle offers_1.png","250708/DriverHub-220208/1.3.18/Images/ACR-013/ACR-013_Software_1.png","250708/DriverHub-220208/1.3.18/Images/ACR-013/ACR-013_Software_2.png","250708/DriverHub-220208/1.3.18/Images/ACR-060/ACR-060_In-bundle offers_1.png"],"nonDeceptorImageFiles":[],"guid":"0e014032-55b0-4fc2-b8da-3528e047e8e8_1.3.18_1","appID":"DriverHub-220208","dateAdded":"250708","deceptorType":"App","name":"Driver Hub","company":"ROSTPAY LTD","version":"1.3.18","firstVendorContactDate":"250806","firstAppEsteemReplyDate":"250807","firstResolvedDate":"251014","firstResolvedVersion":"1.4.2","resolved":"TRUE","lastKnownStatus":"1.2.1.1825;1.1.2.1563;1.3.9.2238;1.3.10.2240;1.3.18","lastKnownDate":"250708","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows 7,Windows 8,Windows 10,Windows Vista","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2025-10-14T21:22:52.9356125+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":5,"sortOrder":283},{"violations":{"ACR-046":"Disclosures for the optional offer are not visible.\n","ACR-048":"The app does not provide control to defer the installation process for the optional offer. Installation proceeds for the optional offer despite not clicking the Install button across the item.\n","ACR-057":"The app needs to provide a clear way to accept and decline optional offers. The use of checkbox is non-rational when the only option to proceed is \"Install all recommended\" option.\n","ACR-059":"The presented offer \"Opera Web Browser\" is not clear who recommended it. Offers that are not related to the main app should be marked as \"Optional Offer\" instead of identifying the offers as a Recommended Software to install.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"DriverHub.exe","companyName":"ROSTPAY LTD","fileVersion":"1.3","hashMD5":"90c85709415e86ba9c9371ee7ad26a41","hashSHA1":"09875c4747e670c426680cb3451db9d723e5ae6f","hashSHA256":"a19e3573b659c0190e2195faee934918890cb4d03d4cace3256822d34f0b92e8","digitalCertThumbprint":"06DA93A00B5C193261A4FAE08023F5413C67844E","digitalCertIssuer":"CN=GlobalSign GCC R45 EV CodeSigning CA 2020, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"E=support@rostpay.ru, CN=ROSTPAY LLC, O=ROSTPAY LLC, STREET=\"Dolomanovsky lane, 70D apt.1 (10th floor)\", L=Rostov-on-Don, S=Rostov Oblast, C=RU, OID.1.3.6.1.4.1.311.60.2.1.2=Rostov oblast, OID.1.3.6.1.4.1.311.60.2.1.3=RU, SERIALNUMBER=1086168004669, OID.2.5.4.15=Private Organization","sourceIndex":"898","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"driver-hub-install__28.exe","isInstaller":"True","companyName":"ROSTPAY LTD.","fileVersion":"3.1","hashMD5":"ff25f4db981a5980797d736f97adaab6","hashSHA1":"77ccf75074599fc076f89060f257feeda5607d33","hashSHA256":"a1f6905b424b2e1479dc823688f3eaffddd8c7537abe9c5ada4a1bcbca25c79c","digitalCertThumbprint":"06DA93A00B5C193261A4FAE08023F5413C67844E","digitalCertIssuer":"CN=GlobalSign GCC R45 EV CodeSigning CA 2020, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"E=support@rostpay.ru, CN=ROSTPAY LLC, O=ROSTPAY LLC, STREET=\"Dolomanovsky lane, 70D apt.1 (10th floor)\", L=Rostov-on-Don, S=Rostov Oblast, C=RU, OID.1.3.6.1.4.1.311.60.2.1.2=Rostov oblast, OID.1.3.6.1.4.1.311.60.2.1.3=RU, SERIALNUMBER=1086168004669, OID.2.5.4.15=Private Organization","sourceIndex":"898","avBlockList":["Avast Premium Security (20250710)","AVG Internet Security (20250710)","Avira Internet Security (20250710)","Bitdefender Internet Security (20250710)","COMODO Antivirus (20250710)","Dr.Web Security Space (20250710)","ESET Internet Security (20250710)","G DATA INTERNET SECURITY (20250710)","K7 Total Security (20250710)","Malwarebytes Premium (20250710)","McAfee Total Protection (20250710)","Norton Security (20250710)","Panda Dome (20250710)","Sophos Home Premium (20250710)","SpyHunter5 (20250710)","Total AV Antivirus Pro (20250710)","VIPRE Advanced Security (20250710)","VirIT eXplorer PRO (20250710)","Webroot SecureAnywhere (20250710)","FortectPremium (20250710)","KasperskyPremium (20250710)"],"avAllowList":["360 Total Security (20250710)","Kaspersky Internet Security (20230907)","Quick Heal Internet Security (20250710)","Trend Micro Internet Security (20250710)","Windows Defender (20250710)"]},{"isRevoked":"False","fileName":"driver-hub-install__458.exe","isInstaller":"True","companyName":"ROSTPAY LTD.","fileVersion":"3.1","hashMD5":"938a613d6bbd418bb1eee8a58dd3d01c","hashSHA1":"dc844a847589fd377907af6566d210de8b152c4d","hashSHA256":"773a08fd6f55b70a24a4b7da1e2f62f3b363625033c79fcdf636839d7d63f916","digitalCertThumbprint":"C3C709B7E01318BA74D48BD64D05F48DECA5CD80","digitalCertIssuer":"CN=GlobalSign GCC R45 EV CodeSigning CA 2020, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"E=support@rostpay.ru, CN=ROSTPAY LLC, O=ROSTPAY LLC, STREET=\"Dolomanovsky lane, 70D apt.1(10th floor)\", L=Rostov-on-Don, S=Rostov Oblast, C=RU, OID.1.3.6.1.4.1.311.60.2.1.2=Rostov Oblast, OID.1.3.6.1.4.1.311.60.2.1.3=RU, SERIALNUMBER=1086168004669, OID.2.5.4.15=Private Organization","sourceIndex":"898","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"driver-hub-install__230824.exe","isInstaller":"True","companyName":"ROSTPAY LTD.","fileVersion":"3.2","hashMD5":"c6c6fd0a80b977ee666a6bd1ed1d9fc3","hashSHA1":"fbff85feebabfee4de3a9621267a57c87c034363","hashSHA256":"b877cf61bf6022aa3adde6a521a7d2d356ac07fc1a0f9967977b5037532e3354","digitalCertThumbprint":"06DA93A00B5C193261A4FAE08023F5413C67844E","digitalCertIssuer":"CN=GlobalSign GCC R45 EV CodeSigning CA 2020, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"E=support@rostpay.ru, CN=ROSTPAY LLC, O=ROSTPAY LLC, STREET=\"Dolomanovsky lane, 70D apt.1 (10th floor)\", L=Rostov-on-Don, S=Rostov Oblast, C=RU, OID.1.3.6.1.4.1.311.60.2.1.2=Rostov oblast, OID.1.3.6.1.4.1.311.60.2.1.3=RU, SERIALNUMBER=1086168004669, OID.2.5.4.15=Private Organization","sourceIndex":"898","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Tesla browser ","reference":"","landingPage":"https://www.drvhub.net/","directDownloadingLink":"https://www.drvhub.net/products/free/download/init","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.drvhub.net/products/free/download/init","sourceIndex":"898"},{"howFound":"","reference":"230721  new installer","landingPage":"","directDownloadingLink":"https://driverhub.driverscollection.com/DriverHub.php","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://driverhub.driverscollection.com/DriverHub.php","sourceIndex":"899"}],"sampleFiles":["230830/DriverHub-220208/1.3.10.2240/Samples/DriverHub.exe","230830/DriverHub-220208/1.3.10.2240/Samples/driver-hub-install__28.exe","230830/DriverHub-220208/1.3.10.2240/Samples/driver-hub-install__458.exe","230830/DriverHub-220208/1.3.10.2240/Samples/driver-hub-install__230824.exe"],"imageFiles":["230830/DriverHub-220208/1.3.10.2240/Images/ACR-046/driverhub.jpg","230830/DriverHub-220208/1.3.10.2240/Images/ACR-048/ACR-048.mp4","230830/DriverHub-220208/1.3.10.2240/Images/ACR-048/Opera.jpg","230830/DriverHub-220208/1.3.10.2240/Images/ACR-059/RecommendedOffer.jpg","230830/DriverHub-220208/1.3.10.2240/Images/ACR-057/OperaOffer.jpg"],"nonDeceptorImageFiles":[],"guid":"0e014032-55b0-4fc2-b8da-3528e047e8e8_1.3.10.2240_1","appID":"DriverHub-220208","dateAdded":"250708","deceptorType":"App","name":"Driver Hub","company":"ROSTPAY LTD","version":"1.3.10.2240","firstVendorContactDate":"250806","firstAppEsteemReplyDate":"250807","firstResolvedDate":"251014","firstResolvedVersion":"1.4.2","resolved":"TRUE","lastKnownStatus":"1.2.1.1825;1.1.2.1563;1.3.9.2238;1.3.10.2240;1.3.18","lastKnownDate":"250708","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows 7,Windows 8,Windows 10,Windows Vista","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2025-10-14T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":5,"sortOrder":284},{"violations":{"ACR-057":"Offer doesn't have a clear way for users to accept or decline.\n","ACR-055":"The app has no buttons to accept, cancel or skip, the offered app Avast Free Antivirus, it was enabled by default opt-in.\n","ACR-155":"The offer was inserted to masquerade as a part of the installation workflow.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"drvhub-1.1.2.1563.exe","isInstaller":"True","companyName":"","productName":"","productVersion":"","fileVersion":"","hashMD5":"8146cf5566191e31ed6730eaacc25c5a","hashSHA1":"1265fb5335d6b213eaa221ebca627b9e03a47b92","hashSHA256":"da30fd7aa5f543ec69c621f68ddc2c5b9c1b55665b1f1c7796120e342f64b592","digitalCertThumbprint":"9195816A6BE82514AEA696D3F013C37216094385","digitalCertIssuer":"thawte SHA256 Code Signing CA","digitalCertIssuedTo":"ROSTPAY LTD","storeId":"","sourceIndex":"1694","avBlockList":["Bitdefender Internet Security (20230427)","Dr.Web Security Space (20230427)","ESET Internet Security (20230427)","G DATA INTERNET SECURITY (20230427)","Kaspersky Internet Security (20230427)","Malwarebytes Premium (20230427)","McAfee Total Protection (20230427)","Norton Security (20230427)","Panda Dome (20230427)","Quick Heal Internet Security (20230427)","Sophos Home Premium (20230427)","SpyHunter5 (20230427)","VIPRE Advanced Security (20230427)","VirIT eXplorer PRO (20230427)","Webroot SecureAnywhere (20230427)","Windows Defender (20230427)"],"avAllowList":["360 Total Security (20230427)","Avast Premium Security (20230427)","AVG Internet Security (20230427)","Avira Internet Security (20230427)","COMODO Antivirus (20230427)","K7 Total Security (20230427)","Total AV Antivirus Pro (20230427)","Trend Micro Internet Security (20230427)"]},{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\DriverHub\\DriverHub.exe","companyName":"ROSTPAY LTD","productName":"DriverHub","productVersion":"1.1.2.1563","fileVersion":"1.1.2.1563","hashMD5":"890e3b0147468441657a8a1d16fabac0","hashSHA1":"f6185361fc34cb46a40941a05f96789547838112","hashSHA256":"c1f0c453666a9a35d9b1ec63507e4f4f378a9b8dd205ea2a616739eeff911b95","digitalCertThumbprint":"9195816A6BE82514AEA696D3F013C37216094385","digitalCertIssuer":"thawte SHA256 Code Signing CA","digitalCertIssuedTo":"ROSTPAY LTD","storeId":"","sourceIndex":"1694","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Tesla browser ","reference":"","landingPage":"https://www.drvhub.net/","ipv4":"","ipv6":"","sourceIndex":"1694"},{"howFound":"","reference":"","landingPage":"https://driverhub.driverscollection.com/","directDownloadingLink":"https://driverhub.driverscollection.com/DriverHub.php","ipv4":"","ipv6":"","sourceIndex":"1695"},{"howFound":"","reference":"","landingPage":"https://download.cnet.com/DriverHub/3001-2094_4-78190098.html","directDownloadingLink":"https://download.cnet.com/DriverHub/3000-2094_4-78190098.html","ipv4":"","ipv6":"","sourceIndex":"1696"}],"sampleFiles":["220301/DriverHub-220208/1.1.2.1563/Samples/drvhub-1.1.2.1563.exe"],"imageFiles":["220301/DriverHub-220208/1.1.2.1563/Images/ACR-057/ACR-057_Bundler-MadeOffers_No_Accept_Decline_Option.JPG","220301/DriverHub-220208/1.1.2.1563/Images/ACR-155/ACR-155_Bundler-MadeOffers_Masqueraded_Offer.JPG","220301/DriverHub-220208/1.1.2.1563/Images/ACR-055/ACR-055_Bundler-MadeOffers_No_Accept_Decline_Option.JPG"],"nonDeceptorImageFiles":[],"guid":"0e014032-55b0-4fc2-b8da-3528e047e8e8_1.1.2.1563_1","appID":"DriverHub-220208","dateAdded":"250708","deceptorType":"App","name":"Driver Hub","company":"ROSTPAY LTD","version":"1.1.2.1563","firstVendorContactDate":"250806","firstAppEsteemReplyDate":"250807","firstResolvedDate":"251014","firstResolvedVersion":"1.4.2","resolved":"TRUE","lastKnownStatus":"1.2.1.1825;1.1.2.1563;1.3.9.2238;1.3.10.2240;1.3.18","lastKnownDate":"250708","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows 7,Windows 8,Windows 10,Windows Vista","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2025-10-14T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":5,"sortOrder":286},{"violations":{"ACR-046":"The additional offer \"Opera Browser\" that is opted-in by default is hidden under the list of outdated drivers and can be viewed only when the Advanced mode option is selected.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains \"DriverHubInstaller.exe\" on the device without the consumer's consent.\n","ACR-071":"The \"Opera Browser\" offer does not provide a clear option to \"Accept\" or \"Decline\", is hidden under Advanced mode option, and is opted-in by default instead of opt-out.\n","ACR-059":"The \"Optional Offer\" wording seems to be greyed out and is not clear.\n","ACR-155":"The offer was inserted to masquerade as a part of the workflow.\n"},"nonDeceptorViolations":{"ACR-054":"The offer prompt does not provide equal prominence to the \"Skip all\" option during installation.\n"},"samples":[{"isRevoked":"False","fileName":"driver-hub-install__28.exe","isInstaller":"True","companyName":"ROSTPAY LTD.","productName":"DriverHub","productVersion":"1.2.1.1825","fileVersion":"2.0.0","hashMD5":"44d9419d34c6e3fded6015d6243d6c62","hashSHA1":"572c9cee9f158cbc14b28ef45ecb27e3439ed455","hashSHA256":"17717f1e8f885df63c084fa89098d81d63848a92864b97dfd04f6186d9695c98","digitalCertThumbprint":"54333BC79AD6F5E807D9E44EE2CA306F878AEF41","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"ROSTPAY LTD","storeId":"","sourceIndex":"1697","avBlockList":["360 Total Security (20220217)","Avira Internet Security (20220217)","COMODO Antivirus (20220217)","Dr.Web Security Space (20220217)","ESET Internet Security (20220217)","K7 Total Security (20220217)","Kaspersky Internet Security (20220217)","Malwarebytes Premium (20220217)","McAfee Total Protection (20220217)","Norton Security (20220217)","Panda Dome (20220217)","Quick Heal Internet Security (20220217)","Sophos Home Premium (20220217)","SpyHunter5 (20220217)","Total AV Antivirus Pro (20220217)","VirIT eXplorer PRO (20220217)","Webroot SecureAnywhere (20220217)","Windows Defender (20220217)"],"avAllowList":["Avast Premium Security (20220217)","AVG Internet Security (20220217)","Bitdefender Internet Security (20220217)","G DATA INTERNET SECURITY (20220217)","Tencent PC Manager (20220217)","Trend Micro Internet Security (20220217)","VIPRE Advanced Security (20220217)"]},{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\DriverHub\\DriverHub.exe","companyName":"ROSTPAY LTD","productName":"DriverHub","productVersion":"1.2.1.1825","fileVersion":"1.2.1.1825","hashMD5":"4978afb74df15d71f1780a73343f261c","hashSHA1":"9be1a688283980cd900ffddfacae462168c96634","hashSHA256":"b9fec97c2abc66f8f17f357a17f7e68f0094ac36b157fdf26ad5b579186ddd3c","digitalCertThumbprint":"54333BC79AD6F5E807D9E44EE2CA306F878AEF41","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"ROSTPAY LTD","storeId":"","sourceIndex":"1697","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Tesla browser ","reference":"","landingPage":"https://www.drvhub.net/","ipv4":"","ipv6":"","sourceIndex":"1697"}],"sampleFiles":["220301/DriverHub-220208/1.2.1.1825/Samples/driver-hub-install__28.exe"],"imageFiles":["220301/DriverHub-220208/1.2.1.1825/Images/ACR-118/ACR-118_Uninstall_Retains_Components.JPG","220301/DriverHub-220208/1.2.1.1825/Images/ACR-071/ACR-071_InlineOffers_Opted-In_Offer.JPG","220301/DriverHub-220208/1.2.1.1825/Images/ACR-046/ACR-046_InlineOffers_Hidden_Offer.JPG","220301/DriverHub-220208/1.2.1.1825/Images/ACR-059/ACR-059_Bundler-MadeOffers_1.JPG","220301/DriverHub-220208/1.2.1.1825/Images/ACR-155/ACR-155_Bundler-MadeOffers_1.JPG"],"nonDeceptorImageFiles":["220301/DriverHub-220208/1.2.1.1825/Images/ACR-054/ACR-054_Bundler-MadeOffers_1.JPG"],"guid":"0e014032-55b0-4fc2-b8da-3528e047e8e8_1.2.1.1825_1","appID":"DriverHub-220208","dateAdded":"250708","deceptorType":"App","name":"Driver Hub","company":"ROSTPAY LTD","version":"1.2.1.1825","sigName":"Deceptor:Win32/DriverHub!118071046059155","firstVendorContactDate":"250806","firstAppEsteemReplyDate":"250807","firstResolvedDate":"251014","firstResolvedVersion":"1.4.2","resolved":"TRUE","lastKnownStatus":"1.2.1.1825;1.1.2.1563;1.3.9.2238;1.3.10.2240;1.3.18","lastKnownDate":"250708","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows 7,Windows 8,Windows 10,Windows Vista","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2025-10-14T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":5,"sortOrder":287},{"violations":{"ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"driver-hub-install__458.exe","isInstaller":"True","companyName":"ROSTPAY LTD.","fileVersion":"3.0","hashMD5":"0914d03c12bba69bd714ff030281f937","hashSHA1":"3680ccbee3ccb431c7a42da58cfb48d6cb091544","hashSHA256":"fa2dd88ca33fd92c2235baf6fbc1696df294a899babe8159b6e52654357afe9b","digitalCertThumbprint":"06DA93A00B5C193261A4FAE08023F5413C67844E","digitalCertIssuer":"CN=GlobalSign GCC R45 EV CodeSigning CA 2020, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"E=support@rostpay.ru, CN=ROSTPAY LLC, O=ROSTPAY LLC, STREET=\"Dolomanovsky lane, 70D apt.1 (10th floor)\", L=Rostov-on-Don, S=Rostov Oblast, C=RU, OID.1.3.6.1.4.1.311.60.2.1.2=Rostov oblast, OID.1.3.6.1.4.1.311.60.2.1.3=RU, SERIALNUMBER=1086168004669, OID.2.5.4.15=Private Organization","sourceIndex":"1150","avBlockList":["Avira Internet Security (20230516)","ESET Internet Security (20230516)","G DATA INTERNET SECURITY (20230516)","K7 Total Security (20230516)","Kaspersky Internet Security (20230516)","Malwarebytes Premium (20230516)","Norton Security (20230516)","Panda Dome (20230516)","Quick Heal Internet Security (20230516)","SpyHunter5 (20230516)","Total AV Antivirus Pro (20230516)","VirIT eXplorer PRO (20230516)"],"avAllowList":["360 Total Security (20230516)","Avast Premium Security (20230516)","AVG Internet Security (20230516)","Bitdefender Internet Security (20230516)","COMODO Antivirus (20230516)","Dr.Web Security Space (20230516)","McAfee Total Protection (20230516)","Sophos Home Premium (20230516)","Trend Micro Internet Security (20230516)","VIPRE Advanced Security (20230516)","Webroot SecureAnywhere (20230516)","Windows Defender (20230516)"]}],"additionalFiles":[],"sources":[{"howFound":"Tesla browser ","reference":"","landingPage":"https://www.drvhub.net/","ipv4":"","ipv6":"","sourceIndex":"1150"},{"howFound":"","reference":"","landingPage":"https://tr.drvhub.net/","ipv4":"","ipv6":"","sourceIndex":"1151"},{"howFound":"","reference":"","landingPage":"https://www.drvhub.net/","ipv4":"","ipv6":"","sourceIndex":"1152"},{"howFound":"","reference":"","landingPage":"https://driverhub.driverscollection.com/","ipv4":"","ipv6":"","sourceIndex":"1153"}],"sampleFiles":["230420/DriverHub-220208/1.3.9.2238/Samples/driver-hub-install__458.exe"],"imageFiles":["230420/DriverHub-220208/1.3.9.2238/Images/ACR-013/DB_Offer_3.JPG","230420/DriverHub-220208/1.3.9.2238/Images/ACR-013/DB_Offer_2.JPG","230420/DriverHub-220208/1.3.9.2238/Images/ACR-013/DB_Offer_1.JPG","230420/DriverHub-220208/1.3.9.2238/Images/ACR-060/DB_Offer_3.JPG","230420/DriverHub-220208/1.3.9.2238/Images/ACR-060/DB_Offer_2.JPG","230420/DriverHub-220208/1.3.9.2238/Images/ACR-060/DB_Offer_1.JPG"],"nonDeceptorImageFiles":[],"guid":"0e014032-55b0-4fc2-b8da-3528e047e8e8_1.3.9.2238_1","appID":"DriverHub-220208","dateAdded":"250708","deceptorType":"App","name":"Driver Hub","company":"ROSTPAY LTD","version":"1.3.9.2238","firstVendorContactDate":"250806","firstAppEsteemReplyDate":"250807","firstResolvedDate":"251014","firstResolvedVersion":"1.4.2","resolved":"TRUE","lastKnownStatus":"1.2.1.1825;1.1.2.1563;1.3.9.2238;1.3.10.2240;1.3.18","lastKnownDate":"250708","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows 7,Windows 8,Windows 10,Windows Vista","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2025-10-14T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":5,"sortOrder":285},{"violations":{"ACR-004":"The application doesn't provide a free fix (recovery and removal) instead offering a subscription that the user needs to pay to fix it.\n"},"nonDeceptorViolations":{"ACR-045":"\"Free Download\" highlights \"Free\" misleads user. The functionality that requires consumer payment in order to be activated needs to be marked clearly in landing page. Otherwise app should remove \"free\" word.\n","ACR-065":"The install does not display links to the EULA and/or Terms of Service, Returns and Cancellation Policy or the Privacy Policy.\nThe application has no link to a webpage that shows the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\n","ACR-161":"The application's internal offer page displays testimonials but does not provide any links back to a source so they can be verified.\n","ACR-171":"The consumer is required to opt-out of additional payment for 4DDiG File Repair and Download Insurance Service which were not pre-disclosed.\n"},"samples":[{"isRevoked":"False","fileName":"4ddig-for-mac_11751590127947191501.dmg","isInstaller":"True","productName":"","productVersion":"","fileVersion":"0.0","hashMD5":"6d900bc36af3c1f0ca170cf336195103","hashSHA1":"e8cabe9932acc6b8bf4692b365bb9bb6d28ae52f","hashSHA256":"2c6130f88e40c7f9afc79e25baae0ca57eeac0003f89eba7b9e820aaad52a29c","sourceIndex":"187","avBlockList":["Avast Security for Mac (20250909)","Avira Security for Mac (20250909)","Norton Security for Mac (20250909)","Sophos Home Premium For Mac (20250909)","SpyHunterforMac (20250909)","Trend Micro Antivirus for Mac (20250909)"],"avAllowList":["Bitdefender Antivirus for Mac (20250909)","ESET Cyber Security Pro for Mac (20250909)","G DATA AntiVirus for Mac (20250909)","K7 Antivirus for Mac (20250909)","Kaspersky Internet Security for Mac (20250909)","McAfee Internet Security for Mac (20250909)"]},{"isRevoked":"False","fileName":"Tenorshare%204DDiG","productName":"","productVersion":"","fileVersion":"0.0","hashMD5":"70facf293933b74e61b108535571f8df","hashSHA1":"ce9d4fbe4dc0e37cfa571c4c95ddb1f0a72028b1","hashSHA256":"eb548662fc64d91e15c4b0bb7783f7f923ceb53b97410c1049203bb80a89f06c","sourceIndex":"187","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"https://www.4ddig.net","landingPage":"https://www.4ddig.net/mac-data-recovery.html","directDownloadingLink":"https://download.tenorshare.net/downloads/4ddig-for-mac_3304.dmg?rnclid=11751590127947191501","ipv4":"","ipv6":"","landingPageWildChar":"","directDownloadingLinkWildChar":"https://download.tenorshare.net/downloads/4ddig-for-mac_3304.dmg?rnclid=11751590127947191501","sourceIndex":"187"}],"sampleFiles":["250707/4DDiGMacDataRecovery-250704/5.6.1/Samples/4ddig-for-mac_11751590127947191501.dmg","250707/4DDiGMacDataRecovery-250704/5.6.1/Samples/Tenorshare%204DDiG"],"imageFiles":["250707/4DDiGMacDataRecovery-250704/5.6.1/Images/ACR-004/app6.png","250707/4DDiGMacDataRecovery-250704/5.6.1/Images/ACR-004/app10.png","250707/4DDiGMacDataRecovery-250704/5.6.1/Images/ACR-004/Offerpage2.png"],"nonDeceptorImageFiles":["250707/4DDiGMacDataRecovery-250704/5.6.1/Images/ACR-065/install.png","250707/4DDiGMacDataRecovery-250704/5.6.1/Images/ACR-065/app12.png","250707/4DDiGMacDataRecovery-250704/5.6.1/Images/ACR-045/LandingPage1.png","250707/4DDiGMacDataRecovery-250704/5.6.1/Images/ACR-171/Tenorshare Checkout.png","250707/4DDiGMacDataRecovery-250704/5.6.1/Images/ACR-161/Official Buy Tenorshare 4DDiG Mac Data Recovery to Recover Deleted Files Mac.png"],"guid":"a5f17065-90f0-4c41-a08a-5b6dea3834d0_5.6.1_1","appID":"4DDiGMacDataRecovery-250704","dateAdded":"250707","deceptorType":"MacOS App","name":"4DDiG Mac Data Recovery","company":"Tenorshare Co., Ltd.","version":"5.6.1","lastKnownDate":"250707","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid,paid","lastUpdate":"2026-05-12T22:59:39.8884674+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":289},{"violations":{"ACR-004":"Application doesn't provide the free fix for the items reported, only allow to remove first 15 items. It requires subscription payment to delete the duplicated items.\n"},"nonDeceptorViolations":{"ACR-045":"“Try it Free\" highlights \"Free\" misleads user. The functionality that requires consumer payment in order to be activated needs to be marked clearly in landing page. Otherwise app should remove \"free\" word.\n","ACR-065":"The install does not display links to the EULA and/or Terms of Service, Returns and Cancellation Policy or the Privacy Policy. \nThe application has no link to a webpage that shows the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\n","ACR-161":"The application's internal offer page displays testimonials but does not provide any links back to a source so they can be verified.\n"},"samples":[{"isRevoked":"False","fileName":"4DDiG%20Duplicate%20File%20Deleter","productName":"","productVersion":"","fileVersion":"0.0","hashMD5":"8f690968027ddee22720f62293e708db","hashSHA1":"2bac9f8d57c12a91a34e2e2c315c6d7afdeee81a","hashSHA256":"0916fe8deaa3af238362765f15c7bacd3f6806484c99629b64e6a32ceace04db","sourceIndex":"188","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"4ddig-duplicate-file-deleter-mac_11751884203400597301.dmg","isInstaller":"True","productName":"","productVersion":"","fileVersion":"0.0","hashMD5":"cdb783d3b7bf82aeea4550f0589bd279","hashSHA1":"9aaa338fef4a2baa5870f92f3a992fb42d3ca86d","hashSHA256":"0646717fd3cefd5f9697135835a2d9b2546c9d0a8bfec69f56ce970288918c9f","sourceIndex":"188","avBlockList":["Avast Security for Mac (20250909)","Avira Security for Mac (20250909)","Norton Security for Mac (20250909)","Sophos Home Premium For Mac (20250909)","SpyHunterforMac (20250909)","Trend Micro Antivirus for Mac (20250909)"],"avAllowList":["Bitdefender Antivirus for Mac (20250909)","ESET Cyber Security Pro for Mac (20250909)","G DATA AntiVirus for Mac (20250909)","K7 Antivirus for Mac (20250909)","Kaspersky Internet Security for Mac (20250909)","McAfee Internet Security for Mac (20250909)"]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"https://www.4ddig.net/","landingPage":"https://www.4ddig.net/duplicate-file-deleter.html","directDownloadingLink":"https://download.tenorshare.net/downloads/4ddig-duplicate-file-deleter-mac_4895.dmg?rnclid=11751884203400597301","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://download.tenorshare.net/downloads/4ddig-duplicate-file-deleter-mac_4895.dmg?rnclid=11751884203400597301","sourceIndex":"188"}],"sampleFiles":["250707/4DDiGMacDuplicateFileDeleter-250707/2.2.6/Samples/4DDiG%20Duplicate%20File%20Deleter","250707/4DDiGMacDuplicateFileDeleter-250707/2.2.6/Samples/4ddig-duplicate-file-deleter-mac_11751884203400597301.dmg"],"imageFiles":["250707/4DDiGMacDuplicateFileDeleter-250707/2.2.6/Images/ACR-004/app5.png","250707/4DDiGMacDuplicateFileDeleter-250707/2.2.6/Images/ACR-004/offerpage1.png","250707/4DDiGMacDuplicateFileDeleter-250707/2.2.6/Images/ACR-004/CheckoutTenorshare.png"],"nonDeceptorImageFiles":["250707/4DDiGMacDuplicateFileDeleter-250707/2.2.6/Images/ACR-065/installs.png","250707/4DDiGMacDuplicateFileDeleter-250707/2.2.6/Images/ACR-065/app2.png","250707/4DDiGMacDuplicateFileDeleter-250707/2.2.6/Images/ACR-045/LandingPage4DDiG Duplicate File Deleter.png","250707/4DDiGMacDuplicateFileDeleter-250707/2.2.6/Images/ACR-161/offerpage.png"],"guid":"8cef5848-094e-4ab4-be75-f8fa2651f53e_2.2.6_1","appID":"4DDiGMacDuplicateFileDeleter-250707","dateAdded":"250707","deceptorType":"MacOS App","name":"4DDiG Mac Duplicate File Deleter","company":"Tenorshare Co., Ltd.","version":"2.2.6","lastKnownDate":"250707","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2025-07-07T22:47:10.6534051+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":288},{"violations":{"ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software.\n","ACR-057":"App doesn't provide clear way for user to decline or Accept\n","ACR-014":"The \"Accept\" checkbox on the Opera Browser offer is used for two things: accepting an offer and accepting Opera as the default browser. The \"Accept\" checkbox is misleading and confusing because the user is easily led to believe that \"accept\" is only for installing Opera and not for changing his system browser default settings.\n","ACR-055":"Accept or Decline for optional offers must be obvious. Unchecking a preselected checkbox is not a straightforward way to indicate a decline.\n","ACR-059":"Offer is not clearly marked as optional, and it is unclear who recommended them or the source of the recommendations. Also, the offer looks part of the install application.\n","ACR-155":"Offer is designed to look like part of the install workflow.\n"},"nonDeceptorViolations":{"ACR-065":"The application has no link to a webpage that shows the EULA and/or Terms of Service and Privacy Policy.\n","ACR-161":"The landing page has testimonials that have no links back to a source so consumers can verify if they're real.\n","ACR-092":"The application has no signed certificate information it is unsigned.\n","ACR-157":"The application has no signed certificate information it is unsigned.\n","ACR-099":"The application has no link to a webpage that shows how to uninstall the app.\n","ACR-054":"The offer comes with a pre-checked checkbox and requires the user the uncheck it in order to decline the offer.\n"},"samples":[{"isRevoked":"False","fileName":"driveridentifier_setup.exe","isInstaller":"True","companyName":"DriverIdentifier                                            ","productName":"DriverIdentifier","productVersion":"6.1","fileVersion":"6.1","hashMD5":"bbb1ab345527b79d388aaf8c413ffe01","hashSHA1":"7d3c7a62404fa0e2aad1343d4a2f9c7b06051846","hashSHA256":"07bb70c93cf1886213c4d89a00c0b88a2fba8dd86e248765831ec7866ce6f67c","sourceIndex":"189","avBlockList":["Avast Premium Security (20250923)","AVG Internet Security (20250923)","Avira Internet Security (20250923)","Bitdefender Internet Security (20250923)","ESET Internet Security (20250923)","FortectPremium (20250923)","G DATA INTERNET SECURITY (20250923)","K7 Total Security (20250923)","KasperskyPremium (20250923)","Malwarebytes Premium (20250923)","Norton Security (20250923)","Panda Dome (20250923)","Sophos Home Premium (20250923)","SpyHunter5 (20250923)","Total AV Antivirus Pro (20250923)","VIPRE Advanced Security (20250923)","VirIT eXplorer PRO (20250923)","Webroot SecureAnywhere (20250923)","Windows Defender (20250923)"],"avAllowList":["360 Total Security (20250923)","COMODO Antivirus (20250923)","Dr.Web Security Space (20250923)","McAfee Total Protection (20250923)","Quick Heal Internet Security (20250923)","Trend Micro Internet Security (20250923)"]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"https://www.driveridentifier.com","landingPage":"https://www.driveridentifier.com","directDownloadingLink":"https://www.driveridentifier.com/files/driveridentifier_setup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.driveridentifier.com/files/driveridentifier_setup.exe","sourceIndex":"189"}],"sampleFiles":["250625/Driveridentifier-250624/6.1/Samples/driveridentifier_setup.exe"],"imageFiles":["250625/Driveridentifier-250624/6.1/Images/ACR-055/install2.png","250625/Driveridentifier-250624/6.1/Images/ACR-013/install2.png","250625/Driveridentifier-250624/6.1/Images/ACR-014/install2.png","250625/Driveridentifier-250624/6.1/Images/ACR-057/install2.png","250625/Driveridentifier-250624/6.1/Images/ACR-059/install2.png","250625/Driveridentifier-250624/6.1/Images/ACR-155/install2.png"],"nonDeceptorImageFiles":["250625/Driveridentifier-250624/6.1/Images/ACR-092/unsigned_1.png","250625/Driveridentifier-250624/6.1/Images/ACR-092/unsigned_2.png","250625/Driveridentifier-250624/6.1/Images/ACR-157/unsigned_1.png","250625/Driveridentifier-250624/6.1/Images/ACR-157/unsigned_2.png","250625/Driveridentifier-250624/6.1/Images/ACR-065/app1.png","250625/Driveridentifier-250624/6.1/Images/ACR-099/app1.png","250625/Driveridentifier-250624/6.1/Images/ACR-161/LandingPage_DriverIdentifier - The most simple & easy driver updating tool.png","250625/Driveridentifier-250624/6.1/Images/ACR-054/install2.png"],"guid":"bbc6e341-0595-4984-b68a-70cebbee841c_6.1_1","appID":"Driveridentifier-250624","dateAdded":"250625","deceptorType":"App","name":"Driver Identifier","company":"Driver Identifier","version":"6.1","lastKnownStatus":"6.1","lastKnownDate":"250625","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 11,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"install offers","lastUpdate":"2025-06-25T17:55:09.5176391+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":290},{"violations":{"ACR-048":"The app does not provide any control to cancel the installation.\n","ACR-014":"1. The app presents an option to use it without a VPN, but requires a subscription to its VPN service to be usable.\n2. The About section's Privacy Policy links to Incognito VPN's Privacy Policy, which does not appear to represent the main app's own policy. The relationship between the main app and Incognito VPN is neither clear nor disclosed. Additionally, it is not made clear during installation that a subscription to this 3rd-party VPN service is required to use the app.\n"},"nonDeceptorViolations":{"ACR-040":"The app installs itself by default in a hidden path \"%AppData%\\Local\\Programs\\\"\n","ACR-065":"The app does not display links to the Terms of Service or EULA, and a working link for the Privacy Policy in the software. Privacy Policy links to google.com.\n","ACR-035":"No EULA/Terms of Service is provided for the app.\n","ACR-014":"With \"free\" VPN mentioned in landing page misleads user. The functionality that requires consumer payment in order to be activated needs to be marked clearly in landing page. Otherwise app should remove \"free\" word.\n"},"samples":[{"isRevoked":"False","fileName":"safe-watch-latest.exe","isInstaller":"True","productName":"safe-watch","productVersion":"1.6.28","fileVersion":"1.6","hashMD5":"a50044f0ed24cc60eaeb3409c84d529c","hashSHA1":"c05bed72a7fc94f9e3b95ab5ea53e0bc8e876d17","hashSHA256":"0e0f3e97fd64909180c44012fee242408b14d7828696663844f561d6e87ffa82","digitalCertThumbprint":"ECDC41D22DDD799264CB32C90B12991C296EEB80","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"OPEN VIDEO, TOV\", O=\"OPEN VIDEO, TOV\", STREET=\"Bud. 2a of. 10, vul.Shmidta\", L=Dnipro, S=Dnipropetrovska Obl., PostalCode=49000, C=UA","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"190","avBlockList":["360 Total Security (20250828)","Avast Premium Security (20250828)","AVG Internet Security (20250828)","Avira Internet Security (20250828)","Bitdefender Internet Security (20250828)","ESET Internet Security (20250828)","FortectPremium (20250828)","G DATA INTERNET SECURITY (20250828)","K7 Total Security (20250828)","Malwarebytes Premium (20250828)","Norton Security (20250828)","Panda Dome (20250828)","Quick Heal Internet Security (20250828)","Sophos Home Premium (20250828)","SpyHunter5 (20250828)","Total AV Antivirus Pro (20250828)","VIPRE Advanced Security (20250828)","Webroot SecureAnywhere (20250828)","Windows Defender (20250828)","VirIT eXplorer PRO (20250828)"],"avAllowList":["COMODO Antivirus (20250828)","Dr.Web Security Space (20250828)","KasperskyPremium (20250828)","McAfee Total Protection (20250828)","Trend Micro Internet Security (20250828)"]},{"isRevoked":"False","fileName":"safe-watch.exe","companyName":"GitHub, Inc.","productName":"safe-watch","productVersion":"1.6.28.0","fileVersion":"1.6","hashMD5":"9ff07fdea36f8e2c5b6bb77a2e5fcd8b","hashSHA1":"335b3285ab8dbaebea243437e9b4d978e24a4f5d","hashSHA256":"6b9070ee36deeb158780ffac39c063dd2bfee5ca36b8c13de7909683bcf72dc9","digitalCertThumbprint":"ECDC41D22DDD799264CB32C90B12991C296EEB80","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"OPEN VIDEO, TOV\", O=\"OPEN VIDEO, TOV\", STREET=\"Bud. 2a of. 10, vul.Shmidta\", L=Dnipro, S=Dnipropetrovska Obl., PostalCode=49000, C=UA","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"190","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"random hunt","reference":"","landingPage":"https://safe-watch.net/","directDownloadingLink":"https://safe-watch.net/safe-watch-latest.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://safe-watch.net/safe-watch-latest.exe","sourceIndex":"190"}],"sampleFiles":["250623/SafeWatch-250623/1.6.28/Samples/safe-watch-latest.exe","250623/SafeWatch-250623/1.6.28/Samples/safe-watch.exe"],"imageFiles":["250623/SafeWatch-250623/1.6.28/Images/ACR-048/ACR-048_Software_1.png","250623/SafeWatch-250623/1.6.28/Images/ACR-014/ACR-014_Software_1.png","250623/SafeWatch-250623/1.6.28/Images/ACR-014/ACR-014_Software_2.png","250623/SafeWatch-250623/1.6.28/Images/ACR-014/ACR-014_Software_3.png","250623/SafeWatch-250623/1.6.28/Images/ACR-014/ACR-014_Software_4.png","250623/SafeWatch-250623/1.6.28/Images/ACR-014/ACR-014_Software_5.png"],"nonDeceptorImageFiles":["250623/SafeWatch-250623/1.6.28/Images/ACR-040/ACR-040_Install_1.png","250623/SafeWatch-250623/1.6.28/Images/ACR-065/ACR-065_Software_1.png","250623/SafeWatch-250623/1.6.28/Images/ACR-065/ACR-065_Software_2.png","250623/SafeWatch-250623/1.6.28/Images/ACR-035/ACR-035_Docs_1.jpeg","250623/SafeWatch-250623/1.6.28/Images/ACR-035/ACR-035_Docs_2.png","250623/SafeWatch-250623/1.6.28/Images/ACR-035/ACR-035_Docs_3.png","250623/SafeWatch-250623/1.6.28/Images/ACR-014/ACR-014_Landing page_1.png"],"guid":"c145ede6-0a4c-4e2a-8e06-056665fa3537_1.6.28_1","appID":"SafeWatch-250623","dateAdded":"250623","deceptorType":"App","name":"Safe Watch","company":"OPEN VIDEO, TOV","version":"1.6.28","lastKnownDate":"250623","type":"Windows Executable","lastUpdate":"2025-06-24T21:31:22.5992755+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":291},{"violations":{"ACR-004":"Application doesn't provide free fix for all items reported, only allow to recover up to 2GB for free. Instead it offers subscription payment to completely recover files scanned.\n"},"nonDeceptorViolations":{"ACR-045":"iBeesoft Free Data Recovery highlights \"Free\" misleads user. The functionality requires consumer to upgrade to subscription to complete recovery for reported items. Otherwise app should remove \"free\" word.\n"},"samples":[{"isRevoked":"False","fileName":"iBeeUI.exe","companyName":"iBeesoft Tech Development Co., Ltd","fileVersion":"3.6","hashMD5":"6a5b7d003ecef43814e44d22ffbf8b05","hashSHA1":"765ef73a5772a161fce1474df83b84251215275a","hashSHA256":"77568e5c752f7ca588e1e5514d397c09a9819ab523cf494aa44db76fa11029a9","digitalCertThumbprint":"3AF2DF731B775FEC3E8689FEFC31EAC4A7BED41F","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=\"Chengdu Weishu Technology Co., Ltd.\", O=\"Chengdu Weishu Technology Co., Ltd.\", L=Chengdu, S=Sichuan, C=CN","sourceIndex":"668","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"iBeesoft-Free-Data-Recovery.exe","isInstaller":"True","companyName":"iBeesoft Tech Co., Ltd                                      ","fileVersion":"4.0","hashMD5":"f9d5f26a532b5c6a18b5a26b27cfd6a5","hashSHA1":"2410fd0461558281122665536df6022a771ff9b4","hashSHA256":"b46d69fd045204f4d20f13e5afb8c34f6c916a37414bab06c68e4c9f5ab9d874","digitalCertThumbprint":"3AF2DF731B775FEC3E8689FEFC31EAC4A7BED41F","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=\"Chengdu Weishu Technology Co., Ltd.\", O=\"Chengdu Weishu Technology Co., Ltd.\", L=Chengdu, S=Sichuan, C=CN","sourceIndex":"668","avBlockList":["360 Total Security (20250619)","Avast Premium Security (20250619)","AVG Internet Security (20250619)","Avira Internet Security (20250619)","ESET Internet Security (20250619)","Norton Security (20250619)","Panda Dome (20250619)","Quick Heal Internet Security (20250619)","Sophos Home Premium (20250619)","SpyHunter5 (20250619)","Total AV Antivirus Pro (20250619)","VirIT eXplorer PRO (20250619)","Webroot SecureAnywhere (20250619)","Windows Defender (20250619)","FortectPremium (20250619)"],"avAllowList":["Bitdefender Internet Security (20250619)","COMODO Antivirus (20250619)","Dr.Web Security Space (20250619)","G DATA INTERNET SECURITY (20250619)","K7 Total Security (20250619)","Kaspersky Internet Security (20240613)","Malwarebytes Premium (20250619)","McAfee Total Protection (20250619)","Trend Micro Internet Security (20250619)","VIPRE Advanced Security (20250619)","KasperskyPremium (20250619)"]}],"additionalFiles":[],"sources":[{"howFound":"random search for recovery apps","reference":"","landingPage":"https://www.ibeesoft.com/free-data-recovery/","directDownloadingLink":"","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"","sourceIndex":"668"}],"sampleFiles":["240329/iBeesoftFreeDataRecovery-240327/4.0/Samples/iBeeUI.exe","240329/iBeesoftFreeDataRecovery-240327/4.0/Samples/iBeesoft-Free-Data-Recovery.exe"],"imageFiles":["240329/iBeesoftFreeDataRecovery-240327/4.0/Images/ACR-004/ACR-004_Software_1.png","240329/iBeesoftFreeDataRecovery-240327/4.0/Images/ACR-004/ACR-004_Software_2.png"],"nonDeceptorImageFiles":[],"guid":"06849a16-4fe6-440e-aef7-ce5003e0a9c3_4.0_1","appID":"iBeesoftFreeDataRecovery-240327","dateAdded":"250618","deceptorType":"App","name":"iBeesoft Free Data Recovery","company":"iBeesoft Tech Development Co., Ltd","version":"4.0","lastKnownStatus":"4.0;4.5","lastKnownDate":"250618","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10,Windows 11","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2025-06-18T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":293},{"violations":{"ACR-004":"Application doesn't provide free fix for all items reported. Instead it requires a subscription to recover any files.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"iBeesoft-Data-Recovery.exe","isInstaller":"True","companyName":"iBeesoft Tech Co., Ltd                                      ","productName":"iBeesoft Data Recovery","productVersion":"4.5.0.0","fileVersion":"4.5","hashMD5":"062808989a2dfac8ad1ebf8da592bf1f","hashSHA1":"b98328c6be26b95961c729025d96e69ae06d76bc","hashSHA256":"ff33dd274c9fba161e766fb26b7689eabd58397b73f18bc0760b5d4180aacb63","digitalCertThumbprint":"3AF2DF731B775FEC3E8689FEFC31EAC4A7BED41F","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=\"Chengdu Weishu Technology Co., Ltd.\", O=\"Chengdu Weishu Technology Co., Ltd.\", L=Chengdu, S=Sichuan, C=CN","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"191","avBlockList":["FortectPremium (20250828)","K7 Total Security (20250828)","Panda Dome (20250828)","Quick Heal Internet Security (20250828)","Sophos Home Premium (20250828)","SpyHunter5 (20250828)","VirIT eXplorer PRO (20250828)","Webroot SecureAnywhere (20250828)","Windows Defender (20250828)"],"avAllowList":["360 Total Security (20250828)","Avast Premium Security (20250828)","AVG Internet Security (20250828)","Avira Internet Security (20250828)","Bitdefender Internet Security (20250828)","COMODO Antivirus (20250828)","Dr.Web Security Space (20250828)","ESET Internet Security (20250828)","G DATA INTERNET SECURITY (20250828)","KasperskyPremium (20250828)","Malwarebytes Premium (20250828)","McAfee Total Protection (20250828)","Norton Security (20250828)","Total AV Antivirus Pro (20250828)","Trend Micro Internet Security (20250828)","VIPRE Advanced Security (20250828)"]},{"isRevoked":"False","fileName":"iBeeUI.exe","companyName":"iBeesoft Tech Development Co., Ltd","productName":"iBeesoft Data Recovery","productVersion":"3,6,0,0","fileVersion":"3.6","hashMD5":"76f282c02566413ccb9e8bbea5dcc24a","hashSHA1":"e0b01241538e2095ecfb1716638d710609e828c2","hashSHA256":"5d783227312fa3ad77727c463faf26e5325f8a9280c6edd35be2f3ac380410c1","digitalCertThumbprint":"3AF2DF731B775FEC3E8689FEFC31EAC4A7BED41F","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=\"Chengdu Weishu Technology Co., Ltd.\", O=\"Chengdu Weishu Technology Co., Ltd.\", L=Chengdu, S=Sichuan, C=CN","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"191","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"random search for recovery apps","reference":"","landingPage":"https://www.ibeesoft.com/free-data-recovery/","directDownloadingLink":"","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"","sourceIndex":"191"}],"sampleFiles":["250618/iBeesoftFreeDataRecovery-240327/4.5/Samples/iBeesoft-Data-Recovery.exe","250618/iBeesoftFreeDataRecovery-240327/4.5/Samples/iBeeUI.exe"],"imageFiles":["250618/iBeesoftFreeDataRecovery-240327/4.5/Images/ACR-004/ACR-004.png","250618/iBeesoftFreeDataRecovery-240327/4.5/Images/ACR-004/subs.png"],"nonDeceptorImageFiles":[],"guid":"06849a16-4fe6-440e-aef7-ce5003e0a9c3_4.5_1","appID":"iBeesoftFreeDataRecovery-240327","dateAdded":"250618","deceptorType":"App","name":"iBeesoft Free Data Recovery","company":"iBeesoft Tech Development Co., Ltd","version":"4.5","lastKnownStatus":"4.0;4.5","lastKnownDate":"250618","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10,Windows 11","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2025-06-18T21:36:28.3511833+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":292},{"violations":{"ACR-048":"Processes (DuplicateFileMonitor.exe and DuplicateDaemon.exe) keep running in background without notification even after application exits.\n","ACR-004":"The application doesn't provide a free fix for all items reported, only allowing to remove 15 duplicate files. It requires subscription payment to delete the duplicated items.\n","ACR-084":"DuplicateFileMonitor.exe and DuplicateDaemon.exe keep running in background without notification even after application exits.\n"},"nonDeceptorViolations":{},"samples":[],"additionalFiles":[],"sources":[{"howFound":"https://www.passfab.net/","reference":"https://www.passfab.net/","landingPage":"https://www.passfab.net/","directDownloadingLink":"https://download.passfab.net/downloads/duplicate-file-deleter_3568.exe?rnclid=11748344010511174801","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://download.passfab.net/downloads/duplicate-file-deleter_3568.exe?rnclid=11748344010511174801","sourceIndex":"193"}],"sampleFiles":[],"imageFiles":["250613/PassFabDuplicateFile-250527/3.0.10/Images/ACR-004/offerpage.jpeg","250613/PassFabDuplicateFile-250527/3.0.10/Images/ACR-004/app8.png","250613/PassFabDuplicateFile-250527/3.0.10/Images/ACR-084/running process.png","250613/PassFabDuplicateFile-250527/3.0.10/Images/ACR-048/running process.png"],"nonDeceptorImageFiles":[],"guid":"0fea193e-0553-484c-a736-a2e8205b984b_3.0.10_1","appID":"PassFabDuplicateFile-250527","dateAdded":"250613","deceptorType":"App","name":"PassFab Duplicate File Deleter","company":"PassFab","version":"3.0.10","lastKnownDate":"250613","type":"Windows Executable","lastUpdate":"2025-06-13T22:46:28.1372762+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":294},{"violations":{"ACR-043":"App installs 3rd party components such as ffpmeg without disclosing to the user.\n","ACR-004":"App shows free scan results but does not allow user to implement a fix (i.e. delete files) for free. Instead, it prompts user to pay for a subscription.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"KSWinCleanerIns_031_312.exe","isInstaller":"True","companyName":"Kingshiper","productName":"Kingshiper PC Cleaner","productVersion":"3.1.2.0","fileVersion":"3.1","hashMD5":"ea3199708e9c779bb01417be4459cf3c","hashSHA1":"71a377e30eaa1b5e671761a107e67f9fcd9c7439","hashSHA256":"9692b56e64a5b5bbeb8eb1c6deb7bf41fedf42b8209532a7c88091f19529fecd","digitalCertThumbprint":"CF714365888F38D1C93AC47AD846AC92087134F7","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=\"Jiangxia Information Technology (Huizhou) Co., Ltd.\", O=\"Jiangxia Information Technology (Huizhou) Co., Ltd.\", L=Huizhou, S=Guangdong Province, C=CN, SERIALNUMBER=91441302MA4X2E1MX8, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.1=Huizhou, OID.1.3.6.1.4.1.311.60.2.1.2=Guangdong Province, OID.1.3.6.1.4.1.311.60.2.1.3=CN","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"194","avBlockList":["COMODO Antivirus (20250828)","ESET Internet Security (20250828)","FortectPremium (20250828)","K7 Total Security (20250828)","Malwarebytes Premium (20250828)","Panda Dome (20250828)","Sophos Home Premium (20250828)","SpyHunter5 (20250828)","VirIT eXplorer PRO (20250828)","Webroot SecureAnywhere (20250828)","Windows Defender (20250828)"],"avAllowList":["360 Total Security (20250828)","Avast Premium Security (20250828)","AVG Internet Security (20250828)","Avira Internet Security (20250828)","Bitdefender Internet Security (20250828)","Dr.Web Security Space (20250828)","G DATA INTERNET SECURITY (20250828)","KasperskyPremium (20250828)","McAfee Total Protection (20250828)","Norton Security (20250828)","Quick Heal Internet Security (20250828)","Total AV Antivirus Pro (20250828)","Trend Micro Internet Security (20250828)","VIPRE Advanced Security (20250828)"]},{"isRevoked":"False","fileName":"KSWinCleaner.exe","companyName":"Kingshiper Software Co., Ltd.","productName":"Kingshiper PC Cleaner","productVersion":"3.1.2.0","fileVersion":"3.1","hashMD5":"f05f23cc6e15c5191aa77cee4cf5a286","hashSHA1":"e456c467dbd9fddf36977fbcae13b852eb8e0fbf","hashSHA256":"2014bea4153042115d5ed5298b2820e25acc6b3ae1943f225c4022710d9a7b57","digitalCertThumbprint":"CF714365888F38D1C93AC47AD846AC92087134F7","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=\"Jiangxia Information Technology (Huizhou) Co., Ltd.\", O=\"Jiangxia Information Technology (Huizhou) Co., Ltd.\", L=Huizhou, S=Guangdong Province, C=CN, SERIALNUMBER=91441302MA4X2E1MX8, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.1=Huizhou, OID.1.3.6.1.4.1.311.60.2.1.2=Guangdong Province, OID.1.3.6.1.4.1.311.60.2.1.3=CN","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"194","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"same vendor as other deceptor","reference":"","landingPage":"https://www.kingshiper.com/pccleaner","directDownloadingLink":"https://download.kingshiper.com/KSWinCleanerIns/KSWinCleanerIns_031_312.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://download.kingshiper.com/KSWinCleanerIns/KSWinCleanerIns_031_312.exe","sourceIndex":"194"}],"sampleFiles":["250612/Kingshiperpccleaner-250612/3.1.2/Samples/KSWinCleanerIns_031_312.exe","250612/Kingshiperpccleaner-250612/3.1.2/Samples/KSWinCleaner.exe"],"imageFiles":["250612/Kingshiperpccleaner-250612/3.1.2/Images/ACR-043/ffmpeg.png","250612/Kingshiperpccleaner-250612/3.1.2/Images/ACR-004/freelimits.png","250612/Kingshiperpccleaner-250612/3.1.2/Images/ACR-004/results.png","250612/Kingshiperpccleaner-250612/3.1.2/Images/ACR-004/subs.png"],"nonDeceptorImageFiles":[],"guid":"28b582d2-c896-433f-b8b6-21fcc44cf226_3.1.2_1","appID":"Kingshiperpccleaner-250612","dateAdded":"250612","deceptorType":"App","name":"Kingshiper PC Cleaner","company":"Jiangxia Information Technology (Huizhou) Co., Ltd.","version":"3.1.2","lastKnownStatus":"3.1.2","lastKnownDate":"250612","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 7,Windows 8,Windows 11,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2025-06-12T22:01:04.5458083+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":295},{"violations":{"ACR-004":"The application does not offer free fixes for all reported items. It only allows the removal of up to 20 duplicate files for free. To fully resolve all identified duplicates, a subscription payment is required.\n"},"nonDeceptorViolations":{"ACR-017":"User reviews need to be backed with original links. If the reviews from user are received from user via customer support, such reviews need to be backed with date at least.\n"},"samples":[{"isRevoked":"False","fileName":"iBeesoft-Duplicate-File-Finder.exe","isInstaller":"True","companyName":"Chengdu Weishu Technology Co., Ltd.                         ","productName":"Duplicate File Finder","productVersion":"4.5","fileVersion":"4.5","hashMD5":"0dfd7ab82f0d506ce56456d990cb6dca","hashSHA1":"d544a05a5fe249bd2803d4ff6adbd9cc991fe0ab","hashSHA256":"3f3a08afeb2e9ad4714a515ff56d5954f2707d633b0e410556661b6eed99c696","digitalCertThumbprint":"3AF2DF731B775FEC3E8689FEFC31EAC4A7BED41F","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=\"Chengdu Weishu Technology Co., Ltd.\", O=\"Chengdu Weishu Technology Co., Ltd.\", L=Chengdu, S=Sichuan, C=CN","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"195","avBlockList":["FortectPremium (20250902)","K7 Total Security (20250902)","Malwarebytes Premium (20250902)","Panda Dome (20250902)","Sophos Home Premium (20250902)","SpyHunter5 (20250902)","VirIT eXplorer PRO (20250902)","Webroot SecureAnywhere (20250902)","Windows Defender (20250902)"],"avAllowList":["360 Total Security (20250902)","Avast Premium Security (20250902)","AVG Internet Security (20250902)","Avira Internet Security (20250902)","Bitdefender Internet Security (20250902)","COMODO Antivirus (20250902)","Dr.Web Security Space (20250902)","ESET Internet Security (20250902)","G DATA INTERNET SECURITY (20250902)","KasperskyPremium (20250902)","McAfee Total Protection (20250902)","Norton Security (20250902)","Quick Heal Internet Security (20250902)","Total AV Antivirus Pro (20250902)","Trend Micro Internet Security (20250902)","VIPRE Advanced Security (20250902)"]},{"isRevoked":"False","fileName":"iBeesoft.exe","companyName":"iBeesoft","productName":"Duplicate File Finder","productVersion":"4.5.0.0","fileVersion":"4.0","hashMD5":"78f4634783e95278ea0ee6d363c7467f","hashSHA1":"c11f996bbac9c9e15ca985f4f77c1bd73e0e374e","hashSHA256":"2f90a0007255a9fd2a07a44b1ed2c8e692f95506b46e7bd5823e4fb6e6697c77","digitalCertThumbprint":"3AF2DF731B775FEC3E8689FEFC31EAC4A7BED41F","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=\"Chengdu Weishu Technology Co., Ltd.\", O=\"Chengdu Weishu Technology Co., Ltd.\", L=Chengdu, S=Sichuan, C=CN","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"195","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"random search","reference":"","landingPage":"https://www.ibeesoft.com/duplicate-file-finder/","directDownloadingLink":"https://download.ibeesoft.com/iBeesoft-Duplicate-File-Finder.exe?_gl=1*1azmagd*_ga*YW1wLTQ0Q0p6QTQyNTdXR2lxS2hQQWZmdEE.*_ga_4FNWJ5PV2S*MTcyODY3MzMyMS4xLjEuMTcyODY3MzM0Ni4wLjAuMA..","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://download.ibeesoft.com/iBeesoft-Duplicate-File-Finder.exe?_gl=1*1azmagd*_ga*YW1wLTQ0Q0p6QTQyNTdXR2lxS2hQQWZmdEE.*_ga_4FNWJ5PV2S*MTcyODY3MzMyMS4xLjEuMTcyODY3MzM0Ni4wLjAuMA..","sourceIndex":"195"}],"sampleFiles":["250612/iBeesoftDuplicateFileFinder-241011/4.5/Samples/iBeesoft-Duplicate-File-Finder.exe","250612/iBeesoftDuplicateFileFinder-241011/4.5/Samples/iBeesoft.exe"],"imageFiles":["250612/iBeesoftDuplicateFileFinder-241011/4.5/Images/ACR-004/004.png","250612/iBeesoftDuplicateFileFinder-241011/4.5/Images/ACR-004/004_2.png"],"nonDeceptorImageFiles":["250612/iBeesoftDuplicateFileFinder-241011/4.5/Images/ACR-017/user reviews.png"],"guid":"e68e5a7d-51e5-438e-8b9c-60a696bf7716_4.5_1","appID":"iBeesoftDuplicateFileFinder-241011","dateAdded":"250612","deceptorType":"App","name":"iBeesoft Duplicate File Finder","company":"iBeesoft Tech Development Co., Ltd","version":"4.5","lastKnownStatus":"4.0;4.5","lastKnownDate":"250612","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10,Windows 11","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2026-05-12T22:59:40.1396792+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":296},{"violations":{"ACR-004":"The application does not offer free fixes for all reported items. It only allows the removal of up to 20 duplicate files for free. To fully resolve all identified duplicates, a subscription payment is required.\n"},"nonDeceptorViolations":{"ACR-017":"User reviews need to be backed with original links. If the reviews from user are received from user via customer support, such reviews need to be backed with date at least.\n"},"samples":[{"isRevoked":"False","fileName":"iBeesoft-Duplicate-File-Finder.exe","isInstaller":"True","companyName":"iBeesoft Tech Co., Ltd                                      ","fileVersion":"4.0","hashMD5":"b3de724eb2f62eb0ddd5fa7b2701b5af","hashSHA1":"f54848cba6e79172915421fdcfb34f12d091fac7","hashSHA256":"6c46896c3a45c43eece68f66e438efc627d86f8bf85a0a9d537404b96cfe82f8","digitalCertThumbprint":"3AF2DF731B775FEC3E8689FEFC31EAC4A7BED41F","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=\"Chengdu Weishu Technology Co., Ltd.\", O=\"Chengdu Weishu Technology Co., Ltd.\", L=Chengdu, S=Sichuan, C=CN","sourceIndex":"513","avBlockList":["360 Total Security (20241226)","ESET Internet Security (20241226)","FortectPremium (20241226)","K7 Total Security (20241226)","Malwarebytes Premium (20241226)","Panda Dome (20241226)","Quick Heal Internet Security (20241226)","Sophos Home Premium (20241226)","SpyHunter5 (20241226)","VirIT eXplorer PRO (20241226)","Webroot SecureAnywhere (20241226)"],"avAllowList":["Avast Premium Security (20241226)","AVG Internet Security (20241226)","Avira Internet Security (20241226)","Bitdefender Internet Security (20241226)","COMODO Antivirus (20241226)","Dr.Web Security Space (20241226)","G DATA INTERNET SECURITY (20241226)","KasperskyPremium (20241226)","McAfee Total Protection (20241226)","Norton Security (20241226)","Total AV Antivirus Pro (20241226)","Trend Micro Internet Security (20241226)","VIPRE Advanced Security (20241226)","Windows Defender (20241226)"]},{"isRevoked":"False","fileName":"iBeesoft.exe","companyName":"iBeesoft","fileVersion":"4.0","hashMD5":"92c20d88db6aec263cf4f248a9281898","hashSHA1":"c514a28be0971a1664d6161558c966afaa5378a3","hashSHA256":"74760b9a82f5e19df9e4e8a35d9ffe9c149f0869ec90f4207adaf946c1901d1b","digitalCertThumbprint":"3AF2DF731B775FEC3E8689FEFC31EAC4A7BED41F","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=\"Chengdu Weishu Technology Co., Ltd.\", O=\"Chengdu Weishu Technology Co., Ltd.\", L=Chengdu, S=Sichuan, C=CN","sourceIndex":"513","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"random search","reference":"","landingPage":"https://www.ibeesoft.com/duplicate-file-finder/","directDownloadingLink":"https://download.ibeesoft.com/iBeesoft-Duplicate-File-Finder.exe?_gl=1*1azmagd*_ga*YW1wLTQ0Q0p6QTQyNTdXR2lxS2hQQWZmdEE.*_ga_4FNWJ5PV2S*MTcyODY3MzMyMS4xLjEuMTcyODY3MzM0Ni4wLjAuMA..","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://download.ibeesoft.com/iBeesoft-Duplicate-File-Finder.exe?_gl=1*1azmagd*_ga*YW1wLTQ0Q0p6QTQyNTdXR2lxS2hQQWZmdEE.*_ga_4FNWJ5PV2S*MTcyODY3MzMyMS4xLjEuMTcyODY3MzM0Ni4wLjAuMA..","sourceIndex":"513"}],"sampleFiles":["241014/iBeesoftDuplicateFileFinder-241011/4.0/Samples/iBeesoft-Duplicate-File-Finder.exe","241014/iBeesoftDuplicateFileFinder-241011/4.0/Samples/iBeesoft.exe"],"imageFiles":["241014/iBeesoftDuplicateFileFinder-241011/4.0/Images/ACR-004/ACR-004_Software_1.png","241014/iBeesoftDuplicateFileFinder-241011/4.0/Images/ACR-004/ACR-004_Software_2.png","241014/iBeesoftDuplicateFileFinder-241011/4.0/Images/ACR-004/ACR-004_Software_3.png"],"nonDeceptorImageFiles":["241014/iBeesoftDuplicateFileFinder-241011/4.0/Images/ACR-017/ACR-017_Landing page_1.jpeg"],"guid":"e68e5a7d-51e5-438e-8b9c-60a696bf7716_4.0_1","appID":"iBeesoftDuplicateFileFinder-241011","dateAdded":"250612","deceptorType":"App","name":"iBeesoft Duplicate File Finder","company":"iBeesoft Tech Development Co., Ltd","version":"4.0","lastKnownStatus":"4.0;4.5","lastKnownDate":"250612","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10,Windows 11","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2026-05-12T22:59:49.3638626+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":297},{"violations":{"ACR-042":"Open source projects \"FFmpeg\" and \"Qt5\" are installed without any disclosure in EULA.\n","ACR-048":"The app does not provide any control to cancel the installation.\n","ACR-004":"The application doesn't provide a free fix (recovery) instead offering a subscription that the user needs to pay to fix it.\n","ACR-097":"The app adds an exception for Windows firewall without disclosing relevant info and getting consent from the user.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components it installed on the device without the consumer's consent or notifying the user.\n"},"nonDeceptorViolations":{"ACR-040":"The app drops some of its components in a hidden folder.\n","ACR-123":"Even after a reboot and uninstall, the application did not remove itself from the firewall exception that was added during installation.\n"},"samples":[{"isRevoked":"False","fileName":"recoverit_setup_full4134.exe","isInstaller":"True","companyName":"","productName":"Recoverit - Data Recovery","productVersion":"12.6.1","fileVersion":"4.0.4.22","hashMD5":"3d49b2716591479ff73a6ba9ddaca628","hashSHA1":"fad3bca592b4ae993256bdb8c792087bbe1d8b7b","hashSHA256":"c216bfc8ee9d1fe4cf681672a6579f588a517be5d7b309c995edfac3c4440007","digitalCertThumbprint":"3690603490F6A3D62A29DF22F687AFCC4FCF8697","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Wondershare Technology Group Co.Ltd","storeId":"","sourceIndex":"613","avBlockList":["360 Total Security (20240723)","Avast Premium Security (20240723)","AVG Internet Security (20240723)","Avira Internet Security (20240723)","ESET Internet Security (20240723)","FortectPremium (20240723)","G DATA INTERNET SECURITY (20240723)","K7 Total Security (20240723)","Norton Security (20240723)","Quick Heal Internet Security (20240723)","Sophos Home Premium (20240723)","SpyHunter5 (20240723)","Total AV Antivirus Pro (20240723)","VirIT eXplorer PRO (20240723)","Webroot SecureAnywhere (20240723)","Windows Defender (20240723)"],"avAllowList":["Bitdefender Internet Security (20240723)","COMODO Antivirus (20240723)","Dr.Web Security Space (20240723)","Kaspersky Internet Security (20240723)","Malwarebytes Premium (20240723)","McAfee Total Protection (20240723)","Panda Dome (20240723)","Trend Micro Internet Security (20240723)","VIPRE Advanced Security (20240723)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt on Data recovery applications","reference":"","landingPage":"https://recoverit.wondershare.com/data-recovery-win.html","directDownloadingLink":"https://download.wondershare.com/recoverit_full4134.exe?extra_param=eyJidXlfdHlwZSI6ImFwcF90b193ZWIiLCJjb2RlX3R5cGUiOiIyIiwiZGV2aWNlX2lkIjoiezA0MWE4MGMwLTVhMDItNGQ2Zi05MGExLWEzMmVjMmM3NjYxNEd9IiwicGlkIjoiNDEzNCIsInBsYXRmb3JtIjoid2luIiwic2hvcHBpbmdfaWQiOiIxNzEwMjQwMTQ2NTQ3XzE5MzE5MyIsInRpZCI6IlVBXzg5NzgyMzUwXzkiLCJ0eXBlIjoiZHJfY2xpZW50X2luZm8ifQ==","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://download.wondershare.com/recoverit_full4134.exe?extra_param=eyJidXlfdHlwZSI6ImFwcF90b193ZWIiLCJjb2RlX3R5cGUiOiIyIiwiZGV2aWNlX2lkIjoiezA0MWE4MGMwLTVhMDItNGQ2Zi05MGExLWEzMmVjMmM3NjYxNEd9IiwicGlkIjoiNDEzNCIsInBsYXRmb3JtIjoid2luIiwic2hvcHBpbmdfaWQiOiIxNzEwMjQwMTQ2NTQ3XzE5MzE5MyIsInRpZCI6IlVBXzg5NzgyMzUwXzkiLCJ0eXBlIjoiZHJfY2xpZW50X2luZm8ifQ==","sourceIndex":"613"}],"sampleFiles":["240704/WondershareRecoverit-240312/12.6.1.1/Samples/recoverit_setup_full4134.exe"],"imageFiles":["240704/WondershareRecoverit-240312/12.6.1.1/Images/ACR-042/ACR-042.PNG","240704/WondershareRecoverit-240312/12.6.1.1/Images/ACR-042/ACR-042_1.PNG","240704/WondershareRecoverit-240312/12.6.1.1/Images/ACR-048/ACR-048.PNG","240704/WondershareRecoverit-240312/12.6.1.1/Images/ACR-004/ACR-004.PNG","240704/WondershareRecoverit-240312/12.6.1.1/Images/ACR-097/ACR-097.PNG","240704/WondershareRecoverit-240312/12.6.1.1/Images/ACR-118/ACR-118.PNG","240704/WondershareRecoverit-240312/12.6.1.1/Images/ACR-118/ACR-118_1.PNG"],"nonDeceptorImageFiles":["240704/WondershareRecoverit-240312/12.6.1.1/Images/ACR-040/ACR-040.PNG","240704/WondershareRecoverit-240312/12.6.1.1/Images/ACR-123/ACR-123.PNG"],"guid":"5c9d2e1c-174f-493d-a1a5-bb898f962097_12.6.1.1_1","appID":"WondershareRecoverit-240312","dateAdded":"250605","deceptorType":"App","name":"Wondershare Recoverit","company":"Wondershare Technology Group Co.,Ltd","version":"12.6.1.1","lastKnownStatus":"12.0.25.7;12.0.27.8;12.6.0.7;12.6.1.1;13.0.1.6;13.0.2.9;13.0.5.5;13.5.18","lastKnownDate":"250605","type":"Windows Executable","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10,Windows 11","targetBrowser":"None","lastUpdate":"2025-06-05T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":8,"sortOrder":302},{"violations":{"ACR-042":"Open source projects \"FFmpeg\" and \"Qt5\" are installed without any disclosure in EULA.\n","ACR-048":"The app does not provide any control to cancel the installation.\n","ACR-004":"The application doesn't provide a free fix (recovery) instead offering a subscription that the user needs to pay to fix it.\n","ACR-097":"The app adds an exception for Windows firewall without disclosing relevant info and getting consent from the user.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components it installed on the device without the consumer's consent or notifying the user.\n"},"nonDeceptorViolations":{"ACR-040":"The app drops some of its components in a hidden folder.\n","ACR-123":"Even after a reboot and uninstall, the application did not remove itself from the firewall exception that was added during installation.\n"},"samples":[{"isRevoked":"False","fileName":"recoverit_setup_full4134.exe","isInstaller":"True","companyName":"","productName":"Recoverit - Data Recovery","productVersion":"12.0.22","fileVersion":"4.0.4.21","hashMD5":"fcb7f4c3e7ff9ba0f2bce35d5ea0d6cf","hashSHA1":"6228b4ddd562c21d7e0d0bb4c1f16eec81acca19","hashSHA256":"1ffee60464033ddd07dce161cf0f70b0319d4e18671159c820736cea1f1c6f84","digitalCertThumbprint":"3690603490F6A3D62A29DF22F687AFCC4FCF8697","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Wondershare Technology Group Co.Ltd","storeId":"","sourceIndex":"619","avBlockList":["360 Total Security (20240820)","Avast Premium Security (20240820)","AVG Internet Security (20240820)","Avira Internet Security (20240820)","ESET Internet Security (20240820)","FortectPremium (20240820)","K7 Total Security (20240820)","Norton Security (20240820)","Quick Heal Internet Security (20240820)","Sophos Home Premium (20240820)","SpyHunter5 (20240820)","Total AV Antivirus Pro (20240820)","VirIT eXplorer PRO (20240820)","Webroot SecureAnywhere (20240820)","Windows Defender (20240820)"],"avAllowList":["Bitdefender Internet Security (20240820)","COMODO Antivirus (20240820)","Dr.Web Security Space (20240820)","G DATA INTERNET SECURITY (20240820)","KasperskyPremium (20240820)","Malwarebytes Premium (20240820)","McAfee Total Protection (20240820)","Panda Dome (20240820)","Trend Micro Internet Security (20240820)","VIPRE Advanced Security (20240820)"]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on windows app","reference":"","landingPage":"https://recoverit.wondershare.com/data-recovery-win.html","directDownloadingLink":"https://download.wondershare.com/recoverit_full4134.exe?_ga=2.154118655.652467009.1718178218-1869656262.1718178218&_gl=1*cgmmzw*_gcl_au*MTEwODA3MjE0Ny4xNzE4MTc4MTgz*_ga*MjAyMTA0MTQyMi4xNzE4MTc4MTc0*_ga_24WTSJBD5B*MTcxODE3ODE5MC4xLjEuMTcxODE3ODM5NC42LjAuMTE0NTEwNTkyMw..","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://download.wondershare.com/recoverit_full4134.exe?_ga=2.154118655.652467009.1718178218-1869656262.1718178218&_gl=1*cgmmzw*_gcl_au*MTEwODA3MjE0Ny4xNzE4MTc4MTgz*_ga*MjAyMTA0MTQyMi4xNzE4MTc4MTc0*_ga_24WTSJBD5B*MTcxODE3ODE5MC4xLjEuMTcxODE3ODM5NC42LjAuMTE0NTEwNTkyMw..","sourceIndex":"619"}],"sampleFiles":["240625/WondershareRecoverit-240312/12.6.0.7/Samples/recoverit_setup_full4134.exe"],"imageFiles":["240625/WondershareRecoverit-240312/12.6.0.7/Images/ACR-042/ACR-042.PNG","240625/WondershareRecoverit-240312/12.6.0.7/Images/ACR-042/ACR-042_1.PNG","240625/WondershareRecoverit-240312/12.6.0.7/Images/ACR-048/ACR-048.PNG","240625/WondershareRecoverit-240312/12.6.0.7/Images/ACR-004/ACR-004.PNG","240625/WondershareRecoverit-240312/12.6.0.7/Images/ACR-097/ACR-097.PNG","240625/WondershareRecoverit-240312/12.6.0.7/Images/ACR-118/ACR-118.PNG","240625/WondershareRecoverit-240312/12.6.0.7/Images/ACR-118/ACR-118_1.PNG"],"nonDeceptorImageFiles":["240625/WondershareRecoverit-240312/12.6.0.7/Images/ACR-040/ACR-040.PNG","240625/WondershareRecoverit-240312/12.6.0.7/Images/ACR-123/ACR-123.PNG"],"guid":"5c9d2e1c-174f-493d-a1a5-bb898f962097_12.6.0.7_1","appID":"WondershareRecoverit-240312","dateAdded":"250605","deceptorType":"App","name":"Wondershare Recoverit","company":"Wondershare Technology Group Co.,Ltd","version":"12.6.0.7","lastKnownStatus":"12.0.25.7;12.0.27.8;12.6.0.7;12.6.1.1;13.0.1.6;13.0.2.9;13.0.5.5;13.5.18","lastKnownDate":"250605","type":"Windows Executable","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10,Windows 11","targetBrowser":"None","lastUpdate":"2025-06-05T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":8,"sortOrder":303},{"violations":{"ACR-109":"The application silently installs \"Wondershare NativePush\" without user awareness and no disclosing the relationship to the app during installation, \n","ACR-042":"1. The application silently installs the \"Wondershare NativePush\" without disclosing the relationship to the app during installation. \n2. Open source projects \"FFmpeg\" and \"Qt5\" are installed without any disclosure in EULA.\n","ACR-043":"The application silently installs the \"Wondershare NativePush\" without disclosing the relationship to the app during installation. \n\n","ACR-048":"The app does not provide any control to cancel the installation.\nThe app does not provide any control to remove the background process and quit the app completely within the app's settings.\n","ACR-004":"The application doesn't provide a free fix (recovery) instead offering a subscription that the user needs to pay to fix it.\n","ACR-084":"On closing the app, application doesn't exit completely. It runs silently in the background, hiding the fact that it is active from the consumer without any notification.\n","ACR-097":"The app adds an exception for Windows firewall to lower default default system security posture without disclosing relevant info and get consent from user.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components it installed on the device without the consumer's consent or notifying the user.\n","ACR-039":"The app installs the \"Wondershare NativePush\" without disclosing the relationship to the app during installation.\n"},"nonDeceptorViolations":{"ACR-040":"The app drops some of its components in a hidden folder.\n","ACR-123":"Even after a reboot and uninstall, the application did not remove itself from the firewall exception that was added during installation.\n"},"samples":[{"isRevoked":"False","fileName":"recoverit_setup_full4134.exe","isInstaller":"True","companyName":"","productName":"Recoverit - Data Recovery","productVersion":"12.0.22","fileVersion":"4.0.4.18","hashMD5":"a5c022d21880b8e3d4a06972b1be1e01","hashSHA1":"be67b8900ae1e954ef302f8ade4255bd6be06766","hashSHA256":"e5d8685516b672d4774633396c8115fa6d113ff6989a64eb10d3598b676b1a7a","digitalCertThumbprint":"F61CA74F7B4B27007B4AE9825131DD6FB675B1D0","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Wondershare Technology Group Co.Ltd","storeId":"","sourceIndex":"661","avBlockList":["360 Total Security (20240606)","Avast Premium Security (20240606)","AVG Internet Security (20240606)","Avira Internet Security (20240606)","Bitdefender Internet Security (20240606)","ESET Internet Security (20240606)","K7 Total Security (20240606)","Norton Security (20240606)","Panda Dome (20240606)","Quick Heal Internet Security (20240606)","Sophos Home Premium (20240606)","SpyHunter5 (20240606)","Total AV Antivirus Pro (20240606)","VIPRE Advanced Security (20240606)","VirIT eXplorer PRO (20240606)","Webroot SecureAnywhere (20240606)"],"avAllowList":["COMODO Antivirus (20240606)","Dr.Web Security Space (20240606)","G DATA INTERNET SECURITY (20240606)","Kaspersky Internet Security (20240606)","Malwarebytes Premium (20240606)","McAfee Total Protection (20240606)","Trend Micro Internet Security (20240606)","Windows Defender (20240606)"]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on windows app","reference":"","landingPage":"https://recoverit.wondershare.com/data-recovery-win.html","directDownloadingLink":"https://download.wondershare.com/recoverit_full4134.exe?_gl=1*8mhhe0*_gcl_au*NzcyODAxNjIxLjE3MTI1ODMxNTY.*_ga*MTgzNzg3NjMxOC4xNzEyNTgzMTYx*_ga_24WTSJBD5B*MTcxMjU4NzA4NC4yLjAuMTcxMjU4NzE0Mi4yLjAuNzE4MzQyNTEy&_ga=2.221668254.764255082.1712583164-1837876318.1712583161","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://download.wondershare.com/recoverit_full4134.exe?_gl=1*8mhhe0*_gcl_au*NzcyODAxNjIxLjE3MTI1ODMxNTY.*_ga*MTgzNzg3NjMxOC4xNzEyNTgzMTYx*_ga_24WTSJBD5B*MTcxMjU4NzA4NC4yLjAuMTcxMjU4NzE0Mi4yLjAuNzE4MzQyNTEy&_ga=2.221668254.764255082.1712583164-1837876318.1712583161","sourceIndex":"661"}],"sampleFiles":["240411/WondershareRecoverit-240312/12.0.27.8/Samples/recoverit_setup_full4134.exe"],"imageFiles":["240411/WondershareRecoverit-240312/12.0.27.8/Images/ACR-109/ACR-109.PNG","240411/WondershareRecoverit-240312/12.0.27.8/Images/ACR-039/ACR-039.PNG","240411/WondershareRecoverit-240312/12.0.27.8/Images/ACR-043/ACR-043.PNG","240411/WondershareRecoverit-240312/12.0.27.8/Images/ACR-042/ACR-042.PNG","240411/WondershareRecoverit-240312/12.0.27.8/Images/ACR-042/ACR-042_1.PNG","240411/WondershareRecoverit-240312/12.0.27.8/Images/ACR-042/ACR-042_2.PNG","240411/WondershareRecoverit-240312/12.0.27.8/Images/ACR-048/ACR-048.PNG","240411/WondershareRecoverit-240312/12.0.27.8/Images/ACR-004/ACR-004.PNG","240411/WondershareRecoverit-240312/12.0.27.8/Images/ACR-004/ACR-004_1.PNG","240411/WondershareRecoverit-240312/12.0.27.8/Images/ACR-084/ACR-084.PNG","240411/WondershareRecoverit-240312/12.0.27.8/Images/ACR-084/ACR-084_1.PNG","240411/WondershareRecoverit-240312/12.0.27.8/Images/ACR-097/ACR-097.PNG","240411/WondershareRecoverit-240312/12.0.27.8/Images/ACR-048/ACR-048_Software.PNG","240411/WondershareRecoverit-240312/12.0.27.8/Images/ACR-048/ACR-048_Software_1.PNG","240411/WondershareRecoverit-240312/12.0.27.8/Images/ACR-118/ACR-118.PNG","240411/WondershareRecoverit-240312/12.0.27.8/Images/ACR-118/ACR-118_1.PNG","240411/WondershareRecoverit-240312/12.0.27.8/Images/ACR-118/ACR-118_2.PNG"],"nonDeceptorImageFiles":["240411/WondershareRecoverit-240312/12.0.27.8/Images/ACR-040/ACR-040.PNG","240411/WondershareRecoverit-240312/12.0.27.8/Images/ACR-123/ACR-123.PNG"],"guid":"5c9d2e1c-174f-493d-a1a5-bb898f962097_12.0.27.8_1","appID":"WondershareRecoverit-240312","dateAdded":"250605","deceptorType":"App","name":"Wondershare Recoverit","company":"Wondershare Technology Group Co.,Ltd","version":"12.0.27.8","lastKnownStatus":"12.0.25.7;12.0.27.8;12.6.0.7;12.6.1.1;13.0.1.6;13.0.2.9;13.0.5.5;13.5.18","lastKnownDate":"250605","type":"Windows Executable","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10,Windows 11","targetBrowser":"None","lastUpdate":"2025-06-05T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":8,"sortOrder":304},{"violations":{"ACR-109":"The application silently installs \"Wondershare NativePush\" without user awareness and no disclosing the relationship to the app during installation, \n","ACR-042":"1. The application silently installs the \"Wondershare NativePush\" without disclosing the relationship to the app during installation. \n2. Open source projects \"FFmpeg\" and \"Qt5\" are installed without any disclosure in EULA.\n","ACR-043":"The application silently installs the \"Wondershare NativePush\" without disclosing the relationship to the app during installation. \n\n","ACR-048":"The app does not provide any control to cancel the installation.\nThe app does not provide any control to remove the background process and quit the app completely within the app's settings.\n","ACR-004":"The application doesn't provide a free fix (recovery) instead offering a subscription that the user needs to pay to fix it.\n","ACR-084":"On closing the app, application doesn't exit completely. It runs silently in the background, hiding the fact that it is active from the consumer without any notification.\n","ACR-097":"The app adds an exception for Windows firewall to lower default default system security posture without disclosing relevant info and get consent from user.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components it installed on the device without the consumer's consent or notifying the user.\n","ACR-039":"The app installs the \"Wondershare NativePush\" without disclosing the relationship to the app during installation.\n"},"nonDeceptorViolations":{"ACR-040":"The app drops some of its components in a hidden folder.\n","ACR-123":"Even after a reboot and uninstall, the application did not remove itself from the firewall exception that was added during installation.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files\\Wondershare\\Recoverit - Data Recovery\\recoverit.exe","companyName":"","productName":"Wondershare Recoverit","productVersion":"12.0.26.2","fileVersion":"12.0.26.2","hashMD5":"630b853fa3e2511acf98fa69fe7fa95d","hashSHA1":"0cd39ea7745766040f2bea0ca0c8ad3231834b19","hashSHA256":"c7f863e020c768c4030e2cdb5f06b97653230b539dbe536f13b8b2803360355c","digitalCertThumbprint":"BC99A77A68F18005CAC0C784A176D3199F735ECF","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Wondershare Technology Group Co.Ltd","storeId":"","sourceIndex":"706","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Users\\User\\AppData\\Local\\Wondershare\\Wondershare NativePush\\WsNativePushService.exe","companyName":"Wondershare","productName":"Wondershare NativePush","productVersion":"1.0.0.7","fileVersion":"1.0.0.7","hashMD5":"d7db10e818baac4d2cc61bb8560608aa","hashSHA1":"b88a62819cbb29623c0b5669fbfc4d3e868b7ff7","hashSHA256":"00f2886d289a806d7b5fc77a83830d022f6f709f15d7ddea99209852061e1f25","digitalCertThumbprint":"D6B0B624F7FD2DAE97FCB68B240A08EA73029A5B","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Wondershare Technology Group Co.Ltd","storeId":"","sourceIndex":"706","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"recoverit_setup_full4134.exe","isInstaller":"True","companyName":"","productName":"Recoverit - Data Recovery","productVersion":"12.0.22","fileVersion":"4.0.4.18","hashMD5":"a5c022d21880b8e3d4a06972b1be1e01","hashSHA1":"be67b8900ae1e954ef302f8ade4255bd6be06766","hashSHA256":"e5d8685516b672d4774633396c8115fa6d113ff6989a64eb10d3598b676b1a7a","digitalCertThumbprint":"F61CA74F7B4B27007B4AE9825131DD6FB675B1D0","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Wondershare Technology Group Co.Ltd","storeId":"","sourceIndex":"706","avBlockList":["360 Total Security (20240606)","Avast Premium Security (20240606)","AVG Internet Security (20240606)","Avira Internet Security (20240606)","Bitdefender Internet Security (20240606)","ESET Internet Security (20240606)","K7 Total Security (20240606)","Norton Security (20240606)","Panda Dome (20240606)","Quick Heal Internet Security (20240606)","Sophos Home Premium (20240606)","SpyHunter5 (20240606)","Total AV Antivirus Pro (20240606)","VIPRE Advanced Security (20240606)","VirIT eXplorer PRO (20240606)","Webroot SecureAnywhere (20240606)"],"avAllowList":["COMODO Antivirus (20240606)","Dr.Web Security Space (20240606)","G DATA INTERNET SECURITY (20240606)","Kaspersky Internet Security (20240606)","Malwarebytes Premium (20240606)","McAfee Total Protection (20240606)","Trend Micro Internet Security (20240606)","Windows Defender (20240606)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt on Data recovery applications","reference":"","landingPage":"https://recoverit.wondershare.com/data-recovery-win.html","directDownloadingLink":"https://download.wondershare.com/recoverit_full4134.exe?extra_param=eyJidXlfdHlwZSI6ImFwcF90b193ZWIiLCJjb2RlX3R5cGUiOiIyIiwiZGV2aWNlX2lkIjoiezA0MWE4MGMwLTVhMDItNGQ2Zi05MGExLWEzMmVjMmM3NjYxNEd9IiwicGlkIjoiNDEzNCIsInBsYXRmb3JtIjoid2luIiwic2hvcHBpbmdfaWQiOiIxNzEwMjQwMTQ2NTQ3XzE5MzE5MyIsInRpZCI6IlVBXzg5NzgyMzUwXzkiLCJ0eXBlIjoiZHJfY2xpZW50X2luZm8ifQ==","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://download.wondershare.com/recoverit_full4134.exe?extra_param=eyJidXlfdHlwZSI6ImFwcF90b193ZWIiLCJjb2RlX3R5cGUiOiIyIiwiZGV2aWNlX2lkIjoiezA0MWE4MGMwLTVhMDItNGQ2Zi05MGExLWEzMmVjMmM3NjYxNEd9IiwicGlkIjoiNDEzNCIsInBsYXRmb3JtIjoid2luIiwic2hvcHBpbmdfaWQiOiIxNzEwMjQwMTQ2NTQ3XzE5MzE5MyIsInRpZCI6IlVBXzg5NzgyMzUwXzkiLCJ0eXBlIjoiZHJfY2xpZW50X2luZm8ifQ==","sourceIndex":"706"}],"sampleFiles":["240321/WondershareRecoverit-240312/12.0.25.7/Samples/recoverit_setup_full4134.exe"],"imageFiles":["240321/WondershareRecoverit-240312/12.0.25.7/Images/ACR-109/ACR-109.PNG","240321/WondershareRecoverit-240312/12.0.25.7/Images/ACR-039/ACR-039.PNG","240321/WondershareRecoverit-240312/12.0.25.7/Images/ACR-043/ACR-043.PNG","240321/WondershareRecoverit-240312/12.0.25.7/Images/ACR-042/ACR-042.PNG","240321/WondershareRecoverit-240312/12.0.25.7/Images/ACR-042/ACR-042_1.PNG","240321/WondershareRecoverit-240312/12.0.25.7/Images/ACR-042/ACR-042_2.PNG","240321/WondershareRecoverit-240312/12.0.25.7/Images/ACR-048/ACR-048_Install.PNG","240321/WondershareRecoverit-240312/12.0.25.7/Images/ACR-004/ACR-004.PNG","240321/WondershareRecoverit-240312/12.0.25.7/Images/ACR-004/ACR-004_1.PNG","240321/WondershareRecoverit-240312/12.0.25.7/Images/ACR-084/ACR-084.PNG","240321/WondershareRecoverit-240312/12.0.25.7/Images/ACR-084/Recoverit_084.JPG","240321/WondershareRecoverit-240312/12.0.25.7/Images/ACR-097/ACR-097.PNG","240321/WondershareRecoverit-240312/12.0.25.7/Images/ACR-048/ACR-048.PNG","240321/WondershareRecoverit-240312/12.0.25.7/Images/ACR-048/Recoverit_084.JPG","240321/WondershareRecoverit-240312/12.0.25.7/Images/ACR-118/ACR-118.PNG","240321/WondershareRecoverit-240312/12.0.25.7/Images/ACR-118/ACR-118_1.PNG","240321/WondershareRecoverit-240312/12.0.25.7/Images/ACR-118/ACR-118_2.PNG"],"nonDeceptorImageFiles":["240321/WondershareRecoverit-240312/12.0.25.7/Images/ACR-040/ACR-040.PNG","240321/WondershareRecoverit-240312/12.0.25.7/Images/ACR-123/ACR-123.PNG"],"guid":"5c9d2e1c-174f-493d-a1a5-bb898f962097_12.0.25.7_1","appID":"WondershareRecoverit-240312","dateAdded":"250605","deceptorType":"App","name":"Wondershare Recoverit","company":"Wondershare Technology Group Co.,Ltd","version":"12.0.25.7","lastKnownStatus":"12.0.25.7;12.0.27.8;12.6.0.7;12.6.1.1;13.0.1.6;13.0.2.9;13.0.5.5;13.5.18","lastKnownDate":"250605","type":"Windows Executable","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10,Windows 11","targetBrowser":"None","lastUpdate":"2025-06-05T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":8,"sortOrder":305},{"violations":{"ACR-048":"1) The app can't be uninstalled from the Control Panel\n2) The app does not provide any control to disable the start-up it created.\n3) The app hides the ability to disable its function behind a hotkey.\n","ACR-007":"The app does not provide explicit notification when it is running. It also requires a hotkey to open it. These prevent the targeted consumer from being notified or giving informed consent.\n","ACR-084":"1) The app requires a hotkey to open it and otherwise runs in the background without any indication it is running.\n2) The app is saved in a hidden folder, which prevents the targeted consumer from finding it.\n3) The app creates an undisclosed startup item to perform an action without the consumer's knowledge and consent. \n","ACR-086":"App can be configured to send user data to an email address without the knowledge of the user. The app requires an obscure hotkey to open, so the user has no idea that their data is being transmitted.\n","ACR-116":"The app cannot be uninstalled through platform standard features.\n"},"nonDeceptorViolations":{"ACR-040":"The app installs itself in a hidden folder \"Program Data\".\n","ACR-065":"The app does not display links to the Returns and Cancellation Policy, Privacy Policy.\nThe app does not display links to the EULA or Terms of Service, Returns and Cancellation Policy, Privacy Policy\n"},"samples":[{"isRevoked":"False","fileName":"FKPackage.exe","isInstaller":"True","companyName":"HeavenWard","productName":"Free Keylogger for Parents","productVersion":"","fileVersion":"4.12","hashMD5":"1b6e214dc63cfae035ce728c6e1c61d6","hashSHA1":"7ba8fc1d50373b12910ba32102cd7d287bcf8c8b","hashSHA256":"8d3dd0284a7ca5fb4ab0f1229c1761a95461df0ecbe8a83f745a5868f026713c","sourceIndex":"197","avBlockList":["360 Total Security (20250902)","Avast Premium Security (20250902)","AVG Internet Security (20250902)","Avira Internet Security (20250902)","Bitdefender Internet Security (20250902)","COMODO Antivirus (20250902)","ESET Internet Security (20250902)","FortectPremium (20250902)","G DATA INTERNET SECURITY (20250902)","KasperskyPremium (20250902)","Malwarebytes Premium (20250902)","McAfee Total Protection (20250902)","Norton Security (20250902)","Panda Dome (20250902)","Quick Heal Internet Security (20250902)","Sophos Home Premium (20250902)","SpyHunter5 (20250902)","Total AV Antivirus Pro (20250902)","Trend Micro Internet Security (20250902)","VIPRE Advanced Security (20250902)","VirIT eXplorer PRO (20250902)","Webroot SecureAnywhere (20250902)","K7 Total Security (20250902)"],"avAllowList":["Dr.Web Security Space (20250902)","Windows Defender (20250902)"]},{"isRevoked":"False","fileName":"freekey.exe","companyName":"HeavenWard","productName":"Free Keylogger for Parents","productVersion":"4,12,3,1","fileVersion":"4.12","hashMD5":"9e5ecd4157809af02ce7da798cbd76da","hashSHA1":"61cd209bb47fe013b7a21a59a27d3d13579887a5","hashSHA256":"84258d3b3c8892e23b55e06e13473daebd3346ffcec0740ff74f6904f25b9054","sourceIndex":"197","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"new version","reference":"https://www.hwsuite.com/","landingPage":"https://www.hwsuite.com/free-keylogger/","directDownloadingLink":"https://files.hw-2019.info/FKPackage.exe?token=1595488870_b56d96731deb122cad35b16c21bc7b68&fileName=FKPackage.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://files.hw-2019.info/FKPackage.exe?token=1595488870_b56d96731deb122cad35b16c21bc7b68&fileName=FKPackage.exe","sourceIndex":"197"}],"sampleFiles":["250605/FreeKeylogger-200723/4.12.3.1/Samples/FKPackage.exe","250605/FreeKeylogger-200723/4.12.3.1/Samples/freekey.exe"],"imageFiles":["250605/FreeKeylogger-200723/4.12.3.1/Images/ACR-084/folder.png","250605/FreeKeylogger-200723/4.12.3.1/Images/ACR-084/hotkey.png","250605/FreeKeylogger-200723/4.12.3.1/Images/ACR-084/procexp.png","250605/FreeKeylogger-200723/4.12.3.1/Images/ACR-084/startup.png","250605/FreeKeylogger-200723/4.12.3.1/Images/ACR-086/hotkey.png","250605/FreeKeylogger-200723/4.12.3.1/Images/ACR-086/main.png","250605/FreeKeylogger-200723/4.12.3.1/Images/ACR-048/hotkey.png","250605/FreeKeylogger-200723/4.12.3.1/Images/ACR-048/startup.png","250605/FreeKeylogger-200723/4.12.3.1/Images/ACR-048/uninstall.png","250605/FreeKeylogger-200723/4.12.3.1/Images/ACR-007/hotkey.png","250605/FreeKeylogger-200723/4.12.3.1/Images/ACR-007/procexp.png","250605/FreeKeylogger-200723/4.12.3.1/Images/ACR-116/uninstall.png"],"nonDeceptorImageFiles":["250605/FreeKeylogger-200723/4.12.3.1/Images/ACR-040/folder.png","250605/FreeKeylogger-200723/4.12.3.1/Images/ACR-065/EULA.png","250605/FreeKeylogger-200723/4.12.3.1/Images/ACR-065/main.png"],"guid":"8f611430-5fcd-4989-b503-6ab94ca2366e_4.12.3.1_1","appID":"FreeKeylogger-200723","dateAdded":"250605","deceptorType":"App","name":"Free Keylogger for Parents","company":"HeavenWard","version":"4.12.3.1","lastKnownStatus":"4.12.2.0;4.12.2.2;4,12,2,3;4.12.3.1","lastKnownDate":"250605","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Adults only","monetization":"paid,up-sell to paid","lastUpdate":"2026-05-12T22:59:40.2004722+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":4,"sortOrder":306},{"violations":{"ACR-048":"1) The app can't be uninstalled from the Control Panel\n2) The app does not provide any control to disable the start-up it created.\n3) The app hides the ability to disable its function behind a hotkey.\n","ACR-007":"The app does not provide explicit notification when it is running. It also requires a hotkey to open it. These prevent the targeted consumer from being notified or giving informed consent.\n","ACR-084":"1) The app requires a hotkey to open it and otherwise runs in the background without any indication it is running.\n2) The app is saved in a hidden folder, which prevents the targeted consumer from finding it.\n3) The app creates an undisclosed startup item to perform an action without the consumer's knowledge and consent. \n","ACR-086":"App can be configured to send user data to an email address without the knowledge of the user. The app requires an obscure hotkey to open, so the user has no idea that their data is being transmitted.\n","ACR-116":"The app cannot be uninstalled through platform standard features.\n"},"nonDeceptorViolations":{"ACR-040":"The app installs itself in a hidden folder \"Program Data\".\n","ACR-065":"The app does not display links to the Returns and Cancellation Policy, Privacy Policy.\nThe app does not display links to the EULA or Terms of Service, Returns and Cancellation Policy, Privacy Policy\n"},"samples":[{"isRevoked":"False","fileName":"FKPackage.exe","isInstaller":"True","companyName":"HeavenWard","fileVersion":"4.12","hashMD5":"6713e2a3785485db04a10414a4cf83a2","hashSHA1":"d48655bf5aa16b9b6b3b6facb079fe9b70122b97","hashSHA256":"200240c577ef3673b62a625932dd5cd9c8f479ba4d411dbdd64d5160cd61006f","digitalCertThumbprint":"403E281F72B49E00B6936C3C7E32FCC2C03EC19B","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Valery Kuzniatsou, O=Valery Kuzniatsou, STREET=Slobodskaia st. 167-101, L=Minsk, S=Minsk, PostalCode=220025, C=BY","sourceIndex":"257","avBlockList":["360 Total Security (20250327)","Avast Premium Security (20250327)","AVG Internet Security (20250327)","Avira Internet Security (20250327)","Bitdefender Internet Security (20250327)","COMODO Antivirus (20250327)","Dr.Web Security Space (20250327)","ESET Internet Security (20250327)","FortectPremium (20250327)","G DATA INTERNET SECURITY (20250327)","K7 Total Security (20250327)","KasperskyPremium (20250327)","Malwarebytes Premium (20250327)","McAfee Total Protection (20250327)","Norton Security (20250327)","Panda Dome (20250327)","Quick Heal Internet Security (20250327)","Sophos Home Premium (20250327)","SpyHunter5 (20250327)","Total AV Antivirus Pro (20250327)","Trend Micro Internet Security (20250327)","VIPRE Advanced Security (20250327)","VirIT eXplorer PRO (20250327)","Webroot SecureAnywhere (20250327)","Windows Defender (20250327)"],"avAllowList":[]},{"isRevoked":"False","fileName":"freekey.exe","companyName":"HeavenWard","fileVersion":"4.12","hashMD5":"bd99f0e00cd44d8df18cdef06d215c68","hashSHA1":"fee4735099bee180b8d45f08457d9c8dd5381937","hashSHA256":"dd1e893d5f5de95e5025cbaaf250c87263e3832c9bb5686ac3a70d702d0bcf54","sourceIndex":"257","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Follow-up on old deceptors","reference":"https://www.hwsuite.com/","landingPage":"https://www.hwsuite.com/free-keylogger/","directDownloadingLink":"https://hwsuiteshop.cloud/FKPackage.exe?token=1733953328_f74b4d1f8f3499996a259405f37be76c4161140b","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://hwsuiteshop.cloud/FKPackage.exe?token=1733953328_f74b4d1f8f3499996a259405f37be76c4161140b","sourceIndex":"257"}],"sampleFiles":["250103/FreeKeylogger-200723/4.12.2.3/Samples/FKPackage.exe","250103/FreeKeylogger-200723/4.12.2.3/Samples/freekey.exe"],"imageFiles":["250103/FreeKeylogger-200723/4.12.2.3/Images/ACR-084/ACR-40.png","250103/FreeKeylogger-200723/4.12.2.3/Images/ACR-084/hiddeninbackground.png","250103/FreeKeylogger-200723/4.12.2.3/Images/ACR-084/hotkey.png","250103/FreeKeylogger-200723/4.12.2.3/Images/ACR-084/startup.png","250103/FreeKeylogger-200723/4.12.2.3/Images/ACR-086/appscreen.png","250103/FreeKeylogger-200723/4.12.2.3/Images/ACR-086/hotkey.png","250103/FreeKeylogger-200723/4.12.2.3/Images/ACR-048/hotkey.png","250103/FreeKeylogger-200723/4.12.2.3/Images/ACR-048/startup.png","250103/FreeKeylogger-200723/4.12.2.3/Images/ACR-048/uninstall.png","250103/FreeKeylogger-200723/4.12.2.3/Images/ACR-007/hiddeninbackground.png","250103/FreeKeylogger-200723/4.12.2.3/Images/ACR-007/hotkey.png","250103/FreeKeylogger-200723/4.12.2.3/Images/ACR-116/uninstall.png"],"nonDeceptorImageFiles":["250103/FreeKeylogger-200723/4.12.2.3/Images/ACR-040/ACR-40.png","250103/FreeKeylogger-200723/4.12.2.3/Images/ACR-065/agreement.png","250103/FreeKeylogger-200723/4.12.2.3/Images/ACR-065/appscreen.png"],"guid":"8f611430-5fcd-4989-b503-6ab94ca2366e_4.12.2.3_1","appID":"FreeKeylogger-200723","dateAdded":"250605","deceptorType":"App","name":"Free Keylogger for Parents","company":"HeavenWard","version":"4.12.2.3","lastKnownStatus":"4.12.2.0;4.12.2.2;4,12,2,3;4.12.3.1","lastKnownDate":"250605","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Adults only","monetization":"paid,up-sell to paid","lastUpdate":"2026-05-12T22:59:42.0142506+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":4,"sortOrder":307},{"violations":{"ACR-048":"The app can't be uninstalled from the Control Panel & does not provide any control to disable the start-up it created.\n","ACR-007":"The app does not provide explicit notification when it is running. It also requires a hotkey to open it. These prevent the targeted consumer from being notified or giving informed consent.\n","ACR-084":"1) The app requires a hotkey to open it and is saved in a hidden folder, which prevents the targeted consumer from finding it.\n2) The app creates an undisclosed startup item to perform an action without the consumer's knowledge and consent. \n","ACR-086":"The app does not inform the consumer how it transfers data. It also requires a hotkey to open it, which prevents the targeted consumer from understanding what data is collected and transmitted.\n","ACR-116":"The app cannot be uninstalled through platform standard features.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components on the device without the consumer's consent or notifying the user. \n"},"nonDeceptorViolations":{"ACR-040":"The app installs itself in a hidden folder \"Program Data\".\n","ACR-065":"The app does not display links to the Returns and Cancellation Policy, Privacy Policy.\nThe app does not display links to the EULA or Terms of Service, Returns and Cancellation Policy, Privacy Policy\n","ACR-092":"The app does not provide Digital signatures for the executables. \n","ACR-099":"The landing page does not display links to uninstall information. \nThe internal offers page does not display links to uninstall information.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\ProgramData\\HeavenWard\\FreeKey\\freekey.exe","companyName":"HeavenWard","productName":"Free Keylogger for Parents","productVersion":"4.12.2.2","fileVersion":"4.12.2.2","hashMD5":"1490a698b4091a5911950450a48514b0","hashSHA1":"4292633821e57fada6ce51651c6b2b538dc9681b","hashSHA256":"bb12221869333d1b4959f3f0d76808b2bc40d6bad43b7653fcac48c2ccc45032","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1506","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"FKPackage.exe","isInstaller":"True","companyName":"HeavenWard","productName":"Free Keylogger for Parents","productVersion":"","fileVersion":"4.12.2.2","hashMD5":"dee2e253c2ed7de20131c32ca42c6314","hashSHA1":"1e2cb4e57b140fdc39af4c5414c7786ca92e490f","hashSHA256":"14a50548f470983794b529f98234b5b59183ff28e764e062b6edaf789a12827a","digitalCertThumbprint":"403E281F72B49E00B6936C3C7E32FCC2C03EC19B","digitalCertIssuer":"COMODO RSA Code Signing CA","digitalCertIssuedTo":"Valery Kuzniatsou","storeId":"","sourceIndex":"1506","avBlockList":["360 Total Security (20220726)","Avast Premium Security (20220726)","AVG Internet Security (20220726)","Avira Internet Security (20220726)","Bitdefender Internet Security (20220726)","COMODO Antivirus (20220726)","Dr.Web Security Space (20220726)","ESET Internet Security (20220726)","G DATA INTERNET SECURITY (20220726)","K7 Total Security (20220726)","Kaspersky Internet Security (20220726)","Malwarebytes Premium (20220726)","McAfee Total Protection (20220726)","Norton Security (20220726)","Panda Dome (20220726)","Quick Heal Internet Security (20220726)","Sophos Home Premium (20220726)","SpyHunter5 (20220726)","Total AV Antivirus Pro (20220726)","Trend Micro Internet Security (20220726)","VIPRE Advanced Security (20220726)","VirIT eXplorer PRO (20220726)","Webroot SecureAnywhere (20220726)","Windows Defender (20220726)"],"avAllowList":["Tencent PC Manager (20220726)"]}],"additionalFiles":[],"sources":[{"howFound":"google search \"keylogger\"","reference":"https://www.hwsuite.com/","landingPage":"https://www.hwsuite.com/free-keylogger/","directDownloadingLink":"https://files.hw-2019.info/FKPackage.exe?token=1595488870_b56d96731deb122cad35b16c21bc7b68&fileName=FKPackage.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://files.hw-2019.info/FKPackage.exe?token=1595488870_b56d96731deb122cad35b16c21bc7b68&fileName=FKPackage.exe","sourceIndex":"1506"}],"sampleFiles":["220720/FreeKeylogger-200723/4.12.2.2/Samples/FKPackage.exe"],"imageFiles":["220720/FreeKeylogger-200723/4.12.2.2/Images/ACR-084/ACR-084.JPG","220720/FreeKeylogger-200723/4.12.2.2/Images/ACR-084/ACR-084_1.JPG","220720/FreeKeylogger-200723/4.12.2.2/Images/ACR-084/ACR-084_2.JPG","220720/FreeKeylogger-200723/4.12.2.2/Images/ACR-086/ACR-086.JPG","220720/FreeKeylogger-200723/4.12.2.2/Images/ACR-048/ACR-048.JPG","220720/FreeKeylogger-200723/4.12.2.2/Images/ACR-048/ACR-048_1.JPG","220720/FreeKeylogger-200723/4.12.2.2/Images/ACR-007/ACR-007.JPG","220720/FreeKeylogger-200723/4.12.2.2/Images/ACR-007/ACR-007_1.JPG","220720/FreeKeylogger-200723/4.12.2.2/Images/ACR-116/ACR-116.JPG","220720/FreeKeylogger-200723/4.12.2.2/Images/ACR-118/ACR-118.JPG"],"nonDeceptorImageFiles":["220720/FreeKeylogger-200723/4.12.2.2/Images/ACR-040/ACR-040.JPG","220720/FreeKeylogger-200723/4.12.2.2/Images/ACR-065/ACR-065_Install.JPG","220720/FreeKeylogger-200723/4.12.2.2/Images/ACR-092/ACR-092.JPG","220720/FreeKeylogger-200723/4.12.2.2/Images/ACR-065/ACR-065_Software.JPG","220720/FreeKeylogger-200723/4.12.2.2/Images/ACR-099/ACR-099_Landingpage.jpg","220720/FreeKeylogger-200723/4.12.2.2/Images/ACR-099/ACR-099_InternalOffers.jpg"],"guid":"8f611430-5fcd-4989-b503-6ab94ca2366e_4.12.2.2_1","appID":"FreeKeylogger-200723","dateAdded":"250605","deceptorType":"App","name":"Free Keylogger for Parents","company":"HeavenWard","version":"4.12.2.2","lastKnownStatus":"4.12.2.0;4.12.2.2;4,12,2,3;4.12.3.1","lastKnownDate":"250605","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Adults only","monetization":"paid,up-sell to paid","lastUpdate":"2025-06-05T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":4,"sortOrder":308},{"violations":{"ACR-042":"Open source projects \"FFmpeg\" and \"Qt5\" are installed without any disclosure in EULA.\n","ACR-048":"The app does not provide any control to cancel the installation.\n","ACR-004":"The application doesn't provide a free fix (recovery) instead offering a subscription that the user needs to pay to fix it.\n","ACR-097":"The app adds an exception for Windows firewall without disclosing relevant info and getting consent from the user.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components on the device without the consumer's consent or notifying the user.\n","ACR-165":"The app does not provide the following information in the shopping cart : 1. How to cancel the auto-renewal easily via the online approach. 2. What's the price will be in the auto-renewal payment given the first payment is a discounted price? 3. When the user will receive the auto-renewal payment notification if auto-renew payment is selected. \n"},"nonDeceptorViolations":{"ACR-123":"Even after a reboot and uninstall, the application did not remove itself from the firewall exception that was added during installation.\n"},"samples":[{"isRevoked":"False","fileName":"ri_setup_full4134_hxFDIECL.exe","isInstaller":"True","productName":"Recoverit - Data Recovery","productVersion":"13.0.3","fileVersion":"4.2","hashMD5":"2659df0254f5ebfac06ab24b5a3c065c","hashSHA1":"288b7040a4fa200eabd5ca954e10a6cbec2078f2","hashSHA256":"4a3c9cbacbf8f525975c9701c45df7dd29ec4b006e67f5d34de1fe5bb15c236d","digitalCertThumbprint":"3690603490F6A3D62A29DF22F687AFCC4FCF8697","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=\"Wondershare Technology Group Co.,Ltd\", O=\"Wondershare Technology Group Co.,Ltd\", L=拉萨市, S=西藏自治区, C=CN, SERIALNUMBER=91540195754285145H, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.2=西藏自治区, OID.1.3.6.1.4.1.311.60.2.1.3=CN","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"196","avBlockList":["Avast Premium Security (20250902)","AVG Internet Security (20250902)","Avira Internet Security (20250902)","ESET Internet Security (20250902)","FortectPremium (20250902)","G DATA INTERNET SECURITY (20250902)","K7 Total Security (20250902)","Norton Security (20250902)","Panda Dome (20250902)","Sophos Home Premium (20250902)","SpyHunter5 (20250902)","Total AV Antivirus Pro (20250902)","VirIT eXplorer PRO (20250902)","Webroot SecureAnywhere (20250902)"],"avAllowList":["360 Total Security (20250902)","Bitdefender Internet Security (20250902)","COMODO Antivirus (20250902)","Dr.Web Security Space (20250902)","KasperskyPremium (20250902)","Malwarebytes Premium (20250902)","McAfee Total Protection (20250902)","Quick Heal Internet Security (20250902)","Trend Micro Internet Security (20250902)","VIPRE Advanced Security (20250902)","Windows Defender (20250902)"]},{"isRevoked":"False","fileName":"recoverit.exe","productName":"Wondershare Recoverit","productVersion":"13.5.18.4","fileVersion":"13.5","hashMD5":"63355435dc11d4a1c438845e41c50944","hashSHA1":"d2061adc2087a0963361ae984557bce3c4d0ddbd","hashSHA256":"fd6883d1196e179de78ef633a1df35c8cde2aff7b851838d53d8610b5be01d2b","digitalCertThumbprint":"BFCC55579A1B470C47F481677DA9502470E51933","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=\"Wondershare Technology Group Co.,Ltd\", O=\"Wondershare Technology Group Co.,Ltd\", L=拉萨市, S=西藏自治区, C=CN, SERIALNUMBER=91540195754285145H, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.2=西藏自治区, OID.1.3.6.1.4.1.311.60.2.1.3=CN","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"196","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt on Data recovery applications","reference":"","landingPage":"https://recoverit.wondershare.com/data-recovery-win.html","directDownloadingLink":"https://download.wondershare.com/recoverit_full4134.exe?extra_param=eyJidXlfdHlwZSI6ImFwcF90b193ZWIiLCJjb2RlX3R5cGUiOiIyIiwiZGV2aWNlX2lkIjoiezA0MWE4MGMwLTVhMDItNGQ2Zi05MGExLWEzMmVjMmM3NjYxNEd9IiwicGlkIjoiNDEzNCIsInBsYXRmb3JtIjoid2luIiwic2hvcHBpbmdfaWQiOiIxNzEwMjQwMTQ2NTQ3XzE5MzE5MyIsInRpZCI6IlVBXzg5NzgyMzUwXzkiLCJ0eXBlIjoiZHJfY2xpZW50X2luZm8ifQ==","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://download.wondershare.com/recoverit_full4134.exe?extra_param=eyJidXlfdHlwZSI6ImFwcF90b193ZWIiLCJjb2RlX3R5cGUiOiIyIiwiZGV2aWNlX2lkIjoiezA0MWE4MGMwLTVhMDItNGQ2Zi05MGExLWEzMmVjMmM3NjYxNEd9IiwicGlkIjoiNDEzNCIsInBsYXRmb3JtIjoid2luIiwic2hvcHBpbmdfaWQiOiIxNzEwMjQwMTQ2NTQ3XzE5MzE5MyIsInRpZCI6IlVBXzg5NzgyMzUwXzkiLCJ0eXBlIjoiZHJfY2xpZW50X2luZm8ifQ==","sourceIndex":"196"}],"sampleFiles":["250605/WondershareRecoverit-240312/13.5.18/Samples/ri_setup_full4134_hxFDIECL.exe","250605/WondershareRecoverit-240312/13.5.18/Samples/recoverit.exe"],"imageFiles":["250605/WondershareRecoverit-240312/13.5.18/Images/ACR-042/ffmpeg.png","250605/WondershareRecoverit-240312/13.5.18/Images/ACR-042/qt5.png","250605/WondershareRecoverit-240312/13.5.18/Images/ACR-048/cantcancelinstall.png","250605/WondershareRecoverit-240312/13.5.18/Images/ACR-004/paytorecover.png","250605/WondershareRecoverit-240312/13.5.18/Images/ACR-004/subs.png","250605/WondershareRecoverit-240312/13.5.18/Images/ACR-097/firewall.png","250605/WondershareRecoverit-240312/13.5.18/Images/ACR-118/leftafteruninstall.png","250605/WondershareRecoverit-240312/13.5.18/Images/ACR-165/cart1.png"],"nonDeceptorImageFiles":["250605/WondershareRecoverit-240312/13.5.18/Images/ACR-123/firewall.png"],"guid":"5c9d2e1c-174f-493d-a1a5-bb898f962097_13.5.18_1","appID":"WondershareRecoverit-240312","dateAdded":"250605","deceptorType":"App","name":"Wondershare Recoverit","company":"Wondershare Technology Group Co.,Ltd","version":"13.5.18","lastKnownStatus":"12.0.25.7;12.0.27.8;12.6.0.7;12.6.1.1;13.0.1.6;13.0.2.9;13.0.5.5;13.5.18","lastKnownDate":"250605","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10,Windows 11","targetBrowser":"None","targetCustomer":"consumer,enterprise","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,paid","lastUpdate":"2025-06-05T21:33:49.2845696+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":8,"sortOrder":298},{"violations":{"ACR-048":"The app is not able to be deleted from the Control Panel\n","ACR-007":"The app does not provide explicit notification when it is running. It also requires a hotkey to open it. These prevent the targeted consumer from being notified or giving informed consent.\n","ACR-084":"The app requires a hotkey to open it and is saved in a hidden folder, which prevents the targeted consumer from finding it.\n","ACR-086":"The app does not inform the consumer how it transfers data. It also requires a hotkey to open it, which prevents the targeted consumer from understanding what data is collected and transmitted.\n","ACR-116":"The app cannot be uninstalled through Control Panel.\n"},"nonDeceptorViolations":{"ACR-040":"The app installs itself in a hidden folder \"Program Data\".\n","ACR-099":"The landing page does not display links to uninstall information. \nThe internal offers page does not display links to uninstall information.\n"},"samples":[{"isRevoked":"False","fileName":"FKPackage.exe","isInstaller":"True","companyName":"HeavenWard","fileVersion":"4.12","hashMD5":"429817885bf3fab0ddd7d71c4d0bd7c5","hashSHA1":"acf0602c83a6a83f177031ba1a14f49b86a368c5","hashSHA256":"3eef3a676e573caeb46c09864acf284e2d362d74a52a835dc415b67080b3b492","digitalCertThumbprint":"403E281F72B49E00B6936C3C7E32FCC2C03EC19B","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Valery Kuzniatsou, O=Valery Kuzniatsou, STREET=Slobodskaia st. 167-101, L=Minsk, S=Minsk, PostalCode=220025, C=BY","sourceIndex":"2151","avBlockList":["360 Total Security (20200806)","Avast Premium Security (20200806)","AVG Internet Security (20200806)","Avira Internet Security (20200806)","Bitdefender Internet Security (20200806)","COMODO Antivirus (20200806)","Dr.Web Security Space (20200806)","ESET Internet Security (20200806)","G DATA INTERNET SECURITY (20200806)","K7 Total Security (20200806)","Kaspersky Internet Security (20200806)","Malwarebytes Premium (20200806)","McAfee Total Protection (20200806)","Norton Security (20200806)","Panda Dome (20200806)","Quick Heal Internet Security (20200806)","Sophos Home Premium (20200806)","SpyHunter5 (20200806)","Tencent PC Manager (20200806)","Total AV Antivirus Pro (20200806)","VIPRE Advanced Security (20200806)","VirIT eXplorer PRO (20200806)","Webroot SecureAnywhere (20200806)","Windows Defender (20200806)"],"avAllowList":["Trend Micro Internet Security (20200806)"]},{"isRevoked":"False","fileName":"freekey.exe","companyName":"HeavenWard","fileVersion":"4.12","hashMD5":"1e3576668421fef466cb3f8e7acb2302","hashSHA1":"06fa9f6f4a52dc881c24edc23f97a6363bee099e","hashSHA256":"eb0d64ecf970c9ec0961ef614483d71f1cd49a952a7efd65809c031eb44e906f","sourceIndex":"2151","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"freekeyhk.dll","companyName":"HeavenWard","fileVersion":"4.12","hashMD5":"b32385c46fe1d3a280de42ee49f7dab3","hashSHA1":"a7fa2365143cc251714837be2c92d7a98e0bbc9f","hashSHA256":"08dcf24240bcb67cd5cd4b0f70595ceb9c6424adcdba63c2ff0d5abd59fab096","sourceIndex":"2151","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"google search \"keylogger\"","reference":"https://www.hwsuite.com/","landingPage":"https://www.hwsuite.com/free-keylogger/","directDownloadingLink":"https://files.hw-2019.info/FKPackage.exe?token=1595488870_b56d96731deb122cad35b16c21bc7b68&fileName=FKPackage.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://files.hw-2019.info/FKPackage.exe?token=1595488870_b56d96731deb122cad35b16c21bc7b68&fileName=FKPackage.exe","sourceIndex":"2151"}],"sampleFiles":["200723/FreeKeylogger-200723/4.12.2.0/Samples/FKPackage.exe","200723/FreeKeylogger-200723/4.12.2.0/Samples/freekey.exe","200723/FreeKeylogger-200723/4.12.2.0/Samples/freekeyhk.dll"],"imageFiles":["200723/FreeKeylogger-200723/4.12.2.0/Images/ACR-084/Free Keylogger_Interaction [1].png","200723/FreeKeylogger-200723/4.12.2.0/Images/ACR-084/Free Keylogger_RunningProcess [1].png","200723/FreeKeylogger-200723/4.12.2.0/Images/ACR-086/Free Keylogger_Interaction [1].png","200723/FreeKeylogger-200723/4.12.2.0/Images/ACR-048/Free Keylogger_ControlPanel_ListofApp [1].png","200723/FreeKeylogger-200723/4.12.2.0/Images/ACR-007/Free Keylogger_Interaction [1].png","200723/FreeKeylogger-200723/4.12.2.0/Images/ACR-007/Free Keylogger_RunningProcess [1].png","200723/FreeKeylogger-200723/4.12.2.0/Images/ACR-116/Free Keylogger_ControlPanel_ListofApp [2].png"],"nonDeceptorImageFiles":["200723/FreeKeylogger-200723/4.12.2.0/Images/ACR-040/Free Keylogger_Files [1].png","200723/FreeKeylogger-200723/4.12.2.0/Images/ACR-099/Free Keylogger_LandingPage [1].png","200723/FreeKeylogger-200723/4.12.2.0/Images/ACR-099/Free Keylogger_LandingPage [2].png","200723/FreeKeylogger-200723/4.12.2.0/Images/ACR-099/Free Keylogger_OfferPage [1].png","200723/FreeKeylogger-200723/4.12.2.0/Images/ACR-099/Free Keylogger_OfferPage [2].png"],"guid":"8f611430-5fcd-4989-b503-6ab94ca2366e_4.12.2.0_1","appID":"FreeKeylogger-200723","dateAdded":"250605","deceptorType":"App","name":"Free Keylogger for Parents","company":"HeavenWard","version":"4.12.2.0","sigName":"Deceptor:Win32/FreeKeyloggerStalkerware!084086048007116","lastKnownStatus":"4.12.2.0;4.12.2.2;4,12,2,3;4.12.3.1","lastKnownDate":"250605","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Adults only","monetization":"paid,up-sell to paid","lastUpdate":"2025-06-05T00:00:00+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":4,"sortOrder":309},{"violations":{"ACR-042":"Open source projects \"FFmpeg\" and \"Qt5\" are installed without any disclosure in EULA.\n","ACR-048":"The app does not provide any control to cancel the installation.\n","ACR-004":"The application doesn't provide a free fix (recovery) instead offering a subscription that the user needs to pay to fix it.\n","ACR-097":"The app adds an exception for Windows firewall without disclosing relevant info and getting consent from the user.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components it installed on the device without the consumer's consent or notifying the user.\n"},"nonDeceptorViolations":{"ACR-123":"Even after a reboot and uninstall, the application did not remove itself from the firewall exception that was added during installation.\n"},"samples":[{"isRevoked":"False","fileName":"recoverit_setup_full4134.exe","isInstaller":"True","companyName":"","productName":"Recoverit - Data Recovery","productVersion":"12.6.1","fileVersion":"4.0.4.22","hashMD5":"b8ce2f4da7b568bc60c05cb8f17481d8","hashSHA1":"21501f3921af20e9a05c9df112412a77d250d936","hashSHA256":"3b345da8c6a8b362202cf7a32a9908284ce6c0d2588687de6c8d38902c9e5aad","digitalCertThumbprint":"3690603490F6A3D62A29DF22F687AFCC4FCF8697","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Wondershare Technology Group Co.Ltd","storeId":"","sourceIndex":"575","avBlockList":["360 Total Security (20240815)","Avast Premium Security (20240815)","AVG Internet Security (20240815)","Avira Internet Security (20240815)","Bitdefender Internet Security (20240815)","ESET Internet Security (20240815)","FortectPremium (20240815)","K7 Total Security (20240815)","Norton Security (20240815)","Quick Heal Internet Security (20240815)","Sophos Home Premium (20240815)","SpyHunter5 (20240815)","Total AV Antivirus Pro (20240815)","VirIT eXplorer PRO (20240815)","Webroot SecureAnywhere (20240815)","Windows Defender (20240815)"],"avAllowList":["COMODO Antivirus (20240815)","Dr.Web Security Space (20240815)","G DATA INTERNET SECURITY (20240815)","KasperskyPremium (20240815)","Malwarebytes Premium (20240815)","McAfee Total Protection (20240815)","Panda Dome (20240815)","Trend Micro Internet Security (20240815)","VIPRE Advanced Security (20240815)"]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on windows app","reference":"","landingPage":"https://recoverit.wondershare.com/data-recovery-win.html","directDownloadingLink":"https://download.wondershare.com/recoverit_full4134.exe?extra_param=eyJidXlfdHlwZSI6ImFwcF90b193ZWIiLCJjb2RlX3R5cGUiOiIyIiwiZGV2aWNlX2lkIjoiezA0MWE4MGMwLTVhMDItNGQ2Zi05MGExLWEzMmVjMmM3NjYxNEd9IiwicGlkIjoiNDEzNCIsInBsYXRmb3JtIjoid2luIiwic2hvcHBpbmdfaWQiOiIxNzEwMjQwMTQ2NTQ3XzE5MzE5MyIsInRpZCI6IlVBXzg5NzgyMzUwXzkiLCJ0eXBlIjoiZHJfY2xpZW50X2luZm8ifQ==","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://download.wondershare.com/recoverit_full4134.exe?extra_param=eyJidXlfdHlwZSI6ImFwcF90b193ZWIiLCJjb2RlX3R5cGUiOiIyIiwiZGV2aWNlX2lkIjoiezA0MWE4MGMwLTVhMDItNGQ2Zi05MGExLWEzMmVjMmM3NjYxNEd9IiwicGlkIjoiNDEzNCIsInBsYXRmb3JtIjoid2luIiwic2hvcHBpbmdfaWQiOiIxNzEwMjQwMTQ2NTQ3XzE5MzE5MyIsInRpZCI6IlVBXzg5NzgyMzUwXzkiLCJ0eXBlIjoiZHJfY2xpZW50X2luZm8ifQ==","sourceIndex":"575"}],"sampleFiles":["240807/WondershareRecoverit-240312/13.0.1.6/Samples/recoverit_setup_full4134.exe"],"imageFiles":["240807/WondershareRecoverit-240312/13.0.1.6/Images/ACR-042/ACR-042.PNG","240807/WondershareRecoverit-240312/13.0.1.6/Images/ACR-042/ACR-042_1.PNG","240807/WondershareRecoverit-240312/13.0.1.6/Images/ACR-048/ACR-048.PNG","240807/WondershareRecoverit-240312/13.0.1.6/Images/ACR-004/ACR-004.PNG","240807/WondershareRecoverit-240312/13.0.1.6/Images/ACR-004/ACR-004_1.PNG","240807/WondershareRecoverit-240312/13.0.1.6/Images/ACR-097/ACR-097.PNG","240807/WondershareRecoverit-240312/13.0.1.6/Images/ACR-118/ACR-118.PNG"],"nonDeceptorImageFiles":["240807/WondershareRecoverit-240312/13.0.1.6/Images/ACR-123/ACR-123.PNG"],"guid":"5c9d2e1c-174f-493d-a1a5-bb898f962097_13.0.1.6_1","appID":"WondershareRecoverit-240312","dateAdded":"250605","deceptorType":"App","name":"Wondershare Recoverit","company":"Wondershare Technology Group Co.,Ltd","version":"13.0.1.6","lastKnownStatus":"12.0.25.7;12.0.27.8;12.6.0.7;12.6.1.1;13.0.1.6;13.0.2.9;13.0.5.5;13.5.18","lastKnownDate":"250605","type":"Windows Executable","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10,Windows 11","targetBrowser":"None","lastUpdate":"2025-06-05T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":8,"sortOrder":301},{"violations":{"ACR-042":"Open source projects \"FFmpeg\" and \"Qt5\" are installed without any disclosure in EULA.\n","ACR-048":"The app does not provide any control to cancel the installation.\n","ACR-004":"The application doesn't provide a free fix (recovery) instead offering a subscription that the user needs to pay to fix it.\n","ACR-097":"The app adds an exception for Windows firewall without disclosing relevant info and getting consent from the user.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components on the device without the consumer's consent or notifying the user.\n","ACR-165":"The app does not provide the following information in the shopping cart : 1. How to cancel the auto-renewal easily via the online approach. 2. What's the price will be in the auto-renewal payment given the first payment is a discounted price? 3. When the user will receive the auto-renewal payment notification if auto-renew payment is selected. \n"},"nonDeceptorViolations":{"ACR-123":"Even after a reboot and uninstall, the application did not remove itself from the firewall exception that was added during installation.\n"},"samples":[{"isRevoked":"False","fileName":"ri_setup_full4134_M7hEK47j.exe","isInstaller":"True","companyName":"","productName":"Recoverit - Data Recovery","productVersion":"13.0.3","fileVersion":"4.0.4.22","hashMD5":"70c58e4ea51eac29121353f9bb0bba96","hashSHA1":"f754ea1625d1de5f0508b12c22a386f25168c412","hashSHA256":"87c904394da72d4e761e93a063c0273319a4a168b9e375e67a8602d18b572d61","digitalCertThumbprint":"3690603490F6A3D62A29DF22F687AFCC4FCF8697","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Wondershare Technology Group Co.Ltd","storeId":"","sourceIndex":"541","avBlockList":["360 Total Security (20241212)","Avast Premium Security (20241212)","AVG Internet Security (20241212)","Avira Internet Security (20241212)","ESET Internet Security (20241212)","FortectPremium (20241212)","G DATA INTERNET SECURITY (20241212)","K7 Total Security (20241212)","Norton Security (20241212)","Panda Dome (20241212)","Quick Heal Internet Security (20241212)","Sophos Home Premium (20241212)","SpyHunter5 (20241212)","Total AV Antivirus Pro (20241212)","VirIT eXplorer PRO (20241212)","Webroot SecureAnywhere (20241212)"],"avAllowList":["Bitdefender Internet Security (20241212)","COMODO Antivirus (20241212)","Dr.Web Security Space (20241212)","KasperskyPremium (20241212)","Malwarebytes Premium (20241212)","McAfee Total Protection (20241212)","Trend Micro Internet Security (20241212)","VIPRE Advanced Security (20241212)","Windows Defender (20241212)"]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on windows app","reference":"","landingPage":"https://recoverit.wondershare.com/data-recovery-win.html","directDownloadingLink":"https://download.wondershare.com/ri_full4134.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://download.wondershare.com/ri_full4134.exe","sourceIndex":"541"}],"sampleFiles":["240923/WondershareRecoverit-240312/13.0.5.5/Samples/ri_setup_full4134_M7hEK47j.exe"],"imageFiles":["240923/WondershareRecoverit-240312/13.0.5.5/Images/ACR-042/ACR-042.PNG","240923/WondershareRecoverit-240312/13.0.5.5/Images/ACR-042/ACR-042_1.PNG","240923/WondershareRecoverit-240312/13.0.5.5/Images/ACR-048/ACR-048.PNG","240923/WondershareRecoverit-240312/13.0.5.5/Images/ACR-004/ACR-004.PNG","240923/WondershareRecoverit-240312/13.0.5.5/Images/ACR-097/ACR-097.PNG","240923/WondershareRecoverit-240312/13.0.5.5/Images/ACR-118/ACR-118.PNG","240923/WondershareRecoverit-240312/13.0.5.5/Images/ACR-165/ACR-165.PNG"],"nonDeceptorImageFiles":["240923/WondershareRecoverit-240312/13.0.5.5/Images/ACR-123/ACR-123.PNG"],"guid":"5c9d2e1c-174f-493d-a1a5-bb898f962097_13.0.5.5_1","appID":"WondershareRecoverit-240312","dateAdded":"250605","deceptorType":"App","name":"Wondershare Recoverit","company":"Wondershare Technology Group Co.,Ltd","version":"13.0.5.5","lastKnownStatus":"12.0.25.7;12.0.27.8;12.6.0.7;12.6.1.1;13.0.1.6;13.0.2.9;13.0.5.5;13.5.18","lastKnownDate":"250605","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10,Windows 11","targetBrowser":"None","targetCustomer":"consumer,enterprise","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2025-06-05T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":8,"sortOrder":299},{"violations":{"ACR-042":"Open source projects \"FFmpeg\" and \"Qt5\" are installed without any disclosure in EULA.\n","ACR-048":"The app does not provide any control to cancel the installation.\n","ACR-004":"The application doesn't provide a free fix (recovery) instead offering a subscription that the user needs to pay to fix it.\n","ACR-097":"The app adds an exception for Windows firewall without disclosing relevant info and getting consent from the user.\n"},"nonDeceptorViolations":{"ACR-123":"Even after a reboot and uninstall, the application did not remove itself from the firewall exception that was added during installation.\n"},"samples":[{"isRevoked":"False","fileName":"recoverit_setup_full4134.exe","isInstaller":"True","companyName":"","productName":"Recoverit - Data Recovery","productVersion":"13.0.2","fileVersion":"4.0.4.22","hashMD5":"f96235c7aba915256636bea39e023808","hashSHA1":"7e09041c6d9ae6584e5aac12be55815f4a275e9f","hashSHA256":"0ad7126d4339e2ab409f2835cde7c2607d2e7fd11948e605814cf0e5925e88e5","digitalCertThumbprint":"3690603490F6A3D62A29DF22F687AFCC4FCF8697","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Wondershare Technology Group Co.Ltd","storeId":"","sourceIndex":"571","avBlockList":["360 Total Security (20240905)","Avast Premium Security (20240905)","AVG Internet Security (20240905)","Avira Internet Security (20240905)","ESET Internet Security (20240905)","FortectPremium (20240905)","G DATA INTERNET SECURITY (20240905)","K7 Total Security (20240905)","Norton Security (20240905)","Panda Dome (20240905)","Quick Heal Internet Security (20240905)","Sophos Home Premium (20240905)","SpyHunter5 (20240905)","Total AV Antivirus Pro (20240905)","VirIT eXplorer PRO (20240905)","Webroot SecureAnywhere (20240905)","Windows Defender (20240905)"],"avAllowList":["Bitdefender Internet Security (20240905)","COMODO Antivirus (20240905)","Dr.Web Security Space (20240905)","KasperskyPremium (20240905)","Malwarebytes Premium (20240905)","McAfee Total Protection (20240905)","Trend Micro Internet Security (20240905)","VIPRE Advanced Security (20240905)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt on Data recovery applications","reference":"","landingPage":"https://recoverit.wondershare.com/data-recovery-win.html","directDownloadingLink":"https://recoverit.wondershare.com/buy/store.html?utm_source=link_in_product&utm_medium=ownmedia&utm_campaign=drwin_ess&utm_content=link_dr_dr_en_20046074_2022-10-18&custom=eyJidXlfdHlwZSI6ImFwcF90b193ZWIiLCJjb2RlX3R5cGUiOiIyIiwiZGV2aWNlX2lkIjoie2M5Mzk3YzVmLWYwYzYtNGM1Zi04M2RlLWI5NzI3OGU0MzE0ZEd9IiwicGlkIjoiNDEzNCIsInBsYXRmb3JtIjoid2luIiwic2hvcHBpbmdfaWQiOiIxNzI0MjM2MDA0MTQ5XzEzODEzOCIsInRpZCI6IlVBXzg5NzgyMzUwXzkiLCJ0eXBlIjoiZHJfY2xpZW50X2luZm8ifQ==","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://recoverit.wondershare.com/buy/store.html?utm_source=link_in_product&utm_medium=ownmedia&utm_campaign=drwin_ess&utm_content=link_dr_dr_en_20046074_2022-10-18&custom=eyJidXlfdHlwZSI6ImFwcF90b193ZWIiLCJjb2RlX3R5cGUiOiIyIiwiZGV2aWNlX2lkIjoie2M5Mzk3YzVmLWYwYzYtNGM1Zi04M2RlLWI5NzI3OGU0MzE0ZEd9IiwicGlkIjoiNDEzNCIsInBsYXRmb3JtIjoid2luIiwic2hvcHBpbmdfaWQiOiIxNzI0MjM2MDA0MTQ5XzEzODEzOCIsInRpZCI6IlVBXzg5NzgyMzUwXzkiLCJ0eXBlIjoiZHJfY2xpZW50X2luZm8ifQ==","sourceIndex":"571"}],"sampleFiles":["240821/WondershareRecoverit-240312/13.0.2.9/Samples/recoverit_setup_full4134.exe"],"imageFiles":["240821/WondershareRecoverit-240312/13.0.2.9/Images/ACR-042/ACR-042.PNG","240821/WondershareRecoverit-240312/13.0.2.9/Images/ACR-042/ACR-042_1.PNG","240821/WondershareRecoverit-240312/13.0.2.9/Images/ACR-048/ACR-048.PNG","240821/WondershareRecoverit-240312/13.0.2.9/Images/ACR-004/ACR-004.PNG","240821/WondershareRecoverit-240312/13.0.2.9/Images/ACR-097/ACR-097.PNG"],"nonDeceptorImageFiles":["240821/WondershareRecoverit-240312/13.0.2.9/Images/ACR-123/ACR-123.PNG"],"guid":"5c9d2e1c-174f-493d-a1a5-bb898f962097_13.0.2.9_1","appID":"WondershareRecoverit-240312","dateAdded":"250605","deceptorType":"App","name":"Wondershare Recoverit","company":"Wondershare Technology Group Co.,Ltd","version":"13.0.2.9","lastKnownStatus":"12.0.25.7;12.0.27.8;12.6.0.7;12.6.1.1;13.0.1.6;13.0.2.9;13.0.5.5;13.5.18","lastKnownDate":"250605","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10,Windows 11","targetBrowser":"None","targetCustomer":"consumer,enterprise","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2025-06-05T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":8,"sortOrder":300},{"violations":{"ACR-109":"The application silently installs the app before the user chooses and agrees to install or without disclosing the relationship to the app during installation.\n","ACR-048":"The app disables the option to change the default search engine, forcing users to use its own by making it the only available choice in the settings.\n","ACR-006":"Search queries redirects to doktox.com without disclosure.\n","ACR-104":"The app does not clearly disclose that searches will be processed through doktox.com\n"},"nonDeceptorViolations":{"ACR-040":"App installs in hidden AppData folder without telling the user and does not give the user a way to change the install location.\n"},"samples":[{"isRevoked":"False","fileName":"blaze.exe","companyName":"The Blaze Authors","productName":"Blaze","productVersion":"136.0.7062.0","fileVersion":"136.0","hashMD5":"bbb6c5a23d13b139d65803394510214d","hashSHA1":"4d11144041890b03afa6dc8a76cf2877bf9fdfc5","hashSHA256":"d273ee28e629c4a19cee2a254a81d6d3d9deaac5a64dbfb4f2b236da53a83f25","digitalCertThumbprint":"2A8E50DE52E27CFE1E27625253A473CA6951D3CB","digitalCertIssuer":"CN=GlobalSign GCC R45 EV CodeSigning CA 2020, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"CN=BABUL KHEIR CONSTRUCTION CO LIMITED, O=BABUL KHEIR CONSTRUCTION CO LIMITED, L=Garissa, S=Garissa, C=KE, OID.1.3.6.1.4.1.311.60.2.1.3=KE, SERIALNUMBER=CPR/2011/64057, OID.2.5.4.15=Private Organization","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"199","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"blazebrowser.exe","isInstaller":"True","productName":"","productVersion":"","fileVersion":"0.0","hashMD5":"0136afe1dea7a4a8f1ad668674d4c609","hashSHA1":"c3db2e23dd144ddcc1c01846c99a2d2330c4a397","hashSHA256":"168ab664780d7b46388bbee7f47ec30c5271d07cb31f888d8ef674b740607952","digitalCertThumbprint":"2A8E50DE52E27CFE1E27625253A473CA6951D3CB","digitalCertIssuer":"CN=GlobalSign GCC R45 EV CodeSigning CA 2020, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"CN=BABUL KHEIR CONSTRUCTION CO LIMITED, O=BABUL KHEIR CONSTRUCTION CO LIMITED, L=Garissa, S=Garissa, C=KE, OID.1.3.6.1.4.1.311.60.2.1.3=KE, SERIALNUMBER=CPR/2011/64057, OID.2.5.4.15=Private Organization","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"199","avBlockList":["360 Total Security (20250821)","Avast Premium Security (20250821)","AVG Internet Security (20250821)","Avira Internet Security (20250821)","Bitdefender Internet Security (20250821)","COMODO Antivirus (20250821)","FortectPremium (20250821)","G DATA INTERNET SECURITY (20250821)","K7 Total Security (20250821)","KasperskyPremium (20250821)","Malwarebytes Premium (20250821)","McAfee Total Protection (20250821)","Norton Security (20250821)","Panda Dome (20250821)","Quick Heal Internet Security (20250821)","Sophos Home Premium (20250821)","SpyHunter5 (20250821)","Total AV Antivirus Pro (20250821)","VIPRE Advanced Security (20250821)","VirIT eXplorer PRO (20250821)","Webroot SecureAnywhere (20250821)","Windows Defender (20250821)"],"avAllowList":["Dr.Web Security Space (20250821)","ESET Internet Security (20250821)","Trend Micro Internet Security (20250821)"]}],"additionalFiles":[],"sources":[{"howFound":"random research","reference":"","landingPage":"https://blazebrowser.gg/","ipv4":"","ipv6":"","sourceIndex":"199"}],"sampleFiles":["250527/BlazeBrowser-250527/136.0.7062.0/Samples/blaze.exe","250527/BlazeBrowser-250527/136.0.7062.0/Samples/blazebrowser.exe"],"imageFiles":["250527/BlazeBrowser-250527/136.0.7062.0/Images/ACR-109/Installation.mp4","250527/BlazeBrowser-250527/136.0.7062.0/Images/ACR-104/ACR-104_Software_1.png","250527/BlazeBrowser-250527/136.0.7062.0/Images/ACR-104/redirection.mp4","250527/BlazeBrowser-250527/136.0.7062.0/Images/ACR-048/ACR-048_Software_1.png","250527/BlazeBrowser-250527/136.0.7062.0/Images/ACR-048/ACR-048_Software_2.png","250527/BlazeBrowser-250527/136.0.7062.0/Images/ACR-006/redirection.mp4","250527/BlazeBrowser-250527/136.0.7062.0/Images/ACR-006/ACR-006_Software_1.png"],"nonDeceptorImageFiles":["250527/BlazeBrowser-250527/136.0.7062.0/Images/ACR-040/ACR-040_Install_1.png"],"guid":"05b979c9-0568-4021-96f8-3dbb2eb27b11_136.0.7062.0_1","appID":"BlazeBrowser-250527","dateAdded":"250527","deceptorType":"App","name":"Blaze Browser","company":"The Blaze Authors","version":"136.0.7062.0","lastKnownStatus":"Deceptor:136.0.7062.0","lastKnownDate":"250528","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10,Windows 11","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"none","lastUpdate":"2025-05-29T03:10:59.6603871+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":310},{"violations":{"ACR-043":"The app gets installed in a hidden folder without disclosing its installation path.\n","ACR-048":"A scheduled task was added without the user's knowledge and the app does not offer any option within an app settings to control it. \n","ACR-084":"The app creates an undisclosed scheduled task to perform an action without the user's knowledge and consent.\n","ACR-116":"The app cannot be uninstalled completely. In the attempt to uninstall the app, it opens a post-uninstall page displaying it was successfully removed from the computer. It removes Desktop shortcut and itself from the Control Panel and displays a prompt suggesting it may not have been uninstalled correctly, and leaves all its executables on the system.\n"},"nonDeceptorViolations":{"ACR-038":"The main executable and the file PDFlash Updater lacks important file metadata, such as  company info, product name or version details.\n","ACR-040":"The app installs itself in a hidden folder %AppData%\\Local\\PDflash without proper disclosure.\n","ACR-002":"The app has inconsistent versions of across all points of consumer interaction.\n"},"samples":[{"isRevoked":"False","fileName":"Pdflash.exe","isInstaller":"True","productName":"Pdflash","productVersion":"","fileVersion":"1.17.9.91","hashMD5":"bed3e35a0a3b4b1f43b90ce9db74efa3","hashSHA1":"b09537bf1e8d32275a6bbc32cc0048cf6cb6286c","hashSHA256":"e0bd179805a4095174a897ba76e5107d127b67a2b0b241362bc848c76d314aeb","digitalCertThumbprint":"0B92A7954C31D74EF39EE89A385C0FDDF5A3C114","digitalCertIssuer":"CN=GlobalSign GCC R45 EV CodeSigning CA 2020, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"E=legal@starlandingltd.com, CN=STAR LANDING LTD, O=STAR LANDING LTD, L=Ra'anana, S=Central District, C=IL, OID.1.3.6.1.4.1.311.60.2.1.3=IL, SERIALNUMBER=516201381, OID.2.5.4.15=Private Organization","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"201","avBlockList":["Avast Premium Security (20250819)","AVG Internet Security (20250819)","Avira Internet Security (20250819)","Bitdefender Internet Security (20250819)","Dr.Web Security Space (20250819)","ESET Internet Security (20250819)","FortectPremium (20250819)","G DATA INTERNET SECURITY (20250819)","K7 Total Security (20250819)","KasperskyPremium (20250819)","Malwarebytes Premium (20250819)","McAfee Total Protection (20250819)","Norton Security (20250819)","Panda Dome (20250819)","Quick Heal Internet Security (20250819)","Sophos Home Premium (20250819)","SpyHunter5 (20250819)","Total AV Antivirus Pro (20250819)","VIPRE Advanced Security (20250819)","VirIT eXplorer PRO (20250819)","Webroot SecureAnywhere (20250819)","Windows Defender (20250819)"],"avAllowList":["360 Total Security (20250819)","COMODO Antivirus (20250819)","Trend Micro Internet Security (20250819)"]},{"isRevoked":"False","fileName":"Pdflash_main.exe","productName":"","productVersion":"","fileVersion":"1.17.9.8","hashMD5":"dda9c28a48f8289dfdd919010ad6fa6b","hashSHA1":"29a0ae886794916ee57f42d89c8229ab3678a3ee","hashSHA256":"81b8b12bae40e619af7ed2870fac3861934f600b2a9235cdf152bcb0511f91e5","digitalCertThumbprint":"0B92A7954C31D74EF39EE89A385C0FDDF5A3C114","digitalCertIssuer":"CN=GlobalSign GCC R45 EV CodeSigning CA 2020, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"E=legal@starlandingltd.com, CN=STAR LANDING LTD, O=STAR LANDING LTD, L=Ra'anana, S=Central District, C=IL, OID.1.3.6.1.4.1.311.60.2.1.3=IL, SERIALNUMBER=516201381, OID.2.5.4.15=Private Organization","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"201","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"PDFlashUpdater.exe","companyName":"PDFlashUpdater","productName":"PDFlashUpdater","productVersion":"1.0.0+ac9b5f8e7fafc62c71901ed7302e3f17b9ecd591","fileVersion":"1.17.9.91","hashMD5":"1237c8f3b9eece4e673a4ab7071dece1","hashSHA1":"82a31ce3d4c478b220c7637ae95b279cc47dd6aa","hashSHA256":"bdb46a047c645b8d0c037848a2be7770df15f654d70f089ce78d3c0a80956d46","digitalCertThumbprint":"0B92A7954C31D74EF39EE89A385C0FDDF5A3C114","digitalCertIssuer":"CN=GlobalSign GCC R45 EV CodeSigning CA 2020, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"E=legal@starlandingltd.com, CN=STAR LANDING LTD, O=STAR LANDING LTD, L=Ra'anana, S=Central District, C=IL, OID.1.3.6.1.4.1.311.60.2.1.3=IL, SERIALNUMBER=516201381, OID.2.5.4.15=Private Organization","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"201","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"random hunt","reference":"","landingPage":"https://www.pdflashapp.com/","directDownloadingLink":"https://flashitok.com/load?_ga=GA1.1.335069027.1747994288&_ga_QHSERMT330=GS2.1.s1747994288%24o1%24g0%24t1747994291%24j57%24l0%24h594965752%24da_yhz2577SDGo6FgelxRP5Hy9C0L8hKmUA&iddi=&mumy=85046cf5-d991-4872-86c3-92093e0960ed&pagap=","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://flashitok.com/load?_ga=GA1.1.335069027.1747994288&_ga_QHSERMT330=GS2.1.s1747994288%24o1%24g0%24t1747994291%24j57%24l0%24h594965752%24da_yhz2577SDGo6FgelxRP5Hy9C0L8hKmUA&iddi=&mumy=85046cf5-d991-4872-86c3-92093e0960ed&pagap=","sourceIndex":"201"}],"sampleFiles":["250523/PDFlash-250523/1.17.9.8/Samples/Pdflash.exe","250523/PDFlash-250523/1.17.9.8/Samples/Pdflash_main.exe","250523/PDFlash-250523/1.17.9.8/Samples/PDFlashUpdater.exe"],"imageFiles":["250523/PDFlash-250523/1.17.9.8/Images/ACR-043/ACR-043_Install_1.png","250523/PDFlash-250523/1.17.9.8/Images/ACR-043/ACR-043_Install_2.png","250523/PDFlash-250523/1.17.9.8/Images/ACR-084/ACR-084_Software_1.png","250523/PDFlash-250523/1.17.9.8/Images/ACR-048/ACR-048_Software_2.png","250523/PDFlash-250523/1.17.9.8/Images/ACR-048/ACR-048_Software_1.png","250523/PDFlash-250523/1.17.9.8/Images/ACR-116/ACR-116_Uninstall_1.png"],"nonDeceptorImageFiles":["250523/PDFlash-250523/1.17.9.8/Images/ACR-038/ACR-038_Install_1.png","250523/PDFlash-250523/1.17.9.8/Images/ACR-038/ACR-038_Install_2.png","250523/PDFlash-250523/1.17.9.8/Images/ACR-040/ACR-040_Install_1.png","250523/PDFlash-250523/1.17.9.8/Images/ACR-002/ACR-002_Software_1.png"],"guid":"adbb1159-e511-433a-ad67-59891a0a7ccc_1.17.9.8_1","appID":"PDFlash-250523","dateAdded":"250523","deceptorType":"App","name":"PDFlash","company":"Pdflash","version":"1.17.9.8","lastKnownStatus":"Deceptor:1.17.9.8","lastKnownDate":"250523","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows 7,Windows Vista,Windows 8,Windows 10,Windows 11","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Adults only","monetization":"none","lastUpdate":"2025-05-24T00:01:32.9439343+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":311},{"violations":{"ACR-055":"Accept and decline for the offer must be obvious. Uncheck the \"Yes, I would like to install Spy Emergency Antivirus\" is not straightforward option for decline\n","ACR-059":"No optional offer is clearly marked in offer. The offer looks part of the install application.\n"},"nonDeceptorViolations":{"ACR-065":"The application's install wizard has no link to the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy. \nThe application has no link to a webpage that shows the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThe application's landing page has no link to the EULA and/or Terms of Service, Returns and Cancellation Policy. \n","ACR-099":"The application has no link to a webpage that shows how to uninstall the app. \nThe application has no link to a webpage that shows how to uninstall the app. \n"},"samples":[{"isRevoked":"False","fileName":"bh-setup.exe","isInstaller":"True","companyName":"NETGATE Technologies s.r.o.                                 ","fileVersion":"0.0","hashMD5":"760193100ca5c6685d986edae3630e0d","hashSHA1":"bcfad95024a4447a2a920197e9ed9998a31df531","hashSHA256":"3a74ede0d6b129c19c3c8002ec296ef619d7ce3756cb5be44f7281bde383b169","digitalCertThumbprint":"EE72D2D2AA91B008053D0AE82868CA39E28F81D1","digitalCertIssuer":"CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US","digitalCertIssuedTo":"CN=NETGATE Technologies s.r.o., O=NETGATE Technologies s.r.o., L=Prievidza, S=Slovakia, C=SK","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"200","avBlockList":["Avast Premium Security (20250821)","AVG Internet Security (20250821)","Avira Internet Security (20250821)","Bitdefender Internet Security (20250821)","COMODO Antivirus (20250821)","FortectPremium (20250821)","G DATA INTERNET SECURITY (20250821)","K7 Total Security (20250821)","KasperskyPremium (20250821)","Malwarebytes Premium (20250821)","Norton Security (20250821)","Panda Dome (20250821)","Quick Heal Internet Security (20250821)","Sophos Home Premium (20250821)","SpyHunter5 (20250821)","Total AV Antivirus Pro (20250821)","VIPRE Advanced Security (20250821)","VirIT eXplorer PRO (20250821)","Webroot SecureAnywhere (20250821)","Windows Defender (20250821)"],"avAllowList":["360 Total Security (20250821)","Dr.Web Security Space (20250821)","ESET Internet Security (20250821)","McAfee Total Protection (20250821)","Trend Micro Internet Security (20250821)"]},{"isRevoked":"False","fileName":"blackhawk.exe","companyName":"NETGATE Technologies s.r.o.","fileVersion":"25.3","hashMD5":"7a0ddd9ac6813f3747a4bef496b8595a","hashSHA1":"da73056284c5b38d83eced52e68501215bfe8762","hashSHA256":"9b7e1a118af87ee3adf63cc4a3a13c6809c66adbae1d130b7f3f6327452fff41","sourceIndex":"200","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"https://www.netgate.sk/blackhawk/help/welcome-to-blackhawk-web-browser.html","reference":"https://www.netgate.sk/blackhawk/help/welcome-to-blackhawk-web-browser.html","landingPage":"https://www.netgate.sk/blackhawk/help/welcome-to-blackhawk-web-browser.html","directDownloadingLink":"https://www.ngt.sk/download/bh-setup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.ngt.sk/download/bh-setup.exe","sourceIndex":"200"}],"sampleFiles":["250516/BlackHawkWebBrowser-250516/25.3.1/Samples/bh-setup.exe","250516/BlackHawkWebBrowser-250516/25.3.1/Samples/blackhawk.exe"],"imageFiles":["250516/BlackHawkWebBrowser-250516/25.3.1/Images/ACR-055/install3.png","250516/BlackHawkWebBrowser-250516/25.3.1/Images/ACR-059/install3.png"],"nonDeceptorImageFiles":["250516/BlackHawkWebBrowser-250516/25.3.1/Images/ACR-065/install1.png","250516/BlackHawkWebBrowser-250516/25.3.1/Images/ACR-065/app6.png","250516/BlackHawkWebBrowser-250516/25.3.1/Images/ACR-099/app6.png","250516/BlackHawkWebBrowser-250516/25.3.1/Images/ACR-065/LandingPage1.png","250516/BlackHawkWebBrowser-250516/25.3.1/Images/ACR-065/LandingPage2.png","250516/BlackHawkWebBrowser-250516/25.3.1/Images/ACR-099/LandingPage1.png","250516/BlackHawkWebBrowser-250516/25.3.1/Images/ACR-099/LandingPage2.png"],"guid":"44bb9ce5-62b0-465b-9b6b-6493406f7c62_25.3.1_1","appID":"BlackHawkWebBrowser-250516","dateAdded":"250516","deceptorType":"App","name":"BlackHawk Web Browser ","company":"NETGATE Technologies","version":"25.3.1","lastKnownStatus":"Deceptor:25.3.1","lastKnownDate":"250527","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 11,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"none","lastUpdate":"2025-05-27T23:26:18.4233831+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":312},{"violations":{"ACR-048":"App does not have a standard 'x' button to close, only a '-' button which minimizes to system tray and provides no notification to the user that it is still running in the background.\n","ACR-007":"Does not inform user about the reduction in security associated with the resource borrowing.\n","ACR-084":"App does not clearly indicate that borrowing is happening, instead implying that there are steps to follow to enable borrowing, even after the steps have been followed.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"Point-Of-Presence-1.0.16.exe","isInstaller":"True","fileVersion":"1.0","hashMD5":"2d8fe057fdd26732462b1e573df74775","hashSHA1":"65c77152be47f64d4343e33cdae81a71972a1726","hashSHA256":"6d80be7810607f18a356f1491011473b213d7362161723e949d7c2256475f943","digitalCertThumbprint":"0FB3DB9BFA0CDE9220D4C183721F1A89E3D5BD1A","digitalCertIssuer":"CN=Sectigo Public Code Signing CA EV R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=Secure Privacy Group Limited, O=Secure Privacy Group Limited, S=Hong Kong, C=HK, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=HK, SERIALNUMBER=2700369","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"202","avBlockList":["360 Total Security (20250731)","Bitdefender Internet Security (20250731)","COMODO Antivirus (20250731)","ESET Internet Security (20250731)","G DATA INTERNET SECURITY (20250731)","K7 Total Security (20250731)","Kaspersky Internet Security (20230328)","Malwarebytes Premium (20250731)","McAfee Total Protection (20250731)","Panda Dome (20250731)","Quick Heal Internet Security (20250731)","Sophos Home Premium (20250731)","SpyHunter5 (20250731)","Trend Micro Internet Security (20250731)","VIPRE Advanced Security (20250731)","VirIT eXplorer PRO (20250731)","Webroot SecureAnywhere (20250731)","FortectPremium (20250731)","KasperskyPremium (20250731)"],"avAllowList":["Avast Premium Security (20250731)","AVG Internet Security (20250731)","Avira Internet Security (20250731)","Dr.Web Security Space (20250731)","Norton Security (20250731)","Total AV Antivirus Pro (20250731)","Windows Defender (20250731)"]},{"isRevoked":"False","fileName":"Point%20of%20Presence.exe","companyName":"GitHub, Inc.","fileVersion":"1.0","hashMD5":"986d3e27b6e295a596231fd8868100c3","hashSHA1":"4bc79987d0e50cb6daf944ff989479aafd756688","hashSHA256":"045d6f166ae0d3b834e3f772606ec64f9338b135ede70c3c6b87e270d8338f5d","sourceIndex":"202","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Search for Proxy Apps","reference":"","landingPage":"https://peer.proxyrack.com/dashboard","directDownloadingLink":"","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"","sourceIndex":"202"}],"sampleFiles":["250515/Pointofpresence-250515/1.0.16/Samples/Point-Of-Presence-1.0.16.exe","250515/Pointofpresence-250515/1.0.16/Samples/Point%20of%20Presence.exe"],"imageFiles":["250515/Pointofpresence-250515/1.0.16/Images/ACR-007/007.png","250515/Pointofpresence-250515/1.0.16/Images/ACR-084/084.png","250515/Pointofpresence-250515/1.0.16/Images/ACR-048/084.png","250515/Pointofpresence-250515/1.0.16/Images/ACR-048/048.png"],"nonDeceptorImageFiles":[],"guid":"3b27b282-0dc4-49d9-8e5d-9f3fb12681fd_1.0.16_1","appID":"Pointofpresence-250515","dateAdded":"250515","deceptorType":"App","name":"Point of Presence","company":"ProxyRack","version":"1.0.16","lastKnownStatus":"1.0.16","lastKnownDate":"250515","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 8,Windows 7,Windows 10,Windows 11","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"net proxy","lastUpdate":"2025-05-15T21:40:35.9086043+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":313},{"violations":{"ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software.\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software.\n","ACR-039":"No clear indications of the relationship for the monetization components from RiseCodes and Carrier app is disclosed to user before offers being prompts. The links for privacy policy and Term of use mislead user that they are for Carrier app. \n(https://hello.softonic.com/privacy-policy/\nhttps://hello.softonic.com/terms-of-use/\nhttps://risecodes.com/wp-content/uploads/2023/01/Risecodes.com-Privacy-Policy-05.01.2023.pdf\nhttps://risecodes.com/wp-content/uploads/2022/01/Risecodes.com-Terms-of-Use.pdf)\n"},"nonDeceptorViolations":{"ACR-044":"Download manager doesn't disclose its bundling function when user choose to install carrier app.\n"},"samples":[{"isRevoked":"False","fileName":"autoruns-14.11-installer_9-cxcK1.exe","isInstaller":"True","companyName":"Softonic","fileVersion":"3.0","hashMD5":"519323c0ba82598e4304211ee225d998","hashSHA1":"34488cda57d1a98ed2b8fb6b65307ad285f16ed4","hashSHA256":"4bc69acdbc93f0cfa42b28dbcd51bba4f2e4347ec84054ab5b3178788bb3c60a","digitalCertThumbprint":"84E984BA9D1062D8A34226D22D4641494B50C024","digitalCertIssuer":"CN=Sectigo Public Code Signing CA R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=Sigma Gold (Rise Code LTD), O=Sigma Gold (Rise Code LTD), S=Tel Aviv, C=IL","sourceIndex":"203","avBlockList":["360 Total Security (20250731)","Avast Premium Security (20250731)","AVG Internet Security (20250731)","Avira Internet Security (20250731)","Bitdefender Internet Security (20250731)","COMODO Antivirus (20250731)","Dr.Web Security Space (20250731)","ESET Internet Security (20250731)","FortectPremium (20250731)","G DATA INTERNET SECURITY (20250731)","K7 Total Security (20250731)","KasperskyPremium (20250731)","Malwarebytes Premium (20250731)","McAfee Total Protection (20250731)","Norton Security (20250731)","Panda Dome (20250731)","Quick Heal Internet Security (20250731)","Sophos Home Premium (20250731)","SpyHunter5 (20250731)","Total AV Antivirus Pro (20250731)","Trend Micro Internet Security (20250731)","VIPRE Advanced Security (20250731)","VirIT eXplorer PRO (20250731)","Webroot SecureAnywhere (20250731)","Windows Defender (20250731)"],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"blur.live/research - BIBR","reference":"","landingPage":"https://vlc-media-player.en.softonic.com/download","directDownloadingLink":"https://d1m1511i74zbdu.cloudfront.net/version/ph/v3.99.649.643.4","ipv4":"https://d1m1511i74zbdu.cloudfront.net/*/ph/*","ipv6":"","landingPageWildChar":"https://*.softonic.com/download","directDownloadingLinkWildChar":"https://d1m1511i74zbdu.cloudfront.net/version/ph/v3.99.649.643.4","sourceIndex":"203"},{"howFound":"","reference":"","landingPage":"https://360-total-security.en.softonic.com/download","directDownloadingLink":"https://d1m1511i74zbdu.cloudfront.net/build/ph/v3.385.538.777","ipv4":"","ipv6":"","landingPageWildChar":"https://*.softonic.com/download","directDownloadingLinkWildChar":"https://d1m1511i74zbdu.cloudfront.net/*/ph/*","sourceIndex":"204"},{"howFound":"","reference":"","landingPage":"","directDownloadingLink":"https://d1m1511i74zbdu.cloudfront.net/latest/ph/v1.35.82.703.24 ","ipv4":"","ipv6":"","landingPageWildChar":"https://*.softonic.com/download","directDownloadingLinkWildChar":"https://d1m1511i74zbdu.cloudfront.net/*/ph/*","sourceIndex":"205"},{"howFound":"","reference":"","landingPage":"","directDownloadingLink":"https://d1m1511i74zbdu.cloudfront.net/release/ph/v2.748.45.35.15","ipv4":"","ipv6":"","landingPageWildChar":"https://*.softonic.com/download","directDownloadingLinkWildChar":"https://d1m1511i74zbdu.cloudfront.net/*/ph/*","sourceIndex":"206"},{"howFound":"","reference":"","landingPage":"","directDownloadingLink":"https://d1hck35173zzpc.cloudfront.net/hu/wqkz5njow9/ahy/27.117","ipv4":"","ipv6":"","landingPageWildChar":"https://autoruns.softonic.ru/download","sourceIndex":"207"}],"sampleFiles":["250512/RiseDownloadManager-230315/3.011.0/Samples/autoruns-14.11-installer_9-cxcK1.exe"],"imageFiles":["250512/RiseDownloadManager-230315/3.011.0/Images/ACR-039/app2.png","250512/RiseDownloadManager-230315/3.011.0/Images/ACR-013/app3_offer1.png","250512/RiseDownloadManager-230315/3.011.0/Images/ACR-013/app3_offer2.png","250512/RiseDownloadManager-230315/3.011.0/Images/ACR-013/app3_offer3.png","250512/RiseDownloadManager-230315/3.011.0/Images/ACR-060/app3_offer1.png","250512/RiseDownloadManager-230315/3.011.0/Images/ACR-060/app3_offer2.png","250512/RiseDownloadManager-230315/3.011.0/Images/ACR-060/app3_offer3.png"],"nonDeceptorImageFiles":["250512/RiseDownloadManager-230315/3.011.0/Images/ACR-044/app2.png"],"guid":"4a39c51b-7c7b-41c7-8340-5d79aa45bff0_3.011.0_1","appID":"RiseDownloadManager-230315","dateAdded":"250512","deceptorType":"Bundler","name":"SoftonicDownloadManager","company":"softonic.com","version":"3.011.0","lastKnownStatus":"6.44.1344.0;569.11.57.63;54.1.6275;13.2.3957.0;11.3.6425;3.011.0","lastKnownDate":"250512","type":"Windows Executable","category":"Bundlers & Downloaders","targetOS":"Windows XP,Windows Vista,Windows 8,Windows 7,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"sold in bundle","lastUpdate":"2025-05-12T18:38:26.9959293+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":6,"sortOrder":314},{"violations":{"ACR-109":"Download Manager secretly writes the files (some are set to be hidden and system only file) to consumer system under hidden folder without user agreeing to install.\n","ACR-042":"Download manager drops hidden file/potential offer app info in hidden folder without user permission. \n","ACR-043":"The \"SoftonicDownloadManager\" components get dropped in one click without asking the user's permission and disclosing the installation path.\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software.\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software.\n","ACR-039":"No clear indications of the relationship for the monetization components from RiseCodes and Carrier app is disclosed to user before offers being prompts. The links for privacy policy and Term of use mislead user that they are for Carrier app. \n(https://hello.softonic.com/privacy-policy/\nhttps://hello.softonic.com/terms-of-use/\nhttps://risecodes.com/wp-content/uploads/2023/01/Risecodes.com-Privacy-Policy-05.01.2023.pdf\nhttps://risecodes.com/wp-content/uploads/2022/01/Risecodes.com-Terms-of-Use.pdf)\n"},"nonDeceptorViolations":{"ACR-044":"Download manager doesn't disclose its bundling function when user choose to install carrier app.\n"},"samples":[{"isRevoked":"False","fileName":"winrar-64bit-7.01-installer_gG-XMP1.exe","isInstaller":"True","fileVersion":"11.3","hashMD5":"8977253e0281b50e75f816115b0c6d52","hashSHA1":"a962c31c982b41f9501f95cabbf1c2bf20b0d2ff","hashSHA256":"c50d0de6fe12d36aba376cdb8d6e093f8b43e20b39f33b66f12bc1aa9f073285","digitalCertThumbprint":"FEFEB4BACCAD8A573C23EA0669EF69586AEE2816","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Softonic International SA, O=Softonic International SA, L=Barcelona, S=Barcelona, C=ES","sourceIndex":"546","avBlockList":["COMODO Antivirus (20241205)","Dr.Web Security Space (20241205)","ESET Internet Security (20241205)","FortectPremium (20241205)","G DATA INTERNET SECURITY (20241205)","K7 Total Security (20241205)","KasperskyPremium (20241205)","Malwarebytes Premium (20241205)","Panda Dome (20241205)","Quick Heal Internet Security (20241205)","Sophos Home Premium (20241205)","SpyHunter5 (20241205)","VirIT eXplorer PRO (20241205)","Webroot SecureAnywhere (20241205)"],"avAllowList":["360 Total Security (20241205)","Avast Premium Security (20241205)","AVG Internet Security (20241205)","Avira Internet Security (20241205)","Bitdefender Internet Security (20241205)","McAfee Total Protection (20241205)","Norton Security (20241205)","Total AV Antivirus Pro (20241205)","Trend Micro Internet Security (20241205)","VIPRE Advanced Security (20241205)","Windows Defender (20241205)"]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"","landingPage":"https://en.softonic.com/download/winrar/windows/post-download?ext=1","directDownloadingLink":"https://dcv13qo2y742s.cloudfront.net/ZAnt/rFyGzvFsK/NsAiE61/winrar-7.01-installer.exe","ipv4":"","ipv6":"","landingPageWildChar":"https://*.softonic.com/download","directDownloadingLinkWildChar":"https://dcv13qo2y742s.cloudfront.net/ZAnt/rFyGzvFsK/NsAiE61/winrar-7.01-installer.exe","sourceIndex":"546"}],"sampleFiles":["240919/RiseDownloadManager-230315/11.3.6425/Samples/winrar-64bit-7.01-installer_gG-XMP1.exe"],"imageFiles":["240919/RiseDownloadManager-230315/11.3.6425/Images/ACR-109/files.png","240919/RiseDownloadManager-230315/11.3.6425/Images/ACR-039/App1.png","240919/RiseDownloadManager-230315/11.3.6425/Images/ACR-043/files.png","240919/RiseDownloadManager-230315/11.3.6425/Images/ACR-042/files.png","240919/RiseDownloadManager-230315/11.3.6425/Images/ACR-013/offer.png","240919/RiseDownloadManager-230315/11.3.6425/Images/ACR-013/offer2.png","240919/RiseDownloadManager-230315/11.3.6425/Images/ACR-013/offer3.png","240919/RiseDownloadManager-230315/11.3.6425/Images/ACR-060/offer.png","240919/RiseDownloadManager-230315/11.3.6425/Images/ACR-060/offer2.png","240919/RiseDownloadManager-230315/11.3.6425/Images/ACR-060/offer3.png"],"nonDeceptorImageFiles":["240919/RiseDownloadManager-230315/11.3.6425/Images/ACR-044/App1.png"],"guid":"4a39c51b-7c7b-41c7-8340-5d79aa45bff0_11.3.6425_1","appID":"RiseDownloadManager-230315","dateAdded":"250512","deceptorType":"Bundler","name":"SoftonicDownloadManager","company":"softonic.com","version":"11.3.6425","lastKnownStatus":"6.44.1344.0;569.11.57.63;54.1.6275;13.2.3957.0;11.3.6425;3.011.0","lastKnownDate":"250512","type":"Windows Executable","category":"Bundlers & Downloaders","targetOS":"Windows XP,Windows Vista,Windows 8,Windows 7,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"sold in bundle","lastUpdate":"2025-05-12T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":6,"sortOrder":315},{"violations":{"ACR-109":"Download Manager secretly writes the files (some are set to be hidden and system only file) to consumer system under hidden folder without user agreeing to install.\n","ACR-042":"Download manager drops hidden file/potential offer app info in hidden folder without user permission. \n","ACR-043":"The \"SoftonicDownloadManager\" components get dropped in one click without asking the user's permission and disclosing the installation path.\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software.\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software.\n","ACR-039":"No clear indications of the relationship for the monetization components from RiseCodes and Carrier app is disclosed to user before offers being prompts. The links for privacy policy and Term of use mislead user that they are for Carrier app. \n(https://hello.softonic.com/privacy-policy/\nhttps://hello.softonic.com/terms-of-use/\nhttps://risecodes.com/wp-content/uploads/2023/01/Risecodes.com-Privacy-Policy-05.01.2023.pdf\nhttps://risecodes.com/wp-content/uploads/2022/01/Risecodes.com-Terms-of-Use.pdf)\n"},"nonDeceptorViolations":{"ACR-044":"Download manager doesn't disclose its bundling function when user choose to install carrier app.\n"},"samples":[{"isRevoked":"False","fileName":"cleaner-one-pro-6.6.0.2986-installer_6zSQS-3.exe","isInstaller":"True","fileVersion":"13.2","hashMD5":"e26a67f7ef319c64c286d4fa316464e6","hashSHA1":"e39a666ee4c6cb61ffcf479db9fd59f72bea8f9d","hashSHA256":"bca86a0c987f036a598479dc37b26e90d1f9d7d9fef2a16a3f8bac6453c6e2a3","digitalCertThumbprint":"FEFEB4BACCAD8A573C23EA0669EF69586AEE2816","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Softonic International SA, O=Softonic International SA, L=Barcelona, S=Barcelona, C=ES","sourceIndex":"763","avBlockList":["Bitdefender Internet Security (20240215)","COMODO Antivirus (20240215)","Dr.Web Security Space (20240215)","ESET Internet Security (20240215)","G DATA INTERNET SECURITY (20240215)","K7 Total Security (20240215)","Kaspersky Internet Security (20240215)","Malwarebytes Premium (20240215)","Norton Security (20240215)","Panda Dome (20240215)","Quick Heal Internet Security (20240215)","Sophos Home Premium (20240215)","SpyHunter5 (20240215)","Trend Micro Internet Security (20240215)","VIPRE Advanced Security (20240215)","VirIT eXplorer PRO (20240215)","Webroot SecureAnywhere (20240215)"],"avAllowList":["360 Total Security (20240215)","Avast Premium Security (20240215)","AVG Internet Security (20240215)","Avira Internet Security (20240215)","McAfee Total Protection (20240215)","Total AV Antivirus Pro (20240215)","Windows Defender (20240215)"]}],"additionalFiles":[],"sources":[{"howFound":"blur.live/research - BIBR","reference":"","landingPage":"https://vlc-media-player.en.softonic.com/download","directDownloadingLink":"https://d1m1511i74zbdu.cloudfront.net/version/ph/v3.99.649.643.4","ipv4":"https://d1m1511i74zbdu.cloudfront.net/*/ph/*","ipv6":"","landingPageWildChar":"https://*.softonic.com/download","directDownloadingLinkWildChar":"https://d1m1511i74zbdu.cloudfront.net/version/ph/v3.99.649.643.4","sourceIndex":"763"},{"howFound":"","reference":"","landingPage":"https://360-total-security.en.softonic.com/download","directDownloadingLink":"https://d1m1511i74zbdu.cloudfront.net/build/ph/v3.385.538.777","ipv4":"","ipv6":"","landingPageWildChar":"https://*.softonic.com/download","directDownloadingLinkWildChar":"https://d1m1511i74zbdu.cloudfront.net/*/ph/*","sourceIndex":"764"},{"howFound":"","reference":"","landingPage":"","directDownloadingLink":"https://d1m1511i74zbdu.cloudfront.net/latest/ph/v1.35.82.703.24 ","ipv4":"","ipv6":"","landingPageWildChar":"https://*.softonic.com/download","directDownloadingLinkWildChar":"https://d1m1511i74zbdu.cloudfront.net/*/ph/*","sourceIndex":"765"},{"howFound":"","reference":"","landingPage":"","directDownloadingLink":"https://d1m1511i74zbdu.cloudfront.net/release/ph/v2.748.45.35.15","ipv4":"","ipv6":"","landingPageWildChar":"https://*.softonic.com/download","directDownloadingLinkWildChar":"https://d1m1511i74zbdu.cloudfront.net/*/ph/*","sourceIndex":"766"},{"howFound":"","reference":"","landingPage":"","directDownloadingLink":"https://d1isumqvmnq7jz.cloudfront.net/main/ph/v6.301.598.730","ipv4":"","ipv6":"","landingPageWildChar":"https://*.softonic.com/download","directDownloadingLinkWildChar":"https://d1isumqvmnq7jz.cloudfront.net/*/ph/*","sourceIndex":"767"}],"sampleFiles":["240110/RiseDownloadManager-230315/13.2.3957.0/Samples/cleaner-one-pro-6.6.0.2986-installer_6zSQS-3.exe"],"imageFiles":["240110/RiseDownloadManager-230315/13.2.3957.0/Images/ACR-109/files.png","240110/RiseDownloadManager-230315/13.2.3957.0/Images/ACR-039/app.png","240110/RiseDownloadManager-230315/13.2.3957.0/Images/ACR-043/files.png","240110/RiseDownloadManager-230315/13.2.3957.0/Images/ACR-042/files.png","240110/RiseDownloadManager-230315/13.2.3957.0/Images/ACR-013/offer 1.png","240110/RiseDownloadManager-230315/13.2.3957.0/Images/ACR-013/offer 2.png","240110/RiseDownloadManager-230315/13.2.3957.0/Images/ACR-060/offer 1.png","240110/RiseDownloadManager-230315/13.2.3957.0/Images/ACR-060/offer 2.png"],"nonDeceptorImageFiles":["240110/RiseDownloadManager-230315/13.2.3957.0/Images/ACR-044/app.png"],"guid":"4a39c51b-7c7b-41c7-8340-5d79aa45bff0_13.2.3957.0_1","appID":"RiseDownloadManager-230315","dateAdded":"250512","deceptorType":"Bundler","name":"SoftonicDownloadManager","company":"softonic.com","version":"13.2.3957.0","lastKnownStatus":"6.44.1344.0;569.11.57.63;54.1.6275;13.2.3957.0;11.3.6425;3.011.0","lastKnownDate":"250512","type":"Windows Executable","category":"Bundlers & Downloaders","targetOS":"Windows XP,Windows Vista,Windows 8,Windows 7,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"sold in bundle","lastUpdate":"2025-05-12T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":6,"sortOrder":316},{"violations":{"ACR-109":"Download Manager secretly writes the files (some are set to be hidden and system only file) to consumer system under hidden folder without user agreeing to install.\n","ACR-042":"Download manager drops hidden file/potential offer app info in hidden folder without user permission. \n","ACR-043":"The \"SoftonicDownloadManager\" components get dropped in one click without asking the user's permission and disclosing the installation path.\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software.\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software.\n","ACR-039":"No clear indications of the relationship for the monetization components from RiseCodes and Carrier app is disclosed to user before offers being prompts. The links for privacy policy and Term of use mislead user that they are for Carrier app. \n(https://hello.softonic.com/privacy-policy/\nhttps://hello.softonic.com/terms-of-use/\nhttps://risecodes.com/wp-content/uploads/2023/01/Risecodes.com-Privacy-Policy-05.01.2023.pdf\nhttps://risecodes.com/wp-content/uploads/2022/01/Risecodes.com-Terms-of-Use.pdf)\n"},"nonDeceptorViolations":{"ACR-044":"Download manager doesn't disclose its bundling function when user choose to install carrier app.\n"},"samples":[{"isRevoked":"False","fileName":"3utools-2.65.003-installer_Syfe-r1.exe","isInstaller":"True","fileVersion":"54.1","hashMD5":"2ef5a633500361faa60bdebdd4aa34ae","hashSHA1":"be21d0517476ef594722050fe1df01b2cfcdd7ec","hashSHA256":"c6a048d3abae99f06f992a96d43d10365a35b1d378080bec965fbce97c764aea","digitalCertThumbprint":"5C25447CA34F11353A2CFE1E31A3A1A7AEFE3193","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Softonic International SA, OU=SOFTONIC INTERNATIONAL, O=Softonic International SA, L=Barcelona, S=Barcelona, C=ES","sourceIndex":"956","avBlockList":["Avira Internet Security (20230801)","COMODO Antivirus (20230801)","Dr.Web Security Space (20230801)","ESET Internet Security (20230801)","G DATA INTERNET SECURITY (20230801)","K7 Total Security (20230801)","Kaspersky Internet Security (20230801)","Malwarebytes Premium (20230801)","McAfee Total Protection (20230801)","Norton Security (20230801)","Panda Dome (20230801)","Quick Heal Internet Security (20230801)","Sophos Home Premium (20230801)","SpyHunter5 (20230801)","Total AV Antivirus Pro (20230801)","VirIT eXplorer PRO (20230801)","Webroot SecureAnywhere (20230801)"],"avAllowList":["360 Total Security (20230801)","Avast Premium Security (20230801)","AVG Internet Security (20230801)","Bitdefender Internet Security (20230801)","Trend Micro Internet Security (20230801)","VIPRE Advanced Security (20230801)","Windows Defender (20230801)"]},{"isRevoked":"False","fileName":"vlc-media-player-3.0.18-installer_S-jiXx1.exe","isInstaller":"True","fileVersion":"54.1","hashMD5":"76fce5ebe2dbb7ab3799665b02467032","hashSHA1":"075763dd996378aa0b5f751281f641a81fe4c460","hashSHA256":"b12c61e5040dc52862952174a21561c5d772c5b397a2f8093bdc4ed6bb24c5fc","digitalCertThumbprint":"5C25447CA34F11353A2CFE1E31A3A1A7AEFE3193","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Softonic International SA, OU=SOFTONIC INTERNATIONAL, O=Softonic International SA, L=Barcelona, S=Barcelona, C=ES","sourceIndex":"956","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"blur.live/research - BIBR","reference":"","landingPage":"https://vlc-media-player.en.softonic.com/download","directDownloadingLink":"https://d1m1511i74zbdu.cloudfront.net/version/ph/v3.99.649.643.4","ipv4":"https://d1m1511i74zbdu.cloudfront.net/*/ph/*","ipv6":"","landingPageWildChar":"https://*.softonic.com/download","directDownloadingLinkWildChar":"https://d1m1511i74zbdu.cloudfront.net/version/ph/v3.99.649.643.4","sourceIndex":"956"},{"howFound":"","reference":"","landingPage":"https://360-total-security.en.softonic.com/download","directDownloadingLink":"https://d1m1511i74zbdu.cloudfront.net/build/ph/v3.385.538.777","ipv4":"","ipv6":"","landingPageWildChar":"https://*.softonic.com/download","directDownloadingLinkWildChar":"https://d1m1511i74zbdu.cloudfront.net/*/ph/*","sourceIndex":"957"},{"howFound":"","reference":"","landingPage":"","directDownloadingLink":"https://d1m1511i74zbdu.cloudfront.net/latest/ph/v1.35.82.703.24 ","ipv4":"","ipv6":"","landingPageWildChar":"https://*.softonic.com/download","directDownloadingLinkWildChar":"https://d1m1511i74zbdu.cloudfront.net/*/ph/*","sourceIndex":"958"},{"howFound":"","reference":"","landingPage":"","directDownloadingLink":"https://d1m1511i74zbdu.cloudfront.net/release/ph/v2.748.45.35.15","ipv4":"","ipv6":"","landingPageWildChar":"https://*.softonic.com/download","directDownloadingLinkWildChar":"https://d1m1511i74zbdu.cloudfront.net/*/ph/*","sourceIndex":"959"},{"howFound":"","reference":"","landingPage":"","directDownloadingLink":"https://d1m1511i74zbdu.cloudfront.net/rel/ph/v2.446.963.480","ipv4":"","ipv6":"","landingPageWildChar":"https://*.softonic.com/download","directDownloadingLinkWildChar":"https://d1m1511i74zbdu.cloudfront.net/*/ph/*","sourceIndex":"960"},{"howFound":"","reference":"","landingPage":"","directDownloadingLink":"https://d1m1511i74zbdu.cloudfront.net/current/ph/v6.941.922.516","ipv4":"","ipv6":"","landingPageWildChar":"https://*.softonic.com/download","directDownloadingLinkWildChar":"https://d1m1511i74zbdu.cloudfront.net/*/ph/*","sourceIndex":"961"},{"howFound":"","reference":"","landingPage":"","directDownloadingLink":"https://d1m1511i74zbdu.cloudfront.net/current/ph/v4.89.53.130.94","ipv4":"","ipv6":"","landingPageWildChar":"https://*.softonic.com/download","directDownloadingLinkWildChar":"https://d1m1511i74zbdu.cloudfront.net/*/ph/*","sourceIndex":"962"},{"howFound":"","reference":"","landingPage":"","directDownloadingLink":"https://d1m1511i74zbdu.cloudfront.net/version/ph/v2.126.79.35.03","ipv4":"","ipv6":"","landingPageWildChar":"https://*.softonic.com/download","directDownloadingLinkWildChar":"https://d1m1511i74zbdu.cloudfront.net/*/ph/*","sourceIndex":"963"},{"howFound":"","reference":"","landingPage":"","directDownloadingLink":"https://d1m1511i74zbdu.cloudfront.net/ver/ph/v1.865.39.03.98","ipv4":"","ipv6":"","landingPageWildChar":"https://*.softonic.com/download","directDownloadingLinkWildChar":"https://d1m1511i74zbdu.cloudfront.net/*/ph/*","sourceIndex":"964"},{"howFound":"","reference":"","landingPage":"","directDownloadingLink":"https://d1m1511i74zbdu.cloudfront.net/revision/ph/v3.464.481.34.1","ipv4":"","ipv6":"","landingPageWildChar":"https://*.softonic.com/download","directDownloadingLinkWildChar":"https://d1m1511i74zbdu.cloudfront.net/*/ph/*","sourceIndex":"965"},{"howFound":"PH site","reference":"","landingPage":"","directDownloadingLink":"https://d1m1511i74zbdu.cloudfront.net/ver/ph/v0.309.16.55.18","ipv4":"","ipv6":"","landingPageWildChar":"https://*.softonic.com/download","directDownloadingLinkWildChar":"https://d1m1511i74zbdu.cloudfront.net/*/ph/*","sourceIndex":"966"}],"sampleFiles":["230724/RiseDownloadManager-230315/54.1.6275/Samples/3utools-2.65.003-installer_Syfe-r1.exe","230724/RiseDownloadManager-230315/54.1.6275/Samples/vlc-media-player-3.0.18-installer_S-jiXx1.exe"],"imageFiles":["230724/RiseDownloadManager-230315/54.1.6275/Images/ACR-109/VLC_Files.png","230724/RiseDownloadManager-230315/54.1.6275/Images/ACR-039/VLC_044.png","230724/RiseDownloadManager-230315/54.1.6275/Images/ACR-043/VLC_File2.png","230724/RiseDownloadManager-230315/54.1.6275/Images/ACR-042/VLC_File2.png","230724/RiseDownloadManager-230315/54.1.6275/Images/ACR-013/VLC_Offer.png","230724/RiseDownloadManager-230315/54.1.6275/Images/ACR-060/VLC_Offer.png"],"nonDeceptorImageFiles":["230724/RiseDownloadManager-230315/54.1.6275/Images/ACR-044/VLC_044.png"],"guid":"4a39c51b-7c7b-41c7-8340-5d79aa45bff0_54.1.6275_1","appID":"RiseDownloadManager-230315","dateAdded":"250512","deceptorType":"Bundler","name":"SoftonicDownloadManager","company":"softonic.com","version":"54.1.6275","lastKnownStatus":"6.44.1344.0;569.11.57.63;54.1.6275;13.2.3957.0;11.3.6425;3.011.0","lastKnownDate":"250512","type":"Windows Executable","category":"Bundlers & Downloaders","targetOS":"Windows XP,Windows Vista,Windows 8,Windows 7,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"sold in bundle","lastUpdate":"2025-05-12T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":6,"sortOrder":317},{"violations":{"ACR-109":"Download Manager secretly writes the files (some are set to be hidden and system only file) to consumer system under hidden folder without user agreeing to install.\n","ACR-042":"Download manager drops hidden file/potential offer app info in hidden folder without user permission. \n","ACR-043":"The \"SoftonicDownloadManager\" components get dropped in one click without asking the user's permission and disclosing the installation path.\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software.\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software.\n","ACR-075":"After carrier app was cancelled during installation, the offers are still installed without any notification for user.\n","ACR-039":"No clear indications of the relationship for the monetization components from RiseCodes and Carrier app is disclosed to user before offers being prompts. The links for privacy policy and Term of use mislead user that they are for Carrier app. \n(https://hello.softonic.com/privacy-policy/\nhttps://hello.softonic.com/terms-of-use/\nhttps://risecodes.com/wp-content/uploads/2023/01/Risecodes.com-Privacy-Policy-05.01.2023.pdf\nhttps://risecodes.com/wp-content/uploads/2022/01/Risecodes.com-Terms-of-Use.pdf)\n"},"nonDeceptorViolations":{"ACR-044":"Download manager doesn't disclose its bundling function when user choose to install carrier app.\n"},"samples":[{"isRevoked":"False","fileName":"vlc-media-player-3.0.18-installer_LOHB-H1.exe - e26e459631c3c6a9ee9c498bbcee99ec67e8534a52313e1b13c0ed9639d162cb","isInstaller":"True","fileVersion":"6.44","hashMD5":"d0dafc349ed205185e9c30382209c1c6","hashSHA1":"4494d56773274595b9422287d3786f8dc339a162","hashSHA256":"e26e459631c3c6a9ee9c498bbcee99ec67e8534a52313e1b13c0ed9639d162cb","digitalCertThumbprint":"5C25447CA34F11353A2CFE1E31A3A1A7AEFE3193","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Softonic International SA, OU=SOFTONIC INTERNATIONAL, O=Softonic International SA, L=Barcelona, S=Barcelona, C=ES","sourceIndex":"1004","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"shareit-5.0.0.3-installer_N-ODSK1.exe","isInstaller":"True","fileVersion":"6.44","hashMD5":"7f7e833d979c68d1197541802467846a","hashSHA1":"627053bf89fd9cb31bc96e42cc0a609849b7e668","hashSHA256":"3257082fe20b46d6ffddb839c272d227196e32394505bcb6684ab87d024b80c3","digitalCertThumbprint":"5C25447CA34F11353A2CFE1E31A3A1A7AEFE3193","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Softonic International SA, OU=SOFTONIC INTERNATIONAL, O=Softonic International SA, L=Barcelona, S=Barcelona, C=ES","sourceIndex":"1004","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"blur.live/research - BIBR","reference":"","landingPage":"https://vlc-media-player.en.softonic.com/download","directDownloadingLink":"https://d1m1511i74zbdu.cloudfront.net/version/ph/v3.99.649.643.4","ipv4":"https://d1m1511i74zbdu.cloudfront.net/*/ph/*","ipv6":"","landingPageWildChar":"https://*.softonic.com/download","directDownloadingLinkWildChar":"https://d1m1511i74zbdu.cloudfront.net/version/ph/v3.99.649.643.4","sourceIndex":"1004"},{"howFound":"","reference":"","landingPage":"https://360-total-security.en.softonic.com/download","directDownloadingLink":"https://d1m1511i74zbdu.cloudfront.net/build/ph/v3.385.538.777","ipv4":"","ipv6":"","landingPageWildChar":"https://*.softonic.com/download","directDownloadingLinkWildChar":"https://d1m1511i74zbdu.cloudfront.net/*/ph/*","sourceIndex":"1005"},{"howFound":"","reference":"","landingPage":"","directDownloadingLink":"https://d1m1511i74zbdu.cloudfront.net/latest/ph/v1.35.82.703.24 ","ipv4":"","ipv6":"","landingPageWildChar":"https://*.softonic.com/download","directDownloadingLinkWildChar":"https://d1m1511i74zbdu.cloudfront.net/*/ph/*","sourceIndex":"1006"},{"howFound":"","reference":"","landingPage":"","directDownloadingLink":"https://d1m1511i74zbdu.cloudfront.net/release/ph/v2.748.45.35.15","ipv4":"","ipv6":"","landingPageWildChar":"https://*.softonic.com/download","directDownloadingLinkWildChar":"https://d1m1511i74zbdu.cloudfront.net/*/ph/*","sourceIndex":"1007"}],"sampleFiles":["230711/RiseDownloadManager-230315/6.44.1344.0/Samples/vlc-media-player-3.0.18-installer_LOHB-H1.exe - e26e459631c3c6a9ee9c498bbcee99ec67e8534a52313e1b13c0ed9639d162cb","230711/RiseDownloadManager-230315/6.44.1344.0/Samples/shareit-5.0.0.3-installer_N-ODSK1.exe"],"imageFiles":["230711/RiseDownloadManager-230315/6.44.1344.0/Images/ACR-109/ACR-109.png","230711/RiseDownloadManager-230315/6.44.1344.0/Images/ACR-039/ACR-039.png","230711/RiseDownloadManager-230315/6.44.1344.0/Images/ACR-043/ACR-043.png","230711/RiseDownloadManager-230315/6.44.1344.0/Images/ACR-042/ACR-042.png","230711/RiseDownloadManager-230315/6.44.1344.0/Images/ACR-013/ACR-013_1.png","230711/RiseDownloadManager-230315/6.44.1344.0/Images/ACR-013/ACR-013_2.png","230711/RiseDownloadManager-230315/6.44.1344.0/Images/ACR-060/ACR-060_1.png","230711/RiseDownloadManager-230315/6.44.1344.0/Images/ACR-060/ACR-060_2.png","230711/RiseDownloadManager-230315/6.44.1344.0/Images/ACR-075/ACR-075.png"],"nonDeceptorImageFiles":["230711/RiseDownloadManager-230315/6.44.1344.0/Images/ACR-044/ACR-044.png"],"guid":"4a39c51b-7c7b-41c7-8340-5d79aa45bff0_6.44.1344.0_1","appID":"RiseDownloadManager-230315","dateAdded":"250512","deceptorType":"Bundler","name":"SoftonicDownloadManager","company":"softonic.com","version":"6.44.1344.0","lastKnownStatus":"6.44.1344.0;569.11.57.63;54.1.6275;13.2.3957.0;11.3.6425;3.011.0","lastKnownDate":"250512","type":"Windows Executable","category":"Bundlers & Downloaders","targetOS":"Windows XP,Windows Vista,Windows 8,Windows 7,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"sold in bundle","lastUpdate":"2025-05-12T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":6,"sortOrder":318},{"violations":{"ACR-109":"Download Manager secretly writes the files (some are set to be hidden and system only file) to consumer system under hidden folder without user agreeing to install.\n","ACR-042":"Download manager drops hidden file/potential offer app info in hidden folder without user permission. \n","ACR-043":"The \"SoftonicDownloadManager\" components get dropped in one click without asking the user's permission and disclosing the installation path.\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software.\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software.\n","ACR-039":"No clear indications of the relationship for the monetization components from RiseCodes and Carrier app is disclosed to user before offers being prompts. The links for privacy policy and Term of use mislead user that they are for Carrier app. \n(https://hello.softonic.com/privacy-policy/\nhttps://hello.softonic.com/terms-of-use/\nhttps://risecodes.com/wp-content/uploads/2023/01/Risecodes.com-Privacy-Policy-05.01.2023.pdf\nhttps://risecodes.com/wp-content/uploads/2022/01/Risecodes.com-Terms-of-Use.pdf)\n"},"nonDeceptorViolations":{"ACR-044":"Download manager doesn't disclose its bundling function when user choose to install carrier app.\n"},"samples":[{"isRevoked":"False","fileName":"vlc-media-player-3.0.18-installer_9-bNZi1.exe","isInstaller":"True","fileVersion":"569.11","hashMD5":"aba72ae2bbcba8e6f22db62018f33aeb","hashSHA1":"4396fdbac35f4a3f5b60af19eb850e830d2eb3cb","hashSHA256":"11184afa5ddcc05a096dd98e607a0dae826c99b24d7eda139bd6909e9727d8f4","digitalCertThumbprint":"5C25447CA34F11353A2CFE1E31A3A1A7AEFE3193","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Softonic International SA, OU=SOFTONIC INTERNATIONAL, O=Softonic International SA, L=Barcelona, S=Barcelona, C=ES","sourceIndex":"1134","avBlockList":["360 Total Security (20230921)","Avast Premium Security (20230921)","AVG Internet Security (20230921)","Avira Internet Security (20230921)","Bitdefender Internet Security (20230921)","COMODO Antivirus (20230921)","Dr.Web Security Space (20230921)","ESET Internet Security (20230921)","G DATA INTERNET SECURITY (20230921)","K7 Total Security (20230921)","Kaspersky Internet Security (20230921)","Malwarebytes Premium (20230921)","McAfee Total Protection (20230921)","Norton Security (20230921)","Panda Dome (20230921)","Quick Heal Internet Security (20230921)","Sophos Home Premium (20230921)","SpyHunter5 (20230921)","Total AV Antivirus Pro (20230921)","Trend Micro Internet Security (20230921)","VIPRE Advanced Security (20230921)","VirIT eXplorer PRO (20230921)","Webroot SecureAnywhere (20230921)","Windows Defender (20230921)"],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"","landingPage":"https://vlc-media-player.en.softonic.com/download","directDownloadingLink":"https://d1m1511i74zbdu.cloudfront.net/ver/ph/v0.208.523.872","ipv4":"https://d1m1511i74zbdu.cloudfront.net/*/ph/*","ipv6":"","landingPageWildChar":"https://*.softonic.com/download","directDownloadingLinkWildChar":"https://d1m1511i74zbdu.cloudfront.net/ver/ph/v0.208.523.872","sourceIndex":"1134"},{"howFound":"","reference":"","landingPage":"https://360-total-security.en.softonic.com/download","directDownloadingLink":"https://d1m1511i74zbdu.cloudfront.net/v/ph/v7.46.55.888.58","ipv4":"","ipv6":"","landingPageWildChar":"https://*.softonic.com/download","directDownloadingLinkWildChar":"https://d1m1511i74zbdu.cloudfront.net/*/ph/*","sourceIndex":"1135"},{"howFound":"","reference":"","landingPage":"","directDownloadingLink":"https://d1m1511i74zbdu.cloudfront.net/build/ph/v1.48.83.41.17.6","ipv4":"","ipv6":"","landingPageWildChar":"https://*.softonic.com/download","directDownloadingLinkWildChar":"https://d1m1511i74zbdu.cloudfront.net/*/ph/*","sourceIndex":"1136"},{"howFound":"","reference":"","landingPage":"","directDownloadingLink":"https://d1m1511i74zbdu.cloudfront.net/revision/ph/v5.26.89.78.12.9","ipv4":"","ipv6":"","sourceIndex":"1137"},{"howFound":"","reference":"","landingPage":"","directDownloadingLink":"https://d1m1511i74zbdu.cloudfront.net/build/ph/v9.66.628.14.75","ipv4":"","ipv6":"","sourceIndex":"1138"},{"howFound":"","reference":"","landingPage":"","directDownloadingLink":"https://d1m1511i74zbdu.cloudfront.net/version/ph/v1.77.865.87.78","ipv4":"","ipv6":"","sourceIndex":"1139"},{"howFound":"","reference":"","landingPage":"","directDownloadingLink":"https://d1m1511i74zbdu.cloudfront.net/revision/ph/v5.17.17.18.423","ipv4":"","ipv6":"","sourceIndex":"1140"}],"sampleFiles":["230424/RiseDownloadManager-230315/569.11.57.63/Samples/vlc-media-player-3.0.18-installer_9-bNZi1.exe"],"imageFiles":["230424/RiseDownloadManager-230315/569.11.57.63/Images/ACR-109/ACR-109.png","230424/RiseDownloadManager-230315/569.11.57.63/Images/ACR-039/ACR-039.png","230424/RiseDownloadManager-230315/569.11.57.63/Images/ACR-043/ACR-043.png","230424/RiseDownloadManager-230315/569.11.57.63/Images/ACR-042/ACR-109.png","230424/RiseDownloadManager-230315/569.11.57.63/Images/ACR-013/ACR-013_1.png","230424/RiseDownloadManager-230315/569.11.57.63/Images/ACR-013/ACR-013_2.png","230424/RiseDownloadManager-230315/569.11.57.63/Images/ACR-060/ACR-013_1.png","230424/RiseDownloadManager-230315/569.11.57.63/Images/ACR-060/ACR-013_2.png"],"nonDeceptorImageFiles":["230424/RiseDownloadManager-230315/569.11.57.63/Images/ACR-044/ACR-039.png"],"guid":"4a39c51b-7c7b-41c7-8340-5d79aa45bff0_569.11.57.63_1","appID":"RiseDownloadManager-230315","dateAdded":"250512","deceptorType":"Bundler","name":"SoftonicDownloadManager","company":"softonic.com","version":"569.11.57.63","lastKnownStatus":"6.44.1344.0;569.11.57.63;54.1.6275;13.2.3957.0;11.3.6425;3.011.0","lastKnownDate":"250512","type":"Windows Executable","category":"Bundlers & Downloaders","targetOS":"Windows XP,Windows Vista,Windows 8,Windows 7,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"sold in bundle","lastUpdate":"2025-05-12T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":6,"sortOrder":319},{"violations":{"ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software.\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software.\n","ACR-059":"Offers that are not related to the main app should be marked as \"Optional Offer\" instead of identifying the offers as a Recommended additional software to install.\n","ACR-155":"Offers are designed to look like part of the install workflow.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"GOMPLAYERGLOBALSETUP_CHROME.EXE","isInstaller":"True","companyName":"GOM & Company","fileVersion":"2.3","hashMD5":"bb8762fdc099c3cfce9b232ab2352b0b","hashSHA1":"69144d048faf936851e5ef700c9ae242a51b84c8","hashSHA256":"a4bde1f1ee6d71426ea817d6b6a7acab249feed6545b60a0dba44339d67711a9","digitalCertThumbprint":"B095DC311E92B376C76A77B4525FC3BEFE802E48","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=GRETECH CORPORATION, O=GRETECH CORPORATION, L=Shinjuku, S=Tokyo, C=JP","sourceIndex":"836","avBlockList":["COMODO Antivirus (20240307)","ESET Internet Security (20240307)","Kaspersky Internet Security (20240307)","Malwarebytes Premium (20240307)","Norton Security (20240307)","Panda Dome (20240307)","Sophos Home Premium (20240307)","SpyHunter5 (20240307)","Total AV Antivirus Pro (20240307)","VirIT eXplorer PRO (20240307)","Webroot SecureAnywhere (20240307)","Windows Defender (20240307)"],"avAllowList":["360 Total Security (20240307)","Avast Premium Security (20240307)","AVG Internet Security (20240307)","Avira Internet Security (20240307)","Bitdefender Internet Security (20240307)","Dr.Web Security Space (20240307)","G DATA INTERNET SECURITY (20240307)","K7 Total Security (20240307)","McAfee Total Protection (20240307)","Quick Heal Internet Security (20240307)","Trend Micro Internet Security (20240307)","VIPRE Advanced Security (20240307)"]}],"additionalFiles":[],"sources":[{"howFound":"randomly found from a download site","reference":"","landingPage":"https://www.gomlab.com/gomplayer-media-player/","directDownloadingLink":"https://cdn.gomlab.com/gretech/player/GOMPLAYERGLOBALSETUP_CHROME.EXE","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://cdn.gomlab.com/gretech/player/GOMPLAYERGLOBALSETUP_CHROME.EXE","sourceIndex":"836"},{"howFound":"","reference":"","landingPage":"","ipv4":"","ipv6":"","sourceIndex":"837"}],"sampleFiles":["231102/GOMPlayer-230126/2.3.91.5361/Samples/GOMPLAYERGLOBALSETUP_CHROME.EXE"],"imageFiles":["231102/GOMPlayer-230126/2.3.91.5361/Images/ACR-013/OptionalOffer1.jpg","231102/GOMPlayer-230126/2.3.91.5361/Images/ACR-013/OptionalOffer2.jpg","231102/GOMPlayer-230126/2.3.91.5361/Images/ACR-013/OptionalOffer3.jpg","231102/GOMPlayer-230126/2.3.91.5361/Images/ACR-155/OptionalOffer1.jpg","231102/GOMPlayer-230126/2.3.91.5361/Images/ACR-155/OptionalOffer2.jpg","231102/GOMPlayer-230126/2.3.91.5361/Images/ACR-155/OptionalOffer3.jpg","231102/GOMPlayer-230126/2.3.91.5361/Images/ACR-059/OptionalOffer1.jpg","231102/GOMPlayer-230126/2.3.91.5361/Images/ACR-059/OptionalOffer2.jpg","231102/GOMPlayer-230126/2.3.91.5361/Images/ACR-059/OptionalOffer3.jpg","231102/GOMPlayer-230126/2.3.91.5361/Images/ACR-060/OptionalOffer1.jpg","231102/GOMPlayer-230126/2.3.91.5361/Images/ACR-060/OptionalOffer2.jpg","231102/GOMPlayer-230126/2.3.91.5361/Images/ACR-060/OptionalOffer3.jpg"],"nonDeceptorImageFiles":[],"guid":"efb56f7a-0b79-4928-838b-8f58f2b68e6e_2.3.91.5361_1","appID":"GOMPlayer-230126","dateAdded":"250508","deceptorType":"App","name":"GOM Player","company":"GOM ","version":"2.3.91.5361","lastKnownStatus":"2.3.83.5350;2.3.86.5355;2.3.87.5356;2.3.88.5357;2.3.88.5358;2.3.89.5359;2.3.90.5360;2.3.91.5361;2.3.92.5362;2.3.93.5363;2.3.97.5367;2.3.99.5369;2.3.100.5370;2.3.108.5378","lastKnownDate":"250508","type":"Windows Executable","category":"Media players","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid,paid,display ads","lastUpdate":"2025-05-08T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":15,"sortOrder":330},{"violations":{"ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software.\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software.\n","ACR-059":"Offers that are not related to the main app should be marked as \"Optional Offer\" instead of identifying the offers as a Recommended additional software to install.\n","ACR-155":"Offers are designed to look like part of the install workflow.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"GOMPLAYERGLOBALSETUP_CHROME%20(6).EXE","isInstaller":"True","companyName":"GOM & Company","fileVersion":"2.3","hashMD5":"010db5f5e3ce528545626041aa5b02e6","hashSHA1":"6ffeb4a436def9d5422d8b3d7735f2e1a57c4fab","hashSHA256":"e296fdb7ccea9ebfad0f20e8519b36da69cdf497eedb68a00617f0e378be8577","digitalCertThumbprint":"B095DC311E92B376C76A77B4525FC3BEFE802E48","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=GRETECH CORPORATION, O=GRETECH CORPORATION, L=Shinjuku, S=Tokyo, C=JP","sourceIndex":"797","avBlockList":["Avira Internet Security (20240104)","COMODO Antivirus (20240104)","ESET Internet Security (20240104)","K7 Total Security (20240104)","Kaspersky Internet Security (20240104)","Malwarebytes Premium (20240104)","Norton Security (20240104)","Panda Dome (20240104)","Sophos Home Premium (20240104)","SpyHunter5 (20240104)","VirIT eXplorer PRO (20240104)","Webroot SecureAnywhere (20240104)","Windows Defender (20240104)"],"avAllowList":["360 Total Security (20240104)","Avast Premium Security (20240104)","AVG Internet Security (20240104)","Bitdefender Internet Security (20240104)","Dr.Web Security Space (20240104)","G DATA INTERNET SECURITY (20240104)","McAfee Total Protection (20240104)","Quick Heal Internet Security (20240104)","Total AV Antivirus Pro (20240104)","Trend Micro Internet Security (20240104)","VIPRE Advanced Security (20240104)"]}],"additionalFiles":[],"sources":[{"howFound":"randomly found from a download site","reference":"","landingPage":"https://www.gomlab.com/gomplayer-media-player/","directDownloadingLink":"https://cdn.gomlab.com/gretech/player/GOMPLAYERGLOBALSETUP_CHROME.EXE","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://cdn.gomlab.com/gretech/player/GOMPLAYERGLOBALSETUP_CHROME.EXE","sourceIndex":"797"}],"sampleFiles":["231127/GOMPlayer-230126/2.3.92.5362/Samples/GOMPLAYERGLOBALSETUP_CHROME%20(6).EXE"],"imageFiles":["231127/GOMPlayer-230126/2.3.92.5362/Images/ACR-013/OptionalOffer1.jpg","231127/GOMPlayer-230126/2.3.92.5362/Images/ACR-013/OptionalOffer2.jpg","231127/GOMPlayer-230126/2.3.92.5362/Images/ACR-013/OptionalOffer3.jpg","231127/GOMPlayer-230126/2.3.92.5362/Images/ACR-155/OptionalOffer1.jpg","231127/GOMPlayer-230126/2.3.92.5362/Images/ACR-155/OptionalOffer2.jpg","231127/GOMPlayer-230126/2.3.92.5362/Images/ACR-155/OptionalOffer3.jpg","231127/GOMPlayer-230126/2.3.92.5362/Images/ACR-059/OptionalOffer1.jpg","231127/GOMPlayer-230126/2.3.92.5362/Images/ACR-059/OptionalOffer2.jpg","231127/GOMPlayer-230126/2.3.92.5362/Images/ACR-059/OptionalOffer3.jpg","231127/GOMPlayer-230126/2.3.92.5362/Images/ACR-060/OptionalOffer1.jpg","231127/GOMPlayer-230126/2.3.92.5362/Images/ACR-060/OptionalOffer2.jpg","231127/GOMPlayer-230126/2.3.92.5362/Images/ACR-060/OptionalOffer3.jpg"],"nonDeceptorImageFiles":[],"guid":"efb56f7a-0b79-4928-838b-8f58f2b68e6e_2.3.92.5362_1","appID":"GOMPlayer-230126","dateAdded":"250508","deceptorType":"App","name":"GOM Player","company":"GOM ","version":"2.3.92.5362","lastKnownStatus":"2.3.83.5350;2.3.86.5355;2.3.87.5356;2.3.88.5357;2.3.88.5358;2.3.89.5359;2.3.90.5360;2.3.91.5361;2.3.92.5362;2.3.93.5363;2.3.97.5367;2.3.99.5369;2.3.100.5370;2.3.108.5378","lastKnownDate":"250508","type":"Windows Executable","category":"Media players","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid,paid,display ads","lastUpdate":"2025-05-08T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":15,"sortOrder":329},{"violations":{"ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software.\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software.\n","ACR-059":"Offers that are not related to the main app should be marked as \"Optional Offer\" instead of identifying the offers as a Recommended additional software to install.\n","ACR-155":"Offers are designed to look like part of the install workflow.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"GOMPLAYERGLOBALSETUP_CHROME (2).EXE","isInstaller":"True","companyName":"GOM & Company","fileVersion":"2.3","hashMD5":"ee9ba23103f0dfe8b49a15af2461df1e","hashSHA1":"e3363f2aa606a45837a53e926c11f8cd96817d88","hashSHA256":"89c17d5c64a868583a779c6e7e48b36c662156a5a67e6fc891686daceabee701","digitalCertThumbprint":"2FB6D90F9C250CA0DD60B14EC68FF5D035719656","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=GRETECH CORPORATION, OU=GRETECH CORPORATION, O=GRETECH CORPORATION, L=Shinjuku, S=Tokyo, C=JP","sourceIndex":"784","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"GOM_230830.exe","isInstaller":"True","companyName":"GOM & Company","fileVersion":"2.3","hashMD5":"02e6a661c7edb67a6a762555385771d5","hashSHA1":"e061e80c9fcc125f1e74fb1dbf82ad19b3b95260","hashSHA256":"90cb321d7bcc2a1067479560ad13a4372351b9aa57a6f82180f38ed7a48569fc","digitalCertThumbprint":"2FB6D90F9C250CA0DD60B14EC68FF5D035719656","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=GRETECH CORPORATION, OU=GRETECH CORPORATION, O=GRETECH CORPORATION, L=Shinjuku, S=Tokyo, C=JP","sourceIndex":"784","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"GOMPLAYERGLOBALSETUP_CHROME_230830.EXE","isInstaller":"True","companyName":"GOM & Company","fileVersion":"2.3","hashMD5":"b3bc44cf4724405ac3866606149edf7b","hashSHA1":"2f12a50e30baef1090d5c08f576fff0048e82a13","hashSHA256":"9c49d772e103961477ca390efc19e63c2979e0cdeb7a602e5cdd0d53b6f0c387","digitalCertThumbprint":"2FB6D90F9C250CA0DD60B14EC68FF5D035719656","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=GRETECH CORPORATION, OU=GRETECH CORPORATION, O=GRETECH CORPORATION, L=Shinjuku, S=Tokyo, C=JP","sourceIndex":"784","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"GOM_230927.exe","isInstaller":"True","companyName":"GOM & Company","fileVersion":"2.3","hashMD5":"37226da17e2f1de186846a6af5f2cdc3","hashSHA1":"2421e48db1ec52f06935afedaeee3566c19566f3","hashSHA256":"7e082ee55dd392f123952474e322cc434372d0bd917f8a13014ee489c2fa258c","digitalCertThumbprint":"B095DC311E92B376C76A77B4525FC3BEFE802E48","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=GRETECH CORPORATION, O=GRETECH CORPORATION, L=Shinjuku, S=Tokyo, C=JP","sourceIndex":"784","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"GOMPLAYERGLOBALSETUP_CHROME_230927.EXE","isInstaller":"True","companyName":"GOM & Company","fileVersion":"2.3","hashMD5":"177ad282ad2283b085a3562708db87f3","hashSHA1":"7e61137661eff80e705200f40f39ab9a455c4ac1","hashSHA256":"8593c34c3f1a9a473115538240928cd811a81c62bc7319f78798d78f54eccabc","digitalCertThumbprint":"B095DC311E92B376C76A77B4525FC3BEFE802E48","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=GRETECH CORPORATION, O=GRETECH CORPORATION, L=Shinjuku, S=Tokyo, C=JP","sourceIndex":"784","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"GOM_231011.exe","isInstaller":"True","companyName":"GOM & Company","fileVersion":"2.3","hashMD5":"b22ef3bb57a7d3f68d6721c03344f342","hashSHA1":"7341c61012b36da8fb51790bc1763602749bfde1","hashSHA256":"d3caf71980d2ed727059512da07aa11728923f950dbfedca5d173d08ce9fcd71","digitalCertThumbprint":"B095DC311E92B376C76A77B4525FC3BEFE802E48","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=GRETECH CORPORATION, O=GRETECH CORPORATION, L=Shinjuku, S=Tokyo, C=JP","sourceIndex":"784","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"GOMPLAYERGLOBALSETUP_CHROME_231011.EXE","isInstaller":"True","companyName":"GOM & Company","fileVersion":"2.3","hashMD5":"e8e30c4b24f94a76fa03639dca61fb11","hashSHA1":"eafeeaf7da3a8af99a3095ca57ca4c53e64e3864","hashSHA256":"22b4fb4ccd2faddccab3de1d4df44e28c08d84e8d08899ac214853cbd4c0fb2c","digitalCertThumbprint":"B095DC311E92B376C76A77B4525FC3BEFE802E48","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=GRETECH CORPORATION, O=GRETECH CORPORATION, L=Shinjuku, S=Tokyo, C=JP","sourceIndex":"784","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"randomly found from a download site","reference":"","landingPage":"https://www.gomlab.com/gomplayer-media-player/","directDownloadingLink":"https://cdn.gomlab.com/gretech/player/GOMPLAYERGLOBALSETUP_CHROME.EXE","ipv4":"","ipv6":"","landingPageWildChar":"","directDownloadingLinkWildChar":"https://cdn.gomlab.com/gretech/player/GOMPLAYERGLOBALSETUP_CHROME.EXE","sourceIndex":"784"}],"sampleFiles":["231211/GOMPlayer-230126/2.3.90.5360/Samples/GOMPLAYERGLOBALSETUP_CHROME.EXE","231211/GOMPlayer-230126/2.3.90.5360/Samples/GOM_230830.exe","231211/GOMPlayer-230126/2.3.90.5360/Samples/GOMPLAYERGLOBALSETUP_CHROME_230830.EXE","231211/GOMPlayer-230126/2.3.90.5360/Samples/GOM_230927.exe","231211/GOMPlayer-230126/2.3.90.5360/Samples/GOMPLAYERGLOBALSETUP_CHROME_230927.EXE","231211/GOMPlayer-230126/2.3.90.5360/Samples/GOM_231011.exe","231211/GOMPlayer-230126/2.3.90.5360/Samples/GOMPLAYERGLOBALSETUP_CHROME_231011.EXE"],"imageFiles":["231211/GOMPlayer-230126/2.3.90.5360/Images/ACR-013/OptionalOffer1.jpg","231211/GOMPlayer-230126/2.3.90.5360/Images/ACR-013/OptionalOffer2.jpg","231211/GOMPlayer-230126/2.3.90.5360/Images/ACR-013/OptionalOffer3.jpg","231211/GOMPlayer-230126/2.3.90.5360/Images/ACR-155/OptionalOffer1.jpg","231211/GOMPlayer-230126/2.3.90.5360/Images/ACR-155/OptionalOffer2.jpg","231211/GOMPlayer-230126/2.3.90.5360/Images/ACR-155/OptionalOffer3.jpg","231211/GOMPlayer-230126/2.3.90.5360/Images/ACR-059/OptionalOffer1.jpg","231211/GOMPlayer-230126/2.3.90.5360/Images/ACR-059/OptionalOffer2.jpg","231211/GOMPlayer-230126/2.3.90.5360/Images/ACR-059/OptionalOffer3.jpg","231211/GOMPlayer-230126/2.3.90.5360/Images/ACR-060/OptionalOffer1.jpg","231211/GOMPlayer-230126/2.3.90.5360/Images/ACR-060/OptionalOffer2.jpg","231211/GOMPlayer-230126/2.3.90.5360/Images/ACR-060/OptionalOffer3.jpg"],"nonDeceptorImageFiles":[],"guid":"efb56f7a-0b79-4928-838b-8f58f2b68e6e_2.3.90.5360_1","appID":"GOMPlayer-230126","dateAdded":"250508","deceptorType":"App","name":"GOM Player","company":"GOM ","version":"2.3.90.5360","lastKnownStatus":"2.3.83.5350;2.3.86.5355;2.3.87.5356;2.3.88.5357;2.3.88.5358;2.3.89.5359;2.3.90.5360;2.3.91.5361;2.3.92.5362;2.3.93.5363;2.3.97.5367;2.3.99.5369;2.3.100.5370;2.3.108.5378","lastKnownDate":"250508","type":"Windows Executable","category":"Media players","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid,paid,display ads","lastUpdate":"2025-05-08T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":15,"sortOrder":328},{"violations":{"ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software.\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software.\n","ACR-059":"Offers that are not related to the main app should be marked as \"Optional Offer\" instead of identifying the offers as a Recommended additional software to install.\n","ACR-155":"Offers are designed to look like part of the install workflow.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"GOMPLAYERGLOBALSETUP_CHROME.EXE","isInstaller":"True","companyName":"GOM & Company","fileVersion":"2.3","hashMD5":"3b53c2d58b282eea9f0a719c9fdc465e","hashSHA1":"d05cb8bbcdd3c8a7cd71ca39461579dbd0d4f4a5","hashSHA256":"d7c4690df990969256dafe5fb89446d330a60c61d734bec552492af9c35fabdc","digitalCertThumbprint":"2FB6D90F9C250CA0DD60B14EC68FF5D035719656","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=GRETECH CORPORATION, OU=GRETECH CORPORATION, O=GRETECH CORPORATION, L=Shinjuku, S=Tokyo, C=JP","sourceIndex":"1020","avBlockList":["Avira Internet Security (20240604)","ESET Internet Security (20240604)","Kaspersky Internet Security (20240604)","Malwarebytes Premium (20240604)","McAfee Total Protection (20240604)","Norton Security (20240604)","Panda Dome (20240604)","Sophos Home Premium (20240604)","SpyHunter5 (20240604)","Total AV Antivirus Pro (20240604)","VirIT eXplorer PRO (20240604)","Webroot SecureAnywhere (20240604)"],"avAllowList":["360 Total Security (20240604)","Avast Premium Security (20240604)","AVG Internet Security (20240604)","Bitdefender Internet Security (20240604)","COMODO Antivirus (20240604)","Dr.Web Security Space (20240604)","G DATA INTERNET SECURITY (20240604)","K7 Total Security (20240604)","Quick Heal Internet Security (20240604)","Trend Micro Internet Security (20240604)","VIPRE Advanced Security (20240604)","Windows Defender (20240604)"]}],"additionalFiles":[],"sources":[{"howFound":"randomly found from a download site","reference":"","landingPage":"https://www.gomlab.com/gomplayer-media-player/","directDownloadingLink":"https://cdn.gomlab.com/gretech/player/GOMPLAYERGLOBALSETUP_CHROME.EXE","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://cdn.gomlab.com/gretech/player/GOMPLAYERGLOBALSETUP_CHROME.EXE","sourceIndex":"1020"}],"sampleFiles":["230705/GOMPlayer-230126/2.3.88.5358/Samples/GOMPLAYERGLOBALSETUP_CHROME.EXE"],"imageFiles":["230705/GOMPlayer-230126/2.3.88.5358/Images/ACR-013/GOM_Offer1.jpg","230705/GOMPlayer-230126/2.3.88.5358/Images/ACR-013/GOM_Offer3.jpg","230705/GOMPlayer-230126/2.3.88.5358/Images/ACR-013/GOM_Offer2.png","230705/GOMPlayer-230126/2.3.88.5358/Images/ACR-155/GOM_Offer1.jpg","230705/GOMPlayer-230126/2.3.88.5358/Images/ACR-155/GOM_Offer2.png","230705/GOMPlayer-230126/2.3.88.5358/Images/ACR-155/GOM_Offer3.png","230705/GOMPlayer-230126/2.3.88.5358/Images/ACR-059/GOM_Offer1.jpg","230705/GOMPlayer-230126/2.3.88.5358/Images/ACR-059/GOM_Offer3.jpg","230705/GOMPlayer-230126/2.3.88.5358/Images/ACR-059/GOM_Offer2.png","230705/GOMPlayer-230126/2.3.88.5358/Images/ACR-060/GOM_Offer1.jpg","230705/GOMPlayer-230126/2.3.88.5358/Images/ACR-060/GOM_Offer3.jpg","230705/GOMPlayer-230126/2.3.88.5358/Images/ACR-060/GOM_Offer2.png"],"nonDeceptorImageFiles":[],"guid":"efb56f7a-0b79-4928-838b-8f58f2b68e6e_2.3.88.5358_1","appID":"GOMPlayer-230126","dateAdded":"250508","deceptorType":"App","name":"GOM Player","company":"GOM ","version":"2.3.88.5358","lastKnownStatus":"2.3.83.5350;2.3.86.5355;2.3.87.5356;2.3.88.5357;2.3.88.5358;2.3.89.5359;2.3.90.5360;2.3.91.5361;2.3.92.5362;2.3.93.5363;2.3.97.5367;2.3.99.5369;2.3.100.5370;2.3.108.5378","lastKnownDate":"250508","type":"Windows Executable","category":"Media players","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid,paid,display ads","lastUpdate":"2025-05-08T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":15,"sortOrder":332},{"violations":{"ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software.\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software.\n","ACR-059":"Offers that are not related to the main app should be marked as \"Optional Offer\" instead of identifying the offers as a Recommended additional software to install.\n","ACR-155":"Offers are designed to look like part of the install workflow.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"GOMPLAYERGLOBALSETUP_CHROME%20(7).EXE","isInstaller":"True","companyName":"GOM & Company","fileVersion":"2.3","hashMD5":"250b75722e9fa525abfd686e2a9d97c9","hashSHA1":"7aff4a592edc79af89c088d8de76b86abf741e18","hashSHA256":"88fcfb4aa99e99cb38660d6346ce989abf4569019cfd58cc762b6314a7c1f7e9","digitalCertThumbprint":"B095DC311E92B376C76A77B4525FC3BEFE802E48","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=GRETECH CORPORATION, O=GRETECH CORPORATION, L=Shinjuku, S=Tokyo, C=JP","sourceIndex":"754","avBlockList":["360 Total Security (20240507)","COMODO Antivirus (20240507)","ESET Internet Security (20240507)","K7 Total Security (20240507)","Kaspersky Internet Security (20240507)","Malwarebytes Premium (20240507)","Norton Security (20240507)","Panda Dome (20240507)","Sophos Home Premium (20240507)","SpyHunter5 (20240507)","VirIT eXplorer PRO (20240507)"],"avAllowList":["Avast Premium Security (20240507)","AVG Internet Security (20240507)","Avira Internet Security (20240507)","Bitdefender Internet Security (20240507)","Dr.Web Security Space (20240507)","G DATA INTERNET SECURITY (20240507)","McAfee Total Protection (20240507)","Quick Heal Internet Security (20240507)","Total AV Antivirus Pro (20240507)","Trend Micro Internet Security (20240507)","VIPRE Advanced Security (20240507)","Webroot SecureAnywhere (20240507)","Windows Defender (20240507)"]}],"additionalFiles":[],"sources":[{"howFound":"randomly found from a download site","reference":"","landingPage":"https://www.gomlab.com/gomplayer-media-player/","directDownloadingLink":"https://cdn.gomlab.com/gretech/player/GOMPLAYERGLOBALSETUP_CHROME.EXE","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://cdn.gomlab.com/gretech/player/GOMPLAYERGLOBALSETUP_CHROME.EXE","sourceIndex":"754"}],"sampleFiles":["240125/GOMPlayer-230126/2.3.93.5363/Samples/GOMPLAYERGLOBALSETUP_CHROME%20(7).EXE"],"imageFiles":["240125/GOMPlayer-230126/2.3.93.5363/Images/ACR-013/ACR-013_Install_1.png","240125/GOMPlayer-230126/2.3.93.5363/Images/ACR-155/ACR-155_Inline offers_1.png","240125/GOMPlayer-230126/2.3.93.5363/Images/ACR-059/ACR-059_In-bundle offers_1.png","240125/GOMPlayer-230126/2.3.93.5363/Images/ACR-060/ACR-060_In-bundle offers_1.png"],"nonDeceptorImageFiles":[],"guid":"efb56f7a-0b79-4928-838b-8f58f2b68e6e_2.3.93.5363_1","appID":"GOMPlayer-230126","dateAdded":"250508","deceptorType":"App","name":"GOM Player","company":"GOM ","version":"2.3.93.5363","lastKnownStatus":"2.3.83.5350;2.3.86.5355;2.3.87.5356;2.3.88.5357;2.3.88.5358;2.3.89.5359;2.3.90.5360;2.3.91.5361;2.3.92.5362;2.3.93.5363;2.3.97.5367;2.3.99.5369;2.3.100.5370;2.3.108.5378","lastKnownDate":"250508","type":"Windows Executable","category":"Media players","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid,paid,display ads","lastUpdate":"2025-05-08T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":15,"sortOrder":327},{"violations":{"ACR-046":"Collecting data via \"Participate in customer experience improvement plan\" is checked by default and not visible to the user by default. No relevant disclosure of what data it collects.\n","ACR-048":"The app does not provide any control to cancel the installation.\n","ACR-004":"Application doesn't provide the free fix for the items reported, only allow to remove first 15 items. It requires subscription payment to delete the duplicated items.\n","ACR-097":"The app adds an exception for Windows firewall to lower default default system security posture without disclosing relevant info and get consent from user.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components on the device without the consumer's consent or notifying the user.\n"},"nonDeceptorViolations":{"ACR-040":"The app drops some of its components in a hidden folder.\n","ACR-123":"Even after a reboot and uninstall, the application did not remove itself from the firewall exception that was added during installation.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\Tenorshare\\4DDiG Duplicate File Deleter\\4DDiG Duplicate File Deleter.exe","companyName":"4DDiG","productName":"4DDiG Duplicate File Deleter","productVersion":"2.5.1.14","fileVersion":"2.5.1.14","hashMD5":"82da5363b797821638bd39ecafac67f9","hashSHA1":"e96d173b031aa0e5d630b0f464389832bca7135e","hashSHA256":"9f4ce2e8efaaf6ae8a4fe4941d2c4e4e7b5af538ef16c32d11d3c8420f76064c","digitalCertThumbprint":"59FECDA87C479A14A82E3EF696F9E6A9002A3752","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Tenorshare Co. Ltd.","storeId":"","sourceIndex":"700","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\Tenorshare\\4DDiG Duplicate File Deleter\\Monitor\\Monitor.exe","companyName":"TS","productName":"Monitor","productVersion":"1.0.2.0","fileVersion":"1.0.2.0","hashMD5":"398939a15d3a60971dae9db4d52e2138","hashSHA1":"12a3967bfff87f6608418c21308c4fea99e23ca0","hashSHA256":"6a91dc974d68551117c1d82819aac304b00a9f664e7cffafbb7c203cbf36ec30","digitalCertThumbprint":"59FECDA87C479A14A82E3EF696F9E6A9002A3752","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Tenorshare Co. Ltd.","storeId":"","sourceIndex":"700","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"4ddig-duplicate-file-deleter_11710474112280230701.exe","isInstaller":"True","companyName":"Tenorshare Co. Ltd.","productName":"20230725153620","productVersion":"2.7.11.0","fileVersion":"2.7.11.0","hashMD5":"17b46c0bcc3c37c800020f59b7c8b204","hashSHA1":"03c4b6fafd1e54f132e9090e5bc6acaf4572be09","hashSHA256":"4ea8b29ebfc6501b758729cc4226261722cb6e8681df8603ba361f389a4e6e63","digitalCertThumbprint":"59FECDA87C479A14A82E3EF696F9E6A9002A3752","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Tenorshare Co. Ltd.","storeId":"","sourceIndex":"700","avBlockList":["Avast Premium Security (20240815)","AVG Internet Security (20240815)","Avira Internet Security (20240815)","G DATA INTERNET SECURITY (20240815)","K7 Total Security (20240815)","Malwarebytes Premium (20240815)","Norton Security (20240815)","Panda Dome (20240815)","Quick Heal Internet Security (20240815)","Sophos Home Premium (20240815)","SpyHunter5 (20240815)","Total AV Antivirus Pro (20240815)","Trend Micro Internet Security (20240815)","VirIT eXplorer PRO (20240815)","Webroot SecureAnywhere (20240815)","Windows Defender (20240815)","FortectPremium (20240815)"],"avAllowList":["360 Total Security (20240815)","Bitdefender Internet Security (20240815)","COMODO Antivirus (20240815)","Dr.Web Security Space (20240815)","ESET Internet Security (20240815)","Kaspersky Internet Security (20240604)","McAfee Total Protection (20240815)","VIPRE Advanced Security (20240815)","KasperskyPremium (20240815)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt of 4ddig apps","reference":"","landingPage":"https://www.4ddig.net/duplicate-file-deleter.html","directDownloadingLink":"https://download.tenorshare.net/downloads/4ddig-duplicate-file-deleter_3567.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://download.tenorshare.net/downloads/4ddig-duplicate-file-deleter_3567.exe","sourceIndex":"700"}],"sampleFiles":["240326/4DDiGDuplicateFileDeleter-240318/2.5.1.14/Samples/4ddig-duplicate-file-deleter_11710474112280230701.exe"],"imageFiles":["240326/4DDiGDuplicateFileDeleter-240318/2.5.1.14/Images/ACR-046/ACR-046.PNG","240326/4DDiGDuplicateFileDeleter-240318/2.5.1.14/Images/ACR-046/ACR-046_1.PNG","240326/4DDiGDuplicateFileDeleter-240318/2.5.1.14/Images/ACR-048/ACR-048_Install.PNG","240326/4DDiGDuplicateFileDeleter-240318/2.5.1.14/Images/ACR-004/ACR-004_Software_1.png","240326/4DDiGDuplicateFileDeleter-240318/2.5.1.14/Images/ACR-097/ACR-097.PNG","240326/4DDiGDuplicateFileDeleter-240318/2.5.1.14/Images/ACR-118/ACR-118.PNG"],"nonDeceptorImageFiles":["240326/4DDiGDuplicateFileDeleter-240318/2.5.1.14/Images/ACR-040/ACR-040.PNG","240326/4DDiGDuplicateFileDeleter-240318/2.5.1.14/Images/ACR-123/ACR-123.PNG"],"guid":"1bf6bf4c-0306-4e5a-b945-2ca359e0638b_2.5.1.14_1","appID":"4DDiGDuplicateFileDeleter-240318","dateAdded":"250508","deceptorType":"App","name":"4DDiG Duplicate File Deleter","company":"Tenorshare Co., Ltd.","version":"2.5.1.14","lastKnownStatus":"2.5.1.14;2.5.2.3;2.5.11.0;3.0.1.4;3.0.10","lastKnownDate":"250508","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10,Windows 11","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2025-05-08T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":5,"sortOrder":342},{"violations":{"ACR-046":"Collecting data via \"Participate in customer experience improvement plan\" is checked by default and not visible to the user by default. No relevant disclosure of what data it collects.\n","ACR-048":"The app does not provide any control to cancel the installation.\n","ACR-004":"Application doesn't provide the free fix for the items reported, only allow to remove first 15 items. It requires subscription payment to delete the duplicated items.\n","ACR-097":"The app adds an exception for Windows firewall to lower default default system security posture without disclosing relevant info and get consent from user.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components on the device without the consumer's consent or notifying the user.\n"},"nonDeceptorViolations":{"ACR-040":"The app drops some of its components in a hidden folder.\n","ACR-123":"Even after a reboot and uninstall, the application did not remove itself from the firewall exception that was added during installation.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\Tenorshare\\4DDiG Duplicate File Deleter\\4DDiG Duplicate File Deleter.exe","companyName":"4DDiG","productName":"4DDiG Duplicate File Deleter","productVersion":"2.5.4.0","fileVersion":"2.5.4.0","hashMD5":"b91fd5e5d7ea95ef1449bf31724c9bd4","hashSHA1":"4f971178030cc4c1759441820d23f4656cc71135","hashSHA256":"45da9dafc005f072cf4be2c8be1ff8c3e01a6d5b862b1c20034b06eecb8c9ee9","digitalCertThumbprint":"2ECF0B0A0DE08C92DB144D11E6F3DC42DD0D0E13","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Tenorshare (Hongkong) Limited","storeId":"","sourceIndex":"649","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"4ddig-duplicate-file-deleter.exe","isInstaller":"True","companyName":"Tenorshare Co. Ltd.","productName":"20230725153620","productVersion":"2.7.11.0","fileVersion":"2.7.11.0","hashMD5":"17b46c0bcc3c37c800020f59b7c8b204","hashSHA1":"03c4b6fafd1e54f132e9090e5bc6acaf4572be09","hashSHA256":"4ea8b29ebfc6501b758729cc4226261722cb6e8681df8603ba361f389a4e6e63","digitalCertThumbprint":"59FECDA87C479A14A82E3EF696F9E6A9002A3752","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Tenorshare Co. Ltd.","storeId":"","sourceIndex":"649","avBlockList":["Avast Premium Security (20240815)","AVG Internet Security (20240815)","Avira Internet Security (20240815)","G DATA INTERNET SECURITY (20240815)","K7 Total Security (20240815)","Malwarebytes Premium (20240815)","Norton Security (20240815)","Panda Dome (20240815)","Quick Heal Internet Security (20240815)","Sophos Home Premium (20240815)","SpyHunter5 (20240815)","Total AV Antivirus Pro (20240815)","Trend Micro Internet Security (20240815)","VirIT eXplorer PRO (20240815)","Webroot SecureAnywhere (20240815)","Windows Defender (20240815)","FortectPremium (20240815)"],"avAllowList":["360 Total Security (20240815)","Bitdefender Internet Security (20240815)","COMODO Antivirus (20240815)","Dr.Web Security Space (20240815)","ESET Internet Security (20240815)","Kaspersky Internet Security (20240604)","McAfee Total Protection (20240815)","VIPRE Advanced Security (20240815)","KasperskyPremium (20240815)"]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on windows app","reference":"","landingPage":"https://www.4ddig.net/duplicate-file-deleter.html","directDownloadingLink":"https://download.tenorshare.net/downloads/4ddig-duplicate-file-deleter_3567.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://download.tenorshare.net/downloads/4ddig-duplicate-file-deleter_3567.exe","sourceIndex":"649"}],"sampleFiles":["240429/4DDiGDuplicateFileDeleter-240318/2.5.2.3/Samples/4ddig-duplicate-file-deleter.exe"],"imageFiles":["240429/4DDiGDuplicateFileDeleter-240318/2.5.2.3/Images/ACR-046/ACR-046.PNG","240429/4DDiGDuplicateFileDeleter-240318/2.5.2.3/Images/ACR-046/ACR-046_1.PNG","240429/4DDiGDuplicateFileDeleter-240318/2.5.2.3/Images/ACR-048/ACR-048.PNG","240429/4DDiGDuplicateFileDeleter-240318/2.5.2.3/Images/ACR-004/ACR-004.PNG","240429/4DDiGDuplicateFileDeleter-240318/2.5.2.3/Images/ACR-004/ACR-004_1.PNG","240429/4DDiGDuplicateFileDeleter-240318/2.5.2.3/Images/ACR-097/ACR-097.PNG","240429/4DDiGDuplicateFileDeleter-240318/2.5.2.3/Images/ACR-118/ACR-118.PNG"],"nonDeceptorImageFiles":["240429/4DDiGDuplicateFileDeleter-240318/2.5.2.3/Images/ACR-040/ACR-040.PNG","240429/4DDiGDuplicateFileDeleter-240318/2.5.2.3/Images/ACR-123/ACR-123.PNG"],"guid":"1bf6bf4c-0306-4e5a-b945-2ca359e0638b_2.5.2.3_1","appID":"4DDiGDuplicateFileDeleter-240318","dateAdded":"250508","deceptorType":"App","name":"4DDiG Duplicate File Deleter","company":"Tenorshare Co., Ltd.","version":"2.5.2.3","lastKnownStatus":"2.5.1.14;2.5.2.3;2.5.11.0;3.0.1.4;3.0.10","lastKnownDate":"250508","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10,Windows 11","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2025-05-08T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":5,"sortOrder":341},{"violations":{"ACR-046":"Collecting data via \"Participate in customer experience improvement plan\" is checked by default and not visible to the user by default. No relevant disclosure of what data it collects.\n","ACR-048":"The app does not provide any control to cancel the installation.\nThe app does not provide any control to remove its background process completely within the app's settings.\n","ACR-004":"Application doesn't provide the free fix for the items reported, only allow to remove first 15 items. It requires subscription payment to delete the duplicated items.\n","ACR-084":"On closing the app, the application doesn't exit completely. It runs silently in the background, hiding the fact that it is active from the consumer without any notification.\n","ACR-097":"The app adds an exception for Windows firewall without disclosing relevant info and getting consent from the user.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components on the device without the consumer's consent or notifying the user.\n"},"nonDeceptorViolations":{"ACR-040":"The app drops some of its components in a hidden folder.\n","ACR-123":"Even after a reboot and uninstall, the application did not remove itself from the firewall exception that was added during installation.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\Tenorshare\\4DDiG Duplicate File Deleter\\4DDiG Duplicate File Deleter.exe","companyName":"4DDiG","productName":"4DDiG Duplicate File Deleter","productVersion":"2.5.11.0","fileVersion":"2.5.11.0","hashMD5":"7e7157a4ecd624829b515e603dd9a55c","hashSHA1":"723debb323997e8631653716849d58a2bc7e981b","hashSHA256":"db2b18db7b68772d60c7f9d20aebc216c9837d80a28231c4fee0cf154b5e67f4","digitalCertThumbprint":"2ECF0B0A0DE08C92DB144D11E6F3DC42DD0D0E13","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Tenorshare (Hongkong) Limited","storeId":"","sourceIndex":"632","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\Tenorshare\\4DDiG Duplicate File Deleter\\DuplicateDaemon.exe","companyName":"","productName":"DuplicateDaemon","productVersion":"1.0.1.1","fileVersion":"1.0.1.1","hashMD5":"981fb85551b807a4a86ec5a1ee9b547b","hashSHA1":"beba275851df966115c2c99c7d66d691453438a1","hashSHA256":"71fd42732f70ea4984692a37a9586f93a4812a7f0d059f8fb0c1993a636c0c98","digitalCertThumbprint":"2ECF0B0A0DE08C92DB144D11E6F3DC42DD0D0E13","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Tenorshare (Hongkong) Limited","storeId":"","sourceIndex":"632","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\Tenorshare\\4DDiG Duplicate File Deleter\\DuplicateFileMonitor.exe","companyName":"","productName":"DuplicateFileMonitor","productVersion":"1.0.1.2","fileVersion":"1.0.1.2","hashMD5":"35d4fbf173f5d1df1cd0de6db5ee9f2c","hashSHA1":"1845fc53eddfddb67799c2584c999472664fb01c","hashSHA256":"55cda5d615f16b25325d2c00ed5f7c4aadde242ef176a82d85e1c8c97dc18f8c","digitalCertThumbprint":"2ECF0B0A0DE08C92DB144D11E6F3DC42DD0D0E13","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Tenorshare (Hongkong) Limited","storeId":"","sourceIndex":"632","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"4ddig-duplicate-file-deleter.exe","isInstaller":"True","companyName":"Tenorshare Co. Ltd.","productName":"20230725153620","productVersion":"2.7.11.0","fileVersion":"2.7.11.0","hashMD5":"17b46c0bcc3c37c800020f59b7c8b204","hashSHA1":"03c4b6fafd1e54f132e9090e5bc6acaf4572be09","hashSHA256":"4ea8b29ebfc6501b758729cc4226261722cb6e8681df8603ba361f389a4e6e63","digitalCertThumbprint":"59FECDA87C479A14A82E3EF696F9E6A9002A3752","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Tenorshare Co. Ltd.","storeId":"","sourceIndex":"632","avBlockList":["Avast Premium Security (20240815)","AVG Internet Security (20240815)","Avira Internet Security (20240815)","G DATA INTERNET SECURITY (20240815)","K7 Total Security (20240815)","Malwarebytes Premium (20240815)","Norton Security (20240815)","Panda Dome (20240815)","Quick Heal Internet Security (20240815)","Sophos Home Premium (20240815)","SpyHunter5 (20240815)","Total AV Antivirus Pro (20240815)","Trend Micro Internet Security (20240815)","VirIT eXplorer PRO (20240815)","Webroot SecureAnywhere (20240815)","Windows Defender (20240815)","FortectPremium (20240815)"],"avAllowList":["360 Total Security (20240815)","Bitdefender Internet Security (20240815)","COMODO Antivirus (20240815)","Dr.Web Security Space (20240815)","ESET Internet Security (20240815)","Kaspersky Internet Security (20240604)","McAfee Total Protection (20240815)","VIPRE Advanced Security (20240815)","KasperskyPremium (20240815)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt of 4ddig apps","reference":"","landingPage":"https://www.4ddig.net/duplicate-file-deleter.html","directDownloadingLink":"https://download.tenorshare.net/downloads/4ddig-duplicate-file-deleter_3567.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://download.tenorshare.net/downloads/4ddig-duplicate-file-deleter_3567.exe","sourceIndex":"632"}],"sampleFiles":["240604/4DDiGDuplicateFileDeleter-240318/2.5.11.0/Samples/4ddig-duplicate-file-deleter.exe"],"imageFiles":["240604/4DDiGDuplicateFileDeleter-240318/2.5.11.0/Images/ACR-046/ACR-046.PNG","240604/4DDiGDuplicateFileDeleter-240318/2.5.11.0/Images/ACR-046/ACR-046_1.PNG","240604/4DDiGDuplicateFileDeleter-240318/2.5.11.0/Images/ACR-048/ACR-048.PNG","240604/4DDiGDuplicateFileDeleter-240318/2.5.11.0/Images/ACR-004/ACR-004.PNG","240604/4DDiGDuplicateFileDeleter-240318/2.5.11.0/Images/ACR-004/ACR-004_1.PNG","240604/4DDiGDuplicateFileDeleter-240318/2.5.11.0/Images/ACR-084/ACR-084.PNG","240604/4DDiGDuplicateFileDeleter-240318/2.5.11.0/Images/ACR-097/ACR-097.PNG","240604/4DDiGDuplicateFileDeleter-240318/2.5.11.0/Images/ACR-097/ACR-097_1.PNG","240604/4DDiGDuplicateFileDeleter-240318/2.5.11.0/Images/ACR-048/ACR-048_1.PNG","240604/4DDiGDuplicateFileDeleter-240318/2.5.11.0/Images/ACR-118/ACR-118.PNG"],"nonDeceptorImageFiles":["240604/4DDiGDuplicateFileDeleter-240318/2.5.11.0/Images/ACR-040/ACR-040.PNG","240604/4DDiGDuplicateFileDeleter-240318/2.5.11.0/Images/ACR-123/ACR-123.PNG","240604/4DDiGDuplicateFileDeleter-240318/2.5.11.0/Images/ACR-123/ACR-123_1.PNG"],"guid":"1bf6bf4c-0306-4e5a-b945-2ca359e0638b_2.5.11.0_1","appID":"4DDiGDuplicateFileDeleter-240318","dateAdded":"250508","deceptorType":"App","name":"4DDiG Duplicate File Deleter","company":"Tenorshare Co., Ltd.","version":"2.5.11.0","lastKnownStatus":"2.5.1.14;2.5.2.3;2.5.11.0;3.0.1.4;3.0.10","lastKnownDate":"250508","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10,Windows 11","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2025-05-08T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":5,"sortOrder":340},{"violations":{"ACR-046":"Collecting data via \"Participate in customer experience improvement plan\" is checked by default and not visible to the user by default. No relevant disclosure of what data it collects.\n","ACR-048":"The app does not provide any control to cancel the installation.\nThe app does not provide any control to remove its background process completely within the app's settings.\n","ACR-004":"Application doesn't provide the free fix for the items reported, only allow to remove first 15 items. It requires subscription payment to delete the duplicated items.\n","ACR-084":"On closing the app, the application doesn't exit completely. It runs silently in the background, hiding the fact that it is active from the consumer without any notification.\n","ACR-097":"The app adds an exception for Windows firewall without disclosing relevant info and getting consent from the user.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components on the device without the consumer's consent or notifying the user.\n"},"nonDeceptorViolations":{"ACR-040":"The app drops some of its components in a hidden folder different from its installation folder\n","ACR-123":"Even after a reboot and uninstall, the application did not remove itself from the firewall exception that was added during installation.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\Tenorshare\\4DDiG Duplicate File Deleter\\4DDiG Duplicate File Deleter.exe","companyName":"4DDiG","productName":"4DDiG Duplicate File Deleter","productVersion":"3.0.1.4","fileVersion":"3.0.1.4","hashMD5":"61f339efe16f89045cccf4db357e29e7","hashSHA1":"c0f7831049221bfd5d165010f269e13e282776c3","hashSHA256":"fabd7fddfe6d4501a4592ee26e11d3fa9e9067ea2bd6a8196f943aea0a6f0fbc","digitalCertThumbprint":"2ECF0B0A0DE08C92DB144D11E6F3DC42DD0D0E13","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Tenorshare (Hongkong) Limited","storeId":"","sourceIndex":"574","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"4ddig-duplicate-file-deleter.exe","isInstaller":"True","companyName":"Tenorshare Co. Ltd.","productName":"20230725153620","productVersion":"2.7.11.0","fileVersion":"2.7.11.0","hashMD5":"17b46c0bcc3c37c800020f59b7c8b204","hashSHA1":"03c4b6fafd1e54f132e9090e5bc6acaf4572be09","hashSHA256":"4ea8b29ebfc6501b758729cc4226261722cb6e8681df8603ba361f389a4e6e63","digitalCertThumbprint":"59FECDA87C479A14A82E3EF696F9E6A9002A3752","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Tenorshare Co. Ltd.","storeId":"","sourceIndex":"574","avBlockList":["Avast Premium Security (20240815)","AVG Internet Security (20240815)","Avira Internet Security (20240815)","G DATA INTERNET SECURITY (20240815)","K7 Total Security (20240815)","Malwarebytes Premium (20240815)","Norton Security (20240815)","Panda Dome (20240815)","Quick Heal Internet Security (20240815)","Sophos Home Premium (20240815)","SpyHunter5 (20240815)","Total AV Antivirus Pro (20240815)","Trend Micro Internet Security (20240815)","VirIT eXplorer PRO (20240815)","Webroot SecureAnywhere (20240815)","Windows Defender (20240815)","FortectPremium (20240815)"],"avAllowList":["360 Total Security (20240815)","Bitdefender Internet Security (20240815)","COMODO Antivirus (20240815)","Dr.Web Security Space (20240815)","ESET Internet Security (20240815)","Kaspersky Internet Security (20240604)","McAfee Total Protection (20240815)","VIPRE Advanced Security (20240815)","KasperskyPremium (20240815)"]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on windows app","reference":"","landingPage":"https://www.4ddig.net/duplicate-file-deleter.html","directDownloadingLink":"https://download.tenorshare.net/downloads/4ddig-duplicate-file-deleter_3567.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://download.tenorshare.net/downloads/4ddig-duplicate-file-deleter_3567.exe","sourceIndex":"574"}],"sampleFiles":["240807/4DDiGDuplicateFileDeleter-240318/3.0.1.4/Samples/4ddig-duplicate-file-deleter.exe"],"imageFiles":["240807/4DDiGDuplicateFileDeleter-240318/3.0.1.4/Images/ACR-046/ACR-046.PNG","240807/4DDiGDuplicateFileDeleter-240318/3.0.1.4/Images/ACR-046/ACR-046_1.PNG","240807/4DDiGDuplicateFileDeleter-240318/3.0.1.4/Images/ACR-048/ACR-048.PNG","240807/4DDiGDuplicateFileDeleter-240318/3.0.1.4/Images/ACR-004/ACR-004.PNG","240807/4DDiGDuplicateFileDeleter-240318/3.0.1.4/Images/ACR-004/ACR-004_1.PNG","240807/4DDiGDuplicateFileDeleter-240318/3.0.1.4/Images/ACR-084/ACR-084.PNG","240807/4DDiGDuplicateFileDeleter-240318/3.0.1.4/Images/ACR-097/ACR-097.PNG","240807/4DDiGDuplicateFileDeleter-240318/3.0.1.4/Images/ACR-048/ACR-048_1.PNG","240807/4DDiGDuplicateFileDeleter-240318/3.0.1.4/Images/ACR-118/ACR-118.PNG"],"nonDeceptorImageFiles":["240807/4DDiGDuplicateFileDeleter-240318/3.0.1.4/Images/ACR-040/ACR-040.PNG","240807/4DDiGDuplicateFileDeleter-240318/3.0.1.4/Images/ACR-123/ACR-123.PNG"],"guid":"1bf6bf4c-0306-4e5a-b945-2ca359e0638b_3.0.1.4_1","appID":"4DDiGDuplicateFileDeleter-240318","dateAdded":"250508","deceptorType":"App","name":"4DDiG Duplicate File Deleter","company":"Tenorshare Co., Ltd.","version":"3.0.1.4","lastKnownStatus":"2.5.1.14;2.5.2.3;2.5.11.0;3.0.1.4;3.0.10","lastKnownDate":"250508","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10,Windows 11","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2025-05-08T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":5,"sortOrder":339},{"violations":{"ACR-048":"The app does not provide any control to remove its background process completely within the app's settings.\n","ACR-004":"Application doesn't provide the free fix for the items reported, only allow to remove first 15 items. It requires subscription payment to delete the duplicated items.\n","ACR-084":"On closing the app, the application doesn't exit completely. It runs silently in the background, hiding the fact that it is active from the consumer without any notification.\n","ACR-097":"The app adds an exception for Windows firewall without disclosing relevant info and getting consent from the user.\n"},"nonDeceptorViolations":{"ACR-123":"Even after a reboot and uninstall, the application did not remove itself from the firewall exception that was added during installation.\n"},"samples":[{"isRevoked":"False","fileName":"4DDiG%20Duplicate%20File%20Deleter.exe","companyName":"4DDiG","fileVersion":"3.0","hashMD5":"0052ea157aa31d7fcec574b5da312599","hashSHA1":"d68e9aea0d06d010d66646d81a0090a3563b408f","hashSHA256":"0189ea7d03cf1843b10a115192d5164be65ce73760db3ed1504d5b88851cc9a7","digitalCertThumbprint":"2ECF0B0A0DE08C92DB144D11E6F3DC42DD0D0E13","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Tenorshare (Hongkong) Limited, O=Tenorshare (Hongkong) Limited, L=Sheung Wan, C=HK, SERIALNUMBER=3086133, OID.2.5.4.15=Private organization, OID.1.3.6.1.4.1.311.60.2.1.3=HK","sourceIndex":"210","avBlockList":["Avast Premium Security (20250722)","AVG Internet Security (20250722)","Avira Internet Security (20250722)","Bitdefender Internet Security (20250722)","FortectPremium (20250722)","G DATA INTERNET SECURITY (20250722)","K7 Total Security (20250722)","Malwarebytes Premium (20250722)","Norton Security (20250722)","Panda Dome (20250722)","Quick Heal Internet Security (20250722)","Sophos Home Premium (20250722)","SpyHunter5 (20250722)","Total AV Antivirus Pro (20250722)","VIPRE Advanced Security (20250722)","VirIT eXplorer PRO (20250722)","Webroot SecureAnywhere (20250722)","Windows Defender (20250722)"],"avAllowList":["360 Total Security (20250722)","COMODO Antivirus (20250722)","Dr.Web Security Space (20250722)","ESET Internet Security (20250722)","KasperskyPremium (20250722)","McAfee Total Protection (20250722)","Trend Micro Internet Security (20250722)"]},{"isRevoked":"False","fileName":"4ddig-duplicate-file-deleter_11746652390908405001.exe","isInstaller":"True","companyName":"Tenorshare, Inc.                                            ","fileVersion":"0.0","hashMD5":"8a777b1fade974668330834ee7bc5cff","hashSHA1":"5b537c850db8e6ce6de8a4be704436c404a230c9","hashSHA256":"ec7cee8b688a1fa240842375de9f9ed32f1d86b966aad14c414a1bac065efef9","digitalCertThumbprint":"2ECF0B0A0DE08C92DB144D11E6F3DC42DD0D0E13","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Tenorshare (Hongkong) Limited, O=Tenorshare (Hongkong) Limited, L=Sheung Wan, C=HK, SERIALNUMBER=3086133, OID.2.5.4.15=Private organization, OID.1.3.6.1.4.1.311.60.2.1.3=HK","sourceIndex":"210","avBlockList":["Avast Premium Security (20250805)","AVG Internet Security (20250805)","Avira Internet Security (20250805)","Bitdefender Internet Security (20250805)","FortectPremium (20250805)","G DATA INTERNET SECURITY (20250805)","K7 Total Security (20250805)","Malwarebytes Premium (20250805)","Norton Security (20250805)","Panda Dome (20250805)","Quick Heal Internet Security (20250805)","Sophos Home Premium (20250805)","SpyHunter5 (20250805)","Total AV Antivirus Pro (20250805)","VIPRE Advanced Security (20250805)","VirIT eXplorer PRO (20250805)","Webroot SecureAnywhere (20250805)","Windows Defender (20250805)"],"avAllowList":["360 Total Security (20250805)","COMODO Antivirus (20250805)","Dr.Web Security Space (20250805)","ESET Internet Security (20250805)","KasperskyPremium (20250805)","McAfee Total Protection (20250805)","Trend Micro Internet Security (20250805)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt of 4ddig apps","reference":"","landingPage":"https://www.4ddig.net/duplicate-file-deleter.html","directDownloadingLink":"https://download.tenorshare.net/downloads/4ddig-duplicate-file-deleter_3567.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://download.tenorshare.net/downloads/4ddig-duplicate-file-deleter_3567.exe","sourceIndex":"210"}],"sampleFiles":["250508/4DDiGDuplicateFileDeleter-240318/3.0.10/Samples/4DDiG%20Duplicate%20File%20Deleter.exe","250508/4DDiGDuplicateFileDeleter-240318/3.0.10/Samples/4ddig-duplicate-file-deleter_11746652390908405001.exe"],"imageFiles":["250508/4DDiGDuplicateFileDeleter-240318/3.0.10/Images/ACR-004/004.png","250508/4DDiGDuplicateFileDeleter-240318/3.0.10/Images/ACR-004/subs.png","250508/4DDiGDuplicateFileDeleter-240318/3.0.10/Images/ACR-084/background.png","250508/4DDiGDuplicateFileDeleter-240318/3.0.10/Images/ACR-097/firewall.png","250508/4DDiGDuplicateFileDeleter-240318/3.0.10/Images/ACR-048/background.png"],"nonDeceptorImageFiles":["250508/4DDiGDuplicateFileDeleter-240318/3.0.10/Images/ACR-123/firewall.png"],"guid":"1bf6bf4c-0306-4e5a-b945-2ca359e0638b_3.0.10_1","appID":"4DDiGDuplicateFileDeleter-240318","dateAdded":"250508","deceptorType":"App","name":"4DDiG Duplicate File Deleter","company":"Tenorshare Co., Ltd.","version":"3.0.10","lastKnownStatus":"2.5.1.14;2.5.2.3;2.5.11.0;3.0.1.4;3.0.10","lastKnownDate":"250508","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 7,Windows 8,Windows 10,Windows 11","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2025-05-08T17:10:42.9283342+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":5,"sortOrder":338},{"violations":{"ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software.\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software.\n","ACR-059":"Offers that are not related to the main app should be marked as \"Optional Offer\" instead of identifying the offers as a Recommended additional software to install.\n","ACR-155":"Offers are designed to look like part of the install workflow.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"GOMPLAYERGLOBALSETUP_CHROME.EXE","isInstaller":"True","companyName":"GOM & Company","fileVersion":"2.3","hashMD5":"58520016849a64a1068c98fa53fcb9e8","hashSHA1":"2a2f897d03160f4cf909da69dc29aa76dfa5f4f4","hashSHA256":"32577e0441498f3e06f34ef1ec4e566d388a1cb0019583251e860565debc6954","digitalCertThumbprint":"2FB6D90F9C250CA0DD60B14EC68FF5D035719656","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=GRETECH CORPORATION, OU=GRETECH CORPORATION, O=GRETECH CORPORATION, L=Shinjuku, S=Tokyo, C=JP","sourceIndex":"1172","avBlockList":["Avira Internet Security (20230831)","COMODO Antivirus (20230831)","ESET Internet Security (20230831)","Malwarebytes Premium (20230831)","McAfee Total Protection (20230831)","Norton Security (20230831)","Panda Dome (20230831)","Sophos Home Premium (20230831)","SpyHunter5 (20230831)","Total AV Antivirus Pro (20230831)","VirIT eXplorer PRO (20230831)","Webroot SecureAnywhere (20230831)"],"avAllowList":["360 Total Security (20230831)","Avast Premium Security (20230831)","AVG Internet Security (20230831)","Bitdefender Internet Security (20230831)","Dr.Web Security Space (20230831)","G DATA INTERNET SECURITY (20230831)","K7 Total Security (20230831)","Kaspersky Internet Security (20230831)","Quick Heal Internet Security (20230831)","Trend Micro Internet Security (20230831)","VIPRE Advanced Security (20230831)","Windows Defender (20230831)"]}],"additionalFiles":[],"sources":[{"howFound":"randomly found from a download site","reference":"","landingPage":"https://www.gomlab.com/gomplayer-media-player/","directDownloadingLink":"https://cdn.gomlab.com/gretech/player/GOMPLAYERGLOBALSETUP_CHROME.EXE","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://cdn.gomlab.com/gretech/player/GOMPLAYERGLOBALSETUP_CHROME.EXE","sourceIndex":"1172"}],"sampleFiles":["230405/GOMPlayer-230126/2.3.85.5353/Samples/GOMPLAYERGLOBALSETUP_CHROME.EXE"],"imageFiles":["230405/GOMPlayer-230126/2.3.85.5353/Images/ACR-013/OptionalOffer1.jpg","230405/GOMPlayer-230126/2.3.85.5353/Images/ACR-013/OptionalOffer2.jpg","230405/GOMPlayer-230126/2.3.85.5353/Images/ACR-013/OptionalOffer3.jpg","230405/GOMPlayer-230126/2.3.85.5353/Images/ACR-013/OptionalOffer4.mp4","230405/GOMPlayer-230126/2.3.85.5353/Images/ACR-155/OptionalOffer4.mp4","230405/GOMPlayer-230126/2.3.85.5353/Images/ACR-155/OptionalOffer1.jpg","230405/GOMPlayer-230126/2.3.85.5353/Images/ACR-155/OptionalOffer2.jpg","230405/GOMPlayer-230126/2.3.85.5353/Images/ACR-155/OptionalOffer3.jpg","230405/GOMPlayer-230126/2.3.85.5353/Images/ACR-059/OptionalOffer1.jpg","230405/GOMPlayer-230126/2.3.85.5353/Images/ACR-059/OptionalOffer2.jpg","230405/GOMPlayer-230126/2.3.85.5353/Images/ACR-059/OptionalOffer3.jpg","230405/GOMPlayer-230126/2.3.85.5353/Images/ACR-060/OptionalOffer1.jpg","230405/GOMPlayer-230126/2.3.85.5353/Images/ACR-060/OptionalOffer2.jpg","230405/GOMPlayer-230126/2.3.85.5353/Images/ACR-060/OptionalOffer3.jpg"],"nonDeceptorImageFiles":[],"guid":"efb56f7a-0b79-4928-838b-8f58f2b68e6e_2.3.85.5353_1","appID":"GOMPlayer-230126","dateAdded":"250508","deceptorType":"App","name":"GOM Player","company":"GOM ","version":"2.3.85.5353","lastKnownStatus":"2.3.83.5350;2.3.86.5355;2.3.87.5356;2.3.88.5357;2.3.88.5358;2.3.89.5359;2.3.90.5360;2.3.91.5361;2.3.92.5362;2.3.93.5363;2.3.97.5367;2.3.99.5369;2.3.100.5370;2.3.108.5378","lastKnownDate":"250508","type":"Windows Executable","category":"Media players","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid,paid,display ads","lastUpdate":"2025-05-08T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":15,"sortOrder":336},{"violations":{"ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software.\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software.\n","ACR-059":"Offers that are not related to the main app should be marked as \"Optional Offer\" instead of identifying the offers as a Recommended additional software to install.\n","ACR-155":"Offers are designed to look like part of the install workflow.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"GOMPLAYERGLOBALSETUP_CHROME.EXE","isInstaller":"True","companyName":"GOM & Company","productName":"GOMPlayerGlobal","fileVersion":"2.3","hashMD5":"ba517a45fe449a98ab010d98e14193a6","hashSHA1":"51a901746da7c2094e6d0a263d63f0fb31354012","hashSHA256":"82a86edd270c63f6c7380aa93489a872f6506c3d88ef7d27b626d6ad764c28da","digitalCertThumbprint":"2FB6D90F9C250CA0DD60B14EC68FF5D035719656","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=GRETECH CORPORATION, OU=GRETECH CORPORATION, O=GRETECH CORPORATION, L=Shinjuku, S=Tokyo, C=JP","sourceIndex":"1143","avBlockList":["ESET Internet Security (20240801)","G DATA INTERNET SECURITY (20240801)","Kaspersky Internet Security (20240716)","Malwarebytes Premium (20240801)","McAfee Total Protection (20240801)","Norton Security (20240801)","Panda Dome (20240801)","Sophos Home Premium (20240801)","SpyHunter5 (20240801)","VirIT eXplorer PRO (20240801)","Webroot SecureAnywhere (20240801)","FortectPremium (20240801)","KasperskyPremium (20240801)"],"avAllowList":["360 Total Security (20240801)","Avast Premium Security (20240801)","AVG Internet Security (20240801)","Avira Internet Security (20240801)","Bitdefender Internet Security (20240801)","COMODO Antivirus (20240801)","Dr.Web Security Space (20240801)","K7 Total Security (20240801)","Quick Heal Internet Security (20240801)","Total AV Antivirus Pro (20240801)","Trend Micro Internet Security (20240801)","VIPRE Advanced Security (20240801)","Windows Defender (20240801)"]}],"additionalFiles":[],"sources":[{"howFound":"randomly found from a download site","reference":"","landingPage":"https://www.gomlab.com/gomplayer-media-player/","directDownloadingLink":"https://cdn.gomlab.com/gretech/player/GOMPLAYERGLOBALSETUP_CHROME.EXE","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://cdn.gomlab.com/gretech/player/GOMPLAYERGLOBALSETUP_CHROME.EXE","sourceIndex":"1143"}],"sampleFiles":["230427/GOMPlayer-230126/2.3.86.5355/Samples/GOMPLAYERGLOBALSETUP_CHROME.EXE"],"imageFiles":["230427/GOMPlayer-230126/2.3.86.5355/Images/ACR-013/OptionalOffer1.jpg","230427/GOMPlayer-230126/2.3.86.5355/Images/ACR-013/OptionalOffer2.jpg","230427/GOMPlayer-230126/2.3.86.5355/Images/ACR-013/OptionalOffer3.jpg","230427/GOMPlayer-230126/2.3.86.5355/Images/ACR-013/OptionalOffer4.mp4","230427/GOMPlayer-230126/2.3.86.5355/Images/ACR-155/OptionalOffer4.mp4","230427/GOMPlayer-230126/2.3.86.5355/Images/ACR-155/OptionalOffer1.jpg","230427/GOMPlayer-230126/2.3.86.5355/Images/ACR-155/OptionalOffer2.jpg","230427/GOMPlayer-230126/2.3.86.5355/Images/ACR-155/OptionalOffer3.jpg","230427/GOMPlayer-230126/2.3.86.5355/Images/ACR-059/OptionalOffer1.jpg","230427/GOMPlayer-230126/2.3.86.5355/Images/ACR-059/OptionalOffer2.jpg","230427/GOMPlayer-230126/2.3.86.5355/Images/ACR-059/OptionalOffer3.jpg","230427/GOMPlayer-230126/2.3.86.5355/Images/ACR-060/OptionalOffer1.jpg","230427/GOMPlayer-230126/2.3.86.5355/Images/ACR-060/OptionalOffer2.jpg","230427/GOMPlayer-230126/2.3.86.5355/Images/ACR-060/OptionalOffer3.jpg"],"nonDeceptorImageFiles":[],"guid":"efb56f7a-0b79-4928-838b-8f58f2b68e6e_2.3.86.5355_1","appID":"GOMPlayer-230126","dateAdded":"250508","deceptorType":"App","name":"GOM Player","company":"GOM ","version":"2.3.86.5355","lastKnownStatus":"2.3.83.5350;2.3.86.5355;2.3.87.5356;2.3.88.5357;2.3.88.5358;2.3.89.5359;2.3.90.5360;2.3.91.5361;2.3.92.5362;2.3.93.5363;2.3.97.5367;2.3.99.5369;2.3.100.5370;2.3.108.5378","lastKnownDate":"250508","type":"Windows Executable","category":"Media players","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid,paid,display ads","lastUpdate":"2025-05-08T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":15,"sortOrder":335},{"violations":{"ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software.\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software.\n","ACR-059":"Offers that are not related to the main app should be marked as \"Optional Offer\" instead of identifying the offers as a Recommended additional software to install.\n","ACR-155":"Offers are designed to look like part of the install workflow.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"GOM.EXE","companyName":"GOM & Company","fileVersion":"2.3","hashMD5":"a1c33a0deade7225b2817d590ac1fd6f","hashSHA1":"62fc19978cd56d0b0655ef63a4d682896cc31132","hashSHA256":"cfd4c53ae5c9ad6d7d64f281eec4030a6d0ab6083b9baeabfd76e1d803bd0272","digitalCertThumbprint":"2FB6D90F9C250CA0DD60B14EC68FF5D035719656","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=GRETECH CORPORATION, OU=GRETECH CORPORATION, O=GRETECH CORPORATION, L=Shinjuku, S=Tokyo, C=JP","sourceIndex":"1061","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"GOMPLAYERGLOBALSETUP_CHROME.EXE","isInstaller":"True","companyName":"GOM & Company","fileVersion":"2.3","hashMD5":"d119fdd3f069999f1f9707edc546eeb6","hashSHA1":"a6c2b61e584cced13024d26c9088982af35e46a6","hashSHA256":"d5753cc71acbba48ff6e7a325d86508e82a41af016beaad55e2b2f0099ef4e58","digitalCertThumbprint":"2FB6D90F9C250CA0DD60B14EC68FF5D035719656","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=GRETECH CORPORATION, OU=GRETECH CORPORATION, O=GRETECH CORPORATION, L=Shinjuku, S=Tokyo, C=JP","sourceIndex":"1061","avBlockList":["Avira Internet Security (20240625)","COMODO Antivirus (20240625)","ESET Internet Security (20240625)","K7 Total Security (20240625)","Kaspersky Internet Security (20240625)","Malwarebytes Premium (20240625)","McAfee Total Protection (20240625)","Norton Security (20240625)","Panda Dome (20240625)","Quick Heal Internet Security (20240625)","Sophos Home Premium (20240625)","SpyHunter5 (20240625)","Total AV Antivirus Pro (20240625)","VirIT eXplorer PRO (20240625)","Webroot SecureAnywhere (20240625)","Windows Defender (20240625)"],"avAllowList":["360 Total Security (20240625)","Avast Premium Security (20240625)","AVG Internet Security (20240625)","Bitdefender Internet Security (20240625)","Dr.Web Security Space (20240625)","G DATA INTERNET SECURITY (20240625)","Trend Micro Internet Security (20240625)","VIPRE Advanced Security (20240625)"]}],"additionalFiles":[],"sources":[{"howFound":"randomly found from a download site","reference":"","landingPage":"https://www.gomlab.com/gomplayer-media-player/","directDownloadingLink":"https://cdn.gomlab.com/gretech/player/GOMPLAYERGLOBALSETUP_CHROME.EXE","ipv4":"","ipv6":"","landingPageWildChar":"","directDownloadingLinkWildChar":"https://cdn.gomlab.com/gretech/player/GOMPLAYERGLOBALSETUP_CHROME.EXE","sourceIndex":"1061"}],"sampleFiles":["230606/GOMPlayer-230126/2.3.87.5356/Samples/GOM.exe","230606/GOMPlayer-230126/2.3.87.5356/Samples/GOMPLAYERGLOBALSETUP_CHROME.EXE"],"imageFiles":["230606/GOMPlayer-230126/2.3.87.5356/Images/ACR-013/GOM_Offer1.jpg","230606/GOMPlayer-230126/2.3.87.5356/Images/ACR-013/GOM_Offer2.jpg","230606/GOMPlayer-230126/2.3.87.5356/Images/ACR-013/GOM_Offer3.jpg","230606/GOMPlayer-230126/2.3.87.5356/Images/ACR-013/GOM_FinalOffers.gif","230606/GOMPlayer-230126/2.3.87.5356/Images/ACR-155/GOM_Offer1.jpg","230606/GOMPlayer-230126/2.3.87.5356/Images/ACR-155/GOM_Offer2.jpg","230606/GOMPlayer-230126/2.3.87.5356/Images/ACR-155/GOM_Offer3.jpg","230606/GOMPlayer-230126/2.3.87.5356/Images/ACR-155/GOM_FinalOffers.gif","230606/GOMPlayer-230126/2.3.87.5356/Images/ACR-059/GOM_Offer1.jpg","230606/GOMPlayer-230126/2.3.87.5356/Images/ACR-059/GOM_Offer2.jpg","230606/GOMPlayer-230126/2.3.87.5356/Images/ACR-059/GOM_Offer3.jpg","230606/GOMPlayer-230126/2.3.87.5356/Images/ACR-060/GOM_Offer1.jpg","230606/GOMPlayer-230126/2.3.87.5356/Images/ACR-060/GOM_Offer2.jpg","230606/GOMPlayer-230126/2.3.87.5356/Images/ACR-060/GOM_Offer3.jpg","230606/GOMPlayer-230126/2.3.87.5356/Images/ACR-060/GOM_FinalOffers.gif"],"nonDeceptorImageFiles":[],"guid":"efb56f7a-0b79-4928-838b-8f58f2b68e6e_2.3.87.5356_1","appID":"GOMPlayer-230126","dateAdded":"250508","deceptorType":"App","name":"GOM Player","company":"GOM ","version":"2.3.87.5356","lastKnownStatus":"2.3.83.5350;2.3.86.5355;2.3.87.5356;2.3.88.5357;2.3.88.5358;2.3.89.5359;2.3.90.5360;2.3.91.5361;2.3.92.5362;2.3.93.5363;2.3.97.5367;2.3.99.5369;2.3.100.5370;2.3.108.5378","lastKnownDate":"250508","type":"Windows Executable","category":"Media players","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid,paid,display ads","lastUpdate":"2025-05-08T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":15,"sortOrder":334},{"violations":{"ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software.\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software.\n","ACR-059":"Offers that are not related to the main app should be marked as \"Optional Offer\" instead of identifying the offers as a Recommended additional software to install.\n","ACR-155":"Offers are designed to look like part of the install workflow.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"GOM.EXE","companyName":"GOM & Company","fileVersion":"2.3","hashMD5":"677a5d481e3ce897be40bca7dfec558e","hashSHA1":"664f65b917eccd1a6cc4859f09fd97533c90ea41","hashSHA256":"033b56207496f554f3d2b26e0a53afca1c4170fbaf9af7334e574a1a01c4c4ab","digitalCertThumbprint":"2FB6D90F9C250CA0DD60B14EC68FF5D035719656","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=GRETECH CORPORATION, OU=GRETECH CORPORATION, O=GRETECH CORPORATION, L=Shinjuku, S=Tokyo, C=JP","sourceIndex":"1039","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"GOMPLAYERGLOBALSETUP_CHROME.EXE","isInstaller":"True","companyName":"GOM & Company","fileVersion":"2.3","hashMD5":"ede86795a9ee192478e9012b20100b86","hashSHA1":"32388e8a69096623066a3a7d0ac1cc4967b2c901","hashSHA256":"2be88ac2351f02bdec46e35617b19dce68a8463aac96d72267637b7ac979bd87","digitalCertThumbprint":"2FB6D90F9C250CA0DD60B14EC68FF5D035719656","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=GRETECH CORPORATION, OU=GRETECH CORPORATION, O=GRETECH CORPORATION, L=Shinjuku, S=Tokyo, C=JP","sourceIndex":"1039","avBlockList":["Avira Internet Security (20240111)","COMODO Antivirus (20240111)","ESET Internet Security (20240111)","Kaspersky Internet Security (20240111)","Malwarebytes Premium (20240111)","McAfee Total Protection (20240111)","Norton Security (20240111)","Panda Dome (20240111)","Sophos Home Premium (20240111)","SpyHunter5 (20240111)","Total AV Antivirus Pro (20240111)","VirIT eXplorer PRO (20240111)","Webroot SecureAnywhere (20240111)","Windows Defender (20240111)"],"avAllowList":["360 Total Security (20240111)","Avast Premium Security (20240111)","AVG Internet Security (20240111)","Bitdefender Internet Security (20240111)","Dr.Web Security Space (20240111)","G DATA INTERNET SECURITY (20240111)","K7 Total Security (20240111)","Quick Heal Internet Security (20240111)","Trend Micro Internet Security (20240111)","VIPRE Advanced Security (20240111)"]}],"additionalFiles":[],"sources":[{"howFound":"randomly found from a download site","reference":"","landingPage":"https://www.gomlab.com/gomplayer-media-player/","directDownloadingLink":"https://cdn.gomlab.com/gretech/player/GOMPLAYERGLOBALSETUP_CHROME.EXE","ipv4":"","ipv6":"","landingPageWildChar":"","directDownloadingLinkWildChar":"https://cdn.gomlab.com/gretech/player/GOMPLAYERGLOBALSETUP_CHROME.EXE","sourceIndex":"1039"}],"sampleFiles":["230621/GOMPlayer-230126/2.3.88.5357/Samples/GOM.exe","230621/GOMPlayer-230126/2.3.88.5357/Samples/GOMPLAYERGLOBALSETUP_CHROME.EXE"],"imageFiles":["230621/GOMPlayer-230126/2.3.88.5357/Images/ACR-013/GOM_Offer1.jpg","230621/GOMPlayer-230126/2.3.88.5357/Images/ACR-013/GOM_Offer3.jpg","230621/GOMPlayer-230126/2.3.88.5357/Images/ACR-013/GOM_Offer2.png","230621/GOMPlayer-230126/2.3.88.5357/Images/ACR-155/GOM_Offer1.jpg","230621/GOMPlayer-230126/2.3.88.5357/Images/ACR-155/GOM_Offer2.png","230621/GOMPlayer-230126/2.3.88.5357/Images/ACR-155/GOM_Offer3.png","230621/GOMPlayer-230126/2.3.88.5357/Images/ACR-059/GOM_Offer1.jpg","230621/GOMPlayer-230126/2.3.88.5357/Images/ACR-059/GOM_Offer3.jpg","230621/GOMPlayer-230126/2.3.88.5357/Images/ACR-059/GOM_Offer2.png","230621/GOMPlayer-230126/2.3.88.5357/Images/ACR-060/GOM_Offer1.jpg","230621/GOMPlayer-230126/2.3.88.5357/Images/ACR-060/GOM_Offer3.jpg","230621/GOMPlayer-230126/2.3.88.5357/Images/ACR-060/GOM_Offer2.png"],"nonDeceptorImageFiles":[],"guid":"efb56f7a-0b79-4928-838b-8f58f2b68e6e_2.3.88.5357_1","appID":"GOMPlayer-230126","dateAdded":"250508","deceptorType":"App","name":"GOM Player","company":"GOM ","version":"2.3.88.5357","lastKnownStatus":"2.3.83.5350;2.3.86.5355;2.3.87.5356;2.3.88.5357;2.3.88.5358;2.3.89.5359;2.3.90.5360;2.3.91.5361;2.3.92.5362;2.3.93.5363;2.3.97.5367;2.3.99.5369;2.3.100.5370;2.3.108.5378","lastKnownDate":"250508","type":"Windows Executable","category":"Media players","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid,paid,display ads","lastUpdate":"2025-05-08T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":15,"sortOrder":333},{"violations":{"ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software.\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software.\n","ACR-059":"Offers that are not related to the main app should be marked as \"Optional Offer\" instead of identifying the offers as a Recommended additional software to install.\n","ACR-155":"Offers are designed to look like part of the install workflow.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"GOMPLAYERGLOBALSETUP_CHROME.EXE","isInstaller":"True","companyName":"GOM & Company","fileVersion":"2.3","hashMD5":"e260dcbaa94b6de71e44a1a3d91126ab","hashSHA1":"911477a5404b0c2964074fd0f827bdab9751d6ff","hashSHA256":"cfefe4e33b431ea80b1ea63f118a36f812fff7c038e1a4be52d55feadd94f07b","digitalCertThumbprint":"2FB6D90F9C250CA0DD60B14EC68FF5D035719656","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=GRETECH CORPORATION, OU=GRETECH CORPORATION, O=GRETECH CORPORATION, L=Shinjuku, S=Tokyo, C=JP","sourceIndex":"970","avBlockList":["Avira Internet Security (20240725)","COMODO Antivirus (20240725)","ESET Internet Security (20240725)","Kaspersky Internet Security (20240725)","Malwarebytes Premium (20240725)","McAfee Total Protection (20240725)","Norton Security (20240725)","Panda Dome (20240725)","Sophos Home Premium (20240725)","SpyHunter5 (20240725)","Total AV Antivirus Pro (20240725)","VirIT eXplorer PRO (20240725)","Webroot SecureAnywhere (20240725)","FortectPremium (20240725)"],"avAllowList":["360 Total Security (20240725)","Avast Premium Security (20240725)","AVG Internet Security (20240725)","Bitdefender Internet Security (20240725)","Dr.Web Security Space (20240725)","G DATA INTERNET SECURITY (20240725)","K7 Total Security (20240725)","Quick Heal Internet Security (20240725)","Trend Micro Internet Security (20240725)","VIPRE Advanced Security (20240725)","Windows Defender (20240725)"]}],"additionalFiles":[],"sources":[{"howFound":"randomly found from a download site","reference":"","landingPage":"https://www.gomlab.com/gomplayer-media-player/","directDownloadingLink":"https://cdn.gomlab.com/gretech/player/GOMPLAYERGLOBALSETUP_CHROME.EXE","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://cdn.gomlab.com/gretech/player/GOMPLAYERGLOBALSETUP_CHROME.EXE","sourceIndex":"970"}],"sampleFiles":["230724/GOMPlayer-230126/2.3.89.5359/Samples/GOMPLAYERGLOBALSETUP_CHROME.EXE"],"imageFiles":["230724/GOMPlayer-230126/2.3.89.5359/Images/ACR-013/GOMPlayer_O1.jpg","230724/GOMPlayer-230126/2.3.89.5359/Images/ACR-013/GOMPlayer_O2.jpg","230724/GOMPlayer-230126/2.3.89.5359/Images/ACR-013/GOMPlayer_O3.jpg","230724/GOMPlayer-230126/2.3.89.5359/Images/ACR-155/GOMPlayer_O1.jpg","230724/GOMPlayer-230126/2.3.89.5359/Images/ACR-155/GOMPlayer_O2.jpg","230724/GOMPlayer-230126/2.3.89.5359/Images/ACR-155/GOMPlayer_O3.jpg","230724/GOMPlayer-230126/2.3.89.5359/Images/ACR-059/GOMPlayer_O1.jpg","230724/GOMPlayer-230126/2.3.89.5359/Images/ACR-059/GOMPlayer_O2.jpg","230724/GOMPlayer-230126/2.3.89.5359/Images/ACR-059/GOMPlayer_O3.jpg","230724/GOMPlayer-230126/2.3.89.5359/Images/ACR-060/GOMPlayer_O1.jpg","230724/GOMPlayer-230126/2.3.89.5359/Images/ACR-060/GOMPlayer_O2.jpg","230724/GOMPlayer-230126/2.3.89.5359/Images/ACR-060/GOMPlayer_O3.jpg"],"nonDeceptorImageFiles":[],"guid":"efb56f7a-0b79-4928-838b-8f58f2b68e6e_2.3.89.5359_1","appID":"GOMPlayer-230126","dateAdded":"250508","deceptorType":"App","name":"GOM Player","company":"GOM ","version":"2.3.89.5359","lastKnownStatus":"2.3.83.5350;2.3.86.5355;2.3.87.5356;2.3.88.5357;2.3.88.5358;2.3.89.5359;2.3.90.5360;2.3.91.5361;2.3.92.5362;2.3.93.5363;2.3.97.5367;2.3.99.5369;2.3.100.5370;2.3.108.5378","lastKnownDate":"250508","type":"Windows Executable","category":"Media players","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid,paid,display ads","lastUpdate":"2025-05-08T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":15,"sortOrder":331},{"violations":{"ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software.\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software.\n","ACR-059":"Offers that are not related to the main app should be marked as \"Optional Offer\" instead of identifying the offers as a Recommended additional software to install.\n","ACR-155":"Offers are designed to look like part of the install workflow.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"GOMPLAYERGLOBALSETUP_CHROME.EXE","isInstaller":"True","companyName":"GOM & Company","fileVersion":"2.3","hashMD5":"4741df7bcd0c46911115540f7ee0f2f9","hashSHA1":"bbdf9cd8b74d7fa9f7c858942f9cb6e868079ed1","hashSHA256":"68e8bc3dacc90cdd1e999a3d513ac6761d5ced98e4b4b55c7b769b0c39a53668","digitalCertThumbprint":"B095DC311E92B376C76A77B4525FC3BEFE802E48","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=GRETECH CORPORATION, O=GRETECH CORPORATION, L=Shinjuku, S=Tokyo, C=JP","sourceIndex":"636","avBlockList":["360 Total Security (20240711)","COMODO Antivirus (20240711)","ESET Internet Security (20240711)","FortectPremium (20240711)","K7 Total Security (20240711)","Kaspersky Internet Security (20240711)","Malwarebytes Premium (20240711)","Norton Security (20240711)","Panda Dome (20240711)","Quick Heal Internet Security (20240711)","Sophos Home Premium (20240711)","SpyHunter5 (20240711)","VirIT eXplorer PRO (20240711)","Webroot SecureAnywhere (20240711)","Windows Defender (20240711)"],"avAllowList":["Avast Premium Security (20240711)","AVG Internet Security (20240711)","Avira Internet Security (20240711)","Bitdefender Internet Security (20240711)","Dr.Web Security Space (20240711)","G DATA INTERNET SECURITY (20240711)","McAfee Total Protection (20240711)","Total AV Antivirus Pro (20240711)","Trend Micro Internet Security (20240711)","VIPRE Advanced Security (20240711)"]}],"additionalFiles":[],"sources":[{"howFound":"randomly found from a download site","reference":"","landingPage":"https://www.gomlab.com/gomplayer-media-player/","directDownloadingLink":"https://cdn.gomlab.com/gretech/player/GOMPLAYERGLOBALSETUP_CHROME.EXE","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://cdn.gomlab.com/gretech/player/GOMPLAYERGLOBALSETUP_CHROME.EXE","sourceIndex":"636"}],"sampleFiles":["240522/GOMPlayer-230126/2.3.97.5367/Samples/GOMPLAYERGLOBALSETUP_CHROME.EXE"],"imageFiles":["240522/GOMPlayer-230126/2.3.97.5367/Images/ACR-013/InstallOffer1.png","240522/GOMPlayer-230126/2.3.97.5367/Images/ACR-013/InstallOffer2.png","240522/GOMPlayer-230126/2.3.97.5367/Images/ACR-013/InstallOffer3.png","240522/GOMPlayer-230126/2.3.97.5367/Images/ACR-155/InstallOffer1.png","240522/GOMPlayer-230126/2.3.97.5367/Images/ACR-155/InstallOffer2.png","240522/GOMPlayer-230126/2.3.97.5367/Images/ACR-155/InstallOffer3.png","240522/GOMPlayer-230126/2.3.97.5367/Images/ACR-059/InstallOffer2.png","240522/GOMPlayer-230126/2.3.97.5367/Images/ACR-060/InstallOffer1.png","240522/GOMPlayer-230126/2.3.97.5367/Images/ACR-060/InstallOffer2.png","240522/GOMPlayer-230126/2.3.97.5367/Images/ACR-060/InstallOffer3.png"],"nonDeceptorImageFiles":[],"guid":"efb56f7a-0b79-4928-838b-8f58f2b68e6e_2.3.97.5367_1","appID":"GOMPlayer-230126","dateAdded":"250508","deceptorType":"App","name":"GOM Player","company":"GOM ","version":"2.3.97.5367","lastKnownStatus":"2.3.83.5350;2.3.86.5355;2.3.87.5356;2.3.88.5357;2.3.88.5358;2.3.89.5359;2.3.90.5360;2.3.91.5361;2.3.92.5362;2.3.93.5363;2.3.97.5367;2.3.99.5369;2.3.100.5370;2.3.108.5378","lastKnownDate":"250508","type":"Windows Executable","category":"Media players","targetOS":"Windows 10,Windows 11,Windows 8","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid,paid,display ads","lastUpdate":"2025-05-08T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":15,"sortOrder":326},{"violations":{"ACR-059":"Offers that are not related to the main app should be marked as \"Optional Offer\" instead of identifying the offers as a Recommended additional software to install.\n","ACR-155":"Offers are designed to look like part of the install workflow.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"GOM.EXE","companyName":"GOM & Company","fileVersion":"2.3.83.5350","hashMD5":"329789d0508992d8d6ed9adf72423135","hashSHA1":"1d1f3bb2d56347f6e7de730b5471ef229e0995a7","hashSHA256":"bc786a1ee28402f5ac0bf0ea72f31b8b3cdbfa21f51999286e27a27194b0a3fa","digitalCertThumbprint":"2FB6D90F9C250CA0DD60B14EC68FF5D035719656","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=GRETECH CORPORATION, OU=GRETECH CORPORATION, O=GRETECH CORPORATION, L=Shinjuku, S=Tokyo, C=JP","sourceIndex":"1218","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"GOMPLAYERGLOBALSETUP_CHROME.EXE","isInstaller":"True","companyName":"GOM & Company","fileVersion":"2.3","hashMD5":"657e47c6009558ac2b9006e0490743df","hashSHA1":"06c39cdc9473eab32ee583521febca4ea9cf3fc0","hashSHA256":"ca55e77e90979e3915d894eb5fdfc17a31ec4ce5a704fe0c9cd8ee2c822b8bbe","digitalCertThumbprint":"2FB6D90F9C250CA0DD60B14EC68FF5D035719656","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=GRETECH CORPORATION, OU=GRETECH CORPORATION, O=GRETECH CORPORATION, L=Shinjuku, S=Tokyo, C=JP","sourceIndex":"1218","avBlockList":["Avira Internet Security (20240808)","ESET Internet Security (20240808)","G DATA INTERNET SECURITY (20240808)","Malwarebytes Premium (20240808)","McAfee Total Protection (20240808)","Norton Security (20240808)","Panda Dome (20240808)","Sophos Home Premium (20240808)","SpyHunter5 (20240808)","Total AV Antivirus Pro (20240808)","VirIT eXplorer PRO (20240808)","Webroot SecureAnywhere (20240808)","FortectPremium (20240808)","KasperskyPremium (20240808)"],"avAllowList":["360 Total Security (20240808)","Avast Premium Security (20240808)","AVG Internet Security (20240808)","Bitdefender Internet Security (20240808)","COMODO Antivirus (20240808)","Dr.Web Security Space (20240808)","K7 Total Security (20240808)","Kaspersky Internet Security (20230914)","Quick Heal Internet Security (20240808)","Trend Micro Internet Security (20240808)","VIPRE Advanced Security (20240808)","Windows Defender (20240808)"]}],"additionalFiles":[],"sources":[{"howFound":"randomly found from a download site","reference":"","landingPage":"https://www.gomlab.com/gomplayer-media-player/","directDownloadingLink":"https://cdn.gomlab.com/gretech/player/GOMPLAYERGLOBALSETUP_CHROME.EXE","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://cdn.gomlab.com/gretech/player/GOMPLAYERGLOBALSETUP_CHROME.EXE","sourceIndex":"1218"}],"sampleFiles":["230215/GOMPlayer-230126/2.3.83.5350/Samples/GOM.exe","230215/GOMPlayer-230126/2.3.83.5350/Samples/GOMPLAYERGLOBALSETUP_CHROME.EXE"],"imageFiles":["230215/GOMPlayer-230126/2.3.83.5350/Images/ACR-059/ACR-059_Offer1 (1).jpg","230215/GOMPlayer-230126/2.3.83.5350/Images/ACR-059/ACR-059_Offer1 (2).jpg","230215/GOMPlayer-230126/2.3.83.5350/Images/ACR-155/ACR-155_Offers_Avira.mp4"],"nonDeceptorImageFiles":[],"guid":"efb56f7a-0b79-4928-838b-8f58f2b68e6e_2.3.83.5350_1","appID":"GOMPlayer-230126","dateAdded":"250508","deceptorType":"App","name":"GOM Player","company":"GOM ","version":"2.3.83.5350","lastKnownStatus":"2.3.83.5350;2.3.86.5355;2.3.87.5356;2.3.88.5357;2.3.88.5358;2.3.89.5359;2.3.90.5360;2.3.91.5361;2.3.92.5362;2.3.93.5363;2.3.97.5367;2.3.99.5369;2.3.100.5370;2.3.108.5378","lastKnownDate":"250508","type":"Windows Executable","category":"Media players","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid,paid,display ads","lastUpdate":"2025-05-08T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":15,"sortOrder":337},{"violations":{"ACR-109":"The app silently adds the \"AliExPress\" shortcut to the desktop without disclosing the relationship to the app during installation and EULA.\n","ACR-042":"The app silently adds the \"AliExPress\" shortcut to the desktop without any disclosure in EULA.\n","ACR-043":"The app silently adds the \"AliExPress\" shortcut to the desktop without any disclosure in EULA.\n","ACR-048":"The app does not provide any control to cancel the installation.\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software.\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software.\n","ACR-014":"The \"Accept\" button on the Avast secure Browser offer is used for two things: accepting an offer and accepting Avast secure browser as the default browser. The \"Accept\" button is misleading and confusing because the user is easily led to believe that \"Accept\" is only for installing the Avast secure browser and not for changing the system browser's default settings.\n","ACR-059":"Offers that are not related to the main app should be marked as \"Optional Offer\" instead of identifying the offers as a Recommended additional software to install.\n","ACR-039":"The app silently adds the \"AliExPress\" shortcut to the desktop without disclosing the relationship to the app during installation and EULA.\n","ACR-155":"Offers are designed to look like part of the install workflow.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"GOMPLAYERGLOBALSETUP_CHROME.EXE","isInstaller":"True","companyName":"GOM & Company","productName":"GOMPlayerGlobal","productVersion":"2.3.100.5370","fileVersion":"2.3","hashMD5":"c4a6398345901b7b22bdadb2758f6a50","hashSHA1":"5e23ddc091ba51409d5d121fc5a6c23455e0d14c","hashSHA256":"adc5b54854960929f240c2cc1f68e330bdf40a22aa8d43079d721a7739e0dab5","digitalCertThumbprint":"B095DC311E92B376C76A77B4525FC3BEFE802E48","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"GRETECH CORPORATION","storeId":"","sourceIndex":"529","avBlockList":["COMODO Antivirus (20241217)","ESET Internet Security (20241217)","FortectPremium (20241217)","KasperskyPremium (20241217)","Malwarebytes Premium (20241217)","Norton Security (20241022)","Panda Dome (20241217)","SpyHunter5 (20241217)","VirIT eXplorer PRO (20241217)","Webroot SecureAnywhere (20241217)"],"avAllowList":["360 Total Security (20241217)","Avast Premium Security (20241217)","AVG Internet Security (20241217)","Avira Internet Security (20241217)","Bitdefender Internet Security (20241217)","Dr.Web Security Space (20241217)","G DATA INTERNET SECURITY (20241217)","K7 Total Security (20241217)","McAfee Total Protection (20241217)","Quick Heal Internet Security (20241217)","Sophos Home Premium (20241217)","Total AV Antivirus Pro (20241217)","Trend Micro Internet Security (20241217)","VIPRE Advanced Security (20241217)","Windows Defender (20241217)"]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on windows app","reference":"","landingPage":"https://www.gomlab.com/gomplayer-media-player/","directDownloadingLink":"https://cdn.gomlab.com/gretech/player/GOMPLAYERGLOBALSETUP_NEW.EXE","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://cdn.gomlab.com/gretech/player/GOMPLAYERGLOBALSETUP_NEW.EXE","sourceIndex":"529"}],"sampleFiles":["240930/GOMPlayer-230126/2.3.100.5370/Samples/GOMPLAYERGLOBALSETUP_CHROME.EXE"],"imageFiles":["240930/GOMPlayer-230126/2.3.100.5370/Images/ACR-109/ACR-109_Install_1.png","240930/GOMPlayer-230126/2.3.100.5370/Images/ACR-039/ACR-039_Install_1.png","240930/GOMPlayer-230126/2.3.100.5370/Images/ACR-043/ACR-043_Install_1.png","240930/GOMPlayer-230126/2.3.100.5370/Images/ACR-042/ACR-042_Install_1.png","240930/GOMPlayer-230126/2.3.100.5370/Images/ACR-048/ACR-048.PNG","240930/GOMPlayer-230126/2.3.100.5370/Images/ACR-013/ACR-013.PNG","240930/GOMPlayer-230126/2.3.100.5370/Images/ACR-013/ACR-013_1.PNG","240930/GOMPlayer-230126/2.3.100.5370/Images/ACR-014/ACR-014.PNG","240930/GOMPlayer-230126/2.3.100.5370/Images/ACR-155/ACR-155.PNG","240930/GOMPlayer-230126/2.3.100.5370/Images/ACR-155/ACR-155_1.PNG","240930/GOMPlayer-230126/2.3.100.5370/Images/ACR-059/ACR-059.PNG","240930/GOMPlayer-230126/2.3.100.5370/Images/ACR-060/ACR-060.PNG","240930/GOMPlayer-230126/2.3.100.5370/Images/ACR-060/ACR-060_1.PNG"],"nonDeceptorImageFiles":[],"guid":"efb56f7a-0b79-4928-838b-8f58f2b68e6e_2.3.100.5370_1","appID":"GOMPlayer-230126","dateAdded":"250508","deceptorType":"App","name":"GOM Player","company":"GOM ","version":"2.3.100.5370","lastKnownStatus":"2.3.83.5350;2.3.86.5355;2.3.87.5356;2.3.88.5357;2.3.88.5358;2.3.89.5359;2.3.90.5360;2.3.91.5361;2.3.92.5362;2.3.93.5363;2.3.97.5367;2.3.99.5369;2.3.100.5370;2.3.108.5378","lastKnownDate":"250508","type":"Windows Executable","category":"Media players","targetOS":"Windows 10,Windows 11,Windows 8","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid,paid,display ads","lastUpdate":"2025-05-08T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":15,"sortOrder":324},{"violations":{"ACR-048":"The app does not provide any control to cancel the installation.\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software.\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software.\n","ACR-059":"Offers that are not related to the main app should be marked as \"Optional Offer\" instead of identifying the offers as a Recommended additional software to install.\n","ACR-155":"Offers are designed to look like part of the install workflow.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"GOMPLAYERGLOBALSETUP_NEW.EXE","isInstaller":"True","companyName":"GOM & Company","fileVersion":"2.3","hashMD5":"2a685a7ecf934c965666b14a9dbbb3ce","hashSHA1":"7af87e6791196c6a7b0a3831aaecf86bd8c01aa0","hashSHA256":"801f64bb2c1929ce62d9f4d55ff711bb886508d07edfe8c9de4ba07b8fa7317c","digitalCertThumbprint":"B095DC311E92B376C76A77B4525FC3BEFE802E48","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=GRETECH CORPORATION, O=GRETECH CORPORATION, L=Shinjuku, S=Tokyo, C=JP","sourceIndex":"198","avBlockList":["COMODO Antivirus (20250729)","ESET Internet Security (20250729)","FortectPremium (20250729)","K7 Total Security (20250729)","KasperskyPremium (20250729)","Malwarebytes Premium (20250729)","Panda Dome (20250729)","Quick Heal Internet Security (20250729)","Sophos Home Premium (20250729)","SpyHunter5 (20250729)","VirIT eXplorer PRO (20250729)","Webroot SecureAnywhere (20250729)"],"avAllowList":["360 Total Security (20250729)","Avast Premium Security (20250729)","AVG Internet Security (20250729)","Avira Internet Security (20250729)","Bitdefender Internet Security (20250729)","Dr.Web Security Space (20250729)","G DATA INTERNET SECURITY (20250729)","McAfee Total Protection (20250729)","Norton Security (20250729)","Total AV Antivirus Pro (20250729)","Trend Micro Internet Security (20250729)","VIPRE Advanced Security (20250729)","Windows Defender (20250729)"]},{"isRevoked":"False","fileName":"GOMPLAYERKORSETUP.EXE","isInstaller":"True","companyName":"GOM & Company","fileVersion":"2.3","hashMD5":"2c09db30b29bca2e4aaae0f880910de4","hashSHA1":"6d4b9fc2dc8776c7b3b8776ec2d7995cb8530de4","hashSHA256":"4c7f3c2f454ba789eb15b32b746865e1f40a67ad7d3c55fc4509a68541424fe3","digitalCertThumbprint":"B095DC311E92B376C76A77B4525FC3BEFE802E48","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=GRETECH CORPORATION, O=GRETECH CORPORATION, L=Shinjuku, S=Tokyo, C=JP","sourceIndex":"198","avBlockList":["Bitdefender Internet Security (20250805)","COMODO Antivirus (20250805)","ESET Internet Security (20250805)","FortectPremium (20250805)","G DATA INTERNET SECURITY (20250805)","K7 Total Security (20250805)","KasperskyPremium (20250805)","Malwarebytes Premium (20250805)","Panda Dome (20250805)","Quick Heal Internet Security (20250805)","Sophos Home Premium (20250805)","SpyHunter5 (20250805)","VIPRE Advanced Security (20250805)","VirIT eXplorer PRO (20250805)","Webroot SecureAnywhere (20250805)"],"avAllowList":["360 Total Security (20250805)","Avast Premium Security (20250805)","AVG Internet Security (20250805)","Avira Internet Security (20250805)","Dr.Web Security Space (20250805)","McAfee Total Protection (20250805)","Norton Security (20250805)","Total AV Antivirus Pro (20250805)","Trend Micro Internet Security (20250805)","Windows Defender (20250805)"]},{"isRevoked":"False","fileName":"GOMPLAYERGLOBALSETUP_NEW.EXE","isInstaller":"True","companyName":"GOM & Company","productName":"GOMPlayerGlobal","productVersion":"2.3.108.5378","fileVersion":"2.3","hashMD5":"ef1baa0cdb43147376261f4e8fcc8dae","hashSHA1":"555c8f70d413d2592dc5bcd2512be695db7b2b01","hashSHA256":"a604b0bd1e6df8919f9a1560a91af0c996d1d3cdc1f582c2f57111868bc33af1","digitalCertThumbprint":"78F0C7D6E7CA5834C7FF8A4829BC2DD740C8C452","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=GOM&Company, O=GOM&Company, L=Songpa District, S=Seoul, C=KR, SERIALNUMBER=110111-1649578, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.2=Seoul, OID.1.3.6.1.4.1.311.60.2.1.3=KR","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"198","avBlockList":["COMODO Antivirus (20250724)","ESET Internet Security (20250724)","FortectPremium (20250724)","K7 Total Security (20250724)","KasperskyPremium (20250724)","Malwarebytes Premium (20250724)","Panda Dome (20250724)","Quick Heal Internet Security (20250724)","Sophos Home Premium (20250724)","SpyHunter5 (20250724)","VirIT eXplorer PRO (20250724)","Webroot SecureAnywhere (20250724)"],"avAllowList":["360 Total Security (20250724)","Avast Premium Security (20250724)","AVG Internet Security (20250724)","Avira Internet Security (20250724)","Bitdefender Internet Security (20250724)","Dr.Web Security Space (20250724)","G DATA INTERNET SECURITY (20250724)","McAfee Total Protection (20250724)","Norton Security (20250724)","Total AV Antivirus Pro (20250724)","Trend Micro Internet Security (20250724)","VIPRE Advanced Security (20250724)","Windows Defender (20250724)"]},{"isRevoked":"False","fileName":"GOM.EXE","companyName":"GOM & Company","productName":"GOM Player","productVersion":"2, 3, 108, 5378","fileVersion":"2.3","hashMD5":"a133afb41c161789d05545cb94082442","hashSHA1":"42fbcb2df60f4016eb31a985bffa7abbc6767a67","hashSHA256":"1d427e84c3b002e85d27bf3b03a8fc766496aa663d94a6732615c7eebb752aa5","digitalCertThumbprint":"B095DC311E92B376C76A77B4525FC3BEFE802E48","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=GRETECH CORPORATION, O=GRETECH CORPORATION, L=Shinjuku, S=Tokyo, C=JP","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"198","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"randomly found from a download site","reference":"","landingPage":"https://www.gomlab.com/gomplayer-media-player/","directDownloadingLink":"https://cdn.gomlab.com/gretech/player/GOMPLAYERGLOBALSETUP_CHROME.EXE","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://cdn.gomlab.com/gretech/player/GOMPLAYERGLOBALSETUP_CHROME.EXE","sourceIndex":"198"}],"sampleFiles":["250508/GOMPlayer-230126/2.3.108.5378/Samples/GOMPLAYERGLOBALSETUP_NEW.EXE","250508/GOMPlayer-230126/2.3.108.5378/Samples/GOMPLAYERKORSETUP.EXE","250508/GOMPlayer-230126/2.3.108.5378/Samples/GOMPLAYERGLOBALSETUP_NEW%20(1).EXE","250508/GOMPlayer-230126/2.3.108.5378/Samples/GOM.exe"],"imageFiles":["250508/GOMPlayer-230126/2.3.108.5378/Images/ACR-048/ACR-048.PNG","250508/GOMPlayer-230126/2.3.108.5378/Images/ACR-013/Screenshot 2025-05-08 at 1.44.27 PM.png","250508/GOMPlayer-230126/2.3.108.5378/Images/ACR-013/Screenshot 2025-05-08 at 1.49.57 PM.png","250508/GOMPlayer-230126/2.3.108.5378/Images/ACR-155/Screenshot 2025-05-08 at 1.44.27 PM.png","250508/GOMPlayer-230126/2.3.108.5378/Images/ACR-155/Screenshot 2025-05-08 at 1.50.53 PM.png","250508/GOMPlayer-230126/2.3.108.5378/Images/ACR-155/Screenshot 2025-05-08 at 1.49.57 PM.png","250508/GOMPlayer-230126/2.3.108.5378/Images/ACR-060/Screenshot 2025-05-08 at 1.44.27 PM.png"],"nonDeceptorImageFiles":[],"guid":"efb56f7a-0b79-4928-838b-8f58f2b68e6e_2.3.108.5378_1","appID":"GOMPlayer-230126","dateAdded":"250508","deceptorType":"App","name":"GOM Player","company":"GOM ","version":"2.3.108.5378","lastKnownStatus":"2.3.83.5350;2.3.86.5355;2.3.87.5356;2.3.88.5357;2.3.88.5358;2.3.89.5359;2.3.90.5360;2.3.91.5361;2.3.92.5362;2.3.93.5363;2.3.97.5367;2.3.99.5369;2.3.100.5370;2.3.108.5378","lastKnownDate":"250508","type":"Windows Executable","category":"Media players","targetOS":"Windows 10,Windows 11,Windows 8","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid,paid,display ads","lastUpdate":"2025-06-03T19:02:07.6555948+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":15,"sortOrder":323},{"violations":{"ACR-042":"Open source project \"Qt5\" is installed without any disclosure in EULA.\n","ACR-043":"Open source project \"Qt5\" is installed without any disclosure in EULA.\n","ACR-107":"The app does not obtain any authorization for using third-party components: \"Qt5\"\n","ACR-004":"The application doesn't provide a free fix for all items reported, only allows to recover up to 30 MB of data each time. Instead, it offers subscription payment to completely recover files scanned.\n","ACR-165":"The app doesn't provide the following information in the shopping cart: 1. What will the price be in the auto-renewal payment given the first payment is a discounted price. \n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\MyRecover\\ADR.exe","companyName":"AOMEI International Network Limited","productName":"MyRecover","productVersion":"3.6.0.0","fileVersion":"3.6.0.0","hashMD5":"7fadd21ab8f832c79a3c6559a194daf8","hashSHA1":"a35493f800976c09d4fbb3886dbd111fe3af7e82","hashSHA256":"c1d6e11f8965a65a6a42fb98c5ee16c5eb0d414a6a074e47ff22391117756847","digitalCertThumbprint":"257F56D595316F1E2810D992911AC064E193830C","digitalCertIssuer":"Sectigo Public Code Signing CA R36","digitalCertIssuedTo":"AOMEI International Network Limited","storeId":"","sourceIndex":"663","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"MyRecover_WinSetup_20240401.10955446.exe","isInstaller":"True","companyName":"AOMEI International Network Limited.                        ","productName":"MyRecover                                                   ","productVersion":"3.6.0               ","fileVersion":"3.6.0               ","hashMD5":"43db84529e7037f65767c14fd37b716b","hashSHA1":"6d34ba572e9f6f19f5d4b13f2d24ffcd644744be","hashSHA256":"a03ccf85fd6007cb67877a30bc335a743c63be6198048d3e4e5fc088edf39341","digitalCertThumbprint":"257F56D595316F1E2810D992911AC064E193830C","digitalCertIssuer":"Sectigo Public Code Signing CA R36","digitalCertIssuedTo":"AOMEI International Network Limited","storeId":"","sourceIndex":"663","avBlockList":["AVG Internet Security (20240815)","COMODO Antivirus (20240815)","ESET Internet Security (20240815)","K7 Total Security (20240815)","Norton Security (20240815)","Quick Heal Internet Security (20240815)","Sophos Home Premium (20240815)","SpyHunter5 (20240815)","VirIT eXplorer PRO (20240815)","Webroot SecureAnywhere (20240815)","FortectPremium (20240815)"],"avAllowList":["360 Total Security (20240815)","Avast Premium Security (20240815)","Avira Internet Security (20240815)","Bitdefender Internet Security (20240815)","Dr.Web Security Space (20240815)","G DATA INTERNET SECURITY (20240815)","Kaspersky Internet Security (20240613)","Malwarebytes Premium (20240815)","McAfee Total Protection (20240815)","Panda Dome (20240815)","Total AV Antivirus Pro (20240815)","Trend Micro Internet Security (20240815)","VIPRE Advanced Security (20240815)","Windows Defender (20240815)","KasperskyPremium (20240815)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt on Data recovery applications","reference":"","landingPage":"https://www.myrecover.com/windows-recovery/","directDownloadingLink":"https://www.myrecover.com/ss/download/dra/win/MyRecover_WinSetup.exe","ipv4":"","ipv6":"","landingPageWildChar":"","directDownloadingLinkWildChar":"https://www.myrecover.com/ss/download/dra/win/MyRecover_WinSetup.exe","sourceIndex":"663"}],"sampleFiles":["240404/MyRecover-240401/3.6.0/Samples/MyRecover_WinSetup_20240401.10955446.exe"],"imageFiles":["240404/MyRecover-240401/3.6.0/Images/ACR-043/ACR-043.PNG","240404/MyRecover-240401/3.6.0/Images/ACR-107/ACR-107.PNG","240404/MyRecover-240401/3.6.0/Images/ACR-042/ACR-042.PNG","240404/MyRecover-240401/3.6.0/Images/ACR-004/ACR-004.PNG","240404/MyRecover-240401/3.6.0/Images/ACR-004/ACR-004_1.PNG","240404/MyRecover-240401/3.6.0/Images/ACR-165/ACR-165.PNG"],"nonDeceptorImageFiles":[],"guid":"c5b990c9-b333-4b5a-b87c-7f22ec6edd03_3.6.0_1","appID":"MyRecover-240401","dateAdded":"250508","deceptorType":"App","name":"My Recover","company":"AOMEI International Network Limited.","version":"3.6.0","lastKnownStatus":"3.6.0;3.6.1;4.0.0","lastKnownDate":"250508","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10,Windows 11","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2025-05-08T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":3,"sortOrder":322},{"violations":{"ACR-004":"The application doesn't provide a free fix for all items reported, only allowing recovery for up to 500 MB of data. Instead, it offers an auto-renewing subscription payment to recover all files scanned.\n"},"nonDeceptorViolations":{},"samples":[],"additionalFiles":[],"sources":[{"howFound":"Hunt on Data recovery applications","reference":"","landingPage":"https://www.myrecover.com/windows-recovery/","directDownloadingLink":"https://www.myrecover.com/ss/download/dra/win/MyRecover_WinSetup.exe","ipv4":"","ipv6":"","landingPageWildChar":"","directDownloadingLinkWildChar":"https://www.myrecover.com/ss/download/dra/win/MyRecover_WinSetup.exe","sourceIndex":"623"}],"sampleFiles":[],"imageFiles":["240620/MyRecover-240401/3.6.1/Images/ACR-004/ACR004.png","240620/MyRecover-240401/3.6.1/Images/ACR-004/ACR004_2.png"],"nonDeceptorImageFiles":[],"guid":"c5b990c9-b333-4b5a-b87c-7f22ec6edd03_3.6.1_1","appID":"MyRecover-240401","dateAdded":"250508","deceptorType":"App","name":"My Recover","company":"AOMEI International Network Limited.","version":"3.6.1","lastKnownStatus":"3.6.0;3.6.1;4.0.0","lastKnownDate":"250508","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 7,Windows 8,Windows 10,Windows 11","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,paid","lastUpdate":"2025-05-08T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":3,"sortOrder":321},{"violations":{"ACR-004":"The application doesn't provide a free fix for all items reported, only allowing recovery for up to 500 MB of data. Instead, it offers an auto-renewing subscription payment to recover all files scanned.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"MyRecover_Windows_Free_20250509.17646246.exe","isInstaller":"True","companyName":"AOMEI International Network Limited.                        ","fileVersion":"4.0","hashMD5":"7e94fce68abe47fee561430323df0e78","hashSHA1":"e57b8f39e2e0f76d26fa6e26be5147549f499a08","hashSHA256":"81158e58f70d1a9a41bebdabedefd3d94a6268b313e249028ed7bc78e41a3e13","digitalCertThumbprint":"257F56D595316F1E2810D992911AC064E193830C","digitalCertIssuer":"CN=Sectigo Public Code Signing CA R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=AOMEI International Network Limited, O=AOMEI International Network Limited, S=Hong Kong, C=HK","sourceIndex":"209","avBlockList":["Avast Premium Security (20250722)","COMODO Antivirus (20250722)","ESET Internet Security (20250722)","K7 Total Security (20250722)","Panda Dome (20250722)","Sophos Home Premium (20250722)","SpyHunter5 (20250722)","VirIT eXplorer PRO (20250722)","Webroot SecureAnywhere (20250722)"],"avAllowList":["360 Total Security (20250722)","AVG Internet Security (20250722)","Avira Internet Security (20250722)","Bitdefender Internet Security (20250722)","Dr.Web Security Space (20250722)","FortectPremium (20250722)","G DATA INTERNET SECURITY (20250722)","KasperskyPremium (20250722)","Malwarebytes Premium (20250722)","McAfee Total Protection (20250722)","Norton Security (20250722)","Quick Heal Internet Security (20250722)","Total AV Antivirus Pro (20250722)","Trend Micro Internet Security (20250722)","VIPRE Advanced Security (20250722)","Windows Defender (20250722)"]},{"isRevoked":"False","fileName":"ADR.exe","companyName":"AOMEI International Network Limited","fileVersion":"4.0","hashMD5":"78a76c60947123748856ac4ac839f443","hashSHA1":"848316e36ea4a6e18232b8c5da19f36a750bf1f3","hashSHA256":"9b1c4e603540c35d01bbbc4953053eb0ed8ec461ed2cca05fcc8871bc07c16f1","digitalCertThumbprint":"257F56D595316F1E2810D992911AC064E193830C","digitalCertIssuer":"CN=Sectigo Public Code Signing CA R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=AOMEI International Network Limited, O=AOMEI International Network Limited, S=Hong Kong, C=HK","sourceIndex":"209","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt on Data recovery applications","reference":"","landingPage":"https://www.myrecover.com/windows-recovery/","directDownloadingLink":"https://www.myrecover.com/ss/download/dra/win/MyRecover_WinSetup.exe","ipv4":"","ipv6":"","landingPageWildChar":"","directDownloadingLinkWildChar":"https://www.myrecover.com/ss/download/dra/win/MyRecover_WinSetup.exe","sourceIndex":"209"}],"sampleFiles":["250508/MyRecover-240401/4.0.0/Samples/MyRecover_Windows_Free_20250509.17646246.exe","250508/MyRecover-240401/4.0.0/Samples/ADR.exe"],"imageFiles":["250508/MyRecover-240401/4.0.0/Images/ACR-004/ACR-004.png"],"nonDeceptorImageFiles":[],"guid":"c5b990c9-b333-4b5a-b87c-7f22ec6edd03_4.0.0_1","appID":"MyRecover-240401","dateAdded":"250508","deceptorType":"App","name":"My Recover","company":"AOMEI International Network Limited.","version":"4.0.0","lastKnownStatus":"3.6.0;3.6.1;4.0.0","lastKnownDate":"250508","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 7,Windows 8,Windows 10,Windows 11","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,paid","lastUpdate":"2025-05-08T22:06:20.9677874+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":3,"sortOrder":320},{"violations":{"ACR-048":"The app does not provide any control to cancel the installation.\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software.\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software.\n","ACR-059":"Offers that are not related to the main app should be marked as \"Optional Offer\" instead of identifying the offers as a Recommended additional software to install.\n","ACR-155":"Offers are designed to look like part of the install workflow.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"GOMPLAYERGLOBALSETUP_CHROME.EXE","isInstaller":"True","companyName":"GOM & Company","productName":"GOMPlayerGlobal","productVersion":"2.3.99.5369","fileVersion":"2.3","hashMD5":"56d1ee7e59b42d4db434f46d0527f165","hashSHA1":"7c20b08dd2f298df43eab0d73fe24a77bc5ee747","hashSHA256":"4e8119bb8a37c641d83313351b32abcd35d68f07369d1d52717eb591dd47d56c","digitalCertThumbprint":"B095DC311E92B376C76A77B4525FC3BEFE802E48","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"GRETECH CORPORATION","storeId":"","sourceIndex":"584","avBlockList":["COMODO Antivirus (20240919)","ESET Internet Security (20240919)","FortectPremium (20240919)","K7 Total Security (20240919)","KasperskyPremium (20240919)","Malwarebytes Premium (20240919)","Norton Security (20240919)","Panda Dome (20240919)","Quick Heal Internet Security (20240919)","Sophos Home Premium (20240919)","SpyHunter5 (20240919)","VirIT eXplorer PRO (20240919)","Webroot SecureAnywhere (20240919)","Windows Defender (20240919)"],"avAllowList":["360 Total Security (20240919)","Avast Premium Security (20240919)","AVG Internet Security (20240919)","Avira Internet Security (20240919)","Bitdefender Internet Security (20240919)","Dr.Web Security Space (20240919)","G DATA INTERNET SECURITY (20240919)","McAfee Total Protection (20240919)","Total AV Antivirus Pro (20240919)","Trend Micro Internet Security (20240919)","VIPRE Advanced Security (20240919)"]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on windows app","reference":"","landingPage":"https://www.gomlab.com/gomplayer-media-player/","directDownloadingLink":"https://cdn.gomlab.com/gretech/player/GOMPLAYERGLOBALSETUP_CHROME.EXE","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://cdn.gomlab.com/gretech/player/GOMPLAYERGLOBALSETUP_CHROME.EXE","sourceIndex":"584"}],"sampleFiles":["240730/GOMPlayer-230126/2.3.99.5369/Samples/GOMPLAYERGLOBALSETUP_CHROME.EXE"],"imageFiles":["240730/GOMPlayer-230126/2.3.99.5369/Images/ACR-048/ACR-048.PNG","240730/GOMPlayer-230126/2.3.99.5369/Images/ACR-013/ACR-013.PNG","240730/GOMPlayer-230126/2.3.99.5369/Images/ACR-013/ACR-013_1.PNG","240730/GOMPlayer-230126/2.3.99.5369/Images/ACR-013/ACR-013_2.PNG","240730/GOMPlayer-230126/2.3.99.5369/Images/ACR-155/ACR-155.PNG","240730/GOMPlayer-230126/2.3.99.5369/Images/ACR-155/ACR-155_1.PNG","240730/GOMPlayer-230126/2.3.99.5369/Images/ACR-155/ACR-155_2.PNG","240730/GOMPlayer-230126/2.3.99.5369/Images/ACR-059/ACR-059.PNG","240730/GOMPlayer-230126/2.3.99.5369/Images/ACR-060/ACR-060.PNG","240730/GOMPlayer-230126/2.3.99.5369/Images/ACR-060/ACR-060_1.PNG","240730/GOMPlayer-230126/2.3.99.5369/Images/ACR-060/ACR-060_2.PNG"],"nonDeceptorImageFiles":[],"guid":"efb56f7a-0b79-4928-838b-8f58f2b68e6e_2.3.99.5369_1","appID":"GOMPlayer-230126","dateAdded":"250508","deceptorType":"App","name":"GOM Player","company":"GOM ","version":"2.3.99.5369","lastKnownStatus":"2.3.83.5350;2.3.86.5355;2.3.87.5356;2.3.88.5357;2.3.88.5358;2.3.89.5359;2.3.90.5360;2.3.91.5361;2.3.92.5362;2.3.93.5363;2.3.97.5367;2.3.99.5369;2.3.100.5370;2.3.108.5378","lastKnownDate":"250508","type":"Windows Executable","category":"Media players","targetOS":"Windows 10,Windows 11,Windows 8","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid,paid,display ads","lastUpdate":"2025-05-08T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":15,"sortOrder":325},{"violations":{"ACR-042":"Open source project \"FFmpeg\" is installed without any disclosure in EULA.\n","ACR-043":"Open source project \"FFmpeg\" is installed without any disclosure in EULA.\n","ACR-004":"The application doesn't provide a free fix (recovery) instead offering a subscription that the user needs to pay to fix it.\n","ACR-097":"The app adds an exception for Windows firewall without disclosing relevant info and getting consent from the user. \n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"4ddig-for-windows_11743708283096061301.exe","isInstaller":"True","companyName":"Tenorshare, Inc.                                            ","fileVersion":"0.0","hashMD5":"8c1b1fc35a7ccc9981ddacee00593f75","hashSHA1":"f4131d7877d3b68400548a28a173443d3343ca32","hashSHA256":"a18fbbed87cda9b4b6ed4aefa627cbf0c901f14892c2d2810c21cdde275b7664","digitalCertThumbprint":"2ECF0B0A0DE08C92DB144D11E6F3DC42DD0D0E13","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Tenorshare (Hongkong) Limited, O=Tenorshare (Hongkong) Limited, L=Sheung Wan, C=HK, SERIALNUMBER=3086133, OID.2.5.4.15=Private organization, OID.1.3.6.1.4.1.311.60.2.1.3=HK","sourceIndex":"228","avBlockList":["Avast Premium Security (20250501)","AVG Internet Security (20250501)","Avira Internet Security (20250501)","FortectPremium (20250501)","K7 Total Security (20250501)","Malwarebytes Premium (20250501)","Norton Security (20250501)","Panda Dome (20250501)","Quick Heal Internet Security (20250501)","Sophos Home Premium (20250501)","SpyHunter5 (20250501)","Total AV Antivirus Pro (20250501)","VirIT eXplorer PRO (20250501)","Webroot SecureAnywhere (20250501)"],"avAllowList":["360 Total Security (20250501)","Bitdefender Internet Security (20250501)","COMODO Antivirus (20250501)","Dr.Web Security Space (20250501)","ESET Internet Security (20250501)","G DATA INTERNET SECURITY (20250501)","KasperskyPremium (20250501)","McAfee Total Protection (20250501)","Trend Micro Internet Security (20250501)","VIPRE Advanced Security (20250501)","Windows Defender (20250501)"]},{"isRevoked":"False","fileName":"Tenorshare%204DDiG.exe","companyName":"Tenorshare","fileVersion":"10.3","hashMD5":"e82d61602b6b8dcaa109351a73353b99","hashSHA1":"db7bdd6ac657f8433c529a6c46e96223672baf23","hashSHA256":"b38fc662a80f473545b2c70719c1eb6fd1d3f5092cd07d66fa4ddb292b14404a","digitalCertThumbprint":"2ECF0B0A0DE08C92DB144D11E6F3DC42DD0D0E13","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Tenorshare (Hongkong) Limited, O=Tenorshare (Hongkong) Limited, L=Sheung Wan, C=HK, SERIALNUMBER=3086133, OID.2.5.4.15=Private organization, OID.1.3.6.1.4.1.311.60.2.1.3=HK","sourceIndex":"228","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt on Data recovery applications","reference":"","landingPage":"https://www.4ddig.net/windows-data-recovery.html","directDownloadingLink":"https://download.tenorshare.net/downloads/4ddig-for-windows_3311.exe?rnclid=11710227228693876802","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://download.tenorshare.net/downloads/4ddig-for-windows_3311.exe?rnclid=11710227228693876802","sourceIndex":"228"}],"sampleFiles":["250403/4DDiGWindowsDataRecovery-240312/10.3.3/Samples/4ddig-for-windows_11743708283096061301.exe","250403/4DDiGWindowsDataRecovery-240312/10.3.3/Samples/Tenorshare%204DDiG.exe"],"imageFiles":["250403/4DDiGWindowsDataRecovery-240312/10.3.3/Images/ACR-043/ffmpeg.png","250403/4DDiGWindowsDataRecovery-240312/10.3.3/Images/ACR-042/ffmpeg.png","250403/4DDiGWindowsDataRecovery-240312/10.3.3/Images/ACR-004/ACR-004.png","250403/4DDiGWindowsDataRecovery-240312/10.3.3/Images/ACR-004/subs.png","250403/4DDiGWindowsDataRecovery-240312/10.3.3/Images/ACR-097/firewall.png"],"nonDeceptorImageFiles":[],"guid":"25b482c4-0b0e-46b8-b9a2-09fc8dc8c802_10.3.3_1","appID":"4DDiGWindowsDataRecovery-240312","dateAdded":"250507","deceptorType":"App","name":"4DDiG Windows Data Recovery","company":"Tenorshare Co., Ltd.","version":"10.3.3","lastKnownStatus":"10.0.1.5;10.0.5.9;10.1.0.10;10.1.6.8;10.1.7.3;10.1.11.6;10.3.3;10.3.10","lastKnownDate":"250507","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 7,Windows 8,Windows 10,Windows 11","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2025-05-07T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":8,"sortOrder":346},{"violations":{"ACR-042":"Open source project \"FFmpeg\" is installed without any disclosure in EULA.\n","ACR-043":"Open source project \"FFmpeg\" is installed without any disclosure in EULA.\n","ACR-004":"The application doesn't provide a free fix (recovery) instead offering a subscription that the user needs to pay to fix it.\n","ACR-097":"The app adds an exception for Windows firewall without disclosing relevant info and getting consent from the user. \n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"4ddig-for-windows-bing_11746650068872042401.exe","isInstaller":"True","companyName":"Tenorshare, Inc.                                            ","fileVersion":"0.0","hashMD5":"44517e75e055dd7795906bb94d3b3b4f","hashSHA1":"70b3c1d8a228b484af28c7ce275678b22d0524d4","hashSHA256":"699c9b7bcab6f56623fb52f674ee2ff4441bddde617fc771a739e0dd03399563","digitalCertThumbprint":"2ECF0B0A0DE08C92DB144D11E6F3DC42DD0D0E13","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Tenorshare (Hongkong) Limited, O=Tenorshare (Hongkong) Limited, L=Sheung Wan, C=HK, SERIALNUMBER=3086133, OID.2.5.4.15=Private organization, OID.1.3.6.1.4.1.311.60.2.1.3=HK","sourceIndex":"211","avBlockList":["Avast Premium Security (20250724)","AVG Internet Security (20250724)","Avira Internet Security (20250724)","ESET Internet Security (20250724)","FortectPremium (20250724)","K7 Total Security (20250724)","Norton Security (20250724)","Panda Dome (20250724)","Sophos Home Premium (20250724)","SpyHunter5 (20250724)","Total AV Antivirus Pro (20250724)","VirIT eXplorer PRO (20250724)","Webroot SecureAnywhere (20250724)"],"avAllowList":["360 Total Security (20250724)","Bitdefender Internet Security (20250724)","COMODO Antivirus (20250724)","Dr.Web Security Space (20250724)","G DATA INTERNET SECURITY (20250724)","KasperskyPremium (20250724)","Malwarebytes Premium (20250724)","McAfee Total Protection (20250724)","Quick Heal Internet Security (20250724)","Trend Micro Internet Security (20250724)","VIPRE Advanced Security (20250724)","Windows Defender (20250724)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt on Data recovery applications","reference":"","landingPage":"https://www.4ddig.net/windows-data-recovery.html","directDownloadingLink":"https://download.tenorshare.net/downloads/4ddig-for-windows_3311.exe?rnclid=11710227228693876802","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://download.tenorshare.net/downloads/4ddig-for-windows_3311.exe?rnclid=11710227228693876802","sourceIndex":"211"}],"sampleFiles":[],"imageFiles":["250507/4DDiGWindowsDataRecovery-240312/10.3.10/Images/ACR-043/ffmpeg.png","250507/4DDiGWindowsDataRecovery-240312/10.3.10/Images/ACR-042/ffmpeg.png","250507/4DDiGWindowsDataRecovery-240312/10.3.10/Images/ACR-004/subs.png","250507/4DDiGWindowsDataRecovery-240312/10.3.10/Images/ACR-004/trial.png","250507/4DDiGWindowsDataRecovery-240312/10.3.10/Images/ACR-097/firewall.png"],"nonDeceptorImageFiles":[],"guid":"25b482c4-0b0e-46b8-b9a2-09fc8dc8c802_10.3.10_1","appID":"4DDiGWindowsDataRecovery-240312","dateAdded":"250507","deceptorType":"App","name":"4DDiG Windows Data Recovery","company":"Tenorshare Co., Ltd.","version":"10.3.10","lastKnownStatus":"10.0.1.5;10.0.5.9;10.1.0.10;10.1.6.8;10.1.7.3;10.1.11.6;10.3.3;10.3.10","lastKnownDate":"250507","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 7,Windows 8,Windows 10,Windows 11","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2025-05-07T22:24:01.2513527+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":8,"sortOrder":345},{"violations":{"ACR-004":"Application doesn't provide the free fix for the items reported in red color. It requires subscription payment to delete the duplicated items.\n","ACR-014":"App claims to provide full functional trial on landing page, but does not offer fix for reported items.\n"},"nonDeceptorViolations":{"ACR-167":"The app does not offer refund.\n"},"samples":[{"isRevoked":"False","fileName":"dfsetup.exe","isInstaller":"True","companyName":"Ashisoft                                                    ","productName":"Duplicate File Finder","productVersion":"8.1.0.1","fileVersion":"8.1.0.1","hashMD5":"da6ed1c95a3c22bafab9a6e2dc42e80e","hashSHA1":"084326a1501dad4b856b52ad75aadc219a514bc4","hashSHA256":"b06974f71b59cd2da3d42ed9e5714a65348f13646d173994e27909127a861681","digitalCertThumbprint":"10C989EFC6C5EABCAED525B5A73A24A077FFD5F8","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Ashisoft, O=Ashisoft, STREET=11-4-613/1 A.C Guards, L=Hyderabad, S=Telangana, PostalCode=500004, C=IN","sourceIndex":"555","avBlockList":["Dr.Web Security Space (20250508)","ESET Internet Security (20250508)","Panda Dome (20250508)","Sophos Home Premium (20250508)","SpyHunter5 (20250508)","VirIT eXplorer PRO (20250508)","Webroot SecureAnywhere (20250508)","FortectPremium (20250508)"],"avAllowList":["360 Total Security (20250508)","Avast Premium Security (20250508)","AVG Internet Security (20250508)","Avira Internet Security (20250508)","Bitdefender Internet Security (20250508)","COMODO Antivirus (20250508)","G DATA INTERNET SECURITY (20250508)","K7 Total Security (20250508)","KasperskyPremium (20250508)","Malwarebytes Premium (20250508)","McAfee Total Protection (20250508)","Norton Security (20250508)","Quick Heal Internet Security (20250508)","Total AV Antivirus Pro (20250508)","Trend Micro Internet Security (20250508)","VIPRE Advanced Security (20250508)","Windows Defender (20250508)"]},{"isRevoked":"False","fileName":"DF8.exe","companyName":"Ashisoft","productName":"Duplicate File Finder","productVersion":"8.1.0.1","fileVersion":"8.1.0.1","hashMD5":"45e92ad8fb0195dd366dbd5614704ad4","hashSHA1":"92ff9917c98fb6c8aacc727175f9db1c2587d4b8","hashSHA256":"5eb458d274584ed92e6fd872f8a041a39a7ad2f693b750b6c204942364310e02","digitalCertThumbprint":"10C989EFC6C5EABCAED525B5A73A24A077FFD5F8","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Ashisoft, O=Ashisoft, STREET=11-4-613/1 A.C Guards, L=Hyderabad, S=Telangana, PostalCode=500004, C=IN","sourceIndex":"555","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"random search","reference":"","landingPage":"https://www.ashisoft.com","directDownloadingLink":"https://www.ashisoft.com/downloads/dfsetup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.ashisoft.com/downloads/dfsetup.exe","sourceIndex":"555"}],"sampleFiles":["240909/DuplicateFileFinder-240907/8.1.0.1/Samples/dfsetup.exe","240909/DuplicateFileFinder-240907/8.1.0.1/Samples/DF8.exe"],"imageFiles":["240909/DuplicateFileFinder-240907/8.1.0.1/Images/ACR-004/ACR-004_Software_1.png","240909/DuplicateFileFinder-240907/8.1.0.1/Images/ACR-004/ACR-004_Software_2.png","240909/DuplicateFileFinder-240907/8.1.0.1/Images/ACR-004/ACR-004_Software_3.png","240909/DuplicateFileFinder-240907/8.1.0.1/Images/ACR-014/ACR-014_Software_1.png","240909/DuplicateFileFinder-240907/8.1.0.1/Images/ACR-014/ACR-014_Software_2.png","240909/DuplicateFileFinder-240907/8.1.0.1/Images/ACR-014/ACR-014_Software_3.png"],"nonDeceptorImageFiles":["240909/DuplicateFileFinder-240907/8.1.0.1/Images/ACR-167/ACR-167_Docs_1.png"],"guid":"d700bfca-b588-416b-b8b6-2dab9d6a75fb_8.1.0.1_1","appID":"DuplicateFileFinder-240907","dateAdded":"250507","deceptorType":"App","name":"Duplicate File Finder","company":"Ashisoft","version":"8.1.0.1","lastKnownStatus":"8.1.0.1;8.1.0.5","lastKnownDate":"250507","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10,Windows 11","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2025-05-07T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":344},{"violations":{"ACR-004":"Application doesn't provide the free fix for the items reported in red color. It requires subscription payment to delete the duplicated items.\n","ACR-014":"App claims to provide full functional trial on landing page, but does not offer fix for reported items.\n"},"nonDeceptorViolations":{"ACR-167":"The app does not offer refund.\n"},"samples":[{"isRevoked":"False","fileName":"dfsetup-8.1.0.5.exe","isInstaller":"True","companyName":"Ashisoft                                                    ","fileVersion":"8.1","hashMD5":"058559cab9d3699ea591885f48c9ae41","hashSHA1":"f7ccf8793c3d2901ed1274b11c05b22eed82934a","hashSHA256":"ba7bf612e9365c9c3668ee79674e37b1148a2e7dcd21ed238520d84fe70353cc","digitalCertThumbprint":"2399A81E982624BE416A2C72EF0CF2629D6F0776","digitalCertIssuer":"CN=Sectigo Public Code Signing CA R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=Ashisoft, O=Ashisoft, S=Telangana, C=IN","sourceIndex":"212","avBlockList":["Dr.Web Security Space (20250722)","ESET Internet Security (20250722)","K7 Total Security (20250722)","Panda Dome (20250722)","Quick Heal Internet Security (20250722)","Sophos Home Premium (20250722)","SpyHunter5 (20250722)","VirIT eXplorer PRO (20250722)","Webroot SecureAnywhere (20250722)"],"avAllowList":["360 Total Security (20250722)","Avast Premium Security (20250722)","AVG Internet Security (20250722)","Avira Internet Security (20250722)","Bitdefender Internet Security (20250722)","COMODO Antivirus (20250722)","FortectPremium (20250722)","G DATA INTERNET SECURITY (20250722)","KasperskyPremium (20250722)","Malwarebytes Premium (20250722)","McAfee Total Protection (20250722)","Norton Security (20250722)","Total AV Antivirus Pro (20250722)","Trend Micro Internet Security (20250722)","VIPRE Advanced Security (20250722)","Windows Defender (20250722)"]},{"isRevoked":"False","fileName":"DF8.exe","companyName":"Ashisoft","fileVersion":"8.1","hashMD5":"e485fcadfc2aa00b86019416c2917dd1","hashSHA1":"d4cb95708381a55bc68d13b65b47bb5bf65da73d","hashSHA256":"bfe373c900654e8996c7ec61d3ef8074ea60667ca7a7868abc2fb0e783fce352","digitalCertThumbprint":"2399A81E982624BE416A2C72EF0CF2629D6F0776","digitalCertIssuer":"CN=Sectigo Public Code Signing CA R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=Ashisoft, O=Ashisoft, S=Telangana, C=IN","sourceIndex":"212","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"random search","reference":"","landingPage":"https://www.ashisoft.com","directDownloadingLink":"https://www.ashisoft.com/downloads/dfsetup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.ashisoft.com/downloads/dfsetup.exe","sourceIndex":"212"}],"sampleFiles":["250507/DuplicateFileFinder-240907/8.1.0.5/Samples/dfsetup-8.1.0.5.exe","250507/DuplicateFileFinder-240907/8.1.0.5/Samples/DF8.exe"],"imageFiles":["250507/DuplicateFileFinder-240907/8.1.0.5/Images/ACR-004/colors.png","250507/DuplicateFileFinder-240907/8.1.0.5/Images/ACR-004/sub.png","250507/DuplicateFileFinder-240907/8.1.0.5/Images/ACR-004/trial_limit.png","250507/DuplicateFileFinder-240907/8.1.0.5/Images/ACR-014/014.png","250507/DuplicateFileFinder-240907/8.1.0.5/Images/ACR-014/trial_limit.png"],"nonDeceptorImageFiles":["250507/DuplicateFileFinder-240907/8.1.0.5/Images/ACR-167/014.png"],"guid":"d700bfca-b588-416b-b8b6-2dab9d6a75fb_8.1.0.5_1","appID":"DuplicateFileFinder-240907","dateAdded":"250507","deceptorType":"App","name":"Duplicate File Finder","company":"Ashisoft","version":"8.1.0.5","lastKnownStatus":"8.1.0.1;8.1.0.5","lastKnownDate":"250507","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10,Windows 11","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2025-05-07T21:54:18.363911+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":343},{"violations":{"ACR-042":"Open source project \"FFmpeg\" is installed without any disclosure in EULA.\n","ACR-043":"Open source project \"FFmpeg\" is installed without any disclosure in EULA.\n","ACR-046":"collecting data via \"Participate in customer experience improvement plan\" is checked by default and not visible to user by default. No relevant disclosure what data it collects.\n","ACR-048":"The app does not provide any control to cancel the installation.\nThe app does not provide any control to remove its background process completely within the app's settings.\n","ACR-004":"The application doesn't provide a free fix (recovery) instead offering a subscription that the user needs to pay to fix it.\n","ACR-084":"On closing the app, the application doesn't exit completely. It runs silently in the background, hiding the fact that it is active from the consumer without any notification.\n","ACR-097":"The app adds an exception for Windows firewall without disclosing relevant info and getting consent from the user. \n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components on the device without the consumer's consent or notifying the user.\n"},"nonDeceptorViolations":{"ACR-040":"The app drops some of its components in a hidden folder.\n","ACR-123":"Even after a reboot and uninstall, the application did not remove itself from the firewall exception that was added during installation.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\Tenorshare\\Tenorshare 4DDiG\\Tenorshare 4DDiG.exe","companyName":"Tenorshare","productName":"Tenorshare 4DDiG","productVersion":"10.1.6.8","fileVersion":"10.1.6.8","hashMD5":"f9ad2537d6af6a4d1d5bc36d900fa0a3","hashSHA1":"9d1b3a0e38bea820adf9e801f135e3b299705af0","hashSHA256":"459e52cdde9f8b6ee1580c09ad1dd4524e4f03511049971f97fab398da1e0ae0","digitalCertThumbprint":"2ECF0B0A0DE08C92DB144D11E6F3DC42DD0D0E13","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Tenorshare (Hongkong) Limited","storeId":"","sourceIndex":"577","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"4ddig-for-windows_11710227228693876802.exe","isInstaller":"True","companyName":"Tenorshare Co. Ltd.","productName":"20231116101148","productVersion":"2.7.17.0","fileVersion":"2.7.17.0","hashMD5":"073303d88aa6414ee461b318bb1a6699","hashSHA1":"1954e29fd8a9ab7cedf29af50d1ad5600249195e","hashSHA256":"3680367e959c9f01e67ae2eb617ec32fc7391991bdb51fc2a9853dd322ef46ea","digitalCertThumbprint":"59FECDA87C479A14A82E3EF696F9E6A9002A3752","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Tenorshare Co. Ltd.","storeId":"","sourceIndex":"577","avBlockList":["Avast Premium Security (20240903)","AVG Internet Security (20240903)","Avira Internet Security (20240903)","Bitdefender Internet Security (20240903)","ESET Internet Security (20240903)","FortectPremium (20240903)","G DATA INTERNET SECURITY (20240903)","K7 Total Security (20240903)","Malwarebytes Premium (20240903)","Norton Security (20240903)","Panda Dome (20240903)","Quick Heal Internet Security (20240903)","Sophos Home Premium (20240903)","SpyHunter5 (20240903)","Total AV Antivirus Pro (20240903)","VirIT eXplorer PRO (20240903)","Windows Defender (20240903)"],"avAllowList":["360 Total Security (20240903)","COMODO Antivirus (20240903)","Dr.Web Security Space (20240903)","KasperskyPremium (20240903)","McAfee Total Protection (20240903)","Trend Micro Internet Security (20240903)","VIPRE Advanced Security (20240903)","Webroot SecureAnywhere (20240903)"]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on windows app","reference":"","landingPage":"https://www.4ddig.net/windows-data-recovery.html","directDownloadingLink":"https://download.tenorshare.net/downloads/4ddig-for-windows_3311.exe?rnclid=11710227228693876802","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://download.tenorshare.net/downloads/4ddig-for-windows_3311.exe?rnclid=11710227228693876802","sourceIndex":"577"}],"sampleFiles":["240806/4DDiGWindowsDataRecovery-240312/10.1.6.8/Samples/4ddig-for-windows_11710227228693876802.exe"],"imageFiles":["240806/4DDiGWindowsDataRecovery-240312/10.1.6.8/Images/ACR-043/ACR-043.PNG","240806/4DDiGWindowsDataRecovery-240312/10.1.6.8/Images/ACR-046/ACR-046.PNG","240806/4DDiGWindowsDataRecovery-240312/10.1.6.8/Images/ACR-046/ACR-046_1.PNG","240806/4DDiGWindowsDataRecovery-240312/10.1.6.8/Images/ACR-042/ACR-042.PNG","240806/4DDiGWindowsDataRecovery-240312/10.1.6.8/Images/ACR-048/ACR-048.PNG","240806/4DDiGWindowsDataRecovery-240312/10.1.6.8/Images/ACR-004/ACR-004.PNG","240806/4DDiGWindowsDataRecovery-240312/10.1.6.8/Images/ACR-004/ACR-004_1.PNG","240806/4DDiGWindowsDataRecovery-240312/10.1.6.8/Images/ACR-084/ACR-084.PNG","240806/4DDiGWindowsDataRecovery-240312/10.1.6.8/Images/ACR-097/ACR-097.PNG","240806/4DDiGWindowsDataRecovery-240312/10.1.6.8/Images/ACR-048/ACR-048_1.PNG","240806/4DDiGWindowsDataRecovery-240312/10.1.6.8/Images/ACR-118/ACR-118.PNG"],"nonDeceptorImageFiles":["240806/4DDiGWindowsDataRecovery-240312/10.1.6.8/Images/ACR-040/ACR-040.PNG","240806/4DDiGWindowsDataRecovery-240312/10.1.6.8/Images/ACR-123/ACR-123.PNG"],"guid":"25b482c4-0b0e-46b8-b9a2-09fc8dc8c802_10.1.6.8_1","appID":"4DDiGWindowsDataRecovery-240312","dateAdded":"250507","deceptorType":"App","name":"4DDiG Windows Data Recovery","company":"Tenorshare Co., Ltd.","version":"10.1.6.8","lastKnownStatus":"10.0.1.5;10.0.5.9;10.1.0.10;10.1.6.8;10.1.7.3;10.1.11.6;10.3.3;10.3.10","lastKnownDate":"250507","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10,Windows 11","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2025-05-07T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":8,"sortOrder":349},{"violations":{"ACR-042":"Open source project \"FFmpeg\" is installed without any disclosure in EULA.\n","ACR-043":"Open source project \"FFmpeg\" is installed without any disclosure in EULA.\n","ACR-046":"collecting data via \"Participate in customer experience improvement plan\" is checked by default and not visible to user by default. No relevant disclosure what data it collects.\n","ACR-048":"The app does not provide any control to cancel the installation.\nThe app does not provide any control to remove its background process completely within the app's settings.\n","ACR-004":"The application doesn't provide a free fix (recovery) instead offering a subscription that the user needs to pay to fix it.\n","ACR-084":"On closing the app, the application doesn't exit completely. It runs silently in the background, hiding the fact that it is active from the consumer without any notification.\n","ACR-097":"The app adds an exception for Windows firewall without disclosing relevant info and getting consent from the user. \n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components on the device without the consumer's consent or notifying the user.\n"},"nonDeceptorViolations":{"ACR-040":"The app drops some of its components in a hidden folder.\n","ACR-123":"Even after a reboot and uninstall, the application did not remove itself from the firewall exception that was added during installation.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\Tenorshare\\Tenorshare 4DDiG\\Tenorshare 4DDiG.exe","companyName":"Tenorshare","productName":"Tenorshare 4DDiG","productVersion":"10.1.0.10","fileVersion":"10.1.0.10","hashMD5":"00a8758d1dc48ff4e4576fea87caa13b","hashSHA1":"0f7c5d3e301dc600f716751ec8c91bdbe793288e","hashSHA256":"68d1c118ed32eae2ed7b623a54d67506ae1450af0e6a4f7bd05d622a79ea8334","digitalCertThumbprint":"2ECF0B0A0DE08C92DB144D11E6F3DC42DD0D0E13","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Tenorshare (Hongkong) Limited","storeId":"","sourceIndex":"631","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\ProgramData\\Tenorshare\\Service\\TenorshareUpdateAssistant.exe","companyName":"Tenorshare","productName":"TenorshareUpdateAssistant","productVersion":"1. 0. 0. 73-d-cbc9bedb","fileVersion":"1. 0. 0. 73-d-cbc9bedb","hashMD5":"338ce1f2ea90a7f430b58d432da2114d","hashSHA1":"7a0e1ebdc23dca717b22c5b990aa5e1c0303ef99","hashSHA256":"90c499eba010ec71c65a15c2f1c2aa9e58b7c1973e5b05d8eb697a2f206bb9d7","digitalCertThumbprint":"2ECF0B0A0DE08C92DB144D11E6F3DC42DD0D0E13","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Tenorshare (Hongkong) Limited","storeId":"","sourceIndex":"631","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\ProgramData\\Tenorshare\\Service\\TenorshareUpdateAssistantService.exe","companyName":"Tenorshare","productName":"TenorshareUpdateAssistantService","productVersion":"1. 0. 0. 73-d-cbc9bedb","fileVersion":"1. 0. 0. 73-d-cbc9bedb","hashMD5":"5f32ac8130382819898c624ab73e5df9","hashSHA1":"d33b7a05bd3f4b1241fdb5c0a4a5f33987c7571b","hashSHA256":"bb611078c22d9bdf3c0557f8054c74696184e9b67be8fef52d5c282582ce28d8","digitalCertThumbprint":"2ECF0B0A0DE08C92DB144D11E6F3DC42DD0D0E13","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Tenorshare (Hongkong) Limited","storeId":"","sourceIndex":"631","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"4ddig-for-windows.exe","isInstaller":"True","companyName":"Tenorshare Co. Ltd.","productName":"20230616145514","productVersion":"2.7.11.0","fileVersion":"2.7.11.0","hashMD5":"6959949d30bb64c6c0586597862fe0db","hashSHA1":"afdb5e6f6fb4d42518500d6c5eb063ba9ba23b17","hashSHA256":"7f61355d779e864d305b3e02f6aa09da634e06e82353255340dd01e2144256e3","digitalCertThumbprint":"59FECDA87C479A14A82E3EF696F9E6A9002A3752","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Tenorshare Co. Ltd.","storeId":"","sourceIndex":"631","avBlockList":["Avast Premium Security (20240815)","AVG Internet Security (20240815)","Avira Internet Security (20240815)","ESET Internet Security (20240815)","G DATA INTERNET SECURITY (20240815)","K7 Total Security (20240815)","Malwarebytes Premium (20240815)","Norton Security (20240815)","Panda Dome (20240815)","Sophos Home Premium (20240815)","SpyHunter5 (20240815)","Total AV Antivirus Pro (20240815)","VirIT eXplorer PRO (20240815)","Windows Defender (20240815)","FortectPremium (20240815)"],"avAllowList":["360 Total Security (20240815)","Bitdefender Internet Security (20240815)","COMODO Antivirus (20240815)","Dr.Web Security Space (20240815)","Kaspersky Internet Security (20240604)","McAfee Total Protection (20240815)","Quick Heal Internet Security (20240815)","Trend Micro Internet Security (20240815)","VIPRE Advanced Security (20240815)","Webroot SecureAnywhere (20240815)","KasperskyPremium (20240815)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt on Data recovery applications","reference":"","landingPage":"https://www.4ddig.net/windows-data-recovery.html","directDownloadingLink":"https://download.tenorshare.net/downloads/4ddig-for-windows_3311.exe?rnclid=11710227228693876802","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://download.tenorshare.net/downloads/4ddig-for-windows_3311.exe?rnclid=11710227228693876802","sourceIndex":"631"}],"sampleFiles":["240604/4DDiGWindowsDataRecovery-240312/10.1.0.10/Samples/4ddig-for-windows.exe"],"imageFiles":["240604/4DDiGWindowsDataRecovery-240312/10.1.0.10/Images/ACR-043/ACR-043.PNG","240604/4DDiGWindowsDataRecovery-240312/10.1.0.10/Images/ACR-046/ACR-046.PNG","240604/4DDiGWindowsDataRecovery-240312/10.1.0.10/Images/ACR-046/ACR-046_1.PNG","240604/4DDiGWindowsDataRecovery-240312/10.1.0.10/Images/ACR-042/ACR-042.PNG","240604/4DDiGWindowsDataRecovery-240312/10.1.0.10/Images/ACR-048/ACR-048.PNG","240604/4DDiGWindowsDataRecovery-240312/10.1.0.10/Images/ACR-004/ACR-004.PNG","240604/4DDiGWindowsDataRecovery-240312/10.1.0.10/Images/ACR-004/ACR-004_1.PNG","240604/4DDiGWindowsDataRecovery-240312/10.1.0.10/Images/ACR-084/ACR-084.PNG","240604/4DDiGWindowsDataRecovery-240312/10.1.0.10/Images/ACR-097/ACR-097.PNG","240604/4DDiGWindowsDataRecovery-240312/10.1.0.10/Images/ACR-048/ACR-048_1.PNG","240604/4DDiGWindowsDataRecovery-240312/10.1.0.10/Images/ACR-118/ACR-118.PNG"],"nonDeceptorImageFiles":["240604/4DDiGWindowsDataRecovery-240312/10.1.0.10/Images/ACR-040/ACR-040.PNG","240604/4DDiGWindowsDataRecovery-240312/10.1.0.10/Images/ACR-123/ACR-123.PNG"],"guid":"25b482c4-0b0e-46b8-b9a2-09fc8dc8c802_10.1.0.10_1","appID":"4DDiGWindowsDataRecovery-240312","dateAdded":"250507","deceptorType":"App","name":"4DDiG Windows Data Recovery","company":"Tenorshare Co., Ltd.","version":"10.1.0.10","lastKnownStatus":"10.0.1.5;10.0.5.9;10.1.0.10;10.1.6.8;10.1.7.3;10.1.11.6;10.3.3;10.3.10","lastKnownDate":"250507","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10,Windows 11","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2025-05-07T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":8,"sortOrder":350},{"violations":{"ACR-042":"Open source project \"FFmpeg\" is installed without any disclosure in EULA.\n","ACR-043":"Open source project \"FFmpeg\" is installed without any disclosure in EULA.\n","ACR-046":"collecting data via \"Participate in customer experience improvement plan\" is checked by default and not visible to user by default. No relevant disclosure what data it collects.\n","ACR-048":"The app does not provide any control to cancel the installation.\n","ACR-004":"The application doesn't provide a free fix (recovery) instead offering a subscription that the user needs to pay to fix it.\n","ACR-097":"The app adds an exception for Windows firewall to lower default default system security posture without disclosing relevant info and get consent from user. \n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components on the device without the consumer's consent or notifying the user.\n"},"nonDeceptorViolations":{"ACR-040":"The app drops some of its components in a hidden folder.\n","ACR-123":"Even after a reboot and uninstall, the application did not remove itself from the firewall exception that was added during installation.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\Tenorshare\\Tenorshare 4DDiG\\Tenorshare 4DDiG.exe","companyName":"Tenorshare","productName":"Tenorshare 4DDiG","productVersion":"10.0.5.9","fileVersion":"10.0.5.9","hashMD5":"d80ce42aeb018f5d80aff4aa063b735a","hashSHA1":"fd4b085c36a646d7b1be1c4927b105533d2f0a9f","hashSHA256":"d3decf0d5067a0cd2c830db122c13e1f8cac7938754b63271d7fa054cad888ec","digitalCertThumbprint":"2ECF0B0A0DE08C92DB144D11E6F3DC42DD0D0E13","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Tenorshare (Hongkong) Limited","storeId":"","sourceIndex":"652","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"4ddig-for-windows.exe","isInstaller":"True","companyName":"Tenorshare Co. Ltd.","productName":"20230616145514","productVersion":"2.7.11.0","fileVersion":"2.7.11.0","hashMD5":"6959949d30bb64c6c0586597862fe0db","hashSHA1":"afdb5e6f6fb4d42518500d6c5eb063ba9ba23b17","hashSHA256":"7f61355d779e864d305b3e02f6aa09da634e06e82353255340dd01e2144256e3","digitalCertThumbprint":"59FECDA87C479A14A82E3EF696F9E6A9002A3752","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Tenorshare Co. Ltd.","storeId":"","sourceIndex":"652","avBlockList":["Avast Premium Security (20240815)","AVG Internet Security (20240815)","Avira Internet Security (20240815)","ESET Internet Security (20240815)","G DATA INTERNET SECURITY (20240815)","K7 Total Security (20240815)","Malwarebytes Premium (20240815)","Norton Security (20240815)","Panda Dome (20240815)","Sophos Home Premium (20240815)","SpyHunter5 (20240815)","Total AV Antivirus Pro (20240815)","VirIT eXplorer PRO (20240815)","Windows Defender (20240815)","FortectPremium (20240815)"],"avAllowList":["360 Total Security (20240815)","Bitdefender Internet Security (20240815)","COMODO Antivirus (20240815)","Dr.Web Security Space (20240815)","Kaspersky Internet Security (20240604)","McAfee Total Protection (20240815)","Quick Heal Internet Security (20240815)","Trend Micro Internet Security (20240815)","VIPRE Advanced Security (20240815)","Webroot SecureAnywhere (20240815)","KasperskyPremium (20240815)"]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on windows app","reference":"","landingPage":"https://www.4ddig.net/windows-data-recovery.html","directDownloadingLink":"https://download.tenorshare.net/downloads/4ddig-for-windows_3311.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://download.tenorshare.net/downloads/4ddig-for-windows_3311.exe","sourceIndex":"652"}],"sampleFiles":["240429/4DDiGWindowsDataRecovery-240312/10.0.5.9/Samples/4ddig-for-windows.exe"],"imageFiles":["240429/4DDiGWindowsDataRecovery-240312/10.0.5.9/Images/ACR-043/ACR-043.PNG","240429/4DDiGWindowsDataRecovery-240312/10.0.5.9/Images/ACR-046/ACR-046.PNG","240429/4DDiGWindowsDataRecovery-240312/10.0.5.9/Images/ACR-046/ACR-046_1.PNG","240429/4DDiGWindowsDataRecovery-240312/10.0.5.9/Images/ACR-042/ACR-042.PNG","240429/4DDiGWindowsDataRecovery-240312/10.0.5.9/Images/ACR-048/ACR-048.PNG","240429/4DDiGWindowsDataRecovery-240312/10.0.5.9/Images/ACR-004/ACR-004.PNG","240429/4DDiGWindowsDataRecovery-240312/10.0.5.9/Images/ACR-004/ACR-004_1.PNG","240429/4DDiGWindowsDataRecovery-240312/10.0.5.9/Images/ACR-097/ACR-097.PNG","240429/4DDiGWindowsDataRecovery-240312/10.0.5.9/Images/ACR-118/ACR-118.PNG"],"nonDeceptorImageFiles":["240429/4DDiGWindowsDataRecovery-240312/10.0.5.9/Images/ACR-040/ACR-040.PNG","240429/4DDiGWindowsDataRecovery-240312/10.0.5.9/Images/ACR-123/ACR-123.PNG"],"guid":"25b482c4-0b0e-46b8-b9a2-09fc8dc8c802_10.0.5.9_1","appID":"4DDiGWindowsDataRecovery-240312","dateAdded":"250507","deceptorType":"App","name":"4DDiG Windows Data Recovery","company":"Tenorshare Co., Ltd.","version":"10.0.5.9","lastKnownStatus":"10.0.1.5;10.0.5.9;10.1.0.10;10.1.6.8;10.1.7.3;10.1.11.6;10.3.3;10.3.10","lastKnownDate":"250507","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10,Windows 11","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2025-05-07T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":8,"sortOrder":351},{"violations":{"ACR-042":"Open source project \"FFmpeg\" is installed without any disclosure in EULA.\n","ACR-043":"Open source project \"FFmpeg\" is installed without any disclosure in EULA.\n","ACR-046":"Collecting data via \"Participate in customer experience improvement plan\" is checked by default and not visible to user by default. No relevant disclosure what data it collects.\n","ACR-048":"The app does not provide any control to cancel the installation.\n","ACR-004":"The application doesn't provide a free fix (recovery) instead offering a subscription that the user needs to pay to fix it.\n","ACR-097":"The app adds an exception for Windows firewall without disclosing relevant info and getting consent from the user. \n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components on the device without the consumer's consent or notifying the user.\n"},"nonDeceptorViolations":{"ACR-040":"The app drops some of its components in a hidden folder other than installation folder\n","ACR-123":"Even after a reboot and uninstall, the application did not remove itself from the firewall exception that was added during installation.\n"},"samples":[{"isRevoked":"False","fileName":"4ddig-for-windows_11724157846097984001.exe","isInstaller":"True","companyName":"Tenorshare Co. Ltd.","productName":"20231116101148","productVersion":"2.7.17.0","fileVersion":"2.7.17.0","hashMD5":"073303d88aa6414ee461b318bb1a6699","hashSHA1":"1954e29fd8a9ab7cedf29af50d1ad5600249195e","hashSHA256":"3680367e959c9f01e67ae2eb617ec32fc7391991bdb51fc2a9853dd322ef46ea","digitalCertThumbprint":"59FECDA87C479A14A82E3EF696F9E6A9002A3752","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Tenorshare Co. Ltd.","storeId":"","sourceIndex":"572","avBlockList":["Avast Premium Security (20240903)","AVG Internet Security (20240903)","Avira Internet Security (20240903)","Bitdefender Internet Security (20240903)","ESET Internet Security (20240903)","FortectPremium (20240903)","G DATA INTERNET SECURITY (20240903)","K7 Total Security (20240903)","Malwarebytes Premium (20240903)","Norton Security (20240903)","Panda Dome (20240903)","Quick Heal Internet Security (20240903)","Sophos Home Premium (20240903)","SpyHunter5 (20240903)","Total AV Antivirus Pro (20240903)","VirIT eXplorer PRO (20240903)","Windows Defender (20240903)"],"avAllowList":["360 Total Security (20240903)","COMODO Antivirus (20240903)","Dr.Web Security Space (20240903)","KasperskyPremium (20240903)","McAfee Total Protection (20240903)","Trend Micro Internet Security (20240903)","VIPRE Advanced Security (20240903)","Webroot SecureAnywhere (20240903)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt on Data recovery applications","reference":"","landingPage":"https://www.4ddig.net/windows-data-recovery.html","directDownloadingLink":"https://download.tenorshare.net/downloads/4ddig-for-windows_3311.exe?rnclid=11710227228693876802","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://download.tenorshare.net/downloads/4ddig-for-windows_3311.exe?rnclid=11710227228693876802","sourceIndex":"572"}],"sampleFiles":["240821/4DDiGWindowsDataRecovery-240312/10.1.7.3/Samples/4ddig-for-windows_11724157846097984001.exe"],"imageFiles":["240821/4DDiGWindowsDataRecovery-240312/10.1.7.3/Images/ACR-043/ACR-043.PNG","240821/4DDiGWindowsDataRecovery-240312/10.1.7.3/Images/ACR-046/ACR-046.PNG","240821/4DDiGWindowsDataRecovery-240312/10.1.7.3/Images/ACR-046/ACR-046_1.PNG","240821/4DDiGWindowsDataRecovery-240312/10.1.7.3/Images/ACR-042/ACR-042.PNG","240821/4DDiGWindowsDataRecovery-240312/10.1.7.3/Images/ACR-048/ACR-048.PNG","240821/4DDiGWindowsDataRecovery-240312/10.1.7.3/Images/ACR-004/ACR-004.PNG","240821/4DDiGWindowsDataRecovery-240312/10.1.7.3/Images/ACR-004/ACR-004_1.PNG","240821/4DDiGWindowsDataRecovery-240312/10.1.7.3/Images/ACR-097/ACR-097.PNG","240821/4DDiGWindowsDataRecovery-240312/10.1.7.3/Images/ACR-118/ACR-118.PNG"],"nonDeceptorImageFiles":["240821/4DDiGWindowsDataRecovery-240312/10.1.7.3/Images/ACR-040/ACR-040.PNG","240821/4DDiGWindowsDataRecovery-240312/10.1.7.3/Images/ACR-123/ACR-123.PNG"],"guid":"25b482c4-0b0e-46b8-b9a2-09fc8dc8c802_10.1.7.3_1","appID":"4DDiGWindowsDataRecovery-240312","dateAdded":"250507","deceptorType":"App","name":"4DDiG Windows Data Recovery","company":"Tenorshare Co., Ltd.","version":"10.1.7.3","lastKnownStatus":"10.0.1.5;10.0.5.9;10.1.0.10;10.1.6.8;10.1.7.3;10.1.11.6;10.3.3;10.3.10","lastKnownDate":"250507","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10,Windows 11","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2025-05-07T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":8,"sortOrder":348},{"violations":{"ACR-042":"Open source project \"FFmpeg\" is installed without any disclosure in EULA.\n","ACR-043":"Open source project \"FFmpeg\" is installed without any disclosure in EULA.\n","ACR-046":"Collecting data via \"Participate in customer experience improvement plan\" is checked by default and not visible to user by default. No relevant disclosure what data it collects.\n","ACR-048":"The app does not provide any control to cancel the installation.\n","ACR-004":"The application doesn't provide a free fix (recovery) instead offering a subscription that the user needs to pay to fix it.\n","ACR-097":"The app adds an exception for Windows firewall without disclosing relevant info and getting consent from the user. \n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components on the device without the consumer's consent or notifying the user.\n"},"nonDeceptorViolations":{"ACR-040":"The app drops some of its components in a hidden folder other than installation folder\n","ACR-123":"Even after a reboot and uninstall, the application did not remove itself from the firewall exception that was added during installation.\n"},"samples":[{"isRevoked":"False","fileName":"4ddig-for-windows_11726574506280863301.exe","isInstaller":"True","companyName":"Tenorshare Co. Ltd.","productName":"20240902145830","productVersion":"2.7.19.0","fileVersion":"2.7.19.0","hashMD5":"46425ae1f1ff74a3dda134176825132d","hashSHA1":"06372c37e4cbd57b7d05b4aa48af55c63bdd2f05","hashSHA256":"c51e258bbc1d0ac9935f7a547050071c392a8d3c5f3da8e77c04045cdcc8f6c2","digitalCertThumbprint":"2ECF0B0A0DE08C92DB144D11E6F3DC42DD0D0E13","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Tenorshare (Hongkong) Limited","storeId":"","sourceIndex":"534","avBlockList":["Avast Premium Security (20241212)","AVG Internet Security (20241212)","Avira Internet Security (20241212)","ESET Internet Security (20241212)","G DATA INTERNET SECURITY (20241212)","K7 Total Security (20241212)","Malwarebytes Premium (20241212)","Norton Security (20241212)","Panda Dome (20241212)","Quick Heal Internet Security (20241212)","Sophos Home Premium (20241212)","SpyHunter5 (20241212)","Total AV Antivirus Pro (20241212)","VirIT eXplorer PRO (20241212)","Webroot SecureAnywhere (20241212)","FortectPremium (20241212)"],"avAllowList":["360 Total Security (20241212)","Bitdefender Internet Security (20241212)","COMODO Antivirus (20241212)","Dr.Web Security Space (20241212)","KasperskyPremium (20241212)","McAfee Total Protection (20241212)","Trend Micro Internet Security (20241212)","VIPRE Advanced Security (20241212)","Windows Defender (20241212)"]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on windows app","reference":"","landingPage":"https://www.4ddig.net/windows-data-recovery.html","directDownloadingLink":"https://download.tenorshare.net/downloads/4ddig-for-windows_3311.exe?rnclid=11726574506280863302","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://download.tenorshare.net/downloads/4ddig-for-windows_3311.exe?rnclid=11726574506280863302","sourceIndex":"534"}],"sampleFiles":["240923/4DDiGWindowsDataRecovery-240312/10.1.11.6/Samples/4ddig-for-windows_11726574506280863301.exe"],"imageFiles":["240923/4DDiGWindowsDataRecovery-240312/10.1.11.6/Images/ACR-043/ACR-043.PNG","240923/4DDiGWindowsDataRecovery-240312/10.1.11.6/Images/ACR-046/ACR-046.PNG","240923/4DDiGWindowsDataRecovery-240312/10.1.11.6/Images/ACR-046/ACR-046_1.PNG","240923/4DDiGWindowsDataRecovery-240312/10.1.11.6/Images/ACR-042/ACR-042.PNG","240923/4DDiGWindowsDataRecovery-240312/10.1.11.6/Images/ACR-048/ACR-048.PNG","240923/4DDiGWindowsDataRecovery-240312/10.1.11.6/Images/ACR-004/ACR-004.PNG","240923/4DDiGWindowsDataRecovery-240312/10.1.11.6/Images/ACR-004/ACR-004_1.PNG","240923/4DDiGWindowsDataRecovery-240312/10.1.11.6/Images/ACR-097/ACR-097.PNG","240923/4DDiGWindowsDataRecovery-240312/10.1.11.6/Images/ACR-118/ACR-118.PNG"],"nonDeceptorImageFiles":["240923/4DDiGWindowsDataRecovery-240312/10.1.11.6/Images/ACR-040/ACR-040.PNG","240923/4DDiGWindowsDataRecovery-240312/10.1.11.6/Images/ACR-123/ACR-123.PNG"],"guid":"25b482c4-0b0e-46b8-b9a2-09fc8dc8c802_10.1.11.6_1","appID":"4DDiGWindowsDataRecovery-240312","dateAdded":"250507","deceptorType":"App","name":"4DDiG Windows Data Recovery","company":"Tenorshare Co., Ltd.","version":"10.1.11.6","lastKnownStatus":"10.0.1.5;10.0.5.9;10.1.0.10;10.1.6.8;10.1.7.3;10.1.11.6;10.3.3;10.3.10","lastKnownDate":"250507","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10,Windows 11","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2025-05-07T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":8,"sortOrder":347},{"violations":{"ACR-042":"Open source project \"FFmpeg\" is installed without any disclosure in EULA.\n","ACR-043":"Open source project \"FFmpeg\" is installed without any disclosure in EULA.\n","ACR-046":"collecting data via \"Participate in customer experience improvement plan\" is checked by default and not visible to user by default. No relevant disclosure what data it collects.\n","ACR-107":"The app does not obtain any authorization for using the third-party component: \"FFmpeg\".\n","ACR-048":"The app does not provide any control to cancel the installation.\n","ACR-004":"The application doesn't provide a free fix (recovery) instead offering a subscription that the user needs to pay to fix it.\n","ACR-097":"The app adds an exception for Windows firewall to lower default default system security posture without disclosing relevant info and get consent from user. \n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components on the device without the consumer's consent or notifying the user.\n"},"nonDeceptorViolations":{"ACR-040":"The app drops some of its components in a hidden folder.\n","ACR-123":"Even after a reboot and uninstall, the application did not remove itself from the firewall exception that was added during installation.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\Tenorshare\\Tenorshare 4DDiG\\Tenorshare 4DDiG.exe","companyName":"Tenorshare","productName":"Tenorshare 4DDiG","productVersion":"10.0.1.5","fileVersion":"10.0.1.5","hashMD5":"e7b384bfaccabff482a79be53f485db8","hashSHA1":"f640b1c5208ed9b295ceb9060cba49d1dc4ae479","hashSHA256":"f16352a5657f5122e719c43b8f6e851f642c31eacb1b4fc2bab7c1b51e7ce665","digitalCertThumbprint":"59FECDA87C479A14A82E3EF696F9E6A9002A3752","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Tenorshare Co. Ltd.","storeId":"","sourceIndex":"714","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"4ddig-for-windows_11710227228693876802.exe","isInstaller":"True","companyName":"Tenorshare Co. Ltd.","productName":"20230616145514","productVersion":"2.7.11.0","fileVersion":"2.7.11.0","hashMD5":"6959949d30bb64c6c0586597862fe0db","hashSHA1":"afdb5e6f6fb4d42518500d6c5eb063ba9ba23b17","hashSHA256":"7f61355d779e864d305b3e02f6aa09da634e06e82353255340dd01e2144256e3","digitalCertThumbprint":"59FECDA87C479A14A82E3EF696F9E6A9002A3752","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Tenorshare Co. Ltd.","storeId":"","sourceIndex":"714","avBlockList":["Avast Premium Security (20240815)","AVG Internet Security (20240815)","Avira Internet Security (20240815)","ESET Internet Security (20240815)","G DATA INTERNET SECURITY (20240815)","K7 Total Security (20240815)","Malwarebytes Premium (20240815)","Norton Security (20240815)","Panda Dome (20240815)","Sophos Home Premium (20240815)","SpyHunter5 (20240815)","Total AV Antivirus Pro (20240815)","VirIT eXplorer PRO (20240815)","Windows Defender (20240815)","FortectPremium (20240815)"],"avAllowList":["360 Total Security (20240815)","Bitdefender Internet Security (20240815)","COMODO Antivirus (20240815)","Dr.Web Security Space (20240815)","Kaspersky Internet Security (20240604)","McAfee Total Protection (20240815)","Quick Heal Internet Security (20240815)","Trend Micro Internet Security (20240815)","VIPRE Advanced Security (20240815)","Webroot SecureAnywhere (20240815)","KasperskyPremium (20240815)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt on Data recovery applications","reference":"","landingPage":"https://www.4ddig.net/windows-data-recovery.html","directDownloadingLink":"https://download.tenorshare.net/downloads/4ddig-for-windows_3311.exe?rnclid=11710227228693876802","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://download.tenorshare.net/downloads/4ddig-for-windows_3311.exe?rnclid=11710227228693876802","sourceIndex":"714"}],"sampleFiles":["240313/4DDiGWindowsDataRecovery-240312/10.0.1.5/Samples/4ddig-for-windows_11710227228693876802.exe"],"imageFiles":["240313/4DDiGWindowsDataRecovery-240312/10.0.1.5/Images/ACR-043/ACR-043.PNG","240313/4DDiGWindowsDataRecovery-240312/10.0.1.5/Images/ACR-046/ACR-046_Install_1.png","240313/4DDiGWindowsDataRecovery-240312/10.0.1.5/Images/ACR-046/ACR-046_Install_2.png","240313/4DDiGWindowsDataRecovery-240312/10.0.1.5/Images/ACR-107/ACR-107.PNG","240313/4DDiGWindowsDataRecovery-240312/10.0.1.5/Images/ACR-042/ACR-042.PNG","240313/4DDiGWindowsDataRecovery-240312/10.0.1.5/Images/ACR-048/ACR-048.PNG","240313/4DDiGWindowsDataRecovery-240312/10.0.1.5/Images/ACR-004/ACR-004.PNG","240313/4DDiGWindowsDataRecovery-240312/10.0.1.5/Images/ACR-004/ACR-004_1.PNG","240313/4DDiGWindowsDataRecovery-240312/10.0.1.5/Images/ACR-097/ACR-097.PNG","240313/4DDiGWindowsDataRecovery-240312/10.0.1.5/Images/ACR-118/ACR-118.PNG"],"nonDeceptorImageFiles":["240313/4DDiGWindowsDataRecovery-240312/10.0.1.5/Images/ACR-040/ACR-040_Install_1.png","240313/4DDiGWindowsDataRecovery-240312/10.0.1.5/Images/ACR-123/ACR-123.PNG"],"guid":"25b482c4-0b0e-46b8-b9a2-09fc8dc8c802_10.0.1.5_1","appID":"4DDiGWindowsDataRecovery-240312","dateAdded":"250507","deceptorType":"App","name":"4DDiG Windows Data Recovery","company":"Tenorshare Co., Ltd.","version":"10.0.1.5","lastKnownStatus":"10.0.1.5;10.0.5.9;10.1.0.10;10.1.6.8;10.1.7.3;10.1.11.6;10.3.3;10.3.10","lastKnownDate":"250507","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10,Windows 11","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2025-05-07T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":8,"sortOrder":352},{"violations":{"ACR-046":"App does not show, and provides no option to see, 3rd party app EULA and privacy policy before executing a silent software installation.\n","ACR-107":"App does not show its authorization to install 3rd party software\n","ACR-050":"App circumvents the ability for consumers to inspect and consent to EULA and privacy of the 3rd party apps it silently installs. Provides no option to get to the EULA/Privacy policies.\n","ACR-097":"App evades security investigation by scaring away security review and investigations in its Security Terms and Conditions https://pcapp.store/?p=lp_tos_security\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"Setup.exe","isInstaller":"True","fileVersion":"1.0.0.2014","hashMD5":"e56cf6d5326ab57c6ff3419a981424af","hashSHA1":"03ca4dc86e1438621a11594de20d4ba50a3a7b32","hashSHA256":"d308140815fe1821496f42dd9d1d8f41e610de784ecae4a01ffd67e8b5d16f0b","digitalCertThumbprint":"2B7CC99441F4AE77689E0838930E66AA8C88EEC2","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=FAST CORPORATION LTD, O=FAST CORPORATION LTD, L=Ra'anana, C=IL, SERIALNUMBER=515636181, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=IL","sourceIndex":"216","avBlockList":["360 Total Security (20250731)","COMODO Antivirus (20250731)","Dr.Web Security Space (20250731)","ESET Internet Security (20250731)","FortectPremium (20250731)","G DATA INTERNET SECURITY (20250731)","K7 Total Security (20250731)","KasperskyPremium (20250731)","Malwarebytes Premium (20250731)","McAfee Total Protection (20250731)","Panda Dome (20250731)","Sophos Home Premium (20250731)","SpyHunter5 (20250731)","VirIT eXplorer PRO (20250731)","Webroot SecureAnywhere (20250731)"],"avAllowList":["Avast Premium Security (20250731)","AVG Internet Security (20250731)","Avira Internet Security (20250731)","Bitdefender Internet Security (20250731)","Norton Security (20250731)","Quick Heal Internet Security (20250731)","Total AV Antivirus Pro (20250731)","Trend Micro Internet Security (20250731)","VIPRE Advanced Security (20250731)","Windows Defender (20250731)"]}],"additionalFiles":[],"sources":[{"howFound":"external AV report","reference":"n/a","landingPage":"pcapp.store","directDownloadingLink":"","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"","sourceIndex":"216"}],"sampleFiles":["250506/pcappstore-250321/1.0.0.2014/Samples/Setup.exe"],"imageFiles":["250506/pcappstore-250321/1.0.0.2014/Images/ACR-097/Screenshot 2025-05-06 at 11.16.58 AM.png","250506/pcappstore-250321/1.0.0.2014/Images/ACR-097/Screenshot 2025-05-06 at 9.50.47 AM.png","250506/pcappstore-250321/1.0.0.2014/Images/ACR-097/Screenshot 2025-05-06 at 11.19.28 AM.png","250506/pcappstore-250321/1.0.0.2014/Images/ACR-107/Screenshot 2025-05-06 at 11.20.43 AM.png","250506/pcappstore-250321/1.0.0.2014/Images/ACR-050/Screenshot 2025-05-06 at 11.35.10 AM.png","250506/pcappstore-250321/1.0.0.2014/Images/ACR-050/Screenshot 2025-05-06 at 11.34.56 AM.png","250506/pcappstore-250321/1.0.0.2014/Images/ACR-046/Screenshot 2025-05-06 at 11.23.55 AM.png"],"nonDeceptorImageFiles":[],"guid":"4e72e487-ee6a-4c96-8a1d-c8181c66bbb8_1.0.0.2014_1","appID":"pcappstore-250321","dateAdded":"250506","deceptorType":"App","name":"PC APP STORE","company":"Fast Corporation LTD","version":"1.0.0.2014","lastKnownStatus":"Deceptor:1.0.0.2010;1.0.0.2014","lastKnownDate":"250506","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 10,Windows 11","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"cross-sell other apps,in-app purchases,install offers","lastUpdate":"2025-05-06T18:37:52.6706923+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":353},{"violations":{"ACR-046":"App does not show, and provides no option to see, 3rd party app EULA and privacy policy before executing a silent software installation.\n","ACR-107":"App does not show its authorization to install 3rd party software\n","ACR-050":"App circumvents the ability for consumers to inspect and consent to EULA and privacy of the 3rd party apps it silently installs. Provides no option to get to the EULA/Privacy policies.\n","ACR-097":"App evades security investigation by scaring away security review and investigations in its EULA\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"Setup.exe","isInstaller":"True","fileVersion":"1.0","hashMD5":"5648ba2e99d2f4e536c6228035600bc5","hashSHA1":"4ecff42c47e09e0a2e883d5bd5940cd099885fbc","hashSHA256":"c4eeb0e2a377e7dd3b6f8eda06557eb9ff4b5b52cb4bf87dfabe685b1fe349b9","digitalCertThumbprint":"2B7CC99441F4AE77689E0838930E66AA8C88EEC2","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=FAST CORPORATION LTD, O=FAST CORPORATION LTD, L=Ra'anana, C=IL, SERIALNUMBER=515636181, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=IL","sourceIndex":"234","avBlockList":["360 Total Security (20250501)","Bitdefender Internet Security (20250501)","COMODO Antivirus (20250501)","Dr.Web Security Space (20250501)","ESET Internet Security (20250501)","FortectPremium (20250501)","K7 Total Security (20250501)","KasperskyPremium (20250501)","Malwarebytes Premium (20250501)","McAfee Total Protection (20250501)","Panda Dome (20250501)","Sophos Home Premium (20250501)","SpyHunter5 (20250501)","VIPRE Advanced Security (20250501)","VirIT eXplorer PRO (20250501)","Webroot SecureAnywhere (20250501)"],"avAllowList":["Avast Premium Security (20250501)","AVG Internet Security (20250501)","Avira Internet Security (20250501)","G DATA INTERNET SECURITY (20250501)","Norton Security (20250501)","Quick Heal Internet Security (20250501)","Total AV Antivirus Pro (20250501)","Trend Micro Internet Security (20250501)","Windows Defender (20250501)"]},{"isRevoked":"False","fileName":"PcAppStore.exe","companyName":"Fast Corporation LTD","fileVersion":"1.0","hashMD5":"71b973dbdfc7b52ae10afa4d0ad2b78f","hashSHA1":"bda27794a218b34a8a221627ea433075403d744e","hashSHA256":"05883fccb64dd4357c229ccca669afdacbfa0bc9a1c8d857f5205aed0a81e00a","digitalCertThumbprint":"2B7CC99441F4AE77689E0838930E66AA8C88EEC2","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=FAST CORPORATION LTD, O=FAST CORPORATION LTD, L=Ra'anana, C=IL, SERIALNUMBER=515636181, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=IL","sourceIndex":"234","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"Setup%20(1).exe","isInstaller":"True","fileVersion":"1.0","hashMD5":"6eaba7c29b0ea3e12a450d2631b448af","hashSHA1":"961539a99b3d07636584ca2909384e42b6d55631","hashSHA256":"8ef653856efc45fca8ccb960d76e523079f7a0af897bb0b3b994ed2b3cfe52e4","digitalCertThumbprint":"2B7CC99441F4AE77689E0838930E66AA8C88EEC2","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=FAST CORPORATION LTD, O=FAST CORPORATION LTD, L=Ra'anana, C=IL, SERIALNUMBER=515636181, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=IL","sourceIndex":"234","avBlockList":["360 Total Security (20250508)","Bitdefender Internet Security (20250508)","COMODO Antivirus (20250508)","Dr.Web Security Space (20250508)","ESET Internet Security (20250508)","FortectPremium (20250508)","K7 Total Security (20250508)","KasperskyPremium (20250508)","Malwarebytes Premium (20250508)","McAfee Total Protection (20250508)","Panda Dome (20250508)","Sophos Home Premium (20250508)","SpyHunter5 (20250508)","VirIT eXplorer PRO (20250508)","Webroot SecureAnywhere (20250508)"],"avAllowList":["Avast Premium Security (20250508)","AVG Internet Security (20250508)","Avira Internet Security (20250508)","G DATA INTERNET SECURITY (20250508)","Norton Security (20250508)","Quick Heal Internet Security (20250508)","Total AV Antivirus Pro (20250508)","Trend Micro Internet Security (20250508)","VIPRE Advanced Security (20250508)","Windows Defender (20250508)"]}],"additionalFiles":[],"sources":[{"howFound":"external AV report","reference":"n/a","landingPage":"pcapp.store","directDownloadingLink":"https://repcdn.pcapp.store/download/fa/drm/m.fa.2010.drm","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://repcdn.pcapp.store/download/fa/drm/m.fa.2010.drm","sourceIndex":"234"}],"sampleFiles":["250321/pcappstore-250321/1.0.0.2010/Samples/Setup.exe","250321/pcappstore-250321/1.0.0.2010/Samples/Setup%20(1).exe"],"imageFiles":["250321/pcappstore-250321/1.0.0.2010/Images/ACR-097/Screenshot 2025-03-21 at 1.03.17 PM.png","250321/pcappstore-250321/1.0.0.2010/Images/ACR-107/Screenshot 2025-03-21 at 1.03.53 PM.png","250321/pcappstore-250321/1.0.0.2010/Images/ACR-050/Screenshot 2025-03-21 at 1.05.23 PM.png","250321/pcappstore-250321/1.0.0.2010/Images/ACR-050/Screenshot 2025-03-21 at 1.05.32 PM.png","250321/pcappstore-250321/1.0.0.2010/Images/ACR-046/Screenshot 2025-03-21 at 1.05.23 PM.png","250321/pcappstore-250321/1.0.0.2010/Images/ACR-046/Screenshot 2025-03-21 at 1.05.32 PM.png"],"nonDeceptorImageFiles":[],"guid":"4e72e487-ee6a-4c96-8a1d-c8181c66bbb8_1.0.0.2010_1","appID":"pcappstore-250321","dateAdded":"250506","deceptorType":"App","name":"PC APP STORE","company":"Fast Corporation LTD","version":"1.0.0.2010","lastKnownStatus":"Deceptor:1.0.0.2010;1.0.0.2014","lastKnownDate":"250506","type":"Windows Executable","category":"Shopping, SysTools & Utilities","targetOS":"Windows 10,Windows 11","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"cross-sell other apps,in-app purchases,install offers","lastUpdate":"2025-05-06T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":354},{"violations":{"ACR-043":"Application starts to install and completes all with one click without disclosing anything being installed and disclose its EULA, Privacy Policy and its potentially  security reducing and how application managing the risk.  \n","ACR-007":"App does not obtain user consent to reduce the consumer's security posture caused by collecting user's IP and sharing User's IP in its proxy service. \n"},"nonDeceptorViolations":{"ACR-065":"Application doesn't have EULA and Privacy Policy available in software.\n"},"samples":[{"isRevoked":"False","fileName":"zenshield-vpn-1.0.22-setup.exe","isInstaller":"True","companyName":"Geonode Pte Ltd","fileVersion":"1.0","hashMD5":"87eaca6fc25a56dd6a40cc6ccb72ae55","hashSHA1":"0ffcbb0d22ce45d31b471661340a093ad9c840cb","hashSHA256":"b5331dcf85db7842d10040043aa9352ccdf62029aec2c490457cf7e5b3b58c15","digitalCertThumbprint":"4E413A8BFF9675DF68AA52E8B10CCDBA6184C0E7","digitalCertIssuer":"CN=Certum Extended Validation Code Signing 2021 CA, O=Asseco Data Systems S.A., C=PL","digitalCertIssuedTo":"CN=Geonode Pte Ltd, O=Geonode Pte Ltd, L=Singapore, C=SG, SERIALNUMBER=202105609Z, OID.2.5.4.15=Private Organization, STREET=\"12 Eu Tong Sen , 08-169 The Central\", PostalCode=059819, OID.1.3.6.1.4.1.311.60.2.1.3=SG","sourceIndex":"226","avBlockList":["360 Total Security (20250715)","Avast Premium Security (20250715)","AVG Internet Security (20250715)","Avira Internet Security (20250715)","Bitdefender Internet Security (20250715)","COMODO Antivirus (20250715)","ESET Internet Security (20250715)","FortectPremium (20250715)","G DATA INTERNET SECURITY (20250715)","K7 Total Security (20250715)","KasperskyPremium (20250715)","Malwarebytes Premium (20250715)","McAfee Total Protection (20250715)","Norton Security (20250715)","Panda Dome (20250715)","Quick Heal Internet Security (20250715)","Sophos Home Premium (20250715)","SpyHunter5 (20250715)","Total AV Antivirus Pro (20250715)","VIPRE Advanced Security (20250715)","VirIT eXplorer PRO (20250715)","Webroot SecureAnywhere (20250715)","Windows Defender (20250715)"],"avAllowList":["Dr.Web Security Space (20250715)","Trend Micro Internet Security (20250715)"]},{"isRevoked":"False","fileName":"zenshield-vpn.exe","companyName":"Geonode Pte Ltd","fileVersion":"1.0","hashMD5":"adb47070824ba2674ca22ea26a410edd","hashSHA1":"1b4b60504d6722d22e0d12f4bcd04ce099e5c7f2","hashSHA256":"a0a9a7e4aa99a421a72c2f6853a51dfdd3544879151879b4f20f5d34626338af","digitalCertThumbprint":"4E413A8BFF9675DF68AA52E8B10CCDBA6184C0E7","digitalCertIssuer":"CN=Certum Extended Validation Code Signing 2021 CA, O=Asseco Data Systems S.A., C=PL","digitalCertIssuedTo":"CN=Geonode Pte Ltd, O=Geonode Pte Ltd, L=Singapore, C=SG, SERIALNUMBER=202105609Z, OID.2.5.4.15=Private Organization, STREET=\"12 Eu Tong Sen , 08-169 The Central\", PostalCode=059819, OID.1.3.6.1.4.1.311.60.2.1.3=SG","sourceIndex":"226","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"VPN","reference":"","landingPage":"https://www.zenshield.com/new-pages/free-vpn-for-windows","directDownloadingLink":"https://zenshield.s3.fr-par.scw.cloud/desktop-app/updates/1.0.22/zenshield-vpn-1.0.22-setup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://zenshield.s3.fr-par.scw.cloud/desktop-app/updates/1.0.22/zenshield-vpn-1.0.22-setup.exe","sourceIndex":"226"}],"sampleFiles":["250416/ZenShieldVPN-250306/1.0.22/Samples/zenshield-vpn-1.0.22-setup.exe","250416/ZenShieldVPN-250306/1.0.22/Samples/zenshield-vpn.exe"],"imageFiles":["250416/ZenShieldVPN-250306/1.0.22/Images/ACR-043/Install.png","250416/ZenShieldVPN-250306/1.0.22/Images/ACR-007/007.png","250416/ZenShieldVPN-250306/1.0.22/Images/ACR-007/Install.png"],"nonDeceptorImageFiles":["250416/ZenShieldVPN-250306/1.0.22/Images/ACR-065/EULA.png"],"guid":"98a3f848-4c7f-42ec-87e9-3bb5dd3f277b_1.0.22_1","appID":"ZenShieldVPN-250306","dateAdded":"250416","deceptorType":"App","name":"ZenShieldVPN","company":"Geonode Pte Ltd","version":"1.0.22","lastKnownStatus":"1.0.16;1.0.22","lastKnownDate":"250416","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 10,Windows 11","targetBrowser":"None","targetCustomer":"consumer,enterprise","ageAppropriate":"12+ appropriate","monetization":"net proxy","lastUpdate":"2025-04-16T20:21:56.2314597+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":355},{"violations":{"ACR-043":"Application starts to install and completes all with one click without disclosing anything being installed and disclose its EULA, Privacy Policy and its potentially  security reducing and how application managing the risk.  \n","ACR-007":"App does not obtain user consent to reduce the consumer's security posture caused by collecting user's IP and sharing User's IP in its proxy service. \n","ACR-084":"Application is still running in background and communicating with remote serverprofil24.com  even after user disconnects the VPN service and close the application to systray.\n"},"nonDeceptorViolations":{"ACR-065":"Application doesn't have EULA and Privacy Policy available in software.\n"},"samples":[{"isRevoked":"False","fileName":"zenshield-vpn-1.0.16-setup.exe","isInstaller":"True","companyName":"Geonode Pte Ltd","fileVersion":"1.0","hashMD5":"b08b4f9c14d89ebd4c87de8021b7a0de","hashSHA1":"d9a64d49b219cdccf7cef91c24a83651e4442d36","hashSHA256":"f848b37f8ebd85f6a668ac558b1d487daeda5542c5b00d8ab66f0c02e6d276c4","digitalCertThumbprint":"4E413A8BFF9675DF68AA52E8B10CCDBA6184C0E7","digitalCertIssuer":"CN=Certum Extended Validation Code Signing 2021 CA, O=Asseco Data Systems S.A., C=PL","digitalCertIssuedTo":"CN=Geonode Pte Ltd, O=Geonode Pte Ltd, L=Singapore, C=SG, SERIALNUMBER=202105609Z, OID.2.5.4.15=Private Organization, STREET=\"12 Eu Tong Sen , 08-169 The Central\", PostalCode=059819, OID.1.3.6.1.4.1.311.60.2.1.3=SG","sourceIndex":"236","avBlockList":["360 Total Security (20250417)","Avast Premium Security (20250417)","AVG Internet Security (20250417)","Avira Internet Security (20250417)","ESET Internet Security (20250417)","FortectPremium (20250417)","G DATA INTERNET SECURITY (20250417)","K7 Total Security (20250417)","KasperskyPremium (20250417)","Malwarebytes Premium (20250417)","McAfee Total Protection (20250417)","Norton Security (20250417)","Panda Dome (20250417)","Quick Heal Internet Security (20250417)","Sophos Home Premium (20250417)","SpyHunter5 (20250417)","Total AV Antivirus Pro (20250417)","VIPRE Advanced Security (20250417)","VirIT eXplorer PRO (20250417)","Webroot SecureAnywhere (20250417)"],"avAllowList":["Bitdefender Internet Security (20250417)","COMODO Antivirus (20250417)","Dr.Web Security Space (20250417)","Trend Micro Internet Security (20250417)","Windows Defender (20250417)"]},{"isRevoked":"False","fileName":"zenshield-vpn.exe","companyName":"Geonode Pte Ltd","fileVersion":"1.0","hashMD5":"adb47070824ba2674ca22ea26a410edd","hashSHA1":"1b4b60504d6722d22e0d12f4bcd04ce099e5c7f2","hashSHA256":"a0a9a7e4aa99a421a72c2f6853a51dfdd3544879151879b4f20f5d34626338af","digitalCertThumbprint":"4E413A8BFF9675DF68AA52E8B10CCDBA6184C0E7","digitalCertIssuer":"CN=Certum Extended Validation Code Signing 2021 CA, O=Asseco Data Systems S.A., C=PL","digitalCertIssuedTo":"CN=Geonode Pte Ltd, O=Geonode Pte Ltd, L=Singapore, C=SG, SERIALNUMBER=202105609Z, OID.2.5.4.15=Private Organization, STREET=\"12 Eu Tong Sen , 08-169 The Central\", PostalCode=059819, OID.1.3.6.1.4.1.311.60.2.1.3=SG","sourceIndex":"236","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"VPN","reference":"","landingPage":"https://www.zenshield.com/new-pages/free-vpn-for-windows","directDownloadingLink":"https://zenshield.s3.fr-par.scw.cloud/desktop-app/updates/1.0.16/zenshield-vpn-1.0.16-setup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://zenshield.s3.fr-par.scw.cloud/desktop-app/updates/1.0.16/zenshield-vpn-1.0.16-setup.exe","sourceIndex":"236"}],"sampleFiles":["250306/ZenShieldVPN-250306/1.0.16/Samples/zenshield-vpn-1.0.16-setup.exe"],"imageFiles":["250306/ZenShieldVPN-250306/1.0.16/Images/ACR-043/ACR-007_Install_2.png","250306/ZenShieldVPN-250306/1.0.16/Images/ACR-007/ACR-007_Install_1.png","250306/ZenShieldVPN-250306/1.0.16/Images/ACR-007/ACR-007_Install_2.png","250306/ZenShieldVPN-250306/1.0.16/Images/ACR-084/ACR-084_Software_1.png"],"nonDeceptorImageFiles":["250306/ZenShieldVPN-250306/1.0.16/Images/ACR-065/ACR-065_Software_1.png"],"guid":"98a3f848-4c7f-42ec-87e9-3bb5dd3f277b_1.0.16_1","appID":"ZenShieldVPN-250306","dateAdded":"250416","deceptorType":"App","name":"ZenShieldVPN","company":"Geonode Pte Ltd","version":"1.0.16","lastKnownStatus":"1.0.16;1.0.22","lastKnownDate":"250416","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 10,Windows 11","targetBrowser":"None","targetCustomer":"consumer,enterprise","ageAppropriate":"12+ appropriate","monetization":"net proxy","lastUpdate":"2025-04-16T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":356},{"violations":{"ACR-004":"Application uses traffic light colors to exaggerate the urgency of the scan results.\n","ACR-084":"App provides no notification to the user that it continues to run in the background after being closed.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"WiseCare365.exe","companyName":"WiseCleaner.com","fileVersion":"7.0","hashMD5":"a219ff1fa3cfffd25c443b5371ec8ae1","hashSHA1":"16cdb383e744b5dcbf9e2dcb684f98c210f22960","hashSHA256":"15f8682b50364167adfd23118e1d534a2d3c83767553687c59d945cbbd192d8e","digitalCertThumbprint":"B910852E34BA52BEF2F23CA9FDE37B2219A718D3","digitalCertIssuer":"CN=SSL.com EV Code Signing Intermediate CA RSA R3, O=SSL Corp, L=Houston, S=Texas, C=US","digitalCertIssuedTo":"OID.1.3.6.1.4.1.311.60.2.1.3=CN, OID.2.5.4.15=Private Organization, CN=\"Lespeed Technology Co., Ltd\", SERIALNUMBER=91110101593898951F, O=\"Lespeed Technology Co., Ltd\", L=Beijing, C=CN","sourceIndex":"224","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"WiseCare365_7.2.2.695.exe","isInstaller":"True","companyName":"WiseCleaner.com                                             ","fileVersion":"7.2","hashMD5":"7d9673c16c3040b3ef853037eb9c427e","hashSHA1":"116bcde04632cfffef3a5e06c0222b28d22f72ea","hashSHA256":"0e4e5646330524e453978d6793aa4a02ce99fb7f457d6c73fd2df3072151d120","digitalCertThumbprint":"B910852E34BA52BEF2F23CA9FDE37B2219A718D3","digitalCertIssuer":"CN=SSL.com EV Code Signing Intermediate CA RSA R3, O=SSL Corp, L=Houston, S=Texas, C=US","digitalCertIssuedTo":"OID.1.3.6.1.4.1.311.60.2.1.3=CN, OID.2.5.4.15=Private Organization, CN=\"Lespeed Technology Co., Ltd\", SERIALNUMBER=91110101593898951F, O=\"Lespeed Technology Co., Ltd\", L=Beijing, C=CN","sourceIndex":"224","avBlockList":["Avast Premium Security (20250417)","AVG Internet Security (20250417)","Avira Internet Security (20250417)","COMODO Antivirus (20250417)","Dr.Web Security Space (20250417)","ESET Internet Security (20250417)","FortectPremium (20250417)","G DATA INTERNET SECURITY (20250417)","K7 Total Security (20250417)","Malwarebytes Premium (20250417)","Norton Security (20250417)","Panda Dome (20250417)","Quick Heal Internet Security (20250417)","Sophos Home Premium (20250417)","SpyHunter5 (20250417)","Total AV Antivirus Pro (20250417)","VirIT eXplorer PRO (20250417)","Webroot SecureAnywhere (20250417)","Windows Defender (20250417)"],"avAllowList":["360 Total Security (20250417)","Bitdefender Internet Security (20250417)","KasperskyPremium (20250417)","McAfee Total Protection (20250417)","Trend Micro Internet Security (20250417)","VIPRE Advanced Security (20250417)"]}],"additionalFiles":[],"sources":[{"howFound":"google allintext search: PC Fix Error","reference":"wise PC 1stAid","landingPage":"https://www.wisecleaner.com/download.html","directDownloadingLink":"http://downloads.wisecleaner.com/soft/WiseCare365_5.4.5.541.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://downloads.wisecleaner.com/soft/WiseCare365_5.4.5.541.exe","sourceIndex":"224"}],"sampleFiles":["250410/WiseCare365-191216/7.2.2.695/Samples/WiseCare365.exe","250410/WiseCare365-191216/7.2.2.695/Samples/WiseCare365_7.2.2.695.exe"],"imageFiles":["250410/WiseCare365-191216/7.2.2.695/Images/ACR-004/colors.png","250410/WiseCare365-191216/7.2.2.695/Images/ACR-084/notification.gif"],"nonDeceptorImageFiles":[],"guid":"99d84161-4750-4f00-b0b3-20249f272511_7.2.2.695_1","appID":"WiseCare365-191216","dateAdded":"250410","deceptorType":"App","name":"WiseCare365","company":"Lespeed Technology Ltd","version":"7.2.2.695","firstVendorContactDate":"250410","firstAppEsteemReplyDate":"250411","firstResolvedDate":"250421","firstResolvedVersion":"7.2.4.697","resolved":"TRUE","lastKnownStatus":"5.4.5;5.4.7.543;6.6.6;7.2.2.695;","lastKnownDate":"250410","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"None","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2025-04-21T19:11:55.0728237+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":4,"sortOrder":357},{"violations":{"ACR-004":"Application exaggerates the urgency of PC status using alarming color for the reported items and exclamation mark. It doesn't provide free fix for the items reported instead asking to upgrade to pro version. For the items reported that needs to be fixed manually, there is no information how to fix them manually. \n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"WiseCare365_6.6.6.636.exe","isInstaller":"True","companyName":"WiseCleaner.com                                             ","fileVersion":"6.6","hashMD5":"c27c3107bb20803c3f5d8eab7258bb48","hashSHA1":"9e8384e96c6542eaf091cec68c351b8bde8d1b96","hashSHA256":"42e35e59355e78dc581115d24babd4424422efacfdb6710395c27e84243959df","digitalCertThumbprint":"B910852E34BA52BEF2F23CA9FDE37B2219A718D3","digitalCertIssuer":"CN=SSL.com EV Code Signing Intermediate CA RSA R3, O=SSL Corp, L=Houston, S=Texas, C=US","digitalCertIssuedTo":"OID.1.3.6.1.4.1.311.60.2.1.3=CN, OID.2.5.4.15=Private Organization, CN=\"Lespeed Technology Co., Ltd\", SERIALNUMBER=91110101593898951F, O=\"Lespeed Technology Co., Ltd\", L=Beijing, C=CN","sourceIndex":"646","avBlockList":["Avast Premium Security (20250306)","AVG Internet Security (20250306)","Avira Internet Security (20250306)","COMODO Antivirus (20250306)","Dr.Web Security Space (20250306)","ESET Internet Security (20250306)","G DATA INTERNET SECURITY (20250306)","K7 Total Security (20250306)","Norton Security (20250306)","Panda Dome (20250306)","Quick Heal Internet Security (20250306)","Sophos Home Premium (20250306)","Total AV Antivirus Pro (20250306)","VirIT eXplorer PRO (20250306)","Webroot SecureAnywhere (20250306)","Windows Defender (20250306)","FortectPremium (20250306)"],"avAllowList":["360 Total Security (20250306)","Bitdefender Internet Security (20250306)","Kaspersky Internet Security (20240509)","Malwarebytes Premium (20250306)","McAfee Total Protection (20250306)","SpyHunter5 (20250306)","Trend Micro Internet Security (20250306)","VIPRE Advanced Security (20250306)","KasperskyPremium (20250306)"]},{"isRevoked":"False","fileName":"WiseCare365.exe","companyName":"WiseCleaner.com","fileVersion":"6.6","hashMD5":"a020b60c4dd43183e92322ebbd984622","hashSHA1":"0b57dee576b4c46ea5e022d83392f1b596943e27","hashSHA256":"3ea7a31f54953bf9f5b999fe57c11740d3b62bb6194c1925d967568d8414bc58","digitalCertThumbprint":"B910852E34BA52BEF2F23CA9FDE37B2219A718D3","digitalCertIssuer":"CN=SSL.com EV Code Signing Intermediate CA RSA R3, O=SSL Corp, L=Houston, S=Texas, C=US","digitalCertIssuedTo":"OID.1.3.6.1.4.1.311.60.2.1.3=CN, OID.2.5.4.15=Private Organization, CN=\"Lespeed Technology Co., Ltd\", SERIALNUMBER=91110101593898951F, O=\"Lespeed Technology Co., Ltd\", L=Beijing, C=CN","sourceIndex":"646","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"WiseTray.exe","companyName":"WiseCleaner.com","fileVersion":"6.2","hashMD5":"4e793e5fba64a9edcddb922e1aa9dac4","hashSHA1":"e16cac5cd505a67754f5ea21b28ecafbb66f8b1b","hashSHA256":"fc9ca77981ddd0e810c2e88fe8cfc27dc94258d888a08083ec5ceb0e0a6a7d72","digitalCertThumbprint":"B910852E34BA52BEF2F23CA9FDE37B2219A718D3","digitalCertIssuer":"CN=SSL.com EV Code Signing Intermediate CA RSA R3, O=SSL Corp, L=Houston, S=Texas, C=US","digitalCertIssuedTo":"OID.1.3.6.1.4.1.311.60.2.1.3=CN, OID.2.5.4.15=Private Organization, CN=\"Lespeed Technology Co., Ltd\", SERIALNUMBER=91110101593898951F, O=\"Lespeed Technology Co., Ltd\", L=Beijing, C=CN","sourceIndex":"646","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Deceptor report channel","reference":"","landingPage":"https://www.wisecleaner.com/wise-care-365.html","directDownloadingLink":"","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"","sourceIndex":"646"}],"sampleFiles":["240418/WiseCare365-191216/6.6.6/Samples/WiseCare365_6.6.6.636.exe","240418/WiseCare365-191216/6.6.6/Samples/WiseCare365.exe","240418/WiseCare365-191216/6.6.6/Samples/WiseTray.exe"],"imageFiles":["240418/WiseCare365-191216/6.6.6/Images/ACR-004/ACR-004_Software_1.png"],"nonDeceptorImageFiles":[],"guid":"99d84161-4750-4f00-b0b3-20249f272511_6.6.6_1","appID":"WiseCare365-191216","dateAdded":"250410","deceptorType":"App","name":"WiseCare365","company":"Lespeed Technology Ltd","version":"6.6.6","firstVendorContactDate":"250410","firstAppEsteemReplyDate":"250411","firstResolvedDate":"250421","firstResolvedVersion":"7.2.4.697","resolved":"TRUE","lastKnownStatus":"5.4.5;5.4.7.543;6.6.6;7.2.2.695;","lastKnownDate":"250410","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"None","targetBrowser":"None","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2025-04-21T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":4,"sortOrder":358},{"violations":{"ACR-003":"The app displays unsubstantiated scan results.\n","ACR-004":"The app does not fix free scan results relating to privacy issues and displays unsubstantiated scan results.\n","ACR-017":"The internal offers page displays unverifiable certifications.\n","ACR-014":"The app contains exaggerated words such as \"problems\" and \"obsolete\" and does not substantiate scan results.\n","ACR-016":"The apps from utilities perform direct download and installation.\n"},"nonDeceptorViolations":{"ACR-065":"The app does not display links to the EULA, Returns and Cancellation Policy or the Privacy Policy.\nThe landing page does not display links to the EULA or the Returns and Cancellation Policy.\n","ACR-161":"The landing page displays unverifiable testimonials.\n","ACR-099":"The app does not display links to uninstall information.\nThe landing page does not display links to uninstall information.\n"},"samples":[{"isRevoked":"False","fileName":"WiseCare365_5.4.7.543.exe","isInstaller":"True","companyName":"WiseCleaner.com                                             ","fileVersion":"5.4","hashMD5":"e1d529c13c1aa2f7f458ab6cd2d8bbda","hashSHA1":"43b431c606b791820c477e1e7df0bb5d97543320","hashSHA256":"f302dec18d7c3fe4aa5c51cddb69d896f67fb25eceaa56c8335b4a7ba6fdd7c0","digitalCertThumbprint":"2D22CA45602F5AEB44C42F4C6A9CD879D8A23FF7","digitalCertIssuer":"CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US","digitalCertIssuedTo":"CN=Lespeed Technology Ltd., O=Lespeed Technology Ltd., L=Beijing, S=Beijing, C=CN","sourceIndex":"2533","avBlockList":["Avast Internet Security (20200224)","AVG Internet Security (20200224)","Avira Internet Security (20200224)","Dr.Web Security Space (20200224)","ESET Internet Security (20200224)","K7 Total Security (20200224)","Kaspersky Internet Security (20200224)","Malwarebytes Premium (20200224)","McAfee Total Protection (20200224)","Panda Dome (20200224)","Sophos Home Premium (20200224)","SpyHunter5 (20200224)","VirIT eXplorer PRO (20200224)","Webroot SecureAnywhere (20200224)","Windows Defender (20200224)"],"avAllowList":["360 Total Security (20200224)","Bitdefender Internet Security (20200224)","COMODO Antivirus (20200224)","G DATA INTERNET SECURITY (20200224)","Norton Security (20200224)","Quick Heal Internet Security (20200224)","Tencent PC Manager (20200224)","Trend Micro Internet Security (20200224)","VIPRE Advanced Security (20200224)"]},{"isRevoked":"False","fileName":"WiseCare365.exe","companyName":"WiseCleaner.com","fileVersion":"5.4","hashMD5":"07faa5489e6aca3163eb3615ee52fb7e","hashSHA1":"56ec3d2e8ff4e0b0e6add409e4904d78bc795dd6","hashSHA256":"7e915d1fe7c56b1c22eb1beb13d04e35415e9211851a274d9830bcc23336d7ac","digitalCertThumbprint":"2D22CA45602F5AEB44C42F4C6A9CD879D8A23FF7","digitalCertIssuer":"CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US","digitalCertIssuedTo":"CN=Lespeed Technology Ltd., O=Lespeed Technology Ltd., L=Beijing, S=Beijing, C=CN","sourceIndex":"2533","avBlockList":["Avira Internet Security (20200217)","ESET Internet Security (20200217)","Malwarebytes Premium (20200217)","McAfee Total Protection (20200217)","Panda Dome (20200217)","Sophos Home Premium (20200217)","SpyHunter5 (20200217)","VirIT eXplorer PRO (20200217)","Webroot SecureAnywhere (20200217)"],"avAllowList":["360 Total Security (20200217)","Avast Internet Security (20200217)","AVG Internet Security (20200217)","Bitdefender Internet Security (20200217)","COMODO Antivirus (20200217)","Dr.Web Security Space (20200217)","G DATA INTERNET SECURITY (20200217)","Kaspersky Internet Security (20200217)","Norton Security (20200217)","Quick Heal Internet Security (20200217)","Tencent PC Manager (20200217)","Trend Micro Internet Security (20200217)","VIPRE Advanced Security (20200217)","Windows Defender (20200217)"]}],"additionalFiles":[],"sources":[{"howFound":"google allintext search: PC Fix Error","reference":"wise PC 1stAid","landingPage":"https://www.wisecleaner.com/download.html","directDownloadingLink":"http://downloads.wisecleaner.com/soft/WiseCare365_5.4.5.541.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://downloads.wisecleaner.com/soft/WiseCare365_5.4.5.541.exe","sourceIndex":"2533"}],"sampleFiles":["200226/WiseCare365-191216/5.4.7.543/Samples/WiseCare365_5.4.7.543.exe","200226/WiseCare365-191216/5.4.7.543/Samples/WiseCare365.exe"],"imageFiles":["200226/WiseCare365-191216/5.4.7.543/Images/ACR-004/WiseCare365 004.gif","200226/WiseCare365-191216/5.4.7.543/Images/ACR-004/WiseCare365 Scan Results.png","200226/WiseCare365-191216/5.4.7.543/Images/ACR-003/WiseCare365 Scan Results.png","200226/WiseCare365-191216/5.4.7.543/Images/ACR-014/WiseCare365 Scan Results.png","200226/WiseCare365-191216/5.4.7.543/Images/ACR-017/WiseCare365 Internal Offers.png","200226/WiseCare365-191216/5.4.7.543/Images/ACR-016/WiseCare365 Scan Results.png"],"nonDeceptorImageFiles":["200226/WiseCare365-191216/5.4.7.543/Images/ACR-065/WiseCare365 About.png","200226/WiseCare365-191216/5.4.7.543/Images/ACR-099/WiseCare365 About.png","200226/WiseCare365-191216/5.4.7.543/Images/ACR-065/WiseCare365 Landing Page.png","200226/WiseCare365-191216/5.4.7.543/Images/ACR-099/WiseCare365 Landing Page.png","200226/WiseCare365-191216/5.4.7.543/Images/ACR-161/WiseCare365 Testimonials.png"],"guid":"99d84161-4750-4f00-b0b3-20249f272511_5.4.7.543_1","appID":"WiseCare365-191216","dateAdded":"250410","deceptorType":"App","name":"WiseCare365","company":"Lespeed Technology Ltd","version":"5.4.7.543","sigName":"Deceptor:Win32/WiseCare365!004003014017016","firstVendorContactDate":"250410","firstAppEsteemReplyDate":"250411","firstResolvedDate":"250421","firstResolvedVersion":"7.2.4.697","resolved":"TRUE","lastKnownStatus":"5.4.5;5.4.7.543;6.6.6;7.2.2.695;","lastKnownDate":"250410","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"in-app purchases,paid,display ads","lastUpdate":"2025-04-21T00:00:00+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":4,"sortOrder":359},{"violations":{"ACR-003":"The identified issues are not substantiated. App exaggerates system status reporting 1414 problems.\n","ACR-004":"App uses alarming color and symbol to represent issues, it displays false alarming \"system protection is off\" though windows defender is on. It reports system has 4131 problems, that are not substantiated. \n","ACR-017":"The 3rd party  logos are not verifiable.\n","ACR-084":"The silence installation option exist in the app. The usage of this silence installation does not disclose if this is necessary for app. \"\"WiseCare365_5.4.5.541.exe\" /VERYSILENT /SUPPRESSMSGBOXES /NORESTART \"\n","ACR-014":"The app contains exaggerated word such as \"problems\" and \"obsolete\" and does not substantiate for identified results\n","ACR-016":"The offered app does not disclose EULA in the landing page and the apps from utilities perform direct download and installation.\n"},"nonDeceptorViolations":{"ACR-065":"The app does not disclose EULA, Privacy policy and Refund policy in the software.\nThe app does not disclose EULA and Refund policy in the landing page.\n","ACR-161":"Testimonials are not verifiable.\n","ACR-099":"The app does not contain uninstall information in the software.\nThe app does not contain uninstall information in the landing page.\n","ACR-120":"During uninstallation, the app offers same product to the consumer for free.\n","ACR-167":"The app does not disclose Return Policy in the docs.\n","ACR-017":"The logos are not verifiable.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\Wise\\Wise Care 365\\WiseCare365.exe","companyName":"WiseCleaner.com","productName":"Wise Care 365","productVersion":"5.4","fileVersion":"5.4.5.541","hashMD5":"e1d1aec4203ee9808aa400af97afdbbd","hashSHA1":"f8a622a265dc47e62623a0d46751c7bb551e0bc3","hashSHA256":"bd2267a9cca4516d9d5c23a8ab66a1ff7434297a24758623841a5df836493660","digitalCertThumbprint":"2D22CA45602F5AEB44C42F4C6A9CD879D8A23FF7","digitalCertIssuer":"Symantec Class 3 SHA256 Code Signing CA","digitalCertIssuedTo":"Lespeed Technology Ltd.","sourceIndex":"2586","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"WiseCare365_5.4.5.541.exe","isInstaller":"True","companyName":"WiseCleaner.com                                             ","productName":"Wise Care 365                                               ","productVersion":"5.4.5                                             ","fileVersion":"5.4.5               ","hashMD5":"d892c31423e039337ec0a41e6fd94e0a","hashSHA1":"673ab0828cb95db2e829b9cad3a7cd135a207ad7","hashSHA256":"dcc32a26ab73f0791977eeb59c50c034b7eb449e82fb63901141f9b42621a607","digitalCertThumbprint":"2D22CA45602F5AEB44C42F4C6A9CD879D8A23FF7","digitalCertIssuer":"Symantec Class 3 SHA256 Code Signing CA","digitalCertIssuedTo":"Lespeed Technology Ltd.","sourceIndex":"2586","avBlockList":["Avast Internet Security (20200121)","AVG Internet Security (20240430)","Avira Internet Security (20240430)","Bitdefender Internet Security (20240430)","Dr.Web Security Space (20240430)","ESET Internet Security (20240430)","G DATA INTERNET SECURITY (20240430)","Kaspersky Internet Security (20240430)","Malwarebytes Premium (20240430)","McAfee Total Protection (20240430)","Norton Security (20240430)","Panda Dome (20240430)","Sophos Home Premium (20240430)","Tencent PC Manager (20200121)","VIPRE Advanced Security (20240430)","VirIT eXplorer PRO (20240430)","Webroot SecureAnywhere (20240430)","Windows Defender (20240430)","SpyHunter5 (20240430)","Total AV Antivirus Pro (20240430)","Avast Premium Security (20240430)"],"avAllowList":["360 Total Security (20240430)","COMODO Antivirus (20240430)","K7 Total Security (20240430)","Quick Heal Internet Security (20240430)","Trend Micro Internet Security (20240430)"]}],"additionalFiles":[],"sources":[{"howFound":"google allintext search: PC Fix Error","reference":"wise PC 1stAid","landingPage":"https://www.wisecleaner.com/download.html","directDownloadingLink":"http://downloads.wisecleaner.com/soft/WiseCare365_5.4.5.541.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://downloads.wisecleaner.com/soft/WiseCare365_5.4.5.541.exe","sourceIndex":"2586"}],"sampleFiles":["191218/WiseCare365-191216/5.4.5/Samples/WiseCare365_5.4.5.541.exe"],"imageFiles":["191218/WiseCare365-191216/5.4.5/Images/ACR-004/ACR-004_Software_Raises_Urgency.JPG","191218/WiseCare365-191216/5.4.5/Images/ACR-084/ACR-084_Software_SilentInstallationExist.JPG","191218/WiseCare365-191216/5.4.5/Images/ACR-003/ACR-003_Software_IssuesCannotBeSubstantiated.JPG","191218/WiseCare365-191216/5.4.5/Images/ACR-014/ACR-014_Software_NeedsToCleanupExaggeratedWord.JPG","191218/WiseCare365-191216/5.4.5/Images/ACR-014/ACR-014_Software_NeedsToCleanupExaggeratedWords.JPG","191218/WiseCare365-191216/5.4.5/Images/ACR-014/ACR-014_Software_NeedsToCleanupExaggeratedWords1.JPG","191218/WiseCare365-191216/5.4.5/Images/ACR-014/ACR-014_Software_NeedsToCleanupExaggeratedWords2.JPG","191218/WiseCare365-191216/5.4.5/Images/ACR-014/ACR-014_Software_NeedsToCleanupExaggeratedWords3.JPG","191218/WiseCare365-191216/5.4.5/Images/ACR-014/ACR-014_Software_NeedsToCleanupExaggeratedWords4.JPG","191218/WiseCare365-191216/5.4.5/Images/ACR-014/ACR-014_Software_NeedsToCleanupExaggeratedWords5.JPG","191218/WiseCare365-191216/5.4.5/Images/ACR-014/ACR-014_Software_NeedsToCleanupExaggeratedWords6.JPG","191218/WiseCare365-191216/5.4.5/Images/ACR-017/ACR-017_InternalOffers_MisleadingLogo.JPG","191218/WiseCare365-191216/5.4.5/Images/ACR-017/ACR-017_InternalOffers_MisleadingLogos.JPG","191218/WiseCare365-191216/5.4.5/Images/ACR-016/ACR-016_AdsInsideApp_NoEULA.JPG","191218/WiseCare365-191216/5.4.5/Images/ACR-016/ACR-016_AdsInside_App_Does_Not_Disclose_EULA.JPG"],"nonDeceptorImageFiles":["191218/WiseCare365-191216/5.4.5/Images/ACR-065/ACR-065_Software_NoDocs.JPG","191218/WiseCare365-191216/5.4.5/Images/ACR-099/ACR-099_Software_NoUninstall_Info.JPG","191218/WiseCare365-191216/5.4.5/Images/ACR-120/ACR-120_Uninstall_OffersDiscount.JPG","191218/WiseCare365-191216/5.4.5/Images/ACR-167/ACR-167_Docs_NoRefundPolicy.JPG","191218/WiseCare365-191216/5.4.5/Images/ACR-065/ACR-065_LandingPage_NoEULA.JPG","191218/WiseCare365-191216/5.4.5/Images/ACR-099/ACR-099_LandingPage_NoUninstall_Info.JPG","191218/WiseCare365-191216/5.4.5/Images/ACR-017/ACR-017_LandingPage_MisleadingLogos.JPG","191218/WiseCare365-191216/5.4.5/Images/ACR-017/ACR-017_LandingPage_MisleadingLogos1.JPG","191218/WiseCare365-191216/5.4.5/Images/ACR-017/ACR-017_LandingPage_Unable_To_Verify_Logos.JPG","191218/WiseCare365-191216/5.4.5/Images/ACR-161/ACR-161_LandingPage_UnableToVerifyTestimonials.JPG"],"guid":"99d84161-4750-4f00-b0b3-20249f272511_5.4.5_1","appID":"WiseCare365-191216","dateAdded":"250410","deceptorType":"App","name":"WiseCare365","company":"Lespeed Technology Ltd","version":"5.4.5","sigName":"Deceptor:Win32/WiseCare365!004084003014017016","firstVendorContactDate":"250410","firstAppEsteemReplyDate":"250411","firstResolvedDate":"250421","firstResolvedVersion":"7.2.4.697","resolved":"TRUE","lastKnownStatus":"5.4.5;5.4.7.543;6.6.6;7.2.2.695;","lastKnownDate":"250410","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"in-app purchases,paid,display ads","lastUpdate":"2025-04-21T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":4,"sortOrder":360},{"violations":{"ACR-048":"The app does not provide an option to cancel installation\n","ACR-004":"The application doesn't provide a free fix (recovery) instead offering a subscription that the user needs to pay to fix it.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"BitwarSetup.exe","isInstaller":"True","companyName":"","productName":"Bitwar Data Recvery","productVersion":"","fileVersion":"7.3.2.0","hashMD5":"d40dd6a913acf738f915f85860d60e44","hashSHA1":"6369c34f4a28577fbe8974cbdbd8135d6e733e15","hashSHA256":"be4c1eb60a4a4dcfda8f859b8eda54063fc8c01580b202d435c3b8e3a031924e","digitalCertThumbprint":"FB821AE1D0D310FF459A9FD9266703BFAE2B0CEA","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Xiamen Baishengtong Software Technology Co.Ltd.","storeId":"","sourceIndex":"533","avBlockList":["ESET Internet Security (20241212)","K7 Total Security (20241212)","Panda Dome (20241212)","Quick Heal Internet Security (20241212)","Sophos Home Premium (20241212)","SpyHunter5 (20241212)","VirIT eXplorer PRO (20241212)","Webroot SecureAnywhere (20241212)","FortectPremium (20241212)"],"avAllowList":["360 Total Security (20241212)","Avast Premium Security (20241212)","AVG Internet Security (20241212)","Avira Internet Security (20241212)","Bitdefender Internet Security (20241212)","COMODO Antivirus (20241212)","Dr.Web Security Space (20241212)","G DATA INTERNET SECURITY (20241212)","KasperskyPremium (20241212)","Malwarebytes Premium (20241212)","McAfee Total Protection (20241212)","Norton Security (20241212)","Total AV Antivirus Pro (20241212)","Trend Micro Internet Security (20241212)","VIPRE Advanced Security (20241212)","Windows Defender (20241212)"]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on windows app","reference":"","landingPage":"https://www.r-datarecovery.com/","directDownloadingLink":"https://www.r-datarecovery.com/Downloads/BitwarSetup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.r-datarecovery.com/Downloads/BitwarSetup.exe","sourceIndex":"533"}],"sampleFiles":["240924/BitwarDataRecovery-240411/7.3.3.3102/Samples/BitwarSetup.exe"],"imageFiles":["240924/BitwarDataRecovery-240411/7.3.3.3102/Images/ACR-048/ACR-048.PNG","240924/BitwarDataRecovery-240411/7.3.3.3102/Images/ACR-004/ACR-004.PNG","240924/BitwarDataRecovery-240411/7.3.3.3102/Images/ACR-004/ACR-004_1.PNG"],"nonDeceptorImageFiles":[],"guid":"2c99f7eb-eda2-407d-a91c-5e1573b18e9b_7.3.3.3102_1","appID":"BitwarDataRecovery-240411","dateAdded":"250403","deceptorType":"App","name":"Bitwar Data Recovery","company":"Bitwarsoft","version":"7.3.3.3102","lastKnownStatus":"7.2.5.0; 7.2.6.0;7.3.3.3102;7.3.7.3165","lastKnownDate":"250403","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10,Windows 11","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2025-04-03T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":3,"sortOrder":372},{"violations":{"ACR-004":"The app shows scan results for free, but when the user tries to recover the data, the app requires a purchase of an auto-renewing subscription.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components on the device without the consumer's consent.\n"},"nonDeceptorViolations":{"ACR-045":"“Free Download\" highlights \"Free\" misleads user. The functionality that requires consumer payment in order to be activated needs to be marked clearly in landing page. Otherwise app should remove \"free\" word.\n","ACR-065":"The app does not display links to the EULA or the Privacy Policy.\n","ACR-161":"The landing page contains testimonials with no link back to original source, making them unable to be verified.\n"},"samples":[{"isRevoked":"False","fileName":"data-recovery.exe","isInstaller":"True","companyName":"                                                            ","productName":"                                                            ","productVersion":"2.1.8                                             ","fileVersion":"2.1.8               ","hashMD5":"630da3ea13e746a4552686b83322b481","hashSHA1":"a33da27d4c570cba50c88b51198dcd23e6b59e18","hashSHA256":"7b8e64b717dadc0e2e0da5b269d01500c287ca935927ed53847be75c4fa85022","digitalCertThumbprint":"76129700EE8294B7F9F417736BC1EC3F1A79CAC6","digitalCertIssuer":"GlobalSign GCC R45 CodeSigning CA 2020","digitalCertIssuedTo":"\"RayShare Co.","storeId":"","uriToBlock":"","sourceIndex":"543","avBlockList":["ESET Internet Security (20241205)","FortectPremium (20241205)","Malwarebytes Premium (20241205)","Panda Dome (20241205)","Quick Heal Internet Security (20241205)","Sophos Home Premium (20241205)","SpyHunter5 (20241205)","VirIT eXplorer PRO (20241205)","Webroot SecureAnywhere (20241205)"],"avAllowList":["360 Total Security (20241205)","Avast Premium Security (20241205)","AVG Internet Security (20241205)","Avira Internet Security (20241205)","Bitdefender Internet Security (20241205)","COMODO Antivirus (20241205)","Dr.Web Security Space (20241205)","G DATA INTERNET SECURITY (20241205)","K7 Total Security (20241205)","KasperskyPremium (20241205)","McAfee Total Protection (20241205)","Norton Security (20241205)","Total AV Antivirus Pro (20241205)","Trend Micro Internet Security (20241205)","VIPRE Advanced Security (20241205)","Windows Defender (20241205)"]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"","landingPage":"https://www.aiseesoft.com/data-recovery/","directDownloadingLink":"https://download.aiseesoft.com/data-recovery.exe?_gl=1*1arq5zq*_ga*MTIwMTExNTUyMC4xNzI2NTYwMjAy*_ga_M4E51HTXR8*MTcyNjU2MDIwMS4xLjEuMTcyNjU2MDQzNC4wLjAuMA.. ","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://download.aiseesoft.com/data-recovery.exe?_gl=1*1arq5zq*_ga*MTIwMTExNTUyMC4xNzI2NTYwMjAy*_ga_M4E51HTXR8*MTcyNjU2MDIwMS4xLjEuMTcyNjU2MDQzNC4wLjAuMA.. ","sourceIndex":"543"}],"sampleFiles":["240919/AiseesoftDataRecovery-240917/1.8.22/Samples/data-recovery.exe"],"imageFiles":["240919/AiseesoftDataRecovery-240917/1.8.22/Images/ACR-004/App7.png","240919/AiseesoftDataRecovery-240917/1.8.22/Images/ACR-004/offer1.png","240919/AiseesoftDataRecovery-240917/1.8.22/Images/ACR-004/offer2.png","240919/AiseesoftDataRecovery-240917/1.8.22/Images/ACR-004/offer3.png","240919/AiseesoftDataRecovery-240917/1.8.22/Images/ACR-118/retained files.png"],"nonDeceptorImageFiles":["240919/AiseesoftDataRecovery-240917/1.8.22/Images/ACR-065/app3.png","240919/AiseesoftDataRecovery-240917/1.8.22/Images/ACR-045/landingpage2.png","240919/AiseesoftDataRecovery-240917/1.8.22/Images/ACR-161/LandingPage.png"],"guid":"cb11b58a-620c-4f61-aad9-9b548fc48d73_1.8.22_1","appID":"AiseesoftDataRecovery-240917","dateAdded":"250403","deceptorType":"App","name":"Aiseesoft Data Recovery","company":"Aiseesoft Studio","version":"1.8.22","lastKnownStatus":"1.8.22;3.1.6","lastKnownDate":"250403","type":"Windows Executable","category":"SysTools & Utilities","targetCustomer":"enterprise,consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2025-04-03T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":375},{"violations":{"ACR-046":"The option \"Join Customer Experience Program\" is hidden by default, requiring the user to select custom installation. The option is also checked by default.\n","ACR-004":"The app shows scan results for free, but when the user tries to recover the data, the app requires a purchase of an auto-renewing subscription.\n","ACR-118":"When the user attempts to completely uninstall the app, it retains some of its components on the device without consent.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"data-recovery.exe","isInstaller":"True","fileVersion":"2.1","hashMD5":"34ed9a90486a7496eb762eaf8ea1db62","hashSHA1":"9ec32f3cad5ddb2ed5cc671b278b50ffad0957f5","hashSHA256":"faebcf9a040ea338c989fa04741fd50632f08e58e88c3f9add9061fa19de86b0","digitalCertThumbprint":"76129700EE8294B7F9F417736BC1EC3F1A79CAC6","digitalCertIssuer":"CN=GlobalSign GCC R45 CodeSigning CA 2020, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"E=rayshareltd@gmail.com, CN=\"RayShare Co., Ltd\", O=\"RayShare Co., Ltd\", L=Beijing, S=Beijing, C=CN","sourceIndex":"231","avBlockList":["ESET Internet Security (20250624)","FortectPremium (20250624)","K7 Total Security (20250624)","Malwarebytes Premium (20250624)","Panda Dome (20250624)","Quick Heal Internet Security (20250624)","Sophos Home Premium (20250624)","SpyHunter5 (20250624)","VirIT eXplorer PRO (20250624)","Webroot SecureAnywhere (20250624)"],"avAllowList":["360 Total Security (20250624)","Avast Premium Security (20250624)","AVG Internet Security (20250624)","Avira Internet Security (20250624)","Bitdefender Internet Security (20250624)","COMODO Antivirus (20250624)","Dr.Web Security Space (20250624)","G DATA INTERNET SECURITY (20250624)","KasperskyPremium (20250624)","McAfee Total Protection (20250624)","Norton Security (20250624)","Total AV Antivirus Pro (20250624)","Trend Micro Internet Security (20250624)","VIPRE Advanced Security (20250624)","Windows Defender (20250624)"]},{"isRevoked":"False","fileName":"Aiseesoft%20Data%20Recovery.exe","companyName":"Aiseesoft","fileVersion":"3.1","hashMD5":"925667686e32887a7995e7dc015db5c9","hashSHA1":"4455f89e91b6a8feed020c83182d933e07c042cd","hashSHA256":"16c0ca7bbc1eacea4caebed9f27833260e7a52827853bb68d1d8fc283876dae1","digitalCertThumbprint":"76129700EE8294B7F9F417736BC1EC3F1A79CAC6","digitalCertIssuer":"CN=GlobalSign GCC R45 CodeSigning CA 2020, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"E=rayshareltd@gmail.com, CN=\"RayShare Co., Ltd\", O=\"RayShare Co., Ltd\", L=Beijing, S=Beijing, C=CN","sourceIndex":"231","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"","landingPage":"https://www.aiseesoft.com/data-recovery/","directDownloadingLink":"https://download.aiseesoft.com/data-recovery.exe?_gl=1*1arq5zq*_ga*MTIwMTExNTUyMC4xNzI2NTYwMjAy*_ga_M4E51HTXR8*MTcyNjU2MDIwMS4xLjEuMTcyNjU2MDQzNC4wLjAuMA.. ","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://download.aiseesoft.com/data-recovery.exe?_gl=1*1arq5zq*_ga*MTIwMTExNTUyMC4xNzI2NTYwMjAy*_ga_M4E51HTXR8*MTcyNjU2MDIwMS4xLjEuMTcyNjU2MDQzNC4wLjAuMA.. ","sourceIndex":"231"}],"sampleFiles":["250403/AiseesoftDataRecovery-240917/3.1.6/Samples/data-recovery.exe","250403/AiseesoftDataRecovery-240917/3.1.6/Samples/Aiseesoft%20Data%20Recovery.exe"],"imageFiles":["250403/AiseesoftDataRecovery-240917/3.1.6/Images/ACR-046/installoptions.png","250403/AiseesoftDataRecovery-240917/3.1.6/Images/ACR-046/defaultinstall.png","250403/AiseesoftDataRecovery-240917/3.1.6/Images/ACR-004/ACR-004.png","250403/AiseesoftDataRecovery-240917/3.1.6/Images/ACR-004/subs.png","250403/AiseesoftDataRecovery-240917/3.1.6/Images/ACR-118/ACR-118.png"],"nonDeceptorImageFiles":[],"guid":"cb11b58a-620c-4f61-aad9-9b548fc48d73_3.1.6_1","appID":"AiseesoftDataRecovery-240917","dateAdded":"250403","deceptorType":"App","name":"Aiseesoft Data Recovery","company":"Aiseesoft Studio","version":"3.1.6","lastKnownStatus":"1.8.22;3.1.6","lastKnownDate":"250403","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 7,Windows 8,Windows 10,Windows 11","targetBrowser":"None","targetCustomer":"enterprise,consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2025-04-03T21:40:17.8354102+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":374},{"violations":{"ACR-004":"The application doesn't provide a free fix (recovery) instead offering a subscription that the user needs to pay to fix it.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"BitwarSetup.exe","isInstaller":"True","fileVersion":"7.2","hashMD5":"9c51fa5ec548f0fbd6a8be38e9c86b35","hashSHA1":"d0881461ac0b85b74fc46466265f4c4f9f6115bb","hashSHA256":"5403012c22903d72af24b546cbe905a91570461b93cca0b07cd425ac1abb4d38","digitalCertThumbprint":"FB821AE1D0D310FF459A9FD9266703BFAE2B0CEA","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=\"Xiamen Baishengtong Software Technology Co.,Ltd.\", O=\"Xiamen Baishengtong Software Technology Co.,Ltd.\", L=厦门市, S=福建省, C=CN, SERIALNUMBER=913502033029307724, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.1=思明区, OID.1.3.6.1.4.1.311.60.2.1.2=福建省, OID.1.3.6.1.4.1.311.60.2.1.3=CN","sourceIndex":"616","avBlockList":["360 Total Security (20240820)","ESET Internet Security (20240820)","FortectPremium (20240820)","K7 Total Security (20240820)","Norton Security (20240820)","Panda Dome (20240820)","Sophos Home Premium (20240820)","SpyHunter5 (20240820)","VirIT eXplorer PRO (20240820)","Webroot SecureAnywhere (20240820)","Windows Defender (20240820)"],"avAllowList":["Avast Premium Security (20240820)","AVG Internet Security (20240820)","Avira Internet Security (20240820)","Bitdefender Internet Security (20240820)","COMODO Antivirus (20240820)","Dr.Web Security Space (20240820)","G DATA INTERNET SECURITY (20240820)","Kaspersky Internet Security (20240718)","Malwarebytes Premium (20240820)","McAfee Total Protection (20240820)","Quick Heal Internet Security (20240820)","Total AV Antivirus Pro (20240820)","Trend Micro Internet Security (20240820)","VIPRE Advanced Security (20240820)","KasperskyPremium (20240820)"]},{"isRevoked":"False","fileName":"BitwarSetup%20(1).exe","isInstaller":"True","fileVersion":"7.2","hashMD5":"6421e03321e10ccfb4171a111538b802","hashSHA1":"f45c54dfb1d5ac5cb6b430dc6400d297c3754e4a","hashSHA256":"a0f21504eaa745d41f2c19aa0149a0f71b978471cb3703dc4c664f6ca3e218f9","digitalCertThumbprint":"FB821AE1D0D310FF459A9FD9266703BFAE2B0CEA","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=\"Xiamen Baishengtong Software Technology Co.,Ltd.\", O=\"Xiamen Baishengtong Software Technology Co.,Ltd.\", L=厦门市, S=福建省, C=CN, SERIALNUMBER=913502033029307724, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.1=思明区, OID.1.3.6.1.4.1.311.60.2.1.2=福建省, OID.1.3.6.1.4.1.311.60.2.1.3=CN","sourceIndex":"616","avBlockList":["ESET Internet Security (20240822)","FortectPremium (20240822)","Norton Security (20240822)","Panda Dome (20240822)","Sophos Home Premium (20240822)","SpyHunter5 (20240822)","VirIT eXplorer PRO (20240822)","Webroot SecureAnywhere (20240822)","Windows Defender (20240822)"],"avAllowList":["360 Total Security (20240822)","Avast Premium Security (20240822)","AVG Internet Security (20240822)","Avira Internet Security (20240822)","Bitdefender Internet Security (20240822)","COMODO Antivirus (20240822)","Dr.Web Security Space (20240822)","G DATA INTERNET SECURITY (20240822)","K7 Total Security (20240822)","Kaspersky Internet Security (20240718)","Malwarebytes Premium (20240822)","McAfee Total Protection (20240822)","Quick Heal Internet Security (20240822)","Total AV Antivirus Pro (20240822)","Trend Micro Internet Security (20240822)","VIPRE Advanced Security (20240822)","KasperskyPremium (20240822)"]}],"additionalFiles":[],"sources":[{"howFound":"random search for recovery apps","reference":"","landingPage":"https://www.r-datarecovery.com/","directDownloadingLink":"https://www.r-datarecovery.com/Downloads/BitwarSetup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.r-datarecovery.com/Downloads/BitwarSetup.exe","sourceIndex":"616"}],"sampleFiles":["240625/BitwarDataRecovery-240411/7.2.5.0/Samples/BitwarSetup.exe","240625/BitwarDataRecovery-240411/7.2.5.0/Samples/BitwarSetup%20(1).exe"],"imageFiles":["240625/BitwarDataRecovery-240411/7.2.5.0/Images/ACR-004/ACR-004_Software_1.png","240625/BitwarDataRecovery-240411/7.2.5.0/Images/ACR-004/ACR-004_Software_2.png","240625/BitwarDataRecovery-240411/7.2.5.0/Images/ACR-004/ACR-004_Software_3.png"],"nonDeceptorImageFiles":[],"guid":"2c99f7eb-eda2-407d-a91c-5e1573b18e9b_7.2.5.0_1","appID":"BitwarDataRecovery-240411","dateAdded":"250403","deceptorType":"App","name":"Bitwar Data Recovery","company":"Bitwarsoft","version":"7.2.5.0","lastKnownStatus":"7.2.5.0; 7.2.6.0;7.3.3.3102;7.3.7.3165","lastKnownDate":"250403","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10,Windows 11","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2025-04-03T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":3,"sortOrder":373},{"violations":{"ACR-048":"The app does not provide an option to cancel installation\n","ACR-004":"The application doesn't provide a free fix (recovery) instead offering a subscription that the user needs to pay to fix it.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"BitwarSetup.exe","isInstaller":"True","fileVersion":"7.3","hashMD5":"9e0aee8da3d1f63517d7f2662f586191","hashSHA1":"6928efc019764f84d1a5e92ae345787aed0fc953","hashSHA256":"e6b6cb9e0ba816c6089126b492396db1540f43492d41ba3633b52a1aaee4bc9b","digitalCertThumbprint":"FB821AE1D0D310FF459A9FD9266703BFAE2B0CEA","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=\"Xiamen Baishengtong Software Technology Co.,Ltd.\", O=\"Xiamen Baishengtong Software Technology Co.,Ltd.\", L=厦门市, S=福建省, C=CN, SERIALNUMBER=913502033029307724, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.1=思明区, OID.1.3.6.1.4.1.311.60.2.1.2=福建省, OID.1.3.6.1.4.1.311.60.2.1.3=CN","sourceIndex":"227","avBlockList":["360 Total Security (20250624)","ESET Internet Security (20250624)","FortectPremium (20250624)","K7 Total Security (20250624)","Panda Dome (20250624)","Quick Heal Internet Security (20250624)","Sophos Home Premium (20250624)","SpyHunter5 (20250624)","VirIT eXplorer PRO (20250624)","Webroot SecureAnywhere (20250624)"],"avAllowList":["Avast Premium Security (20250624)","AVG Internet Security (20250624)","Avira Internet Security (20250624)","Bitdefender Internet Security (20250624)","COMODO Antivirus (20250624)","Dr.Web Security Space (20250624)","G DATA INTERNET SECURITY (20250624)","KasperskyPremium (20250624)","Malwarebytes Premium (20250624)","McAfee Total Protection (20250624)","Norton Security (20250624)","Total AV Antivirus Pro (20250624)","Trend Micro Internet Security (20250624)","VIPRE Advanced Security (20250624)","Windows Defender (20250624)"]},{"isRevoked":"False","fileName":"RecoverMaster.exe","fileVersion":"7.3","hashMD5":"c41857a15418da118cd6f893a4464b3a","hashSHA1":"5650a394af6ee96e47d8a5c3f0ee55b8a7ce2778","hashSHA256":"d4631e2c7bb09c60a9a3b697108a8e7a4396eb9519fefc1b3fc58919fe72a19b","digitalCertThumbprint":"FB821AE1D0D310FF459A9FD9266703BFAE2B0CEA","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=\"Xiamen Baishengtong Software Technology Co.,Ltd.\", O=\"Xiamen Baishengtong Software Technology Co.,Ltd.\", L=厦门市, S=福建省, C=CN, SERIALNUMBER=913502033029307724, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.1=思明区, OID.1.3.6.1.4.1.311.60.2.1.2=福建省, OID.1.3.6.1.4.1.311.60.2.1.3=CN","sourceIndex":"227","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"random search for recovery apps","reference":"","landingPage":"https://www.r-datarecovery.com/","directDownloadingLink":"https://www.r-datarecovery.com/Downloads/BitwarSetup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.r-datarecovery.com/Downloads/BitwarSetup.exe","sourceIndex":"227"}],"sampleFiles":["250403/BitwarDataRecovery-240411/7.3.7.3165/Samples/BitwarSetup.exe","250403/BitwarDataRecovery-240411/7.3.7.3165/Samples/RecoverMaster.exe"],"imageFiles":["250403/BitwarDataRecovery-240411/7.3.7.3165/Images/ACR-048/install.png","250403/BitwarDataRecovery-240411/7.3.7.3165/Images/ACR-004/ACR-004.png","250403/BitwarDataRecovery-240411/7.3.7.3165/Images/ACR-004/ACR-004_2.png"],"nonDeceptorImageFiles":[],"guid":"2c99f7eb-eda2-407d-a91c-5e1573b18e9b_7.3.7.3165_1","appID":"BitwarDataRecovery-240411","dateAdded":"250403","deceptorType":"App","name":"Bitwar Data Recovery","company":"Bitwarsoft","version":"7.3.7.3165","lastKnownStatus":"7.2.5.0; 7.2.6.0;7.3.3.3102;7.3.7.3165","lastKnownDate":"250403","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10,Windows 11","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2025-04-03T22:47:13.849227+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":3,"sortOrder":371},{"violations":{"ACR-004":"Application doesn't provide free fix for all items reported, only allow to recover up to 1GB of data. Instead it offers subscription payment to completely recover files scanned.\n"},"nonDeceptorViolations":{"ACR-167":"App only offers a 15-day money-back guarantee.\n"},"samples":[{"isRevoked":"False","fileName":"icarepro.exe","isInstaller":"True","companyName":"iCareAll Inc.                                               ","fileVersion":"9.0","hashMD5":"d02ab582b51fd0132985dc683f2ff502","hashSHA1":"5b1aa25f3ae2e95a225d8b3a4da512a8086b95c2","hashSHA256":"7aef646d919ae456bb61426794c57741c19c574f06f6e0bf6ed8fbdd759caa5b","digitalCertThumbprint":"56CCB771C26C917AB9EE81D40C212A7C3AA5ECA1","digitalCertIssuer":"CN=Sectigo Public Code Signing CA EV R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=\"iCareAll Co., Limited\", O=\"iCareAll Co., Limited\", S=Hong Kong, C=HK, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=HK, SERIALNUMBER=2421831","sourceIndex":"535","avBlockList":["FortectPremium (20241212)","K7 Total Security (20241212)","Panda Dome (20241212)","Sophos Home Premium (20241212)","SpyHunter5 (20241212)","VirIT eXplorer PRO (20241212)","Webroot SecureAnywhere (20241212)"],"avAllowList":["360 Total Security (20241212)","Avast Premium Security (20241212)","AVG Internet Security (20241212)","Avira Internet Security (20241212)","Bitdefender Internet Security (20241212)","COMODO Antivirus (20241212)","Dr.Web Security Space (20241212)","ESET Internet Security (20241212)","G DATA INTERNET SECURITY (20241212)","KasperskyPremium (20241212)","Malwarebytes Premium (20241212)","McAfee Total Protection (20241212)","Norton Security (20241212)","Quick Heal Internet Security (20241212)","Total AV Antivirus Pro (20241212)","Trend Micro Internet Security (20241212)","VIPRE Advanced Security (20241212)","Windows Defender (20241212)"]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"","landingPage":"https://www.icare-recovery.com/","directDownloadingLink":"https://download.icare-recovery.com/icarepro.zip","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://download.icare-recovery.com/icarepro.zip","sourceIndex":"535"}],"sampleFiles":["240923/iCareRecoverPro-240919/9.0.0.6/Samples/icarepro.exe"],"imageFiles":["240923/iCareRecoverPro-240919/9.0.0.6/Images/ACR-004/ACR-004_Software_1.png","240923/iCareRecoverPro-240919/9.0.0.6/Images/ACR-004/ACR-004_Software_2.png","240923/iCareRecoverPro-240919/9.0.0.6/Images/ACR-004/ACR-004_Software_3.png"],"nonDeceptorImageFiles":["240923/iCareRecoverPro-240919/9.0.0.6/Images/ACR-167/ACR-167_Docs_1.png"],"guid":"10f588b7-9653-48e9-8fd4-56ca35db3dd3_9.0.0.6_1","appID":"iCareRecoverPro-240919","dateAdded":"250403","deceptorType":"App","name":"iCare Recovery Pro","company":"iCareAll Inc.","version":"9.0.0.6","lastKnownStatus":"9.0.0.6;9.0.0.9","lastKnownDate":"250403","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10,Windows 11","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2025-04-03T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":370},{"violations":{"ACR-004":"Application doesn't provide free fix for all items reported, only allow to recover up to 1GB of data. Instead it offers subscription payment to completely recover files scanned.\n"},"nonDeceptorViolations":{"ACR-167":"App only offers a 15-day money-back guarantee.\n"},"samples":[{"isRevoked":"False","fileName":"icarepro.exe","isInstaller":"True","companyName":"iCareAll Inc.                                               ","fileVersion":"9.0","hashMD5":"51d7e9564d2f93fa8484a2f91a982217","hashSHA1":"f54328fd2fbeb9d0c1957f833f8654ae6e432cf2","hashSHA256":"0ff06ff925bb84f0f2ed991242d2948629120bce79511485c1500af52b722312","digitalCertThumbprint":"56CCB771C26C917AB9EE81D40C212A7C3AA5ECA1","digitalCertIssuer":"CN=Sectigo Public Code Signing CA EV R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=\"iCareAll Co., Limited\", O=\"iCareAll Co., Limited\", S=Hong Kong, C=HK, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=HK, SERIALNUMBER=2421831","sourceIndex":"230","avBlockList":["FortectPremium (20250701)","G DATA INTERNET SECURITY (20250701)","K7 Total Security (20250701)","Panda Dome (20250701)","Quick Heal Internet Security (20250701)","Sophos Home Premium (20250701)","SpyHunter5 (20250701)","VirIT eXplorer PRO (20250701)","Webroot SecureAnywhere (20250701)","Windows Defender (20250701)"],"avAllowList":["360 Total Security (20250701)","Avast Premium Security (20250701)","AVG Internet Security (20250701)","Avira Internet Security (20250701)","Bitdefender Internet Security (20250701)","COMODO Antivirus (20250701)","Dr.Web Security Space (20250701)","ESET Internet Security (20250701)","KasperskyPremium (20250701)","Malwarebytes Premium (20250701)","McAfee Total Protection (20250701)","Norton Security (20250701)","Total AV Antivirus Pro (20250701)","Trend Micro Internet Security (20250701)","VIPRE Advanced Security (20250701)"]},{"isRevoked":"False","fileName":"iCDR.exe","companyName":"iCareAll Inc.","fileVersion":"9.0","hashMD5":"6d2808ae5aa56f576c59bdd821479d81","hashSHA1":"b33cf6d3fe1124f88e40ef9666083178d079db40","hashSHA256":"d68860273d4bb98f3db169b63ce8cc78b126f82ced239de462cce5cd85b6f6c4","digitalCertThumbprint":"56CCB771C26C917AB9EE81D40C212A7C3AA5ECA1","digitalCertIssuer":"CN=Sectigo Public Code Signing CA EV R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=\"iCareAll Co., Limited\", O=\"iCareAll Co., Limited\", S=Hong Kong, C=HK, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=HK, SERIALNUMBER=2421831","sourceIndex":"230","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"","landingPage":"https://www.icare-recovery.com/","directDownloadingLink":"https://download.icare-recovery.com/icarepro.zip","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://download.icare-recovery.com/icarepro.zip","sourceIndex":"230"}],"sampleFiles":["250403/iCareRecoverPro-240919/9.0.0.9/Samples/icarepro.exe","250403/iCareRecoverPro-240919/9.0.0.9/Samples/iCDR.exe"],"imageFiles":["250403/iCareRecoverPro-240919/9.0.0.9/Images/ACR-004/ACR-004.png","250403/iCareRecoverPro-240919/9.0.0.9/Images/ACR-004/subs.png"],"nonDeceptorImageFiles":["250403/iCareRecoverPro-240919/9.0.0.9/Images/ACR-167/15day.png"],"guid":"10f588b7-9653-48e9-8fd4-56ca35db3dd3_9.0.0.9_1","appID":"iCareRecoverPro-240919","dateAdded":"250403","deceptorType":"App","name":"iCare Recovery Pro","company":"iCareAll Inc.","version":"9.0.0.9","lastKnownStatus":"9.0.0.6;9.0.0.9","lastKnownDate":"250403","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 7,Windows 8,Windows 10,Windows 11","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2025-04-03T21:42:32.4917071+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":369},{"violations":{"ACR-004":"The application doesn't provide a free fix (recovery) instead offering a subscription that the user needs to pay to fix it.\n","ACR-165":"The app doesn't provide the following information in the shopping cart: 1. Cancellation of Auto-renewal via online. 2. when the user receives a notification for renewal.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files\\Remo Recover 6.0\\64\\rs-recover.exe","companyName":"Remo Software","productName":"Remo Recover [Windows]","productVersion":"6.0.0.229","fileVersion":"6.0.0.229","hashMD5":"c77f0450fcb056491a72f6bd9cf9cd3e","hashSHA1":"103143bd664193bdbadd6b6e458813d24e74a885","hashSHA256":"224bb723004ed86b2a4f5d45145472974e9cecd940a77cc3f30da7d529ab30bc","digitalCertThumbprint":"14A8114460357D854535F001B3907C3F67D4730E","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Remo Software Private Limited","storeId":"","sourceIndex":"704","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"remo-recover-windows.exe","isInstaller":"True","companyName":"Remo Software                                               ","productName":"Remo Recover                                                ","productVersion":"6.0.0.229                                         ","fileVersion":"6.0.0.229           ","hashMD5":"02c89e7bcd8084b750d0f17ea33b85b9","hashSHA1":"92ea0bbac33bf27cd4fbcd8a50b78c2daba08561","hashSHA256":"ef0cf74bb40a7e10e1a8fc80369a82be1390f2e6e096979307f0c278836bd1e4","digitalCertThumbprint":"14A8114460357D854535F001B3907C3F67D4730E","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Remo Software Private Limited","storeId":"","sourceIndex":"704","avBlockList":["360 Total Security (20240815)","ESET Internet Security (20240815)","Norton Security (20240815)","Panda Dome (20240815)","Quick Heal Internet Security (20240815)","Sophos Home Premium (20240815)","SpyHunter5 (20240815)","VirIT eXplorer PRO (20240815)","Webroot SecureAnywhere (20240815)","Windows Defender (20240815)","FortectPremium (20240815)"],"avAllowList":["Avast Premium Security (20240815)","AVG Internet Security (20240815)","Avira Internet Security (20240815)","Bitdefender Internet Security (20240815)","COMODO Antivirus (20240815)","Dr.Web Security Space (20240815)","G DATA INTERNET SECURITY (20240815)","K7 Total Security (20240815)","Kaspersky Internet Security (20240530)","Malwarebytes Premium (20240815)","McAfee Total Protection (20240815)","Total AV Antivirus Pro (20240815)","Trend Micro Internet Security (20240815)","VIPRE Advanced Security (20240815)","KasperskyPremium (20240815)"]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on windows app","reference":"","landingPage":"https://www.remosoftware.com/","directDownloadingLink":"https://remocdn1.azureedge.net/remosoftware/remo-recover-windows.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://remocdn1.azureedge.net/remosoftware/remo-recover-windows.exe","sourceIndex":"704"}],"sampleFiles":["240325/RemoRecover-240322/6.0.0.229/Samples/remo-recover-windows.exe"],"imageFiles":["240325/RemoRecover-240322/6.0.0.229/Images/ACR-004/ACR-004.PNG","240325/RemoRecover-240322/6.0.0.229/Images/ACR-004/ACR-004_1.PNG","240325/RemoRecover-240322/6.0.0.229/Images/ACR-165/ACR-165_Internal offers_1.png"],"nonDeceptorImageFiles":[],"guid":"6d41ccf6-4d8c-497c-bf04-46e2cad088a0_6.0.0.229_1","appID":"RemoRecover-240322","dateAdded":"250403","deceptorType":"App","name":"Remo Recover","company":"Remo Software","version":"6.0.0.229","lastKnownStatus":"6.0.0.229;6.0.0.232;6.0.0.233;6.0.0.234;6.0.0.241;6.0.0.242;6.0.0.243;6.0.0.250","lastKnownDate":"250403","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10,Windows 11","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2025-04-03T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":8,"sortOrder":368},{"violations":{"ACR-004":"The application doesn't provide a free fix (recovery) instead offering a subscription that the user needs to pay to fix it.\n","ACR-165":"The app doesn't provide the following information in the shopping cart: 1. Cancellation of Auto-renewal via online. 2. when the user receives a notification for renewal.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"remo-recover-windows.exe","isInstaller":"True","companyName":"Remo Software                                               ","fileVersion":"6.0.0.232","hashMD5":"a0c452bc880c8223c082a9a54aee55bd","hashSHA1":"59b64f8f81cf54085865bde0af53c08f6ee80f94","hashSHA256":"616322795329c1f5d200bba4e93d77496e723d26347fcb5a9c2c3d075ef448a5","digitalCertThumbprint":"14A8114460357D854535F001B3907C3F67D4730E","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Remo Software Private Limited, O=Remo Software Private Limited, L=Bengaluru, S=Karnataka, C=IN, SERIALNUMBER=058074, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=IN","sourceIndex":"639","avBlockList":["ESET Internet Security (20240806)","K7 Total Security (20240806)","Norton Security (20240806)","Panda Dome (20240806)","Sophos Home Premium (20240806)","SpyHunter5 (20240806)","VirIT eXplorer PRO (20240806)","Webroot SecureAnywhere (20240806)","Windows Defender (20240806)","FortectPremium (20240806)"],"avAllowList":["360 Total Security (20240806)","Avast Premium Security (20240806)","AVG Internet Security (20240806)","Avira Internet Security (20240806)","Bitdefender Internet Security (20240806)","COMODO Antivirus (20240806)","Dr.Web Security Space (20240806)","G DATA INTERNET SECURITY (20240806)","Kaspersky Internet Security (20240702)","Malwarebytes Premium (20240806)","McAfee Total Protection (20240806)","Quick Heal Internet Security (20240806)","Total AV Antivirus Pro (20240806)","Trend Micro Internet Security (20240806)","VIPRE Advanced Security (20240806)"]},{"isRevoked":"False","fileName":"rs-recover.exe","companyName":"Remo Software","fileVersion":"6.0.0.232","hashMD5":"d7b8579e95192af103736e715d14bc25","hashSHA1":"c57fb88b3ff370a25c664cf18759d1a99800260d","hashSHA256":"f8d4c5f30b364a7dbc6ddd65b01e6f00e88ca19ed9a34132c4891f843e49b6ef","digitalCertThumbprint":"14A8114460357D854535F001B3907C3F67D4730E","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Remo Software Private Limited, O=Remo Software Private Limited, L=Bengaluru, S=Karnataka, C=IN, SERIALNUMBER=058074, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=IN","sourceIndex":"639","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on windows app","reference":"","landingPage":"https://www.remosoftware.com/","directDownloadingLink":"https://remocdn1.azureedge.net/remosoftware/remo-recover-windows.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://remocdn1.azureedge.net/remosoftware/remo-recover-windows.exe","sourceIndex":"639"}],"sampleFiles":["240522/RemoRecover-240322/6.0.0.232/Samples/remo-recover-windows%20(1).exe","240522/RemoRecover-240322/6.0.0.232/Samples/rs-recover.exe"],"imageFiles":["240522/RemoRecover-240322/6.0.0.232/Images/ACR-004/ACR004.png","240522/RemoRecover-240322/6.0.0.232/Images/ACR-004/ACR004_2.png","240522/RemoRecover-240322/6.0.0.232/Images/ACR-165/ACR165.png"],"nonDeceptorImageFiles":[],"guid":"6d41ccf6-4d8c-497c-bf04-46e2cad088a0_6.0.0.232_1","appID":"RemoRecover-240322","dateAdded":"250403","deceptorType":"App","name":"Remo Recover","company":"Remo Software","version":"6.0.0.232","lastKnownStatus":"6.0.0.229;6.0.0.232;6.0.0.233;6.0.0.234;6.0.0.241;6.0.0.242;6.0.0.243;6.0.0.250","lastKnownDate":"250403","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10,Windows 11","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2025-04-03T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":8,"sortOrder":367},{"violations":{"ACR-004":"The application doesn't provide a free fix (recovery) instead offering a subscription that the user needs to pay to fix it.\n","ACR-165":"The app doesn't provide the following information in the shopping cart: 1. Cancellation of Auto-renewal via online. 2. when the user receives a notification for renewal.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files\\Remo Recover 6.0\\32\\rs-recover.exe","companyName":"Remo Software","productName":"Remo Recover [Windows]","productVersion":"6.0.0.234","fileVersion":"6.0.0.234","hashMD5":"6f23c264553a2f36139defeb1e925a7e","hashSHA1":"56565e711dbf82a20ad45aecce9256eb20ed2280","hashSHA256":"829ce68d94c871c1c2638c991efcdf35cc21363cfa7c78d70e695f95b571db16","digitalCertThumbprint":"38C7373AD794C30D18D7F04412B0B6BD54248743","digitalCertIssuer":"Sectigo Public Code Signing CA EV R36","digitalCertIssuedTo":"Remo Software Private Limited","storeId":"","sourceIndex":"620","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"remo-recover-windows.exe","isInstaller":"True","companyName":"Remo Software                                               ","productName":"Remo Recover                                                ","productVersion":"6.0.0.234                                         ","fileVersion":"6.0.0.234           ","hashMD5":"950bfb01d84deb273b3a4993e63d35b8","hashSHA1":"d8f10b482cfbf4d6367cab23c1f7084a2b51f567","hashSHA256":"7c3af8307c60fcca21acb5b00774d2c01ed5ba75ce22548c3450b4393e5358df","digitalCertThumbprint":"38C7373AD794C30D18D7F04412B0B6BD54248743","digitalCertIssuer":"Sectigo Public Code Signing CA EV R36","digitalCertIssuedTo":"Remo Software Private Limited","storeId":"","sourceIndex":"620","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on windows app","reference":"","landingPage":"https://www.remosoftware.com/","directDownloadingLink":"https://download.remosoftware.com/remo-recover-windows.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://download.remosoftware.com/remo-recover-windows.exe","sourceIndex":"620"}],"sampleFiles":["240624/RemoRecover-240322/6.0.0.234/Samples/remo-recover-windows.exe"],"imageFiles":["240624/RemoRecover-240322/6.0.0.234/Images/ACR-004/ACR-004.PNG","240624/RemoRecover-240322/6.0.0.234/Images/ACR-004/ACR-004_1.PNG","240624/RemoRecover-240322/6.0.0.234/Images/ACR-165/ACR-165.PNG"],"nonDeceptorImageFiles":[],"guid":"6d41ccf6-4d8c-497c-bf04-46e2cad088a0_6.0.0.234_1","appID":"RemoRecover-240322","dateAdded":"250403","deceptorType":"App","name":"Remo Recover","company":"Remo Software","version":"6.0.0.234","lastKnownStatus":"6.0.0.229;6.0.0.232;6.0.0.233;6.0.0.234;6.0.0.241;6.0.0.242;6.0.0.243;6.0.0.250","lastKnownDate":"250403","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10,Windows 11","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2025-04-03T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":8,"sortOrder":365},{"violations":{"ACR-004":"The application doesn't provide a free fix (recovery) instead offering a subscription that the user needs to pay to fix it.\n","ACR-165":"The app doesn't provide the following information in the shopping cart: 1. Cancellation of Auto-renewal via online. 2. when the user receives a notification for renewal.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"remo-recover-windows.exe","isInstaller":"True","companyName":"Remo Software                                               ","productName":"Remo Recover                                                ","productVersion":"6.0.0.241                                         ","fileVersion":"6.0.0.241           ","hashMD5":"5b8b60716ad9eaa2ace347920dbf570d","hashSHA1":"43e5d7a1f6ef168d89104371a0dddfbeb139791a","hashSHA256":"6f0adcf9fbf04406315a1801e2dea6f3c98d90c8176a9ec29978c56144ee9f8a","digitalCertThumbprint":"38C7373AD794C30D18D7F04412B0B6BD54248743","digitalCertIssuer":"Sectigo Public Code Signing CA EV R36","digitalCertIssuedTo":"Remo Software Private Limited","storeId":"","sourceIndex":"579","avBlockList":["360 Total Security (20240820)","ESET Internet Security (20240820)","FortectPremium (20240820)","K7 Total Security (20240820)","Norton Security (20240820)","Panda Dome (20240820)","Quick Heal Internet Security (20240820)","Sophos Home Premium (20240820)","SpyHunter5 (20240820)","VirIT eXplorer PRO (20240820)","Webroot SecureAnywhere (20240820)","Windows Defender (20240820)"],"avAllowList":["Avast Premium Security (20240820)","AVG Internet Security (20240820)","Avira Internet Security (20240820)","Bitdefender Internet Security (20240820)","COMODO Antivirus (20240820)","Dr.Web Security Space (20240820)","G DATA INTERNET SECURITY (20240820)","KasperskyPremium (20240820)","Malwarebytes Premium (20240820)","McAfee Total Protection (20240820)","Total AV Antivirus Pro (20240820)","Trend Micro Internet Security (20240820)","VIPRE Advanced Security (20240820)"]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on windows app","reference":"","landingPage":"https://www.remosoftware.com/","directDownloadingLink":"https://download.remosoftware.com/remo-recover-windows.exe\t","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://download.remosoftware.com/remo-recover-windows.exe\t","sourceIndex":"579"}],"sampleFiles":["240805/RemoRecover-240322/6.0.0.241/Samples/remo-recover-windows.exe"],"imageFiles":["240805/RemoRecover-240322/6.0.0.241/Images/ACR-004/ACR-004.PNG","240805/RemoRecover-240322/6.0.0.241/Images/ACR-004/ACR-004_1.PNG","240805/RemoRecover-240322/6.0.0.241/Images/ACR-165/ACR-165.PNG"],"nonDeceptorImageFiles":[],"guid":"6d41ccf6-4d8c-497c-bf04-46e2cad088a0_6.0.0.241_1","appID":"RemoRecover-240322","dateAdded":"250403","deceptorType":"App","name":"Remo Recover","company":"Remo Software","version":"6.0.0.241","lastKnownStatus":"6.0.0.229;6.0.0.232;6.0.0.233;6.0.0.234;6.0.0.241;6.0.0.242;6.0.0.243;6.0.0.250","lastKnownDate":"250403","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10,Windows 11","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2025-04-03T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":8,"sortOrder":364},{"violations":{"ACR-004":"The application doesn't provide a free fix (recovery) instead offering a subscription that the user needs to pay to fix it.\n","ACR-165":"The app doesn't provide the following information in the shopping cart: 1. Cancellation of Auto-renewal via online. 2. when the user receives a notification for renewal.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"remo-recover-windows.exe","isInstaller":"True","companyName":"Remo Software                                               ","productName":"Remo Recover                                                ","productVersion":"6.0.0.242                                         ","fileVersion":"6.0.0.242           ","hashMD5":"3a8a535968281e7cbe93b88b0ec4bbd9","hashSHA1":"8ae09aba04b0b4dc023462665918a081ce3ee16c","hashSHA256":"5419e81835f5c0489e16573be3e84414699ee23018cdf24ffbf2b1376d3ea3c2","digitalCertThumbprint":"38C7373AD794C30D18D7F04412B0B6BD54248743","digitalCertIssuer":"Sectigo Public Code Signing CA EV R36","digitalCertIssuedTo":"Remo Software Private Limited","storeId":"","sourceIndex":"573","avBlockList":["360 Total Security (20240903)","ESET Internet Security (20240903)","FortectPremium (20240903)","K7 Total Security (20240903)","Norton Security (20240903)","Panda Dome (20240903)","Quick Heal Internet Security (20240903)","Sophos Home Premium (20240903)","SpyHunter5 (20240903)","VirIT eXplorer PRO (20240903)","Webroot SecureAnywhere (20240903)","Windows Defender (20240903)"],"avAllowList":["Avast Premium Security (20240903)","AVG Internet Security (20240903)","Avira Internet Security (20240903)","Bitdefender Internet Security (20240903)","COMODO Antivirus (20240903)","Dr.Web Security Space (20240903)","G DATA INTERNET SECURITY (20240903)","KasperskyPremium (20240903)","Malwarebytes Premium (20240903)","McAfee Total Protection (20240903)","Total AV Antivirus Pro (20240903)","Trend Micro Internet Security (20240903)","VIPRE Advanced Security (20240903)"]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on windows app","reference":"","landingPage":"https://www.remosoftware.com/","directDownloadingLink":"https://www.remosoftware.com/thank-you-for-downloading-rw","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.remosoftware.com/thank-you-for-downloading-rw","sourceIndex":"573"}],"sampleFiles":["240819/RemoRecover-240322/6.0.0.242/Samples/remo-recover-windows.exe"],"imageFiles":["240819/RemoRecover-240322/6.0.0.242/Images/ACR-004/ACR-004.PNG","240819/RemoRecover-240322/6.0.0.242/Images/ACR-004/ACR-004_1.PNG","240819/RemoRecover-240322/6.0.0.242/Images/ACR-165/ACR-165.PNG"],"nonDeceptorImageFiles":[],"guid":"6d41ccf6-4d8c-497c-bf04-46e2cad088a0_6.0.0.242_1","appID":"RemoRecover-240322","dateAdded":"250403","deceptorType":"App","name":"Remo Recover","company":"Remo Software","version":"6.0.0.242","lastKnownStatus":"6.0.0.229;6.0.0.232;6.0.0.233;6.0.0.234;6.0.0.241;6.0.0.242;6.0.0.243;6.0.0.250","lastKnownDate":"250403","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10,Windows 11","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2025-04-03T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":8,"sortOrder":363},{"violations":{"ACR-004":"The application doesn't provide a free fix (recovery) instead offering a subscription that the user needs to pay to fix it.\n","ACR-165":"The app doesn't provide the following information in the shopping cart: 1. Cancellation of Auto-renewal via online. 2. when the user receives a notification for renewal.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files\\Remo Recover 6.0\\32\\rs-recover.exe","companyName":"Remo Software","productName":"Remo Recover [Windows]","productVersion":"6.0.0.233","fileVersion":"6.0.0.233","hashMD5":"4f0e69f13e5a78266b9181d1663e1315","hashSHA1":"d67ba5677fb8e081547f27b4fbec543827043c98","hashSHA256":"bbdc344158f28eeefe8808d05e0fbf9dd5ec343bd55ec59e52c225d2e00802e5","digitalCertThumbprint":"14A8114460357D854535F001B3907C3F67D4730E","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Remo Software Private Limited","storeId":"","sourceIndex":"621","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"remo-recover-windows.exe","isInstaller":"True","companyName":"Remo Software                                               ","productName":"Remo Recover                                                ","productVersion":"6.0.0.233                                         ","fileVersion":"6.0.0.233           ","hashMD5":"61f8b0d65f97695fdcc6453fd44c9731","hashSHA1":"cfdf3be90d493763b39fd3c31280bbf7efd7f6f6","hashSHA256":"31e2c794137a53e8d3b22efd8ee744d4833e52bbea8e530aa38a774836d38ea0","digitalCertThumbprint":"14A8114460357D854535F001B3907C3F67D4730E","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Remo Software Private Limited","storeId":"","sourceIndex":"621","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on windows app","reference":"","landingPage":"https://www.remosoftware.com/","directDownloadingLink":"https://remocdn1.azureedge.net/remosoftware/remo-recover-windows.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://remocdn1.azureedge.net/remosoftware/remo-recover-windows.exe","sourceIndex":"621"}],"sampleFiles":["240624/RemoRecover-240322/6.0.0.233/Samples/remo-recover-windows.exe"],"imageFiles":["240624/RemoRecover-240322/6.0.0.233/Images/ACR-004/ACR-004.PNG","240624/RemoRecover-240322/6.0.0.233/Images/ACR-004/ACR-004_1.PNG","240624/RemoRecover-240322/6.0.0.233/Images/ACR-165/ACR-165.PNG"],"nonDeceptorImageFiles":[],"guid":"6d41ccf6-4d8c-497c-bf04-46e2cad088a0_6.0.0.233_1","appID":"RemoRecover-240322","dateAdded":"250403","deceptorType":"App","name":"Remo Recover","company":"Remo Software","version":"6.0.0.233","lastKnownStatus":"6.0.0.229;6.0.0.232;6.0.0.233;6.0.0.234;6.0.0.241;6.0.0.242;6.0.0.243;6.0.0.250","lastKnownDate":"250403","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10,Windows 11","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2025-04-03T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":8,"sortOrder":366},{"violations":{"ACR-004":"The application doesn't provide a free fix (recovery) instead offering a subscription that the user needs to pay to fix it.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"remo-recover-windows.exe","isInstaller":"True","companyName":"Remo Software                                               ","fileVersion":"6.0","hashMD5":"704f4dbd5d1e27bd909c431f22a39810","hashSHA1":"c972579092ac0010e1c1dbc39cbd9a273b158036","hashSHA256":"c28cdf505539787f348ee50f1ac3143780db62b5329d482167278b9354c36e40","digitalCertThumbprint":"38C7373AD794C30D18D7F04412B0B6BD54248743","digitalCertIssuer":"CN=Sectigo Public Code Signing CA EV R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=Remo Software Private Limited, O=Remo Software Private Limited, S=Karnataka, C=IN, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=IN, SERIALNUMBER=058074","sourceIndex":"229","avBlockList":["360 Total Security (20250701)","Bitdefender Internet Security (20250701)","Dr.Web Security Space (20250701)","ESET Internet Security (20250701)","FortectPremium (20250701)","G DATA INTERNET SECURITY (20250701)","K7 Total Security (20250701)","Malwarebytes Premium (20250701)","Panda Dome (20250701)","Quick Heal Internet Security (20250701)","Sophos Home Premium (20250701)","SpyHunter5 (20250701)","VIPRE Advanced Security (20250701)","VirIT eXplorer PRO (20250701)","Webroot SecureAnywhere (20250701)"],"avAllowList":["Avast Premium Security (20250701)","AVG Internet Security (20250701)","Avira Internet Security (20250701)","COMODO Antivirus (20250701)","KasperskyPremium (20250701)","McAfee Total Protection (20250701)","Norton Security (20250701)","Total AV Antivirus Pro (20250701)","Trend Micro Internet Security (20250701)","Windows Defender (20250701)"]},{"isRevoked":"False","fileName":"rs-recover.exe","companyName":"Remo Software","fileVersion":"6.0","hashMD5":"d167af9f6ca523d9e800cf6c94e93a20","hashSHA1":"a538b220292b62a65a42911d5aa7dbfe0d8a5034","hashSHA256":"b284fb7960f528ba07c760faf38417457af6f825e1ae2d305f3add41f3f3cf3c","digitalCertThumbprint":"38C7373AD794C30D18D7F04412B0B6BD54248743","digitalCertIssuer":"CN=Sectigo Public Code Signing CA EV R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=Remo Software Private Limited, O=Remo Software Private Limited, S=Karnataka, C=IN, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=IN, SERIALNUMBER=058074","sourceIndex":"229","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on windows app","reference":"","landingPage":"https://www.remosoftware.com/","directDownloadingLink":"https://remocdn1.azureedge.net/remosoftware/remo-recover-windows.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://remocdn1.azureedge.net/remosoftware/remo-recover-windows.exe","sourceIndex":"229"}],"sampleFiles":["250403/RemoRecover-240322/6.0.0.250/Samples/remo-recover-windows.exe","250403/RemoRecover-240322/6.0.0.250/Samples/rs-recover.exe"],"imageFiles":["250403/RemoRecover-240322/6.0.0.250/Images/ACR-004/ACR-004.png","250403/RemoRecover-240322/6.0.0.250/Images/ACR-004/subs.png"],"nonDeceptorImageFiles":[],"guid":"6d41ccf6-4d8c-497c-bf04-46e2cad088a0_6.0.0.250_1","appID":"RemoRecover-240322","dateAdded":"250403","deceptorType":"App","name":"Remo Recover","company":"Remo Software","version":"6.0.0.250","lastKnownStatus":"6.0.0.229;6.0.0.232;6.0.0.233;6.0.0.234;6.0.0.241;6.0.0.242;6.0.0.243;6.0.0.250","lastKnownDate":"250403","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 7,Windows 8,Windows 10,Windows 11","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2025-04-03T21:44:08.0876105+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":8,"sortOrder":361},{"violations":{"ACR-004":"The application doesn't provide a free fix (recovery) instead offering a subscription that the user needs to pay to fix it.\n","ACR-165":"The app doesn't provide the following information in the shopping cart: 1. Cancellation of Auto-renewal via online. 2. when the user receives a notification for renewal.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files\\Remo Recover 6.0\\32\\rs-recover.exe","companyName":"Remo Software","productName":"Remo Recover [Windows]","productVersion":"6.0.0.243","fileVersion":"6.0.0.243","hashMD5":"21fa9ccede8de9d8790f2365843c5bc6","hashSHA1":"d4babe526aa7d4d093521b1da964e9be66c213e6","hashSHA256":"01f36c185478cbbde66d047eeaf1affb725fbfd90ca0f180ecc6fa0726306fc3","digitalCertThumbprint":"38C7373AD794C30D18D7F04412B0B6BD54248743","digitalCertIssuer":"Sectigo Public Code Signing CA EV R36","digitalCertIssuedTo":"Remo Software Private Limited","storeId":"","sourceIndex":"544","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"remo-recover-windows.exe","isInstaller":"True","companyName":"Remo Software                                               ","productName":"Remo Recover                                                ","productVersion":"6.0.0.243                                         ","fileVersion":"6.0.0.243           ","hashMD5":"0f1185ffb87e085caa7459a1b3a43503","hashSHA1":"d0d7fe5bcb4ca6978ef74e66d4d30e656ada16f8","hashSHA256":"05762207878823c5616dd4050f20d39b95557059dca101c7fd974565f434e109","digitalCertThumbprint":"38C7373AD794C30D18D7F04412B0B6BD54248743","digitalCertIssuer":"Sectigo Public Code Signing CA EV R36","digitalCertIssuedTo":"Remo Software Private Limited","storeId":"","sourceIndex":"544","avBlockList":["360 Total Security (20241205)","ESET Internet Security (20241205)","FortectPremium (20241205)","K7 Total Security (20241205)","Malwarebytes Premium (20241205)","Panda Dome (20241205)","Quick Heal Internet Security (20241205)","Sophos Home Premium (20241205)","SpyHunter5 (20241205)","VirIT eXplorer PRO (20241205)","Webroot SecureAnywhere (20241205)","Windows Defender (20241205)"],"avAllowList":["Avast Premium Security (20241205)","AVG Internet Security (20241205)","Avira Internet Security (20241205)","Bitdefender Internet Security (20241205)","COMODO Antivirus (20241205)","Dr.Web Security Space (20241205)","G DATA INTERNET SECURITY (20241205)","KasperskyPremium (20241205)","McAfee Total Protection (20241205)","Norton Security (20241205)","Total AV Antivirus Pro (20241205)","Trend Micro Internet Security (20241205)","VIPRE Advanced Security (20241205)"]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on windows app","reference":"","landingPage":"https://www.remosoftware.com/","directDownloadingLink":"https://download.remosoftware.com/remo-recover-windows.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://download.remosoftware.com/remo-recover-windows.exe","sourceIndex":"544"}],"sampleFiles":["240919/RemoRecover-240322/6.0.0.243/Samples/remo-recover-windows.exe"],"imageFiles":["240919/RemoRecover-240322/6.0.0.243/Images/ACR-004/ACR-004.PNG","240919/RemoRecover-240322/6.0.0.243/Images/ACR-004/ACR-004_1.PNG","240919/RemoRecover-240322/6.0.0.243/Images/ACR-165/ACR-165.PNG"],"nonDeceptorImageFiles":[],"guid":"6d41ccf6-4d8c-497c-bf04-46e2cad088a0_6.0.0.243_1","appID":"RemoRecover-240322","dateAdded":"250403","deceptorType":"App","name":"Remo Recover","company":"Remo Software","version":"6.0.0.243","lastKnownStatus":"6.0.0.229;6.0.0.232;6.0.0.233;6.0.0.234;6.0.0.241;6.0.0.242;6.0.0.243;6.0.0.250","lastKnownDate":"250403","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10,Windows 11","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2025-04-03T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":8,"sortOrder":362},{"violations":{"ACR-007":"App does not obtain user consent to reduce the consumer's security posture caused by collecting user's IP and sharing User's IP in its proxy service.\n","ACR-084":"Application is still running in background and communicating with remote serverprofil24.com even after user disconnects the VPN service and close the application to systray\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"zenshield-vpn-1.0.16-x64.dmg","isInstaller":"True","fileVersion":"0.","hashMD5":"1d1d8abfefc18c5d2f8e9362feb877f3","hashSHA1":"51c5cd602373d63de8567da63b625f3152ca2d8f","hashSHA256":"69dad27acd3fbe79049d717f0e63047cefba1f33830a05511deee95626757729","sourceIndex":"235","avBlockList":["Avira Security for Mac (20250513)","Sophos Home Premium For Mac (20250513)","SpyHunterforMac (20250513)","Trend Micro Antivirus for Mac (20250513)"],"avAllowList":["Avast Security for Mac (20250513)","Bitdefender Antivirus for Mac (20250513)","ESET Cyber Security Pro for Mac (20250513)","G DATA AntiVirus for Mac (20250513)","K7 Antivirus for Mac (20250513)","Kaspersky Internet Security for Mac (20250513)","McAfee Internet Security for Mac (20250513)","Norton Security for Mac (20250513)"]},{"isRevoked":"False","fileName":"zenshield-vpn-1.0.16-arm64.dmg","isInstaller":"True","fileVersion":"0.","hashMD5":"58c419d70d0fafe647a89656bea39d44","hashSHA1":"998307701c35b48610be95317065c145e4dc6f81","hashSHA256":"d53c4d336f4d62469ff1978a6d237b25a3192600dc20e06fa3c8b528557c8061","sourceIndex":"235","avBlockList":["Avira Security for Mac (20250408)","Sophos Home Premium For Mac (20250408)","SpyHunterforMac (20250408)","Trend Micro Antivirus for Mac (20250408)"],"avAllowList":["Avast Security for Mac (20250408)","Bitdefender Antivirus for Mac (20250408)","ESET Cyber Security Pro for Mac (20250408)","G DATA AntiVirus for Mac (20250408)","K7 Antivirus for Mac (20250408)","Kaspersky Internet Security for Mac (20250408)","McAfee Internet Security for Mac (20250408)","Norton Security for Mac (20250408)"]},{"isRevoked":"False","fileName":"ZenShield%20VPN","fileVersion":"0.","hashMD5":"d721ddef8450937efb6b3035b412ca0e","hashSHA1":"b58463ffde2837ada8b4cc4239885da0cdc1aa68","hashSHA256":"f6392ef3a78be0f07f50d0681926f5657f0825d233aac6486a12b1b243ec7974","sourceIndex":"235","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"VPN ","reference":"","landingPage":"https://zenshield.com","directDownloadingLink":"https://zenshield.s3.fr-par.scw.cloud/desktop-app/updates/1.0.16/zenshield-vpn-1.0.16-arm64.dmg","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://zenshield.s3.fr-par.scw.cloud/desktop-app/updates/1.0.16/zenshield-vpn-1.0.16-arm64.dmg","sourceIndex":"235"}],"sampleFiles":["250307/ZenShieldVPN-250307/1.0.16/Samples/zenshield-vpn-1.0.16-x64.dmg","250307/ZenShieldVPN-250307/1.0.16/Samples/zenshield-vpn-1.0.16-arm64.dmg"],"imageFiles":["250307/ZenShieldVPN-250307/1.0.16/Images/ACR-084/Screenshot 2025-03-07 at 3.56.57 PM.png"],"nonDeceptorImageFiles":[],"guid":"a5e7b06e-d1fd-4a82-b989-f01bc74382f2_1.0.16_1","appID":"ZenShieldVPN-250307","dateAdded":"250307","deceptorType":"MacOS App","name":"ZenShieldVPN","company":"Geonode Pte Ltd","version":"1.0.16","lastKnownStatus":"1.0.16","lastKnownDate":"250307","type":"MacOS App","category":"Personalization & Search, SysTools & Utilities","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer,enterprise","monetization":"net proxy,search","lastUpdate":"2025-03-08T00:16:11.4328298+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":376},{"violations":{"ACR-042":"Application drops undisclosed components (browser profile) without obtain user's permission. \n","ACR-043":"Application doesn't disclose its installation location before it installs in hidden folder with different name.\n","ACR-084":"1. Loading the undisclosed browser profile and launching hidden chrome browser process in background without disclosing its purpose and usage to user. \n2. Process running in background silently without notifying user when user closes the application\n","ACR-116":"Application can't be uninstall by platform standard method\n","ACR-014":"Application doesn't provide the same features as it claims in its landing page(https://flexdocu.com/#features)\n"},"nonDeceptorViolations":{"ACR-038":"Application drops and installs under hidden folder with different name from the application itself.\n"},"samples":[{"isRevoked":"False","fileName":"FlexDocu.exe","isInstaller":"True","companyName":"DocuFlex.com","fileVersion":"1.0","hashMD5":"808e96070d04203b66c2dcdf8ed0561e","hashSHA1":"4fedb130bb90da284aa240a4ff9cf1f089bf727f","hashSHA256":"9b2ddac89d3c5575cb8666586e13544b7488ea2be38bd4b00f6b9da44c7c5923","digitalCertThumbprint":"F438441BFA63C729FC02ECD41D91587441DE35CE","digitalCertIssuer":"CN=SSL.com EV Code Signing Intermediate CA RSA R3, O=SSL Corp, L=Houston, S=Texas, C=US","digitalCertIssuedTo":"OID.1.3.6.1.4.1.311.60.2.1.3=GB, OID.2.5.4.15=Private Organization, CN=BD RELATIONS LIMITED, SERIALNUMBER=SC748507, O=BD RELATIONS LIMITED, L=Edinburgh, S=Scotland, C=GB","sourceIndex":"237","avBlockList":["Avast Premium Security (20250529)","AVG Internet Security (20250529)","Avira Internet Security (20250529)","ESET Internet Security (20250529)","FortectPremium (20250529)","K7 Total Security (20250529)","KasperskyPremium (20250529)","Malwarebytes Premium (20250529)","McAfee Total Protection (20250529)","Norton Security (20250529)","Panda Dome (20250529)","Quick Heal Internet Security (20250529)","Sophos Home Premium (20250529)","SpyHunter5 (20250529)","Total AV Antivirus Pro (20250529)","VirIT eXplorer PRO (20250529)","Webroot SecureAnywhere (20250529)","Windows Defender (20250529)"],"avAllowList":["360 Total Security (20250529)","Bitdefender Internet Security (20250529)","COMODO Antivirus (20250529)","Dr.Web Security Space (20250529)","G DATA INTERNET SECURITY (20250529)","Trend Micro Internet Security (20250529)","VIPRE Advanced Security (20250529)"]}],"additionalFiles":[],"sources":[{"howFound":"partner repor","reference":"","landingPage":"https://flexdocu.com/","directDownloadingLink":"https://flexdocu.com/FlexDocu.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://flexdocu.com/FlexDocu.exe","sourceIndex":"237"}],"sampleFiles":["250305/FlexDocu-250305/1.0.0.0/Samples/FlexDocu.exe"],"imageFiles":["250305/FlexDocu-250305/1.0.0.0/Images/ACR-043/ACR-043_Install_1.png","250305/FlexDocu-250305/1.0.0.0/Images/ACR-043/ACR-043_Install_2.png","250305/FlexDocu-250305/1.0.0.0/Images/ACR-043/ACR-043_Install_3.png","250305/FlexDocu-250305/1.0.0.0/Images/ACR-042/ACR-042_Install_1.png","250305/FlexDocu-250305/1.0.0.0/Images/ACR-084/ACR-084_Software_1.png","250305/FlexDocu-250305/1.0.0.0/Images/ACR-084/ACR-084_Software_2.png","250305/FlexDocu-250305/1.0.0.0/Images/ACR-014/ACR-014_Software_1.png","250305/FlexDocu-250305/1.0.0.0/Images/ACR-116/ACR-116_Uninstall_1.png"],"nonDeceptorImageFiles":["250305/FlexDocu-250305/1.0.0.0/Images/ACR-038/ACR-038_Install_1.png"],"guid":"e542cb37-40b7-47bb-95df-121bb084a7d2_1.0.0.0_1","appID":"FlexDocu-250305","dateAdded":"250305","deceptorType":"App","name":"FlexDocu","company":"BD RELATIONS LIMITED","version":"1.0.0.0","lastKnownStatus":"1.0.0.0","lastKnownDate":"250305","type":"Windows Executable","category":"Personalization & Search, Productivity","targetOS":"Windows 8,Windows 11,Windows 7,Windows 10","targetBrowser":"Chrome","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"search","lastUpdate":"2025-03-05T22:25:45.5710132+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":377},{"violations":{"ACR-046":"Application hides the unexpected behavior setting (run when my computer starts) and significant changes to system (make opera the default browser) behind an Options link. \n","ACR-124":"Uninstallation adds unnecessary friction to the user's uninstallation decision.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"OperaSetup.exe","isInstaller":"True","fileVersion":"117.0","hashMD5":"830bf48f455e8101e11da2190ebd6fcc","hashSHA1":"0771e3feaaf1fdf1bc710002deea2b15ab210c21","hashSHA256":"c5400a43dcac5c46c4ac7c32943ade6288e477b597a55ba7df07160fc596d765","digitalCertThumbprint":"BF684995EFEA2306448FF2930367C60AC0F7172C","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Opera Norway AS, O=Opera Norway AS, L=Oslo, S=Oslo, C=NO, SERIALNUMBER=916 368 127, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=NO","sourceIndex":"222","avBlockList":["FortectPremium (20250422)","K7 Total Security (20250422)","Quick Heal Internet Security (20250422)","Sophos Home Premium (20250422)","SpyHunter5 (20250422)"],"avAllowList":["360 Total Security (20250422)","Avast Premium Security (20250422)","AVG Internet Security (20250422)","Avira Internet Security (20250422)","Bitdefender Internet Security (20250422)","COMODO Antivirus (20250422)","Dr.Web Security Space (20250422)","ESET Internet Security (20250422)","G DATA INTERNET SECURITY (20250422)","KasperskyPremium (20250422)","Malwarebytes Premium (20250422)","McAfee Total Protection (20250422)","Norton Security (20250422)","Panda Dome (20250422)","Total AV Antivirus Pro (20250422)","Trend Micro Internet Security (20250422)","VIPRE Advanced Security (20250422)","VirIT eXplorer PRO (20250422)","Webroot SecureAnywhere (20250422)","Windows Defender (20250422)"]},{"isRevoked":"False","fileName":"Opera_117.0.5408.35_Setup_x64.exe","isInstaller":"True","companyName":"Opera Software","fileVersion":"117.0","hashMD5":"917cec4275ea6d80871604e9b2774779","hashSHA1":"3f83ed8d8c34acf5739e25e5b580ff4e4129e00b","hashSHA256":"4fc7e236ca434ba5a2622432cc068104862af73793189f9c36857c28267aec05","digitalCertThumbprint":"BF684995EFEA2306448FF2930367C60AC0F7172C","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Opera Norway AS, O=Opera Norway AS, L=Oslo, S=Oslo, C=NO, SERIALNUMBER=916 368 127, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=NO","sourceIndex":"222","avBlockList":["FortectPremium (20250410)","K7 Total Security (20250410)","Sophos Home Premium (20250410)","SpyHunter5 (20250410)"],"avAllowList":["360 Total Security (20250410)","Avast Premium Security (20250410)","AVG Internet Security (20250410)","Avira Internet Security (20250410)","Bitdefender Internet Security (20250410)","COMODO Antivirus (20250410)","Dr.Web Security Space (20250410)","ESET Internet Security (20250410)","G DATA INTERNET SECURITY (20250410)","KasperskyPremium (20250410)","Malwarebytes Premium (20250410)","McAfee Total Protection (20250410)","Norton Security (20250410)","Panda Dome (20250410)","Quick Heal Internet Security (20250410)","Total AV Antivirus Pro (20250410)","Trend Micro Internet Security (20250410)","VIPRE Advanced Security (20250410)","VirIT eXplorer PRO (20250410)","Webroot SecureAnywhere (20250410)","Windows Defender (20250410)"]},{"isRevoked":"False","fileName":"OperaSetup_softonic.exe","isInstaller":"True","fileVersion":"117.0","hashMD5":"1f5fb1ac3f0fd88cb07b66f42c9537ad","hashSHA1":"1c0385d7dbf01eaa29e8227746f7ccbd81d5a809","hashSHA256":"16a985dc3e64e514a62f64383b8ef26061dc5f2989e566bd057810923e3cd6bb","digitalCertThumbprint":"BF684995EFEA2306448FF2930367C60AC0F7172C","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Opera Norway AS, O=Opera Norway AS, L=Oslo, S=Oslo, C=NO, SERIALNUMBER=916 368 127, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=NO","sourceIndex":"222","avBlockList":["ESET Internet Security (20250417)","FortectPremium (20250417)","K7 Total Security (20250417)","Quick Heal Internet Security (20250417)","Sophos Home Premium (20250417)","SpyHunter5 (20250417)"],"avAllowList":["360 Total Security (20250417)","Avast Premium Security (20250417)","AVG Internet Security (20250417)","Avira Internet Security (20250417)","Bitdefender Internet Security (20250417)","COMODO Antivirus (20250417)","Dr.Web Security Space (20250417)","G DATA INTERNET SECURITY (20250417)","KasperskyPremium (20250417)","Malwarebytes Premium (20250417)","McAfee Total Protection (20250417)","Norton Security (20250417)","Panda Dome (20250417)","Total AV Antivirus Pro (20250417)","Trend Micro Internet Security (20250417)","VIPRE Advanced Security (20250417)","VirIT eXplorer PRO (20250417)","Webroot SecureAnywhere (20250417)","Windows Defender (20250417)"]}],"additionalFiles":[],"sources":[{"howFound":"Browser","reference":"","landingPage":"https://en.softonic.com/s/opera","ipv4":"","ipv6":"","sourceIndex":"222"},{"howFound":"","reference":"","landingPage":"https://www.opera.com/","directDownloadingLink":"https://www.opera.com/computer/thanks?ni=stable&os=windows&gclid=EAIaIQobChMIuPL4lOTQiwMVryKtBh1DXikiEAAYASAAEgJzyfD_BwE","ipv4":"","ipv6":"","sourceIndex":"223"}],"sampleFiles":["250220/Opera-250219/117.0.5408.35/Samples/OperaSetup.exe","250220/Opera-250219/117.0.5408.35/Samples/OperaSetup_softonic.exe"],"imageFiles":["250220/Opera-250219/117.0.5408.35/Images/ACR-046/ACR-046_Install_1.png","250220/Opera-250219/117.0.5408.35/Images/ACR-046/ACR-046_Install_2.png","250220/Opera-250219/117.0.5408.35/Images/ACR-046/ACR-046_Install_3.png","250220/Opera-250219/117.0.5408.35/Images/ACR-124/ACR-124_Uninstall_1.png","250220/Opera-250219/117.0.5408.35/Images/ACR-124/ACR-124_Uninstall_2.png","250220/Opera-250219/117.0.5408.35/Images/ACR-124/ACR-124_Uninstall_3.png"],"nonDeceptorImageFiles":[],"guid":"c6d0d28c-60ac-49e6-b2f7-90372a0fb558_117.0.5408.35_1","appID":"Opera-250219","dateAdded":"250220","deceptorType":"App","name":"OperaBrowser","company":"Opera Software","version":"117.0.5408.35","firstVendorContactDate":"250423","firstAppEsteemReplyDate":"250423","firstResolvedDate":"250423","firstResolvedVersion":"118.0.5461.60","resolved":"TRUE","lastKnownStatus":"117.0.5408.35","lastKnownDate":"250220","type":"Windows Executable","category":"Productivity, Personalization & Search","targetOS":"None","targetBrowser":"None","targetCustomer":"consumer,enterprise","ageAppropriate":"Child appropriate","monetization":"search","lastUpdate":"2025-04-23T22:17:50.0750434+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":378},{"violations":{"ACR-042":"The \"CryptoTab Browser\" components get dropped in one click without presenting EULA/PP and obtaining user's agreement and permission, not disclosing the installation path and allowing user to change it.\n","ACR-043":"The app installs extensions by default without any disclosure & the user's consent.\n","ACR-048":"The app does not provide any control to cancel the installation. Even on canceling it installs the application anyway.\nNo setting control for user to disable the startup items\n\n","ACR-006":"The app does not disclose the search engine changed during installation.\n","ACR-084":"The app creates undisclosed tasks and startup to perform actions without the consumer's knowledge and consent.\n","ACR-104":"The app does not clearly disclose he search engine (CyptoTab) used and changed.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components on the device without the consumer's consent or notifying the user.\n"},"nonDeceptorViolations":{"ACR-065":"The installation prompt has no link to the EULA and/or Terms of Service, private policy\nThe software has no link to the EULA and/or Terms of Service, private policy\n","ACR-036":"The app does not disclose the search relationships with \"Yahoo\" and other search providers details are not disclosed in Docs.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files\\CryptoTab Browser\\Application\\browser.exe","companyName":"The Chromium and CryptoTab Browser Authors","productName":"CryptoTab Browser","productVersion":"96.0.4664.110","fileVersion":"96.0.4664.110","hashMD5":"5ec252cd804a5409377c1faf7eb784bb","hashSHA1":"1aba1dbb6471860c4ce04b357dee092513758025","hashSHA256":"c071b0a40d094ab61debf1c0d7121f6a2507d3300a371888cba70c5498610585","digitalCertThumbprint":"2C1DF7D16EAB13384B949EFEFBB1E1F5FE149DCA","digitalCertIssuer":"DigiCert EV Code Signing CA (SHA2)","digitalCertIssuedTo":"CRYPTOCOMPANY OÜ","storeId":"","sourceIndex":"1445","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"BrowserSetup_MV0kntM.exe","isInstaller":"True","companyName":"CRYPTOCOMPANY OU","productName":"CryptoTab Update","productVersion":"1.3.99.31","fileVersion":"1.3.99.31","hashMD5":"c335e3fd6218d622bdad4f9b1fa3bac6","hashSHA1":"e06ce4c13e3aba92cfc007cdc928a7f020082496","hashSHA256":"3c63d911e4f911f2ba6f411e93ba850091aac9c6c4c962eee914358ac1ac8e0c","digitalCertThumbprint":"AA4FF56213ACAB4F174C4994FABDDF6019662DE3","digitalCertIssuer":"DigiCert EV Code Signing CA (SHA2)","digitalCertIssuedTo":"CRYPTOCOMPANY OÜ","storeId":"","sourceIndex":"1445","avBlockList":["360 Total Security (20220428)","Avast Premium Security (20220428)","AVG Internet Security (20220428)","Avira Internet Security (20220428)","Bitdefender Internet Security (20220428)","ESET Internet Security (20220428)","G DATA INTERNET SECURITY (20220428)","K7 Total Security (20220428)","McAfee Total Protection (20220428)","Norton Security (20220428)","Sophos Home Premium (20220428)","SpyHunter5 (20220428)","Tencent PC Manager (20220428)","Total AV Antivirus Pro (20220428)","VIPRE Advanced Security (20220428)","VirIT eXplorer PRO (20220428)"],"avAllowList":["COMODO Antivirus (20220428)","Dr.Web Security Space (20220428)","Kaspersky Internet Security (20220428)","Malwarebytes Premium (20220428)","Panda Dome (20220428)","Quick Heal Internet Security (20220428)","Trend Micro Internet Security (20220428)","Webroot SecureAnywhere (20220428)","Windows Defender (20220428)"]}],"additionalFiles":[],"sources":[{"howFound":"Mining browser","reference":"","landingPage":"https://cryptobrowser.site/","directDownloadingLink":"https://cryptobrowser.site/get/BrowserSetup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://cryptobrowser.site/get/BrowserSetup.exe","sourceIndex":"1445"}],"sampleFiles":["220523/CryptoTab-220216/1.3.99.31/Samples/BrowserSetup_MV0kntM.exe"],"imageFiles":["220523/CryptoTab-220216/1.3.99.31/Images/ACR-043/ACR-043_Install_NoDisclosureAboutExtensions.JPG","220523/CryptoTab-220216/1.3.99.31/Images/ACR-042/ACR-042_Install.JPG","220523/CryptoTab-220216/1.3.99.31/Images/ACR-048/ACR-048_Install_No_Control.JPG","220523/CryptoTab-220216/1.3.99.31/Images/ACR-006/ACR-006_Install.JPG","220523/CryptoTab-220216/1.3.99.31/Images/ACR-084/ACR-084_Software_Undisclosed.JPG","220523/CryptoTab-220216/1.3.99.31/Images/ACR-084/ACR-084_Software_Undisclosed_1.JPG","220523/CryptoTab-220216/1.3.99.31/Images/ACR-104/ACR-104_Software.JPG","220523/CryptoTab-220216/1.3.99.31/Images/ACR-048/ACR-048_Software_No_Control_1.JPG","220523/CryptoTab-220216/1.3.99.31/Images/ACR-118/ACR-118_Uninstall.JPG"],"nonDeceptorImageFiles":["220523/CryptoTab-220216/1.3.99.31/Images/ACR-065/ACR-065_Install_No_Docs.JPG","220523/CryptoTab-220216/1.3.99.31/Images/ACR-065/ACR-065_Software_No_Docs.JPG","220523/CryptoTab-220216/1.3.99.31/Images/ACR-036/ACR-036_Docs.JPG"],"guid":"92d3bbed-97c0-44c8-9df8-b43ece78d5a8_1.3.99.31_1","appID":"CryptoTab-220216","dateAdded":"250213","deceptorType":"App","name":"Crypto Tab","company":"CRYPTOCOMPANY OU","version":"1.3.99.31","sigName":"Deceptor:Win32/CryptoTab!043042048006084104118","firstResolvedVersion":"","lastKnownStatus":"1.3.99.31;1.3.105.33;131.0.6778.109","lastKnownDate":"250213","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10,Windows Server","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2025-02-13T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":3,"sortOrder":380},{"violations":{"ACR-043":"The app installs multiple extensions by default without disclosure and without the user's consent.\n","ACR-006":"The app does not disclose the search engine \"CryptoTab meta\" is serving up Yahoo! search results.\n","ACR-104":"The app does not clearly disclose the search engine (CyptoTab) and that it redirects to Yahoo!\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"CTBrowserSetup_9oSBzfjILQ.exe","isInstaller":"True","fileVersion":"1.0","hashMD5":"a0fab21c52fb92a79bc492d2eb91d1d6","hashSHA1":"03d14da347c554669916d60e24bee1b540c2822e","hashSHA256":"e10f9d22cdbc39874ce875fd8031c3db26f58daf20ee8ae6a82de9ed2dfc7863","digitalCertThumbprint":"2C1DF7D16EAB13384B949EFEFBB1E1F5FE149DCA","digitalCertIssuer":"CN=DigiCert EV Code Signing CA (SHA2), OU=www.digicert.com, O=DigiCert Inc, C=US","digitalCertIssuedTo":"CN=CRYPTOCOMPANY OÜ, OU=Cryptocompany OU, O=CRYPTOCOMPANY OÜ, L=Tartu, C=EE, SERIALNUMBER=14448767, OID.1.3.6.1.4.1.311.60.2.1.3=EE, OID.2.5.4.15=Private Organization","sourceIndex":"239","avBlockList":["360 Total Security (20250508)","Avast Premium Security (20250508)","AVG Internet Security (20250508)","Avira Internet Security (20250508)","Bitdefender Internet Security (20250508)","Dr.Web Security Space (20250508)","ESET Internet Security (20250508)","FortectPremium (20250508)","G DATA INTERNET SECURITY (20250508)","K7 Total Security (20250508)","KasperskyPremium (20250508)","Malwarebytes Premium (20250508)","McAfee Total Protection (20250508)","Norton Security (20250508)","Panda Dome (20250508)","Quick Heal Internet Security (20250508)","Sophos Home Premium (20250508)","SpyHunter5 (20250508)","VIPRE Advanced Security (20250508)","VirIT eXplorer PRO (20250508)","Webroot SecureAnywhere (20250508)"],"avAllowList":["COMODO Antivirus (20250508)","Total AV Antivirus Pro (20250508)","Trend Micro Internet Security (20250508)","Windows Defender (20250508)"]}],"additionalFiles":[],"sources":[{"howFound":"Mining browser","reference":"","landingPage":"https://cryptobrowser.site/","directDownloadingLink":"https://cryptobrowser.site/get/BrowserSetup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://cryptobrowser.site/get/BrowserSetup.exe","sourceIndex":"239"}],"sampleFiles":["250213/CryptoTab-220216/131.0.6778.109/Samples/CTBrowserSetup_9oSBzfjILQ.exe"],"imageFiles":["250213/CryptoTab-220216/131.0.6778.109/Images/ACR-043/Extensions.PNG","250213/CryptoTab-220216/131.0.6778.109/Images/ACR-006/Search.PNG","250213/CryptoTab-220216/131.0.6778.109/Images/ACR-006/Search2.PNG","250213/CryptoTab-220216/131.0.6778.109/Images/ACR-104/Search.PNG","250213/CryptoTab-220216/131.0.6778.109/Images/ACR-104/Search2.PNG"],"nonDeceptorImageFiles":[],"guid":"92d3bbed-97c0-44c8-9df8-b43ece78d5a8_131.0.6778.109_1","appID":"CryptoTab-220216","dateAdded":"250213","deceptorType":"App","name":"Crypto Tab","company":"CRYPTOCOMPANY OU","version":"131.0.6778.109","firstResolvedVersion":"","lastKnownStatus":"1.3.99.31;1.3.105.33;131.0.6778.109","lastKnownDate":"250213","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10,Windows 11","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,search,mining","lastUpdate":"2025-02-18T23:57:49.3578134+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":3,"sortOrder":379},{"violations":{"ACR-042":"The \"CryptoTab Browser\" components get dropped prior to obtaining the user's agreement and permission.\n","ACR-043":"The app installs the \"CT Access\" extension by default without disclosure and without the user's consent.\n","ACR-048":"When cancelling the install, the app leaves dropped files behind.\nThe app didn't provide any control to disable the startup within the app's settings.\n\n","ACR-006":"The app does not disclose the search engine \"CryptoTab\" is serving up Yahoo! search results.\n","ACR-084":"The app creates undisclosed tasks and startup to perform actions without the consumer's knowledge and consent.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components on the device without the consumer's consent or notifying the user.\n"},"nonDeceptorViolations":{"ACR-065":"The installation prompt has no link to the privacy policy.\nThe software has no link to the EULA and/or Terms of Service, private policy\n","ACR-123":"The app does not remove the scheduled tasks even after uninstall\n","ACR-036":"The app does not disclose the search relationships with \"Yahoo\" and other search providers details are not disclosed in Docs.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files\\CryptoTab Browser\\Application\\browser.exe","companyName":"The Chromium and CryptoTab Browser Authors","productName":"CryptoTab Browser","productVersion":"100.0.4896.127","fileVersion":"100.0.4896.127","hashMD5":"2ee70371cb462efd4008e473a78945f9","hashSHA1":"bb6dd88529b1f4ab0662147fea6943be8455f16f","hashSHA256":"d3309ed148310a6fd01e407b89123f8aca0e521c309f91602acd7c5dfa120bca","digitalCertThumbprint":"2C1DF7D16EAB13384B949EFEFBB1E1F5FE149DCA","digitalCertIssuer":"DigiCert EV Code Signing CA (SHA2)","digitalCertIssuedTo":"CRYPTOCOMPANY OÜ","storeId":"","sourceIndex":"1446","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\CryptoCompany\\Update\\1.3.105.33\\CryptoTabCrashHandler.exe","companyName":"CRYPTOCOMPANY OU","productName":"CryptoTab Update","productVersion":"1.3.105.33","fileVersion":"1.3.105.33","hashMD5":"78a1e4539259d5c3b9a08c7202dda82f","hashSHA1":"9fff6f10f75bea5773f83c4e812f8455d345f778","hashSHA256":"22f72e52f4ade9f09f9b54570e6e767b90c2899d332647f64d5e8938c96141c9","digitalCertThumbprint":"2C1DF7D16EAB13384B949EFEFBB1E1F5FE149DCA","digitalCertIssuer":"DigiCert EV Code Signing CA (SHA2)","digitalCertIssuedTo":"CRYPTOCOMPANY OÜ","storeId":"","sourceIndex":"1446","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\CryptoCompany\\Update\\1.3.105.33\\CryptoTabCrashHandler64.exe","companyName":"CRYPTOCOMPANY OU","productName":"CryptoTab Update","productVersion":"1.3.105.33","fileVersion":"1.3.105.33","hashMD5":"b03210be81f3d96ad00e78ce6fc6268d","hashSHA1":"9e455b3728b0f2ca8644609e59ef4bca76ad4485","hashSHA256":"882dd82a5b7ba2e288fc195d0ee0e2b31c6b2a7c3eedab77b734604b95c97c3f","digitalCertThumbprint":"2C1DF7D16EAB13384B949EFEFBB1E1F5FE149DCA","digitalCertIssuer":"DigiCert EV Code Signing CA (SHA2)","digitalCertIssuedTo":"CRYPTOCOMPANY OÜ","storeId":"","sourceIndex":"1446","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"BrowserSetup_fuIX21v.exe","isInstaller":"True","companyName":"CRYPTOCOMPANY OU","productName":"CryptoTab Update","productVersion":"1.3.105.33","fileVersion":"1.3.105.33","hashMD5":"75ff46ac7d54eb84dc8632c5c2b24f27","hashSHA1":"83891c47ad4b322d6a6548291f1130f38d7239e8","hashSHA256":"89d591d1161c8f959818bb3d5cf7fa2c79dd64b5e376a9791697be416da9efaf","digitalCertThumbprint":"2C1DF7D16EAB13384B949EFEFBB1E1F5FE149DCA","digitalCertIssuer":"DigiCert EV Code Signing CA (SHA2)","digitalCertIssuedTo":"CRYPTOCOMPANY OÜ","storeId":"","sourceIndex":"1446","avBlockList":["360 Total Security (20220602)","Avira Internet Security (20220602)","Bitdefender Internet Security (20220602)","ESET Internet Security (20220602)","G DATA INTERNET SECURITY (20220602)","K7 Total Security (20220602)","McAfee Total Protection (20220602)","Norton Security (20220602)","Sophos Home Premium (20220602)","SpyHunter5 (20220602)","Total AV Antivirus Pro (20220602)","VIPRE Advanced Security (20220602)","VirIT eXplorer PRO (20220602)","Webroot SecureAnywhere (20220602)"],"avAllowList":["Avast Premium Security (20220602)","AVG Internet Security (20220602)","COMODO Antivirus (20220602)","Dr.Web Security Space (20220602)","Kaspersky Internet Security (20220602)","Malwarebytes Premium (20220602)","Panda Dome (20220602)","Quick Heal Internet Security (20220602)","Tencent PC Manager (20220602)","Trend Micro Internet Security (20220602)","Windows Defender (20220602)"]}],"additionalFiles":[],"sources":[{"howFound":"Mining browser","reference":"","landingPage":"https://cryptobrowser.site/","directDownloadingLink":"https://cryptobrowser.site/get/BrowserSetup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://cryptobrowser.site/get/BrowserSetup.exe","sourceIndex":"1446"}],"sampleFiles":["220523/CryptoTab-220216/1.3.105.33/Samples/BrowserSetup_fuIX21v.exe"],"imageFiles":["220523/CryptoTab-220216/1.3.105.33/Images/ACR-043/ACR-043_Install_NoDisclosureAboutExtensions.JPG","220523/CryptoTab-220216/1.3.105.33/Images/ACR-042/ACR-042_Install.JPG","220523/CryptoTab-220216/1.3.105.33/Images/ACR-048/ACR-048_Install.JPG","220523/CryptoTab-220216/1.3.105.33/Images/ACR-006/ACR-006_Install.JPG","220523/CryptoTab-220216/1.3.105.33/Images/ACR-084/ACR-048_Software.JPG","220523/CryptoTab-220216/1.3.105.33/Images/ACR-084/ACR-048_Software_1.JPG","220523/CryptoTab-220216/1.3.105.33/Images/ACR-048/ACR-048_Software.JPG","220523/CryptoTab-220216/1.3.105.33/Images/ACR-118/ACR0-118_Uninstall.JPG"],"nonDeceptorImageFiles":["220523/CryptoTab-220216/1.3.105.33/Images/ACR-065/ACR-065_Install.JPG","220523/CryptoTab-220216/1.3.105.33/Images/ACR-065/ACR-065_Software.JPG","220523/CryptoTab-220216/1.3.105.33/Images/ACR-123/ACR-123_Uninstall.JPG","220523/CryptoTab-220216/1.3.105.33/Images/ACR-036/ACR-036_Docs.JPG"],"guid":"92d3bbed-97c0-44c8-9df8-b43ece78d5a8_1.3.105.33_1","appID":"CryptoTab-220216","dateAdded":"250213","deceptorType":"App","name":"Crypto Tab","company":"CRYPTOCOMPANY OU","version":"1.3.105.33","firstResolvedVersion":"","lastKnownStatus":"1.3.99.31;1.3.105.33;131.0.6778.109","lastKnownDate":"250213","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10,Windows Server","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2025-02-13T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":3,"sortOrder":381},{"violations":{"ACR-008":"Application doesn't provide the accessible free solution to fix the issue as paid solution.\n","ACR-085":"Application reduces security posture by showing passwords with less protections than the user authentication that browsers require. \n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"Advanced-System-Repair-Pro-RepairTool.VH.exe","isInstaller":"True","companyName":"Advanced System Repair, Inc.","fileVersion":"2.0","hashMD5":"ac34742253dde2adfcb06f0b2612ac3a","hashSHA1":"fb6179333a5206c2527abfc9c6bd463910058f1b","hashSHA256":"6799f4f00e02089bd536a9fb7a9aacf768635ce334c1b6edc12fe77ec7e16c5c","digitalCertThumbprint":"F677147581BBD9AFEE2E2E5F788B142E6DE00B4A","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Advanced System Repair Inc, O=Advanced System Repair Inc, L=Newport Coast, S=California, C=US","sourceIndex":"240","avBlockList":["Avast Premium Security (20250410)","AVG Internet Security (20250410)","Avira Internet Security (20250410)","Bitdefender Internet Security (20250410)","COMODO Antivirus (20250410)","Dr.Web Security Space (20250410)","ESET Internet Security (20250410)","FortectPremium (20250410)","G DATA INTERNET SECURITY (20250410)","K7 Total Security (20250410)","Malwarebytes Premium (20250410)","McAfee Total Protection (20250410)","Norton Security (20250410)","Panda Dome (20250410)","Quick Heal Internet Security (20250410)","Sophos Home Premium (20250410)","SpyHunter5 (20250410)","Total AV Antivirus Pro (20250410)","VIPRE Advanced Security (20250410)","VirIT eXplorer PRO (20250410)","Webroot SecureAnywhere (20250410)"],"avAllowList":["360 Total Security (20250410)","KasperskyPremium (20250410)","Trend Micro Internet Security (20250410)","Windows Defender (20250410)"]},{"isRevoked":"False","fileName":"Advanced-System-Repair-Pro-RepairTool.S.exe","isInstaller":"True","companyName":"Advanced System Repair, Inc.","fileVersion":"2.0","hashMD5":"d2c94f5989310d0ce83ce0b900ebbfe7","hashSHA1":"15605b3a4f3c1901596dc5b511b22aaa86e65e5a","hashSHA256":"c82fd64f02b11334e09a1090c3d54f83327fecafce29752f79c96a31858235a2","digitalCertThumbprint":"F677147581BBD9AFEE2E2E5F788B142E6DE00B4A","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Advanced System Repair Inc, O=Advanced System Repair Inc, L=Newport Coast, S=California, C=US","sourceIndex":"240","avBlockList":["360 Total Security (20250417)","Avast Premium Security (20250417)","AVG Internet Security (20250417)","Avira Internet Security (20250417)","Bitdefender Internet Security (20250417)","COMODO Antivirus (20250417)","Dr.Web Security Space (20250417)","ESET Internet Security (20250417)","FortectPremium (20250417)","G DATA INTERNET SECURITY (20250417)","K7 Total Security (20250417)","Malwarebytes Premium (20250417)","McAfee Total Protection (20250417)","Norton Security (20250417)","Quick Heal Internet Security (20250417)","Sophos Home Premium (20250417)","SpyHunter5 (20250417)","Total AV Antivirus Pro (20250417)","VIPRE Advanced Security (20250417)","VirIT eXplorer PRO (20250417)","Webroot SecureAnywhere (20250417)"],"avAllowList":["KasperskyPremium (20250417)","Panda Dome (20250417)","Trend Micro Internet Security (20250417)","Windows Defender (20250417)"]},{"isRevoked":"False","fileName":"Advanced-System-Repair-Pro-RepairTool.R.exe","isInstaller":"True","companyName":"Advanced System Repair, Inc.","fileVersion":"2.0","hashMD5":"dc01587fb026cefb7c3af98069dcb1f6","hashSHA1":"9e69b8d0d11918d7c5a7109c4b5bc0c6b55e6358","hashSHA256":"4b2b22616f4ceef7a9256d9dd1496d7991b158537b0ad5a213ad53f78744ddb9","digitalCertThumbprint":"F677147581BBD9AFEE2E2E5F788B142E6DE00B4A","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Advanced System Repair Inc, O=Advanced System Repair Inc, L=Newport Coast, S=California, C=US","sourceIndex":"240","avBlockList":["360 Total Security (20250422)","Avast Premium Security (20250422)","AVG Internet Security (20250422)","Avira Internet Security (20250422)","Bitdefender Internet Security (20250422)","Dr.Web Security Space (20250422)","ESET Internet Security (20250422)","FortectPremium (20250422)","G DATA INTERNET SECURITY (20250422)","K7 Total Security (20250422)","Malwarebytes Premium (20250422)","McAfee Total Protection (20250422)","Norton Security (20250422)","Panda Dome (20250422)","Quick Heal Internet Security (20250422)","Sophos Home Premium (20250422)","SpyHunter5 (20250422)","Total AV Antivirus Pro (20250422)","VIPRE Advanced Security (20250422)","VirIT eXplorer PRO (20250422)","Webroot SecureAnywhere (20250422)"],"avAllowList":["COMODO Antivirus (20250422)","KasperskyPremium (20250422)","Trend Micro Internet Security (20250422)","Windows Defender (20250422)"]},{"isRevoked":"False","fileName":"Advanced-System-Repair-Pro-RepairTool.L.exe","isInstaller":"True","companyName":"Advanced System Repair, Inc.","fileVersion":"2.0","hashMD5":"0b1780fa5081265a5765d558f607d027","hashSHA1":"1146f35686b12b29947a121fd3e8d3bbbe2c4ac2","hashSHA256":"ca73b2240d13851cb1aa75bdc35a1c95feec7da1e1d34ea4a2871ec58a39dc5e","digitalCertThumbprint":"F677147581BBD9AFEE2E2E5F788B142E6DE00B4A","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Advanced System Repair Inc, O=Advanced System Repair Inc, L=Newport Coast, S=California, C=US","sourceIndex":"240","avBlockList":["360 Total Security (20250424)","Avast Premium Security (20250424)","AVG Internet Security (20250424)","Avira Internet Security (20250424)","Bitdefender Internet Security (20250424)","COMODO Antivirus (20250424)","Dr.Web Security Space (20250424)","ESET Internet Security (20250424)","FortectPremium (20250424)","G DATA INTERNET SECURITY (20250424)","K7 Total Security (20250424)","Malwarebytes Premium (20250424)","McAfee Total Protection (20250424)","Norton Security (20250424)","Panda Dome (20250424)","Quick Heal Internet Security (20250424)","Sophos Home Premium (20250424)","SpyHunter5 (20250424)","Total AV Antivirus Pro (20250424)","VIPRE Advanced Security (20250424)","VirIT eXplorer PRO (20250424)","Webroot SecureAnywhere (20250424)"],"avAllowList":["KasperskyPremium (20250424)","Trend Micro Internet Security (20250424)","Windows Defender (20250424)"]},{"isRevoked":"False","fileName":"Advanced-System-Repair-Pro-RepairTool.IM.exe","isInstaller":"True","companyName":"Advanced System Repair, Inc.","fileVersion":"2.0","hashMD5":"09386009837a29a52e0f6ecf936b592a","hashSHA1":"823d32be8a055f8c1b88dca56cc873fe2bbcd083","hashSHA256":"66290cd7ac303310e94d83a6a6a510088a48eb50b264f85644bb093ce6a8b6fb","digitalCertThumbprint":"F677147581BBD9AFEE2E2E5F788B142E6DE00B4A","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Advanced System Repair Inc, O=Advanced System Repair Inc, L=Newport Coast, S=California, C=US","sourceIndex":"240","avBlockList":["Avast Premium Security (20250429)","AVG Internet Security (20250429)","Avira Internet Security (20250429)","Bitdefender Internet Security (20250429)","COMODO Antivirus (20250429)","Dr.Web Security Space (20250429)","ESET Internet Security (20250429)","FortectPremium (20250429)","G DATA INTERNET SECURITY (20250429)","K7 Total Security (20250429)","Malwarebytes Premium (20250429)","McAfee Total Protection (20250429)","Norton Security (20250429)","Panda Dome (20250429)","Quick Heal Internet Security (20250429)","Sophos Home Premium (20250429)","SpyHunter5 (20250429)","Total AV Antivirus Pro (20250429)","VIPRE Advanced Security (20250429)","VirIT eXplorer PRO (20250429)","Webroot SecureAnywhere (20250429)"],"avAllowList":["360 Total Security (20250429)","KasperskyPremium (20250429)","Trend Micro Internet Security (20250429)","Windows Defender (20250429)"]},{"isRevoked":"False","fileName":"Advanced-System-Repair-Pro-RepairTool.E9.exe","isInstaller":"True","companyName":"Advanced System Repair, Inc.","fileVersion":"2.0","hashMD5":"1bf71859a90cf7b91b349f29584491be","hashSHA1":"bffc6ed5f101fa6867c43a68c5140deaacd3ce57","hashSHA256":"8b84bac5eb6794bf07c11db94bc5fc0ec6fc1b478109c403a0a647f6cbfcebbf","digitalCertThumbprint":"F677147581BBD9AFEE2E2E5F788B142E6DE00B4A","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Advanced System Repair Inc, O=Advanced System Repair Inc, L=Newport Coast, S=California, C=US","sourceIndex":"240","avBlockList":["360 Total Security (20250501)","Avast Premium Security (20250501)","AVG Internet Security (20250501)","Avira Internet Security (20250501)","Bitdefender Internet Security (20250501)","COMODO Antivirus (20250501)","Dr.Web Security Space (20250501)","ESET Internet Security (20250501)","G DATA INTERNET SECURITY (20250501)","K7 Total Security (20250501)","Malwarebytes Premium (20250501)","McAfee Total Protection (20250501)","Norton Security (20250501)","Panda Dome (20250501)","Quick Heal Internet Security (20250501)","Sophos Home Premium (20250501)","SpyHunter5 (20250501)","Total AV Antivirus Pro (20250501)","VIPRE Advanced Security (20250501)","VirIT eXplorer PRO (20250501)","Webroot SecureAnywhere (20250501)","FortectPremium (20250501)"],"avAllowList":["KasperskyPremium (20250501)","Trend Micro Internet Security (20250501)","Windows Defender (20250501)"]},{"isRevoked":"False","fileName":"Advanced-System-Repair-Pro-RepairTool.E8.exe","isInstaller":"True","companyName":"Advanced System Repair, Inc.","fileVersion":"2.0","hashMD5":"7bfaf01292d28b4d38fbe36705616f49","hashSHA1":"e161a14e86e3e34c8152260a2639c7a805ae95b7","hashSHA256":"ed28d8948c3fa0ae97f712d34bd25a69c0b0b7e0ac5ec0a49b7c3e9534a44d4d","digitalCertThumbprint":"F677147581BBD9AFEE2E2E5F788B142E6DE00B4A","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Advanced System Repair Inc, O=Advanced System Repair Inc, L=Newport Coast, S=California, C=US","sourceIndex":"240","avBlockList":["360 Total Security (20250506)","Avast Premium Security (20250506)","AVG Internet Security (20250506)","Avira Internet Security (20250506)","Bitdefender Internet Security (20250506)","COMODO Antivirus (20250506)","Dr.Web Security Space (20250506)","ESET Internet Security (20250506)","FortectPremium (20250506)","G DATA INTERNET SECURITY (20250506)","K7 Total Security (20250506)","Malwarebytes Premium (20250506)","McAfee Total Protection (20250506)","Norton Security (20250506)","Panda Dome (20250506)","Quick Heal Internet Security (20250506)","Sophos Home Premium (20250506)","SpyHunter5 (20250506)","VIPRE Advanced Security (20250506)","VirIT eXplorer PRO (20250506)","Webroot SecureAnywhere (20250506)"],"avAllowList":["KasperskyPremium (20250506)","Total AV Antivirus Pro (20250506)","Trend Micro Internet Security (20250506)","Windows Defender (20250506)"]},{"isRevoked":"False","fileName":"Advanced-System-Repair-Pro-RepairTool.E4.exe","isInstaller":"True","companyName":"Advanced System Repair, Inc.","fileVersion":"2.0","hashMD5":"f4d0eea8ec0a2171ad416314d39bc8c2","hashSHA1":"3df7d6998ad6a57813f7d990e9645d2d281f63ae","hashSHA256":"98ad94de05423fe96750b518111c957a069e8c336ed9557c92d9771ff926e167","digitalCertThumbprint":"F677147581BBD9AFEE2E2E5F788B142E6DE00B4A","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Advanced System Repair Inc, O=Advanced System Repair Inc, L=Newport Coast, S=California, C=US","sourceIndex":"240","avBlockList":["360 Total Security (20250508)","Avast Premium Security (20250508)","AVG Internet Security (20250508)","Avira Internet Security (20250508)","Bitdefender Internet Security (20250508)","COMODO Antivirus (20250508)","Dr.Web Security Space (20250508)","ESET Internet Security (20250508)","FortectPremium (20250508)","G DATA INTERNET SECURITY (20250508)","K7 Total Security (20250508)","Malwarebytes Premium (20250508)","McAfee Total Protection (20250508)","Norton Security (20250508)","Panda Dome (20250508)","Quick Heal Internet Security (20250508)","Sophos Home Premium (20250508)","SpyHunter5 (20250508)","VIPRE Advanced Security (20250508)","VirIT eXplorer PRO (20250508)","Webroot SecureAnywhere (20250508)"],"avAllowList":["KasperskyPremium (20250508)","Total AV Antivirus Pro (20250508)","Trend Micro Internet Security (20250508)","Windows Defender (20250508)"]},{"isRevoked":"False","fileName":"Advanced-System-Repair-Pro-RepairTool.B.exe","isInstaller":"True","companyName":"Advanced System Repair, Inc.","fileVersion":"2.0","hashMD5":"10f91baa7d9d81dfc14276f06b962130","hashSHA1":"0169d6fa1ef475396fb5051b0c98c6b88abf0f8a","hashSHA256":"ebc55498895f5b0e55120494b60469ad0e9b060897c76289b50b9087af6be90f","digitalCertThumbprint":"F677147581BBD9AFEE2E2E5F788B142E6DE00B4A","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Advanced System Repair Inc, O=Advanced System Repair Inc, L=Newport Coast, S=California, C=US","sourceIndex":"240","avBlockList":["360 Total Security (20250327)","Avast Premium Security (20250327)","AVG Internet Security (20250327)","Bitdefender Internet Security (20250327)","COMODO Antivirus (20250327)","Dr.Web Security Space (20250327)","ESET Internet Security (20250327)","FortectPremium (20250327)","G DATA INTERNET SECURITY (20250327)","K7 Total Security (20250327)","Malwarebytes Premium (20250327)","McAfee Total Protection (20250327)","Norton Security (20250327)","Panda Dome (20250327)","Quick Heal Internet Security (20250327)","Sophos Home Premium (20250327)","SpyHunter5 (20250327)","VIPRE Advanced Security (20250327)","VirIT eXplorer PRO (20250327)","Webroot SecureAnywhere (20250327)"],"avAllowList":["Avira Internet Security (20250327)","KasperskyPremium (20250327)","Total AV Antivirus Pro (20250327)","Trend Micro Internet Security (20250327)","Windows Defender (20250327)"]},{"isRevoked":"False","fileName":"Advanced-System-Repair-Pro-RepairTool.A.exe","isInstaller":"True","companyName":"Advanced System Repair, Inc.","fileVersion":"2.0","hashMD5":"b03864c50bd2e2c426f0f694cd2e9090","hashSHA1":"6cb6657d1ce0caa00421d7228e4b77c592c1cacd","hashSHA256":"97d0426432f4247fedc7c2b7d65bc200980165218b2a4c7611496c9224c07d28","digitalCertThumbprint":"F677147581BBD9AFEE2E2E5F788B142E6DE00B4A","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Advanced System Repair Inc, O=Advanced System Repair Inc, L=Newport Coast, S=California, C=US","sourceIndex":"240","avBlockList":["360 Total Security (20250401)","Avast Premium Security (20250401)","AVG Internet Security (20250401)","Avira Internet Security (20250401)","Bitdefender Internet Security (20250401)","COMODO Antivirus (20250401)","Dr.Web Security Space (20250401)","ESET Internet Security (20250401)","FortectPremium (20250401)","G DATA INTERNET SECURITY (20250401)","K7 Total Security (20250401)","Malwarebytes Premium (20250401)","McAfee Total Protection (20250401)","Norton Security (20250401)","Panda Dome (20250401)","Quick Heal Internet Security (20250401)","Sophos Home Premium (20250401)","SpyHunter5 (20250401)","Total AV Antivirus Pro (20250401)","VIPRE Advanced Security (20250401)","VirIT eXplorer PRO (20250401)","Webroot SecureAnywhere (20250401)"],"avAllowList":["KasperskyPremium (20250401)","Trend Micro Internet Security (20250401)","Windows Defender (20250401)"]},{"isRevoked":"False","fileName":"Advanced-System-Repair-Pro-RepairTool.9.exe","isInstaller":"True","companyName":"Advanced System Repair, Inc.","fileVersion":"2.0","hashMD5":"5e33c355adeb42619a62d16c1cc1b5d1","hashSHA1":"c51b727d82c88b4babb45769a7e16739dbee9ae1","hashSHA256":"8da13e09345cd78ae1194be0bfc781d631b69fd43a0807c92b2db3f1d89b7ef9","digitalCertThumbprint":"F677147581BBD9AFEE2E2E5F788B142E6DE00B4A","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Advanced System Repair Inc, O=Advanced System Repair Inc, L=Newport Coast, S=California, C=US","sourceIndex":"240","avBlockList":["Avast Premium Security (20250403)","AVG Internet Security (20250403)","Avira Internet Security (20250403)","Bitdefender Internet Security (20250403)","COMODO Antivirus (20250403)","Dr.Web Security Space (20250403)","ESET Internet Security (20250403)","FortectPremium (20250403)","G DATA INTERNET SECURITY (20250403)","K7 Total Security (20250403)","Malwarebytes Premium (20250403)","McAfee Total Protection (20250403)","Norton Security (20250403)","Panda Dome (20250403)","Quick Heal Internet Security (20250403)","Sophos Home Premium (20250403)","SpyHunter5 (20250403)","Total AV Antivirus Pro (20250403)","VIPRE Advanced Security (20250403)","VirIT eXplorer PRO (20250403)","Webroot SecureAnywhere (20250403)"],"avAllowList":["360 Total Security (20250403)","KasperskyPremium (20250403)","Trend Micro Internet Security (20250403)","Windows Defender (20250403)"]}],"additionalFiles":[],"sources":[{"howFound":"Apps under monitoring","reference":"AdvancedSystemRepair","landingPage":"https://www.advancedsystemrepair.com/","directDownloadingLink":"https://advancedsystemrepair.com/download.php","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://advancedsystemrepair.com/download.php","sourceIndex":"240"}],"sampleFiles":["250210/AdvancedSystemRepair-250210/2.0.0.8/Samples/Advanced-System-Repair-Pro-RepairTool.VH.exe","250210/AdvancedSystemRepair-250210/2.0.0.8/Samples/Advanced-System-Repair-Pro-RepairTool.S.exe","250210/AdvancedSystemRepair-250210/2.0.0.8/Samples/Advanced-System-Repair-Pro-RepairTool.R.exe","250210/AdvancedSystemRepair-250210/2.0.0.8/Samples/Advanced-System-Repair-Pro-RepairTool.L.exe","250210/AdvancedSystemRepair-250210/2.0.0.8/Samples/Advanced-System-Repair-Pro-RepairTool.IM.exe","250210/AdvancedSystemRepair-250210/2.0.0.8/Samples/Advanced-System-Repair-Pro-RepairTool.E9.exe","250210/AdvancedSystemRepair-250210/2.0.0.8/Samples/Advanced-System-Repair-Pro-RepairTool.E8.exe","250210/AdvancedSystemRepair-250210/2.0.0.8/Samples/Advanced-System-Repair-Pro-RepairTool.E4.exe","250210/AdvancedSystemRepair-250210/2.0.0.8/Samples/Advanced-System-Repair-Pro-RepairTool.B.exe","250210/AdvancedSystemRepair-250210/2.0.0.8/Samples/Advanced-System-Repair-Pro-RepairTool.A.exe","250210/AdvancedSystemRepair-250210/2.0.0.8/Samples/Advanced-System-Repair-Pro-RepairTool.9.exe"],"imageFiles":["250210/AdvancedSystemRepair-250210/2.0.0.8/Images/ACR-008/ACR-008_Software_1.png","250210/AdvancedSystemRepair-250210/2.0.0.8/Images/ACR-085/ACR-085_Software_1.png"],"nonDeceptorImageFiles":[],"guid":"d60981d6-8296-4cff-bfe9-72b2c53ee51e_2.0.0.8_1","appID":"AdvancedSystemRepair-250210","dateAdded":"250210","deceptorType":"App","name":"AdvancedSystemRepair","company":"Advanced System Repair, Inc","version":"2.0.0.8","lastKnownStatus":"2.0.0.8","lastKnownDate":"250210","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 8,Windows 10,Windows 11","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2025-02-10T23:51:31.9305067+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":382},{"violations":{"ACR-042":"Before obtaining the user's consent, the application drops all its components in the \"C:\\Users\\User\\AppData\\Local\\PacketStream\" path.\n","ACR-043":"The app drops all its components right after executing it, without asking any permission from the user.\n","ACR-107":"The app installs FFmpeg package and doesn't include the open source license or the source code or link to the source code.\n\n","ACR-048":"The app didn't provide any control to enable/disable the startup in software it created & to share network connections for money earning features inside the software. \n","ACR-007":"The app does not obtain user consent to reduce the consumer's security posture caused by sharing an ip/network connection.\n","ACR-084":"The app didn't provide any information to the user regarding the startup it created.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components on the device without the consumer's consent or notifying user.\n"},"nonDeceptorViolations":{"ACR-045":"The app does not provide any control to enable/disable the sharing network connection for money earning feature.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Users\\User\\AppData\\Local\\PacketStream\\PacketStream_main.exe","companyName":"PacketStream Team","productName":"PacketStream","productVersion":"20.202.1548.0","fileVersion":"20.202.1548","hashMD5":"91181f46fba803b03bd3cfd1e99c2ad8","hashSHA1":"f85b8cc6d22adbc0dcd34a288745d2c37361ff96","hashSHA256":"e3905f08c82fce00b1f3a0bc257e06f6e81729942e9329d8aa95b088d3f6d698","digitalCertThumbprint":"EB7E798B2930433E1DE51F5D0EE8BD61000C7543","digitalCertIssuer":"DigiCert SHA2 Assured ID Code Signing CA","digitalCertIssuedTo":"PacketStream Inc","storeId":"","sourceIndex":"1737","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"PacketStream.exe","isInstaller":"True","companyName":"PacketStream Team","productName":"PacketStream","productVersion":"20.202.1548.0","fileVersion":"20.202.1548","hashMD5":"84a4c9b2f8ef322d8300ec1d93596332","hashSHA1":"f3bdeb973c60f15cb54a4100fbeef8656652ff97","hashSHA256":"c36e76b321505a4ef1660d558a08ac572ce7cfd35f256801e1d4cfc765a75998","digitalCertThumbprint":"EB7E798B2930433E1DE51F5D0EE8BD61000C7543","digitalCertIssuer":"DigiCert SHA2 Assured ID Code Signing CA","digitalCertIssuedTo":"PacketStream Inc","storeId":"","sourceIndex":"1737","avBlockList":["Avast Premium Security (20250130)","AVG Internet Security (20250130)","Avira Internet Security (20250130)","Bitdefender Internet Security (20250130)","ESET Internet Security (20250130)","G DATA INTERNET SECURITY (20250130)","Kaspersky Internet Security (20220125)","McAfee Total Protection (20250130)","Norton Security (20250130)","Panda Dome (20250130)","Sophos Home Premium (20250130)","Total AV Antivirus Pro (20250130)","Trend Micro Internet Security (20250130)","VIPRE Advanced Security (20250130)","VirIT eXplorer PRO (20250130)","Webroot SecureAnywhere (20250130)","Windows Defender (20250130)","FortectPremium (20250130)","KasperskyPremium (20250130)"],"avAllowList":["360 Total Security (20250130)","COMODO Antivirus (20250130)","Dr.Web Security Space (20250130)","K7 Total Security (20250130)","Malwarebytes Premium (20250130)","Quick Heal Internet Security (20250130)","SpyHunter5 (20250130)","Tencent PC Manager (20220125)"]}],"additionalFiles":[],"sources":[{"howFound":"Passive Money","reference":"","landingPage":"https://packetstream.io/","directDownloadingLink":"https://packetstream.io/dashboard/download","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://packetstream.io/dashboard/download","sourceIndex":"1737"}],"sampleFiles":["220111/PacketStream-220107/20.202.1548/Samples/PacketStream.exe"],"imageFiles":["220111/PacketStream-220107/20.202.1548/Images/ACR-043/ACR-043_Install_Drops_All_Files.mp4","220111/PacketStream-220107/20.202.1548/Images/ACR-107/ACR-107_Install_Drops_Third_Party.JPG","220111/PacketStream-220107/20.202.1548/Images/ACR-042/ACR-042_Install_Files_Dropped.mp4","220111/PacketStream-220107/20.202.1548/Images/ACR-084/ACR-084_Software_No_Info.JPG","220111/PacketStream-220107/20.202.1548/Images/ACR-048/ACR-048_Software_No_Control.JPG","220111/PacketStream-220107/20.202.1548/Images/ACR-048/ACR-048_Software_1.jpg","220111/PacketStream-220107/20.202.1548/Images/ACR-118/ACR-118_Uninstall_Retains_Components.JPG"],"nonDeceptorImageFiles":["220111/PacketStream-220107/20.202.1548/Images/ACR-045/ACR-045_Install_1.jpg"],"guid":"6843f15c-defa-4898-a299-d21f741e8a15_20.202.1548_1","appID":"PacketStream-220107","dateAdded":"250129","deceptorType":"App","name":"Packet Stream","company":"PacketStream Inc","version":"20.202.1548","sigName":"Deceptor:Win32/PacketStream!043107042084048118007","lastKnownStatus":"20.202.1548;2.4.1","lastKnownDate":"250129","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2025-01-29T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":385},{"violations":{"ACR-048":"App provides no controls to cancel borrowing activity.\n","ACR-007":"Provides no information to the user about the reduced security caused by sharing bandwidth.\n","ACR-084":"When opening the app, it only appears in the system tray and does not provide notification to the user that it is running in the background.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"PacketStreamInstaller.exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"99f8641ecc2bb86dbd1db8fc8cd1df9d","hashSHA1":"9e3ef1b2aa200938d92669be5db7ec2d9c60e574","hashSHA256":"c450d3b57f7c19fc4f2cb331a27643ac2cc996c0e4f7fb7a4911b0cbba201d6d","digitalCertThumbprint":"21860A3E5901638C292010DB5034F56298A8934B","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=PacketStream Inc, O=PacketStream Inc, L=Los Angeles, S=California, C=US","sourceIndex":"243","avBlockList":["360 Total Security (20250424)","Bitdefender Internet Security (20250424)","ESET Internet Security (20250424)","FortectPremium (20250424)","G DATA INTERNET SECURITY (20250424)","K7 Total Security (20250424)","KasperskyPremium (20250424)","Malwarebytes Premium (20250424)","McAfee Total Protection (20250424)","Panda Dome (20250424)","Quick Heal Internet Security (20250424)","Sophos Home Premium (20250424)","SpyHunter5 (20250424)","VIPRE Advanced Security (20250424)","VirIT eXplorer PRO (20250424)","Webroot SecureAnywhere (20250424)","Windows Defender (20250424)"],"avAllowList":["Avast Premium Security (20250424)","AVG Internet Security (20250424)","Avira Internet Security (20250424)","COMODO Antivirus (20250424)","Dr.Web Security Space (20250424)","Total AV Antivirus Pro (20250424)","Trend Micro Internet Security (20250424)","Norton Security (20250424)"]},{"isRevoked":"False","fileName":"psclient.exe","fileVersion":"0.0","hashMD5":"ef21a41b1bd1d780fab8284dfc44a9e2","hashSHA1":"13676c39e098b9ba6bbd123d40c8dc04b8fbbb1c","hashSHA256":"a8954e596f4cc0148961bb885c3716ffe44d7d17f5703ebf7ff1dded62e7d850","digitalCertThumbprint":"21860A3E5901638C292010DB5034F56298A8934B","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=PacketStream Inc, O=PacketStream Inc, L=Los Angeles, S=California, C=US","sourceIndex":"243","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"pslauncher.exe","fileVersion":"0.0","hashMD5":"6f829d71d811867f760bca1743c8be4c","hashSHA1":"901b98ceddb04ad313182ce7104a3df14fcec702","hashSHA256":"16d31212c38f9e0791f93b95bbe49e72aa831211e0b011118060fc5feb8d6b1f","digitalCertThumbprint":"21860A3E5901638C292010DB5034F56298A8934B","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=PacketStream Inc, O=PacketStream Inc, L=Los Angeles, S=California, C=US","sourceIndex":"243","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Residential Proxy","reference":"","landingPage":"https://packetstream.io/","directDownloadingLink":"https://packetstream.io/dashboard/download","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://packetstream.io/dashboard/download","sourceIndex":"243"}],"sampleFiles":["250129/PacketStream-220107/2.4.1/Samples/PacketStreamInstaller.exe","250129/PacketStream-220107/2.4.1/Samples/psclient.exe","250129/PacketStream-220107/2.4.1/Samples/pslauncher.exe"],"imageFiles":["250129/PacketStream-220107/2.4.1/Images/ACR-007/downloadpage.png","250129/PacketStream-220107/2.4.1/Images/ACR-007/InstallFlow1.png","250129/PacketStream-220107/2.4.1/Images/ACR-007/InstallFlow2.png","250129/PacketStream-220107/2.4.1/Images/ACR-084/nonotification.gif","250129/PacketStream-220107/2.4.1/Images/ACR-048/running.png"],"nonDeceptorImageFiles":[],"guid":"6843f15c-defa-4898-a299-d21f741e8a15_2.4.1_1","appID":"PacketStream-220107","dateAdded":"250129","deceptorType":"App","name":"Packet Stream","company":"PacketStream Inc","version":"2.4.1","lastKnownStatus":"20.202.1548;2.4.1","lastKnownDate":"250129","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 10,Windows 11","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"net proxy","lastUpdate":"2025-01-29T21:58:12.0187898+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":384},{"violations":{"ACR-048":"Resource borrowing activity can't be paused or stopped by consumer immediately\n","ACR-007":"App does not obtain explicit user consent to reduce the system default security posture caused by sharing an IP/network resource.\n","ACR-084":"Application doesn't indicate clearly borrowing is active.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"PacketStream.dmg","isInstaller":"True","fileVersion":"0.","hashMD5":"246d6743ef6311cc308f8d4b93870d71","hashSHA1":"4e69190e48b31f0bfea9d51582755364dc7b52b5","hashSHA256":"95ce9b1ebd58c0e3bc1a7724a927511583355366780c009f56fc893d6990fb2b","storeId":"PacketStream Inc (F5W4Q74XX9)","sourceIndex":"242","avBlockList":["Avira Security for Mac (20250408)","ESET Cyber Security Pro for Mac (20250408)","K7 Antivirus for Mac (20250408)","Sophos Home Premium For Mac (20250408)","SpyHunterforMac (20250408)","Trend Micro Antivirus for Mac (20250408)"],"avAllowList":["Avast Security for Mac (20250408)","Bitdefender Antivirus for Mac (20250408)","G DATA AntiVirus for Mac (20250408)","Kaspersky Internet Security for Mac (20250408)","McAfee Internet Security for Mac (20250408)","Norton Security for Mac (20250408)"]},{"isRevoked":"False","fileName":"psclient","fileVersion":"0.","hashMD5":"416d5a6acab3a49caca1d6118bc226b7","hashSHA1":"279d72668325f9b2760386eea9f6781ee9584c96","hashSHA256":"7d3b3553e598fc4b4f392644b2209baecc665e095860caca0071bf243b16cf22","sourceIndex":"242","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"pslauncher","fileVersion":"0.","hashMD5":"e3c4b08222d2cafc37c055dd1a615470","hashSHA1":"e4c477664926b4bc3fb7b8b68c76538906511d30","hashSHA256":"db16c9b45b81ceec9ed66469dc5c9ab90eb65bf58dc93d82f0ddaa0684a95f22","sourceIndex":"242","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"","landingPage":"https://app.packetstream.io","directDownloadingLink":"https://app.packetstream.io/dashboard/download","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://app.packetstream.io/dashboard/download","sourceIndex":"242"}],"sampleFiles":["250129/PacketStream-250129/2.4.1/Samples/PacketStream.dmg"],"imageFiles":["250129/PacketStream-250129/2.4.1/Images/ACR-007/Screenshot 2025-01-29 at 2.10.29 PM.png","250129/PacketStream-250129/2.4.1/Images/ACR-084/Screenshot 2025-01-29 at 2.29.50 PM.png","250129/PacketStream-250129/2.4.1/Images/ACR-048/Screenshot 2025-01-29 at 2.29.50 PM.png"],"nonDeceptorImageFiles":[],"guid":"875ba413-709b-4cf4-8c3b-e54b5e0213a8_2.4.1_1","appID":"PacketStream-250129","dateAdded":"250129","deceptorType":"MacOS App","name":"PacketStreamMacOS","company":"PacketStream Inc","version":"2.4.1","lastKnownStatus":"2.4.1","lastKnownDate":"250129","type":"MacOS App","category":"Books & Reference, SysTools & Utilities","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"net proxy","lastUpdate":"2025-01-29T23:21:38.3379664+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":383},{"violations":{"ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software.\n","ACR-014":"The \"Accept\" button on the Opera Browser offer is used for two things: accepting an offer and accepting opera as the default browser. The \"Accept\" button is misleading and confusing because the user is easily led to believe that \"accept\" is only for installing Opera and not for changing his system browser default settings.\n","ACR-039":"No clear indications of the relationship for the monetization components from RisePlatformsInstaller and Carrier app is disclosed to user before offers being prompts\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"quick-cpu-4.11.0.0-installer_85S-421.exe","isInstaller":"True","companyName":"Softonic","fileVersion":"3.1","hashMD5":"297d22d02efe002a2e946f381534e0d1","hashSHA1":"425d33c111922161b4e02bcec22e8f6396a4b4c8","hashSHA256":"557ca9e31e5ebb59346c2c495820b194b7a8b4b51a4fbb8f43b249aa82b69169","digitalCertThumbprint":"84E984BA9D1062D8A34226D22D4641494B50C024","digitalCertIssuer":"CN=Sectigo Public Code Signing CA R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=Sigma Gold (Rise Code LTD), O=Sigma Gold (Rise Code LTD), S=Tel Aviv, C=IL","sourceIndex":"244","avBlockList":["360 Total Security (20250410)","Avast Premium Security (20250410)","AVG Internet Security (20250410)","Avira Internet Security (20250410)","Bitdefender Internet Security (20250410)","COMODO Antivirus (20250410)","Dr.Web Security Space (20250410)","ESET Internet Security (20250410)","FortectPremium (20250410)","G DATA INTERNET SECURITY (20250410)","K7 Total Security (20250410)","KasperskyPremium (20250410)","Malwarebytes Premium (20250410)","McAfee Total Protection (20250410)","Norton Security (20250410)","Panda Dome (20250410)","Quick Heal Internet Security (20250410)","Sophos Home Premium (20250410)","SpyHunter5 (20250410)","Total AV Antivirus Pro (20250410)","Trend Micro Internet Security (20250410)","VIPRE Advanced Security (20250410)","VirIT eXplorer PRO (20250410)","Webroot SecureAnywhere (20250410)","Windows Defender (20250410)"],"avAllowList":[]},{"isRevoked":"False","fileName":"yt-free-downloader-1-installer_K-G9XB1.exe","isInstaller":"True","companyName":"Softonic","fileVersion":"3.1","hashMD5":"7fbd13a0c98811a83686a2d8927b88e7","hashSHA1":"01e10566e643f42fe69ce0684610250caf968979","hashSHA256":"237abb1845c4f25e93e5bde393ddb0a248c065ead4664981d919b24f3cb29312","digitalCertThumbprint":"84E984BA9D1062D8A34226D22D4641494B50C024","digitalCertIssuer":"CN=Sectigo Public Code Signing CA R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=Sigma Gold (Rise Code LTD), O=Sigma Gold (Rise Code LTD), S=Tel Aviv, C=IL","sourceIndex":"244","avBlockList":["360 Total Security (20250417)","Avast Premium Security (20250417)","Bitdefender Internet Security (20250417)","Dr.Web Security Space (20250417)","ESET Internet Security (20250417)","FortectPremium (20250417)","G DATA INTERNET SECURITY (20250417)","K7 Total Security (20250417)","KasperskyPremium (20250417)","Malwarebytes Premium (20250417)","McAfee Total Protection (20250417)","Norton Security (20250417)","Panda Dome (20250417)","Quick Heal Internet Security (20250417)","Sophos Home Premium (20250417)","SpyHunter5 (20250417)","Trend Micro Internet Security (20250417)","VIPRE Advanced Security (20250417)","VirIT eXplorer PRO (20250417)","Webroot SecureAnywhere (20250417)","Windows Defender (20250417)"],"avAllowList":["AVG Internet Security (20250417)","Avira Internet Security (20250417)","COMODO Antivirus (20250417)","Total AV Antivirus Pro (20250417)"]},{"isRevoked":"False","fileName":"fakeflashtest-1.1.5-installer_N-7GVi1.exe","isInstaller":"True","companyName":"Softonic","fileVersion":"3.1","hashMD5":"e91685a8e026a0b4ee304b39053b7e70","hashSHA1":"2035f5e9fe16f5a7f4d9b14a75308a5fadff3ffb","hashSHA256":"938919f5f5d828c2deedccda468d925fe784e9bcbfb79e23a024395216c155a6","digitalCertThumbprint":"84E984BA9D1062D8A34226D22D4641494B50C024","digitalCertIssuer":"CN=Sectigo Public Code Signing CA R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=Sigma Gold (Rise Code LTD), O=Sigma Gold (Rise Code LTD), S=Tel Aviv, C=IL","sourceIndex":"244","avBlockList":["360 Total Security (20250422)","Avast Premium Security (20250422)","AVG Internet Security (20250422)","Avira Internet Security (20250422)","Bitdefender Internet Security (20250422)","COMODO Antivirus (20250422)","Dr.Web Security Space (20250422)","ESET Internet Security (20250422)","FortectPremium (20250422)","G DATA INTERNET SECURITY (20250422)","K7 Total Security (20250422)","KasperskyPremium (20250422)","Malwarebytes Premium (20250422)","McAfee Total Protection (20250422)","Norton Security (20250422)","Panda Dome (20250422)","Quick Heal Internet Security (20250422)","Sophos Home Premium (20250422)","SpyHunter5 (20250422)","Total AV Antivirus Pro (20250422)","Trend Micro Internet Security (20250422)","VIPRE Advanced Security (20250422)","VirIT eXplorer PRO (20250422)","Webroot SecureAnywhere (20250422)","Windows Defender (20250422)"],"avAllowList":[]},{"isRevoked":"False","fileName":"hashcalc-2.02-installer_Uz-O4R1.exe","isInstaller":"True","companyName":"Softonic","fileVersion":"3.0","hashMD5":"8d933fd7c0b4c4c86a4960ed6c08295b","hashSHA1":"91df1771bfc9da34055205af45322d08c408a50e","hashSHA256":"d24441763859e2b293ef623eb52c815d9bb69fbd3eabd0db13da83b4f98dc856","digitalCertThumbprint":"84E984BA9D1062D8A34226D22D4641494B50C024","digitalCertIssuer":"CN=Sectigo Public Code Signing CA R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=Sigma Gold (Rise Code LTD), O=Sigma Gold (Rise Code LTD), S=Tel Aviv, C=IL","sourceIndex":"244","avBlockList":["360 Total Security (20250424)","Avast Premium Security (20250424)","AVG Internet Security (20250424)","Avira Internet Security (20250424)","COMODO Antivirus (20250424)","Dr.Web Security Space (20250424)","ESET Internet Security (20250424)","FortectPremium (20250424)","G DATA INTERNET SECURITY (20250424)","K7 Total Security (20250424)","KasperskyPremium (20250424)","Malwarebytes Premium (20250424)","McAfee Total Protection (20250424)","Norton Security (20250424)","Panda Dome (20250424)","Quick Heal Internet Security (20250424)","Sophos Home Premium (20250424)","SpyHunter5 (20250424)","Total AV Antivirus Pro (20250424)","Trend Micro Internet Security (20250424)","VIPRE Advanced Security (20250424)","VirIT eXplorer PRO (20250424)","Webroot SecureAnywhere (20250424)","Windows Defender (20250424)"],"avAllowList":["Bitdefender Internet Security (20250424)"]},{"isRevoked":"False","fileName":"hp-laserjet-1020-drivers-20120918-installer_SY-orM2.exe","isInstaller":"True","companyName":"Softonic","fileVersion":"3.0","hashMD5":"e17be1dfa33461ca03f2b5b7be96619c","hashSHA1":"983088a5008fe210f6fd6d461da9b86f1e955804","hashSHA256":"9f80c0a98833606f3c443a73a4fe954ed7a27789ecabe89b0c87251d799d32c9","digitalCertThumbprint":"84E984BA9D1062D8A34226D22D4641494B50C024","digitalCertIssuer":"CN=Sectigo Public Code Signing CA R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=Sigma Gold (Rise Code LTD), O=Sigma Gold (Rise Code LTD), S=Tel Aviv, C=IL","sourceIndex":"244","avBlockList":["360 Total Security (20250403)","Avast Premium Security (20250403)","AVG Internet Security (20250403)","Avira Internet Security (20250403)","Bitdefender Internet Security (20250403)","COMODO Antivirus (20250403)","Dr.Web Security Space (20250403)","ESET Internet Security (20250403)","FortectPremium (20250403)","G DATA INTERNET SECURITY (20250403)","K7 Total Security (20250403)","KasperskyPremium (20250403)","Malwarebytes Premium (20250403)","McAfee Total Protection (20250403)","Norton Security (20250403)","Panda Dome (20250403)","Quick Heal Internet Security (20250403)","Sophos Home Premium (20250403)","SpyHunter5 (20250403)","Total AV Antivirus Pro (20250403)","Trend Micro Internet Security (20250403)","VIPRE Advanced Security (20250403)","VirIT eXplorer PRO (20250403)","Webroot SecureAnywhere (20250403)","Windows Defender (20250403)"],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Security Partner report","reference":"","landingPage":"https://www.softonic.pl/","directDownloadingLink":"https://www.softonic.pl/download-launch?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJkb3dubG9hZFR5cGUiOiJyaXNlSW5zdGFsbGVyIiwiZG93bmxvYWRVcmwiOiJodHRwczovL2QydnVnNWh4aXZxZHk2LmNsb3VkZnJvbnQubmV0L2h1L3hyNHg0d2EzbTYvYWh5LzExLjA3NTUiLCJhcHBJZCI6IjE3ZjczYzljLTk2ZDUtMTFlNi1iMjE3LTAwMTYzZWM5ZjVmYSIsInBsYXRmb3JtSWQiOiJ3aW5kb3dzIiwiaWF0IjoxNzM3NzIxNzk3LCJleHAiOjE3Mzc3MjUzOTd9.3kc02SzYvApV30Mkr7PtnRWV1dsDtrJmhfuFt3FGExw","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.softonic.pl/download-launch?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJkb3dubG9hZFR5cGUiOiJyaXNlSW5zdGFsbGVyIiwiZG93bmxvYWRVcmwiOiJodHRwczovL2QydnVnNWh4aXZxZHk2LmNsb3VkZnJvbnQubmV0L2h1L3hyNHg0d2EzbTYvYWh5LzExLjA3NTUiLCJhcHBJZCI6IjE3ZjczYzljLTk2ZDUtMTFlNi1iMjE3LTAwMTYzZWM5ZjVmYSIsInBsYXRmb3JtSWQiOiJ3aW5kb3dzIiwiaWF0IjoxNzM3NzIxNzk3LCJleHAiOjE3Mzc3MjUzOTd9.3kc02SzYvApV30Mkr7PtnRWV1dsDtrJmhfuFt3FGExw","sourceIndex":"244"}],"sampleFiles":["250128/RisePlatformsInstaller-250124/3.1.0/Samples/quick-cpu-4.11.0.0-installer_85S-421.exe","250128/RisePlatformsInstaller-250124/3.1.0/Samples/yt-free-downloader-1-installer_K-G9XB1.exe","250128/RisePlatformsInstaller-250124/3.1.0/Samples/fakeflashtest-1.1.5-installer_N-7GVi1.exe","250128/RisePlatformsInstaller-250124/3.1.0/Samples/hashcalc-2.02-installer_Uz-O4R1.exe","250128/RisePlatformsInstaller-250124/3.1.0/Samples/hp-laserjet-1020-drivers-20120918-installer_SY-orM2.exe"],"imageFiles":["250128/RisePlatformsInstaller-250124/3.1.0/Images/ACR-013/ACR-013_Install_1.png","250128/RisePlatformsInstaller-250124/3.1.0/Images/ACR-013/ACR-013_Install_2.png","250128/RisePlatformsInstaller-250124/3.1.0/Images/ACR-039/ACR-039_Install_1.png","250128/RisePlatformsInstaller-250124/3.1.0/Images/ACR-039/ACR-039_Install_2.png","250128/RisePlatformsInstaller-250124/3.1.0/Images/ACR-014/ACR-014_Install_1.png","250128/RisePlatformsInstaller-250124/3.1.0/Images/ACR-060/ACR-014_Install_1.png","250128/RisePlatformsInstaller-250124/3.1.0/Images/ACR-060/ACR-013_Install_1.png"],"nonDeceptorImageFiles":[],"guid":"58687cb7-6947-4dbd-a812-0138650640d2_3.1.0_1","appID":"RisePlatformsInstaller-250124","dateAdded":"250128","deceptorType":"Bundler","name":"RisePlatformsInstaller","company":"Sigma Gold (Rise Code LTD)","version":"3.1.0","lastKnownStatus":"3.1.0","lastKnownDate":"250128","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 7,Windows 8,Windows 10,Windows 11","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"install offers","lastUpdate":"2025-01-28T21:14:47.9975318+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":386},{"violations":{"ACR-004":"App only provide one time free fix for the items reported during free scan, and requires register/payment to perform further fix.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"pcdsetup.exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"c3d8621fd8c82c37e2b3416cb18b0f0b","hashSHA1":"bf1faf2f85e0a2fc59484667d89377f3c34d10a5","hashSHA256":"5bb4618c2881a2d00fdb7beb57aefc68c85ea01b394bd279158ed280144e7b2c","digitalCertThumbprint":"06B83948E25D00946766504F0DB4B09DF465726A","digitalCertIssuer":"CN=DigiCert EV Code Signing CA (SHA2), OU=www.digicert.com, O=DigiCert Inc, C=US","digitalCertIssuedTo":"CN=\"Aegis Software Services, LLC\", O=\"Aegis Software Services, LLC\", L=Surfside Beach, S=South Carolina, C=US, SERIALNUMBER=7051609, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.2=Delaware, OID.1.3.6.1.4.1.311.60.2.1.3=US","sourceIndex":"245","avBlockList":["ESET Internet Security (20250417)","FortectPremium (20250417)","G DATA INTERNET SECURITY (20250417)","K7 Total Security (20250417)","KasperskyPremium (20250417)","Malwarebytes Premium (20250417)","Panda Dome (20250417)","Quick Heal Internet Security (20250417)","Sophos Home Premium (20250417)","SpyHunter5 (20250417)","VirIT eXplorer PRO (20250417)","Webroot SecureAnywhere (20250417)"],"avAllowList":["360 Total Security (20250417)","Avast Premium Security (20250417)","AVG Internet Security (20250417)","Avira Internet Security (20250417)","Bitdefender Internet Security (20250417)","COMODO Antivirus (20250417)","Dr.Web Security Space (20250417)","McAfee Total Protection (20250417)","Norton Security (20250417)","Total AV Antivirus Pro (20250417)","Trend Micro Internet Security (20250417)","VIPRE Advanced Security (20250417)","Windows Defender (20250417)"]},{"isRevoked":"False","fileName":"PrivacyScanner.exe","fileVersion":"1.2","hashMD5":"ecabbe06aa2137bb4b9cbd5a1a9f7bd0","hashSHA1":"99d09bd0461f92f81827aa85da714bd85113fa17","hashSHA256":"35b9243da32a0c1c65bbc98474f27c479e7254deb188dc3e35073d0fabc80324","digitalCertThumbprint":"0F02B90538C6B28648766A68785C3373E0279BAF","digitalCertIssuer":"CN=DigiCert EV Code Signing CA (SHA2), OU=www.digicert.com, O=DigiCert Inc, C=US","digitalCertIssuedTo":"CN=\"Aegis Software Services, LLC\", O=\"Aegis Software Services, LLC\", L=Surfside Beach, S=South Carolina, C=US, SERIALNUMBER=7051609, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.2=Delaware, OID.1.3.6.1.4.1.311.60.2.1.3=US","sourceIndex":"245","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Vendor Sign-ups","reference":"","landingPage":"https://privacyscanner.com/","directDownloadingLink":"https://privacyscanner.com/download.php","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://privacyscanner.com/download.php","sourceIndex":"245"}],"sampleFiles":["250122/PrivacyScanner-250121/1.2.9.0/Samples/pcdsetup.exe","250122/PrivacyScanner-250121/1.2.9.0/Samples/PrivacyScanner.exe"],"imageFiles":["250122/PrivacyScanner-250121/1.2.9.0/Images/ACR-004/NoFreeRepairs.PNG"],"nonDeceptorImageFiles":[],"guid":"b3a15987-9125-419c-b28b-c1e98b0169e0_1.2.9.0_1","appID":"PrivacyScanner-250121","dateAdded":"250122","deceptorType":"App","name":"Privacy Scanner","company":"Patriot Digital Solutions, Ltd","version":"1.2.9.0","lastKnownStatus":"1.2.9.0","lastKnownDate":"250122","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 10,Windows 11","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,paid","lastUpdate":"2025-01-22T23:05:52.3378869+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":387},{"violations":{"ACR-048":"Disabling x-finder has no effect. The app restricts users from modifying the default search engine settings by disabling the \"Make Default\" option for each options. \n","ACR-006":"Search queries entered into the search box are redirected to the undisclosed search engine (potterfun.com, gamic.me during testing) via intermediary domains ai-search.org and another site (search-more.com and g.query2search.com) while queries entered using the address (URL) bar are redirected to Google.\n","ACR-086":"Search queries data are redirected to the undisclosed search engine without notifying user.\n"},"nonDeceptorViolations":{"ACR-065":"The app must disclose EULA during installation.\nThe app must disclose the EULA within the software.\n","ACR-035":"No EULA/Terms of Service is provided for the app.\n","ACR-036":"The search relationship with the search providers is not disclosed on the landing page or in the documentation.\n"},"samples":[{"isRevoked":"False","fileName":"NinjaBrowser_installer.exe","isInstaller":"True","companyName":"NinjaBrowser                                                ","fileVersion":"0.0","hashMD5":"53e7fe6d3a14014c4491fa354b09892c","hashSHA1":"3f6c3ae7e0225592f833b3584073ed0ef0b9418f","hashSHA256":"ab9ec62cf6570828cf39c285d1fab954ba12e001cc3d7d3b5c1c986f0388b6fa","sourceIndex":"247","avBlockList":["360 Total Security (20250327)","Avast Premium Security (20250327)","AVG Internet Security (20250327)","Avira Internet Security (20250327)","Bitdefender Internet Security (20250327)","COMODO Antivirus (20250327)","Dr.Web Security Space (20250327)","ESET Internet Security (20250327)","FortectPremium (20250327)","G DATA INTERNET SECURITY (20250327)","K7 Total Security (20250327)","KasperskyPremium (20250327)","Malwarebytes Premium (20250327)","McAfee Total Protection (20250327)","Norton Security (20250327)","Panda Dome (20250327)","Quick Heal Internet Security (20250327)","Sophos Home Premium (20250327)","SpyHunter5 (20250327)","Total AV Antivirus Pro (20250327)","VIPRE Advanced Security (20250327)","Webroot SecureAnywhere (20250327)","VirIT eXplorer PRO (20250327)"],"avAllowList":["Trend Micro Internet Security (20250327)","Windows Defender (20250327)"]},{"isRevoked":"False","fileName":"NinjaBrowser.exe","companyName":"The Ninja Browser Authors","fileVersion":"128.0","hashMD5":"14db7cdebba564a7bdca859cfb9d3cdc","hashSHA1":"1ca2783cdf2a8df9fb3fb12ce2156a52da4fb2a7","hashSHA256":"a3050e6c558d0e9aff0859687439fe891a526a3347ef35aeedcbb8277e5e91c5","sourceIndex":"247","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"random search","reference":"","landingPage":"https://nb-download.com/","directDownloadingLink":"https://nb-download.com/installer/setup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://nb-download.com/installer/setup.exe","sourceIndex":"247"}],"sampleFiles":["250116/NinjaBrowser-240102/128.0.6613.123/Samples/NinjaBrowser_installer.exe","250116/NinjaBrowser-240102/128.0.6613.123/Samples/NinjaBrowser.exe"],"imageFiles":["250116/NinjaBrowser-240102/128.0.6613.123/Images/ACR-086/addressbar.mp4","250116/NinjaBrowser-240102/128.0.6613.123/Images/ACR-086/searchbar.mp4","250116/NinjaBrowser-240102/128.0.6613.123/Images/ACR-086/searchbar_2.mp4","250116/NinjaBrowser-240102/128.0.6613.123/Images/ACR-048/ACR-048_Software_1.png","250116/NinjaBrowser-240102/128.0.6613.123/Images/ACR-006/searchbar_2.mp4","250116/NinjaBrowser-240102/128.0.6613.123/Images/ACR-006/searchbar.mp4","250116/NinjaBrowser-240102/128.0.6613.123/Images/ACR-006/addressbar.mp4"],"nonDeceptorImageFiles":["250116/NinjaBrowser-240102/128.0.6613.123/Images/ACR-065/ACR-065_Install_1.png","250116/NinjaBrowser-240102/128.0.6613.123/Images/ACR-065/ACR-065_Software_1.png","250116/NinjaBrowser-240102/128.0.6613.123/Images/ACR-036/ACR-036_Docs_1.png","250116/NinjaBrowser-240102/128.0.6613.123/Images/ACR-036/ACR-036_Docs_2.png","250116/NinjaBrowser-240102/128.0.6613.123/Images/ACR-036/ACR-036_Docs_3.png"],"guid":"2413ae1b-0096-4c66-b57e-d0ad94623d15_128.0.6613.123_1","appID":"NinjaBrowser-240102","dateAdded":"250116","deceptorType":"App","name":"Ninja Browser","company":"Ninja Browser Inc.","version":"128.0.6613.123","lastKnownStatus":"128.0.6613.123","lastKnownDate":"250116","type":"Windows Executable","category":"Personalization & Search","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10,Windows 11","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Adults only","monetization":"search","lastUpdate":"2025-01-16T19:30:30.6176183+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":388},{"violations":{"ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software.\n","ACR-055":"Accept or Decline for optional offers must be obvious. Unchecking a preselected checkbox for another offer is not a straightforward way to indicate a decline. \n","ACR-059":"Offer is not clearly marked as optional.\n","ACR-155":"Unrelated offer is disguised as part of the install workflow.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"TLauncher-Installer-1.6.0.exe","isInstaller":"True","companyName":"TLauncher Inc.","fileVersion":"2.9307","hashMD5":"57e620a87b7833573da5f0bde42b5500","hashSHA1":"2a96e628e785400a5e43da2456cc3f166fea10b3","hashSHA256":"62eb81b2347c51e94f7fea399714645aa456c732dcb71425ddd2c35102643901","digitalCertThumbprint":"EC074F3C9C6126055A094D75B97D7940BF353CA2","digitalCertIssuer":"C=US, S=Illinois, L=Chicago, O=\"Trustwave Holdings, Inc.\", CN=\"Trustwave Global Code Signing CA, Level 1\"","digitalCertIssuedTo":"C=SC, L=Victoria, O=TLauncher Inc., CN=TLauncher Inc.","sourceIndex":"249","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Submitted to DeceptorReport","reference":"","landingPage":"https://tlauncher.org/en/","directDownloadingLink":"https://tlauncher.org/installer","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://tlauncher.org/installer","sourceIndex":"249"}],"sampleFiles":["250114/TLauncher-250114/2.9307/Samples/TLauncher-Installer-1.6.0.exe"],"imageFiles":["250114/TLauncher-250114/2.9307/Images/ACR-055/operaoffer.png","250114/TLauncher-250114/2.9307/Images/ACR-013/operaoffer.png","250114/TLauncher-250114/2.9307/Images/ACR-059/operaoffer.png","250114/TLauncher-250114/2.9307/Images/ACR-155/operaoffer.png"],"nonDeceptorImageFiles":[],"guid":"027279ea-8532-4580-b790-bf98a36b4c66_2.9307_1","appID":"TLauncher-250114","dateAdded":"250114","deceptorType":"App","name":"TLauncher","company":"TLauncher Inc.","version":"2.9307","type":"Windows Executable","category":"Games","targetOS":"Windows 10,Windows 11","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"install offers,up-sell to paid","lastUpdate":"2025-01-15T00:00:06.7275321+00:00","notDistributed":false,"numInFamily":0,"numInAppID":1,"sortOrder":389},{"violations":{"ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software.\n","ACR-055":"Accept or Decline for optional offers must be obvious. Unchecking a preselected checkbox for another offer is not a straightforward way to indicate a decline.\n","ACR-059":"Offers are not clearly marked as optional, and it is unclear who recommended them or the source of the recommendations.\n","ACR-155":"Unrelated Offers are designed to look like part of the install workflow.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"burnaware_free_18.3.exe","isInstaller":"True","companyName":"Burnaware                                                   ","fileVersion":"18.3","hashMD5":"da02640b1d3b9e36434fc3c3ff3966cd","hashSHA1":"bbbb8451e83e6e44b3ae8bcafc55e955c179c7d2","hashSHA256":"b7933e3167b18650688d2f63bf30d3a8c45b5be6a43b004d0372f42bf07cc019","digitalCertThumbprint":"0EDB486D58145DD42D712A6AF1B0FC48E0EF5153","digitalCertIssuer":"CN=Microsoft ID Verified CS EOC CA 01, O=Microsoft Corporation, C=US","digitalCertIssuedTo":"CN=BURNAWARE SL, O=BURNAWARE SL, L=MARBELLA, S=Málaga, C=ES","sourceIndex":"267","avBlockList":["Avast Premium Security (20250116)","AVG Internet Security (20250116)","Avira Internet Security (20250116)","FortectPremium (20250116)","K7 Total Security (20250116)","Norton Security (20250116)","Panda Dome (20250116)","Sophos Home Premium (20250116)","SpyHunter5 (20250116)","Total AV Antivirus Pro (20250116)","VIPRE Advanced Security (20250116)","VirIT eXplorer PRO (20241226)","Webroot SecureAnywhere (20250116)","Windows Defender (20250116)"],"avAllowList":["360 Total Security (20250116)","Bitdefender Internet Security (20250116)","COMODO Antivirus (20250116)","Dr.Web Security Space (20250116)","ESET Internet Security (20250116)","G DATA INTERNET SECURITY (20250116)","KasperskyPremium (20250116)","Malwarebytes Premium (20250116)","McAfee Total Protection (20250116)","Quick Heal Internet Security (20250116)","Trend Micro Internet Security (20250116)"]}],"additionalFiles":[],"sources":[{"howFound":"discovered through a search for the optional offer (WinX DVD Ripper)during the Glorylogic app installation","reference":"","landingPage":"https://www.burnaware.com/","directDownloadingLink":"https://www.burnaware.com/downloads/burnaware_free_18.3.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.burnaware.com/downloads/burnaware_free_18.3.exe","sourceIndex":"267"}],"sampleFiles":["241223/BurnAwareFree-241218/18.3.0.0/Samples/burnaware_free_18.3.exe"],"imageFiles":["241223/BurnAwareFree-241218/18.3.0.0/Images/ACR-055/ACR-055_Install_1.png","241223/BurnAwareFree-241218/18.3.0.0/Images/ACR-055/ACR-055_Install_2.png","241223/BurnAwareFree-241218/18.3.0.0/Images/ACR-013/ACR-013_Install_1.png","241223/BurnAwareFree-241218/18.3.0.0/Images/ACR-013/ACR-013_Install_2.png","241223/BurnAwareFree-241218/18.3.0.0/Images/ACR-059/ACR-059_Bundler-made offers_1.png","241223/BurnAwareFree-241218/18.3.0.0/Images/ACR-059/ACR-059_Bundler-made offers_2.png","241223/BurnAwareFree-241218/18.3.0.0/Images/ACR-155/ACR-155_Bundler-made offers_1.png"],"nonDeceptorImageFiles":[],"guid":"0c2d623e-3dd0-426f-969f-940e23bf0717_18.3.0.0_1","appID":"BurnAwareFree-241218","dateAdded":"250114","deceptorType":"App","name":"BurnAware Free","company":"Burnaware","version":"18.3.0.0","firstVendorContactDate":"241227","firstAppEsteemReplyDate":"241227","firstResolvedDate":"250115","firstResolvedVersion":"18.4.1","resolved":"TRUE","lastKnownStatus":"18.3.0.0;18.4","lastKnownDate":"250114","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10,Windows 11","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,install offers","lastUpdate":"2025-01-15T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":391},{"violations":{"ACR-004":"The application doesn't offer free fixes for free scanning items that are not the recurring items generated by system, instead requiring users to pay for a subscription to resolve them. \n","ACR-014":"The application doesn't offer free fixes for app features leaving operations incomplete, instead requiring users to pay for a subscription to resolve them. \n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"PAssist_ProDemo_20250110.15994084.exe","isInstaller":"True","companyName":"AOMEI International Network Limited.                        ","fileVersion":"10.7","hashMD5":"2a3cf5b35d2b8321877bb5f78c674c81","hashSHA1":"735c26731797f3e68b66a4049196a0169caa5f3c","hashSHA256":"36c0b13972a4663aaf61808d3e0a7a497ba331f99f59f71cc4250a7644c88dfd","digitalCertThumbprint":"257F56D595316F1E2810D992911AC064E193830C","digitalCertIssuer":"CN=Sectigo Public Code Signing CA R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=AOMEI International Network Limited, O=AOMEI International Network Limited, S=Hong Kong, C=HK","sourceIndex":"248","avBlockList":["COMODO Antivirus (20250327)","ESET Internet Security (20250327)","FortectPremium (20250327)","K7 Total Security (20250327)","Panda Dome (20250327)","Quick Heal Internet Security (20250327)","Sophos Home Premium (20250327)","SpyHunter5 (20250327)","VirIT eXplorer PRO (20250327)","Webroot SecureAnywhere (20250327)"],"avAllowList":["360 Total Security (20250327)","Avast Premium Security (20250327)","AVG Internet Security (20250327)","Avira Internet Security (20250327)","Bitdefender Internet Security (20250327)","Dr.Web Security Space (20250327)","G DATA INTERNET SECURITY (20250327)","KasperskyPremium (20250327)","Malwarebytes Premium (20250327)","McAfee Total Protection (20250327)","Norton Security (20250327)","Total AV Antivirus Pro (20250327)","Trend Micro Internet Security (20250327)","VIPRE Advanced Security (20250327)","Windows Defender (20250327)"]},{"isRevoked":"False","fileName":"PartAssist.exe","companyName":"AOMEI Technology Co., Ltd.","fileVersion":"10.7","hashMD5":"d0f1ad8a8212dddce42f63a3db214ed5","hashSHA1":"743e6aa126fa7a0ba4e961692ada022137b6759b","hashSHA256":"fd05e5412e44119e8ffb674d738a70b2b88693ebaa3136d6b5b653ed634f5cb0","digitalCertThumbprint":"257F56D595316F1E2810D992911AC064E193830C","digitalCertIssuer":"CN=Sectigo Public Code Signing CA R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=AOMEI International Network Limited, O=AOMEI International Network Limited, S=Hong Kong, C=HK","sourceIndex":"248","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"random search","reference":"aomei fast recovery","landingPage":"https://www.aomei.de/partition-manager/","directDownloadingLink":"https://www2.aomeisoftware.com/download/pa/PAssist_ProDemo.exe?cfv=20250115.15994084","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www2.aomeisoftware.com/download/pa/PAssist_ProDemo.exe?cfv=20250115.15994084","sourceIndex":"248"}],"sampleFiles":["250114/AOMEIPartitionAssistant-250114/10.7.0.0/Samples/PAssist_ProDemo_20250110.15994084.exe","250114/AOMEIPartitionAssistant-250114/10.7.0.0/Samples/PartAssist.exe"],"imageFiles":["250114/AOMEIPartitionAssistant-250114/10.7.0.0/Images/ACR-004/ACR-014_Software_5.png","250114/AOMEIPartitionAssistant-250114/10.7.0.0/Images/ACR-004/ACR-014_Software_3.png","250114/AOMEIPartitionAssistant-250114/10.7.0.0/Images/ACR-014/ACR-014_Software_1.png","250114/AOMEIPartitionAssistant-250114/10.7.0.0/Images/ACR-014/ACR-014_Software_2.png","250114/AOMEIPartitionAssistant-250114/10.7.0.0/Images/ACR-014/ACR-014_Software_3.png","250114/AOMEIPartitionAssistant-250114/10.7.0.0/Images/ACR-014/ACR-014_Software_4.png","250114/AOMEIPartitionAssistant-250114/10.7.0.0/Images/ACR-014/ACR-014_Software_5.png","250114/AOMEIPartitionAssistant-250114/10.7.0.0/Images/ACR-014/ACR-014_Software_6.png","250114/AOMEIPartitionAssistant-250114/10.7.0.0/Images/ACR-014/ACR-014_Software_7.png"],"nonDeceptorImageFiles":[],"guid":"f0c45785-75a7-462f-893d-24a2afca37c1_10.7.0.0_1","appID":"AOMEIPartitionAssistant-250114","dateAdded":"250114","deceptorType":"App","name":"AOMEI Partition Assistant","company":"AOMEI International Network Limited","version":"10.7.0.0","lastKnownStatus":"10.7.0.0","lastKnownDate":"250114","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10,Windows 11","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2025-01-15T00:11:48.8639686+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":392},{"violations":{"ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software.\n","ACR-055":"Accept or Decline for optional offers must be obvious. Unchecking a preselected checkbox for another offer is not a straightforward way to indicate a decline.\n","ACR-059":"Offers are not clearly marked as optional, and it is unclear who recommended them or the source of the recommendations.\n","ACR-155":"Unrelated Offers are designed to look like part of the install workflow.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"burnaware_free_18.4.exe","isInstaller":"True","companyName":"Burnaware                                                   ","fileVersion":"18.4","hashMD5":"34a439c1163ca6f51e776384e1b1b58c","hashSHA1":"31123bb88b76f9c9e49bc9010064bc1635a7deda","hashSHA256":"0299fa472a98cb28f43d10823a9a96f3e64cadbcfdc7fcab929157b97a5137ac","digitalCertThumbprint":"50E67BD214FC6A4449E18A6C47542EF4846E7D7C","digitalCertIssuer":"CN=Microsoft ID Verified CS AOC CA 01, O=Microsoft Corporation, C=US","digitalCertIssuedTo":"CN=BURNAWARE SL, O=BURNAWARE SL, L=MARBELLA, S=Málaga, C=ES","sourceIndex":"246","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Follow-up","reference":"","landingPage":"https://www.burnaware.com/","directDownloadingLink":"https://www.burnaware.com/downloads/burnaware_free_18.3.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.burnaware.com/downloads/burnaware_free_18.3.exe","sourceIndex":"246"}],"sampleFiles":["250114/BurnAwareFree-241218/18.4/Samples/burnaware_free_18.4.exe"],"imageFiles":["250114/BurnAwareFree-241218/18.4/Images/ACR-055/ACR-055_Install_2.png","250114/BurnAwareFree-241218/18.4/Images/ACR-013/ACR-013_Install_2.png","250114/BurnAwareFree-241218/18.4/Images/ACR-059/ACR-059_Bundler-made offers_2.png","250114/BurnAwareFree-241218/18.4/Images/ACR-155/offer.png"],"nonDeceptorImageFiles":[],"guid":"0c2d623e-3dd0-426f-969f-940e23bf0717_18.4_1","appID":"BurnAwareFree-241218","dateAdded":"250114","deceptorType":"App","name":"BurnAware Free","company":"Burnaware","version":"18.4","firstVendorContactDate":"241227","firstAppEsteemReplyDate":"241227","firstResolvedDate":"250115","firstResolvedVersion":"18.4.1","resolved":"TRUE","lastKnownStatus":"18.3.0.0;18.4","lastKnownDate":"250114","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10,Windows 11","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,install offers","lastUpdate":"2025-01-17T02:16:41.8729363+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":390},{"violations":{"ACR-004":"The application doesn't provide a free fix (recovery) instead offering a subscription that the user needs to pay to fix it.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"FastRecoveryTrial_20250110.15994084.exe","isInstaller":"True","companyName":"AOMEI International Network Limited.                        ","fileVersion":"3.0","hashMD5":"9ac69b27b3147edc287b03ce33b99e9f","hashSHA1":"b3e36351e41996a8d65de802944c2f9363e01f83","hashSHA256":"32d0b6708a3728846a3305b6c9550bb6fe2cff8ef4f46950eb11864433877e19","digitalCertThumbprint":"257F56D595316F1E2810D992911AC064E193830C","digitalCertIssuer":"CN=Sectigo Public Code Signing CA R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=AOMEI International Network Limited, O=AOMEI International Network Limited, S=Hong Kong, C=HK","sourceIndex":"250","avBlockList":["COMODO Antivirus (20250327)","ESET Internet Security (20250327)","K7 Total Security (20250327)","Panda Dome (20250327)","Sophos Home Premium (20250327)","SpyHunter5 (20250327)","VirIT eXplorer PRO (20250327)","Webroot SecureAnywhere (20250327)","FortectPremium (20250327)"],"avAllowList":["360 Total Security (20250327)","Avast Premium Security (20250327)","AVG Internet Security (20250327)","Avira Internet Security (20250327)","Bitdefender Internet Security (20250327)","Dr.Web Security Space (20250327)","G DATA INTERNET SECURITY (20250327)","KasperskyPremium (20250327)","Malwarebytes Premium (20250327)","McAfee Total Protection (20250327)","Norton Security (20250327)","Quick Heal Internet Security (20250327)","Total AV Antivirus Pro (20250327)","Trend Micro Internet Security (20250327)","VIPRE Advanced Security (20250327)","Windows Defender (20250327)"]},{"isRevoked":"False","fileName":"FastRecovery.exe","companyName":"AOMEI International Network Limited","fileVersion":"3.0","hashMD5":"b2b99c92017bc58e90c80588588fc5d9","hashSHA1":"5b908bfdd2c14c75b2bf1f0a12fdeed172057536","hashSHA256":"1a33f41fb9b888119331e85928d654e705fe8bebce7eb06cfbfa09021591119b","digitalCertThumbprint":"257F56D595316F1E2810D992911AC064E193830C","digitalCertIssuer":"CN=Sectigo Public Code Signing CA R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=AOMEI International Network Limited, O=AOMEI International Network Limited, S=Hong Kong, C=HK","sourceIndex":"250","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"random search","reference":"","landingPage":"https://www.diskpart.com/de/data-fast-recovery/download.html","directDownloadingLink":"https://www2.aomeisoftware.com/download/afr/FastRecoveryTrial.exe?cfv=20250113.16041592","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www2.aomeisoftware.com/download/afr/FastRecoveryTrial.exe?cfv=20250113.16041592","sourceIndex":"250"}],"sampleFiles":["250113/AOMEIFastRecovery-250113/3.0.0/Samples/FastRecoveryTrial_20250110.15994084.exe","250113/AOMEIFastRecovery-250113/3.0.0/Samples/FastRecovery.exe"],"imageFiles":["250113/AOMEIFastRecovery-250113/3.0.0/Images/ACR-004/ACR-004_Software_1.png","250113/AOMEIFastRecovery-250113/3.0.0/Images/ACR-004/ACR-004_Software_2.png"],"nonDeceptorImageFiles":[],"guid":"4d36cbd6-101c-4178-8888-eb382f1bc3b8_3.0.0_1","appID":"AOMEIFastRecovery-250113","dateAdded":"250113","deceptorType":"App","name":"AOMEI Fast Recovery","company":"AOMEI International Network Limited","version":"3.0.0","lastKnownStatus":"3.0.0","lastKnownDate":"250113","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10,Windows 11","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2025-01-13T20:16:41.7494637+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":393},{"violations":{"ACR-003":"The app uses vague descriptions such as \"dirty\" and \"dangerous\" to describe the system status without any substantiation or what those descriptors even mean. When the button to fix the issues is selected, the program only fixes a select amount of the total amount of issues and refuses to fix the rest without a purchase from the consumer. \n","ACR-004":"The app uses vague descriptors to highlight problems, such as \"dirty\" or \"dangerous\" without substantiation. While free fixes are provided, the fix is only partial and a subscription purchase must be made for the full fix. \n","ACR-014":"Scan results shown by the software are described using baseless but threatening-sounding language such as \"dirty\", \"dangerous\", or \"critical\". Such descriptions are unfair and misleading because they are not substantiated and do not provide any real insight to what the problem is. \n"},"nonDeceptorViolations":{"ACR-065":"The install wizard contains no obvious links to the app's EULA or Terms of Service, etc. \nThe app contains no obvious links to a EULA or Terms of Service, etc. \n","ACR-161":"The app claims an \"editor's choice\" rating of five stars, yet there is no indication as to what such editor is and no way to verify the raiting. \nThe app's page claims that it has over 16,000 five-star ratings, yet there is no way to see where these ratings are from and no way to verify whether such ratings are true. \n","ACR-036":"No obvious EULA or TOS is present\n"},"samples":[{"isRevoked":"False","fileName":"MacShiny.pkg","isInstaller":"True","companyName":"Cyan Soft Ltd.","fileVersion":"0.","hashMD5":"","hashSHA1":"","hashSHA256":"30449c50b581613b0ebbeaf18d3fa1a4e402a55d3801056cf1c6363e496ce6f9","sourceIndex":"557","avBlockList":["360 Total Security (20190422)","Avast Internet Security (20190422)","AVG Internet Security (20190422)","Avira Internet Security (20190422)","Bitdefender Internet Security (20190422)","Dr.Web Security Space (20190422)","ESET Internet Security (20190422)","G DATA INTERNET SECURITY (20190422)","Kaspersky Internet Security (20190422)","VIPRE Advanced Security (20190422)","Windows Defender (20190422)","Avast Security for Mac (20240910)","Avira Security for Mac (20240910)","Bitdefender Antivirus for Mac (20240910)","ESET Cyber Security Pro for Mac (20240910)","G DATA AntiVirus for Mac (20240910)","K7 Antivirus for Mac (20240910)","Kaspersky Internet Security for Mac (20240910)","McAfee Internet Security for Mac (20240910)","Norton Security for Mac (20210810)","Sophos Home Premium For Mac (20240910)","Trend Micro Antivirus for Mac (20240910)","SpyHunterforMac (20240910)"],"avAllowList":["COMODO Antivirus (20190422)","F-PROT Antivirus for Windows (20190422)","Malwarebytes Premium (20190422)","Norton Security (20190422)","Panda Dome (20190422)","Quick Heal Internet Security (20190422)","SpyHunter5 (20190422)","Tencent PC Manager (20190422)","Trend Micro Internet Security (20190422)","VirIT eXplorer PRO (20190422)","Webroot SecureAnywhere (20190422)"]},{"isRevoked":"False","fileName":"MacShiny.app.zip","companyName":"Cyan Soft Ltd.","fileVersion":"0.","hashMD5":"","hashSHA1":"","hashSHA256":"87878625e2d07db61aa68fadb89c69fba49f0d0d813905e21b9d55d78cb6170e","sourceIndex":"557","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"MacShiny-190514","isInstaller":"True","fileVersion":"0.","hashMD5":"","hashSHA1":"","hashSHA256":"371996f61ac903bab17f0269d65e8864bb14b35b932ea33d7477b803926b0fb2","sourceIndex":"557","avBlockList":["Avast Security for Mac (20241010)","Avira Security for Mac (20241010)","Bitdefender Antivirus for Mac (20241010)","ESET Cyber Security Pro for Mac (20241010)","G DATA AntiVirus for Mac (20241010)","Kaspersky Internet Security for Mac (20241010)","McAfee Internet Security for Mac (20241010)","Norton Security for Mac (20241010)","SpyHunterforMac (20241010)","Trend Micro Antivirus for Mac (20241010)"],"avAllowList":["K7 Antivirus for Mac (20241010)","Sophos Home Premium For Mac (20241010)"]},{"isRevoked":"False","fileName":"MacShiny-190514.pkg","isInstaller":"True","fileVersion":"0.","hashMD5":"","hashSHA1":"","hashSHA256":"98673e9cdb87f3e19534f6aedce5889db06e77e9993ee67d5154f4c23fd85ec0","sourceIndex":"557","avBlockList":["Avast Security for Mac (20241112)","Avira Security for Mac (20241112)","Bitdefender Antivirus for Mac (20241112)","ESET Cyber Security Pro for Mac (20241112)","G DATA AntiVirus for Mac (20241112)","K7 Antivirus for Mac (20241112)","Kaspersky Internet Security for Mac (20241112)","McAfee Internet Security for Mac (20241112)","Norton Security for Mac (20241112)","Sophos Home Premium For Mac (20241112)","SpyHunterforMac (20241112)","Trend Micro Antivirus for Mac (20241112)"],"avAllowList":[]},{"isRevoked":"False","fileName":"MacShiny[2].pkg","isInstaller":"True","fileVersion":"0.","hashMD5":"efdf6322b11dc64c7d9162995f4ff14a","hashSHA1":"3f280113c6843086a8c2e8eb57a888531a85c080","hashSHA256":"687bc22d8ffe4cbd5c3922f62397b746746213552d6badb88f45f738cea2c92a","sourceIndex":"557","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"MacShiny [2].pkg","isInstaller":"True","fileVersion":"0.","hashMD5":"4acc7c92306b74d480588af1c7a32631","hashSHA1":"137979640f8eeb5aaa68598b226dbe9f7893e4ec","hashSHA256":"77d21496a596c81acc6110e21f9d5282391d8900df573173fa191b91dbb07076","sourceIndex":"557","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"MacShiny.v4.1.5 [3].pkg","isInstaller":"True","fileVersion":"0.","hashMD5":"8f54f3acd512faa02e90821afd33c575","hashSHA1":"e36ceef6bdea7425d1714148d7b3fa1a0d30203f","hashSHA256":"3ae253c34750bfe587b01c286cc137066d098ffcb483f82bf6eb45e3d48481cb","sourceIndex":"557","avBlockList":["Avast Security for Mac (20250408)","Avira Security for Mac (20250408)","Bitdefender Antivirus for Mac (20250408)","ESET Cyber Security Pro for Mac (20250408)","G DATA AntiVirus for Mac (20250408)","K7 Antivirus for Mac (20250408)","Kaspersky Internet Security for Mac (20250408)","McAfee Internet Security for Mac (20250408)","Norton Security for Mac (20250408)","Sophos Home Premium For Mac (20250408)","SpyHunterforMac (20250408)","Trend Micro Antivirus for Mac (20250408)"],"avAllowList":[]},{"isRevoked":"False","fileName":"MacShiny.v4.1.5 [4].pkg","isInstaller":"True","fileVersion":"0.","hashMD5":"19fbd3b14e5d644d781fd26f4704b682","hashSHA1":"9b11e3ecb0925874709042b2d4269838e73bc4a3","hashSHA256":"07d8705bbf31ed1eec26308f4e0a52f6ec29b79017e01c301e439f4b2b03968a","sourceIndex":"557","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"MacShiny.v4.1.5 [5].pkg","isInstaller":"True","fileVersion":"0.","hashMD5":"c0de5e8bfc697431392f5e80b027822f","hashSHA1":"57ce7bd7a2a5cba3e9d3fe6144cb45aae1cb3465","hashSHA256":"3df2b2d0bfb53c218fc8e237416b59861bf5975a419e62766d22bdbc86eeac21","sourceIndex":"557","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"MacShiny.v4.1.0.pkg","isInstaller":"True","fileVersion":"0.","hashMD5":"","hashSHA1":"","hashSHA256":"515777b1ef29bd5a4a06495bf6bc5e1bec92625cda65d2e94332e13eefaaa7d2","sourceIndex":"557","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"MacShiny","fileVersion":"0.","hashMD5":"","hashSHA1":"","hashSHA256":"e22181a835127650ccad8b5622ac4d73386e4ffa236733e5653a2e273e24fa3a","sourceIndex":"557","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"MacShiny.v4.1.5.dmg","isInstaller":"True","fileVersion":"0.","hashMD5":"5e96fc60f73cb715745a8c2af41e3dce","hashSHA1":"231cc56daeb4a79baf8bd69e1fb2563b36e9f531","hashSHA256":"efbdb150b707a1059b2f3a5162c4d3ba21553245a3da295479c4d163f6da5103","sourceIndex":"557","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"MacShinyv415","fileVersion":"0.","hashMD5":"44e1685187683b8abccdc62dde19b5da","hashSHA1":"2218975bf1a31236edfe08f94785174616836de0","hashSHA256":"9c2f9e48573e82f2dabfb61b4b6a6b5a6718668e3efa4ece9692b83c2fb77a09","sourceIndex":"557","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.search","reference":"Google Search \"how to speed up mac\"","landingPage":"http://macshiny.com/lp/g3/lp_3_easy_steps_to_clean_your_Mac_1_param?alert=0&sp=blwshd&igaexp=48&gclid=EAIaIQobChMIiqqBn5rW1QIVTmp-Ch0lfwk4EAAYBCAAEgISW_D_BwE&fowid=140187058231669131","ipv4":"","ipv6":"","sourceIndex":"557"}],"sampleFiles":["240906/D-MacShiny-170813/4.1.5/Samples/MacShiny.pkg","240906/D-MacShiny-170813/4.1.5/Samples/MacShiny.app.zip","240906/D-MacShiny-170813/4.1.5/Samples/MacShiny-190514","240906/D-MacShiny-170813/4.1.5/Samples/MacShiny-190514.pkg","240906/D-MacShiny-170813/4.1.5/Samples/MacShiny[2].pkg","240906/D-MacShiny-170813/4.1.5/Samples/MacShiny [2].pkg","240906/D-MacShiny-170813/4.1.5/Samples/MacShiny.v4.1.5 [3].pkg","240906/D-MacShiny-170813/4.1.5/Samples/MacShiny.v4.1.5 [4].pkg","240906/D-MacShiny-170813/4.1.5/Samples/MacShiny.v4.1.5 [5].pkg","240906/D-MacShiny-170813/4.1.5/Samples/MacShiny.v4.1.5.dmg","240906/D-MacShiny-170813/4.1.5/Samples/MacShinyv415"],"imageFiles":["240906/D-MacShiny-170813/4.1.5/Images/ACR-003/Screen Shot 2019-04-12 at 10.13.25 AM.png","240906/D-MacShiny-170813/4.1.5/Images/ACR-003/Screen Shot 2019-04-12 at 10.18.02 AM.png","240906/D-MacShiny-170813/4.1.5/Images/ACR-014/Screen Shot 2019-04-12 at 10.13.25 AM.png","240906/D-MacShiny-170813/4.1.5/Images/ACR-004/Screen Shot 2019-04-12 at 10.13.25 AM.png","240906/D-MacShiny-170813/4.1.5/Images/ACR-004/Screen Shot 2019-04-12 at 10.25.03 AM.png"],"nonDeceptorImageFiles":["240906/D-MacShiny-170813/4.1.5/Images/ACR-065/Screen Shot 2019-04-08 at 11.04.27 AM.png","240906/D-MacShiny-170813/4.1.5/Images/ACR-065/Screen Shot 2019-04-12 at 10.19.28 AM.png","240906/D-MacShiny-170813/4.1.5/Images/ACR-161/Screen Shot 2019-04-12 at 10.18.02 AM.png","240906/D-MacShiny-170813/4.1.5/Images/ACR-161/Screen Shot 2019-04-12 at 10.25.22 AM.png"],"guid":"d355a9f2-2e9b-4e6f-b394-304acf9658be_4.1.5_1","appID":"D-MacShiny-170813","dateAdded":"250108","deceptorType":"MacOS App","name":"MacShiny","company":"MacShiny","version":"4.1.5","sigName":"Deceptor:MacOS/MacShiny!003004","lastKnownStatus":"Deceptor: 3.9.7,4.1.5,4.0.9,4,1,2;4.1.5;4.1.8","lastKnownDate":"250108","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2025-01-08T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":5,"sortOrder":397},{"violations":{"ACR-155":"Ads are designed such that they have the appearance of real download buttons for the app, potentially misleading the user into clicking them.\n"},"nonDeceptorViolations":{},"samples":[],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"google search: \"opera download\"","landingPage":"https://www.filehorse.com/download-opera-64/","ipv4":"","ipv6":"","sourceIndex":"253"}],"sampleFiles":[],"imageFiles":["250108/Filehorse-250107/250107/Images/ACR-155/ACR-155_Ads inside app_1.png","250108/Filehorse-250107/250107/Images/ACR-155/ACR-155_Ads inside app_2.png"],"nonDeceptorImageFiles":[],"guid":"c1b64431-a3f4-47f6-a653-4d2de57fdc30_250107_1","appID":"Filehorse-250107","dateAdded":"250108","deceptorType":"Download Site","name":"Filehorse","company":"Filehorse","version":"250107","lastKnownStatus":"250108","lastKnownDate":"250108","type":"Download Site","category":"Personalization & Search","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"display ads","lastUpdate":"2025-01-09T00:00:47.5200209+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":394},{"violations":{"ACR-155":"Ads are designed such that they have the appearance of real download buttons for the app, potentially misleading the user into clicking them.\n"},"nonDeceptorViolations":{},"samples":[],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"google search: \"opera download\"","landingPage":"https://opera.apponic.com/","ipv4":"","ipv6":"","sourceIndex":"251"}],"sampleFiles":[],"imageFiles":["250108/Apponic-250107/250107/Images/ACR-155/ACR-155_Ads inside app_1.png","250108/Apponic-250107/250107/Images/ACR-155/ACR-155_Ads inside app_2.png","250108/Apponic-250107/250107/Images/ACR-155/ACR-155_Ads inside app_3.png"],"nonDeceptorImageFiles":[],"guid":"129ba6cb-9480-47d8-b7c9-57d25694754b_250107_1","appID":"Apponic-250107","dateAdded":"250108","deceptorType":"Download Site","name":"Apponic","company":"Apponic","version":"250107","lastKnownStatus":"250108","lastKnownDate":"250108","type":"Download Site","category":"Personalization & Search","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"display ads","lastUpdate":"2025-01-09T00:02:13.8353077+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":401},{"violations":{"ACR-003":"App exaggeratedly claims system health condition, misleads user to take action purchase the app. \n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"MacShiny.dmg","isInstaller":"True","companyName":"cyan soft Ltd.","productName":"MacShiny","productVersion":"3.9.7","fileVersion":"3.9.7","hashMD5":"f8b7712f4680084922326320bb98dbf3","hashSHA1":"552d215a3b871af1c539834653a47392c02303bd","hashSHA256":"03ec745fb142463cdaa93e66ddc9a7f9be9df557602b2d47b6dc764cabdd485f","digitalCertThumbprint":"CA11908255E5A7615B777E39AAA483870D318958","digitalCertIssuer":"cyan soft Ltd. (68A8KE3488)","digitalCertIssuedTo":"cyan soft Ltd. (68A8KE3488)","sourceIndex":"3100","dateAdded":"170816","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Advertising","reference":"Mac Cleaner","landingPage":"http://macshiny.com/lp/g3/lp_3_easy_steps_to_clean_your_Mac_1_param?alert=0&sp=blwshd&igaexp=48&gclid=EAIaIQobChMIiqqBn5rW1QIVTmp-Ch0lfwk4EAAYBCAAEgISW_D_BwE&fowid=140187058231669131","ipv4":"","ipv6":"","sourceIndex":"3100"}],"sampleFiles":[],"imageFiles":["190412/D-MacShiny-170813/3.9.7/Images/ACR-003/MacShinyScanResult.PNG","190412/D-MacShiny-170813/3.9.7/Images/ACR-003/MacShinyScanResult2.PNG","190412/D-MacShiny-170813/3.9.7/Images/ACR-003/MacShinyScanResult3.PNG","190412/D-MacShiny-170813/3.9.7/Images/ACR-003/MacShinyScanResult4.PNG"],"nonDeceptorImageFiles":[],"guid":"d355a9f2-2e9b-4e6f-b394-304acf9658be_3.9.7_1","appID":"D-MacShiny-170813","dateAdded":"250108","deceptorType":"MacOS App","name":"MacShiny","company":"MacShiny","version":"3.9.7","sigName":"Deceptor:MacOS/MacShiny!003","lastKnownStatus":"Deceptor: 3.9.7,4.1.5,4.0.9,4,1,2;4.1.5;4.1.8","lastKnownDate":"250108","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2025-01-08T00:00:00+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":5,"sortOrder":400},{"violations":{"ACR-003":"The app uses vague descriptions such as \"dirty\" and \"dangerous\" to describe the system status without any substantiation or what those descriptors even mean. When the button to fix the issues is selected, the program only fixes a select amount of the total amount of issues and refuses to fix the rest without a purchase from the consumer. \n","ACR-004":"The app does not provide free fixes for all free scan results.\n","ACR-014":"Scan results shown by the software are described using baseless but threatening-sounding language such as \"dirty\", \"dangerous\", or \"critical\". Such descriptions are unfair and misleading because they are not substantiated and do not provide any real insight to what the problem is. \n"},"nonDeceptorViolations":{"ACR-065":"The install wizard contains no obvious links to the app's EULA or Terms of Service, etc. \nThe app contains no obvious links to a EULA or Terms of Service, etc. \n","ACR-161":"The app claims an \"editor's choice\" rating of five stars, yet there is no indication as to what such editor is and no way to verify the raiting. \nThe app's page claims that it has over 14,000,000 five-star ratings, yet there is no way to see where these ratings are from and no way to verify whether such ratings are true. \n"},"samples":[{"isRevoked":"False","fileName":"MacShiny.pkg","isInstaller":"True","fileVersion":"0.","hashMD5":"cc7fda5d1b3772e519a1cae929a5daa2","hashSHA1":"74b57279381772e2e48899d4113fe09ed2033f47","hashSHA256":"9ae2d611f65c3bd40bc1e9aa287242229948a41811b2f70651615e10c11be448","sourceIndex":"2897","avBlockList":["Avast Security for Mac (20220208)","Avira Security for Mac (20220208)","Bitdefender Antivirus for Mac (20220208)","ESET Cyber Security Pro for Mac (20220208)","G DATA AntiVirus for Mac (20220208)","K7 Antivirus for Mac (20220208)","McAfee Internet Security for Mac (20220208)","Norton Security for Mac (20220208)","Sophos Home Premium For Mac (20220208)","Trend Micro Antivirus for Mac (20220208)"],"avAllowList":["Kaspersky Internet Security for Mac (20220208)"]},{"isRevoked":"False","fileName":"MacShiny","fileVersion":"0.","hashMD5":"c811e9eb49dd1aa6bd2da04388a2ed45","hashSHA1":"f274d81e72b6aa66de466521410463309bc9b6bb","hashSHA256":"d903f21972aff7b331bde81ff32640d4b1b947a0f65cd9604ee7e0ca6d194208","sourceIndex":"2897","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Advertising","reference":"Mac Cleaner","landingPage":"http://macshiny.com/lp/g3/lp_3_easy_steps_to_clean_your_Mac_1_param?alert=0&sp=blwshd&igaexp=48&gclid=EAIaIQobChMIiqqBn5rW1QIVTmp-Ch0lfwk4EAAYBCAAEgISW_D_BwE&fowid=140187058231669131","ipv4":"","ipv6":"","sourceIndex":"2897"}],"sampleFiles":["190813/D-MacShiny-170813/4.0.9/Samples/MacShiny.pkg","190813/D-MacShiny-170813/4.0.9/Samples/MacShiny"],"imageFiles":["190813/D-MacShiny-170813/4.0.9/Images/ACR-003/Screen Shot 2019-08-09 at 10.38.06 AM.png","190813/D-MacShiny-170813/4.0.9/Images/ACR-014/Screen Shot 2019-08-09 at 10.38.06 AM.png","190813/D-MacShiny-170813/4.0.9/Images/ACR-004/Free Trial MacShiny.gif"],"nonDeceptorImageFiles":["190813/D-MacShiny-170813/4.0.9/Images/ACR-065/Screen Shot 2019-08-09 at 10.35.48 AM.png","190813/D-MacShiny-170813/4.0.9/Images/ACR-065/Screen Shot 2019-08-09 at 10.38.06 AM.png","190813/D-MacShiny-170813/4.0.9/Images/ACR-161/Trial Limit Page.png","190813/D-MacShiny-170813/4.0.9/Images/ACR-161/Screen Shot 2019-08-09 at 10.55.11 AM.png"],"guid":"d355a9f2-2e9b-4e6f-b394-304acf9658be_4.0.9_1","appID":"D-MacShiny-170813","dateAdded":"250108","deceptorType":"MacOS App","name":"MacShiny","company":"MacShiny","version":"4.0.9","sigName":"Deceptor:MacOS/MacShiny!003004014","lastKnownStatus":"Deceptor: 3.9.7,4.1.5,4.0.9,4,1,2;4.1.5;4.1.8","lastKnownDate":"250108","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2025-01-08T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":5,"sortOrder":399},{"violations":{"ACR-048":"The app does not provide a control to close \"TrayAgent\" process, if performed force quit using \"Activity Monitor\" it closes and re-opens within few seconds\n","ACR-003":"The app uses vague descriptions such as \"dirty\" and \"dangerous\" to describe the system status without any substantiation or what those descriptors even mean. When the button to fix the issues is selected, the program only fixes a select amount of the total amount of issues and refuses to fix the rest without a purchase from the consumer. \n","ACR-004":"The app uses color graphics, vague descriptors to highlight issues, such as \"dirty\" or \"dangerous\" without substantiation. While free fixes are provided, the fix is only partial and a subscription purchase must be made for the full fix. \n","ACR-017":"Unable to verify logos\nUnable to verify logos\nUnable to verify logos\nUnable to verify logos\n","ACR-084":"The app runs silently in the background without consumers knowledge despite the fact that it is closed\n","ACR-014":"Scan results shown by the software are described using baseless but threatening-sounding language such as \"dirty\", \"dangerous\", or \"critical\". Such descriptions are unfair and misleading because they are not substantiated and do not provide any real insight to what the issue is.\n","ACR-124":"The app displays more than one confirmation prompts during uninstall process\n"},"nonDeceptorViolations":{"ACR-045":"The landing page mentions \"Free Download\", free misleads consumer as the app does not offer complete free fixes for the identified issues.\n","ACR-065":"The install wizard contains no obvious links to the app's EULA or Terms of Service, etc. \nThe app contains no obvious links to a EULA or Terms of Service, etc. \nThe offers page contains no obvious links to a EULA or Terms of Service, etc. \n","ACR-161":"Unable to verify testimonials\n","ACR-120":"The app offers comparable value proposition at lesser price for a life time subscription during uninstall process.\n","ACR-171":"The app does not clearly disclose details about the recurring payment information in the offers page\n","ACR-017":"Unable to verify logos\n"},"samples":[{"isRevoked":"False","fileName":"MacShiny-2.pkg","isInstaller":"True","companyName":"MacShiny","productName":"MacShiny","productVersion":"4.1.2","fileVersion":"4.1.2","hashMD5":"cd628d740975b6cf1a6543a6c94a5e5b","hashSHA1":"ae52094cd8343041861265c257c615d241b25c24","hashSHA256":"2ef3cf6a7d16f0b04d7c88988d22196afd26586b4181e59ef910f99caff3687d","digitalCertThumbprint":"18AB5BAC-2B71-C375-EE87-1E830E851610","digitalCertIssuer":"Apple Root CA","digitalCertIssuedTo":"Cyan soft Ltd. (68A8KE3488)","sourceIndex":"2511","avBlockList":["Avast Security for Mac (20210511)","Avira Security for Mac (20210511)","Bitdefender Antivirus for Mac (20210511)","ESET Cyber Security Pro for Mac (20210511)","G DATA AntiVirus for Mac (20210511)","Kaspersky Internet Security for Mac (20210511)","McAfee Internet Security for Mac (20210511)","Norton Security for Mac (20210511)","Sophos Home Premium For Mac (20210511)","Trend Micro Antivirus for Mac (20210511)"],"avAllowList":["K7 Antivirus for Mac (20210511)"]},{"isRevoked":"False","fileName":"lipo","companyName":"MacShiny","productName":"MacShiny","productVersion":"4.1.2","fileVersion":"4.1.2","hashMD5":"11386165ab677ae7c5f3c424e001549c","hashSHA1":"1406e1ec6b132bf11e95f08a73b98c256bc15556","hashSHA256":"2882c3408714e0013a61a7f1e5490597cf33a5dbca8e0d2538d32a6954a7e304","digitalCertThumbprint":"18AB5BAC-2B71-C375-EE87-1E830E851610","digitalCertIssuer":"Apple Root CA","digitalCertIssuedTo":"Cyan soft Ltd. (68A8KE3488)","sourceIndex":"2511","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"MacShiny","companyName":"MacShiny","productName":"MacShiny","productVersion":"4.1.2","fileVersion":"4.1.2","hashMD5":"b5bf27b88909f46748759bd340c469a4","hashSHA1":"b747899d883a134714f07dfe6ca3b453d03a39c3","hashSHA256":"371996f61ac903bab17f0269d65e8864bb14b35b932ea33d7477b803926b0fb2","digitalCertThumbprint":"18AB5BAC-2B71-C375-EE87-1E830E851610","digitalCertIssuer":"Apple Root CA","digitalCertIssuedTo":"Cyan soft Ltd. (68A8KE3488)","sourceIndex":"2511","avBlockList":["Avast Security for Mac (20241010)","Avira Security for Mac (20241010)","Bitdefender Antivirus for Mac (20241010)","ESET Cyber Security Pro for Mac (20241010)","G DATA AntiVirus for Mac (20241010)","Kaspersky Internet Security for Mac (20241010)","McAfee Internet Security for Mac (20241010)","Norton Security for Mac (20241010)","SpyHunterforMac (20241010)","Trend Micro Antivirus for Mac (20241010)"],"avAllowList":["K7 Antivirus for Mac (20241010)","Sophos Home Premium For Mac (20241010)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Advertising","reference":"Mac Cleaner","landingPage":"http://macshiny.com/lp/g3/lp_3_easy_steps_to_clean_your_Mac_1_param?alert=0&sp=blwshd&igaexp=48&gclid=EAIaIQobChMIiqqBn5rW1QIVTmp-Ch0lfwk4EAAYBCAAEgISW_D_BwE&fowid=140187058231669131","ipv4":"","ipv6":"","sourceIndex":"2511"},{"howFound":"","reference":"","landingPage":"https://top10cleaners.org/?url=https://macshiny.com/lp/g5/lp_mac_free_download&sp=blwshd&top10_redir=track&ADWORD=SRC*sn*KW*free%20mac%20cleaner*CR*274122716125*MT*e*TG**PL**DV*c*AP**CID*1415711260*GID*61143826692*LOCP*9033255*NW*g*FID*&gclid=EAIaIQobChMI_ar7us3S6AIVEcNkCh1_sw7cEAMYASAAEgL7DPD_BwE","ipv4":"","ipv6":"","sourceIndex":"2512"}],"sampleFiles":["200407/D-MacShiny-170813/4.1.2/Samples/MacShiny-2.pkg","200407/D-MacShiny-170813/4.1.2/Samples/lipo","200407/D-MacShiny-170813/4.1.2/Samples/MacShiny"],"imageFiles":["200407/D-MacShiny-170813/4.1.2/Images/ACR-017/ACR-017_InternalOffers_Logos_Aren't_Verifiable.png","200407/D-MacShiny-170813/4.1.2/Images/ACR-017/ACR-017_InternalOffers_Unable_To_Verify_Logo.png","200407/D-MacShiny-170813/4.1.2/Images/ACR-003/ACR-003_Software_Doesn't_Substantiate_Identified_Results.png","200407/D-MacShiny-170813/4.1.2/Images/ACR-017/ACR-017_Software_Unable_To_Verify_Logos.png","200407/D-MacShiny-170813/4.1.2/Images/ACR-084/ACR-084_Software_Runs_Silently.png","200407/D-MacShiny-170813/4.1.2/Images/ACR-048/ACR-048_Software_Doesn't_Provide_Control.png","200407/D-MacShiny-170813/4.1.2/Images/ACR-017/ACR-017_Uninstall_Unable_To_Verify_Logos.png","200407/D-MacShiny-170813/4.1.2/Images/ACR-014/ACR-004_Software_Provides_Partial_Fix.png","200407/D-MacShiny-170813/4.1.2/Images/ACR-014/ACR-004_Software_Raises_Urgency.png","200407/D-MacShiny-170813/4.1.2/Images/ACR-014/ACR-004_Software_Raises_Urgency1.png","200407/D-MacShiny-170813/4.1.2/Images/ACR-004/ACR-004_Software_Raises_Urgency.png","200407/D-MacShiny-170813/4.1.2/Images/ACR-004/ACR-004_Software_Raises_Urgency1.png","200407/D-MacShiny-170813/4.1.2/Images/ACR-017/ACR-017_InlineOffers_Unable_To_Verify_Logos.png","200407/D-MacShiny-170813/4.1.2/Images/ACR-124/ACR-124_Uninstall_Confirmation_Prompts_More_Than_Once.png"],"nonDeceptorImageFiles":["200407/D-MacShiny-170813/4.1.2/Images/ACR-045/ACR-045_Landingpage_Misleading_FreeDownload_Button.png","200407/D-MacShiny-170813/4.1.2/Images/ACR-065/ACR-065_Install_No_Docs.png","200407/D-MacShiny-170813/4.1.2/Images/ACR-065/ACR-065_Software_Doesn't_Disclose_EULA&PrivacyPolicy.png","200407/D-MacShiny-170813/4.1.2/Images/ACR-065/ACR-065_InlineOffers_Doesn't_Disclose_Docs.png","200407/D-MacShiny-170813/4.1.2/Images/ACR-161/ACR-161_Landingpage_Unable_To_Verify_Testimonials.png","200407/D-MacShiny-170813/4.1.2/Images/ACR-017/ACR-017_LandingPage_Unable_To_Verify_EditorChoice_logo.png","200407/D-MacShiny-170813/4.1.2/Images/ACR-017/ACR-017_LandingPage_Unable_To_Verify_Logos.png","200407/D-MacShiny-170813/4.1.2/Images/ACR-120/ACR-120_Uninstall_Offers_Low_Price.png","200407/D-MacShiny-170813/4.1.2/Images/ACR-171/ACR-171_InlineOffers_Doesn't_Disclose_Recurring_Details.png"],"guid":"d355a9f2-2e9b-4e6f-b394-304acf9658be_4.1.2_1","appID":"D-MacShiny-170813","dateAdded":"250108","deceptorType":"MacOS App","name":"MacShiny","company":"MacShiny","version":"4.1.2","sigName":"Deceptor:MacOS/MacShiny!017003084048014004124","lastKnownStatus":"Deceptor: 3.9.7,4.1.5,4.0.9,4,1,2;4.1.5;4.1.8","lastKnownDate":"250108","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2025-01-08T00:00:00+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":5,"sortOrder":398},{"violations":{"ACR-003":"The app uses vague descriptions such as “slow”, \"dirty\" and \"dangerous\" to describe the system status without any substantiation or what those descriptors even mean. When the button to fix the issues is selected, the program only fixes a select amount of the total amount of issues and refuses to fix the rest without a purchase from the consumer. The app exaggerates system issues and raises urgency for the identified issues with \"Red\" font, thereby misleading or scaring the consumer to take action. It also uses traffic light colors and gauges.\n","ACR-004":"The app uses vague descriptors to highlight problems, such as \"dirty\" or \"dangerous\" without substantiation. While free fixes are provided, the fix is only partial and a subscription purchase must be made for the full fix. \n","ACR-014":"Scan results shown by the software are described using baseless but threatening-sounding language such as \"dirty\", \"dangerous\", or \"critical\". Such descriptions are unfair and misleading because they are not substantiated and do not provide any real insight to what the problem is.\n"},"nonDeceptorViolations":{"ACR-045":"\"Free Download\" highlights \"Free\" misleads user. The functionality that requires consumer payment in order to be activated needs to be marked clearly in landing page. Otherwise app should remove \"free\" word.\n","ACR-065":"The install wizard contains no obvious links to the app's EULA or Terms of Service, etc. \nThe app needs to disclose EULA, Terms of Service, Returns & Cancellation Policy, and Privacy Policy on the app's about page.\n","ACR-161":"The app claims an \"editor's choice\" rating of five stars, yet there is no indication as to what such editor is and no way to verify the raiting. \nThe app’s landing page has testimonials that have no links back to a source so consumers can verify if they're real.\nThe app claims an \"editor's choice\" rating of five stars, yet there is no indication as to what such editor is and no way to verify the rating. The app's page claims that it has over 16,000 five-star ratings, yet there is no way to see where these ratings are from and no way to verify whether such ratings are true. \n"},"samples":[{"isRevoked":"False","fileName":"MacShiny","fileVersion":"0.","hashMD5":"44e1685187683b8abccdc62dde19b5da","hashSHA1":"2218975bf1a31236edfe08f94785174616836de0","hashSHA256":"9c2f9e48573e82f2dabfb61b4b6a6b5a6718668e3efa4ece9692b83c2fb77a09","sourceIndex":"254","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"MacShiny.v4.1.5.pkg","isInstaller":"True","fileVersion":"0.","hashMD5":"8f54f3acd512faa02e90821afd33c575","hashSHA1":"e36ceef6bdea7425d1714148d7b3fa1a0d30203f","hashSHA256":"3ae253c34750bfe587b01c286cc137066d098ffcb483f82bf6eb45e3d48481cb","sourceIndex":"254","avBlockList":["Avast Security for Mac (20250408)","Avira Security for Mac (20250408)","Bitdefender Antivirus for Mac (20250408)","ESET Cyber Security Pro for Mac (20250408)","G DATA AntiVirus for Mac (20250408)","K7 Antivirus for Mac (20250408)","Kaspersky Internet Security for Mac (20250408)","McAfee Internet Security for Mac (20250408)","Norton Security for Mac (20250408)","Sophos Home Premium For Mac (20250408)","SpyHunterforMac (20250408)","Trend Micro Antivirus for Mac (20250408)"],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"Mac Cleaner","landingPage":"http://macshiny.com/","directDownloadingLink":"https://macshiny.com/Downloads/DownloadPkg?appId=1&av=4.1.5&ac=6n0AVSmile4ZA3bn5r&t=0&postinst=107&kpahid=1143601468524201388","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://macshiny.com/Downloads/DownloadPkg?appId=1&av=4.1.5&ac=6n0AVSmile4ZA3bn5r&t=0&postinst=107&kpahid=1143601468524201388","sourceIndex":"254"}],"sampleFiles":["250108/D-MacShiny-170813/4.1.8/Samples/MacShiny","250108/D-MacShiny-170813/4.1.8/Samples/MacShiny.v4.1.5.pkg"],"imageFiles":["250108/D-MacShiny-170813/4.1.8/Images/ACR-003/App1.png","250108/D-MacShiny-170813/4.1.8/Images/ACR-003/app2.png","250108/D-MacShiny-170813/4.1.8/Images/ACR-003/app5.png","250108/D-MacShiny-170813/4.1.8/Images/ACR-003/app6.png","250108/D-MacShiny-170813/4.1.8/Images/ACR-003/app16.png","250108/D-MacShiny-170813/4.1.8/Images/ACR-003/app17.png","250108/D-MacShiny-170813/4.1.8/Images/ACR-003/app18.png","250108/D-MacShiny-170813/4.1.8/Images/ACR-014/App1.png","250108/D-MacShiny-170813/4.1.8/Images/ACR-014/app2.png","250108/D-MacShiny-170813/4.1.8/Images/ACR-014/app5.png","250108/D-MacShiny-170813/4.1.8/Images/ACR-014/app6.png","250108/D-MacShiny-170813/4.1.8/Images/ACR-014/app16.png","250108/D-MacShiny-170813/4.1.8/Images/ACR-014/app17.png","250108/D-MacShiny-170813/4.1.8/Images/ACR-014/app18.png","250108/D-MacShiny-170813/4.1.8/Images/ACR-004/App1.png","250108/D-MacShiny-170813/4.1.8/Images/ACR-004/app2.png"],"nonDeceptorImageFiles":["250108/D-MacShiny-170813/4.1.8/Images/ACR-045/MacShiny - All-in-one maintenance tool for your Mac1.png","250108/D-MacShiny-170813/4.1.8/Images/ACR-045/MacShiny - All-in-one maintenance tool for your Mac2.png","250108/D-MacShiny-170813/4.1.8/Images/ACR-045/MacShiny - All-in-one maintenance tool for your Mac3.png","250108/D-MacShiny-170813/4.1.8/Images/ACR-065/install1.png","250108/D-MacShiny-170813/4.1.8/Images/ACR-065/app3.png","250108/D-MacShiny-170813/4.1.8/Images/ACR-161/app2.png","250108/D-MacShiny-170813/4.1.8/Images/ACR-161/MacShiny - All-in-one maintenance tool for your Mac.png","250108/D-MacShiny-170813/4.1.8/Images/ACR-161/Get MacShiny License with 94% discount1.png"],"guid":"d355a9f2-2e9b-4e6f-b394-304acf9658be_4.1.8_1","appID":"D-MacShiny-170813","dateAdded":"250108","deceptorType":"MacOS App","name":"MacShiny","company":"MacShiny","version":"4.1.8","lastKnownStatus":"Deceptor: 3.9.7,4.1.5,4.0.9,4,1,2;4.1.5;4.1.8","lastKnownDate":"250108","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2025-01-08T23:59:39.6517361+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":5,"sortOrder":396},{"violations":{"ACR-155":"Ads are designed such that they have the appearance of real download buttons for the app, potentially misleading the user into clicking them. \n"},"nonDeceptorViolations":{},"samples":[],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"google search: \"opera download\"","landingPage":"https://opera.en.download.it/","ipv4":"","ipv6":"","sourceIndex":"252"}],"sampleFiles":[],"imageFiles":["250108/DownloadIt-250107/250107/Images/ACR-155/ACR-155_Ads inside app_1.png","250108/DownloadIt-250107/250107/Images/ACR-155/ACR-155_Ads inside app_2.png","250108/DownloadIt-250107/250107/Images/ACR-155/ACR-155_Ads inside app_3.png"],"nonDeceptorImageFiles":[],"guid":"d98c06b1-b9bf-4dd4-9679-87b9ccba2e0b_250107_1","appID":"DownloadIt-250107","dateAdded":"250108","deceptorType":"Download Site","name":"DownloadIt","company":"download.it","version":"250107","lastKnownStatus":"250108","lastKnownDate":"250108","type":"Download Site","category":"Personalization & Search","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"display ads","lastUpdate":"2025-01-09T00:01:32.5652489+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":395},{"violations":{"ACR-155":"Ads are designed such that they have the appearance of real download buttons for the app, potentially misleading the user into clicking them.\n"},"nonDeceptorViolations":{},"samples":[],"additionalFiles":[],"sources":[{"howFound":"Hunt.search","reference":"","landingPage":"https://djvu-reader.com/en/","ipv4":"","ipv6":"","sourceIndex":"255"}],"sampleFiles":[],"imageFiles":["250106/djvuReader-250103/250103/Images/ACR-155/ACR-155_Bundler-made offers_1.jpeg"],"nonDeceptorImageFiles":[],"guid":"34873f71-1123-43c1-9f5f-beef5a27135b_250103_1","appID":"djvuReader-250103","dateAdded":"250106","deceptorType":"App","name":"djvuReader-250103","company":"DjVu Reader","version":"250103","lastKnownStatus":"250106","lastKnownDate":"250106","type":"Download Site","category":"Personalization & Search","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"display ads","lastUpdate":"2025-01-06T20:01:21.7924966+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":402},{"violations":{"ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software.\n","ACR-055":"Accept or Decline for optional offers must be obvious. Unchecking a preselected checkbox for another offer is not a straightforward way to indicate a decline.\n","ACR-059":"Offers are not clearly marked as optional, and it is unclear who recommended them or the source of the recommendations.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"pdfshaper_free_14.8.exe","isInstaller":"True","companyName":"Burnaware                                                   ","fileVersion":"14.8","hashMD5":"a91615c7d944b35870e455183420d3b2","hashSHA1":"882a5b25c3a3c09fbcfb8cac2dbab9bdc5e0ab0e","hashSHA256":"d1c562db4ad6f726bb0ba63b7d8182f359156f48e128d8590f5218b1a5efe5e4","digitalCertThumbprint":"89C2350B8D324ECDE615A61F9429F9AC9673D378","digitalCertIssuer":"CN=Microsoft ID Verified CS EOC CA 01, O=Microsoft Corporation, C=US","digitalCertIssuedTo":"CN=BURNAWARE SL, O=BURNAWARE SL, L=MARBELLA, S=Málaga, C=ES","sourceIndex":"268","avBlockList":["Avira Internet Security (20241226)","FortectPremium (20241226)","K7 Total Security (20241226)","Norton Security (20241226)","SpyHunter5 (20241226)","Total AV Antivirus Pro (20241226)","VirIT eXplorer PRO (20241226)","Webroot SecureAnywhere (20241226)"],"avAllowList":["360 Total Security (20241226)","Avast Premium Security (20241226)","AVG Internet Security (20241226)","Bitdefender Internet Security (20241226)","COMODO Antivirus (20241226)","Dr.Web Security Space (20241226)","ESET Internet Security (20241226)","G DATA INTERNET SECURITY (20241226)","KasperskyPremium (20241226)","Malwarebytes Premium (20241226)","McAfee Total Protection (20241226)","Panda Dome (20241226)","Quick Heal Internet Security (20241226)","Sophos Home Premium (20241226)","Trend Micro Internet Security (20241226)","VIPRE Advanced Security (20241226)","Windows Defender (20241226)"]}],"additionalFiles":[],"sources":[{"howFound":"discovered through a search for the optional offer (WinX DVD Ripper)during the Glorylogic app installation","reference":"","landingPage":"https://www.pdfshaper.com/","directDownloadingLink":"https://www.pdfshaper.com/downloads/pdfshaper_free_14.8.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.pdfshaper.com/downloads/pdfshaper_free_14.8.exe","sourceIndex":"268"}],"sampleFiles":["241223/PDFShaper-241218/14.8.0.0/Samples/pdfshaper_free_14.8.exe"],"imageFiles":["241223/PDFShaper-241218/14.8.0.0/Images/ACR-055/ACR-055_Install_1.png","241223/PDFShaper-241218/14.8.0.0/Images/ACR-013/ACR-013_Install_1.png","241223/PDFShaper-241218/14.8.0.0/Images/ACR-059/ACR-059_Bundler-made offers_1.png"],"nonDeceptorImageFiles":[],"guid":"3b8645f1-0fdd-407f-81af-053678906836_14.8.0.0_1","appID":"PDFShaper-241218","dateAdded":"241223","deceptorType":"App","name":"PDF Shaper Free","company":"Burnaware","version":"14.8.0.0","firstVendorContactDate":"241227","firstAppEsteemReplyDate":"241227","firstResolvedDate":"241227","firstResolvedVersion":"14.8.1","resolved":"TRUE","lastKnownStatus":"14.8.0.0","lastKnownDate":"241223","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10,Windows 11","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"install offers,up-sell to paid","lastUpdate":"2024-12-27T18:25:16.3995207+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":406},{"violations":{"ACR-155":"Ads are designed such that they have the appearance of real download buttons for the app, potentially misleading the user into clicking them.\n"},"nonDeceptorViolations":{},"samples":[],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"google search: \"opera download\"","landingPage":"https://www.softpedia.com/get/Internet/Browsers/Opera-for-Windows-without-Java.shtml","ipv4":"","ipv6":"","sourceIndex":"270"}],"sampleFiles":[],"imageFiles":["241223/Softpedia-241213/241213/Images/ACR-155/ACR-155_Ads inside app_1.png","241223/Softpedia-241213/241213/Images/ACR-155/ACR-155_Ads inside app_2.png"],"nonDeceptorImageFiles":[],"guid":"061e62d7-cd7d-42c1-bace-ba0d8fa7b205_241213_1","appID":"Softpedia-241213","dateAdded":"241223","deceptorType":"Download Site","name":"Softpedia-241213","company":"Softpedia","version":"241213","lastKnownStatus":"241223","lastKnownDate":"241223","type":"Download Site","category":"Personalization & Search","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"display ads","lastUpdate":"2024-12-23T23:19:50.6239381+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":405},{"violations":{"ACR-107":" The website doesn't download a legitimate launcher and does not indicate any authorization from the app's publisher aside from mentioning the publisher's name.  \n\n","ACR-005":" Ads on the page are designed to appear as standard download buttons which could potentially mislead the user.\n\n","ACR-014":" Users are led to believe that the version of Minecraft they are downloading is the demo version however they receive a non-functional launcher.\n\n","ACR-155":"Download ad for another app is inserted above the actual download button to masquerade itself as part of existing committed user workflows.\n"},"nonDeceptorViolations":{"ACR-056":" The website advertises a demo version of Minecraft and instead receive a non-functional launcher.\n\n"},"samples":[],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"google search: \"minecraft free for mac\"","landingPage":"https://minecraft.en.uptodown.com/mac/download","ipv4":"","ipv6":"","sourceIndex":"3119"}],"sampleFiles":[],"imageFiles":["190407/UpToDown-190405/190405/Images/ACR-005/UpToDown Top of the Page.png","190407/UpToDown-190405/190405/Images/ACR-014/UpToDown Damaged App.png","190407/UpToDown-190405/190405/Images/ACR-014/UpToDown Top of the Page.png","190407/UpToDown-190405/190405/Images/ACR-107/UpToDown Top of the Page.png","190407/UpToDown-190405/190405/Images/ACR-155/UpToDown Top of the Page.png"],"nonDeceptorImageFiles":["190407/UpToDown-190405/190405/Images/ACR-056/UpToDown Damaged App.png","190407/UpToDown-190405/190405/Images/ACR-056/UpToDown Top of the Page.png"],"guid":"c2c28542-647c-4eb5-8748-ddea7589b535_190405_1","appID":"UpToDown-190405","dateAdded":"241223","deceptorType":"Download Site","name":"minecraft.en.uptodown.com","company":"Uptodown","version":"190405","sigName":"Deceptor:Affiliate/minecraft.en.uptodown.com","lastKnownStatus":"190405;241223","lastKnownDate":"241223","type":"Download Site","category":"Personalization & Search","targetOS":"None","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"display ads","lastUpdate":"2024-12-23T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":404},{"violations":{"ACR-155":"Ads are designed such that they have the appearance of real download buttons for the app, potentially misleading the user into clicking them.\n"},"nonDeceptorViolations":{},"samples":[],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"google search: \"minecraft free for mac\"","landingPage":"https://minecraft.en.uptodown.com/mac/download","ipv4":"","ipv6":"","sourceIndex":"271"}],"sampleFiles":[],"imageFiles":["241223/UpToDown-190405/241212/Images/ACR-155/ACR-155_Ads inside app_1.png","241223/UpToDown-190405/241212/Images/ACR-155/ACR-155_Ads inside app_2.png"],"nonDeceptorImageFiles":[],"guid":"c2c28542-647c-4eb5-8748-ddea7589b535_241212_1","appID":"UpToDown-190405","dateAdded":"241223","deceptorType":"Download Site","name":"minecraft.en.uptodown.com","company":"Uptodown","version":"241212","lastKnownStatus":"190405;241223","lastKnownDate":"241223","type":"Download Site","category":"Personalization & Search","targetOS":"None","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"display ads","lastUpdate":"2024-12-23T23:13:51.3168909+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":403},{"violations":{"ACR-155":" Ads are designed such that they have the appearance of real download buttons for the app, potentially misleading the user into clicking them. \n"},"nonDeceptorViolations":{},"samples":[],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"google search: \"minecraft download\"","landingPage":"https://download.cnet.com/minecraft/3000-2097_4-75648482.html","ipv4":"","ipv6":"","sourceIndex":"269"}],"sampleFiles":[],"imageFiles":["241223/Cnet-241213/241213/Images/ACR-155/ACR-155_Ads inside app_1.png","241223/Cnet-241213/241213/Images/ACR-155/ACR-155_Ads inside app_2.png"],"nonDeceptorImageFiles":[],"guid":"89ac6a40-06f0-4ff6-9aa9-5d9c7ae6c453_241213_1","appID":"Cnet-241213","dateAdded":"241223","deceptorType":"Download Site","name":"Cnet-241213","company":"Cnet","version":"241213","lastKnownStatus":"241223","lastKnownDate":"241223","type":"Download Site","category":"Personalization & Search","targetOS":"","targetBrowser":"","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"display ads","lastUpdate":"2024-12-23T23:23:44.5092534+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":407},{"violations":{"ACR-013":" During installation, the user is interrupted by non-consented offers to silently install unrelated software.\n","ACR-055":"Accept or Decline for optional offers must be obvious. Unchecking a preselected checkbox for another offer is not a straightforward way to indicate a decline.\n","ACR-059":"Offers are not clearly marked as optional, and it is unclear who recommended them or the source of the recommendations.\n","ACR-155":"Unrelated Offers are designed to look like part of the install workflow. \n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"trueburner_10.1.exe","isInstaller":"True","companyName":"Glorylogic                                                  ","fileVersion":"10.1","hashMD5":"2ecfb74b5ceb5f80c1455d3aa134b16e","hashSHA1":"377a2c5deb7e89e69b17c3be6635ad920d2c04b4","hashSHA256":"b7886a177512819cf86348fbe6791b0152f4cd989f7a77e5e9b2048e5e5c0272","digitalCertThumbprint":"2E0F9D78B09E96967EE6617D557864EDFB18B2EF","digitalCertIssuer":"CN=Microsoft ID Verified CS AOC CA 02, O=Microsoft Corporation, C=US","digitalCertIssuedTo":"CN=BURNAWARE SL, O=BURNAWARE SL, L=MARBELLA, S=Málaga, C=ES","sourceIndex":"266","avBlockList":["Avast Premium Security (20241226)","AVG Internet Security (20241226)","Avira Internet Security (20241226)","ESET Internet Security (20241226)","FortectPremium (20241226)","K7 Total Security (20241226)","Malwarebytes Premium (20241226)","Norton Security (20241226)","Panda Dome (20241226)","SpyHunter5 (20241226)","Total AV Antivirus Pro (20241226)","VirIT eXplorer PRO (20241226)","Webroot SecureAnywhere (20241226)"],"avAllowList":["360 Total Security (20241226)","Bitdefender Internet Security (20241226)","COMODO Antivirus (20241226)","Dr.Web Security Space (20241226)","G DATA INTERNET SECURITY (20241226)","KasperskyPremium (20241226)","McAfee Total Protection (20241226)","Quick Heal Internet Security (20241226)","Sophos Home Premium (20241226)","Trend Micro Internet Security (20241226)","VIPRE Advanced Security (20241226)","Windows Defender (20241226)"]}],"additionalFiles":[],"sources":[{"howFound":"random search","reference":"","landingPage":"https://www.glorylogic.com/true-burner.html","directDownloadingLink":"https://www.glorylogic.com/downloads/trueburner_10.1.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.glorylogic.com/downloads/trueburner_10.1.exe","sourceIndex":"266"}],"sampleFiles":["241212/TrueBurner-241211/10.1.00/Samples/trueburner_10.1.exe"],"imageFiles":["241212/TrueBurner-241211/10.1.00/Images/ACR-055/ACR-055_Install_1.png","241212/TrueBurner-241211/10.1.00/Images/ACR-055/ACR-055_Install_2.png","241212/TrueBurner-241211/10.1.00/Images/ACR-013/ACR-013_Install_1.png","241212/TrueBurner-241211/10.1.00/Images/ACR-013/ACR-013_Install_2.png","241212/TrueBurner-241211/10.1.00/Images/ACR-059/ACR-059_Bundler-made offers_1.png","241212/TrueBurner-241211/10.1.00/Images/ACR-059/ACR-059_Bundler-made offers_2.png","241212/TrueBurner-241211/10.1.00/Images/ACR-155/ACR-155_Bundler-made offers_1.png"],"nonDeceptorImageFiles":[],"guid":"f613647b-8d75-448b-b072-214a2aae5a9d_10.1.00_1","appID":"TrueBurner-241211","dateAdded":"241212","deceptorType":"App","name":"True Burner","company":"Glorylogic","version":"10.1.00","firstVendorContactDate":"241227","firstAppEsteemReplyDate":"241227","firstResolvedDate":"241227","firstResolvedVersion":"10.2","resolved":"TRUE","lastKnownStatus":"10.1.00","lastKnownDate":"241212","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10,Windows 11","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"install offers,cross-sell other apps","lastUpdate":"2024-12-27T18:34:00.297779+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":409},{"violations":{"ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software. \n\n","ACR-055":"Accept or Decline for optional offers must be obvious. Unchecking a preselected checkbox for another offer is not a straightforward way to indicate a decline.\n","ACR-059":"Offers are not clearly marked as optional, and it is unclear who recommended them or the source of the recommendations.\n","ACR-155":"Unrelated Offers are designed to look like part of the install workflow.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"videoshaper_5.9.exe","isInstaller":"True","companyName":"Glorylogic                                                  ","fileVersion":"5.9","hashMD5":"7b77cd7f69e38e19ec35bbe6aaab2752","hashSHA1":"2dfcad845e68a30fef3a170fd004e8f93ef694f5","hashSHA256":"031899e2ff662185a3dc57ac39601b99d4a74dc1cb76705cdca17da66923d066","digitalCertThumbprint":"2E0F9D78B09E96967EE6617D557864EDFB18B2EF","digitalCertIssuer":"CN=Microsoft ID Verified CS AOC CA 02, O=Microsoft Corporation, C=US","digitalCertIssuedTo":"CN=BURNAWARE SL, O=BURNAWARE SL, L=MARBELLA, S=Málaga, C=ES","sourceIndex":"265","avBlockList":["Avast Premium Security (20241226)","AVG Internet Security (20241226)","Avira Internet Security (20241226)","ESET Internet Security (20241226)","FortectPremium (20241226)","G DATA INTERNET SECURITY (20241226)","K7 Total Security (20241226)","Malwarebytes Premium (20241226)","Norton Security (20241226)","Panda Dome (20241226)","SpyHunter5 (20241226)","Total AV Antivirus Pro (20241226)","VirIT eXplorer PRO (20241226)","Webroot SecureAnywhere (20241226)"],"avAllowList":["360 Total Security (20241226)","Bitdefender Internet Security (20241226)","COMODO Antivirus (20241226)","Dr.Web Security Space (20241226)","KasperskyPremium (20241226)","McAfee Total Protection (20241226)","Quick Heal Internet Security (20241226)","Sophos Home Premium (20241226)","Trend Micro Internet Security (20241226)","VIPRE Advanced Security (20241226)","Windows Defender (20241226)"]}],"additionalFiles":[],"sources":[{"howFound":"random search","reference":"","landingPage":"https://www.glorylogic.com/video-shaper.html","directDownloadingLink":"https://www.glorylogic.com/downloads/videoshaper_5.9.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.glorylogic.com/downloads/videoshaper_5.9.exe","sourceIndex":"265"}],"sampleFiles":["241212/VideoShaper-241210/5.9.0.0/Samples/videoshaper_5.9.exe"],"imageFiles":["241212/VideoShaper-241210/5.9.0.0/Images/ACR-055/ACR-055_Install_1.png","241212/VideoShaper-241210/5.9.0.0/Images/ACR-055/ACR-055_Install_2.png","241212/VideoShaper-241210/5.9.0.0/Images/ACR-013/ACR-013_Install_1.png","241212/VideoShaper-241210/5.9.0.0/Images/ACR-013/ACR-013_Install_2.png","241212/VideoShaper-241210/5.9.0.0/Images/ACR-059/ACR-059_Bundler-made offers_1.png","241212/VideoShaper-241210/5.9.0.0/Images/ACR-059/ACR-059_Bundler-made offers_2.png","241212/VideoShaper-241210/5.9.0.0/Images/ACR-155/ACR-155_Bundler-made offers_1.png"],"nonDeceptorImageFiles":[],"guid":"959b71e1-0270-4912-bc8c-af3191321227_5.9.0.0_1","appID":"VideoShaper-241210","dateAdded":"241212","deceptorType":"App","name":"Video Shaper","company":"Glorylogic","version":"5.9.0.0","firstVendorContactDate":"241227","firstAppEsteemReplyDate":"241227","firstResolvedDate":"241227","firstResolvedVersion":"5.9","resolved":"TRUE","lastKnownStatus":"5.9.0.0","lastKnownDate":"241212","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10,Windows 11","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"cross-sell other apps,install offers","lastUpdate":"2024-12-27T18:37:14.2651228+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":408},{"violations":{"ACR-155":"Ads are designed such that they have the appearance of real download buttons for the app, potentially misleading the user into clicking them.\n\n"},"nonDeceptorViolations":{},"samples":[],"additionalFiles":[],"sources":[{"howFound":"Hunt.search","reference":"google: \"Minecraft download free mac\"","landingPage":"minecraft.en.softonic.com","ipv4":"","ipv6":"","landingPageWildChar":"star.en.softonic.com","sourceIndex":"2648"}],"sampleFiles":[],"imageFiles":["190407/minecraftensoftonic-190405/190405/Images/ACR-155/ACR155.png"],"nonDeceptorImageFiles":[],"guid":"bfb67bef-53cd-4fc2-aa58-872ca8f55d20_190405_1","appID":"minecraftensoftonic-190405","dateAdded":"241205","deceptorType":"Download Site","name":"minecraft.en.softonic.com","company":"SOFTONIC INTERNATIONAL S.A.","version":"190405","sigName":"Deceptor:Affiliate/minecraft.en.softonic.com","firstResolvedVersion":"","lastKnownStatus":"241205","lastKnownDate":"241205","type":"Download Site","category":"Personalization & Search","targetOS":"None","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"display ads","lastUpdate":"2024-12-05T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":411},{"violations":{"ACR-155":"Ads are designed such that they have the appearance of real download buttons for the app, potentially misleading the user into clicking them.\n\n"},"nonDeceptorViolations":{},"samples":[],"additionalFiles":[],"sources":[{"howFound":"Hunt.search","reference":"google: \"Minecraft download free mac\"","landingPage":"minecraft.en.softonic.com","ipv4":"","ipv6":"","landingPageWildChar":"star.en.softonic.com","sourceIndex":"308"},{"howFound":"","reference":"","landingPage":"https://microsoft-excel.en.softonic.com/","ipv4":"","ipv6":"","sourceIndex":"309"}],"sampleFiles":[],"imageFiles":["241205/minecraftensoftonic-190405/241205/Images/ACR-155/ACR-155_Ads inside app_1.png","241205/minecraftensoftonic-190405/241205/Images/ACR-155/ACR-155_Ads inside app_2.png"],"nonDeceptorImageFiles":[],"guid":"bfb67bef-53cd-4fc2-aa58-872ca8f55d20_241205_1","appID":"minecraftensoftonic-190405","dateAdded":"241205","deceptorType":"Download Site","name":"minecraft.en.softonic.com","company":"SOFTONIC INTERNATIONAL S.A.","version":"241205","firstResolvedVersion":"","lastKnownStatus":"241205","lastKnownDate":"241205","type":"Download Site","category":"Personalization & Search","targetOS":"None","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"display ads","lastUpdate":"2024-12-09T19:10:53.5434295+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":410},{"violations":{"ACR-042":"The files related to the \"EagleGet New\" gets dropped even after unchecking the \"Install EagleGet New tab\" option.\n","ACR-043":"The \"Luminati\" and related components are dropped before obtaining the user's agree and consent\n","ACR-048":"After completely closing the app, the background process \"EGmonitor.exe\" continues to run. Additionally, if the user has resource sharing turned on, that service will continue to run\n","ACR-007":"App does not obtain user consent to reduce the consumer's security posture caused by sharing ip/network connection.\n","ACR-084":"On quitting the app completely, one of the processes still runs in the background hiding the fact that it is active from the consumer.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"eagleget-2-1-6-50.exe","isInstaller":"True","companyName":"EagleGet                                                    ","fileVersion":"2.1","hashMD5":"e96dd956bc2159ff1d073876ef5d4e58","hashSHA1":"a0da0d7c8394d646eb5a0f64be14397235f22704","hashSHA256":"14636b7fc900e2be3fee5abb409e3b7a3cdf5a99107bf6d7dcbcce4b26ee0d34","digitalCertThumbprint":"5D46AB1CD0560AEFEF056BA8AD158177280D7E49","digitalCertIssuer":"CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O=\"GoDaddy.com, Inc.\", L=Scottsdale, S=Arizona, C=US","digitalCertIssuedTo":"CN=Beijing Pu Technology Limited, O=Beijing Pu Technology Limited, L=Fengtai District, S=Beijing, C=CN","sourceIndex":"316","avBlockList":["Avast Premium Security (20250225)","AVG Internet Security (20250225)","Avira Internet Security (20250225)","Bitdefender Internet Security (20250225)","Dr.Web Security Space (20250225)","ESET Internet Security (20250225)","FortectPremium (20250225)","G DATA INTERNET SECURITY (20250225)","KasperskyPremium (20250225)","Malwarebytes Premium (20250225)","McAfee Total Protection (20250225)","Norton Security (20250225)","Panda Dome (20250225)","Quick Heal Internet Security (20250225)","Sophos Home Premium (20250225)","SpyHunter5 (20250225)","Total AV Antivirus Pro (20250225)","Trend Micro Internet Security (20250225)","VIPRE Advanced Security (20250225)","VirIT eXplorer PRO (20250225)","Webroot SecureAnywhere (20250225)"],"avAllowList":["360 Total Security (20250225)","COMODO Antivirus (20250225)","K7 Total Security (20250225)","Windows Defender (20250225)"]},{"isRevoked":"False","fileName":"EagleGet.exe","companyName":"EagleGet.com","fileVersion":"2.1","hashMD5":"3c4dd1443e03ce175a528e12565c0089","hashSHA1":"0cf63ef1f19ff607a10e6b28cbcbaccfcdc5fbfd","hashSHA256":"4ee513649cdf0925868df4cd7b17e4b67abc0e0a825570ae40ff400e418b4b9b","digitalCertThumbprint":"5D46AB1CD0560AEFEF056BA8AD158177280D7E49","digitalCertIssuer":"CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O=\"GoDaddy.com, Inc.\", L=Scottsdale, S=Arizona, C=US","digitalCertIssuedTo":"CN=Beijing Pu Technology Limited, O=Beijing Pu Technology Limited, L=Fengtai District, S=Beijing, C=CN","sourceIndex":"316","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Follow-up on old deceptors","reference":"","landingPage":"https://www.eagleget.org/download-for-windows","directDownloadingLink":"","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"","sourceIndex":"316"}],"sampleFiles":["241127/EagleGet-220107/2.1.6.50/Samples/eagleget-2-1-6-50.exe","241127/EagleGet-220107/2.1.6.50/Samples/EagleGet.exe"],"imageFiles":["241127/EagleGet-220107/2.1.6.50/Images/ACR-043/preinstall.png","241127/EagleGet-220107/2.1.6.50/Images/ACR-042/addon.png","241127/EagleGet-220107/2.1.6.50/Images/ACR-042/installoption.png","241127/EagleGet-220107/2.1.6.50/Images/ACR-084/background.png","241127/EagleGet-220107/2.1.6.50/Images/ACR-048/background.png","241127/EagleGet-220107/2.1.6.50/Images/ACR-007/BrightData.png"],"nonDeceptorImageFiles":[],"guid":"315d2e49-5969-4249-8a01-baa89621595c_2.1.6.50_1","appID":"EagleGet-220107","dateAdded":"241127","deceptorType":"App","name":"EagleGet","company":"Beijing Pu Technology Limited","version":"2.1.6.50","lastKnownStatus":"2.1.6.70;2.1.6.50","lastKnownDate":"241127","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2024-11-27T23:31:04.5368773+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":414},{"violations":{"ACR-043":"One or more third party components are installed which are not disclosed to the consumer in the EULA and offer or landing page. Ex.: SDService.exe, changeq.exe, checkupdate.exe, etc…\n","ACR-084":"1. The app creates undisclosed scheduled tasks to perform actions without the consumer's knowledge and consent. 2. The app runs silently in the background, hiding the fact that it is active from the consumer.\n","ACR-118":"When the user attempts to completely uninstall the application, app retains some of its components on the system without the consumer's consent\n","ACR-164":"The app needs to provide detailed information about how to cancel, renew notification and next payment term's price with these time-bound discount items.\n"},"nonDeceptorViolations":{"ACR-065":"The install does not display links to the Returns and Cancellation Policy, or the Privacy Policy. \nThe app does not display links to the EULA and/or Terms of Service, the Returns and Cancellation Policy, or the Privacy Policy. \nThe Landing Page does not display links to the EULA and/or Terms of Service, the Returns and Cancellation Policy, or the Privacy Policy.\nThe Internal Offers Page does not display links to the EULA and/or Terms of Service, the Returns and Cancellation Policy, or the Privacy Policy.\n","ACR-002":"The App's version is not consistent between App interaction , its install and Landing Page (version 2.1.0 vs version 2.0.0.0). \nThe App's version is not consistent between App interaction , its install and Landing Page (version 2.1.0 vs version 2.0.0.0). \nThe App's version is not consistent between App interaction , its install and Landing Page (version 2.1.0 vs version 2.0.0.0). \n","ACR-092":"The application does not have a digital signature.\n","ACR-099":"The application has no link or information that shows how it can be uninstalled. \nThe landing page has no link or information that shows how it can be uninstalled. \nThe internal offer page has no link or information that shows how it can be uninstalled.\n","ACR-167":"The application's has no mention of a 30 days refund policy.\n","ACR-171":"The offer for Download Protection requires the user to opt-out of the payment.\n"},"samples":[{"isRevoked":"False","fileName":"WinMend-History-Cleaner.exe","isInstaller":"True","companyName":"WinMend.com                                                 ","fileVersion":"0.0","hashMD5":"028d8a6c6d722c5dfdf74ec6ffc66844","hashSHA1":"3feeafc663bb5dc3bd5fc898d0858eb1f0cebed2","hashSHA256":"617ebc6457cc43884e8f311e2ecd7cf49cbec0919ebade868ecd89ec409279cf","sourceIndex":"356","avBlockList":["Avast Premium Security (20200903)","AVG Internet Security (20200903)","Avira Internet Security (20200903)","Bitdefender Internet Security (20200903)","Dr.Web Security Space (20200903)","ESET Internet Security (20200903)","G DATA INTERNET SECURITY (20200903)","K7 Total Security (20200903)","Kaspersky Internet Security (20200903)","Malwarebytes Premium (20200903)","McAfee Total Protection (20200903)","Norton Security (20200903)","Panda Dome (20200903)","Quick Heal Internet Security (20200903)","Sophos Home Premium (20200903)","SpyHunter5 (20200903)","Tencent PC Manager (20200903)","Total AV Antivirus Pro (20200903)","VIPRE Advanced Security (20200903)","VirIT eXplorer PRO (20200903)","Webroot SecureAnywhere (20200903)","Windows Defender (20200903)"],"avAllowList":["360 Total Security (20200903)","COMODO Antivirus (20200903)","Trend Micro Internet Security (20200903)"]},{"isRevoked":"False","fileName":"HistoryCleaner.exe","companyName":"WinMend.com","fileVersion":"2.0","hashMD5":"aaecb93a8a74aa59511767ec4ad8e316","hashSHA1":"41528a66b2fe2875e7a64ec250162246caf60428","hashSHA256":"44b7772de51077596a1dd2833fbcbf3c5ff73242d27e0eef8ef2b3e2cfec2696","sourceIndex":"356","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"google search \"windows junk cleaner\"","reference":"http://www.winmend.com","landingPage":"http://www.winmend.com/history-cleaner/","directDownloadingLink":"http://www.winmend.com/pad/download/WinMend-History-Cleaner.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://www.winmend.com/pad/download/WinMend-History-Cleaner.exe","sourceIndex":"356"}],"sampleFiles":["200818/WinMendHistoryCleaner-200818/2.0.0.0/Samples/WinMend-History-Cleaner.exe","200818/WinMendHistoryCleaner-200818/2.0.0.0/Samples/HistoryCleaner.exe"],"imageFiles":["200818/WinMendHistoryCleaner-200818/2.0.0.0/Images/ACR-043/WinMend_HistoryCleaner_ ThirdPartyComponents [1] .png","200818/WinMendHistoryCleaner-200818/2.0.0.0/Images/ACR-043/WinMend_HistoryCleaner_ ThirdPartyComponents [2] .png","200818/WinMendHistoryCleaner-200818/2.0.0.0/Images/ACR-084/WinMend_HistoryCleaner_ ThirdPartyComponents [2] .png","200818/WinMendHistoryCleaner-200818/2.0.0.0/Images/ACR-084/WinMend_HistoryCleaner_ ScheduledTasks [1] .png","200818/WinMendHistoryCleaner-200818/2.0.0.0/Images/ACR-118/WinMend_HistoryCleaner_ RetainedFilesAfterUninstall [1] .png","200818/WinMendHistoryCleaner-200818/2.0.0.0/Images/ACR-118/WinMend_HistoryCleaner_ RetainedFilesAfterUninstall [2] .png"],"nonDeceptorImageFiles":["200818/WinMendHistoryCleaner-200818/2.0.0.0/Images/ACR-065/WinMend_HistoryCleaner_Install [1].png","200818/WinMendHistoryCleaner-200818/2.0.0.0/Images/ACR-065/WinMend_HistoryCleaner_Install [2].png","200818/WinMendHistoryCleaner-200818/2.0.0.0/Images/ACR-002/WinMend_HistoryCleaner_Install [1].png","200818/WinMendHistoryCleaner-200818/2.0.0.0/Images/ACR-092/WinMend_HistoryCleaner_ FileProperties [1] .png","200818/WinMendHistoryCleaner-200818/2.0.0.0/Images/ACR-092/WinMend_HistoryCleaner_ FileProperties [2] DigitalSignature .png","200818/WinMendHistoryCleaner-200818/2.0.0.0/Images/ACR-092/WinMend_HistoryCleaner_ FileProperties [3] DigitalSignature.png","200818/WinMendHistoryCleaner-200818/2.0.0.0/Images/ACR-065/WinMend_HistoryCleaner_About [1].png","200818/WinMendHistoryCleaner-200818/2.0.0.0/Images/ACR-099/WinMend_HistoryCleaner_About [1].png","200818/WinMendHistoryCleaner-200818/2.0.0.0/Images/ACR-002/WinMend_HistoryCleaner_About [1].png","200818/WinMendHistoryCleaner-200818/2.0.0.0/Images/ACR-065/WinMend_HistoryCleaner_ LandingPage [1] .png","200818/WinMendHistoryCleaner-200818/2.0.0.0/Images/ACR-065/WinMend_HistoryCleaner_ LandingPage [2].png","200818/WinMendHistoryCleaner-200818/2.0.0.0/Images/ACR-099/WinMend_HistoryCleaner_ LandingPage [1] .png","200818/WinMendHistoryCleaner-200818/2.0.0.0/Images/ACR-099/WinMend_HistoryCleaner_ LandingPage [2].png","200818/WinMendHistoryCleaner-200818/2.0.0.0/Images/ACR-002/WinMend_HistoryCleaner_ LandingPage [1_].png","200818/WinMendHistoryCleaner-200818/2.0.0.0/Images/ACR-171/WinMend_HistoryCleaner_ OfferPage [2_].png","200818/WinMendHistoryCleaner-200818/2.0.0.0/Images/ACR-065/WinMend_HistoryCleaner_ OfferPage [1].png","200818/WinMendHistoryCleaner-200818/2.0.0.0/Images/ACR-065/WinMend_HistoryCleaner_ OfferPage [2].png","200818/WinMendHistoryCleaner-200818/2.0.0.0/Images/ACR-099/WinMend_HistoryCleaner_ OfferPage [1].png"],"guid":"40de6547-f0c4-4331-8ef8-1eafc34af991_2.0.0.0_1","appID":"WinMendHistoryCleaner-200818","dateAdded":"241127","deceptorType":"App","name":"WinMend History Cleaner ","company":"WinMend.com","version":"2.0.0.0","sigName":"Deceptor:Win32/WinMendHistoryCleaner!043084118164","lastKnownStatus":"2.0.0.0;1.4.2.0","lastKnownDate":"241127","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 8,Windows 7,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2026-05-12T22:59:45.1885886+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":413},{"violations":{"ACR-004":"App presents scan results for free but does not allow user to fix all issues without paying.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"HistoryCleaner.exe","companyName":"WinMend.com","fileVersion":"1.4","hashMD5":"07cfd6c0df13a13f3d792e70f6b01fbe","hashSHA1":"1b4074520661a963a48ac6df326c679a76e97d94","hashSHA256":"5487fbfbc8e430a2c463bf001f52b43d0b0194f99b9312ee790db62f3360e7fe","sourceIndex":"317","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"WinMend-History-Cleaner.exe","isInstaller":"True","companyName":"WinMend.com                                                 ","fileVersion":"0.0","hashMD5":"73c03c89651953d15d7f696ae123ba61","hashSHA1":"b62431fd84091868e293ddfc335c3b7252bdf6fc","hashSHA256":"85983b5ccb02fbad3f5e8ac8cb3452d0b3380f400c2a848f28e3ebec30e2d99a","sourceIndex":"317","avBlockList":["Dr.Web Security Space (20250225)","ESET Internet Security (20250225)","FortectPremium (20250225)","G DATA INTERNET SECURITY (20250225)","K7 Total Security (20250225)","Malwarebytes Premium (20250225)","Panda Dome (20250225)","Quick Heal Internet Security (20250225)","Sophos Home Premium (20250225)","SpyHunter5 (20250225)","VirIT eXplorer PRO (20250225)","Webroot SecureAnywhere (20250225)"],"avAllowList":["360 Total Security (20250225)","Avast Premium Security (20250225)","AVG Internet Security (20250225)","Avira Internet Security (20250225)","Bitdefender Internet Security (20250225)","COMODO Antivirus (20250225)","KasperskyPremium (20250225)","McAfee Total Protection (20250225)","Total AV Antivirus Pro (20250225)","Trend Micro Internet Security (20250225)","VIPRE Advanced Security (20250225)","Windows Defender (20250225)","Norton Security (20250225)"]}],"additionalFiles":[],"sources":[{"howFound":"follow-up search for new version","reference":"","landingPage":"https://www.malavida.com/en/soft/winmend-history-cleaner/download","directDownloadingLink":"https://dw.malavida.com/RDdJVFMrUkpJQzYyV2FpL0s5K3p4cnppT0JVMlFGU2xxT1BIY09QaDhPMFVnT09xaGV6OTdCREs4NnZ2anBmc0ZRWFN1WUtVYktWaGFpRHp/QNkZSanhNWlVVUEFuakNBcmJpOWZld2R6M05pUWY4V1lZSzF4Yi9yRTNHWS9mRXhOc3FTUDlIQWJieUVCeng1YTVpOFN6cjBZNHdpZ2dOU0/tZK0x2a0hoRStML0ttMHRadjN2dHN3eU9yVTZjeExmaElEWXNqeGlUWXFtYm5zSTRZcTNkYVNnNC9pQVhmb0NNZVVUOHpSelF1TkFFWkEvT/VZROUZMZlgzSWVWUTlKU2xycTFONUgySThWTUtNdW1FQ3lZYWN4cGFRanBsdHBZWml3bHRkblhnNDhGYmJhMTFBVHBOK1ExT1ZsTzFiQlc3/UzFYa0c5OXR3Zkw4NnBMNmxjN1B6UFlNd3BBMm01T0lqRk50U1BKeUlmUDlXalV2aUFPcUVDalZDbWpsL0g5QjcyTUMzbHJLYnNka0EwMGF/zVlpQM3RJWk5nOHQzeVZDOFlEbWN4T2grU3NvbFFrR3dRbzdIVEVaSDAzZHF6Q1VTay81cDYreWVVTWwyV1BlTGdIQ20yd2NjendEcVhXN0/ZmVFdGbkRjKzNsTVE2MFV4b3R3Q0lXSTF2UmljM2tCUW1VVVFVL1poZjltaFdFQUp0Mm01UThoUzFvanIwcFoyM2RaVzFWbmllMlhTNnNOV/FdnaXJ1KzNaRm1zQUliNk5sNzJRdHpiQis5S2dacnRLRmdTeDV6a05yNUMxRzBIR3IyODBkd0NFemZXaGc0K2dCSUp1dndvcE5td1l5ZQ==/f66edd025510fa7a","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://dw.malavida.com/RDdJVFMrUkpJQzYyV2FpL0s5K3p4cnppT0JVMlFGU2xxT1BIY09QaDhPMFVnT09xaGV6OTdCREs4NnZ2anBmc0ZRWFN1WUtVYktWaGFpRHp/QNkZSanhNWlVVUEFuakNBcmJpOWZld2R6M05pUWY4V1lZSzF4Yi9yRTNHWS9mRXhOc3FTUDlIQWJieUVCeng1YTVpOFN6cjBZNHdpZ2dOU0/tZK0x2a0hoRStML0ttMHRadjN2dHN3eU9yVTZjeExmaElEWXNqeGlUWXFtYm5zSTRZcTNkYVNnNC9pQVhmb0NNZVVUOHpSelF1TkFFWkEvT/VZROUZMZlgzSWVWUTlKU2xycTFONUgySThWTUtNdW1FQ3lZYWN4cGFRanBsdHBZWml3bHRkblhnNDhGYmJhMTFBVHBOK1ExT1ZsTzFiQlc3/UzFYa0c5OXR3Zkw4NnBMNmxjN1B6UFlNd3BBMm01T0lqRk50U1BKeUlmUDlXalV2aUFPcUVDalZDbWpsL0g5QjcyTUMzbHJLYnNka0EwMGF/zVlpQM3RJWk5nOHQzeVZDOFlEbWN4T2grU3NvbFFrR3dRbzdIVEVaSDAzZHF6Q1VTay81cDYreWVVTWwyV1BlTGdIQ20yd2NjendEcVhXN0/ZmVFdGbkRjKzNsTVE2MFV4b3R3Q0lXSTF2UmljM2tCUW1VVVFVL1poZjltaFdFQUp0Mm01UThoUzFvanIwcFoyM2RaVzFWbmllMlhTNnNOV/FdnaXJ1KzNaRm1zQUliNk5sNzJRdHpiQis5S2dacnRLRmdTeDV6a05yNUMxRzBIR3IyODBkd0NFemZXaGc0K2dCSUp1dndvcE5td1l5ZQ==/f66edd025510fa7a","sourceIndex":"317"}],"sampleFiles":["241127/WinMendHistoryCleaner-200818/1.4.2.0/Samples/HistoryCleaner.exe","241127/WinMendHistoryCleaner-200818/1.4.2.0/Samples/WinMend-History-Cleaner.exe"],"imageFiles":["241127/WinMendHistoryCleaner-200818/1.4.2.0/Images/ACR-004/ACR-004.png"],"nonDeceptorImageFiles":[],"guid":"40de6547-f0c4-4331-8ef8-1eafc34af991_1.4.2.0_1","appID":"WinMendHistoryCleaner-200818","dateAdded":"241127","deceptorType":"App","name":"WinMend History Cleaner ","company":"WinMend.com","version":"1.4.2.0","lastKnownStatus":"2.0.0.0;1.4.2.0","lastKnownDate":"241127","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 10,Windows 11","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2024-11-27T22:59:14.9185431+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":412},{"violations":{"ACR-042":"The files related to the \"EagleGet New tab\" gets dropped even after unchecking the \"Install EagleGet New tab\" option.\n","ACR-043":"The \"Luminati\" related components are dropped before obtaining the user's agree and consent\n","ACR-048":"The app does not provide any control to enable/disable the sharing network connection for money earning feature.\n","ACR-007":"App does not obtain user consent to reduce the consumer's security posture caused by sharing ip/network connection.\n","ACR-084":"On quitting the app completely, one of the processes still runs in the background hiding the fact that it is active from the consumer.\n","ACR-085":"More information is needed for the \"Help us improve EagleGet\" option during install.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains 3rd party components on the device without the consumer's consent or notifying user.\n"},"nonDeceptorViolations":{"ACR-045":"The app does not provide any control to enable/disable the sharing network connection for the money earning feature.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\EagleGet\\EagleGet.exe","companyName":"EagleGet.com","productName":"EagleGet Downloader","productVersion":"2.1.6.70","fileVersion":"2.1.6.70","hashMD5":"8d8aefc2b4d66894bd68ed2dbdc86fe4","hashSHA1":"1025b9dcf7e31e9ecc476071990c36c7cf4a518d","hashSHA256":"7ac390e54c07f2050d8a8952459760d9053662c16b54a13bac392ea675c1c15b","digitalCertThumbprint":"5D46AB1CD0560AEFEF056BA8AD158177280D7E49","digitalCertIssuer":"Go Daddy Secure Certificate Authority - G2","digitalCertIssuedTo":"Beijing Pu Technology Limited","storeId":"","sourceIndex":"1535","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"eagleget_setup.exe","isInstaller":"True","companyName":"EagleGet                                                    ","productName":"EagleGet                                                    ","productVersion":"2.1.6.70            ","fileVersion":"2.1.6.70            ","hashMD5":"69f26e335a173717a64cd3b5458b9897","hashSHA1":"7c5f488dd4da20ab7f98ef5308a358ba5a28dc6d","hashSHA256":"33d92d63e2031bcde9fd355b5a9cb725e9203773cc05f1ceb87de2c08f042ac8","digitalCertThumbprint":"5D46AB1CD0560AEFEF056BA8AD158177280D7E49","digitalCertIssuer":"Go Daddy Secure Certificate Authority - G2","digitalCertIssuedTo":"Beijing Pu Technology Limited","storeId":"","sourceIndex":"1535","avBlockList":["Avast Premium Security (20241128)","AVG Internet Security (20241128)","Avira Internet Security (20241128)","Bitdefender Internet Security (20241128)","ESET Internet Security (20241128)","G DATA INTERNET SECURITY (20241128)","Malwarebytes Premium (20241128)","McAfee Total Protection (20241128)","Norton Security (20241128)","Panda Dome (20241128)","Quick Heal Internet Security (20241128)","Sophos Home Premium (20241128)","SpyHunter5 (20241128)","Total AV Antivirus Pro (20241128)","VIPRE Advanced Security (20241128)","VirIT eXplorer PRO (20241128)","Webroot SecureAnywhere (20241128)","Windows Defender (20241128)","FortectPremium (20241128)","KasperskyPremium (20241128)"],"avAllowList":["360 Total Security (20241128)","COMODO Antivirus (20241128)","Dr.Web Security Space (20241128)","K7 Total Security (20241128)","Kaspersky Internet Security (20220125)","Tencent PC Manager (20220125)","Trend Micro Internet Security (20241128)"]}],"additionalFiles":[],"sources":[{"howFound":"resource sharing SDK bundler","reference":"","landingPage":"https://eagleget.en.softonic.com/download","directDownloadingLink":"https://eagleget.en.softonic.com/download","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://eagleget.en.softonic.com/download","sourceIndex":"1535"}],"sampleFiles":["220112/EagleGet-220107/2.1.6.70/Samples/eagleget_setup.exe"],"imageFiles":["220112/EagleGet-220107/2.1.6.70/Images/ACR-043/ACR-043_Install.JPG","220112/EagleGet-220107/2.1.6.70/Images/ACR-042/ACR-042_Install.JPG","220112/EagleGet-220107/2.1.6.70/Images/ACR-042/ACR-042_Install_1.JPG","220112/EagleGet-220107/2.1.6.70/Images/ACR-085/ACR-085_Install.JPG","220112/EagleGet-220107/2.1.6.70/Images/ACR-084/ACR-084_Software__Process.JPG","220112/EagleGet-220107/2.1.6.70/Images/ACR-048/ACR-048_Software_No_Control.JPG","220112/EagleGet-220107/2.1.6.70/Images/ACR-048/ACR-048_Software_No_Control_1.JPG","220112/EagleGet-220107/2.1.6.70/Images/ACR-007/ACR-007_Software.JPG","220112/EagleGet-220107/2.1.6.70/Images/ACR-007/ACR-007_Software_1.JPG","220112/EagleGet-220107/2.1.6.70/Images/ACR-118/ACR-118_Uninstall.JPG"],"nonDeceptorImageFiles":["220112/EagleGet-220107/2.1.6.70/Images/ACR-045/ACR-045_Software_No_Control.JPG","220112/EagleGet-220107/2.1.6.70/Images/ACR-045/ACR-045_Software_No_Control_1.JPG"],"guid":"315d2e49-5969-4249-8a01-baa89621595c_2.1.6.70_1","appID":"EagleGet-220107","dateAdded":"241127","deceptorType":"App","name":"EagleGet","company":"Beijing Pu Technology Limited","version":"2.1.6.70","sigName":"Deceptor:Win32/EagleGet!043042085084048007118","lastKnownStatus":"2.1.6.70;2.1.6.50","lastKnownDate":"241127","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2024-11-27T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":415},{"violations":{"ACR-048":"The app does not show up in the list of installed apps in the Control Panel, preventing it from being uninstalled easily.\n","ACR-007":"The app does not provide explicit notification when it is running. It also requires a hotkey to open it. These prevent the targeted consumer from being notified or giving informed consent.\n","ACR-084":"The app requires a hotkey to open it  which prevents the targeted consumer from finding it.\n","ACR-086":"The app does not inform the consumer how it transfers data. It also requires a hotkey to open it, which prevents the targeted consumer from understanding what data is collected and transmitted.\n","ACR-116":"The app can't be uninstalled through the Control Panel since it doesn't show up in the list of apps that can be uninstalled.\n"},"nonDeceptorViolations":{"ACR-161":"The app’s landing page has testimonials that have no links back to a source so consumers can verify if they're real.\n","ACR-092":"The application has no signed certificate it is unsigned.\n","ACR-099":"The landing page does not display links to uninstall information. \nThe internal offers page does not display links to uninstall information.\n"},"samples":[{"isRevoked":"False","fileName":"ladmin.exe","companyName":"HeavenWard","fileVersion":"6.20","hashMD5":"5770ef9d74901ddf72d1fb39c29d82fe","hashSHA1":"78b44316997a89d73a04dc345ead250772f9433b","hashSHA256":"37722eea76a929cd6284e9318c171b0b90be66b109040d96456835b33b6f7076","sourceIndex":"1809","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"LLSetup.exe","isInstaller":"True","companyName":"HeavenWard","fileVersion":"6.20","hashMD5":"f28f3f995dc8b31fb7ccb67d10c26623","hashSHA1":"d6d437487af65adc6aad92cb456633764911f539","hashSHA256":"2334445ee2b6b53b1be2908b97d8a9a9555302661ffefd26cbefbe759fdea87b","sourceIndex":"1809","avBlockList":["360 Total Security (20211028)","Avast Premium Security (20211028)","AVG Internet Security (20211028)","Avira Internet Security (20211028)","Bitdefender Internet Security (20211028)","Dr.Web Security Space (20211028)","ESET Internet Security (20211028)","G DATA INTERNET SECURITY (20211028)","K7 Total Security (20211028)","Kaspersky Internet Security (20211028)","Malwarebytes Premium (20211028)","McAfee Total Protection (20211028)","Norton Security (20211028)","Panda Dome (20211028)","Quick Heal Internet Security (20211028)","Sophos Home Premium (20211028)","SpyHunter5 (20211028)","Tencent PC Manager (20211028)","Total AV Antivirus Pro (20211028)","Trend Micro Internet Security (20211028)","VIPRE Advanced Security (20211028)","VirIT eXplorer PRO (20211028)","Webroot SecureAnywhere (20211028)","Windows Defender (20211028)"],"avAllowList":["COMODO Antivirus (20211028)"]},{"isRevoked":"False","fileName":"lmonitor.exe","companyName":"HeavenWard","fileVersion":"6.20","hashMD5":"c4842394b444045b1351d6e723af5df0","hashSHA1":"af18469971fae29c349e805cd3e2676d8c3f5bd4","hashSHA256":"4641655ec2158b4f3660c230eea98096a8126f7977f082148a3421c3cee8021e","sourceIndex":"1809","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"https://www.hwsuite.com/","landingPage":"https://www.hwsuite.com/keylogger/benefits","directDownloadingLink":"https://hwsuite-2021.online/LLSetup.exe?token=1633949403_e6915d3ac5e267396e6f716740d81638637395fc&fileName=LLSetup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://hwsuite-2021.online/LLSetup.exe?token=1633949403_e6915d3ac5e267396e6f716740d81638637395fc&fileName=LLSetup.exe","sourceIndex":"1809"}],"sampleFiles":["211011/LightLoggerKeylogger-200819/6.20.3.1/Samples/ladmin.exe","211011/LightLoggerKeylogger-200819/6.20.3.1/Samples/LLSetup.exe","211011/LightLoggerKeylogger-200819/6.20.3.1/Samples/lmonitor.exe"],"imageFiles":["211011/LightLoggerKeylogger-200819/6.20.3.1/Images/ACR-048/LightLogger Keylogger_ControlPanel [1].png","211011/LightLoggerKeylogger-200819/6.20.3.1/Images/ACR-084/LightLogger Keylogger_Interactions [5].png","211011/LightLoggerKeylogger-200819/6.20.3.1/Images/ACR-084/LightLogger Keylogger_Interactions [7].png","211011/LightLoggerKeylogger-200819/6.20.3.1/Images/ACR-086/LightLogger Keylogger_Interactions [5].png","211011/LightLoggerKeylogger-200819/6.20.3.1/Images/ACR-086/LightLogger Keylogger_Interactions [6].png","211011/LightLoggerKeylogger-200819/6.20.3.1/Images/ACR-086/LightLogger Keylogger_Interactions [7].png","211011/LightLoggerKeylogger-200819/6.20.3.1/Images/ACR-007/LightLogger Keylogger_RunningProcess [1].png","211011/LightLoggerKeylogger-200819/6.20.3.1/Images/ACR-007/LightLogger Keylogger_Interactions [5].png","211011/LightLoggerKeylogger-200819/6.20.3.1/Images/ACR-007/LightLogger Keylogger_Interactions [7].png","211011/LightLoggerKeylogger-200819/6.20.3.1/Images/ACR-116/LightLogger Keylogger_ControlPanel [1].png"],"nonDeceptorImageFiles":["211011/LightLoggerKeylogger-200819/6.20.3.1/Images/ACR-092/LightLogger Keylogger_FileProperty [1].png","211011/LightLoggerKeylogger-200819/6.20.3.1/Images/ACR-092/LightLogger Keylogger_FileProperty [2].png","211011/LightLoggerKeylogger-200819/6.20.3.1/Images/ACR-092/LightLogger Keylogger_FileProperty [3].png","211011/LightLoggerKeylogger-200819/6.20.3.1/Images/ACR-099/LightLogger Keylogger_LandingPage [1].png","211011/LightLoggerKeylogger-200819/6.20.3.1/Images/ACR-161/LightLogger Keylogger_LandingPage [1].png","211011/LightLoggerKeylogger-200819/6.20.3.1/Images/ACR-099/LightLogger Keylogger_OfferPage [1].png"],"guid":"ffa07067-c55b-4ac7-a37a-b3fa120e2c00_6.20.3.1_1","appID":"LightLoggerKeylogger-200819","dateAdded":"241126","deceptorType":"App","name":"LightLogger Keylogger for Parents","company":"HeavenWard","version":"6.20.3.1","sigName":"Deceptor:Win32/LightLoggerKeyloggerforParents!048084086007116","lastKnownStatus":"6.20.2.4;6.20.3.1;6.20.3.0;6.20.2.20","lastKnownDate":"241126","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Adults only","monetization":"paid,up-sell to paid","lastUpdate":"2024-11-26T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":4,"sortOrder":419},{"violations":{"ACR-048":"The app is not able to be deleted from the Control Panel\n","ACR-007":"The app does not provide explicit notification when it is running. It also requires a hotkey to open it. These prevent the targeted consumer from being notified or giving informed consent.\n","ACR-084":"The app requires a hotkey to open it and is saved in a hidden folder, which prevents the targeted consumer from finding it.\n","ACR-086":"The app does not inform the consumer how it transfers data. It also requires a hotkey to open it, which prevents the targeted consumer from understanding what data is collected and transmitted.\n","ACR-116":"The app cannot be uninstalled through Control Panel.\n"},"nonDeceptorViolations":{"ACR-161":"The landing page displays an unverifiable testimonial.\n","ACR-099":"The landing page does not display links to uninstall information. \nThe internal offers page does not display links to uninstall information.\n"},"samples":[{"isRevoked":"False","fileName":"LLSetup.exe","isInstaller":"True","companyName":"HeavenWard","fileVersion":"6.20","hashMD5":"8c595675a085d143207b92daacf4e226","hashSHA1":"7a3f050844d14794e7bfb96c65bdc6a478777272","hashSHA256":"9893409c257474e36ab75738888dcadabed7c2ea04ebe1946196283eac745841","digitalCertThumbprint":"403E281F72B49E00B6936C3C7E32FCC2C03EC19B","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Valery Kuzniatsou, O=Valery Kuzniatsou, STREET=Slobodskaia st. 167-101, L=Minsk, S=Minsk, PostalCode=220025, C=BY","sourceIndex":"2128","avBlockList":["360 Total Security (20250213)","Avast Premium Security (20250213)","AVG Internet Security (20250213)","Avira Internet Security (20250213)","Bitdefender Internet Security (20250213)","COMODO Antivirus (20250213)","Dr.Web Security Space (20250213)","ESET Internet Security (20250213)","G DATA INTERNET SECURITY (20250213)","K7 Total Security (20250213)","Kaspersky Internet Security (20211102)","Malwarebytes Premium (20250213)","McAfee Total Protection (20250213)","Norton Security (20250213)","Panda Dome (20250213)","Quick Heal Internet Security (20250213)","Sophos Home Premium (20250213)","SpyHunter5 (20250213)","Tencent PC Manager (20211102)","Total AV Antivirus Pro (20250213)","Trend Micro Internet Security (20250213)","VIPRE Advanced Security (20250213)","VirIT eXplorer PRO (20250213)","Webroot SecureAnywhere (20250213)","Windows Defender (20250213)","FortectPremium (20250213)","KasperskyPremium (20250213)"],"avAllowList":[]},{"isRevoked":"False","fileName":"ladmin.exe","companyName":"HeavenWard","fileVersion":"6.20","hashMD5":"217e0991ef77600649bbff0d42621583","hashSHA1":"061628802953978d5951979b154492daf20228f7","hashSHA256":"8de9fbe02f6ed7e41a966a90bcdb8879e466d8f2eca7a09c74e72342f3e8022b","sourceIndex":"2128","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Google Search: Windows Keylogger","reference":"https://www.hwsuite.com/","landingPage":"https://www.hwsuite.com/keylogger/benefits","directDownloadingLink":"https://files.hw-2019.info/LLSetup.exe?token=1597833163_e90ae90c89f5d85dcdcee558a1a70333&fileName=LLSetup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://files.hw-2019.info/LLSetup.exe?token=1597833163_e90ae90c89f5d85dcdcee558a1a70333&fileName=LLSetup.exe","sourceIndex":"2128"}],"sampleFiles":["200820/LightLoggerKeylogger-200819/6.20.2.4/Samples/LLSetup.exe","200820/LightLoggerKeylogger-200819/6.20.2.4/Samples/ladmin.exe"],"imageFiles":["200820/LightLoggerKeylogger-200819/6.20.2.4/Images/ACR-048/LightLoggerKeylogger_RunningProcess [2].png","200820/LightLoggerKeylogger-200819/6.20.2.4/Images/ACR-084/LightLoggerKeylogger_Interactions [4] Settings_HotKey.png","200820/LightLoggerKeylogger-200819/6.20.2.4/Images/ACR-084/LightLoggerKeylogger_Logs [1].png","200820/LightLoggerKeylogger-200819/6.20.2.4/Images/ACR-086/LightLoggerKeylogger_Interactions [3] Settings.png","200820/LightLoggerKeylogger-200819/6.20.2.4/Images/ACR-086/LightLoggerKeylogger_Interactions [4] Settings_HotKey.png","200820/LightLoggerKeylogger-200819/6.20.2.4/Images/ACR-007/LightLoggerKeylogger_RunningProcess [1].png","200820/LightLoggerKeylogger-200819/6.20.2.4/Images/ACR-007/LightLoggerKeylogger_Interactions [3] Settings.png","200820/LightLoggerKeylogger-200819/6.20.2.4/Images/ACR-007/LightLoggerKeylogger_Interactions [4] Settings_HotKey.png","200820/LightLoggerKeylogger-200819/6.20.2.4/Images/ACR-116/LightLoggerKeylogger_RunningProcess [2].png"],"nonDeceptorImageFiles":["200820/LightLoggerKeylogger-200819/6.20.2.4/Images/ACR-099/LightLoggerKeylogger_LandingPage [1].png","200820/LightLoggerKeylogger-200819/6.20.2.4/Images/ACR-099/LightLoggerKeylogger_LandingPage [2].png","200820/LightLoggerKeylogger-200819/6.20.2.4/Images/ACR-161/LightLoggerKeylogger_LandingPage [3] Testimonials.png","200820/LightLoggerKeylogger-200819/6.20.2.4/Images/ACR-099/LightLoggerKeylogger_OfferPage [1].png"],"guid":"ffa07067-c55b-4ac7-a37a-b3fa120e2c00_6.20.2.4_1","appID":"LightLoggerKeylogger-200819","dateAdded":"241126","deceptorType":"App","name":"LightLogger Keylogger for Parents","company":"HeavenWard","version":"6.20.2.4","sigName":"Deceptor:Win32/LightLoggerStalkerware!048084086007116","lastKnownStatus":"6.20.2.4;6.20.3.1;6.20.3.0;6.20.2.20","lastKnownDate":"241126","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Adults only","monetization":"paid,up-sell to paid","lastUpdate":"2024-11-26T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":4,"sortOrder":420},{"violations":{"ACR-048":"The app does not show up in the list of installed apps in the Control Panel, preventing it from being uninstalled easily.\n","ACR-007":"The app does not provide explicit notification when it is running. It also requires a hotkey to open it. These prevent the targeted consumer from being notified or giving informed consent.\n","ACR-084":"The app requires a hotkey to open it  which prevents the targeted consumer from finding it.\n","ACR-086":"The app does not inform the consumer how it transfers data. It also requires a hotkey to open it, which prevents the targeted consumer from understanding what data is collected and transmitted.\n","ACR-116":"The app can't be uninstalled through the Control Panel since it doesn't show up in the list of apps that can be uninstalled.\n"},"nonDeceptorViolations":{"ACR-161":"The app’s landing page has testimonials that have no links back to a source so consumers can verify if they're real.\n","ACR-092":"The application has no signed certificate it is unsigned.\n","ACR-099":"The landing page does not display links to uninstall information. \nThe internal offers page does not display links to uninstall information.\n"},"samples":[{"isRevoked":"False","fileName":"ladmin.exe","companyName":"HeavenWard","fileVersion":"6.20","hashMD5":"0f3462f2e1670366a29f4c8e4b19d430","hashSHA1":"990747165a28c8b5e6db974c03ed0e11c8b60f1a","hashSHA256":"3941f3e0ee9f689ad395c594712b18e51099f0b359d099d72c3adebe586423a7","sourceIndex":"1741","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"LLSetup.exe","isInstaller":"True","companyName":"HeavenWard","fileVersion":"6.20","hashMD5":"c705383852dc4da7f4e4175ecc87789a","hashSHA1":"f1e08de8b4981e76b2ccdf38f04f040305c32e4f","hashSHA256":"21a34575c446b037c1d97bd51fb778857d0a225e2e85f013038ea5036be66e86","sourceIndex":"1741","avBlockList":["360 Total Security (20241128)","Avast Premium Security (20241128)","AVG Internet Security (20241128)","Avira Internet Security (20241128)","Bitdefender Internet Security (20241128)","COMODO Antivirus (20241128)","Dr.Web Security Space (20241128)","ESET Internet Security (20241128)","G DATA INTERNET SECURITY (20241128)","K7 Total Security (20241128)","Kaspersky Internet Security (20220113)","Malwarebytes Premium (20241128)","McAfee Total Protection (20241128)","Norton Security (20241128)","Panda Dome (20241128)","Quick Heal Internet Security (20241128)","Sophos Home Premium (20241128)","SpyHunter5 (20241128)","Tencent PC Manager (20220113)","Total AV Antivirus Pro (20241128)","VIPRE Advanced Security (20241128)","VirIT eXplorer PRO (20241128)","Webroot SecureAnywhere (20241128)","Windows Defender (20241128)","FortectPremium (20241128)","KasperskyPremium (20241128)"],"avAllowList":["Trend Micro Internet Security (20241128)"]},{"isRevoked":"False","fileName":"lmonitor.exe","companyName":"HeavenWard","fileVersion":"6.20","hashMD5":"7b2892f8a4fb802fdd3e4562d5bea21b","hashSHA1":"6b3395cc8f666fffadaa2568f1b2aa63b3710c8f","hashSHA256":"ddfd9a6c5340e570ae85ab0c773a63873e2246b9a77a6d616f172d28b445751c","sourceIndex":"1741","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"https://www.hwsuite.com/","landingPage":"https://www.hwsuite.com/keylogger/benefits","directDownloadingLink":"https://hwsuite-2021.online/LLSetup.exe?token=1640607223_f24c861bea549b441d5e4f7cf477761c6e8ccc8e&fileName=LLSetup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://hwsuite-2021.online/LLSetup.exe?token=1640607223_f24c861bea549b441d5e4f7cf477761c6e8ccc8e&fileName=LLSetup.exe","sourceIndex":"1741"}],"sampleFiles":["211231/LightLoggerKeylogger-200819/6.20.3.0/Samples/ladmin.exe","211231/LightLoggerKeylogger-200819/6.20.3.0/Samples/LLSetup.exe","211231/LightLoggerKeylogger-200819/6.20.3.0/Samples/lmonitor.exe"],"imageFiles":["211231/LightLoggerKeylogger-200819/6.20.3.0/Images/ACR-048/LightLogger_ControlPanel [1].png","211231/LightLoggerKeylogger-200819/6.20.3.0/Images/ACR-084/LightLogger_Interactions [3].png","211231/LightLoggerKeylogger-200819/6.20.3.0/Images/ACR-084/LightLogger_Interactions [4].png","211231/LightLoggerKeylogger-200819/6.20.3.0/Images/ACR-086/LightLogger_Interactions [2].png","211231/LightLoggerKeylogger-200819/6.20.3.0/Images/ACR-086/LightLogger_Interactions [3].png","211231/LightLoggerKeylogger-200819/6.20.3.0/Images/ACR-086/LightLogger_Interactions [4].png","211231/LightLoggerKeylogger-200819/6.20.3.0/Images/ACR-007/LightLogger_Interactions [3].png","211231/LightLoggerKeylogger-200819/6.20.3.0/Images/ACR-007/LightLogger_Interactions [4].png","211231/LightLoggerKeylogger-200819/6.20.3.0/Images/ACR-116/LightLogger_ControlPanel [1].png"],"nonDeceptorImageFiles":["211231/LightLoggerKeylogger-200819/6.20.3.0/Images/ACR-092/LightLogger_FileProperty [1].png","211231/LightLoggerKeylogger-200819/6.20.3.0/Images/ACR-092/LightLogger_FileProperty [2].png","211231/LightLoggerKeylogger-200819/6.20.3.0/Images/ACR-092/LightLogger_FileProperty [3].png","211231/LightLoggerKeylogger-200819/6.20.3.0/Images/ACR-099/LightLogger_LandingPage [1].png","211231/LightLoggerKeylogger-200819/6.20.3.0/Images/ACR-161/LightLogger_LandingPage [2].png","211231/LightLoggerKeylogger-200819/6.20.3.0/Images/ACR-099/LightLogger_OfferPage [1].png"],"guid":"ffa07067-c55b-4ac7-a37a-b3fa120e2c00_6.20.3.0_1","appID":"LightLoggerKeylogger-200819","dateAdded":"241126","deceptorType":"App","name":"LightLogger Keylogger for Parents","company":"HeavenWard","version":"6.20.3.0","lastKnownStatus":"6.20.2.4;6.20.3.1;6.20.3.0;6.20.2.20","lastKnownDate":"241126","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Adults only","monetization":"paid,up-sell to paid","lastUpdate":"2024-11-26T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":4,"sortOrder":418},{"violations":{"ACR-048":"The app does not show up in the list of installed apps in the Control Panel, preventing it from being uninstalled easily.\n","ACR-007":"App requires hotkey to open and does not indicate to user that it is running in the background. These prevent the targeted consumer from being notified or giving informed consent.\n","ACR-084":"1. The app requires a hotkey to open it which prevents the targeted consumer from finding it.\n\n2. Does not appear in systray, even when the app is running in the background, so user cannot tell if it is running.\n","ACR-085":"Keylogger may potentially collect sensitive information from users and stores collected data in non-encrypted plaintext files. \n\nApp requires hotkey to open and does not indicate to user that it is running in the background. These prevent the targeted consumer from being notified or giving informed consent.\n","ACR-086":"App requires hotkey to open and does not indicate to user that it is running in the background, meaning the targeted consumer has no idea that their data is being collected.\n","ACR-116":"The app can't be uninstalled through the Control Panel since it doesn't show up in the list of apps that can be uninstalled.\n"},"nonDeceptorViolations":{"ACR-161":"The app’s landing page has testimonials that have no links back to a source so consumers can verify if they're real.\n"},"samples":[{"isRevoked":"False","fileName":"LLSetup.exe","isInstaller":"True","companyName":"HeavenWard","fileVersion":"6.20","hashMD5":"8c595675a085d143207b92daacf4e226","hashSHA1":"7a3f050844d14794e7bfb96c65bdc6a478777272","hashSHA256":"9893409c257474e36ab75738888dcadabed7c2ea04ebe1946196283eac745841","digitalCertThumbprint":"403E281F72B49E00B6936C3C7E32FCC2C03EC19B","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Valery Kuzniatsou, O=Valery Kuzniatsou, STREET=Slobodskaia st. 167-101, L=Minsk, S=Minsk, PostalCode=220025, C=BY","sourceIndex":"334","avBlockList":["360 Total Security (20250213)","Avast Premium Security (20250213)","AVG Internet Security (20250213)","Avira Internet Security (20250213)","Bitdefender Internet Security (20250213)","COMODO Antivirus (20250213)","Dr.Web Security Space (20250213)","ESET Internet Security (20250213)","G DATA INTERNET SECURITY (20250213)","K7 Total Security (20250213)","Kaspersky Internet Security (20211102)","Malwarebytes Premium (20250213)","McAfee Total Protection (20250213)","Norton Security (20250213)","Panda Dome (20250213)","Quick Heal Internet Security (20250213)","Sophos Home Premium (20250213)","SpyHunter5 (20250213)","Tencent PC Manager (20211102)","Total AV Antivirus Pro (20250213)","Trend Micro Internet Security (20250213)","VIPRE Advanced Security (20250213)","VirIT eXplorer PRO (20250213)","Webroot SecureAnywhere (20250213)","Windows Defender (20250213)","FortectPremium (20250213)","KasperskyPremium (20250213)"],"avAllowList":[]},{"isRevoked":"False","fileName":"lmonitor.exe","companyName":"HeavenWard","fileVersion":"6.20","hashMD5":"32afc09e040ebe58bf3591aefeaee98d","hashSHA1":"d6ed898d60f850e0abd0ab2de38c1e40c1289ae7","hashSHA256":"f2b362b2a72d118c7f1088e75bbb7cf56b395280085dad3023bdbbdb1a099900","sourceIndex":"334","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Follow-up on old deceptors","reference":"https://www.hwsuite.com/","landingPage":"https://www.hwsuite.com/keylogger/benefits","directDownloadingLink":"https://hwsuiteshop.cloud/LLSetup.exe?token=","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://hwsuiteshop.cloud/LLSetup.exe?token=","sourceIndex":"334"}],"sampleFiles":["241126/LightLoggerKeylogger-200819/6.20.2.20/Samples/LLSetup.exe","241126/LightLoggerKeylogger-200819/6.20.2.20/Samples/lmonitor.exe"],"imageFiles":["241126/LightLoggerKeylogger-200819/6.20.2.20/Images/ACR-048/uninstall.png","241126/LightLoggerKeylogger-200819/6.20.2.20/Images/ACR-084/hotkey.png","241126/LightLoggerKeylogger-200819/6.20.2.20/Images/ACR-084/systray.png","241126/LightLoggerKeylogger-200819/6.20.2.20/Images/ACR-086/hotkey.png","241126/LightLoggerKeylogger-200819/6.20.2.20/Images/ACR-086/systray.png","241126/LightLoggerKeylogger-200819/6.20.2.20/Images/ACR-085/systray.png","241126/LightLoggerKeylogger-200819/6.20.2.20/Images/ACR-085/hotkey.png","241126/LightLoggerKeylogger-200819/6.20.2.20/Images/ACR-085/plaintext.png","241126/LightLoggerKeylogger-200819/6.20.2.20/Images/ACR-007/hotkey.png","241126/LightLoggerKeylogger-200819/6.20.2.20/Images/ACR-007/systray.png","241126/LightLoggerKeylogger-200819/6.20.2.20/Images/ACR-116/uninstall.png"],"nonDeceptorImageFiles":["241126/LightLoggerKeylogger-200819/6.20.2.20/Images/ACR-161/testimonials.png"],"guid":"ffa07067-c55b-4ac7-a37a-b3fa120e2c00_6.20.2.20_1","appID":"LightLoggerKeylogger-200819","dateAdded":"241126","deceptorType":"App","name":"LightLogger Keylogger for Parents","company":"HeavenWard","version":"6.20.2.20","lastKnownStatus":"6.20.2.4;6.20.3.1;6.20.3.0;6.20.2.20","lastKnownDate":"241126","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Adults only","monetization":"paid,up-sell to paid","lastUpdate":"2026-05-12T22:59:44.4944019+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":4,"sortOrder":417},{"violations":{"ACR-048":"Installation can't be cancelled by standard platform interface.\nApplication doesn't allow user to cancel the service collecting user data immediately. The collecting data status is always on until uninstall the application\n","ACR-007":"Application doesn't provides explicit notification to all affected user (different login user) and obtains informed user consent when reducing the default safety related with different user.\n","ACR-084":"1. After installing, the application running in background and being active in systray with without notifying user. 2. The application doesn't show notification when a different user login system. The app is hiding from all the users affected, however collecting the data from those users.\n","ACR-118":"Application leaves an important executable even after application uninstallation completes.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"po_setup_EN.exe","isInstaller":"True","companyName":"VoiceFive, Inc                                              ","fileVersion":"1.1","hashMD5":"a6af840731a9ecdd1950a7cdcc528096","hashSHA1":"a03bc0208b50b701f82e6114066769cffb8d3c93","hashSHA256":"92865f427dc8aa061d25a15965bdffe94c25dd44d2ad1905fb86ff48d2f96031","digitalCertThumbprint":"D7EED9A7BD1542798341A10D5FDAEEF9A9E94B11","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"VOICEFIVE, INC.\", O=\"VOICEFIVE, INC.\", L=Reston, S=Virginia, C=US","sourceIndex":"341","avBlockList":["360 Total Security (20250213)","Avast Premium Security (20250213)","AVG Internet Security (20250213)","Avira Internet Security (20250213)","Bitdefender Internet Security (20250213)","COMODO Antivirus (20250213)","Dr.Web Security Space (20250213)","ESET Internet Security (20250213)","FortectPremium (20250213)","G DATA INTERNET SECURITY (20250213)","K7 Total Security (20250213)","KasperskyPremium (20250213)","Malwarebytes Premium (20250213)","McAfee Total Protection (20250213)","Norton Security (20250213)","Panda Dome (20250213)","Quick Heal Internet Security (20250213)","Sophos Home Premium (20250213)","SpyHunter5 (20250213)","Total AV Antivirus Pro (20250213)","VIPRE Advanced Security (20250213)","VirIT eXplorer PRO (20250213)","Webroot SecureAnywhere (20250213)"],"avAllowList":["Trend Micro Internet Security (20250213)","Windows Defender (20250213)"]},{"isRevoked":"False","fileName":"pmropn.exe","companyName":"VoiceFive, Inc.","fileVersion":"1.3","hashMD5":"f27f98c1a877f9ca6f06c23bed4014ca","hashSHA1":"25a231319659c30d6f86a5c9cdd1747d7c471542","hashSHA256":"1ed47933c9f33c4860ecc0bf1ba7525212aa00054037a9a51a8d8f5ce3b821bd","digitalCertThumbprint":"D7EED9A7BD1542798341A10D5FDAEEF9A9E94B11","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"VOICEFIVE, INC.\", O=\"VOICEFIVE, INC.\", L=Reston, S=Virginia, C=US","sourceIndex":"341","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"pmropn32.exe","companyName":"VoiceFive, Inc.","fileVersion":"1.0","hashMD5":"6e4d6b68e9565c4cc7791b00c2094ff9","hashSHA1":"965a00a5a8bb05b35fbaa357951779ea3b71e392","hashSHA256":"65d6f18e1b366aff5343c3f6628041329e7c1375d18ba57076b19bf5f48bc483","digitalCertThumbprint":"D7EED9A7BD1542798341A10D5FDAEEF9A9E94B11","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"VOICEFIVE, INC.\", O=\"VOICEFIVE, INC.\", L=Reston, S=Virginia, C=US","sourceIndex":"341","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"pmropn64.exe","companyName":"VoiceFive, Inc.","fileVersion":"1.0","hashMD5":"ae5bbcc69b05359d0d5cc72ca6a1262e","hashSHA1":"6843bd883d50216be44065411a983a4bcccdcc91","hashSHA256":"12bfd1007634138b22c56ead24db02a1fe3a4d4b7fe04d30cd07a0ff5d4c8425","digitalCertThumbprint":"D7EED9A7BD1542798341A10D5FDAEEF9A9E94B11","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"VOICEFIVE, INC.\", O=\"VOICEFIVE, INC.\", L=Reston, S=Virginia, C=US","sourceIndex":"341","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"pmservice.exe","companyName":"VoiceFive, Inc.","fileVersion":"1.1","hashMD5":"4ef95918e313c7ca01084629416fc714","hashSHA1":"5bdaba6920d3f4d1f8ea47ce693276530b5f2a9c","hashSHA256":"303707068aab06ab0341178558c28ce1670d10f16c39522859c4f21097a87ee9","digitalCertThumbprint":"D7EED9A7BD1542798341A10D5FDAEEF9A9E94B11","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"VOICEFIVE, INC.\", O=\"VOICEFIVE, INC.\", L=Reston, S=Virginia, C=US","sourceIndex":"341","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"pmls.dll","companyName":"VoiceFive, Inc.","fileVersion":"4.0","hashMD5":"50a0c6c01cdc5d2690ccd1f1541f6670","hashSHA1":"c5e017a468efb70eabb1f861784edac62acb0e17","hashSHA256":"f9a853830949bb22d6f4d128d71a0ab923d9b5549c0dc8785c7de7d1a4eabf99","digitalCertThumbprint":"D7EED9A7BD1542798341A10D5FDAEEF9A9E94B11","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"VOICEFIVE, INC.\", O=\"VOICEFIVE, INC.\", L=Reston, S=Virginia, C=US","sourceIndex":"341","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"pmls64.dll","companyName":"VoiceFive, Inc.","fileVersion":"4.0","hashMD5":"aa56cb7fd83150c3a75cd6a0de97eb78","hashSHA1":"34415c5c8e57cfe9a7b4a498eacfe1403f3191ec","hashSHA256":"034e066829d28bbc81604250f6df721a35ab1c0898ab82bef6305ffada240765","digitalCertThumbprint":"D7EED9A7BD1542798341A10D5FDAEEF9A9E94B11","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"VOICEFIVE, INC.\", O=\"VOICEFIVE, INC.\", L=Reston, S=Virginia, C=US","sourceIndex":"341","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"RelevantKnowledge","reference":"","landingPage":"","directDownloadingLink":"https://www.premieropinion.com/Download/po_setup_EN.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.premieropinion.com/Download/po_setup_EN.exe","sourceIndex":"341"}],"sampleFiles":["241126/PremierOpinion-241126/1.3.340.310/Samples/po_setup_EN.exe"],"imageFiles":["241126/PremierOpinion-241126/1.3.340.310/Images/ACR-048/ACR-048.png","241126/PremierOpinion-241126/1.3.340.310/Images/ACR-007/ACR-007.png","241126/PremierOpinion-241126/1.3.340.310/Images/ACR-084/ACR-084.png","241126/PremierOpinion-241126/1.3.340.310/Images/ACR-048/ACR-048-2.png","241126/PremierOpinion-241126/1.3.340.310/Images/ACR-118/ACR-118_Uninstall_1.png"],"nonDeceptorImageFiles":[],"guid":"cd139684-ebcf-45cf-af6b-71c4cc498940_1.3.340.310_1","appID":"PremierOpinion-241126","dateAdded":"241126","deceptorType":"App","name":"PremierOpinion","company":"VOICEFIVE, INC","version":"1.3.340.310","lastKnownStatus":"1.3.340.310","lastKnownDate":"241126","type":"Windows Executable","category":"Personalization & Search","targetOS":"Windows 7,Windows 8,Windows 10,Windows 11","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"net proxy","lastUpdate":"2024-11-26T23:31:24.9549236+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":416},{"violations":{"ACR-042":"The app drops an expired Trusted Root Certificate (.crt file) without obtaining the consumer's permission through explicit user action. \n","ACR-043":"1. The app drops an expired Trusted Root Certificate without disclosing it.\n2. 'Open VPN' components are installed without disclosing it. \n","ACR-107":"Application misses the relevant license information about open source project used \"OpenVPN\".\n","ACR-048":"The app does not provide any control to enable/disable the startup that it created and to remove the background process completely within the app's settings.\n","ACR-007":"The app does not obtain user consent to reduce the consumer's security posture caused by dropping a trust root certificate.\n","ACR-084":"1. The app creates undisclosed startup to perform actions without the consumer's knowledge and consent. \n2. On closing the app, the processes \"BartVPN.exe\" and \"BartVPNService.exe\" runs silently in the background, hiding the fact that it is active from the consumer.\n","ACR-014":"The app misleads by stating \"UnProtected Network\" in a big-sized font inside the software, even though another VPN (tunnel bear) is connected and running.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"file.exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"9dc3ae10a3ea4b6f2ebc076dfb1225ab","hashSHA1":"478f4da35ff4489a85e56f2b40f151c809bec43b","hashSHA256":"3b7d7eaa4a437c88280fdd3db7440961fa92b043e00fcf13af78177058da7d28","digitalCertThumbprint":"D48247B7A91894D3661C9AE0B02BE7304767F760","digitalCertIssuer":"CN=DigiCert Assured ID Code Signing CA-1, OU=www.digicert.com, O=DigiCert Inc, C=US","digitalCertIssuedTo":"CN=Red Sky Sp. z o.o., O=Red Sky Sp. z o.o., L=Szczecin, S=Zachodniopomorskie, C=PL","sourceIndex":"355","avBlockList":["Avast Premium Security (20250213)","AVG Internet Security (20250213)","Avira Internet Security (20250213)","Dr.Web Security Space (20250213)","ESET Internet Security (20250213)","FortectPremium (20250213)","G DATA INTERNET SECURITY (20250213)","Malwarebytes Premium (20250213)","McAfee Total Protection (20250213)","Norton Security (20250213)","Panda Dome (20250213)","Quick Heal Internet Security (20250213)","Sophos Home Premium (20250213)","SpyHunter5 (20250213)","Total AV Antivirus Pro (20250213)","VirIT eXplorer PRO (20250213)","Webroot SecureAnywhere (20250213)"],"avAllowList":["360 Total Security (20250213)","Bitdefender Internet Security (20250213)","COMODO Antivirus (20250213)","K7 Total Security (20250213)","KasperskyPremium (20250213)","Trend Micro Internet Security (20250213)","VIPRE Advanced Security (20250213)","Windows Defender (20250213)"]},{"isRevoked":"False","fileName":"NetCategoryChecker.exe","companyName":"Red Sky","fileVersion":"1.0","hashMD5":"cc94a2edc91ede596cfacac78edd15f9","hashSHA1":"e7d474428222aabd469a114f7d84dea062bc3489","hashSHA256":"b92bc7d9530162ae4da1e2b734bba79604d8c82f4512b95dc59dad12c2a08bc7","sourceIndex":"355","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"BartVPN.exe","companyName":"RedSky Sp. z o.o.","fileVersion":"1.0","hashMD5":"c9e38f69f02a244b4755c08d8c27fd7c","hashSHA1":"4c1ad52ce494693965df7f6f2dd475fa3107fc06","hashSHA256":"27820cfb44a87251600cb50d1f90750cc4c94d6c28e22cfb325961ca1afdac12","digitalCertThumbprint":"D48247B7A91894D3661C9AE0B02BE7304767F760","digitalCertIssuer":"CN=DigiCert Assured ID Code Signing CA-1, OU=www.digicert.com, O=DigiCert Inc, C=US","digitalCertIssuedTo":"CN=Red Sky Sp. z o.o., O=Red Sky Sp. z o.o., L=Szczecin, S=Zachodniopomorskie, C=PL","sourceIndex":"355","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"BartVPNService.exe","fileVersion":"0.0","hashMD5":"269ed8e5b4cee12b4d692eb216c9fcc4","hashSHA1":"845de919ec221f1edeec377d49ddb15dce86bce9","hashSHA256":"2a65ff065d33080d53827fc70ed266166a2c8af10e58086d2d22555279ab076e","digitalCertThumbprint":"D48247B7A91894D3661C9AE0B02BE7304767F760","digitalCertIssuer":"CN=DigiCert Assured ID Code Signing CA-1, OU=www.digicert.com, O=DigiCert Inc, C=US","digitalCertIssuedTo":"CN=Red Sky Sp. z o.o., O=Red Sky Sp. z o.o., L=Szczecin, S=Zachodniopomorskie, C=PL","sourceIndex":"355","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"BartVPNToolbar.exe","companyName":"BartVPN Toolbar                                             ","fileVersion":"0.0","hashMD5":"e651c71efac34a0928ca2c0a949a7df5","hashSHA1":"c62dd4b70df14b547cd2bee29b520562d8d08875","hashSHA256":"8208de60d798ba8ff19a71d22ba785af0f3d3d33be2b76fed84c240173e3b3e2","digitalCertThumbprint":"7966D010108863CC1ED6F5681ED8018F8CAC47B1","digitalCertIssuer":"CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Simply Tech Ltd, O=Simply Tech Ltd, STREET=10 Zarhin street, L=Raanana, S=Raanana, PostalCode=43662, C=IL","sourceIndex":"355","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on VPN app","reference":"","landingPage":"","directDownloadingLink":"https://en.softonic.com/download/bartvpn/windows/post-download","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://en.softonic.com/download/bartvpn/windows/post-download","sourceIndex":"355"}],"sampleFiles":["241119/bartvpn-220621/0.5.479/Samples/file.exe"],"imageFiles":["241119/bartvpn-220621/0.5.479/Images/ACR-043/ACR-043_Install_1.png","241119/bartvpn-220621/0.5.479/Images/ACR-107/ACR-107_Install_1.png","241119/bartvpn-220621/0.5.479/Images/ACR-042/ACR-042_Install_1.png","241119/bartvpn-220621/0.5.479/Images/ACR-007/ACR-007_Install_1.png","241119/bartvpn-220621/0.5.479/Images/ACR-084/ACR-084_Software_1.JPG","241119/bartvpn-220621/0.5.479/Images/ACR-084/ACR-084_Software_2.png","241119/bartvpn-220621/0.5.479/Images/ACR-048/ACR-048_Software_1.JPG","241119/bartvpn-220621/0.5.479/Images/ACR-048/ACR-048_Software_2.png","241119/bartvpn-220621/0.5.479/Images/ACR-014/ACR-014_Software.JPG","241119/bartvpn-220621/0.5.479/Images/ACR-014/ACR-014_Software_1.JPG"],"nonDeceptorImageFiles":[],"guid":"8f7d9c42-965a-49d8-8c34-3c714a8eee64_0.5.479_1","appID":"bartvpn-220621","dateAdded":"241119","deceptorType":"App","name":"BartVPN","company":"RedSky Sp. z o.o.","version":"0.5.479","lastKnownStatus":"1.1.606;0.5.479","lastKnownDate":"241119","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows 7,Windows Vista,Windows 10,Windows 8","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2024-11-19T22:05:54.3413064+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":421},{"violations":{"ACR-042":"The app drops an expired Trusted Root Certificate (.crt file) without obtaining the consumer's permission through explicit user action. \n","ACR-043":"1. The app drops an expired Trusted Root Certificate without disclosing it.\n2. 'Open VPN' components are installed without disclosing it. \n","ACR-107":"Application misses the relevant license information about open source project used \"OpenVPN\".\n","ACR-048":"The app does not provide any control to enable/disable the startup that it created and to remove the background process completely within the app's settings.\n","ACR-007":"The app does not obtain user consent to reduce the consumer's security posture caused by dropping a trust root certificate.\n","ACR-084":"1. The app creates undisclosed startup to perform actions without the consumer's knowledge and consent. \n2. On closing the app, the processes \"BartVPN.exe\" and \"BartVPNService.exe\" runs silently in the background, hiding the fact that it is active from the consumer.\n","ACR-014":"The app misleads by stating \"UnProtected Network\" in a big-sized font inside the software, even though another VPN (tunnel bear) is connected and running.\n"},"nonDeceptorViolations":{"ACR-040":"The app installs all files to a default hidden folder  <C:\\Users\\User\\AppData\\Local\\BartVPN> instead of the standard location.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Users\\User\\AppData\\Local\\BartVPN\\BartVPN.exe","companyName":"RedSky Sp. z o.o.","productName":"BartVPN","productVersion":"1.0","fileVersion":"1.1.606","hashMD5":"444ddf1a756e83b8e1422d53ccdeae7d","hashSHA1":"90aec169a657216ea76381a0e4c4743c64a498d3","hashSHA256":"cd584051e32635b6165fb7c60d6da13f7c5bf777bd0536028a1a9b2a908ea08d","digitalCertThumbprint":"7077710A2B487A2623A31E21026CAE020BE62708","digitalCertIssuer":"COMODO Code Signing CA 2","digitalCertIssuedTo":"Red Sky Sp. z o.o.","storeId":"","sourceIndex":"1552","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Users\\User\\AppData\\Local\\BartVPN\\BartVPNService.exe","companyName":"","productName":"","productVersion":"","fileVersion":"","hashMD5":"d2d7fa2966d464ec5adbeb9363a2fe86","hashSHA1":"5cec89e0f4464c109e93ffe391a463bf907e4ddb","hashSHA256":"0570b639755a8252715cee1e2cc1b0bb8412737d1c5afbd275be14594250ad79","digitalCertThumbprint":"7077710A2B487A2623A31E21026CAE020BE62708","digitalCertIssuer":"COMODO Code Signing CA 2","digitalCertIssuedTo":"Red Sky Sp. z o.o.","storeId":"","sourceIndex":"1552","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"BartVPN.exe","isInstaller":"True","companyName":"","productName":"","productVersion":"","fileVersion":"","hashMD5":"3f72dca3271628ca28abaada6901bd37","hashSHA1":"886e6b0b21c1898bab05bc4712cbf746eb936bd3","hashSHA256":"d0112957c54eae62f9361e94578065a1756fa36a5cd746f6df0be4880e79bda9","digitalCertThumbprint":"7077710A2B487A2623A31E21026CAE020BE62708","digitalCertIssuer":"COMODO Code Signing CA 2","digitalCertIssuedTo":"Red Sky Sp. z o.o.","storeId":"","sourceIndex":"1552","avBlockList":["Avast Premium Security (20241121)","AVG Internet Security (20241121)","Avira Internet Security (20241121)","Bitdefender Internet Security (20241121)","COMODO Antivirus (20241121)","Dr.Web Security Space (20241121)","G DATA INTERNET SECURITY (20241121)","K7 Total Security (20241121)","Malwarebytes Premium (20241121)","McAfee Total Protection (20241121)","Norton Security (20241121)","Panda Dome (20241121)","Quick Heal Internet Security (20241121)","Sophos Home Premium (20241121)","SpyHunter5 (20241121)","Total AV Antivirus Pro (20241121)","VIPRE Advanced Security (20241121)","VirIT eXplorer PRO (20241121)","Webroot SecureAnywhere (20241121)","Windows Defender (20241121)","FortectPremium (20241121)"],"avAllowList":["360 Total Security (20241121)","ESET Internet Security (20241121)","Kaspersky Internet Security (20220721)","Tencent PC Manager (20220721)","Trend Micro Internet Security (20241121)","KasperskyPremium (20241121)"]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on VPN app","reference":"","landingPage":"","directDownloadingLink":"https://www.softpedia.com/dyn-postdownload.php/0d91a4e441b8dfb8c442e20e544f67ac/62b197f8/3731e/4/1","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.softpedia.com/dyn-postdownload.php/0d91a4e441b8dfb8c442e20e544f67ac/62b197f8/3731e/4/1","sourceIndex":"1552"}],"sampleFiles":["220621/bartvpn-220621/1.1.606/Samples/BartVPN.exe"],"imageFiles":["220621/bartvpn-220621/1.1.606/Images/ACR-043/ACR-043_Install.JPG","220621/bartvpn-220621/1.1.606/Images/ACR-043/ACR-043_Install_1.JPG","220621/bartvpn-220621/1.1.606/Images/ACR-107/ACR-107_Install.JPG","220621/bartvpn-220621/1.1.606/Images/ACR-042/ACR-042_Install.JPG","220621/bartvpn-220621/1.1.606/Images/ACR-007/ACR-007_Install.JPG","220621/bartvpn-220621/1.1.606/Images/ACR-084/ACR-084_Software.JPG","220621/bartvpn-220621/1.1.606/Images/ACR-084/ACR-084_Software_1.JPG","220621/bartvpn-220621/1.1.606/Images/ACR-048/ACR-048_Software.JPG","220621/bartvpn-220621/1.1.606/Images/ACR-048/ACR-048_Software_1.JPG","220621/bartvpn-220621/1.1.606/Images/ACR-014/ACR-014_Software.JPG","220621/bartvpn-220621/1.1.606/Images/ACR-014/ACR-014_Software_1.JPG"],"nonDeceptorImageFiles":["220621/bartvpn-220621/1.1.606/Images/ACR-040/ACR-040_Install.JPG"],"guid":"8f7d9c42-965a-49d8-8c34-3c714a8eee64_1.1.606_1","appID":"bartvpn-220621","dateAdded":"241119","deceptorType":"App","name":"BartVPN","company":"RedSky Sp. z o.o.","version":"1.1.606","lastKnownStatus":"1.1.606;0.5.479","lastKnownDate":"241119","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows 7,Windows Vista,Windows 10,Windows 8","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2024-11-19T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":422},{"violations":{"ACR-048":"Installation can't be cancelled by standard platform interface.\n","ACR-007":"Application doesn't provides explicit notification to all affected user (different login user) and obtains informed user consent when reducing the default safety related with different user.\n","ACR-084":"1. After installing, the application running in background and being active in systray with without notifying user. \n2. The application doesn't show notification when a different user login system. The app is hiding from all the users affected, however collecting the data from those users.\n","ACR-118":"Application leaves an important executable even after application uninstallation completes.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"rs_setup_en.exe","isInstaller":"True","companyName":"Creative Knowledge, Inc.                                    ","fileVersion":"1.2","hashMD5":"ab7994d727eaa377a5cc368d6c94dadd","hashSHA1":"df4368211d2eaab8932d43f58beeed5a0d65d66f","hashSHA256":"77cd41b9798e2603706aa0dde2aef42897b5c871e942d832c1ac51cd7a4fa99a","digitalCertThumbprint":"FBBADE4E00FE36655AAA0304BA6B8E3CC247CD4D","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=\"CREATIVE KNOWLEDGE, INC\", O=\"CREATIVE KNOWLEDGE, INC\", L=Reston, S=Virginia, C=US, SERIALNUMBER=3959765, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.2=Delaware, OID.1.3.6.1.4.1.311.60.2.1.3=US","sourceIndex":"440","avBlockList":["Avast Premium Security (20241105)","AVG Internet Security (20241105)","Avira Internet Security (20241105)","FortectPremium (20241105)","G DATA INTERNET SECURITY (20241105)","K7 Total Security (20241105)","Malwarebytes Premium (20241105)","McAfee Total Protection (20241105)","Norton Security (20241105)","Panda Dome (20241105)","Quick Heal Internet Security (20241105)","Sophos Home Premium (20241105)","SpyHunter5 (20241105)","Total AV Antivirus Pro (20241105)","VirIT eXplorer PRO (20241105)","Webroot SecureAnywhere (20241105)"],"avAllowList":["360 Total Security (20241105)","Bitdefender Internet Security (20241105)","COMODO Antivirus (20241105)","Dr.Web Security Space (20241105)","ESET Internet Security (20241105)","KasperskyPremium (20241105)","Trend Micro Internet Security (20241105)","VIPRE Advanced Security (20241105)","Windows Defender (20241105)"]},{"isRevoked":"False","fileName":"rsinstaller.exe","isInstaller":"True","companyName":"Creative Knowledge, Inc.","fileVersion":"1.1","hashMD5":"493f2cb726f62b342e3284dc462bb07c","hashSHA1":"b0007fdce1f2edbf741f75d03ff2d25bc8b5de61","hashSHA256":"8bb86fad1d959282132ce94604bb56f85cb349a0a1b8f3273b0ec693fdc7f1f1","digitalCertThumbprint":"FBBADE4E00FE36655AAA0304BA6B8E3CC247CD4D","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=\"CREATIVE KNOWLEDGE, INC\", O=\"CREATIVE KNOWLEDGE, INC\", L=Reston, S=Virginia, C=US, SERIALNUMBER=3959765, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.2=Delaware, OID.1.3.6.1.4.1.311.60.2.1.3=US","sourceIndex":"440","avBlockList":["Avast Premium Security (20241107)","AVG Internet Security (20241107)","Avira Internet Security (20241107)","FortectPremium (20241107)","G DATA INTERNET SECURITY (20241107)","K7 Total Security (20241107)","KasperskyPremium (20241107)","Malwarebytes Premium (20241107)","McAfee Total Protection (20241107)","Norton Security (20241107)","Panda Dome (20241107)","Quick Heal Internet Security (20241107)","Sophos Home Premium (20241107)","SpyHunter5 (20241107)","Total AV Antivirus Pro (20241107)","Trend Micro Internet Security (20241107)","VirIT eXplorer PRO (20241107)","Webroot SecureAnywhere (20241107)"],"avAllowList":["360 Total Security (20241107)","Bitdefender Internet Security (20241107)","COMODO Antivirus (20241107)","Dr.Web Security Space (20241107)","ESET Internet Security (20241107)","VIPRE Advanced Security (20241107)","Windows Defender (20241107)"]},{"isRevoked":"False","fileName":"RSNativeHostApp.exe","companyName":"Creative Knowledge, Inc.","fileVersion":"1.1","hashMD5":"f561f403b8e2a5ab26be8ed58942b687","hashSHA1":"0b02947a12b686925cd32ba61ecab2e8c05fab7a","hashSHA256":"bf6abd77b226076ebee67ac512b6d6ae1e495b473c39b2a1a39e7587b8707610","digitalCertThumbprint":"FBBADE4E00FE36655AAA0304BA6B8E3CC247CD4D","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=\"CREATIVE KNOWLEDGE, INC\", O=\"CREATIVE KNOWLEDGE, INC\", L=Reston, S=Virginia, C=US, SERIALNUMBER=3959765, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.2=Delaware, OID.1.3.6.1.4.1.311.60.2.1.3=US","sourceIndex":"440","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"rssvc.exe","companyName":"Creative Knowledge, Inc.","fileVersion":"1.1","hashMD5":"97b1efd915813a8d24832ea0b276bc4a","hashSHA1":"0f3e1c1f294686785e87cc3fde1841b26bf2ad59","hashSHA256":"f2129754aa4cfd419b746277a8b95306b78a5a42320b5e12b3d800642f96734c","digitalCertThumbprint":"FBBADE4E00FE36655AAA0304BA6B8E3CC247CD4D","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=\"CREATIVE KNOWLEDGE, INC\", O=\"CREATIVE KNOWLEDGE, INC\", L=Reston, S=Virginia, C=US, SERIALNUMBER=3959765, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.2=Delaware, OID.1.3.6.1.4.1.311.60.2.1.3=US","sourceIndex":"440","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"com.researchsecure.json","fileVersion":"0.","hashMD5":"3711c243215a1b57100c8f7bc0a103ca","hashSHA1":"1eab77a75626b0a1f6a196fa862242a2a35377c5","hashSHA256":"b47a4d3de21ad9669f5633cc203032b42140aef30bce8549fe209dca371fdccb","sourceIndex":"440","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"","landingPage":"https://www.researchsecure.com/home#about","directDownloadingLink":"https://www.researchsecure.com/download/rs_setup_en.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.researchsecure.com/download/rs_setup_en.exe","sourceIndex":"440"}],"sampleFiles":["241030/ResearchSecure-241030/1.2/Samples/rs_setup_en.exe","241030/ResearchSecure-241030/1.2/Samples/rsinstaller.exe","241030/ResearchSecure-241030/1.2/Samples/RSNativeHostApp.exe","241030/ResearchSecure-241030/1.2/Samples/rssvc.exe","241030/ResearchSecure-241030/1.2/Samples/com.researchsecure.json"],"imageFiles":["241030/ResearchSecure-241030/1.2/Images/ACR-048/ACR-048_Install_1.png","241030/ResearchSecure-241030/1.2/Images/ACR-048/ACR-048_Install_2.png","241030/ResearchSecure-241030/1.2/Images/ACR-084/ACR-084_Software_1.png","241030/ResearchSecure-241030/1.2/Images/ACR-007/ACR-007_Software_1.png","241030/ResearchSecure-241030/1.2/Images/ACR-007/ACR-007_Software_2.png","241030/ResearchSecure-241030/1.2/Images/ACR-007/ACR-007_Software_3.png","241030/ResearchSecure-241030/1.2/Images/ACR-007/ACR-007_Software_4.png","241030/ResearchSecure-241030/1.2/Images/ACR-118/ACR-118_Uninstall_1.png"],"nonDeceptorImageFiles":[],"guid":"2dfebc01-934e-44bc-8814-cf18f1974968_1.2_1","appID":"ResearchSecure-241030","dateAdded":"241118","deceptorType":"App","name":"ResearchSecure","company":"Creative Knowledge, Inc.","version":"1.2","lastKnownStatus":"1.1.0.7","lastKnownDate":"241118","type":"Windows Executable","category":"Personalization & Search","targetOS":"Windows 7,Windows 8,Windows 10,Windows 11","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"install offers,search","lastUpdate":"2024-11-18T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":424},{"violations":{"ACR-048":"Installation can't be cancelled by standard platform interface.\n","ACR-007":"Application doesn't provides explicit notification to all affected user (different login user) and obtains informed user consent when reducing the default safety related with different user.\n","ACR-084":"1. After installing, the application running in background and being active in systray with without notifying user. \n2. The application doesn't show notification when a different user login system. The app is hiding from all the users affected, however collecting the data from those users.\n","ACR-118":"Application leaves an important executable even after application uninstallation completes.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"rs_setup_en.exe","isInstaller":"True","companyName":"Creative Knowledge, Inc.                                    ","fileVersion":"1.2","hashMD5":"12e8022f3a2d2a52bb29add78a4882e7","hashSHA1":"ec054056b08f393ed61b424ac5249aab1e4ce20a","hashSHA256":"d5451c5e1b0613bcd8a58a2ed5b608a149de06f3997fe6c16dd82ed16417d291","digitalCertThumbprint":"FBBADE4E00FE36655AAA0304BA6B8E3CC247CD4D","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=\"CREATIVE KNOWLEDGE, INC\", O=\"CREATIVE KNOWLEDGE, INC\", L=Reston, S=Virginia, C=US, SERIALNUMBER=3959765, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.2=Delaware, OID.1.3.6.1.4.1.311.60.2.1.3=US","sourceIndex":"357","avBlockList":["Avast Premium Security (20250213)","AVG Internet Security (20250213)","Avira Internet Security (20250213)","Bitdefender Internet Security (20250213)","Dr.Web Security Space (20250213)","ESET Internet Security (20250213)","FortectPremium (20250213)","G DATA INTERNET SECURITY (20250213)","K7 Total Security (20250213)","KasperskyPremium (20250213)","Malwarebytes Premium (20250213)","McAfee Total Protection (20250213)","Norton Security (20250213)","Panda Dome (20250213)","Quick Heal Internet Security (20250213)","Sophos Home Premium (20250213)","SpyHunter5 (20250213)","Total AV Antivirus Pro (20250213)","VIPRE Advanced Security (20250213)","VirIT eXplorer PRO (20250213)","Webroot SecureAnywhere (20250213)"],"avAllowList":["360 Total Security (20250213)","COMODO Antivirus (20250213)","Trend Micro Internet Security (20250213)","Windows Defender (20250213)"]},{"isRevoked":"False","fileName":"RSNativeHostApp.exe","companyName":"Creative Knowledge, Inc.","fileVersion":"1.1.0.7","hashMD5":"f561f403b8e2a5ab26be8ed58942b687","hashSHA1":"0b02947a12b686925cd32ba61ecab2e8c05fab7a","hashSHA256":"bf6abd77b226076ebee67ac512b6d6ae1e495b473c39b2a1a39e7587b8707610","digitalCertThumbprint":"FBBADE4E00FE36655AAA0304BA6B8E3CC247CD4D","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=\"CREATIVE KNOWLEDGE, INC\", O=\"CREATIVE KNOWLEDGE, INC\", L=Reston, S=Virginia, C=US, SERIALNUMBER=3959765, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.2=Delaware, OID.1.3.6.1.4.1.311.60.2.1.3=US","sourceIndex":"357","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"rssvc.exe","companyName":"Creative Knowledge, Inc.","fileVersion":"1.1.0.7","hashMD5":"97b1efd915813a8d24832ea0b276bc4a","hashSHA1":"0f3e1c1f294686785e87cc3fde1841b26bf2ad59","hashSHA256":"f2129754aa4cfd419b746277a8b95306b78a5a42320b5e12b3d800642f96734c","digitalCertThumbprint":"FBBADE4E00FE36655AAA0304BA6B8E3CC247CD4D","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=\"CREATIVE KNOWLEDGE, INC\", O=\"CREATIVE KNOWLEDGE, INC\", L=Reston, S=Virginia, C=US, SERIALNUMBER=3959765, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.2=Delaware, OID.1.3.6.1.4.1.311.60.2.1.3=US","sourceIndex":"357","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"rsinstaller.exe","companyName":"Creative Knowledge, Inc.","fileVersion":"1.1.0.7","hashMD5":"88eaba8abc2421bda4701cd47f0854c9","hashSHA1":"6d72782c2179f4a6011a093cbcc892a9dd311117","hashSHA256":"f134d64aa4e1dcccb83662e535018ab49aefcdbb269e7113117fbf55a63628a5","digitalCertThumbprint":"FBBADE4E00FE36655AAA0304BA6B8E3CC247CD4D","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=\"CREATIVE KNOWLEDGE, INC\", O=\"CREATIVE KNOWLEDGE, INC\", L=Reston, S=Virginia, C=US, SERIALNUMBER=3959765, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.2=Delaware, OID.1.3.6.1.4.1.311.60.2.1.3=US","sourceIndex":"357","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"","landingPage":"https://www.researchsecure.com/home#about","directDownloadingLink":"https://www.researchsecure.com/download/rs_setup_en.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.researchsecure.com/download/rs_setup_en.exe","sourceIndex":"357"}],"sampleFiles":["241118/ResearchSecure-241030/1.1.0.7/Samples/rs_setup_en.exe"],"imageFiles":["241118/ResearchSecure-241030/1.1.0.7/Images/ACR-048/ACR-048_Install_1.png","241118/ResearchSecure-241030/1.1.0.7/Images/ACR-048/ACR-048_Install_2.png","241118/ResearchSecure-241030/1.1.0.7/Images/ACR-084/ACR-084_Software_1.png","241118/ResearchSecure-241030/1.1.0.7/Images/ACR-007/ACR-007_Software_1.png","241118/ResearchSecure-241030/1.1.0.7/Images/ACR-007/ACR-007_Software_2.png","241118/ResearchSecure-241030/1.1.0.7/Images/ACR-007/ACR-007_Software_3.png","241118/ResearchSecure-241030/1.1.0.7/Images/ACR-007/ACR-007_Software_4.png","241118/ResearchSecure-241030/1.1.0.7/Images/ACR-118/ACR-118_Uninstall_1.png"],"nonDeceptorImageFiles":[],"guid":"2dfebc01-934e-44bc-8814-cf18f1974968_1.1.0.7_1","appID":"ResearchSecure-241030","dateAdded":"241118","deceptorType":"App","name":"ResearchSecure","company":"Creative Knowledge, Inc.","version":"1.1.0.7","lastKnownStatus":"1.1.0.7","lastKnownDate":"241118","type":"Windows Executable","category":"Personalization & Search","targetOS":"Windows 7,Windows 8,Windows 10,Windows 11","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"install offers,search","lastUpdate":"2024-11-19T00:57:06.8593724+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":423},{"violations":{"ACR-042":"Application makes network connection to undisclosed 3rd party for offers. (researchsecure.com)\n","ACR-010":"The app distributes deceptive application researchsecure which runs and be active in background without notifying all affected users and collecting the user related data.\n\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software\n","ACR-060":"The offer network does not disclose itself in Research secure offer to silently install unrelated software\n","ACR-155":"Offers are designed to look like part of the install workflow. \n\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"FreeAudioEditor.exe","isInstaller":"True","companyName":"Copyright© 2005-2024 FAEMedia Inc.                         ","productName":"Free Audio Editor 2024                                      ","productVersion":"                                                  ","fileVersion":"                    ","hashMD5":"078f327e0f937596287e722a0ca60c45","hashSHA1":"0fea69bb7e584be35ad9cdc0744654bafb767e5f","hashSHA256":"5ecc7c8d78ad6d879d2ba6bf1e721cf24e329004ffc1ce14a5c2eda0e74c179f","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"439","avBlockList":["Avast Premium Security (20250121)","AVG Internet Security (20250121)","Avira Internet Security (20250121)","ESET Internet Security (20250121)","FortectPremium (20250121)","G DATA INTERNET SECURITY (20250121)","K7 Total Security (20250121)","Malwarebytes Premium (20250121)","McAfee Total Protection (20250121)","Norton Security (20250121)","Panda Dome (20250121)","Quick Heal Internet Security (20250121)","Sophos Home Premium (20250121)","SpyHunter5 (20250121)","Total AV Antivirus Pro (20250121)","VirIT eXplorer PRO (20250121)","Webroot SecureAnywhere (20250121)"],"avAllowList":["360 Total Security (20250121)","Bitdefender Internet Security (20250121)","COMODO Antivirus (20250121)","Dr.Web Security Space (20250121)","KasperskyPremium (20250121)","Trend Micro Internet Security (20250121)","VIPRE Advanced Security (20250121)","Windows Defender (20250121)"]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on windows app","reference":"","landingPage":"https://free-audio-editor.com/","directDownloadingLink":"https://www.free-audio-editor.com/FreeAudioEditor.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.free-audio-editor.com/FreeAudioEditor.exe","sourceIndex":"439"}],"sampleFiles":["241031/FreeAudioEditor-220608/10.1.5/Samples/FreeAudioEditor.exe"],"imageFiles":["241031/FreeAudioEditor-220608/10.1.5/Images/ACR-042/ACR-042_Install_1.png","241031/FreeAudioEditor-220608/10.1.5/Images/ACR-010/ACR-010.PNG","241031/FreeAudioEditor-220608/10.1.5/Images/ACR-155/ACR-155.PNG","241031/FreeAudioEditor-220608/10.1.5/Images/ACR-013/ACR-013.PNG","241031/FreeAudioEditor-220608/10.1.5/Images/ACR-013/ACR-013_Install_1.png","241031/FreeAudioEditor-220608/10.1.5/Images/ACR-060/ACR-060.PNG"],"nonDeceptorImageFiles":[],"guid":"84d4f297-39e7-457f-a511-07b29e637604_10.1.5_1","appID":"FreeAudioEditor-220608","dateAdded":"241031","deceptorType":"App","name":"Free Audio Editor","company":"FAEMedia, Inc.","version":"10.1.5","lastKnownStatus":"10.1.2.5;10.1.5","lastKnownDate":"241031","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","monetization":"cross-sell other apps,sold in bundle","lastUpdate":"2024-10-31T22:27:29.6761622+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":425},{"violations":{"ACR-109":"The app downloads \"rkverify.exe\", a RelevantKnowledge file before disclosure and without the consumer's consent.\n\n","ACR-047":"The App presents the untruthful message that application needs to update, instead it attempts to re-run the application to present the declined offer again.  \n\nThe App presents the untruthful message that application needs to update, instead it attempts to re run the application to present the declined offer again.\n\n","ACR-048":"The \"Decline\" button does not have any control. Despite declining RelevantKnowledge app, it still downloaded RelevantKnowledge file “rkverify.exe” regardless.\n\nUnable to close the update prompt. \n\n","ACR-003":"The App misleads consumer they need to run update. There is no newer build, instead, it attempts to run the installer and present the declined offers again.\n\n","ACR-004":"The app prompts untruthful message that upgrade is needed whenever user launches the app. The \"Update\" downloads nothing new, sometimes it leads to download the component(s) that user declined during install procedure, for example, it connected to dpd.securestudies.com and attempted to download user internet behavior program from Relevant Knowledge. \n\n","ACR-010":"The app distributes deceptor application. The offer in this app, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control. \n\n","ACR-083":"The App attempts to present the offer repeatedly via its update and startup.\n\n","ACR-118":"After uninstall, it retains some executables and many of its other components along with a \"curl-ca-bundle.crt\" on the device without user's knowledge. \n\n","ACR-057":"The app bundles the \"Relevant Knowledge\" offer which does not allow the consumer to decline the offer. \n\n","ACR-071":"It attempts to force the acceptance of \"Relevant Knowledge\" by graying out the Next button when the user choose to Decline. Thus, forcing the user to only accept the offer and proceed with the installation.\n\n","ACR-059":"Offer not clearly marked as an offer. Instead, it is presented as a component of the carrier.\n\n","ACR-039":"There is no clear indications of the relationship to the installer application. RelevantKnowledge is presented as part of the installer application. Despite declining RelevantKnowledge app, it still downloaded RelevantKnowledge file “rkverify.exe” nevertheless.\n\n","ACR-155":"Offers are designed to look like part of the install workflow. \n\n"},"nonDeceptorViolations":{"ACR-002":"The App's version is inconsistent between App interaction and its install (version10.1.2.5 vs version 9.4.0) \n\nThe App's version is inconsistent between App interaction and its install (version10.1.2.5 vs version 9.4.0) \n","ACR-106":"App offers deceptive application 'Relevant Knowledge market survey'. \n\n"},"samples":[{"isRevoked":"False","fileName":"FreeAudioEditor.exe","fileVersion":"0.0","hashMD5":"539d6c941b081e9afbfe284363c10993","hashSHA1":"5d2bfbde0c949b6b6239496236c6558ee3f76350","hashSHA256":"4384d27dc5b2665fd8efc4bd77ca4d908e508dbfa12a91bc9dd9fb4986babeee","sourceIndex":"1565","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"FreeAudioEditor_j-BmTa1.exe","isInstaller":"True","companyName":"","productName":"Beijing Aviation Trust Intellectual Property Consulting Co.,","fileVersion":"3.33.1","hashMD5":"1bd6b27e21341fd6ad6fc48dfe407610","hashSHA1":"0e8a9411446b5fbef66570d7fa81ecaeb6706da2","hashSHA256":"462b515b56b289161c11a454475ab68be7d9e8be97d33b5fec51e7cb065eaa19","digitalCertThumbprint":"E323A663BC722856F054FADEE2B07EA215692ED4","digitalCertIssuer":"CN=Sectigo Public Code Signing CA EV R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=\"Beijing QingSoft Creative Information Technology Co., Ltd.\", O=\"Beijing QingSoft Creative Information Technology Co., Ltd.\", L=Beijing, C=CN, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=CN, SERIALNUMBER=911101056717485703","sourceIndex":"1565","avBlockList":["Avast Premium Security (20250121)","AVG Internet Security (20250121)","Avira Internet Security (20250121)","Bitdefender Internet Security (20250121)","COMODO Antivirus (20250121)","Dr.Web Security Space (20250121)","ESET Internet Security (20250121)","G DATA INTERNET SECURITY (20250121)","K7 Total Security (20250121)","Kaspersky Internet Security (20220616)","Malwarebytes Premium (20250121)","McAfee Total Protection (20250121)","Norton Security (20250121)","Panda Dome (20250121)","Quick Heal Internet Security (20250121)","Sophos Home Premium (20250121)","SpyHunter5 (20250121)","Total AV Antivirus Pro (20250121)","Trend Micro Internet Security (20250121)","VIPRE Advanced Security (20250121)","VirIT eXplorer PRO (20250121)","Webroot SecureAnywhere (20250121)","Windows Defender (20250121)","FortectPremium (20250121)","KasperskyPremium (20250121)"],"avAllowList":["360 Total Security (20250121)","Tencent PC Manager (20220616)"]},{"isRevoked":"False","fileName":"FreeAudioEditor-setup.exe","isInstaller":"True","companyName":"Copyright© 2005-2019 FAEMedia, Inc.                         ","productName":"Free Audio Editor 2019        ","fileVersion":"0.0","hashMD5":"415bac4c198a0e18477a243aa224c572","hashSHA1":"c199f7e2a6eb665bd6017f41e95ba6afa71e0a56","hashSHA256":"049c3826ed60cb7c8046d447645cdde758d1de310cb02e41c8078a79eec0ef14","digitalCertThumbprint":"347240ECC751AB91D4BA3282DC67ACC9A36D1128","digitalCertIssuer":"CN=COMODO RSA Extended Validation Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", O=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", STREET=\"Chaoyang North Road 199, MOMA Building 1901, Chaoyang District\", L=Beijing, PostalCode=100026, C=CN, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=CN, SERIALNUMBER=911101056717485703","sourceIndex":"1565","avBlockList":["360 Total Security (20220616)","Avast Premium Security (20220616)","AVG Internet Security (20220616)","Avira Internet Security (20220616)","Bitdefender Internet Security (20220616)","COMODO Antivirus (20220616)","Dr.Web Security Space (20220616)","ESET Internet Security (20220616)","G DATA INTERNET SECURITY (20220616)","K7 Total Security (20220616)","Kaspersky Internet Security (20220616)","Malwarebytes Premium (20220616)","McAfee Total Protection (20220616)","Norton Security (20220616)","Panda Dome (20220616)","Quick Heal Internet Security (20220616)","Sophos Home Premium (20220616)","SpyHunter5 (20220616)","Total AV Antivirus Pro (20220616)","Trend Micro Internet Security (20220616)","VIPRE Advanced Security (20220616)","VirIT eXplorer PRO (20220616)","Webroot SecureAnywhere (20220616)","Windows Defender (20220616)"],"avAllowList":["Tencent PC Manager (20220616)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.search: URL inspected via update prompt from hunted app Shortcut Remover ","reference":"Free Shortcut Remover","landingPage":"https://free-audio-editor.com/","directDownloadingLink":"https://www.free-audio-editor.com/FreeAudioEditor.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.free-audio-editor.com/FreeAudioEditor.exe","sourceIndex":"1565"}],"sampleFiles":["220608/FreeAudioEditor-220608/10.1.2.5/Samples/FreeAudioEditor.exe","220608/FreeAudioEditor-220608/10.1.2.5/Samples/FreeAudioEditor_j-BmTa1.exe","220608/FreeAudioEditor-220608/10.1.2.5/Samples/FreeAudioEditor-setup.exe"],"imageFiles":["220608/FreeAudioEditor-220608/10.1.2.5/Images/ACR-109/ACR-109_039_048_RKSetup.jpg","220608/FreeAudioEditor-220608/10.1.2.5/Images/ACR-039/ACR-109_039_048_RKSetup.jpg","220608/FreeAudioEditor-220608/10.1.2.5/Images/ACR-047/ACR-004_083_RKUpdatePrompt.jpg","220608/FreeAudioEditor-220608/10.1.2.5/Images/ACR-047/ACR-048_UPdatePrompt.jpg","220608/FreeAudioEditor-220608/10.1.2.5/Images/ACR-048/ACR-109_039_048_RKSetup.jpg","220608/FreeAudioEditor-220608/10.1.2.5/Images/ACR-010/RelevantKnowledge.jpg","220608/FreeAudioEditor-220608/10.1.2.5/Images/ACR-004/ACR-004_083_RKUpdatePrompt.jpg","220608/FreeAudioEditor-220608/10.1.2.5/Images/ACR-004/ACR-048_UPdatePrompt.jpg","220608/FreeAudioEditor-220608/10.1.2.5/Images/ACR-083/ACR-004_083_RKUpdatePrompt.jpg","220608/FreeAudioEditor-220608/10.1.2.5/Images/ACR-083/ACR-048_UPdatePrompt.jpg","220608/FreeAudioEditor-220608/10.1.2.5/Images/ACR-048/ACR-048_UPdatePrompt.jpg","220608/FreeAudioEditor-220608/10.1.2.5/Images/ACR-003/ACR-048_UPdatePrompt.jpg","220608/FreeAudioEditor-220608/10.1.2.5/Images/ACR-003/ACR-004_083_RKUpdatePrompt.jpg","220608/FreeAudioEditor-220608/10.1.2.5/Images/ACR-118/ACR-118_Remnants.jpg","220608/FreeAudioEditor-220608/10.1.2.5/Images/ACR-057/RelevantKnowledge.jpg","220608/FreeAudioEditor-220608/10.1.2.5/Images/ACR-059/RelevantKnowledge.jpg","220608/FreeAudioEditor-220608/10.1.2.5/Images/ACR-071/RelevantKnowledge.jpg","220608/FreeAudioEditor-220608/10.1.2.5/Images/ACR-155/RelevantKnowledge.jpg","220608/FreeAudioEditor-220608/10.1.2.5/Images/ACR-047/ACR-004_083_RKUpdatePrompt.jpg","220608/FreeAudioEditor-220608/10.1.2.5/Images/ACR-047/ACR-048_UPdatePrompt.jpg"],"nonDeceptorImageFiles":["220608/FreeAudioEditor-220608/10.1.2.5/Images/ACR-002/ACR-002_DifferentVersions.jpg","220608/FreeAudioEditor-220608/10.1.2.5/Images/ACR-106/RelevantKnowledge.jpg","220608/FreeAudioEditor-220608/10.1.2.5/Images/ACR-002/ACR-002_DifferentVersions.jpg"],"guid":"84d4f297-39e7-457f-a511-07b29e637604_10.1.2.5_1","appID":"FreeAudioEditor-220608","dateAdded":"241031","deceptorType":"App","name":"Free Audio Editor","company":"FAEMedia, Inc.","version":"10.1.2.5","lastKnownStatus":"10.1.2.5;10.1.5","lastKnownDate":"241031","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","monetization":"cross-sell other apps,sold in bundle","lastUpdate":"2024-10-31T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":426},{"violations":{"ACR-109":"The app downloads \"spt_setup.exe\", a RelevantKnowledge file before disclosure and without the consumer's consent.\n\n","ACR-047":"The App presents the untruthful message that application needs to update, instead it attempts to re-run the application to present the declined offer again.  \n\nThe App presents the untruthful message that application needs to update, instead it attempts to re run the application to present the declined offer again.\n\n","ACR-048":"The \"Decline\" button does not have any control. Despite declining RelevantKnowledge app, it is still downloaded RelevantKnowledge file “spt_setup.exe” nevertheless.\n\nUnable to close the update prompt. \n\n","ACR-003":"The App misleads consumer they need to run update. There is no newer build, instead, it attempts to run the installer and present the declined offers again.\n\n","ACR-004":"The app prompts untruthful message that upgrade is needed whenever user launches the app. The \"Update\" downloads nothing new, sometimes it leads to download the component(s) that user declined during install procedure, for example, it connected to dpd.securestudies.com and attempted to download user internet behavior program from Relevant Knowledge. \n\n","ACR-010":"The app distributes deceptor application. The offer in this app, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control. \n\n","ACR-083":"The App attempts to present the offer repeatedly via its update and startup.\n\n","ACR-118":"At uninstall, it retains some executables and many of its other components along with a \"curl-ca-bundle.crt\" on the device without user's knowledge. \n\n","ACR-057":"The app bundles the \"Relevant Knowledge\" offer which does not allow the consumer to decline the offer. \n\n","ACR-071":"It attempts to force the acceptance of \"Relevant Knowledge\" by graying out the Next button when the user choose to Decline. Thus, forcing the user to only accept the offer and proceed with the installation.\n\n","ACR-059":"Offer not clearly marked as an offer. Instead, it is presented as a component of the carrier.\n\n","ACR-039":"There is no clear indications of the relationship to the installer application. RelevantKnowledge is presented as part of the installer application. Despite declining RelevantKnowledge app, it still downloaded RelevantKnowledge file “spt_setup.exe” regardless.\n\n","ACR-155":"Offers are designed to look like part of the install workflow. \n\n"},"nonDeceptorViolations":{"ACR-002":"The App's version is inconsistent between App interaction and its install (version10.8.2.4 vs version10.8.1) \n\nThe App's version is inconsistent between App interaction and its install (version10.8.2.4 vs version10.8.1) \n\n","ACR-106":"App offers deceptive application 'Relevant Knowledge market survey'. \n\n"},"samples":[{"isRevoked":"False","fileName":"FreemorePDFtoJPGPNGTIFConverter.exe","productName":"Freemore PDF to JPG PNG TIF Converter   ","fileVersion":"10.8.1","hashMD5":"8416de38390c16a0e3989e14dec05b73","hashSHA1":"c27608fcd80e396f5360a4d4afdb39943638ccfe","hashSHA256":"5973aeda541b52f0357cbb0fbffd3f33fb4775c0d34081e1fb3570c17e5f58e7","sourceIndex":"442","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"FreemorePDFtoJPGPNGTIFConverter-setup.exe","isInstaller":"True","companyName":"FreeMoreSoft, Inc.                                          ","productName":"Freemore PDF to JPG PNG TIF Converter   ","fileVersion":"10.8.2.4","hashMD5":"8ad6318b48af6442caedb2eb210e4bd9","hashSHA1":"5789122ead26e90018082e62348108daa20ca7f3","hashSHA256":"bb66f225715929e9741f0a7a4d998f36af4bf38cb228220087375ad4c7200649","digitalCertThumbprint":"347240ECC751AB91D4BA3282DC67ACC9A36D1128","digitalCertIssuer":"CN=COMODO RSA Extended Validation Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", O=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", STREET=\"Chaoyang North Road 199, MOMA Building 1901, Chaoyang District\", L=Beijing, PostalCode=100026, C=CN, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=CN, SERIALNUMBER=911101056717485703","sourceIndex":"442","avBlockList":["360 Total Security (20250123)","Avast Premium Security (20250123)","AVG Internet Security (20250123)","Avira Internet Security (20250123)","Bitdefender Internet Security (20250123)","COMODO Antivirus (20250123)","Dr.Web Security Space (20250123)","ESET Internet Security (20250123)","G DATA INTERNET SECURITY (20250123)","K7 Total Security (20250123)","Kaspersky Internet Security (20220623)","Malwarebytes Premium (20250123)","McAfee Total Protection (20250123)","Norton Security (20250123)","Panda Dome (20250123)","Quick Heal Internet Security (20250123)","Sophos Home Premium (20250123)","SpyHunter5 (20250123)","Total AV Antivirus Pro (20250123)","VIPRE Advanced Security (20250123)","VirIT eXplorer PRO (20250123)","Webroot SecureAnywhere (20250123)","Windows Defender (20250123)","FortectPremium (20250123)","KasperskyPremium (20250123)"],"avAllowList":["Tencent PC Manager (20220623)","Trend Micro Internet Security (20250123)"]},{"isRevoked":"False","fileName":"FreemorePDFtoJPGPNGTIFConverter_241030.exe","isInstaller":"True","companyName":"FreeMoreSoft, Inc.                                          ","fileVersion":"0.0","hashMD5":"b7408e59444e941c1b503518c61c60c2","hashSHA1":"c90e7cda6ea8a2c96b2de2a0b40528fd9764828e","hashSHA256":"a1700829618e5f47eaac0f9b09f2882438a477686168cb657c102ca41b5fe811","sourceIndex":"442","avBlockList":["360 Total Security (20250128)","Avast Premium Security (20250128)","AVG Internet Security (20250128)","Avira Internet Security (20250128)","Bitdefender Internet Security (20250128)","COMODO Antivirus (20250128)","Dr.Web Security Space (20250128)","ESET Internet Security (20250128)","FortectPremium (20250128)","G DATA INTERNET SECURITY (20250128)","K7 Total Security (20250128)","KasperskyPremium (20250128)","Malwarebytes Premium (20250128)","McAfee Total Protection (20250128)","Norton Security (20250128)","Panda Dome (20250128)","Quick Heal Internet Security (20250128)","Sophos Home Premium (20250128)","SpyHunter5 (20250128)","Total AV Antivirus Pro (20250128)","Trend Micro Internet Security (20250128)","VIPRE Advanced Security (20250128)","VirIT eXplorer PRO (20250128)","Webroot SecureAnywhere (20250128)","Windows Defender (20250128)"],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.search: free media downloads *FreeMoreSoft, Inc.","reference":"","landingPage":"https://freemoresoft.com/freepdftojpgconverter/index.php","directDownloadingLink":"http://www.freemoresoft.com/FreemorePDFtoJPGPNGTIFConverter.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://www.freemoresoft.com/FreemorePDFtoJPGPNGTIFConverter.exe","sourceIndex":"442"}],"sampleFiles":["241030/FreemorePDFtoJPGPNGTIFConverter-220614/10.8.2.4/Samples/FreemorePDFtoJPGPNGTIFConverter.exe","241030/FreemorePDFtoJPGPNGTIFConverter-220614/10.8.2.4/Samples/FreemorePDFtoJPGPNGTIFConverter-setup.exe","241030/FreemorePDFtoJPGPNGTIFConverter-220614/10.8.2.4/Samples/FreemorePDFtoJPGPNGTIFConverter_241030.exe"],"imageFiles":["241030/FreemorePDFtoJPGPNGTIFConverter-220614/10.8.2.4/Images/ACR-109/ACR-109_039_048.jpg","241030/FreemorePDFtoJPGPNGTIFConverter-220614/10.8.2.4/Images/ACR-039/ACR-109_039_048.jpg","241030/FreemorePDFtoJPGPNGTIFConverter-220614/10.8.2.4/Images/ACR-047/ACR-004_083_047_003_RKUpdate-trayprompt.jpg","241030/FreemorePDFtoJPGPNGTIFConverter-220614/10.8.2.4/Images/ACR-047/RK.jpg","241030/FreemorePDFtoJPGPNGTIFConverter-220614/10.8.2.4/Images/ACR-048/ACR-109_039_048.jpg","241030/FreemorePDFtoJPGPNGTIFConverter-220614/10.8.2.4/Images/ACR-010/RelevantKnowledge.jpg","241030/FreemorePDFtoJPGPNGTIFConverter-220614/10.8.2.4/Images/ACR-004/RK.jpg","241030/FreemorePDFtoJPGPNGTIFConverter-220614/10.8.2.4/Images/ACR-004/ACR_048_RKUpdate.jpg","241030/FreemorePDFtoJPGPNGTIFConverter-220614/10.8.2.4/Images/ACR-004/ACR_048_RKUpdate-taskbar.jpg","241030/FreemorePDFtoJPGPNGTIFConverter-220614/10.8.2.4/Images/ACR-083/ACR_048_RKUpdate.jpg","241030/FreemorePDFtoJPGPNGTIFConverter-220614/10.8.2.4/Images/ACR-083/ACR-004_083_047_003_RKUpdate-trayprompt.jpg","241030/FreemorePDFtoJPGPNGTIFConverter-220614/10.8.2.4/Images/ACR-048/ACR_048_RKUpdate.jpg","241030/FreemorePDFtoJPGPNGTIFConverter-220614/10.8.2.4/Images/ACR-003/ACR_048_RKUpdate.jpg","241030/FreemorePDFtoJPGPNGTIFConverter-220614/10.8.2.4/Images/ACR-003/ACR-004_083_047_003_RKUpdate-trayprompt.jpg","241030/FreemorePDFtoJPGPNGTIFConverter-220614/10.8.2.4/Images/ACR-003/RK.jpg","241030/FreemorePDFtoJPGPNGTIFConverter-220614/10.8.2.4/Images/ACR-118/ACR-118_Remnants.jpg","241030/FreemorePDFtoJPGPNGTIFConverter-220614/10.8.2.4/Images/ACR-057/RelevantKnowledge.jpg","241030/FreemorePDFtoJPGPNGTIFConverter-220614/10.8.2.4/Images/ACR-059/RelevantKnowledge.jpg","241030/FreemorePDFtoJPGPNGTIFConverter-220614/10.8.2.4/Images/ACR-071/RelevantKnowledge.jpg","241030/FreemorePDFtoJPGPNGTIFConverter-220614/10.8.2.4/Images/ACR-155/RelevantKnowledge.jpg","241030/FreemorePDFtoJPGPNGTIFConverter-220614/10.8.2.4/Images/ACR-047/ACR-004_083_047_003_RKUpdate-trayprompt.jpg","241030/FreemorePDFtoJPGPNGTIFConverter-220614/10.8.2.4/Images/ACR-047/RK.jpg"],"nonDeceptorImageFiles":["241030/FreemorePDFtoJPGPNGTIFConverter-220614/10.8.2.4/Images/ACR-002/ACR-002_DiffAppVersion.jpg","241030/FreemorePDFtoJPGPNGTIFConverter-220614/10.8.2.4/Images/ACR-106/RelevantKnowledge.jpg","241030/FreemorePDFtoJPGPNGTIFConverter-220614/10.8.2.4/Images/ACR-002/ACR-002_DiffAppVersion.jpg"],"guid":"d15c6a04-8a20-420d-80e1-4cdea6dae1c7_10.8.2.4_1","appID":"FreemorePDFtoJPGPNGTIFConverter-220614","dateAdded":"241030","deceptorType":"App","name":"Freemore PDF to JPG PNG TIF Converter","company":"FreeMoreSoft, Inc.","version":"10.8.2.4","lastKnownStatus":"10.8.2.4","lastKnownDate":"241030","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows 7,Windows Vista,Windows 8,Windows 10","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"cross-sell other apps,sold in bundle","lastUpdate":"2024-10-31T01:00:07.9995441+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":430},{"violations":{"ACR-109":"The app downloads \"spt_setup.exe\", a RelevantKnowledge file before disclosure and without the consumer's consent.\n\n","ACR-047":"The App presents the untruthful message that application needs to update, instead it attempts to re-run the application to present the declined offer again.  \n\nThe App presents the untruthful message that application needs to update, instead it attempts to re-run the application to present the declined offer again.  \n\n","ACR-048":"The \"Decline\" button does not have any control. Despite declining RelevantKnowledge app, it is still downloaded RelevantKnowledge file “spt_setup.exe” nevertheless.\n\nUnable to close the update prompt. \n\n","ACR-003":"The App misleads consumer they need to run update. There is no newer build, instead, it attempts to run the installer and present the declined offers again.\n\n","ACR-004":"The app prompts untruthful message that upgrade is needed whenever user launches the app. The \"Update\" downloads nothing new, sometimes it leads to download the component(s) that user declined during install procedure, for example, it connected to dpd.securestudies.com and attempted to download user internet behavior program from Relevant Knowledge. \n\n","ACR-010":"The app distributes deceptor application. The offer in this app, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control. \n\n","ACR-083":"The App attempts to present the offer repeatedly via its update and startup.\n\n","ACR-118":"Upon uninstallation, it retains some executables and many of its other components along with a \"curl-ca-bundle.crt\" on the device without user's knowledge. \n\n","ACR-057":"The app bundles the \"Relevant Knowledge\" offer which does not allow the consumer to decline the offer. \n\n","ACR-071":"It attempts to force the acceptance of \"Relevant Knowledge\" by graying out the Next button when the user choose to Decline. Thus, forcing the user to only accept the offer and proceed with the installation.\n\n","ACR-059":"Offer not clearly marked as an offer. Instead, it is presented as a component of the carrier.\n","ACR-039":"There is no clear indications of the relationship to the installer application. RelevantKnowledge is presented as part of the installer application. Despite declining RelevantKnowledge app, it still downloaded RelevantKnowledge file “spt_setup.exe” regardless.\n\n","ACR-155":"Offers are designed to look like part of the install workflow. \n\n"},"nonDeceptorViolations":{"ACR-002":"The App's version is inconsistent between App interaction and its install (version 10.8.1 vs version 10.8.2.4) \n\nThe App's version is inconsistent between App interaction and its install (version 10.8.1 vs version 10.8.2.4) \n","ACR-106":"App offers deceptive application 'Relevant Knowledge market survey'. \n\n"},"samples":[{"isRevoked":"False","fileName":"FreemoreVideotoGIFConverter.exe","fileVersion":"9.4.0","hashMD5":"81bbfc075456531e684e252a6739a05f","hashSHA1":"52c32cad12c71ba3e3e3609b71f6a3c159ef6265","hashSHA256":"c954a2adc81720b5909ce7ddf3838fdf548a0ab4ec1145b68ea7dad0a671fd6b","sourceIndex":"441","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"FreemoreVideotoGIFConverter-setup.exe","isInstaller":"True","companyName":"FreeMoreSoft, Inc.                                          ","productName":"Freemore Video to GIF Converter        ","fileVersion":"10.1.2.5","hashMD5":"afb00fed653698e93dc364dae3412d11","hashSHA1":"ab63690d2aedc9088338e57c1da884177773a81f","hashSHA256":"96cdfbb75e809aa9cfbae081d66824da13ceb08e1ca2d22cba72a6cb4d986308","digitalCertThumbprint":"347240ECC751AB91D4BA3282DC67ACC9A36D1128","digitalCertIssuer":"CN=COMODO RSA Extended Validation Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", O=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", STREET=\"Chaoyang North Road 199, MOMA Building 1901, Chaoyang District\", L=Beijing, PostalCode=100026, C=CN, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=CN, SERIALNUMBER=911101056717485703","sourceIndex":"441","avBlockList":["360 Total Security (20250121)","Avast Premium Security (20250121)","AVG Internet Security (20250121)","Avira Internet Security (20250121)","Bitdefender Internet Security (20250121)","COMODO Antivirus (20250121)","Dr.Web Security Space (20250121)","ESET Internet Security (20250121)","G DATA INTERNET SECURITY (20250121)","K7 Total Security (20250121)","Kaspersky Internet Security (20220726)","Malwarebytes Premium (20250121)","McAfee Total Protection (20250121)","Norton Security (20250121)","Panda Dome (20250121)","Quick Heal Internet Security (20250121)","Sophos Home Premium (20250121)","SpyHunter5 (20250121)","Total AV Antivirus Pro (20250121)","VIPRE Advanced Security (20250121)","VirIT eXplorer PRO (20250121)","Webroot SecureAnywhere (20250121)","Windows Defender (20250121)","FortectPremium (20250121)","KasperskyPremium (20250121)"],"avAllowList":["Tencent PC Manager (20220726)","Trend Micro Internet Security (20250121)"]},{"isRevoked":"False","fileName":"FreemoreVideotoGIFConverter_241030.exe","isInstaller":"True","companyName":"FreeMoreSoft, Inc.                                          ","fileVersion":"0.0","hashMD5":"6cbd946ab9262e0eea54bb20bdf83664","hashSHA1":"9f340929d9f591c92cdd5610d2b64e357b7368a8","hashSHA256":"59047b8c803fd361f6530aa81559407b2a14620df5b527bcb081e87fc7006c5e","sourceIndex":"441","avBlockList":["360 Total Security (20250123)","Avast Premium Security (20250123)","AVG Internet Security (20250123)","Avira Internet Security (20250123)","Bitdefender Internet Security (20250123)","COMODO Antivirus (20250123)","Dr.Web Security Space (20250123)","ESET Internet Security (20250123)","FortectPremium (20250123)","G DATA INTERNET SECURITY (20250123)","K7 Total Security (20250123)","KasperskyPremium (20250123)","Malwarebytes Premium (20250123)","McAfee Total Protection (20250123)","Norton Security (20250123)","Panda Dome (20250123)","Quick Heal Internet Security (20250123)","Sophos Home Premium (20250123)","SpyHunter5 (20250123)","Total AV Antivirus Pro (20250123)","VIPRE Advanced Security (20250123)","VirIT eXplorer PRO (20250123)","Webroot SecureAnywhere (20250123)","Windows Defender (20250123)"],"avAllowList":["Trend Micro Internet Security (20250123)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.search: free media downloads","reference":"","landingPage":"https://freemoresoft.com/freevideotogifconverter/index.php","directDownloadingLink":"https://freemoresoft.com/freevideotogifconverter/index.php","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://freemoresoft.com/freevideotogifconverter/index.php","sourceIndex":"441"}],"sampleFiles":["241030/FreemoreVideotoGIFConverter-220610/10.8.1/Samples/FreemoreVideotoGIFConverter.exe","241030/FreemoreVideotoGIFConverter-220610/10.8.1/Samples/FreemoreVideotoGIFConverter-setup.exe","241030/FreemoreVideotoGIFConverter-220610/10.8.1/Samples/FreemoreVideotoGIFConverter_241030.exe"],"imageFiles":["241030/FreemoreVideotoGIFConverter-220610/10.8.1/Images/ACR-109/ACR-109_039_048-RKSetup.jpg","241030/FreemoreVideotoGIFConverter-220610/10.8.1/Images/ACR-039/ACR-109_039_048-RKSetup.jpg","241030/FreemoreVideotoGIFConverter-220610/10.8.1/Images/ACR-047/ACR-004_083_047_003.jpg","241030/FreemoreVideotoGIFConverter-220610/10.8.1/Images/ACR-047/ACR-048-UpdatePrompt.jpg","241030/FreemoreVideotoGIFConverter-220610/10.8.1/Images/ACR-048/ACR-109_039_048-RKSetup.jpg","241030/FreemoreVideotoGIFConverter-220610/10.8.1/Images/ACR-004/ACR-004_083_047_003.jpg","241030/FreemoreVideotoGIFConverter-220610/10.8.1/Images/ACR-004/ACR-048-UpdatePrompt.jpg","241030/FreemoreVideotoGIFConverter-220610/10.8.1/Images/ACR-083/ACR-048-UpdatePrompt.jpg","241030/FreemoreVideotoGIFConverter-220610/10.8.1/Images/ACR-048/ACR-048-UpdatePrompt.jpg","241030/FreemoreVideotoGIFConverter-220610/10.8.1/Images/ACR-003/ACR-004_083_047_003.jpg","241030/FreemoreVideotoGIFConverter-220610/10.8.1/Images/ACR-118/ACR-118_Remnants.jpg","241030/FreemoreVideotoGIFConverter-220610/10.8.1/Images/ACR-057/RelevantKnowledge.jpg","241030/FreemoreVideotoGIFConverter-220610/10.8.1/Images/ACR-059/RelevantKnowledge.jpg","241030/FreemoreVideotoGIFConverter-220610/10.8.1/Images/ACR-071/RelevantKnowledge.jpg","241030/FreemoreVideotoGIFConverter-220610/10.8.1/Images/ACR-155/RelevantKnowledge.jpg","241030/FreemoreVideotoGIFConverter-220610/10.8.1/Images/ACR-047/ACR-004_083_047_003.jpg","241030/FreemoreVideotoGIFConverter-220610/10.8.1/Images/ACR-047/ACR-048-UpdatePrompt.jpg","241030/FreemoreVideotoGIFConverter-220610/10.8.1/Images/ACR-010/RelevantKnowledge.jpg"],"nonDeceptorImageFiles":["241030/FreemoreVideotoGIFConverter-220610/10.8.1/Images/ACR-002/ACR-002_InconsistentAppVersion.jpg","241030/FreemoreVideotoGIFConverter-220610/10.8.1/Images/ACR-106/RelevantKnowledge.jpg","241030/FreemoreVideotoGIFConverter-220610/10.8.1/Images/ACR-002/ACR-002_InconsistentAppVersion.jpg"],"guid":"ce3313b4-b089-46d6-b088-063046abca1d_10.8.1_1","appID":"FreemoreVideotoGIFConverter-220610","dateAdded":"241030","deceptorType":"App","name":"Freemore Video to GIF Converter","company":"FreeMoreSoft, Inc.","version":"10.8.1","lastKnownStatus":"10.8.1","lastKnownDate":"241030","type":"Windows Executable","category":"Media editors, SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"cross-sell other apps,sold in bundle","lastUpdate":"2024-10-31T01:03:02.7248282+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":429},{"violations":{"ACR-109":"The app downloads \"spt_setup.exe\", a RelevantKnowledge file before disclosure and without the consumer's consent.\n\n","ACR-047":"The App presents the untruthful message that application needs to update, instead it attempts to re-run the application to present the declined offer again.  \n\nThe App presents the untruthful message that application needs to update, instead it attempts to re-run the application to present the declined offer again.  \n\n","ACR-048":"The \"Decline\" button does not have any control. Despite declining RelevantKnowledge app, it is still downloaded RelevantKnowledge file “spt_setup.exe” nevertheless.\n\nUnable to close the update prompt. \n\n","ACR-003":"The App misleads consumer they need to run update. There is no newer build, instead, it attempts to run the installer and present the declined offers again.\n\n","ACR-004":"The app prompts untruthful message that upgrade is needed whenever user launches the app. The \"Update\" downloads nothing new, sometimes it leads to download the component(s) that user declined during install procedure, for example, it connected to dpd.securestudies.com and attempted to download user internet behavior program from Relevant Knowledge. \n\n","ACR-010":"The app distributes deceptor application. The offer in this app, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control. \n\n","ACR-083":"The App attempts to present the offer repeatedly via its update and startup.\n\n","ACR-118":"Upon uninstallation, it retains some executables and many of its other components along with a \"curl-ca-bundle.crt\" on the device without user's knowledge. \n\n","ACR-057":"The app bundles the \"Relevant Knowledge\" offer which does not allow the consumer to decline the offer. \n\n","ACR-071":"It attempts to force the acceptance of \"Relevant Knowledge\" by graying out the Next button when the user choose to Decline. Thus, forcing the user to only accept the offer and proceed with the installation.\n\n","ACR-059":"Offer not clearly marked as an offer. Instead, it is presented as a component of the carrier.\n\n","ACR-039":"There is no clear indications of the relationship to the installer application. RelevantKnowledge is presented as part of the installer application. Despite declining RelevantKnowledge app, it still downloaded RelevantKnowledge file “spt_setup.exe” regardless.\n\n","ACR-155":"Offers are designed to look like part of the install workflow. \n\n"},"nonDeceptorViolations":{"ACR-002":"The App's version is inconsistent between App interaction and its install (version4.8.2.4 vs version 4.8.0) \n\nThe App's version is inconsistent between App interaction and its install (version4.8.2.4 vs version 4.8.0) \n\n","ACR-106":"App offers deceptive application 'Relevant Knowledge market survey'. \n\n"},"samples":[{"isRevoked":"False","fileName":"MP3Cutter.exe","fileVersion":"4.8.0","hashMD5":"5868a93c8a8ecbe263dd7d08b05902e9","hashSHA1":"ef6fc2bb86a89ab2374eb127830d4d910aae27f6","hashSHA256":"e0f53eb276ba26bb5d9834517dc345ea4b4229172ae26c190e1f61ffc377ee3d","sourceIndex":"1561","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"MP3CutterJoinerFree.exe","isInstaller":"True","companyName":"TechTouch Soft Co., Ltd.                                    ","productName":"MP3 Cutter Joiner Free     ","fileVersion":"4.8.2.4","hashMD5":"f35d59dc3a28b32becfe1d936285f9e4","hashSHA1":"24e7e21d5f4dd2f4ea021484c2de872f79034339","hashSHA256":"1ff30ef1da96020835ed1a7c80b5e01096049f478602b019ebbff741db2afa27","digitalCertThumbprint":"347240ECC751AB91D4BA3282DC67ACC9A36D1128","digitalCertIssuer":"CN=COMODO RSA Extended Validation Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", O=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", STREET=\"Chaoyang North Road 199, MOMA Building 1901, Chaoyang District\", L=Beijing, PostalCode=100026, C=CN, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=CN, SERIALNUMBER=911101056717485703","sourceIndex":"1561","avBlockList":["360 Total Security (20241031)","Avast Premium Security (20241031)","AVG Internet Security (20241031)","Avira Internet Security (20241031)","Bitdefender Internet Security (20241031)","COMODO Antivirus (20241031)","Dr.Web Security Space (20241031)","ESET Internet Security (20241031)","G DATA INTERNET SECURITY (20241031)","K7 Total Security (20241031)","Kaspersky Internet Security (20220616)","Malwarebytes Premium (20241031)","McAfee Total Protection (20241031)","Norton Security (20241031)","Panda Dome (20241031)","Quick Heal Internet Security (20241031)","Sophos Home Premium (20241031)","SpyHunter5 (20241031)","Total AV Antivirus Pro (20241031)","Trend Micro Internet Security (20241031)","VIPRE Advanced Security (20241031)","VirIT eXplorer PRO (20241031)","Webroot SecureAnywhere (20241031)","Windows Defender (20241031)","FortectPremium (20241031)","KasperskyPremium (20241031)"],"avAllowList":["Tencent PC Manager (20220616)"]},{"isRevoked":"False","fileName":"MP3Joiner.exe","fileVersion":"4.8.0","hashMD5":"433109c32c1e1d2da82b3399b2db1809","hashSHA1":"ef990e3b9a36f9ecdc8ab7788a956ffc8ec0183c","hashSHA256":"4e943b51f9bc73145eeca7a519adedbdde904c2f2866db697f3c2005bf0b1373","sourceIndex":"1561","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.search: free media downloads","reference":"","landingPage":"https://www.freemp3cutterjoiner.com/","directDownloadingLink":"https://www.freemp3cutterjoiner.com/MP3CutterJoinerFree.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.freemp3cutterjoiner.com/MP3CutterJoinerFree.exe","sourceIndex":"1561"}],"sampleFiles":["220613/FreeMP3CutterJoiner-220613/4.8.2.4/Samples/MP3Cutter.exe","220613/FreeMP3CutterJoiner-220613/4.8.2.4/Samples/MP3CutterJoinerFree.exe","220613/FreeMP3CutterJoiner-220613/4.8.2.4/Samples/MP3Joiner.exe"],"imageFiles":["220613/FreeMP3CutterJoiner-220613/4.8.2.4/Images/ACR-109/ACR-109_039_048_RKsetup.jpg","220613/FreeMP3CutterJoiner-220613/4.8.2.4/Images/ACR-039/ACR-109_039_048_RKsetup.jpg","220613/FreeMP3CutterJoiner-220613/4.8.2.4/Images/ACR-047/ACR-004_083_047_003_RKUpdatePrompt-2.jpg","220613/FreeMP3CutterJoiner-220613/4.8.2.4/Images/ACR-047/ACR-048_RKUpdatePrompt.jpg","220613/FreeMP3CutterJoiner-220613/4.8.2.4/Images/ACR-047/ACR-048_RKUpdatePrompt-2.jpg","220613/FreeMP3CutterJoiner-220613/4.8.2.4/Images/ACR-048/ACR-109_039_048_RKsetup.jpg","220613/FreeMP3CutterJoiner-220613/4.8.2.4/Images/ACR-010/RelevantKnowledge.jpg","220613/FreeMP3CutterJoiner-220613/4.8.2.4/Images/ACR-004/ACR-004_083_047_003_RKUpdatePrompt-2.jpg","220613/FreeMP3CutterJoiner-220613/4.8.2.4/Images/ACR-004/ACR-048_RKUpdatePrompt-2.jpg","220613/FreeMP3CutterJoiner-220613/4.8.2.4/Images/ACR-004/ACR-048_RKUpdatePrompt.jpg","220613/FreeMP3CutterJoiner-220613/4.8.2.4/Images/ACR-083/ACR-004_083_047_003_RKUpdatePrompt-2.jpg","220613/FreeMP3CutterJoiner-220613/4.8.2.4/Images/ACR-083/ACR-048_RKUpdatePrompt.jpg","220613/FreeMP3CutterJoiner-220613/4.8.2.4/Images/ACR-083/ACR-048_RKUpdatePrompt-2.jpg","220613/FreeMP3CutterJoiner-220613/4.8.2.4/Images/ACR-048/ACR-048_RKUpdatePrompt.jpg","220613/FreeMP3CutterJoiner-220613/4.8.2.4/Images/ACR-003/ACR-048_RKUpdatePrompt.jpg","220613/FreeMP3CutterJoiner-220613/4.8.2.4/Images/ACR-003/ACR-048_RKUpdatePrompt-2.jpg","220613/FreeMP3CutterJoiner-220613/4.8.2.4/Images/ACR-003/ACR-004_083_047_003_RKUpdatePrompt-2.jpg","220613/FreeMP3CutterJoiner-220613/4.8.2.4/Images/ACR-118/ACR-118_Remnants.jpg","220613/FreeMP3CutterJoiner-220613/4.8.2.4/Images/ACR-057/RelevantKnowledge.jpg","220613/FreeMP3CutterJoiner-220613/4.8.2.4/Images/ACR-059/RelevantKnowledge.jpg","220613/FreeMP3CutterJoiner-220613/4.8.2.4/Images/ACR-071/RelevantKnowledge.jpg","220613/FreeMP3CutterJoiner-220613/4.8.2.4/Images/ACR-155/RelevantKnowledge.jpg","220613/FreeMP3CutterJoiner-220613/4.8.2.4/Images/ACR-047/ACR-004_083_047_003_RKUpdatePrompt-2.jpg","220613/FreeMP3CutterJoiner-220613/4.8.2.4/Images/ACR-047/ACR-048_RKUpdatePrompt.jpg","220613/FreeMP3CutterJoiner-220613/4.8.2.4/Images/ACR-047/ACR-048_RKUpdatePrompt-2.jpg"],"nonDeceptorImageFiles":["220613/FreeMP3CutterJoiner-220613/4.8.2.4/Images/ACR-002/ACR-002_InconsistentVersion.jpg","220613/FreeMP3CutterJoiner-220613/4.8.2.4/Images/ACR-106/RelevantKnowledge.jpg","220613/FreeMP3CutterJoiner-220613/4.8.2.4/Images/ACR-002/ACR-002_InconsistentVersion.jpg"],"guid":"165cba42-a7b5-48b3-bd5a-cc7a3596e9b8_4.8.2.4_1","appID":"FreeMP3CutterJoiner-220613","dateAdded":"241030","deceptorType":"App","name":"Free MP3 Cutter Joiner","company":"TechTouch Soft Co., Ltd.","version":"4.8.2.4","lastKnownStatus":"4.8.2.4;4.8.3.0","lastKnownDate":"241030","type":"Windows Executable","category":"SysTools & Utilities, Media editors","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","ageAppropriate":"12+ appropriate","monetization":"cross-sell other apps,sold in bundle","lastUpdate":"2024-10-30T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":428},{"violations":{"ACR-109":"The app downloads \"rk_setup.exe\", a RelevantKnowledge file before disclosure and without the consumer's consent.\n\n","ACR-048":"The \"Decline\" button does not have any control. Despite declining RelevantKnowledge app, it is still downloaded RelevantKnowledge file “spt_setup.exe” nevertheless.\n\n","ACR-010":"The app distributes deceptor application. The offer in this app, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control. \n\n","ACR-013":"Application doesn't obtain the explicit informed user consent for running RK setup. The \"next\" misleads user that it is required for continue installation. It is misleadingly presented as mandatory component that user has to agree for install the application.\n","ACR-060":"The offer network does not disclose itself in RK offer to silently install unrelated software\n","ACR-118":"Upon uninstallation, it retains some executables and many of its other components along with a \"curl-ca-bundle.crt\" on the device without user's knowledge. \n\n","ACR-057":"The app bundles the \"Relevant Knowledge\" offer which does not allow the consumer to decline the offer. \n\n","ACR-071":"It attempts to force the acceptance of \"Relevant Knowledge\" by graying out the Next button when the user choose to Decline. Thus, forcing the user to only accept the offer and proceed with the installation.\n\n","ACR-059":"Offer not clearly marked as an offer. Instead, it is presented as a component of the carrier.\n\n","ACR-039":"There is no clear indications of the relationship to the installer application. RelevantKnowledge is presented as part of the installer application. Despite declining RelevantKnowledge app, it still downloaded RelevantKnowledge file “rk_setup.exe” regardless.\n\n","ACR-155":"Offers are designed to look like part of the install workflow. \n\n"},"nonDeceptorViolations":{"ACR-106":"App offers deceptive application 'Relevant Knowledge market survey'. \n\n"},"samples":[{"isRevoked":"False","fileName":"MP3CutterJoinerFree.exe","isInstaller":"True","companyName":"TechTouch Soft Co. Ltd.                                    ","productName":"MP3 Cutter Joiner Free                                      ","productVersion":"                    ","fileVersion":"                    ","hashMD5":"79a07726764f8d3dc03c1040046686e4","hashSHA1":"25fa2187bc1797507415c36cc2f22eedb802d829","hashSHA256":"4f25bb7fc84cd25d5e0220eba30340d326e1a42d129393a97c7cc3150dfe8894","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"447","avBlockList":["360 Total Security (20250121)","Avast Premium Security (20250121)","AVG Internet Security (20250121)","Avira Internet Security (20250121)","Bitdefender Internet Security (20250121)","COMODO Antivirus (20250121)","Dr.Web Security Space (20250121)","ESET Internet Security (20250121)","FortectPremium (20250121)","G DATA INTERNET SECURITY (20250121)","K7 Total Security (20250121)","KasperskyPremium (20250121)","Malwarebytes Premium (20250121)","McAfee Total Protection (20250121)","Norton Security (20250121)","Panda Dome (20250121)","SpyHunter5 (20250121)","Total AV Antivirus Pro (20250121)","Trend Micro Internet Security (20250121)","VIPRE Advanced Security (20250121)","VirIT eXplorer PRO (20250121)","Webroot SecureAnywhere (20250121)","Windows Defender (20250121)"],"avAllowList":["Quick Heal Internet Security (20250121)","Sophos Home Premium (20250121)"]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on windows app","reference":"","landingPage":"https://www.freemp3cutterjoiner.com/","directDownloadingLink":"https://www.freemp3cutterjoiner.com/MP3CutterJoinerFree.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.freemp3cutterjoiner.com/MP3CutterJoinerFree.exe","sourceIndex":"447"}],"sampleFiles":["241030/FreeMP3CutterJoiner-220613/4.8.3.0/Samples/MP3CutterJoinerFree.exe"],"imageFiles":["241030/FreeMP3CutterJoiner-220613/4.8.3.0/Images/ACR-109/ACR-109.PNG","241030/FreeMP3CutterJoiner-220613/4.8.3.0/Images/ACR-109/ACR-109_1.PNG","241030/FreeMP3CutterJoiner-220613/4.8.3.0/Images/ACR-039/ACR-039.PNG","241030/FreeMP3CutterJoiner-220613/4.8.3.0/Images/ACR-039/ACR-039_1.PNG","241030/FreeMP3CutterJoiner-220613/4.8.3.0/Images/ACR-048/ACR-048.PNG","241030/FreeMP3CutterJoiner-220613/4.8.3.0/Images/ACR-010/ACR-010.PNG","241030/FreeMP3CutterJoiner-220613/4.8.3.0/Images/ACR-118/ACR-118.PNG","241030/FreeMP3CutterJoiner-220613/4.8.3.0/Images/ACR-057/ACR-057.PNG","241030/FreeMP3CutterJoiner-220613/4.8.3.0/Images/ACR-059/ACR-059.PNG","241030/FreeMP3CutterJoiner-220613/4.8.3.0/Images/ACR-071/ACR-071.PNG","241030/FreeMP3CutterJoiner-220613/4.8.3.0/Images/ACR-155/ACR-155.PNG","241030/FreeMP3CutterJoiner-220613/4.8.3.0/Images/ACR-013/ACR-013.PNG","241030/FreeMP3CutterJoiner-220613/4.8.3.0/Images/ACR-060/ACR-060.PNG"],"nonDeceptorImageFiles":["241030/FreeMP3CutterJoiner-220613/4.8.3.0/Images/ACR-106/ACR-106.PNG"],"guid":"165cba42-a7b5-48b3-bd5a-cc7a3596e9b8_4.8.3.0_1","appID":"FreeMP3CutterJoiner-220613","dateAdded":"241030","deceptorType":"App","name":"Free MP3 Cutter Joiner","company":"TechTouch Soft Co., Ltd.","version":"4.8.3.0","lastKnownStatus":"4.8.2.4;4.8.3.0","lastKnownDate":"241030","type":"Windows Executable","category":"SysTools & Utilities, Media editors","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","ageAppropriate":"12+ appropriate","monetization":"cross-sell other apps,sold in bundle","lastUpdate":"2024-10-30T19:36:13.1345169+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":427},{"violations":{"ACR-109":"The app downloads \"rk_setup.exe\", a RelevantKnowledge file before disclosure and without the consumer's consent.\n\n","ACR-042":"Open source project \"FFmpeg\" is installed without any disclosure in EULA.\n","ACR-043":"Open source project \"FFmpeg\" is installed without any disclosure in EULA.\n","ACR-107":"The app does not obtain any authorization for using a third-party component 'ffmpeg'.\n","ACR-048":"The \"Decline\" button does not have any control. Despite declining RelevantKnowledge app, it is still downloaded RelevantKnowledge file “rk_setup.exe” nevertheless.\n\n","ACR-010":"The app distributes deceptor application. The offer in this app, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control. \n\n","ACR-013":"Application doesn't obtain the explicit informed user consent for running RK setup. The \"next\" misleads user that it is required for continue installation. It is misleadingly presented as mandatory component that user has to agree for install the application.\n","ACR-060":"The offer network does not disclose itself in RK offer to silently install unrelated software\n","ACR-118":"After uninstall, it retains some executables and many of its other components along with a \"curl-ca-bundle.crt\" on the device without user's knowledge. \n\n","ACR-057":"The app bundles the \"Relevant Knowledge\" offer which does not allow the consumer to decline the offer. \n\n","ACR-071":"It attempts to force the acceptance of \"Relevant Knowledge\" by graying out the Next button when the user choose to Decline. Thus, forcing the user to only accept the offer and proceed with the installation.\n\n","ACR-059":"Offer not clearly marked as an offer. Instead, it is presented as a component of the carrier.\n\n","ACR-039":"There is no clear indications of the relationship to the installer application. RelevantKnowledge is presented as part of the installer application. Despite declining RelevantKnowledge app, it still downloaded RelevantKnowledge file “rk_setup.exe” regardless.\n\n","ACR-155":"Offers are designed to look like part of the install workflow. \n\n"},"nonDeceptorViolations":{"ACR-106":"App offers deceptive application 'Relevant Knowledge market survey'. \n\n"},"samples":[{"isRevoked":"False","fileName":"EasyYouTubetoMP3Converter.exe","isInstaller":"True","companyName":"FAEMedia Co. Ltd.                                          ","productName":"Easy YouTube to MP3 Converter                               ","productVersion":"                    ","fileVersion":"                    ","hashMD5":"84a981e65270aadfffc164af455424f1","hashSHA1":"be9d814d295ea0ceded37329e84567c22e89b22a","hashSHA256":"9624fe74ceb607385be6e27ad275f5db69fc85e75bbc8bf274ac3098fbab10e8","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"446","avBlockList":["360 Total Security (20250123)","Avast Premium Security (20250123)","AVG Internet Security (20250123)","Avira Internet Security (20250123)","Bitdefender Internet Security (20250123)","COMODO Antivirus (20250123)","Dr.Web Security Space (20250123)","ESET Internet Security (20250123)","FortectPremium (20250123)","G DATA INTERNET SECURITY (20250123)","K7 Total Security (20250123)","KasperskyPremium (20250123)","Malwarebytes Premium (20250123)","McAfee Total Protection (20250123)","Norton Security (20250123)","Panda Dome (20250123)","Quick Heal Internet Security (20250123)","Sophos Home Premium (20250123)","SpyHunter5 (20250123)","Total AV Antivirus Pro (20250123)","VIPRE Advanced Security (20250123)","VirIT eXplorer PRO (20250123)","Webroot SecureAnywhere (20250123)","Windows Defender (20250123)"],"avAllowList":["Trend Micro Internet Security (20250123)"]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on windows app","reference":"","landingPage":"https://free-audio-editor.com/easyyoutubetomp3converter/","directDownloadingLink":"https://free-audio-editor.com/EasyYouTubetoMP3Converter.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://free-audio-editor.com/EasyYouTubetoMP3Converter.exe","sourceIndex":"446"}],"sampleFiles":["241030/EasyYouTubetoMP3Converter-220608/10.1.3.0/Samples/EasyYouTubetoMP3Converter.exe"],"imageFiles":["241030/EasyYouTubetoMP3Converter-220608/10.1.3.0/Images/ACR-109/ACR-109.PNG","241030/EasyYouTubetoMP3Converter-220608/10.1.3.0/Images/ACR-039/ACR-039.PNG","241030/EasyYouTubetoMP3Converter-220608/10.1.3.0/Images/ACR-043/ACR-043.PNG","241030/EasyYouTubetoMP3Converter-220608/10.1.3.0/Images/ACR-107/ACR-107.PNG","241030/EasyYouTubetoMP3Converter-220608/10.1.3.0/Images/ACR-042/ACR-042.PNG","241030/EasyYouTubetoMP3Converter-220608/10.1.3.0/Images/ACR-048/ACR-048.PNG","241030/EasyYouTubetoMP3Converter-220608/10.1.3.0/Images/ACR-010/ACR-010.PNG","241030/EasyYouTubetoMP3Converter-220608/10.1.3.0/Images/ACR-118/ACR-118.PNG","241030/EasyYouTubetoMP3Converter-220608/10.1.3.0/Images/ACR-057/ACR-057.PNG","241030/EasyYouTubetoMP3Converter-220608/10.1.3.0/Images/ACR-059/ACR-059.PNG","241030/EasyYouTubetoMP3Converter-220608/10.1.3.0/Images/ACR-071/ACR-071.PNG","241030/EasyYouTubetoMP3Converter-220608/10.1.3.0/Images/ACR-155/ACR-155.PNG","241030/EasyYouTubetoMP3Converter-220608/10.1.3.0/Images/ACR-013/ACR-013.PNG","241030/EasyYouTubetoMP3Converter-220608/10.1.3.0/Images/ACR-060/ACR-060.PNG"],"nonDeceptorImageFiles":["241030/EasyYouTubetoMP3Converter-220608/10.1.3.0/Images/ACR-106/ACR-106.PNG"],"guid":"25c573a3-2cb7-4900-a5cc-0b47bcbdf611_10.1.3.0_1","appID":"EasyYouTubetoMP3Converter-220608","dateAdded":"241030","deceptorType":"App","name":"Easy Youtube to MP3 Converter","company":"FAEMedia","version":"10.1.3.0","lastKnownStatus":"10.1.2.5;10.1.3.0","lastKnownDate":"241030","type":"Windows Executable","category":"Media editors, SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,cross-sell other apps,sold in bundle","lastUpdate":"2024-10-30T19:38:20.2195448+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":432},{"violations":{"ACR-109":"The app downloads \"spt_setup.exe\", a RelevantKnowledge file before disclosure and without the consumer's consent.\n\n","ACR-047":"The App presents the untruthful message that application needs to update, instead it attempts to re-run the application to present the declined offer again.  \n\nThe App presents the untruthful message that application needs to update, instead it attempts to re-run the application to present the declined offer again.  \n\n","ACR-048":"The \"Decline\" button does not have any control. Despite declining RelevantKnowledge app, it is still downloaded RelevantKnowledge file “spt_setup.exe” nevertheless.\n\n","ACR-003":"The App misleads consumer they need to run update. There is no newer build, instead, it attempts to run the installer and present the declined offers again.\n\n","ACR-004":"The app prompts untruthful message that upgrade is needed whenever user launches the app. The \"Update\" downloads nothing new, sometimes it leads to download the component(s) that user declined during install procedure, for example, it connected to dpd.securestudies.com and attempted to download user internet behavior program from Relevant Knowledge. \n\n","ACR-010":"The app distributes deceptor application. The offer in this app, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control. \n\n","ACR-118":"Upon uninstallation, it retains some executables and many of its other components along with a \"curl-ca-bundle.crt\" on the device without user's knowledge. \n\n","ACR-057":"The app bundles the \"Relevant Knowledge\" offer which does not allow the consumer to decline the offer. \n\n","ACR-071":"It attempts to force the acceptance of \"Relevant Knowledge\" by graying out the Next button when the user choose to Decline. Thus, forcing the user to only accept the offer and proceed with the installation.\n\n","ACR-059":"Offer not clearly marked as an offer. Instead, it is presented as a component of the carrier.\n\n","ACR-039":"There is no clear indications of the relationship to the installer application. RelevantKnowledge is presented as part of the installer application. Despite declining RelevantKnowledge app, it still downloaded RelevantKnowledge file “spt_setup.exe” regardless.\n\n","ACR-155":"Offers are designed to look like part of the install workflow. \n\n"},"nonDeceptorViolations":{"ACR-002":"The App's version is inconsistent between App interaction and its install (version 8.8.2.4 vs version 8.8.1) \n\nThe App's version is inconsistent between App interaction and its install (version 8.8.2.4 vs version 8.8.1) \n\n","ACR-106":"App offers deceptive application 'Relevant Knowledge market survey'. \n\n","ACR-092":"The main executable is not digitally signed. \n\n"},"samples":[{"isRevoked":"False","fileName":"FreeEasyScantoPDF-setup.exe","isInstaller":"True","companyName":"Freeease.net.                                               ","productName":"Free Easy Scan to PDF       ","fileVersion":"8.8.2.4","hashMD5":"1c19ebbeef3ae39aae9909c48c41c801","hashSHA1":"45238bcc9b7921e2db9a7ed0c79e0d9c159d1bb2","hashSHA256":"4f1b605845747f14d632575657ac237945621e5fab30451c6d61568b7077884f","digitalCertThumbprint":"347240ECC751AB91D4BA3282DC67ACC9A36D1128","digitalCertIssuer":"CN=COMODO RSA Extended Validation Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", O=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", STREET=\"Chaoyang North Road 199, MOMA Building 1901, Chaoyang District\", L=Beijing, PostalCode=100026, C=CN, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=CN, SERIALNUMBER=911101056717485703","sourceIndex":"443","avBlockList":["360 Total Security (20250123)","Avast Premium Security (20250123)","AVG Internet Security (20250123)","Avira Internet Security (20250123)","Bitdefender Internet Security (20250123)","COMODO Antivirus (20250123)","Dr.Web Security Space (20250123)","ESET Internet Security (20250123)","G DATA INTERNET SECURITY (20250123)","K7 Total Security (20250123)","Kaspersky Internet Security (20220714)","Malwarebytes Premium (20250123)","McAfee Total Protection (20250123)","Norton Security (20250123)","Panda Dome (20250123)","Quick Heal Internet Security (20250123)","Sophos Home Premium (20250123)","SpyHunter5 (20250123)","Total AV Antivirus Pro (20250123)","Trend Micro Internet Security (20250123)","VIPRE Advanced Security (20250123)","VirIT eXplorer PRO (20250123)","Webroot SecureAnywhere (20250123)","Windows Defender (20250123)","FortectPremium (20250123)","KasperskyPremium (20250123)"],"avAllowList":["Tencent PC Manager (20220714)"]},{"isRevoked":"False","fileName":"FreeEasyScantoPDF_241030.exe","isInstaller":"True","companyName":"Freeease.net.                                               ","fileVersion":"0.0","hashMD5":"20c585e793e715f96efc1a6c3b06a713","hashSHA1":"4e1f758e041f72f4f2ca544d3aeb72c94143c180","hashSHA256":"3a8109ff65526dd47601a67d972ca7fef159382980614cf2995a0c3e851f0fff","sourceIndex":"443","avBlockList":["360 Total Security (20250128)","Avast Premium Security (20250128)","AVG Internet Security (20250128)","Avira Internet Security (20250128)","Bitdefender Internet Security (20250128)","COMODO Antivirus (20250128)","Dr.Web Security Space (20250128)","ESET Internet Security (20250128)","FortectPremium (20250128)","G DATA INTERNET SECURITY (20250128)","K7 Total Security (20250128)","KasperskyPremium (20250128)","Malwarebytes Premium (20250128)","McAfee Total Protection (20250128)","Norton Security (20250128)","Panda Dome (20250128)","Quick Heal Internet Security (20250128)","Sophos Home Premium (20250128)","SpyHunter5 (20250128)","Total AV Antivirus Pro (20250128)","Trend Micro Internet Security (20250128)","VIPRE Advanced Security (20250128)","VirIT eXplorer PRO (20250128)","Webroot SecureAnywhere (20250128)","Windows Defender (20250128)"],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.search: free media downloads","reference":"","landingPage":"https://freeease.net/p-scantopdf/overview.php ","directDownloadingLink":"http://www.freeease.net/FreeEasyScantoPDF.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://www.freeease.net/FreeEasyScantoPDF.exe","sourceIndex":"443"}],"sampleFiles":["241030/FreeEasyScantoPDF-220610/8.8.1/Samples/FreeEasyScantoPDF-setup.exe","241030/FreeEasyScantoPDF-220610/8.8.1/Samples/FreeEasyScantoPDF_241030.exe"],"imageFiles":["241030/FreeEasyScantoPDF-220610/8.8.1/Images/ACR-109/ACR-109_039_048_RKSetup.jpg","241030/FreeEasyScantoPDF-220610/8.8.1/Images/ACR-039/ACR-109_039_048_RKSetup.jpg","241030/FreeEasyScantoPDF-220610/8.8.1/Images/ACR-047/ACR-047_003_RKUpdateprompt.jpg","241030/FreeEasyScantoPDF-220610/8.8.1/Images/ACR-048/ACR-109_039_048_RKSetup.jpg","241030/FreeEasyScantoPDF-220610/8.8.1/Images/ACR-010/RelevantKnowledge.jpg","241030/FreeEasyScantoPDF-220610/8.8.1/Images/ACR-004/ACR-047_003_RKUpdateprompt.jpg","241030/FreeEasyScantoPDF-220610/8.8.1/Images/ACR-003/ACR-047_003_RKUpdateprompt.jpg","241030/FreeEasyScantoPDF-220610/8.8.1/Images/ACR-118/ACR-118_Remnants.jpg","241030/FreeEasyScantoPDF-220610/8.8.1/Images/ACR-057/RelevantKnowledge.jpg","241030/FreeEasyScantoPDF-220610/8.8.1/Images/ACR-059/RelevantKnowledge.jpg","241030/FreeEasyScantoPDF-220610/8.8.1/Images/ACR-071/RelevantKnowledge.jpg","241030/FreeEasyScantoPDF-220610/8.8.1/Images/ACR-155/RelevantKnowledge.jpg","241030/FreeEasyScantoPDF-220610/8.8.1/Images/ACR-047/ACR-047_003_RKUpdateprompt.jpg"],"nonDeceptorImageFiles":["241030/FreeEasyScantoPDF-220610/8.8.1/Images/ACR-002/ACR-002_InconsistentAppVersion.jpg","241030/FreeEasyScantoPDF-220610/8.8.1/Images/ACR-106/RelevantKnowledge.jpg","241030/FreeEasyScantoPDF-220610/8.8.1/Images/ACR-002/ACR-002_InconsistentAppVersion.jpg"],"guid":"bb82b1d2-97ba-4a03-888e-affd4f6b62d7_8.8.1_1","appID":"FreeEasyScantoPDF-220610","dateAdded":"241030","deceptorType":"App","name":"Free Easy Scan to PDF","company":"Freeease.net","version":"8.8.1","lastKnownStatus":"8.8.1","lastKnownDate":"241030","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"cross-sell other apps,sold in bundle","lastUpdate":"2024-10-31T00:58:01.9171935+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":431},{"violations":{"ACR-109":"The app downloads \"spt_setup.exe\", a RelevantKnowledge file without the consumer's consent. \n","ACR-047":"After the app is installed, it prompts the user with an \"Important!\" message to use a \"new version to avoid malfunctions\". This installs the same version of the app and re-runs the install and the offers that the consumer has previously declined.\n","ACR-048":"The \"Decline\" button does not have any control but still drops a RelevantKnowledge file “spt_setup.exe”. \nThe app does not provide an option to close the update prompt and cancel the startup of its own.\n","ACR-010":"The app bundler distributes the deceptor application. The offer in this bundler, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control.\n","ACR-083":"The app attempts to present the offer repeatedly via its update and startup.\n","ACR-084":"The app creates a startup entry without the user's knowledge and consent. \n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components along with a \"curl-ca-bundle.crt\" on the device without the consumer's consent or notifying the user.\n","ACR-122":"The app displays a notification stating \"Update recommended\" which downloads the app and asks the user to install it by displaying the install prompt. This scenario is observed after uninstall and reboot.\n","ACR-057":"The app bundles the \"Relevant Knowledge\" offer which does not allow the consumer to decline the offer.\n","ACR-071":"The \"Relevant Knowledge\" offer cannot be declined independently as the installation is unable to proceed when attempting to decline the offer. Thus it forces the user to, only accept the offer and proceed with the installation.\n","ACR-075":"After the app is installed, it prompts the user with an \"Important!\" message to use a \"new version to avoid malfunctions\". This installs the same version of the app and re-runs the install and the offers that the consumer has previously declined.\n","ACR-014":"The app misleads users that they need to install an update while actually, it tries to install the pre-declined component by the user during the install. \n","ACR-059":"The Offer is not clearly marked as an offer. It is unclear who is recommending the offer. \n","ACR-155":"Offers are designed to look like part of the install workflow. \n"},"nonDeceptorViolations":{"ACR-106":"App offers deceptive application 'Relevant Knowledge market survey'.\n","ACR-092":"The app does not have a digital signature for the main executable: \"AllFreeDiscBurner.exe\"\n","ACR-123":"The app does not remove its startup item even after uninstall. \n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\All Free Disc Burner\\AllFreeDiscBurner.exe","companyName":"","productName":"","productVersion":"","fileVersion":"","hashMD5":"b118f40bf9e81a3cb4ee42fe7c514a95","hashSHA1":"0c7d9f88dddbbde24c79eb175fd0721490bab64b","hashSHA256":"db8933a14004a949e7a38470ce4591d05b724db4ebb89cf9b05d3b3c637721f1","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"445","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\All Free Disc Burner\\goup.exe","companyName":"","productName":"","productVersion":"1.0.0.0","fileVersion":"1.0.0.0","hashMD5":"b58001b7a3d8a4d2947b632accc613a0","hashSHA1":"4265de99ff08ce7170724cf56b6e3d87f211290d","hashSHA256":"0f0d36ef8b4de954e930fe85dc4e48fd83d2a2785a5a59cab4b3469afcb47989","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"445","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"AllFreeDiscBurner.exe","isInstaller":"True","companyName":"AllFreeVideoSoft Co. Ltd.                                  ","productName":"All Free Disc Burner                                        ","productVersion":"                                                  ","fileVersion":"                    ","hashMD5":"8bc97024c173efda9dd1222866336e1f","hashSHA1":"94eea5fab7831364146dd28a42382eadfb4c5abf","hashSHA256":"821477970158eebe542419c7fe1c3d168e280d3c33d2ffb2c556820385afd277","digitalCertThumbprint":"347240ECC751AB91D4BA3282DC67ACC9A36D1128","digitalCertIssuer":"COMODO RSA Extended Validation Code Signing CA","digitalCertIssuedTo":"Beijing Qingruan Creative Information Technology Co. Ltd.","storeId":"","sourceIndex":"445","avBlockList":["360 Total Security (20250123)","Avast Premium Security (20250123)","AVG Internet Security (20250123)","Avira Internet Security (20250123)","Bitdefender Internet Security (20250123)","COMODO Antivirus (20250123)","Dr.Web Security Space (20250123)","ESET Internet Security (20250123)","G DATA INTERNET SECURITY (20250123)","K7 Total Security (20250123)","Kaspersky Internet Security (20220728)","Malwarebytes Premium (20250123)","McAfee Total Protection (20250123)","Norton Security (20250123)","Panda Dome (20250123)","Quick Heal Internet Security (20250123)","Sophos Home Premium (20250123)","SpyHunter5 (20250123)","Total AV Antivirus Pro (20250123)","Trend Micro Internet Security (20250123)","VIPRE Advanced Security (20250123)","VirIT eXplorer PRO (20250123)","Webroot SecureAnywhere (20250123)","Windows Defender (20250123)","FortectPremium (20250123)","KasperskyPremium (20250123)"],"avAllowList":["Tencent PC Manager (20220728)"]},{"isRevoked":"False","fileName":"AllFreeDiscBurner_241030.exe","isInstaller":"True","companyName":"AllFreeVideoSoft Co., Ltd.                                  ","fileVersion":"0.0","hashMD5":"3c5984424647d169f14aecdd259ab777","hashSHA1":"21e11f6039734ac2b9e45ca862966e397fbac2a0","hashSHA256":"cf59012220eb95117de5fc7c5c645f11123eaa310d25f6fa7138526b84742ebe","sourceIndex":"445","avBlockList":["360 Total Security (20250128)","Avast Premium Security (20250128)","AVG Internet Security (20250128)","Avira Internet Security (20250128)","Bitdefender Internet Security (20250128)","COMODO Antivirus (20250128)","Dr.Web Security Space (20250128)","ESET Internet Security (20250128)","FortectPremium (20250128)","G DATA INTERNET SECURITY (20250128)","K7 Total Security (20250128)","KasperskyPremium (20250128)","Malwarebytes Premium (20250128)","McAfee Total Protection (20250128)","Norton Security (20250128)","Panda Dome (20250128)","Quick Heal Internet Security (20250128)","Sophos Home Premium (20250128)","SpyHunter5 (20250128)","Total AV Antivirus Pro (20250128)","Trend Micro Internet Security (20250128)","VIPRE Advanced Security (20250128)","VirIT eXplorer PRO (20250128)","Webroot SecureAnywhere (20250128)","Windows Defender (20250128)"],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Related Apps","reference":"","landingPage":"https://www.allfreevideoconverter.com/freediscburner/index.html","directDownloadingLink":"https://www.allfreevideoconverter.com/download/AllFreeDiscBurner.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.allfreevideoconverter.com/download/AllFreeDiscBurner.exe","sourceIndex":"445"}],"sampleFiles":["241030/allfreediscburner-220610/8.8.1/Samples/AllFreeDiscBurner.exe","241030/allfreediscburner-220610/8.8.1/Samples/AllFreeDiscBurner_241030.exe"],"imageFiles":["241030/allfreediscburner-220610/8.8.1/Images/ACR-109/ACR-109_Install_Drops_Third_Party.JPG","241030/allfreediscburner-220610/8.8.1/Images/ACR-047/ACR-047_Install.JPG","241030/allfreediscburner-220610/8.8.1/Images/ACR-047/ACR-047_Install.mp4","241030/allfreediscburner-220610/8.8.1/Images/ACR-048/ACR-048_Install_No_Control_To_Decline.JPG","241030/allfreediscburner-220610/8.8.1/Images/ACR-010/ACR-010_Install_Bundles_Deceptor.JPG","241030/allfreediscburner-220610/8.8.1/Images/ACR-083/ACR-083_Software.JPG","241030/allfreediscburner-220610/8.8.1/Images/ACR-083/ACR-083_Software_1.JPG","241030/allfreediscburner-220610/8.8.1/Images/ACR-084/ACR-084_Software.JPG","241030/allfreediscburner-220610/8.8.1/Images/ACR-048/ACR-048_Software.JPG","241030/allfreediscburner-220610/8.8.1/Images/ACR-048/ACR-048_Software_1.JPG","241030/allfreediscburner-220610/8.8.1/Images/ACR-014/ACR-014_Software.JPG","241030/allfreediscburner-220610/8.8.1/Images/ACR-014/ACR-014_Software.mp4","241030/allfreediscburner-220610/8.8.1/Images/ACR-118/ACR-118_Uninstall.JPG","241030/allfreediscburner-220610/8.8.1/Images/ACR-118/ACR-118_Uninstall_1.JPG","241030/allfreediscburner-220610/8.8.1/Images/ACR-122/ACR-122_Uninstall.JPG","241030/allfreediscburner-220610/8.8.1/Images/ACR-075/ACR-075_Bundler-MadeOffers.JPG","241030/allfreediscburner-220610/8.8.1/Images/ACR-075/ACR-075_Bundler-MadeOffers.mp4","241030/allfreediscburner-220610/8.8.1/Images/ACR-057/ACR-057_Bundler-MadeOffers.JPG","241030/allfreediscburner-220610/8.8.1/Images/ACR-059/ACR-059_Bundler-MadeOffers.JPG","241030/allfreediscburner-220610/8.8.1/Images/ACR-071/ACR-071_Bundler-MadeOffers.JPG","241030/allfreediscburner-220610/8.8.1/Images/ACR-155/ACR-155_Bundler-MadeOffers.JPG"],"nonDeceptorImageFiles":["241030/allfreediscburner-220610/8.8.1/Images/ACR-106/ACR-106_Software_Bundles_Deceptor.JPG","241030/allfreediscburner-220610/8.8.1/Images/ACR-092/ACR-092_Software.JPG","241030/allfreediscburner-220610/8.8.1/Images/ACR-123/ACR-123_Uninstall.JPG"],"guid":"b7f286a6-5bb9-432d-9fce-56f62084fe9e_8.8.1_1","appID":"allfreediscburner-220610","dateAdded":"241030","deceptorType":"App","name":"All Free Disc Burner","company":"AllFreeVideoSoft Co., Ltd.","version":"8.8.1","lastKnownStatus":"8.8.1","lastKnownDate":"241030","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2024-10-31T00:50:35.6300614+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":435},{"violations":{"ACR-109":"The app downloads \"spt_setup.exe\", a RelevantKnowledge file before disclosure and without the consumer's consent.\n\n","ACR-047":"The App presents the untruthful message that application needs to update, instead it attempts to re-run the application to present the declined offer again.  \n\nThe App presents the untruthful message that application needs to update, instead it attempts to re-run the application to present the declined offer again.  \n\n","ACR-048":"The \"Decline\" button does not have any control. Despite declining RelevantKnowledge app, it is still downloaded RelevantKnowledge file “spt_setup.exe” nevertheless.\n\nUnable to close the update prompt. \n\n","ACR-003":"The App misleads consumer they need to run update. There is no newer build, instead, it sometimes leads to download the component(s) that user declined during install procedure, for example, it connected to dpd.securestudies.com and attempted to download user internet behavior program from Relevant Knowledge. \n\n","ACR-004":"The app prompts untruthful message that upgrade is needed whenever user launches the app. The \"Update\" downloads nothing new, sometimes it leads to download the component(s) that user declined during install procedure, for example, it connected to dpd.securestudies.com and attempted to download user internet behavior program from Relevant Knowledge. \n\n","ACR-010":"The app distributes deceptor application. The offer in this app, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control. \n\n","ACR-083":"The App attempts to present the offer repeatedly via its update and startup.\n\n","ACR-118":"After uninstall, it retains some executables and many of its other components along with a \"curl-ca-bundle.crt\" on the device without user's knowledge. \n\n","ACR-057":"The app bundles the \"Relevant Knowledge\" offer which does not allow the consumer to decline the offer. \n\n","ACR-071":"It attempts to force the acceptance of \"Relevant Knowledge\" by graying out the Next button when the user choose to Decline. Thus, forcing the user to only accept the offer and proceed with the installation.\n\n","ACR-059":"Offer not clearly marked as an offer. Instead, it is presented as a component of the carrier.\n\n","ACR-039":"There is no clear indications of the relationship to the installer application. RelevantKnowledge is presented as part of the installer application. Despite declining RelevantKnowledge app, it still downloaded RelevantKnowledge file “spt_setup.exe” regardless.\n\n","ACR-155":"Offers are designed to look like part of the install workflow. \n\n"},"nonDeceptorViolations":{"ACR-002":"The App's version is inconsistent between App interaction and its install (version10.1.2.5 vs version 9.3.3) \nThe App's version is inconsistent between App interaction and its install (version10.1.2.5 vs version 9.3.3) \n\n","ACR-106":"App offers deceptive application 'Relevant Knowledge market survey'. \n\n"},"samples":[{"isRevoked":"False","fileName":"EasyYouTubetoMP3Converter.exe","fileVersion":"1.0","hashMD5":"256bc08e4f66bc0c3df0600220853311","hashSHA1":"f08d3a1ed91755b9d58d5a4ffaa9c1cb9e0c1d9e","hashSHA256":"031de687b35b9a0619780172dbd5dced32a1206152865707c8e7db2dfe824020","sourceIndex":"1566","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"EasyYouTubetoMP3Converter-setup.exe","isInstaller":"True","companyName":"FAEMedia Co., Ltd.                                          ","fileVersion":"0.0","hashMD5":"5f090a6d913da463804acb9bf8202baf","hashSHA1":"57f1e445419545e54bc041f93244840e6991e3c7","hashSHA256":"22eebcc37412d3132427b69fccd0c799a24c6fc1893117a29a91b3cb87bddd2b","digitalCertThumbprint":"347240ECC751AB91D4BA3282DC67ACC9A36D1128","digitalCertIssuer":"CN=COMODO RSA Extended Validation Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", O=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", STREET=\"Chaoyang North Road 199, MOMA Building 1901, Chaoyang District\", L=Beijing, PostalCode=100026, C=CN, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=CN, SERIALNUMBER=911101056717485703","sourceIndex":"1566","avBlockList":["360 Total Security (20241031)","Avast Premium Security (20241031)","AVG Internet Security (20241031)","Avira Internet Security (20241031)","Bitdefender Internet Security (20241031)","COMODO Antivirus (20241031)","Dr.Web Security Space (20241031)","ESET Internet Security (20241031)","G DATA INTERNET SECURITY (20241031)","K7 Total Security (20241031)","Kaspersky Internet Security (20220616)","Malwarebytes Premium (20241031)","McAfee Total Protection (20241031)","Norton Security (20241031)","Panda Dome (20241031)","Quick Heal Internet Security (20241031)","Sophos Home Premium (20241031)","SpyHunter5 (20241031)","Total AV Antivirus Pro (20241031)","VIPRE Advanced Security (20241031)","VirIT eXplorer PRO (20241031)","Webroot SecureAnywhere (20241031)","Windows Defender (20241031)","FortectPremium (20241031)","KasperskyPremium (20241031)"],"avAllowList":["Tencent PC Manager (20220616)","Trend Micro Internet Security (20241031)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.search: FAEMedia","reference":"","landingPage":"https://free-audio-editor.com/easyyoutubetomp3converter/","directDownloadingLink":"https://free-audio-editor.com/EasyYouTubetoMP3Converter.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://free-audio-editor.com/EasyYouTubetoMP3Converter.exe","sourceIndex":"1566"}],"sampleFiles":["220608/EasyYouTubetoMP3Converter-220608/10.1.2.5/Samples/EasyYouTubetoMP3Converter.exe","220608/EasyYouTubetoMP3Converter-220608/10.1.2.5/Samples/EasyYouTubetoMP3Converter-setup.exe"],"imageFiles":["220608/EasyYouTubetoMP3Converter-220608/10.1.2.5/Images/ACR-109/ACR-109_039_048_RKSetup.jpg","220608/EasyYouTubetoMP3Converter-220608/10.1.2.5/Images/ACR-039/ACR-109_039_048_RKSetup.jpg","220608/EasyYouTubetoMP3Converter-220608/10.1.2.5/Images/ACR-047/ACR-048_004_083_RKUpdatePrompt.jpg","220608/EasyYouTubetoMP3Converter-220608/10.1.2.5/Images/ACR-047/ACR-048_004_083_RKUpdatePrompt-2.jpg","220608/EasyYouTubetoMP3Converter-220608/10.1.2.5/Images/ACR-048/ACR-109_039_048_RKSetup.jpg","220608/EasyYouTubetoMP3Converter-220608/10.1.2.5/Images/ACR-010/RelevantKnowledge.jpg","220608/EasyYouTubetoMP3Converter-220608/10.1.2.5/Images/ACR-004/ACR-048_004_083_RKUpdatePrompt.jpg","220608/EasyYouTubetoMP3Converter-220608/10.1.2.5/Images/ACR-004/ACR-048_004_083_RKUpdatePrompt-2.jpg","220608/EasyYouTubetoMP3Converter-220608/10.1.2.5/Images/ACR-083/ACR-048_004_083_RKUpdatePrompt.jpg","220608/EasyYouTubetoMP3Converter-220608/10.1.2.5/Images/ACR-083/ACR-048_004_083_RKUpdatePrompt-2.jpg","220608/EasyYouTubetoMP3Converter-220608/10.1.2.5/Images/ACR-048/ACR-048_004_083_RKUpdatePrompt.jpg","220608/EasyYouTubetoMP3Converter-220608/10.1.2.5/Images/ACR-003/ACR-048_004_083_RKUpdatePrompt-2.jpg","220608/EasyYouTubetoMP3Converter-220608/10.1.2.5/Images/ACR-003/ACR-048_004_083_RKUpdatePrompt.jpg","220608/EasyYouTubetoMP3Converter-220608/10.1.2.5/Images/ACR-118/ACR-118_Remnants.jpg","220608/EasyYouTubetoMP3Converter-220608/10.1.2.5/Images/ACR-057/RelevantKnowledge.jpg","220608/EasyYouTubetoMP3Converter-220608/10.1.2.5/Images/ACR-059/RelevantKnowledge.jpg","220608/EasyYouTubetoMP3Converter-220608/10.1.2.5/Images/ACR-071/RelevantKnowledge.jpg","220608/EasyYouTubetoMP3Converter-220608/10.1.2.5/Images/ACR-155/RelevantKnowledge.jpg","220608/EasyYouTubetoMP3Converter-220608/10.1.2.5/Images/ACR-047/ACR-048_004_083_RKUpdatePrompt.jpg","220608/EasyYouTubetoMP3Converter-220608/10.1.2.5/Images/ACR-047/ACR-048_004_083_RKUpdatePrompt-2.jpg"],"nonDeceptorImageFiles":["220608/EasyYouTubetoMP3Converter-220608/10.1.2.5/Images/ACR-002/ACR-002_InconsistentAppVersions.jpg","220608/EasyYouTubetoMP3Converter-220608/10.1.2.5/Images/ACR-106/RelevantKnowledge.jpg","220608/EasyYouTubetoMP3Converter-220608/10.1.2.5/Images/ACR-002/ACR-002_InconsistentAppVersions.jpg"],"guid":"25c573a3-2cb7-4900-a5cc-0b47bcbdf611_10.1.2.5_1","appID":"EasyYouTubetoMP3Converter-220608","dateAdded":"241030","deceptorType":"App","name":"Easy Youtube to MP3 Converter","company":"FAEMedia","version":"10.1.2.5","lastKnownStatus":"10.1.2.5;10.1.3.0","lastKnownDate":"241030","type":"Windows Executable","category":"Media editors, SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,cross-sell other apps,sold in bundle","lastUpdate":"2024-10-30T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":433},{"violations":{"ACR-109":"The app downloads \"spt_setup.exe\", a RelevantKnowledge file without the consumer's consent.\n","ACR-047":"After the app is installed, it prompts the user with an \"Important!\" message to use a \"new version to avoid malfunctions\". This installs the same version of the app and re-runs the install and the offers that the consumer has previously declined.\n","ACR-048":"The \"Decline\" button does not have any control but still drops a RelevantKnowledge file “spt_setup.exe”.  \nThe app does not provide an option to close the update prompt and cancel the startup of its own.\n","ACR-010":"The app bundler distributes the deceptor application. The offer in this bundler, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control.\nThe app shows the \"https://www.freeaudiovideosoft.com/\" link under the website option in the app's about page where all the apps that are listed under the website contain deceptive behavior. \n","ACR-083":"The app attempts to present the offer repeatedly via its update and startup.\n","ACR-084":"The app creates a startup entry without the user's knowledge and consent.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components along with a \"curl-ca-bundle.crt\" on the device without the consumer's consent or notifying the user.\n","ACR-122":"The app displays a notification stating \"Update recommended\" which downloads the app and asks the user to install it by displaying the install prompt. This scenario is observed after uninstall and reboot.\n","ACR-057":"The app bundles the \"Relevant Knowledge\" offer which does not allow the consumer to decline the offer.\n","ACR-071":"The \"Relevant Knowledge\" offer cannot be declined independently as the installation is unable to proceed when attempting to decline the offer. Thus it forces the user to, only accept the offer and proceed with the installation.\n","ACR-075":"After the app is installed, it prompts the user with an \"Important!\" message to use a \"new version to avoid malfunctions\". This installs the same version of the app and re-runs the install and the offers that the consumer has previously declined.\n","ACR-014":"The app misleads users that they need to install an update while actually, it tries to install the pre-declined component by the user during the install.\n","ACR-059":"The Offer is not clearly marked as an offer. It is unclear who is recommending the offer.\n","ACR-155":"Offers are designed to look like part of the install workflow.\n"},"nonDeceptorViolations":{"ACR-106":"App offers deceptive application 'Relevant Knowledge market survey'.\n","ACR-092":"The app does not have a digital signature for the main executable: \"AllFreeMP3Joiner.exe\"\n","ACR-123":"The app does not remove its startup item even after uninstall.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\All Free MP3 Joiner\\AllFreeMP3Joiner.exe","companyName":"","productName":"","productVersion":"","fileVersion":"","hashMD5":"433109c32c1e1d2da82b3399b2db1809","hashSHA1":"ef990e3b9a36f9ecdc8ab7788a956ffc8ec0183c","hashSHA256":"4e943b51f9bc73145eeca7a519adedbdde904c2f2866db697f3c2005bf0b1373","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"444","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\All Free MP3 Joiner\\goup.exe","companyName":"","productName":"","productVersion":"1.0.0.0","fileVersion":"1.0.0.0","hashMD5":"b58001b7a3d8a4d2947b632accc613a0","hashSHA1":"4265de99ff08ce7170724cf56b6e3d87f211290d","hashSHA256":"0f0d36ef8b4de954e930fe85dc4e48fd83d2a2785a5a59cab4b3469afcb47989","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"444","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"AllFreeMP3Joiner.exe","isInstaller":"True","companyName":"AllFreeVideoSoft Co. Ltd.                                  ","productName":"All Free MP3 Joiner                                         ","productVersion":"                                                  ","fileVersion":"                    ","hashMD5":"4015cfbb276f0a0b46acd7d9f8351b18","hashSHA1":"1843fbdc65b30580f0371ab230cd1efaadc6719c","hashSHA256":"68452ee297c4ecb2edef14e3ba5ec15c0f24fdbf81423912e012347b424fd784","digitalCertThumbprint":"347240ECC751AB91D4BA3282DC67ACC9A36D1128","digitalCertIssuer":"COMODO RSA Extended Validation Code Signing CA","digitalCertIssuedTo":"Beijing Qingruan Creative Information Technology Co. Ltd.","storeId":"","sourceIndex":"444","avBlockList":["360 Total Security (20250123)","Avast Premium Security (20250123)","AVG Internet Security (20250123)","Avira Internet Security (20250123)","Bitdefender Internet Security (20250123)","COMODO Antivirus (20250123)","Dr.Web Security Space (20250123)","ESET Internet Security (20250123)","G DATA INTERNET SECURITY (20250123)","K7 Total Security (20250123)","Kaspersky Internet Security (20220728)","Malwarebytes Premium (20250123)","McAfee Total Protection (20250123)","Norton Security (20250123)","Panda Dome (20250123)","Quick Heal Internet Security (20250123)","Sophos Home Premium (20250123)","SpyHunter5 (20250123)","Total AV Antivirus Pro (20250123)","Trend Micro Internet Security (20250123)","VIPRE Advanced Security (20250123)","VirIT eXplorer PRO (20250123)","Webroot SecureAnywhere (20250123)","Windows Defender (20250123)","FortectPremium (20250123)","KasperskyPremium (20250123)"],"avAllowList":["Tencent PC Manager (20220728)"]},{"isRevoked":"False","fileName":"AllFreeMP3Joiner_241030.exe","isInstaller":"True","companyName":"AllFreeVideoSoft Co., Ltd.                                  ","fileVersion":"0.0","hashMD5":"c655b6f4fd6fd9d20c06e05df315341d","hashSHA1":"97448b385e85c020bbd0725a6d9faace900c1c8f","hashSHA256":"2c5dfa551caa07ba0dd632279814ed5b9294aad402dc0eefdc01178b5ce7ba35","sourceIndex":"444","avBlockList":["360 Total Security (20250128)","Avast Premium Security (20250128)","AVG Internet Security (20250128)","Avira Internet Security (20250128)","Bitdefender Internet Security (20250128)","COMODO Antivirus (20250128)","Dr.Web Security Space (20250128)","ESET Internet Security (20250128)","FortectPremium (20250128)","G DATA INTERNET SECURITY (20250128)","K7 Total Security (20250128)","KasperskyPremium (20250128)","Malwarebytes Premium (20250128)","McAfee Total Protection (20250128)","Norton Security (20250128)","Panda Dome (20250128)","Quick Heal Internet Security (20250128)","Sophos Home Premium (20250128)","SpyHunter5 (20250128)","Total AV Antivirus Pro (20250128)","Trend Micro Internet Security (20250128)","VIPRE Advanced Security (20250128)","VirIT eXplorer PRO (20250128)","Webroot SecureAnywhere (20250128)","Windows Defender (20250128)"],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Related Apps","reference":"","landingPage":"https://www.allfreevideoconverter.com/freemp3joiner/index.html","directDownloadingLink":"https://www.allfreevideoconverter.com/download/AllFreeMP3Joiner.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.allfreevideoconverter.com/download/AllFreeMP3Joiner.exe","sourceIndex":"444"}],"sampleFiles":["241030/allfreemp3joiner-220609/8.8.1/Samples/AllFreeMP3Joiner.exe","241030/allfreemp3joiner-220609/8.8.1/Samples/AllFreeMP3Joiner_241030.exe"],"imageFiles":["241030/allfreemp3joiner-220609/8.8.1/Images/ACR-109/ACR-109_Install_Drops_Third_Party.JPG","241030/allfreemp3joiner-220609/8.8.1/Images/ACR-047/ACR-047_Install.JPG","241030/allfreemp3joiner-220609/8.8.1/Images/ACR-047/ACR-047_Install.mp4","241030/allfreemp3joiner-220609/8.8.1/Images/ACR-048/ACR-048_Install_No_Control_To_Decline.JPG","241030/allfreemp3joiner-220609/8.8.1/Images/ACR-010/ACR-010_Install_Bundles_Deceptor.JPG","241030/allfreemp3joiner-220609/8.8.1/Images/ACR-083/ACR-083_Software.JPG","241030/allfreemp3joiner-220609/8.8.1/Images/ACR-083/ACR-083_Software_1.JPG","241030/allfreemp3joiner-220609/8.8.1/Images/ACR-084/ACR-084_Software.JPG","241030/allfreemp3joiner-220609/8.8.1/Images/ACR-048/ACR-048_Software.JPG","241030/allfreemp3joiner-220609/8.8.1/Images/ACR-048/ACR-048_Software_1.JPG","241030/allfreemp3joiner-220609/8.8.1/Images/ACR-010/ACR-010_Software.mp4","241030/allfreemp3joiner-220609/8.8.1/Images/ACR-014/ACR-014_Software.JPG","241030/allfreemp3joiner-220609/8.8.1/Images/ACR-014/ACR-014_Software.mp4","241030/allfreemp3joiner-220609/8.8.1/Images/ACR-118/ACR-118_Uninstall.JPG","241030/allfreemp3joiner-220609/8.8.1/Images/ACR-118/ACR-118_Uninstall_1.JPG","241030/allfreemp3joiner-220609/8.8.1/Images/ACR-122/ACR-122_Uninstall.JPG","241030/allfreemp3joiner-220609/8.8.1/Images/ACR-075/ACR-075_Bundler-MadeOffers.JPG","241030/allfreemp3joiner-220609/8.8.1/Images/ACR-075/ACR-075_Bundler-MadeOffers.mp4","241030/allfreemp3joiner-220609/8.8.1/Images/ACR-057/ACR-057_Bundler-MadeOffers.JPG","241030/allfreemp3joiner-220609/8.8.1/Images/ACR-059/ACR-059_Bundler-MadeOffers.JPG","241030/allfreemp3joiner-220609/8.8.1/Images/ACR-071/ACR-071_Bundler-MadeOffers.JPG","241030/allfreemp3joiner-220609/8.8.1/Images/ACR-155/ACR-155_Bundler-MadeOffers.JPG"],"nonDeceptorImageFiles":["241030/allfreemp3joiner-220609/8.8.1/Images/ACR-106/ACR-106_Software_Bundles_Deceptor.JPG","241030/allfreemp3joiner-220609/8.8.1/Images/ACR-092/ACR-092_Software.JPG","241030/allfreemp3joiner-220609/8.8.1/Images/ACR-123/ACR-123_Uninstall.JPG"],"guid":"da90b706-915f-4665-94af-26cebf96cf1e_8.8.1_1","appID":"allfreemp3joiner-220609","dateAdded":"241030","deceptorType":"App","name":"All Free MP3 Joiner","company":"AllFreeVideoSoft Co., Ltd.","version":"8.8.1","lastKnownStatus":"8.8.1","lastKnownDate":"241030","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2024-10-31T00:53:23.1469823+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":434},{"violations":{"ACR-109":"The app downloads \"spt_setup.exe\", a RelevantKnowledge file without the consumer's consent.\n\n","ACR-048":"The \"Decline\" button does not have any control. Upon clicking the button, it drops a RelevantKnowledge file “spt_setup.exe” regardless.\n\n","ACR-010":"The app distributes deceptor application. The offer in this app, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control. \n\n","ACR-013":"Application doesn't obtain the explicit informed user consent for running RK setup. The \"next\" misleads user that it is required for continue installation. It is misleadingly presented as mandatory component that user has to agree for install the application.\n","ACR-060":"The offer network does not disclose itself in RK offer to silently install unrelated software\n","ACR-118":"Upon uninstallation, it retains some executables and many of its other components along with a \"curl-ca-bundle.crt\" on the device without user's knowledge.\n\n","ACR-057":"The app bundles the \"Relevant Knowledge\" offer which does not allow the consumer to decline the offer. \n\n","ACR-071":"It attempts to force the acceptance of \"Relevant Knowledge\" by graying out the Next button when the user choose to Decline. Thus, forcing the user to only accept the offer and proceed with the installation.\n\n","ACR-059":"Offer not clearly marked as an offer. Instead, it is presented as a component of the carrier.\n\n","ACR-155":"Offers are designed to look like part of the install workflow. \n\n"},"nonDeceptorViolations":{"ACR-106":"App offers deceptive application 'Relevant Knowledge market survey'. \n\n"},"samples":[{"isRevoked":"False","fileName":"mymp3splitter_setup.exe","isInstaller":"True","companyName":"zxt2007.com                                                 ","productName":"My MP3 Splitter                                             ","productVersion":"3.3.0.0                                           ","fileVersion":"3.3.0.0             ","hashMD5":"c5469c942675bca965adaf0b8374a872","hashSHA1":"0b0e33766ecaa225fe6d6eb970acf893361d1548","hashSHA256":"f4887f09256e3e0b91a7c4871c9f3ae02aa4b2bed567bd5673e2a85483c6da94","digitalCertThumbprint":"712DF3A60A8F334303B1E517176B87B88C7C25D5","digitalCertIssuer":"Sectigo Public Code Signing CA R36","digitalCertIssuedTo":"张晓彤","storeId":"","sourceIndex":"450","avBlockList":["360 Total Security (20250123)","Avast Premium Security (20250123)","AVG Internet Security (20250123)","Avira Internet Security (20250123)","Bitdefender Internet Security (20250123)","COMODO Antivirus (20250123)","Dr.Web Security Space (20250123)","ESET Internet Security (20250123)","FortectPremium (20250123)","G DATA INTERNET SECURITY (20250123)","K7 Total Security (20250123)","KasperskyPremium (20250123)","Malwarebytes Premium (20250123)","McAfee Total Protection (20250123)","Norton Security (20250123)","Panda Dome (20250123)","Quick Heal Internet Security (20250123)","Sophos Home Premium (20250123)","SpyHunter5 (20250123)","Total AV Antivirus Pro (20250123)","VIPRE Advanced Security (20250123)","VirIT eXplorer PRO (20250123)","Webroot SecureAnywhere (20250123)","Windows Defender (20250123)"],"avAllowList":["Trend Micro Internet Security (20250123)"]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on windows app","reference":"","landingPage":"http://en.zxt2007.com/video-tools/mymp3splitter.html","directDownloadingLink":"http://en.zxt2007.com/download/mymp3splitter_setup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://en.zxt2007.com/download/mymp3splitter_setup.exe","sourceIndex":"450"}],"sampleFiles":["241029/MyMP3Splitter-220607/3.3.0.0/Samples/mymp3splitter_setup.exe"],"imageFiles":["241029/MyMP3Splitter-220607/3.3.0.0/Images/ACR-109/ACR-109.PNG","241029/MyMP3Splitter-220607/3.3.0.0/Images/ACR-048/ACR-048.PNG","241029/MyMP3Splitter-220607/3.3.0.0/Images/ACR-010/ACR-010.PNG","241029/MyMP3Splitter-220607/3.3.0.0/Images/ACR-118/ACR-118_1.PNG","241029/MyMP3Splitter-220607/3.3.0.0/Images/ACR-057/ACR-057.PNG","241029/MyMP3Splitter-220607/3.3.0.0/Images/ACR-059/ACR-059.PNG","241029/MyMP3Splitter-220607/3.3.0.0/Images/ACR-071/ACR-071.PNG","241029/MyMP3Splitter-220607/3.3.0.0/Images/ACR-155/ACR-155.PNG","241029/MyMP3Splitter-220607/3.3.0.0/Images/ACR-013/ACR-013.PNG","241029/MyMP3Splitter-220607/3.3.0.0/Images/ACR-060/ACR-060.PNG"],"nonDeceptorImageFiles":["241029/MyMP3Splitter-220607/3.3.0.0/Images/ACR-106/ACR-106.PNG"],"guid":"526162ef-9fe0-47e3-9fa2-1a3ba8c349d7_3.3.0.0_1","appID":"MyMP3Splitter-220607","dateAdded":"241029","deceptorType":"App","name":"My MP3 Splitter","company":"zxt2007.com","version":"3.3.0.0","lastKnownStatus":"2.3.7.0;3.3.0.0","lastKnownDate":"241029","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"cross-sell other apps,sold in bundle","lastUpdate":"2024-10-29T18:48:55.8369254+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":436},{"violations":{"ACR-109":"The app downloads \"spt_setup.exe\", a RelevantKnowledge file without the consumer's consent.\n\n","ACR-048":"The \"Decline\" button does not have any control. Upon clicking the button, it drops a RelevantKnowledge file “spt_setup.exe” regardless.\n\n","ACR-010":"The app distributes deceptor application. The offer in this app, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control. \n\n","ACR-118":"Upon uninstallation, it retains some executables and many of its other components along with a \"curl-ca-bundle.crt\" on the device without user's knowledge.\n\n","ACR-057":"The app bundles the \"Relevant Knowledge\" offer which does not allow the consumer to decline the offer. \n\n","ACR-071":"It attempts to force the acceptance of \"Relevant Knowledge\" by graying out the Next button when the user choose to Decline. Thus, forcing the user to only accept the offer and proceed with the installation.\n\n","ACR-059":"Offer not clearly marked as an offer. Instead, it is presented as a component of the carrier.\n\n","ACR-155":"Offers are designed to look like part of the install workflow. \n\n"},"nonDeceptorViolations":{"ACR-065":"Carrier app has no EULA screen. The first offer's (Relevant Knowledge) EULA misleads consumers into thinking it is the EULA for the carrier app.\n\n","ACR-106":"App offers deceptive application 'Relevant Knowledge market survey'. \n\n","ACR-092":" The main executable is not digitally signed. \n\n"},"samples":[{"isRevoked":"False","fileName":"MP3Splitter.exe","companyName":"ZXT2007.com","productName":"My MP3 Splitter","productVersion":"2.3.7.0    ","fileVersion":"2.3.7.0    ","hashMD5":"2ccfcb12f90f2e0a7b639f5d938903b4","hashSHA1":"d82d31751e962f522db0a7f56c1a6c5955181348","hashSHA256":"770b54cf5c3003c4d562a8fe9adb7b75fc59280371d6bafb45d4643d438f4d8a","sourceIndex":"1569","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"mymp3splitter_setup.exe","isInstaller":"True","companyName":"zxt2007.com                                                 ","productName":"My MP3 Splitter     ","fileVersion":"2.3.7.0          ","hashMD5":"c74fc660135dbf1ea843e4040ca6a6ed","hashSHA1":"b6aca1dfdaa987418f4c2a6004781b78b20a3853","hashSHA256":"f1d08785ac1fa299a51a620b42396f58d784e654e119ccee37055c9cb00b6818","digitalCertThumbprint":"CB63529ED0F5FA356EB2801B5FAA196C97760C72","digitalCertIssuer":"CN=DigiCert EV Code Signing CA (SHA2), OU=www.digicert.com, O=DigiCert Inc, C=US","digitalCertIssuedTo":"CN=潍坊金网信息科技有限公司, O=潍坊金网信息科技有限公司, L=潍坊市, S=山东省, C=CN, SERIALNUMBER=91370700745698896P, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.1=潍坊高新技术产业开发区, OID.1.3.6.1.4.1.311.60.2.1.2=山东省, OID.1.3.6.1.4.1.311.60.2.1.3=CN","sourceIndex":"1569","avBlockList":["360 Total Security (20241031)","Avast Premium Security (20241031)","AVG Internet Security (20241031)","Avira Internet Security (20241031)","Bitdefender Internet Security (20241031)","COMODO Antivirus (20241031)","Dr.Web Security Space (20241031)","ESET Internet Security (20241031)","G DATA INTERNET SECURITY (20241031)","K7 Total Security (20241031)","Kaspersky Internet Security (20220616)","Malwarebytes Premium (20241031)","McAfee Total Protection (20241031)","Norton Security (20241031)","Panda Dome (20241031)","Quick Heal Internet Security (20241031)","Sophos Home Premium (20241031)","SpyHunter5 (20241031)","Total AV Antivirus Pro (20241031)","VIPRE Advanced Security (20241031)","VirIT eXplorer PRO (20241031)","Webroot SecureAnywhere (20241031)","Windows Defender (20241031)","FortectPremium (20241031)","KasperskyPremium (20241031)"],"avAllowList":["Tencent PC Manager (20220616)","Trend Micro Internet Security (20241031)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.search: Free tools","reference":"","landingPage":"http://en.zxt2007.com/video-tools/mymp3splitter.html","directDownloadingLink":"http://en.zxt2007.com/download.php?id=mymp3splitter_setup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://en.zxt2007.com/download.php?id=mymp3splitter_setup.exe","sourceIndex":"1569"}],"sampleFiles":["220607/MyMP3Splitter-220607/2.3.7.0/Samples/MP3Splitter.exe","220607/MyMP3Splitter-220607/2.3.7.0/Samples/mymp3splitter_setup.exe"],"imageFiles":["220607/MyMP3Splitter-220607/2.3.7.0/Images/ACR-109/ACR-109_048_RKSetup.jpg","220607/MyMP3Splitter-220607/2.3.7.0/Images/ACR-048/ACR-109_048_RKSetup.jpg","220607/MyMP3Splitter-220607/2.3.7.0/Images/ACR-010/RelevantKnowledge.jpg","220607/MyMP3Splitter-220607/2.3.7.0/Images/ACR-118/ACR-118_Remnants.jpg","220607/MyMP3Splitter-220607/2.3.7.0/Images/ACR-057/RelevantKnowledge.jpg","220607/MyMP3Splitter-220607/2.3.7.0/Images/ACR-059/RelevantKnowledge.jpg","220607/MyMP3Splitter-220607/2.3.7.0/Images/ACR-071/RelevantKnowledge.jpg","220607/MyMP3Splitter-220607/2.3.7.0/Images/ACR-155/RelevantKnowledge.jpg"],"nonDeceptorImageFiles":["220607/MyMP3Splitter-220607/2.3.7.0/Images/ACR-065/RelevantKnowledge.jpg","220607/MyMP3Splitter-220607/2.3.7.0/Images/ACR-106/RelevantKnowledge.jpg","220607/MyMP3Splitter-220607/2.3.7.0/Images/ACR-092/ACR-092_NoDigiSig.jpg"],"guid":"526162ef-9fe0-47e3-9fa2-1a3ba8c349d7_2.3.7.0_1","appID":"MyMP3Splitter-220607","dateAdded":"241029","deceptorType":"App","name":"My MP3 Splitter","company":"zxt2007.com","version":"2.3.7.0","lastKnownStatus":"2.3.7.0;3.3.0.0","lastKnownDate":"241029","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"cross-sell other apps,sold in bundle","lastUpdate":"2024-10-29T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":437},{"violations":{"ACR-109":"The app downloads \"spt_setup.exe\", a RelevantKnowledge file without the consumer's consent.\n","ACR-048":"The \"Decline\" button does not have any control. Upon clicking the button, it drops a RelevantKnowledge file “spt_setup.exe” regardless.\n","ACR-010":"The app distributes deceptor application. The offer in this app, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control. \n","ACR-013":"Application doesn't obtain the explicit informed user consent for running RK setup. The \"next\" misleads user that it is required for continue installation. It is misleadingly presented as mandatory component that user has to agree for install the application.\n","ACR-060":"The offer network does not disclose itself in RK offer to silently install unrelated software\n","ACR-118":"Upon uninstallation, it retains some executables and many of its other components along with a \"curl-ca-bundle.crt\" on the device without user's knowledge.\n\n","ACR-057":"The app bundles the \"Relevant Knowledge\" offer which does not allow the consumer to decline the offer. \n","ACR-071":"It attempts to force the acceptance of \"Relevant Knowledge\" by graying out the Next button when the user choose to Decline. Thus, forcing the user to only accept the offer and proceed with the installation.\n","ACR-059":"Offer not clearly marked as an offer. Instead, it is presented as a component of the carrier.\n","ACR-155":"Offers are designed to look like part of the install workflow. \n"},"nonDeceptorViolations":{"ACR-106":"App offers deceptive application 'Relevant Knowledge market survey'. \n"},"samples":[{"isRevoked":"False","fileName":"icontool_setup.exe","isInstaller":"True","companyName":"zxt2007.com                                                 ","productName":"Free Icon Tool                                              ","productVersion":"2.2.0.0                                           ","fileVersion":"2.2.0.0             ","hashMD5":"0e9a0212bde7777e66d599f7f858dbd5","hashSHA1":"9c36c8c552920247cde0a33cea83a8514f7da030","hashSHA256":"9455d07246b0f130d2bd41fcacacde5185f0a2fd74774f6e6665a16f88be4ee8","digitalCertThumbprint":"712DF3A60A8F334303B1E517176B87B88C7C25D5","digitalCertIssuer":"Sectigo Public Code Signing CA R36","digitalCertIssuedTo":"张晓彤","storeId":"","sourceIndex":"448","avBlockList":["360 Total Security (20250123)","Avast Premium Security (20250123)","AVG Internet Security (20250123)","Avira Internet Security (20250123)","Bitdefender Internet Security (20250123)","COMODO Antivirus (20250123)","Dr.Web Security Space (20250123)","ESET Internet Security (20250123)","FortectPremium (20250123)","G DATA INTERNET SECURITY (20250123)","K7 Total Security (20250123)","KasperskyPremium (20250123)","Malwarebytes Premium (20250123)","McAfee Total Protection (20250123)","Norton Security (20250123)","Panda Dome (20250123)","Quick Heal Internet Security (20250123)","Sophos Home Premium (20250123)","SpyHunter5 (20250123)","Total AV Antivirus Pro (20250123)","VIPRE Advanced Security (20250123)","VirIT eXplorer PRO (20250123)","Webroot SecureAnywhere (20250123)","Windows Defender (20250123)"],"avAllowList":["Trend Micro Internet Security (20250123)"]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on windows app","reference":"","landingPage":"http://en.zxt2007.com/picture-tools/icontool.html","directDownloadingLink":"http://en.zxt2007.com/download/icontool_setup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://en.zxt2007.com/download/icontool_setup.exe","sourceIndex":"448"}],"sampleFiles":["241029/FreeIconTool-220607/2.2.0.0/Samples/icontool_setup.exe"],"imageFiles":["241029/FreeIconTool-220607/2.2.0.0/Images/ACR-109/ACR-109.PNG","241029/FreeIconTool-220607/2.2.0.0/Images/ACR-048/ACR-048.PNG","241029/FreeIconTool-220607/2.2.0.0/Images/ACR-010/ACR-010.PNG","241029/FreeIconTool-220607/2.2.0.0/Images/ACR-118/ACR-118.PNG","241029/FreeIconTool-220607/2.2.0.0/Images/ACR-057/ACR-057.PNG","241029/FreeIconTool-220607/2.2.0.0/Images/ACR-059/ACR-059.PNG","241029/FreeIconTool-220607/2.2.0.0/Images/ACR-071/ACR-071.PNG","241029/FreeIconTool-220607/2.2.0.0/Images/ACR-155/ACR-155.PNG","241029/FreeIconTool-220607/2.2.0.0/Images/ACR-013/ACR-013.PNG","241029/FreeIconTool-220607/2.2.0.0/Images/ACR-060/ACR-060.PNG"],"nonDeceptorImageFiles":["241029/FreeIconTool-220607/2.2.0.0/Images/ACR-106/ACR-106.PNG"],"guid":"d2c02e04-9dfe-4c76-9602-b0096bc316c7_2.2.0.0_1","appID":"FreeIconTool-220607","dateAdded":"241029","deceptorType":"App","name":"Free Icon Tool","company":"zxt2007.com","version":"2.2.0.0","lastKnownStatus":"2.1.8.0;2.2.0.0","lastKnownDate":"241029","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","monetization":"cross-sell other apps,sold in bundle","lastUpdate":"2024-10-29T19:08:52.7762367+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":438},{"violations":{"ACR-109":"The app downloads \"spt_setup.exe\", a RelevantKnowledge file without the consumer's consent.\n","ACR-048":"The \"Decline\" button does not have any control. Upon clicking the button, it drops a RelevantKnowledge file “spt_setup.exe” regardless.\n","ACR-010":"The app distributes deceptor application. The offer in this app, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control. \n","ACR-118":"Upon uninstallation, it retains some executables and many of its other components along with a \"curl-ca-bundle.crt\" on the device without user's knowledge.\n\n","ACR-057":"The app bundles the \"Relevant Knowledge\" offer which does not allow the consumer to decline the offer. \n","ACR-071":"It attempts to force the acceptance of \"Relevant Knowledge\" by graying out the Next button when the user choose to Decline. Thus, forcing the user to only accept the offer and proceed with the installation.\n","ACR-059":"Offer not clearly marked as an offer. Instead, it is presented as a component of the carrier.\n","ACR-155":"Offers are designed to look like part of the install workflow. \n"},"nonDeceptorViolations":{"ACR-065":"Carrier app has no EULA screen. The first offer's (Relevant Knowledge) EULA misleads consumers into thinking it is the EULA for the carrier app.\n\n","ACR-106":"App offers deceptive application 'Relevant Knowledge market survey'. \n","ACR-092":" The main executable is not digitally signed. \n\n"},"samples":[{"isRevoked":"False","fileName":"GetIcon.exe","companyName":"ZXT2007.com","productName":"Free Icon Tool","productVersion":"2.1.8.0","fileVersion":"2.1.8.0","hashMD5":"8546fc985d308565f439fb5a3263be38","hashSHA1":"e49dc05e50e3d933564ca0c424d3b46918330608","hashSHA256":"85585bcbc88409ecde99200cbf62de38c3a4a4c0457776934b790cd485dad0bf","sourceIndex":"1571","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"icontool_setup.exe","isInstaller":"True","companyName":"zxt2007.com                                                 ","productName":"Free Icon Tool","fileVersion":"0.0","hashMD5":"a1ad58bc9066c7abe8bf18950032684b","hashSHA1":"a6d2e7a76e0040b0d53355c0f2457d49729337f6","hashSHA256":"aa4ab81d49cfcc9e789a19d6a8db91aa888fbcb0ed127c0840e706df30e4f85b","sourceIndex":"1571","avBlockList":["360 Total Security (20241031)","Avast Premium Security (20241031)","AVG Internet Security (20241031)","Avira Internet Security (20241031)","Bitdefender Internet Security (20241031)","COMODO Antivirus (20241031)","Dr.Web Security Space (20241031)","ESET Internet Security (20241031)","G DATA INTERNET SECURITY (20241031)","K7 Total Security (20241031)","Kaspersky Internet Security (20220728)","Malwarebytes Premium (20241031)","McAfee Total Protection (20241031)","Norton Security (20241031)","Panda Dome (20241031)","Quick Heal Internet Security (20241031)","Sophos Home Premium (20241031)","SpyHunter5 (20241031)","Total AV Antivirus Pro (20241031)","Trend Micro Internet Security (20241031)","VIPRE Advanced Security (20241031)","VirIT eXplorer PRO (20241031)","Webroot SecureAnywhere (20241031)","Windows Defender (20241031)","FortectPremium (20241031)","KasperskyPremium (20241031)"],"avAllowList":["Tencent PC Manager (20220728)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.search: Free tools","reference":"","landingPage":"http://en.zxt2007.com/picture-tools/icontool.html","directDownloadingLink":"http://en.zxt2007.com/download.php?id=icontool_setup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://en.zxt2007.com/download.php?id=icontool_setup.exe","sourceIndex":"1571"}],"sampleFiles":["220607/FreeIconTool-220607/2.1.8.0/Samples/GetIcon.exe","220607/FreeIconTool-220607/2.1.8.0/Samples/icontool_setup.exe"],"imageFiles":["220607/FreeIconTool-220607/2.1.8.0/Images/ACR-109/ACR-109_048_RKSetup.jpg","220607/FreeIconTool-220607/2.1.8.0/Images/ACR-048/ACR-109_048_RKSetup.jpg","220607/FreeIconTool-220607/2.1.8.0/Images/ACR-010/RelevantKnowledge.jpg","220607/FreeIconTool-220607/2.1.8.0/Images/ACR-118/ACR-118_Remnants.jpg","220607/FreeIconTool-220607/2.1.8.0/Images/ACR-057/RelevantKnowledge.jpg","220607/FreeIconTool-220607/2.1.8.0/Images/ACR-059/RelevantKnowledge.jpg","220607/FreeIconTool-220607/2.1.8.0/Images/ACR-071/RelevantKnowledge.jpg","220607/FreeIconTool-220607/2.1.8.0/Images/ACR-155/RelevantKnowledge.jpg"],"nonDeceptorImageFiles":["220607/FreeIconTool-220607/2.1.8.0/Images/ACR-106/RelevantKnowledge.jpg","220607/FreeIconTool-220607/2.1.8.0/Images/ACR-092/ACR-092_NoDigiSig.jpg","220607/FreeIconTool-220607/2.1.8.0/Images/ACR-065/RelevantKnowledge.jpg"],"guid":"d2c02e04-9dfe-4c76-9602-b0096bc316c7_2.1.8.0_1","appID":"FreeIconTool-220607","dateAdded":"241029","deceptorType":"App","name":"Free Icon Tool","company":"zxt2007.com","version":"2.1.8.0","lastKnownStatus":"2.1.8.0;2.2.0.0","lastKnownDate":"241029","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","monetization":"cross-sell other apps,sold in bundle","lastUpdate":"2024-10-29T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":439},{"violations":{"ACR-109":"The app downloads \"rk_setup.exe\", a RelevantKnowledge file before disclosure and without the consumer's consent.\n\n","ACR-042":"Open source project \"FFmpeg\" is installed without any disclosure in EULA.\n","ACR-043":"Open source project \"FFmpeg\" is installed without any disclosure in EULA.\n","ACR-107":"The app does not obtain any authorization for using a third-party component 'ffmpeg'.\n","ACR-048":"The \"Decline\" button does not have any control. Despite declining RelevantKnowledge app, it still downloaded RelevantKnowledge file “rk_setup.exe” nevertheless.\n\n","ACR-010":"The app distributes deceptor application. The offer in this app, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control. \n\n","ACR-013":"Application doesn't obtain the explicit informed user consent for running RK setup. The \"next\" misleads user that it is required for continue installation. It is misleadingly presented as mandatory component that user has to agree for install the application.\n","ACR-060":"The offer network does not disclose itself in RK offer to silently install unrelated software\n","ACR-118":"Upon uninstallation, it retains some executables and many of its other components along with a \"curl-ca-bundle.crt\" on the device without user's knowledge. \n\n","ACR-057":"The app bundles the \"Relevant Knowledge\" offer which does not allow the consumer to decline the offer. \n\n","ACR-071":"It attempts to force the acceptance of \"Relevant Knowledge\" by graying out the Next button when the user choose to Decline. Thus, forcing the user to only accept the offer and proceed with the installation.\n\n","ACR-059":"Offer not clearly marked as an offer. Instead, it is presented as a component of the carrier.\n\n","ACR-039":"There is no clear indications of the relationship to the installer application. RelevantKnowledge is presented as part of the installer application. Despite declining RelevantKnowledge app, it still downloaded RelevantKnowledge file “rk_setup.exe” regardless.\n","ACR-155":"Offers are designed to look like part of the install workflow. \n\n"},"nonDeceptorViolations":{"ACR-106":"App offers deceptive application 'Relevant Knowledge market survey'. \n\n"},"samples":[{"isRevoked":"False","fileName":"EasyVideoSwitch.exe","isInstaller":"True","companyName":"FAEMedia Co. Ltd.                                          ","productName":"Easy Video Switch                                           ","productVersion":"                    ","fileVersion":"                    ","hashMD5":"cc3ca9b224cf37be32dd6b739c212fca","hashSHA1":"4ef967ff3966626ce29b79ed005babb0067ad719","hashSHA256":"6d02b83c1e1a2966a5a831fd5b8093728ad22a09815876d39fae19cf658031d1","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"451","avBlockList":["360 Total Security (20250123)","Avast Premium Security (20250123)","AVG Internet Security (20250123)","Avira Internet Security (20250123)","Bitdefender Internet Security (20250123)","COMODO Antivirus (20250123)","Dr.Web Security Space (20250123)","ESET Internet Security (20250123)","FortectPremium (20250123)","G DATA INTERNET SECURITY (20250123)","K7 Total Security (20250123)","KasperskyPremium (20250123)","Malwarebytes Premium (20250123)","McAfee Total Protection (20250123)","Norton Security (20250123)","Panda Dome (20250123)","Quick Heal Internet Security (20250123)","Sophos Home Premium (20250123)","SpyHunter5 (20250123)","Total AV Antivirus Pro (20250123)","VIPRE Advanced Security (20250123)","VirIT eXplorer PRO (20250123)","Webroot SecureAnywhere (20250123)","Windows Defender (20250123)"],"avAllowList":["Trend Micro Internet Security (20250123)"]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on windows app","reference":"","landingPage":"https://free-audio-editor.com/easyvideoswitch/","directDownloadingLink":"https://free-audio-editor.com/EasyVideoSwitch.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://free-audio-editor.com/EasyVideoSwitch.exe","sourceIndex":"451"}],"sampleFiles":["241029/EasyVideoSwitch-220608/10.1.3.0/Samples/EasyVideoSwitch.exe"],"imageFiles":["241029/EasyVideoSwitch-220608/10.1.3.0/Images/ACR-109/ACR-109.PNG","241029/EasyVideoSwitch-220608/10.1.3.0/Images/ACR-039/ACR-039.PNG","241029/EasyVideoSwitch-220608/10.1.3.0/Images/ACR-043/ACR-043.PNG","241029/EasyVideoSwitch-220608/10.1.3.0/Images/ACR-107/ACR-107.PNG","241029/EasyVideoSwitch-220608/10.1.3.0/Images/ACR-042/ACR-042.PNG","241029/EasyVideoSwitch-220608/10.1.3.0/Images/ACR-048/ACR-048.PNG","241029/EasyVideoSwitch-220608/10.1.3.0/Images/ACR-010/ACR-010.PNG","241029/EasyVideoSwitch-220608/10.1.3.0/Images/ACR-118/ACR-118.PNG","241029/EasyVideoSwitch-220608/10.1.3.0/Images/ACR-057/ACR-057.PNG","241029/EasyVideoSwitch-220608/10.1.3.0/Images/ACR-059/ACR-059.PNG","241029/EasyVideoSwitch-220608/10.1.3.0/Images/ACR-071/ACR-071.PNG","241029/EasyVideoSwitch-220608/10.1.3.0/Images/ACR-155/ACR-155.PNG","241029/EasyVideoSwitch-220608/10.1.3.0/Images/ACR-013/ACR-013.PNG","241029/EasyVideoSwitch-220608/10.1.3.0/Images/ACR-060/ACR-060.PNG"],"nonDeceptorImageFiles":["241029/EasyVideoSwitch-220608/10.1.3.0/Images/ACR-106/ACR-106.PNG"],"guid":"a56aa10b-5f9b-4f9e-91ee-621666f61a7b_10.1.3.0_1","appID":"EasyVideoSwitch-220608","dateAdded":"241029","deceptorType":"App","name":"Easy Video Switch","company":"FAEMedia","version":"10.1.3.0","lastKnownStatus":"10.1.2.5;10.1.3.0","lastKnownDate":"241029","type":"Windows Executable","category":"SysTools & Utilities, Media editors","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"cross-sell other apps,sold in bundle","lastUpdate":"2024-10-29T18:46:55.6065409+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":440},{"violations":{"ACR-109":"The app downloads \"spt_setup.exe\", a RelevantKnowledge file before disclosure and without the consumer's consent.\n\n","ACR-047":"The App presents the untruthful message that application needs to update, instead it attempts to re-run the application to present the declined offer again.  \n\nThe App presents the untruthful message that application needs to update, instead it attempts to re-run the application to present the declined offer again.\n\n","ACR-048":"The \"Decline\" button does not have any control. Despite declining RelevantKnowledge app, it still downloaded RelevantKnowledge file “spt_setup.exe” nevertheless.\n\nUnable to close the update prompt. \n\n","ACR-003":"The App misleads consumer they need to run update. There is no newer build, instead, it sometimes leads to download the component(s) that user declined during install procedure, for example, it connected to dpd.securestudies.com and attempted to download user internet behavior program from Relevant Knowledge. \n\n","ACR-004":"The app prompts untruthful message that upgrade is needed whenever user launches the app. The \"Update\" downloads nothing new, sometimes it leads to download the component(s) that user declined during install procedure, for example, it connected to dpd.securestudies.com and attempted to download user internet behavior program from Relevant Knowledge. \n\n","ACR-010":"The app distributes deceptor application. The offer in this app, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control. \n\n","ACR-083":"The App attempts to present the offer repeatedly via its update and startup.\n\n","ACR-118":"Upon uninstallation, it retains some executables and many of its other components along with a \"curl-ca-bundle.crt\" on the device without user's knowledge. \n\n","ACR-057":"The app bundles the \"Relevant Knowledge\" offer which does not allow the consumer to decline the offer. \n\n","ACR-071":"It attempts to force the acceptance of \"Relevant Knowledge\" by graying out the Next button when the user choose to Decline. Thus, forcing the user to only accept the offer and proceed with the installation.\n\n","ACR-059":"Offer not clearly marked as an offer. Instead, it is presented as a component of the carrier.\n\n","ACR-039":"There is no clear indications of the relationship to the installer application. RelevantKnowledge is presented as part of the installer application. Despite declining RelevantKnowledge app, it still downloaded RelevantKnowledge file “spt_setup.exe” regardless.\n","ACR-155":"Offers are designed to look like part of the install workflow. \n\n"},"nonDeceptorViolations":{"ACR-002":"The App's version is inconsistent between App interaction and its install (version10.1.2.5 vs version 9.3.3) \nThe App's version is inconsistent between App interaction and its install (version10.1.2.5 vs version 9.3.3) \n","ACR-106":"App offers deceptive application 'Relevant Knowledge market survey'. \n\n"},"samples":[{"isRevoked":"False","fileName":"EasyVideoSwitch.exe","companyName":"FAEMedia ","fileVersion":"1.0","hashMD5":"256bc08e4f66bc0c3df0600220853311","hashSHA1":"f08d3a1ed91755b9d58d5a4ffaa9c1cb9e0c1d9e","hashSHA256":"031de687b35b9a0619780172dbd5dced32a1206152865707c8e7db2dfe824020","sourceIndex":"1564","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"EasyVideoSwitch-setup.exe","isInstaller":"True","companyName":"FAEMedia Co., Ltd.                                          ","productName":"Easy YouTube to MP3 Converter    ","fileVersion":"0.0","hashMD5":"2e932420877df423a119295fd2a86452","hashSHA1":"c5eb657c043f7cdca6564d202343d0339acb1a94","hashSHA256":"91458092f822b247770c7a356ff58307cf4af3738b713fa89bd38c24d2311b09","digitalCertThumbprint":"347240ECC751AB91D4BA3282DC67ACC9A36D1128","digitalCertIssuer":"CN=COMODO RSA Extended Validation Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", O=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", STREET=\"Chaoyang North Road 199, MOMA Building 1901, Chaoyang District\", L=Beijing, PostalCode=100026, C=CN, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=CN, SERIALNUMBER=911101056717485703","sourceIndex":"1564","avBlockList":["360 Total Security (20241031)","Avast Premium Security (20241031)","AVG Internet Security (20241031)","Avira Internet Security (20241031)","Bitdefender Internet Security (20241031)","COMODO Antivirus (20241031)","Dr.Web Security Space (20241031)","ESET Internet Security (20241031)","G DATA INTERNET SECURITY (20241031)","K7 Total Security (20241031)","Kaspersky Internet Security (20220616)","Malwarebytes Premium (20241031)","McAfee Total Protection (20241031)","Norton Security (20241031)","Panda Dome (20241031)","Quick Heal Internet Security (20241031)","Sophos Home Premium (20241031)","SpyHunter5 (20241031)","Total AV Antivirus Pro (20241031)","Trend Micro Internet Security (20241031)","VIPRE Advanced Security (20241031)","VirIT eXplorer PRO (20241031)","Webroot SecureAnywhere (20241031)","Windows Defender (20241031)","FortectPremium (20241031)","KasperskyPremium (20241031)"],"avAllowList":["Tencent PC Manager (20220616)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.search: FAEMedia","reference":"","landingPage":"https://free-audio-editor.com/easyvideoswitch/","directDownloadingLink":"https://free-audio-editor.com/EasyVideoSwitch.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://free-audio-editor.com/EasyVideoSwitch.exe","sourceIndex":"1564"}],"sampleFiles":["220608/EasyVideoSwitch-220608/10.1.2.5/Samples/EasyVideoSwitch.exe","220608/EasyVideoSwitch-220608/10.1.2.5/Samples/EasyVideoSwitch-setup.exe"],"imageFiles":["220608/EasyVideoSwitch-220608/10.1.2.5/Images/ACR-109/ACR-109_039_048_RKSetup.jpg","220608/EasyVideoSwitch-220608/10.1.2.5/Images/ACR-039/ACR-109_039_048_RKSetup.jpg","220608/EasyVideoSwitch-220608/10.1.2.5/Images/ACR-047/ACR-004_083_RKUpdatePrompt-2.jpg","220608/EasyVideoSwitch-220608/10.1.2.5/Images/ACR-047/ACR-048_004_083_RKUpdatePrompt.jpg","220608/EasyVideoSwitch-220608/10.1.2.5/Images/ACR-048/ACR-109_039_048_RKSetup.jpg","220608/EasyVideoSwitch-220608/10.1.2.5/Images/ACR-010/RelevantKnowledge.jpg","220608/EasyVideoSwitch-220608/10.1.2.5/Images/ACR-004/ACR-004_083_RKUpdatePrompt-2.jpg","220608/EasyVideoSwitch-220608/10.1.2.5/Images/ACR-004/ACR-048_004_083_RKUpdatePrompt.jpg","220608/EasyVideoSwitch-220608/10.1.2.5/Images/ACR-083/ACR-004_083_RKUpdatePrompt-2.jpg","220608/EasyVideoSwitch-220608/10.1.2.5/Images/ACR-083/ACR-048_004_083_RKUpdatePrompt.jpg","220608/EasyVideoSwitch-220608/10.1.2.5/Images/ACR-048/ACR-048_004_083_RKUpdatePrompt.jpg","220608/EasyVideoSwitch-220608/10.1.2.5/Images/ACR-003/ACR-004_083_RKUpdatePrompt-2.jpg","220608/EasyVideoSwitch-220608/10.1.2.5/Images/ACR-003/ACR-048_004_083_RKUpdatePrompt.jpg","220608/EasyVideoSwitch-220608/10.1.2.5/Images/ACR-118/ACR-118_Remnants.jpg","220608/EasyVideoSwitch-220608/10.1.2.5/Images/ACR-057/RelevantKnowledge.jpg","220608/EasyVideoSwitch-220608/10.1.2.5/Images/ACR-059/RelevantKnowledge.jpg","220608/EasyVideoSwitch-220608/10.1.2.5/Images/ACR-071/RelevantKnowledge.jpg","220608/EasyVideoSwitch-220608/10.1.2.5/Images/ACR-155/RelevantKnowledge.jpg","220608/EasyVideoSwitch-220608/10.1.2.5/Images/ACR-047/ACR-004_083_RKUpdatePrompt-2.jpg","220608/EasyVideoSwitch-220608/10.1.2.5/Images/ACR-047/ACR-048_004_083_RKUpdatePrompt.jpg"],"nonDeceptorImageFiles":["220608/EasyVideoSwitch-220608/10.1.2.5/Images/ACR-002/ACR-002_InconsistentAppVersion.jpg","220608/EasyVideoSwitch-220608/10.1.2.5/Images/ACR-106/RelevantKnowledge.jpg","220608/EasyVideoSwitch-220608/10.1.2.5/Images/ACR-002/ACR-002_InconsistentAppVersion.jpg"],"guid":"a56aa10b-5f9b-4f9e-91ee-621666f61a7b_10.1.2.5_1","appID":"EasyVideoSwitch-220608","dateAdded":"241029","deceptorType":"App","name":"Easy Video Switch","company":"FAEMedia","version":"10.1.2.5","lastKnownStatus":"10.1.2.5;10.1.3.0","lastKnownDate":"241029","type":"Windows Executable","category":"SysTools & Utilities, Media editors","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"cross-sell other apps,sold in bundle","lastUpdate":"2024-10-29T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":441},{"violations":{"ACR-004":"The app only cleans 500 megabytes off of the disk, then it requires the user to pay to continue cleaning the disk.\n"},"nonDeceptorViolations":{"ACR-045":"\"Free Download\" highlights \"Free\" misleads user. The functionality that requires consumer payment in order to be activated needs to be marked clearly in landing page. Otherwise app should remove \"free\" word.\n","ACR-065":"The app's install does not display links to the EULA or Terms of Service, Returns and Cancellation Policy, or Privacy Policy.\nThe app does not display links to the EULA or Terms of Service, Returns and Cancellation Policy, or Privacy Policy.\nThe landing page does not display links to the EULA or Terms of Service, or Returns and Cancellation Policy.\n","ACR-161":"The landing offer page has testimonials that have no links back to a source so consumers can verify if they're real.\n","ACR-099":"The app does not display links to uninstall information. \nThe landing page does not display links to uninstall information.\nThe internal offers page does not display links to uninstall information.\n"},"samples":[{"isRevoked":"False","fileName":"Mac Cleaner","fileVersion":"0.","hashMD5":"d8c14b9a4ee3425460b4a104ea5a54b0","hashSHA1":"1d714d05a6e8bbf321af6f74d8e5cc932e8f957e","hashSHA256":"c85e8f0422e171d6cc49e3fe735c2a7d95d248f498456ad9219e023311865e61","sourceIndex":"1816","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"mac-cleaner.dmg","isInstaller":"True","fileVersion":"0.","hashMD5":"52ba52bd50ab2c6f2e9e943f4a07037b","hashSHA1":"4c37e5b91909c07561f90e7c3d670d6950a458ff","hashSHA256":"72a873b631cdfab8efdb04a574021c8d76d7860b6b58a6ed34e23d57d1c3540a","sourceIndex":"1816","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"","landingPage":"https://www.aiseesoft.com/mac-cleaner/","directDownloadingLink":"https://www.aiseesoft.com/downloads/mac/mac-cleaner.dmg","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.aiseesoft.com/downloads/mac/mac-cleaner.dmg","sourceIndex":"1816"}],"sampleFiles":["200921/AiseesoftMacCleaner-190510/3.0.18/Samples/Mac Cleaner","200921/AiseesoftMacCleaner-190510/3.0.18/Samples/mac-cleaner.dmg"],"imageFiles":["200921/AiseesoftMacCleaner-190510/3.0.18/Images/ACR-004/Mac Cleaner_Interactions [1].png"],"nonDeceptorImageFiles":["200921/AiseesoftMacCleaner-190510/3.0.18/Images/ACR-045/Mac Cleaner_LandingPage [1].png","200921/AiseesoftMacCleaner-190510/3.0.18/Images/ACR-161/Mac Cleaner_LandingPage [2].png","200921/AiseesoftMacCleaner-190510/3.0.18/Images/ACR-099/Mac Cleaner_About [1].png","200921/AiseesoftMacCleaner-190510/3.0.18/Images/ACR-065/Mac Cleaner_Install [1].png","200921/AiseesoftMacCleaner-190510/3.0.18/Images/ACR-065/Mac Cleaner_About [1].png","200921/AiseesoftMacCleaner-190510/3.0.18/Images/ACR-065/Mac Cleaner_LandingPage [3].png","200921/AiseesoftMacCleaner-190510/3.0.18/Images/ACR-099/Mac Cleaner_LandingPage [3].png","200921/AiseesoftMacCleaner-190510/3.0.18/Images/ACR-099/Mac Cleaner_OfferPage [1].png"],"guid":"4b10fbc1-e409-4b4e-a1dd-3d660f4b26a8_3.0.18_1","appID":"AiseesoftMacCleaner-190510","dateAdded":"241029","deceptorType":"MacOS App","name":"Mac Cleaner","company":"Aiseesoft Studio","version":"3.0.18","lastKnownStatus":"Deceptor:3.0.10;3.0.12;3.0.16;3.0.18;3.0.20","lastKnownDate":"241029","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2024-10-29T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":5,"sortOrder":443},{"violations":{"ACR-004":"The app only cleans 500 megabytes off of the disk, then it requires the user to pay to continue cleaning the disk.\n"},"nonDeceptorViolations":{"ACR-045":"\"Free Download\" highlights \"Free\" misleads user. The functionality that requires consumer payment in order to be activated needs to be marked clearly in landing page. Otherwise app should remove \"free\" word.\n","ACR-065":"The app's install does not display links to the EULA, Terms of Service, Returns and Cancellation Policy, or Privacy Policy.\nThe app does not display links to the EULA, Terms of Service, Returns and Cancellation Policy, or Privacy Policy.\nThe landing page does not display links to the EULA, Terms of Service, or Returns and Cancellation Policy.\n","ACR-099":"The app does not display links to uninstall information. \nThe landing page does not display links to uninstall information.\nThe internal offers page does not display links to uninstall information.\n"},"samples":[{"isRevoked":"False","fileName":"mac-cleaner.dmg","isInstaller":"True","fileVersion":"0.","hashMD5":"93e43462ad6481a406d4d93fd6500004","hashSHA1":"72a40a712f0b5d55a7078bc055de994c3372af5c","hashSHA256":"6a99b0672f1b71f1bc3c90702f3f4a4a0f7836dde0710fcae0e4c271d598e425","sourceIndex":"2436","avBlockList":["Avast Security for Mac (20201110)","Avira Security for Mac (20201110)","ESET Cyber Security Pro for Mac (20201110)","K7 Antivirus for Mac (20201110)","McAfee Internet Security for Mac (20201110)","Norton Security for Mac (20201110)","Sophos Home Premium For Mac (20201110)","Trend Micro Antivirus for Mac (20201110)"],"avAllowList":["Bitdefender Antivirus for Mac (20201110)","G DATA AntiVirus for Mac (20201110)","Kaspersky Internet Security for Mac (20201110)"]},{"isRevoked":"False","fileName":"Mac Cleaner","fileVersion":"0.","hashMD5":"facfe65bb97e7064852bee180f7bd42e","hashSHA1":"5d8c16cf88cdb2863ca21a991ac183a9584371d2","hashSHA256":"e0374d320d79dbe521ba112d897407788136d93f9002ea42e8f69ec7185d3559","sourceIndex":"2436","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"https://www.aiseesoft.com/mac-cleaner/","landingPage":"https://www.aiseesoft.com/mac-cleaner/","directDownloadingLink":"https://www.aiseesoft.com/downloads/mac/mac-cleaner.dmg","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.aiseesoft.com/downloads/mac/mac-cleaner.dmg","sourceIndex":"2436"}],"sampleFiles":["200520/AiseesoftMacCleaner-190510/3.0.16/Samples/mac-cleaner.dmg","200520/AiseesoftMacCleaner-190510/3.0.16/Samples/Mac Cleaner"],"imageFiles":["200520/AiseesoftMacCleaner-190510/3.0.16/Images/ACR-004/Mac Cleaner_Interaction [1].png","200520/AiseesoftMacCleaner-190510/3.0.16/Images/ACR-004/Mac Cleaner_OfferPage [2].png","200520/AiseesoftMacCleaner-190510/3.0.16/Images/ACR-004/Mac Cleaner_OfferPage [3].png"],"nonDeceptorImageFiles":["200520/AiseesoftMacCleaner-190510/3.0.16/Images/ACR-045/Mac Cleaner_LandingPage [4].png","200520/AiseesoftMacCleaner-190510/3.0.16/Images/ACR-099/Mac Cleaner_About [1].png","200520/AiseesoftMacCleaner-190510/3.0.16/Images/ACR-099/Mac Cleaner_Interaction [2].png","200520/AiseesoftMacCleaner-190510/3.0.16/Images/ACR-099/Mac Cleaner_Interaction [3].png","200520/AiseesoftMacCleaner-190510/3.0.16/Images/ACR-065/Mac Cleaner_Install [1].png","200520/AiseesoftMacCleaner-190510/3.0.16/Images/ACR-065/Mac Cleaner_Interaction [2].png","200520/AiseesoftMacCleaner-190510/3.0.16/Images/ACR-065/Mac Cleaner_Interaction [3].png","200520/AiseesoftMacCleaner-190510/3.0.16/Images/ACR-065/Mac Cleaner_LandingPage [1].png","200520/AiseesoftMacCleaner-190510/3.0.16/Images/ACR-065/Mac Cleaner_LandingPage [2].png","200520/AiseesoftMacCleaner-190510/3.0.16/Images/ACR-065/Mac Cleaner_LandingPage [3].png","200520/AiseesoftMacCleaner-190510/3.0.16/Images/ACR-099/Mac Cleaner_LandingPage [1].png","200520/AiseesoftMacCleaner-190510/3.0.16/Images/ACR-099/Mac Cleaner_LandingPage [2].png","200520/AiseesoftMacCleaner-190510/3.0.16/Images/ACR-099/Mac Cleaner_LandingPage [3].png","200520/AiseesoftMacCleaner-190510/3.0.16/Images/ACR-099/Mac Cleaner_OfferPage [2].png","200520/AiseesoftMacCleaner-190510/3.0.16/Images/ACR-099/Mac Cleaner_OfferPage [3].png"],"guid":"4b10fbc1-e409-4b4e-a1dd-3d660f4b26a8_3.0.16_1","appID":"AiseesoftMacCleaner-190510","dateAdded":"241029","deceptorType":"MacOS App","name":"Mac Cleaner","company":"Aiseesoft Studio","version":"3.0.16","sigName":"Deceptor:MacOS/MacCleaner!004","lastKnownStatus":"Deceptor:3.0.10;3.0.12;3.0.16;3.0.18;3.0.20","lastKnownDate":"241029","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2024-10-29T00:00:00+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":5,"sortOrder":444},{"violations":{"ACR-046":"The app is automatically installed on the computer without providing disclosures and options beforehand.\n","ACR-004":"The app only cleans 500 megabytes off of the disk, then it requires the user to pay to continue cleaning the disk.\n"},"nonDeceptorViolations":{"ACR-065":"The install does not display links to the EULA, Terms of Service, Returns and Cancellation Policy, or Privacy Policy.\nThe app does not display links to the EULA, Terms of Service, Returns and Cancellation Policy, or Privacy Policy.\nThe landing page does not display links to the EULA, Terms of Service, or Returns and Cancellation Policy.\n","ACR-099":"The app does not display uninstall information.\nThe landing page does not display links to uninstall information.\nThe internal offers page does not display links to uninstall information.\n"},"samples":[{"isRevoked":"False","fileName":"Mac Cleaner","fileVersion":"0.","hashMD5":"a33a792f6f3106582f20bb37f4fcb108","hashSHA1":"bd5950be6a07a68784d7a6db9fb263ef52bb0781","hashSHA256":"81e177333bb13d306f07bcff75ee85d0490215cb3975b714d6ea1592b05e50c4","sourceIndex":"2577","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"mac-cleaner.dmg","isInstaller":"True","fileVersion":"0.","hashMD5":"4faa59af445b9e8442e81772ed3bf5d2","hashSHA1":"144792362bc36344bf10316d17819b746b6c2dd7","hashSHA256":"7dc3b7915ff7fe5c03203e6b4318e78f84a9fd1cfbe75ef955902ec4325c2f24","sourceIndex":"2577","avBlockList":["Avast Security for Mac (20200227)","Avira Security for Mac (20200227)","Bitdefender Antivirus for Mac (20200227)","ESET Cyber Security Pro for Mac (20200227)","G DATA AntiVirus for Mac (20200227)","Kaspersky Internet Security for Mac (20200227)","McAfee Internet Security for Mac (20200227)","Sophos Home Premium For Mac (20200227)","Trend Micro Antivirus for Mac (20200227)"],"avAllowList":["K7 Antivirus for Mac (20200227)","Norton Security for Mac (20200227)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"","landingPage":"https://www.aiseesoft.com/mac-cleaner/","directDownloadingLink":"https://www.aiseesoft.com/downloads/mac/mac-cleaner.dmg","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.aiseesoft.com/downloads/mac/mac-cleaner.dmg","sourceIndex":"2577"}],"sampleFiles":["200123/AiseesoftMacCleaner-190510/3.0.12/Samples/Mac Cleaner","200123/AiseesoftMacCleaner-190510/3.0.12/Samples/mac-cleaner.dmg"],"imageFiles":["200123/AiseesoftMacCleaner-190510/3.0.12/Images/ACR-046/Mac Cleaner ACR-046.gif","200123/AiseesoftMacCleaner-190510/3.0.12/Images/ACR-046/Mac Cleaner Install.png","200123/AiseesoftMacCleaner-190510/3.0.12/Images/ACR-004/Mac Cleaner ACR-004.gif"],"nonDeceptorImageFiles":["200123/AiseesoftMacCleaner-190510/3.0.12/Images/ACR-099/About Page.png","200123/AiseesoftMacCleaner-190510/3.0.12/Images/ACR-065/Mac Cleaner Install.png","200123/AiseesoftMacCleaner-190510/3.0.12/Images/ACR-065/Mac Cleaner Bottom of Landing Page.png","200123/AiseesoftMacCleaner-190510/3.0.12/Images/ACR-099/Mac Cleaner Bottom of Landing Page.png","200123/AiseesoftMacCleaner-190510/3.0.12/Images/ACR-099/MacCleaner Internal Offers.png"],"guid":"4b10fbc1-e409-4b4e-a1dd-3d660f4b26a8_3.0.12_1","appID":"AiseesoftMacCleaner-190510","dateAdded":"241029","deceptorType":"MacOS App","name":"Mac Cleaner","company":"Aiseesoft Studio","version":"3.0.12","sigName":"Deceptor:MacOS/AiseesoftMacCleaner!046004","lastKnownStatus":"Deceptor:3.0.10;3.0.12;3.0.16;3.0.18;3.0.20","lastKnownDate":"241029","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2024-10-29T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":5,"sortOrder":445},{"violations":{"ACR-046":"The install has no options.\n","ACR-004":"The app only cleans 500 megabytes off of the disk, then it requires the user to pay to continue cleaning the disk.\n"},"nonDeceptorViolations":{"ACR-065":"The install does not display links to the EULA, the Returns and Cancellation Policy, or the Privacy Policy.\nThe app does not display links to the EULA, the Returns and Cancellation Policy, or the Privacy Policy.\nThe landing page does not display links to the EULA or the Returns and Cancellation Policy.\n","ACR-099":"The app does not display uninstall information.\nThe landing page does not display links to uninstall information.\nThe internal offers page does not display links to uninstall information.\n"},"samples":[{"isRevoked":"False","fileName":"Mac Cleaner","fileVersion":"0.","hashMD5":"","hashSHA1":"","hashSHA256":"b2851043ca9423483e2adde7527698fcc81da219af78a6ab3c8321473b090ab7","sourceIndex":"3074","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"mac-cleaner.dmg","isInstaller":"True","fileVersion":"0.","hashMD5":"","hashSHA1":"","hashSHA256":"51eaf3f06a460cf6c87705d7d21c1546489775e08b6af5fb9082bb0cab164563","sourceIndex":"3074","avBlockList":["Avast Security for Mac (20200227)","Avira Security for Mac (20200227)","Bitdefender Antivirus for Mac (20200227)","ESET Cyber Security Pro for Mac (20200227)","G DATA AntiVirus for Mac (20200227)","McAfee Internet Security for Mac (20200227)","Sophos Home Premium For Mac (20200227)"],"avAllowList":["K7 Antivirus for Mac (20200227)","Kaspersky Internet Security for Mac (20200227)","Norton Security for Mac (20200227)","Trend Micro Antivirus for Mac (20200227)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"","landingPage":"https://www.aiseesoft.com/mac-cleaner/","directDownloadingLink":"https://www.aiseesoft.com/downloads/mac/mac-cleaner.dmg","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.aiseesoft.com/downloads/mac/mac-cleaner.dmg","sourceIndex":"3074"}],"sampleFiles":["190511/AiseesoftMacCleaner-190510/3.0.10/Samples/Mac Cleaner","190511/AiseesoftMacCleaner-190510/3.0.10/Samples/mac-cleaner.dmg"],"imageFiles":["190511/AiseesoftMacCleaner-190510/3.0.10/Images/ACR-046/MacCleaner Install.png","190511/AiseesoftMacCleaner-190510/3.0.10/Images/ACR-004/MacCleaner Trial Version.png","190511/AiseesoftMacCleaner-190510/3.0.10/Images/ACR-004/MacCleaner Before Internal Offers Page.png","190511/AiseesoftMacCleaner-190510/3.0.10/Images/ACR-004/MacCleaner Internal Offers Page.png"],"nonDeceptorImageFiles":["190511/AiseesoftMacCleaner-190510/3.0.10/Images/ACR-099/MacCleaner About Page.png","190511/AiseesoftMacCleaner-190510/3.0.10/Images/ACR-065/MacCleaner Install.png","190511/AiseesoftMacCleaner-190510/3.0.10/Images/ACR-065/MacCleaner About Page.png","190511/AiseesoftMacCleaner-190510/3.0.10/Images/ACR-065/MacCleaner Bottom of Landing Page.png","190511/AiseesoftMacCleaner-190510/3.0.10/Images/ACR-099/MacCleaner Bottom of Landing Page.png","190511/AiseesoftMacCleaner-190510/3.0.10/Images/ACR-099/MacCleaner Bottom of Internal Offers Page.png"],"guid":"4b10fbc1-e409-4b4e-a1dd-3d660f4b26a8_3.0.10_1","appID":"AiseesoftMacCleaner-190510","dateAdded":"241029","deceptorType":"MacOS App","name":"Mac Cleaner","company":"Aiseesoft Studio","version":"3.0.10","sigName":"Deceptor:MacOS/AiseesoftMacCleaner!004046","lastKnownStatus":"Deceptor:3.0.10;3.0.12;3.0.16;3.0.18;3.0.20","lastKnownDate":"241029","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2024-10-29T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":5,"sortOrder":446},{"violations":{"ACR-004":"The app only cleans 500 megabytes off of the disk, then it requires the user to pay to continue cleaning the disk.\n"},"nonDeceptorViolations":{"ACR-045":"\"Free Download\" highlights \"Free\" misleads user. The functionality that requires consumer payment in order to be activated needs to be marked clearly in landing page. Otherwise app should remove \"free\" word.\n","ACR-065":"The app's install does not display links to the EULA or Terms of Service, Returns and Cancellation Policy, or Privacy Policy.\nThe app does not display links to the EULA or Terms of Service, Returns and Cancellation Policy, or Privacy Policy.\nThe landing page does not display links to the EULA or Terms of Service, or Returns and Cancellation Policy.\nThe internal offer page does not display links to the EULA or Terms of Service, or Returns and Cancellation Policy.\n","ACR-161":"The landing offer page has testimonials that have no links back to a source so consumers can verify if they're real.\n","ACR-099":"The app does not display links to uninstall information. \nThe landing page does not display links to uninstall information.\nThe internal offers page does not display links to uninstall information.\n"},"samples":[{"isRevoked":"False","fileName":"Mac%20Cleaner","fileVersion":"0.","hashMD5":"15c031908a9eb65258deadd62187644a","hashSHA1":"f407b31cc62ab161c629147cbc62c1ea97febaa2","hashSHA256":"87cb52dc95a2becbaab4d867513b92262aff3111d9d82251556db3bb3ddb5446","sourceIndex":"449","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"mac-cleaner.dmg","isInstaller":"True","fileVersion":"0.","hashMD5":"2edcef04bb90e29ec4166dc82e8eb066","hashSHA1":"790f372620585c856a7eda4dde3be8dae76f5b82","hashSHA256":"88a0d87cff1b0d18509e536184206762f135a409a83a5b83640469b1e638f4a7","sourceIndex":"449","avBlockList":["ESET Cyber Security Pro for Mac (20250114)","Sophos Home Premium For Mac (20250114)","SpyHunterforMac (20250114)","Trend Micro Antivirus for Mac (20250114)"],"avAllowList":["Avast Security for Mac (20250114)","Avira Security for Mac (20250114)","Bitdefender Antivirus for Mac (20250114)","G DATA AntiVirus for Mac (20250114)","K7 Antivirus for Mac (20250114)","Kaspersky Internet Security for Mac (20250114)","McAfee Internet Security for Mac (20250114)","Norton Security for Mac (20250114)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"","landingPage":"https://www.aiseesoft.com/mac-cleaner/","directDownloadingLink":"https://www.aiseesoft.com/downloads/mac/mac-cleaner.dmg","ipv4":"","ipv6":"","landingPageWildChar":"https://download.aiseesoft.com/mac/mac-cleaner.dmg?_gl=1*1rqh2ic*_ga*MzAwNDUzOTg3LjE3Mjk4NDc4MTg.*_ga_M4E51HTXR8*MTcyOTk4ODU2NS4yLjAuMTcyOTk4ODU2NS4wLjAuMA..","directDownloadingLinkWildChar":"https://www.aiseesoft.com/downloads/mac/mac-cleaner.dmg","sourceIndex":"449"}],"sampleFiles":["241029/AiseesoftMacCleaner-190510/3.0.20/Samples/Mac%20Cleaner","241029/AiseesoftMacCleaner-190510/3.0.20/Samples/mac-cleaner.dmg"],"imageFiles":["241029/AiseesoftMacCleaner-190510/3.0.20/Images/ACR-004/App9.png"],"nonDeceptorImageFiles":["241029/AiseesoftMacCleaner-190510/3.0.20/Images/ACR-045/LandingPage2.png","241029/AiseesoftMacCleaner-190510/3.0.20/Images/ACR-045/LandingPage4.png","241029/AiseesoftMacCleaner-190510/3.0.20/Images/ACR-161/LandingPage3.png","241029/AiseesoftMacCleaner-190510/3.0.20/Images/ACR-099/App5.png","241029/AiseesoftMacCleaner-190510/3.0.20/Images/ACR-065/install.png","241029/AiseesoftMacCleaner-190510/3.0.20/Images/ACR-065/App5.png","241029/AiseesoftMacCleaner-190510/3.0.20/Images/ACR-065/LandingPage1.png","241029/AiseesoftMacCleaner-190510/3.0.20/Images/ACR-065/Purchase Mac Cleaner.png","241029/AiseesoftMacCleaner-190510/3.0.20/Images/ACR-099/LandingPage1.png","241029/AiseesoftMacCleaner-190510/3.0.20/Images/ACR-099/Purchase Mac Cleaner.png"],"guid":"4b10fbc1-e409-4b4e-a1dd-3d660f4b26a8_3.0.20_1","appID":"AiseesoftMacCleaner-190510","dateAdded":"241029","deceptorType":"MacOS App","name":"Mac Cleaner","company":"Aiseesoft Studio","version":"3.0.20","lastKnownStatus":"Deceptor:3.0.10;3.0.12;3.0.16;3.0.18;3.0.20","lastKnownDate":"241029","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2026-05-12T22:59:47.6039669+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":5,"sortOrder":442},{"violations":{"ACR-003":"\nThe application makes unsubstantiated claims about system health by showing that the system has problems but requires the user to pay to fix the problems.\n","ACR-004":"The app exaggerates the system status, does not provide free fixes for free scan results, and attempts to raise urgency for the user to register and purchase the app.\n"},"nonDeceptorViolations":{"ACR-065":"The app's install does not show any links to the EULA, Returns and Cancellation Policy, or the Privacy Policy.\nApp's about page does not contain any links to the EULA, Returns and Cancellation Policy, or the Privacy Policy.\nThere are no links on the the landing page that show the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThere are no links on the internal offers page that show the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\n","ACR-161":"The app's landing page shows testimonials that cannot be verified.\n","ACR-099":"The app's internal offers page does not display links to uninstall information.\n"},"samples":[{"isRevoked":"False","fileName":"MacBooster 7","companyName":"IObit","productName":"MacBooster 7","productVersion":"7.2.5","fileVersion":"0.","hashMD5":"f2a53be12a4d849541cc8325fe8bc5bd","hashSHA1":"5c57542968b1544cef4e2fde1cec5e753b400267","hashSHA256":"f334c1bc7be17c0b0f4e9147a53432c39090c6abfe5ae98815ed3220fc865b3d","sourceIndex":"2923","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"MacBooster_7.dmg","isInstaller":"True","companyName":"IObit","productName":"MacBooster 7","productVersion":"7.2.5","fileVersion":"0.","hashMD5":"8e869d71a9057559088d4a13baec4f2b","hashSHA1":"c8ac12f26ec93dfe61d2fbbb6bdc7cdfa416ab01","hashSHA256":"83d9e9da5755de2cbaa6edcc21f1489b6ef02a139fc150ba2e97a87dff2f3e56","sourceIndex":"2923","avBlockList":["Avast Security for Mac (20220614)","Avira Security for Mac (20220614)","Bitdefender Antivirus for Mac (20220614)","ESET Cyber Security Pro for Mac (20220614)","G DATA AntiVirus for Mac (20220614)","K7 Antivirus for Mac (20220614)","Kaspersky Internet Security for Mac (20220614)","McAfee Internet Security for Mac (20220614)","Norton Security for Mac (20220614)","Sophos Home Premium For Mac (20220614)","Trend Micro Antivirus for Mac (20220614)"],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.search","reference":"Google search \"speed up my mac\"","landingPage":"http://www.macbooster.net/","directDownloadingLink":"http://download.iobit.com/mac/MacBooster_7.dmg","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://download.iobit.com/mac/MacBooster_7.dmg","sourceIndex":"2923"}],"sampleFiles":["190805/MacBooster7-190415/7.2.5/Samples/MacBooster 7","190805/MacBooster7-190415/7.2.5/Samples/MacBooster_7.dmg"],"imageFiles":["190805/MacBooster7-190415/7.2.5/Images/ACR-003/Mac Booster 7 Activation Screen.png","190805/MacBooster7-190415/7.2.5/Images/ACR-004/Mac Booster 7 ACR004.gif"],"nonDeceptorImageFiles":["190805/MacBooster7-190415/7.2.5/Images/ACR-065/Install Screen Mac Booster 7.png","190805/MacBooster7-190415/7.2.5/Images/ACR-065/Mac Booster 7 About Page.png","190805/MacBooster7-190415/7.2.5/Images/ACR-065/Mac Booster 7 Landing Page.png","190805/MacBooster7-190415/7.2.5/Images/ACR-065/Mac Booster 7 Internal Offers Page.png","190805/MacBooster7-190415/7.2.5/Images/ACR-161/MacBooster User Review 1.png","190805/MacBooster7-190415/7.2.5/Images/ACR-161/User Review Screen Mac Booster 7.png","190805/MacBooster7-190415/7.2.5/Images/ACR-099/Mac Booster 7 Internal Offers Page.png"],"guid":"f66879af-110a-42af-bd2e-0a770ed1d76d_7.2.5_1","appID":"MacBooster7-190415","dateAdded":"241024","deceptorType":"MacOS App","name":"MacBooster","company":"IOBit","version":"7.2.5","sigName":"Deceptor:MacOS/MacBooster7!003004","lastKnownStatus":"8.0.1;8.0.2;8.0.3;8.0.4;8.0.5;8.1.0;8.2.0","lastKnownDate":"241024","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2024-10-24T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":9,"sortOrder":455},{"violations":{"ACR-109":"The app downloads \"rk_setup.exe\", a RelevantKnowledge file without the consumer's consent.\n","ACR-047":"After the app is installed, it prompts the user with an \"Important!\" message to use a \"new version to avoid malfunctions\". This installs the same version of the app and re-runs the install and the offers that the consumer has previously declined.\n","ACR-048":"The \"Decline\" button does not have any control but still drops a RelevantKnowledge file “rk_setup.exe”.\nThe app does not provide an option to close the update prompt and cancel the startup of its own.\n","ACR-010":"The app bundler distributes the deceptor application. The offer in this bundler, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control.\n","ACR-083":"The app attempts to present the offer repeatedly via its update and startup. \n","ACR-084":"The app creates a startup entry without the user's knowledge and consent.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components along with a \"curl-ca-bundle.crt\" on the device without the consumer's consent or notifying the user.\n","ACR-122":"The app displays a notification stating \"Update recommended\" which downloads the app and asks the user to install it by displaying the install prompt. This scenario is observed after uninstall and reboot.\n","ACR-057":"The app bundles the \"Relevant Knowledge\" offer which does not allow the consumer to decline the offer. \n","ACR-071":"The \"Relevant Knowledge\" offer cannot be declined independently as the installation is unable to proceed when attempting to decline the offer. Thus it forces the user to, only accept the offer and proceed with the installation.\n","ACR-075":"After the app is installed, it prompts the user with an \"Important!\" message to use a \"new version to avoid malfunctions\". This installs the same version of the app and re-runs the install and the offers that the consumer has previously declined. \n","ACR-014":"The app misleads users that they need to install an update while actually, it tries to install the pre-declined component by the user during the install. \n","ACR-059":"The Offer is not clearly marked as an offer. It is unclear who is recommending the offer.\n","ACR-155":"Offers are designed to look like part of the install workflow. \n"},"nonDeceptorViolations":{"ACR-106":"App offers deceptive application 'Relevant Knowledge market survey'.\n","ACR-092":"The app does not have a digital signature for the main executable: \"FreeISOCreateWizard.exe\"\n","ACR-123":"The app does not remove its startup item even after uninstall.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\Free ISO Create Wizard\\FreeISOCreateWizard.exe","companyName":"","productName":"","productVersion":"","fileVersion":"","hashMD5":"08254eaf47cf7a477d85baf69b03ca28","hashSHA1":"9697d226b7bdb0f8315dcda74b94613c4f4fa5ea","hashSHA256":"73aaf0f16d049b6faa300ddcd47f4077e439c2e43926c51f9ee4ee8bc704e35a","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"497","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\Free ISO Create Wizard\\goup.exe","companyName":"","productName":"","productVersion":"1.0.0.0","fileVersion":"1.0.0.0","hashMD5":"b58001b7a3d8a4d2947b632accc613a0","hashSHA1":"4265de99ff08ce7170724cf56b6e3d87f211290d","hashSHA256":"0f0d36ef8b4de954e930fe85dc4e48fd83d2a2785a5a59cab4b3469afcb47989","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"497","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"FreeISOCreateWizard.exe","isInstaller":"True","companyName":"FreeAudioVideoSoftTech Inc.                                ","productName":"Free ISO Create Wizard                                      ","productVersion":"                                                  ","fileVersion":"                    ","hashMD5":"1e8f79b0f990a61b2ceb462448521ef8","hashSHA1":"bfbabc5244dd6e73d22afa7b0b17d1826cb21d65","hashSHA256":"e288a3bcc8708f99111b35b679bed124a93274946be615ed9eeb7d76ac2cd87f","digitalCertThumbprint":"347240ECC751AB91D4BA3282DC67ACC9A36D1128","digitalCertIssuer":"COMODO RSA Extended Validation Code Signing CA","digitalCertIssuedTo":"Beijing Qingruan Creative Information Technology Co. Ltd.","storeId":"","sourceIndex":"497","avBlockList":["360 Total Security (20250109)","Avast Premium Security (20250109)","AVG Internet Security (20250109)","Avira Internet Security (20250109)","Bitdefender Internet Security (20250109)","COMODO Antivirus (20250109)","Dr.Web Security Space (20250109)","ESET Internet Security (20250109)","G DATA INTERNET SECURITY (20250109)","K7 Total Security (20250109)","Kaspersky Internet Security (20220609)","Malwarebytes Premium (20250109)","McAfee Total Protection (20250109)","Norton Security (20250109)","Panda Dome (20250109)","Quick Heal Internet Security (20250109)","Sophos Home Premium (20250109)","SpyHunter5 (20250109)","Total AV Antivirus Pro (20250109)","VIPRE Advanced Security (20250109)","VirIT eXplorer PRO (20250109)","Webroot SecureAnywhere (20250109)","Windows Defender (20250109)","FortectPremium (20250109)","KasperskyPremium (20250109)"],"avAllowList":["Tencent PC Manager (20220609)","Trend Micro Internet Security (20250109)"]},{"isRevoked":"False","fileName":"FreeISOCreateWizard_241022.exe","isInstaller":"True","companyName":"FreeAudioVideoSoftTech, Inc.                                ","fileVersion":"0.0","hashMD5":"6d3dca47fd74df5323a574edef1dde3d","hashSHA1":"33b490fd0e92040cf3144f5c6e17ac7c07e458ab","hashSHA256":"e3d358ee498dd7f4915976b37ff30e050260d81b4ae20671a39de93c08daf1c6","sourceIndex":"497","avBlockList":["360 Total Security (20250116)","Avast Premium Security (20250116)","AVG Internet Security (20250116)","Avira Internet Security (20250116)","Bitdefender Internet Security (20250116)","COMODO Antivirus (20250116)","Dr.Web Security Space (20250116)","ESET Internet Security (20250116)","FortectPremium (20250116)","G DATA INTERNET SECURITY (20250116)","K7 Total Security (20250116)","KasperskyPremium (20250116)","Malwarebytes Premium (20250116)","McAfee Total Protection (20250116)","Norton Security (20250116)","Panda Dome (20250116)","Quick Heal Internet Security (20250116)","Sophos Home Premium (20250116)","SpyHunter5 (20250116)","Total AV Antivirus Pro (20250116)","VIPRE Advanced Security (20250116)","VirIT eXplorer PRO (20250116)","Webroot SecureAnywhere (20250116)","Windows Defender (20250116)"],"avAllowList":["Trend Micro Internet Security (20250116)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt on FreeAudioVideoSoftTech products","reference":"","landingPage":"https://www.freeaudiovideosoft.com/utilities-for-windows/free-iso-creater/","directDownloadingLink":"www.freeaudiovideosoft.com/files/FreeISOCreateWizard.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"www.freeaudiovideosoft.com/files/FreeISOCreateWizard.exe","sourceIndex":"497"}],"sampleFiles":["241024/freeisocreatewizard-220606/8.8.2.4/Samples/FreeISOCreateWizard.exe","241024/freeisocreatewizard-220606/8.8.2.4/Samples/FreeISOCreateWizard_241022.exe"],"imageFiles":["241024/freeisocreatewizard-220606/8.8.2.4/Images/ACR-109/ACR-109_Install_Drops_Third_Party.jpg","241024/freeisocreatewizard-220606/8.8.2.4/Images/ACR-047/ACR-047_Install.mp4","241024/freeisocreatewizard-220606/8.8.2.4/Images/ACR-048/ACR-048_Install_No_Control_To_Decline.jpg","241024/freeisocreatewizard-220606/8.8.2.4/Images/ACR-010/ACR-010_Software_Bundles_Deceptor.jpg","241024/freeisocreatewizard-220606/8.8.2.4/Images/ACR-083/ACR-083_Software.jpg","241024/freeisocreatewizard-220606/8.8.2.4/Images/ACR-083/ACR-083_Software_1.jpg","241024/freeisocreatewizard-220606/8.8.2.4/Images/ACR-084/ACR-084_Software.jpg","241024/freeisocreatewizard-220606/8.8.2.4/Images/ACR-048/ACR-048_Software.jpg","241024/freeisocreatewizard-220606/8.8.2.4/Images/ACR-048/ACR-048_Software_1.jpg","241024/freeisocreatewizard-220606/8.8.2.4/Images/ACR-014/ACR-014_Software.jpg","241024/freeisocreatewizard-220606/8.8.2.4/Images/ACR-014/ACR-014_Software.mp4","241024/freeisocreatewizard-220606/8.8.2.4/Images/ACR-118/ACR-118_Uninstall.jpg","241024/freeisocreatewizard-220606/8.8.2.4/Images/ACR-118/ACR-118_Uninstall_1.JPG","241024/freeisocreatewizard-220606/8.8.2.4/Images/ACR-122/ACR-122_Uninstall.jpg","241024/freeisocreatewizard-220606/8.8.2.4/Images/ACR-075/ACR-075_Bundler-MadeOffers.mp4","241024/freeisocreatewizard-220606/8.8.2.4/Images/ACR-057/ACR-057_Bundler-MadeOffers.jpg","241024/freeisocreatewizard-220606/8.8.2.4/Images/ACR-059/ACR-059_Bundler-MadeOffers.jpg","241024/freeisocreatewizard-220606/8.8.2.4/Images/ACR-071/ACR-071_Bundler-MadeOffers.jpg","241024/freeisocreatewizard-220606/8.8.2.4/Images/ACR-155/ACR-155_Bundler-MadeOffers.jpg"],"nonDeceptorImageFiles":["241024/freeisocreatewizard-220606/8.8.2.4/Images/ACR-106/ACR-106_Software_Bundles_Deceptor.jpg","241024/freeisocreatewizard-220606/8.8.2.4/Images/ACR-092/ACR-092_Software.jpg","241024/freeisocreatewizard-220606/8.8.2.4/Images/ACR-123/ACR-123_Uninstall.jpg"],"guid":"d72f7d56-30e1-4718-a92d-549ac67e1f19_8.8.2.4_1","appID":"freeisocreatewizard-220606","dateAdded":"241024","deceptorType":"App","name":"Free ISO Create Wizard","company":"FreeAudioVideoSoftTech, Inc.","version":"8.8.2.4","lastKnownStatus":"8.8.2.4","lastKnownDate":"241024","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2024-10-24T08:56:38.3534046+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":459},{"violations":{"ACR-010":"The app distributes deceptor application. The offer in this app, the Relevant Knowledge market survey application without proper controls in user's system. https://customer.appesteem.com/deceptors?q=RelevantKnowledge-201010\n\n","ACR-013":"Application doesn't obtain the explicit informed user consent for running RK setup. The \"next\" misleads user that it is required for continue installation. It is misleadingly presented as mandatory component that user has to agree for install the application.\n","ACR-155":"Offers are designed to look like part of the install workflow. \n\n"},"nonDeceptorViolations":{"ACR-106":"App offers deceptive application 'Relevant Knowledge market survey'. \nhttps://customer.appesteem.com/deceptors?q=RelevantKnowledge-201010\n"},"samples":[{"isRevoked":"False","fileName":"FreemoreOCR.exe","isInstaller":"True","companyName":"FreeMoreSoft, Inc.                                          ","fileVersion":"0.0","hashMD5":"12a397ade3267fa26d87e3c60fcc2e9b","hashSHA1":"b0778e39ea4d7f98bd5427fe3239f156a4ba9da8","hashSHA256":"942671988b62118f32eeb5f18e1a6e48cd3f52f578830f6eda3d4adb8144bb2d","sourceIndex":"568","avBlockList":["360 Total Security (20250109)","Avast Premium Security (20250109)","AVG Internet Security (20250109)","Avira Internet Security (20250109)","Bitdefender Internet Security (20250109)","COMODO Antivirus (20250109)","Dr.Web Security Space (20250109)","ESET Internet Security (20250109)","FortectPremium (20250109)","G DATA INTERNET SECURITY (20250109)","K7 Total Security (20250109)","KasperskyPremium (20250109)","Malwarebytes Premium (20250109)","McAfee Total Protection (20250109)","Norton Security (20250109)","Panda Dome (20250109)","Quick Heal Internet Security (20250109)","Sophos Home Premium (20250109)","SpyHunter5 (20250109)","Total AV Antivirus Pro (20250109)","VIPRE Advanced Security (20250109)","VirIT eXplorer PRO (20250109)","Webroot SecureAnywhere (20250109)"],"avAllowList":["Trend Micro Internet Security (20250109)","Windows Defender (20250109)"]}],"additionalFiles":[],"sources":[{"howFound":"Review existing deceptor","reference":"","landingPage":"https://freemoresoft.com/freeocr/index.php ","directDownloadingLink":"http://www.freemoresoft.com/FreemoreOCR.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://www.freemoresoft.com/FreemoreOCR.exe","sourceIndex":"568"}],"sampleFiles":["240827/FreemoreOCR-220613/08.07.2024/Samples/FreemoreOCR.exe"],"imageFiles":["240827/FreemoreOCR-220613/08.07.2024/Images/ACR-010/ACR-010_Install_1.png","240827/FreemoreOCR-220613/08.07.2024/Images/ACR-010/ACR-010_Install_2.png","240827/FreemoreOCR-220613/08.07.2024/Images/ACR-013/ACR-013_Install_1.png","240827/FreemoreOCR-220613/08.07.2024/Images/ACR-013/ACR-013_Install_2.png","240827/FreemoreOCR-220613/08.07.2024/Images/ACR-155/ACR-155_Bundler-made offers_1.png","240827/FreemoreOCR-220613/08.07.2024/Images/ACR-155/ACR-155_Bundler-made offers_2.png"],"nonDeceptorImageFiles":["240827/FreemoreOCR-220613/08.07.2024/Images/ACR-106/ACR-106_Software_1.png"],"guid":"59407c30-232a-4cc9-bdd7-c009b5477d6e_08.07.2024_1","appID":"FreemoreOCR-220613","dateAdded":"241024","deceptorType":"App","name":"Freemore OCR","company":"FreeMoreSoft, Inc.","version":"08.07.2024","lastKnownStatus":"10.8.2.4;08.07.2024","lastKnownDate":"241024","type":"Windows Executable","category":"Productivity, Bundlers & Downloaders","targetOS":"Windows 10,Windows 11","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"install offers","lastUpdate":"2024-10-24T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":458},{"violations":{"ACR-109":"The app downloads \"spt_setup.exe\", a RelevantKnowledge file before disclosure and without the consumer's consent.\n\n","ACR-047":"The App presents the untruthful message that application needs to update, instead it attempts to re-run the application to present the declined offer again.  \n\nThe App presents the untruthful message that application needs to update, instead it attempts to re-run the application to present the declined offer again.  \n\n","ACR-048":"The \"Decline\" button does not have any control. Despite declining RelevantKnowledge app, it is still downloaded RelevantKnowledge file “spt_setup.exe” nevertheless.\n\nUnable to close the update prompt. \n\n","ACR-003":"The App misleads consumer they need to run update. There is no newer build, instead, it attempts to run the installer and present the declined offers again.\n\n","ACR-004":"The app prompts untruthful message that upgrade is needed whenever user launches the app. The \"Update\" downloads nothing new, sometimes it leads to download the component(s) that user declined during install procedure, for example, it connected to dpd.securestudies.com and attempted to download user internet behavior program from Relevant Knowledge. \n\n","ACR-010":"The app distributes deceptor application. The offer in this app, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control. \n\n","ACR-083":"The App attempts to present the offer repeatedly via its update and startup.\n\n","ACR-118":"Upon uninstallation, it retains some executables and many of its other components along with a \"curl-ca-bundle.crt\" on the device without user's knowledge. \n\n","ACR-057":"The app bundles the \"Relevant Knowledge\" offer which does not allow the consumer to decline the offer. \n\n","ACR-071":"It attempts to force the acceptance of \"Relevant Knowledge\" by graying out the Next button when the user choose to Decline. Thus, forcing the user to only accept the offer and proceed with the installation.\n\n","ACR-059":"Offer not clearly marked as an offer. Instead, it is presented as a component of the carrier.\n\n","ACR-039":"There is no clear indications of the relationship to the installer application. RelevantKnowledge is presented as part of the installer application. Despite declining RelevantKnowledge app, it still downloaded RelevantKnowledge file “spt_setup.exe” regardless.\n\n","ACR-155":"Offers are designed to look like part of the install workflow. \n\n"},"nonDeceptorViolations":{"ACR-002":"The App's version is inconsistent between App interaction and its install (version10.8.2.4 vs version10.8.1) \n\nThe App's version is inconsistent between App interaction and its install (version10.8.2.4 vs version10.8.1) \n","ACR-106":"App offers deceptive application 'Relevant Knowledge market survey'. \n\n"},"samples":[{"isRevoked":"False","fileName":"FreemoreOCR_3-PNk41.exe","isInstaller":"True","fileVersion":"3.33","hashMD5":"1bd6b27e21341fd6ad6fc48dfe407610","hashSHA1":"0e8a9411446b5fbef66570d7fa81ecaeb6706da2","hashSHA256":"462b515b56b289161c11a454475ab68be7d9e8be97d33b5fec51e7cb065eaa19","digitalCertThumbprint":"E323A663BC722856F054FADEE2B07EA215692ED4","digitalCertIssuer":"CN=Sectigo Public Code Signing CA EV R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=\"Beijing QingSoft Creative Information Technology Co., Ltd.\", O=\"Beijing QingSoft Creative Information Technology Co., Ltd.\", L=Beijing, C=CN, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=CN, SERIALNUMBER=911101056717485703","sourceIndex":"489","avBlockList":["Avast Premium Security (20250121)","AVG Internet Security (20250121)","Avira Internet Security (20250121)","Bitdefender Internet Security (20250121)","COMODO Antivirus (20250121)","Dr.Web Security Space (20250121)","ESET Internet Security (20250121)","G DATA INTERNET SECURITY (20250121)","K7 Total Security (20250121)","Kaspersky Internet Security (20220616)","Malwarebytes Premium (20250121)","McAfee Total Protection (20250121)","Norton Security (20250121)","Panda Dome (20250121)","Quick Heal Internet Security (20250121)","Sophos Home Premium (20250121)","SpyHunter5 (20250121)","Total AV Antivirus Pro (20250121)","Trend Micro Internet Security (20250121)","VIPRE Advanced Security (20250121)","VirIT eXplorer PRO (20250121)","Webroot SecureAnywhere (20250121)","Windows Defender (20250121)","FortectPremium (20250121)","KasperskyPremium (20250121)"],"avAllowList":["360 Total Security (20250121)","Tencent PC Manager (20220616)"]},{"isRevoked":"False","fileName":"FreemoreOCR.exe","fileVersion":"0.0","hashMD5":"8416de38390c16a0e3989e14dec05b73","hashSHA1":"c27608fcd80e396f5360a4d4afdb39943638ccfe","hashSHA256":"5973aeda541b52f0357cbb0fbffd3f33fb4775c0d34081e1fb3570c17e5f58e7","sourceIndex":"489","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"FreemoreOCR_241023.exe","isInstaller":"True","companyName":"FreeMoreSoft, Inc.                                          ","fileVersion":"0.0","hashMD5":"12a397ade3267fa26d87e3c60fcc2e9b","hashSHA1":"b0778e39ea4d7f98bd5427fe3239f156a4ba9da8","hashSHA256":"942671988b62118f32eeb5f18e1a6e48cd3f52f578830f6eda3d4adb8144bb2d","sourceIndex":"489","avBlockList":["360 Total Security (20250109)","Avast Premium Security (20250109)","AVG Internet Security (20250109)","Avira Internet Security (20250109)","Bitdefender Internet Security (20250109)","COMODO Antivirus (20250109)","Dr.Web Security Space (20250109)","ESET Internet Security (20250109)","FortectPremium (20250109)","G DATA INTERNET SECURITY (20250109)","K7 Total Security (20250109)","KasperskyPremium (20250109)","Malwarebytes Premium (20250109)","McAfee Total Protection (20250109)","Norton Security (20250109)","Panda Dome (20250109)","Quick Heal Internet Security (20250109)","Sophos Home Premium (20250109)","SpyHunter5 (20250109)","Total AV Antivirus Pro (20250109)","VIPRE Advanced Security (20250109)","VirIT eXplorer PRO (20250109)","Webroot SecureAnywhere (20250109)"],"avAllowList":["Trend Micro Internet Security (20250109)","Windows Defender (20250109)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.search: free media downloads *FreeMoreSoft, Inc.","reference":"","landingPage":"https://freemoresoft.com/freeocr/index.php ","directDownloadingLink":"http://www.freemoresoft.com/FreemoreOCR.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://www.freemoresoft.com/FreemoreOCR.exe","sourceIndex":"489"}],"sampleFiles":["241024/FreemoreOCR-220613/10.8.2.4/Samples/FreemoreOCR_3-PNk41.exe","241024/FreemoreOCR-220613/10.8.2.4/Samples/FreemoreOCR.exe","241024/FreemoreOCR-220613/10.8.2.4/Samples/FreemoreOCR_241023.exe"],"imageFiles":["241024/FreemoreOCR-220613/10.8.2.4/Images/ACR-109/ACR-109_039_048_RKsetup.jpg","241024/FreemoreOCR-220613/10.8.2.4/Images/ACR-039/ACR-109_039_048_RKsetup.jpg","241024/FreemoreOCR-220613/10.8.2.4/Images/ACR-047/ACR-003_004_047_083_RKUpdate-2.jpg","241024/FreemoreOCR-220613/10.8.2.4/Images/ACR-047/ACR-048_RKpdatePrompt.jpg","241024/FreemoreOCR-220613/10.8.2.4/Images/ACR-048/ACR-109_039_048_RKsetup.jpg","241024/FreemoreOCR-220613/10.8.2.4/Images/ACR-010/RelevantKnowledge.jpg","241024/FreemoreOCR-220613/10.8.2.4/Images/ACR-004/ACR-003_004_047_083_RKUpdate-2.jpg","241024/FreemoreOCR-220613/10.8.2.4/Images/ACR-004/ACR-048_RKpdatePrompt.jpg","241024/FreemoreOCR-220613/10.8.2.4/Images/ACR-083/ACR-003_004_047_083_RKUpdate-2.jpg","241024/FreemoreOCR-220613/10.8.2.4/Images/ACR-083/ACR-048_RKpdatePrompt.jpg","241024/FreemoreOCR-220613/10.8.2.4/Images/ACR-048/ACR-048_RKpdatePrompt.jpg","241024/FreemoreOCR-220613/10.8.2.4/Images/ACR-003/ACR-003_004_047_083_RKUpdate-2.jpg","241024/FreemoreOCR-220613/10.8.2.4/Images/ACR-003/ACR-048_RKpdatePrompt.jpg","241024/FreemoreOCR-220613/10.8.2.4/Images/ACR-118/ACR-118_Remnants.jpg","241024/FreemoreOCR-220613/10.8.2.4/Images/ACR-057/RelevantKnowledge.jpg","241024/FreemoreOCR-220613/10.8.2.4/Images/ACR-059/RelevantKnowledge.jpg","241024/FreemoreOCR-220613/10.8.2.4/Images/ACR-071/RelevantKnowledge.jpg","241024/FreemoreOCR-220613/10.8.2.4/Images/ACR-155/RelevantKnowledge.jpg","241024/FreemoreOCR-220613/10.8.2.4/Images/ACR-047/ACR-003_004_047_083_RKUpdate-2.jpg","241024/FreemoreOCR-220613/10.8.2.4/Images/ACR-047/ACR-048_RKpdatePrompt.jpg"],"nonDeceptorImageFiles":["241024/FreemoreOCR-220613/10.8.2.4/Images/ACR-002/ACR-002_InconsistentAppVersion.jpg","241024/FreemoreOCR-220613/10.8.2.4/Images/ACR-106/RelevantKnowledge.jpg","241024/FreemoreOCR-220613/10.8.2.4/Images/ACR-002/ACR-002_InconsistentAppVersion.jpg"],"guid":"59407c30-232a-4cc9-bdd7-c009b5477d6e_10.8.2.4_1","appID":"FreemoreOCR-220613","dateAdded":"241024","deceptorType":"App","name":"Freemore OCR","company":"FreeMoreSoft, Inc.","version":"10.8.2.4","lastKnownStatus":"10.8.2.4;08.07.2024","lastKnownDate":"241024","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","monetization":"cross-sell other apps,sold in bundle","lastUpdate":"2024-10-24T09:11:31.8442996+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":457},{"violations":{"ACR-109":"The app downloads \"spt_setup.exe\", a RelevantKnowledge file before disclosure and without the consumer's consent.\n\n","ACR-047":"The App presents the untruthful message that application needs to update, instead it attempts to re-run the application to present the declined offer again.  \n\nThe App presents the untruthful message that application needs to update, instead it attempts to re-run the application to present the declined offer again.  \n\n","ACR-048":"The \"Decline\" button does not have any control. Despite declining RelevantKnowledge app, it still downloaded RelevantKnowledge file “spt_setup.exe” regardless.\n\nUnable to close the update prompt. \n\n","ACR-003":"The App misleads consumer they need to run update. There is no newer build, instead, it attempts to run the installer and present the declined offers again.\n\n","ACR-004":"The app prompts untruthful message that upgrade is needed whenever user launches the app. The \"Update\" downloads nothing new, sometimes it leads to download the component(s) that user declined during install procedure, for example, it connected to dpd.securestudies.com and attempted to download user internet behavior program from Relevant Knowledge. \n\n","ACR-010":"The app distributes deceptor application. The offer in this app, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control. \n\n","ACR-083":"The App attempts to present the offer repeatedly via its update and startup.\n\n","ACR-118":"After uninstall, it retains some executables and many of its other components along with a \"curl-ca-bundle.crt\" on the device without user's knowledge. \n\n","ACR-057":"The app bundles the \"Relevant Knowledge\" offer which does not allow the consumer to decline the offer. \n\n","ACR-071":"It attempts to force the acceptance of \"Relevant Knowledge\" by graying out the Next button when the user choose to Decline. Thus, forcing the user to only accept the offer and proceed with the installation.\n\n","ACR-059":"Offer not clearly marked as an offer. Instead, it is presented as a component of the carrier.\n\n","ACR-039":"There is no clear indications of the relationship to the installer application. RelevantKnowledge is presented as part of the installer application. Despite declining RelevantKnowledge app, it still downloaded RelevantKnowledge file “spt_setup.exe” regardless.\n\n","ACR-155":"Offers are designed to look like part of the install workflow. \n\n"},"nonDeceptorViolations":{"ACR-002":"The App's version is inconsistent between App interaction and its install (version 8.8.2.4 vs version 8.8.1) \n\nThe App's version is inconsistent between App interaction and its install (version 8.8.2.4 vs version 8.8.1) \n\n","ACR-106":"App offers deceptive application 'Relevant Knowledge market survey'. \n\n"},"samples":[{"isRevoked":"False","fileName":"FreeShortcutRemover.exe","fileVersion":"0.0","hashMD5":"07db83c6284edba8f14c90f176ddab47","hashSHA1":"810fbceb17cefc09c1ffcd7e5232e1aff985e523","hashSHA256":"096bf20ef0107b979ca6e85dcc0682c06275b1e686c5abb97d4cc0f6baaa39c6","sourceIndex":"496","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"FreeShortcutRemover_gDpP-f1.exe","companyName":"Beijing Aviation Trust Intellectual Property Consulting Co.,","productName":"Beijing Aviation Trust Intellectual Property Consulting Co.,","fileVersion":"3.33.1    ","hashMD5":"1bd6b27e21341fd6ad6fc48dfe407610","hashSHA1":"0e8a9411446b5fbef66570d7fa81ecaeb6706da2","hashSHA256":"462b515b56b289161c11a454475ab68be7d9e8be97d33b5fec51e7cb065eaa19","digitalCertThumbprint":"E323A663BC722856F054FADEE2B07EA215692ED4","digitalCertIssuer":"CN=Sectigo Public Code Signing CA EV R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=\"Beijing QingSoft Creative Information Technology Co., Ltd.\", O=\"Beijing QingSoft Creative Information Technology Co., Ltd.\", L=Beijing, C=CN, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=CN, SERIALNUMBER=911101056717485703","sourceIndex":"496","avBlockList":["Avast Premium Security (20250121)","AVG Internet Security (20250121)","Avira Internet Security (20250121)","Bitdefender Internet Security (20250121)","COMODO Antivirus (20250121)","Dr.Web Security Space (20250121)","ESET Internet Security (20250121)","G DATA INTERNET SECURITY (20250121)","K7 Total Security (20250121)","Kaspersky Internet Security (20220616)","Malwarebytes Premium (20250121)","McAfee Total Protection (20250121)","Norton Security (20250121)","Panda Dome (20250121)","Quick Heal Internet Security (20250121)","Sophos Home Premium (20250121)","SpyHunter5 (20250121)","Total AV Antivirus Pro (20250121)","Trend Micro Internet Security (20250121)","VIPRE Advanced Security (20250121)","VirIT eXplorer PRO (20250121)","Webroot SecureAnywhere (20250121)","Windows Defender (20250121)","FortectPremium (20250121)","KasperskyPremium (20250121)"],"avAllowList":["360 Total Security (20250121)","Tencent PC Manager (20220616)"]},{"isRevoked":"False","fileName":"FreeShortcutRemover-setup.exe","isInstaller":"True","companyName":"FreeShortcutRemover Co., Ltd.                               ","productName":"Free Shortcut Remover   ","fileVersion":"0.0","hashMD5":"eb847e3d00eccaa60f2770ac79b67c70","hashSHA1":"06ff883b30d409cb6c1b65355e7c425a5a1c0937","hashSHA256":"420ebea562718fdad62fdd32c0659bdd064297c557af37768aefff2214c40c2f","digitalCertThumbprint":"347240ECC751AB91D4BA3282DC67ACC9A36D1128","digitalCertIssuer":"CN=COMODO RSA Extended Validation Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", O=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", STREET=\"Chaoyang North Road 199, MOMA Building 1901, Chaoyang District\", L=Beijing, PostalCode=100026, C=CN, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=CN, SERIALNUMBER=911101056717485703","sourceIndex":"496","avBlockList":["360 Total Security (20250109)","Avast Premium Security (20250109)","AVG Internet Security (20250109)","Avira Internet Security (20250109)","Bitdefender Internet Security (20250109)","COMODO Antivirus (20250109)","Dr.Web Security Space (20250109)","ESET Internet Security (20250109)","G DATA INTERNET SECURITY (20250109)","K7 Total Security (20250109)","Kaspersky Internet Security (20220728)","Malwarebytes Premium (20250109)","McAfee Total Protection (20250109)","Norton Security (20250109)","Panda Dome (20250109)","Quick Heal Internet Security (20250109)","Sophos Home Premium (20250109)","SpyHunter5 (20250109)","Total AV Antivirus Pro (20250109)","VIPRE Advanced Security (20250109)","VirIT eXplorer PRO (20250109)","Webroot SecureAnywhere (20250109)","Windows Defender (20250109)","FortectPremium (20250109)","KasperskyPremium (20250109)"],"avAllowList":["Tencent PC Manager (20220728)","Trend Micro Internet Security (20250109)"]},{"isRevoked":"False","fileName":"FreeShortcutRemover_241022.exe","isInstaller":"True","companyName":"FreeShortcutRemover Co., Ltd.                               ","fileVersion":"0.0","hashMD5":"771b1f7889c46fcd83c23256afe1da9c","hashSHA1":"b377f348b06529f78bee68d64b54d805f33b6d1b","hashSHA256":"14fa2a7049d15b80e6c2f05d764c472907a52a29329f2c37b4d83938b9b1e4ab","sourceIndex":"496","avBlockList":["360 Total Security (20250116)","Avast Premium Security (20250116)","AVG Internet Security (20250116)","Avira Internet Security (20250116)","Bitdefender Internet Security (20250116)","COMODO Antivirus (20250116)","Dr.Web Security Space (20250116)","ESET Internet Security (20250116)","FortectPremium (20250116)","G DATA INTERNET SECURITY (20250116)","K7 Total Security (20250116)","KasperskyPremium (20250116)","Malwarebytes Premium (20250116)","McAfee Total Protection (20250116)","Norton Security (20250116)","Panda Dome (20250116)","Quick Heal Internet Security (20250116)","Sophos Home Premium (20250116)","SpyHunter5 (20250116)","Total AV Antivirus Pro (20250116)","Trend Micro Internet Security (20250116)","VIPRE Advanced Security (20250116)","VirIT eXplorer PRO (20250116)","Webroot SecureAnywhere (20250116)"],"avAllowList":["Windows Defender (20250116)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.search: Free tools","reference":"","landingPage":"https://www.shortcutremover.com/","directDownloadingLink":"http://www.shortcutremover.com/FreeShortcutRemover.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://www.shortcutremover.com/FreeShortcutRemover.exe","sourceIndex":"496"}],"sampleFiles":["241024/FreeShortcutRemover-220607/8.8.1/Samples/FreeShortcutRemover.exe","241024/FreeShortcutRemover-220607/8.8.1/Samples/FreeShortcutRemover_gDpP-f1.exe","241024/FreeShortcutRemover-220607/8.8.1/Samples/FreeShortcutRemover-setup.exe","241024/FreeShortcutRemover-220607/8.8.1/Samples/FreeShortcutRemover_241022.exe"],"imageFiles":["241024/FreeShortcutRemover-220607/8.8.1/Images/ACR-109/ACR-109_048_RKSetup.jpg","241024/FreeShortcutRemover-220607/8.8.1/Images/ACR-039/ACR-109_048_039_RKSetup.jpg","241024/FreeShortcutRemover-220607/8.8.1/Images/ACR-047/ACR-048_004_083_UpdatePrompt.jpg","241024/FreeShortcutRemover-220607/8.8.1/Images/ACR-047/ACR-047_RerunRK.jpg","241024/FreeShortcutRemover-220607/8.8.1/Images/ACR-048/ACR-109_048_RKSetup.jpg","241024/FreeShortcutRemover-220607/8.8.1/Images/ACR-010/RelevantKnowledge.jpg","241024/FreeShortcutRemover-220607/8.8.1/Images/ACR-004/ACR-004_083_RKUpdatePrompt.jpg","241024/FreeShortcutRemover-220607/8.8.1/Images/ACR-004/ACR-048_004_083_UpdatePrompt.jpg","241024/FreeShortcutRemover-220607/8.8.1/Images/ACR-083/ACR-004_083_RKUpdatePrompt.jpg","241024/FreeShortcutRemover-220607/8.8.1/Images/ACR-083/ACR-048_004_083_UpdatePrompt.jpg","241024/FreeShortcutRemover-220607/8.8.1/Images/ACR-048/ACR-048_004_083_UpdatePrompt.jpg","241024/FreeShortcutRemover-220607/8.8.1/Images/ACR-003/ACR-048_004_083_UpdatePrompt.jpg","241024/FreeShortcutRemover-220607/8.8.1/Images/ACR-003/ACR-047_RerunRK.jpg","241024/FreeShortcutRemover-220607/8.8.1/Images/ACR-118/ACR-118_Remnants.jpg","241024/FreeShortcutRemover-220607/8.8.1/Images/ACR-057/RelevantKnowledge.jpg","241024/FreeShortcutRemover-220607/8.8.1/Images/ACR-059/RelevantKnowledge.jpg","241024/FreeShortcutRemover-220607/8.8.1/Images/ACR-071/RelevantKnowledge.jpg","241024/FreeShortcutRemover-220607/8.8.1/Images/ACR-155/RelevantKnowledge.jpg","241024/FreeShortcutRemover-220607/8.8.1/Images/ACR-047/ACR-048_004_083_UpdatePrompt.jpg","241024/FreeShortcutRemover-220607/8.8.1/Images/ACR-047/ACR-047_RerunRK.jpg"],"nonDeceptorImageFiles":["241024/FreeShortcutRemover-220607/8.8.1/Images/ACR-002/ACR-002_InconsistentVersions.jpg","241024/FreeShortcutRemover-220607/8.8.1/Images/ACR-106/RelevantKnowledge.jpg","241024/FreeShortcutRemover-220607/8.8.1/Images/ACR-002/ACR-002_InconsistentVersions.jpg"],"guid":"73bf5654-97b2-42b2-b6d3-2be40a477c44_8.8.1_1","appID":"FreeShortcutRemover-220607","dateAdded":"241024","deceptorType":"App","name":"Free Shortcut Remover","company":"FreeShortcutRemover Co., Ltd.","version":"8.8.1","lastKnownStatus":"8.8.1","lastKnownDate":"241024","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10,Windows Server","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"sold in bundle,cross-sell other apps","lastUpdate":"2024-10-24T09:01:01.4717932+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":456},{"violations":{"ACR-109":"The app downloads \"spt_setup.exe\", a RelevantKnowledge file without the consumer's consent.\n","ACR-047":"When the reboot is attempted after installation, it displays a prompt to the user with an \"Update recommended\" message. This installs the same version of the app and re-runs the install and the offers that the consumer has previously declined.\n","ACR-048":"The \"Decline\" button does not have any control but still drops a RelevantKnowledge file “spt_setup.exe”.\nThe app does not provide control to remove the startup item that it created.\n","ACR-010":"The app bundler distributes deceptor application. The offer in this bundler, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control.\nThe app shows the \"https://www.freeaudiovideosoft.com/\" link on the app's about page where all the apps that are listed under the website contain deceptive behavior. \n","ACR-083":"The app attempts to present the offer repeatedly via its update and startup.\n","ACR-084":"The app creates a startup entry without the consumer's knowledge and consent.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains many of its components along with a \"curl-ca-bundle.crt\" on the device without the consumer's consent or notifying the user.\n","ACR-122":"The app displays a notification stating \"Update recommended\" which downloads the app and asks the user to install it by displaying the install prompt. This scenario is observed after uninstall and reboot.\n","ACR-057":"The app bundles the \"Relevant Knowledge\" offer which does not allow the consumer to decline the offer.\n","ACR-071":"The \"Relevant Knowledge\" offer cannot be declined independently as the installation is unable to proceed when attempting to decline the offer. Thus it forces the user to, only accept the offer and proceed with the installation.\n","ACR-075":"When the reboot is attempted after installation, it displays a prompt to the user with an \"Update Recommended\" message. This installs the same version of the app and re-runs the install and the offers that the consumer has previously declined.\n","ACR-014":"When the reboot is attempted after installation, it displays a prompt that misleads users that they need to install an update while actually, it tries to install the pre-declined component by the user during the install.\n","ACR-059":"The Offer is not clearly marked as an offer. It is unclear who is recommending the offer.\n","ACR-155":"Offers are designed to look like part of the install workflow.\n"},"nonDeceptorViolations":{"ACR-106":"App offers deceptive application 'Relevant Knowledge market survey'.\n","ACR-092":"The app does not have a digital signature for its main executable \"AllFreePDFtoJPGConverter.exe\".\n","ACR-123":"The app does not remove its startup item after uninstall even after reboot.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\All Free PDF to JPG Converter\\AllFreePDFtoJPGConverter.exe","companyName":"","productName":"","productVersion":"","fileVersion":"","hashMD5":"8416de38390c16a0e3989e14dec05b73","hashSHA1":"c27608fcd80e396f5360a4d4afdb39943638ccfe","hashSHA256":"5973aeda541b52f0357cbb0fbffd3f33fb4775c0d34081e1fb3570c17e5f58e7","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"493","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"AllFreePDFtoJPGConverter.exe","isInstaller":"True","companyName":"AllFreeVideoSoft Co. Ltd.                                  ","productName":"All Free PDF to JPG Converter                               ","productVersion":"                                                  ","fileVersion":"                    ","hashMD5":"968bb005bb0c5e9ffaffa84858a1d862","hashSHA1":"798c76c54fb59c714ca5a7d6019c8e9e61c2b388","hashSHA256":"ea7d3812a88096a965d4a4ed0f247ca432235bc0f9fbaa0033940aa7a7c49747","digitalCertThumbprint":"347240ECC751AB91D4BA3282DC67ACC9A36D1128","digitalCertIssuer":"COMODO RSA Extended Validation Code Signing CA","digitalCertIssuedTo":"Beijing Qingruan Creative Information Technology Co. Ltd.","storeId":"","sourceIndex":"493","avBlockList":["360 Total Security (20250109)","Avast Premium Security (20250109)","AVG Internet Security (20250109)","Avira Internet Security (20250109)","Bitdefender Internet Security (20250109)","COMODO Antivirus (20250109)","Dr.Web Security Space (20250109)","ESET Internet Security (20250109)","G DATA INTERNET SECURITY (20250109)","K7 Total Security (20250109)","Kaspersky Internet Security (20220616)","Malwarebytes Premium (20250109)","McAfee Total Protection (20250109)","Norton Security (20250109)","Panda Dome (20250109)","Quick Heal Internet Security (20250109)","Sophos Home Premium (20250109)","SpyHunter5 (20250109)","Total AV Antivirus Pro (20250109)","Trend Micro Internet Security (20250109)","VIPRE Advanced Security (20250109)","VirIT eXplorer PRO (20250109)","Webroot SecureAnywhere (20250109)","Windows Defender (20250109)","FortectPremium (20250109)","KasperskyPremium (20250109)"],"avAllowList":["Tencent PC Manager (20220616)"]},{"isRevoked":"False","fileName":"AllFreePDFtoJPGConverter_241022.exe","isInstaller":"True","companyName":"AllFreeVideoSoft Co., Ltd.                                  ","fileVersion":"0.0","hashMD5":"d033c24378d63037fe3c9a97f19d1774","hashSHA1":"207f0b3c5fc0db4daf594731206b3172ca7f95e2","hashSHA256":"d6fc778b09559ae655b725800c9af46fabc235af9841c58130b8a602b12bcd97","sourceIndex":"493","avBlockList":["360 Total Security (20250116)","Avast Premium Security (20250116)","AVG Internet Security (20250116)","Avira Internet Security (20250116)","Bitdefender Internet Security (20250116)","COMODO Antivirus (20250116)","Dr.Web Security Space (20250116)","ESET Internet Security (20250116)","FortectPremium (20250116)","G DATA INTERNET SECURITY (20250116)","K7 Total Security (20250116)","KasperskyPremium (20250116)","Malwarebytes Premium (20250116)","McAfee Total Protection (20250116)","Norton Security (20250116)","Panda Dome (20250116)","Quick Heal Internet Security (20250116)","Sophos Home Premium (20250116)","SpyHunter5 (20250116)","Total AV Antivirus Pro (20250116)","VIPRE Advanced Security (20250116)","VirIT eXplorer PRO (20250116)","Webroot SecureAnywhere (20250116)","Windows Defender (20250116)"],"avAllowList":["Trend Micro Internet Security (20250116)"]}],"additionalFiles":[],"sources":[{"howFound":"Relevant Knowledge apps","reference":"","landingPage":"https://www.allfreevideoconverter.com/freepdftojpgconverter/index.html","directDownloadingLink":"https://www.allfreevideoconverter.com/download/AllFreePDFtoJPGConverter.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.allfreevideoconverter.com/download/AllFreePDFtoJPGConverter.exe","sourceIndex":"493"}],"sampleFiles":["241024/allfreepdftojpgconverter-220609/8.8.1/Samples/AllFreePDFtoJPGConverter.exe","241024/allfreepdftojpgconverter-220609/8.8.1/Samples/AllFreePDFtoJPGConverter_241022.exe"],"imageFiles":["241024/allfreepdftojpgconverter-220609/8.8.1/Images/ACR-109/ACR-109_1.JPG","241024/allfreepdftojpgconverter-220609/8.8.1/Images/ACR-047/ACR-047.mp4","241024/allfreepdftojpgconverter-220609/8.8.1/Images/ACR-048/ACR-048.JPG","241024/allfreepdftojpgconverter-220609/8.8.1/Images/ACR-010/ACR-010_Install_Bundles_Deceptive_App.JPG","241024/allfreepdftojpgconverter-220609/8.8.1/Images/ACR-083/ACR-083_1.mp4","241024/allfreepdftojpgconverter-220609/8.8.1/Images/ACR-083/ACR-083_2.JPG","241024/allfreepdftojpgconverter-220609/8.8.1/Images/ACR-084/ACR-084_1.JPG","241024/allfreepdftojpgconverter-220609/8.8.1/Images/ACR-048/ACR-048_Software_1.JPG","241024/allfreepdftojpgconverter-220609/8.8.1/Images/ACR-048/ACR-048_Software_2.JPG","241024/allfreepdftojpgconverter-220609/8.8.1/Images/ACR-010/ACR-010_1.JPG","241024/allfreepdftojpgconverter-220609/8.8.1/Images/ACR-010/ACR-010_2.JPG","241024/allfreepdftojpgconverter-220609/8.8.1/Images/ACR-014/ACR-014_1.mp4","241024/allfreepdftojpgconverter-220609/8.8.1/Images/ACR-118/ACR-118_1.JPG","241024/allfreepdftojpgconverter-220609/8.8.1/Images/ACR-118/ACR-118_2.JPG","241024/allfreepdftojpgconverter-220609/8.8.1/Images/ACR-118/ACR-118_3.JPG","241024/allfreepdftojpgconverter-220609/8.8.1/Images/ACR-122/ACR-122_1.JPG","241024/allfreepdftojpgconverter-220609/8.8.1/Images/ACR-075/ACR-075_1.mp4","241024/allfreepdftojpgconverter-220609/8.8.1/Images/ACR-057/ACR-057_1.JPG","241024/allfreepdftojpgconverter-220609/8.8.1/Images/ACR-059/ACR-059_1.JPG","241024/allfreepdftojpgconverter-220609/8.8.1/Images/ACR-071/ACR-071_1.JPG","241024/allfreepdftojpgconverter-220609/8.8.1/Images/ACR-155/ACR-155_1.JPG"],"nonDeceptorImageFiles":["241024/allfreepdftojpgconverter-220609/8.8.1/Images/ACR-106/ACR-106.JPG","241024/allfreepdftojpgconverter-220609/8.8.1/Images/ACR-092/ACR-092_1.JPG","241024/allfreepdftojpgconverter-220609/8.8.1/Images/ACR-123/ACR-123_1.JPG"],"guid":"5d0800e5-cff9-4126-a43b-969168237bcf_8.8.1_1","appID":"allfreepdftojpgconverter-220609","dateAdded":"241024","deceptorType":"App","name":"All Free PDF to JPG Converter","company":"AllFreeVideoSoft Co., Ltd.","version":"8.8.1","lastKnownStatus":"8.8.1","lastKnownDate":"241024","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2024-10-24T09:05:24.0344178+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":462},{"violations":{"ACR-004":"The app exaggerates the system status, does not provide free fixes for free scan results, attempts to raise urgency for user to register and purchase the app.\n"},"nonDeceptorViolations":{"ACR-065":"The app's install does not show any links to the EULA, Returns and Cancellation Policy, or the Privacy Policy.\nApp's about page does not contain any links to the EULA, Returns and Cancellation Policy, or the Privacy Policy.\n","ACR-161":"The app's landing page shows testimonials that cannot be verified.\n","ACR-099":"App's about page does not display any links to uninstall information.\nThe app's internal offers page does not display links to uninstall information.\n"},"samples":[{"isRevoked":"False","fileName":"MacBooster 7","fileVersion":"0.","hashMD5":"","hashSHA1":"","hashSHA256":"7a9e6ad63eb75209ee1a1bdeb12f04ab13d8d5e99ad83d12166b99d588e9070f","sourceIndex":"2922","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"MacBooster_7.dmg","isInstaller":"True","fileVersion":"0.","hashMD5":"","hashSHA1":"","hashSHA256":"8e52f3cb13ab1db61d551e780ab9c8b7bd7e1023e202a7232b36f92d3bb2bc35","sourceIndex":"2922","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.search","reference":"Google search \"speed up my mac\"","landingPage":"http://www.macbooster.net/","directDownloadingLink":"http://download.iobit.com/mac/MacBooster_7.dmg","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://download.iobit.com/mac/MacBooster_7.dmg","sourceIndex":"2922"}],"sampleFiles":["190805/MacBooster7-190415/7.2.4/Samples/MacBooster 7","190805/MacBooster7-190415/7.2.4/Samples/MacBooster_7.dmg"],"imageFiles":["190805/MacBooster7-190415/7.2.4/Images/ACR-004/MacBooster Activate Now.png","190805/MacBooster7-190415/7.2.4/Images/ACR-004/MacBooster Before Internal Offers.png","190805/MacBooster7-190415/7.2.4/Images/ACR-004/MacBooster Scan Results.png","190805/MacBooster7-190415/7.2.4/Images/ACR-004/MacBooster Internal Offers.png"],"nonDeceptorImageFiles":["190805/MacBooster7-190415/7.2.4/Images/ACR-065/MacBooster Install.png","190805/MacBooster7-190415/7.2.4/Images/ACR-065/MacBooster About Page.png","190805/MacBooster7-190415/7.2.4/Images/ACR-161/MacBooster User Review 1.png","190805/MacBooster7-190415/7.2.4/Images/ACR-099/MacBooster About Page.png","190805/MacBooster7-190415/7.2.4/Images/ACR-099/MacBooster Bottom of Internal Offers.png"],"guid":"f66879af-110a-42af-bd2e-0a770ed1d76d_7.2.4_1","appID":"MacBooster7-190415","dateAdded":"241024","deceptorType":"MacOS App","name":"MacBooster","company":"IOBit","version":"7.2.4","lastKnownStatus":"8.0.1;8.0.2;8.0.3;8.0.4;8.0.5;8.1.0;8.2.0","lastKnownDate":"241024","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2024-10-24T00:00:00+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":9,"sortOrder":454},{"violations":{"ACR-003":"The application makes unsubstantiated claims about system health by showing that the system has problems but requires the user to pay to fix the problems. The app exaggerates urgency using words like \"dangerous\" and the color \"red\".\n","ACR-004":"The app does not provide free fixes for the free scan results, requires customer to purchase the app, and exaggerates urgency using the color \"red\" and words like \"dangerous\".\n"},"nonDeceptorViolations":{"ACR-065":"The app's install does not show any links to the EULA, Returns and Cancellation Policy, or the Privacy Policy.\nApp's about page does not contain any links to the EULA, Returns and Cancellation Policy, or the Privacy Policy.\n","ACR-161":"The app's landing page shows endorsements that don't have links back to the original source and therefore cannot be verified.\n","ACR-099":"The app's internal offers page does not display links to uninstall information.\n"},"samples":[{"isRevoked":"False","fileName":"MacBooster_8.dmg","isInstaller":"True","fileVersion":"0.","hashMD5":"5f34dc1580f802194644bca996239c26","hashSHA1":"57a1625cc15ed64490d645d64f25be81507da9e0","hashSHA256":"cab7f2df46374d30129979b57e69048c5d2433e56349e07d2b0ee95c531f3db9","sourceIndex":"2572","avBlockList":["Avast Security for Mac (20220510)","Bitdefender Antivirus for Mac (20220510)","ESET Cyber Security Pro for Mac (20220510)","G DATA AntiVirus for Mac (20220510)","K7 Antivirus for Mac (20220510)","Kaspersky Internet Security for Mac (20220510)","McAfee Internet Security for Mac (20220510)","Norton Security for Mac (20220510)","Sophos Home Premium For Mac (20220510)","Trend Micro Antivirus for Mac (20220510)","Avira Security for Mac (20220510)"],"avAllowList":[]},{"isRevoked":"False","fileName":"MacBooster 8","fileVersion":"0.","hashMD5":"a20ab333beae5c2f8b9ebed4928f8834","hashSHA1":"cb3568c85f1c9a56f5b1a04491a0c1642c936fe3","hashSHA256":"bb421d5ff560bda446946c8c6ad99a14f6ad91beacd99f796ac32333872b65ed","sourceIndex":"2572","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.search","reference":"Google search \"speed up my mac\"","landingPage":"https://www.macbooster.net/","directDownloadingLink":"https://www.macbooster.net/downloadcenter.php","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.macbooster.net/downloadcenter.php","sourceIndex":"2572"}],"sampleFiles":["200128/MacBooster7-190415/8.0.1/Samples/MacBooster_8.dmg","200128/MacBooster7-190415/8.0.1/Samples/MacBooster 8"],"imageFiles":["200128/MacBooster7-190415/8.0.1/Images/ACR-003/MacBooster 8 ACR-003.png","200128/MacBooster7-190415/8.0.1/Images/ACR-004/MacBooster 8 ACR-004.gif"],"nonDeceptorImageFiles":["200128/MacBooster7-190415/8.0.1/Images/ACR-065/Screen Shot 2020-01-08 at 1.14.07 PM.png","200128/MacBooster7-190415/8.0.1/Images/ACR-065/Screen Shot 2020-01-24 at 2.39.03 PM.png","200128/MacBooster7-190415/8.0.1/Images/ACR-161/Screen Shot 2020-01-24 at 2.42.48 PM.png","200128/MacBooster7-190415/8.0.1/Images/ACR-161/Screen Shot 2020-01-24 at 2.43.06 PM.png","200128/MacBooster7-190415/8.0.1/Images/ACR-099/Screen Shot 2020-01-24 at 2.39.57 PM.png"],"guid":"f66879af-110a-42af-bd2e-0a770ed1d76d_8.0.1_1","appID":"MacBooster7-190415","dateAdded":"241024","deceptorType":"MacOS App","name":"MacBooster","company":"IOBit","version":"8.0.1","sigName":"Deceptor:MacOS/MacBooster!003004","lastKnownStatus":"8.0.1;8.0.2;8.0.3;8.0.4;8.0.5;8.1.0;8.2.0","lastKnownDate":"241024","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2024-10-24T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":9,"sortOrder":453},{"violations":{"ACR-003":"The application makes unsubstantiated claims about system health by showing that the system has problems but requires the user to pay to fix the problems. The app exaggerates urgency using words like \"dangerous\" and the color \"red\".\n","ACR-004":"The app does not provide free fixes for the free scan results, requires customer to purchase the app, and exaggerates urgency using the color \"red\" and words like \"dangerous\".\n","ACR-006":"The app does not disclose additional offers will be made on the phone number provided on the activation screen. The call center is not clearly attributed.\n"},"nonDeceptorViolations":{"ACR-045":"\"Free Download\" highlights \"Free\" misleads user. The functionality that requires consumer payment in order to be activated needs to be marked clearly in landing page. Otherwise app should remove \"free\" word.\n","ACR-065":"The app's install does not show any links to the EULA, Returns and Cancellation Policy, or the Privacy Policy. \nThe application does not show any links to the EULA, Returns and Cancellation Policy, or the Privacy Policy. \n","ACR-161":"The app's landing page shows endorsements that don't have links back to the original source and therefore cannot be verified.\n"},"samples":[{"isRevoked":"False","fileName":"MacBooster 8","fileVersion":"0.","hashMD5":"f35f206685b4d4a310f94e1e7f1e96cb","hashSHA1":"f65149a4f3e9a79b553d2466011125dc5bb83037","hashSHA256":"0b9bcb1a5c35c4f060d058b7e1543e28cde6d8495ce62ec7bd40a7f9a353ef73","sourceIndex":"2501","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"MacBooster_8.dmg","isInstaller":"True","fileVersion":"0.","hashMD5":"e88520a30a3f0decb7195e8028487464","hashSHA1":"e2efd9e2d72f3378b72a849837da873a29e8fdb3","hashSHA256":"8ab27552130ddb430f9f138085da07707a1cce1af3e099787d81a29fe51285c6","sourceIndex":"2501","avBlockList":["Avast Security for Mac (20221213)","Avira Security for Mac (20221213)","Bitdefender Antivirus for Mac (20221213)","ESET Cyber Security Pro for Mac (20221213)","G DATA AntiVirus for Mac (20221213)","Kaspersky Internet Security for Mac (20221213)","McAfee Internet Security for Mac (20221213)","Norton Security for Mac (20221213)","Sophos Home Premium For Mac (20221213)","Trend Micro Antivirus for Mac (20221213)"],"avAllowList":["K7 Antivirus for Mac (20221213)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.search","reference":"Google search \"apps to clean up macos\"","landingPage":"https://www.macbooster.net","directDownloadingLink":"http://download.iobit.com/mac/softonic/MacBooster_8.dmg","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://download.iobit.com/mac/softonic/MacBooster_8.dmg","sourceIndex":"2501"}],"sampleFiles":["200416/MacBooster7-190415/8.0.2/Samples/MacBooster 8","200416/MacBooster7-190415/8.0.2/Samples/MacBooster_8.dmg"],"imageFiles":["200416/MacBooster7-190415/8.0.2/Images/ACR-003/MacBooster 8_Scanning [2].png","200416/MacBooster7-190415/8.0.2/Images/ACR-004/MacBooster 8_Scanning [8].png","200416/MacBooster7-190415/8.0.2/Images/ACR-004/MacBooster 8_Scanning [1].png","200416/MacBooster7-190415/8.0.2/Images/ACR-004/MacBooster 8_LandingPageOffers [1].png","200416/MacBooster7-190415/8.0.2/Images/ACR-006/MacBooster 8_LandingPageOffers [2].png","200416/MacBooster7-190415/8.0.2/Images/ACR-006/MacBooster 8_Support [2].png"],"nonDeceptorImageFiles":["200416/MacBooster7-190415/8.0.2/Images/ACR-045/MacBooster 8_LandingPage [5].png","200416/MacBooster7-190415/8.0.2/Images/ACR-065/MacBooster 8_Installs [1].png","200416/MacBooster7-190415/8.0.2/Images/ACR-065/MacBooster 8_About [1].png","200416/MacBooster7-190415/8.0.2/Images/ACR-065/MacBooster 8_Scanning [2].png","200416/MacBooster7-190415/8.0.2/Images/ACR-161/MacBooster 8_Review [1].png","200416/MacBooster7-190415/8.0.2/Images/ACR-161/MacBooster 8_Review [2].png"],"guid":"f66879af-110a-42af-bd2e-0a770ed1d76d_8.0.2_1","appID":"MacBooster7-190415","dateAdded":"241024","deceptorType":"MacOS App","name":"MacBooster","company":"IOBit","version":"8.0.2","lastKnownStatus":"8.0.1;8.0.2;8.0.3;8.0.4;8.0.5;8.1.0;8.2.0","lastKnownDate":"241024","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2024-10-24T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":9,"sortOrder":452},{"violations":{"ACR-003":"The application makes unsubstantiated claims about system health by showing that the system has problems but requires the user to pay to fix the problems. The app exaggerates urgency using words like \"dangerous\" and the color \"red\".\n","ACR-004":"The app does not provide free fixes for the free scan results, requires customer to purchase the app, and exaggerates urgency using the color \"red\" and words like \"dangerous\".\n","ACR-006":"The app does not disclose additional offers will be made on the phone number provided on the activation screen. The call center is not clearly attributed.\n"},"nonDeceptorViolations":{"ACR-045":"\"Free Download\" highlights \"Free\" misleads user. The functionality that requires consumer payment in order to be activated needs to be marked clearly in landing page. Otherwise app should remove \"free\" word.\n","ACR-065":"The app's install does not show any links to the Returns and Cancellation Policy, or the Privacy Policy. \nThe application does not show any links to the EULA, Returns and Cancellation Policy, or the Privacy Policy. \n","ACR-161":"The app's landing page shows endorsements that don't have links back to the original source and therefore cannot be verified.\n"},"samples":[{"isRevoked":"False","fileName":"MacBooster8.pkg","isInstaller":"True","fileVersion":"0.","hashMD5":"ede3c0b60dd06e3edd592ce8ebbce70e","hashSHA1":"f1781e2b1d05500159fc65a81bcec518a7212bca","hashSHA256":"7f40b07400a660063a8b4bb647d3dc5e7bd240f16952967f39eaabd7e8d412d8","sourceIndex":"2401","avBlockList":["Avast Security for Mac (20230112)","Avira Security for Mac (20230112)","Bitdefender Antivirus for Mac (20230112)","ESET Cyber Security Pro for Mac (20230112)","G DATA AntiVirus for Mac (20230112)","K7 Antivirus for Mac (20230112)","Kaspersky Internet Security for Mac (20230112)","McAfee Internet Security for Mac (20230112)","Norton Security for Mac (20230112)","Sophos Home Premium For Mac (20230112)","Trend Micro Antivirus for Mac (20230112)"],"avAllowList":[]},{"isRevoked":"False","fileName":"MacBooster 8","fileVersion":"0.","hashMD5":"36895996c3269d6bba3bbb208f5a7eba","hashSHA1":"c88f26653cf63e0a7060c7d99ce402365e43a0a0","hashSHA256":"80774fea2fea3decf07b2fae0ac372d3e03e76f88a900907d2e6d6e9ac07b54f","sourceIndex":"2401","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"MacBooster8new.pkg","isInstaller":"True","fileVersion":"0.","hashMD5":"7d6d89eb72bbc01e34cea5ba5b2b5ed0","hashSHA1":"793967a9fc2fc6f20a98d9208db7f90c27e47e0b","hashSHA256":"3fd7214e26edf365ae8fd72ac67cc091927bcbcff9ee2b51d48f2ad5f1abf685","sourceIndex":"2401","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.search","reference":"Google search \"speed up my mac\"","landingPage":"http://www.macbooster.net/","directDownloadingLink":"https://www.macbooster.net//download.php?action=download&","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.macbooster.net//download.php?action=download&","sourceIndex":"2401"}],"sampleFiles":["200627/MacBooster7-190415/8.0.3/Samples/MacBooster8.pkg","200627/MacBooster7-190415/8.0.3/Samples/MacBooster 8","200627/MacBooster7-190415/8.0.3/Samples/MacBooster8new.pkg"],"imageFiles":["200627/MacBooster7-190415/8.0.3/Images/ACR-003/MacBooster 8_Scanning [9].png","200627/MacBooster7-190415/8.0.3/Images/ACR-003/MacBooster 8_Scanning [2].png","200627/MacBooster7-190415/8.0.3/Images/ACR-004/MacBooster 8_Scanning [1].png","200627/MacBooster7-190415/8.0.3/Images/ACR-004/MacBooster 8_Scanning [2].png","200627/MacBooster7-190415/8.0.3/Images/ACR-004/MacBooster 8_Scanning [3].png","200627/MacBooster7-190415/8.0.3/Images/ACR-004/MacBooster 8_Scanning [4] SystemJunk.png","200627/MacBooster7-190415/8.0.3/Images/ACR-004/MacBooster 8_Scanning [6] Virus&MalwareScan.png","200627/MacBooster7-190415/8.0.3/Images/ACR-006/MacBooster 8_OfferPage [2].png"],"nonDeceptorImageFiles":["200627/MacBooster7-190415/8.0.3/Images/ACR-045/MacBooster 8_LandingPage [1].png","200627/MacBooster7-190415/8.0.3/Images/ACR-065/MacBooster 8_Install [1].png","200627/MacBooster7-190415/8.0.3/Images/ACR-065/MacBooster 8_Install [2].png","200627/MacBooster7-190415/8.0.3/Images/ACR-065/MacBooster 8_Install [3].png","200627/MacBooster7-190415/8.0.3/Images/ACR-065/MacBooster 8_Install [4].png","200627/MacBooster7-190415/8.0.3/Images/ACR-065/MacBooster 8_Interaction [1].png","200627/MacBooster7-190415/8.0.3/Images/ACR-065/MacBooster_About.png","200627/MacBooster7-190415/8.0.3/Images/ACR-161/MacBooster 8_LandingPage[4].png"],"guid":"f66879af-110a-42af-bd2e-0a770ed1d76d_8.0.3_1","appID":"MacBooster7-190415","dateAdded":"241024","deceptorType":"MacOS App","name":"MacBooster","company":"IOBit","version":"8.0.3","sigName":"Deceptor:MacOS/MacBooster!003004006","lastKnownStatus":"8.0.1;8.0.2;8.0.3;8.0.4;8.0.5;8.1.0;8.2.0","lastKnownDate":"241024","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2024-10-24T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":9,"sortOrder":451},{"violations":{"ACR-003":"The application makes unsubstantiated claims about system health by showing that the system has problems but requires the user to pay to fix the problems. The app exaggerates urgency using words like \"dangerous\" and the color \"red\".\n","ACR-004":"The app does not provide free fixes for the free scan results, requires customer to purchase the app, and exaggerates urgency using the color \"red\" and words like \"dangerous\".\n","ACR-006":"The app does not disclose additional offers will be made on the phone number provided on the activation screen. The call center is not clearly attributed.\n"},"nonDeceptorViolations":{"ACR-045":"\"Free Download\" highlights \"Free\" misleads user. The functionality that requires consumer payment in order to be activated needs to be marked clearly in landing page. Otherwise app should remove \"free\" word.\n","ACR-065":"The app's install does not show any links to the Returns and Cancellation Policy, or the Privacy Policy. \nThe app does not show any links to the EULA, Returns and Cancellation Policy, or the Privacy Policy. \n","ACR-161":"The app's landing page shows endorsements that don't have links back to the original source and therefore cannot be verified.\n"},"samples":[{"isRevoked":"False","fileName":"MacBooster 8","fileVersion":"0.","hashMD5":"c13419e15ffe4c992f6a02c9b9312733","hashSHA1":"04d9422daa0339ca5eb0afde5e9c1efb41860bfd","hashSHA256":"7e550d9dfbb54634e7778bdc367478c3b4f65cd74fefbec6adc31825dba6783e","sourceIndex":"2392","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"MacBooster_8.pkg","isInstaller":"True","fileVersion":"0.","hashMD5":"7036abeec6c2a27c2264c505f9e20028","hashSHA1":"b56c2df1a49d9cdad5d523dbcc3a6b8f2d7f46bd","hashSHA256":"8b1f9dd21025a793a2b4a9d930793f93b2663e6d89c9c5a62c0d86cadb84dbce","sourceIndex":"2392","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.search","reference":"Google search \"macos booster\"","landingPage":"https://www.macbooster.net","directDownloadingLink":"http://download.iobit.com/mac/MacBooster_8.pkg","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://download.iobit.com/mac/MacBooster_8.pkg","sourceIndex":"2392"}],"sampleFiles":["200707/MacBooster7-190415/8.0.4/Samples/MacBooster 8","200707/MacBooster7-190415/8.0.4/Samples/MacBooster_8.pkg"],"imageFiles":["200707/MacBooster7-190415/8.0.4/Images/ACR-003/MacBooster 8_ScanResults [1].png","200707/MacBooster7-190415/8.0.4/Images/ACR-003/MacBooster 8_Register [2].png","200707/MacBooster7-190415/8.0.4/Images/ACR-004/MacBooster 8_Interaction [3].png","200707/MacBooster7-190415/8.0.4/Images/ACR-004/MacBooster 8_Interaction [4].png","200707/MacBooster7-190415/8.0.4/Images/ACR-004/MacBooster 8_Interaction [5].png","200707/MacBooster7-190415/8.0.4/Images/ACR-004/MacBooster 8_Interaction [6].png","200707/MacBooster7-190415/8.0.4/Images/ACR-004/MacBooster 8_Interaction [7].png","200707/MacBooster7-190415/8.0.4/Images/ACR-004/MacBooster 8_Register [1].png","200707/MacBooster7-190415/8.0.4/Images/ACR-004/MacBooster 8_Register [2].png","200707/MacBooster7-190415/8.0.4/Images/ACR-006/MacBooster 8_OfferPage [3].png"],"nonDeceptorImageFiles":["200707/MacBooster7-190415/8.0.4/Images/ACR-045/MacBooster 8_LandingPage [1].png","200707/MacBooster7-190415/8.0.4/Images/ACR-045/MacBooster 8_AfterUninstall [1].png","200707/MacBooster7-190415/8.0.4/Images/ACR-065/MacBooster 8_Install [1].png","200707/MacBooster7-190415/8.0.4/Images/ACR-065/MacBooster 8_Install [2].png","200707/MacBooster7-190415/8.0.4/Images/ACR-065/MacBooster 8_About [1].png","200707/MacBooster7-190415/8.0.4/Images/ACR-065/MacBooster 8_Interaction [1].png","200707/MacBooster7-190415/8.0.4/Images/ACR-161/MacBooster 8_LandingPage [2].png"],"guid":"f66879af-110a-42af-bd2e-0a770ed1d76d_8.0.4_1","appID":"MacBooster7-190415","dateAdded":"241024","deceptorType":"MacOS App","name":"MacBooster","company":"IOBit","version":"8.0.4","sigName":"Deceptor:MacOS/MacBooster!003004006","lastKnownStatus":"8.0.1;8.0.2;8.0.3;8.0.4;8.0.5;8.1.0;8.2.0","lastKnownDate":"241024","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,paid","lastUpdate":"2024-10-24T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":9,"sortOrder":450},{"violations":{"ACR-003":"The application makes unsubstantiated claims about system health by showing that the system has problems but requires the user to pay to fix the problems. The app exaggerates urgency using words like \"dangerous\" and the color \"red\".\n","ACR-004":"The app does not provide free fixes for the free scan results, requires customer to purchase the app, and exaggerates urgency using the color \"red\" and words like \"dangerous\".\n","ACR-006":"The app does not disclose additional offers will be made on the phone number provided on the activation screen. The call center is not clearly attributed.\n","ACR-084":"The application does not provide a way to disable the auto-launch of the app.\n"},"nonDeceptorViolations":{"ACR-045":"\"Free Download\" highlights \"Free\" misleads user. The functionality that requires consumer payment in order to be activated needs to be marked clearly in landing page. Otherwise app should remove \"free\" word.\n","ACR-065":"The app's install does not show any links to the Returns and Cancellation Policy, or the Privacy Policy. \nThe app does not show any links to the EULA, Returns and Cancellation Policy, or the Privacy Policy. \n","ACR-161":"The landing page shows endorsements that don't have links back to the original source and therefore cannot be verified. \nThe landing  page has testimonials that have no links back to a source so consumers can verify if they're real.\n\nThe offer page shows endorsements that don't have links back to the original source and therefore cannot be verified. \nThe offer  page has testimonials that have no links back to a source so consumers can verify if they're real.\n\n"},"samples":[{"isRevoked":"False","fileName":"MacBooster 8","fileVersion":"0.","hashMD5":"cd6edb825dcb6122bd4aaf6ea61b6242","hashSHA1":"fb4072182ce2bf8ef4e672b7c13b3214a30158fa","hashSHA256":"7fd8d982c8ecd88a074b4db77ee0e67129578acee85b70d0c3df0df82fb8a3db","sourceIndex":"1835","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"MacBooster_8.pkg","isInstaller":"True","fileVersion":"0.","hashMD5":"fa941f04673b5ace1f45fb98e73d6004","hashSHA1":"ac49c40b792e34d8c2e7509da90ea04a4c9364fb","hashSHA256":"561d1e545eb2f881224ee086389d16f13541cb2c6807c5f7538efd060ed2f6a3","sourceIndex":"1835","avBlockList":["Avast Security for Mac (20211012)","Avira Security for Mac (20211012)","Bitdefender Antivirus for Mac (20211012)","ESET Cyber Security Pro for Mac (20211012)","G DATA AntiVirus for Mac (20211012)","K7 Antivirus for Mac (20211012)","Kaspersky Internet Security for Mac (20211012)","McAfee Internet Security for Mac (20211012)","Norton Security for Mac (20211012)","Sophos Home Premium For Mac (20211012)","Trend Micro Antivirus for Mac (20211012)"],"avAllowList":[]},{"isRevoked":"False","fileName":"MacBooster 8_","fileVersion":"0.","hashMD5":"3d7f981b8dd8ed71ce17e9925d65135b","hashSHA1":"966ea1c895020b714b7ada567576748f449d8e05","hashSHA256":"dead6dc7a4ec15ea02bd4f66d851ede940457750a1373442aecc5c7d5df22470","sourceIndex":"1835","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"MacBooster_8_.pkg","isInstaller":"True","fileVersion":"0.","hashMD5":"328cb288de3f373650c7cd7f25c1a1cc","hashSHA1":"d6d90cae03fbc6151ca30b9458ff553afd4eff6f","hashSHA256":"1a61d7ce5657efd05cd1adaed30293c4fc6c1c1a2c210cfc7880dae7d7abf30e","sourceIndex":"1835","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"MacBooster 8 [2]","fileVersion":"0.","hashMD5":"05286a810cedb22f0142eede8f7d6e5a","hashSHA1":"9dc79b31d47963ffd6baaecc46dd4423b9038666","hashSHA256":"686b3cbd34fd405dd4be29a6cdb086c3f8de8eabd4bf4bbe56f69233ffd50300","sourceIndex":"1835","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"MacBooster8 [2].pkg","isInstaller":"True","fileVersion":"0.","hashMD5":"e70394778ead4ee5bce0be4725204fd8","hashSHA1":"540ca91ee2b1547d9a1283ece036872a4cb16b1a","hashSHA256":"4a995c9f934b93e09cc7fff85585a357295e4f94516feb91f44fbf2d9e1e6e44","sourceIndex":"1835","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.search","reference":"Google search \"speed up my mac\"","landingPage":"http://www.macbooster.net/","directDownloadingLink":"http://download.iobit.com/mac/MacBooster_8.pkg","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://download.iobit.com/mac/MacBooster_8.pkg","sourceIndex":"1835"}],"sampleFiles":["210728/MacBooster7-190415/8.0.5/Samples/MacBooster 8","210728/MacBooster7-190415/8.0.5/Samples/MacBooster_8.pkg","210728/MacBooster7-190415/8.0.5/Samples/MacBooster 8_","210728/MacBooster7-190415/8.0.5/Samples/MacBooster_8_.pkg","210728/MacBooster7-190415/8.0.5/Samples/MacBooster 8 [2]","210728/MacBooster7-190415/8.0.5/Samples/MacBooster8 [2].pkg"],"imageFiles":["210728/MacBooster7-190415/8.0.5/Images/ACR-003/MacBooster_Interactions [3].png","210728/MacBooster7-190415/8.0.5/Images/ACR-003/MacBooster_Interactions [6] ScanResults.png","210728/MacBooster7-190415/8.0.5/Images/ACR-004/MacBooster_Interactions [3].png","210728/MacBooster7-190415/8.0.5/Images/ACR-004/MacBooster_Interactions [4] VirusScan .png","210728/MacBooster7-190415/8.0.5/Images/ACR-004/MacBooster_Interactions [6] ScanResults.png","210728/MacBooster7-190415/8.0.5/Images/ACR-004/MacBooster_OfferPage [4].png","210728/MacBooster7-190415/8.0.5/Images/ACR-004/MacBooster_OfferPage [6].png","210728/MacBooster7-190415/8.0.5/Images/ACR-084/MacBooster_AutoLaunch [1].png","210728/MacBooster7-190415/8.0.5/Images/ACR-084/MacBooster_Interactions [7] Settings.png","210728/MacBooster7-190415/8.0.5/Images/ACR-006/MacBooster_OfferPage [4].png"],"nonDeceptorImageFiles":["210728/MacBooster7-190415/8.0.5/Images/ACR-045/MacBooster_LandingPage [1].png","210728/MacBooster7-190415/8.0.5/Images/ACR-065/MacBooster_Installs [1].png","210728/MacBooster7-190415/8.0.5/Images/ACR-065/MacBooster_Installs [2].png","210728/MacBooster7-190415/8.0.5/Images/ACR-065/MacBooster_Installs [3].png","210728/MacBooster7-190415/8.0.5/Images/ACR-065/MacBooster_About [1].png","210728/MacBooster7-190415/8.0.5/Images/ACR-161/MacBooster_LandingPage [2] MediaReview.png","210728/MacBooster7-190415/8.0.5/Images/ACR-161/MacBooster_LandingPage [3] UserReview.png","210728/MacBooster7-190415/8.0.5/Images/ACR-161/MacBooster_OfferPage [2] MediaReview.png","210728/MacBooster7-190415/8.0.5/Images/ACR-161/MacBooster_OfferPage [3] UserReview.png"],"guid":"f66879af-110a-42af-bd2e-0a770ed1d76d_8.0.5_1","appID":"MacBooster7-190415","dateAdded":"241024","deceptorType":"MacOS App","name":"MacBooster","company":"IOBit","version":"8.0.5","lastKnownStatus":"8.0.1;8.0.2;8.0.3;8.0.4;8.0.5;8.1.0;8.2.0","lastKnownDate":"241024","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,paid","lastUpdate":"2024-10-24T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":9,"sortOrder":449},{"violations":{"ACR-042":"The app installs iTOP VPN app without any explicit user action.\n","ACR-003":"The application makes unsubstantiated claims about system health by showing that the system has problems but requires the user to pay to fix the problems. The app exaggerates urgency using words like \"dangerous\" and the color \"red\".\n","ACR-004":"The app does not provide free fixes for the free scan results, requires customer to purchase the app, and exaggerates urgency using the color \"red\" and words like \"dangerous\".\n","ACR-084":"The application does not provide a way to disable the auto-launch of the app.\nThe app does not list its own software in the \"Uninstaller\" category\n"},"nonDeceptorViolations":{"ACR-045":"\"Free Download\" highlights \"Free\" misleads user. The functionality that requires consumer payment in order to be activated needs to be marked clearly in landing page. Otherwise app should remove \"free\" word.\n","ACR-065":"The app's install does not show any links to the Returns and Cancellation Policy, or the Privacy Policy. \nThe app does not show any links to the EULA, Returns and Cancellation Policy, or the Privacy Policy. \n","ACR-161":"The landing page shows endorsements that don't have links back to the original source and therefore cannot be verified. \nThe landing  page has testimonials that have no links back to a source so consumers can verify if they're real.\n\nThe offer page shows endorsements that don't have links back to the original source and therefore cannot be verified. \nThe offer  page has testimonials that have no links back to a source so consumers can verify if they're real.\n\n"},"samples":[{"isRevoked":"False","fileName":"MacBooster 8","fileVersion":"0.","hashMD5":"21206011e93e010dda44f8d416315c50","hashSHA1":"d0d70c2b4ac3864b53c5299a0b9020826fd0d925","hashSHA256":"ec63a0d9f021dfc6696d34907d8d744d582c275117fefdb4166bb495574cabf4","sourceIndex":"1786","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"MacBooster_8.pkg","isInstaller":"True","fileVersion":"0.","hashMD5":"bc3d181807f28fb45411de68037e64cf","hashSHA1":"5d57b3782732e614a936256fcfa1d48618da923c","hashSHA256":"e584a19cb48fc1e5ce8451cd7ee4d0c65b8d6b77ba918ecc11015249dcfcf69f","sourceIndex":"1786","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.search","reference":"","landingPage":"http://www.macbooster.net/","directDownloadingLink":"https://download.iobit.com/mac/MacBooster_8.pkg","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://download.iobit.com/mac/MacBooster_8.pkg","sourceIndex":"1786"}],"sampleFiles":["211118/MacBooster7-190415/8.1.0/Samples/MacBooster 8","211118/MacBooster7-190415/8.1.0/Samples/MacBooster_8.pkg"],"imageFiles":["211118/MacBooster7-190415/8.1.0/Images/ACR-042/iTOP VPN [1].png","211118/MacBooster7-190415/8.1.0/Images/ACR-042/iTOP VPN [2].png","211118/MacBooster7-190415/8.1.0/Images/ACR-003/MacBooster 8_Interactions [2].png","211118/MacBooster7-190415/8.1.0/Images/ACR-003/MacBooster 8_Interactions [3].png","211118/MacBooster7-190415/8.1.0/Images/ACR-004/MacBooster_Interactions [3].png","211118/MacBooster7-190415/8.1.0/Images/ACR-004/MacBooster_Interactions [4] VirusScan .png","211118/MacBooster7-190415/8.1.0/Images/ACR-004/MacBooster_Interactions [6] ScanResults.png","211118/MacBooster7-190415/8.1.0/Images/ACR-004/MacBooster_OfferPage [4].png","211118/MacBooster7-190415/8.1.0/Images/ACR-004/MacBooster_OfferPage [6].png","211118/MacBooster7-190415/8.1.0/Images/ACR-084/MacBooster 8_AutoLaunch [1].png","211118/MacBooster7-190415/8.1.0/Images/ACR-084/MacBooster 8_Interactions [5].png","211118/MacBooster7-190415/8.1.0/Images/ACR-084/MacBooster 8_Interactions [4].png"],"nonDeceptorImageFiles":["211118/MacBooster7-190415/8.1.0/Images/ACR-045/MacBooster 8_LandingPage [2].png","211118/MacBooster7-190415/8.1.0/Images/ACR-065/MacBooster 8_Install [1].png","211118/MacBooster7-190415/8.1.0/Images/ACR-065/MacBooster 8_Install [2].png","211118/MacBooster7-190415/8.1.0/Images/ACR-065/MacBooster 8_Install [3].png","211118/MacBooster7-190415/8.1.0/Images/ACR-065/MacBooster 8_Install [4].png","211118/MacBooster7-190415/8.1.0/Images/ACR-065/MacBooster 8_About [1].png","211118/MacBooster7-190415/8.1.0/Images/ACR-161/MacBooster 8_LandingPage [3].png","211118/MacBooster7-190415/8.1.0/Images/ACR-161/MacBooster 8_LandingPage [4].png","211118/MacBooster7-190415/8.1.0/Images/ACR-161/MacBooster 8_LandingPage [3].png","211118/MacBooster7-190415/8.1.0/Images/ACR-161/MacBooster 8_LandingPage [4].png"],"guid":"f66879af-110a-42af-bd2e-0a770ed1d76d_8.1.0_1","appID":"MacBooster7-190415","dateAdded":"241024","deceptorType":"MacOS App","name":"MacBooster","company":"IOBit","version":"8.1.0","lastKnownStatus":"8.0.1;8.0.2;8.0.3;8.0.4;8.0.5;8.1.0;8.2.0","lastKnownDate":"241024","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,paid","lastUpdate":"2024-10-24T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":9,"sortOrder":448},{"violations":{"ACR-042":"The app installs iTOP VPN app without any explicit user action.\n","ACR-003":"The application makes unsubstantiated claims about system health by showing that the system has problems but requires the user to pay to fix the problems. The app exaggerates urgency using words like \"dangerous\" and the color \"red\".\n","ACR-004":"The app does not provide free fixes for the free scan results, requires customer to purchase the app, and exaggerates urgency using the color \"red\" and words like \"dangerous\".\n","ACR-084":"The app does not list its own software in the \"Uninstaller\" category\n"},"nonDeceptorViolations":{"ACR-045":"\"Free Download\" highlights \"Free\" misleads user. The functionality that requires consumer payment to be activated needs to be marked clearly in landing page. Otherwise, app should remove \"free\" word.\n","ACR-065":"The app's install does not show any links to the Returns and Cancellation Policy, or the Privacy Policy. \nThe app does not show any links to the EULA or Terms of Service, Returns and Cancellation Policy, or the Privacy Policy. \n","ACR-161":"The landing page shows endorsements that don't have links back to the original source and therefore cannot be verified. \nThe landing  page has testimonials that have no links back to a source so consumers can verify if they're real.\n\nThe offer page shows endorsements that don't have links back to the original source and therefore cannot be verified. \nThe offer  page has testimonials that have no links back to a source so consumers can verify if they're real.\n\n"},"samples":[{"isRevoked":"False","fileName":"MacBooster 8","fileVersion":"0.","hashMD5":"ba9e5bce0597ea574da43b93b40f43f2","hashSHA1":"e3428af773c1ed50b60ec5ad8afef3ac08658210","hashSHA256":"5d793686a253cc0ec8431f60c90d6aeb3d112cf21561e82bfa7d5f84c7e8d200","sourceIndex":"458","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"MacBooster_8.pkg","isInstaller":"True","fileVersion":"0.","hashMD5":"b5b1c8e4625b3a4dbca0fb8052a5c0e1","hashSHA1":"091dabffc4e4a410d4f84a64f04ee8e18f696b3c","hashSHA256":"4c4f18311df96a0de24ab7c52e86f08131d6fd76501d35d58253df39c1a12b45","sourceIndex":"458","avBlockList":["Avast Security for Mac (20241112)","Avira Security for Mac (20241112)","Bitdefender Antivirus for Mac (20241112)","ESET Cyber Security Pro for Mac (20241112)","G DATA AntiVirus for Mac (20241112)","Kaspersky Internet Security for Mac (20241112)","McAfee Internet Security for Mac (20241112)","Norton Security for Mac (20241112)","Sophos Home Premium For Mac (20241112)","Trend Micro Antivirus for Mac (20241112)","SpyHunterforMac (20241112)"],"avAllowList":["K7 Antivirus for Mac (20241112)"]},{"isRevoked":"False","fileName":"MacBooster_8[2].pkg","isInstaller":"True","fileVersion":"0.","hashMD5":"14d47cce419b10162a3570f0513316c7","hashSHA1":"d2cb927d4794b77de4535c1eed16db2d2bdb3254","hashSHA256":"be84c1ae9beb052a28a3562776278d2ce026f009f4a0e7ffe978949ade1f4a39","sourceIndex":"458","avBlockList":["Avast Security for Mac (20241210)","Avira Security for Mac (20241210)","Bitdefender Antivirus for Mac (20241210)","ESET Cyber Security Pro for Mac (20241210)","G DATA AntiVirus for Mac (20241210)","Kaspersky Internet Security for Mac (20241210)","McAfee Internet Security for Mac (20241210)","Norton Security for Mac (20241210)","Sophos Home Premium For Mac (20241210)","SpyHunterforMac (20241210)","Trend Micro Antivirus for Mac (20241210)"],"avAllowList":["K7 Antivirus for Mac (20241210)"]},{"isRevoked":"False","fileName":"MacBooster 8[2]","fileVersion":"0.","hashMD5":"7e8c06f74542d818561b3d3a7186db7b","hashSHA1":"de53c391630a7edc2bc8d5f8937a308a60c5744d","hashSHA256":"6844a9501e0edee297c39bad060e74b1033f33965aad92fa4345569239e53a6d","sourceIndex":"458","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"MacBooster%208%5B3%5D","fileVersion":"0.","hashMD5":"3adb8a8c8c2fe5e59b50cf98b709afde","hashSHA1":"213364e9e0a42323c0c62618dba434f726eca823","hashSHA256":"03630495a6c426a98ef15174ecc593f5485284b3a943751bbafd5341d36ef826","sourceIndex":"458","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"MacBooster_8%5B3%5D.pkg","isInstaller":"True","fileVersion":"0.","hashMD5":"5df8540b9d1c65ab3a35b60de1ba4e67","hashSHA1":"5c40cfef2e919189acf2fc3351a856f64229bd66","hashSHA256":"d56f3c7057cd8ee73018cbfce974cee40b97446c3e103be5713eb4a42a591570","sourceIndex":"458","avBlockList":["Avast Security for Mac (20250114)","Avira Security for Mac (20250114)","Bitdefender Antivirus for Mac (20250114)","ESET Cyber Security Pro for Mac (20250114)","G DATA AntiVirus for Mac (20250114)","K7 Antivirus for Mac (20250114)","Kaspersky Internet Security for Mac (20250114)","McAfee Internet Security for Mac (20250114)","Norton Security for Mac (20250114)","Sophos Home Premium For Mac (20250114)","SpyHunterforMac (20250114)","Trend Micro Antivirus for Mac (20250114)"],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.search","reference":"","landingPage":"https://www.macbooster.net","directDownloadingLink":"https://download.iobit.com/mac/MacBooster_8.pkg","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://download.iobit.com/mac/MacBooster_8.pkg","sourceIndex":"458"}],"sampleFiles":["241024/MacBooster7-190415/8.2.0/Samples/MacBooster 8","241024/MacBooster7-190415/8.2.0/Samples/MacBooster_8.pkg","241024/MacBooster7-190415/8.2.0/Samples/MacBooster_8[2].pkg","241024/MacBooster7-190415/8.2.0/Samples/MacBooster 8[2]","241024/MacBooster7-190415/8.2.0/Samples/MacBooster%208%5B3%5D","241024/MacBooster7-190415/8.2.0/Samples/MacBooster_8%5B3%5D.pkg"],"imageFiles":["241024/MacBooster7-190415/8.2.0/Images/ACR-042/MacBooster 8_iTOP [1].png","241024/MacBooster7-190415/8.2.0/Images/ACR-003/MacBooster 8_Interactions [3].png","241024/MacBooster7-190415/8.2.0/Images/ACR-003/MacBooster 8_Interactions [4].png","241024/MacBooster7-190415/8.2.0/Images/ACR-004/MacBooster 8_Interactions [3].png","241024/MacBooster7-190415/8.2.0/Images/ACR-004/MacBooster 8_Interactions [4].png","241024/MacBooster7-190415/8.2.0/Images/ACR-084/MacBooster 8_Interactions [5].png"],"nonDeceptorImageFiles":["241024/MacBooster7-190415/8.2.0/Images/ACR-045/MacBooster 8_LandingPage [2].png","241024/MacBooster7-190415/8.2.0/Images/ACR-045/MacBooster 8_LandingPage [3].png","241024/MacBooster7-190415/8.2.0/Images/ACR-065/MacBooster 8_Install [1].png","241024/MacBooster7-190415/8.2.0/Images/ACR-065/MacBooster 8_Install [2].png","241024/MacBooster7-190415/8.2.0/Images/ACR-065/MacBooster 8_Install [3].png","241024/MacBooster7-190415/8.2.0/Images/ACR-065/MacBooster 8_Install [5].png","241024/MacBooster7-190415/8.2.0/Images/ACR-065/MacBooster 8_About [1].png","241024/MacBooster7-190415/8.2.0/Images/ACR-161/MacBooster 8_LandingPage [1].png","241024/MacBooster7-190415/8.2.0/Images/ACR-161/MacBooster 8_OfferPage [1].png"],"guid":"f66879af-110a-42af-bd2e-0a770ed1d76d_8.2.0_1","appID":"MacBooster7-190415","dateAdded":"241024","deceptorType":"MacOS App","name":"MacBooster","company":"IOBit","version":"8.2.0","lastKnownStatus":"8.0.1;8.0.2;8.0.3;8.0.4;8.0.5;8.1.0;8.2.0","lastKnownDate":"241024","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,paid","lastUpdate":"2026-05-12T22:59:47.8976648+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":9,"sortOrder":447},{"violations":{"ACR-109":"The app downloads \"spt_setup.exe\", a RelevantKnowledge file without the consumer's consent.\n","ACR-047":"When the reboot is attempted after installation, it displays a prompt to the user with an \"Update recommended\" message. This installs the same version of the app and re-runs the install and the offers that the consumer has previously declined.\n","ACR-048":"The \"Decline\" button does not have any control but still drops a RelevantKnowledge file “spt_setup.exe”.\nThe app does not provide control to remove the startup item that it created\n","ACR-010":"The app bundler distributes deceptor application. The offer in this bundler, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control.\nThe app shows the \"https://www.freeaudiovideosoft.com/\" link on the app's about page where all the apps that are listed under the website contain deceptive behavior.\n","ACR-083":"The app attempts to present the offer repeatedly via its update and startup.\n","ACR-084":"The app creates a startup entry without the consumer's knowledge and consent.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains many of its components along with a \"curl-ca-bundle.crt\" on the device without the consumer's consent or notifying the user.\n","ACR-122":"The app displays a notification stating \"Update recommended\" which downloads the app and asks the user to install it by displaying the install prompt. This scenario is observed after uninstall and reboot.\n","ACR-057":"The app bundles the \"Relevant Knowledge\" offer which does not allow the consumer to decline the offer.\n","ACR-071":"The \"Relevant Knowledge\" offer cannot be declined independently as the installation is unable to proceed when attempting to decline the offer. Thus it forces the user to, only accept the offer and proceed with the installation.\n","ACR-075":"When the reboot is attempted after installation, it displays a prompt to the user with an \"Update Recommended\" message. This installs the same version of the app and re-runs the install and the offers that the consumer has previously declined.\n","ACR-014":"When the reboot is attempted after installation, it displays a prompt that misleads users that they need to install an update while actually, it tries to install the pre-declined component by the user during the install.\n","ACR-059":"The Offer is not clearly marked as an offer. It is unclear who is recommending the offer.\n","ACR-155":"Offers are designed to look like part of the install workflow.\n"},"nonDeceptorViolations":{"ACR-106":"App offers deceptive application 'Relevant Knowledge market survey'.\n","ACR-092":"The app does not have a digital signature for its main executable \"AllFreePDFConverter.exe\".\n","ACR-123":"The app does not remove its startup item after uninstall even after reboot.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\All Free PDF Converter\\AllFreePDFConverter.exe","companyName":"","productName":"","productVersion":"","fileVersion":"","hashMD5":"8416de38390c16a0e3989e14dec05b73","hashSHA1":"c27608fcd80e396f5360a4d4afdb39943638ccfe","hashSHA256":"5973aeda541b52f0357cbb0fbffd3f33fb4775c0d34081e1fb3570c17e5f58e7","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"494","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"AllFreePDFConverter.exe","isInstaller":"True","companyName":"AllFreeVideoSoft Co. Ltd.                                  ","productName":"All Free PDF Converter                                      ","productVersion":"                                                  ","fileVersion":"                    ","hashMD5":"6026ec42359ffd88affffdcc0be679ab","hashSHA1":"2ef0538ad85222bb6d3a23acf03f2048f5e4c25b","hashSHA256":"34246d019e7d3fa45d006d6acb9657cbf1ff56e5a3677412244c3b19f1426361","digitalCertThumbprint":"347240ECC751AB91D4BA3282DC67ACC9A36D1128","digitalCertIssuer":"COMODO RSA Extended Validation Code Signing CA","digitalCertIssuedTo":"Beijing Qingruan Creative Information Technology Co. Ltd.","storeId":"","sourceIndex":"494","avBlockList":["360 Total Security (20250109)","Avast Premium Security (20250109)","AVG Internet Security (20250109)","Avira Internet Security (20250109)","Bitdefender Internet Security (20250109)","COMODO Antivirus (20250109)","Dr.Web Security Space (20250109)","ESET Internet Security (20250109)","G DATA INTERNET SECURITY (20250109)","K7 Total Security (20250109)","Kaspersky Internet Security (20220616)","Malwarebytes Premium (20250109)","McAfee Total Protection (20250109)","Norton Security (20250109)","Panda Dome (20250109)","Quick Heal Internet Security (20250109)","Sophos Home Premium (20250109)","SpyHunter5 (20250109)","Total AV Antivirus Pro (20250109)","Trend Micro Internet Security (20250109)","VIPRE Advanced Security (20250109)","VirIT eXplorer PRO (20250109)","Webroot SecureAnywhere (20250109)","Windows Defender (20250109)","FortectPremium (20250109)","KasperskyPremium (20250109)"],"avAllowList":["Tencent PC Manager (20220616)"]},{"isRevoked":"False","fileName":"AllFreePDFConverter_241022.exe","isInstaller":"True","companyName":"AllFreeVideoSoft Co., Ltd.                                  ","fileVersion":"0.0","hashMD5":"f0a554b79dcdf35be559b1991d8cfa22","hashSHA1":"b9e80e17075c0029d26f31bd6416784ef507f59b","hashSHA256":"269981b0a0fdf33aa10482fb2cc685c1278cf440f37e17e33b1c0d6754fa52f6","sourceIndex":"494","avBlockList":["360 Total Security (20250116)","Avast Premium Security (20250116)","AVG Internet Security (20250116)","Avira Internet Security (20250116)","Bitdefender Internet Security (20250116)","COMODO Antivirus (20250116)","Dr.Web Security Space (20250116)","ESET Internet Security (20250116)","FortectPremium (20250116)","G DATA INTERNET SECURITY (20250116)","K7 Total Security (20250116)","KasperskyPremium (20250116)","Malwarebytes Premium (20250116)","McAfee Total Protection (20250116)","Norton Security (20250116)","Panda Dome (20250116)","Quick Heal Internet Security (20250116)","Sophos Home Premium (20250116)","SpyHunter5 (20250116)","Total AV Antivirus Pro (20250116)","Trend Micro Internet Security (20250116)","VIPRE Advanced Security (20250116)","VirIT eXplorer PRO (20250116)","Webroot SecureAnywhere (20250116)","Windows Defender (20250116)"],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Relevant Knowledge apps","reference":"","landingPage":"https://www.allfreevideoconverter.com/freepdfconverter/index.html","directDownloadingLink":"https://www.allfreevideoconverter.com/download/AllFreePDFConverter.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.allfreevideoconverter.com/download/AllFreePDFConverter.exe","sourceIndex":"494"}],"sampleFiles":["241024/allfreepdfconverter-220609/8.8.1/Samples/AllFreePDFConverter.exe","241024/allfreepdfconverter-220609/8.8.1/Samples/AllFreePDFConverter_241022.exe"],"imageFiles":["241024/allfreepdfconverter-220609/8.8.1/Images/ACR-109/ACR-109_1.JPG","241024/allfreepdfconverter-220609/8.8.1/Images/ACR-047/ACR-047_1.mp4","241024/allfreepdfconverter-220609/8.8.1/Images/ACR-048/ACR-048_Install_1.JPG","241024/allfreepdfconverter-220609/8.8.1/Images/ACR-010/ACR-010_Installed_Bundles_Deceptive_App.JPG","241024/allfreepdfconverter-220609/8.8.1/Images/ACR-083/ACR-083.mp4","241024/allfreepdfconverter-220609/8.8.1/Images/ACR-083/ACR-083_2.JPG","241024/allfreepdfconverter-220609/8.8.1/Images/ACR-084/ACR-084_1.JPG","241024/allfreepdfconverter-220609/8.8.1/Images/ACR-048/ACR-048_Software_1.JPG","241024/allfreepdfconverter-220609/8.8.1/Images/ACR-048/ACR-048_Software_2.JPG","241024/allfreepdfconverter-220609/8.8.1/Images/ACR-010/ACR-010_1.JPG","241024/allfreepdfconverter-220609/8.8.1/Images/ACR-010/ACR-010_2.JPG","241024/allfreepdfconverter-220609/8.8.1/Images/ACR-014/ACR-014.mp4","241024/allfreepdfconverter-220609/8.8.1/Images/ACR-118/ACR-118_1.JPG","241024/allfreepdfconverter-220609/8.8.1/Images/ACR-118/ACR-118_2.JPG","241024/allfreepdfconverter-220609/8.8.1/Images/ACR-118/ACR-118_3.JPG","241024/allfreepdfconverter-220609/8.8.1/Images/ACR-122/ACR-122_1.JPG","241024/allfreepdfconverter-220609/8.8.1/Images/ACR-075/ACR-075-1.mp4","241024/allfreepdfconverter-220609/8.8.1/Images/ACR-057/ACR-057_1.JPG","241024/allfreepdfconverter-220609/8.8.1/Images/ACR-059/ACR-059_1.JPG","241024/allfreepdfconverter-220609/8.8.1/Images/ACR-071/ACR-071_1.JPG","241024/allfreepdfconverter-220609/8.8.1/Images/ACR-155/ACR-155_1.JPG"],"nonDeceptorImageFiles":["241024/allfreepdfconverter-220609/8.8.1/Images/ACR-106/ACR-106.JPG","241024/allfreepdfconverter-220609/8.8.1/Images/ACR-092/ACR-092_1.JPG","241024/allfreepdfconverter-220609/8.8.1/Images/ACR-123/ACR-123_1.JPG"],"guid":"c3f36250-15db-49cd-80e7-dd4069b1433b_8.8.1_1","appID":"allfreepdfconverter-220609","dateAdded":"241024","deceptorType":"App","name":"All Free PDF Converter","company":"AllFreeVideoSoft Co., Ltd.","version":"8.8.1","lastKnownStatus":"8.8.1","lastKnownDate":"241024","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2024-10-24T09:04:06.7608698+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":463},{"violations":{"ACR-109":"The app downloads \"spt_setup.exe\", a RelevantKnowledge file without the consumer's consent.\n","ACR-047":"When the reboot is attempted after installation, it displays a prompt to the user with an \"Update recommended\" message. This installs the same version of the app and re-runs the install and the offers that the consumer has previously declined.\n","ACR-048":"The \"Decline\" button does not have any control but still drops a RelevantKnowledge file “spt_setup.exe”. \nThe app does not provide an option to close the update prompt and cancel the startup of its own.\n","ACR-010":"The app bundler distributes the deceptor application. The offer in this bundler, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control.\nThe app shows the \"https://www.freeaudiovideosoft.com/\" link under the website option in the app's about page where all the apps that are listed under the website contain deceptive behavior. \n","ACR-083":"The app attempts to present the offer repeatedly via its update and startup.\n","ACR-084":"The app creates a startup entry without the consumer's knowledge and consent. \n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components along with a \"curl-ca-bundle.crt\" on the device without the consumer's consent or notifying the user.\n","ACR-122":"The app displays a notification stating \"Update recommended\" which downloads the app and asks the user to install it by displaying the install prompt. This scenario is observed after uninstall and reboot.\n","ACR-057":"The app bundles the \"Relevant Knowledge\" offer which does not allow the consumer to decline the offer.\n","ACR-071":"The \"Relevant Knowledge\" offer cannot be declined independently as the installation is unable to proceed when attempting to decline the offer. Thus it forces the user to, only accept the offer and proceed with the installation.\n","ACR-075":"When the reboot is attempted after installation, it displays a prompt to the user with an \"Update Recommended\" message. This installs the same version of the app and re-runs the install and the offers that the consumer has previously declined.\n","ACR-014":"When the reboot is attempted after installation, it displays a prompt that misleads users that they need to install an update while actually, it tries to install the pre-declined component by the user during the install. \n\n","ACR-059":"The Offer is not clearly marked as an offer. It is unclear who is recommending the offer.\n","ACR-155":"Offers are designed to look like part of the install workflow.\n"},"nonDeceptorViolations":{"ACR-106":"App offers deceptive application 'Relevant Knowledge market survey'.\n","ACR-092":"The app does not have a digital signature for the main executable: \"AllFreeMP3Cutter.exe\"\n","ACR-123":"The app does not remove its startup item even after uninstall.\n"},"samples":[{"isRevoked":"False","fileName":"AllFreeMP3Cutter.exe","isInstaller":"True","companyName":"AllFreeVideoSoft Co., Ltd.                                  ","fileVersion":"0.0","hashMD5":"63b8a92cbce5e3aafd1e5b4c067f9077","hashSHA1":"d6c773c944da85511da4dcb1c3f49a7aec91d0d1","hashSHA256":"4be4be65bd196d985ed3dc46a8a509debddd5d05d067c5d0d9c33ccb003cffcd","digitalCertThumbprint":"347240ECC751AB91D4BA3282DC67ACC9A36D1128","digitalCertIssuer":"CN=COMODO RSA Extended Validation Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", O=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", STREET=\"Chaoyang North Road 199, MOMA Building 1901, Chaoyang District\", L=Beijing, PostalCode=100026, C=CN, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=CN, SERIALNUMBER=911101056717485703","sourceIndex":"495","avBlockList":["360 Total Security (20250109)","Avast Premium Security (20250109)","AVG Internet Security (20250109)","Avira Internet Security (20250109)","Bitdefender Internet Security (20250109)","COMODO Antivirus (20250109)","Dr.Web Security Space (20250109)","ESET Internet Security (20250109)","FortectPremium (20250109)","G DATA INTERNET SECURITY (20250109)","K7 Total Security (20250109)","KasperskyPremium (20250109)","Malwarebytes Premium (20250109)","McAfee Total Protection (20250109)","Norton Security (20250109)","Panda Dome (20250109)","Quick Heal Internet Security (20250109)","Sophos Home Premium (20250109)","SpyHunter5 (20250109)","Total AV Antivirus Pro (20250109)","Trend Micro Internet Security (20250109)","VIPRE Advanced Security (20250109)","VirIT eXplorer PRO (20250109)","Webroot SecureAnywhere (20250109)","Windows Defender (20250109)"],"avAllowList":[]},{"isRevoked":"False","fileName":"AllFreeMP3Cutter_Main.exe","fileVersion":"0.0","hashMD5":"5868a93c8a8ecbe263dd7d08b05902e9","hashSHA1":"ef6fc2bb86a89ab2374eb127830d4d910aae27f6","hashSHA256":"e0f53eb276ba26bb5d9834517dc345ea4b4229172ae26c190e1f61ffc377ee3d","sourceIndex":"495","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"AllFreeMP3Cutter_241022.exe","isInstaller":"True","companyName":"AllFreeVideoSoft Co., Ltd.                                  ","fileVersion":"0.0","hashMD5":"b70655e67cb4588b05c1312818f1cf18","hashSHA1":"543c78deb87ab99ff3696f236e4510be2e1d8682","hashSHA256":"a3d9866c8bbd585607258d59c2a863afbe96ce91a20c2f58f2cd6984a372bb40","sourceIndex":"495","avBlockList":["360 Total Security (20250121)","Avast Premium Security (20250121)","AVG Internet Security (20250121)","Avira Internet Security (20250121)","Bitdefender Internet Security (20250121)","COMODO Antivirus (20250121)","Dr.Web Security Space (20250121)","ESET Internet Security (20250121)","FortectPremium (20250121)","G DATA INTERNET SECURITY (20250121)","K7 Total Security (20250121)","KasperskyPremium (20250121)","Malwarebytes Premium (20250121)","McAfee Total Protection (20250121)","Norton Security (20250121)","Panda Dome (20250121)","Quick Heal Internet Security (20250121)","Sophos Home Premium (20250121)","SpyHunter5 (20250121)","Total AV Antivirus Pro (20250121)","Trend Micro Internet Security (20250121)","VIPRE Advanced Security (20250121)","VirIT eXplorer PRO (20250121)","Webroot SecureAnywhere (20250121)","Windows Defender (20250121)"],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on windows app","reference":"","landingPage":"https://www.allfreevideoconverter.com/freemp3cutter/index.html","directDownloadingLink":"https://www.allfreevideoconverter.com/download/AllFreeMP3Cutter.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.allfreevideoconverter.com/download/AllFreeMP3Cutter.exe","sourceIndex":"495"}],"sampleFiles":["241024/allfreemp3cutter-220609/8.8.1/Samples/AllFreeMP3Cutter.exe","241024/allfreemp3cutter-220609/8.8.1/Samples/AllFreeMP3Cutter_241022.exe"],"imageFiles":["241024/allfreemp3cutter-220609/8.8.1/Images/ACR-109/ACR-109_Install_Drops_Third_Party.JPG","241024/allfreemp3cutter-220609/8.8.1/Images/ACR-047/ACR-047_Install.JPG","241024/allfreemp3cutter-220609/8.8.1/Images/ACR-047/ACR-047_Install.mp4","241024/allfreemp3cutter-220609/8.8.1/Images/ACR-048/ACR-048_Install_No_Control_To_Decline.JPG","241024/allfreemp3cutter-220609/8.8.1/Images/ACR-010/ACR-010_Software_Bundles_Deceptor.JPG","241024/allfreemp3cutter-220609/8.8.1/Images/ACR-083/ACR-083_Software.JPG","241024/allfreemp3cutter-220609/8.8.1/Images/ACR-083/ACR-083_Software_1.JPG","241024/allfreemp3cutter-220609/8.8.1/Images/ACR-084/ACR-084_Software.JPG","241024/allfreemp3cutter-220609/8.8.1/Images/ACR-048/ACR-048_Software.JPG","241024/allfreemp3cutter-220609/8.8.1/Images/ACR-048/ACR-048_Software_1.JPG","241024/allfreemp3cutter-220609/8.8.1/Images/ACR-010/ACR-010_Software.mp4","241024/allfreemp3cutter-220609/8.8.1/Images/ACR-014/ACR-014_Software.JPG","241024/allfreemp3cutter-220609/8.8.1/Images/ACR-014/ACR-014_Sofware.mp4","241024/allfreemp3cutter-220609/8.8.1/Images/ACR-118/ACR-118_Uninstall.JPG","241024/allfreemp3cutter-220609/8.8.1/Images/ACR-118/ACR-118_Uninstall_1.JPG","241024/allfreemp3cutter-220609/8.8.1/Images/ACR-122/ACR-122_Uninstall.JPG","241024/allfreemp3cutter-220609/8.8.1/Images/ACR-075/ACR-075_Bundler-MadeOffers.JPG","241024/allfreemp3cutter-220609/8.8.1/Images/ACR-075/ACR-075_Bundler-MadeOffers.mp4","241024/allfreemp3cutter-220609/8.8.1/Images/ACR-057/ACR-057_Bundler-MadeOffers.JPG","241024/allfreemp3cutter-220609/8.8.1/Images/ACR-059/ACR-059_Bundler-MadeOffers.JPG","241024/allfreemp3cutter-220609/8.8.1/Images/ACR-071/ACR-071_Bundler-MadeOffers.JPG","241024/allfreemp3cutter-220609/8.8.1/Images/ACR-155/ACR-155_Bundler-MadeOffers.JPG"],"nonDeceptorImageFiles":["241024/allfreemp3cutter-220609/8.8.1/Images/ACR-106/ACR-106_Software_Bundles_Deceptor.JPG","241024/allfreemp3cutter-220609/8.8.1/Images/ACR-092/ACR-092_Software.JPG","241024/allfreemp3cutter-220609/8.8.1/Images/ACR-123/ACR-123_Uninstall.JPG"],"guid":"70473ab8-9fb7-4b1e-b95d-07313ed3c482_8.8.1_1","appID":"allfreemp3cutter-220609","dateAdded":"241024","deceptorType":"App","name":"All Free MP3 Cutter","company":"AllFreeVideoSoft Co., Ltd.","version":"8.8.1","lastKnownStatus":"8.8.1","lastKnownDate":"241024","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2024-10-24T09:02:40.9000146+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":464},{"violations":{"ACR-109":"The app downloads \"spt_setup.exe\", a RelevantKnowledge file without the consumer's consent.\n","ACR-047":"When the reboot is attempted after installation, it displays a prompt to the user with an \"Update recommended\" message. This installs the same version of the app and re-runs the install and the offers that the consumer has previously declined.\n","ACR-048":"The \"Decline\" button does not have any control but still drops a RelevantKnowledge file “spt_setup.exe”.\nThe app does not provide control to remove the startup item that it created.\n","ACR-010":"The app bundler distributes deceptor application. The offer in this bundler, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control.\nThe app shows the \"https://www.freeaudiovideosoft.com/\" link on the app's about page where all the apps that are listed under the website contain deceptive behavior.\n","ACR-083":"The app attempts to present the offer repeatedly via its update and startup.\n","ACR-084":"The app creates a startup entry without the consumer's knowledge and consent.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains many of its components along with a \"curl-ca-bundle.crt\" on the device without the consumer's consent or notifying the user.\n","ACR-122":"The app displays a notification stating \"Update recommended\" which downloads the app and asks the user to install it by displaying the install prompt. This scenario is observed after uninstall and reboot.\n","ACR-057":"The app bundles the \"Relevant Knowledge\" offer which does not allow the consumer to decline the offer.\n","ACR-071":"The \"Relevant Knowledge\" offer cannot be declined independently as the installation is unable to proceed when attempting to decline the offer. Thus it forces the user to, only accept the offer and proceed with the installation.\n","ACR-075":"When the reboot is attempted after installation, it displays a prompt to the user with an \"Update Recommended\" message. This installs the same version of the app and re-runs the install and the offers that the consumer has previously declined.\n","ACR-014":"When the reboot is attempted after installation, it displays a prompt that misleads users that they need to install an update while actually, it tries to install the pre-declined component by the user during the install.\n","ACR-059":"The Offer is not clearly marked as an offer. It is unclear who is recommending the offer.\n","ACR-155":"Offers are designed to look like part of the install workflow.\n"},"nonDeceptorViolations":{"ACR-106":"App offers deceptive application 'Relevant Knowledge market survey'.\n","ACR-092":"The app does not have a digital signature for its main executable \"AllFreeJPGtoPDFConverter.exe\".\n","ACR-123":"The app does not remove its startup item after uninstall even after reboot.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\All Free JPG to PDF Converter\\AllFreeJPGtoPDFConverter.exe","companyName":"","productName":"","productVersion":"","fileVersion":"","hashMD5":"8416de38390c16a0e3989e14dec05b73","hashSHA1":"c27608fcd80e396f5360a4d4afdb39943638ccfe","hashSHA256":"5973aeda541b52f0357cbb0fbffd3f33fb4775c0d34081e1fb3570c17e5f58e7","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"492","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"AllFreeJPGtoPDFConverter.exe","isInstaller":"True","companyName":"AllFreeVideoSoft Co. Ltd.                                  ","productName":"All Free JPG to PDF Converter                               ","productVersion":"                                                  ","fileVersion":"                    ","hashMD5":"edcd7101f2540471b0727edea9dcd98b","hashSHA1":"59bdf6a84ae5f84f9463fc44ac7a06965f7de652","hashSHA256":"68b7574e0df6dfbd242e97a1c8242cdddb7bac7541f93d1b88063429d9d5fbfa","digitalCertThumbprint":"347240ECC751AB91D4BA3282DC67ACC9A36D1128","digitalCertIssuer":"COMODO RSA Extended Validation Code Signing CA","digitalCertIssuedTo":"Beijing Qingruan Creative Information Technology Co. Ltd.","storeId":"","sourceIndex":"492","avBlockList":["360 Total Security (20250121)","Avast Premium Security (20250121)","AVG Internet Security (20250121)","Avira Internet Security (20250121)","Bitdefender Internet Security (20250121)","COMODO Antivirus (20250121)","Dr.Web Security Space (20250121)","ESET Internet Security (20250121)","G DATA INTERNET SECURITY (20250121)","K7 Total Security (20250121)","Kaspersky Internet Security (20220616)","Malwarebytes Premium (20250121)","McAfee Total Protection (20250121)","Norton Security (20250121)","Panda Dome (20250121)","Quick Heal Internet Security (20250121)","Sophos Home Premium (20250121)","SpyHunter5 (20250121)","Total AV Antivirus Pro (20250121)","Trend Micro Internet Security (20250121)","VIPRE Advanced Security (20250121)","VirIT eXplorer PRO (20250121)","Webroot SecureAnywhere (20250121)","Windows Defender (20250121)","FortectPremium (20250121)","KasperskyPremium (20250121)"],"avAllowList":["Tencent PC Manager (20220616)"]},{"isRevoked":"False","fileName":"AllFreeJPGtoPDFConverter_241023.exe","isInstaller":"True","companyName":"AllFreeVideoSoft Co., Ltd.                                  ","fileVersion":"0.0","hashMD5":"a58a95a9046d3be0ed79355a11ef4549","hashSHA1":"b2d637170c1cd25f8ba0241100d14f807efc5bb9","hashSHA256":"33db466f1381c71df41f4deff4605a56056abcab081e6663d0a71499078883db","sourceIndex":"492","avBlockList":["360 Total Security (20250107)","Avast Premium Security (20250107)","AVG Internet Security (20250107)","Avira Internet Security (20250107)","Bitdefender Internet Security (20250107)","COMODO Antivirus (20250107)","Dr.Web Security Space (20250107)","ESET Internet Security (20250107)","FortectPremium (20250107)","G DATA INTERNET SECURITY (20250107)","K7 Total Security (20250107)","KasperskyPremium (20250107)","Malwarebytes Premium (20250107)","McAfee Total Protection (20250107)","Norton Security (20250107)","Panda Dome (20250107)","Quick Heal Internet Security (20250107)","Sophos Home Premium (20250107)","SpyHunter5 (20250107)","Total AV Antivirus Pro (20250107)","VIPRE Advanced Security (20250107)","VirIT eXplorer PRO (20250107)","Webroot SecureAnywhere (20250107)","Windows Defender (20250107)"],"avAllowList":["Trend Micro Internet Security (20250107)"]}],"additionalFiles":[],"sources":[{"howFound":"Relevant Knowledge related apps","reference":"","landingPage":"https://www.allfreevideoconverter.com/freejpgtopdfconverter/index.html","directDownloadingLink":"https://www.allfreevideoconverter.com/download/AllFreeJPGtoPDFConverter.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.allfreevideoconverter.com/download/AllFreeJPGtoPDFConverter.exe","sourceIndex":"492"}],"sampleFiles":["241024/allfreejpgtopdfconverter-220613/8.8.1/Samples/AllFreeJPGtoPDFConverter.exe","241024/allfreejpgtopdfconverter-220613/8.8.1/Samples/AllFreeJPGtoPDFConverter_241023.exe"],"imageFiles":["241024/allfreejpgtopdfconverter-220613/8.8.1/Images/ACR-109/ACR-109-1.JPG","241024/allfreejpgtopdfconverter-220613/8.8.1/Images/ACR-047/ACR-047_1.mp4","241024/allfreejpgtopdfconverter-220613/8.8.1/Images/ACR-048/ACR-048_1.JPG","241024/allfreejpgtopdfconverter-220613/8.8.1/Images/ACR-010/ACR-010_Install_Bundles_Deceptive_App.JPG","241024/allfreejpgtopdfconverter-220613/8.8.1/Images/ACR-083/ACR-083_1.JPG","241024/allfreejpgtopdfconverter-220613/8.8.1/Images/ACR-083/ACR-083_1.mp4","241024/allfreejpgtopdfconverter-220613/8.8.1/Images/ACR-084/ACR-084_1.JPG","241024/allfreejpgtopdfconverter-220613/8.8.1/Images/ACR-048/ACR-048_1.JPG","241024/allfreejpgtopdfconverter-220613/8.8.1/Images/ACR-048/ACR-048_2.JPG","241024/allfreejpgtopdfconverter-220613/8.8.1/Images/ACR-010/ACR-010_1.JPG","241024/allfreejpgtopdfconverter-220613/8.8.1/Images/ACR-010/ACR-010_2.JPG","241024/allfreejpgtopdfconverter-220613/8.8.1/Images/ACR-014/ACR-014_1.mp4","241024/allfreejpgtopdfconverter-220613/8.8.1/Images/ACR-118/ACR-118_1.JPG","241024/allfreejpgtopdfconverter-220613/8.8.1/Images/ACR-118/ACR-118_2.JPG","241024/allfreejpgtopdfconverter-220613/8.8.1/Images/ACR-118/ACR-118_3.JPG","241024/allfreejpgtopdfconverter-220613/8.8.1/Images/ACR-122/ACR-122_1.JPG","241024/allfreejpgtopdfconverter-220613/8.8.1/Images/ACR-075/ACR-075_1.mp4","241024/allfreejpgtopdfconverter-220613/8.8.1/Images/ACR-057/ACR-057_1.JPG","241024/allfreejpgtopdfconverter-220613/8.8.1/Images/ACR-059/ACR-059_1.JPG","241024/allfreejpgtopdfconverter-220613/8.8.1/Images/ACR-071/ACR-071_1.JPG","241024/allfreejpgtopdfconverter-220613/8.8.1/Images/ACR-155/ACR-155_1.JPG"],"nonDeceptorImageFiles":["241024/allfreejpgtopdfconverter-220613/8.8.1/Images/ACR-106/ACR-106_1.JPG","241024/allfreejpgtopdfconverter-220613/8.8.1/Images/ACR-092/ACR-092_1.JPG","241024/allfreejpgtopdfconverter-220613/8.8.1/Images/ACR-123/ACR-123_1.JPG"],"guid":"c5bc9d4b-8e9f-4eb1-b1eb-636103894349_8.8.1_1","appID":"allfreejpgtopdfconverter-220613","dateAdded":"241024","deceptorType":"App","name":"All Free JPG to PDF Converter","company":"AllFreeVideoSoft Co., Ltd.","version":"8.8.1","lastKnownStatus":"8.8.1","lastKnownDate":"241024","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2024-10-24T09:06:48.2705321+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":465},{"violations":{"ACR-109":"The app downloads \"spt_setup.exe\", a RelevantKnowledge file without the consumer's consent.\n","ACR-047":"When the reboot is attempted after installation, it displays a prompt to the user with an \"Update recommended\" message. This installs the same version of the app and re-runs the install and the offers that the consumer has previously declined.\n","ACR-048":"The \"Decline\" button does not have any control but still drops a RelevantKnowledge file “spt_setup.exe”. \nThe app does not provide an option to close the update prompt and cancel the startup of its own.\n","ACR-010":"The app bundler distributes the deceptor application. The offer in this bundler, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control.\nThe app shows the \"https://www.freeaudiovideosoft.com/\" link under the website option in the app's about page where all the apps that are listed under the website contain deceptive behavior.\n","ACR-083":"The app attempts to present the offer repeatedly via its update and startup.\n","ACR-084":"The app creates a startup entry without the consumer's knowledge and consent. \n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components along with a \"curl-ca-bundle.crt\" on the device without the consumer's consent or notifying the user. \n","ACR-122":"After uninstall and reboot, the app displays a notification stating \"Update recommended\" which downloads the app and asks the user to install it by displaying the install prompt.\n","ACR-057":"The app bundles the \"Relevant Knowledge\" offer which does not allow the consumer to decline the offer.\n","ACR-071":"The \"Relevant Knowledge\" offer cannot be declined independently as the installation is unable to proceed when attempting to decline the offer. Thus it forces the user to, only accept the offer and proceed with the installation.\n","ACR-075":"When the reboot is attempted after installation, it displays a prompt to the user with an \"Update Recommended\" message. This installs the same version of the app and re-runs the install and the offers that the consumer has previously declined.\n","ACR-014":"When the reboot is attempted after installation, it displays a prompt that misleads users that they need to install an update while actually, it tries to install the pre-declined component by the user during the install.\n","ACR-059":"The Offer is not clearly marked as an offer. It is unclear who is recommending the offer. \n","ACR-155":"Offers are designed to look like part of the install workflow.\n"},"nonDeceptorViolations":{"ACR-106":"App offers deceptive application 'Relevant Knowledge market survey'.\n","ACR-092":"The app does not have a digital signature for the main executable: \"AllFreeRingtoneMaker.exe\"\n","ACR-123":"The app does not remove its startup item even after uninstall.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\All Free Ringtone Maker\\AllFreeRingtoneMaker.exe","companyName":"","productName":"","productVersion":"","fileVersion":"","hashMD5":"5868a93c8a8ecbe263dd7d08b05902e9","hashSHA1":"ef6fc2bb86a89ab2374eb127830d4d910aae27f6","hashSHA256":"e0f53eb276ba26bb5d9834517dc345ea4b4229172ae26c190e1f61ffc377ee3d","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"490","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"AllFreeRingtoneMaker.exe","isInstaller":"True","companyName":"AllFreeVideoSoft Co. Ltd.                                  ","productName":"All Free Ringtone Maker                                     ","productVersion":"                                                  ","fileVersion":"                    ","hashMD5":"04757f18ccc479f0da5e1f04a0ea3166","hashSHA1":"dd155eab45e12d2c10acfa55a2a7e188f314f118","hashSHA256":"800019361b1d1c62c7556d4291bfffcb09d21ebe70973f9575310c5eba610ed4","digitalCertThumbprint":"347240ECC751AB91D4BA3282DC67ACC9A36D1128","digitalCertIssuer":"COMODO RSA Extended Validation Code Signing CA","digitalCertIssuedTo":"Beijing Qingruan Creative Information Technology Co. Ltd.","storeId":"","sourceIndex":"490","avBlockList":["360 Total Security (20250109)","Avast Premium Security (20250109)","AVG Internet Security (20250109)","Avira Internet Security (20250109)","Bitdefender Internet Security (20250109)","COMODO Antivirus (20250109)","Dr.Web Security Space (20250109)","ESET Internet Security (20250109)","G DATA INTERNET SECURITY (20250109)","K7 Total Security (20250109)","Kaspersky Internet Security (20220616)","Malwarebytes Premium (20250109)","McAfee Total Protection (20250109)","Norton Security (20250109)","Panda Dome (20250109)","Quick Heal Internet Security (20250109)","Sophos Home Premium (20250109)","SpyHunter5 (20250109)","Total AV Antivirus Pro (20250109)","Trend Micro Internet Security (20250109)","VIPRE Advanced Security (20250109)","VirIT eXplorer PRO (20250109)","Webroot SecureAnywhere (20250109)","Windows Defender (20250109)","FortectPremium (20250109)","KasperskyPremium (20250109)"],"avAllowList":["Tencent PC Manager (20220616)"]},{"isRevoked":"False","fileName":"AllFreeRingtoneMaker_241023.exe","isInstaller":"True","companyName":"AllFreeVideoSoft Co., Ltd.                                  ","fileVersion":"0.0","hashMD5":"c378cd465b8b22bdbb96dd0a7befc77b","hashSHA1":"45aa0c45bcb0d47de54de3c998d368079878cdd3","hashSHA256":"9ba2dd618f62e1f1f2789eb4c742a6b3b485c16ab964fd83a742baff007c54a4","sourceIndex":"490","avBlockList":["360 Total Security (20250116)","Avast Premium Security (20250116)","AVG Internet Security (20250116)","Avira Internet Security (20250116)","Bitdefender Internet Security (20250116)","COMODO Antivirus (20250116)","Dr.Web Security Space (20250116)","ESET Internet Security (20250116)","FortectPremium (20250116)","G DATA INTERNET SECURITY (20250116)","K7 Total Security (20250116)","KasperskyPremium (20250116)","Malwarebytes Premium (20250116)","McAfee Total Protection (20250116)","Norton Security (20250116)","Panda Dome (20250116)","Quick Heal Internet Security (20250116)","Sophos Home Premium (20250116)","SpyHunter5 (20250116)","Total AV Antivirus Pro (20250116)","Trend Micro Internet Security (20250116)","VIPRE Advanced Security (20250116)","VirIT eXplorer PRO (20250116)","Webroot SecureAnywhere (20250116)","Windows Defender (20250116)"],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Related Apps","reference":"","landingPage":"https://www.allfreevideoconverter.com/freeringtonemaker/index.html","directDownloadingLink":"https://www.allfreevideoconverter.com/download/AllFreeRingtoneMaker.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.allfreevideoconverter.com/download/AllFreeRingtoneMaker.exe","sourceIndex":"490"}],"sampleFiles":["241024/allfreeringtonemaker-220610/8.8.1/Samples/AllFreeRingtoneMaker.exe","241024/allfreeringtonemaker-220610/8.8.1/Samples/AllFreeRingtoneMaker_241023.exe"],"imageFiles":["241024/allfreeringtonemaker-220610/8.8.1/Images/ACR-109/ACR-109_Install_Drops_Third_Party.JPG","241024/allfreeringtonemaker-220610/8.8.1/Images/ACR-047/ACR-047_Install.JPG","241024/allfreeringtonemaker-220610/8.8.1/Images/ACR-047/ACR-047_Install.mp4","241024/allfreeringtonemaker-220610/8.8.1/Images/ACR-048/ACR-048_Install_No_Control_To_Decline.JPG","241024/allfreeringtonemaker-220610/8.8.1/Images/ACR-010/ACR-010_Install_Bundles_Deceptor.JPG","241024/allfreeringtonemaker-220610/8.8.1/Images/ACR-083/ACR-083_Software.JPG","241024/allfreeringtonemaker-220610/8.8.1/Images/ACR-083/ACR-083_Software_1.JPG","241024/allfreeringtonemaker-220610/8.8.1/Images/ACR-084/ACR-084_Software.JPG","241024/allfreeringtonemaker-220610/8.8.1/Images/ACR-048/ACR-048_Software.JPG","241024/allfreeringtonemaker-220610/8.8.1/Images/ACR-048/ACR-048_Software_1.JPG","241024/allfreeringtonemaker-220610/8.8.1/Images/ACR-010/ACR-010_Software.mp4","241024/allfreeringtonemaker-220610/8.8.1/Images/ACR-014/ACR-014_Software.JPG","241024/allfreeringtonemaker-220610/8.8.1/Images/ACR-014/ACR-014_Software.mp4","241024/allfreeringtonemaker-220610/8.8.1/Images/ACR-118/ACR-118_Uninstall.JPG","241024/allfreeringtonemaker-220610/8.8.1/Images/ACR-118/ACR-118_Uninstall_1.JPG","241024/allfreeringtonemaker-220610/8.8.1/Images/ACR-122/ACR-122_Uninstall.JPG","241024/allfreeringtonemaker-220610/8.8.1/Images/ACR-075/ACR-075_Bundler-MadeOffers.JPG","241024/allfreeringtonemaker-220610/8.8.1/Images/ACR-075/ACR-075_Bundler-MadeOffers.mp4","241024/allfreeringtonemaker-220610/8.8.1/Images/ACR-057/ACR-057_Bundler-MadeOffers.JPG","241024/allfreeringtonemaker-220610/8.8.1/Images/ACR-059/ACR-059_Bundler-MadeOffers.JPG","241024/allfreeringtonemaker-220610/8.8.1/Images/ACR-071/ACR-071_Bundler-MadeOffers.JPG","241024/allfreeringtonemaker-220610/8.8.1/Images/ACR-155/ACR-155_Bundler-MadeOffers.JPG"],"nonDeceptorImageFiles":["241024/allfreeringtonemaker-220610/8.8.1/Images/ACR-106/ACR-106_Software_Bundles_Deceptor.JPG","241024/allfreeringtonemaker-220610/8.8.1/Images/ACR-092/ACR-092_Software.JPG","241024/allfreeringtonemaker-220610/8.8.1/Images/ACR-123/ACR-123_Uninstall.JPG"],"guid":"ebed5114-380d-41cc-99ab-925bc4f65299_8.8.1_1","appID":"allfreeringtonemaker-220610","dateAdded":"241024","deceptorType":"App","name":"All Free Ringtone Maker","company":"AllFreeVideoSoft Co., Ltd.","version":"8.8.1","lastKnownStatus":"8.8.1","lastKnownDate":"241024","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2024-10-24T09:09:43.4475086+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":460},{"violations":{"ACR-109":"The app downloads \"spt_setup.exe\", a RelevantKnowledge file without the consumer's consent.\n","ACR-047":"When the reboot is attempted after installation, it displays a prompt to the user with an \"Update recommended\" message. This installs the same version of the app and re-runs the install and the offers that the consumer has previously declined.\n","ACR-048":"The \"Decline\" button does not have any control but still drops a RelevantKnowledge file “spt_setup.exe”.\nThe app does not provide control to remove the startup item that it created.\n","ACR-010":"The app bundler distributes deceptor application. The offer in this bundler, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control.\nThe app shows the \"https://www.freeaudiovideosoft.com/\" link on the app's about page where all the apps that are listed under the website contain deceptive behavior.\n","ACR-083":"The app attempts to present the offer repeatedly via its update and startup.\n","ACR-084":"The app creates a startup entry without the consumer's knowledge and consent.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains many of its components along with a \"curl-ca-bundle.crt\" on the device without the consumer's consent or notifying the user.\n","ACR-122":"The app displays a notification stating \"Update recommended\" which downloads the app and asks the user to install it by displaying the install prompt. This scenario is observed after uninstall and reboot.\n","ACR-057":"The app bundles the \"Relevant Knowledge\" offer which does not allow the consumer to decline the offer.\n","ACR-071":"The \"Relevant Knowledge\" offer cannot be declined independently as the installation is unable to proceed when attempting to decline the offer. Thus it forces the user to, only accept the offer and proceed with the installation.\n","ACR-075":"When the reboot is attempted after installation, it displays a prompt to the user with an \"Update Recommended\" message. This installs the same version of the app and re-runs the install and the offers that the consumer has previously declined.\n","ACR-014":"When the reboot is attempted after installation, it displays a prompt that misleads users that they need to install an update while actually, it tries to install the pre-declined component by the user during the install.\n","ACR-059":"The Offer is not clearly marked as an offer. It is unclear who is recommending the offer.\n","ACR-155":"Offers are designed to look like part of the install workflow.\n"},"nonDeceptorViolations":{"ACR-106":"App offers deceptive application 'Relevant Knowledge market survey'.\n","ACR-092":"The app does not have a digital signature for its main executable \"AllFreePDFtoWordConverter.exe\".\n","ACR-123":"The app does not remove its startup item after uninstall even after reboot.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\All Free PDF to Word Converter\\AllFreePDFtoWordConverter.exe","companyName":"","productName":"","productVersion":"","fileVersion":"","hashMD5":"8416de38390c16a0e3989e14dec05b73","hashSHA1":"c27608fcd80e396f5360a4d4afdb39943638ccfe","hashSHA256":"5973aeda541b52f0357cbb0fbffd3f33fb4775c0d34081e1fb3570c17e5f58e7","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"491","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"AllFreePDFtoWordConverter.exe","isInstaller":"True","companyName":"AllFreeVideoSoft Co. Ltd.                                  ","productName":"All Free PDF to Word Converter                              ","productVersion":"                                                  ","fileVersion":"                    ","hashMD5":"381e65f9f7afbe955dec9a5225e81fd9","hashSHA1":"119857b0f46165522e13ed374f491f12df3b0856","hashSHA256":"168727a3becd6496815c68e9a48e7b39911cef91a9088f4707e9b511f6b365e3","digitalCertThumbprint":"347240ECC751AB91D4BA3282DC67ACC9A36D1128","digitalCertIssuer":"COMODO RSA Extended Validation Code Signing CA","digitalCertIssuedTo":"Beijing Qingruan Creative Information Technology Co. Ltd.","storeId":"","sourceIndex":"491","avBlockList":["360 Total Security (20250109)","Avast Premium Security (20250109)","AVG Internet Security (20250109)","Avira Internet Security (20250109)","Bitdefender Internet Security (20250109)","COMODO Antivirus (20250109)","Dr.Web Security Space (20250109)","ESET Internet Security (20250109)","G DATA INTERNET SECURITY (20250109)","K7 Total Security (20250109)","Kaspersky Internet Security (20220616)","Malwarebytes Premium (20250109)","McAfee Total Protection (20250109)","Norton Security (20250109)","Panda Dome (20250109)","Quick Heal Internet Security (20250109)","Sophos Home Premium (20250109)","SpyHunter5 (20250109)","Total AV Antivirus Pro (20250109)","Trend Micro Internet Security (20250109)","VIPRE Advanced Security (20250109)","VirIT eXplorer PRO (20250109)","Webroot SecureAnywhere (20250109)","Windows Defender (20250109)","FortectPremium (20250109)","KasperskyPremium (20250109)"],"avAllowList":["Tencent PC Manager (20220616)"]},{"isRevoked":"False","fileName":"AllFreePDFtoWordConverter_241023.exe","isInstaller":"True","companyName":"AllFreeVideoSoft Co., Ltd.                                  ","fileVersion":"0.0","hashMD5":"ed1e350a9457b67f24db855525fb77d9","hashSHA1":"cf6ffa146d81dd5d0f0c45ab37ff8ed086c45eda","hashSHA256":"08a18fe357901d79af7e17c33c9e6dbd11ba63ea37d14f5a427fec811e97e036","sourceIndex":"491","avBlockList":["360 Total Security (20250116)","Avast Premium Security (20250116)","AVG Internet Security (20250116)","Avira Internet Security (20250116)","Bitdefender Internet Security (20250116)","COMODO Antivirus (20250116)","Dr.Web Security Space (20250116)","ESET Internet Security (20250116)","FortectPremium (20250116)","G DATA INTERNET SECURITY (20250116)","K7 Total Security (20250116)","KasperskyPremium (20250116)","Malwarebytes Premium (20250116)","McAfee Total Protection (20250116)","Norton Security (20250116)","Panda Dome (20250116)","Quick Heal Internet Security (20250116)","Sophos Home Premium (20250116)","SpyHunter5 (20250116)","Total AV Antivirus Pro (20250116)","Trend Micro Internet Security (20250116)","VIPRE Advanced Security (20250116)","VirIT eXplorer PRO (20250116)","Webroot SecureAnywhere (20250116)","Windows Defender (20250116)"],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Relevant Knowledge related apps","reference":"","landingPage":"https://www.allfreevideoconverter.com/freepdftowordconverter/index.html","directDownloadingLink":"https://www.allfreevideoconverter.com/download/AllFreePDFtoWordConverter.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.allfreevideoconverter.com/download/AllFreePDFtoWordConverter.exe","sourceIndex":"491"}],"sampleFiles":["241024/allfreepdftowordconverter-220613/8.8.1/Samples/AllFreePDFtoWordConverter.exe","241024/allfreepdftowordconverter-220613/8.8.1/Samples/AllFreePDFtoWordConverter_241023.exe"],"imageFiles":["241024/allfreepdftowordconverter-220613/8.8.1/Images/ACR-109/ACR-109_1.JPG","241024/allfreepdftowordconverter-220613/8.8.1/Images/ACR-047/ACR-047_1.mp4","241024/allfreepdftowordconverter-220613/8.8.1/Images/ACR-048/ACR-048_1.JPG","241024/allfreepdftowordconverter-220613/8.8.1/Images/ACR-010/ACR-010_Install_Bundles_Deceptive_App.JPG","241024/allfreepdftowordconverter-220613/8.8.1/Images/ACR-083/ACR-083_1.JPG","241024/allfreepdftowordconverter-220613/8.8.1/Images/ACR-083/ACR-083_2.mp4","241024/allfreepdftowordconverter-220613/8.8.1/Images/ACR-084/ACR-084_1.JPG","241024/allfreepdftowordconverter-220613/8.8.1/Images/ACR-048/ACR-048_1.JPG","241024/allfreepdftowordconverter-220613/8.8.1/Images/ACR-048/ACR-048_2.JPG","241024/allfreepdftowordconverter-220613/8.8.1/Images/ACR-010/ACR-010_2.JPG","241024/allfreepdftowordconverter-220613/8.8.1/Images/ACR-010/ACR-010_Software_1.JPG","241024/allfreepdftowordconverter-220613/8.8.1/Images/ACR-014/ACR-014_1.mp4","241024/allfreepdftowordconverter-220613/8.8.1/Images/ACR-118/ACR-118_1.JPG","241024/allfreepdftowordconverter-220613/8.8.1/Images/ACR-118/ACR-118_2.JPG","241024/allfreepdftowordconverter-220613/8.8.1/Images/ACR-118/ACR-118_3.JPG","241024/allfreepdftowordconverter-220613/8.8.1/Images/ACR-122/ACR-122_1.JPG","241024/allfreepdftowordconverter-220613/8.8.1/Images/ACR-075/ACR-075_1.mp4","241024/allfreepdftowordconverter-220613/8.8.1/Images/ACR-057/ACR-057_1.JPG","241024/allfreepdftowordconverter-220613/8.8.1/Images/ACR-059/ACR-059_1.JPG","241024/allfreepdftowordconverter-220613/8.8.1/Images/ACR-071/ACR-071_1.JPG","241024/allfreepdftowordconverter-220613/8.8.1/Images/ACR-155/ACR-155_1.JPG"],"nonDeceptorImageFiles":["241024/allfreepdftowordconverter-220613/8.8.1/Images/ACR-106/ACR-106_1.JPG","241024/allfreepdftowordconverter-220613/8.8.1/Images/ACR-092/ACR-092_1.JPG","241024/allfreepdftowordconverter-220613/8.8.1/Images/ACR-123/ACR-123_1.JPG"],"guid":"bae3ac28-4b2f-486c-9da3-1e09886e9376_8.8.1_1","appID":"allfreepdftowordconverter-220613","dateAdded":"241024","deceptorType":"App","name":"All Free PDF to Word Converter","company":"AllFreeVideoSoft Co., Ltd.","version":"8.8.1","lastKnownStatus":"8.8.1","lastKnownDate":"241024","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2024-10-24T09:08:20.1250439+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":461},{"violations":{"ACR-006":"The call center is not clearly attributed (who is the call center service provider)\n","ACR-008":"The free fix solution for the reported items is not clearly presented to user in scan summary.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\Quick PC Pro\\QuickPCPro.exe","companyName":"Digibay Private Limited","productName":"Quick PC Pro","productVersion":"3.8.0.0","fileVersion":"3.8.0.0","hashMD5":"37af2a650e30fef7f062dc73ebd6485c","hashSHA1":"c923ac651e4de40935aae857f34e297e028e0d16","hashSHA256":"3e859a3f5c041efc45817193baeb2305cefbe2f68e8827464c30e8410dc1af5c","digitalCertThumbprint":"B87A52CDD69F033F27DD17C2655C77DA265FD335","digitalCertIssuer":"Sectigo Public Code Signing CA R36","digitalCertIssuedTo":"Digibay Private Limited","storeId":"","sourceIndex":"504","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"QuickPCProSetup.exe","isInstaller":"True","companyName":"Digibay Private Limited","productName":"Quick PC Pro","productVersion":"3.8.0","fileVersion":"3.8.0","hashMD5":"d92fc9662129f19d1b5f65648cf22d56","hashSHA1":"a8d17e1dde43b861e0884df4bdac552ff36a9f68","hashSHA256":"462c3b3af8a0d42e4081ce1c3ae26693b1b4307f9ca5c082241632d3c529898d","digitalCertThumbprint":"B87A52CDD69F033F27DD17C2655C77DA265FD335","digitalCertIssuer":"Sectigo Public Code Signing CA R36","digitalCertIssuedTo":"Digibay Private Limited","storeId":"","sourceIndex":"504","avBlockList":["360 Total Security (20250121)","AVG Internet Security (20250121)","ESET Internet Security (20250121)","FortectPremium (20250121)","K7 Total Security (20250121)","Malwarebytes Premium (20250121)","Panda Dome (20250121)","Quick Heal Internet Security (20250121)","Sophos Home Premium (20250121)","SpyHunter5 (20250121)","VirIT eXplorer PRO (20250121)","Webroot SecureAnywhere (20250121)","Windows Defender (20250121)"],"avAllowList":["Avast Premium Security (20250121)","Avira Internet Security (20250121)","Bitdefender Internet Security (20250121)","COMODO Antivirus (20250121)","Dr.Web Security Space (20250121)","G DATA INTERNET SECURITY (20250121)","KasperskyPremium (20250121)","McAfee Total Protection (20250121)","Total AV Antivirus Pro (20250121)","Trend Micro Internet Security (20250121)","VIPRE Advanced Security (20250121)","Norton Security (20250121)"]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on windows app","reference":"","landingPage":"https://quickpcpro.com/","directDownloadingLink":"https://quickpcpro.com/QuickPCProSetup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://quickpcpro.com/QuickPCProSetup.exe","sourceIndex":"504"}],"sampleFiles":["241023/QuickPCPro-220523/3.8.0/Samples/QuickPCProSetup.exe"],"imageFiles":["241023/QuickPCPro-220523/3.8.0/Images/ACR-008/ACR-008.PNG","241023/QuickPCPro-220523/3.8.0/Images/ACR-006/ACR-006.PNG"],"nonDeceptorImageFiles":[],"guid":"df3083e2-f1ff-41ba-9374-dbce3f5796e8_3.8.0_1","appID":"QuickPCPro-220523","dateAdded":"241023","deceptorType":"App","name":"Quick PC Pro","company":"Digibay Private Limited","version":"3.8.0","lastKnownStatus":"3.7.9;3.8.0","lastKnownDate":"241023","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,paid","lastUpdate":"2024-10-23T19:29:43.394759+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":466},{"violations":{"ACR-006":"The call center is not clearly attributed (who is the call center service provider)\n","ACR-008":"The free fix solution for the reported items is not clearly presented to user in scan summary.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains one of its component on the device under a hidden folder without the consumer's consent or notifying the user.\n"},"nonDeceptorViolations":{"ACR-161":"The app’s landing page has testimonials that have no links back to a source so consumers can verify if they're real.\n"},"samples":[{"isRevoked":"False","fileName":"QuickPCPro.exe","companyName":"Digibay Private Limited","productName":"Quick PC Pro","productVersion":"3.7.9.0","fileVersion":"3.7.9","hashMD5":"5f0683b57d9ce73ebc06a51eda44f517","hashSHA1":"5075ed70a3786d965a0fbf44d32cff1c614bfa10","hashSHA256":"db2bd7f69b0d29404aa561de92adca6af620fb3f650af6ed53f8f0b23be7171d","digitalCertThumbprint":"A1E63273270C0BC78CE23271A674D6AB12E995B8","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Digibay Private Limited, O=Digibay Private Limited, STREET=\"104, 1-B Riverside Greens, Umroli, PANVEL Raigarh\", L=Navi Mumbai, S=Maharashtra, PostalCode=410206, C=IN","sourceIndex":"1596","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"QuickPCProSetup.exe","isInstaller":"True","companyName":"Digibay Private Limited","productName":"Quick PC Pro","fileVersion":"3.7.9","hashMD5":"8c49f2e5b01dbb5411c59cdf8ab6e959","hashSHA1":"fcbb83349d9e53c81cc49adc1627d38b137957ca","hashSHA256":"5c8f97fbc6db7a4d2ad9a7de3350a988ab34bc2a909a2917617ee12bee43d4ae","digitalCertThumbprint":"A1E63273270C0BC78CE23271A674D6AB12E995B8","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Digibay Private Limited, O=Digibay Private Limited, STREET=\"104, 1-B Riverside Greens, Umroli, PANVEL Raigarh\", L=Navi Mumbai, S=Maharashtra, PostalCode=410206, C=IN","sourceIndex":"1596","avBlockList":["360 Total Security (20241024)","Avira Internet Security (20241024)","Bitdefender Internet Security (20241024)","COMODO Antivirus (20241024)","ESET Internet Security (20241024)","G DATA INTERNET SECURITY (20241024)","McAfee Total Protection (20241024)","Norton Security (20241024)","Panda Dome (20241024)","Quick Heal Internet Security (20241024)","Sophos Home Premium (20241024)","SpyHunter5 (20241024)","Total AV Antivirus Pro (20241024)","VIPRE Advanced Security (20241024)","VirIT eXplorer PRO (20241024)","Webroot SecureAnywhere (20241024)","Windows Defender (20241024)","FortectPremium (20241024)"],"avAllowList":["Avast Premium Security (20241024)","AVG Internet Security (20241024)","Dr.Web Security Space (20241024)","K7 Total Security (20241024)","Kaspersky Internet Security (20220526)","Malwarebytes Premium (20241024)","Tencent PC Manager (20220526)","Trend Micro Internet Security (20241024)","KasperskyPremium (20241024)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.search: Free Pc Clean tools","reference":"","landingPage":"https://quickpcpro.com/","directDownloadingLink":"https://quickpcpro.com/QuickPCProSetup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://quickpcpro.com/QuickPCProSetup.exe","sourceIndex":"1596"}],"sampleFiles":["220523/QuickPCPro-220523/3.7.9/Samples/QuickPCPro.exe","220523/QuickPCPro-220523/3.7.9/Samples/QuickPCProSetup.exe"],"imageFiles":["220523/QuickPCPro-220523/3.7.9/Images/ACR-008/QuickPCPro_008.JPG","220523/QuickPCPro-220523/3.7.9/Images/ACR-006/QuickPCPro.JPG","220523/QuickPCPro-220523/3.7.9/Images/ACR-118/ACR118_QuickPCPro_Uninstall.jpg"],"nonDeceptorImageFiles":["220523/QuickPCPro-220523/3.7.9/Images/ACR-006/ACR006_CallCenter_Landing.jpg","220523/QuickPCPro-220523/3.7.9/Images/ACR-161/ACR-161_Testimonials.jpg","220523/QuickPCPro-220523/3.7.9/Images/ACR-161/ACR-161_Testimonials_us_page.jpg"],"guid":"df3083e2-f1ff-41ba-9374-dbce3f5796e8_3.7.9_1","appID":"QuickPCPro-220523","dateAdded":"241023","deceptorType":"App","name":"Quick PC Pro","company":"Digibay Private Limited","version":"3.7.9","lastKnownStatus":"3.7.9;3.8.0","lastKnownDate":"241023","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,paid","lastUpdate":"2024-10-23T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":467},{"violations":{"ACR-004":"The app does not provide a fully functional free trial, requires purchase to fix problems identified during the free scan.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\Fast Computer\\OptimAdmin.exe","companyName":"AMS Software","productName":"Ускоритель компьютера","productVersion":"4.15","fileVersion":"4.15.0.403","hashMD5":"9b90baebef8b31ff8f9764764b9917b1","hashSHA1":"86eed9977be1ec33d30f4e9c7c004240915742b0","hashSHA256":"292861d849db2f66ab0a05a3079f4037d9c2ecd454dbf86fef2fd501071505e6","digitalCertThumbprint":"063091C0E731D1A159BE1FF07512C88469065948","digitalCertIssuer":"GlobalSign GCC R45 CodeSigning CA 2020","digitalCertIssuedTo":"AMS SOFTWARE LLC","storeId":"","sourceIndex":"505","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"FastComputerOT.exe","isInstaller":"True","companyName":"AMS Software                                                ","productName":"Ускоритель Компьютера                                       ","productVersion":"4.15                ","fileVersion":"4.15                ","hashMD5":"309864b0592bd40ce632cf6040cf2c4a","hashSHA1":"9890ad6e75227e5fd79e0745925394f9baffeb3f","hashSHA256":"54ad32dc330112b873c19d8a37b5c5b1ccd961a7b1ae2f665307ef465e3b01b3","digitalCertThumbprint":"063091C0E731D1A159BE1FF07512C88469065948","digitalCertIssuer":"GlobalSign GCC R45 CodeSigning CA 2020","digitalCertIssuedTo":"AMS SOFTWARE LLC","storeId":"","sourceIndex":"505","avBlockList":["Bitdefender Internet Security (20250121)","Dr.Web Security Space (20250121)","ESET Internet Security (20250121)","FortectPremium (20250121)","G DATA INTERNET SECURITY (20250121)","K7 Total Security (20250121)","KasperskyPremium (20250121)","Malwarebytes Premium (20250121)","Panda Dome (20250121)","Quick Heal Internet Security (20250121)","Sophos Home Premium (20250121)","SpyHunter5 (20250121)","VIPRE Advanced Security (20250121)","VirIT eXplorer PRO (20250121)","Webroot SecureAnywhere (20250121)","Windows Defender (20250121)"],"avAllowList":["360 Total Security (20250121)","Avast Premium Security (20250121)","AVG Internet Security (20250121)","Avira Internet Security (20250121)","COMODO Antivirus (20250121)","McAfee Total Protection (20250121)","Total AV Antivirus Pro (20250121)","Trend Micro Internet Security (20250121)","Norton Security (20250121)"]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on windows app","reference":"","landingPage":"http://fast-computer.su/","directDownloadingLink":"https://fast-computer.su/out_files_pages.php?out=FastComputerOT.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://fast-computer.su/out_files_pages.php?out=FastComputerOT.exe","sourceIndex":"505"}],"sampleFiles":["241023/ComputerAccelerator-200429/4.15/Samples/FastComputerOT.exe"],"imageFiles":["241023/ComputerAccelerator-200429/4.15/Images/ACR-004/ACR-004.PNG","241023/ComputerAccelerator-200429/4.15/Images/ACR-004/ACR-004_1.PNG"],"nonDeceptorImageFiles":[],"guid":"ce1815d7-56ea-4acf-8ccd-4b3ada4fe724_4.15_1","appID":"ComputerAccelerator-200429","dateAdded":"241023","deceptorType":"App","name":"Computer Accelerator","company":"AMS Software Rus.","version":"4.15","lastKnownStatus":"4.0;4.15","lastKnownDate":"241023","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2024-10-23T19:27:21.9180414+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":468},{"violations":{"ACR-109":"The app installs \"Yandex\", \"Yandex taskbar button\", \"Voice helper Alisa\" without explicit user permission.\n","ACR-042":"The app installs \"Yandex\", \"Yandex taskbar button\", and \"Voice helper Alisa\" without explicit user permission; the offer is opt-out.\n","ACR-043":"The app installs \"Yandex\", \"Yandex taskbar button\", and \"Voice helper Alisa\" without disclosing in the offer. Offer in install is not readable and is opt-out.\n","ACR-003":"The app uses the \"traffic color\" red to create exaggerated claims about the system's health and trick the user into buying the full version.\n","ACR-004":"The app does not provide a fully functional free trial, requires purchase to fix problems identified during the free scan.\n"},"nonDeceptorViolations":{"ACR-065":"The app's install page does not contain links to the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThe app's about page does not contain links to the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThe bottom of the app's landing page does not contain links to the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThe app's internal offers does not contain links to the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\n","ACR-161":"The landing page contains testimonials with no link back to the original source, making them unverifiable.\n","ACR-099":"The app's about page does not contain links to uninstall information.\nThe app's landing page does not contain links to uninstall information.\nThe app's internal offers page does not contain links to uninstall information.\n","ACR-035":"There is no EULA/Terms of Service, Returns and Cancellation Policy, Privacy Policy.\n","ACR-167":"There is no Returns and Cancellations Policy.\n"},"samples":[{"isRevoked":"False","fileName":"FastComputerOT.exe","isInstaller":"True","companyName":"AMS Software                                                ","fileVersion":"0.0","hashMD5":"6fb7675215bb3803d265e2b6724936f4","hashSHA1":"532a1641269505789d99746b1a409a34d0d11ba7","hashSHA256":"3f4f5e0940d7bfa70e72522e8121e89d7bbd7eb6f18cb13fc7b3fe19d4cfff0e","digitalCertThumbprint":"EA92364DD9408FF347BDD7063C2824E7C4ED6139","digitalCertIssuer":"CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US","digitalCertIssuedTo":"CN=AMS Software LLC, O=AMS Software LLC, L=Yaroslavl, S=Yaroslavskaya oblast, C=RU","sourceIndex":"2482","avBlockList":["Avast Premium Security (20241024)","AVG Internet Security (20241024)","Avira Internet Security (20241024)","Bitdefender Internet Security (20241024)","Dr.Web Security Space (20241024)","ESET Internet Security (20241024)","K7 Total Security (20241024)","Kaspersky Internet Security (20200616)","Malwarebytes Premium (20241024)","McAfee Total Protection (20241024)","Norton Security (20241024)","Panda Dome (20241024)","Sophos Home Premium (20241024)","SpyHunter5 (20241024)","Tencent PC Manager (20200616)","Total AV Antivirus Pro (20241024)","Trend Micro Internet Security (20241024)","VIPRE Advanced Security (20241024)","VirIT eXplorer PRO (20241024)","Webroot SecureAnywhere (20241024)","Windows Defender (20241024)","FortectPremium (20241024)","KasperskyPremium (20241024)"],"avAllowList":["360 Total Security (20241024)","COMODO Antivirus (20241024)","G DATA INTERNET SECURITY (20241024)","Quick Heal Internet Security (20241024)"]},{"isRevoked":"False","fileName":"OptimAdmin.exe","companyName":"AMS Software","fileVersion":"4.0","hashMD5":"f79df2b1549dbe13b8513a19ac0df111","hashSHA1":"e9ce233c14ad126b96219dfe687a31bda3c44251","hashSHA256":"2a843bd4d5fe2e2f2700e2f930b438318356f4d9ac84f0a7c367c4a9eaa3a0e4","digitalCertThumbprint":"EA92364DD9408FF347BDD7063C2824E7C4ED6139","digitalCertIssuer":"CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US","digitalCertIssuedTo":"CN=AMS Software LLC, O=AMS Software LLC, L=Yaroslavl, S=Yaroslavskaya oblast, C=RU","sourceIndex":"2482","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"","landingPage":"http://fast-computer.su/","directDownloadingLink":"http://fast-computer.su/out_pages.php?out=FastComputerOT.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://fast-computer.su/out_pages.php?out=FastComputerOT.exe","sourceIndex":"2482"}],"sampleFiles":["200429/ComputerAccelerator-200429/4.0/Samples/FastComputerOT.exe","200429/ComputerAccelerator-200429/4.0/Samples/OptimAdmin.exe"],"imageFiles":["200429/ComputerAccelerator-200429/4.0/Images/ACR-109/ACR-109.png","200429/ComputerAccelerator-200429/4.0/Images/ACR-109/Installed Programs.png","200429/ComputerAccelerator-200429/4.0/Images/ACR-109/Opt-out offer.png","200429/ComputerAccelerator-200429/4.0/Images/ACR-043/ACR-043.png","200429/ComputerAccelerator-200429/4.0/Images/ACR-043/Installed Programs.png","200429/ComputerAccelerator-200429/4.0/Images/ACR-043/Opt-out offer.png","200429/ComputerAccelerator-200429/4.0/Images/ACR-042/ACR-042.png","200429/ComputerAccelerator-200429/4.0/Images/ACR-042/Installed Programs.png","200429/ComputerAccelerator-200429/4.0/Images/ACR-042/Opt-out offer.png","200429/ComputerAccelerator-200429/4.0/Images/ACR-003/Computer Accelerator ACR-003.png","200429/ComputerAccelerator-200429/4.0/Images/ACR-004/Computer Accelerator ACR-004 [2].gif","200429/ComputerAccelerator-200429/4.0/Images/ACR-004/Computer Accelerator ACR-004.gif"],"nonDeceptorImageFiles":["200429/ComputerAccelerator-200429/4.0/Images/ACR-065/Install.png","200429/ComputerAccelerator-200429/4.0/Images/ACR-065/About Page.png","200429/ComputerAccelerator-200429/4.0/Images/ACR-065/Landing Page.png","200429/ComputerAccelerator-200429/4.0/Images/ACR-065/Internal Offers.png","200429/ComputerAccelerator-200429/4.0/Images/ACR-161/ACR-161.png","200429/ComputerAccelerator-200429/4.0/Images/ACR-161/ACR-161 [2].png","200429/ComputerAccelerator-200429/4.0/Images/ACR-099/About Page.png","200429/ComputerAccelerator-200429/4.0/Images/ACR-099/Landing Page.png","200429/ComputerAccelerator-200429/4.0/Images/ACR-099/Internal Offers.png","200429/ComputerAccelerator-200429/4.0/Images/ACR-035/Landing Page.png","200429/ComputerAccelerator-200429/4.0/Images/ACR-167/Landing Page.png"],"guid":"ce1815d7-56ea-4acf-8ccd-4b3ada4fe724_4.0_1","appID":"ComputerAccelerator-200429","dateAdded":"241023","deceptorType":"App","name":"Computer Accelerator","company":"AMS Software Rus.","version":"4.0","sigName":"Deceptor:Win32/ComputerAccelerator!109043042003004","lastKnownStatus":"4.0;4.15","lastKnownDate":"241023","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2024-10-23T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":469},{"violations":{"ACR-042":"Offers installed without obtaining explicit user acceptance. \n","ACR-003":"App differentiates issues urgency and healthy status by using traffic color (using orange color) \n","ACR-004":"Additional software needs to download to fix the scanning result. No free fix solution in app itself provided for items reported.\n","ACR-013":"Installation flow is interrupted by offer, requiring user action, to silently install an unrelated app. \n","ACR-014":"1.The offer made during installation misleads user that it is part of installation and action is needed by user. \n2. The notification exaggerates the protection status. (The system is protected by Defender real time at the moment) \n","ACR-055":"Offers during installation are selected to install by default. No obvious Accept/Decline options for user to make decision.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"asc-ultimate-setup.exe","isInstaller":"True","companyName":"IObit                                                       ","fileVersion":"17.0","hashMD5":"99fabdc663d5e14dd4fd655c685d84ac","hashSHA1":"e019c2563310fd1dbf81988ca0d30dea1eb9b81d","hashSHA256":"56dc39dae0fbb4f23322304687ca7246dd98b77b0e2d6cddec6482e233ab921b","digitalCertThumbprint":"5646BB49650557BB6C46EB30C6824D4EF6F5070D","digitalCertIssuer":"CN=Sectigo Public Code Signing CA R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=\"IObit CO., LTD\", O=\"IObit CO., LTD\", S=Sichuan Sheng, C=CN","sourceIndex":"347","avBlockList":["COMODO Antivirus (20241121)","Dr.Web Security Space (20241121)","ESET Internet Security (20241121)","KasperskyPremium (20241121)","Malwarebytes Premium (20241121)","Panda Dome (20241121)","Sophos Home Premium (20241121)","SpyHunter5 (20241121)","VirIT eXplorer PRO (20241121)","Webroot SecureAnywhere (20241121)"],"avAllowList":["360 Total Security (20241121)","Avast Premium Security (20241121)","AVG Internet Security (20241121)","Avira Internet Security (20241121)","Bitdefender Internet Security (20241121)","FortectPremium (20241121)","G DATA INTERNET SECURITY (20241121)","K7 Total Security (20241121)","McAfee Total Protection (20241121)","Quick Heal Internet Security (20241121)","Total AV Antivirus Pro (20241121)","Trend Micro Internet Security (20241121)","VIPRE Advanced Security (20241121)","Windows Defender (20241121)"]},{"isRevoked":"False","fileName":"ASC.exe","companyName":"IObit","fileVersion":"17.0","hashMD5":"7e9d6c65a1d8b5c82ab4171c12b1aa03","hashSHA1":"8b4166e52a16c6fb23175694eac8dfefffa1e5eb","hashSHA256":"896e1724f4d679bb10594420aad049ac9355ee43d3476871dd3360b68350b0f4","digitalCertThumbprint":"5646BB49650557BB6C46EB30C6824D4EF6F5070D","digitalCertIssuer":"CN=Sectigo Public Code Signing CA R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=\"IObit CO., LTD\", O=\"IObit CO., LTD\", S=Sichuan Sheng, C=CN","sourceIndex":"347","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Related app hunting","reference":"iobit","landingPage":"https://www.iobit.com/en/advanced-systemcare-antivirus.php","directDownloadingLink":"https://www.iobit.com/en/advanced-systemcare-antivirus.php#","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.iobit.com/en/advanced-systemcare-antivirus.php#","sourceIndex":"347"}],"sampleFiles":["241022/ASCUltimate-241022/17.0.0.71/Samples/asc-ultimate-setup.exe"],"imageFiles":["241022/ASCUltimate-241022/17.0.0.71/Images/ACR-055/ACR-055_Install_1.png","241022/ASCUltimate-241022/17.0.0.71/Images/ACR-042/ACR-042_Install_1.png","241022/ASCUltimate-241022/17.0.0.71/Images/ACR-042/ACR-042_Install_2.png","241022/ASCUltimate-241022/17.0.0.71/Images/ACR-013/ACR-013_Install_1.png","241022/ASCUltimate-241022/17.0.0.71/Images/ACR-014/ACR-014_Install_1.png","241022/ASCUltimate-241022/17.0.0.71/Images/ACR-014/ACR-014_Install_2.png","241022/ASCUltimate-241022/17.0.0.71/Images/ACR-004/ACR-004_Software_1.png","241022/ASCUltimate-241022/17.0.0.71/Images/ACR-003/ACR-003_Software_1.png"],"nonDeceptorImageFiles":[],"guid":"df5e7267-4d72-4426-805b-b1a177f567f9_17.0.0.71_1","appID":"ASCUltimate-241022","dateAdded":"241022","deceptorType":"App","name":"ASCUltimate","company":"iobit","version":"17.0.0.71","firstVendorContactDate":"241023","firstAppEsteemReplyDate":"241023","firstResolvedDate":"241122","firstResolvedVersion":"17.1.0.93","resolved":"TRUE","lastKnownStatus":"17.0.0.71","lastKnownDate":"241022","type":"Windows Executable","category":"Productivity, SysTools & Utilities","targetOS":"Windows 7,Windows 8,Windows 10,Windows 11","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"install offers,up-sell to paid","lastUpdate":"2024-11-22T16:38:16.3145214+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":470},{"violations":{"ACR-003":"The app uses exclamation symbols together with the traffic color, misleading unnecessary urgency to user.\n","ACR-004":"The application does not provide a fully functioning free trial. The app does not provide free fixes for the results identified during the free scan.\n"},"nonDeceptorViolations":{"ACR-002":"Company Name in the webpage comes from Liangdu Technologies, which was not mentioned/disclosed in the EULA \n","ACR-161":"The application's internal offer page displays testimonials but does not provide any links back to a source so they can be verified.\n"},"samples":[{"isRevoked":"False","fileName":"MR_Setup.dmg","isInstaller":"True","fileVersion":"0.","hashMD5":"d26c1a3fc89f1867cb28aa5915ab2d6a","hashSHA1":"94bb73124616941ed51dde6f2e8d9c4d495c08f4","hashSHA256":"e6f1cf0fc7a9f318745ce41d9770ffcbedad4d88b14b80a563e94982d11ec060","sourceIndex":"506","avBlockList":["Bitdefender Antivirus for Mac (20250114)","ESET Cyber Security Pro for Mac (20250114)","G DATA AntiVirus for Mac (20250114)","McAfee Internet Security for Mac (20250114)","SpyHunterforMac (20250114)","Trend Micro Antivirus for Mac (20250114)","Sophos Home Premium For Mac (20250114)"],"avAllowList":["Avast Security for Mac (20250114)","Avira Security for Mac (20250114)","K7 Antivirus for Mac (20250114)","Kaspersky Internet Security for Mac (20250114)","Norton Security for Mac (20250114)"]},{"isRevoked":"False","fileName":"MacRemover","fileVersion":"0.","hashMD5":"697796a4a1f5dddae66484c29229be0c","hashSHA1":"7d3fbc029ee2092afa2b3b81fe226786f467334d","hashSHA256":"9b2eee99b62fbb50a4be968f5b9385779c5a927acd355a6ccb019c51fb10dc03","sourceIndex":"506","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"google search \"uninstall unwanted apps from\"","reference":"https://macremover.com/","landingPage":"https://macremover.com","directDownloadingLink":"https://macremover.com/MR_Setup.dmg","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://macremover.com/MR_Setup.dmg","sourceIndex":"506"}],"sampleFiles":["241021/MacRemover-191004/4.5.7/Samples/MR_Setup.dmg","241021/MacRemover-191004/4.5.7/Samples/MacRemover"],"imageFiles":["241021/MacRemover-191004/4.5.7/Images/ACR-004/app2.png","241021/MacRemover-191004/4.5.7/Images/ACR-004/app5.png","241021/MacRemover-191004/4.5.7/Images/ACR-004/app6.png","241021/MacRemover-191004/4.5.7/Images/ACR-003/app6.png"],"nonDeceptorImageFiles":["241021/MacRemover-191004/4.5.7/Images/ACR-161/MacRemover - Better solution to fully remove Mac apps1.png","241021/MacRemover-191004/4.5.7/Images/ACR-002/offer.png"],"guid":"0a2bbce7-57d0-4252-89d9-c478881da657_4.5.7_1","appID":"MacRemover-191004","dateAdded":"241021","deceptorType":"MacOS App","name":"MacRemover","company":"MacRemover.com","version":"4.5.7","lastKnownStatus":"Deceptor:4.5.0;4.5.5;4.5.6;4.5.7","lastKnownDate":"241021","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2026-05-12T22:59:49.1129375+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":4,"sortOrder":471},{"violations":{"ACR-003":"The app uses exclamation symbols together with the traffic color, misleading unnecessary urgency to user.\n","ACR-004":"The application does not provide a fully functioning free trial. The app does not provide free fixes for the results identified during the free scan.\n"},"nonDeceptorViolations":{"ACR-002":"Company Name in the webpage comes from Liangdu Technologies, which was not mentioned/disclosed in the EULA \n","ACR-161":"The application's internal offer page displays testimonials but does not provide any links back to a source so they can be verified.\n"},"samples":[{"isRevoked":"False","fileName":"MR_Setup.dmg","isInstaller":"True","fileVersion":"0.","hashMD5":"63a1e741883ad903d1ca02163057f672","hashSHA1":"290776e012ffc6ba11357a524ee204e0fdbff35f","hashSHA256":"7a682ec0faf7292b654ce8fc66d36c509fde45a4d095c906e1404054fb44572f","sourceIndex":"570","avBlockList":["ESET Cyber Security Pro for Mac (20241010)","McAfee Internet Security for Mac (20241010)","Norton Security for Mac (20240910)","SpyHunterforMac (20241010)","Trend Micro Antivirus for Mac (20241010)"],"avAllowList":["Avast Security for Mac (20241010)","Avira Security for Mac (20241010)","Bitdefender Antivirus for Mac (20241010)","G DATA AntiVirus for Mac (20241010)","K7 Antivirus for Mac (20241010)","Kaspersky Internet Security for Mac (20241010)","Sophos Home Premium For Mac (20241010)"]},{"isRevoked":"False","fileName":"MacRemover","fileVersion":"0.","hashMD5":"c4a97bb1c841b2d44224d29b951266ee","hashSHA1":"452017136c60f639f571051ff64183ae57c2d38b","hashSHA256":"654e28e0467d1be04a0107fb8291ac9fd605fff1474d070fdbbbf55b915936b6","sourceIndex":"570","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"google search \"uninstall unwanted apps from\"","reference":"","landingPage":"https://macremover.com","directDownloadingLink":"https://macremover.com/MR_Setup.dmg","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://macremover.com/MR_Setup.dmg","sourceIndex":"570"}],"sampleFiles":["240826/MacRemover-191004/4.5.6/Samples/MR_Setup.dmg","240826/MacRemover-191004/4.5.6/Samples/MacRemover"],"imageFiles":["240826/MacRemover-191004/4.5.6/Images/ACR-004/App3.png","240826/MacRemover-191004/4.5.6/Images/ACR-004/App4.png","240826/MacRemover-191004/4.5.6/Images/ACR-004/App5.png","240826/MacRemover-191004/4.5.6/Images/ACR-003/App5.png"],"nonDeceptorImageFiles":["240826/MacRemover-191004/4.5.6/Images/ACR-161/MacRemover - Better solution to fully remove Mac apps1.png","240826/MacRemover-191004/4.5.6/Images/ACR-002/Offer2.png"],"guid":"0a2bbce7-57d0-4252-89d9-c478881da657_4.5.6_1","appID":"MacRemover-191004","dateAdded":"241021","deceptorType":"MacOS App","name":"MacRemover","company":"MacRemover.com","version":"4.5.6","lastKnownStatus":"Deceptor:4.5.0;4.5.5;4.5.6;4.5.7","lastKnownDate":"241021","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2026-05-12T22:59:51.3335224+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":4,"sortOrder":472},{"violations":{"ACR-004":"The application shows free results that request pay for subscription fee to fix them.\n"},"nonDeceptorViolations":{"ACR-161":"The application's internal offer page displays testimonials but does not provide any links back to a source so they can be verified.\n","ACR-092":"The App shows different vendor name \"Guangxi Nanning Liangdu Technology Inc.\" that is not mentioned in the App's landing page and product information.\n","ACR-157":"The application does not have a digital signature.\n","ACR-099":"The application has no link or information that shows how it can be uninstalled.\n","ACR-150":"The app displays star awards from Macworld Editor's Choice that is unable to be verified.\n"},"samples":[{"isRevoked":"False","fileName":"MR_Setup.dmg","isInstaller":"True","companyName":"MacRemover.com","productName":"MacRemover","productVersion":"4.5.0","fileVersion":"4.5.0","hashMD5":"b12268bfbd0dd4220e2001944857ad67","hashSHA1":"3e8405a13342557167d7a5088e94fb6d8a7240bf","hashSHA256":"385e4f95a87e15549ac9226a94539f17929c2d6b3f2ac2b59ce8b2e4070c952b","sourceIndex":"2651","avBlockList":["Avira Security for Mac (20200116)","Bitdefender Antivirus for Mac (20200116)","ESET Cyber Security Pro for Mac (20200116)","G DATA AntiVirus for Mac (20200116)","McAfee Internet Security for Mac (20200116)","Norton Security for Mac (20200116)","Sophos Home Premium For Mac (20200116)"],"avAllowList":["Avast Security for Mac (20200116)","K7 Antivirus for Mac (20200116)","Kaspersky Internet Security for Mac (20200116)","Trend Micro Antivirus for Mac (20200116)"]},{"isRevoked":"False","fileName":"/Applications/Mac Remover.app/Contents/MacOS/MacRemover","companyName":"MacRemover.com","productName":"MacRemover","productVersion":"4.5.0","fileVersion":"4.5.0","hashMD5":"43994019dc5b863a12d764b6585de207","hashSHA1":"e5ca8b794910227e288856888bad637ec173bb06","hashSHA256":"f0cba7b1e675d3b6dbf54e9b030690624aabd78db2f0055ae7c432fb7017322a","sourceIndex":"2651","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"google search \"uninstall unwanted apps from\"","reference":"https://macremover.com/uninstallguides/2015/11/06/how-to-uninstall-reeder-2-completely-all-you-need-is-here/","landingPage":"https://macremover.com","directDownloadingLink":"https://macremover.com/MR_Setup.dmg","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://macremover.com/MR_Setup.dmg","sourceIndex":"2651"}],"sampleFiles":["191008/MacRemover-191004/4.5.0/Samples/MR_Setup.dmg","191008/MacRemover-191004/4.5.0/Samples/MacRemover"],"imageFiles":["191008/MacRemover-191004/4.5.0/Images/ACR-004/run_analysis.png","191008/MacRemover-191004/4.5.0/Images/ACR-004/004.png","191008/MacRemover-191004/4.5.0/Images/ACR-004/buy.png","191008/MacRemover-191004/4.5.0/Images/ACR-004/buy2.png","191008/MacRemover-191004/4.5.0/Images/ACR-004/buy3.png"],"nonDeceptorImageFiles":["191008/MacRemover-191004/4.5.0/Images/ACR-161/161.png","191008/MacRemover-191004/4.5.0/Images/ACR-150/150.png","191008/MacRemover-191004/4.5.0/Images/ACR-092/about.png","191008/MacRemover-191004/4.5.0/Images/ACR-092/buy2.png"],"guid":"0a2bbce7-57d0-4252-89d9-c478881da657_4.5.0_1","appID":"MacRemover-191004","dateAdded":"241021","deceptorType":"MacOS App","name":"MacRemover","company":"MacRemover.com","version":"4.5.0","sigName":"Deceptor:MacOS/MacRemover!004","lastKnownStatus":"Deceptor:4.5.0;4.5.5;4.5.6;4.5.7","lastKnownDate":"241021","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2024-10-21T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":4,"sortOrder":474},{"violations":{"ACR-004":"The application does not provide a fully functioning free trial. The app does not provide free fixes for the results identified during the free scan.\n"},"nonDeceptorViolations":{"ACR-002":"Company Name in the webpage comes from Liangdu Technologies, which was not mentioned/disclosed in the EULA \n","ACR-161":"The application's internal offer page displays testimonials but does not provide any links back to a source so they can be verified.\n","ACR-099":"The application has no link or information that shows how it can be uninstalled.\n","ACR-150":"The app displays star awards from Macworld Editor's Choice that is unable to be verified.\n"},"samples":[{"isRevoked":"False","fileName":"MR_Setup.dmg","isInstaller":"True","fileVersion":"0.","hashMD5":"5f964368992ea2721d976bf027581ae2","hashSHA1":"68b527c51fb957dc4e5fe97a593fd313491e13d5","hashSHA256":"23ca16d9b1c2d7c6ae828042ee80748fc5871b504e1d3e126a480237edca7a7e","sourceIndex":"1425","avBlockList":["Avira Security for Mac (20221108)","Bitdefender Antivirus for Mac (20221108)","ESET Cyber Security Pro for Mac (20221108)","G DATA AntiVirus for Mac (20221108)","Norton Security for Mac (20221108)","Sophos Home Premium For Mac (20221108)","Trend Micro Antivirus for Mac (20221108)"],"avAllowList":["Avast Security for Mac (20221108)","K7 Antivirus for Mac (20221108)","Kaspersky Internet Security for Mac (20221108)","McAfee Internet Security for Mac (20221108)"]},{"isRevoked":"False","fileName":"Mac Remover.app.zip","fileVersion":"0.","hashMD5":"5fff977eed3e4249a2db24b5d1f788e5","hashSHA1":"2a6a30b856f2a89b428d9310c3a2dee65ac15d0f","hashSHA256":"603d392cf807162fb135abdc6b4408b187bc8d070d28b5610bca66d4b56e695d","sourceIndex":"1425","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"MacRemover","fileVersion":"0.","hashMD5":"5fff977eed3e4249a2db24b5d1f788e5","hashSHA1":"2a6a30b856f2a89b428d9310c3a2dee65ac15d0f","hashSHA256":"02cebc4ff242024fdfd92899c494592ceccca0d4894f68a2a490288352f2d920","sourceIndex":"1425","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Company website","reference":"","landingPage":"https://macremover.com","directDownloadingLink":"https://macremover.com/MR_Setup.dmg","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://macremover.com/MR_Setup.dmg","sourceIndex":"1425"}],"sampleFiles":["220914/MacRemover-191004/4.5.5/Samples/MR_Setup.dmg","220914/MacRemover-191004/4.5.5/Samples/MacRemover"],"imageFiles":["220914/MacRemover-191004/4.5.5/Images/ACR-004/USE_MainPage2.png","220914/MacRemover-191004/4.5.5/Images/ACR-004/USE_MainWindow.png","220914/MacRemover-191004/4.5.5/Images/ACR-004/USE_PromptAfterScan.png","220914/MacRemover-191004/4.5.5/Images/ACR-004/USE_Upgrade2.png"],"nonDeceptorImageFiles":["220914/MacRemover-191004/4.5.5/Images/ACR-161/WEB_Testimonials.png","220914/MacRemover-191004/4.5.5/Images/ACR-150/150.png","220914/MacRemover-191004/4.5.5/Images/ACR-002/USE_PromptAfterScan.png","220914/MacRemover-191004/4.5.5/Images/ACR-002/USE_UpgradeOffer.png","220914/MacRemover-191004/4.5.5/Images/ACR-002/USE_Upgrade2.png"],"guid":"0a2bbce7-57d0-4252-89d9-c478881da657_4.5.5_1","appID":"MacRemover-191004","dateAdded":"241021","deceptorType":"MacOS App","name":"MacRemover","company":"MacRemover.com","version":"4.5.5","lastKnownStatus":"Deceptor:4.5.0;4.5.5;4.5.6;4.5.7","lastKnownDate":"241021","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2024-10-21T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":4,"sortOrder":473},{"violations":{"ACR-004":"The app provides free scans but does not provide a fully functioning free trial with free fixes for any results, and the fixes are not anticipated to be permanent.\n"},"nonDeceptorViolations":{"ACR-065":"The app's install does not show links to the EULA, Returns and Cancellation Policy, or the Privacy Policy,\nThe app does not show links to the EULA, the Returns and Cancellation Policy, or the Privacy Policy.\nThe landing page does not show a link to the Returns and Cancellation Policy.\n","ACR-099":"The app does not show links to uninstall information.\nThe landing page does not show links to uninstall information.\nThe internal offers page does not show links to uninstall information.\n"},"samples":[{"isRevoked":"False","fileName":"AweCleanerTrial.dmg","isInstaller":"True","fileVersion":"0.","hashMD5":"76cbf71df2eb321fe6bde871d0be2ef2","hashSHA1":"6e3fc067d9b412856dba8574dd118dbb1d8b196b","hashSHA256":"b76157b225a03012bc0c922aa28d252fb336e79f0b7459aa3169b8f6fedab68c","sourceIndex":"2781","avBlockList":["Avast Security for Mac (20211012)","Avira Security for Mac (20211012)","Bitdefender Antivirus for Mac (20211012)","ESET Cyber Security Pro for Mac (20211012)","G DATA AntiVirus for Mac (20211012)","K7 Antivirus for Mac (20211012)","McAfee Internet Security for Mac (20211012)","Norton Security for Mac (20211012)","Sophos Home Premium For Mac (20211012)","Trend Micro Antivirus for Mac (20211012)"],"avAllowList":["Kaspersky Internet Security for Mac (20211012)"]},{"isRevoked":"False","fileName":"AweCleaner","fileVersion":"0.","hashMD5":"73ebb0217f95e95cd5156293c3cb8d6b","hashSHA1":"00dde6f68fa89d9545da34f74524025bd273822a","hashSHA256":"21e85e6a8201bb275b22aa919be60dfc907806ce9b6417ef2a826d21f139b222","sourceIndex":"2781","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Submission","reference":"Hazel 190422","landingPage":"https://www.magoshare.com/mac-cleaner/awecleaner-for-mac.html","directDownloadingLink":"https://www.magoshare.com/trial/awecleanertrial.zip","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.magoshare.com/trial/awecleanertrial.zip","sourceIndex":"2781"}],"sampleFiles":["190919/AweCleaner-190424/4.0/Samples/AweCleanerTrial.dmg"],"imageFiles":["190919/AweCleaner-190424/4.0/Images/ACR-004/AweCleaner 004.gif"],"nonDeceptorImageFiles":["190919/AweCleaner-190424/4.0/Images/ACR-065/Screen Shot 2019-09-18 at 3.08.16 PM.png","190919/AweCleaner-190424/4.0/Images/ACR-065/About Page.png","190919/AweCleaner-190424/4.0/Images/ACR-065/Bottom of Landing Page.png","190919/AweCleaner-190424/4.0/Images/ACR-099/About Page.png","190919/AweCleaner-190424/4.0/Images/ACR-099/Bottom of Landing Page.png","190919/AweCleaner-190424/4.0/Images/ACR-099/Bottom of Internal Offers.png"],"guid":"043e8c55-bd95-40ff-9a01-5a5ba15ecb33_4.0_1","appID":"AweCleaner-190424","dateAdded":"241017","deceptorType":"MacOS App","name":"Awe Cleaner","company":"Magoshare","version":"4.0","sigName":"Deceptor:MacOS/AweCleaner!004","lastKnownStatus":"Deceptor:3.6,4.0,4.3,4.4;4.5;4.6;4.7;4.8;4.9;5.7","lastKnownDate":"241017","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2024-10-17T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":10,"sortOrder":486},{"violations":{"ACR-004":"The app does not provide free fixes for all free scans.\n"},"nonDeceptorViolations":{"ACR-065":"The app's install does not show links to the EULA, Returns and Cancellation Policy, or the Privacy Policy,\nThe app does not show links to the EULA, the Returns and Cancellation Policy, or the Privacy Policy.\nThe landing page does not show a link to the Returns and Cancellation Policy.\n","ACR-099":"The app does not show links to uninstall information.\nThe landing page does not show links to uninstall information.\nThe internal offers page does not show links to uninstall information.\n"},"samples":[{"isRevoked":"False","fileName":"AweCleaner","fileVersion":"0.","hashMD5":"641031d3303a4580c08b524c6a9df287","hashSHA1":"cd1102fcfa13d7405774f64f3a8bc332ea66032e","hashSHA256":"508e011f55855b5b36b348e657f491a55ecd81868876ebafcb8f44573b345993","sourceIndex":"2780","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"AweCleanerTrial.dmg","isInstaller":"True","fileVersion":"0.","hashMD5":"76b9a8e4587044c6520efd5027788ae9","hashSHA1":"b6bd1786ca1f6257bf6ea9e7d980eb76cc66738a","hashSHA256":"e3e61f258f7d12bcb4282309f58e21ec0440331930c1980753e802609f6042ca","sourceIndex":"2780","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Submission","reference":"Hazel 190422","landingPage":"https://www.magoshare.com/mac-cleaner/awecleaner-for-mac.html","directDownloadingLink":"https://www.magoshare.com/trial/awecleanertrial.zip","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.magoshare.com/trial/awecleanertrial.zip","sourceIndex":"2780"}],"sampleFiles":["190919/AweCleaner-190424/3.6/Samples/AweCleaner","190919/AweCleaner-190424/3.6/Samples/AweCleanerTrial.dmg"],"imageFiles":["190919/AweCleaner-190424/3.6/Images/ACR-004/AweCleaner Before Internal Offers.png","190919/AweCleaner-190424/3.6/Images/ACR-004/AweCleaner Enter License Code.png","190919/AweCleaner-190424/3.6/Images/ACR-004/AweCleaner Scan Results 2.png","190919/AweCleaner-190424/3.6/Images/ACR-004/AweCleaner Scan Results.png","190919/AweCleaner-190424/3.6/Images/ACR-004/AweCleaner Internal Offers.png"],"nonDeceptorImageFiles":["190919/AweCleaner-190424/3.6/Images/ACR-065/AweCleaner Install.png","190919/AweCleaner-190424/3.6/Images/ACR-065/AweCleaner About Page.png","190919/AweCleaner-190424/3.6/Images/ACR-065/AweCleaner Bottom of Landing Page.png","190919/AweCleaner-190424/3.6/Images/ACR-099/AweCleaner About Page.png","190919/AweCleaner-190424/3.6/Images/ACR-099/AweCleaner Bottom of Internal Offers.png","190919/AweCleaner-190424/3.6/Images/ACR-099/AweCleaner Bottom of Internal Offers.png"],"guid":"043e8c55-bd95-40ff-9a01-5a5ba15ecb33_3.6_1","appID":"AweCleaner-190424","dateAdded":"241017","deceptorType":"MacOS App","name":"Awe Cleaner","company":"Magoshare","version":"3.6","sigName":"Deceptor:MacOS/AweCleaner!004","lastKnownStatus":"Deceptor:3.6,4.0,4.3,4.4;4.5;4.6;4.7;4.8;4.9;5.7","lastKnownDate":"241017","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2024-10-17T00:00:00+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":10,"sortOrder":485},{"violations":{"ACR-004":"The app provides free scans but does not provide a fully functioning free trial with free fixes for results where the fixes are not anticipated to be permanent.\n"},"nonDeceptorViolations":{"ACR-065":"The app's install does not show links to the EULA, Terms of Service, Returns and Cancellation Policy, or Privacy Policy.\nThe app's about page does not contain links to the EULA, Returns and Cancellation Policy, or Privacy Policy.\nThe landing page does not contain links to the Returns and Cancellation Policy.\n","ACR-099":"The app does not show links to uninstall information.\nThe landing page does not show links to uninstall information.\nThe internal offers page does not show links to uninstall information.\n"},"samples":[{"isRevoked":"False","fileName":"AweCleanerTrial.dmg","isInstaller":"True","fileVersion":"0.","hashMD5":"3796de5fb76af69ee26dd3b5f432ae88","hashSHA1":"89eed57de89053985c6054816970c873b08cc198","hashSHA256":"1ccdfb70a9786867475293585fe3c8992623fe741ec1b4308fc0e1c4a1483e40","sourceIndex":"2540","avBlockList":["Avast Security for Mac (20211109)","Avira Security for Mac (20211109)","Bitdefender Antivirus for Mac (20211109)","ESET Cyber Security Pro for Mac (20211109)","G DATA AntiVirus for Mac (20211109)","K7 Antivirus for Mac (20211109)","McAfee Internet Security for Mac (20211109)","Norton Security for Mac (20211109)","Sophos Home Premium For Mac (20211109)","Trend Micro Antivirus for Mac (20211109)"],"avAllowList":["Kaspersky Internet Security for Mac (20211109)"]},{"isRevoked":"False","fileName":"AweCleaner","fileVersion":"0.","hashMD5":"a29d834ab1fa6110413e480cb0959e6f","hashSHA1":"7c99c14c1c8b4ebde7611c6d13598f494fa690ef","hashSHA256":"f90bc7b4318fc645d23b50a27b32b06e89b3243cfc8412fa9f29b2e1d55e4b06","sourceIndex":"2540","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Submission","reference":"Hazel 190422","landingPage":"https://www.magoshare.com/mac-cleaner/awecleaner-for-mac.html","directDownloadingLink":"https://www.magoshare.com/trial/AweCleanerTrial.dmg","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.magoshare.com/trial/AweCleanerTrial.dmg","sourceIndex":"2540"}],"sampleFiles":["200212/AweCleaner-190424/4.3/Samples/AweCleanerTrial.dmg","200212/AweCleaner-190424/4.3/Samples/AweCleaner"],"imageFiles":["200212/AweCleaner-190424/4.3/Images/ACR-004/AweCleaner ACR-004.gif"],"nonDeceptorImageFiles":["200212/AweCleaner-190424/4.3/Images/ACR-065/Screen Shot 2020-01-29 at 5.43.14 PM.png","200212/AweCleaner-190424/4.3/Images/ACR-065/Screen Shot 2020-01-29 at 5.43.02 PM.png","200212/AweCleaner-190424/4.3/Images/ACR-065/Screen Shot 2020-01-29 at 5.50.46 PM.png","200212/AweCleaner-190424/4.3/Images/ACR-099/Screen Shot 2020-01-29 at 5.43.02 PM.png","200212/AweCleaner-190424/4.3/Images/ACR-099/Screen Shot 2020-01-29 at 5.50.46 PM.png"],"guid":"043e8c55-bd95-40ff-9a01-5a5ba15ecb33_4.3_1","appID":"AweCleaner-190424","dateAdded":"241017","deceptorType":"MacOS App","name":"Awe Cleaner","company":"Magoshare","version":"4.3","sigName":"Deceptor:MacOS/AweCleaner!004","lastKnownStatus":"Deceptor:3.6,4.0,4.3,4.4;4.5;4.6;4.7;4.8;4.9;5.7","lastKnownDate":"241017","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2024-10-17T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":10,"sortOrder":484},{"violations":{"ACR-004":"The application provides free scan results without free fix and uses these results to upsell the consumer to a subscription service\n"},"nonDeceptorViolations":{"ACR-065":"The install does not display link to the EULA, Terms of Service, Returns and Cancellation Policy, or Privacy Policy.\nThe app does not display links to the EULA, Returns and Cancellation Policy, or Privacy Policy.\nThe landing page does not contain links to the Returns and Cancellation Policy.\nThe internal offer page does not display links to the Returns and Cancellation Policy.\n","ACR-099":"The app does not show links to uninstall information. \nThe landing page does not show links to uninstall information.\nThe internal offers page does not show links to uninstall information.\n"},"samples":[{"isRevoked":"False","fileName":"AweCleanerTrial.dmg","isInstaller":"True","fileVersion":"0.","hashMD5":"12e80cfce64d26c91419b73a6ea129f9","hashSHA1":"582363136a89228c8a4886e0d18452f71049c5bf","hashSHA256":"8bbf6fd20cda16f9d8d88aa48b98e9aaa914b61231949fadeaa1eafa13c2b977","sourceIndex":"2410","avBlockList":["Avast Security for Mac (20210413)","Avira Security for Mac (20210413)","Bitdefender Antivirus for Mac (20210413)","ESET Cyber Security Pro for Mac (20210413)","G DATA AntiVirus for Mac (20210413)","K7 Antivirus for Mac (20210413)","McAfee Internet Security for Mac (20210413)","Norton Security for Mac (20210413)","Sophos Home Premium For Mac (20210413)","Trend Micro Antivirus for Mac (20210413)"],"avAllowList":["Kaspersky Internet Security for Mac (20210413)"]},{"isRevoked":"False","fileName":"AweCleaner","fileVersion":"0.","hashMD5":"58da5b9b95e9d589e48305bc6101a775","hashSHA1":"bf257f53307b4952fc340542f0b5f5e8e5691dda","hashSHA256":"379eb1cc6d045730f7693cac08a886ddc79fc77a71f1137ec4f87a73fa7c4bd1","sourceIndex":"2410","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Google Search \"MacOs Cleaner\"","reference":"","landingPage":"https://www.magoshare.com/mac-cleaner/awecleaner-for-mac.html","directDownloadingLink":"https://www.magoshare.com/trial/AweCleanerTrial.dmg","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.magoshare.com/trial/AweCleanerTrial.dmg","sourceIndex":"2410"}],"sampleFiles":["200622/AweCleaner-190424/4.4/Samples/AweCleanerTrial.dmg","200622/AweCleaner-190424/4.4/Samples/AweCleaner"],"imageFiles":["200622/AweCleaner-190424/4.4/Images/ACR-004/AweCleaner_Interaction [3].png","200622/AweCleaner-190424/4.4/Images/ACR-004/AweCleaner_Interaction [4].png","200622/AweCleaner-190424/4.4/Images/ACR-004/AweCleaner_OfferPage [1].png","200622/AweCleaner-190424/4.4/Images/ACR-004/AweCleaner_OfferPage [2].png"],"nonDeceptorImageFiles":["200622/AweCleaner-190424/4.4/Images/ACR-065/AweCleaner_Install [1].png","200622/AweCleaner-190424/4.4/Images/ACR-065/AweCleaner_About [1].png","200622/AweCleaner-190424/4.4/Images/ACR-065/AweCleaner_LandingPage [1].png","200622/AweCleaner-190424/4.4/Images/ACR-065/AweCleaner_LandingPage [2].png","200622/AweCleaner-190424/4.4/Images/ACR-065/AweCleaner_OfferPage [1].png","200622/AweCleaner-190424/4.4/Images/ACR-065/AweCleaner_OfferPage [2].png","200622/AweCleaner-190424/4.4/Images/ACR-065/AweCleaner_OfferPage [4].png","200622/AweCleaner-190424/4.4/Images/ACR-099/AweCleaner_About [1].png","200622/AweCleaner-190424/4.4/Images/ACR-099/AweCleaner_LandingPage [1].png","200622/AweCleaner-190424/4.4/Images/ACR-099/AweCleaner_LandingPage [2].png","200622/AweCleaner-190424/4.4/Images/ACR-099/AweCleaner_OfferPage [1].png","200622/AweCleaner-190424/4.4/Images/ACR-099/AweCleaner_OfferPage [2].png","200622/AweCleaner-190424/4.4/Images/ACR-099/AweCleaner_OfferPage [4].png"],"guid":"043e8c55-bd95-40ff-9a01-5a5ba15ecb33_4.4_1","appID":"AweCleaner-190424","dateAdded":"241017","deceptorType":"MacOS App","name":"Awe Cleaner","company":"Magoshare","version":"4.4","lastKnownStatus":"Deceptor:3.6,4.0,4.3,4.4;4.5;4.6;4.7;4.8;4.9;5.7","lastKnownDate":"241017","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2024-10-17T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":10,"sortOrder":483},{"violations":{"ACR-109":"The app downloads \"rk_setup.exe\", a RelevantKnowledge file without the consumer's consent.\n","ACR-043":"Open source  'FFmpeg'  is installed without disclosure.\n","ACR-107":"The app doesn't disclose relevant license information about using the open-source project  'ffmpeg'.\n","ACR-048":"The \"Decline\" button does not have any control but still drops a RelevantKnowledge file “rk_setup.exe”. \nThe app does not provide an option to close the update prompt and cancel the startup of its own. \n","ACR-010":"The app bundler distributes the deceptor application. The offer in this bundler, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control.\n","ACR-084":"The app creates a startup entry without the user's knowledge and consent. \n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components along with a \"curl-ca-bundle.crt\" on the device without the consumer's consent or notifying the user.  \n","ACR-122":"The app displays a notification stating \"Update recommended\" which downloads the app and asks the user to install it by displaying the install prompt. This scenario is observed after uninstall and reboot. \n","ACR-057":"The app bundles the \"Relevant Knowledge\" offer which does not allow the consumer to decline the offer.\n","ACR-071":"The \"Relevant Knowledge\" offer cannot be declined independently as the installation is unable to proceed when attempting to decline the offer. Thus it forces the user to, only accept the offer and proceed with the installation. \n","ACR-014":"The app misleads users that they need to install an update but does not update anything when the update option is clicked.\n","ACR-059":"The Offer is not clearly marked as an offer. It is unclear who is recommending the offer.\n","ACR-155":"Offers are designed to look like part of the install workflow.\n"},"nonDeceptorViolations":{"ACR-106":"App offers deceptive application 'Relevant Knowledge market survey'. \n","ACR-092":"The app does not have a digital signature for the main executable: \"DailymotionDownloaderFree.exe\"\n","ACR-123":"The app does not remove its startup item even after uninstall.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\Dailymotion Downloader Free\\DailymotionDownloaderFree.exe","companyName":"","productName":"","productVersion":"1.0.0.0","fileVersion":"1.0.0.0","hashMD5":"7b4c1dd8d9455d190f00dbced769b5e3","hashSHA1":"cccd71b8c71698c2f1714960e38a93ed3a74b31f","hashSHA256":"12314fc5cc4c5c538280acb39bb28d182751a2c87b6a8f77f1f637306714f13a","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"510","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\Dailymotion Downloader Free\\goup.exe","companyName":"","productName":"","productVersion":"1.0.0.0","fileVersion":"1.0.0.0","hashMD5":"b58001b7a3d8a4d2947b632accc613a0","hashSHA1":"4265de99ff08ce7170724cf56b6e3d87f211290d","hashSHA256":"0f0d36ef8b4de954e930fe85dc4e48fd83d2a2785a5a59cab4b3469afcb47989","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"510","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"DailymotionDownloaderFree.exe","isInstaller":"True","companyName":"FreeAudioVideoSoftTech Inc.                                ","productName":"Dailymotion Downloader Free                                 ","productVersion":"                                                  ","fileVersion":"                    ","hashMD5":"5dde494307e224959b59bfad59a06ba8","hashSHA1":"06ffcd0c5132378b1c9ef5ef4a6c0a079b0cffdc","hashSHA256":"2dadfa3c84898b1e87dac3e1af7449249abb73723cc64847a0a2e084cc170317","digitalCertThumbprint":"347240ECC751AB91D4BA3282DC67ACC9A36D1128","digitalCertIssuer":"COMODO RSA Extended Validation Code Signing CA","digitalCertIssuedTo":"Beijing Qingruan Creative Information Technology Co. Ltd.","storeId":"","sourceIndex":"510","avBlockList":["360 Total Security (20250109)","Avast Premium Security (20250109)","AVG Internet Security (20250109)","Avira Internet Security (20250109)","Bitdefender Internet Security (20250109)","COMODO Antivirus (20250109)","Dr.Web Security Space (20250109)","ESET Internet Security (20250109)","G DATA INTERNET SECURITY (20250109)","K7 Total Security (20250109)","Kaspersky Internet Security (20220609)","Malwarebytes Premium (20250109)","McAfee Total Protection (20250109)","Norton Security (20250109)","Panda Dome (20250109)","Quick Heal Internet Security (20250109)","Sophos Home Premium (20250109)","SpyHunter5 (20250109)","Total AV Antivirus Pro (20250109)","VIPRE Advanced Security (20250109)","VirIT eXplorer PRO (20250109)","Webroot SecureAnywhere (20250109)","Windows Defender (20250109)","FortectPremium (20250109)","KasperskyPremium (20250109)"],"avAllowList":["Tencent PC Manager (20220609)","Trend Micro Internet Security (20250109)"]},{"isRevoked":"False","fileName":"DailymotionDownloaderFree_241017.exe","isInstaller":"True","companyName":"FreeAudioVideoSoftTech, Inc.                                ","fileVersion":"0.0","hashMD5":"93bf18c4e273ccce41b023c8855de867","hashSHA1":"b7fd03798966152832cda1573b6c3922c7cade19","hashSHA256":"df3586f40b21c870803d816ce9bc43014d5d8a9542d0907a47fa745a276a8aaf","sourceIndex":"510","avBlockList":["360 Total Security (20241231)","Avast Premium Security (20241231)","AVG Internet Security (20241231)","Avira Internet Security (20241231)","Bitdefender Internet Security (20241231)","COMODO Antivirus (20241231)","Dr.Web Security Space (20241231)","ESET Internet Security (20241231)","FortectPremium (20241231)","G DATA INTERNET SECURITY (20241231)","K7 Total Security (20241231)","KasperskyPremium (20241231)","Malwarebytes Premium (20241231)","McAfee Total Protection (20241231)","Norton Security (20241231)","Sophos Home Premium (20241231)","SpyHunter5 (20241231)","Total AV Antivirus Pro (20241231)","Trend Micro Internet Security (20241231)","VIPRE Advanced Security (20241231)","VirIT eXplorer PRO (20241231)","Webroot SecureAnywhere (20241231)","Windows Defender (20241231)"],"avAllowList":["Panda Dome (20241231)","Quick Heal Internet Security (20241231)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt on FreeAudioVideoSoftTech products","reference":"","landingPage":"https://www.freeaudiovideosoft.com/downloader-for-windows/free-dailymotion-downloader/","directDownloadingLink":"www.freeaudiovideosoft.com/files/DailymotionDownloaderFree.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"www.freeaudiovideosoft.com/files/DailymotionDownloaderFree.exe","sourceIndex":"510"}],"sampleFiles":["241017/dailymotiondownloaderfree-220606/8.8.2.4/Samples/DailymotionDownloaderFree.exe","241017/dailymotiondownloaderfree-220606/8.8.2.4/Samples/DailymotionDownloaderFree_241017.exe"],"imageFiles":["241017/dailymotiondownloaderfree-220606/8.8.2.4/Images/ACR-109/ACR-109_Install_Drops_Third_Party.JPG","241017/dailymotiondownloaderfree-220606/8.8.2.4/Images/ACR-043/ACR-043_Install.JPG","241017/dailymotiondownloaderfree-220606/8.8.2.4/Images/ACR-107/ACR-107_Install.JPG","241017/dailymotiondownloaderfree-220606/8.8.2.4/Images/ACR-048/ACR-048_Install_No_Control_To_Decline.JPG","241017/dailymotiondownloaderfree-220606/8.8.2.4/Images/ACR-010/ACR-010_Software_Bundles_Deceptor.JPG","241017/dailymotiondownloaderfree-220606/8.8.2.4/Images/ACR-084/ACR-084_Software.JPG","241017/dailymotiondownloaderfree-220606/8.8.2.4/Images/ACR-048/ACR-048_Software.JPG","241017/dailymotiondownloaderfree-220606/8.8.2.4/Images/ACR-048/ACR-048_Software_1.JPG","241017/dailymotiondownloaderfree-220606/8.8.2.4/Images/ACR-014/ACR-014_software.JPG","241017/dailymotiondownloaderfree-220606/8.8.2.4/Images/ACR-118/ACR-118_Uninstall.JPG","241017/dailymotiondownloaderfree-220606/8.8.2.4/Images/ACR-118/ACR-118_Uninstall_1.JPG","241017/dailymotiondownloaderfree-220606/8.8.2.4/Images/ACR-122/ACR-122_Uninstall.JPG","241017/dailymotiondownloaderfree-220606/8.8.2.4/Images/ACR-057/ACR-057_Bundler-MadeOffers.JPG","241017/dailymotiondownloaderfree-220606/8.8.2.4/Images/ACR-059/ACR-059_Bundler-MadeOffers.JPG","241017/dailymotiondownloaderfree-220606/8.8.2.4/Images/ACR-071/ACR-071_Bundler-MadeOffers.JPG","241017/dailymotiondownloaderfree-220606/8.8.2.4/Images/ACR-155/ACR-155_Bundler-MadeOffers.JPG"],"nonDeceptorImageFiles":["241017/dailymotiondownloaderfree-220606/8.8.2.4/Images/ACR-106/ACR-106_Software_Bundles_Deceptor.JPG","241017/dailymotiondownloaderfree-220606/8.8.2.4/Images/ACR-092/ACR-092_Software.JPG","241017/dailymotiondownloaderfree-220606/8.8.2.4/Images/ACR-123/ACR-123_Uninstall.JPG"],"guid":"b3f5e66b-5373-4e59-86a8-14de7f9dbc1f_8.8.2.4_1","appID":"dailymotiondownloaderfree-220606","dateAdded":"241017","deceptorType":"App","name":"Dailymotion Downloader Free","company":"FreeAudioVideoSoftTech, Inc.","version":"8.8.2.4","lastKnownStatus":"8.8.2.4","lastKnownDate":"241017","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2024-10-17T16:54:17.1641303+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":476},{"violations":{"ACR-004":"The app does not provide a fully functioning free trial. The app does not provide free fixes for the results identified during the free scan.\n"},"nonDeceptorViolations":{"ACR-045":"\"Free Trial\" highlights \"Free\" misleads user. The functionality that requires consumer payment in order to be activated needs to be marked clearly in landing page. Otherwise app should remove \"free\" word.\n","ACR-065":"The install does not display link to the EULA or Terms of Service, Returns and Cancellation Policy, or Privacy Policy.\nThe app does not display links to the EULA, Returns and Cancellation Policy, or Privacy Policy.\nThe landing page does not contain links to the Returns and Cancellation Policy.\nThe internal offer page does not display links to the Returns and Cancellation Policy.\n","ACR-161":"The landing page displays an unverifiable testimonial.\n","ACR-099":"The app does not show links to uninstall information. \nThe landing page does not show links to uninstall information.\nThe internal offers page does not show links to uninstall information.\n"},"samples":[{"isRevoked":"False","fileName":"AweCleaner","fileVersion":"0.","hashMD5":"a07a2877856216d447c6fc7972651fea","hashSHA1":"34edcb2ae39c317ed8af6fa6b299b3ebcb3ce176","hashSHA256":"51ca6b5aa58cf1c9300e0a3fb7a34a7c55df95e1b9d18b24fe6573360199e626","sourceIndex":"2139","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"AweCleanerTrial.dmg","isInstaller":"True","fileVersion":"0.","hashMD5":"836fce9e9b7e26190854102c12b27786","hashSHA1":"3406be37d8e17972d9d856d437636d27723b916a","hashSHA256":"5bf9098ee852d8fe4df136e8428694356165e2f34fdcd3ef267ba695a0570fce","sourceIndex":"2139","avBlockList":["Avast Security for Mac (20210810)","Avira Security for Mac (20200811)","Bitdefender Antivirus for Mac (20210810)","ESET Cyber Security Pro for Mac (20210810)","G DATA AntiVirus for Mac (20210810)","K7 Antivirus for Mac (20210810)","McAfee Internet Security for Mac (20210810)","Norton Security for Mac (20210810)","Sophos Home Premium For Mac (20210810)","Trend Micro Antivirus for Mac (20210810)"],"avAllowList":["Kaspersky Internet Security for Mac (20210810)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Submission","reference":"","landingPage":"https://www.magoshare.com/mac-cleaner/awecleaner-for-mac.html","directDownloadingLink":"https://www.magoshare.com/trial/AweCleanerTrial.dmg","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.magoshare.com/trial/AweCleanerTrial.dmg","sourceIndex":"2139"}],"sampleFiles":["200806/AweCleaner-190424/4.5/Samples/AweCleaner","200806/AweCleaner-190424/4.5/Samples/AweCleanerTrial.dmg"],"imageFiles":["200806/AweCleaner-190424/4.5/Images/ACR-004/AweCleaner_Interaction [1].png","200806/AweCleaner-190424/4.5/Images/ACR-004/AweCleaner_Interaction [2] ScanResults.png","200806/AweCleaner-190424/4.5/Images/ACR-004/AweCleaner_Interaction [3] ScanResults.png","200806/AweCleaner-190424/4.5/Images/ACR-004/AweCleaner_Interaction [4] ScanResults.png","200806/AweCleaner-190424/4.5/Images/ACR-004/AweCleaner_Interaction [5] PurchaseNow.png","200806/AweCleaner-190424/4.5/Images/ACR-004/AweCleaner_OfferPage [3].png","200806/AweCleaner-190424/4.5/Images/ACR-004/AweCleaner_OfferPage [2].png"],"nonDeceptorImageFiles":["200806/AweCleaner-190424/4.5/Images/ACR-045/AweCleaner_LandingPage [3].png","200806/AweCleaner-190424/4.5/Images/ACR-065/AweCleaner_Install [1].png","200806/AweCleaner-190424/4.5/Images/ACR-065/AweCleaner_About [1].png","200806/AweCleaner-190424/4.5/Images/ACR-065/AweCleaner_LandingPage [1].png","200806/AweCleaner-190424/4.5/Images/ACR-065/AweCleaner_OfferPage [1].png","200806/AweCleaner-190424/4.5/Images/ACR-065/AweCleaner_OfferPage [2].png","200806/AweCleaner-190424/4.5/Images/ACR-065/AweCleaner_OfferPage [3].png","200806/AweCleaner-190424/4.5/Images/ACR-161/AweCleaner_LandingPage_Testimonials [1].png","200806/AweCleaner-190424/4.5/Images/ACR-099/AweCleaner_About [1].png","200806/AweCleaner-190424/4.5/Images/ACR-099/AweCleaner_Interaction [1].png","200806/AweCleaner-190424/4.5/Images/ACR-099/AweCleaner_LandingPage [1].png","200806/AweCleaner-190424/4.5/Images/ACR-099/AweCleaner_LandingPage [2].png","200806/AweCleaner-190424/4.5/Images/ACR-099/AweCleaner_OfferPage [1].png","200806/AweCleaner-190424/4.5/Images/ACR-099/AweCleaner_OfferPage [2].png","200806/AweCleaner-190424/4.5/Images/ACR-099/AweCleaner_OfferPage [3].png"],"guid":"043e8c55-bd95-40ff-9a01-5a5ba15ecb33_4.5_1","appID":"AweCleaner-190424","dateAdded":"241017","deceptorType":"MacOS App","name":"Awe Cleaner","company":"Magoshare","version":"4.5","lastKnownStatus":"Deceptor:3.6,4.0,4.3,4.4;4.5;4.6;4.7;4.8;4.9;5.7","lastKnownDate":"241017","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2024-10-17T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":10,"sortOrder":482},{"violations":{"ACR-004":"The app does not provide a fully functioning free trial. The app does not provide free fixes for the results identified during the free scan.\n"},"nonDeceptorViolations":{"ACR-045":"\"Free Trial\" highlights \"Free\" misleads user. The functionality that requires consumer payment in order to be activated needs to be marked clearly in landing page. Otherwise app should remove \"free\" word.\n","ACR-065":"The install does not display link to the EULA or Terms of Service, Returns and Cancellation Policy, or Privacy Policy.\nThe app's About page does not display links to the EULA, Returns and Cancellation Policy, or Privacy Policy.\nThe landing page does not contain links to the Returns and Cancellation Policy.\nThe internal offer page does not display links to the Returns and Cancellation Policy.\n","ACR-161":"The landing page displays an unverifiable testimonial.\n","ACR-099":"The app does not show links to uninstall information. \nThe landing page does not show links to uninstall information.\nThe internal offers page does not show links to uninstall information.\n","ACR-166":"The app needs to disclose the license period to the consumer in the internal offers.\n"},"samples":[{"isRevoked":"False","fileName":"AweCleaner","fileVersion":"0.","hashMD5":"eeba814a889630c6b256e65e756ceb78","hashSHA1":"a04c19b050ed243cb4c93b8925afbfea133cc57e","hashSHA256":"062814124e120fa3c81fe567ff972244cc9958309cd942fb58da9f75d38d67a8","sourceIndex":"2114","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"AweCleanerTrial.dmg","isInstaller":"True","fileVersion":"0.","hashMD5":"6120650d4339c7a2bd0358a52ebaad9c","hashSHA1":"59cd5d35cc4c26d49b6cf68d8eeed6dff546ba27","hashSHA256":"be4ac3bd958979231481eb64ccb935600f538c5a00d7253067b131f5dd671787","sourceIndex":"2114","avBlockList":["Avast Security for Mac (20210608)","Avira Security for Mac (20210608)","Bitdefender Antivirus for Mac (20210608)","ESET Cyber Security Pro for Mac (20210608)","K7 Antivirus for Mac (20210608)","McAfee Internet Security for Mac (20210608)","Norton Security for Mac (20210608)","Sophos Home Premium For Mac (20210608)","Trend Micro Antivirus for Mac (20210608)"],"avAllowList":["G DATA AntiVirus for Mac (20210608)","Kaspersky Internet Security for Mac (20210608)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Submission","reference":"","landingPage":"https://www.magoshare.com/mac-cleaner/awecleaner-for-mac.html","directDownloadingLink":"https://www.magoshare.com/trial/AweCleanerTrial.dmg","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.magoshare.com/trial/AweCleanerTrial.dmg","sourceIndex":"2114"}],"sampleFiles":["200915/AweCleaner-190424/4.6/Samples/AweCleaner","200915/AweCleaner-190424/4.6/Samples/AweCleanerTrial.dmg"],"imageFiles":["200915/AweCleaner-190424/4.6/Images/ACR-004/AweCleaner_Interaction [1].png","200915/AweCleaner-190424/4.6/Images/ACR-004/AweCleaner_Interaction [2] ScanResult.png","200915/AweCleaner-190424/4.6/Images/ACR-004/AweCleaner_Interaction [3] Activate.png","200915/AweCleaner-190424/4.6/Images/ACR-004/AweCleaner_OfferPage [4].png","200915/AweCleaner-190424/4.6/Images/ACR-004/AweCleaner_OfferPage [2].png"],"nonDeceptorImageFiles":["200915/AweCleaner-190424/4.6/Images/ACR-045/AweCleaner_LandingPage [2] FreeTrial.png","200915/AweCleaner-190424/4.6/Images/ACR-065/AweCleaner_Install [1].png","200915/AweCleaner-190424/4.6/Images/ACR-065/AweCleaner_About [1].png","200915/AweCleaner-190424/4.6/Images/ACR-065/AweCleaner_LandingPage [1].jpg","200915/AweCleaner-190424/4.6/Images/ACR-065/AweCleaner_OfferPage [1].png","200915/AweCleaner-190424/4.6/Images/ACR-065/AweCleaner_OfferPage [2].png","200915/AweCleaner-190424/4.6/Images/ACR-065/AweCleaner_OfferPage [3].png","200915/AweCleaner-190424/4.6/Images/ACR-161/AweCleaner_LandingPage [3] Testimonials.png","200915/AweCleaner-190424/4.6/Images/ACR-099/AweCleaner_About [1].png","200915/AweCleaner-190424/4.6/Images/ACR-099/AweCleaner_LandingPage [1].jpg","200915/AweCleaner-190424/4.6/Images/ACR-099/AweCleaner_OfferPage [1].png","200915/AweCleaner-190424/4.6/Images/ACR-099/AweCleaner_OfferPage [2].png","200915/AweCleaner-190424/4.6/Images/ACR-099/AweCleaner_OfferPage [3].png","200915/AweCleaner-190424/4.6/Images/ACR-099/AweCleaner_OfferPage [4].png","200915/AweCleaner-190424/4.6/Images/ACR-166/AweCleaner_OfferPage [2].png"],"guid":"043e8c55-bd95-40ff-9a01-5a5ba15ecb33_4.6_1","appID":"AweCleaner-190424","dateAdded":"241017","deceptorType":"MacOS App","name":"Awe Cleaner","company":"Magoshare","version":"4.6","lastKnownStatus":"Deceptor:3.6,4.0,4.3,4.4;4.5;4.6;4.7;4.8;4.9;5.7","lastKnownDate":"241017","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,paid","lastUpdate":"2024-10-17T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":10,"sortOrder":481},{"violations":{"ACR-004":"The app does not provide a fully functioning free trial. The app does not provide free fixes for the results identified during the free scan.\n"},"nonDeceptorViolations":{"ACR-045":"\"Free Trial\" highlights \"Free\" misleads user. The functionality that requires consumer payment in order to be activated needs to be marked clearly in landing page. Otherwise app should remove \"free\" word.\n","ACR-065":"The install does not display link to the EULA or Terms of Service, Returns and Cancellation Policy, or Privacy Policy.\nThe app's About page does not display links to the EULA and/or Terms of Service, Returns and Cancellation Policy, or Privacy Policy.\nThe landing page does not contain links to the Returns and Cancellation Policy.\nThe internal offer page does not display links to the Returns and Cancellation Policy.\n","ACR-161":"The landing page displays an unverifiable testimonial.\n","ACR-099":"The app does not show links to uninstall information. \nThe landing page does not show links to uninstall information.\nThe internal offers page does not show links to uninstall information.\n","ACR-166":"The app needs to disclose the license period to the consumer in the internal offers.\n"},"samples":[{"isRevoked":"False","fileName":"AweCleaner","fileVersion":"0.","hashMD5":"8b93727055d050041bb76f35e08719c7","hashSHA1":"24cb415aeb096c330d5e2fdb55da701d0acfad42","hashSHA256":"1ed13abbd3fd90ade08ba9ac88035b5540a2a3b5a5be98222be8f39698ec1801","sourceIndex":"2069","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"AweCleanerTrial.dmg","isInstaller":"True","fileVersion":"0.","hashMD5":"0f90c501d0f3a41a9b57b3daad1b836c","hashSHA1":"a3519d9091ae635e113dcaf6f24dc17a5ce66bc5","hashSHA256":"0e0f55796698706af24382840ccc1629d54bcb6dd0a271b44bda6ca4fbc36d0d","sourceIndex":"2069","avBlockList":["Avast Security for Mac (20210713)","Avira Security for Mac (20210713)","Bitdefender Antivirus for Mac (20210713)","ESET Cyber Security Pro for Mac (20210713)","G DATA AntiVirus for Mac (20210713)","K7 Antivirus for Mac (20210713)","Norton Security for Mac (20210713)","Sophos Home Premium For Mac (20210713)","Trend Micro Antivirus for Mac (20210713)"],"avAllowList":["Kaspersky Internet Security for Mac (20210713)","McAfee Internet Security for Mac (20210713)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Submission","reference":"Hazel 190422","landingPage":"https://www.magoshare.com/mac-cleaner/awecleaner-for-mac.html","directDownloadingLink":"https://www.magoshare.com/trial/AweCleanerTrial.dmg","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.magoshare.com/trial/AweCleanerTrial.dmg","sourceIndex":"2069"}],"sampleFiles":["201026/AweCleaner-190424/4.7/Samples/AweCleaner","201026/AweCleaner-190424/4.7/Samples/AweCleanerTrial.dmg"],"imageFiles":["201026/AweCleaner-190424/4.7/Images/ACR-004/AweCleaner_Interactions [1].png","201026/AweCleaner-190424/4.7/Images/ACR-004/AweCleaner_Interactions [2] ScanResults.png","201026/AweCleaner-190424/4.7/Images/ACR-004/AweCleaner_Interactions [3]Activate.png","201026/AweCleaner-190424/4.7/Images/ACR-004/AweCleaner_OfferPage [3].png","201026/AweCleaner-190424/4.7/Images/ACR-004/AweCleaner_OfferPage [4].png"],"nonDeceptorImageFiles":["201026/AweCleaner-190424/4.7/Images/ACR-045/AweCleaner_LandingPage [2].jpg","201026/AweCleaner-190424/4.7/Images/ACR-065/AweCleaner_Installs [1].png","201026/AweCleaner-190424/4.7/Images/ACR-065/AweCleaner_Interactions [1].png","201026/AweCleaner-190424/4.7/Images/ACR-065/AweCleaner_LandingPage [2].jpg","201026/AweCleaner-190424/4.7/Images/ACR-065/AweCleaner_OfferPage [1].png","201026/AweCleaner-190424/4.7/Images/ACR-065/AweCleaner_OfferPage [2].png","201026/AweCleaner-190424/4.7/Images/ACR-065/AweCleaner_OfferPage [3].png","201026/AweCleaner-190424/4.7/Images/ACR-065/AweCleaner_OfferPage [4].png","201026/AweCleaner-190424/4.7/Images/ACR-161/AweCleaner_LandingPage [1] Testimonials.png","201026/AweCleaner-190424/4.7/Images/ACR-099/AweCleaner_About [1].png","201026/AweCleaner-190424/4.7/Images/ACR-099/AweCleaner_LandingPage [2].jpg","201026/AweCleaner-190424/4.7/Images/ACR-099/AweCleaner_OfferPage [1].png","201026/AweCleaner-190424/4.7/Images/ACR-099/AweCleaner_OfferPage [2].png","201026/AweCleaner-190424/4.7/Images/ACR-099/AweCleaner_OfferPage [3].png","201026/AweCleaner-190424/4.7/Images/ACR-099/AweCleaner_OfferPage [4].png","201026/AweCleaner-190424/4.7/Images/ACR-166/AweCleaner_OfferPage [4].png"],"guid":"043e8c55-bd95-40ff-9a01-5a5ba15ecb33_4.7_1","appID":"AweCleaner-190424","dateAdded":"241017","deceptorType":"MacOS App","name":"Awe Cleaner","company":"Magoshare","version":"4.7","sigName":"Deceptor:MacOS/AweCleaner!004","lastKnownStatus":"Deceptor:3.6,4.0,4.3,4.4;4.5;4.6;4.7;4.8;4.9;5.7","lastKnownDate":"241017","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,paid","lastUpdate":"2024-10-17T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":10,"sortOrder":480},{"violations":{"ACR-004":"The app does not provide a fully functioning free trial. The app does not provide free fixes for the results identified during the free scan.\n"},"nonDeceptorViolations":{"ACR-045":"\"Free Trial\" highlights \"Free\" misleads user. The functionality that requires consumer payment in order to be activated needs to be marked clearly in landing page. Otherwise app should remove \"free\" word.\n","ACR-065":"The install does not display link to the EULA or Terms of Service, Returns and Cancellation Policy, or Privacy Policy.\nThe app's About page does not display links to the EULA and/or Terms of Service, Returns and Cancellation Policy, or Privacy Policy.\nThe landing page does not contain links to the Returns and Cancellation Policy.\nThe internal offer page does not display links to the Returns and Cancellation Policy.\n","ACR-161":"The app’s landing page has testimonials that have no links back to a source so consumers can verify if they're real.\n","ACR-099":"The app does not show links to uninstall information. \nThe landing page does not show links to uninstall information.\nThe internal offers page does not show links to uninstall information.\n"},"samples":[{"isRevoked":"False","fileName":"AweCleaner","fileVersion":"0.","hashMD5":"6706fc6dac5deeef99961964232c7762","hashSHA1":"fcb9515cd74fd37a9909642bbd9497427fba0e79","hashSHA256":"1203cac4ca82a7e77f0d7bc96e99eac81bd3f6470415c9d6f04b014a953f00f6","sourceIndex":"2024","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"AweCleanerTrial.dmg","isInstaller":"True","fileVersion":"0.","hashMD5":"83142dd42e047d4b4b2d6ebb6e5540bb","hashSHA1":"4456460469fd2d40385d87bdaaccf939f4489c9c","hashSHA256":"fd25aafb5656ee13a5b6d81b6e58dbc99a922dcefa9340ef6bbd283170d4e369","sourceIndex":"2024","avBlockList":["Avast Security for Mac (20210914)","Avira Security for Mac (20210914)","Bitdefender Antivirus for Mac (20210914)","ESET Cyber Security Pro for Mac (20210914)","G DATA AntiVirus for Mac (20210914)","K7 Antivirus for Mac (20210914)","Norton Security for Mac (20210914)","Sophos Home Premium For Mac (20210914)","Trend Micro Antivirus for Mac (20210914)"],"avAllowList":["Kaspersky Internet Security for Mac (20210914)","McAfee Internet Security for Mac (20210914)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Submission","reference":"","landingPage":"https://www.magoshare.com/mac-cleaner/awecleaner-for-mac.html","directDownloadingLink":"https://www.magoshare.com/trial/AweCleanerTrial.dmg","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.magoshare.com/trial/AweCleanerTrial.dmg","sourceIndex":"2024"}],"sampleFiles":["201222/AweCleaner-190424/4.8/Samples/AweCleaner","201222/AweCleaner-190424/4.8/Samples/AweCleanerTrial.dmg"],"imageFiles":["201222/AweCleaner-190424/4.8/Images/ACR-004/AweCleaner_Interactions [1].png","201222/AweCleaner-190424/4.8/Images/ACR-004/AweCleaner_Interactions [2].png","201222/AweCleaner-190424/4.8/Images/ACR-004/AweCleaner_Interactions [3].png"],"nonDeceptorImageFiles":["201222/AweCleaner-190424/4.8/Images/ACR-045/AweCleaner_LandingPage[1].jpg","201222/AweCleaner-190424/4.8/Images/ACR-065/AweCleaner_Install [1].png","201222/AweCleaner-190424/4.8/Images/ACR-065/AweCleaner_About [1].png","201222/AweCleaner-190424/4.8/Images/ACR-065/AweCleaner_LandingPage[1].jpg","201222/AweCleaner-190424/4.8/Images/ACR-065/AweCleaner_OfferPage [1].png","201222/AweCleaner-190424/4.8/Images/ACR-161/AweCleaner_LandingPage [3] Testimonials.png","201222/AweCleaner-190424/4.8/Images/ACR-099/AweCleaner_About [1].png","201222/AweCleaner-190424/4.8/Images/ACR-099/AweCleaner_LandingPage[1].jpg","201222/AweCleaner-190424/4.8/Images/ACR-099/AweCleaner_OfferPage [1].png"],"guid":"043e8c55-bd95-40ff-9a01-5a5ba15ecb33_4.8_1","appID":"AweCleaner-190424","dateAdded":"241017","deceptorType":"MacOS App","name":"Awe Cleaner","company":"Magoshare","version":"4.8","lastKnownStatus":"Deceptor:3.6,4.0,4.3,4.4;4.5;4.6;4.7;4.8;4.9;5.7","lastKnownDate":"241017","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,paid","lastUpdate":"2024-10-17T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":10,"sortOrder":479},{"violations":{"ACR-004":"The app does not provide a fully functioning free trial. The app does not provide free fixes for the results identified during the free scan.\n"},"nonDeceptorViolations":{"ACR-045":"\"Free Trial\" highlights \"Free\" misleads user. The functionality that requires consumer payment in order to be activated needs to be marked clearly in landing page. Otherwise app should remove \"free\" word.\n","ACR-065":"The install does not display link to the EULA or Terms of Service, Returns and Cancellation Policy, or Privacy Policy.\nThe app's About page does not display links to the EULA and/or Terms of Service, Returns and Cancellation Policy, or Privacy Policy.\nThe landing page does not contain links to the Returns and Cancellation Policy.\nThe internal offer page does not display links to the Returns and Cancellation Policy.\n","ACR-161":"The app’s landing page has testimonials that have no links back to a source so consumers can verify if they're real.\n","ACR-099":"The app does not show links to uninstall information. \nThe landing page does not show links to uninstall information.\nThe internal offers page does not show links to uninstall information.\n"},"samples":[{"isRevoked":"False","fileName":"AweCleaner","fileVersion":"0.","hashMD5":"d4b1efa6fa7946c0597b6e26c73e8b36","hashSHA1":"c5a04383dd515d987157b2154e49c4a1d76255e1","hashSHA256":"55c2c42ecdd67df5054864600d0583e4039a1edddb08af8423702a0b9d170e81","sourceIndex":"1925","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"AweCleanerTrial.dmg","isInstaller":"True","fileVersion":"0.","hashMD5":"5875428e8ebd0deaed0c4710e62b7d1f","hashSHA1":"4b465ae4f9bffd0926ce1ea307d55ac365e65feb","hashSHA256":"64bcdef45bc489e1f2677dd3aa256da775b5393134a48083fdff251712827bbd","sourceIndex":"1925","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Submission","reference":"https://www.magoshare.com/download/","landingPage":"https://www.magoshare.com/mac-cleaner/awecleaner-for-mac.html","directDownloadingLink":"https://www.magoshare.com/trial/AweCleanerTrial.dmg","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.magoshare.com/trial/AweCleanerTrial.dmg","sourceIndex":"1925"}],"sampleFiles":["210517/AweCleaner-190424/4.9/Samples/AweCleaner","210517/AweCleaner-190424/4.9/Samples/AweCleanerTrial.dmg"],"imageFiles":["210517/AweCleaner-190424/4.9/Images/ACR-004/AweCleaner_Interactions [1].png","210517/AweCleaner-190424/4.9/Images/ACR-004/AweCleaner_Interactions [2].png","210517/AweCleaner-190424/4.9/Images/ACR-004/AweCleaner_Interactions [3].png"],"nonDeceptorImageFiles":["210517/AweCleaner-190424/4.9/Images/ACR-045/AweCleaner_LandingPage [4].png","210517/AweCleaner-190424/4.9/Images/ACR-045/AweCleaner_LandingPage [5].png","210517/AweCleaner-190424/4.9/Images/ACR-065/AweCleaner_Install [1].png","210517/AweCleaner-190424/4.9/Images/ACR-065/AweCleaner_About [1].png","210517/AweCleaner-190424/4.9/Images/ACR-065/AweCleaner_LandingPage [1].png","210517/AweCleaner-190424/4.9/Images/ACR-065/AweCleaner_OfferPage [1].png","210517/AweCleaner-190424/4.9/Images/ACR-161/AweCleaner_LandingPage [2].png","210517/AweCleaner-190424/4.9/Images/ACR-099/AweCleaner_About [1].png","210517/AweCleaner-190424/4.9/Images/ACR-099/AweCleaner_LandingPage [1].png","210517/AweCleaner-190424/4.9/Images/ACR-099/AweCleaner_OfferPage [1].png"],"guid":"043e8c55-bd95-40ff-9a01-5a5ba15ecb33_4.9_1","appID":"AweCleaner-190424","dateAdded":"241017","deceptorType":"MacOS App","name":"Awe Cleaner","company":"Magoshare","version":"4.9","sigName":"Deceptor:MacOS/AweCleaner!004","lastKnownStatus":"Deceptor:3.6,4.0,4.3,4.4;4.5;4.6;4.7;4.8;4.9;5.7","lastKnownDate":"241017","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,paid","lastUpdate":"2024-10-17T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":10,"sortOrder":478},{"violations":{"ACR-004":"The app does not provide a fully functioning free trial. The app does not provide free fixes for the results identified during the free scan.\n"},"nonDeceptorViolations":{"ACR-045":"\"Free Trial\" highlights \"Free\" misleads user. The functionality that requires consumer payment in order to be activated needs to be marked clearly in landing page. Otherwise app should remove \"free\" word.\n","ACR-065":"The install does not display link to the EULA or Terms of Service, Returns and Cancellation Policy, or Privacy Policy.\nThe app's About page does not display links to the EULA and/or Terms of Service, Returns and Cancellation Policy, or Privacy Policy.\n","ACR-161":"The app’s landing page has testimonials that have no links back to a source so consumers can verify if they're real.\n","ACR-099":"The app does not show links to uninstall information. \nThe landing page does not show links to uninstall information.\nThe internal offers page does not show links to uninstall information.\n"},"samples":[{"isRevoked":"False","fileName":"AweCleanerTrial.dmg","isInstaller":"True","fileVersion":"0.","hashMD5":"9157fd823edb0ebf3961f85acbed38e3","hashSHA1":"fcfa551e0f1e0b76fdbbe572ffdca6fd27f5d7a2","hashSHA256":"7317a9a1c6ab64931316f0098f6f0ddde91bcb6652573792cee539c5b6071b60","sourceIndex":"509","avBlockList":["Avast Security for Mac (20250114)","Avira Security for Mac (20250114)","ESET Cyber Security Pro for Mac (20250114)","Norton Security for Mac (20250114)","Sophos Home Premium For Mac (20250114)","SpyHunterforMac (20250114)","Trend Micro Antivirus for Mac (20250114)"],"avAllowList":["Bitdefender Antivirus for Mac (20250114)","G DATA AntiVirus for Mac (20250114)","K7 Antivirus for Mac (20250114)","Kaspersky Internet Security for Mac (20250114)","McAfee Internet Security for Mac (20250114)"]},{"isRevoked":"False","fileName":"AweCleaner","fileVersion":"0.","hashMD5":"dc39a1b5bcef361bcf99033789cd64b6","hashSHA1":"496eda2547db376ac59005f37397baa3e9f3225d","hashSHA256":"33e2327d76279d508ed9fe90d8cf5fc1ff7e856720e0c0f55dd09e00829e6696","sourceIndex":"509","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Submission","reference":"","landingPage":"https://www.magoshare.com/mac-cleaner/awecleaner-for-mac.html","directDownloadingLink":"https://www.magoshare.com/trial/AweCleanerTrial.dmg","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.magoshare.com/trial/AweCleanerTrial.dmg","sourceIndex":"509"}],"sampleFiles":["241017/AweCleaner-190424/5.7/Samples/AweCleanerTrial.dmg","241017/AweCleaner-190424/5.7/Samples/AweCleaner"],"imageFiles":["241017/AweCleaner-190424/5.7/Images/ACR-004/App11.png"],"nonDeceptorImageFiles":["241017/AweCleaner-190424/5.7/Images/ACR-045/landingpage1.png","241017/AweCleaner-190424/5.7/Images/ACR-065/install.png","241017/AweCleaner-190424/5.7/Images/ACR-065/App10.png","241017/AweCleaner-190424/5.7/Images/ACR-161/landingpage2.png","241017/AweCleaner-190424/5.7/Images/ACR-099/App10.png","241017/AweCleaner-190424/5.7/Images/ACR-099/landingpage3.png","241017/AweCleaner-190424/5.7/Images/ACR-099/offerpage1.png"],"guid":"043e8c55-bd95-40ff-9a01-5a5ba15ecb33_5.7_1","appID":"AweCleaner-190424","dateAdded":"241017","deceptorType":"MacOS App","name":"Awe Cleaner","company":"Magoshare","version":"5.7","lastKnownStatus":"Deceptor:3.6,4.0,4.3,4.4;4.5;4.6;4.7;4.8;4.9;5.7","lastKnownDate":"241017","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,paid","lastUpdate":"2026-05-12T22:59:49.2066444+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":10,"sortOrder":477},{"violations":{"ACR-109":"The app downloads \"spt_setup.exe\", a RelevantKnowledge file without the consumer's consent.\n","ACR-048":"The \"Decline\" button does not have any control, upon clicking, drops a RelevantKnowledge file “spt_setup.exe” regardless.\n","ACR-010":"The app distributes deceptor application. The offer in this app, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control. \n","ACR-118":"Upon uninstallation, it leaves its other components along with a \"curl-ca-bundle.crt\" on the device without user's knowledge.\n","ACR-057":"The app bundles the \"Relevant Knowledge\" offer which does not allow the consumer to decline the offer. \n","ACR-071":"It attempts to force the acceptance of \"Relevant Knowledge\" by graying out the Next button when the user choose to Decline. Thus, forcing the user to only accept the offer and proceed with the installation.\n","ACR-059":"Offer not clearly marked as an offer. Instead, it is presented as a component of the carrier.\n","ACR-155":"Offers are designed to look like part of the install workflow. \n"},"nonDeceptorViolations":{"ACR-065":"Carrier app has no EULA screen. The first offer's (Relevant Knowledge) EULA misleads consumers into thinking it is the EULA for the carrier app.\n","ACR-106":"App offers deceptive application 'Relevant Knowledge market survey'. \n","ACR-092":" The main executable is not digitally signed. \n"},"samples":[{"isRevoked":"False","fileName":"absee_setup.exe","isInstaller":"True","companyName":"zxt2007.com                                                 ","productName":"ABsee Free Image Viewer             ","fileVersion":"4.0.2","hashMD5":"b80e719fc15915967b24722cfe118b62","hashSHA1":"f59fe47ba8c59d66de6e0b8178e88f602e3261d2","hashSHA256":"5eb9a132ef6866f5a2f2e6c00a08c4fd7638a20da8a7337a4dd1ee6a4bb38cfe","digitalCertThumbprint":"CB63529ED0F5FA356EB2801B5FAA196C97760C72","digitalCertIssuer":"CN=DigiCert EV Code Signing CA (SHA2), OU=www.digicert.com, O=DigiCert Inc, C=US","digitalCertIssuedTo":"CN=潍坊金网信息科技有限公司, O=潍坊金网信息科技有限公司, L=潍坊市, S=山东省, C=CN, SERIALNUMBER=91370700745698896P, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.1=潍坊高新技术产业开发区, OID.1.3.6.1.4.1.311.60.2.1.2=山东省, OID.1.3.6.1.4.1.311.60.2.1.3=CN","sourceIndex":"511","avBlockList":["360 Total Security (20241231)","Avast Premium Security (20241231)","AVG Internet Security (20241231)","Avira Internet Security (20241231)","Bitdefender Internet Security (20241231)","COMODO Antivirus (20241231)","Dr.Web Security Space (20241231)","ESET Internet Security (20241231)","G DATA INTERNET SECURITY (20241231)","K7 Total Security (20241231)","Kaspersky Internet Security (20220609)","Malwarebytes Premium (20241231)","McAfee Total Protection (20241231)","Norton Security (20241231)","Panda Dome (20241231)","Sophos Home Premium (20241231)","SpyHunter5 (20241231)","Total AV Antivirus Pro (20241231)","VIPRE Advanced Security (20241231)","VirIT eXplorer PRO (20241231)","Webroot SecureAnywhere (20241231)","Windows Defender (20241231)","FortectPremium (20241231)","KasperskyPremium (20241231)"],"avAllowList":["Quick Heal Internet Security (20241231)","Tencent PC Manager (20220609)","Trend Micro Internet Security (20241231)"]},{"isRevoked":"False","fileName":"ABseeViewer.exe","companyName":"zxt2007.com","productName":"ABsee Free Image Viewer","fileVersion":"4.0","hashMD5":"26df6c94f376371cf0c7ad2a5139c960","hashSHA1":"cd32a1183436267b18704076f0d1474665e5adfb","hashSHA256":"72cc62d76f8a7dd2d0239832061be41a99d46fcc574dc6da5ba55e98a978952a","sourceIndex":"511","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"absee_setup_241017.exe","isInstaller":"True","companyName":"zxt2007.com                                                 ","fileVersion":"4.0","hashMD5":"9b682493c81b7b9f2da78c077a58a819","hashSHA1":"fa992630e3a8ca351587084a8acf126bb8fb9fd8","hashSHA256":"95f31e207cdd9e04775a44817f1dd2ba2ea3391af398f6a5b7c242b1d68b6ac0","digitalCertThumbprint":"712DF3A60A8F334303B1E517176B87B88C7C25D5","digitalCertIssuer":"CN=Sectigo Public Code Signing CA R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=张晓彤, O=张晓彤, S=山东省, C=CN","sourceIndex":"511","avBlockList":["360 Total Security (20250102)","Avast Premium Security (20250102)","AVG Internet Security (20250102)","Avira Internet Security (20250102)","Bitdefender Internet Security (20250102)","COMODO Antivirus (20250102)","Dr.Web Security Space (20250102)","ESET Internet Security (20250102)","FortectPremium (20250102)","G DATA INTERNET SECURITY (20250102)","K7 Total Security (20250102)","KasperskyPremium (20250102)","Malwarebytes Premium (20250102)","McAfee Total Protection (20250102)","Norton Security (20250102)","Panda Dome (20250102)","Quick Heal Internet Security (20250102)","Sophos Home Premium (20250102)","SpyHunter5 (20250102)","Total AV Antivirus Pro (20250102)","Trend Micro Internet Security (20250102)","VIPRE Advanced Security (20250102)","VirIT eXplorer PRO (20250102)","Webroot SecureAnywhere (20250102)","Windows Defender (20250102)"],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.search: Free tools","reference":"","landingPage":"http://en.zxt2007.com/picture-tools/abseeimageviewer.html","directDownloadingLink":"http://en.zxt2007.com/download.php?id=absee_setup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://en.zxt2007.com/download.php?id=absee_setup.exe","sourceIndex":"511"}],"sampleFiles":["241017/ABseeFreeImageViewer-220606/4.0.2/Samples/absee_setup.exe","241017/ABseeFreeImageViewer-220606/4.0.2/Samples/ABseeViewer.exe","241017/ABseeFreeImageViewer-220606/4.0.2/Samples/absee_setup_241017.exe"],"imageFiles":["241017/ABseeFreeImageViewer-220606/4.0.2/Images/ACR-109/ACR-109_048_RKSetup.jpg","241017/ABseeFreeImageViewer-220606/4.0.2/Images/ACR-048/ACR-109_048_RKSetup.jpg","241017/ABseeFreeImageViewer-220606/4.0.2/Images/ACR-010/RelevantKnowledge.jpg","241017/ABseeFreeImageViewer-220606/4.0.2/Images/ACR-118/ACR-118_remnants.jpg","241017/ABseeFreeImageViewer-220606/4.0.2/Images/ACR-057/RelevantKnowledge.jpg","241017/ABseeFreeImageViewer-220606/4.0.2/Images/ACR-059/RelevantKnowledge.jpg","241017/ABseeFreeImageViewer-220606/4.0.2/Images/ACR-071/RelevantKnowledge.jpg","241017/ABseeFreeImageViewer-220606/4.0.2/Images/ACR-155/RelevantKnowledge.jpg"],"nonDeceptorImageFiles":["241017/ABseeFreeImageViewer-220606/4.0.2/Images/ACR-065/RelevantKnowledge.jpg","241017/ABseeFreeImageViewer-220606/4.0.2/Images/ACR-106/RelevantKnowledge.jpg","241017/ABseeFreeImageViewer-220606/4.0.2/Images/ACR-092/ACR-092_NoDigiSig.jpg"],"guid":"5783092d-81e5-4c0c-8a12-9a02ad3d17c8_4.0.2_1","appID":"ABseeFreeImageViewer-220606","dateAdded":"241017","deceptorType":"App","name":"ABsee Free Image Viewer","company":"zxt2007.com","version":"4.0.2","lastKnownStatus":"4.0.2","lastKnownDate":"241017","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 8,Windows 10,Windows 7","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"cross-sell other apps,sold in bundle","lastUpdate":"2024-10-17T16:52:40.5769846+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":490},{"violations":{"ACR-003":"The application exaggerates the identified issues with an alarming red color. The overall exaggerated scanning result leads misleading urgency for the user to take action fixing the identified issues.\n","ACR-004":"The app uses alarming pattern for scanning result, raising unnecessary urgency for fixing the issues.\n","ACR-007":"The app does not obtain informed consent before disabling build in security process Windows Defender process in the startup manager.\n","ACR-014":"The application uses the word \"problem\" and uses the color red to increase the urgency for non-urgent \"issues\", thereby misleading or scaring users to take action.\n"},"nonDeceptorViolations":{"ACR-065":"The app does not disclose the Privacy policy during the installation.\nThe app does not disclose the EULA and Privacy policy in the app's about page.\n","ACR-099":"The app does not disclose uninstall information in the app's about page.\nThe app does not disclose the uninstall information in the landing page.\n","ACR-035":"The app needs to disclose the App's name to the consumer in all the docs.\n","ACR-166":"The app does not disclose the license period to the consumer in the internal offers. \n","ACR-171":"The app does not disclose whether the payment is recurring or not.\n","ACR-014":"The app uses the word \"error\" and uses outdated images in the landing page.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\Ashampoo\\Ashampoo WinOptimizer 18\\WO18.exe","companyName":"","productName":"Ashampoo WinOptimizer 18","productVersion":"18.0.0.0","fileVersion":"18.0.0.0","hashMD5":"cde441399533e352ab8df645a506b37e","hashSHA1":"19600cd50c75d337e5c80a4551e785b53a063b1c","hashSHA256":"9cd028eb84173709211827c95a488425adcc87edd239f99f656ac360de9cf4e9","digitalCertThumbprint":"0B270BA6C87E439FECE3CFA363C0E2C7804C2870","digitalCertIssuer":"Symantec Class 3 SHA256 Code Signing CA","digitalCertIssuedTo":"Ashampoo GmbH & Co. KG","storeId":"","sourceIndex":"2432","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"ashampoo_winoptimizer_18_18.00.12_sm.exe","isInstaller":"True","companyName":"Ashampoo GmbH & Co. KG                                      ","productName":"Ashampoo WinOptimizer 18                                    ","productVersion":"18.00.12                                          ","fileVersion":"18.00.12            ","hashMD5":"8783e66831ebd8bc5923fdf9122d4d39","hashSHA1":"e3eacc8e6290e65f7180d6103354f99ab69364b8","hashSHA256":"fd1b3f633d23e8beca0f6c90e33d252ff950dcb8053cdfe9a7e09189137596c2","digitalCertThumbprint":"0B270BA6C87E439FECE3CFA363C0E2C7804C2870","digitalCertIssuer":"Symantec Class 3 SHA256 Code Signing CA","digitalCertIssuedTo":"Ashampoo GmbH & Co. KG","storeId":"","sourceIndex":"2432","avBlockList":["Avira Internet Security (20200519)","ESET Internet Security (20200519)","G DATA INTERNET SECURITY (20200519)","K7 Total Security (20200519)","Malwarebytes Premium (20200519)","McAfee Total Protection (20200519)","Norton Security (20200519)","Panda Dome (20200519)","Quick Heal Internet Security (20200519)","SpyHunter5 (20200519)","Total AV Antivirus Pro (20200519)","VirIT eXplorer PRO (20200519)","Webroot SecureAnywhere (20200519)","Windows Defender (20200519)"],"avAllowList":["360 Total Security (20200519)","Avast Premium Security (20200519)","AVG Internet Security (20200519)","Bitdefender Internet Security (20200519)","COMODO Antivirus (20200519)","Dr.Web Security Space (20200519)","Kaspersky Internet Security (20200519)","Sophos Home Premium (20200519)","Tencent PC Manager (20200519)","Trend Micro Internet Security (20200519)","VIPRE Advanced Security (20200519)"]}],"additionalFiles":[],"sources":[{"howFound":"Affiliate monitor \"https://www.speedupnew.com/\"","reference":"","landingPage":"https://www.ashampoo.com/en/usd/pin/5606/system-software/winoptimizer-17","directDownloadingLink":"https://www.ashampoo.com/en/usd/dld/5606/winoptimizer-17/","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.ashampoo.com/en/usd/dld/5606/winoptimizer-17/","sourceIndex":"2432"}],"sampleFiles":["200511/AshampooWinoptimizer-200508/18.00.12/Samples/ashampoo_winoptimizer_18_18.00.12_sm.exe"],"imageFiles":["200511/AshampooWinoptimizer-200508/18.00.12/Images/ACR-004/ACR-004_Software_MisleadingColors.JPG","200511/AshampooWinoptimizer-200508/18.00.12/Images/ACR-003/ACR-003_Software_MisleadingColors.JPG","200511/AshampooWinoptimizer-200508/18.00.12/Images/ACR-007/ACR-007_Software_NoAlerts.JPG","200511/AshampooWinoptimizer-200508/18.00.12/Images/ACR-014/ACR-014_Software_MisleadingColors.JPG","200511/AshampooWinoptimizer-200508/18.00.12/Images/ACR-014/ACR-014_Software_NoProblemsFound.jpg"],"nonDeceptorImageFiles":["200511/AshampooWinoptimizer-200508/18.00.12/Images/ACR-065/ACR-065_Install_NoPrivacyPolicy.JPG","200511/AshampooWinoptimizer-200508/18.00.12/Images/ACR-065/ACR-065_Software_NoEula&PrivacyPolicy.JPG","200511/AshampooWinoptimizer-200508/18.00.12/Images/ACR-099/ACR-099_Software_NoUninstall_Information.JPG","200511/AshampooWinoptimizer-200508/18.00.12/Images/ACR-035/ACR-035_Docs_NoAppName.jpg","200511/AshampooWinoptimizer-200508/18.00.12/Images/ACR-099/ACR-099_Landingpage_NoUninstall_Information.JPG","200511/AshampooWinoptimizer-200508/18.00.12/Images/ACR-014/ACR-014_Landingpage_OutdatedImages.jpg","200511/AshampooWinoptimizer-200508/18.00.12/Images/ACR-014/ACR-014_Landingpage_UseWordsError.jpg","200511/AshampooWinoptimizer-200508/18.00.12/Images/ACR-166/ACR-166_InternalOffers_NoLicensePeriod.jpg","200511/AshampooWinoptimizer-200508/18.00.12/Images/ACR-171/ACR-171_InternalOffers_NoRecurringDetail.jpg"],"guid":"644e3e19-bb43-4c49-875e-6b52b6dfff11_18.00.12_1","appID":"AshampooWinoptimizer-200508","dateAdded":"241017","deceptorType":"App","name":"AshampooWinoptimizer","company":"Ashampoo","version":"18.00.12","sigName":"Deceptor:Win32/AshampooWinoptimizer!004003007014","firstResolvedVersion":"","lastKnownStatus":"","lastKnownDate":"241017","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"paid,up-sell to paid,cross-sell other apps","lastUpdate":"2024-10-17T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":3,"sortOrder":489},{"violations":{"ACR-004":"1. The scan results are displayed using different colors (blue and green), which creates unnecessary urgency. If the app must use a traffic light color like green to indicate a clear scan, it shouldn't be combined with any other colors. \n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"ashampoo_winoptimizer_27_27.00.03_sm.exe","isInstaller":"True","companyName":"Ashampoo GmbH & Co. KG                                      ","fileVersion":"27.0","hashMD5":"cc5d8fbaa71d045578b0e92c64f6012b","hashSHA1":"8d99c7672983edacc401f5c8d3643ff56b0fae76","hashSHA256":"dd309a04973a356a1841960f1a2031c85e4ff4d69af17cce767c2423a6f3d2de","digitalCertThumbprint":"A9968551067DC73A210FBA0C5E7CADD0D059F09A","digitalCertIssuer":"CN=GlobalSign GCC R45 EV CodeSigning CA 2020, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"E=admins@ashampoo.com, CN=Ashampoo GmbH & Co. KG, O=Ashampoo GmbH & Co. KG, STREET=Schafjückenweg 2, L=Rastede, S=Niedersachsen, C=DE, OID.1.3.6.1.4.1.311.60.2.1.1=Oldenburg (Oldenburg), OID.1.3.6.1.4.1.311.60.2.1.2=Niedersachsen, OID.1.3.6.1.4.1.311.60.2.1.3=DE, SERIALNUMBER=HRA 3618, OID.2.5.4.15=Private Organization","sourceIndex":"508","avBlockList":["Dr.Web Security Space (20241231)","FortectPremium (20241231)","Panda Dome (20241231)","Sophos Home Premium (20241231)","SpyHunter5 (20241231)","VirIT eXplorer PRO (20241231)","Webroot SecureAnywhere (20241231)"],"avAllowList":["360 Total Security (20241231)","Avast Premium Security (20241231)","AVG Internet Security (20241231)","Avira Internet Security (20241231)","Bitdefender Internet Security (20241231)","COMODO Antivirus (20241231)","ESET Internet Security (20241231)","G DATA INTERNET SECURITY (20241231)","K7 Total Security (20241231)","KasperskyPremium (20241231)","Malwarebytes Premium (20241231)","McAfee Total Protection (20241231)","Norton Security (20241231)","Quick Heal Internet Security (20241231)","Total AV Antivirus Pro (20241231)","Trend Micro Internet Security (20241231)","VIPRE Advanced Security (20241231)","Windows Defender (20241231)"]},{"isRevoked":"False","fileName":"WO27.exe","fileVersion":"27.0","hashMD5":"339a15fd7fa4f2da255cd1392065f16c","hashSHA1":"ad513bede41f6b641d4fbbb3e173a1f962a4e118","hashSHA256":"df2124b9fc71afb05b59c54a2ec341f62291e89cc37a90af8088eaa567a78a0b","digitalCertThumbprint":"A9968551067DC73A210FBA0C5E7CADD0D059F09A","digitalCertIssuer":"CN=GlobalSign GCC R45 EV CodeSigning CA 2020, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"E=admins@ashampoo.com, CN=Ashampoo GmbH & Co. KG, O=Ashampoo GmbH & Co. KG, STREET=Schafjückenweg 2, L=Rastede, S=Niedersachsen, C=DE, OID.1.3.6.1.4.1.311.60.2.1.1=Oldenburg (Oldenburg), OID.1.3.6.1.4.1.311.60.2.1.2=Niedersachsen, OID.1.3.6.1.4.1.311.60.2.1.3=DE, SERIALNUMBER=HRA 3618, OID.2.5.4.15=Private Organization","sourceIndex":"508","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Affiliate monitor \"https://www.speedupnew.com/\"","reference":"","landingPage":"https://www.ashampoo.com/de-de/winoptimizer","directDownloadingLink":"https://cdn1.ashampoo.net/ashampoo/6906/ashampoo_winoptimizer_27_27.00.03_sm.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://cdn1.ashampoo.net/ashampoo/6906/ashampoo_winoptimizer_27_27.00.03_sm.exe","sourceIndex":"508"}],"sampleFiles":["241017/AshampooWinoptimizer-200508/27.0.3.0/Samples/ashampoo_winoptimizer_27_27.00.03_sm.exe","241017/AshampooWinoptimizer-200508/27.0.3.0/Samples/WO27.exe"],"imageFiles":["241017/AshampooWinoptimizer-200508/27.0.3.0/Images/ACR-004/ACR-004_Software_1.png","241017/AshampooWinoptimizer-200508/27.0.3.0/Images/ACR-004/notif.gif","241017/AshampooWinoptimizer-200508/27.0.3.0/Images/ACR-004/ACR-004_Software_3.png"],"nonDeceptorImageFiles":[],"guid":"644e3e19-bb43-4c49-875e-6b52b6dfff11_27.0.3.0_1","appID":"AshampooWinoptimizer-200508","dateAdded":"241017","deceptorType":"App","name":"AshampooWinoptimizer","company":"Ashampoo","version":"27.0.3.0","firstResolvedVersion":"","lastKnownStatus":"","lastKnownDate":"241017","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"paid,up-sell to paid,cross-sell other apps","lastUpdate":"2024-10-18T20:46:20.7598695+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":3,"sortOrder":487},{"violations":{"ACR-109":"The app downloads \"rk_setup.exe\", a RelevantKnowledge file without the consumer's consent. \n","ACR-047":"After the app is installed, it prompts the user with an \"Important!\" message to use a \"new version to avoid malfunctions\". This installs the same version of the app and re-runs the install and the offers that the consumer has previously declined.\n","ACR-048":"The \"Decline\" button does not have any control but still drops a RelevantKnowledge file “rk_setup.exe”.\nThe app does not provide an option to close the update prompt and cancel the startup of its own. \n","ACR-010":"The app bundler distributes the deceptor application. The offer in this bundler, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control.\n","ACR-083":"The app attempts to present the offer repeatedly via its update and startup.\n","ACR-084":"The app creates a startup entry without the user's knowledge and consent.\n","ACR-103":"Unable to verify the app's value proposition as it couldn't be launched instead it only displays an \"Update\" prompt whenever the app is attempted to launch.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components along with a \"curl-ca-bundle.crt\" on the device without the consumer's consent or notifying the user. \n","ACR-122":"The app displays a notification stating \"Update recommended\" which downloads the app and asks the user to install it by displaying the install prompt. This scenario is observed after uninstall and reboot.\n","ACR-057":"The app bundles the \"Relevant Knowledge\" offer which does not allow the consumer to decline the offer. \n","ACR-071":"The \"Relevant Knowledge\" offer cannot be declined independently as the installation is unable to proceed when attempting to decline the offer. Thus it forces the user to, only accept the offer and proceed with the installation.\n","ACR-075":"After the app is installed, it prompts the user with an \"Important!\" message to use a \"new version to avoid malfunctions\". This installs the same version of the app and re-runs the install and the offers that the consumer has previously declined.\n","ACR-014":"The app misleads users that they need to install an update while actually, it tries to install the pre-declined component by the user during the install.\n","ACR-059":"The Offer is not clearly marked as an offer. It is unclear who is recommending the offer.  \n","ACR-155":"Offers are designed to look like part of the install workflow.\n"},"nonDeceptorViolations":{"ACR-106":"App offers deceptive application 'Relevant Knowledge market survey'.\n","ACR-092":"The app does not have a digital signature for all its dropped components.\n","ACR-123":"The app does not remove its startup item even after uninstall.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\Disk Cleaner Free\\Disk Cleaner Free Update.exe","companyName":"","productName":"","productVersion":"2.1.1.2","fileVersion":"2.1.1.2","hashMD5":"a243e6bf83ed4a25519567eb6bb552d7","hashSHA1":"aa1b4d758ba8dbc5f31324d4ac897a2f12078c1d","hashSHA256":"38b492f6bf957bfe6f4cfce9743bff66f32c0a0befa65a6e4b4da70bb5b51ccc","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"512","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\Disk Cleaner Free\\DiskCleanerFree.exe","companyName":"","productName":"","productVersion":"","fileVersion":"","hashMD5":"18273b4521b0adff0f1c1695fd7c6b9a","hashSHA1":"e8901e347cde27a478a2813b8b551ea86279a2d0","hashSHA256":"12c0deaaea844e593e116468a211f19b8735a7cf8d4879354575c19497981082","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"512","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\Disk Cleaner Free\\DiskCleanerFree2.exe","companyName":"","productName":"","productVersion":"","fileVersion":"","hashMD5":"092ae606f0847edf1215b8223ac238af","hashSHA1":"cc96370aa0a2e0bb84da435a09175a65079ab8c1","hashSHA256":"90dafd8716df635be5c3fd8dba9cfe54febcab2c742b36f33896ea24b104bbd9","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"512","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\Disk Cleaner Free\\goup.exe","companyName":"","productName":"","productVersion":"1.0.0.0","fileVersion":"1.0.0.0","hashMD5":"b58001b7a3d8a4d2947b632accc613a0","hashSHA1":"4265de99ff08ce7170724cf56b6e3d87f211290d","hashSHA256":"0f0d36ef8b4de954e930fe85dc4e48fd83d2a2785a5a59cab4b3469afcb47989","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"512","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"DiskCleanerFree.exe","isInstaller":"True","companyName":"WareTorch Co. Ltd.                                         ","productName":"Disk Cleaner Free                                           ","productVersion":"                                                  ","fileVersion":"                    ","hashMD5":"1723d7b5356cdfbfbdd56d87d211cd0f","hashSHA1":"23fd3df51bf2e63a761eb64ac47bf222a1a4f595","hashSHA256":"e2562ab8b2ca7c09e6f7098fdc19b863de0396c1252329048c3b50bd3aaabae7","digitalCertThumbprint":"E323A663BC722856F054FADEE2B07EA215692ED4","digitalCertIssuer":"Sectigo Public Code Signing CA EV R36","digitalCertIssuedTo":"Beijing QingSoft Creative Information Technology Co. Ltd.","storeId":"","sourceIndex":"512","avBlockList":["360 Total Security (20250109)","Avast Premium Security (20250109)","AVG Internet Security (20250109)","Avira Internet Security (20250109)","Bitdefender Internet Security (20250109)","COMODO Antivirus (20250109)","Dr.Web Security Space (20250109)","ESET Internet Security (20250109)","G DATA INTERNET SECURITY (20250109)","K7 Total Security (20250109)","Kaspersky Internet Security (20220609)","Malwarebytes Premium (20250109)","McAfee Total Protection (20250109)","Norton Security (20250109)","Panda Dome (20250109)","Quick Heal Internet Security (20250109)","Sophos Home Premium (20250109)","SpyHunter5 (20250109)","Total AV Antivirus Pro (20250109)","Trend Micro Internet Security (20250109)","VIPRE Advanced Security (20250109)","VirIT eXplorer PRO (20250109)","Webroot SecureAnywhere (20250109)","Windows Defender (20250109)","FortectPremium (20250109)","KasperskyPremium (20250109)"],"avAllowList":["Tencent PC Manager (20220609)"]},{"isRevoked":"False","fileName":"DiskCleanerFree_241016.exe","isInstaller":"True","companyName":"WareTorch Co., Ltd.                                         ","fileVersion":"0.0","hashMD5":"798f51679bf691ab94dd4eb80ac728fc","hashSHA1":"126718b49781d44d586bd514318825f70d0e6e17","hashSHA256":"3ccf9aeb620878036a59f9bb8a2a9591212ccec219f07f70ee0cb5d197c8cdcc","sourceIndex":"512","avBlockList":["360 Total Security (20241231)","Avast Premium Security (20241231)","AVG Internet Security (20241231)","Avira Internet Security (20241231)","Bitdefender Internet Security (20241231)","COMODO Antivirus (20241231)","Dr.Web Security Space (20241231)","ESET Internet Security (20241231)","FortectPremium (20241231)","G DATA INTERNET SECURITY (20241231)","K7 Total Security (20241231)","KasperskyPremium (20241231)","Malwarebytes Premium (20241231)","McAfee Total Protection (20241231)","Norton Security (20241231)","Panda Dome (20241231)","Quick Heal Internet Security (20241231)","Sophos Home Premium (20241231)","SpyHunter5 (20241231)","Total AV Antivirus Pro (20241231)","Trend Micro Internet Security (20241231)","VIPRE Advanced Security (20241231)","VirIT eXplorer PRO (20241231)","Webroot SecureAnywhere (20241231)"],"avAllowList":["Windows Defender (20241231)"]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on Windows app","reference":"","landingPage":"http://www.disk-cleaner.net/","directDownloadingLink":"http://disk-cleaner.net/DiskCleanerFree.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://disk-cleaner.net/DiskCleanerFree.exe","sourceIndex":"512"}],"sampleFiles":["241017/diskcleanerfree-220530/8.8.2.4/Samples/DiskCleanerFree.exe","241017/diskcleanerfree-220530/8.8.2.4/Samples/DiskCleanerFree_241016.exe"],"imageFiles":["241017/diskcleanerfree-220530/8.8.2.4/Images/ACR-109/ACR-109_Install_Drops_Third_Party.JPG","241017/diskcleanerfree-220530/8.8.2.4/Images/ACR-047/ACR-047_Install.mp4","241017/diskcleanerfree-220530/8.8.2.4/Images/ACR-048/ACR-048_Install_No_Control_To_Decline.JPG","241017/diskcleanerfree-220530/8.8.2.4/Images/ACR-010/ACR-010_Software_Bundles_Deceptor.JPG","241017/diskcleanerfree-220530/8.8.2.4/Images/ACR-083/ACR-083_Software.JPG","241017/diskcleanerfree-220530/8.8.2.4/Images/ACR-083/ACR-083_Software_1.JPG","241017/diskcleanerfree-220530/8.8.2.4/Images/ACR-084/ACR-084_Software.JPG","241017/diskcleanerfree-220530/8.8.2.4/Images/ACR-103/ACR-103_Software.mp4","241017/diskcleanerfree-220530/8.8.2.4/Images/ACR-048/ACR-048_Software.JPG","241017/diskcleanerfree-220530/8.8.2.4/Images/ACR-048/ACR-048_Software_1.JPG","241017/diskcleanerfree-220530/8.8.2.4/Images/ACR-014/ACR-014_Software.JPG","241017/diskcleanerfree-220530/8.8.2.4/Images/ACR-014/ACR-014_Software_1.mp4","241017/diskcleanerfree-220530/8.8.2.4/Images/ACR-118/ACR-118_Uninstall.JPG","241017/diskcleanerfree-220530/8.8.2.4/Images/ACR-122/ACR-122_Uninstall.JPG","241017/diskcleanerfree-220530/8.8.2.4/Images/ACR-075/ACR-075_Bundler-MadeOffers.mp4","241017/diskcleanerfree-220530/8.8.2.4/Images/ACR-057/ACR-057_Bundler-MadeOffers.JPG","241017/diskcleanerfree-220530/8.8.2.4/Images/ACR-059/ACR-059_Bundler-MadeOffers.JPG","241017/diskcleanerfree-220530/8.8.2.4/Images/ACR-071/ACR-071_Bundler-MadeOffers.JPG","241017/diskcleanerfree-220530/8.8.2.4/Images/ACR-155/ACR-155_Bundler-MadeOffers.JPG"],"nonDeceptorImageFiles":["241017/diskcleanerfree-220530/8.8.2.4/Images/ACR-106/ACR-106_Software_Bundles_Deceptor.JPG","241017/diskcleanerfree-220530/8.8.2.4/Images/ACR-092/ACR-092_Software.JPG","241017/diskcleanerfree-220530/8.8.2.4/Images/ACR-092/ACR-092_Software_1.JPG","241017/diskcleanerfree-220530/8.8.2.4/Images/ACR-123/ACR-123_Uninstall.JPG"],"guid":"7755567a-269b-43fe-910c-cabedeb5a1b3_8.8.2.4_1","appID":"diskcleanerfree-220530","dateAdded":"241017","deceptorType":"App","name":"Disk Cleaner Free","company":"WareTorch Co., Ltd.","version":"8.8.2.4","lastKnownStatus":"8.8.2.4","lastKnownDate":"241017","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 10,Windows 8","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2024-10-17T16:51:17.7654532+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":475},{"violations":{"ACR-048":"The app does not provide any control to exit the live tuner, it runs silently in the background without any notification.\n","ACR-003":"The application exaggerates the identified issues with a alarming red color. The overall exaggerated scanning result leads misleading urgency for the user to take action fixing the identifies issues.\n","ACR-004":"The app uses alarming pattern raise urgency to fix the issues reported\n\n","ACR-007":"The app does not obtain informed consent before disabling build in security process Windows Defender process in the startup manager.\n","ACR-084":"The app runs silently in the background after user close the app, hiding the fact that it is active from the consumer.\n\n","ACR-014":"The application uses the color red to increase the urgency for non-urgent \"issues\", thereby misleading or scaring users to take action.\n","ACR-059":"The offer is not marked as optional Offer, the recommended by \"who\" is not clear. \n"},"nonDeceptorViolations":{"ACR-065":"The app does not disclose the Privacy policy during the installation.\nThe app does not disclose the EULA and Privacy policy in the app's about page.\n","ACR-099":"The app does not disclose uninstall information in the app's about page.\nThe app does not disclose the uninstall information in the landing page.\n","ACR-035":"The app needs to disclose the App's name to the consumer in all the docs.\n","ACR-054":"The app needs to provide equal prominence to \"Install\" and \"RemindMeLater/NoThanks\" buttons in the offer.\n","ACR-017":"The app elevates its consumer trust level by displaying the unverifiable logo.\n","ACR-014":"The app uses the word \"error\" and uses outdated videos in the landing page.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\Ashampoo\\Ashampoo WinOptimizer 17\\WO17.exe","companyName":"","productName":"Ashampoo WinOptimizer 17","productVersion":"17.0.0.0","fileVersion":"17.0.0.0","hashMD5":"ae7073e13acf4b84bd19971e8919e90f","hashSHA1":"0c622622d53bd359f52f63aafc8895c013c1f2e6","hashSHA256":"5bfea0318538ae2f611d9261295cce748dd09db72c2aed6bea84a7f7c47e7d88","digitalCertThumbprint":"CBBD0EB04FCABCC8B486D4B20B3CF3B6CF656675","digitalCertIssuer":"Symantec Class 3 SHA256 Code Signing CA","digitalCertIssuedTo":"Ashampoo GmbH & Co. KG","storeId":"","sourceIndex":"2431","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"ashampoo_winoptimizer_17_17.00.25_sm.exe","isInstaller":"True","companyName":"Ashampoo GmbH & Co. KG                                      ","productName":"Ashampoo WinOptimizer 17                                    ","productVersion":"17.00.25                                          ","fileVersion":"17.00.25            ","hashMD5":"d13ebeb15939ac8bc7deca6137ec73a1","hashSHA1":"04884b8db8ab7651da9c7dab94e0955e4b6a558a","hashSHA256":"ed1cfef40b086678276f8189c1d8eb63375beec2666c963e978a14a46c582d3b","digitalCertThumbprint":"CBBD0EB04FCABCC8B486D4B20B3CF3B6CF656675","digitalCertIssuer":"Symantec Class 3 SHA256 Code Signing CA","digitalCertIssuedTo":"Ashampoo GmbH & Co. KG","storeId":"","sourceIndex":"2431","avBlockList":["Avira Internet Security (20200519)","ESET Internet Security (20200519)","K7 Total Security (20200519)","Malwarebytes Premium (20200519)","McAfee Total Protection (20200519)","Norton Security (20200519)","Panda Dome (20200519)","SpyHunter5 (20200519)","Total AV Antivirus Pro (20200519)","VirIT eXplorer PRO (20200519)","Webroot SecureAnywhere (20200519)","Windows Defender (20200519)"],"avAllowList":["360 Total Security (20200519)","Avast Premium Security (20200519)","AVG Internet Security (20200519)","Bitdefender Internet Security (20200519)","COMODO Antivirus (20200519)","Dr.Web Security Space (20200519)","G DATA INTERNET SECURITY (20200519)","Kaspersky Internet Security (20200519)","Quick Heal Internet Security (20200519)","Sophos Home Premium (20200519)","Tencent PC Manager (20200519)","Trend Micro Internet Security (20200519)","VIPRE Advanced Security (20200519)"]}],"additionalFiles":[],"sources":[{"howFound":"Affiliate monitor \"https://www.speedupnew.com/\"","reference":"","landingPage":"https://www.ashampoo.com/en/usd/pin/5606/system-software/winoptimizer-17","directDownloadingLink":"https://www.ashampoo.com/en/usd/dld/5606/winoptimizer-17/","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.ashampoo.com/en/usd/dld/5606/winoptimizer-17/","sourceIndex":"2431"}],"sampleFiles":["200511/AshampooWinoptimizer-200508/17.0.25/Samples/ashampoo_winoptimizer_17_17.00.25_sm.exe"],"imageFiles":["200511/AshampooWinoptimizer-200508/17.0.25/Images/ACR-004/ACR-004_Software_Colors.JPG","200511/AshampooWinoptimizer-200508/17.0.25/Images/ACR-004/ACR-004_Software_Colors1.JPG","200511/AshampooWinoptimizer-200508/17.0.25/Images/ACR-084/ACR-084_Software_RunningInBackground.JPG","200511/AshampooWinoptimizer-200508/17.0.25/Images/ACR-048/ACR-048_Software_NoControlToLiveTuner.JPG","200511/AshampooWinoptimizer-200508/17.0.25/Images/ACR-007/ACR-007_Software_NoAlerts.JPG","200511/AshampooWinoptimizer-200508/17.0.25/Images/ACR-059/ACR-059_InlineOffers_NoDetails.JPG","200511/AshampooWinoptimizer-200508/17.0.25/Images/ACR-003/ACR-003_Software_MisleadingColors.JPG","200511/AshampooWinoptimizer-200508/17.0.25/Images/ACR-014/ACR-014_Software_MisleadingColors.JPG"],"nonDeceptorImageFiles":["200511/AshampooWinoptimizer-200508/17.0.25/Images/ACR-065/ACR-065_Install_NoPrivacyPolicy.JPG","200511/AshampooWinoptimizer-200508/17.0.25/Images/ACR-065/ACR-065_Software_NoEULA&PrivacyPolicy.JPG","200511/AshampooWinoptimizer-200508/17.0.25/Images/ACR-099/ACR-099_Software_NoUninstall_Info.JPG","200511/AshampooWinoptimizer-200508/17.0.25/Images/ACR-099/ACR-099_Landingpage_NoUninstall_Info.JPG","200511/AshampooWinoptimizer-200508/17.0.25/Images/ACR-035/ACR-035_Docs_NoAppName.JPG","200511/AshampooWinoptimizer-200508/17.0.25/Images/ACR-014/ACR-014_Landingpage_OudatedVideos.JPG","200511/AshampooWinoptimizer-200508/17.0.25/Images/ACR-014/ACR-014_Landingpage_WordError.JPG","200511/AshampooWinoptimizer-200508/17.0.25/Images/ACR-017/ACR-017_Landingpage_UnableToVerifyLogo.JPG","200511/AshampooWinoptimizer-200508/17.0.25/Images/ACR-054/ACR-054_InlineOffers_NoEqualProminence.JPG"],"guid":"644e3e19-bb43-4c49-875e-6b52b6dfff11_17.0.25_1","appID":"AshampooWinoptimizer-200508","dateAdded":"241017","deceptorType":"App","name":"AshampooWinoptimizer","company":"Ashampoo","version":"17.0.25","sigName":"Deceptor:Win32/AshampooWinOptimizer!004084048007059003014","firstResolvedVersion":"","lastKnownStatus":"","lastKnownDate":"241017","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2024-10-17T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":3,"sortOrder":488},{"violations":{"ACR-109":"The app downloads \"rk_setup.exe\", a RelevantKnowledge file without the consumer's consent.\n","ACR-048":"The \"Decline\" button does not have any control but still drops a RelevantKnowledge file “rk_setup.exe”.\n","ACR-010":"The app bundler distributes deceptor application. The offer in this bundler, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains many of its components along with a \"curl-ca-bundle.crt\" on the device without the consumer's consent or notifying the user.\n","ACR-057":"The app bundles the \"Relevant Knowledge\" offer which does not allow the consumer to decline the offer.\n","ACR-071":"The \"Relevant Knowledge\" offer cannot be declined independently as the installation is unable to proceed when attempting to decline the offer. Thus it forces the user to, only accept the offer and proceed with the installation.\n","ACR-059":"The Offer is not clearly marked as an offer. It is unclear who is recommending the offer.\n","ACR-155":"Offers are designed to look like part of the install workflow.\n"},"nonDeceptorViolations":{"ACR-106":"App offers deceptive application 'Relevant Knowledge market survey'.\n","ACR-092":"The app does not have a digital signature for the following components: \"MP4MediaPlayerSetup.exe (Installer)\" and \"MP4 Media Player.exe (Main executable)\".\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\MP4 Media Player\\MP4 Media Player.exe","companyName":"","productName":"","productVersion":"","fileVersion":"","hashMD5":"3bcee7609519155b6646b2891922aee0","hashSHA1":"2efc759ae97b90f309daea58e22c97304590245f","hashSHA256":"99208e8695a42aee248dc1c7daf1572622392939f60717b7c861a7738b414ff9","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"515","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"MP4MediaPlayerSetup.exe","isInstaller":"True","companyName":"vsevensoft.com                                              ","productName":"MP4 Media Player                                            ","productVersion":"1.0.1                                             ","fileVersion":"1.0.1               ","hashMD5":"bca82784075895c784e7fd6db8c9c7a9","hashSHA1":"5b79579a70feb578b4513340078d73351c629b14","hashSHA256":"81ece417545bffaafca3e63be53d3802b7f4f29fef1a4e28ff870ef7d3cf5515","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"515","avBlockList":["360 Total Security (20250109)","Avast Premium Security (20250109)","AVG Internet Security (20250109)","Avira Internet Security (20250109)","Bitdefender Internet Security (20250109)","COMODO Antivirus (20250109)","Dr.Web Security Space (20250109)","ESET Internet Security (20250109)","G DATA INTERNET SECURITY (20250109)","K7 Total Security (20250109)","Kaspersky Internet Security (20220602)","Malwarebytes Premium (20250109)","McAfee Total Protection (20250109)","Norton Security (20250109)","Panda Dome (20250109)","Quick Heal Internet Security (20250109)","Sophos Home Premium (20250109)","SpyHunter5 (20250109)","Total AV Antivirus Pro (20250109)","VIPRE Advanced Security (20250109)","VirIT eXplorer PRO (20250109)","Webroot SecureAnywhere (20250109)","Windows Defender (20250109)","FortectPremium (20250109)","KasperskyPremium (20250109)"],"avAllowList":["Tencent PC Manager (20220602)","Trend Micro Internet Security (20250109)"]},{"isRevoked":"False","fileName":"MP4MediaPlayerSetup_241010.exe","isInstaller":"True","companyName":"vsevensoft.com                                              ","fileVersion":"1.0","hashMD5":"a10ad52530ba9f7db182763f51c4885b","hashSHA1":"0c5bffd8cb5604843d173378ff421802b4a73d02","hashSHA256":"b510d28e8ccaa9248c6c8d8cc159c8f0ddd85ac5ae6ab4e8f7bc4e16e796bdde","sourceIndex":"515","avBlockList":["360 Total Security (20241226)","Avast Premium Security (20241226)","AVG Internet Security (20241226)","Avira Internet Security (20241226)","ESET Internet Security (20241226)","FortectPremium (20241226)","G DATA INTERNET SECURITY (20241226)","K7 Total Security (20241226)","KasperskyPremium (20241226)","Malwarebytes Premium (20241226)","McAfee Total Protection (20241226)","Norton Security (20241226)","Panda Dome (20241226)","Sophos Home Premium (20241226)","SpyHunter5 (20241226)","Total AV Antivirus Pro (20241226)","VirIT eXplorer PRO (20241226)","Webroot SecureAnywhere (20241226)"],"avAllowList":["Bitdefender Internet Security (20241226)","COMODO Antivirus (20241226)","Dr.Web Security Space (20241226)","Quick Heal Internet Security (20241226)","Trend Micro Internet Security (20241226)","VIPRE Advanced Security (20241226)","Windows Defender (20241226)"]}],"additionalFiles":[],"sources":[{"howFound":"Relevant Knowledge related apps","reference":"","landingPage":"https://www.vsevensoft.com/mp4-media-player.html","directDownloadingLink":"https://www.vsevensoft.com/downloads/MP4MediaPlayerSetup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.vsevensoft.com/downloads/MP4MediaPlayerSetup.exe","sourceIndex":"515"}],"sampleFiles":["241011/mp4mediaplayer-220525/1.0.1/Samples/MP4MediaPlayerSetup.exe","241011/mp4mediaplayer-220525/1.0.1/Samples/MP4MediaPlayerSetup_241010.exe"],"imageFiles":["241011/mp4mediaplayer-220525/1.0.1/Images/ACR-109/ACR-109_Install_Drops_Third_Party.JPG","241011/mp4mediaplayer-220525/1.0.1/Images/ACR-048/ACR-048_Install_No_Control_To_Decline.JPG","241011/mp4mediaplayer-220525/1.0.1/Images/ACR-010/ACR-010_Software_Bundles_Deceptor.JPG","241011/mp4mediaplayer-220525/1.0.1/Images/ACR-118/ACR-118_1.JPG","241011/mp4mediaplayer-220525/1.0.1/Images/ACR-118/ACR-118_2.JPG","241011/mp4mediaplayer-220525/1.0.1/Images/ACR-118/ACR-118_3.JPG","241011/mp4mediaplayer-220525/1.0.1/Images/ACR-057/ACR-057_1.JPG","241011/mp4mediaplayer-220525/1.0.1/Images/ACR-059/ACR-059_1.JPG","241011/mp4mediaplayer-220525/1.0.1/Images/ACR-071/ACR-071_1.JPG","241011/mp4mediaplayer-220525/1.0.1/Images/ACR-155/ACR-155_1.JPG"],"nonDeceptorImageFiles":["241011/mp4mediaplayer-220525/1.0.1/Images/ACR-106/ACR-106_Software_Bundles_Deceptor.JPG","241011/mp4mediaplayer-220525/1.0.1/Images/ACR-092/ACR-092_1.JPG","241011/mp4mediaplayer-220525/1.0.1/Images/ACR-092/ACR-092_2.JPG"],"guid":"5a7d1dcc-21ea-4249-8097-fd229dc2e121_1.0.1_1","appID":"mp4mediaplayer-220525","dateAdded":"241011","deceptorType":"App","name":"MP4 Media Player","company":"vsevensoft.com","version":"1.0.1","lastKnownStatus":"1.0.1","lastKnownDate":"241011","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2024-10-11T21:50:23.229562+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":492},{"violations":{"ACR-109":"The app downloads \"rk_setup.exe\", a RelevantKnowledge file without the consumer's consent.\n","ACR-048":"The \"Decline\" button does not have any control but still drops a RelevantKnowledge file “rk_setup.exe”.\n","ACR-010":"The app bundler distributes deceptor application. The offer in this bundler, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains many of its components along with a \"curl-ca-bundle.crt\" on the device without the consumer's consent or notifying the user.\n","ACR-057":"The app bundles the \"Relevant Knowledge\" offer which does not allow the consumer to decline the offer.\n","ACR-071":"The \"Relevant Knowledge\" offer cannot be declined independently as the installation is unable to proceed when attempting to decline the offer. Thus it forces the user to, only accept the offer and proceed with the installation.\n","ACR-059":"The Offer is not clearly marked as an offer. It is unclear who is recommending the offer.\n","ACR-155":"Offers are designed to look like part of the install workflow.\n"},"nonDeceptorViolations":{"ACR-106":"App offers deceptive application 'Relevant Knowledge market survey'.\n","ACR-092":"The app does not have a digital signature for the following components: \"MPEGPlayerSetup.exe (Installer)\" and \"MPEG Player.exe (Main executable)\".\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\MPEG Player\\MPEG Player.exe","companyName":"","productName":"","productVersion":"","fileVersion":"","hashMD5":"001d59a2e809186aa7d07d8ab595d993","hashSHA1":"3f266e73d76e5f45f0231dfabedc2734a22ea833","hashSHA256":"2a00556562dcb58b985b50651c275e8a71f7d6979dd00a415750ed3df97b339c","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"514","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"MPEGPlayerSetup.exe","isInstaller":"True","companyName":"vsevensoft.com                                              ","productName":"MPEG Player                                                 ","productVersion":"1.0.1                                             ","fileVersion":"1.0.1               ","hashMD5":"df995431585afb4e276dd9b3e1b17d33","hashSHA1":"65a76b139cea25eca4a0f4b7104c31a31d24b007","hashSHA256":"074ce5cd0f71116ee66cc76e17135b1c51ddf15e773e4f8dd580cfc0e5204a1f","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"514","avBlockList":["360 Total Security (20250109)","Avast Premium Security (20250109)","AVG Internet Security (20250109)","Avira Internet Security (20250109)","Bitdefender Internet Security (20250109)","COMODO Antivirus (20250109)","Dr.Web Security Space (20250109)","ESET Internet Security (20250109)","G DATA INTERNET SECURITY (20250109)","K7 Total Security (20250109)","Kaspersky Internet Security (20220602)","Malwarebytes Premium (20250109)","McAfee Total Protection (20250109)","Norton Security (20250109)","Panda Dome (20250109)","Quick Heal Internet Security (20250109)","Sophos Home Premium (20250109)","SpyHunter5 (20250109)","Total AV Antivirus Pro (20250109)","Trend Micro Internet Security (20250109)","VIPRE Advanced Security (20250109)","VirIT eXplorer PRO (20250109)","Webroot SecureAnywhere (20250109)","Windows Defender (20250109)","FortectPremium (20250109)","KasperskyPremium (20250109)"],"avAllowList":["Tencent PC Manager (20220602)"]},{"isRevoked":"False","fileName":"MPEGPlayerSetup_241010.exe","isInstaller":"True","companyName":"vsevensoft.com                                              ","fileVersion":"1.0","hashMD5":"752ba05959779dd9fca8e481df11d38b","hashSHA1":"48ab067a4185897126492262f20db11771efdc78","hashSHA256":"da20b617e3d4012655e2ab6e5a062133a3ba6d24d284bf4db1ad8966ba81d236","sourceIndex":"514","avBlockList":["360 Total Security (20241226)","Avast Premium Security (20241226)","AVG Internet Security (20241226)","Avira Internet Security (20241226)","ESET Internet Security (20241226)","FortectPremium (20241226)","G DATA INTERNET SECURITY (20241226)","K7 Total Security (20241226)","KasperskyPremium (20241226)","Malwarebytes Premium (20241226)","McAfee Total Protection (20241226)","Norton Security (20241226)","Panda Dome (20241226)","Sophos Home Premium (20241226)","SpyHunter5 (20241226)","Total AV Antivirus Pro (20241226)","VirIT eXplorer PRO (20241226)","Webroot SecureAnywhere (20241226)"],"avAllowList":["Bitdefender Internet Security (20241226)","COMODO Antivirus (20241226)","Dr.Web Security Space (20241226)","Quick Heal Internet Security (20241226)","Trend Micro Internet Security (20241226)","VIPRE Advanced Security (20241226)","Windows Defender (20241226)"]}],"additionalFiles":[],"sources":[{"howFound":"Relevant knowledge related apps","reference":"","landingPage":"https://www.vsevensoft.com/mpeg-player.html","directDownloadingLink":"https://www.vsevensoft.com/downloads/MPEGPlayerSetup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.vsevensoft.com/downloads/MPEGPlayerSetup.exe","sourceIndex":"514"}],"sampleFiles":["241011/mpegplayer-220525/1.0.1/Samples/MPEGPlayerSetup.exe","241011/mpegplayer-220525/1.0.1/Samples/MPEGPlayerSetup_241010.exe"],"imageFiles":["241011/mpegplayer-220525/1.0.1/Images/ACR-109/ACR-109_Install_Drops_Third_Party.JPG","241011/mpegplayer-220525/1.0.1/Images/ACR-048/ACR-048_Install_No_Control_To_Decline.JPG","241011/mpegplayer-220525/1.0.1/Images/ACR-010/ACR-010_Software_Bundles_Deceptor.JPG","241011/mpegplayer-220525/1.0.1/Images/ACR-118/ACR-118_1.JPG","241011/mpegplayer-220525/1.0.1/Images/ACR-118/ACR-118_2.JPG","241011/mpegplayer-220525/1.0.1/Images/ACR-118/ACR-118_3.JPG","241011/mpegplayer-220525/1.0.1/Images/ACR-057/ACR-057_1.JPG","241011/mpegplayer-220525/1.0.1/Images/ACR-059/ACR-059_1.JPG","241011/mpegplayer-220525/1.0.1/Images/ACR-071/ACR-071_1.JPG","241011/mpegplayer-220525/1.0.1/Images/ACR-155/ACR-155_1.JPG"],"nonDeceptorImageFiles":["241011/mpegplayer-220525/1.0.1/Images/ACR-106/ACR-106_Software_Bundles_Deceptor.JPG","241011/mpegplayer-220525/1.0.1/Images/ACR-092/ACR-092_1.JPG","241011/mpegplayer-220525/1.0.1/Images/ACR-092/ACR-092_2.JPG"],"guid":"0ab2bc76-9698-45ae-aa62-d9fc1cec4153_1.0.1_1","appID":"mpegplayer-220525","dateAdded":"241011","deceptorType":"App","name":"MPEG Player","company":"vsevensoft.com","version":"1.0.1","lastKnownStatus":"1.0.1","lastKnownDate":"241011","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2024-10-11T21:52:31.5471038+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":491},{"violations":{"ACR-043":"App installs 3rd party components such as ffpmeg without disclosing to the user.\n","ACR-003":"App shows free scan results but does not allow the user to substantiate the claims by requiring a subscription in order to view the file paths of the scan results.\n","ACR-004":" App shows free scan results but does not allow user to implement a fix (delete the duplicate files) for free. Instead, it prompts user to pay for a subscription.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"KSDuplicateRemoverIns_031_205.exe","isInstaller":"True","companyName":"Kingshiper","fileVersion":"2.0","hashMD5":"58d355e7ded748f1217e150bfeafa284","hashSHA1":"195e77a0b8a412d40592a1a28f04b7d5f6100ded","hashSHA256":"d458660127c2a947f2854c2d4f8aaee52fc4f2066221f1a29ce8f826e6ddf945","digitalCertThumbprint":"CF714365888F38D1C93AC47AD846AC92087134F7","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=\"Jiangxia Information Technology (Huizhou) Co., Ltd.\", O=\"Jiangxia Information Technology (Huizhou) Co., Ltd.\", L=Huizhou, S=Guangdong Province, C=CN, SERIALNUMBER=91441302MA4X2E1MX8, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.1=Huizhou, OID.1.3.6.1.4.1.311.60.2.1.2=Guangdong Province, OID.1.3.6.1.4.1.311.60.2.1.3=CN","sourceIndex":"516","avBlockList":["ESET Internet Security (20241219)","K7 Total Security (20241219)","Malwarebytes Premium (20241219)","Norton Security (20241024)","Panda Dome (20241219)","Sophos Home Premium (20241219)","SpyHunter5 (20241219)","VirIT eXplorer PRO (20241219)","Webroot SecureAnywhere (20241219)"],"avAllowList":["360 Total Security (20241219)","Avast Premium Security (20241219)","AVG Internet Security (20241219)","Avira Internet Security (20241219)","Bitdefender Internet Security (20241219)","COMODO Antivirus (20241219)","Dr.Web Security Space (20241219)","G DATA INTERNET SECURITY (20241219)","KasperskyPremium (20241219)","McAfee Total Protection (20241219)","Quick Heal Internet Security (20241219)","Total AV Antivirus Pro (20241219)","Trend Micro Internet Security (20241219)","VIPRE Advanced Security (20241219)","Windows Defender (20241219)","FortectPremium (20241219)"]},{"isRevoked":"False","fileName":"KSDuplicateRemover.exe","companyName":"Kingshiper Software Co., Ltd.","fileVersion":"2.0","hashMD5":"36763da3d4af5c20d6ef3cf97ee8d1ac","hashSHA1":"a35c2a6ec1b49e179f277d9fe7dadc7465a02245","hashSHA256":"0db3949ee7e33acf4ebad2869354495db52e9004854f070d487f97784ed307fe","digitalCertThumbprint":"CF714365888F38D1C93AC47AD846AC92087134F7","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=\"Jiangxia Information Technology (Huizhou) Co., Ltd.\", O=\"Jiangxia Information Technology (Huizhou) Co., Ltd.\", L=Huizhou, S=Guangdong Province, C=CN, SERIALNUMBER=91441302MA4X2E1MX8, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.1=Huizhou, OID.1.3.6.1.4.1.311.60.2.1.2=Guangdong Province, OID.1.3.6.1.4.1.311.60.2.1.3=CN","sourceIndex":"516","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"generic version of Microsoft store app","reference":"","landingPage":"https://www.kingshiper.com/filedeleter","ipv4":"","ipv6":"","sourceIndex":"516"}],"sampleFiles":["241009/Kingshiperduplicateremover-241009/2.0.5/Samples/KSDuplicateRemoverIns_031_205.exe","241009/Kingshiperduplicateremover-241009/2.0.5/Samples/KSDuplicateRemover.exe"],"imageFiles":["241009/Kingshiperduplicateremover-241009/2.0.5/Images/ACR-043/ffmpeg.png","241009/Kingshiperduplicateremover-241009/2.0.5/Images/ACR-004/ACR-004.png","241009/Kingshiperduplicateremover-241009/2.0.5/Images/ACR-004/Scan Results.png","241009/Kingshiperduplicateremover-241009/2.0.5/Images/ACR-004/subscriptions.png","241009/Kingshiperduplicateremover-241009/2.0.5/Images/ACR-003/ACR-004.png","241009/Kingshiperduplicateremover-241009/2.0.5/Images/ACR-003/Scan Results.png","241009/Kingshiperduplicateremover-241009/2.0.5/Images/ACR-003/subscriptions.png"],"nonDeceptorImageFiles":[],"guid":"9f21c962-d195-424d-847b-a6b70807885b_2.0.5_1","appID":"Kingshiperduplicateremover-241009","dateAdded":"241009","deceptorType":"App","name":"Kingshiper Duplicate Remover","company":"Jiangxia Information Technology (Huizhou) Co., Ltd.","version":"2.0.5","lastKnownStatus":"2.0.5","lastKnownDate":"241009","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 7,Windows 8,Windows 10,Windows 11","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2024-10-09T20:26:24.470163+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":495},{"violations":{"ACR-003":"The app exaggerates urgency using words like \"Attention!\" in red/white colors thereby misleading or scaring the user to take action. The app also exaggerated the number of registry errors found and unsubstantiated damage level. \n"},"nonDeceptorViolations":{"ACR-065":"The install does not display links to the Returns and Cancellation Policy or the Privacy Policy\nThe app does not display links to the EULA, Terms of Service, Returns and Cancellation Policy, Privacy Policy. \n","ACR-161":"The landing page contains testimonials with no link back to original source, making them unable to be verified.\n","ACR-099":"The app does not display links to uninstall information. \n"},"samples":[{"isRevoked":"False","fileName":"RegCleaner.exe","companyName":"Pointstone Software, LLC","fileVersion":"4.0","hashMD5":"397466d1a5415ff5b572c4d1f350bedf","hashSHA1":"abd8d838766ec76f74d813ddc866e2879b56abaf","hashSHA256":"3cb87e39c8a354de769dd9d50ea854bf4bd9f8be62a0e45fd39d70ae6815eae0","digitalCertThumbprint":"D3AEAF31BFB155F473C45FC90BE0DBDA71DD1629","digitalCertIssuer":"CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"Pointstone Software, LLC\", O=\"Pointstone Software, LLC\", STREET=\"2915 Ogletown Road, #342\", L=Newark, S=DE, PostalCode=19713, C=US","sourceIndex":"1605","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"RegistryCleanerSetup.exe","isInstaller":"True","companyName":"Pointstone Software, LLC","fileVersion":"4.0","hashMD5":"c1105b1ac104c8e2052b3b1dd650d28c","hashSHA1":"1ad58eb4b14a925f36a5ae8b30b9741fe9e2d474","hashSHA256":"4d8101e407dcdcd7f3dcc82d6fce4768fe2489e7dbea8b189f76c02e26498b56","digitalCertThumbprint":"D3AEAF31BFB155F473C45FC90BE0DBDA71DD1629","digitalCertIssuer":"CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"Pointstone Software, LLC\", O=\"Pointstone Software, LLC\", STREET=\"2915 Ogletown Road, #342\", L=Newark, S=DE, PostalCode=19713, C=US","sourceIndex":"1605","avBlockList":["Avast Premium Security (20220602)","AVG Internet Security (20220602)","Avira Internet Security (20220602)","Bitdefender Internet Security (20220602)","Dr.Web Security Space (20220602)","ESET Internet Security (20220602)","G DATA INTERNET SECURITY (20220602)","K7 Total Security (20220602)","Malwarebytes Premium (20220602)","McAfee Total Protection (20220602)","Norton Security (20220602)","Quick Heal Internet Security (20220602)","Sophos Home Premium (20220602)","SpyHunter5 (20220602)","Total AV Antivirus Pro (20220602)","VIPRE Advanced Security (20220602)","VirIT eXplorer PRO (20220602)","Webroot SecureAnywhere (20220602)","Windows Defender (20220602)"],"avAllowList":["360 Total Security (20220602)","COMODO Antivirus (20220602)","Kaspersky Internet Security (20220602)","Panda Dome (20220602)","Tencent PC Manager (20220602)","Trend Micro Internet Security (20220602)"]}],"additionalFiles":[],"sources":[{"howFound":"Google Search: Registry Cleaner","reference":"https://www.pointstone.com","landingPage":"https://www.pointstone.com/products/registrycleaner/","directDownloadingLink":"","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"","sourceIndex":"1605"}],"sampleFiles":["220519/RegistryCleaner-200914/4.0.1.110/Samples/RegCleaner.exe","220519/RegistryCleaner-200914/4.0.1.110/Samples/RegistryCleanerSetup.exe"],"imageFiles":["220519/RegistryCleaner-200914/4.0.1.110/Images/ACR-003/RegistryCleaner_Interactions [2].png","220519/RegistryCleaner-200914/4.0.1.110/Images/ACR-003/RegistryCleaner_Interactions [1].png"],"nonDeceptorImageFiles":["220519/RegistryCleaner-200914/4.0.1.110/Images/ACR-065/RegCleaner_Installs [1].png","220519/RegistryCleaner-200914/4.0.1.110/Images/ACR-065/RegistryCleaner_Install [1].png","220519/RegistryCleaner-200914/4.0.1.110/Images/ACR-065/RegistryCleaner_Install [2].png","220519/RegistryCleaner-200914/4.0.1.110/Images/ACR-065/RegistryCleaner_Install [4].png","220519/RegistryCleaner-200914/4.0.1.110/Images/ACR-065/RegistryCleaner_Install [5].png","220519/RegistryCleaner-200914/4.0.1.110/Images/ACR-065/RegistryCleaner_About [1].png","220519/RegistryCleaner-200914/4.0.1.110/Images/ACR-065/RegistryCleaner_Interactions [1].png","220519/RegistryCleaner-200914/4.0.1.110/Images/ACR-099/RegistryCleaner_About [1].png","220519/RegistryCleaner-200914/4.0.1.110/Images/ACR-161/RegistryCleaner_LandingPage [2].png"],"guid":"095f0bdc-7a72-46f2-a8d3-d816f5934230_4.0.1.110_1","appID":"RegistryCleaner-200914","dateAdded":"241009","deceptorType":"App","name":"Registry Cleaner","company":"Pointstone Software, LLC","version":"4.0.1.110","lastKnownStatus":"4.2.0.150","lastKnownDate":"241009","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"cross-sell other apps","lastUpdate":"2024-10-09T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":494},{"violations":{"ACR-003":"The app exaggerates urgency using words like \"Attention!\" and error in red/white colors thereby misleading or scaring the user to take action. The app also exaggerated the number of registry errors found and unsubstantiated damage level. \n","ACR-004":"The app exaggerates urgency using words like \"Attention!\" and error in red/white colors thereby misleading or scaring the user to take action. The app also exaggerated the number of registry errors found and unsubstantiated damage level. \n","ACR-014":"The app exaggerates urgency using words like \"Attention!\" and error in red/white colors thereby misleading or scaring the user to take action. The app also exaggerated the number of registry errors found and unsubstantiated damage level. \n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\Pointstone\\Registry Cleaner 4\\RegCleaner.exe","companyName":"Pointstone Software LLC","productName":"Registry Cleaner","productVersion":"","fileVersion":"4.2.0.150","hashMD5":"cf408e679379746ca326b831565c855e","hashSHA1":"ff54835bcd9e0416ccef91ae874913ce3ba5dc08","hashSHA256":"8e944f455e1211fdcd2ca48a5f81f77d2576475a0e15d7dbf39fcf87b46d9165","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"517","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"registry_cleaner_setup.exe","isInstaller":"True","companyName":"Pointstone Software LLC","productName":"Registry Cleaner","productVersion":"","fileVersion":"4.2.0.150","hashMD5":"4b50757c5066ed14c5abdaa30e3e6169","hashSHA1":"8239f896fafe481959e13a5e4a0d7520da0c9f43","hashSHA256":"cdcfbbc07db7b171eb57085065375f55bf9549f05d75b4fc759528759ef4f032","digitalCertThumbprint":"C5F2BEC5FC04DD795CE1B9E489037D8C6CF1600C","digitalCertIssuer":"COMODO Code Signing CA 2","digitalCertIssuedTo":"Pointstone Software LLC","storeId":"","sourceIndex":"517","avBlockList":["Avast Premium Security (20241219)","AVG Internet Security (20241219)","Avira Internet Security (20241219)","Bitdefender Internet Security (20241219)","Dr.Web Security Space (20241219)","ESET Internet Security (20241219)","G DATA INTERNET SECURITY (20241219)","Malwarebytes Premium (20241219)","McAfee Total Protection (20241219)","Norton Security (20241219)","Panda Dome (20241219)","Sophos Home Premium (20241219)","SpyHunter5 (20241219)","Tencent PC Manager (20200928)","Total AV Antivirus Pro (20241219)","VIPRE Advanced Security (20241219)","VirIT eXplorer PRO (20241219)","Webroot SecureAnywhere (20241219)","Windows Defender (20241219)","FortectPremium (20241219)","KasperskyPremium (20241219)"],"avAllowList":["360 Total Security (20241219)","COMODO Antivirus (20241219)","K7 Total Security (20241219)","Kaspersky Internet Security (20200928)","Quick Heal Internet Security (20241219)","Trend Micro Internet Security (20241219)"]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on windows app","reference":"","landingPage":"https://www.pointstone.com/products/registrycleaner/","directDownloadingLink":"https://www.pointstone.com/products/registrycleaner/download/","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.pointstone.com/products/registrycleaner/download/","sourceIndex":"517"}],"sampleFiles":["241009/RegistryCleaner-200914/4.2.0.150/Samples/registry_cleaner_setup.exe"],"imageFiles":["241009/RegistryCleaner-200914/4.2.0.150/Images/ACR-004/ACR-004.PNG","241009/RegistryCleaner-200914/4.2.0.150/Images/ACR-004/ACR-004_1.PNG","241009/RegistryCleaner-200914/4.2.0.150/Images/ACR-003/ACR-003.PNG","241009/RegistryCleaner-200914/4.2.0.150/Images/ACR-003/ACR-003_1.PNG","241009/RegistryCleaner-200914/4.2.0.150/Images/ACR-014/ACR-014.PNG","241009/RegistryCleaner-200914/4.2.0.150/Images/ACR-014/ACR-014_1.PNG"],"nonDeceptorImageFiles":[],"guid":"095f0bdc-7a72-46f2-a8d3-d816f5934230_4.2.0.150_1","appID":"RegistryCleaner-200914","dateAdded":"241009","deceptorType":"App","name":"Registry Cleaner","company":"Pointstone Software, LLC","version":"4.2.0.150","lastKnownStatus":"4.2.0.150","lastKnownDate":"241009","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"cross-sell other apps","lastUpdate":"2024-10-09T18:55:56.0869156+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":493},{"violations":{"ACR-109":"The app installs \"FreeStudioManager\" without disclosing it to the user and getting user consent. \n","ACR-043":"The app installs \"FreeStudioManager\" without disclosing it to the user and getting user consent. It also runs the \"vidnotifier.exe\" process and creates a startup.\n","ACR-048":"The non disclosed app components is hidden from standard uninstall entry, limits user to remove/delete/uninstall it: \"DVDVideoSoft Free Studio\"\n","ACR-017":"The application logo is way too similar to the windows logo, misleading representation for the app source.\n","ACR-039":"The app installs \"FreeStudioManager\" without disclosing it to the user and getting user consent. \n","ACR-164":"The app needs to provide details about how to cancel online when users receive notification for renewal and what's the price amount after the time-bound discount expires.\n"},"nonDeceptorViolations":{"ACR-044":"The app does not disclose to users of the other application to download and install.\n","ACR-040":"The app did not disclose components \"FreeStudioManager\" are installed in the non-common folder.\n","ACR-065":"The install wizard does not display links to the Returns and Cancellation Policy.\nThe app does not display links to the Returns and Cancellation Policy, Privacy Policy. \nThe landing page does not display links to the Returns and Cancellation Policy.\n","ACR-099":"The app's  About page does not contain links to uninstall information.\nThe app's landing page does not contain links to uninstall information.\nThe internal offers page does not contain links to uninstall information. \n"},"samples":[{"isRevoked":"False","fileName":"FreeStudioManager.exe","companyName":"Digital Wave Ltd","fileVersion":"6.7","hashMD5":"49251a97d8e942047a9dbee62542bdd4","hashSHA1":"f2c7da4774425a33c307b320096809d99390a5d2","hashSHA256":"51d48cdfe4bdc8db42256ec4587dcf46647d5ba394f520f6908b6ff67438ada5","digitalCertThumbprint":"C934990D27B9D3CE6D5914E7494A993FA4F860E2","digitalCertIssuer":"CN=DigiCert EV Code Signing CA (SHA2), OU=www.digicert.com, O=DigiCert Inc, C=US","digitalCertIssuedTo":"CN=Digital Wave Ltd, O=Digital Wave Ltd, L=London, C=GB, SERIALNUMBER=06823196, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=GB","sourceIndex":"1624","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"FreeYouTubeDownload_4.3.73.420_o_f506180f-128e-4ad1-951d-51919a24a73d.exe","isInstaller":"True","companyName":"Digital Wave Ltd                                            ","fileVersion":"4.3","hashMD5":"28918781697c621b1fdad2f03ee96070","hashSHA1":"d6d8d1ed9e1ed709f114d348a5c1ca9fb4ca0921","hashSHA256":"ff8a3261cdb89082464a47928a8e68702393f7a7b81187414dffe7984ffb7600","digitalCertThumbprint":"C934990D27B9D3CE6D5914E7494A993FA4F860E2","digitalCertIssuer":"CN=DigiCert EV Code Signing CA (SHA2), OU=www.digicert.com, O=DigiCert Inc, C=US","digitalCertIssuedTo":"CN=Digital Wave Ltd, O=Digital Wave Ltd, L=London, C=GB, SERIALNUMBER=06823196, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=GB","sourceIndex":"1624","avBlockList":["360 Total Security (20220517)","Avira Internet Security (20220517)","Dr.Web Security Space (20220517)","K7 Total Security (20220517)","McAfee Total Protection (20220517)","Norton Security (20220517)","Panda Dome (20220517)","Quick Heal Internet Security (20220517)","Sophos Home Premium (20220517)","SpyHunter5 (20220517)","Total AV Antivirus Pro (20220517)","VirIT eXplorer PRO (20220517)","Webroot SecureAnywhere (20220517)","Windows Defender (20220517)"],"avAllowList":["Avast Premium Security (20220517)","AVG Internet Security (20220517)","Bitdefender Internet Security (20220517)","COMODO Antivirus (20220517)","ESET Internet Security (20220517)","G DATA INTERNET SECURITY (20220517)","Kaspersky Internet Security (20220517)","Malwarebytes Premium (20220517)","Tencent PC Manager (20220517)","Trend Micro Internet Security (20220517)","VIPRE Advanced Security (20220517)"]},{"isRevoked":"False","fileName":"FreeYTVDownloader.exe","companyName":"Digital Wave Ltd","fileVersion":"4.3","hashMD5":"d5096b3f2794ed4fddd4e1441720e5bd","hashSHA1":"b0b649183b5c9dde4b6591caf2c937bf479630b6","hashSHA256":"d1532b70bc4dae223388f18a5f050bb74f1f2160223d069485f08a8f3a0c514d","digitalCertThumbprint":"C934990D27B9D3CE6D5914E7494A993FA4F860E2","digitalCertIssuer":"CN=DigiCert EV Code Signing CA (SHA2), OU=www.digicert.com, O=DigiCert Inc, C=US","digitalCertIssuedTo":"CN=Digital Wave Ltd, O=Digital Wave Ltd, L=London, C=GB, SERIALNUMBER=06823196, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=GB","sourceIndex":"1624","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"dvdvideosoft website","reference":"","landingPage":"https://www.dvdvideosoft.com/youtube-playlist-downloader","directDownloadingLink":"https://www.dvdvideosoft.com/de/download.htm?fname=FreeYouTubeDownload.exe&ls=topWinPrimaryLeft&auid=true","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.dvdvideosoft.com/de/download.htm?fname=FreeYouTubeDownload.exe&ls=topWinPrimaryLeft&auid=true","sourceIndex":"1624"}],"sampleFiles":["220509/FreeYouTubePlaylistDownloader-220203/4.3.73.420/Samples/FreeStudioManager.exe","220509/FreeYouTubePlaylistDownloader-220203/4.3.73.420/Samples/FreeYouTubeDownload_4.3.73.420_o_f506180f-128e-4ad1-951d-51919a24a73d.exe","220509/FreeYouTubePlaylistDownloader-220203/4.3.73.420/Samples/FreeYTVDownloader.exe"],"imageFiles":["220509/FreeYouTubePlaylistDownloader-220203/4.3.73.420/Images/ACR-109/FreeStudioManager App.png","220509/FreeYouTubePlaylistDownloader-220203/4.3.73.420/Images/ACR-039/FreeStudioManager App.png","220509/FreeYouTubePlaylistDownloader-220203/4.3.73.420/Images/ACR-043/FreeStudioManager App.png","220509/FreeYouTubePlaylistDownloader-220203/4.3.73.420/Images/ACR-043/VidNotifier Startup.png","220509/FreeYouTubePlaylistDownloader-220203/4.3.73.420/Images/ACR-048/YTVPlaylist ControlPanel.png","220509/FreeYouTubePlaylistDownloader-220203/4.3.73.420/Images/ACR-017/YTVPlaylist UAC.png","220509/FreeYouTubePlaylistDownloader-220203/4.3.73.420/Images/ACR-164/YTDownloader_Offer (2).jpg","220509/FreeYouTubePlaylistDownloader-220203/4.3.73.420/Images/ACR-164/YTDownloader_Offer.jpg"],"nonDeceptorImageFiles":["220509/FreeYouTubePlaylistDownloader-220203/4.3.73.420/Images/ACR-044/YTVPlaylist Bundle.png","220509/FreeYouTubePlaylistDownloader-220203/4.3.73.420/Images/ACR-040/FreeStudioManager App.png","220509/FreeYouTubePlaylistDownloader-220203/4.3.73.420/Images/ACR-065/YTVPlaylist EULA.png","220509/FreeYouTubePlaylistDownloader-220203/4.3.73.420/Images/ACR-065/YTDownloader_EULA.jpg","220509/FreeYouTubePlaylistDownloader-220203/4.3.73.420/Images/ACR-065/YTDownloader_About.jpg","220509/FreeYouTubePlaylistDownloader-220203/4.3.73.420/Images/ACR-065/YTDownloader_LandingPage.jpeg","220509/FreeYouTubePlaylistDownloader-220203/4.3.73.420/Images/ACR-099/YTDownloader_About.jpg","220509/FreeYouTubePlaylistDownloader-220203/4.3.73.420/Images/ACR-099/YTDownloader_LandingPage.jpeg","220509/FreeYouTubePlaylistDownloader-220203/4.3.73.420/Images/ACR-099/YTDownloader_Offer (2).jpg","220509/FreeYouTubePlaylistDownloader-220203/4.3.73.420/Images/ACR-099/YTDownloader_Offer.jpg"],"guid":"fa72b098-591c-4bdb-9a8c-44fd15820b2d_4.3.73.420_1","appID":"FreeYouTubePlaylistDownloader-220203","dateAdded":"241008","deceptorType":"App","name":"Free  YouTube Playlist Downloader","company":"Digital Wave Ltd","version":"4.3.73.420","lastKnownStatus":"4.3.66.203;4.3.73.420;4.4.12.926","lastKnownDate":"241008","type":"Windows Executable","category":"Bundlers & Downloaders, SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10,Windows Server","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2024-10-08T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":3,"sortOrder":499},{"violations":{"ACR-109":"The app installs \"FreeStudioManager\" without disclosing it to the user and getting user consent.\n","ACR-043":"1. The app installs \"FreeStudioManager\" and \"FreeCodecPack\" without disclosing it to the user and getting user consent. 2. Third-party \"The Qt Company Ltd\" components are installed without any disclosure\n","ACR-048":"The app does not provide an option to cancel the installation. \n1. The non-disclosed app components is hidden from standard uninstall entry, limiting the user to remove/delete/uninstall it: \"DVDVideoSoft Free Studio\"\n2. The app does not provide any control to remove its background process within the app's settings.\n","ACR-017":"The application logo is way too similar to the windows logo, misleading representation for the app source.\n","ACR-084":"1. The non-disclosed app components is hidden from standard uninstall entry.\n2.  On quitting the app, “vidnotifier.exe” runs silently in the background, hiding the fact that it is active from the consumer. \n","ACR-116":"The non-disclosed app components is hidden from standard uninstall entry, thus preventing the platform's standard uninstall method.\n","ACR-118":"After uninstalling the app, it retains the \"FreeCodecPack\" folder in Program files without the user's consent.\n","ACR-039":"The app installs \"FreeStudioManager\" without disclosing it to the user and getting user consent.\n","ACR-165":"The app needs to provide details about how to cancel online when users receive notification for renewal and what's the price amount after the time-bound discount expires.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"FreeYouTubeDownload_4.4.12.926_u_6e9d0899-6490-4d8b-a663-b154cfe1f079.exe","isInstaller":"True","companyName":"Digital Wave Ltd                                            ","productName":"Free YouTube Download (sc)                                  ","productVersion":"4.4.12.926                                        ","fileVersion":"4.4.12.926          ","hashMD5":"29cc12862de25a4373714a055817177e","hashSHA1":"a56ef44cfe936cf72ae23bcdd990dd1b39aabdf2","hashSHA256":"479859159e4ef3f3bb56f9d5f81b260095821fd58603dc5f485427e186823b80","digitalCertThumbprint":"C644B30CB1377BB542DE7BA6D74E7625F8C3B18B","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Digital Wave Ltd","storeId":"","sourceIndex":"519","avBlockList":["Avast Premium Security (20241219)","AVG Internet Security (20241219)","Avira Internet Security (20241219)","Dr.Web Security Space (20241219)","FortectPremium (20241219)","K7 Total Security (20241219)","Malwarebytes Premium (20241219)","McAfee Total Protection (20241219)","Norton Security (20241219)","Panda Dome (20241219)","Quick Heal Internet Security (20241219)","Sophos Home Premium (20241219)","SpyHunter5 (20241219)","Total AV Antivirus Pro (20241219)","VirIT eXplorer PRO (20241219)","Webroot SecureAnywhere (20241219)"],"avAllowList":["360 Total Security (20241219)","Bitdefender Internet Security (20241219)","COMODO Antivirus (20241219)","ESET Internet Security (20241219)","G DATA INTERNET SECURITY (20241219)","KasperskyPremium (20241219)","Trend Micro Internet Security (20241219)","VIPRE Advanced Security (20241219)","Windows Defender (20241219)"]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on windows app","reference":"","landingPage":"https://www.dvdvideosoft.com/youtube-playlist-downloader","directDownloadingLink":"https://www.dvdvideosoft.com/download.htm?fname=FreeYouTubeDownload.exe&ls=guideWin&auid=true","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.dvdvideosoft.com/download.htm?fname=FreeYouTubeDownload.exe&ls=guideWin&auid=true","sourceIndex":"519"}],"sampleFiles":["241008/FreeYouTubePlaylistDownloader-220203/4.4.12.926/Samples/FreeYouTubeDownload_4.4.12.926_u_6e9d0899-6490-4d8b-a663-b154cfe1f079.exe"],"imageFiles":["241008/FreeYouTubePlaylistDownloader-220203/4.4.12.926/Images/ACR-109/ACR-109.PNG","241008/FreeYouTubePlaylistDownloader-220203/4.4.12.926/Images/ACR-039/ACR-039.PNG","241008/FreeYouTubePlaylistDownloader-220203/4.4.12.926/Images/ACR-043/ACR-043.PNG","241008/FreeYouTubePlaylistDownloader-220203/4.4.12.926/Images/ACR-043/ACR-043_1.PNG","241008/FreeYouTubePlaylistDownloader-220203/4.4.12.926/Images/ACR-043/ACR-043_2.PNG","241008/FreeYouTubePlaylistDownloader-220203/4.4.12.926/Images/ACR-048/ACR-048.PNG","241008/FreeYouTubePlaylistDownloader-220203/4.4.12.926/Images/ACR-048/ACR-048_1.PNG","241008/FreeYouTubePlaylistDownloader-220203/4.4.12.926/Images/ACR-048/ACR-048_2.PNG","241008/FreeYouTubePlaylistDownloader-220203/4.4.12.926/Images/ACR-017/ACR-017.PNG","241008/FreeYouTubePlaylistDownloader-220203/4.4.12.926/Images/ACR-084/ACR-084.PNG","241008/FreeYouTubePlaylistDownloader-220203/4.4.12.926/Images/ACR-084/ACR-084_1.PNG","241008/FreeYouTubePlaylistDownloader-220203/4.4.12.926/Images/ACR-116/ACR-116.PNG","241008/FreeYouTubePlaylistDownloader-220203/4.4.12.926/Images/ACR-118/ACR-118.PNG","241008/FreeYouTubePlaylistDownloader-220203/4.4.12.926/Images/ACR-165/ACR-165.PNG","241008/FreeYouTubePlaylistDownloader-220203/4.4.12.926/Images/ACR-165/ACR-165_1.PNG"],"nonDeceptorImageFiles":[],"guid":"fa72b098-591c-4bdb-9a8c-44fd15820b2d_4.4.12.926_1","appID":"FreeYouTubePlaylistDownloader-220203","dateAdded":"241008","deceptorType":"App","name":"Free  YouTube Playlist Downloader","company":"Digital Wave Ltd","version":"4.4.12.926","lastKnownStatus":"4.3.66.203;4.3.73.420;4.4.12.926","lastKnownDate":"241008","type":"Windows Executable","category":"Bundlers & Downloaders, SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10,Windows Server","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2024-10-08T18:02:48.9533726+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":3,"sortOrder":498},{"violations":{"ACR-003":"1. The app mentions System health as Critical or Bad, thus making the consumer believe they have an issue, a problem with, or something missing from their system.\n2. The app lists \" 0 out of 18713 \" items are protected under \"Spyware Defender\" and displays a \"Bad\" status for all the issues under the \"Browser Tuning\" category, which is unsubstantiated & misleading.\n","ACR-004":"1. The app lists \" 0 out of 18713 \" items are protected under \"Spyware Defender\", which is unsubstantiated & misleading and requires a premium version to apply for protection.\n2. The app shows alarming color patterns and displays status as \"Bad\", implies the issues that mislead the user to take action, and does not provide a free fix for the identified issues for \"Browser Tuning\", \"Registry cleaner\" and \"Spyware Defender\" category.\n","ACR-007":"The app does not display any warning message when the Windows security component \"Security Health\" is disabled which will reduce the default system security in the Startup manager within the app.\n","ACR-014":"The app exaggeratedly claims system health conditions as \"Critical\", \"Your PC is in Terrible condition\" and \"You are not Protected\" (although Windows Defender firewall is kept enabled), which misleads users to take action to purchase the app.\n"},"nonDeceptorViolations":{"ACR-099":"The app does not contain links to uninstall information in the software.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\Synei\\SystemUtilities\\SystemUtilities.exe","companyName":"Synei","productName":"Synei System Utilities","productVersion":"4.0.0.0","fileVersion":"4.0.0.0","hashMD5":"e91296cb7c3d198640ebfb63080fd9db","hashSHA1":"2dc08cc4d4379c62934c1a69e38692a691d90e9e","hashSHA256":"007dab4f0c1db658a1f061ff52aa1c1e05838b4f8833f0e23dc2f5fec87fb99b","digitalCertThumbprint":"9FEAD635008275136CF135BD8D9D6BE24664A5E8","digitalCertIssuer":"COMODO RSA Code Signing CA","digitalCertIssuedTo":"Synei","storeId":"","sourceIndex":"1636","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"systemutilities.exe","isInstaller":"True","companyName":"Synei                                                       ","productName":"Synei System Utilities                                      ","productVersion":"4.00                                              ","fileVersion":"Speed up slow comput","hashMD5":"ed31566dff3983f2ed19315c46273d36","hashSHA1":"473cd3ef1ca9d60d84ae10c09716c11b47386776","hashSHA256":"92c39f9dd428428b5925a0e8d8db07a0c897ca95cd21c08b6d88ee28e4a886fd","digitalCertThumbprint":"9FEAD635008275136CF135BD8D9D6BE24664A5E8","digitalCertIssuer":"COMODO RSA Code Signing CA","digitalCertIssuedTo":"Synei","storeId":"","sourceIndex":"1636","avBlockList":["Avast Premium Security (20220505)","AVG Internet Security (20220505)","Avira Internet Security (20220505)","ESET Internet Security (20220505)","K7 Total Security (20220505)","Kaspersky Internet Security (20220505)","McAfee Total Protection (20220505)","Norton Security (20220505)","Panda Dome (20220505)","Sophos Home Premium (20220505)","SpyHunter5 (20220505)","Total AV Antivirus Pro (20220505)","VirIT eXplorer PRO (20220505)","Webroot SecureAnywhere (20220505)","Windows Defender (20220505)"],"avAllowList":["360 Total Security (20220505)","Bitdefender Internet Security (20220505)","COMODO Antivirus (20220505)","Dr.Web Security Space (20220505)","G DATA INTERNET SECURITY (20220505)","Malwarebytes Premium (20220505)","Quick Heal Internet Security (20220505)","Tencent PC Manager (20220505)","Trend Micro Internet Security (20220505)","VIPRE Advanced Security (20220505)"]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on utility apps","reference":"","landingPage":"https://synei-system-utilities.software.informer.com/","directDownloadingLink":"https://synei-system-utilities.software.informer.com/download/?ca180602","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://synei-system-utilities.software.informer.com/download/?ca180602","sourceIndex":"1636"}],"sampleFiles":["220427/syneisystemutilities-220427/4.0.0.0/Samples/systemutilities.exe"],"imageFiles":["220427/syneisystemutilities-220427/4.0.0.0/Images/ACR-004/ACR-004_Software_No_Fix.JPG","220427/syneisystemutilities-220427/4.0.0.0/Images/ACR-004/ACR-004_Software_No_Fix_1.JPG","220427/syneisystemutilities-220427/4.0.0.0/Images/ACR-004/ACR-004_Software_No_Fix_2.JPG","220427/syneisystemutilities-220427/4.0.0.0/Images/ACR-003/ACR-003_Software_1.JPG","220427/syneisystemutilities-220427/4.0.0.0/Images/ACR-003/ACR-003_Software_2.JPG","220427/syneisystemutilities-220427/4.0.0.0/Images/ACR-003/ACR-003_Software_No_Fix.JPG","220427/syneisystemutilities-220427/4.0.0.0/Images/ACR-003/ACR-003_Software_No_Fix_1.JPG","220427/syneisystemutilities-220427/4.0.0.0/Images/ACR-007/ACR-007_Install_1.JPG","220427/syneisystemutilities-220427/4.0.0.0/Images/ACR-007/ACR-007_Install_2.JPG","220427/syneisystemutilities-220427/4.0.0.0/Images/ACR-014/ACR-014_Software_1.JPG","220427/syneisystemutilities-220427/4.0.0.0/Images/ACR-014/ACR-014_Softwrae_2.JPG","220427/syneisystemutilities-220427/4.0.0.0/Images/ACR-014/ACR-014_Software_3.JPG"],"nonDeceptorImageFiles":["220427/syneisystemutilities-220427/4.0.0.0/Images/ACR-099/ACR-099_Software.JPG"],"guid":"726a390c-b4c6-41c5-a03c-e7ac23d056f9_4.0.0.0_1","appID":"syneisystemutilities-220427","dateAdded":"241008","deceptorType":"App","name":"Synei System Utilities","company":"Synei","version":"4.0.0.0","lastKnownStatus":"4.0.0.0;2.10","lastKnownDate":"241008","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2024-10-08T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":497},{"violations":{"ACR-003":"1. The app mentions System health as Critical or Bad, thus making the consumer believe they have an issue, a problem with, or something missing from their system.\n2. The app lists \" 0 out of 18281 \" items are protected under \"Spyware Defender\" and displays a \"Bad\" status for all the issues under the \"Browser Tuning\" category, which is unsubstantiated & misleading.\n","ACR-004":"1. The app lists \" 0 out of 18281 \" items are protected under \"Spyware Defender\", which is unsubstantiated & misleading and requires a premium version to apply for protection.\n2. The app shows alarming color patterns and displays the status as \"Bad\", implying the issues that mislead the user to take action and do not provide a free fix for the identified issues for the \"Browser Tuning\" and \"Spyware Defender\" categories.\n","ACR-007":"The app does not display any warning message when the Windows security component \"Security Health\" is disabled which will reduce the default system security in the Startup manager within the app.\n","ACR-014":"The app exaggeratedly claims system health conditions as \"Critical\", \"Your PC is in Bad condition\" and \"You are not Protected\" (although Windows Defender firewall is kept enabled), which misleads users to take action to purchase the app.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\Synei\\SystemUtilities\\SystemUtilities.exe","companyName":"Synei","productName":"Synei System Utilities","productVersion":"2.1.0.0","fileVersion":"2.1.0.0","hashMD5":"dc793b5598d42b06da62f6257e506bec","hashSHA1":"8ed4cc8dd3c89db71f7c16c42b824c525ab53e01","hashSHA256":"836b051518f4cece3e5d10f3bfe9e76c191e1feccac1ff3a37fefa5d4b7b5cab","digitalCertThumbprint":"F443006785E81B7AD7D7000AC89A43E408400769","digitalCertIssuer":"COMODO Code Signing CA 2","digitalCertIssuedTo":"Synei","storeId":"","sourceIndex":"518","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"systemutilities.exe","isInstaller":"True","companyName":"Synei                                                       ","productName":"Synei System Utilities                                      ","productVersion":"2.10                                              ","fileVersion":"Speed up slow comput","hashMD5":"5270bf7352c8d3a8f9b257d9f40ece3b","hashSHA1":"94242fee76d343e5496d5ab151ae029488eec3f7","hashSHA256":"041e03df1ee207a5a976f10b77638bb6d55f6086a7d25af40bd8defcb61852a9","digitalCertThumbprint":"F443006785E81B7AD7D7000AC89A43E408400769","digitalCertIssuer":"COMODO Code Signing CA 2","digitalCertIssuedTo":"Synei","storeId":"","sourceIndex":"518","avBlockList":["Avast Premium Security (20241219)","AVG Internet Security (20241219)","Avira Internet Security (20241219)","ESET Internet Security (20241219)","FortectPremium (20241219)","Malwarebytes Premium (20241219)","Norton Security (20241219)","Quick Heal Internet Security (20241219)","Sophos Home Premium (20241219)","SpyHunter5 (20241219)","Total AV Antivirus Pro (20241219)","VirIT eXplorer PRO (20241219)","Webroot SecureAnywhere (20241219)"],"avAllowList":["360 Total Security (20241219)","Bitdefender Internet Security (20241219)","COMODO Antivirus (20241219)","Dr.Web Security Space (20241219)","G DATA INTERNET SECURITY (20241219)","K7 Total Security (20241219)","KasperskyPremium (20241219)","McAfee Total Protection (20241219)","Panda Dome (20241219)","Trend Micro Internet Security (20241219)","VIPRE Advanced Security (20241219)","Windows Defender (20241219)"]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on windows app","reference":"","landingPage":"https://synei-system-utilities.software.informer.com/","directDownloadingLink":"https://synei-system-utilities.software.informer.com/download/?cac5d17","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://synei-system-utilities.software.informer.com/download/?cac5d17","sourceIndex":"518"}],"sampleFiles":["241008/syneisystemutilities-220427/2.10/Samples/systemutilities.exe"],"imageFiles":["241008/syneisystemutilities-220427/2.10/Images/ACR-004/ACR-004.PNG","241008/syneisystemutilities-220427/2.10/Images/ACR-004/ACR-004_1.PNG","241008/syneisystemutilities-220427/2.10/Images/ACR-004/ACR-004_2.PNG","241008/syneisystemutilities-220427/2.10/Images/ACR-003/ACR-003.PNG","241008/syneisystemutilities-220427/2.10/Images/ACR-003/ACR-003_1.PNG","241008/syneisystemutilities-220427/2.10/Images/ACR-003/ACR-003_2.PNG","241008/syneisystemutilities-220427/2.10/Images/ACR-003/ACR-003_3.PNG","241008/syneisystemutilities-220427/2.10/Images/ACR-007/ACR-007.PNG","241008/syneisystemutilities-220427/2.10/Images/ACR-007/ACR-007_1.PNG","241008/syneisystemutilities-220427/2.10/Images/ACR-014/ACR-014.PNG","241008/syneisystemutilities-220427/2.10/Images/ACR-014/ACR-014_1.PNG","241008/syneisystemutilities-220427/2.10/Images/ACR-014/ACR-014_2.PNG"],"nonDeceptorImageFiles":[],"guid":"726a390c-b4c6-41c5-a03c-e7ac23d056f9_2.10_1","appID":"syneisystemutilities-220427","dateAdded":"241008","deceptorType":"App","name":"Synei System Utilities","company":"Synei","version":"2.10","lastKnownStatus":"4.0.0.0;2.10","lastKnownDate":"241008","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2024-10-08T18:10:32.9808822+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":496},{"violations":{"ACR-109":"The app installs \"FreeStudioManager\" without disclosing it to the user and getting user consent. \n","ACR-043":"The app installs \"FreeStudioManager\" without disclosing it to the user and getting user consent. It also runs the \"vidnotifier.exe\" process and creates a startup.\n","ACR-048":"The non disclosed app components is hidden from standard uninstall entry, limits user to remove/delete/uninstall it: \"DVDVideoSoft Free Studio\"\n","ACR-017":"The application logo is way too similar to the windows logo, misleading representation for the app source.\n","ACR-039":"The app installs \"FreeStudioManager\" without disclosing it to the user and getting user consent. \n","ACR-164":"The app needs to provide details about how to cancel online when users receive notification for renewal and what's the price amount after the time-bound discount expires.\n"},"nonDeceptorViolations":{"ACR-044":"The app does not disclose to users of the other application to download and install.\n","ACR-040":"The app did not disclose components \"FreeStudioManager\" are installed in the non-common folder.\n","ACR-065":"The install wizard does not display links to the Returns and Cancellation Policy.\nThe app does not display links to the Returns and Cancellation Policy, Privacy Policy. \nThe landing page does not display links to the Returns and Cancellation Policy.\n","ACR-099":"The app's  About page does not contain links to uninstall information.\nThe app's landing page does not contain links to uninstall information.\nThe internal offers page does not contain links to uninstall information. \n"},"samples":[{"isRevoked":"False","fileName":"FreeStudioManager.exe","companyName":"Digital Wave Ltd","productName":"Free Studio Manager","productVersion":"6.7.5.203","fileVersion":"6.7.5.203","hashMD5":"b45e24d56ff5f218462b700fb5113934","hashSHA1":"b2a24bb16c7099208387d32615aa5f2d9b967e32","hashSHA256":"65ca6878dd766756d958dd8f03ff3acf764b571c4e3d3549e262e381cdc301d8","digitalCertThumbprint":"C934990D27B9D3CE6D5914E7494A993FA4F860E2","digitalCertIssuer":"CN=DigiCert EV Code Signing CA (SHA2), OU=www.digicert.com, O=DigiCert Inc, C=US","digitalCertIssuedTo":"CN=Digital Wave Ltd, O=Digital Wave Ltd, L=London, C=GB, SERIALNUMBER=06823196, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=GB","sourceIndex":"1719","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"FreeYouTubeDownload_4.3.66.203_o_f232b1c9-1665-4012-aec3-ec8727656dba.exe","isInstaller":"True","companyName":"Digital Wave Ltd                                            ","productName":"Free YouTube Download","productVersion":"4.3.66.203","fileVersion":"4.3.66.203","hashMD5":"1d7aa2e77857f28e793a3089534d59a9","hashSHA1":"a5c2ba4028562eeb090bc6117ad967743cb7ca42","hashSHA256":"792c8b1aff88b0374ca19d9abb4213d18107e32b1743632901ba0b2a6ba9010d","digitalCertThumbprint":"C934990D27B9D3CE6D5914E7494A993FA4F860E2","digitalCertIssuer":"CN=DigiCert EV Code Signing CA (SHA2), OU=www.digicert.com, O=DigiCert Inc, C=US","digitalCertIssuedTo":"CN=Digital Wave Ltd, O=Digital Wave Ltd, L=London, C=GB, SERIALNUMBER=06823196, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=GB","sourceIndex":"1719","avBlockList":["Avast Premium Security (20220215)","AVG Internet Security (20220215)","Avira Internet Security (20220215)","Dr.Web Security Space (20220215)","K7 Total Security (20220215)","McAfee Total Protection (20220215)","Norton Security (20220215)","Panda Dome (20220215)","Quick Heal Internet Security (20220215)","Sophos Home Premium (20220215)","SpyHunter5 (20220215)","Total AV Antivirus Pro (20220215)","VirIT eXplorer PRO (20220215)","Webroot SecureAnywhere (20220215)","Windows Defender (20220215)"],"avAllowList":["360 Total Security (20220215)","Bitdefender Internet Security (20220215)","COMODO Antivirus (20220215)","ESET Internet Security (20220215)","G DATA INTERNET SECURITY (20220215)","Kaspersky Internet Security (20220215)","Malwarebytes Premium (20220215)","Tencent PC Manager (20220215)","Trend Micro Internet Security (20220215)","VIPRE Advanced Security (20220215)"]},{"isRevoked":"False","fileName":"FreeYTVDownloader.exe","companyName":"Digital Wave Ltd","productName":"Free YouTube Download","productVersion":"4.3.66.203","fileVersion":"4.3.66.203","hashMD5":"975611536e7d347025087c3c880eecd7","hashSHA1":"8ff74fe40b4262402609e5a30389992dbf5dee89","hashSHA256":"4652f49fa0dbb3b2dd962d15de440e816e8bbe9655781a588b3a1df67fc1c62c","digitalCertThumbprint":"C934990D27B9D3CE6D5914E7494A993FA4F860E2","digitalCertIssuer":"CN=DigiCert EV Code Signing CA (SHA2), OU=www.digicert.com, O=DigiCert Inc, C=US","digitalCertIssuedTo":"CN=Digital Wave Ltd, O=Digital Wave Ltd, L=London, C=GB, SERIALNUMBER=06823196, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=GB","sourceIndex":"1719","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"vidnotifier.exe","companyName":"Digital Wave Ltd","productName":"Video Notifier","productVersion":"1.1.29.203","fileVersion":"1.1.29.203","hashMD5":"0e49ba48f5d9b7b34ee09eaf121e161b","hashSHA1":"f632968a4123d76c2495ebcad53015a584a44a83","hashSHA256":"036992d357e9cbcd9638028bc0f706d542ba23bfd7de3820073e8fd6e6e9f146","digitalCertThumbprint":"C934990D27B9D3CE6D5914E7494A993FA4F860E2","digitalCertIssuer":"CN=DigiCert EV Code Signing CA (SHA2), OU=www.digicert.com, O=DigiCert Inc, C=US","digitalCertIssuedTo":"CN=Digital Wave Ltd, O=Digital Wave Ltd, L=London, C=GB, SERIALNUMBER=06823196, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=GB","sourceIndex":"1719","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"dvdvideosoft website","reference":"","landingPage":"https://www.dvdvideosoft.com/youtube-playlist-downloader","directDownloadingLink":"https://www.dvdvideosoft.com/download.htm?fname=FreeYouTubeDownload.exe&ls=guideWin&auid=true","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.dvdvideosoft.com/download.htm?fname=FreeYouTubeDownload.exe&ls=guideWin&auid=true","sourceIndex":"1719"}],"sampleFiles":["220207/FreeYouTubePlaylistDownloader-220203/4.3.66.203/Samples/FreeStudioManager.exe","220207/FreeYouTubePlaylistDownloader-220203/4.3.66.203/Samples/FreeYouTubeDownload_4.3.66.203_o_f232b1c9-1665-4012-aec3-ec8727656dba.exe","220207/FreeYouTubePlaylistDownloader-220203/4.3.66.203/Samples/FreeYTVDownloader.exe","220207/FreeYouTubePlaylistDownloader-220203/4.3.66.203/Samples/vidnotifier.exe"],"imageFiles":["220207/FreeYouTubePlaylistDownloader-220203/4.3.66.203/Images/ACR-109/FreeStudioManager App.png","220207/FreeYouTubePlaylistDownloader-220203/4.3.66.203/Images/ACR-039/FreeStudioManager App.png","220207/FreeYouTubePlaylistDownloader-220203/4.3.66.203/Images/ACR-043/FreeStudioManager App.png","220207/FreeYouTubePlaylistDownloader-220203/4.3.66.203/Images/ACR-043/VidNotifier Startup.png","220207/FreeYouTubePlaylistDownloader-220203/4.3.66.203/Images/ACR-048/YTVPlaylist ControlPanel.png","220207/FreeYouTubePlaylistDownloader-220203/4.3.66.203/Images/ACR-017/YTVPlaylist UAC.png","220207/FreeYouTubePlaylistDownloader-220203/4.3.66.203/Images/ACR-164/YTVPlaylist Offer Page.png"],"nonDeceptorImageFiles":["220207/FreeYouTubePlaylistDownloader-220203/4.3.66.203/Images/ACR-044/YTVPlaylist Bundle.png","220207/FreeYouTubePlaylistDownloader-220203/4.3.66.203/Images/ACR-040/FreeStudioManager App.png","220207/FreeYouTubePlaylistDownloader-220203/4.3.66.203/Images/ACR-065/YTVPlaylist EULA.png","220207/FreeYouTubePlaylistDownloader-220203/4.3.66.203/Images/ACR-065/YTVPlaylist About.png","220207/FreeYouTubePlaylistDownloader-220203/4.3.66.203/Images/ACR-065/YTVPlaylistDownloader Landing Page.png","220207/FreeYouTubePlaylistDownloader-220203/4.3.66.203/Images/ACR-099/YTVPlaylist About.png","220207/FreeYouTubePlaylistDownloader-220203/4.3.66.203/Images/ACR-099/YTVPlaylistDownloader Landing Page.png","220207/FreeYouTubePlaylistDownloader-220203/4.3.66.203/Images/ACR-099/YTVPlaylist Offer Page.png"],"guid":"fa72b098-591c-4bdb-9a8c-44fd15820b2d_4.3.66.203_1","appID":"FreeYouTubePlaylistDownloader-220203","dateAdded":"241008","deceptorType":"App","name":"Free  YouTube Playlist Downloader","company":"Digital Wave Ltd","version":"4.3.66.203","lastKnownStatus":"4.3.66.203;4.3.73.420;4.4.12.926","lastKnownDate":"241008","type":"Windows Executable","category":"Bundlers & Downloaders, SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10,Windows Server","targetBrowser":"None","ageAppropriate":"12+ appropriate","lastUpdate":"2024-10-08T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":3,"sortOrder":500},{"violations":{"ACR-109":"The app downloads \"spt_setup.exe\", a RelevantKnowledge file without the consumer's consent.  \n","ACR-048":"Unable to close the update prompt.\n The \"Decline\" button does not have any control but still drops a RelevantKnowledge file “spt_setup.exe”. \n","ACR-004":" The app prompts untruthful message that upgrade is needed whenever user launches the app. The \"Update\" downloads nothing new, sometimes it leads to download the component(s) that user declined during install procedure, for example, it connected to dpd.securestudies.com and attempted to download user internet behavior program from Relevant Knowledge. \n","ACR-010":"The app distributes deceptor application. The offer in this app, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control.\n","ACR-083":"The App attempts to present the offer repeatedly via its update and startup. \n","ACR-118":"Upon uninstallation, it retains some executables and many of its other components along with a \"curl-ca-bundle.crt\" on the device without user's knowledge. \n","ACR-057":"The app bundles the \"Relevant Knowledge\" offer which does not allow the consumer to decline the offer.\n","ACR-071":"It attempts to force the acceptance of \"Relevant Knowledge\" by graying out the Next button when the user choose to Decline. Thus, forcing the user to only accept the offer and proceed with the installation.\n","ACR-059":" The Offer is not clearly marked as an offer. It is unclear who is recommending the offer. \n","ACR-155":"Offers are designed to look like part of the install workflow.\n"},"nonDeceptorViolations":{"ACR-045":"\"Free Gold Pack\" highlights \"Free\" misleads user. The functionality requires consumer payment as donation in order to be activated. Otherwise app should remove \"free\" word. \n","ACR-002":" The App's version is inconsistent between App interaction and its install (version 8.8.2.4 vs version 8.8.0)\n The App's version is inconsistent between App interaction and its install (version 8.8.2.4 vs version 8.8.0)\n","ACR-106":" App offers deceptive application 'Relevant Knowledge market survey'. \n","ACR-092":" The main executable is not digitally signed.\n"},"samples":[{"isRevoked":"False","fileName":"Free Audio Convert Wizard Update.exe","fileVersion":"2.1.1.2","hashMD5":"a243e6bf83ed4a25519567eb6bb552d7","hashSHA1":"aa1b4d758ba8dbc5f31324d4ac897a2f12078c1d","hashSHA256":"38b492f6bf957bfe6f4cfce9743bff66f32c0a0befa65a6e4b4da70bb5b51ccc","sourceIndex":"523","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"FreeAudioConvertWizard.exe","fileVersion":"0.0","hashMD5":"8e1fce3fd3f9e33e4608628f90039002","hashSHA1":"8db90ba8daa5839d4afa7902ccd5aab495f0a93f","hashSHA256":"0d6afa1b5e28953301c26e36227769014bb5b897c8c269da5d9806b009ca8025","sourceIndex":"523","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"FreeAudioConvertWizard-setup.exe","isInstaller":"True","companyName":"FreeAudioVideoSoftTech, Inc.                                ","productName":"Free Audio Convert Wizard         ","fileVersion":"0.0","hashMD5":"2eac4fd7cc5742c2e2b5ee955a730737","hashSHA1":"332d03f44d33c67a460940f9fbbc1989a1cb3271","hashSHA256":"da0ef5962e789ba33124932b235a274b804bf8c9dade1c4615397184264894c5","digitalCertThumbprint":"347240ECC751AB91D4BA3282DC67ACC9A36D1128","digitalCertIssuer":"CN=COMODO RSA Extended Validation Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", O=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", STREET=\"Chaoyang North Road 199, MOMA Building 1901, Chaoyang District\", L=Beijing, PostalCode=100026, C=CN, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=CN, SERIALNUMBER=911101056717485703","sourceIndex":"523","avBlockList":["360 Total Security (20241226)","Avast Premium Security (20241226)","AVG Internet Security (20241226)","Avira Internet Security (20241226)","Bitdefender Internet Security (20241226)","COMODO Antivirus (20241226)","Dr.Web Security Space (20241226)","ESET Internet Security (20241226)","G DATA INTERNET SECURITY (20241226)","Kaspersky Internet Security (20220531)","Malwarebytes Premium (20241226)","McAfee Total Protection (20241226)","Norton Security (20241226)","Panda Dome (20241226)","Quick Heal Internet Security (20241226)","Sophos Home Premium (20241226)","SpyHunter5 (20241226)","Total AV Antivirus Pro (20241226)","VIPRE Advanced Security (20241226)","VirIT eXplorer PRO (20241226)","Webroot SecureAnywhere (20241226)","Windows Defender (20241226)","FortectPremium (20241226)","KasperskyPremium (20241226)"],"avAllowList":["K7 Total Security (20241226)","Tencent PC Manager (20220531)","Trend Micro Internet Security (20241226)"]},{"isRevoked":"False","fileName":"FreeAudioConvertWizard_241007.exe","isInstaller":"True","companyName":"FreeAudioVideoSoftTech, Inc.                                ","fileVersion":"0.0","hashMD5":"9ed26e66d41dc758a1be12bf9f959bf0","hashSHA1":"77ef2b1360f9657f9cbf39bd7013c8a4481f62bd","hashSHA256":"7880d606879b4a3c667b12457ae0694948838c587eec56704ef6acdfbfa76849","sourceIndex":"523","avBlockList":["360 Total Security (20241231)","Avast Premium Security (20241231)","AVG Internet Security (20241231)","Avira Internet Security (20241231)","Bitdefender Internet Security (20241231)","COMODO Antivirus (20241231)","Dr.Web Security Space (20241231)","ESET Internet Security (20241231)","FortectPremium (20241231)","G DATA INTERNET SECURITY (20241231)","K7 Total Security (20241231)","KasperskyPremium (20241231)","Malwarebytes Premium (20241231)","McAfee Total Protection (20241231)","Norton Security (20241231)","Panda Dome (20241231)","Quick Heal Internet Security (20241231)","Sophos Home Premium (20241231)","SpyHunter5 (20241231)","Total AV Antivirus Pro (20241231)","Trend Micro Internet Security (20241231)","VIPRE Advanced Security (20241231)","VirIT eXplorer PRO (20241231)","Webroot SecureAnywhere (20241231)","Windows Defender (20241231)"],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.search: Free tools","reference":"","landingPage":"https://www.freeaudiovideosoft.com/audio-software-for-windows/free-audio-converter/","directDownloadingLink":"http://www.freeaudiovideosoft.com/files/FreeAudioConvertWizard.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://www.freeaudiovideosoft.com/files/FreeAudioConvertWizard.exe","sourceIndex":"523"}],"sampleFiles":["241007/FreeAudioConvertWizard-220520/8.8.0/Samples/FreeAudioConvertWizard.exe","241007/FreeAudioConvertWizard-220520/8.8.0/Samples/FreeAudioConvertWizard-setup.exe","241007/FreeAudioConvertWizard-220520/8.8.0/Samples/FreeAudioConvertWizard_241007.exe"],"imageFiles":["241007/FreeAudioConvertWizard-220520/8.8.0/Images/ACR-109/FreeAudioCV_RelevantKnowledge-b.jpg","241007/FreeAudioConvertWizard-220520/8.8.0/Images/ACR-048/ACR004_048_084-Update.jpg","241007/FreeAudioConvertWizard-220520/8.8.0/Images/ACR-048/FreeAudioCV_RelevantKnowledge-b.jpg","241007/FreeAudioConvertWizard-220520/8.8.0/Images/ACR-010/FreeAudioCV_RelevantKnowledge-a.jpg","241007/FreeAudioConvertWizard-220520/8.8.0/Images/ACR-004/ACR004_048_084-Update.jpg","241007/FreeAudioConvertWizard-220520/8.8.0/Images/ACR-004/ACR004_Update.jpg","241007/FreeAudioConvertWizard-220520/8.8.0/Images/ACR-083/ACR083-Update.jpg","241007/FreeAudioConvertWizard-220520/8.8.0/Images/ACR-118/FreeAudioCV_UNinstall.jpg","241007/FreeAudioConvertWizard-220520/8.8.0/Images/ACR-057/FreeAudioCV_RelevantKnowledge-a.jpg","241007/FreeAudioConvertWizard-220520/8.8.0/Images/ACR-059/FreeAudioCV_RelevantKnowledge-a.jpg","241007/FreeAudioConvertWizard-220520/8.8.0/Images/ACR-071/FreeAudioCV_RelevantKnowledge-a.jpg","241007/FreeAudioConvertWizard-220520/8.8.0/Images/ACR-155/FreeAudioCV_RelevantKnowledge-a.jpg"],"nonDeceptorImageFiles":["241007/FreeAudioConvertWizard-220520/8.8.0/Images/ACR-002/FreeAudioCV_About.jpg","241007/FreeAudioConvertWizard-220520/8.8.0/Images/ACR-002/FreeAudioCV_InconsistentVersion.jpg","241007/FreeAudioConvertWizard-220520/8.8.0/Images/ACR-106/FreeAudioCV_RelevantKnowledge-a.jpg","241007/FreeAudioConvertWizard-220520/8.8.0/Images/ACR-092/ACR092_NoDigiSig_main.jpg","241007/FreeAudioConvertWizard-220520/8.8.0/Images/ACR-092/ACR-092_Setup.jpg","241007/FreeAudioConvertWizard-220520/8.8.0/Images/ACR-002/FreeAudioCV_About.jpg","241007/FreeAudioConvertWizard-220520/8.8.0/Images/ACR-002/FreeAudioCV_InconsistentVersion.jpg","241007/FreeAudioConvertWizard-220520/8.8.0/Images/ACR-045/FreeAudioCV_InlineOffer.jpg","241007/FreeAudioConvertWizard-220520/8.8.0/Images/ACR-045/FreeAudioCV_InlineOffer1.jpg"],"guid":"0a223348-fd33-4878-9260-7d87d1746973_8.8.0_1","appID":"FreeAudioConvertWizard-220520","dateAdded":"241007","deceptorType":"App","name":"Free Audio Convert Wizard","company":"FreeAudioVideoSoftTech, Inc.","version":"8.8.0","lastKnownStatus":"8.8.0","lastKnownDate":"241007","type":"Windows Executable","category":"Media editors, SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"cross-sell other apps,in-app purchases,sold in bundle,none","lastUpdate":"2024-10-07T20:40:03.1266812+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":506},{"violations":{"ACR-109":"The app downloads \"spt_setup.exe\", a RelevantKnowledge file without the consumer's consent. \n","ACR-048":"The \"Decline\" button does not have any control but still drops a RelevantKnowledge file “spt_setup.exe”.\nUnable to close the update prompt. \n","ACR-004":"The app prompts an untruthful message that update is needed whenever the user launches the app. The \"Update\" does nothing upon clicking.\n","ACR-010":"The app distributes deceptor application. The offer in this app, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control.\n","ACR-083":"The App attempts to present the offer repeatedly via its update and startup.\n","ACR-118":"Upon uninstallation, it retains some executables and many of its other components along with a \"curl-ca-bundle.crt\" on the device without user's knowledge.\n","ACR-057":"The app bundles the \"Relevant Knowledge\" offer which does not allow the consumer to decline the offer.\n","ACR-071":"It attempts to force the acceptance of \"Relevant Knowledge\" by graying out the Next button when the user choose to Decline. Thus, forcing the user to only accept the offer and proceed with the installation.\n","ACR-059":"The Offer is not clearly marked as an offer. It is unclear who is recommending the offer.\n","ACR-155":" Offers are designed to look like part of the install workflow.\n"},"nonDeceptorViolations":{"ACR-045":"\"Free Gold Pack\" highlights \"Free\" misleads user. The functionality requires consumer payment as donation in order to be activated. Otherwise app should remove \"free\" word.\n","ACR-002":"The App's version is inconsistent between App interaction and its install (version 8.8.2.4 vs version 8.8.0)\nThe App's version is inconsistent between App interaction and its install (version 8.8.2.4 vs version 8.8.0)\n","ACR-106":"App offers deceptive application 'Relevant Knowledge market survey'.\n","ACR-092":" The main executable is not digitally signed. \n"},"samples":[{"isRevoked":"False","fileName":"FreeOnlineVideoDownloader.exe","fileVersion":"1.0","hashMD5":"7b4c1dd8d9455d190f00dbced769b5e3","hashSHA1":"cccd71b8c71698c2f1714960e38a93ed3a74b31f","hashSHA256":"12314fc5cc4c5c538280acb39bb28d182751a2c87b6a8f77f1f637306714f13a","sourceIndex":"525","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"FreeOnlineVideoDownloader-setup.exe","isInstaller":"True","companyName":"FreeAudioVideoSoftTech, Inc.                                ","productName":"Free Online Video Downloader      ","fileVersion":"0.0","hashMD5":"6e66fd0eb702b256ad81a9bb9e415081","hashSHA1":"6f4856db99cee11f2b9453c358a5e957dd792629","hashSHA256":"dd959706f17bacf9b00ab9dcc250464868fb02bfbc92a5f0c6e00f7b0e98fc5b","digitalCertThumbprint":"347240ECC751AB91D4BA3282DC67ACC9A36D1128","digitalCertIssuer":"CN=COMODO RSA Extended Validation Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", O=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", STREET=\"Chaoyang North Road 199, MOMA Building 1901, Chaoyang District\", L=Beijing, PostalCode=100026, C=CN, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=CN, SERIALNUMBER=911101056717485703","sourceIndex":"525","avBlockList":["360 Total Security (20241224)","Avast Premium Security (20241224)","AVG Internet Security (20241224)","Avira Internet Security (20241224)","Bitdefender Internet Security (20241224)","COMODO Antivirus (20241224)","Dr.Web Security Space (20241224)","ESET Internet Security (20241224)","G DATA INTERNET SECURITY (20241224)","K7 Total Security (20241224)","Kaspersky Internet Security (20220526)","Malwarebytes Premium (20241224)","McAfee Total Protection (20241224)","Norton Security (20241224)","Panda Dome (20241224)","Quick Heal Internet Security (20241224)","Sophos Home Premium (20241224)","SpyHunter5 (20241224)","Total AV Antivirus Pro (20241224)","Trend Micro Internet Security (20241224)","VIPRE Advanced Security (20241224)","VirIT eXplorer PRO (20241224)","Webroot SecureAnywhere (20241224)","Windows Defender (20241224)","FortectPremium (20241224)","KasperskyPremium (20241224)"],"avAllowList":["Tencent PC Manager (20220526)"]},{"isRevoked":"False","fileName":"FreeOnlineVideoDownloader_241007.exe","isInstaller":"True","companyName":"FreeAudioVideoSoftTech, Inc.                                ","fileVersion":"0.0","hashMD5":"4542390e310df24a96c8d16148f38ae6","hashSHA1":"7c5256cc640160247d667a1afe0e3aa382e308a8","hashSHA256":"398fd9ff30603106546f3629d51a724358d1d44fe8414f6e3a08ad6746cb934c","sourceIndex":"525","avBlockList":["360 Total Security (20241231)","Avast Premium Security (20241231)","AVG Internet Security (20241231)","Avira Internet Security (20241231)","Bitdefender Internet Security (20241231)","COMODO Antivirus (20241231)","Dr.Web Security Space (20241231)","ESET Internet Security (20241231)","FortectPremium (20241231)","G DATA INTERNET SECURITY (20241231)","K7 Total Security (20241231)","KasperskyPremium (20241231)","Malwarebytes Premium (20241231)","McAfee Total Protection (20241231)","Norton Security (20241231)","Sophos Home Premium (20241231)","SpyHunter5 (20241231)","Total AV Antivirus Pro (20241231)","Trend Micro Internet Security (20241231)","VIPRE Advanced Security (20241231)","VirIT eXplorer PRO (20241231)","Webroot SecureAnywhere (20241231)","Windows Defender (20241231)"],"avAllowList":["Panda Dome (20241231)","Quick Heal Internet Security (20241231)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.search","reference":"","landingPage":"https://www.freeaudiovideosoft.com/downloader-for-windows/free-any-online-video-downloader/","directDownloadingLink":"http://www.freeaudiovideosoft.com/files/FreeOnlineVideoDownloader.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://www.freeaudiovideosoft.com/files/FreeOnlineVideoDownloader.exe","sourceIndex":"525"}],"sampleFiles":["241007/FreeOnlineVideoDownloader-220518/8.8.0/Samples/FreeOnlineVideoDownloader.exe","241007/FreeOnlineVideoDownloader-220518/8.8.0/Samples/FreeOnlineVideoDownloader-setup.exe","241007/FreeOnlineVideoDownloader-220518/8.8.0/Samples/FreeOnlineVideoDownloader_241007.exe"],"imageFiles":["241007/FreeOnlineVideoDownloader-220518/8.8.0/Images/ACR-109/FreeOnlineVideoDloader_RelevantKnowledge(1).jpg","241007/FreeOnlineVideoDownloader-220518/8.8.0/Images/ACR-048/FreeOnlineVideoDloader_RelevantKnowledge(1).jpg","241007/FreeOnlineVideoDownloader-220518/8.8.0/Images/ACR-010/FreeOnlineVideoDloader_RelevantKnowledge.jpg","241007/FreeOnlineVideoDownloader-220518/8.8.0/Images/ACR-004/ACR-048_084_FakeUpdate.jpg","241007/FreeOnlineVideoDownloader-220518/8.8.0/Images/ACR-083/ACR-048_084_FakeUpdate.jpg","241007/FreeOnlineVideoDownloader-220518/8.8.0/Images/ACR-048/ACR-004_FakeNotif.jpg","241007/FreeOnlineVideoDownloader-220518/8.8.0/Images/ACR-118/FreeOnlineVideoDloader_Uninstall.jpg","241007/FreeOnlineVideoDownloader-220518/8.8.0/Images/ACR-057/FreeOnlineVideoDloader_RelevantKnowledge.jpg","241007/FreeOnlineVideoDownloader-220518/8.8.0/Images/ACR-059/FreeOnlineVideoDloader_RelevantKnowledge.jpg","241007/FreeOnlineVideoDownloader-220518/8.8.0/Images/ACR-071/FreeOnlineVideoDloader_RelevantKnowledge.jpg","241007/FreeOnlineVideoDownloader-220518/8.8.0/Images/ACR-155/FreeOnlineVideoDloader_RelevantKnowledge.jpg"],"nonDeceptorImageFiles":["241007/FreeOnlineVideoDownloader-220518/8.8.0/Images/ACR-002/ACR-002_InconsistentVersion.jpg","241007/FreeOnlineVideoDownloader-220518/8.8.0/Images/ACR-106/FreeOnlineVideoDloader_RelevantKnowledge.jpg","241007/FreeOnlineVideoDownloader-220518/8.8.0/Images/ACR-092/ACR-092_NoDigiSig_main.jpg","241007/FreeOnlineVideoDownloader-220518/8.8.0/Images/ACR-092/ACR-092_NoDigiSig_setup1.jpg","241007/FreeOnlineVideoDownloader-220518/8.8.0/Images/ACR-092/ACR-092_NoDigiSig_setup2.jpg","241007/FreeOnlineVideoDownloader-220518/8.8.0/Images/ACR-002/ACR-002_InconsistentVersion.jpg","241007/FreeOnlineVideoDownloader-220518/8.8.0/Images/ACR-045/FreeOnlineVideoDloader_InlineOffer.jpg","241007/FreeOnlineVideoDownloader-220518/8.8.0/Images/ACR-045/FreeOnlineVideoDloader_Offer.jpg"],"guid":"5da90432-0ad6-43e7-a10c-9bd615a1c1fa_8.8.0_1","appID":"FreeOnlineVideoDownloader-220518","dateAdded":"241007","deceptorType":"App","name":"Free Online Video Downloader","company":"FreeAudioVideoSoftTech, Inc.","version":"8.8.0","lastKnownStatus":"8.8.0","lastKnownDate":"241007","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"sold in bundle,in-app purchases,none,cross-sell other apps","lastUpdate":"2024-10-07T20:34:33.0056107+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":505},{"violations":{"ACR-109":"The app downloads \"rk_setup.exe\", a RelevantKnowledge file without the consumer's consent. \n","ACR-048":"The \"Decline\" button does not have any control but still drops a RelevantKnowledge file “rk_setup.exe”.\n","ACR-010":"The app bundler distributes deceptor application. The offer in this bundler, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control. \n","ACR-118":"Upon uninstallation, it retains some executables and many of its other components along with a \"curl-ca-bundle.crt\" on the device without user's knowledge.\n","ACR-057":"The app bundles the \"Relevant Knowledge\" offer which does not allow the consumer to decline the offer.\n","ACR-071":"It attempts to force the acceptance of \"Relevant Knowledge\" by graying out the Next button when the user choose to Decline. Thus, forcing the user to only accept the offer and proceed with the installation. \n","ACR-059":"The Offer is not clearly marked as an offer. It is unclear who is recommending the offer.\n","ACR-155":"Offers are designed to look like part of the install workflow.\n"},"nonDeceptorViolations":{"ACR-161":"The app’s landing page has testimonials that have no links back to a source so consumers can verify if they're real.\n","ACR-106":"App offers deceptive application 'Relevant Knowledge market survey'. \n","ACR-092":" The main executable is not digitally signed.\n","ACR-099":"The app does not display links to uninstall information.\nLanding page does not display links to uninstall information.\n"},"samples":[{"isRevoked":"False","fileName":"FreePCCleaner.exe","productName":"","fileVersion":"0.0","hashMD5":"18273b4521b0adff0f1c1695fd7c6b9a","hashSHA1":"e8901e347cde27a478a2813b8b551ea86279a2d0","hashSHA256":"12c0deaaea844e593e116468a211f19b8735a7cf8d4879354575c19497981082","sourceIndex":"526","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"FreePCCleaner2.exe","fileVersion":"0.0","hashMD5":"08b015a33fb45f75e44a42215e43838f","hashSHA1":"3118ab1ac6dc58bf226dee782c3e4feb1926b58a","hashSHA256":"e2329dae8df129ec972f2788647d79df10795ea36de2d3de7f5441e11ff87efc","sourceIndex":"526","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"FreePCCleaner-setup.exe","isInstaller":"True","companyName":"SoftTop Co., Ltd.                                           ","productName":"Free PC Cleaner  ","fileVersion":"0.0","hashMD5":"bfa0c888133e2c93bed2ac85ba43e18f","hashSHA1":"00fce3f45209b1aaa0afd9c7058bf466c77f29fe","hashSHA256":"2616d62f41a79195dbe3e1c75fbda8fac71f7069bd30f4a7d816d795374a2ff3","digitalCertThumbprint":"D0431C3B5BD506A1926F48FD629A6E71051C1376","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"Beijing Tsingsoft Creative Information Technology Co., Ltd.\", O=\"Beijing Tsingsoft Creative Information Technology Co., Ltd.\", STREET=\"Unit 2302, Building 1, Sun AD South District, Anyuan East Road\", STREET=\"Taiyanggong District, Chaoyang District\", L=Beijing Shi, PostalCode=100020, C=CN","sourceIndex":"526","avBlockList":["360 Total Security (20241224)","Avast Premium Security (20241224)","AVG Internet Security (20241224)","Avira Internet Security (20241224)","Bitdefender Internet Security (20241224)","COMODO Antivirus (20241224)","Dr.Web Security Space (20241224)","ESET Internet Security (20241224)","G DATA INTERNET SECURITY (20241224)","K7 Total Security (20241224)","Kaspersky Internet Security (20220526)","Malwarebytes Premium (20241224)","McAfee Total Protection (20241224)","Norton Security (20241224)","Panda Dome (20241224)","Quick Heal Internet Security (20241224)","Sophos Home Premium (20241224)","SpyHunter5 (20241224)","Total AV Antivirus Pro (20241224)","Trend Micro Internet Security (20241224)","VIPRE Advanced Security (20241224)","VirIT eXplorer PRO (20241224)","Webroot SecureAnywhere (20241224)","Windows Defender (20241224)","FortectPremium (20241224)","KasperskyPremium (20241224)"],"avAllowList":["Tencent PC Manager (20220526)"]},{"isRevoked":"False","fileName":"FreePCCleaner_241007.exe","isInstaller":"True","companyName":"SoftTop Co., Ltd.                                           ","fileVersion":"0.0","hashMD5":"e249c787def6b629ecab81cd626b7e42","hashSHA1":"30e997dc17b9bf625bd5272aebe33ed7ca65a434","hashSHA256":"3b21bce680e9961f07d4b8720466d6e01c0c34108685d43e95a2e753d6e63de3","sourceIndex":"526","avBlockList":["360 Total Security (20241231)","Avast Premium Security (20241231)","AVG Internet Security (20241231)","Avira Internet Security (20241231)","Bitdefender Internet Security (20241231)","COMODO Antivirus (20241231)","Dr.Web Security Space (20241231)","ESET Internet Security (20241231)","FortectPremium (20241231)","G DATA INTERNET SECURITY (20241231)","K7 Total Security (20241231)","KasperskyPremium (20241231)","Malwarebytes Premium (20241231)","McAfee Total Protection (20241231)","Norton Security (20241231)","Panda Dome (20241231)","Quick Heal Internet Security (20241231)","Sophos Home Premium (20241231)","SpyHunter5 (20241231)","Total AV Antivirus Pro (20241231)","Trend Micro Internet Security (20241231)","VIPRE Advanced Security (20241231)","VirIT eXplorer PRO (20241231)","Webroot SecureAnywhere (20241231)","Windows Defender (20241231)"],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"hunt search: system cleaner","reference":"","landingPage":"www.free-pc-cleaner.com/","directDownloadingLink":"https://www.free-pc-cleaner.com/installerfile/FreePCCleaner.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.free-pc-cleaner.com/installerfile/FreePCCleaner.exe","sourceIndex":"526"}],"sampleFiles":["241007/FreePCCleaner-220516/8.8.1/Samples/FreePCCleaner.exe","241007/FreePCCleaner-220516/8.8.1/Samples/FreePCCleaner2.exe","241007/FreePCCleaner-220516/8.8.1/Samples/FreePCCleaner-setup.exe","241007/FreePCCleaner-220516/8.8.1/Samples/FreePCCleaner_241007.exe"],"imageFiles":["241007/FreePCCleaner-220516/8.8.1/Images/ACR-109/rksetup.gif","241007/FreePCCleaner-220516/8.8.1/Images/ACR-048/rksetup.gif","241007/FreePCCleaner-220516/8.8.1/Images/ACR-010/ACR010_RelevanKnowledge.jpg","241007/FreePCCleaner-220516/8.8.1/Images/ACR-118/FPC_Uninstall.jpg","241007/FreePCCleaner-220516/8.8.1/Images/ACR-057/ACR010_RelevanKnowledge.jpg","241007/FreePCCleaner-220516/8.8.1/Images/ACR-059/ACR010_RelevanKnowledge.jpg","241007/FreePCCleaner-220516/8.8.1/Images/ACR-071/ACR010_RelevanKnowledge.jpg","241007/FreePCCleaner-220516/8.8.1/Images/ACR-155/ACR010_RelevanKnowledge.jpg"],"nonDeceptorImageFiles":["241007/FreePCCleaner-220516/8.8.1/Images/ACR-106/ACR010_RelevanKnowledge.jpg","241007/FreePCCleaner-220516/8.8.1/Images/ACR-092/ACR092_Vendor_DigiSig(1).jpg","241007/FreePCCleaner-220516/8.8.1/Images/ACR-092/ACR092_Vendor_DigiSig(3).jpg","241007/FreePCCleaner-220516/8.8.1/Images/ACR-092/ACR092_Vendor_DigiSig(2).jpg","241007/FreePCCleaner-220516/8.8.1/Images/ACR-161/Testimonials.jpeg","241007/FreePCCleaner-220516/8.8.1/Images/ACR-099/FPC_About.jpg","241007/FreePCCleaner-220516/8.8.1/Images/ACR-099/LandingPage.jpeg"],"guid":"df381ff5-efc5-4e8f-8413-5b1829dddc21_8.8.1_1","appID":"FreePCCleaner-220516","dateAdded":"241007","deceptorType":"App","name":"Free PC Cleaner","company":"SoftTop Co., Ltd.","version":"8.8.1","lastKnownStatus":"8.8.1","lastKnownDate":"241007","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"sold in bundle,display ads,cross-sell other apps","lastUpdate":"2024-10-07T20:27:51.167067+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":504},{"violations":{"ACR-109":"The app downloads \"spt_setup.exe\", a RelevantKnowledge file without the consumer's consent. \n","ACR-048":"The \"Decline\" button does not have any control but still drops a RelevantKnowledge file “spt_setup.exe”.\nThe app does not provide an option to cancel the startup of its own. Unable to close the update prompt.\n","ACR-004":"The app prompts untruthful message that upgrade is needed whenever user launches the app. The \"Update\" downloads nothing new, sometimes it leads to download the component(s) that user declined during install procedure, for example, it connected to dpd.securestudies.com and attempted to download user internet behavior program from Relevant Knowledge.\n","ACR-010":"The app distributes deceptor application. The offer in this app, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control.\n","ACR-083":"The App attempts to present the offer repeatedly via its update and startup.\n","ACR-118":"Upon uninstallation, it retains some executables and many of its other components along with a \"curl-ca-bundle.crt\" on the device without user's knowledge.\n","ACR-057":"The app bundles the \"Relevant Knowledge\" offer which does not allow the consumer to decline the offer.\n","ACR-071":"It attempts to force the acceptance of \"Relevant Knowledge\" by graying out the Next button when the user choose to Decline. Thus, forcing the user to only accept the offer and proceed with the installation.\n","ACR-059":"The Offer is not clearly marked as an offer. It is unclear who is recommending the offer.\n","ACR-155":" Offers are designed to look like part of the install workflow.\n"},"nonDeceptorViolations":{"ACR-002":"The App's version is not consistent between App interaction and its install (version 8.8.2.4 vs version 8.8.0)\nThe App's version is not consistent between App interaction and its install (version 8.8.2.4 vs version 8.8.0)\n","ACR-106":"App offers deceptive application 'Relevant Knowledge market survey'. \n","ACR-092":"The main executable is not digitally signed.\n"},"samples":[{"isRevoked":"False","fileName":"FreePDFConverterUtilities.exe","fileVersion":"1.0","hashMD5":"8416de38390c16a0e3989e14dec05b73","hashSHA1":"c27608fcd80e396f5360a4d4afdb39943638ccfe","hashSHA256":"5973aeda541b52f0357cbb0fbffd3f33fb4775c0d34081e1fb3570c17e5f58e7","sourceIndex":"524","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"FreePDFConverterUtilities-setup.exe","isInstaller":"True","companyName":"FreeAudioVideoSoftTech, Inc.                                ","productName":"Free Online Video Downloader ","fileVersion":"0.0","hashMD5":"88ff23bfce09822fb657d8fcc2f5c809","hashSHA1":"784c78a7610e52b6cb02d7eb12bc07b7d33e1d9d","hashSHA256":"a5505760d46bba725734fe8b5f1fa36a3b25b289557c550287a833c8a7b95e1c","digitalCertThumbprint":"347240ECC751AB91D4BA3282DC67ACC9A36D1128","digitalCertIssuer":"CN=COMODO RSA Extended Validation Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", O=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", STREET=\"Chaoyang North Road 199, MOMA Building 1901, Chaoyang District\", L=Beijing, PostalCode=100026, C=CN, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=CN, SERIALNUMBER=911101056717485703","sourceIndex":"524","avBlockList":["360 Total Security (20241224)","Avast Premium Security (20241224)","AVG Internet Security (20241224)","Avira Internet Security (20241224)","Bitdefender Internet Security (20241224)","COMODO Antivirus (20241224)","Dr.Web Security Space (20241224)","ESET Internet Security (20241224)","G DATA INTERNET SECURITY (20241224)","K7 Total Security (20241224)","Kaspersky Internet Security (20220526)","Malwarebytes Premium (20241224)","McAfee Total Protection (20241224)","Norton Security (20241224)","Panda Dome (20241224)","Quick Heal Internet Security (20241224)","Sophos Home Premium (20241224)","SpyHunter5 (20241224)","Total AV Antivirus Pro (20241224)","Trend Micro Internet Security (20241224)","VIPRE Advanced Security (20241224)","VirIT eXplorer PRO (20241224)","Webroot SecureAnywhere (20241224)","Windows Defender (20241224)","FortectPremium (20241224)","KasperskyPremium (20241224)"],"avAllowList":["Tencent PC Manager (20220526)"]},{"isRevoked":"False","fileName":"FreePDFConverterUtilities_241007.exe","isInstaller":"True","companyName":"FreeAudioVideoSoftTech, Inc.                                ","fileVersion":"0.0","hashMD5":"8152d22a4a099c199cd5c49c6a718f52","hashSHA1":"54fa99323a7dd7d4772251389995fed9b09e46b1","hashSHA256":"ae87652d176bd395e8c0192f25ec522980ec90cc28bb49b8b5e0ad80217f3ded","sourceIndex":"524","avBlockList":["360 Total Security (20241231)","Avast Premium Security (20241231)","AVG Internet Security (20241231)","Avira Internet Security (20241231)","Bitdefender Internet Security (20241231)","COMODO Antivirus (20241231)","Dr.Web Security Space (20241231)","ESET Internet Security (20241231)","FortectPremium (20241231)","G DATA INTERNET SECURITY (20241231)","K7 Total Security (20241231)","KasperskyPremium (20241231)","Malwarebytes Premium (20241231)","McAfee Total Protection (20241231)","Norton Security (20241231)","Panda Dome (20241231)","Quick Heal Internet Security (20241231)","Sophos Home Premium (20241231)","SpyHunter5 (20241231)","Total AV Antivirus Pro (20241231)","Trend Micro Internet Security (20241231)","VIPRE Advanced Security (20241231)","VirIT eXplorer PRO (20241231)","Webroot SecureAnywhere (20241231)","Windows Defender (20241231)"],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.search: Free tools","reference":"","landingPage":"https://www.freeaudiovideosoft.com/pdf-tools-for-windows/free-convert-all-to-pdf/","directDownloadingLink":"http://www.freeaudiovideosoft.com/files/FreePDFConverterUtilities.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://www.freeaudiovideosoft.com/files/FreePDFConverterUtilities.exe","sourceIndex":"524"}],"sampleFiles":["241007/FreePDFConverterUtilities-220518/8.8.0/Samples/FreePDFConverterUtilities.exe","241007/FreePDFConverterUtilities-220518/8.8.0/Samples/FreePDFConverterUtilities-setup.exe","241007/FreePDFConverterUtilities-220518/8.8.0/Samples/FreePDFConverterUtilities_241007.exe"],"imageFiles":["241007/FreePDFConverterUtilities-220518/8.8.0/Images/ACR-109/PDFConverterUtilities_RelevantKnowledge.jpg","241007/FreePDFConverterUtilities-220518/8.8.0/Images/ACR-048/PDFConverterUtilities_RelevantKnowledge.jpg","241007/FreePDFConverterUtilities-220518/8.8.0/Images/ACR-048/ACR-004_Update2.jpg","241007/FreePDFConverterUtilities-220518/8.8.0/Images/ACR-083/ACR-083_Update.jpg","241007/FreePDFConverterUtilities-220518/8.8.0/Images/ACR-010/PDFConverterUtilities_RelevantKnowledge(1).jpg","241007/FreePDFConverterUtilities-220518/8.8.0/Images/ACR-004/ACR-004_Update.jpg","241007/FreePDFConverterUtilities-220518/8.8.0/Images/ACR-004/ACR-004_Update2.jpg","241007/FreePDFConverterUtilities-220518/8.8.0/Images/ACR-004/ACR-004_Update-2.jpg","241007/FreePDFConverterUtilities-220518/8.8.0/Images/ACR-118/PDFConverterUtilities_Uninstall.jpg","241007/FreePDFConverterUtilities-220518/8.8.0/Images/ACR-057/PDFConverterUtilities_RelevantKnowledge(1).jpg","241007/FreePDFConverterUtilities-220518/8.8.0/Images/ACR-059/PDFConverterUtilities_RelevantKnowledge(1).jpg","241007/FreePDFConverterUtilities-220518/8.8.0/Images/ACR-071/PDFConverterUtilities_RelevantKnowledge(1).jpg","241007/FreePDFConverterUtilities-220518/8.8.0/Images/ACR-155/PDFConverterUtilities_RelevantKnowledge(1).jpg"],"nonDeceptorImageFiles":["241007/FreePDFConverterUtilities-220518/8.8.0/Images/ACR-002/PDFConverterUtilities_AppVersion.jpg","241007/FreePDFConverterUtilities-220518/8.8.0/Images/ACR-002/PDFConverterUtilities_AppVersion_Inconsistent.jpg","241007/FreePDFConverterUtilities-220518/8.8.0/Images/ACR-106/PDFConverterUtilities_RelevantKnowledge(1).jpg","241007/FreePDFConverterUtilities-220518/8.8.0/Images/ACR-092/ACR-092_main_NoDigiSig.jpg","241007/FreePDFConverterUtilities-220518/8.8.0/Images/ACR-092/ACR-092_setup.jpg","241007/FreePDFConverterUtilities-220518/8.8.0/Images/ACR-092/ACR-092_setup2.jpg","241007/FreePDFConverterUtilities-220518/8.8.0/Images/ACR-002/PDFConverterUtilities_AppVersion.jpg","241007/FreePDFConverterUtilities-220518/8.8.0/Images/ACR-002/PDFConverterUtilities_AppVersion_Inconsistent.jpg"],"guid":"275e4dcc-80fa-4622-9bc8-0f10e88df6d8_8.8.0_1","appID":"FreePDFConverterUtilities-220518","dateAdded":"241007","deceptorType":"App","name":"Free PDF Converter Utilities","company":"FreeAudioVideoSoftTech, Inc.","version":"8.8.0","lastKnownStatus":"8.8.0","lastKnownDate":"241007","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"cross-sell other apps,in-app purchases,sold in bundle,none","lastUpdate":"2024-10-07T20:38:19.802041+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":503},{"violations":{"ACR-109":"The app downloads \"spt_setup.exe\", a RelevantKnowledge file without the consumer's consent. \n","ACR-048":"The \"Decline\" button does not have any control but still drops a RelevantKnowledge file “spt_setup.exe”.\n Unable to close the update prompt.  \n","ACR-004":"The app prompts untruthful message that upgrade is needed whenever user launches the app. The \"Update\" downloads nothing new, sometimes it leads to download the component(s) that user declined during install procedure, for example, it connected to dpd.securestudies.com and attempted to download user internet behavior program from Relevant Knowledge.\n","ACR-010":"The app distributes deceptor application. The offer in this app, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control.\n","ACR-083":"The App attempts to present the offer repeatedly via its update and startup.\n","ACR-118":"Upon uninstallation, it retains some executables and many of its other components along with a \"curl-ca-bundle.crt\" on the device without user's knowledge.\n","ACR-057":"The app bundles the \"Relevant Knowledge\" offer which does not allow the consumer to decline the offer. \n","ACR-071":"It attempts to force the acceptance of \"Relevant Knowledge\" by graying out the Next button when the user choose to Decline. Thus, forcing the user to only accept the offer and proceed with the installation.\n","ACR-059":" The Offer is not clearly marked as an offer. It is unclear who is recommending the offer. \n","ACR-155":"It attempts to force the acceptance of \"Relevant Knowledge\" by graying out the Next button when the user choose to Decline. Thus, forcing the user to only accept the offer and proceed with the installation.\n"},"nonDeceptorViolations":{"ACR-045":"\"Free Gold Pack\" highlights \"Free\" misleads user. The functionality requires consumer payment as donation in order to be activated. Otherwise app should remove \"free\" word.\n","ACR-002":"The App's version is inconsistent between App interaction and its install (version 8.8.2.4 vs version 8.8.0) \nThe App's version is inconsistent between App interaction and its install (version 8.8.2.4 vs version 8.8.0)\n","ACR-106":" App offers deceptive application 'Relevant Knowledge market survey'. \n","ACR-092":"The main executable is not digitally signed.\n"},"samples":[{"isRevoked":"False","fileName":"FreeYouTubeDownloadConvert.exe","fileVersion":"1.0","hashMD5":"7b4c1dd8d9455d190f00dbced769b5e3","hashSHA1":"cccd71b8c71698c2f1714960e38a93ed3a74b31f","hashSHA256":"12314fc5cc4c5c538280acb39bb28d182751a2c87b6a8f77f1f637306714f13a","sourceIndex":"522","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"FreeYouTubeDownloadConvert-setup.exe","isInstaller":"True","companyName":"FreeAudioVideoSoftTech, Inc.                                ","productName":"Free YouTube Download Convert    ","fileVersion":"0.0","hashMD5":"66b21fd129f0055f9164170c4e8a2458","hashSHA1":"eee728b666271a51ffb2a0852752be80b580c18f","hashSHA256":"ca717daab4049b566c71f0c4c115066320673c09c4005c24e8214594ff9a374d","digitalCertThumbprint":"347240ECC751AB91D4BA3282DC67ACC9A36D1128","digitalCertIssuer":"CN=COMODO RSA Extended Validation Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", O=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", STREET=\"Chaoyang North Road 199, MOMA Building 1901, Chaoyang District\", L=Beijing, PostalCode=100026, C=CN, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=CN, SERIALNUMBER=911101056717485703","sourceIndex":"522","avBlockList":["360 Total Security (20241224)","Avast Premium Security (20241224)","AVG Internet Security (20241224)","Avira Internet Security (20241224)","Bitdefender Internet Security (20241224)","COMODO Antivirus (20241224)","Dr.Web Security Space (20241224)","ESET Internet Security (20241224)","G DATA INTERNET SECURITY (20241224)","K7 Total Security (20241224)","Kaspersky Internet Security (20220607)","Malwarebytes Premium (20241224)","McAfee Total Protection (20241224)","Norton Security (20241224)","Panda Dome (20241224)","Quick Heal Internet Security (20241224)","Sophos Home Premium (20241224)","SpyHunter5 (20241224)","Total AV Antivirus Pro (20241224)","Trend Micro Internet Security (20241224)","VIPRE Advanced Security (20241224)","VirIT eXplorer PRO (20241224)","Webroot SecureAnywhere (20241224)","Windows Defender (20241224)","FortectPremium (20241224)","KasperskyPremium (20241224)"],"avAllowList":["Tencent PC Manager (20220607)"]},{"isRevoked":"False","fileName":"FreeYouTubeDownloadConvert_241007.exe","isInstaller":"True","companyName":"FreeAudioVideoSoftTech, Inc.                                ","fileVersion":"0.0","hashMD5":"19570e03ae4bbb531570bfeb4ff3762c","hashSHA1":"071dcfaceb4c082ca6e2671929169d25a239ba53","hashSHA256":"0d9a987e28276beba28479ff08a374162c694af1a73b45c40dab25e5cac114e5","sourceIndex":"522","avBlockList":["360 Total Security (20241226)","Avast Premium Security (20241226)","AVG Internet Security (20241226)","Avira Internet Security (20241226)","Bitdefender Internet Security (20241226)","COMODO Antivirus (20241226)","Dr.Web Security Space (20241226)","ESET Internet Security (20241226)","FortectPremium (20241226)","G DATA INTERNET SECURITY (20241226)","K7 Total Security (20241226)","KasperskyPremium (20241226)","Malwarebytes Premium (20241226)","McAfee Total Protection (20241226)","Norton Security (20241226)","Panda Dome (20241226)","Quick Heal Internet Security (20241226)","Sophos Home Premium (20241226)","SpyHunter5 (20241226)","Total AV Antivirus Pro (20241226)","Trend Micro Internet Security (20241226)","VIPRE Advanced Security (20241226)","VirIT eXplorer PRO (20241226)","Webroot SecureAnywhere (20241226)","Windows Defender (20241226)"],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.search: Free tools","reference":"","landingPage":"https://www.freeaudiovideosoft.com/downloader-for-windows/free-youtube-download-convert/","directDownloadingLink":"http://www.freeaudiovideosoft.com/files/FreeYouTubeDownloadConvert.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://www.freeaudiovideosoft.com/files/FreeYouTubeDownloadConvert.exe","sourceIndex":"522"}],"sampleFiles":["241007/FreeYouTubeDownloadConvert-220520/8.8.0/Samples/FreeYouTubeDownloadConvert.exe","241007/FreeYouTubeDownloadConvert-220520/8.8.0/Samples/FreeYouTubeDownloadConvert-setup.exe","241007/FreeYouTubeDownloadConvert-220520/8.8.0/Samples/FreeYouTubeDownloadConvert_241007.exe"],"imageFiles":["241007/FreeYouTubeDownloadConvert-220520/8.8.0/Images/ACR-109/FreeYoutubeDC-RelevantKnowledge.jpg","241007/FreeYouTubeDownloadConvert-220520/8.8.0/Images/ACR-048/FreeYoutubeDC-RelevantKnowledge.jpg","241007/FreeYouTubeDownloadConvert-220520/8.8.0/Images/ACR-010/FreeYoutubeDC-RelevantKnowledge(1).jpg","241007/FreeYouTubeDownloadConvert-220520/8.8.0/Images/ACR-004/ACR-004_049_084_Update.jpg","241007/FreeYouTubeDownloadConvert-220520/8.8.0/Images/ACR-004/ACR-004-FakeUpdate_RK.jpg","241007/FreeYouTubeDownloadConvert-220520/8.8.0/Images/ACR-083/ACR-004_049_084_Update.jpg","241007/FreeYouTubeDownloadConvert-220520/8.8.0/Images/ACR-048/ACR-004-FakeUpdate.jpg","241007/FreeYouTubeDownloadConvert-220520/8.8.0/Images/ACR-118/FreeYoutubeDC-Uninstall.jpg","241007/FreeYouTubeDownloadConvert-220520/8.8.0/Images/ACR-057/FreeYoutubeDC-RelevantKnowledge(1).jpg","241007/FreeYouTubeDownloadConvert-220520/8.8.0/Images/ACR-059/FreeYoutubeDC-RelevantKnowledge(1).jpg","241007/FreeYouTubeDownloadConvert-220520/8.8.0/Images/ACR-071/FreeYoutubeDC-RelevantKnowledge(1).jpg","241007/FreeYouTubeDownloadConvert-220520/8.8.0/Images/ACR-155/FreeYoutubeDC-RelevantKnowledge(1).jpg"],"nonDeceptorImageFiles":["241007/FreeYouTubeDownloadConvert-220520/8.8.0/Images/ACR-002/FreeYoutubeDC-InconsistentVersion.jpg","241007/FreeYouTubeDownloadConvert-220520/8.8.0/Images/ACR-002/FreeYoutubeDC-InconsistentVersion_About.jpg","241007/FreeYouTubeDownloadConvert-220520/8.8.0/Images/ACR-106/FreeYoutubeDC-RelevantKnowledge.jpg","241007/FreeYouTubeDownloadConvert-220520/8.8.0/Images/ACR-092/ACR-092_NoDigiSig.jpg","241007/FreeYouTubeDownloadConvert-220520/8.8.0/Images/ACR-092/ACR-092_Setup.jpg","241007/FreeYouTubeDownloadConvert-220520/8.8.0/Images/ACR-092/ACR-092_Setup-2.jpg","241007/FreeYouTubeDownloadConvert-220520/8.8.0/Images/ACR-002/FreeYoutubeDC-InconsistentVersion.jpg","241007/FreeYouTubeDownloadConvert-220520/8.8.0/Images/ACR-002/FreeYoutubeDC-InconsistentVersion_About.jpg","241007/FreeYouTubeDownloadConvert-220520/8.8.0/Images/ACR-045/FreeYoutubeDC-InlineOffer.jpg","241007/FreeYouTubeDownloadConvert-220520/8.8.0/Images/ACR-045/FreeYoutubeDC-InlineOffer-a.jpg"],"guid":"ee9a0ff9-8214-4b45-874d-3904815ab945_8.8.0_1","appID":"FreeYouTubeDownloadConvert-220520","dateAdded":"241007","deceptorType":"App","name":"Free Youtube Downloader Convert","company":"FreeAudioVideoSoftTech, Inc.","version":"8.8.0","lastKnownStatus":"8.8.0","lastKnownDate":"241007","type":"Windows Executable","category":"SysTools & Utilities, Media editors","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"sold in bundle,in-app purchases,cross-sell other apps,none","lastUpdate":"2024-10-07T20:43:02.7732039+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":502},{"violations":{"ACR-042":"1. The app drops and installs an expired Trusted Root Certificate (.crt file) without obtaining the consumer's permission through explicit user action.\n2. 'Open VPN' components are installed without disclosing it.\n","ACR-043":"1. The app drops and installs an expired Trusted Root Certificate without disclosing it.\n2. 'Open VPN' components are installed without disclosing it.\n","ACR-107":"Application misses the relevant license information about open source project used \"OpenVPN\"\n","ACR-048":"The app does not provide any control to cancel the installation process.\nThe app does not provide any control to remove its background process completely within the app's settings.\n","ACR-007":"The app does not obtain user consent to reduce the consumer's security posture which might be caused due to installing the trusted root certificate.\n","ACR-084":"On quitting the app under disconnection status, the application doesn't exit completely. The \"VyprVPNService.exe\" process runs in the background, hiding the fact that it is active from the consumer without any notification.\n","ACR-118":"The expired trusted root certificate is not removed from the system after the application is uninstalled.\n"},"nonDeceptorViolations":{"ACR-045":"The app doesn't describe clearly and straightforwardly the main effects of the expired Trusted Root certificate installed.\n","ACR-092":"The app does not have a digital signature for executables: \"VyprVPN.exe\", \"VyprVPNService.exe\".\n\n","ACR-123":"The expired trusted root certificate is not removed from the system after the application is uninstalled.\n","ACR-018":"The app is promoted using articles that offer to help the consumer break the law across the Landing Pages.\n"},"samples":[{"isRevoked":"False","fileName":"VyprVPN-5.1.2.0-installer.exe","isInstaller":"True","companyName":"Certida LLC","productName":"VyprVPN 5.1.2.0","productVersion":"5.1.2.0","fileVersion":"5.1.2.0","hashMD5":"e6014a8b9474fae333383ac7006319eb","hashSHA1":"4abc4e01c431f4b6b53f69f8a583ab4631d32985","hashSHA256":"948293c3555a45673591cd6bd4b4084450dd3b3ddbc6ed20558914d34bf13ebf","digitalCertThumbprint":"9021EC17E9745ED65648FC3D5C968CDC1CFA7059","digitalCertIssuer":"DigiCert Global G3 Code Signing ECC SHA384 2021 CA1","digitalCertIssuedTo":"Certida LLC","storeId":"","sourceIndex":"520","avBlockList":["360 Total Security (20241219)","Avast Premium Security (20241219)","AVG Internet Security (20241219)","Avira Internet Security (20241219)","Bitdefender Internet Security (20241219)","FortectPremium (20241219)","G DATA INTERNET SECURITY (20241219)","K7 Total Security (20241219)","Norton Security (20241219)","Panda Dome (20241219)","SpyHunter5 (20241219)","Total AV Antivirus Pro (20241219)","VIPRE Advanced Security (20241219)","VirIT eXplorer PRO (20241219)","Webroot SecureAnywhere (20241219)","Windows Defender (20241219)"],"avAllowList":["COMODO Antivirus (20241219)","Dr.Web Security Space (20241219)","ESET Internet Security (20241219)","KasperskyPremium (20241219)","Malwarebytes Premium (20241219)","McAfee Total Protection (20241219)","Quick Heal Internet Security (20241219)","Sophos Home Premium (20241219)","Trend Micro Internet Security (20241219)"]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on windows app","reference":"","landingPage":"https://www.vyprvpn.com/vpn-apps/vpn-for-windows","directDownloadingLink":"https://www.vyprvpn.com/downloads/vyprvpn/desktop/windows/production/5.1.2.0/VyprVPN-5.1.2.0-installer.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.vyprvpn.com/downloads/vyprvpn/desktop/windows/production/5.1.2.0/VyprVPN-5.1.2.0-installer.exe","sourceIndex":"520"}],"sampleFiles":["241007/VyprVPN-230626/5.1.2.0/Samples/VyprVPN-5.1.2.0-installer.exe"],"imageFiles":["241007/VyprVPN-230626/5.1.2.0/Images/ACR-043/ACR-043.PNG","241007/VyprVPN-230626/5.1.2.0/Images/ACR-043/ACR-043_1.PNG","241007/VyprVPN-230626/5.1.2.0/Images/ACR-043/ACR-043_2.PNG","241007/VyprVPN-230626/5.1.2.0/Images/ACR-043/ACR-043_3.PNG","241007/VyprVPN-230626/5.1.2.0/Images/ACR-107/ACR-107.PNG","241007/VyprVPN-230626/5.1.2.0/Images/ACR-042/ACR-042.PNG","241007/VyprVPN-230626/5.1.2.0/Images/ACR-042/ACR-042_1.PNG","241007/VyprVPN-230626/5.1.2.0/Images/ACR-042/ACR-042_2.PNG","241007/VyprVPN-230626/5.1.2.0/Images/ACR-042/ACR-042_3.PNG","241007/VyprVPN-230626/5.1.2.0/Images/ACR-048/ACR-048.PNG","241007/VyprVPN-230626/5.1.2.0/Images/ACR-007/ACR-007.PNG","241007/VyprVPN-230626/5.1.2.0/Images/ACR-007/ACR-007_1.PNG","241007/VyprVPN-230626/5.1.2.0/Images/ACR-007/ACR-007_2.PNG","241007/VyprVPN-230626/5.1.2.0/Images/ACR-084/ACR-084_Software_1.png","241007/VyprVPN-230626/5.1.2.0/Images/ACR-048/ACR-048_1.PNG","241007/VyprVPN-230626/5.1.2.0/Images/ACR-048/ACR-048_2.PNG","241007/VyprVPN-230626/5.1.2.0/Images/ACR-118/ACR-118.PNG"],"nonDeceptorImageFiles":["241007/VyprVPN-230626/5.1.2.0/Images/ACR-045/ACR-045.PNG","241007/VyprVPN-230626/5.1.2.0/Images/ACR-045/ACR-045_1.PNG","241007/VyprVPN-230626/5.1.2.0/Images/ACR-045/ACR-045_2.PNG","241007/VyprVPN-230626/5.1.2.0/Images/ACR-092/ACR-092.PNG","241007/VyprVPN-230626/5.1.2.0/Images/ACR-092/ACR-092_1.PNG","241007/VyprVPN-230626/5.1.2.0/Images/ACR-123/ACR-123.PNG","241007/VyprVPN-230626/5.1.2.0/Images/ACR-018/ACR-018.PNG"],"guid":"a7e25cb8-e974-47dd-b083-0a9a18c68e60_5.1.2.0_1","appID":"VyprVPN-230626","dateAdded":"241007","deceptorType":"App","name":"Vypr VPN","company":"Certida LLC","version":"5.1.2.0","lastKnownStatus":"5.1.2.0","lastKnownDate":"241007","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2024-10-07T22:07:05.8227421+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":501},{"violations":{"ACR-109":"The app installs \"FreeStudioManager\" without disclosing it to the user and getting user consent.\n","ACR-042":"1. The app installs \"FreeStudioManager\" and \"FreeCodecPack\" without disclosing it to the user and getting user consent. 2. Third-party \"The Qt Company Ltd\" components are installed without any disclosure\n","ACR-043":"1. The app installs \"FreeStudioManager\" and \"FreeCodecPack\" without disclosing it to the user and getting user consent. 2. Third-party \"The Qt Company Ltd\" components are installed without any disclosure\n","ACR-048":"The app does not provide an option to cancel the installation.\nThe non-disclosed app components is hidden from standard uninstall entry, limiting user to remove/delete/uninstall it: \"DVDVideoSoft Free Studio\"\n","ACR-017":"The application logo is way too similar to the windows logo, misleading representation for the app source.\n","ACR-084":"The non-disclosed app components is hidden from standard uninstall entry.\n","ACR-116":"The non-disclosed app components is hidden from standard uninstall entry, thus preventing the platform's standard uninstall method.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components on the device without the consumer's consent or notifying the user.\n","ACR-039":"The app installs \"FreeStudioManager\" without disclosing it to the user and getting user consent.\n","ACR-165":"The app needs to provide details about how to cancel online when users receive notification for renewal and what's the price amount after the time-bound discount expires.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"FreeAudioConverter_5.1.12.1204_u.exe","isInstaller":"True","companyName":"Digital Wave Ltd                                            ","productName":"Free Audio Converter (sc)                                   ","productVersion":"5.1.12.1204                                       ","fileVersion":"5.1.12.1204         ","hashMD5":"e44876b0b6f8c1e22fb129c9cadf0913","hashSHA1":"682124b455be46201edb68fb3aed75362d2b56d3","hashSHA256":"c1e6e311409f2d2e4b80b63c58b3e625f518575425e94ee9f49999fe909ae40d","digitalCertThumbprint":"C644B30CB1377BB542DE7BA6D74E7625F8C3B18B","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Digital Wave Ltd","storeId":"","sourceIndex":"527","avBlockList":["Avast Premium Security (20241217)","AVG Internet Security (20241217)","Avira Internet Security (20241217)","COMODO Antivirus (20241217)","Dr.Web Security Space (20241217)","FortectPremium (20241217)","Malwarebytes Premium (20241217)","McAfee Total Protection (20241217)","Norton Security (20241217)","Panda Dome (20241217)","Sophos Home Premium (20241217)","SpyHunter5 (20241217)","Total AV Antivirus Pro (20241217)","VirIT eXplorer PRO (20241217)","Webroot SecureAnywhere (20241217)","Windows Defender (20241217)"],"avAllowList":["360 Total Security (20241217)","Bitdefender Internet Security (20241217)","ESET Internet Security (20241217)","G DATA INTERNET SECURITY (20241217)","K7 Total Security (20241217)","KasperskyPremium (20241217)","Quick Heal Internet Security (20241217)","Trend Micro Internet Security (20241217)","VIPRE Advanced Security (20241217)"]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on windows app","reference":"","landingPage":"https://www.dvdvideosoft.com/products/dvd/Free-Audio-Converter.htm","directDownloadingLink":"https://www.dvdvideosoft.com/download.htm?fname=FreeAudioConverter.exe&ls=topWinPrimary","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.dvdvideosoft.com/download.htm?fname=FreeAudioConverter.exe&ls=topWinPrimary","sourceIndex":"527"}],"sampleFiles":["241003/FreeAudioConverter-220426/5.1.12.1204/Samples/FreeAudioConverter_5.1.12.1204_u.exe"],"imageFiles":["241003/FreeAudioConverter-220426/5.1.12.1204/Images/ACR-039/ACR-039.PNG","241003/FreeAudioConverter-220426/5.1.12.1204/Images/ACR-042/ACR-042.PNG","241003/FreeAudioConverter-220426/5.1.12.1204/Images/ACR-042/ACR-042_1.PNG","241003/FreeAudioConverter-220426/5.1.12.1204/Images/ACR-042/ACR-042_2.PNG","241003/FreeAudioConverter-220426/5.1.12.1204/Images/ACR-043/ACR-043.PNG","241003/FreeAudioConverter-220426/5.1.12.1204/Images/ACR-043/ACR-043_1.PNG","241003/FreeAudioConverter-220426/5.1.12.1204/Images/ACR-043/ACR-043_2.PNG","241003/FreeAudioConverter-220426/5.1.12.1204/Images/ACR-048/ACR-048.PNG","241003/FreeAudioConverter-220426/5.1.12.1204/Images/ACR-048/ACR-048_1.PNG","241003/FreeAudioConverter-220426/5.1.12.1204/Images/ACR-017/ACR-017.PNG","241003/FreeAudioConverter-220426/5.1.12.1204/Images/ACR-109/ACR-109.PNG","241003/FreeAudioConverter-220426/5.1.12.1204/Images/ACR-084/ACR-084.PNG","241003/FreeAudioConverter-220426/5.1.12.1204/Images/ACR-116/ACR-116.PNG","241003/FreeAudioConverter-220426/5.1.12.1204/Images/ACR-118/ACR-118.PNG","241003/FreeAudioConverter-220426/5.1.12.1204/Images/ACR-118/ACR-118_1.PNG","241003/FreeAudioConverter-220426/5.1.12.1204/Images/ACR-165/ACR-165.PNG"],"nonDeceptorImageFiles":[],"guid":"3a8cc860-3801-4108-8ba6-cb76dcad6a74_5.1.12.1204_1","appID":"FreeAudioConverter-220426","dateAdded":"241003","deceptorType":"App","name":"Free Audio Converter","company":"Digital Wave Ltd","version":"5.1.12.1204","lastKnownStatus":"5.1.9.310;5.1.12.1204","lastKnownDate":"241003","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10,Windows Server","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2024-10-03T21:08:54.9972978+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":507},{"violations":{"ACR-109":"The app installs \"FreeStudioManager\" without disclosing it to the user and getting user consent.\n","ACR-042":"On executing the installer, it directly installs the \"FreeStudioManager\" and its components without the user's permission and disclosing the installation path. \nThe app drops \"FreeStudioManager\" without disclosing it to the user and getting user consent.\n","ACR-043":"The \"FreeStudioManager\" components are installed without asking the user's permission and disclosing the installation path.\n","ACR-048":"The app does not provide an option to cancel the installation.\nThe non disclosed app components is hidden from standard uninstall entry, limits user to remove/delete/uninstall it: \"DVDVideoSoft Free Studio\".\n","ACR-017":"The application logo is way too similar to the windows logo, misleading representation for the app source.\n","ACR-039":"The app installs \"FreeStudioManager\" without disclosing it to the user that it came and is related with the main app.\n","ACR-164":"The app needs to provide details about how to cancel online when users receive notification for renewal and what's the price amount after the time-bound discount expires.\n"},"nonDeceptorViolations":{"ACR-044":"The app does get the user's consent to download and install the other application.\n","ACR-065":"The install does not display links to the Returns and Cancellation Policy.\nThe app's About page does not have links to Returns and Cancellation Policy. \n","ACR-099":"The landing page does not display links to uninstall information.\nThe internal offers page does not display links to uninstall information.\nThe application does not display links to uninstall information.\n"},"samples":[{"isRevoked":"False","fileName":"FreeAudioConverter.exe","companyName":"Digital Wave Ltd","fileVersion":"5.1","hashMD5":"c328e37efcd3f1c33ab82bb3ce071058","hashSHA1":"925625f76191339ed587ea99bf7b3c1f872a0e09","hashSHA256":"6670e95bd27043674a3a5086bfc590d223225e01f09c8a54b5308d6f2a35ea25","digitalCertThumbprint":"C934990D27B9D3CE6D5914E7494A993FA4F860E2","digitalCertIssuer":"CN=DigiCert EV Code Signing CA (SHA2), OU=www.digicert.com, O=DigiCert Inc, C=US","digitalCertIssuedTo":"CN=Digital Wave Ltd, O=Digital Wave Ltd, L=London, C=GB, SERIALNUMBER=06823196, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=GB","sourceIndex":"1638","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"FreeAudioConverter_5.1.9.310_o.exe","isInstaller":"True","companyName":"Digital Wave Ltd                                            ","fileVersion":"5.1.9.310","hashMD5":"d1b60a04362b9e185eaa8849bc8c8a6a","hashSHA1":"5a43d12a949a8430efb0b7c7770e076f0df2e51d","hashSHA256":"b0bbef864698cf531b9644cb185c81d7acb8eec569f88ea58fd37287398eb6ca","digitalCertThumbprint":"C934990D27B9D3CE6D5914E7494A993FA4F860E2","digitalCertIssuer":"CN=DigiCert EV Code Signing CA (SHA2), OU=www.digicert.com, O=DigiCert Inc, C=US","digitalCertIssuedTo":"CN=Digital Wave Ltd, O=Digital Wave Ltd, L=London, C=GB, SERIALNUMBER=06823196, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=GB","sourceIndex":"1638","avBlockList":["Avast Premium Security (20220505)","AVG Internet Security (20220505)","Avira Internet Security (20220505)","Dr.Web Security Space (20220505)","K7 Total Security (20220505)","McAfee Total Protection (20220505)","Norton Security (20220505)","Panda Dome (20220505)","Quick Heal Internet Security (20220505)","Sophos Home Premium (20220505)","SpyHunter5 (20220505)","Total AV Antivirus Pro (20220505)","VirIT eXplorer PRO (20220505)","Windows Defender (20220505)"],"avAllowList":["360 Total Security (20220505)","Bitdefender Internet Security (20220505)","COMODO Antivirus (20220505)","ESET Internet Security (20220505)","G DATA INTERNET SECURITY (20220505)","Kaspersky Internet Security (20220505)","Malwarebytes Premium (20220505)","Tencent PC Manager (20220505)","Trend Micro Internet Security (20220505)","VIPRE Advanced Security (20220505)","Webroot SecureAnywhere (20220505)"]},{"isRevoked":"False","fileName":"FreeStudioManager.exe","companyName":"Digital Wave Ltd","fileVersion":"6.7","hashMD5":"8c4257b465f9d5f5dbcd4613d7148835","hashSHA1":"956ee354b83bee2507c350ab4b320407863c4d69","hashSHA256":"70b96820bb5657d58a0286ae1b8135c942c9ec859a2db8c9bbf44aaa7aa2b9bb","digitalCertThumbprint":"C934990D27B9D3CE6D5914E7494A993FA4F860E2","digitalCertIssuer":"CN=DigiCert EV Code Signing CA (SHA2), OU=www.digicert.com, O=DigiCert Inc, C=US","digitalCertIssuedTo":"CN=Digital Wave Ltd, O=Digital Wave Ltd, L=London, C=GB, SERIALNUMBER=06823196, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=GB","sourceIndex":"1638","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"search free converter in google","reference":"","landingPage":"https://www.dvdvideosoft.com/products/dvd/Free-Audio-Converter.htm","directDownloadingLink":"https://www.dvdvideosoft.com/download.htm?fname=FreeAudioConverter.exe&ls=topWinPrimary","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.dvdvideosoft.com/download.htm?fname=FreeAudioConverter.exe&ls=topWinPrimary","sourceIndex":"1638"}],"sampleFiles":["220426/FreeAudioConverter-220426/5.1.9.310/Samples/FreeAudioConverter.exe","220426/FreeAudioConverter-220426/5.1.9.310/Samples/FreeAudioConverter_5.1.9.310_o.exe","220426/FreeAudioConverter-220426/5.1.9.310/Samples/FreeStudioManager.exe"],"imageFiles":["220426/FreeAudioConverter-220426/5.1.9.310/Images/ACR-039/ACR039-FreeAudioConverter-a.jpg","220426/FreeAudioConverter-220426/5.1.9.310/Images/ACR-039/ACR039-FreeAudioConverter-b.jpg","220426/FreeAudioConverter-220426/5.1.9.310/Images/ACR-042/ACR042-FreeAudioConverter-a - Copy.jpg","220426/FreeAudioConverter-220426/5.1.9.310/Images/ACR-042/ACR042-FreeAudioConverter-b - Copy.jpg","220426/FreeAudioConverter-220426/5.1.9.310/Images/ACR-042/ACR042-FreeAudioConverter-c.jpg","220426/FreeAudioConverter-220426/5.1.9.310/Images/ACR-043/ACR043-FreeAudioConverter-a.jpg","220426/FreeAudioConverter-220426/5.1.9.310/Images/ACR-043/ACR043-FreeAudioConverter-b.jpg","220426/FreeAudioConverter-220426/5.1.9.310/Images/ACR-048/ACR048-FreeAudioConverter.jpg","220426/FreeAudioConverter-220426/5.1.9.310/Images/ACR-048/ACR048-FreeAudioConverter-b.jpg","220426/FreeAudioConverter-220426/5.1.9.310/Images/ACR-017/ACR017-FreeAudioConverter.jpg","220426/FreeAudioConverter-220426/5.1.9.310/Images/ACR-109/ACR109-FreeAudioConverter-a.jpg","220426/FreeAudioConverter-220426/5.1.9.310/Images/ACR-109/ACR109-FreeAudioConverter-b.jpg","220426/FreeAudioConverter-220426/5.1.9.310/Images/ACR-109/ACR109-FreeAudioConverter-c.jpg","220426/FreeAudioConverter-220426/5.1.9.310/Images/ACR-164/ACR164-FreeAudioConverter-a.jpg","220426/FreeAudioConverter-220426/5.1.9.310/Images/ACR-164/ACR164-FreeAudioConverter-b.jpg"],"nonDeceptorImageFiles":["220426/FreeAudioConverter-220426/5.1.9.310/Images/ACR-044/ACR044-FreeAudioConverter-a.jpg","220426/FreeAudioConverter-220426/5.1.9.310/Images/ACR-044/ACR044-FreeAudioConverter-b.jpg","220426/FreeAudioConverter-220426/5.1.9.310/Images/ACR-099/ACR099-LandingPage.jpg","220426/FreeAudioConverter-220426/5.1.9.310/Images/ACR-099/ACR099-OfferPage.jpg","220426/FreeAudioConverter-220426/5.1.9.310/Images/ACR-099/ACR099-Software.jpg","220426/FreeAudioConverter-220426/5.1.9.310/Images/ACR-065/ACR065-FreeAudioConverter-a.jpg","220426/FreeAudioConverter-220426/5.1.9.310/Images/ACR-065/ACR065-FreeAudioConverter-b.jpg","220426/FreeAudioConverter-220426/5.1.9.310/Images/ACR-065/ACR065-About.jpg"],"guid":"3a8cc860-3801-4108-8ba6-cb76dcad6a74_5.1.9.310_1","appID":"FreeAudioConverter-220426","dateAdded":"241003","deceptorType":"App","name":"Free Audio Converter","company":"Digital Wave Ltd","version":"5.1.9.310","lastKnownStatus":"5.1.9.310;5.1.12.1204","lastKnownDate":"241003","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10,Windows Server","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2024-10-03T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":508},{"violations":{"ACR-048":"The app does not provide control to enable/disable the startup item and to remove its background process completely within the app's settings. \nThe app does not provide option to cancel the installation process.\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software.\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software.\n","ACR-084":"1. The app creates an undisclosed startup item to perform an action without the consumer's knowledge and consent.\n2. On closing the app, the application doesn't exit completely. Several processes run in the background, hiding the fact that it is active from the consumer without any notification.\n","ACR-097":"The app adds an exception for Windows firewall without disclosing relevant info and getting consent from the user.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components on the device without the consumer's consent or notifying the user.\n","ACR-057":"Offers don't have clear way for user to accept or decline. \n","ACR-055":"The accept/Decline options are not consistent for offers.\n","ACR-059":"The Offer is not clearly marked as an optional offer. \n","ACR-155":"Offers are designed to look like part of the install workflow\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"DTLite1210-2180.exe","isInstaller":"True","companyName":"Disc Soft FZE LLC","productName":"DAEMON Tools Lite Installer","productVersion":"12.1.0.2180","fileVersion":"12.1.0.2180","hashMD5":"35beb9e86a2155125cad954ded304cf2","hashSHA1":"8bf5bc29106436f99c7dbf8608fcd2eb007382e3","hashSHA256":"663a4570cfcb54adc1cccce62ed59ac0d615d26461c50163257f6748bec44aeb","digitalCertThumbprint":"195A8B2353093FDE6C912C299581FE78A12DEEF5","digitalCertIssuer":"Entrust Extended Validation Code Signing CA - EVCS2","digitalCertIssuedTo":"AVB Disc Soft SIA","storeId":"","sourceIndex":"582","avBlockList":["COMODO Antivirus (20241001)","Dr.Web Security Space (20241001)","ESET Internet Security (20241001)","FortectPremium (20241001)","K7 Total Security (20241001)","KasperskyPremium (20241001)","Malwarebytes Premium (20241001)","McAfee Total Protection (20241001)","Norton Security (20241001)","Panda Dome (20241001)","Quick Heal Internet Security (20241001)","Sophos Home Premium (20241001)","SpyHunter5 (20241001)","VirIT eXplorer PRO (20241001)","Webroot SecureAnywhere (20241001)"],"avAllowList":["360 Total Security (20241001)","Avast Premium Security (20241001)","AVG Internet Security (20241001)","Avira Internet Security (20241001)","Bitdefender Internet Security (20241001)","G DATA INTERNET SECURITY (20241001)","Total AV Antivirus Pro (20241001)","Trend Micro Internet Security (20241001)","VIPRE Advanced Security (20241001)","Windows Defender (20241001)"]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on windows app","reference":"","landingPage":"https://disc-tools.com/","directDownloadingLink":"https://disc-tools.com/download/dtLite","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://disc-tools.com/download/dtLite","sourceIndex":"582"}],"sampleFiles":["240730/daemontoolslite-220714/12.1.0.2180/Samples/DTLite1210-2180.exe"],"imageFiles":["240730/daemontoolslite-220714/12.1.0.2180/Images/ACR-084/ACR-084.PNG","240730/daemontoolslite-220714/12.1.0.2180/Images/ACR-084/ACR-084_1.PNG","240730/daemontoolslite-220714/12.1.0.2180/Images/ACR-048/ACR-048.PNG","240730/daemontoolslite-220714/12.1.0.2180/Images/ACR-048/ACR-048_1.PNG","240730/daemontoolslite-220714/12.1.0.2180/Images/ACR-048/ACR-048_2.PNG","240730/daemontoolslite-220714/12.1.0.2180/Images/ACR-059/ACR-059.PNG","240730/daemontoolslite-220714/12.1.0.2180/Images/ACR-059/ACR-059_1.PNG","240730/daemontoolslite-220714/12.1.0.2180/Images/ACR-155/ACR-155.PNG","240730/daemontoolslite-220714/12.1.0.2180/Images/ACR-155/ACR-155_1.PNG","240730/daemontoolslite-220714/12.1.0.2180/Images/ACR-155/ACR-155_2.PNG","240730/daemontoolslite-220714/12.1.0.2180/Images/ACR-048/ACR-048_Install.PNG","240730/daemontoolslite-220714/12.1.0.2180/Images/ACR-013/ACR-013.PNG","240730/daemontoolslite-220714/12.1.0.2180/Images/ACR-013/ACR-013_1.PNG","240730/daemontoolslite-220714/12.1.0.2180/Images/ACR-013/ACR-013_2.PNG","240730/daemontoolslite-220714/12.1.0.2180/Images/ACR-097/ACR-097.PNG","240730/daemontoolslite-220714/12.1.0.2180/Images/ACR-118/ACR-118.PNG","240730/daemontoolslite-220714/12.1.0.2180/Images/ACR-057/ACR-057_2.PNG","240730/daemontoolslite-220714/12.1.0.2180/Images/ACR-055/ACR-055.PNG","240730/daemontoolslite-220714/12.1.0.2180/Images/ACR-055/ACR-055_1.PNG","240730/daemontoolslite-220714/12.1.0.2180/Images/ACR-055/ACR-055_2.PNG","240730/daemontoolslite-220714/12.1.0.2180/Images/ACR-060/ACR-060.PNG","240730/daemontoolslite-220714/12.1.0.2180/Images/ACR-060/ACR-060_1.PNG","240730/daemontoolslite-220714/12.1.0.2180/Images/ACR-060/ACR-060_2.PNG"],"nonDeceptorImageFiles":[],"guid":"17abde56-37a4-48ca-b33d-5a031f4a0ae8_12.1.0.2180_1","appID":"daemontoolslite-220714","dateAdded":"240930","deceptorType":"App","name":"Daemon Tools Lite","company":"Disc Soft Ltd","version":"12.1.0.2180","lastKnownStatus":"1.4.28.0082;11.2.0.2067;11.2.0.2074;11.2.0.2078;11.2.0.2080;11.2.0.2086;11.2.0.2083;11.2.0.2092;11.2.0.2093;11.2.0.2099;11.2.0.2105;12.0.0.2126;12.1.0.2169;12.1.0.2180;12.1.0.2211","lastKnownDate":"240930","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2024-09-30T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":15,"sortOrder":512},{"violations":{"ACR-048":"The app does not provide control to enable/disable the startup item and to remove its background process completely within the app's settings. \nThe app does not provide option to cancel the installation process.\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software.\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software.\n","ACR-084":"1. The app creates an undisclosed startup item to perform an action without the consumer's knowledge and consent.\n2. On closing the app, the application doesn't exit completely. Several processes run in the background, hiding the fact that it is active from the consumer without any notification.\n","ACR-097":"The app adds an exception for Windows firewall without disclosing relevant info and getting consent from the user.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components on the device without the consumer's consent or notifying the user.\n","ACR-057":"Offers don't have clear way for user to accept or decline. \n","ACR-055":"The accept/Decline options are not consistent for offers.\n","ACR-059":"The Offer is not clearly marked as an optional offer. \n","ACR-155":"Offers are designed to look like part of the install workflow\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"DTLite1210-2169.exe","isInstaller":"True","companyName":"Disc Soft FZE LLC","productName":"DAEMON Tools Lite Installer","productVersion":"12.1.0.2169","fileVersion":"12.1.0.2169","hashMD5":"f644be5504a88097959aceb720c987f4","hashSHA1":"b85e3e3b629dd47bdd8ed405275017d27dc66c9e","hashSHA256":"3ecd5a3a1175b9baf3a018f134f0bf352f1ce3e9d5f974d293ccc5ce243c527c","digitalCertThumbprint":"6FF4F12F192D94BD04EA30D660945D2CB7330529","digitalCertIssuer":"DigiCert SHA2 Assured ID Code Signing CA","digitalCertIssuedTo":"SIA AVB Disc Soft","storeId":"","sourceIndex":"629","avBlockList":["COMODO Antivirus (20240808)","Dr.Web Security Space (20240808)","ESET Internet Security (20240808)","G DATA INTERNET SECURITY (20240808)","K7 Total Security (20240808)","Kaspersky Internet Security (20240718)","Malwarebytes Premium (20240808)","Norton Security (20240808)","Panda Dome (20240808)","Quick Heal Internet Security (20240808)","Sophos Home Premium (20240808)","SpyHunter5 (20240808)","Total AV Antivirus Pro (20240808)","VIPRE Advanced Security (20240808)","VirIT eXplorer PRO (20240808)","Webroot SecureAnywhere (20240808)","FortectPremium (20240808)","KasperskyPremium (20240808)"],"avAllowList":["360 Total Security (20240808)","Avast Premium Security (20240808)","AVG Internet Security (20240808)","Avira Internet Security (20240808)","Bitdefender Internet Security (20240808)","McAfee Total Protection (20240808)","Trend Micro Internet Security (20240808)","Windows Defender (20240808)"]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on windows app","reference":"","landingPage":"https://disc-tools.com/","directDownloadingLink":"https://disc-tools.com/download/dtLite","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://disc-tools.com/download/dtLite","sourceIndex":"629"}],"sampleFiles":["240620/daemontoolslite-220714/12.1.0.2169/Samples/DTLite1210-2169.exe"],"imageFiles":["240620/daemontoolslite-220714/12.1.0.2169/Images/ACR-084/ACR-084_1.PNG","240620/daemontoolslite-220714/12.1.0.2169/Images/ACR-084/ACR-084_2.PNG","240620/daemontoolslite-220714/12.1.0.2169/Images/ACR-048/ACR-048_1.PNG","240620/daemontoolslite-220714/12.1.0.2169/Images/ACR-048/ACR-048_2.PNG","240620/daemontoolslite-220714/12.1.0.2169/Images/ACR-048/ACR-048_3.PNG","240620/daemontoolslite-220714/12.1.0.2169/Images/ACR-059/ACR-059_1.PNG","240620/daemontoolslite-220714/12.1.0.2169/Images/ACR-155/ACR-155.PNG","240620/daemontoolslite-220714/12.1.0.2169/Images/ACR-155/ACR-155_1.PNG","240620/daemontoolslite-220714/12.1.0.2169/Images/ACR-048/ACR-048.PNG","240620/daemontoolslite-220714/12.1.0.2169/Images/ACR-013/ACR-013.PNG","240620/daemontoolslite-220714/12.1.0.2169/Images/ACR-013/ACR-013_1.PNG","240620/daemontoolslite-220714/12.1.0.2169/Images/ACR-097/ACR-097.PNG","240620/daemontoolslite-220714/12.1.0.2169/Images/ACR-118/ACR-118.PNG","240620/daemontoolslite-220714/12.1.0.2169/Images/ACR-057/ACR-057.PNG","240620/daemontoolslite-220714/12.1.0.2169/Images/ACR-057/ACR-057_1.PNG","240620/daemontoolslite-220714/12.1.0.2169/Images/ACR-055/ACR-055.PNG","240620/daemontoolslite-220714/12.1.0.2169/Images/ACR-055/ACR-055_1.PNG","240620/daemontoolslite-220714/12.1.0.2169/Images/ACR-060/ACR-060.PNG","240620/daemontoolslite-220714/12.1.0.2169/Images/ACR-060/ACR-060_1.PNG"],"nonDeceptorImageFiles":[],"guid":"17abde56-37a4-48ca-b33d-5a031f4a0ae8_12.1.0.2169_1","appID":"daemontoolslite-220714","dateAdded":"240930","deceptorType":"App","name":"Daemon Tools Lite","company":"Disc Soft Ltd","version":"12.1.0.2169","lastKnownStatus":"1.4.28.0082;11.2.0.2067;11.2.0.2074;11.2.0.2078;11.2.0.2080;11.2.0.2086;11.2.0.2083;11.2.0.2092;11.2.0.2093;11.2.0.2099;11.2.0.2105;12.0.0.2126;12.1.0.2169;12.1.0.2180;12.1.0.2211","lastKnownDate":"240930","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2024-09-30T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":15,"sortOrder":513},{"violations":{"ACR-042":"The app initiates network communications with 3rd party offer provider before obtaining user consent. \n","ACR-048":"The app does not provide control to enable/disable the startup item and to remove its background process completely within the app's settings. \nThe app does not provide option to cancel the installation process.\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software.\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software.\n","ACR-084":"1. The app creates an undisclosed startup item to perform an action without the consumer's knowledge and consent.\n2. On closing the app, the application doesn't exit completely. Several processes run in the background, hiding the fact that it is active from the consumer without any notification.\n","ACR-097":"The app adds an exception for Windows firewall to evade the default system security guard.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components on the device without the consumer's consent or notifying the user.\n","ACR-057":"Offers don't have clear way for user to accept or decline. \n","ACR-055":"The accept/Decline options are not consistent for offers.\n","ACR-059":"The Offer is not clearly marked as an optional offer. \n","ACR-155":"Offers are designed to look like part of the install workflow\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"DotNetWrapper.exe","isInstaller":"True","companyName":"Disc Soft FZE LLC","productName":"DAEMON Tools Lite Installer","productVersion":"12.0.0.2126","fileVersion":"12.0.0.2126","hashMD5":"418747f6c138cef786bb250b9d8b655d","hashSHA1":"d497cfc9b09438c152812c92931255865a7bb003","hashSHA256":"524786246019f9e19f329297eb933d574ebb672eebd7104b4756d2004967f6f0","digitalCertThumbprint":"9A8EC24D4552F8EB8902FAB19EAF95DC2A2EA407","digitalCertIssuer":"Sectigo RSA Code Signing CA","digitalCertIssuedTo":"AVB Disc Soft SIA","storeId":"","sourceIndex":"818","avBlockList":["COMODO Antivirus (20240806)","Dr.Web Security Space (20240806)","ESET Internet Security (20240806)","FortectPremium (20240806)","G DATA INTERNET SECURITY (20240806)","KasperskyPremium (20240806)","Malwarebytes Premium (20240806)","Norton Security (20240806)","Panda Dome (20240806)","Sophos Home Premium (20240806)","SpyHunter5 (20240806)","Total AV Antivirus Pro (20240806)","VIPRE Advanced Security (20240806)","VirIT eXplorer PRO (20240806)"],"avAllowList":["360 Total Security (20240806)","Avast Premium Security (20240806)","AVG Internet Security (20240806)","Avira Internet Security (20240806)","Bitdefender Internet Security (20240806)","K7 Total Security (20240806)","McAfee Total Protection (20240806)","Quick Heal Internet Security (20240806)","Trend Micro Internet Security (20240806)","Webroot SecureAnywhere (20240806)","Windows Defender (20240806)"]}],"additionalFiles":[],"sources":[{"howFound":"DownloadAstro Search","reference":"","landingPage":"https://disc-tools.com/","directDownloadingLink":"https://disc-tools.com/download/dtLite","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://disc-tools.com/download/dtLite","sourceIndex":"818"}],"sampleFiles":["231109/daemontoolslite-220714/12.0.0.2126/Samples/DTLite1200-2126.exe"],"imageFiles":["231109/daemontoolslite-220714/12.0.0.2126/Images/ACR-084/ACR-084_Software_1.png","231109/daemontoolslite-220714/12.0.0.2126/Images/ACR-084/ACR-084_Software_2.png","231109/daemontoolslite-220714/12.0.0.2126/Images/ACR-048/ACR-048_Software_1.png","231109/daemontoolslite-220714/12.0.0.2126/Images/ACR-048/ACR-048_Software_2.png","231109/daemontoolslite-220714/12.0.0.2126/Images/ACR-048/ACR-048_Software_3.png","231109/daemontoolslite-220714/12.0.0.2126/Images/ACR-059/ACR-059_Bundler-made offers_1.png","231109/daemontoolslite-220714/12.0.0.2126/Images/ACR-059/ACR-059.JPG","231109/daemontoolslite-220714/12.0.0.2126/Images/ACR-155/ACR-155.JPG","231109/daemontoolslite-220714/12.0.0.2126/Images/ACR-155/ACR-155_Bundler-made offers_1.png","231109/daemontoolslite-220714/12.0.0.2126/Images/ACR-042/ACR-042 (1).JPG","231109/daemontoolslite-220714/12.0.0.2126/Images/ACR-042/ACR-042 (2).JPG","231109/daemontoolslite-220714/12.0.0.2126/Images/ACR-048/ACR-048.JPG","231109/daemontoolslite-220714/12.0.0.2126/Images/ACR-013/ACR-013.JPG","231109/daemontoolslite-220714/12.0.0.2126/Images/ACR-013/ACR-013_Install_1.png","231109/daemontoolslite-220714/12.0.0.2126/Images/ACR-097/ACR-097_Software_1.png","231109/daemontoolslite-220714/12.0.0.2126/Images/ACR-118/ACR-118_Uninstall_1.png","231109/daemontoolslite-220714/12.0.0.2126/Images/ACR-118/ACR-118_Uninstall_2.png","231109/daemontoolslite-220714/12.0.0.2126/Images/ACR-057/ACR-057.JPG","231109/daemontoolslite-220714/12.0.0.2126/Images/ACR-057/ACR-057_Bundler-made offers_1.png","231109/daemontoolslite-220714/12.0.0.2126/Images/ACR-055/ACR-055.JPG","231109/daemontoolslite-220714/12.0.0.2126/Images/ACR-060/ACR-060.JPG","231109/daemontoolslite-220714/12.0.0.2126/Images/ACR-060/ACR-060_Bundler-made offers_1.png"],"nonDeceptorImageFiles":[],"guid":"17abde56-37a4-48ca-b33d-5a031f4a0ae8_12.0.0.2126_1","appID":"daemontoolslite-220714","dateAdded":"240930","deceptorType":"App","name":"Daemon Tools Lite","company":"Disc Soft Ltd","version":"12.0.0.2126","lastKnownStatus":"1.4.28.0082;11.2.0.2067;11.2.0.2074;11.2.0.2078;11.2.0.2080;11.2.0.2086;11.2.0.2083;11.2.0.2092;11.2.0.2093;11.2.0.2099;11.2.0.2105;12.0.0.2126;12.1.0.2169;12.1.0.2180;12.1.0.2211","lastKnownDate":"240930","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2024-09-30T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":15,"sortOrder":514},{"violations":{"ACR-048":"The app does not provide control to enable/disable the startup item and to remove its background process completely within the app's settings. \nThe app does not provide option to cancel the installation process.\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software.\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software.\n","ACR-084":"1. On closing the app, the application doesn't exit completely. Several processes run in the background, hiding the fact that it is active from the consumer without any notification.\n2. The app creates an undisclosed startup item to perform an action without the consumer's knowledge and consent.\n","ACR-097":"The app adds an exception for Windows firewall to evade the default system security guard.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components on the device without the consumer's consent or notifying the user.\n","ACR-057":"Offers don't have clear way for user to accept or decline. \n","ACR-055":"The accept/Decline options are not consistent for offers.\n","ACR-059":"The Offer is not clearly marked as an optional offer. \n","ACR-155":"Offers are designed to look like part of the install workflow\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"DTLite1120-2099.exe","isInstaller":"True","companyName":"Disc Soft FZE LLC","fileVersion":"11.2","hashMD5":"e4d3c3ef70a9a656fe05c3d4a14b0e32","hashSHA1":"c41b2f26b1419102b0bbbed6d9aefbfb1d12720d","hashSHA256":"832d1a3d7fb0ded0c8224fc7fc62418f927255bbc1f9a89aaf87ab2f24a9ac8b","digitalCertThumbprint":"9A8EC24D4552F8EB8902FAB19EAF95DC2A2EA407","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"AVB Disc Soft, SIA\", O=\"AVB Disc Soft, SIA\", STREET=Turaidas iela 65A, L=Jūrmala, PostalCode=2015, C=LV","sourceIndex":"927","avBlockList":["Bitdefender Internet Security (20240725)","COMODO Antivirus (20240725)","Dr.Web Security Space (20240725)","ESET Internet Security (20240725)","G DATA INTERNET SECURITY (20240725)","Kaspersky Internet Security (20240725)","Malwarebytes Premium (20240725)","McAfee Total Protection (20240725)","Norton Security (20240725)","Panda Dome (20240725)","Quick Heal Internet Security (20240725)","Sophos Home Premium (20240725)","SpyHunter5 (20240725)","Total AV Antivirus Pro (20240725)","VIPRE Advanced Security (20240725)","VirIT eXplorer PRO (20240725)","FortectPremium (20240725)"],"avAllowList":["360 Total Security (20240725)","Avast Premium Security (20240725)","AVG Internet Security (20240725)","Avira Internet Security (20240725)","K7 Total Security (20240725)","Trend Micro Internet Security (20240725)","Webroot SecureAnywhere (20240725)","Windows Defender (20240725)"]}],"additionalFiles":[],"sources":[{"howFound":"DownloadAstro Search","reference":"","landingPage":"https://disc-tools.com/","directDownloadingLink":"https://disc-tools.com/download/dtLite","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://disc-tools.com/download/dtLite","sourceIndex":"927"}],"sampleFiles":["230809/daemontoolslite-220714/11.2.0.2099/Samples/DTLite1120-2099.exe"],"imageFiles":["230809/daemontoolslite-220714/11.2.0.2099/Images/ACR-084/ACR-084.PNG","230809/daemontoolslite-220714/11.2.0.2099/Images/ACR-084/ACR-084_1.PNG","230809/daemontoolslite-220714/11.2.0.2099/Images/ACR-048/ACR-048.PNG","230809/daemontoolslite-220714/11.2.0.2099/Images/ACR-048/ACR-048_1.PNG","230809/daemontoolslite-220714/11.2.0.2099/Images/ACR-048/ACR-048_2.PNG","230809/daemontoolslite-220714/11.2.0.2099/Images/ACR-059/ACR-059.PNG","230809/daemontoolslite-220714/11.2.0.2099/Images/ACR-059/ACR-059_1.PNG","230809/daemontoolslite-220714/11.2.0.2099/Images/ACR-155/ACR-155.PNG","230809/daemontoolslite-220714/11.2.0.2099/Images/ACR-155/ACR-155_1.PNG","230809/daemontoolslite-220714/11.2.0.2099/Images/ACR-048/ACR-048_Install.PNG","230809/daemontoolslite-220714/11.2.0.2099/Images/ACR-013/ACR-013.PNG","230809/daemontoolslite-220714/11.2.0.2099/Images/ACR-013/ACR-013_1.PNG","230809/daemontoolslite-220714/11.2.0.2099/Images/ACR-097/ACR-097.PNG","230809/daemontoolslite-220714/11.2.0.2099/Images/ACR-118/ACR-118.PNG","230809/daemontoolslite-220714/11.2.0.2099/Images/ACR-057/ACR-057.PNG","230809/daemontoolslite-220714/11.2.0.2099/Images/ACR-057/ACR-057_1.PNG","230809/daemontoolslite-220714/11.2.0.2099/Images/ACR-055/ACR-055.PNG","230809/daemontoolslite-220714/11.2.0.2099/Images/ACR-055/ACR-055_1.PNG","230809/daemontoolslite-220714/11.2.0.2099/Images/ACR-060/ACR-060.PNG","230809/daemontoolslite-220714/11.2.0.2099/Images/ACR-060/ACR-060_1.PNG"],"nonDeceptorImageFiles":[],"guid":"17abde56-37a4-48ca-b33d-5a031f4a0ae8_11.2.0.2099_1","appID":"daemontoolslite-220714","dateAdded":"240930","deceptorType":"App","name":"Daemon Tools Lite","company":"Disc Soft Ltd","version":"11.2.0.2099","lastKnownStatus":"1.4.28.0082;11.2.0.2067;11.2.0.2074;11.2.0.2078;11.2.0.2080;11.2.0.2086;11.2.0.2083;11.2.0.2092;11.2.0.2093;11.2.0.2099;11.2.0.2105;12.0.0.2126;12.1.0.2169;12.1.0.2180;12.1.0.2211","lastKnownDate":"240930","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2024-09-30T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":15,"sortOrder":516},{"violations":{"ACR-048":"The app does not provide control to enable/disable the startup item and to remove its background process completely within the app's settings. \nThe app does not provide option to cancel the installation process.\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software.\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software.\n","ACR-084":"1. On closing the app, the application doesn't exit completely. Several processes run in the background, hiding the fact that it is active from the consumer without any notification.\n2. The app creates an undisclosed startup item to perform an action without the consumer's knowledge and consent.\n","ACR-097":"The app adds an exception for Windows firewall to evade the default system security guard.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components on the device without the consumer's consent or notifying the user.\n","ACR-057":"Offers don't have clear way for user to accept or decline. \n","ACR-055":"The accept/Decline options are not consistent for offers.\n","ACR-059":"The Offer is not clearly marked as an optional offer. \n","ACR-155":"Offers are designed to look like part of the install workflow\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files\\DAEMON Tools Lite\\DTAgent.exe","companyName":"Disc Soft FZE LLC","productName":"DAEMON Tools Lite","productVersion":"11.2.0.2093","fileVersion":"11.2.0.2093","hashMD5":"f3b9d6a5c1fc7e30585ec69799da9070","hashSHA1":"c049706a95df5a4afe8afe3ad675a365e668b889","hashSHA256":"974fe68423f2f6f2728781018410a6cc70cf675024e0d57e7c1225b2413cb0b9","digitalCertThumbprint":"9A8EC24D4552F8EB8902FAB19EAF95DC2A2EA407","digitalCertIssuer":"Sectigo RSA Code Signing CA","digitalCertIssuedTo":"AVB Disc Soft SIA","storeId":"","sourceIndex":"930","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Program Files\\DAEMON Tools Lite\\DTLite.exe","companyName":"Disc Soft FZE LLC","productName":"DAEMON Tools Lite","productVersion":"11.2.0.2093","fileVersion":"11.2.0.2093","hashMD5":"1896aed4c8a16a2a4108290817617cdc","hashSHA1":"28dacde3c46dc29fe25e19d45741460639a3667c","hashSHA256":"80c752a3e0567377c0e1be10efa0f46a9515a36d866bc46d852fa9259da6d2f7","digitalCertThumbprint":"9A8EC24D4552F8EB8902FAB19EAF95DC2A2EA407","digitalCertIssuer":"Sectigo RSA Code Signing CA","digitalCertIssuedTo":"AVB Disc Soft SIA","storeId":"","sourceIndex":"930","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Program Files\\DAEMON Tools Lite\\DTShellHlp.exe","companyName":"Disc Soft FZE LLC","productName":"DAEMON Tools Lite","productVersion":"11.2.0.2093","fileVersion":"11.2.0.2093","hashMD5":"6b3af249cde075a97f850aebea9a478c","hashSHA1":"f9c064dc2fae1acd1394be7747509d6cec9a0155","hashSHA256":"2472cd7f88bcd7c0ff68ad46ec9dc74f176de08fe023fa4c56628cfd047db197","digitalCertThumbprint":"9A8EC24D4552F8EB8902FAB19EAF95DC2A2EA407","digitalCertIssuer":"Sectigo RSA Code Signing CA","digitalCertIssuedTo":"AVB Disc Soft SIA","storeId":"","sourceIndex":"930","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"DTLite1120-2093.exe","isInstaller":"True","companyName":"Disc Soft FZE LLC","productName":"DAEMON Tools Lite Installer","productVersion":"11.2.0.2093","fileVersion":"11.2.0.2093","hashMD5":"c005b2930a60c36655178ffa1c7c4db2","hashSHA1":"768265f50f0a6aab88fd5d981e249c81b2e95af4","hashSHA256":"0e59151c34a711f537c1227c1bc9325004d068d44bec627c8503d917a603b4d3","digitalCertThumbprint":"9A8EC24D4552F8EB8902FAB19EAF95DC2A2EA407","digitalCertIssuer":"Sectigo RSA Code Signing CA","digitalCertIssuedTo":"AVB Disc Soft SIA","storeId":"","sourceIndex":"930","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on windows app","reference":"","landingPage":"https://disc-tools.com/","directDownloadingLink":"https://disc-tools.com/download/dtLite","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://disc-tools.com/download/dtLite","sourceIndex":"930"}],"sampleFiles":["230807/daemontoolslite-220714/11.2.0.2093/Samples/DTLite1120-2093.exe"],"imageFiles":["230807/daemontoolslite-220714/11.2.0.2093/Images/ACR-084/ACR-084.PNG","230807/daemontoolslite-220714/11.2.0.2093/Images/ACR-084/ACR-084_1.PNG","230807/daemontoolslite-220714/11.2.0.2093/Images/ACR-048/ACR-048.PNG","230807/daemontoolslite-220714/11.2.0.2093/Images/ACR-048/ACR-048_1.PNG","230807/daemontoolslite-220714/11.2.0.2093/Images/ACR-048/ACR-048_2.PNG","230807/daemontoolslite-220714/11.2.0.2093/Images/ACR-059/ACR-059.PNG","230807/daemontoolslite-220714/11.2.0.2093/Images/ACR-059/ACR-059_1.PNG","230807/daemontoolslite-220714/11.2.0.2093/Images/ACR-155/ACR-155.PNG","230807/daemontoolslite-220714/11.2.0.2093/Images/ACR-155/ACR-155_1.PNG","230807/daemontoolslite-220714/11.2.0.2093/Images/ACR-048/ACR-048_Install.PNG","230807/daemontoolslite-220714/11.2.0.2093/Images/ACR-013/ACR-013.PNG","230807/daemontoolslite-220714/11.2.0.2093/Images/ACR-013/ACR-013_1.PNG","230807/daemontoolslite-220714/11.2.0.2093/Images/ACR-097/ACR-097.PNG","230807/daemontoolslite-220714/11.2.0.2093/Images/ACR-118/ACR-118.PNG","230807/daemontoolslite-220714/11.2.0.2093/Images/ACR-057/ACR-057.PNG","230807/daemontoolslite-220714/11.2.0.2093/Images/ACR-057/ACR-057_1.PNG","230807/daemontoolslite-220714/11.2.0.2093/Images/ACR-055/ACR-055.PNG","230807/daemontoolslite-220714/11.2.0.2093/Images/ACR-055/ACR-055_1.PNG","230807/daemontoolslite-220714/11.2.0.2093/Images/ACR-060/ACR-060.PNG","230807/daemontoolslite-220714/11.2.0.2093/Images/ACR-060/ACR-060_1.PNG"],"nonDeceptorImageFiles":[],"guid":"17abde56-37a4-48ca-b33d-5a031f4a0ae8_11.2.0.2093_1","appID":"daemontoolslite-220714","dateAdded":"240930","deceptorType":"App","name":"Daemon Tools Lite","company":"Disc Soft Ltd","version":"11.2.0.2093","lastKnownStatus":"1.4.28.0082;11.2.0.2067;11.2.0.2074;11.2.0.2078;11.2.0.2080;11.2.0.2086;11.2.0.2083;11.2.0.2092;11.2.0.2093;11.2.0.2099;11.2.0.2105;12.0.0.2126;12.1.0.2169;12.1.0.2180;12.1.0.2211","lastKnownDate":"240930","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2024-09-30T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":15,"sortOrder":517},{"violations":{"ACR-048":"The app does not provide control to enable/disable the startup item and to remove its background process completely within the app's settings. \nThe app does not provide option to cancel the installation process.\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software.\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software.\n","ACR-084":"1. On closing the app, the application doesn't exit completely. Several processes run in the background, hiding the fact that it is active from the consumer without any notification.\n2. The app creates an undisclosed startup item to perform an action without the consumer's knowledge and consent.\n","ACR-097":"The app adds an exception for Windows firewall to evade the default system security guard.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components on the device without the consumer's consent or notifying the user.\n","ACR-057":"Offers don't have clear way for user to accept or decline. \n","ACR-055":"The accept/Decline options are not consistent for offers.\n","ACR-059":"The Offer is not clearly marked as an optional offer. \n","ACR-155":"Offers are designed to look like part of the install workflow\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files\\DAEMON Tools Lite\\DTAgent.exe","companyName":"Disc Soft FZE LLC","productName":"DAEMON Tools Lite","productVersion":"11.2.0.2092","fileVersion":"11.2.0.2092","hashMD5":"26a645e1d0a87251dbb129fe2256c950","hashSHA1":"a8b7c084203d29dcd2a81e90d5a3e84af7dec548","hashSHA256":"6359434bc8d2a0a165bd8be0b9df3b05fdcc8011e79159068cac1d3778f02e5e","digitalCertThumbprint":"9A8EC24D4552F8EB8902FAB19EAF95DC2A2EA407","digitalCertIssuer":"Sectigo RSA Code Signing CA","digitalCertIssuedTo":"AVB Disc Soft SIA","storeId":"","sourceIndex":"951","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Program Files\\DAEMON Tools Lite\\DTLite.exe","companyName":"Disc Soft FZE LLC","productName":"DAEMON Tools Lite","productVersion":"11.2.0.2092","fileVersion":"11.2.0.2092","hashMD5":"6b9927af1f0d4711626925ad94bc6fb3","hashSHA1":"82b1402f3282eea78a88aec9af41f03afea57506","hashSHA256":"c2c4ece4b0047a86ee0b7ed7689ea891554939414f47f1d46018a6157775240f","digitalCertThumbprint":"9A8EC24D4552F8EB8902FAB19EAF95DC2A2EA407","digitalCertIssuer":"Sectigo RSA Code Signing CA","digitalCertIssuedTo":"AVB Disc Soft SIA","storeId":"","sourceIndex":"951","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Program Files\\DAEMON Tools Lite\\DTShellHlp.exe","companyName":"Disc Soft FZE LLC","productName":"DAEMON Tools Lite","productVersion":"11.2.0.2092","fileVersion":"11.2.0.2092","hashMD5":"67c2e52e7983f28b66650181231afb09","hashSHA1":"04078af3068cef01db8795562b9e420b7ad09401","hashSHA256":"8965a24a153c07e8ef1e02b48359cf10f6eae9b161cdc099930f1d5fa4044945","digitalCertThumbprint":"9A8EC24D4552F8EB8902FAB19EAF95DC2A2EA407","digitalCertIssuer":"Sectigo RSA Code Signing CA","digitalCertIssuedTo":"AVB Disc Soft SIA","storeId":"","sourceIndex":"951","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"DTLite1120-2092.exe","isInstaller":"True","companyName":"Disc Soft FZE LLC","productName":"DAEMON Tools Lite Installer","productVersion":"11.2.0.2092","fileVersion":"11.2.0.2092","hashMD5":"79fd3dd2fc7f64ad49d6e91050e58c56","hashSHA1":"e146cca39cb35d9b72901da20fb39f60197f15e9","hashSHA256":"04590a4dbd2f6995f2a864433ce2d651992be0b3ebef9a7aa9d8bcd47d1f1c56","digitalCertThumbprint":"9A8EC24D4552F8EB8902FAB19EAF95DC2A2EA407","digitalCertIssuer":"Sectigo RSA Code Signing CA","digitalCertIssuedTo":"AVB Disc Soft SIA","storeId":"","sourceIndex":"951","avBlockList":["Avira Internet Security (20240723)","ESET Internet Security (20240723)","K7 Total Security (20240723)","Malwarebytes Premium (20240723)","McAfee Total Protection (20240723)","Norton Security (20240723)","Panda Dome (20240723)","Quick Heal Internet Security (20240723)","Sophos Home Premium (20240723)","SpyHunter5 (20240723)","Total AV Antivirus Pro (20240723)","VirIT eXplorer PRO (20240723)","Webroot SecureAnywhere (20240723)","Windows Defender (20240723)","FortectPremium (20240723)"],"avAllowList":["360 Total Security (20240723)","Avast Premium Security (20240723)","AVG Internet Security (20240723)","Bitdefender Internet Security (20240723)","COMODO Antivirus (20240723)","Dr.Web Security Space (20240723)","G DATA INTERNET SECURITY (20240723)","Kaspersky Internet Security (20240723)","Trend Micro Internet Security (20240723)","VIPRE Advanced Security (20240723)"]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on windows app","reference":"","landingPage":"https://disc-tools.com/","directDownloadingLink":"https://disc-tools.com/download/dtLite","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://disc-tools.com/download/dtLite","sourceIndex":"951"}],"sampleFiles":["230727/daemontoolslite-220714/11.2.0.2092/Samples/DTLite1120-2092.exe"],"imageFiles":["230727/daemontoolslite-220714/11.2.0.2092/Images/ACR-084/ACR-084.PNG","230727/daemontoolslite-220714/11.2.0.2092/Images/ACR-084/ACR-084_1.PNG","230727/daemontoolslite-220714/11.2.0.2092/Images/ACR-048/ACR-048.PNG","230727/daemontoolslite-220714/11.2.0.2092/Images/ACR-048/ACR-048_1.PNG","230727/daemontoolslite-220714/11.2.0.2092/Images/ACR-048/ACR-048_2.PNG","230727/daemontoolslite-220714/11.2.0.2092/Images/ACR-059/ACR-059.PNG","230727/daemontoolslite-220714/11.2.0.2092/Images/ACR-059/ACR-059_1.PNG","230727/daemontoolslite-220714/11.2.0.2092/Images/ACR-155/ACR-155.PNG","230727/daemontoolslite-220714/11.2.0.2092/Images/ACR-155/ACR-155_1.PNG","230727/daemontoolslite-220714/11.2.0.2092/Images/ACR-048/ACR-048_Install.PNG","230727/daemontoolslite-220714/11.2.0.2092/Images/ACR-013/ACR-013.PNG","230727/daemontoolslite-220714/11.2.0.2092/Images/ACR-013/ACR-013_1.PNG","230727/daemontoolslite-220714/11.2.0.2092/Images/ACR-097/ACR-097.PNG","230727/daemontoolslite-220714/11.2.0.2092/Images/ACR-118/ACR-118.PNG","230727/daemontoolslite-220714/11.2.0.2092/Images/ACR-057/ACR-057.PNG","230727/daemontoolslite-220714/11.2.0.2092/Images/ACR-057/ACR-057_1.PNG","230727/daemontoolslite-220714/11.2.0.2092/Images/ACR-055/ACR-055.PNG","230727/daemontoolslite-220714/11.2.0.2092/Images/ACR-055/ACR-055_1.PNG","230727/daemontoolslite-220714/11.2.0.2092/Images/ACR-060/ACR-060.PNG","230727/daemontoolslite-220714/11.2.0.2092/Images/ACR-060/ACR-060_1.PNG"],"nonDeceptorImageFiles":[],"guid":"17abde56-37a4-48ca-b33d-5a031f4a0ae8_11.2.0.2092_1","appID":"daemontoolslite-220714","dateAdded":"240930","deceptorType":"App","name":"Daemon Tools Lite","company":"Disc Soft Ltd","version":"11.2.0.2092","lastKnownStatus":"1.4.28.0082;11.2.0.2067;11.2.0.2074;11.2.0.2078;11.2.0.2080;11.2.0.2086;11.2.0.2083;11.2.0.2092;11.2.0.2093;11.2.0.2099;11.2.0.2105;12.0.0.2126;12.1.0.2169;12.1.0.2180;12.1.0.2211","lastKnownDate":"240930","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2024-09-30T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":15,"sortOrder":518},{"violations":{"ACR-048":"The app does not provide control to enable/disable the startup item and to remove its background process completely within the app's settings. \nThe app does not provide option to cancel the installation process.\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software.\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software.\n","ACR-084":"1. On qutting the app, the application doesn't exit completely. Several processes run in the background, hiding the fact that it is active from the consumer without any notification.\n2. The app creates an undisclosed startup item to perform an action without the consumer's knowledge and consent.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components on the device without the consumer's consent or notifying the user.\n","ACR-057":"Offers don't have clear way for user to accept or decline. \n","ACR-055":"The accept/Decline options are not consistent for offers.\n","ACR-059":"The Offer is not clearly marked as an optional offer. \n","ACR-155":"Offers are designed to look like part of the install workflow\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files\\DAEMON Tools Lite\\DTAgent.exe","companyName":"Disc Soft FZE LLC","productName":"DAEMON Tools Lite","productVersion":"11.2.0.2083","fileVersion":"11.2.0.2083","hashMD5":"afafce5db0bbb366a9bc1a792b09b471","hashSHA1":"d1be115ab6731b83d3f4c59ca1a539a6dc730487","hashSHA256":"a46b44b79593755f829a0fef6cf84384d45d484aecd986c38f0214daf8096f46","digitalCertThumbprint":"9A8EC24D4552F8EB8902FAB19EAF95DC2A2EA407","digitalCertIssuer":"Sectigo RSA Code Signing CA","digitalCertIssuedTo":"AVB Disc Soft SIA","storeId":"","sourceIndex":"982","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Program Files\\DAEMON Tools Lite\\DTLite.exe","companyName":"Disc Soft FZE LLC","productName":"DAEMON Tools Lite","productVersion":"11.2.0.2083","fileVersion":"11.2.0.2083","hashMD5":"a54e2da8758afe8edfacc093c0f51d25","hashSHA1":"2dbdf43fc37d92d9922319f8ad213bf97f050e78","hashSHA256":"ce0a31ae3328fade9be8f420a950beef8762be2e33cc1353ea5f1ced09f16e47","digitalCertThumbprint":"9A8EC24D4552F8EB8902FAB19EAF95DC2A2EA407","digitalCertIssuer":"Sectigo RSA Code Signing CA","digitalCertIssuedTo":"AVB Disc Soft SIA","storeId":"","sourceIndex":"982","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Program Files\\DAEMON Tools Lite\\DTShellHlp.exe","companyName":"Disc Soft FZE LLC","productName":"DAEMON Tools Lite","productVersion":"11.2.0.2083","fileVersion":"11.2.0.2083","hashMD5":"85d0be8a7f277b2cbfbd3145e847b8b3","hashSHA1":"0f742a0a59c7db4221ca7ef335c8eaa2f79d1fb2","hashSHA256":"3811cf60e193b9e89df4e2900a43958bf0c0551495adf9cbbff8c2956bfdaf92","digitalCertThumbprint":"9A8EC24D4552F8EB8902FAB19EAF95DC2A2EA407","digitalCertIssuer":"Sectigo RSA Code Signing CA","digitalCertIssuedTo":"AVB Disc Soft SIA","storeId":"","sourceIndex":"982","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"DTLite1120-2083.exe","isInstaller":"True","companyName":"Disc Soft FZE LLC","productName":"DAEMON Tools Lite Installer","productVersion":"11.2.0.2083","fileVersion":"11.2.0.2083","hashMD5":"66d7c99a0ae87f65d7c8ecd2f6f033bc","hashSHA1":"16ad24e0e2f5619f4c494796fba891b680ed8bda","hashSHA256":"48a9967063fd1c926d1ce020c48b301da99a04af3b1a8164fdf7aa3c9da7039a","digitalCertThumbprint":"9A8EC24D4552F8EB8902FAB19EAF95DC2A2EA407","digitalCertIssuer":"Sectigo RSA Code Signing CA","digitalCertIssuedTo":"AVB Disc Soft SIA","storeId":"","sourceIndex":"982","avBlockList":["Avira Internet Security (20230810)","ESET Internet Security (20230810)","K7 Total Security (20230810)","Malwarebytes Premium (20230810)","McAfee Total Protection (20230810)","Norton Security (20230810)","Panda Dome (20230810)","Quick Heal Internet Security (20230810)","Sophos Home Premium (20230810)","SpyHunter5 (20230810)","Total AV Antivirus Pro (20230810)","VirIT eXplorer PRO (20230810)","Webroot SecureAnywhere (20230810)","Windows Defender (20230810)"],"avAllowList":["360 Total Security (20230810)","Avast Premium Security (20230810)","AVG Internet Security (20230810)","Bitdefender Internet Security (20230810)","COMODO Antivirus (20230810)","Dr.Web Security Space (20230810)","G DATA INTERNET SECURITY (20230810)","Kaspersky Internet Security (20230810)","Trend Micro Internet Security (20230810)","VIPRE Advanced Security (20230810)"]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on windows app","reference":"","landingPage":"https://disc-tools.com/","directDownloadingLink":"https://disc-tools.com/download/dtLite","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://disc-tools.com/download/dtLite","sourceIndex":"982"}],"sampleFiles":["230713/daemontoolslite-220714/11.2.0.2083/Samples/DTLite1120-2083.exe"],"imageFiles":["230713/daemontoolslite-220714/11.2.0.2083/Images/ACR-084/ACR-084_Software_1.png","230713/daemontoolslite-220714/11.2.0.2083/Images/ACR-084/ACR-084_Software_2.png","230713/daemontoolslite-220714/11.2.0.2083/Images/ACR-048/ACR-048_Software_1.png","230713/daemontoolslite-220714/11.2.0.2083/Images/ACR-048/ACR-048_Software_2.png","230713/daemontoolslite-220714/11.2.0.2083/Images/ACR-048/ACR-048_Software_3.png","230713/daemontoolslite-220714/11.2.0.2083/Images/ACR-059/ACR-059.JPG","230713/daemontoolslite-220714/11.2.0.2083/Images/ACR-059/ACR-059_Bundler-made offers_1.png","230713/daemontoolslite-220714/11.2.0.2083/Images/ACR-155/ACR-155.JPG","230713/daemontoolslite-220714/11.2.0.2083/Images/ACR-155/ACR-155_Bundler-made offers_1.png","230713/daemontoolslite-220714/11.2.0.2083/Images/ACR-048/ACR-048_Install.JPG","230713/daemontoolslite-220714/11.2.0.2083/Images/ACR-013/ACR-013.JPG","230713/daemontoolslite-220714/11.2.0.2083/Images/ACR-013/ACR-013_Install_1.png","230713/daemontoolslite-220714/11.2.0.2083/Images/ACR-118/ACR-118_Uninstall_1.png","230713/daemontoolslite-220714/11.2.0.2083/Images/ACR-057/ACR-057.JPG","230713/daemontoolslite-220714/11.2.0.2083/Images/ACR-057/ACR-057_Bundler-made offers_1.png","230713/daemontoolslite-220714/11.2.0.2083/Images/ACR-055/ACR-055.JPG","230713/daemontoolslite-220714/11.2.0.2083/Images/ACR-055/ACR-055_Bundler-made offers_1.png","230713/daemontoolslite-220714/11.2.0.2083/Images/ACR-060/ACR-060.JPG","230713/daemontoolslite-220714/11.2.0.2083/Images/ACR-060/ACR-060_Bundler-made offers_1.png"],"nonDeceptorImageFiles":[],"guid":"17abde56-37a4-48ca-b33d-5a031f4a0ae8_11.2.0.2083_1","appID":"daemontoolslite-220714","dateAdded":"240930","deceptorType":"App","name":"Daemon Tools Lite","company":"Disc Soft Ltd","version":"11.2.0.2083","lastKnownStatus":"1.4.28.0082;11.2.0.2067;11.2.0.2074;11.2.0.2078;11.2.0.2080;11.2.0.2086;11.2.0.2083;11.2.0.2092;11.2.0.2093;11.2.0.2099;11.2.0.2105;12.0.0.2126;12.1.0.2169;12.1.0.2180;12.1.0.2211","lastKnownDate":"240930","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2024-09-30T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":15,"sortOrder":519},{"violations":{"ACR-048":"The app does not provide control to enable/disable the startup item and to remove its background process completely within the app's settings. \nThe app does not provide option to cancel the installation process.\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software.\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software.\n","ACR-084":"1. On qutting the app, the application doesn't exit completely. Several processes run in the background, hiding the fact that it is active from the consumer without any notification.\n2. The app creates an undisclosed startup item to perform an action without the consumer's knowledge and consent.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components on the device without the consumer's consent or notifying the user.\n","ACR-057":"Offers don't have clear way for user to accept or decline. \n","ACR-055":"The accept/Decline options are not consistent for offers.\n","ACR-059":"The Offer is not clearly marked as an optional offer. \n","ACR-155":"Offers are designed to look like part of the install workflow\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files\\DAEMON Tools Lite\\DTAgent.exe","companyName":"Disc Soft FZE LLC","productName":"DAEMON Tools Lite","productVersion":"11.2.0.2086","fileVersion":"11.2.0.2086","hashMD5":"3134102000ce38bf5bfb96faf5f279c7","hashSHA1":"990889841a9bbb90343a1f91eae766254d6c3f11","hashSHA256":"3856f0eebf62dc075bd8368f874b3615ff96a863ed5bade1f452daf24c16bcd0","digitalCertThumbprint":"9A8EC24D4552F8EB8902FAB19EAF95DC2A2EA407","digitalCertIssuer":"Sectigo RSA Code Signing CA","digitalCertIssuedTo":"AVB Disc Soft SIA","storeId":"","sourceIndex":"1036","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Program Files\\DAEMON Tools Lite\\DTLite.exe","companyName":"Disc Soft FZE LLC","productName":"DAEMON Tools Lite","productVersion":"11.2.0.2086","fileVersion":"11.2.0.2086","hashMD5":"250a15739904347ac9adbbb0385f445c","hashSHA1":"be77f1cdfa87305e17e41c192a0e801df456121e","hashSHA256":"686562df2e72eb4042b1a5bb9a5e950631de70733bd1ade79b36515dfbd478ec","digitalCertThumbprint":"9A8EC24D4552F8EB8902FAB19EAF95DC2A2EA407","digitalCertIssuer":"Sectigo RSA Code Signing CA","digitalCertIssuedTo":"AVB Disc Soft SIA","storeId":"","sourceIndex":"1036","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Program Files\\DAEMON Tools Lite\\DTShellHlp.exe","companyName":"Disc Soft FZE LLC","productName":"DAEMON Tools Lite","productVersion":"11.2.0.2086","fileVersion":"11.2.0.2086","hashMD5":"8b708f345812e6cebde56c52f88d4a22","hashSHA1":"ecf9f4d483634671d087ec30de7489a6856cc452","hashSHA256":"7c333cc409947e52a001e905d27f1871291a0c67aeb43f273823ad16a9fc0f42","digitalCertThumbprint":"9A8EC24D4552F8EB8902FAB19EAF95DC2A2EA407","digitalCertIssuer":"Sectigo RSA Code Signing CA","digitalCertIssuedTo":"AVB Disc Soft SIA","storeId":"","sourceIndex":"1036","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"DTLiteInstaller1.4.28.0086.exe","isInstaller":"True","companyName":"Disc Soft FZE LLC","productName":"DAEMON Tools Lite Installer","productVersion":"1.4.28.0086","fileVersion":"1.4.28.0086","hashMD5":"d9da7a69d0ebacff11ba3cf529f6ccc6","hashSHA1":"10d9f08cfbc589e440f45ae6eeaae27a004f4f70","hashSHA256":"f5fc93d719b87dd855c8a0eb1c3030dee18e4566cd36b99a06b4b06497fbddb5","digitalCertThumbprint":"9A8EC24D4552F8EB8902FAB19EAF95DC2A2EA407","digitalCertIssuer":"Sectigo RSA Code Signing CA","digitalCertIssuedTo":"AVB Disc Soft SIA","storeId":"","sourceIndex":"1036","avBlockList":["Avast Premium Security (20231214)","Avira Internet Security (20231214)","ESET Internet Security (20231214)","G DATA INTERNET SECURITY (20231214)","K7 Total Security (20231214)","Malwarebytes Premium (20231214)","McAfee Total Protection (20231214)","Norton Security (20231214)","Panda Dome (20231214)","Quick Heal Internet Security (20231214)","Sophos Home Premium (20231214)","SpyHunter5 (20231214)","Total AV Antivirus Pro (20231214)","VirIT eXplorer PRO (20231214)","Webroot SecureAnywhere (20231214)","Windows Defender (20231214)"],"avAllowList":["360 Total Security (20231214)","AVG Internet Security (20231214)","Bitdefender Internet Security (20231214)","COMODO Antivirus (20231214)","Dr.Web Security Space (20231214)","Kaspersky Internet Security (20231214)","Trend Micro Internet Security (20231214)","VIPRE Advanced Security (20231214)"]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on windows app","reference":"","landingPage":"https://disc-tools.com/","directDownloadingLink":"https://disc-tools.com/download/dtLite","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://disc-tools.com/download/dtLite","sourceIndex":"1036"}],"sampleFiles":["230622/daemontoolslite-220714/11.2.0.2086/Samples/DTLiteInstaller1.4.28.0086.exe"],"imageFiles":["230622/daemontoolslite-220714/11.2.0.2086/Images/ACR-084/ACR-084.JPG","230622/daemontoolslite-220714/11.2.0.2086/Images/ACR-084/ACR-084_1.JPG","230622/daemontoolslite-220714/11.2.0.2086/Images/ACR-048/ACR-048.JPG","230622/daemontoolslite-220714/11.2.0.2086/Images/ACR-048/ACR-048_1.JPG","230622/daemontoolslite-220714/11.2.0.2086/Images/ACR-048/ACR-048_2.JPG","230622/daemontoolslite-220714/11.2.0.2086/Images/ACR-059/ACR-059.JPG","230622/daemontoolslite-220714/11.2.0.2086/Images/ACR-059/ACR-059_1.JPG","230622/daemontoolslite-220714/11.2.0.2086/Images/ACR-155/ACR-155.JPG","230622/daemontoolslite-220714/11.2.0.2086/Images/ACR-155/ACR-155_1.JPG","230622/daemontoolslite-220714/11.2.0.2086/Images/ACR-048/ACR-048_INSTALL.JPG","230622/daemontoolslite-220714/11.2.0.2086/Images/ACR-013/ACR-013.JPG","230622/daemontoolslite-220714/11.2.0.2086/Images/ACR-013/ACR-013_1.JPG","230622/daemontoolslite-220714/11.2.0.2086/Images/ACR-118/ACR-118.JPG","230622/daemontoolslite-220714/11.2.0.2086/Images/ACR-057/ACR-057.JPG","230622/daemontoolslite-220714/11.2.0.2086/Images/ACR-057/ACR-057_1.JPG","230622/daemontoolslite-220714/11.2.0.2086/Images/ACR-055/ACR-055.JPG","230622/daemontoolslite-220714/11.2.0.2086/Images/ACR-055/ACR-055_1.JPG","230622/daemontoolslite-220714/11.2.0.2086/Images/ACR-060/ACR-060.JPG","230622/daemontoolslite-220714/11.2.0.2086/Images/ACR-060/ACR-060_1.JPG"],"nonDeceptorImageFiles":[],"guid":"17abde56-37a4-48ca-b33d-5a031f4a0ae8_11.2.0.2086_1","appID":"daemontoolslite-220714","dateAdded":"240930","deceptorType":"App","name":"Daemon Tools Lite","company":"Disc Soft Ltd","version":"11.2.0.2086","lastKnownStatus":"1.4.28.0082;11.2.0.2067;11.2.0.2074;11.2.0.2078;11.2.0.2080;11.2.0.2086;11.2.0.2083;11.2.0.2092;11.2.0.2093;11.2.0.2099;11.2.0.2105;12.0.0.2126;12.1.0.2169;12.1.0.2180;12.1.0.2211","lastKnownDate":"240930","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2024-09-30T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":15,"sortOrder":520},{"violations":{"ACR-048":"The app does not provide control to enable/disable the startup item and to remove its background process completely within the app's settings. \nThe app does not provide option to cancel the installation process.\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software.\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software.\n","ACR-084":"1. On qutting the app, the application doesn't exit completely. Several processes run in the background, hiding the fact that it is active from the consumer without any notification.\n2. The app creates an undisclosed startup item to perform an action without the consumer's knowledge and consent.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components on the device without the consumer's consent or notifying the user.\n","ACR-057":"Offers don't have clear way for user to accept or decline. \n","ACR-055":"The accept/Decline options are not consistent for offers.\n","ACR-059":"The Offer is not clearly marked as an optional offer. \n","ACR-155":"Offers are designed to look like part of the install workflow\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files\\DAEMON Tools Lite\\DTAgent.exe","companyName":"Disc Soft FZE LLC","productName":"DAEMON Tools Lite","productVersion":"11.2.0.2080","fileVersion":"11.2.0.2080","hashMD5":"eca5218d8b5b8b4679f85d67b2cc66d6","hashSHA1":"def90dba86b12c5ac9ba92bd52335d34c0ab176e","hashSHA256":"f13c0e331dd66a919a33bb3dd8575397e1d2f22c4ec5b9c7dd47d0436682708d","digitalCertThumbprint":"9A8EC24D4552F8EB8902FAB19EAF95DC2A2EA407","digitalCertIssuer":"Sectigo RSA Code Signing CA","digitalCertIssuedTo":"AVB Disc Soft SIA","storeId":"","sourceIndex":"1047","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Program Files\\DAEMON Tools Lite\\DTLite.exe","companyName":"Disc Soft FZE LLC","productName":"DAEMON Tools Lite","productVersion":"11.2.0.2080","fileVersion":"11.2.0.2080","hashMD5":"ac7fa26e552912162b6936811e682d61","hashSHA1":"8688786fb3d6ba8d65dca8bb2edb5f27fdb30484","hashSHA256":"5fbd662b957c89dec96d01b01f2e13ec6d2a1e30b7569863622c047b9f441af9","digitalCertThumbprint":"9A8EC24D4552F8EB8902FAB19EAF95DC2A2EA407","digitalCertIssuer":"Sectigo RSA Code Signing CA","digitalCertIssuedTo":"AVB Disc Soft SIA","storeId":"","sourceIndex":"1047","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Program Files\\DAEMON Tools Lite\\DTShellHlp.exe","companyName":"Disc Soft FZE LLC","productName":"DAEMON Tools Lite","productVersion":"11.2.0.2080","fileVersion":"11.2.0.2080","hashMD5":"8fdd0ccba4b683b92fb49daf87cfd1a2","hashSHA1":"7c77ad26745496689fb30bfb91f39a8ccce6dc2c","hashSHA256":"6349c4dbc79bc2f2bb1130c63ae55b02a03a66eb8c8f8730db976b7361ddaa29","digitalCertThumbprint":"9A8EC24D4552F8EB8902FAB19EAF95DC2A2EA407","digitalCertIssuer":"Sectigo RSA Code Signing CA","digitalCertIssuedTo":"AVB Disc Soft SIA","storeId":"","sourceIndex":"1047","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"DTLite1120-2080.exe","isInstaller":"True","companyName":"Disc Soft FZE LLC","productName":"DAEMON Tools Lite Installer","productVersion":"11.2.0.2080","fileVersion":"11.2.0.2080","hashMD5":"67838829c0cd350d1d25c0ffa624c96c","hashSHA1":"07eeb4c125d1b888a3ad94ae1cf0b333e25ebec8","hashSHA256":"d3691e6a8bf69823b90726004c12a67e7e063cedada6fa27f40da9eb9ec960e9","digitalCertThumbprint":"9A8EC24D4552F8EB8902FAB19EAF95DC2A2EA407","digitalCertIssuer":"Sectigo RSA Code Signing CA","digitalCertIssuedTo":"AVB Disc Soft SIA","storeId":"","sourceIndex":"1047","avBlockList":["Avast Premium Security (20240201)","AVG Internet Security (20240201)","Avira Internet Security (20240201)","ESET Internet Security (20240201)","G DATA INTERNET SECURITY (20240201)","K7 Total Security (20240201)","Malwarebytes Premium (20240201)","McAfee Total Protection (20240201)","Norton Security (20240201)","Panda Dome (20240201)","Quick Heal Internet Security (20240201)","Sophos Home Premium (20240201)","SpyHunter5 (20240201)","Total AV Antivirus Pro (20240201)","VirIT eXplorer PRO (20240201)","Webroot SecureAnywhere (20240201)","Windows Defender (20240201)"],"avAllowList":["360 Total Security (20240201)","Bitdefender Internet Security (20240201)","COMODO Antivirus (20240201)","Dr.Web Security Space (20240201)","Kaspersky Internet Security (20240201)","Trend Micro Internet Security (20240201)","VIPRE Advanced Security (20240201)"]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on windows app","reference":"","landingPage":"https://disc-tools.com/","directDownloadingLink":"https://disc-tools.com/download/dtLite","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://disc-tools.com/download/dtLite","sourceIndex":"1047"}],"sampleFiles":["230615/daemontoolslite-220714/11.2.0.2080/Samples/DTLite1120-2080.exe"],"imageFiles":["230615/daemontoolslite-220714/11.2.0.2080/Images/ACR-084/ACR-084.JPG","230615/daemontoolslite-220714/11.2.0.2080/Images/ACR-048/ACR-048.JPG","230615/daemontoolslite-220714/11.2.0.2080/Images/ACR-048/ACR-048_1.JPG","230615/daemontoolslite-220714/11.2.0.2080/Images/ACR-048/ACR-048_2.JPG","230615/daemontoolslite-220714/11.2.0.2080/Images/ACR-059/ACR-059.JPG","230615/daemontoolslite-220714/11.2.0.2080/Images/ACR-059/ACR-059_1.JPG","230615/daemontoolslite-220714/11.2.0.2080/Images/ACR-155/ACR-155.JPG","230615/daemontoolslite-220714/11.2.0.2080/Images/ACR-155/ACR-155_1.JPG","230615/daemontoolslite-220714/11.2.0.2080/Images/ACR-048/ACR-048_Install.JPG","230615/daemontoolslite-220714/11.2.0.2080/Images/ACR-013/ACR-013.JPG","230615/daemontoolslite-220714/11.2.0.2080/Images/ACR-013/ACR-013_1.JPG","230615/daemontoolslite-220714/11.2.0.2080/Images/ACR-118/ACR-118.JPG","230615/daemontoolslite-220714/11.2.0.2080/Images/ACR-057/ACR-057.JPG","230615/daemontoolslite-220714/11.2.0.2080/Images/ACR-057/ACR-057_1.JPG","230615/daemontoolslite-220714/11.2.0.2080/Images/ACR-055/ACR-055.JPG","230615/daemontoolslite-220714/11.2.0.2080/Images/ACR-055/ACR-055_1.JPG","230615/daemontoolslite-220714/11.2.0.2080/Images/ACR-060/ACR-060.JPG","230615/daemontoolslite-220714/11.2.0.2080/Images/ACR-060/ACR-060_1.JPG"],"nonDeceptorImageFiles":[],"guid":"17abde56-37a4-48ca-b33d-5a031f4a0ae8_11.2.0.2080_1","appID":"daemontoolslite-220714","dateAdded":"240930","deceptorType":"App","name":"Daemon Tools Lite","company":"Disc Soft Ltd","version":"11.2.0.2080","lastKnownStatus":"1.4.28.0082;11.2.0.2067;11.2.0.2074;11.2.0.2078;11.2.0.2080;11.2.0.2086;11.2.0.2083;11.2.0.2092;11.2.0.2093;11.2.0.2099;11.2.0.2105;12.0.0.2126;12.1.0.2169;12.1.0.2180;12.1.0.2211","lastKnownDate":"240930","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2024-09-30T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":15,"sortOrder":521},{"violations":{"ACR-048":"The app does not provide control to enable/disable the startup item and to remove its background process completely within the app's settings. \nThe app does not provide option to cancel the installation process.\n","ACR-084":"1. On qutting the app, the application doesn't exit completely. Several processes run in the background, hiding the fact that it is active from the consumer without any notification.\n2. The app creates an undisclosed startup item to perform an action without the consumer's knowledge and consent.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components on the device without the consumer's consent or notifying the user.\n","ACR-059":"The Offer is not clearly marked as an optional offer. \n","ACR-155":"Offers are designed to look like part of the install workflow\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"DTLiteInstaller.exe","isInstaller":"True","companyName":"Disc Soft Ltd","productName":"DTLiteInstaller1.4.28.0082.exe","productVersion":"1.4.28.0082","fileVersion":"1.4.28.0082","hashMD5":"4ae0d57d871a8d99d8340d268a23b518","hashSHA1":"e7a931fa003baa75062be7b0297708d631a6a001","hashSHA256":"d4a3313bdf6584e22160405e72652896e1bd24df4f93fe5d0b2740be3e2cd6be","digitalCertThumbprint":"CC313A734BFA31D3F2E4C27D5762FA6D83BD5D0A","digitalCertIssuer":"COMODO RSA Code Signing CA","digitalCertIssuedTo":"AVB Disc Soft SIA","storeId":"","sourceIndex":"1515","avBlockList":["Avira Internet Security (20230926)","ESET Internet Security (20230926)","Malwarebytes Premium (20230926)","McAfee Total Protection (20230926)","Norton Security (20230926)","Panda Dome (20230926)","Quick Heal Internet Security (20230926)","Sophos Home Premium (20230926)","SpyHunter5 (20230926)","Total AV Antivirus Pro (20230926)","VirIT eXplorer PRO (20230926)","Webroot SecureAnywhere (20230926)","Windows Defender (20230926)"],"avAllowList":["360 Total Security (20230926)","Avast Premium Security (20230926)","AVG Internet Security (20230926)","Bitdefender Internet Security (20230926)","COMODO Antivirus (20230926)","Dr.Web Security Space (20230926)","G DATA INTERNET SECURITY (20230926)","K7 Total Security (20230926)","Kaspersky Internet Security (20230926)","Tencent PC Manager (20220719)","Trend Micro Internet Security (20230926)","VIPRE Advanced Security (20230926)"]}],"additionalFiles":[],"sources":[{"howFound":"DownloadAstro Search","reference":"","landingPage":"https://disc-tools.com/","directDownloadingLink":"https://disc-tools.com/download/dtLite","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://disc-tools.com/download/dtLite","sourceIndex":"1515"}],"sampleFiles":["220714/daemontoolslite-220714/1.4.28.0082/Samples/DTLiteInstaller.exe"],"imageFiles":["220714/daemontoolslite-220714/1.4.28.0082/Images/ACR-084/ACR-084_Software_BG_Process.JPG","220714/daemontoolslite-220714/1.4.28.0082/Images/ACR-084/ACR-084_1.JPG","220714/daemontoolslite-220714/1.4.28.0082/Images/ACR-048/ACR-048_1.JPG","220714/daemontoolslite-220714/1.4.28.0082/Images/ACR-048/ACR-048_2.JPG","220714/daemontoolslite-220714/1.4.28.0082/Images/ACR-048/ACR-048_3.JPG","220714/daemontoolslite-220714/1.4.28.0082/Images/ACR-059/ACR-059.JPG","220714/daemontoolslite-220714/1.4.28.0082/Images/ACR-155/ACR-155_1.JPG","220714/daemontoolslite-220714/1.4.28.0082/Images/ACR-048/ACR-048_Install_1.JPG","220714/daemontoolslite-220714/1.4.28.0082/Images/ACR-118/ACR-118_1.JPG"],"nonDeceptorImageFiles":[],"guid":"17abde56-37a4-48ca-b33d-5a031f4a0ae8_1.4.28.0082_1","appID":"daemontoolslite-220714","dateAdded":"240930","deceptorType":"App","name":"Daemon Tools Lite","company":"Disc Soft Ltd","version":"1.4.28.0082","lastKnownStatus":"1.4.28.0082;11.2.0.2067;11.2.0.2074;11.2.0.2078;11.2.0.2080;11.2.0.2086;11.2.0.2083;11.2.0.2092;11.2.0.2093;11.2.0.2099;11.2.0.2105;12.0.0.2126;12.1.0.2169;12.1.0.2180;12.1.0.2211","lastKnownDate":"240930","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2024-09-30T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":15,"sortOrder":525},{"violations":{"ACR-048":"The app does not provide control to enable/disable the startup item and to remove its background process completely within the app's settings. \nThe app does not provide option to cancel the installation process.\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software.\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software.\n","ACR-084":"1. On closing the app, the application doesn't exit completely. Several processes run in the background, hiding the fact that it is active from the consumer without any notification.\n2. The app creates an undisclosed startup item to perform an action without the consumer's knowledge and consent.\n","ACR-097":"The app adds an exception for Windows firewall to evade the default system security guard.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components on the device without the consumer's consent or notifying the user.\n","ACR-057":"Offers don't have clear way for user to accept or decline. \n","ACR-055":"The accept/Decline options are not consistent for offers.\n","ACR-059":"The Offer is not clearly marked as an optional offer. \n","ACR-155":"Offers are designed to look like part of the install workflow\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"DTLite1120-2105.exe","isInstaller":"True","companyName":"Disc Soft FZE LLC","productName":"DAEMON Tools Lite Installer","productVersion":"11.2.0.2105","fileVersion":"11.2.0.2105","hashMD5":"e519f60e36520c4a1672226e334cc0e5","hashSHA1":"d94f018f730dd6d4f62d0bf3b9ab244759548383","hashSHA256":"b64254e9ae3c7e7bad26d118fb9a1c64fcafeac38c1a95a3517fe526fa0aa6ed","digitalCertThumbprint":"9A8EC24D4552F8EB8902FAB19EAF95DC2A2EA407","digitalCertIssuer":"Sectigo RSA Code Signing CA","digitalCertIssuedTo":"AVB Disc Soft SIA","storeId":"","sourceIndex":"905","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on windows app","reference":"","landingPage":"https://disc-tools.com/","directDownloadingLink":"https://disc-tools.com/download/dtLite","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://disc-tools.com/download/dtLite","sourceIndex":"905"}],"sampleFiles":["230907/daemontoolslite-220714/11.2.0.2105/Samples/DTLite1120-2105.exe"],"imageFiles":["230907/daemontoolslite-220714/11.2.0.2105/Images/ACR-084/ACR-084_1.PNG","230907/daemontoolslite-220714/11.2.0.2105/Images/ACR-084/ACR-084_2.PNG","230907/daemontoolslite-220714/11.2.0.2105/Images/ACR-048/ACR-048.PNG","230907/daemontoolslite-220714/11.2.0.2105/Images/ACR-048/ACR-048_1.PNG","230907/daemontoolslite-220714/11.2.0.2105/Images/ACR-048/ACR-048_2.PNG","230907/daemontoolslite-220714/11.2.0.2105/Images/ACR-059/ACR-059.PNG","230907/daemontoolslite-220714/11.2.0.2105/Images/ACR-059/ACR-059_1.PNG","230907/daemontoolslite-220714/11.2.0.2105/Images/ACR-155/ACR-155.PNG","230907/daemontoolslite-220714/11.2.0.2105/Images/ACR-155/ACR-155_1.PNG","230907/daemontoolslite-220714/11.2.0.2105/Images/ACR-048/ACR-048_Install.PNG","230907/daemontoolslite-220714/11.2.0.2105/Images/ACR-013/ACR-013.PNG","230907/daemontoolslite-220714/11.2.0.2105/Images/ACR-013/ACR-013_1.PNG","230907/daemontoolslite-220714/11.2.0.2105/Images/ACR-097/ACR-097.PNG","230907/daemontoolslite-220714/11.2.0.2105/Images/ACR-118/ACR-118.PNG","230907/daemontoolslite-220714/11.2.0.2105/Images/ACR-057/ACR-057.PNG","230907/daemontoolslite-220714/11.2.0.2105/Images/ACR-057/ACR-057_1.PNG","230907/daemontoolslite-220714/11.2.0.2105/Images/ACR-055/ACR-055.PNG","230907/daemontoolslite-220714/11.2.0.2105/Images/ACR-055/ACR-055_1.PNG","230907/daemontoolslite-220714/11.2.0.2105/Images/ACR-060/ACR-060.PNG","230907/daemontoolslite-220714/11.2.0.2105/Images/ACR-060/ACR-060_1.PNG"],"nonDeceptorImageFiles":[],"guid":"17abde56-37a4-48ca-b33d-5a031f4a0ae8_11.2.0.2105_1","appID":"daemontoolslite-220714","dateAdded":"240930","deceptorType":"App","name":"Daemon Tools Lite","company":"Disc Soft Ltd","version":"11.2.0.2105","lastKnownStatus":"1.4.28.0082;11.2.0.2067;11.2.0.2074;11.2.0.2078;11.2.0.2080;11.2.0.2086;11.2.0.2083;11.2.0.2092;11.2.0.2093;11.2.0.2099;11.2.0.2105;12.0.0.2126;12.1.0.2169;12.1.0.2180;12.1.0.2211","lastKnownDate":"240930","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2024-09-30T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":15,"sortOrder":515},{"violations":{"ACR-046":"Collecting data via \"Allow Daemon tools lite to send anonymous usage statistics\" is checked by default and not visible to the user by default. There is no relevant disclosure of what data it collects.\n","ACR-048":"The app does not provide control to enable/disable the startup item and to remove its background process completely within the app's settings. \nThe app does not provide option to cancel the installation process.\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software.\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software.\n","ACR-084":"1. The app creates an undisclosed startup item to perform an action without the consumer's knowledge and consent.\n2. On closing the app, the application doesn't exit completely. Several processes run in the background, hiding the fact that it is active from the consumer without any notification.\n","ACR-097":"The app adds an exception for Windows firewall without disclosing relevant info and getting consent from the user.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components on the device without the consumer's consent or notifying the user.\n","ACR-057":"Offers don't have clear way for user to accept or decline. \n","ACR-055":"The accept/Decline options are not consistent for offers.\n","ACR-059":"The Offer is not clearly marked as an optional offer. \n","ACR-155":"Offers are designed to look like part of the install workflow\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"DTLite1210-2211.exe","isInstaller":"True","companyName":"Disc Soft FZE LLC","productName":"DAEMON Tools Lite Installer","productVersion":"12.1.0.2211","fileVersion":"12.1.0.2211","hashMD5":"9bbf533f2eac97ce8c86ae6725ea86fa","hashSHA1":"f694d3f1564a09d58ddb46ba2b296b556b1b5713","hashSHA256":"17901cec8393ba3720940ca84c524f8d4565c3ddc5a1b2048cbb56115d0cb6a3","digitalCertThumbprint":"195A8B2353093FDE6C912C299581FE78A12DEEF5","digitalCertIssuer":"Entrust Extended Validation Code Signing CA - EVCS2","digitalCertIssuedTo":"AVB Disc Soft SIA","storeId":"","sourceIndex":"530","avBlockList":["AVG Internet Security (20241217)","ESET Internet Security (20241217)","K7 Total Security (20241217)","Malwarebytes Premium (20241217)","McAfee Total Protection (20241217)","Norton Security (20241022)","Panda Dome (20241217)","Quick Heal Internet Security (20241217)","Sophos Home Premium (20241217)","SpyHunter5 (20241217)","VirIT eXplorer PRO (20241217)","Webroot SecureAnywhere (20241217)","FortectPremium (20241217)"],"avAllowList":["360 Total Security (20241217)","Avast Premium Security (20241217)","Avira Internet Security (20241217)","Bitdefender Internet Security (20241217)","COMODO Antivirus (20241217)","Dr.Web Security Space (20241217)","G DATA INTERNET SECURITY (20241217)","KasperskyPremium (20241217)","Total AV Antivirus Pro (20241217)","Trend Micro Internet Security (20241217)","VIPRE Advanced Security (20241217)","Windows Defender (20241217)"]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on windows app","reference":"","landingPage":"https://disc-tools.com/","directDownloadingLink":"https://disc-tools.com/download/dtLite","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://disc-tools.com/download/dtLite","sourceIndex":"530"}],"sampleFiles":["240930/daemontoolslite-220714/12.1.0.2211/Samples/DTLite1210-2211.exe"],"imageFiles":["240930/daemontoolslite-220714/12.1.0.2211/Images/ACR-084/ACR-084.PNG","240930/daemontoolslite-220714/12.1.0.2211/Images/ACR-084/ACR-084_1.PNG","240930/daemontoolslite-220714/12.1.0.2211/Images/ACR-048/ACR-048_1.PNG","240930/daemontoolslite-220714/12.1.0.2211/Images/ACR-048/ACR-048_2.PNG","240930/daemontoolslite-220714/12.1.0.2211/Images/ACR-048/ACR-048_3.PNG","240930/daemontoolslite-220714/12.1.0.2211/Images/ACR-059/ACR-059.PNG","240930/daemontoolslite-220714/12.1.0.2211/Images/ACR-155/ACR-155.PNG","240930/daemontoolslite-220714/12.1.0.2211/Images/ACR-155/ACR-155_1.PNG","240930/daemontoolslite-220714/12.1.0.2211/Images/ACR-046/ACR-046.PNG","240930/daemontoolslite-220714/12.1.0.2211/Images/ACR-046/ACR-046_1.PNG","240930/daemontoolslite-220714/12.1.0.2211/Images/ACR-048/ACR-048.PNG","240930/daemontoolslite-220714/12.1.0.2211/Images/ACR-013/ACR-013.PNG","240930/daemontoolslite-220714/12.1.0.2211/Images/ACR-013/ACR-013_1.PNG","240930/daemontoolslite-220714/12.1.0.2211/Images/ACR-097/ACR-097.PNG","240930/daemontoolslite-220714/12.1.0.2211/Images/ACR-118/ACR-118_Uninstall_1.png","240930/daemontoolslite-220714/12.1.0.2211/Images/ACR-057/ACR-057.PNG","240930/daemontoolslite-220714/12.1.0.2211/Images/ACR-055/ACR-055.PNG","240930/daemontoolslite-220714/12.1.0.2211/Images/ACR-055/ACR-055_1.PNG","240930/daemontoolslite-220714/12.1.0.2211/Images/ACR-060/ACR-060.PNG","240930/daemontoolslite-220714/12.1.0.2211/Images/ACR-060/ACR-060_1.PNG"],"nonDeceptorImageFiles":[],"guid":"17abde56-37a4-48ca-b33d-5a031f4a0ae8_12.1.0.2211_1","appID":"daemontoolslite-220714","dateAdded":"240930","deceptorType":"App","name":"Daemon Tools Lite","company":"Disc Soft Ltd","version":"12.1.0.2211","lastKnownStatus":"1.4.28.0082;11.2.0.2067;11.2.0.2074;11.2.0.2078;11.2.0.2080;11.2.0.2086;11.2.0.2083;11.2.0.2092;11.2.0.2093;11.2.0.2099;11.2.0.2105;12.0.0.2126;12.1.0.2169;12.1.0.2180;12.1.0.2211","lastKnownDate":"240930","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2024-09-30T19:59:29.5028722+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":15,"sortOrder":511},{"violations":{"ACR-048":"The app does not provide control to enable/disable the startup item and to remove its background process completely within the app's settings. \nThe app does not provide option to cancel the installation process.\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software.\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software.\n","ACR-084":"1. On qutting the app, the application doesn't exit completely. Several processes run in the background, hiding the fact that it is active from the consumer without any notification.\n2. The app creates an undisclosed startup item to perform an action without the consumer's knowledge and consent.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components on the device without the consumer's consent or notifying the user.\n","ACR-057":"Offers don't have clear way for user to accept or decline. \n","ACR-055":"The accept/Decline options are not consistent for offers.\n","ACR-059":"The Offer is not clearly marked as an optional offer. \n","ACR-155":"Offers are designed to look like part of the install workflow\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files\\DAEMON Tools Lite\\DTAgent.exe","companyName":"Disc Soft FZE LLC","productName":"DAEMON Tools Lite","productVersion":"11.2.0.2078","fileVersion":"11.2.0.2078","hashMD5":"7307714416a94852bbdd873c793cf5a1","hashSHA1":"99c905e7b60906895f3bf7a4c961c4ef9cb8367d","hashSHA256":"5f77498596c70bd77cc665b0ae634bca9f5338a2553cbb8ab21b9fd1132ea2d4","digitalCertThumbprint":"9A8EC24D4552F8EB8902FAB19EAF95DC2A2EA407","digitalCertIssuer":"Sectigo RSA Code Signing CA","digitalCertIssuedTo":"AVB Disc Soft SIA","storeId":"","sourceIndex":"1078","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Program Files\\DAEMON Tools Lite\\DTLite.exe","companyName":"Disc Soft FZE LLC","productName":"DAEMON Tools Lite","productVersion":"11.2.0.2078","fileVersion":"11.2.0.2078","hashMD5":"c5e8e79a8637b5a232acd0ba4e4d3a63","hashSHA1":"91abbf2ca9683c3a326909b235f39c322746ebbe","hashSHA256":"6ac23a52c4349a5619783908e0c74c6ab0fdb97c880ee572fed58cf5fcdbe6e7","digitalCertThumbprint":"9A8EC24D4552F8EB8902FAB19EAF95DC2A2EA407","digitalCertIssuer":"Sectigo RSA Code Signing CA","digitalCertIssuedTo":"AVB Disc Soft SIA","storeId":"","sourceIndex":"1078","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Program Files\\DAEMON Tools Lite\\DTShellHlp.exe","companyName":"Disc Soft FZE LLC","productName":"DAEMON Tools Lite","productVersion":"11.2.0.2078","fileVersion":"11.2.0.2078","hashMD5":"9e3fdc2997e261c204d4a920b08beade","hashSHA1":"ce184b6aa5e15453af60697f29d1cb5b2b28a541","hashSHA256":"eba5f6f5fa465e901d65716a9f5a8c144fb6c80749314d57995e3e0684bb9022","digitalCertThumbprint":"9A8EC24D4552F8EB8902FAB19EAF95DC2A2EA407","digitalCertIssuer":"Sectigo RSA Code Signing CA","digitalCertIssuedTo":"AVB Disc Soft SIA","storeId":"","sourceIndex":"1078","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"DTLite1120-2078.exe","isInstaller":"True","companyName":"Disc Soft FZE LLC","productName":"DAEMON Tools Lite Installer","productVersion":"11.2.0.2078","fileVersion":"11.2.0.2078","hashMD5":"b35822e6fd902f6a4a2c8e83384a32be","hashSHA1":"32be76719bc1441b670ad04b35be107b6a366637","hashSHA256":"37da1107f70c33fdbe550e8aafe5dcba158e020c18f1c7d132b46a987abcdef8","digitalCertThumbprint":"9A8EC24D4552F8EB8902FAB19EAF95DC2A2EA407","digitalCertIssuer":"Sectigo RSA Code Signing CA","digitalCertIssuedTo":"AVB Disc Soft SIA","storeId":"","sourceIndex":"1078","avBlockList":["Avast Premium Security (20230803)","AVG Internet Security (20230803)","Avira Internet Security (20230803)","ESET Internet Security (20230803)","K7 Total Security (20230803)","Malwarebytes Premium (20230803)","McAfee Total Protection (20230803)","Norton Security (20230803)","Panda Dome (20230803)","Sophos Home Premium (20230803)","SpyHunter5 (20230803)","Total AV Antivirus Pro (20230803)","VirIT eXplorer PRO (20230803)","Windows Defender (20230803)"],"avAllowList":["360 Total Security (20230803)","Bitdefender Internet Security (20230803)","COMODO Antivirus (20230803)","Dr.Web Security Space (20230803)","G DATA INTERNET SECURITY (20230803)","Kaspersky Internet Security (20230803)","Quick Heal Internet Security (20230803)","Trend Micro Internet Security (20230803)","VIPRE Advanced Security (20230803)","Webroot SecureAnywhere (20230803)"]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on windows app","reference":"","landingPage":"https://disc-tools.com/","directDownloadingLink":"https://disc-tools.com/download/dtLite","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://disc-tools.com/download/dtLite","sourceIndex":"1078"}],"sampleFiles":["230531/daemontoolslite-220714/11.2.0.2078/Samples/DTLite1120-2078.exe"],"imageFiles":["230531/daemontoolslite-220714/11.2.0.2078/Images/ACR-084/ACR-084.JPG","230531/daemontoolslite-220714/11.2.0.2078/Images/ACR-084/ACR-084_1.JPG","230531/daemontoolslite-220714/11.2.0.2078/Images/ACR-048/ACR-048.JPG","230531/daemontoolslite-220714/11.2.0.2078/Images/ACR-048/ACR-048_1.JPG","230531/daemontoolslite-220714/11.2.0.2078/Images/ACR-048/ACR-048_2.JPG","230531/daemontoolslite-220714/11.2.0.2078/Images/ACR-059/ACR-059.JPG","230531/daemontoolslite-220714/11.2.0.2078/Images/ACR-059/ACR-059_1.JPG","230531/daemontoolslite-220714/11.2.0.2078/Images/ACR-155/ACR-155.JPG","230531/daemontoolslite-220714/11.2.0.2078/Images/ACR-155/ACR-155_1.JPG","230531/daemontoolslite-220714/11.2.0.2078/Images/ACR-048/ACR-048_Install.JPG","230531/daemontoolslite-220714/11.2.0.2078/Images/ACR-013/ACR-013.JPG","230531/daemontoolslite-220714/11.2.0.2078/Images/ACR-013/ACR-013_1.JPG","230531/daemontoolslite-220714/11.2.0.2078/Images/ACR-118/ACR-118.JPG","230531/daemontoolslite-220714/11.2.0.2078/Images/ACR-057/ACR-057.JPG","230531/daemontoolslite-220714/11.2.0.2078/Images/ACR-057/ACR-057_1.JPG","230531/daemontoolslite-220714/11.2.0.2078/Images/ACR-055/ACR-055.JPG","230531/daemontoolslite-220714/11.2.0.2078/Images/ACR-055/ACR-055_1.JPG","230531/daemontoolslite-220714/11.2.0.2078/Images/ACR-060/ACR-060.JPG","230531/daemontoolslite-220714/11.2.0.2078/Images/ACR-060/ACR-060_1.JPG"],"nonDeceptorImageFiles":[],"guid":"17abde56-37a4-48ca-b33d-5a031f4a0ae8_11.2.0.2078_1","appID":"daemontoolslite-220714","dateAdded":"240930","deceptorType":"App","name":"Daemon Tools Lite","company":"Disc Soft Ltd","version":"11.2.0.2078","lastKnownStatus":"1.4.28.0082;11.2.0.2067;11.2.0.2074;11.2.0.2078;11.2.0.2080;11.2.0.2086;11.2.0.2083;11.2.0.2092;11.2.0.2093;11.2.0.2099;11.2.0.2105;12.0.0.2126;12.1.0.2169;12.1.0.2180;12.1.0.2211","lastKnownDate":"240930","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2024-09-30T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":15,"sortOrder":522},{"violations":{"ACR-109":"The application silently installs  OpenVPN and TAP Driver Windows before the user chooses and agrees to install or without disclosing the relationship to the app during installation.\n","ACR-042":"1. The application silently installs \"TAP Driver Windows\" without disclosing the relationship to the app during installation. \n2. Third-party component \"Open VPN\" is installed without any disclosure.\n","ACR-043":"1. The application silently installs \"TAP Driver Windows\" without disclosing the relationship to the app during installation. \n2. Third-party component \"Open VPN\" is installed without any disclosure.\n","ACR-107":"The app does not obtain any authorization for using third-party components: TAP Driver Windows and Open VPN.\n","ACR-048":"The app does not provide control to remove its background process completely within the app's settings.\n","ACR-084":"On closing the app, the application doesn't exit completely. Several processes run in the background, hiding the fact that it is active from the consumer without any notification.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains many of its components on the device without the consumer's consent or notifying the user. Also, the process \"openvpnserv.exe\" runs in the background even after uninstallation.\n","ACR-014":"The app misleads the user by displaying \"Installation Successfully Completed\" on the Post-uninstall prompt.\n","ACR-039":"Application silently installs OpenVPN and Tap windows program without disclosing the relationship to the app during installation.\n","ACR-165":"The app does not provide detailed information about how users will be notified for renewal and how to cancel the annual subscription in the Inline offers screen inside the software..\nThe app does not provide detailed information about how users will be notified for renewal and how to cancel the annual subscription in the Internal offers page (https://manage.uvpn.me/order).\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"uVPN_installer.exe","isInstaller":"True","companyName":"uVpn","productName":"uVPN Installer","productVersion":"0.0.56.1","fileVersion":"0.0.56.1","hashMD5":"7e72ea08b30b5d6bda54d6941f9a5eb1","hashSHA1":"54239e47207338a6102d04f9bb95d1e086d3c580","hashSHA256":"8c520787610a238a3e4e36e502ff993ce0063f1690b4f4f56b3e12875d3ce6f7","digitalCertThumbprint":"E47E81D84A3F023CC8CFAF64BD8DE2FCE4FD4A5C","digitalCertIssuer":"Sectigo Public Code Signing CA R36","digitalCertIssuedTo":"Brocode Limited","storeId":"","sourceIndex":"531","avBlockList":["360 Total Security (20241217)","Avast Premium Security (20241217)","AVG Internet Security (20241217)","Avira Internet Security (20241217)","FortectPremium (20241217)","G DATA INTERNET SECURITY (20241217)","K7 Total Security (20241217)","Malwarebytes Premium (20241217)","Norton Security (20241217)","Panda Dome (20241217)","Quick Heal Internet Security (20241217)","Sophos Home Premium (20241217)","SpyHunter5 (20241217)","Total AV Antivirus Pro (20241217)","VirIT eXplorer PRO (20241217)","Webroot SecureAnywhere (20241217)"],"avAllowList":["Bitdefender Internet Security (20241217)","COMODO Antivirus (20241217)","Dr.Web Security Space (20241217)","ESET Internet Security (20241217)","KasperskyPremium (20241217)","McAfee Total Protection (20241217)","Trend Micro Internet Security (20241217)","VIPRE Advanced Security (20241217)","Windows Defender (20241217)"]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on windows app","reference":"","landingPage":"https://uvpn.me","directDownloadingLink":"https://uvpn.me/download/windows/uVPN_installer.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://uvpn.me/download/windows/uVPN_installer.exe","sourceIndex":"531"}],"sampleFiles":["240930/uVPN-220309/0.0.56.1/Samples/uVPN_installer.exe"],"imageFiles":["240930/uVPN-220309/0.0.56.1/Images/ACR-118/ACR-118.PNG","240930/uVPN-220309/0.0.56.1/Images/ACR-118/ACR-118_1.PNG","240930/uVPN-220309/0.0.56.1/Images/ACR-118/ACR-118_2.PNG","240930/uVPN-220309/0.0.56.1/Images/ACR-118/ACR-118_Uninstall_1.png","240930/uVPN-220309/0.0.56.1/Images/ACR-048/ACR-048_1.PNG","240930/uVPN-220309/0.0.56.1/Images/ACR-048/ACR-048_2.PNG","240930/uVPN-220309/0.0.56.1/Images/ACR-048/ACR-048_3.PNG","240930/uVPN-220309/0.0.56.1/Images/ACR-109/ACR-109.PNG","240930/uVPN-220309/0.0.56.1/Images/ACR-039/ACR-039.PNG","240930/uVPN-220309/0.0.56.1/Images/ACR-043/ACR-043.PNG","240930/uVPN-220309/0.0.56.1/Images/ACR-043/ACR-043_1.PNG","240930/uVPN-220309/0.0.56.1/Images/ACR-107/ACR-107.PNG","240930/uVPN-220309/0.0.56.1/Images/ACR-107/ACR-107_1.PNG","240930/uVPN-220309/0.0.56.1/Images/ACR-042/ACR-042.PNG","240930/uVPN-220309/0.0.56.1/Images/ACR-042/ACR-042_1.PNG","240930/uVPN-220309/0.0.56.1/Images/ACR-084/ACR-084.PNG","240930/uVPN-220309/0.0.56.1/Images/ACR-084/ACR-084_1.PNG","240930/uVPN-220309/0.0.56.1/Images/ACR-014/ACR-014_Uni nstall.PNG","240930/uVPN-220309/0.0.56.1/Images/ACR-165/ACR-165.PNG","240930/uVPN-220309/0.0.56.1/Images/ACR-165/ACR-165_1.PNG"],"nonDeceptorImageFiles":[],"guid":"dc237089-8c78-4008-a37a-35cd10eb5074_0.0.56.1_1","appID":"uVPN-220309","dateAdded":"240930","deceptorType":"App","name":"uVPN","company":"Brocode Limited","version":"0.0.56.1","lastKnownStatus":"0.0.54;0.0.56.1","lastKnownDate":"240930","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows Vista,Windows 7,Windows 8,Windows 10,Windows XP","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2024-09-30T19:55:57.1195796+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":509},{"violations":{"ACR-048":"The app does not provide control to enable/disable the startup item and to remove its background process completely within the app's settings. \nThe app does not provide option to cancel the installation process.\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software.\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software.\n","ACR-084":"1. On qutting the app, the application doesn't exit completely. Several processes run in the background, hiding the fact that it is active from the consumer without any notification.\n2. The app creates an undisclosed startup item to perform an action without the consumer's knowledge and consent.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components on the device without the consumer's consent or notifying the user.\n","ACR-057":"Offers don't have clear way for user to accept or decline. \n","ACR-055":"The accept/Decline options are not consistent for offers.\n","ACR-059":"The Offer is not clearly marked as an optional offer. \n","ACR-155":"Offers are designed to look like part of the install workflow\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files\\DAEMON Tools Lite\\DTAgent.exe","companyName":"Disc Soft FZE LLC","productName":"DAEMON Tools Lite","productVersion":"11.2.0.2074","fileVersion":"11.2.0.2074","hashMD5":"e92a38e86d9fa5b872e9949d310a471c","hashSHA1":"386ff845406e03df5ff05be127be762a45191e0a","hashSHA256":"c007f3370374d09224ece78c9921837e61a0a9afcba0d6a7e1e40caee31c7a22","digitalCertThumbprint":"9A8EC24D4552F8EB8902FAB19EAF95DC2A2EA407","digitalCertIssuer":"Sectigo RSA Code Signing CA","digitalCertIssuedTo":"AVB Disc Soft SIA","storeId":"","sourceIndex":"1091","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Program Files\\DAEMON Tools Lite\\DTLite.exe","companyName":"Disc Soft FZE LLC","productName":"DAEMON Tools Lite","productVersion":"11.2.0.2074","fileVersion":"11.2.0.2074","hashMD5":"64ad81456a4c215792bb4e4ed6889497","hashSHA1":"7920ff3c85d628629eae4857d9ce2f191617fd57","hashSHA256":"73c7ffc97decaf0c67f5252531a48661600f899514fe8936d134c3a42b6d3ea2","digitalCertThumbprint":"9A8EC24D4552F8EB8902FAB19EAF95DC2A2EA407","digitalCertIssuer":"Sectigo RSA Code Signing CA","digitalCertIssuedTo":"AVB Disc Soft SIA","storeId":"","sourceIndex":"1091","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Program Files\\DAEMON Tools Lite\\DTShellHlp.exe","companyName":"Disc Soft FZE LLC","productName":"DAEMON Tools Lite","productVersion":"11.2.0.2074","fileVersion":"11.2.0.2074","hashMD5":"062f7a8c366d529ad2c253b1797c4229","hashSHA1":"a5b3e7401cc94a5ae20e472a2f13e843408503d8","hashSHA256":"6b44141256adf52e4b98b003c160cca90a44acb60f99bf06c36ebd1daa797df4","digitalCertThumbprint":"9A8EC24D4552F8EB8902FAB19EAF95DC2A2EA407","digitalCertIssuer":"Sectigo RSA Code Signing CA","digitalCertIssuedTo":"AVB Disc Soft SIA","storeId":"","sourceIndex":"1091","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"DTLite1120-2074.exe","isInstaller":"True","companyName":"Disc Soft FZE LLC","productName":"DAEMON Tools Lite Installer","productVersion":"11.2.0.2074","fileVersion":"11.2.0.2074","hashMD5":"03e4d8368ff6ad76cce3189ba6eb80ad","hashSHA1":"1a8b8283b9deaef4599428315c927f5c74cec22c","hashSHA256":"d95d581a9aef8ee3d2c5a359c47682ec78b2c820a727616fb4472a7c5c7f62fd","digitalCertThumbprint":"9A8EC24D4552F8EB8902FAB19EAF95DC2A2EA407","digitalCertIssuer":"Sectigo RSA Code Signing CA","digitalCertIssuedTo":"AVB Disc Soft SIA","storeId":"","sourceIndex":"1091","avBlockList":["Avast Premium Security (20230530)","AVG Internet Security (20230530)","Avira Internet Security (20230530)","ESET Internet Security (20230530)","K7 Total Security (20230530)","Malwarebytes Premium (20230530)","Norton Security (20230530)","Panda Dome (20230530)","Quick Heal Internet Security (20230530)","Sophos Home Premium (20230530)","SpyHunter5 (20230530)","Total AV Antivirus Pro (20230530)","VirIT eXplorer PRO (20230530)","Webroot SecureAnywhere (20230530)"],"avAllowList":["360 Total Security (20230530)","Bitdefender Internet Security (20230530)","COMODO Antivirus (20230530)","Dr.Web Security Space (20230530)","G DATA INTERNET SECURITY (20230530)","Kaspersky Internet Security (20230530)","McAfee Total Protection (20230530)","Trend Micro Internet Security (20230530)","VIPRE Advanced Security (20230530)","Windows Defender (20230530)"]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on windows app","reference":"","landingPage":"https://disc-tools.com/","directDownloadingLink":"https://disc-tools.com/download/dtLite","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://disc-tools.com/download/dtLite","sourceIndex":"1091"}],"sampleFiles":["230522/daemontoolslite-220714/11.2.0.2074/Samples/DTLite1120-2074.exe"],"imageFiles":["230522/daemontoolslite-220714/11.2.0.2074/Images/ACR-084/ACR-084.JPG","230522/daemontoolslite-220714/11.2.0.2074/Images/ACR-084/ACR-084_1.JPG","230522/daemontoolslite-220714/11.2.0.2074/Images/ACR-048/ACR-048.JPG","230522/daemontoolslite-220714/11.2.0.2074/Images/ACR-048/ACR-048_1.JPG","230522/daemontoolslite-220714/11.2.0.2074/Images/ACR-048/ACR-048_2.JPG","230522/daemontoolslite-220714/11.2.0.2074/Images/ACR-059/ACR-059.JPG","230522/daemontoolslite-220714/11.2.0.2074/Images/ACR-059/ACR-059_1.JPG","230522/daemontoolslite-220714/11.2.0.2074/Images/ACR-155/ACR-155.JPG","230522/daemontoolslite-220714/11.2.0.2074/Images/ACR-155/ACR-155_1.JPG","230522/daemontoolslite-220714/11.2.0.2074/Images/ACR-048/ACR-048_Install.JPG","230522/daemontoolslite-220714/11.2.0.2074/Images/ACR-013/ACR-013.JPG","230522/daemontoolslite-220714/11.2.0.2074/Images/ACR-013/ACR-013_1.JPG","230522/daemontoolslite-220714/11.2.0.2074/Images/ACR-118/ACR-118.JPG","230522/daemontoolslite-220714/11.2.0.2074/Images/ACR-057/ACR-057.JPG","230522/daemontoolslite-220714/11.2.0.2074/Images/ACR-057/ACR-057_1.JPG","230522/daemontoolslite-220714/11.2.0.2074/Images/ACR-055/ACR-055.JPG","230522/daemontoolslite-220714/11.2.0.2074/Images/ACR-055/ACR-055_1.JPG","230522/daemontoolslite-220714/11.2.0.2074/Images/ACR-060/ACR-060.JPG","230522/daemontoolslite-220714/11.2.0.2074/Images/ACR-060/ACR-060_1.JPG"],"nonDeceptorImageFiles":[],"guid":"17abde56-37a4-48ca-b33d-5a031f4a0ae8_11.2.0.2074_1","appID":"daemontoolslite-220714","dateAdded":"240930","deceptorType":"App","name":"Daemon Tools Lite","company":"Disc Soft Ltd","version":"11.2.0.2074","lastKnownStatus":"1.4.28.0082;11.2.0.2067;11.2.0.2074;11.2.0.2078;11.2.0.2080;11.2.0.2086;11.2.0.2083;11.2.0.2092;11.2.0.2093;11.2.0.2099;11.2.0.2105;12.0.0.2126;12.1.0.2169;12.1.0.2180;12.1.0.2211","lastKnownDate":"240930","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2024-09-30T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":15,"sortOrder":523},{"violations":{"ACR-048":"The app does not provide control to remove its background process completely within the app's settings.\n","ACR-084":"On closing the app, the application doesn't exit completely. Several processes run in the background, hiding the fact that it is active from the consumer without any notification.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains many of its components on the device without the consumer's consent or notifying the user. Also, the app's UI is kept open in the desktop and the process runs in the background even after removing the \"uVPN.exe\" from its parent folder.\n","ACR-014":"The app misleads by stating \"Your connection is not secure\" inside the software, even though another VPN (tunnel bear) is Connected.\n","ACR-039":"Application silently installs OpenVPN and Tap windows program without disclosing the relationship to the app during installation.\n","ACR-165":"The app does not provide detailed information about how users will be notified for renewal and how to cancel the annual subscription in the Inline offers screen inside the software..\nThe app does not provide detailed information about how users will be notified for renewal and how to cancel the annual subscription in the Internal offers page (https://manage.uvpn.me/order).\n"},"nonDeceptorViolations":{"ACR-065":"The app does not display links to the EULA during installation.\n","ACR-092":"The app has an unsigned installer and a file installed. No digital signature for the following components: \"UVPN.resources.dll\" and \"newUVPNInstaller.exe\".\n","ACR-099":"The app does not display links to uninstall information inside software.\nThe landing page (https://uvpn.me/) does not display links to uninstall information.\n","ACR-068":"The subscription pricing shown in the Inline offers screen inside the software and Internal offers page (https://manage.uvpn.me/order) is not accurate and it confuses the user. Each offer in the Internal Offers page shows the number of devices that can use that particular subscription but these details are not provided in Inline offers.\n","ACR-014":"The app misleads by displaying the status as \"Unprotected\" on the landing page (https://uvpn.me/), even though another VPN (tunnel bear) is Connected.\n"},"samples":[{"isRevoked":"False","fileName":"uVPN_installer.exe","isInstaller":"True","companyName":"uVpn","productName":"uVPN","productVersion":"0.0.54","fileVersion":"0.0.54","hashMD5":"0316ec845b455a14eeb08a9da36a94e5","hashSHA1":"b67d76d8a5834c7b5cd307cde5ff0b55fc667dbf","hashSHA256":"547b62821f2d993fe924771ae185c3b03b1b70ee76474a6b0557abde6dada14e","digitalCertThumbprint":"FAD4421A36515C356DAF1A26C1EEF6482DD5A3A9","digitalCertIssuer":"Sectigo RSA Code Signing CA","digitalCertIssuedTo":"Brocode Limited","storeId":"","sourceIndex":"1686","avBlockList":["360 Total Security (20241001)","Avast Premium Security (20241001)","AVG Internet Security (20241001)","Avira Internet Security (20241001)","Bitdefender Internet Security (20241001)","G DATA INTERNET SECURITY (20241001)","Malwarebytes Premium (20241001)","McAfee Total Protection (20241001)","Norton Security (20241001)","Panda Dome (20241001)","Sophos Home Premium (20241001)","SpyHunter5 (20241001)","Total AV Antivirus Pro (20241001)","Trend Micro Internet Security (20241001)","VIPRE Advanced Security (20241001)","VirIT eXplorer PRO (20241001)","Webroot SecureAnywhere (20241001)","Windows Defender (20241001)","FortectPremium (20241001)"],"avAllowList":["COMODO Antivirus (20241001)","Dr.Web Security Space (20241001)","ESET Internet Security (20241001)","K7 Total Security (20241001)","Kaspersky Internet Security (20220324)","Quick Heal Internet Security (20241001)","Tencent PC Manager (20220324)","KasperskyPremium (20241001)"]},{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\uVPN\\UVPN.exe","companyName":"","productName":"UVPN","productVersion":"0.0.54.0","fileVersion":"0.0.54.0","hashMD5":"4b76e436413b7ffb8adaf8ac1183de01","hashSHA1":"557eee5f64022e39cf872da819a0586753dee825","hashSHA256":"cd46f5f02e980a34739b84951e471612a48431b70cf527f208cc7c692c98d3d8","digitalCertThumbprint":"FAD4421A36515C356DAF1A26C1EEF6482DD5A3A9","digitalCertIssuer":"Sectigo RSA Code Signing CA","digitalCertIssuedTo":"Brocode Limited","storeId":"","sourceIndex":"1686","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Free VPN in Blur BI data","reference":"","landingPage":"https://uvpn.me","directDownloadingLink":"https://uvpn.me/download/windows/uVPN_installer.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://uvpn.me/download/windows/uVPN_installer.exe","sourceIndex":"1686"}],"sampleFiles":["220313/uVPN-220309/0.0.54/Samples/uVPN_installer.exe"],"imageFiles":["220313/uVPN-220309/0.0.54/Images/ACR-118/ACR-118_Uninstall_1.mp4","220313/uVPN-220309/0.0.54/Images/ACR-118/ACR-118_Uninstall_Retains_Components.JPG","220313/uVPN-220309/0.0.54/Images/ACR-118/ACR-118_Uninstall_Retains_Components_1.JPG","220313/uVPN-220309/0.0.54/Images/ACR-014/ACR-014_Software_Misleading_Status.JPG","220313/uVPN-220309/0.0.54/Images/ACR-048/ACR-048_Software_No_Control.JPG","220313/uVPN-220309/0.0.54/Images/ACR-048/ACR-048_Software_No_Control_1.JPG","220313/uVPN-220309/0.0.54/Images/ACR-048/ACR-048_Software_No_Control_2.JPG","220313/uVPN-220309/0.0.54/Images/ACR-039/uVPN_OpenVPN.JPG","220313/uVPN-220309/0.0.54/Images/ACR-084/ACR-084_Software_Background_Process_Exists.JPG","220313/uVPN-220309/0.0.54/Images/ACR-084/ACR-084_Software_Background_Process_Exists_1.JPG","220313/uVPN-220309/0.0.54/Images/ACR-165/ACR-165_InlineOffers_1.JPG","220313/uVPN-220309/0.0.54/Images/ACR-165/ACR-165_InternalOffers.jpg"],"nonDeceptorImageFiles":["220313/uVPN-220309/0.0.54/Images/ACR-092/ACR-092_Software_No_Digital_Signature.JPG","220313/uVPN-220309/0.0.54/Images/ACR-092/ACR-092_Software_No_Digital_Signature_1.JPG","220313/uVPN-220309/0.0.54/Images/ACR-065/ACR-065_Install_No_EULA.JPG","220313/uVPN-220309/0.0.54/Images/ACR-099/ACR-099_Software_1.JPG","220313/uVPN-220309/0.0.54/Images/ACR-099/ACR-099_LandingPage_1.jpg","220313/uVPN-220309/0.0.54/Images/ACR-014/ACR-014_LandingPage_Misleading_Status_1.png","220313/uVPN-220309/0.0.54/Images/ACR-068/ACR-068_InternalOffers.JPG","220313/uVPN-220309/0.0.54/Images/ACR-068/ACR-068_InternalOffers_1.jpg"],"guid":"dc237089-8c78-4008-a37a-35cd10eb5074_0.0.54_1","appID":"uVPN-220309","dateAdded":"240930","deceptorType":"App","name":"uVPN","company":"Brocode Limited","version":"0.0.54","sigName":"Deceptor:Win32/uVPN!118014048039084165","lastKnownStatus":"0.0.54;0.0.56.1","lastKnownDate":"240930","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows Vista,Windows 7,Windows 8,Windows 10,Windows XP","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2024-09-30T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":510},{"violations":{"ACR-048":"The app does not provide control to enable/disable the startup item and to remove its background process completely within the app's settings. \nThe app does not provide option to cancel the installation process.\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software.\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software.\n","ACR-084":"1. On qutting the app, the application doesn't exit completely. Several processes run in the background, hiding the fact that it is active from the consumer without any notification.\n2. The app creates an undisclosed startup item to perform an action without the consumer's knowledge and consent.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components on the device without the consumer's consent or notifying the user.\n","ACR-059":"The Offer is not clearly marked as an optional offer. \n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files\\DAEMON Tools Lite\\DTAgent.exe","companyName":"Disc Soft Ltd","productName":"DAEMON Tools Lite","productVersion":"11.2.0.2067","fileVersion":"11.2.0.2067","hashMD5":"4df3ded35c8dfedabbfd766f0585112f","hashSHA1":"325acf22e31164371715ea2d2f3df2df92a02dfc","hashSHA256":"63e094dc4e7084015b2540921022901f869c1c7d02aac9f2098ccc0d834b6af2","digitalCertThumbprint":"9A8EC24D4552F8EB8902FAB19EAF95DC2A2EA407","digitalCertIssuer":"Sectigo RSA Code Signing CA","digitalCertIssuedTo":"AVB Disc Soft SIA","storeId":"","sourceIndex":"1127","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Program Files\\DAEMON Tools Lite\\DTLite.exe","companyName":"Disc Soft Ltd","productName":"DAEMON Tools Lite","productVersion":"11.2.0.2067","fileVersion":"11.2.0.2067","hashMD5":"ec993ee4affd062f3c68b8a8a907fb76","hashSHA1":"c39d16540137f20d428f1ef22fae00b640fcdf3a","hashSHA256":"870cecf0b7b7f44026c78d3ba1597255e0f3e08a3a0d9f277b1e3f5ba21e10ec","digitalCertThumbprint":"9A8EC24D4552F8EB8902FAB19EAF95DC2A2EA407","digitalCertIssuer":"Sectigo RSA Code Signing CA","digitalCertIssuedTo":"AVB Disc Soft SIA","storeId":"","sourceIndex":"1127","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Program Files\\DAEMON Tools Lite\\DTShellHlp.exe","companyName":"Disc Soft Ltd","productName":"DAEMON Tools Lite","productVersion":"11.2.0.2067","fileVersion":"11.2.0.2067","hashMD5":"a1fed9c825d5ed178803881b3178686b","hashSHA1":"0b381f9867d7e3f0449ff3b45a6f2139bbef6ccd","hashSHA256":"adefb8787af213aebf0f20c748e566a9bbfe3937b18895322f9c8219ac81a2b0","digitalCertThumbprint":"9A8EC24D4552F8EB8902FAB19EAF95DC2A2EA407","digitalCertIssuer":"Sectigo RSA Code Signing CA","digitalCertIssuedTo":"AVB Disc Soft SIA","storeId":"","sourceIndex":"1127","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"DTLite1120-2067.exe","isInstaller":"True","companyName":"Disc Soft Ltd","productName":"DAEMON Tools Lite Installer","productVersion":"11.2.0.2067","fileVersion":"11.2.0.2067","hashMD5":"456fbeed571e6259132d397650f2dfca","hashSHA1":"5621426468cf43758958600170c6fc81ed10444b","hashSHA256":"f01bc418c74828b4f53b8ed9aa1ad29bd91f39d2e38fd07d75c7a5e8969f8c78","digitalCertThumbprint":"9A8EC24D4552F8EB8902FAB19EAF95DC2A2EA407","digitalCertIssuer":"Sectigo RSA Code Signing CA","digitalCertIssuedTo":"AVB Disc Soft SIA","storeId":"","sourceIndex":"1127","avBlockList":["Avast Premium Security (20240801)","AVG Internet Security (20240801)","Avira Internet Security (20240801)","ESET Internet Security (20240801)","K7 Total Security (20240801)","Malwarebytes Premium (20240801)","McAfee Total Protection (20240801)","Norton Security (20240801)","Panda Dome (20240801)","Quick Heal Internet Security (20240801)","Sophos Home Premium (20240801)","SpyHunter5 (20240801)","Total AV Antivirus Pro (20240801)","VirIT eXplorer PRO (20240801)","Webroot SecureAnywhere (20240801)","Windows Defender (20240801)","FortectPremium (20240801)","KasperskyPremium (20240801)"],"avAllowList":["360 Total Security (20240801)","Bitdefender Internet Security (20240801)","COMODO Antivirus (20240801)","Dr.Web Security Space (20240801)","G DATA INTERNET SECURITY (20240801)","Kaspersky Internet Security (20230928)","Trend Micro Internet Security (20240801)","VIPRE Advanced Security (20240801)"]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on windows app","reference":"","landingPage":"https://disc-tools.com/","directDownloadingLink":"https://disc-tools.com/download/dtLite","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://disc-tools.com/download/dtLite","sourceIndex":"1127"}],"sampleFiles":["230504/daemontoolslite-220714/11.2.0.2067/Samples/DTLite1120-2067.exe"],"imageFiles":["230504/daemontoolslite-220714/11.2.0.2067/Images/ACR-084/ACR-084.JPG","230504/daemontoolslite-220714/11.2.0.2067/Images/ACR-084/ACR-084_1.JPG","230504/daemontoolslite-220714/11.2.0.2067/Images/ACR-048/ACR-048.JPG","230504/daemontoolslite-220714/11.2.0.2067/Images/ACR-048/ACR-048_1.JPG","230504/daemontoolslite-220714/11.2.0.2067/Images/ACR-048/ACR-048_2.JPG","230504/daemontoolslite-220714/11.2.0.2067/Images/ACR-059/ACR-059.JPG","230504/daemontoolslite-220714/11.2.0.2067/Images/ACR-048/ACR-048_Install.JPG","230504/daemontoolslite-220714/11.2.0.2067/Images/ACR-013/ACR-013.JPG","230504/daemontoolslite-220714/11.2.0.2067/Images/ACR-118/ACR-118.JPG","230504/daemontoolslite-220714/11.2.0.2067/Images/ACR-060/ACR-060.JPG"],"nonDeceptorImageFiles":[],"guid":"17abde56-37a4-48ca-b33d-5a031f4a0ae8_11.2.0.2067_1","appID":"daemontoolslite-220714","dateAdded":"240930","deceptorType":"App","name":"Daemon Tools Lite","company":"Disc Soft Ltd","version":"11.2.0.2067","lastKnownStatus":"1.4.28.0082;11.2.0.2067;11.2.0.2074;11.2.0.2078;11.2.0.2080;11.2.0.2086;11.2.0.2083;11.2.0.2092;11.2.0.2093;11.2.0.2099;11.2.0.2105;12.0.0.2126;12.1.0.2169;12.1.0.2180;12.1.0.2211","lastKnownDate":"240930","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2024-09-30T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":15,"sortOrder":524},{"violations":{"ACR-109":"The application silently installs \"Apple Mobile Device Support\" without user awareness and not disclosing the relationship to the app during installation.\n","ACR-042":"1. The app installs \"Apple Mobile Device Support\" without disclosing it to the user and getting user consent. \n2. Open source projects \"FFmpeg\" and \"Qt5\" are installed without any disclosure in EULA.\n","ACR-043":"1. The app installs \"Apple Mobile Device Support\" without disclosing it to the user and getting user consent. \n2. Open source projects \"FFmpeg\" and \"Qt5\" are installed without any disclosure in EULA.\n","ACR-107":"The app does not obtain any authorization for using third-party components: \"FFmpeg\" and \"Qt5\"\n","ACR-048":"The app does not provide an option to cancel installation\n","ACR-004":"The application doesn't provide a free fix (recovery) instead offering a subscription that the user needs to pay to fix it.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components it installed on the device without the consumer's consent or notifying the user.\n","ACR-039":"The app installs the \"Apple Mobile Device Support\" without disclosing the relationship to the app during installation.\n","ACR-165":"The app does not mention clearly the Auto-renewal policy on the cart page and also doesn't disclose whether there might be a change in price after the subscription period.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"anyrecover-for-win_setup.exe","isInstaller":"True","companyName":"","productName":"AnyRecover Data Recovery","productVersion":"4.3.0.1","fileVersion":"4.3.0.1","hashMD5":"408bb8aea34f1b35510aed1235a230ed","hashSHA1":"857f508ba2cb3e6d71d621c502e8a9d75e05075a","hashSHA256":"2cfba4740a033e596a01af8c7d069f0594438dec60747b6f75f5a819208a8f4e","digitalCertThumbprint":"EDD8199F09F517C3BDF6816AE2771C0D4FD8C37E","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Shenzhen iMyFone Technology Co. Ltd","storeId":"","sourceIndex":"532","avBlockList":["360 Total Security (20241217)","Avast Premium Security (20241217)","AVG Internet Security (20241217)","Avira Internet Security (20241217)","Dr.Web Security Space (20241217)","ESET Internet Security (20241217)","G DATA INTERNET SECURITY (20241217)","K7 Total Security (20241217)","McAfee Total Protection (20241217)","Norton Security (20241217)","Panda Dome (20241217)","Quick Heal Internet Security (20241217)","Sophos Home Premium (20241217)","SpyHunter5 (20241217)","Total AV Antivirus Pro (20241217)","VirIT eXplorer PRO (20241217)","Webroot SecureAnywhere (20241217)","FortectPremium (20241217)"],"avAllowList":["Bitdefender Internet Security (20241217)","COMODO Antivirus (20241217)","KasperskyPremium (20241217)","Malwarebytes Premium (20241217)","Trend Micro Internet Security (20241217)","VIPRE Advanced Security (20241217)","Windows Defender (20241217)"]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on windows app","reference":"","landingPage":"https://www.anyrecover.com/","directDownloadingLink":"https://download.anyrecover.com/anyrecover-for-win_setup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://download.anyrecover.com/anyrecover-for-win_setup.exe","sourceIndex":"532"}],"sampleFiles":["240924/AnyRecover-240325/6.5.0.3/Samples/anyrecover-for-win_setup.exe"],"imageFiles":["240924/AnyRecover-240325/6.5.0.3/Images/ACR-109/ACR-109.PNG","240924/AnyRecover-240325/6.5.0.3/Images/ACR-039/ACR-039.PNG","240924/AnyRecover-240325/6.5.0.3/Images/ACR-043/ACR-043.PNG","240924/AnyRecover-240325/6.5.0.3/Images/ACR-043/ACR-043_1.PNG","240924/AnyRecover-240325/6.5.0.3/Images/ACR-043/ACR-043_2.PNG","240924/AnyRecover-240325/6.5.0.3/Images/ACR-107/ACR-107.PNG","240924/AnyRecover-240325/6.5.0.3/Images/ACR-107/ACR-107_1.PNG","240924/AnyRecover-240325/6.5.0.3/Images/ACR-042/ACR-042.PNG","240924/AnyRecover-240325/6.5.0.3/Images/ACR-042/ACR-042_1.PNG","240924/AnyRecover-240325/6.5.0.3/Images/ACR-042/ACR-042_2.PNG","240924/AnyRecover-240325/6.5.0.3/Images/ACR-048/ACR-048.PNG","240924/AnyRecover-240325/6.5.0.3/Images/ACR-004/ACR-004.PNG","240924/AnyRecover-240325/6.5.0.3/Images/ACR-004/ACR-004_1.PNG","240924/AnyRecover-240325/6.5.0.3/Images/ACR-118/ACR-118.PNG","240924/AnyRecover-240325/6.5.0.3/Images/ACR-165/ACR-165.PNG"],"nonDeceptorImageFiles":[],"guid":"99b8df48-5dc7-4041-8803-6ec452e7fe62_6.5.0.3_1","appID":"AnyRecover-240325","dateAdded":"240924","deceptorType":"App","name":"Any Recover","company":"Shenzhen AnyRecover Technology Co., Ltd.","version":"6.5.0.3","lastKnownStatus":"6.4.0.7;6.4.5.5;6.5.0.3","lastKnownDate":"240924","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 7,Windows 8,Windows 10,Windows 11","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2024-09-24T16:57:57.4552691+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":3,"sortOrder":526},{"violations":{"ACR-109":"The application silently installs \"Apple Mobile Device Support\" without user awareness and not disclosing the relationship to the app during installation.\n","ACR-042":"1. The \"Any recover\" components get dropped in one click without asking the user's permission and disclosing the installation path.\n2. Open source projects \"FFmpeg\" and \"Qt5\" are installed without any disclosure in EULA.\n","ACR-043":"1. The \"Any recover\" components get dropped in one click without asking the user's permission and disclosing the installation path.\n2. Open source projects \"FFmpeg\" and \"Qt5\" are installed without any disclosure in EULA.\n","ACR-107":"The app does not obtain any authorization for using third-party components: \"FFmpeg\" and \"Qt5\"\n","ACR-004":"The application doesn't provide a free fix (recovery) instead offering a subscription that the user needs to pay to fix it.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components it installed on the device without the consumer's consent or notifying the user.\n","ACR-039":"The app installs the \"Apple Mobile Device Support\" without disclosing the relationship to the app during installation.\n","ACR-165":"The app does not mention clearly the Auto-renewal policy on the cart page and also doesn't disclose whether there might be a change in price after the subscription period.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"anyrecover-for-win_setup.exe","isInstaller":"True","fileVersion":"4.3","hashMD5":"fc21b78d8012dcfc1d94185ed5083dff","hashSHA1":"23458457bd546befb18162bed4a408b7d72a2a18","hashSHA256":"651907c1b631bdd79f8aa3f097bd23156d168a1e2c489c41238ddfd1f5434ba7","digitalCertThumbprint":"EDD8199F09F517C3BDF6816AE2771C0D4FD8C37E","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=\"Shenzhen iMyFone Technology Co., Ltd\", O=\"Shenzhen iMyFone Technology Co., Ltd\", L=深圳市, S=广东省, C=CN, SERIALNUMBER=914403003425095958, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.1=南山区, OID.1.3.6.1.4.1.311.60.2.1.2=广东省, OID.1.3.6.1.4.1.311.60.2.1.3=CN","sourceIndex":"617","avBlockList":["Avast Premium Security (20240829)","AVG Internet Security (20240829)","Avira Internet Security (20240829)","ESET Internet Security (20240829)","FortectPremium (20240829)","K7 Total Security (20240829)","McAfee Total Protection (20240829)","Norton Security (20240829)","Panda Dome (20240829)","Quick Heal Internet Security (20240829)","Sophos Home Premium (20240829)","SpyHunter5 (20240829)","Total AV Antivirus Pro (20240829)","VirIT eXplorer PRO (20240829)","Webroot SecureAnywhere (20240829)","Windows Defender (20240829)"],"avAllowList":["360 Total Security (20240829)","Bitdefender Internet Security (20240829)","COMODO Antivirus (20240829)","Dr.Web Security Space (20240829)","G DATA INTERNET SECURITY (20240829)","Kaspersky Internet Security (20240702)","Malwarebytes Premium (20240829)","Trend Micro Internet Security (20240829)","VIPRE Advanced Security (20240829)","KasperskyPremium (20240829)"]}],"additionalFiles":[],"sources":[{"howFound":"follow up check for new version","reference":"","landingPage":"https://www.anyrecover.com/","directDownloadingLink":"https://download.anyrecover.com/anyrecover-for-win_setup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://download.anyrecover.com/anyrecover-for-win_setup.exe","sourceIndex":"617"}],"sampleFiles":["240625/AnyRecover-240325/6.4.5.5/Samples/anyrecover-for-win_setup.exe"],"imageFiles":["240625/AnyRecover-240325/6.4.5.5/Images/ACR-109/ACR109.png","240625/AnyRecover-240325/6.4.5.5/Images/ACR-109/ACR109_2.png","240625/AnyRecover-240325/6.4.5.5/Images/ACR-039/ACR109.png","240625/AnyRecover-240325/6.4.5.5/Images/ACR-039/ACR109_2.png","240625/AnyRecover-240325/6.4.5.5/Images/ACR-043/ACR43.png","240625/AnyRecover-240325/6.4.5.5/Images/ACR-043/ACR43_2.png","240625/AnyRecover-240325/6.4.5.5/Images/ACR-043/ACR109.png","240625/AnyRecover-240325/6.4.5.5/Images/ACR-107/ACR43.png","240625/AnyRecover-240325/6.4.5.5/Images/ACR-107/ACR43_2.png","240625/AnyRecover-240325/6.4.5.5/Images/ACR-042/ACR43.png","240625/AnyRecover-240325/6.4.5.5/Images/ACR-042/ACR43_2.png","240625/AnyRecover-240325/6.4.5.5/Images/ACR-004/ACR004.png","240625/AnyRecover-240325/6.4.5.5/Images/ACR-004/ACR004_2.png","240625/AnyRecover-240325/6.4.5.5/Images/ACR-118/ACR118.png","240625/AnyRecover-240325/6.4.5.5/Images/ACR-118/ACR118_2.png","240625/AnyRecover-240325/6.4.5.5/Images/ACR-165/ACR165.png"],"nonDeceptorImageFiles":[],"guid":"99b8df48-5dc7-4041-8803-6ec452e7fe62_6.4.5.5_1","appID":"AnyRecover-240325","dateAdded":"240924","deceptorType":"App","name":"Any Recover","company":"Shenzhen AnyRecover Technology Co., Ltd.","version":"6.4.5.5","lastKnownStatus":"6.4.0.7;6.4.5.5;6.5.0.3","lastKnownDate":"240924","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 7,Windows 8,Windows 10,Windows 11","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2024-09-24T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":3,"sortOrder":527},{"violations":{"ACR-109":"The application silently installs \"Apple Mobile Device Support\" without user awareness and not disclosing the relationship to the app during installation.\n","ACR-042":"1. The \"Any recover\" components get dropped in one click without asking the user's permission and disclosing the installation path.\n2. Open source projects \"FFmpeg\" and \"Qt5\" are installed without any disclosure in EULA.\n","ACR-043":"1. The \"Any recover\" components get dropped in one click without asking the user's permission and disclosing the installation path.\n2. Open source projects \"FFmpeg\" and \"Qt5\" are installed without any disclosure in EULA.\n","ACR-107":"The app does not obtain any authorization for using third-party components: \"FFmpeg\" and \"Qt5\"\n","ACR-004":"The application doesn't provide a free fix (recovery) instead offering a subscription that the user needs to pay to fix it.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components it installed on the device without the consumer's consent or notifying the user.\n","ACR-014":"The app does not provide the \"Preview\" option for the lost data as claimed on this prompt from the software, thereby misleading the user.\n","ACR-039":"The app installs the \"Apple Mobile Device Support\" without disclosing the relationship to the app during installation.\n","ACR-165":"The app does not mention clearly the Auto-renewal policy on the cart page and also doesn't disclose whether there might be a change in price after the subscription period.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\AnyRecover\\AnyRecover\\AnyRecover.exe","companyName":"Shenzhen AnyRecover Technology Co. Ltd.","productName":"AnyRecover Data Recovery","productVersion":"6.4.0.7","fileVersion":"6.4.0.7","hashMD5":"ef04d4c3bfe46a6f65841b4df675f2c2","hashSHA1":"7f708329534e364eb2d655ce8249295aa1ce44fd","hashSHA256":"bde1bf1f00b41689494292741e6607acef3d8058fb7f03599a7a46aaa032dca2","digitalCertThumbprint":"EDD8199F09F517C3BDF6816AE2771C0D4FD8C37E","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Shenzhen iMyFone Technology Co. Ltd","storeId":"","sourceIndex":"701","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"anyrecover-for-win_setup.exe","isInstaller":"True","companyName":"","productName":"AnyReconver Data Recovery","productVersion":"4.3.0.3","fileVersion":"4.3.0.3","hashMD5":"7c81563f32335cc00606b017030f64ca","hashSHA1":"dad0e080239e77f4a3630c81f6c9c81ee6c4e9ee","hashSHA256":"80871007e5a12d7bb2116b22aa1aae08a24b0c3a7ea2c9425889e9b2b85a3925","digitalCertThumbprint":"EDD8199F09F517C3BDF6816AE2771C0D4FD8C37E","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Shenzhen iMyFone Technology Co. Ltd","storeId":"","sourceIndex":"701","avBlockList":["360 Total Security (20240815)","Avast Premium Security (20240815)","AVG Internet Security (20240815)","Avira Internet Security (20240815)","ESET Internet Security (20240815)","K7 Total Security (20240815)","Malwarebytes Premium (20240815)","McAfee Total Protection (20240815)","Norton Security (20240815)","Panda Dome (20240815)","Quick Heal Internet Security (20240815)","Sophos Home Premium (20240815)","SpyHunter5 (20240815)","Total AV Antivirus Pro (20240815)","VirIT eXplorer PRO (20240815)","Webroot SecureAnywhere (20240815)","Windows Defender (20240815)","FortectPremium (20240815)"],"avAllowList":["Bitdefender Internet Security (20240815)","COMODO Antivirus (20240815)","Dr.Web Security Space (20240815)","G DATA INTERNET SECURITY (20240815)","Kaspersky Internet Security (20240618)","Trend Micro Internet Security (20240815)","VIPRE Advanced Security (20240815)","KasperskyPremium (20240815)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt on Data recovery applications","reference":"","landingPage":"https://www.anyrecover.com/","directDownloadingLink":"https://download.anyrecover.com/anyrecover-for-win_setup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://download.anyrecover.com/anyrecover-for-win_setup.exe","sourceIndex":"701"}],"sampleFiles":["240325/AnyRecover-240325/6.4.0.7/Samples/anyrecover-for-win_setup.exe"],"imageFiles":["240325/AnyRecover-240325/6.4.0.7/Images/ACR-109/ACR-109.PNG","240325/AnyRecover-240325/6.4.0.7/Images/ACR-109/ACR-109_1.PNG","240325/AnyRecover-240325/6.4.0.7/Images/ACR-039/ACR-039.PNG","240325/AnyRecover-240325/6.4.0.7/Images/ACR-039/ACR-039_1.PNG","240325/AnyRecover-240325/6.4.0.7/Images/ACR-043/ACR-043.PNG","240325/AnyRecover-240325/6.4.0.7/Images/ACR-043/ACR-043_1.PNG","240325/AnyRecover-240325/6.4.0.7/Images/ACR-043/ACR-043_2.PNG","240325/AnyRecover-240325/6.4.0.7/Images/ACR-107/ACR-107.PNG","240325/AnyRecover-240325/6.4.0.7/Images/ACR-107/ACR-107_1.PNG","240325/AnyRecover-240325/6.4.0.7/Images/ACR-042/ACR-042.PNG","240325/AnyRecover-240325/6.4.0.7/Images/ACR-042/ACR-042_1.PNG","240325/AnyRecover-240325/6.4.0.7/Images/ACR-042/ACR-042_2.PNG","240325/AnyRecover-240325/6.4.0.7/Images/ACR-004/ACR-004_1.PNG","240325/AnyRecover-240325/6.4.0.7/Images/ACR-004/ACR-004_2.PNG","240325/AnyRecover-240325/6.4.0.7/Images/ACR-014/ACR-014.PNG","240325/AnyRecover-240325/6.4.0.7/Images/ACR-014/ACR-014_1.mp4","240325/AnyRecover-240325/6.4.0.7/Images/ACR-118/ACR-118.PNG","240325/AnyRecover-240325/6.4.0.7/Images/ACR-118/ACR-118_1.PNG","240325/AnyRecover-240325/6.4.0.7/Images/ACR-165/ACR-165.PNG"],"nonDeceptorImageFiles":[],"guid":"99b8df48-5dc7-4041-8803-6ec452e7fe62_6.4.0.7_1","appID":"AnyRecover-240325","dateAdded":"240924","deceptorType":"App","name":"Any Recover","company":"Shenzhen AnyRecover Technology Co., Ltd.","version":"6.4.0.7","lastKnownStatus":"6.4.0.7;6.4.5.5;6.5.0.3","lastKnownDate":"240924","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10,Windows 11","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2024-09-24T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":3,"sortOrder":528},{"violations":{"ACR-003":"The app does not substantiate identified results under the Privacy Cleaner.\n","ACR-014":"Under Clean Center Category Registry Cleaner,  registries are reported repeatedly after applying clean \n"},"nonDeceptorViolations":{"ACR-038":"The app needs to disclose the Original filename, Company name, Product name, Product version, and File version for the executables: registry-optimizer.exe and Aiseesoft Registry Optimizer.exe\n","ACR-065":"The app does not display links to the EULA or the Privacy Policy.\n","ACR-002":"The app needs to provide a consistent version of 3.1.10 across all points of consumer interaction.\n","ACR-161":"The landing page contains testimonials with no link back to original source, making them unable to be verified.\n","ACR-092":"The application has no signed certificate it is unsigned.\n"},"samples":[{"isRevoked":"False","fileName":"registry-optimizer.exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"8ff85df621fd9d29cedb9ed9cfe6b077","hashSHA1":"57b819d8f7808d702faee3064e02369a9ffd1b82","hashSHA256":"46333afd84c989a5b483381f2c405b22591ab69951993bf664cb414aa0a377b2","sourceIndex":"536","avBlockList":["Bitdefender Internet Security (20241212)","ESET Internet Security (20241212)","FortectPremium (20241212)","G DATA INTERNET SECURITY (20241212)","Malwarebytes Premium (20241212)","Panda Dome (20241212)","Quick Heal Internet Security (20241212)","Sophos Home Premium (20241212)","SpyHunter5 (20241212)","VIPRE Advanced Security (20241212)","VirIT eXplorer PRO (20241212)","Webroot SecureAnywhere (20241212)","Windows Defender (20241212)"],"avAllowList":["360 Total Security (20241212)","Avast Premium Security (20241212)","AVG Internet Security (20241212)","Avira Internet Security (20241212)","COMODO Antivirus (20241212)","Dr.Web Security Space (20241212)","K7 Total Security (20241212)","KasperskyPremium (20241212)","McAfee Total Protection (20241212)","Norton Security (20241212)","Total AV Antivirus Pro (20241212)","Trend Micro Internet Security (20241212)"]},{"isRevoked":"False","fileName":"Aiseesoft%20Registry%20Optimizer.exe","fileVersion":"0.0","hashMD5":"b1e29e3c7f9931c7b13db3456e7de693","hashSHA1":"00ba3f693612591da5d7e818baeb0a5e23687c9e","hashSHA256":"857da79acc2d3a5d0cbe0647733de9c43649f6a6b573c5d6c743d44d031d038d","sourceIndex":"536","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"","landingPage":"https://www.aiseesoft.com/registry-optimizer.html","directDownloadingLink":"https://download.aiseesoft.com/registry-optimizer.exe?_gl=1*111w6oh*_ga*MjA5MzkzNjYzMS4xNzI2MjA0NzE4*_ga_M4E51HTXR8*MTcyNjU5MzU0Ni43LjEuMTcyNjU5MzYwMy4wLjAuMA..","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://download.aiseesoft.com/registry-optimizer.exe?_gl=1*111w6oh*_ga*MjA5MzkzNjYzMS4xNzI2MjA0NzE4*_ga_M4E51HTXR8*MTcyNjU5MzU0Ni43LjEuMTcyNjU5MzYwMy4wLjAuMA..","sourceIndex":"536"}],"sampleFiles":["240923/AiseesoftRegistryOptimizer-240918/3.1.10/Samples/registry-optimizer.exe","240923/AiseesoftRegistryOptimizer-240918/3.1.10/Samples/Aiseesoft%20Registry%20Optimizer.exe"],"imageFiles":["240923/AiseesoftRegistryOptimizer-240918/3.1.10/Images/ACR-003/App5_1.png","240923/AiseesoftRegistryOptimizer-240918/3.1.10/Images/ACR-003/ACR-003_PrivacyCleaner.mp4","240923/AiseesoftRegistryOptimizer-240918/3.1.10/Images/ACR-014/ACR-014_RegistryCleaner.mp4"],"nonDeceptorImageFiles":["240923/AiseesoftRegistryOptimizer-240918/3.1.10/Images/ACR-065/App2.png","240923/AiseesoftRegistryOptimizer-240918/3.1.10/Images/ACR-092/unsigned1.png","240923/AiseesoftRegistryOptimizer-240918/3.1.10/Images/ACR-092/unsigned2.png","240923/AiseesoftRegistryOptimizer-240918/3.1.10/Images/ACR-038/fileproperty_install.png","240923/AiseesoftRegistryOptimizer-240918/3.1.10/Images/ACR-038/fileproperty_main.png","240923/AiseesoftRegistryOptimizer-240918/3.1.10/Images/ACR-002/App2.png","240923/AiseesoftRegistryOptimizer-240918/3.1.10/Images/ACR-002/fileproperty_install.png","240923/AiseesoftRegistryOptimizer-240918/3.1.10/Images/ACR-002/controlpanel.png","240923/AiseesoftRegistryOptimizer-240918/3.1.10/Images/ACR-161/landingpage.png"],"guid":"153fc2de-bc79-4ad5-9338-d7e4e42624c1_3.1.10_1","appID":"AiseesoftRegistryOptimizer-240918","dateAdded":"240923","deceptorType":"App","name":"Aiseesoft Registry Optimizer","company":"Aiseesoft Studio","version":"3.1.10","lastKnownStatus":"3.1.10","lastKnownDate":"240923","type":"Windows Executable","lastUpdate":"2024-09-24T00:50:57.8902008+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":529},{"violations":{"ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software.\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software.\n","ACR-039":"No clear indications of the relationship for the monetization components from CassiniLabs and Carrier app is disclosed to user before offers being prompts. The links for privacy policy and Term of use mislead user that they are for Carrier app. \n(https://nzn.io/termos-de-privacidade/\nhttps://cassinilabs.com/privacy/)\n"},"nonDeceptorViolations":{"ACR-044":"Download manager doesn't disclose its bundling function when user choose to install carrier app.\n"},"samples":[{"isRevoked":"False","fileName":"Baixaki_VLC%20Media%20Player_v0.957.48.82.44.exe","isInstaller":"True","fileVersion":"1.92","hashMD5":"21bd357545f207c0cdccfd0bbf77de08","hashSHA1":"85669fba2b5222efddf2c5f08a83f11745420dd6","hashSHA256":"f4cabb0638c44b174b4b203d8c03344629bf3ea5bc3b4ed346222187e8d77fa7","digitalCertThumbprint":"BCBF67E4B6294CAC7323C6FA76F620600C93D09E","digitalCertIssuer":"CN=SSL.com Code Signing Intermediate CA ECC R2, O=SSL Corp, L=Houston, S=Texas, C=US","digitalCertIssuedTo":"CN=No Zebra Network S.A., O=No Zebra Network S.A., L=Curitiba, S=Paraná, C=BR","sourceIndex":"537","avBlockList":["360 Total Security (20241212)","COMODO Antivirus (20241212)","Dr.Web Security Space (20241212)","ESET Internet Security (20241212)","FortectPremium (20241212)","G DATA INTERNET SECURITY (20241212)","K7 Total Security (20241212)","Malwarebytes Premium (20241212)","Panda Dome (20241212)","Quick Heal Internet Security (20241212)","Sophos Home Premium (20241212)","SpyHunter5 (20241212)","VirIT eXplorer PRO (20241212)","Webroot SecureAnywhere (20241212)"],"avAllowList":["Avast Premium Security (20241212)","AVG Internet Security (20241212)","Avira Internet Security (20241212)","Bitdefender Internet Security (20241212)","KasperskyPremium (20241212)","McAfee Total Protection (20241212)","Norton Security (20241212)","Total AV Antivirus Pro (20241212)","Trend Micro Internet Security (20241212)","VIPRE Advanced Security (20241212)","Windows Defender (20241212)"]}],"additionalFiles":[],"sources":[{"howFound":"hunt.downloadsite","reference":"www.baixaki.com","landingPage":"https://www.baixaki.com.br/download/memory-optimizer-pro.htm","directDownloadingLink":"http://www.hostingcontentnow.com/WMG846BXfhbmAxMLEYzyQSV9p91i_HTnTzWsFoigirUUtySpSdkDyydUmDcX2eac6B3cXI8XJo2fdXaufqvt52p9dyila1B11psOPN6qxlegfLtDBVP7w3ew3+d_UMHWKAe2ThD1Y_Njs_ZjomyXr_Y_C+IfaDiUydN0Ix59gNsa7KRNv9PbgxyvSRg0R58ZL4m94R7tk6rZ4YgAtYHTkQ7A4H3rdb9AThAMJNinF5IGbf2ZTugb4YqPu0cTDPfslfvuY2fgRGnBP+OTh3FcVPDGnRYo_jB2sAdkOGyStewFvF1_Ic4paquD6ZURYDUHLugv4pQaiYC__XHgtge8hXkLsJ6R2YkPanNy+f4_bgZVq7+wWN6sRd9uT0KdOv7yZ3rHjpzBCBXz21oC8Le6nUimw5bgiV5RgqkGgAJmOUTGzv38xJaebZkfZC5jfCsRf1HfawfAQGga+3ug0vnv7UO8XECQfVmEJWE10MruyjXo2++h7QtmrOLjMEuHQM2yAZXDdrT9jInZ7bxDQMyo7FmmS8MDVQG6BQpU8CNHBZMLZxbNCA_lxi2CqmaGLSUBrOwAAJeEcB8_vFN3j5ju0WPM5PmXytvgZ11AXDyjjCcp6_bnr3+ACWVivFr84+M9KMUq+MUlUiNiObhYUVfYdR5owQvCOVwAatJgnZWX5mYBDw3j90KsiH68lyqKc6MenySdWIkqsMnMMZa_oBNNwdekxERIvxfF4ZYHqqw0TrQpYkmqe8c=-GzYAAETdFpumJAqG6sLBu3MueFuQQlYRSW4e6I0JKLocYoYF28zaoPTsFqLy4cM5EdcKHgA=","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://www.hostingcontentnow.com/WMG846BXfhbmAxMLEYzyQSV9p91i_HTnTzWsFoigirUUtySpSdkDyydUmDcX2eac6B3cXI8XJo2fdXaufqvt52p9dyila1B11psOPN6qxlegfLtDBVP7w3ew3+d_UMHWKAe2ThD1Y_Njs_ZjomyXr_Y_C+IfaDiUydN0Ix59gNsa7KRNv9PbgxyvSRg0R58ZL4m94R7tk6rZ4YgAtYHTkQ7A4H3rdb9AThAMJNinF5IGbf2ZTugb4YqPu0cTDPfslfvuY2fgRGnBP+OTh3FcVPDGnRYo_jB2sAdkOGyStewFvF1_Ic4paquD6ZURYDUHLugv4pQaiYC__XHgtge8hXkLsJ6R2YkPanNy+f4_bgZVq7+wWN6sRd9uT0KdOv7yZ3rHjpzBCBXz21oC8Le6nUimw5bgiV5RgqkGgAJmOUTGzv38xJaebZkfZC5jfCsRf1HfawfAQGga+3ug0vnv7UO8XECQfVmEJWE10MruyjXo2++h7QtmrOLjMEuHQM2yAZXDdrT9jInZ7bxDQMyo7FmmS8MDVQG6BQpU8CNHBZMLZxbNCA_lxi2CqmaGLSUBrOwAAJeEcB8_vFN3j5ju0WPM5PmXytvgZ11AXDyjjCcp6_bnr3+ACWVivFr84+M9KMUq+MUlUiNiObhYUVfYdR5owQvCOVwAatJgnZWX5mYBDw3j90KsiH68lyqKc6MenySdWIkqsMnMMZa_oBNNwdekxERIvxfF4ZYHqqw0TrQpYkmqe8c=-GzYAAETdFpumJAqG6sLBu3MueFuQQlYRSW4e6I0JKLocYoYF28zaoPTsFqLy4cM5EdcKHgA=","sourceIndex":"537"},{"howFound":"hunt.downloadsite","reference":"www.baixaki.com","landingPage":"https://www.baixaki.com.br/download/slim-drivers.htm","directDownloadingLink":"http://www.hostingcontentnow.com/GyWhMAiekgRwG+INxOB6MgJlIlVZXmeZiNbxw1nMPXWOqmp_5Auid2D_UEbc1X7LU6zP5SPqu35WKZizsqQ5H0GzoEaGcpG0fhCTy4aR0_4zYmwPgeF1LsASedQfICyZrwgUDO_fG3qMWnLe_46eXEqw+Va4hM7aRZotCcUklorYlyzqxC_+6ZZ6YC+PME_fByxSO9xhffPdTIvjKbLE9dJI6sxDgtveNP5kVcJsEilQFmw2KLJIG03WX6uD7abqWahFNdqcAr5Vw_44yXlIYRCcBVgenPPky9QAuwkB40mltub2F4tJtUeGUVqonriUe+nWU4IeVFzfiFfUkCk9krQqHIuaJ8C5zRgT4AP8l69LL8mY2_Rtr3lH4S8VBkxO0LY20Hr0xjXrJuxj0S6FMhkd9z1pEvf5anGIKfCulvRpsRYJdwgECD7+qtA3+Z_DXOVFkdAb5dfTDqbYeQaEfiwttVW+24DoTUFzmBXm+s6DlGBKhVzJxdnVkXgHuDaCEyJvDtDYjzuCdiiVLvl_wPzJVdKWwNGDh1Esj_BJrE3i7iR1xSCbe1g9sa4oxpgcgfmsQLw4e2NarjB8WVdzuP4+y6fwlb4ZkYTZOwKOz_yeNYjVCftMv63avDH8qDFvNw_WouWy+t8_tmeozDszduXA2OrKvh4Gq4EkULRmlZHYSxdVNw8=-GzAAAERPFhMlCU2oHmxstrOBDThg76cJB7HBcfhcG1GUN6b8RrIFrTevbAOPQuyN4gE=","ipv4":"","ipv6":"","sourceIndex":"538"},{"howFound":"hunt.downloadsite","reference":"www.baixaki.com","landingPage":"https://www.baixaki.com.br/download/my-drivers.htm","directDownloadingLink":"http://www.hostingcontentnow.com/HEsd3tmlxWLz7YWqROy7vJ4E4KFOxXUb+7U4I6Wa+7cCTvroH1aWyXak1fgXanboWfony9_RpU0m0AoP2eznULwdNDJxEdCld6NKgiZNc62qFc0YlErMon86ifL+2p4I5MqABJh96F19k10rQYQ_oLvcFkfvGrKGVtR98azE5kQnDM6WuRHJBtlelTHOMZakx3VPSOzwq7bDfQO6bd6wy1XtRGq8xcfg3XWAgpVANRC6HCRiZRotUq89oyBJm8FeyBi3GMhn3JQsCjQe5iB151m1ELDp0ocOCwEH0p+3Npd1mQp7biNQdHP2ESPMi1+CSJIioXSlCSrnUqTB0cDMDF+HkXIs3gRBmN+eiNeWXCnz2rwq93QFzwmVtRzdnKOzypwsVHBpxPOFK74KgozG_um_y1lJQeV+d_J87EBMdK11m06sM3ugBvNcJbLim9LS_R5RJ0oOQK+jGNPNCsMNo63HWElM9jiyPSXNuDf6P6PDLKm_WuktI1eG_pQyQqyolSBZ9zZiylNs7Zoic7X+S4xiwx_mbbaEc0tMfGLnQy8ci22ASswCvaOhL_y15ZokUbLajai+5Vu4H6ltV3Cx7JRmBEJJWB5hHTjkTqQcl42MK5FFje4=-CxKAaHR0cDovL3d3dy56aGFuZ2R1by5jb20vbXlkcml2ZXJzLmV4ZQM=","ipv4":"","ipv6":"","sourceIndex":"539"},{"howFound":"hunt.downloadsite","reference":"https://www.baixaki.com.br/","landingPage":"https://www.baixaki.com.br/apps/video/vlc-media-player/windows/download#google_vignette","directDownloadingLink":"https://d29ce4h649b9lw.cloudfront.net/YgYvwb2aC.exe","ipv4":"","ipv6":"","sourceIndex":"540"}],"sampleFiles":["240923/BaixakiBundler-180326/1.92.3.8643/Samples/Baixaki_VLC%20Media%20Player_v0.957.48.82.44.exe"],"imageFiles":["240923/BaixakiBundler-180326/1.92.3.8643/Images/ACR-039/App2.png","240923/BaixakiBundler-180326/1.92.3.8643/Images/ACR-013/offer1.png","240923/BaixakiBundler-180326/1.92.3.8643/Images/ACR-013/offer2.png","240923/BaixakiBundler-180326/1.92.3.8643/Images/ACR-013/offer3.png","240923/BaixakiBundler-180326/1.92.3.8643/Images/ACR-013/offer4.png","240923/BaixakiBundler-180326/1.92.3.8643/Images/ACR-060/offer1.png","240923/BaixakiBundler-180326/1.92.3.8643/Images/ACR-060/offer2.png","240923/BaixakiBundler-180326/1.92.3.8643/Images/ACR-060/offer3.png","240923/BaixakiBundler-180326/1.92.3.8643/Images/ACR-060/offer4.png"],"nonDeceptorImageFiles":["240923/BaixakiBundler-180326/1.92.3.8643/Images/ACR-044/App2.png"],"guid":"a529f8b1-14ac-4e42-b649-12e4cf85ed62_1.92.3.8643_1","appID":"BaixakiBundler-180326","dateAdded":"240923","deceptorType":"Bundler","name":"Baixaki Download Manager","company":"baixaki.com.br","version":"1.92.3.8643","lastKnownStatus":"1.92.1.8262;1.92.3.8643","lastKnownDate":"240923","type":"Windows Executable","category":"Bundlers & Downloaders","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"sold in bundle","lastUpdate":"2026-05-12T22:59:50.1676897+00:00","notDistributed":false,"familyName":"core-downmgr-ronil","numInFamily":22,"numInAppID":3,"sortOrder":530},{"violations":{"ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software.\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software.\n","ACR-075":"After carrier app was cancelled during installation, the offers are still installed without any notification for user.\n","ACR-039":"No clear indications of the relationship for the monetization components from CassiniLabs and Carrier app is disclosed to user before offers being prompts. The links for privacy policy and Term of use mislead user that they are for Carrier app. \n(https://nzn.io/termos-de-privacidade/\nhttps://cassinilabs.com/privacy/)\n"},"nonDeceptorViolations":{"ACR-044":"Download manager doesn't disclose its bundling function when user choose to install carrier app.\n"},"samples":[{"isRevoked":"False","fileName":"Baixaki_VLC Media Player_v3.499.577.31.6.exe-574b86167dec7cd65fe64a508b2c03d82f1c77634809101c8d2c250b2e2898b5","isInstaller":"True","fileVersion":"1.92","hashMD5":"c54f13c71d396c99083a840846ecdde4","hashSHA1":"e67907016b5ca7d44aafaca03f8ad0127927f3c2","hashSHA256":"574b86167dec7cd65fe64a508b2c03d82f1c77634809101c8d2c250b2e2898b5","digitalCertThumbprint":"C7446CB187C0BC9B731EB02D9D66705FE1B50F52","digitalCertIssuer":"CN=Domain The Net Technologies Ltd CA for Code Signing R2, O=Domain The Net Technologies Ltd, C=IL","digitalCertIssuedTo":"CN=No Zebra Network SA, O=No Zebra Network SA, L=São Paulo, C=BR","sourceIndex":"943","avBlockList":["Avira Internet Security (20240924)","COMODO Antivirus (20240924)","Dr.Web Security Space (20240924)","ESET Internet Security (20240924)","FortectPremium (20240924)","G DATA INTERNET SECURITY (20240924)","KasperskyPremium (20240924)","Malwarebytes Premium (20240924)","McAfee Total Protection (20240924)","Norton Security (20240924)","Panda Dome (20240924)","Quick Heal Internet Security (20240924)","Sophos Home Premium (20240924)","SpyHunter5 (20240924)","Total AV Antivirus Pro (20240924)","VirIT eXplorer PRO (20240924)","Webroot SecureAnywhere (20240924)"],"avAllowList":["360 Total Security (20240924)","Avast Premium Security (20240924)","AVG Internet Security (20240924)","Bitdefender Internet Security (20240924)","K7 Total Security (20240924)","Trend Micro Internet Security (20240924)","VIPRE Advanced Security (20240924)","Windows Defender (20240924)"]},{"isRevoked":"False","fileName":"Baixaki_VLC Media Player_v3.614.71.485.6.exe","isInstaller":"True","fileVersion":"1.92","hashMD5":"15ef4da21b3371ca3e4d6bce2b210591","hashSHA1":"f94d4a17689ccebce7a9685a99be54bc04be96a7","hashSHA256":"535ff2d430aaea269b676a49a5753b60d8f1aa6965c9093859f0bd7185037b4e","digitalCertThumbprint":"C7446CB187C0BC9B731EB02D9D66705FE1B50F52","digitalCertIssuer":"CN=Domain The Net Technologies Ltd CA for Code Signing R2, O=Domain The Net Technologies Ltd, C=IL","digitalCertIssuedTo":"CN=No Zebra Network SA, O=No Zebra Network SA, L=São Paulo, C=BR","sourceIndex":"943","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"Baixaki_VLC Media Player_v1.43.255.01.61.exe","isInstaller":"True","fileVersion":"1.92","hashMD5":"472b5849ec1749742352d44d7fe57c60","hashSHA1":"2d8d0f5772905d04c9f90bd580aa53d2c6ada675","hashSHA256":"dc662d5365e25ed053c9bac68e29ed981938f9a7d9e7b99dbb40fd34b9ec682a","digitalCertThumbprint":"EBDF92C0DFF603EA7E3F9D2E6203F0758359ABB7","digitalCertIssuer":"CN=Domain The Net Technologies Ltd CA for Code Signing R2, O=Domain The Net Technologies Ltd, C=IL","digitalCertIssuedTo":"CN=No Zebra Network SA, O=No Zebra Network SA, L=São Paulo, C=BR","sourceIndex":"943","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"Baixaki_VLC Media Player_v4.060.894.033.exe","isInstaller":"True","fileVersion":"1.92","hashMD5":"9cfcc1905af1a96d9a02d88b56e00bfd","hashSHA1":"8be14277a5f263e3cee9e9c9fe53e78b8836a00d","hashSHA256":"9b206c14a8ec08c89a7903f5c10102e7cc34ae1236fd9fab20a4cc307f22465b","digitalCertThumbprint":"EBDF92C0DFF603EA7E3F9D2E6203F0758359ABB7","digitalCertIssuer":"CN=Domain The Net Technologies Ltd CA for Code Signing R2, O=Domain The Net Technologies Ltd, C=IL","digitalCertIssuedTo":"CN=No Zebra Network SA, O=No Zebra Network SA, L=São Paulo, C=BR","sourceIndex":"943","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"Baixaki_VLC Media Player_v2.629.95.51.24.exe","isInstaller":"True","fileVersion":"1.92","hashMD5":"da209c56b7a22bd2dbc8710b1d978c08","hashSHA1":"dc1acb24f7d51844be48702d52763277f74c86a2","hashSHA256":"6ab9409a73142ed7fc87ee1ba39d0b5da8e0f0aba3d38059b833c5406ab13b9d","digitalCertThumbprint":"EBDF92C0DFF603EA7E3F9D2E6203F0758359ABB7","digitalCertIssuer":"CN=Domain The Net Technologies Ltd CA for Code Signing R2, O=Domain The Net Technologies Ltd, C=IL","digitalCertIssuedTo":"CN=No Zebra Network SA, O=No Zebra Network SA, L=São Paulo, C=BR","sourceIndex":"943","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"Baixaki_WinRAR_v2.44.465.80.57.exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"1f011bc0b04c6036c9b9a6c593a62e32","hashSHA1":"9e40bdeeb5844d5b5945ccd37491779cd237db7c","hashSHA256":"c671dc622a68a6860cb3f568b004d0ba41b93aca37ed18af2d2fa77adf2016de","digitalCertThumbprint":"FE4427CD7D10C68877CCC2CE98255A3E4BCB0B6A","digitalCertIssuer":"CN=Domain The Net Technologies Ltd CA for Code Signing R2, O=Domain The Net Technologies Ltd, C=IL","digitalCertIssuedTo":"CN=No Zebra Network SA, O=No Zebra Network SA, L=São Paulo, C=BR","sourceIndex":"943","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"hunted using BIBR","reference":"","landingPage":"https://www.baixaki.com.br/download/vlc-media-player.htm","directDownloadingLink":"https://d27g3afj8crpcq.cloudfront.net/version/hk/v4.015.590.52.0","ipv4":"","ipv6":"","landingPageWildChar":"https://www.baixaki.com.br/download/*","directDownloadingLinkWildChar":"https://d27g3afj8crpcq.cloudfront.net/version/hk/v4.015.590.52.0","sourceIndex":"943"},{"howFound":"DE-site","reference":"","landingPage":"","directDownloadingLink":"https://d27g3afj8crpcq.cloudfront.net/revision/de/v1.231.26.181.6","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://d27g3afj8crpcq.cloudfront.net/revision/de/v1.231.26.181.6","sourceIndex":"944"},{"howFound":"DE-site","reference":"","landingPage":"","directDownloadingLink":"https://d27g3afj8crpcq.cloudfront.net/rev/it/v2.884.926.710","ipv4":"","ipv6":"","sourceIndex":"945"},{"howFound":"PH site","reference":"","landingPage":"","directDownloadingLink":"https://d3apuoognqxy1a.cloudfront.net/ver/gb/v6.495.76.901.3","ipv4":"","ipv6":"","sourceIndex":"946"},{"howFound":"DE site","reference":"","landingPage":"","directDownloadingLink":"https://d1u3e7xv3h0tq2.cloudfront.net/build/de/v5.409.380.113","ipv4":"","ipv6":"","sourceIndex":"947"}],"sampleFiles":["230801/BaixakiBundler-180326/1.92.1.8262/Samples/Baixaki_VLC Media Player_v3.499.577.31.6.exe-574b86167dec7cd65fe64a508b2c03d82f1c77634809101c8d2c250b2e2898b5","230801/BaixakiBundler-180326/1.92.1.8262/Samples/Baixaki_VLC Media Player_v3.614.71.485.6.exe","230801/BaixakiBundler-180326/1.92.1.8262/Samples/Baixaki_VLC Media Player_v1.43.255.01.61.exe","230801/BaixakiBundler-180326/1.92.1.8262/Samples/Baixaki_VLC Media Player_v4.060.894.033.exe","230801/BaixakiBundler-180326/1.92.1.8262/Samples/Baixaki_VLC Media Player_v2.629.95.51.24.exe","230801/BaixakiBundler-180326/1.92.1.8262/Samples/Baixaki_WinRAR_v2.44.465.80.57.exe"],"imageFiles":["230801/BaixakiBundler-180326/1.92.1.8262/Images/ACR-039/ACR-039.png","230801/BaixakiBundler-180326/1.92.1.8262/Images/ACR-013/ACR-013_1.png","230801/BaixakiBundler-180326/1.92.1.8262/Images/ACR-013/ACR-013_2.png","230801/BaixakiBundler-180326/1.92.1.8262/Images/ACR-060/ACR-060_1.png","230801/BaixakiBundler-180326/1.92.1.8262/Images/ACR-060/ACR-060_2.png","230801/BaixakiBundler-180326/1.92.1.8262/Images/ACR-075/ACR-075.png"],"nonDeceptorImageFiles":["230801/BaixakiBundler-180326/1.92.1.8262/Images/ACR-044/ACR-044.png"],"guid":"a529f8b1-14ac-4e42-b649-12e4cf85ed62_1.92.1.8262_1","appID":"BaixakiBundler-180326","dateAdded":"240923","deceptorType":"Bundler","name":"Baixaki Download Manager","company":"baixaki.com.br","version":"1.92.1.8262","lastKnownStatus":"1.92.1.8262;1.92.3.8643","lastKnownDate":"240923","type":"Windows Executable","category":"Bundlers & Downloaders","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"sold in bundle","lastUpdate":"2026-05-12T23:00:03.0321329+00:00","notDistributed":false,"familyName":"core-downmgr-ronil","numInFamily":22,"numInAppID":3,"sortOrder":531},{"violations":{},"nonDeceptorViolations":{"ACR-044":"Missing clear information about significant functions of Download Manager: it may show offers during installation.\n","ACR-065":"No EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy is provided for the download manager.\n","ACR-092":"The installed application has a different publisher name that what is located in the certification information.\n\n","ACR-035":"No EULA/Terms of Service, Returns and Cancellation Policy, or Privacy Policy is provided for the download manager.\n","ACR-036":"No EULA/Terms of Service, Returns and Cancellation Policy, or Privacy Policy is provided for the download manager.\n","ACR-037":"No Privacy Policy is provided for the download manager.\n"},"samples":[{"isRevoked":"False","fileName":"Baixaki_memory-optimizer-pro_0693294305.exe","isInstaller":"True","companyName":"n/a","productName":"Fast Internet File","productVersion":"4.1","fileVersion":"4.2.4.6","hashMD5":"a3b670263c6f2c5601f3d8e3013da04e","hashSHA1":"d1ef9073bd59d923620c70f7f696e009531d2f35","hashSHA256":"484c8b367af8367f89bfe23aeade3f46a1f82b8d44ff9285e4d00c40dbb598f3","sourceIndex":"3409","avBlockList":["360 Total Security (20230921)","Avast Premium Security (20230921)","AVG Internet Security (20230921)","Avira Internet Security (20230921)","Bitdefender Internet Security (20230921)","COMODO Antivirus (20230921)","Dr.Web Security Space (20230921)","ESET Internet Security (20230921)","G DATA INTERNET SECURITY (20230921)","K7 Total Security (20230921)","Kaspersky Internet Security (20230921)","Malwarebytes Premium (20230921)","McAfee Total Protection (20230921)","Norton Security (20230921)","Panda Dome (20230921)","Quick Heal Internet Security (20230921)","Sophos Home Premium (20230921)","SpyHunter5 (20230921)","Total AV Antivirus Pro (20230921)","Trend Micro Internet Security (20230921)","VIPRE Advanced Security (20230921)","VirIT eXplorer PRO (20230921)","Webroot SecureAnywhere (20230921)","Windows Defender (20230921)"],"avAllowList":[]},{"isRevoked":"False","fileName":"Baixaki_slim-drivers_1689159726.exe","isInstaller":"True","companyName":"Program                                                     ","productName":"Stub","productVersion":"5.7.9","fileVersion":"5.0.2.3","hashMD5":"47100fbd36b2a821cac4d5843b05e746","hashSHA1":"4b64f3a3dc6e91b848df32f4efe7688056d1d7b0","hashSHA256":"460912d7ce99d64c353d7c05ac75d026e25ecba59e9f15bbc0044a7cc010ac4e","sourceIndex":"3409","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"hunt.downloadsite","reference":"www.baixaki.com","landingPage":"https://www.baixaki.com.br/download/memory-optimizer-pro.htm","directDownloadingLink":"http://www.hostingcontentnow.com/WMG846BXfhbmAxMLEYzyQSV9p91i_HTnTzWsFoigirUUtySpSdkDyydUmDcX2eac6B3cXI8XJo2fdXaufqvt52p9dyila1B11psOPN6qxlegfLtDBVP7w3ew3+d_UMHWKAe2ThD1Y_Njs_ZjomyXr_Y_C+IfaDiUydN0Ix59gNsa7KRNv9PbgxyvSRg0R58ZL4m94R7tk6rZ4YgAtYHTkQ7A4H3rdb9AThAMJNinF5IGbf2ZTugb4YqPu0cTDPfslfvuY2fgRGnBP+OTh3FcVPDGnRYo_jB2sAdkOGyStewFvF1_Ic4paquD6ZURYDUHLugv4pQaiYC__XHgtge8hXkLsJ6R2YkPanNy+f4_bgZVq7+wWN6sRd9uT0KdOv7yZ3rHjpzBCBXz21oC8Le6nUimw5bgiV5RgqkGgAJmOUTGzv38xJaebZkfZC5jfCsRf1HfawfAQGga+3ug0vnv7UO8XECQfVmEJWE10MruyjXo2++h7QtmrOLjMEuHQM2yAZXDdrT9jInZ7bxDQMyo7FmmS8MDVQG6BQpU8CNHBZMLZxbNCA_lxi2CqmaGLSUBrOwAAJeEcB8_vFN3j5ju0WPM5PmXytvgZ11AXDyjjCcp6_bnr3+ACWVivFr84+M9KMUq+MUlUiNiObhYUVfYdR5owQvCOVwAatJgnZWX5mYBDw3j90KsiH68lyqKc6MenySdWIkqsMnMMZa_oBNNwdekxERIvxfF4ZYHqqw0TrQpYkmqe8c=-GzYAAETdFpumJAqG6sLBu3MueFuQQlYRSW4e6I0JKLocYoYF28zaoPTsFqLy4cM5EdcKHgA=","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://www.hostingcontentnow.com/WMG846BXfhbmAxMLEYzyQSV9p91i_HTnTzWsFoigirUUtySpSdkDyydUmDcX2eac6B3cXI8XJo2fdXaufqvt52p9dyila1B11psOPN6qxlegfLtDBVP7w3ew3+d_UMHWKAe2ThD1Y_Njs_ZjomyXr_Y_C+IfaDiUydN0Ix59gNsa7KRNv9PbgxyvSRg0R58ZL4m94R7tk6rZ4YgAtYHTkQ7A4H3rdb9AThAMJNinF5IGbf2ZTugb4YqPu0cTDPfslfvuY2fgRGnBP+OTh3FcVPDGnRYo_jB2sAdkOGyStewFvF1_Ic4paquD6ZURYDUHLugv4pQaiYC__XHgtge8hXkLsJ6R2YkPanNy+f4_bgZVq7+wWN6sRd9uT0KdOv7yZ3rHjpzBCBXz21oC8Le6nUimw5bgiV5RgqkGgAJmOUTGzv38xJaebZkfZC5jfCsRf1HfawfAQGga+3ug0vnv7UO8XECQfVmEJWE10MruyjXo2++h7QtmrOLjMEuHQM2yAZXDdrT9jInZ7bxDQMyo7FmmS8MDVQG6BQpU8CNHBZMLZxbNCA_lxi2CqmaGLSUBrOwAAJeEcB8_vFN3j5ju0WPM5PmXytvgZ11AXDyjjCcp6_bnr3+ACWVivFr84+M9KMUq+MUlUiNiObhYUVfYdR5owQvCOVwAatJgnZWX5mYBDw3j90KsiH68lyqKc6MenySdWIkqsMnMMZa_oBNNwdekxERIvxfF4ZYHqqw0TrQpYkmqe8c=-GzYAAETdFpumJAqG6sLBu3MueFuQQlYRSW4e6I0JKLocYoYF28zaoPTsFqLy4cM5EdcKHgA=","sourceIndex":"3409"},{"howFound":"hunt.downloadsite","reference":"www.baixaki.com","landingPage":"https://www.baixaki.com.br/download/slim-drivers.htm","directDownloadingLink":"http://www.hostingcontentnow.com/GyWhMAiekgRwG+INxOB6MgJlIlVZXmeZiNbxw1nMPXWOqmp_5Auid2D_UEbc1X7LU6zP5SPqu35WKZizsqQ5H0GzoEaGcpG0fhCTy4aR0_4zYmwPgeF1LsASedQfICyZrwgUDO_fG3qMWnLe_46eXEqw+Va4hM7aRZotCcUklorYlyzqxC_+6ZZ6YC+PME_fByxSO9xhffPdTIvjKbLE9dJI6sxDgtveNP5kVcJsEilQFmw2KLJIG03WX6uD7abqWahFNdqcAr5Vw_44yXlIYRCcBVgenPPky9QAuwkB40mltub2F4tJtUeGUVqonriUe+nWU4IeVFzfiFfUkCk9krQqHIuaJ8C5zRgT4AP8l69LL8mY2_Rtr3lH4S8VBkxO0LY20Hr0xjXrJuxj0S6FMhkd9z1pEvf5anGIKfCulvRpsRYJdwgECD7+qtA3+Z_DXOVFkdAb5dfTDqbYeQaEfiwttVW+24DoTUFzmBXm+s6DlGBKhVzJxdnVkXgHuDaCEyJvDtDYjzuCdiiVLvl_wPzJVdKWwNGDh1Esj_BJrE3i7iR1xSCbe1g9sa4oxpgcgfmsQLw4e2NarjB8WVdzuP4+y6fwlb4ZkYTZOwKOz_yeNYjVCftMv63avDH8qDFvNw_WouWy+t8_tmeozDszduXA2OrKvh4Gq4EkULRmlZHYSxdVNw8=-GzAAAERPFhMlCU2oHmxstrOBDThg76cJB7HBcfhcG1GUN6b8RrIFrTevbAOPQuyN4gE=","ipv4":"","ipv6":"","sourceIndex":"3410"},{"howFound":"hunt.downloadsite","reference":"www.baixaki.com","landingPage":"https://www.baixaki.com.br/download/my-drivers.htm","directDownloadingLink":"http://www.hostingcontentnow.com/HEsd3tmlxWLz7YWqROy7vJ4E4KFOxXUb+7U4I6Wa+7cCTvroH1aWyXak1fgXanboWfony9_RpU0m0AoP2eznULwdNDJxEdCld6NKgiZNc62qFc0YlErMon86ifL+2p4I5MqABJh96F19k10rQYQ_oLvcFkfvGrKGVtR98azE5kQnDM6WuRHJBtlelTHOMZakx3VPSOzwq7bDfQO6bd6wy1XtRGq8xcfg3XWAgpVANRC6HCRiZRotUq89oyBJm8FeyBi3GMhn3JQsCjQe5iB151m1ELDp0ocOCwEH0p+3Npd1mQp7biNQdHP2ESPMi1+CSJIioXSlCSrnUqTB0cDMDF+HkXIs3gRBmN+eiNeWXCnz2rwq93QFzwmVtRzdnKOzypwsVHBpxPOFK74KgozG_um_y1lJQeV+d_J87EBMdK11m06sM3ugBvNcJbLim9LS_R5RJ0oOQK+jGNPNCsMNo63HWElM9jiyPSXNuDf6P6PDLKm_WuktI1eG_pQyQqyolSBZ9zZiylNs7Zoic7X+S4xiwx_mbbaEc0tMfGLnQy8ci22ASswCvaOhL_y15ZokUbLajai+5Vu4H6ltV3Cx7JRmBEJJWB5hHTjkTqQcl42MK5FFje4=-CxKAaHR0cDovL3d3dy56aGFuZ2R1by5jb20vbXlkcml2ZXJzLmV4ZQM=","ipv4":"","ipv6":"","sourceIndex":"3411"}],"sampleFiles":["180403/BaixakiBundler-180326/4.1/Samples/Baixaki_memory-optimizer-pro_0693294305.exe","180403/BaixakiBundler-180326/4.1/Samples/Baixaki_slim-drivers_1689159726.exe"],"imageFiles":[],"nonDeceptorImageFiles":["180403/BaixakiBundler-180326/4.1/Images/ACR-044/acr_eula.PNG","180403/BaixakiBundler-180326/4.1/Images/ACR-042/W10-2018-03-26T17-53-06-344744600Z.mp4","180403/BaixakiBundler-180326/4.1/Images/ACR-065/acr_eula.PNG","180403/BaixakiBundler-180326/4.1/Images/ACR-092/unsigned.PNG","180403/BaixakiBundler-180326/4.1/Images/ACR-035/acr_eula.PNG","180403/BaixakiBundler-180326/4.1/Images/ACR-036/acr_eula.PNG","180403/BaixakiBundler-180326/4.1/Images/ACR-037/acr_eula.PNG"],"guid":"a529f8b1-14ac-4e42-b649-12e4cf85ed62_4.1_1","appID":"BaixakiBundler-180326","dateAdded":"240923","deceptorType":"Bundler","name":"Baixaki Download Manager","company":"baixaki.com.br","version":"4.1","sigName":"Deceptor:Win32/Baixaki!042050","lastKnownStatus":"1.92.1.8262;1.92.3.8643","lastKnownDate":"240923","type":"Windows Executable","category":"Bundlers & Downloaders","targetOS":"Windows XP,Windows 10,Windows 8,Windows 7,Windows Vista","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","lastUpdate":"2024-09-23T00:00:00+00:00","notDistributed":false,"familyName":"core-downmgr-ronil","numInFamily":22,"numInAppID":3,"sortOrder":532},{"violations":{"ACR-109":"The app installs the following without disclosing it to the user and getting user consent. \n-FreeStudioManager\n-FreeCodecPack\n-BraveBrowserSetup-DVD020 \n","ACR-042":" The app installs the following without disclosing it to the user and getting user consent. \n-FreeStudioManager\n-FreeCodecPack\n-BraveBrowserSetup-DVD020 \n","ACR-043":" The app installs the following without disclosing it to the user and getting user consent. \n-FreeStudioManager\n-FreeCodecPack\n-BraveBrowserSetup-DVD020 \n","ACR-048":"The app does not provide an option to cancel the installation. \n","ACR-017":"The application logo is way too similar to the windows logo, misleading representation for the app source.\n","ACR-118":"After uninstalling the app, it retains the \"FreeCodecPack\" folder in Program files without the user's consent.\n","ACR-039":" The app installs the following without disclosing it to the user and getting user consent. \n-FreeStudioManager\n-FreeCodecPack\n-BraveBrowserSetup-DVD020 \n","ACR-164":"The app needs to provide details about how to cancel online when users receive notification for renewal and what's the price amount after the time-bound discount expires.\n"},"nonDeceptorViolations":{"ACR-044":"The app does not disclose to users of the other application to download and install.\n","ACR-040":"The app did not disclose components \"FreeStudioManager\" and \"BraveBrowser\" are installed in the non-common folder.\n","ACR-065":" The install wizard does not display links to the Returns and Cancellation Policy. \n The app does not display links to the Returns and Cancellation Policy. \nThe landing page does not display links to the Returns and Cancellation Policy. \n The internal offers page does not display links to the Returns and Cancellation Policy. \n","ACR-099":"The app does not contain links to uninstall information. \nThe app's landing page does not contain links to uninstall information.\nThe internal offers page does not contain links to uninstall information.\n"},"samples":[{"isRevoked":"False","fileName":"BraveBrowserSetup-DVD020.exe","companyName":"BraveSoftware Inc.","productName":"Brave Browser","productVersion":"1.3.99.0","fileVersion":"1.3","hashMD5":"0519aebec30c49c3adb499b85785d657","hashSHA1":"e2782c8ca88ff8f8be19e1e416a8e9220f5c5f45","hashSHA256":"244eebc168e87dc352c86346091cb392145f57bf9795faefa7cead20eb1a744a","digitalCertThumbprint":"D8FB5FD2EC5048777426E06E40E9A07D2A31A958","digitalCertIssuer":"CN=DigiCert SHA2 Assured ID Code Signing CA, OU=www.digicert.com, O=DigiCert Inc, C=US","digitalCertIssuedTo":"CN=\"Brave Software, Inc.\", O=\"Brave Software, Inc.\", L=San Francisco, S=California, C=US","sourceIndex":"1708","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"FreeScreenVideoRecorder_3.0.50.708_d.exe","isInstaller":"True","companyName":"Digital Wave Ltd                                            ","productName":"Free Screen Video Recorder","productVersion":"3.0.50.708","fileVersion":"3.0","hashMD5":"c5648c438dc69c69c4fc55677e15d809","hashSHA1":"bd6703a9a74d67efc73a7ef3d35f77c4ed394342","hashSHA256":"4c6f8589d8bd7436c7a8826533f24c9b388816e1c2d9b3b62d3a90c69570c1cf","digitalCertThumbprint":"1EDD14476C9ED710A53340CD171124742DA1A843","digitalCertIssuer":"CN=DigiCert EV Code Signing CA (SHA2), OU=www.digicert.com, O=DigiCert Inc, C=US","digitalCertIssuedTo":"CN=Digital Wave Ltd, O=Digital Wave Ltd, L=London, C=GB, SERIALNUMBER=06823196, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=GB","sourceIndex":"1708","avBlockList":["Avira Internet Security (20220505)","Bitdefender Internet Security (20220505)","Dr.Web Security Space (20220505)","G DATA INTERNET SECURITY (20220505)","K7 Total Security (20220505)","McAfee Total Protection (20220505)","Norton Security (20220505)","Panda Dome (20220505)","Sophos Home Premium (20220505)","SpyHunter5 (20220505)","Total AV Antivirus Pro (20220505)","VIPRE Advanced Security (20220505)","VirIT eXplorer PRO (20220505)","Windows Defender (20220505)"],"avAllowList":["360 Total Security (20220505)","Avast Premium Security (20220505)","AVG Internet Security (20220505)","COMODO Antivirus (20220505)","ESET Internet Security (20220505)","Kaspersky Internet Security (20220505)","Malwarebytes Premium (20220505)","Quick Heal Internet Security (20220505)","Tencent PC Manager (20220505)","Trend Micro Internet Security (20220505)","Webroot SecureAnywhere (20220505)"]},{"isRevoked":"False","fileName":"FreeScreenVideoRecorder.exe","companyName":"Digital Wave Ltd","productName":"Free Screen Video Recorder","productVersion":"3.0.50.708","fileVersion":"3.0","hashMD5":"f0eed06fdc6aa9c3d016fb3487e74e96","hashSHA1":"1e4f37b35c0a429b8c0cee087f3d2578ffc753c4","hashSHA256":"ab62600b2c9dfb156296f539d84ad2c41cf4d5b4e429b4a52396bfa194c08bc0","digitalCertThumbprint":"1EDD14476C9ED710A53340CD171124742DA1A843","digitalCertIssuer":"CN=DigiCert EV Code Signing CA (SHA2), OU=www.digicert.com, O=DigiCert Inc, C=US","digitalCertIssuedTo":"CN=Digital Wave Ltd, O=Digital Wave Ltd, L=London, C=GB, SERIALNUMBER=06823196, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=GB","sourceIndex":"1708","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"FreeStudioManager.exe","companyName":"Digital Wave Ltd","productName":"Free Studio Manager","productVersion":"6.6.45.708","fileVersion":"6.6","hashMD5":"05350de737eb66367b19df25fc74ef4a","hashSHA1":"b41ed26a46e489796fe7379191b82c13fde39dde","hashSHA256":"a7324259f6828c0484a63345d549bd4faf2661187bfe439393a3935d8ff88ed6","digitalCertThumbprint":"1EDD14476C9ED710A53340CD171124742DA1A843","digitalCertIssuer":"CN=DigiCert EV Code Signing CA (SHA2), OU=www.digicert.com, O=DigiCert Inc, C=US","digitalCertIssuedTo":"CN=Digital Wave Ltd, O=Digital Wave Ltd, L=London, C=GB, SERIALNUMBER=06823196, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=GB","sourceIndex":"1708","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"dvdvideosoft website","reference":"https://www.dvdvideosoft.com/products/dvd/Free-Screen-Video-Recorder.htm","landingPage":"https://www.dvdvideosoft.com/download.htm?fname=FreeScreenVideoRecorder.exe&ls=bottomWinPrimary","ipv4":"","ipv6":"","sourceIndex":"1708"}],"sampleFiles":["220215/FreeScreenVideoRecorder-220213/3.0.50.708/Samples/BraveBrowserSetup-DVD020.exe","220215/FreeScreenVideoRecorder-220213/3.0.50.708/Samples/FreeScreenVideoRecorder_3.0.50.708_d.exe","220215/FreeScreenVideoRecorder-220213/3.0.50.708/Samples/FreeScreenVideoRecorder.exe","220215/FreeScreenVideoRecorder-220213/3.0.50.708/Samples/FreeStudioManager.exe"],"imageFiles":["220215/FreeScreenVideoRecorder-220213/3.0.50.708/Images/ACR-109/BraveBrowserSetup.png","220215/FreeScreenVideoRecorder-220213/3.0.50.708/Images/ACR-109/FreeCodec Install.png","220215/FreeScreenVideoRecorder-220213/3.0.50.708/Images/ACR-109/FreeStudioManager.png","220215/FreeScreenVideoRecorder-220213/3.0.50.708/Images/ACR-039/BraveBrowserSetup.png","220215/FreeScreenVideoRecorder-220213/3.0.50.708/Images/ACR-039/FreeCodec Install.png","220215/FreeScreenVideoRecorder-220213/3.0.50.708/Images/ACR-039/FreeStudioManager.png","220215/FreeScreenVideoRecorder-220213/3.0.50.708/Images/ACR-043/BraveBrowserSetup.png","220215/FreeScreenVideoRecorder-220213/3.0.50.708/Images/ACR-043/FreeCodec Install.png","220215/FreeScreenVideoRecorder-220213/3.0.50.708/Images/ACR-043/FreeStudioManager.png","220215/FreeScreenVideoRecorder-220213/3.0.50.708/Images/ACR-042/BraveBrowserSetup.png","220215/FreeScreenVideoRecorder-220213/3.0.50.708/Images/ACR-042/FreeCodec Install.png","220215/FreeScreenVideoRecorder-220213/3.0.50.708/Images/ACR-042/FreeStudioManager.png","220215/FreeScreenVideoRecorder-220213/3.0.50.708/Images/ACR-048/App Install.png","220215/FreeScreenVideoRecorder-220213/3.0.50.708/Images/ACR-017/App Installer Logo.png","220215/FreeScreenVideoRecorder-220213/3.0.50.708/Images/ACR-017/UAC.png","220215/FreeScreenVideoRecorder-220213/3.0.50.708/Images/ACR-118/Retain FreeCodecPack folder.png","220215/FreeScreenVideoRecorder-220213/3.0.50.708/Images/ACR-164/Checkout Page.png","220215/FreeScreenVideoRecorder-220213/3.0.50.708/Images/ACR-164/Offer Page.png"],"nonDeceptorImageFiles":["220215/FreeScreenVideoRecorder-220213/3.0.50.708/Images/ACR-044/App Bundle.png","220215/FreeScreenVideoRecorder-220213/3.0.50.708/Images/ACR-040/BraveBrowserSetup.png","220215/FreeScreenVideoRecorder-220213/3.0.50.708/Images/ACR-040/FreeStudioManager.png","220215/FreeScreenVideoRecorder-220213/3.0.50.708/Images/ACR-065/App EULA.png","220215/FreeScreenVideoRecorder-220213/3.0.50.708/Images/ACR-065/App UI.png","220215/FreeScreenVideoRecorder-220213/3.0.50.708/Images/ACR-065/App Landing Page.png","220215/FreeScreenVideoRecorder-220213/3.0.50.708/Images/ACR-065/Checkout Page.png","220215/FreeScreenVideoRecorder-220213/3.0.50.708/Images/ACR-065/Offer Page.png","220215/FreeScreenVideoRecorder-220213/3.0.50.708/Images/ACR-099/App UI.png","220215/FreeScreenVideoRecorder-220213/3.0.50.708/Images/ACR-099/App Landing Page.png","220215/FreeScreenVideoRecorder-220213/3.0.50.708/Images/ACR-099/Checkout Page.png","220215/FreeScreenVideoRecorder-220213/3.0.50.708/Images/ACR-099/Offer Page.png"],"guid":"47813674-ca7a-45ec-85e6-9b432e204c58_3.0.50.708_1","appID":"FreeScreenVideoRecorder-220213","dateAdded":"240919","deceptorType":"App","name":"Free Screen Video Recorder","company":"Digital Wave Ltd","version":"3.0.50.708","lastKnownStatus":"3.0.50.708;3.1.2.1206","lastKnownDate":"240919","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10,Windows Server","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2024-09-19T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":556},{"violations":{"ACR-004":"The app provides free scan results, but does not provide a fully functional trial (only provides partial fixes) before requiring consumer to pay.\n"},"nonDeceptorViolations":{"ACR-065":"The landing page does not display link to the Returns and Cancellation Policy.\nApp install does not show links to Returns and Cancellations Policy.\nDoes not show any links to the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\n","ACR-099":"Does not provide uninstall instructions on the internal offer\nThe app does not display links to uninstall information. \n"},"samples":[{"isRevoked":"False","fileName":"PCSpeedCat.exe","fileVersion":"0.0","hashMD5":"522c10d2699b5891d0949b529308b011","hashSHA1":"1b2f03faa27505abbe6f0773e9c1ae20e5d54bdd","hashSHA256":"f395839a00762a5e0428cb2cf596d80c56ba2be78cc3e6a3c89afb5c1f904db9","digitalCertThumbprint":"7690BE9C4107D169D81B3869CB926C0866900816","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"SpeedCAT, LLC\", OU=IT Department, O=\"SpeedCAT, LLC\", POBox=27330, STREET=\"500 Westover Drive, Suite 9589\", L=Sanford, S=North Carolina, PostalCode=27330, C=US","sourceIndex":"542","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"speedcat.setup.exe","isInstaller":"True","fileVersion":"11.2","hashMD5":"b7fe9750c2ca2d32c87b5d05cefde68f","hashSHA1":"66cb605a99492091e9177e825d1dddcefcc105fd","hashSHA256":"ee89b6b9864dd81c50d975156e28fa011439dd5526391130c8df4072f7791380","digitalCertThumbprint":"7690BE9C4107D169D81B3869CB926C0866900816","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"SpeedCAT, LLC\", OU=IT Department, O=\"SpeedCAT, LLC\", POBox=27330, STREET=\"500 Westover Drive, Suite 9589\", L=Sanford, S=North Carolina, PostalCode=27330, C=US","sourceIndex":"542","avBlockList":["360 Total Security (20241205)","Avast Premium Security (20241205)","AVG Internet Security (20241205)","Avira Internet Security (20241205)","Bitdefender Internet Security (20241205)","COMODO Antivirus (20241205)","Dr.Web Security Space (20241205)","ESET Internet Security (20241205)","G DATA INTERNET SECURITY (20241205)","K7 Total Security (20241205)","Kaspersky Internet Security (20220127)","Malwarebytes Premium (20241205)","McAfee Total Protection (20241205)","Norton Security (20241205)","Panda Dome (20241205)","Quick Heal Internet Security (20241205)","Sophos Home Premium (20241205)","SpyHunter5 (20241205)","Total AV Antivirus Pro (20241205)","Trend Micro Internet Security (20241205)","VIPRE Advanced Security (20241205)","VirIT eXplorer PRO (20241205)","Webroot SecureAnywhere (20241205)","Windows Defender (20241205)","FortectPremium (20241205)","KasperskyPremium (20241205)"],"avAllowList":["Tencent PC Manager (20220127)"]},{"isRevoked":"False","fileName":"speedcat.setup [2].exe","isInstaller":"True","fileVersion":"11.2","hashMD5":"9fa2d1587db1b03d1a4dd2acdd985d21","hashSHA1":"824e7810e03f36a3fcf361682dad4e1911d53133","hashSHA256":"31fa50bd5dcd448a679572ef0ef07ba2380d1e142e7cc0922411e796442c982a","digitalCertThumbprint":"7690BE9C4107D169D81B3869CB926C0866900816","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"SpeedCAT, LLC\", OU=IT Department, O=\"SpeedCAT, LLC\", POBox=27330, STREET=\"500 Westover Drive, Suite 9589\", L=Sanford, S=North Carolina, PostalCode=27330, C=US","sourceIndex":"542","avBlockList":["360 Total Security (20241212)","Avast Premium Security (20241212)","AVG Internet Security (20241212)","Avira Internet Security (20241212)","Bitdefender Internet Security (20241212)","COMODO Antivirus (20241212)","Dr.Web Security Space (20241212)","ESET Internet Security (20241212)","FortectPremium (20241212)","G DATA INTERNET SECURITY (20241212)","K7 Total Security (20241212)","KasperskyPremium (20241212)","Malwarebytes Premium (20241212)","McAfee Total Protection (20241212)","Norton Security (20241212)","Panda Dome (20241212)","Quick Heal Internet Security (20241212)","Sophos Home Premium (20241212)","SpyHunter5 (20241212)","Total AV Antivirus Pro (20241212)","Trend Micro Internet Security (20241212)","VIPRE Advanced Security (20241212)","VirIT eXplorer PRO (20241212)","Webroot SecureAnywhere (20241212)","Windows Defender (20241212)"],"avAllowList":[]},{"isRevoked":"False","fileName":"speedcat.setup_240911.exe","isInstaller":"True","fileVersion":"11.2","hashMD5":"ebcc19250b9d70266e0ce6f5fd3b94f9","hashSHA1":"7bbec8336137613df2ba8c6e02f130dc4dd9e643","hashSHA256":"847681e5b1c4a1ae47cdf1dfb9e700910b69ea9cb5ec330a88634326eb41d76d","digitalCertThumbprint":"7690BE9C4107D169D81B3869CB926C0866900816","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"SpeedCAT, LLC\", OU=IT Department, O=\"SpeedCAT, LLC\", POBox=27330, STREET=\"500 Westover Drive, Suite 9589\", L=Sanford, S=North Carolina, PostalCode=27330, C=US","sourceIndex":"542","avBlockList":["360 Total Security (20241217)","Avast Premium Security (20241217)","AVG Internet Security (20241217)","Avira Internet Security (20241217)","Bitdefender Internet Security (20241217)","COMODO Antivirus (20241217)","Dr.Web Security Space (20241217)","ESET Internet Security (20241217)","FortectPremium (20241217)","G DATA INTERNET SECURITY (20241217)","K7 Total Security (20241217)","KasperskyPremium (20241217)","Malwarebytes Premium (20241217)","McAfee Total Protection (20241217)","Norton Security (20241217)","Panda Dome (20241217)","Quick Heal Internet Security (20241217)","Sophos Home Premium (20241217)","SpyHunter5 (20241217)","Total AV Antivirus Pro (20241217)","Trend Micro Internet Security (20241217)","VIPRE Advanced Security (20241217)","VirIT eXplorer PRO (20241217)","Webroot SecureAnywhere (20241217)","Windows Defender (20241217)"],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.search","reference":"https://www.windows10download.com/pc-speedcat/","landingPage":"http://www.pcspeedcat.com/run/click/speedcatweb/go/index ","directDownloadingLink":"http://www.pcspeedcat.com/run/click/@360478556366/global/registration_fastcache_web-m_op1.html?gcountry=PH&pi=/speedcatweb/go/index_fastcache&theme=&plan1id=&orderpackage1id=&plan1c=&upsell_code=&popuppage=&display=&referredby=@360478556366&c1=index_FASTCACHE-LANG-AM-11-27-2019a-SPLT_PH&loadlink=&test=&product=pcspeedcat&upsell=pcspeedcat-2yr&upsell2=&op2red=No&vc=EC2&vc_custom=&ud=&ds=Custom&ds_custom=regc_52020&mp=speedcatweb&lang=en&re=40&cn=MICHELLEPER00A5&du=15&mu=68&fs=0&c1=postscan ","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://www.pcspeedcat.com/run/click/@360478556366/global/registration_fastcache_web-m_op1.html?gcountry=PH&pi=/speedcatweb/go/index_fastcache&theme=&plan1id=&orderpackage1id=&plan1c=&upsell_code=&popuppage=&display=&referredby=@360478556366&c1=index_FASTCACHE-LANG-AM-11-27-2019a-SPLT_PH&loadlink=&test=&product=pcspeedcat&upsell=pcspeedcat-2yr&upsell2=&op2red=No&vc=EC2&vc_custom=&ud=&ds=Custom&ds_custom=regc_52020&mp=speedcatweb&lang=en&re=40&cn=MICHELLEPER00A5&du=15&mu=68&fs=0&c1=postscan ","sourceIndex":"542"}],"sampleFiles":["240919/PCSPEEDCATPCOptimizer-171010/2.2.9/Samples/PCSpeedCat.exe","240919/PCSPEEDCATPCOptimizer-171010/2.2.9/Samples/speedcat.setup.exe","240919/PCSPEEDCATPCOptimizer-171010/2.2.9/Samples/speedcat.setup [2].exe","240919/PCSPEEDCATPCOptimizer-171010/2.2.9/Samples/speedcat.setup_240911.exe"],"imageFiles":["240919/PCSPEEDCATPCOptimizer-171010/2.2.9/Images/ACR-004/PCSpeedCat_Interactions [2].png","240919/PCSPEEDCATPCOptimizer-171010/2.2.9/Images/ACR-004/PCSpeedCat_Interactions [4].png","240919/PCSPEEDCATPCOptimizer-171010/2.2.9/Images/ACR-004/PCSpeedCat_Interactions [5].png","240919/PCSPEEDCATPCOptimizer-171010/2.2.9/Images/ACR-004/PCSpeedCat_Interactions [6].png","240919/PCSPEEDCATPCOptimizer-171010/2.2.9/Images/ACR-004/PCSpeedCat_Interactions [7].png","240919/PCSPEEDCATPCOptimizer-171010/2.2.9/Images/ACR-004/PCSpeedCat_Interactions [8].png"],"nonDeceptorImageFiles":["240919/PCSPEEDCATPCOptimizer-171010/2.2.9/Images/ACR-065/PCSpeedCat_LandingPage [1].png","240919/PCSPEEDCATPCOptimizer-171010/2.2.9/Images/ACR-065/PCSpeedCat_Install [1].png","240919/PCSPEEDCATPCOptimizer-171010/2.2.9/Images/ACR-065/PCSpeedCat_Interactions [3].png","240919/PCSPEEDCATPCOptimizer-171010/2.2.9/Images/ACR-099/PCSpeedCat_Interactions [3].png"],"guid":"7f9278fd-78de-4a21-bf9b-58622b2ef755_2.2.9_1","appID":"PCSPEEDCATPCOptimizer-171010","dateAdded":"240919","deceptorType":"App","name":"PC SpeedCat","company":"PCSpeedCat","version":"2.2.9","firstResolvedVersion":"","lastKnownStatus":"Deceptor:9.1.1.6;2.2.9","lastKnownDate":"240919","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2026-05-12T22:59:50.2349552+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":3,"sortOrder":552},{"violations":{"ACR-004":"App only provides free fixes for some of the scan results shown, and uses the unused scan results to upsell the consumer to a subscription service. App uses alarming color to add an exaggerated sense of urgency to the free scan results.\n","ACR-017":"Install uses the Microsoft Partner Logo as if Microsoft endorsed the app instead of the vendor. \nApp uses the Microsoft Partner Logo as if Microsoft endorsed the app instead of the vendor. \n","ACR-084":"The application creates undisclosed scheduled tasks to perform actions without the user's knowledge and consent. Even after disabling schedule scans within the app the schedules still remains in windows task scheduler.\n"},"nonDeceptorViolations":{"ACR-065":"Landing Page does not show Returns and Cancellation Policy.\nApp install does not show links to Returns and Cancellations Policy.\nDoes not show any links to the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\n","ACR-088":"The application starts a scan post installation without user interaction or permission.\n","ACR-099":"Does not provide uninstall instructions on the internal offer\nDoes not provide uninstall instructions within the software.\n","ACR-017":"Landing Page uses the Microsoft Partner Logo as if Microsoft endorsed the app instead of the vendor. \n"},"samples":[{"isRevoked":"False","fileName":"PCSpeedCat.exe","fileVersion":"0.0","hashMD5":"303847905860063499b4eb108459f1ad","hashSHA1":"229f7d156227836a0b97af28aec6bb4b059d9e96","hashSHA256":"27ac8040958668bd537e39edf92237a2fbab91059f0e2db8307f892b3a48b5e9","digitalCertThumbprint":"8A0C2FF8AEB3458F1C64E6C0A3CA844545BA79F1","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"SpeedCat, LLC\", O=\"SpeedCat, LLC\", STREET=500 Westover Drive, STREET=Suite 9589, L=Sanford, S=North Carolina, PostalCode=27330, C=US","sourceIndex":"3153","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"speedcat.setup.exe","isInstaller":"True","companyName":"SpeedCat Inc.                                               ","fileVersion":"9.1","hashMD5":"c63887b5ef633b94897a14decda664ff","hashSHA1":"5c53115372db7282e068e1ffe4e310055befa1e1","hashSHA256":"ff6f18824c070ce0f943b9602c764244fc72a9ad8d6b045a77ca1d1c963d4a13","digitalCertThumbprint":"8A0C2FF8AEB3458F1C64E6C0A3CA844545BA79F1","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"SpeedCat, LLC\", O=\"SpeedCat, LLC\", STREET=500 Westover Drive, STREET=Suite 9589, L=Sanford, S=North Carolina, PostalCode=27330, C=US","sourceIndex":"3153","avBlockList":["Avast Internet Security (20190302)","AVG Internet Security (20190302)","Avira Internet Security (20190302)","Bitdefender Internet Security (20190302)","ESET Internet Security (20190302)","G DATA INTERNET SECURITY (20190302)","K7 Total Security (20190302)","Kaspersky Internet Security (20190302)","Malwarebytes Premium (20190302)","McAfee Total Protection (20190302)","Norton Security (20190302)","Panda Dome (20190302)","Sophos Home Premium (20190302)","Trend Micro Internet Security (20190302)","VirIT eXplorer PRO (20190302)","Windows Defender (20190302)"],"avAllowList":["Webroot SecureAnywhere (20190302)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.search","reference":"download.cnet.com","landingPage":"http://pcspeedcat.com","directDownloadingLink":"http://www.pcspeedcat.com/ascsetups/ais/van/pcat/104-00/download","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://www.pcspeedcat.com/ascsetups/ais/van/pcat/104-00/download","sourceIndex":"3153"}],"sampleFiles":["190214/PCSPEEDCATPCOptimizer-171010/9.1.1.6 New/Samples/PCSpeedCat.exe","190214/PCSPEEDCATPCOptimizer-171010/9.1.1.6 New/Samples/speedcat.setup.exe"],"imageFiles":["190214/PCSPEEDCATPCOptimizer-171010/9.1.1.6 New/Images/ACR-017/PC SpeedCat First Page of Install.png","190214/PCSPEEDCATPCOptimizer-171010/9.1.1.6 New/Images/ACR-017/PC SpeedCat Tasks.png","190214/PCSPEEDCATPCOptimizer-171010/9.1.1.6 New/Images/ACR-084/PC SpeedCat Task Scheduler.png","190214/PCSPEEDCATPCOptimizer-171010/9.1.1.6 New/Images/ACR-084/PC SpeedCat Tasks.png","190214/PCSPEEDCATPCOptimizer-171010/9.1.1.6 New/Images/ACR-004/PC SpeedCat Finishes only half fixes.png","190214/PCSPEEDCATPCOptimizer-171010/9.1.1.6 New/Images/ACR-004/PC SpeedCat Internal Offers Page.png","190214/PCSPEEDCATPCOptimizer-171010/9.1.1.6 New/Images/ACR-004/PC SpeedCat Issues that Will Be Fixed.png","190214/PCSPEEDCATPCOptimizer-171010/9.1.1.6 New/Images/ACR-004/PC SpeedCat Scan Results.png","190214/PCSPEEDCATPCOptimizer-171010/9.1.1.6 New/Images/ACR-004/PC SpeedCat Finishes only half fixes.png"],"nonDeceptorImageFiles":["190214/PCSPEEDCATPCOptimizer-171010/9.1.1.6 New/Images/ACR-017/PC SpeedCat Top of Landing Page.png","190214/PCSPEEDCATPCOptimizer-171010/9.1.1.6 New/Images/ACR-065/PC SpeedCat Bottom of Landing Page.png","190214/PCSPEEDCATPCOptimizer-171010/9.1.1.6 New/Images/ACR-065/PC SpeedCat First Page of Install.png","190214/PCSPEEDCATPCOptimizer-171010/9.1.1.6 New/Images/ACR-088/PC SpeedCat Auto Scan without User Interaction.gif","190214/PCSPEEDCATPCOptimizer-171010/9.1.1.6 New/Images/ACR-065/PC SpeedCat About Page.png","190214/PCSPEEDCATPCOptimizer-171010/9.1.1.6 New/Images/ACR-099/PC SpeedCat About Page.png"],"guid":"7f9278fd-78de-4a21-bf9b-58622b2ef755_9.1.1.6 New_1","appID":"PCSPEEDCATPCOptimizer-171010","dateAdded":"240919","deceptorType":"App","name":"PC SpeedCat","company":"PCSpeedCat","version":"9.1.1.6 New","sigName":"Deceptor:Win32/PCSpeedCat!004017084","firstResolvedVersion":"","lastKnownStatus":"Deceptor:9.1.1.6;2.2.9","lastKnownDate":"240919","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2024-09-19T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":3,"sortOrder":553},{"violations":{"ACR-109":"The app installs \"FreeStudioManager\" without disclosing it to the user and getting user consent.\n","ACR-042":"1. The app installs \"FreeStudioManager\" and \"FreeCodecPack\" without disclosing it to the user and getting user consent. 2. Third-party \"The Qt Company Ltd\" components are installed without any disclosure\n","ACR-043":" 1. The app installs \"FreeStudioManager\" and \"FreeCodecPack\" without disclosing it to the user and getting user consent. 2. Third-party \"The Qt Company Ltd\" components are installed without any disclosure\n","ACR-107":"The app includes \"Qt5\" components during the installation but the EULA does not contain any disclosure regarding this.\n","ACR-048":"The app does not provide an option to cancel the installation. \nThe non-disclosed app components is hidden from standard uninstall entry, limiting user to remove/delete/uninstall it: \"DVDVideoSoft Free Studio\"\n","ACR-017":"The application logo is way too similar to the windows logo, misleading representation for the app source.\n","ACR-084":"The non-disclosed app components is hidden from standard uninstall entry.\n","ACR-116":"The non-disclosed app components is hidden from standard uninstall entry, thus preventing the platform's standard uninstall method.\n","ACR-118":"After uninstalling the app, it retains the \"FreeCodecPack\" folder in Program files without the user's consent.\n","ACR-039":"The app installs \"FreeStudioManager\" without disclosing it to the user and getting user consent.\n","ACR-165":"The app needs to provide details about how to cancel online when users receive notification for renewal and what's the price amount after the time-bound discount expires.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"FreeScreenVideoRecorder_3.1.2.1206_u.exe","isInstaller":"True","companyName":"Digital Wave Ltd                                            ","productName":"Free Screen Video Recorder (sc)                             ","productVersion":"3.1.2.1206                                        ","fileVersion":"3.1.2.1206          ","hashMD5":"7754f38871727168a28bfacb12e2a5e5","hashSHA1":"b3a62d2b52c3a3187c87a907741f26dde98048d0","hashSHA256":"dd93a375d5bf0eede17c968c09995ea8ec86b25a6634cc8f8a2f602357a64eb1","digitalCertThumbprint":"C644B30CB1377BB542DE7BA6D74E7625F8C3B18B","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Digital Wave Ltd","storeId":"","sourceIndex":"545","avBlockList":["COMODO Antivirus (20241205)","Dr.Web Security Space (20241205)","FortectPremium (20241205)","K7 Total Security (20241205)","Malwarebytes Premium (20241205)","McAfee Total Protection (20241205)","Panda Dome (20241205)","Sophos Home Premium (20241205)","SpyHunter5 (20241205)","VirIT eXplorer PRO (20241205)","Webroot SecureAnywhere (20241205)"],"avAllowList":["360 Total Security (20241205)","Avast Premium Security (20241205)","AVG Internet Security (20241205)","Avira Internet Security (20241205)","Bitdefender Internet Security (20241205)","ESET Internet Security (20241205)","G DATA INTERNET SECURITY (20241205)","KasperskyPremium (20241205)","Norton Security (20241205)","Quick Heal Internet Security (20241205)","Total AV Antivirus Pro (20241205)","Trend Micro Internet Security (20241205)","VIPRE Advanced Security (20241205)","Windows Defender (20241205)"]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on windows app","reference":"","landingPage":"https://www.dvdvideosoft.com/products/dvd/Free-Screen-Video-Recorder.htm","directDownloadingLink":"https://www.dvdvideosoft.com/download.htm?fname=FreeScreenVideoRecorder.exe&ls=bottomWinPrimary","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.dvdvideosoft.com/download.htm?fname=FreeScreenVideoRecorder.exe&ls=bottomWinPrimary","sourceIndex":"545"}],"sampleFiles":["240919/FreeScreenVideoRecorder-220213/3.1.2.1206/Samples/FreeScreenVideoRecorder_3.1.2.1206_u.exe"],"imageFiles":["240919/FreeScreenVideoRecorder-220213/3.1.2.1206/Images/ACR-109/ACR-109.PNG","240919/FreeScreenVideoRecorder-220213/3.1.2.1206/Images/ACR-039/ACR-039.PNG","240919/FreeScreenVideoRecorder-220213/3.1.2.1206/Images/ACR-043/ACR-043.PNG","240919/FreeScreenVideoRecorder-220213/3.1.2.1206/Images/ACR-043/ACR-043_1.PNG","240919/FreeScreenVideoRecorder-220213/3.1.2.1206/Images/ACR-043/ACR-043_2.PNG","240919/FreeScreenVideoRecorder-220213/3.1.2.1206/Images/ACR-107/ACR-107.PNG","240919/FreeScreenVideoRecorder-220213/3.1.2.1206/Images/ACR-042/ACR-042.PNG","240919/FreeScreenVideoRecorder-220213/3.1.2.1206/Images/ACR-042/ACR-042_1.PNG","240919/FreeScreenVideoRecorder-220213/3.1.2.1206/Images/ACR-042/ACR-042_2.PNG","240919/FreeScreenVideoRecorder-220213/3.1.2.1206/Images/ACR-048/ACR-048.PNG","240919/FreeScreenVideoRecorder-220213/3.1.2.1206/Images/ACR-048/ACR-048_1.PNG","240919/FreeScreenVideoRecorder-220213/3.1.2.1206/Images/ACR-017/ACR-017.PNG","240919/FreeScreenVideoRecorder-220213/3.1.2.1206/Images/ACR-084/ACR-084.PNG","240919/FreeScreenVideoRecorder-220213/3.1.2.1206/Images/ACR-116/ACR-116.PNG","240919/FreeScreenVideoRecorder-220213/3.1.2.1206/Images/ACR-118/ACR-118.PNG","240919/FreeScreenVideoRecorder-220213/3.1.2.1206/Images/ACR-165/ACR-165.PNG"],"nonDeceptorImageFiles":[],"guid":"47813674-ca7a-45ec-85e6-9b432e204c58_3.1.2.1206_1","appID":"FreeScreenVideoRecorder-220213","dateAdded":"240919","deceptorType":"App","name":"Free Screen Video Recorder","company":"Digital Wave Ltd","version":"3.1.2.1206","lastKnownStatus":"3.0.50.708;3.1.2.1206","lastKnownDate":"240919","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10,Windows Server","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2024-09-19T20:10:42.7578547+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":555},{"violations":{"ACR-004":"App raises unnecessary urgency and requires user to pay to fix the issues reported during free scan. \n","ACR-017":"App uses the Microsoft Partner Logo as if Microsoft endorsed the app instead of the vendor. \n","ACR-084":"The application creates undisclosed scheduled tasks to perform actions without the user's knowledge and consent. Even after disabling schedule scans within the app the schedules still remains in windows task scheduler.\n"},"nonDeceptorViolations":{"ACR-065":"Does not show any links to the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\n","ACR-088":"The application starts a scan post installation without user interaction or permission.\n","ACR-099":"Does not provide uninstall instructions on the internal offer\nDoes not provide uninstall instructions within the software\n"},"samples":[{"isRevoked":"False","fileName":"speedcat.setup.exe","isInstaller":"True","companyName":"SpeedCat Inc.","productName":"Speedcat PC Optimizer","productVersion":"9.1.1.6","fileVersion":"9.1.1.6","hashMD5":"a96f347c779146314a5280afc0eec146","hashSHA1":"47c6d1d93c330a065420dc46cb95db1aaf84b30c","hashSHA256":"fb5340b7af1d37b6fd29e6994fc30776e88775e32c8784e7b6dadaf22052fd67","digitalCertThumbprint":"8A0C2FF8AEB3458F1C64E6C0A3CA844545BA79F1","digitalCertIssuer":"COMODO RSA Code Signing CA","digitalCertIssuedTo":"SpeedCat, LLC","sourceIndex":"3189","avBlockList":["Avast Internet Security (20190209)","AVG Internet Security (20190209)","Avira Internet Security (20190209)","Bitdefender Internet Security (20190209)","ESET Internet Security (20190209)","G DATA INTERNET SECURITY (20190209)","K7 Total Security (20190209)","Kaspersky Internet Security (20190209)","Malwarebytes Premium (20190209)","McAfee Total Protection (20190209)","Norton Security (20190209)","Panda Dome (20190209)","Sophos Home Premium (20190209)","Trend Micro Internet Security (20190209)","Windows Defender (20190209)"],"avAllowList":["VirIT eXplorer PRO (20190209)","Webroot SecureAnywhere (20190209)"]},{"isRevoked":"False","fileName":"speedcat.setup 1.2.2018.exe","isInstaller":"True","companyName":"SpeedCat Inc.","productName":"Speedcat PC Optimizer","productVersion":"9.1.1.6","fileVersion":"9.1.1.6","hashMD5":"06c86b5869453c4b13940e1ca20673af","hashSHA1":"ab533e10ee8810b5583bd9b2a7502d838ef2e752","hashSHA256":"9795cdadab264f1626e10fc31770ac49066abb79df8537cb1c4a434569bd52bc","digitalCertThumbprint":"8A0C2FF8AEB3458F1C64E6C0A3CA844545BA79F1","digitalCertIssuer":"COMODO RSA Code Signing CA","digitalCertIssuedTo":"SpeedCat, LLC","sourceIndex":"3189","avBlockList":["Avast Internet Security (20190209)","AVG Internet Security (20190209)","Avira Internet Security (20190209)","Bitdefender Internet Security (20190209)","ESET Internet Security (20190209)","G DATA INTERNET SECURITY (20190209)","K7 Total Security (20190209)","Kaspersky Internet Security (20190209)","Malwarebytes Premium (20190209)","McAfee Total Protection (20190209)","Norton Security (20190209)","Panda Dome (20190209)","Sophos Home Premium (20190209)","Trend Micro Internet Security (20190209)","VirIT eXplorer PRO (20190209)","Windows Defender (20190209)"],"avAllowList":["Webroot SecureAnywhere (20190209)"]},{"isRevoked":"False","fileName":"speedcat.setup_121118.exe","isInstaller":"True","companyName":"SpeedCat Inc.                                               ","productVersion":"9.1.1.6","fileVersion":"9.1.1.6","hashMD5":"f728174b4ad0d53460db267fd5b4f5a7","hashSHA1":"3bb143e0b7c8f8b1f33f81968fb45f59fc5bb97e","hashSHA256":"597f683410f8241dcba36f0f46ba83ad6a92def9be62f2a15384b34cc6b0cd49","digitalCertThumbprint":"8A0C2FF8AEB3458F1C64E6C0A3CA844545BA79F1","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"SpeedCat, LLC\", O=\"SpeedCat, LLC\", STREET=500 Westover Drive, STREET=Suite 9589, L=Sanford, S=North Carolina, PostalCode=27330, C=US","sourceIndex":"3189","avBlockList":["Avast Internet Security (20190209)","AVG Internet Security (20190209)","Avira Internet Security (20190209)","Bitdefender Internet Security (20190209)","ESET Internet Security (20190209)","G DATA INTERNET SECURITY (20190209)","K7 Total Security (20190209)","Kaspersky Internet Security (20190209)","Malwarebytes Premium (20190209)","McAfee Total Protection (20190209)","Norton Security (20190209)","Panda Dome (20190209)","Sophos Home Premium (20190209)","Trend Micro Internet Security (20190209)","VirIT eXplorer PRO (20190209)","Windows Defender (20190209)"],"avAllowList":["Webroot SecureAnywhere (20190209)"]},{"isRevoked":"False","fileName":"speedcat.setup_190110.exe","isInstaller":"True","companyName":"SpeedCat Inc.                                               ","fileVersion":"9.1","hashMD5":"f2137c3bbd1d441d77a16c41fad1dd13","hashSHA1":"1b34aa2ff783648b9cbcf3126faa0808bd0e3097","hashSHA256":"e24f1e6c9cbf650f06d3ea4da0b9ce04edc3da159c0e7d06845627223af01c11","digitalCertThumbprint":"8A0C2FF8AEB3458F1C64E6C0A3CA844545BA79F1","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"SpeedCat, LLC\", O=\"SpeedCat, LLC\", STREET=500 Westover Drive, STREET=Suite 9589, L=Sanford, S=North Carolina, PostalCode=27330, C=US","sourceIndex":"3189","avBlockList":["Avast Internet Security (20190209)","AVG Internet Security (20190209)","Avira Internet Security (20190209)","Bitdefender Internet Security (20190209)","ESET Internet Security (20190209)","G DATA INTERNET SECURITY (20190209)","K7 Total Security (20190209)","Kaspersky Internet Security (20190209)","Malwarebytes Premium (20190209)","McAfee Total Protection (20190209)","Norton Security (20190209)","Panda Dome (20190209)","Sophos Home Premium (20190209)","Trend Micro Internet Security (20190209)","VirIT eXplorer PRO (20190209)","Windows Defender (20190209)"],"avAllowList":["Webroot SecureAnywhere (20190209)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.search","reference":"download.cnet.com","landingPage":"http://pcspeedcat.com","directDownloadingLink":"http://www.pcspeedcat.com/ascsetups/ais/van/pcat/104-00/download","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://www.pcspeedcat.com/ascsetups/ais/van/pcat/104-00/download","sourceIndex":"3189"}],"sampleFiles":["190214/PCSPEEDCATPCOptimizer-171010/9.1.1.6/Samples/speedcat.setup.exe","190214/PCSPEEDCATPCOptimizer-171010/9.1.1.6/Samples/speedcat.setup 1.2.2018.exe","190214/PCSPEEDCATPCOptimizer-171010/9.1.1.6/Samples/speedcat.setup_121118.exe","190214/PCSPEEDCATPCOptimizer-171010/9.1.1.6/Samples/speedcat.setup_190110.exe"],"imageFiles":["190214/PCSPEEDCATPCOptimizer-171010/9.1.1.6/Images/ACR-017/PCSpeedCat_017.PNG","190214/PCSPEEDCATPCOptimizer-171010/9.1.1.6/Images/ACR-084/ACR-084_schedule_tasks.PNG","190214/PCSPEEDCATPCOptimizer-171010/9.1.1.6/Images/ACR-084/ACR-084_software.PNG","190214/PCSPEEDCATPCOptimizer-171010/9.1.1.6/Images/ACR-004/PCSpeedCat_004.PNG"],"nonDeceptorImageFiles":[],"guid":"7f9278fd-78de-4a21-bf9b-58622b2ef755_9.1.1.6_1","appID":"PCSPEEDCATPCOptimizer-171010","dateAdded":"240919","deceptorType":"App","name":"PC SpeedCat","company":"PCSpeedCat","version":"9.1.1.6","sigName":"Deceptor:Win32/PCSpeedCat!017084","firstResolvedVersion":"","lastKnownStatus":"Deceptor:9.1.1.6;2.2.9","lastKnownDate":"240919","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2024-09-19T00:00:00+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":3,"sortOrder":554},{"violations":{"ACR-048":"1. The app enables the consumer to hide the app from the system tray, which limits the targeted consumer's ability to control the app.\n2. The app does not provide any control to disable the startup it created. \n","ACR-007":"The app enables the consumer to hide it from the system tray, the desktop, and the installed apps list, which prevents the targeted consumer from being aware of the app's presence. The app does not display explicit notifications when running and requires a password to open it.\n","ACR-084":"1. The app enables the installing consumer to hide the app from the targeted consumer: it prevents the app from showing in the system tray and control panel. The app uses a password to hide its presence.\n2. The app creates an undisclosed startup without the user's knowledge and consent\n","ACR-086":"The app does not inform the targeted consumer to whom it is transmitting their data to and how it collects data and it uses a password to hide its presence. \n","ACR-097":"The installer and landing page (https://kidinspector.net/win/?email=*) prompts/informs users to exclude it from Antivirus Protection.\n","ACR-116":"The app enables the consumer to hide it from the targeted consumer, which prevents them from uninstalling it using platform standard features.\n","ACR-014":"The app calls itself \"clv.exe”, which is not related to the name \"KidInspector\", which misleads the targeted consumer.  \n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"C:\\ProgramData\\Security Monitor\\{0276FACA-AA90-C56A-65FF-D3865DA10EAD}\\wlg.exe","companyName":"","productName":"URLLogger","productVersion":"1.0.0.10","fileVersion":"1.0.0.10","hashMD5":"e75fe5556e524eb162cbce11e2bdbcdb","hashSHA1":"1fbce855dc1d543a8c10d661bbb398ffcf9262dd","hashSHA256":"f22b20c0a767bb3051042d81952ff11cead6d4e72b4789685f1263aa35da3a51","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"549","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"KidInspector for rafel33642@ploncy.com.exe","isInstaller":"True","companyName":"                                                            ","productName":"                                                            ","productVersion":"                                                  ","fileVersion":"                    ","hashMD5":"e517bb7384a9b4c15b8ea218ab1a5320","hashSHA1":"c900b94273117f93b0716397a131fb61fabdab5a","hashSHA256":"bacdd038cd8812b461ea42c07dcbf1a1a9f49a80d62222c2ff34a7616504f387","digitalCertThumbprint":"93A2641F841E800A921EA47FB14B44921EFDBF0A","digitalCertIssuer":"GlobalSign GCC R45 CodeSigning CA 2020","digitalCertIssuedTo":"CLEVERCONTROL LLC","storeId":"","sourceIndex":"549","avBlockList":["360 Total Security (20241205)","Avast Premium Security (20241205)","AVG Internet Security (20241205)","Avira Internet Security (20241205)","Bitdefender Internet Security (20241205)","COMODO Antivirus (20241205)","Dr.Web Security Space (20241205)","ESET Internet Security (20241205)","FortectPremium (20241205)","G DATA INTERNET SECURITY (20241205)","K7 Total Security (20241205)","KasperskyPremium (20241205)","Malwarebytes Premium (20241205)","McAfee Total Protection (20241205)","Norton Security (20241205)","Panda Dome (20241205)","Quick Heal Internet Security (20241205)","Sophos Home Premium (20241205)","SpyHunter5 (20241205)","Total AV Antivirus Pro (20241205)","Trend Micro Internet Security (20241205)","VIPRE Advanced Security (20241205)","VirIT eXplorer PRO (20241205)","Webroot SecureAnywhere (20241205)","Windows Defender (20241205)"],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on windows app","reference":"","landingPage":"https://kidinspector.com/desktop-features","directDownloadingLink":"https://kidinspector.net/win/?email=rafel33642%40ploncy.com","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://kidinspector.net/win/?email=rafel33642%40ploncy.com","sourceIndex":"549"}],"sampleFiles":["240916/kidinspector-211214/11.6.19/Samples/KidInspector%20for%20rafel33642%40ploncy.com.exe"],"imageFiles":["240916/kidinspector-211214/11.6.19/Images/ACR-084/ACR-084.PNG","240916/kidinspector-211214/11.6.19/Images/ACR-084/ACR-084_1.PNG","240916/kidinspector-211214/11.6.19/Images/ACR-084/ACR-084_2.PNG","240916/kidinspector-211214/11.6.19/Images/ACR-084/ACR-084_3.PNG","240916/kidinspector-211214/11.6.19/Images/ACR-084/ACR-084_4.PNG","240916/kidinspector-211214/11.6.19/Images/ACR-086/ACR-086.PNG","240916/kidinspector-211214/11.6.19/Images/ACR-086/ACR-086_1.PNG","240916/kidinspector-211214/11.6.19/Images/ACR-097/ACR-097.PNG","240916/kidinspector-211214/11.6.19/Images/ACR-097/ACR-097_1.PNG","240916/kidinspector-211214/11.6.19/Images/ACR-048/ACR-048.PNG","240916/kidinspector-211214/11.6.19/Images/ACR-048/ACR-048_1.PNG","240916/kidinspector-211214/11.6.19/Images/ACR-048/ACR-048_2.PNG","240916/kidinspector-211214/11.6.19/Images/ACR-048/ACR-048_3.PNG","240916/kidinspector-211214/11.6.19/Images/ACR-007/ACR-007.PNG","240916/kidinspector-211214/11.6.19/Images/ACR-007/ACR-007_1.PNG","240916/kidinspector-211214/11.6.19/Images/ACR-014/ACR-014.PNG","240916/kidinspector-211214/11.6.19/Images/ACR-116/ACR-116.PNG"],"nonDeceptorImageFiles":[],"guid":"f4a656c0-f3a3-441c-81ff-aed8cb7072e5_11.6.19_1","appID":"kidinspector-211214","dateAdded":"240916","deceptorType":"App","name":"Kid Inspector","company":"CleverControl LLC","version":"11.6.19","lastKnownStatus":"11.5.32;11.5.37;11.5.41;11.6.19","lastKnownDate":"240916","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2024-09-16T23:15:29.6038273+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":5,"sortOrder":557},{"violations":{"ACR-048":"1. The app enables the consumer to hide the app from the system tray, which limits the targeted consumer's ability to control the app.\n2. The app does not provide any control to disable the startup it created. \n","ACR-007":"The app enables the consumer to hide it from the system tray, the desktop, and the installed apps list, which prevents the targeted consumer from being aware of the app's presence. The app does not display explicit notifications when running and requires a password to open it.\n","ACR-084":"The app enables the installing consumer to hide the app from the targeted consumer: it prevents the app from showing in the system tray and control panel. The app uses a password to hide its presence.\n","ACR-086":"The app does not inform the targeted consumer to whom it is transmitting their data to and how it collects data and it uses a password to hide its presence. \n","ACR-097":"The landing page (https://kidinspector.net/win/?email=*) prompts the user to exclude it from Antivirus Protection.\n","ACR-116":"The app enables the consumer to hide it from the targeted consumer, which prevents them from uninstalling it using platform standard features.\n","ACR-014":"The app calls itself \"clv.exe”, which is not related to the name \"KidInspector\", which misleads the targeted consumer.  \n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"KidInspectorSetup.exe","isInstaller":"True","companyName":"                                                            ","productName":"                                                            ","productVersion":"                                                  ","fileVersion":"                    ","hashMD5":"a40727643acc16652e544c085f719e0a","hashSHA1":"bbe3c20cce57a3f027ab3451ceafba9075e18ad6","hashSHA256":"77fe83fde957543acd8cd6f407a46066eed457da32591ac1cc4a511a2cec54ed","digitalCertThumbprint":"2206EE683AAAD5CD1D61D21890E6622EF4085745","digitalCertIssuer":"GlobalSign GCC R45 CodeSigning CA 2020","digitalCertIssuedTo":"CLEVERCONTROL LLC","storeId":"","sourceIndex":"735","avBlockList":["360 Total Security (20240917)","Avast Premium Security (20240917)","AVG Internet Security (20240917)","Avira Internet Security (20240917)","Bitdefender Internet Security (20240917)","COMODO Antivirus (20240917)","Dr.Web Security Space (20240917)","ESET Internet Security (20240917)","FortectPremium (20240917)","G DATA INTERNET SECURITY (20240917)","K7 Total Security (20240917)","KasperskyPremium (20240917)","Malwarebytes Premium (20240917)","McAfee Total Protection (20240917)","Norton Security (20240917)","Panda Dome (20240917)","Quick Heal Internet Security (20240917)","Sophos Home Premium (20240917)","SpyHunter5 (20240917)","Total AV Antivirus Pro (20240917)","VirIT eXplorer PRO (20240917)","Webroot SecureAnywhere (20240917)","Windows Defender (20240917)"],"avAllowList":["Trend Micro Internet Security (20240917)","VIPRE Advanced Security (20240917)"]},{"isRevoked":"False","fileName":"C:\\ProgramData\\Security Monitor\\{0276FACA-AA90-C56A-65FF-D3865DA10EAD}\\clv.exe","companyName":"","productName":"","productVersion":"","fileVersion":"","hashMD5":"a2c525714026e720edab7026f702db07","hashSHA1":"31c83d525602bafa995ac2f4aca267177249610a","hashSHA256":"37ca6341ef2ad2825cce378785db1e9e76049ec855a9146e68e8978d494d2b4c","digitalCertThumbprint":"2206EE683AAAD5CD1D61D21890E6622EF4085745","digitalCertIssuer":"GlobalSign GCC R45 CodeSigning CA 2020","digitalCertIssuedTo":"CLEVERCONTROL LLC","storeId":"","sourceIndex":"735","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Google search- Keylogger app","reference":"","landingPage":"https://kidinspector.com/desktop-features","directDownloadingLink":"https://kidinspector.com/download/","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://kidinspector.com/download/","sourceIndex":"735"}],"sampleFiles":["220330/kidinspector-211214/11.6.12/Samples/KidInspectorSetup.exe"],"imageFiles":["220330/kidinspector-211214/11.6.12/Images/ACR-084/ACR-084_Software_1.jpeg","220330/kidinspector-211214/11.6.12/Images/ACR-084/ACR-084_Software_2.jpeg","220330/kidinspector-211214/11.6.12/Images/ACR-084/ACR-084_Software_3.jpeg","220330/kidinspector-211214/11.6.12/Images/ACR-084/ACR-084_Software_4.jpeg","220330/kidinspector-211214/11.6.12/Images/ACR-086/ACR-086_Software_1.jpeg","220330/kidinspector-211214/11.6.12/Images/ACR-086/ACR-086_Software_2.jpeg","220330/kidinspector-211214/11.6.12/Images/ACR-097/ACR-097_Software_1.jpeg","220330/kidinspector-211214/11.6.12/Images/ACR-048/ACR-048_Software_1.jpeg","220330/kidinspector-211214/11.6.12/Images/ACR-048/ACR-048_Software_2.jpeg","220330/kidinspector-211214/11.6.12/Images/ACR-048/ACR-048_Software_3.jpeg","220330/kidinspector-211214/11.6.12/Images/ACR-048/ACR-048_Software_4.jpeg","220330/kidinspector-211214/11.6.12/Images/ACR-007/ACR-007_Software_1.jpeg","220330/kidinspector-211214/11.6.12/Images/ACR-007/ACR-007_Software_2.jpeg","220330/kidinspector-211214/11.6.12/Images/ACR-014/ACR-014_Software_1.jpeg","220330/kidinspector-211214/11.6.12/Images/ACR-116/ACR-116_Uninstall_1.jpeg"],"nonDeceptorImageFiles":[],"guid":"f4a656c0-f3a3-441c-81ff-aed8cb7072e5_11.6.12_1","appID":"kidinspector-211214","dateAdded":"240916","deceptorType":"App","name":"Kid Inspector","company":"CleverControl LLC","version":"11.6.12","lastKnownStatus":"11.5.32;11.5.37;11.5.41;11.6.19","lastKnownDate":"240916","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2024-09-16T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":5,"sortOrder":558},{"violations":{"ACR-048":"1. The app enables the consumer to hide the app from the system tray, which limits the targeted consumer's ability to control the app.\n2. The app does not provide any control to disable the startup it created. \n","ACR-007":"The app enables the consumer to hide it from the system tray, the desktop, and the installed apps list, which prevents the targeted consumer from being aware of the app's presence. The  app does not display explicit notification when it is running and requires a password to open it. \n","ACR-084":"The app enables the installing consumer to hide the app from the targeted consumer: it prevents the app from showing in the system tray and control panel. The app uses a password to hide its presence.\n","ACR-086":"The app does not inform the targeted consumer to whom it is transmitting their data to and how it collects data and it uses a password to hide its presence. \n","ACR-097":"The install wizard and landing page (https://kidinspector.net/win/?email=aa%40gmail.com) prompts the user to exclude it from Windows defender detection.\n","ACR-116":"The app enables the consumer to hide it from the targeted consumer, which prevents them from uninstalling it using platform standard features.\n","ACR-014":"The app calls itself \"clv.exe”, which is not related to the name \"KidInspector\", which misleads the targeted consumer.  \n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"C:\\ProgramData\\Security Monitor\\{0276FACA-AA90-C56A-65FF-D3865DA10EAD}\\clv.exe","companyName":"","productName":"","productVersion":"","fileVersion":"","hashMD5":"f81b6b5a518ec4265b60841a6b53bef7","hashSHA1":"84d493c7cd5a342fd31eee722417d7abbd284e71","hashSHA256":"dd73dc01ecdccf858cb9bc5a90e90f97a5dd2c6260ec039f101b243150319125","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1667","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\ProgramData\\Security Monitor\\{0276FACA-AA90-C56A-65FF-D3865DA10EAD}\\spmm.exe","companyName":"","productName":"","productVersion":"","fileVersion":"","hashMD5":"6529c24a24a3e630d6d6e19aa465116d","hashSHA1":"610b91429fbfb10e7e8d471062f292b581118548","hashSHA256":"384e4bbe32290c04b2cbb7fd9fc8a7e0a78eae89a4db68885069d0cdb88fca55","digitalCertThumbprint":"B8C567E9BE421D196F0F932FEBE59975B451AF71","digitalCertIssuer":"Sectigo RSA Code Signing CA","digitalCertIssuedTo":"CLEVERCONTROL LLC","storeId":"","sourceIndex":"1667","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\ProgramData\\Security Monitor\\{0276FACA-AA90-C56A-65FF-D3865DA10EAD}\\sps.exe","companyName":"","productName":"","productVersion":"1.0.0.0","fileVersion":"1.0.0.0","hashMD5":"a3759594beccfac26b97b1b7d0c291cb","hashSHA1":"8033ccc67cc117d602ed456ca430fbcc91285c95","hashSHA256":"95a55360d3aedf2ff3b5529ffff276dcf424d250ccba7992ead8466959e126cc","digitalCertThumbprint":"B8C567E9BE421D196F0F932FEBE59975B451AF71","digitalCertIssuer":"Sectigo RSA Code Signing CA","digitalCertIssuedTo":"CLEVERCONTROL LLC","storeId":"","sourceIndex":"1667","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"KidInspectorInstaller.exe","isInstaller":"True","companyName":"                                                            ","productName":"                                                            ","productVersion":"                                                  ","fileVersion":"                    ","hashMD5":"e7c60637b9b0e4aa10b03a51d584f998","hashSHA1":"6ccc26dc42f1664aa8d617f5bc3d56641cfc9194","hashSHA256":"1249c1fa91a369332dbf7f92f644a3174e7386fc6ca07b555a860cbc22acc69d","digitalCertThumbprint":"B8C567E9BE421D196F0F932FEBE59975B451AF71","digitalCertIssuer":"Sectigo RSA Code Signing CA","digitalCertIssuedTo":"CLEVERCONTROL LLC","storeId":"","sourceIndex":"1667","avBlockList":["Avast Premium Security (20220421)","AVG Internet Security (20220421)","Avira Internet Security (20220421)","Dr.Web Security Space (20220421)","ESET Internet Security (20220421)","K7 Total Security (20220421)","Kaspersky Internet Security (20220421)","Malwarebytes Premium (20220421)","McAfee Total Protection (20220421)","Norton Security (20220421)","Panda Dome (20220421)","Sophos Home Premium (20220421)","SpyHunter5 (20220421)","Total AV Antivirus Pro (20220421)","VirIT eXplorer PRO (20220421)","Webroot SecureAnywhere (20220421)","Windows Defender (20220421)"],"avAllowList":["360 Total Security (20220421)","Bitdefender Internet Security (20220421)","COMODO Antivirus (20220421)","G DATA INTERNET SECURITY (20220421)","Quick Heal Internet Security (20220421)","Tencent PC Manager (20220421)","Trend Micro Internet Security (20220421)","VIPRE Advanced Security (20220421)"]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on Keylogger app","reference":"","landingPage":"https://kidinspector.com/desktop-features","directDownloadingLink":"https://kidinspector.com/download/","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://kidinspector.com/download/","sourceIndex":"1667"}],"sampleFiles":["220330/kidinspector-211214/11.5.41/Samples/KidInspectorInstaller.exe"],"imageFiles":["220330/kidinspector-211214/11.5.41/Images/ACR-084/ACR-084_Software.JPG","220330/kidinspector-211214/11.5.41/Images/ACR-084/ACR-084_Software_1.JPG","220330/kidinspector-211214/11.5.41/Images/ACR-084/ACR-084_Software_2.JPG","220330/kidinspector-211214/11.5.41/Images/ACR-084/ACR-084_Software_3.JPG","220330/kidinspector-211214/11.5.41/Images/ACR-086/ACR-086_Software.JPG","220330/kidinspector-211214/11.5.41/Images/ACR-086/ACR-086_Software_1.JPG","220330/kidinspector-211214/11.5.41/Images/ACR-097/ACR-097_Software.JPG","220330/kidinspector-211214/11.5.41/Images/ACR-097/ACR-097_Software_1.JPG","220330/kidinspector-211214/11.5.41/Images/ACR-048/ACR-048_Software.JPG","220330/kidinspector-211214/11.5.41/Images/ACR-048/ACR-048_Software_1.JPG","220330/kidinspector-211214/11.5.41/Images/ACR-048/ACR-048_Software_2.JPG","220330/kidinspector-211214/11.5.41/Images/ACR-048/ACR-048_Software_3.JPG","220330/kidinspector-211214/11.5.41/Images/ACR-007/ACR-007_Software.JPG","220330/kidinspector-211214/11.5.41/Images/ACR-007/ACR-007_Software_1.JPG","220330/kidinspector-211214/11.5.41/Images/ACR-014/ACR-014_Software.JPG","220330/kidinspector-211214/11.5.41/Images/ACR-116/ACR-116_Uninstall.JPG"],"nonDeceptorImageFiles":[],"guid":"f4a656c0-f3a3-441c-81ff-aed8cb7072e5_11.5.41_1","appID":"kidinspector-211214","dateAdded":"240916","deceptorType":"App","name":"Kid Inspector","company":"CleverControl LLC","version":"11.5.41","lastKnownStatus":"11.5.32;11.5.37;11.5.41;11.6.19","lastKnownDate":"240916","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2024-09-16T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":5,"sortOrder":559},{"violations":{"ACR-048":"1. The app enables the consumer to hide the app from the system tray, which limits the targeted consumer's ability to control the app.\n2. The app does not provide any control to disable the startup it created. \n","ACR-007":"The app enables the consumer to hide it from the system tray, the desktop, and the installed apps list, which prevents the targeted consumer from being aware of the app's presence. The  app does not display explicit notification when it is running and requires a password to open it. \n","ACR-084":"The app enables the installing consumer to hide the app from the targeted consumer: it prevents the app from showing in the system tray and control panel. The app uses a password to hide its presence.\n","ACR-086":"The app does not inform the targeted consumer whom it is transmitting their data to. The app does not inform the targeted consumer how it collects data and it uses a password to hide its presence. \n","ACR-097":"The install wizard and landing page prompts the user to exclude it from Windows defender detection.\n","ACR-116":"The app enables the consumer to hide it from the targeted consumer, which prevents them from uninstalling it using platform standard features.\n","ACR-014":"The app calls itself \"clv.exe”, which is not related to the name \"KidInspector\", which misleads the targeted consumer.  \n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"C:\\ProgramData\\Security Monitor\\{0276FACA-AA90-C56A-65FF-D3865DA10EAD}\\clv.exe","companyName":"","productName":"","productVersion":"","fileVersion":"","hashMD5":"1fc16092f9b5c569e500b47f78fcabe5","hashSHA1":"9c2ae5a18a39a20d212eb8650dcffa690bbbce52","hashSHA256":"5e39def89460318e401167542d6e33ebc84fcc5d89d5c6d155dc696378ef001f","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1699","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"KidInspectorInstaller.exe","isInstaller":"True","companyName":"                                                            ","productName":"                                                            ","productVersion":"                                                  ","fileVersion":"                    ","hashMD5":"02917478e076d5b5792488d7e9bf5eee","hashSHA1":"b5fdcb156a79b8d907a6d69cad69f2c16d391136","hashSHA256":"5ce1efa93decafa5fc3eb7c785bccb792fa4ce1b2849e1928f6442229a41b463","digitalCertThumbprint":"B8C567E9BE421D196F0F932FEBE59975B451AF71","digitalCertIssuer":"Sectigo RSA Code Signing CA","digitalCertIssuedTo":"CLEVERCONTROL LLC","storeId":"","sourceIndex":"1699","avBlockList":["360 Total Security (20220329)","Avast Premium Security (20220329)","AVG Internet Security (20220329)","Avira Internet Security (20220329)","Bitdefender Internet Security (20220329)","COMODO Antivirus (20220329)","Dr.Web Security Space (20220329)","ESET Internet Security (20220329)","G DATA INTERNET SECURITY (20220329)","K7 Total Security (20220329)","Kaspersky Internet Security (20220329)","Malwarebytes Premium (20220329)","McAfee Total Protection (20220329)","Norton Security (20220329)","Panda Dome (20220329)","Quick Heal Internet Security (20220329)","Sophos Home Premium (20220329)","SpyHunter5 (20220329)","Tencent PC Manager (20220329)","Total AV Antivirus Pro (20220329)","Trend Micro Internet Security (20220329)","VIPRE Advanced Security (20220329)","VirIT eXplorer PRO (20220329)","Webroot SecureAnywhere (20220329)","Windows Defender (20220329)"],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Google search- Keylogger app","reference":"","landingPage":"https://kidinspector.com/desktop-features","directDownloadingLink":"https://kidinspector.net/win/?email=wicidid667%40toudrum.com","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://kidinspector.net/win/?email=wicidid667%40toudrum.com","sourceIndex":"1699"}],"sampleFiles":["220303/kidinspector-211214/11.5.37/Samples/KidInspectorInstaller.exe"],"imageFiles":["220303/kidinspector-211214/11.5.37/Images/ACR-084/ACR-084_Software.JPG","220303/kidinspector-211214/11.5.37/Images/ACR-084/ACR-084_Software_1.JPG","220303/kidinspector-211214/11.5.37/Images/ACR-084/ACR-084_Software_2.JPG","220303/kidinspector-211214/11.5.37/Images/ACR-084/ACR-084_Software_3.JPG","220303/kidinspector-211214/11.5.37/Images/ACR-086/ACR-086_Software.JPG","220303/kidinspector-211214/11.5.37/Images/ACR-086/ACR-086_Software_1.JPG","220303/kidinspector-211214/11.5.37/Images/ACR-097/ACR-097_Software.JPG","220303/kidinspector-211214/11.5.37/Images/ACR-097/ACR-097_Software_1.JPG","220303/kidinspector-211214/11.5.37/Images/ACR-048/ACR-048_Software.JPG","220303/kidinspector-211214/11.5.37/Images/ACR-048/ACR-048_Software_1.JPG","220303/kidinspector-211214/11.5.37/Images/ACR-048/ACR-048_Software_2.JPG","220303/kidinspector-211214/11.5.37/Images/ACR-048/ACR-048_Software_3.JPG","220303/kidinspector-211214/11.5.37/Images/ACR-007/ACR-007_Software.JPG","220303/kidinspector-211214/11.5.37/Images/ACR-007/ACR-007_Software_1.JPG","220303/kidinspector-211214/11.5.37/Images/ACR-014/ACR-014_Software_Misleading.JPG","220303/kidinspector-211214/11.5.37/Images/ACR-116/ACR-116_Uninstall.JPG"],"nonDeceptorImageFiles":[],"guid":"f4a656c0-f3a3-441c-81ff-aed8cb7072e5_11.5.37_1","appID":"kidinspector-211214","dateAdded":"240916","deceptorType":"App","name":"Kid Inspector","company":"CleverControl LLC","version":"11.5.37","lastKnownStatus":"11.5.32;11.5.37;11.5.41;11.6.19","lastKnownDate":"240916","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2024-09-16T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":5,"sortOrder":560},{"violations":{"ACR-048":"1. The app enables the consumer to hide the app from the system tray, which limits the targeted consumer's ability to control the app.\n2. The app does not provide any control to disable the startup it created. \n","ACR-007":"The app enables the consumer to hide it from the system tray, the desktop, and the installed apps list, which prevents the targeted consumer from being aware of the app's presence. The  app does not display explicit notification when it is running and requires a password to open it. \n","ACR-084":"The app enables the installing consumer to hide the app from the targeted consumer: it prevents the app from showing in the system tray and control panel. The app uses a password to hide its presence.\n","ACR-086":"The app does not inform the targeted consumer whom it is transmitting their data to. The app does not inform the targeted consumer how it collects data and it uses a password to hide its presence. \n","ACR-097":"The install wizard prompts the user to exclude it from Windows defender detection.\n","ACR-116":"The app enables the consumer to hide it from the targeted consumer, which prevents them from uninstalling it using platform standard features.\n","ACR-014":"The app calls itself \"clv.exe”, which is not related to the name \"KidInspector\", which misleads the targeted consumer.  \n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"C:\\ProgramData\\Security Monitor\\{0276FACA-AA90-C56A-65FF-D3865DA10EAD}\\clv.exe","companyName":"","productName":"","productVersion":"","fileVersion":"","hashMD5":"3ac766bb7b2cf032f233372a5cf652c9","hashSHA1":"0445a1c03dec9488004af0fc9c7b3fe51e7d223b","hashSHA256":"5a58683cf33d3d442f479322be49740cd4010ffa3bbf24182ebe630539099147","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1764","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"KidInspector for modevih240@gruppies.com.exe","isInstaller":"True","companyName":"                                                            ","productName":"                                                            ","productVersion":"                                                  ","fileVersion":"                    ","hashMD5":"bf3619f3c1f67e4e0486ce799b7ddba3","hashSHA1":"4fae54c5ba6493a26812b58a35c73e9895c078ad","hashSHA256":"705ac243651d3d0b6a9df1a3d3879ae3b98f642df2da74b253b4a28c4ce173ab","digitalCertThumbprint":"B8C567E9BE421D196F0F932FEBE59975B451AF71","digitalCertIssuer":"Sectigo RSA Code Signing CA","digitalCertIssuedTo":"CLEVERCONTROL LLC","storeId":"","sourceIndex":"1764","avBlockList":["360 Total Security (20220407)","Avast Premium Security (20220407)","AVG Internet Security (20220407)","Avira Internet Security (20220407)","Bitdefender Internet Security (20220407)","Dr.Web Security Space (20220407)","ESET Internet Security (20220407)","G DATA INTERNET SECURITY (20220407)","K7 Total Security (20220407)","Kaspersky Internet Security (20220407)","Malwarebytes Premium (20220407)","McAfee Total Protection (20220407)","Norton Security (20220407)","Quick Heal Internet Security (20220407)","Sophos Home Premium (20220407)","SpyHunter5 (20220407)","Total AV Antivirus Pro (20220407)","VIPRE Advanced Security (20220407)","VirIT eXplorer PRO (20220407)","Webroot SecureAnywhere (20220407)","Windows Defender (20220407)"],"avAllowList":["COMODO Antivirus (20220407)","Panda Dome (20220407)","Tencent PC Manager (20220407)","Trend Micro Internet Security (20220407)"]}],"additionalFiles":[],"sources":[{"howFound":"Google search- Keylogger app","reference":"","landingPage":"https://kidinspector.com/desktop-features","directDownloadingLink":"https://kidinspector.com/download/","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://kidinspector.com/download/","sourceIndex":"1764"}],"sampleFiles":["211214/kidinspector-211214/11.5.32/Samples/KidInspectorInstaller.exe"],"imageFiles":["211214/kidinspector-211214/11.5.32/Images/ACR-084/ACR-084_Software.JPG","211214/kidinspector-211214/11.5.32/Images/ACR-084/ACR-084_Software_1.JPG","211214/kidinspector-211214/11.5.32/Images/ACR-084/ACR-084_Software_2.JPG","211214/kidinspector-211214/11.5.32/Images/ACR-084/ACR-084_Software_3.JPG","211214/kidinspector-211214/11.5.32/Images/ACR-084/ACR-084_Software_4.JPG","211214/kidinspector-211214/11.5.32/Images/ACR-086/ACR-086_Software.JPG","211214/kidinspector-211214/11.5.32/Images/ACR-086/ACR-086_Software_1.JPG","211214/kidinspector-211214/11.5.32/Images/ACR-097/ACR-097_Software.JPG","211214/kidinspector-211214/11.5.32/Images/ACR-048/ACR-048_Software.JPG","211214/kidinspector-211214/11.5.32/Images/ACR-048/ACR-048_Software_1.JPG","211214/kidinspector-211214/11.5.32/Images/ACR-048/ACR-048_Software_2.JPG","211214/kidinspector-211214/11.5.32/Images/ACR-048/ACR-048_Software_3.JPG","211214/kidinspector-211214/11.5.32/Images/ACR-007/ACR-007_Software.JPG","211214/kidinspector-211214/11.5.32/Images/ACR-007/ACR-007_Software_1.JPG","211214/kidinspector-211214/11.5.32/Images/ACR-014/ACR-014_Software_Process.JPG","211214/kidinspector-211214/11.5.32/Images/ACR-116/ACR-116_Software.JPG"],"nonDeceptorImageFiles":[],"guid":"f4a656c0-f3a3-441c-81ff-aed8cb7072e5_11.5.32_1","appID":"kidinspector-211214","dateAdded":"240916","deceptorType":"App","name":"Kid Inspector","company":"CleverControl LLC","version":"11.5.32","sigName":"Deceptor:Win32/KidInspectorStalkerware!084086097048007014116","lastKnownStatus":"11.5.32;11.5.37;11.5.41;11.6.19","lastKnownDate":"240916","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2024-09-16T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":5,"sortOrder":561},{"violations":{"ACR-004":"Application doesn't provide free fix for the items reported in red color. It requires subscription payment to delete the duplicated items.\n","ACR-014":"App claims to provide full functional trial on landing page, but does not offer fix for reported items.\n\n"},"nonDeceptorViolations":{"ACR-002":"The app displays a mismatched name before the installation is complete.\n","ACR-167":"The app does not offer refund.\n"},"samples":[{"isRevoked":"False","fileName":"dpfsetup.exe","isInstaller":"True","companyName":"Ashisoft                                                    ","fileVersion":"1.7","hashMD5":"542a1bd90dfc78d09838cafda3f3d0db","hashSHA1":"dc39cffdc092a82ce89241d4334b1feb70383c8c","hashSHA256":"51488ad1b90b26a5d18b9d9d80c8475fdd56a3ebecde0f403fe2b7a0b6079ca6","digitalCertThumbprint":"2399A81E982624BE416A2C72EF0CF2629D6F0776","digitalCertIssuer":"CN=Sectigo Public Code Signing CA R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=Ashisoft, O=Ashisoft, S=Telangana, C=IN","sourceIndex":"548","avBlockList":["ESET Internet Security (20241205)","FortectPremium (20241205)","K7 Total Security (20241205)","Malwarebytes Premium (20241205)","Panda Dome (20241205)","Sophos Home Premium (20241205)","SpyHunter5 (20241205)","VirIT eXplorer PRO (20241205)","Webroot SecureAnywhere (20241205)","Windows Defender (20241205)"],"avAllowList":["360 Total Security (20241205)","Avast Premium Security (20241205)","AVG Internet Security (20241205)","Avira Internet Security (20241205)","Bitdefender Internet Security (20241205)","COMODO Antivirus (20241205)","Dr.Web Security Space (20241205)","G DATA INTERNET SECURITY (20241205)","KasperskyPremium (20241205)","McAfee Total Protection (20241205)","Norton Security (20241205)","Quick Heal Internet Security (20241205)","Total AV Antivirus Pro (20241205)","Trend Micro Internet Security (20241205)","VIPRE Advanced Security (20241205)"]},{"isRevoked":"False","fileName":"dpf.exe","companyName":"Ashisoft","fileVersion":"1.7","hashMD5":"12fbc1b5e3c2e9a4f022c6c4b426b46e","hashSHA1":"80cd988526d2e2ae3e979f229cadde1ff67dbdb4","hashSHA256":"40d77317d0e775be43933176a19d814616823ec53a935fc2ad830462b19cd5b6","digitalCertThumbprint":"2399A81E982624BE416A2C72EF0CF2629D6F0776","digitalCertIssuer":"CN=Sectigo Public Code Signing CA R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=Ashisoft, O=Ashisoft, S=Telangana, C=IN","sourceIndex":"548","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"random search","reference":"","landingPage":"https://www.ashisoft.com","directDownloadingLink":"https://www.ashisoft.com/downloads/dpfsetup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.ashisoft.com/downloads/dpfsetup.exe","sourceIndex":"548"}],"sampleFiles":["240916/DuplicatePhotosFinder-240916/1.7.0.0/Samples/dpfsetup.exe","240916/DuplicatePhotosFinder-240916/1.7.0.0/Samples/dpf.exe"],"imageFiles":["240916/DuplicatePhotosFinder-240916/1.7.0.0/Images/ACR-004/ACR-004_Software_1.png","240916/DuplicatePhotosFinder-240916/1.7.0.0/Images/ACR-004/ACR-004_Software_2.png","240916/DuplicatePhotosFinder-240916/1.7.0.0/Images/ACR-004/ACR-004_Software_3.png","240916/DuplicatePhotosFinder-240916/1.7.0.0/Images/ACR-014/ACR-014_Software_1.png","240916/DuplicatePhotosFinder-240916/1.7.0.0/Images/ACR-014/ACR-014_Software_2.png"],"nonDeceptorImageFiles":["240916/DuplicatePhotosFinder-240916/1.7.0.0/Images/ACR-002/ACR-002_Software_1.png","240916/DuplicatePhotosFinder-240916/1.7.0.0/Images/ACR-167/ACR-167_Docs_1.png"],"guid":"9029dc05-aafb-4cd9-ba4b-83e129e1e493_1.7.0.0_1","appID":"DuplicatePhotosFinder-240916","dateAdded":"240916","deceptorType":"App","name":"Duplicate Photos Finder","company":"Ashisoft","version":"1.7.0.0","sigName":"","lastKnownStatus":"1.7.0.0","lastKnownDate":"240916","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10,Windows 11","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2024-09-16T23:17:53.703584+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":562},{"violations":{"ACR-109":"The app installs \"FreeStudioManager\" without disclosing it to the user and getting user consent. \n","ACR-043":"The app installs \"FreeStudioManager\" and \"FreeCodecPack\" without disclosing it to the user and getting user consent. 2. Third-party \"The Qt Company Ltd\" components are installed without any disclosure\n","ACR-048":"The app does not provide control the cancel the installation process. \nThe non disclosed app components is hidden from standard uninstall entry, limits user to remove/delete/uninstall it: \"DVDVideoSoft Free Studio\" \n","ACR-017":"The application logo is way too similar to the windows logo, misleading representation for the app source. \n","ACR-084":"The non-disclosed app components is hidden from standard uninstall entry.\n","ACR-116":"The non-disclosed app components is hidden from standard uninstall entry, thus preventing the platform's standard uninstall method.\n","ACR-039":"The app installs \"FreeStudioManager\" without disclosing it to the user and getting user consent.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"FreeYouTubeSubtitlesDownload_1.0.8.1204_u.exe","isInstaller":"True","companyName":"Digital Wave Ltd                                            ","productName":"Free YouTube Subtitles Download (sc)                        ","productVersion":"1.0.8.1204                                        ","fileVersion":"1.0.8.1204          ","hashMD5":"c83093e4c0d94270cf8a3a4d3168361b","hashSHA1":"67100378a71a2b58019d6bdb4da467b68be5b938","hashSHA256":"8db8cccbf55b1e6ca25c0f27c415439cbddccc49e5d6233825b2aed0036d348e","digitalCertThumbprint":"C644B30CB1377BB542DE7BA6D74E7625F8C3B18B","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Digital Wave Ltd","storeId":"","sourceIndex":"550","avBlockList":["360 Total Security (20241203)","Avast Premium Security (20241203)","AVG Internet Security (20241203)","Avira Internet Security (20241203)","Dr.Web Security Space (20241203)","FortectPremium (20241203)","K7 Total Security (20241203)","Malwarebytes Premium (20241203)","McAfee Total Protection (20241203)","Norton Security (20241203)","Panda Dome (20241203)","Quick Heal Internet Security (20241203)","Sophos Home Premium (20241203)","SpyHunter5 (20241203)","Total AV Antivirus Pro (20241203)","VirIT eXplorer PRO (20241203)","Webroot SecureAnywhere (20241203)","Windows Defender (20241203)"],"avAllowList":["Bitdefender Internet Security (20241203)","COMODO Antivirus (20241203)","ESET Internet Security (20241203)","G DATA INTERNET SECURITY (20241203)","KasperskyPremium (20241203)","Trend Micro Internet Security (20241203)","VIPRE Advanced Security (20241203)"]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on windows app","reference":"","landingPage":"https://www.dvdvideosoft.com/free-youtube-subtitles-download","directDownloadingLink":"https://www.dvdvideosoft.com/download.htm?fname=FreeYouTubeSubtitlesDownload.exe&ls=topWinPrimary","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.dvdvideosoft.com/download.htm?fname=FreeYouTubeSubtitlesDownload.exe&ls=topWinPrimary","sourceIndex":"550"}],"sampleFiles":["240912/FreeYouTubeSubtitlesDownloader-220203/1.0.8.1204/Samples/FreeYouTubeSubtitlesDownload_1.0.8.1204_u.exe"],"imageFiles":["240912/FreeYouTubeSubtitlesDownloader-220203/1.0.8.1204/Images/ACR-109/ACR-109.PNG","240912/FreeYouTubeSubtitlesDownloader-220203/1.0.8.1204/Images/ACR-039/ACR-039.PNG","240912/FreeYouTubeSubtitlesDownloader-220203/1.0.8.1204/Images/ACR-043/ACR-043.PNG","240912/FreeYouTubeSubtitlesDownloader-220203/1.0.8.1204/Images/ACR-043/ACR-043_1.PNG","240912/FreeYouTubeSubtitlesDownloader-220203/1.0.8.1204/Images/ACR-043/ACR-043_2.PNG","240912/FreeYouTubeSubtitlesDownloader-220203/1.0.8.1204/Images/ACR-048/ACR-048.PNG","240912/FreeYouTubeSubtitlesDownloader-220203/1.0.8.1204/Images/ACR-048/ACR-048_1.PNG","240912/FreeYouTubeSubtitlesDownloader-220203/1.0.8.1204/Images/ACR-017/ACR-017.PNG","240912/FreeYouTubeSubtitlesDownloader-220203/1.0.8.1204/Images/ACR-084/ACR-084.PNG","240912/FreeYouTubeSubtitlesDownloader-220203/1.0.8.1204/Images/ACR-116/ACR-116.PNG"],"nonDeceptorImageFiles":[],"guid":"8ef8e503-2322-413a-b8a9-5b88e1955f2d_1.0.8.1204_1","appID":"FreeYouTubeSubtitlesDownloader-220203","dateAdded":"240912","deceptorType":"App","name":"Free YouTube Playlist Downloader","company":"Digital Wave Ltd","version":"1.0.8.1204","lastKnownStatus":"1.0.5.1201;1.0.8.1204","lastKnownDate":"240912","type":"Windows Executable","category":"Bundlers & Downloaders, SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10,Windows Server","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2024-09-12T22:50:21.037602+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":563},{"violations":{"ACR-109":"The app installs \"FreeStudioManager\" without disclosing it to the user and getting user consent. \n","ACR-043":"The app did not disclose components \"FreeStudioManager\" are installed in the non-common folder.\n","ACR-048":"The non disclosed app components is hidden from standard uninstall entry, limits user to remove/delete/uninstall it: \"DVDVideoSoft Free Studio\" \n","ACR-017":"The application logo is way too similar to the windows logo, misleading representation for the app source. \n","ACR-039":"The app installs \"FreeStudioManager\" without disclosing it to the user and getting user consent.\n"},"nonDeceptorViolations":{"ACR-044":"The app does not disclose to users of the other application to download and install. \n","ACR-040":"The app did not disclose components \"FreeStudioManager\" are installed in the non-common folder.\n","ACR-065":"The install wizard does not display links to the Returns and Cancellation Policy. \nThe app does not have an \"About\" page and display links to the Returns and Cancellation Policy, Privacy Policy. \nThe landing page does not display links to the Returns and Cancellation Policy.\n","ACR-099":"The app does not have an \"About\" page and does not contain links to uninstall information.\nThe app's landing page does not contain links to uninstall information. \n"},"samples":[{"isRevoked":"False","fileName":"FreeStudioManager.exe","companyName":"Digital Wave Ltd","productName":"Free Studio Manager","productVersion":"6.7.5.1201","fileVersion":"6.7.5.1201","hashMD5":"8493336140d7c0f78cc90c939357fe7f","hashSHA1":"46d31ff0fcd8bb0f4f803c74968f4d990e206905","hashSHA256":"317a14516026bf3cb9b256821ce0a0941a4009f2d2253f20a47767331e96d8e3","digitalCertThumbprint":"C934990D27B9D3CE6D5914E7494A993FA4F860E2","digitalCertIssuer":"CN=DigiCert EV Code Signing CA (SHA2), OU=www.digicert.com, O=DigiCert Inc, C=US","digitalCertIssuedTo":"CN=Digital Wave Ltd, O=Digital Wave Ltd, L=London, C=GB, SERIALNUMBER=06823196, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=GB","sourceIndex":"1718","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"FreeYouTubeSubtitlesDownload_1.0.5.1201_o.exe","isInstaller":"True","companyName":"Digital Wave Ltd                                            ","productName":"Free YouTube Subtitles Downloader","productVersion":"1.0.5.1201","fileVersion":"1.0.5.1201","hashMD5":"4c734eeb80dc14ebaf812a5ba3bb403b","hashSHA1":"720bb356a2c6bb508c06d8996003bbdeb581ed44","hashSHA256":"96ab4b02f643692ea243a7b5fc29e74d53a2129df7c2e0055e1e7714db2adffe","digitalCertThumbprint":"C934990D27B9D3CE6D5914E7494A993FA4F860E2","digitalCertIssuer":"CN=DigiCert EV Code Signing CA (SHA2), OU=www.digicert.com, O=DigiCert Inc, C=US","digitalCertIssuedTo":"CN=Digital Wave Ltd, O=Digital Wave Ltd, L=London, C=GB, SERIALNUMBER=06823196, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=GB","sourceIndex":"1718","avBlockList":["Avast Premium Security (20220215)","AVG Internet Security (20220215)","Avira Internet Security (20220215)","Dr.Web Security Space (20220215)","K7 Total Security (20220215)","McAfee Total Protection (20220215)","Norton Security (20220215)","Panda Dome (20220215)","Sophos Home Premium (20220215)","SpyHunter5 (20220215)","Total AV Antivirus Pro (20220215)","VirIT eXplorer PRO (20220215)","Webroot SecureAnywhere (20220215)","Windows Defender (20220215)"],"avAllowList":["360 Total Security (20220215)","Bitdefender Internet Security (20220215)","COMODO Antivirus (20220215)","ESET Internet Security (20220215)","G DATA INTERNET SECURITY (20220215)","Kaspersky Internet Security (20220215)","Malwarebytes Premium (20220215)","Quick Heal Internet Security (20220215)","Tencent PC Manager (20220215)","Trend Micro Internet Security (20220215)","VIPRE Advanced Security (20220215)"]},{"isRevoked":"False","fileName":"FreeYouTubeSubtitlesDownload.exe","companyName":"Digital Wave Ltd","productName":"Free YouTube Subtitles Downloader","productVersion":"1.0.5.1201","fileVersion":"1.0.5.1201","hashMD5":"1e33de482b16355db02dd5fb92f1bcc5","hashSHA1":"8549f767cc83d174ebcbe6166b221a8dc82339b7","hashSHA256":"cac29a0141f7c55a4765793ec797fc47fce69fd9fe4986b1419a6658069e5779","digitalCertThumbprint":"C934990D27B9D3CE6D5914E7494A993FA4F860E2","digitalCertIssuer":"CN=DigiCert EV Code Signing CA (SHA2), OU=www.digicert.com, O=DigiCert Inc, C=US","digitalCertIssuedTo":"CN=Digital Wave Ltd, O=Digital Wave Ltd, L=London, C=GB, SERIALNUMBER=06823196, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=GB","sourceIndex":"1718","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"dvdvideosoft website","reference":"","landingPage":"https://www.dvdvideosoft.com/free-youtube-subtitles-download","directDownloadingLink":"https://www.dvdvideosoft.com/download.htm?fname=FreeYouTubeSubtitlesDownload.exe&ls=topWinPrimary","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.dvdvideosoft.com/download.htm?fname=FreeYouTubeSubtitlesDownload.exe&ls=topWinPrimary","sourceIndex":"1718"}],"sampleFiles":["220207/FreeYouTubeSubtitlesDownloader-220203/1.0.5.1201/Samples/FreeStudioManager.exe","220207/FreeYouTubeSubtitlesDownloader-220203/1.0.5.1201/Samples/FreeYouTubeSubtitlesDownload_1.0.5.1201_o.exe","220207/FreeYouTubeSubtitlesDownloader-220203/1.0.5.1201/Samples/FreeYouTubeSubtitlesDownload.exe"],"imageFiles":["220207/FreeYouTubeSubtitlesDownloader-220203/1.0.5.1201/Images/ACR-109/FreeStudioManager App.png","220207/FreeYouTubeSubtitlesDownloader-220203/1.0.5.1201/Images/ACR-039/FreeStudioManager App.png","220207/FreeYouTubeSubtitlesDownloader-220203/1.0.5.1201/Images/ACR-043/FreeStudioManager App.png","220207/FreeYouTubeSubtitlesDownloader-220203/1.0.5.1201/Images/ACR-048/Control Panel.png","220207/FreeYouTubeSubtitlesDownloader-220203/1.0.5.1201/Images/ACR-017/UAC.png"],"nonDeceptorImageFiles":["220207/FreeYouTubeSubtitlesDownloader-220203/1.0.5.1201/Images/ACR-044/FreeStudioManager App.png","220207/FreeYouTubeSubtitlesDownloader-220203/1.0.5.1201/Images/ACR-040/FreeStudioManager App.png","220207/FreeYouTubeSubtitlesDownloader-220203/1.0.5.1201/Images/ACR-065/EULA.png","220207/FreeYouTubeSubtitlesDownloader-220203/1.0.5.1201/Images/ACR-065/App Interaction.png","220207/FreeYouTubeSubtitlesDownloader-220203/1.0.5.1201/Images/ACR-065/Landing Page.png","220207/FreeYouTubeSubtitlesDownloader-220203/1.0.5.1201/Images/ACR-099/App Interaction.png","220207/FreeYouTubeSubtitlesDownloader-220203/1.0.5.1201/Images/ACR-099/Landing Page.png"],"guid":"8ef8e503-2322-413a-b8a9-5b88e1955f2d_1.0.5.1201_1","appID":"FreeYouTubeSubtitlesDownloader-220203","dateAdded":"240912","deceptorType":"App","name":"Free YouTube Playlist Downloader","company":"Digital Wave Ltd","version":"1.0.5.1201","sigName":"Deceptor:Win32/FreeYouTubePlaylistDownloader!109039043048017","lastKnownStatus":"1.0.5.1201;1.0.8.1204","lastKnownDate":"240912","type":"Windows Executable","category":"Bundlers & Downloaders, SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10,Windows Server","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2024-09-12T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":564},{"violations":{"ACR-109":"The app installs \"FreeStudioManager\" without disclosing it to the user and getting user consent. \n","ACR-043":"The app installs \"FreeStudioManager\" without disclosing it to the user and getting user consent. It also runs the \"vidnotifier.exe\" process and creates a startup.\n","ACR-048":"The non disclosed app components is hidden from standard uninstall entry, limits user to remove/delete/uninstall it: \"DVDVideoSoft Free Studio\" \n","ACR-017":"The application logo is way too similar to the windows logo, misleading representation for the app source. \n","ACR-039":"The app installs \"FreeStudioManager\" without disclosing it to the user and getting user consent.\n"},"nonDeceptorViolations":{"ACR-044":"The app does not disclose to users of the other application to download and install.\n","ACR-040":"The app did not disclose components \"FreeStudioManager\" are installed in the non-common folder. \n","ACR-065":"The install wizard does not display links to the Returns and Cancellation Policy. \nThe app does not display links to the Returns and Cancellation Policy, Privacy Policy.\nThe landing page does not display links to the Returns and Cancellation Policy.\n","ACR-099":"The app's  About page does not contain links to uninstall information. \nThe app's landing page does not contain links to uninstall information.\n"},"samples":[{"isRevoked":"False","fileName":"FreeStudioManager.exe","companyName":"Digital Wave Ltd","productName":"Free Studio Manager","productVersion":"6.7.4.623","fileVersion":"6.7.4.623","hashMD5":"a6499b93119c9f1b0f9c41bf82a2db1e","hashSHA1":"2eac0a2d6a7a117378df44db11662e8a51e7bb9b","hashSHA256":"2216342068474847e702f2403986dd091276f145a702826ee1486202d516fe04","digitalCertThumbprint":"C934990D27B9D3CE6D5914E7494A993FA4F860E2","digitalCertIssuer":"CN=DigiCert EV Code Signing CA (SHA2), OU=www.digicert.com, O=DigiCert Inc, C=US","digitalCertIssuedTo":"CN=Digital Wave Ltd, O=Digital Wave Ltd, L=London, C=GB, SERIALNUMBER=06823196, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=GB","sourceIndex":"1720","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"FreeYouTubeToMP4Converter_4.3.51.623_o_ffcee9e9-2052-4bfa-8587-c915f61c8fa7.exe","isInstaller":"True","companyName":"Digital Wave Ltd                                            ","productName":"Free YouTube to MP4 Converter","productVersion":"4.3.51.623","fileVersion":"4.3.51.623","hashMD5":"518ea80fce5e716f238eca42403c5471","hashSHA1":"ab93262ea0fee965575f7b7ac8be38457c703e23","hashSHA256":"fec402097247e10d566cc26357eb2727b0408a82e46c43fa174e7546f6bbf85b","digitalCertThumbprint":"C934990D27B9D3CE6D5914E7494A993FA4F860E2","digitalCertIssuer":"CN=DigiCert EV Code Signing CA (SHA2), OU=www.digicert.com, O=DigiCert Inc, C=US","digitalCertIssuedTo":"CN=Digital Wave Ltd, O=Digital Wave Ltd, L=London, C=GB, SERIALNUMBER=06823196, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=GB","sourceIndex":"1720","avBlockList":["360 Total Security (20240912)","Avast Premium Security (20240912)","AVG Internet Security (20240912)","Avira Internet Security (20240912)","Bitdefender Internet Security (20240912)","COMODO Antivirus (20240912)","Dr.Web Security Space (20240912)","G DATA INTERNET SECURITY (20240912)","Malwarebytes Premium (20240912)","McAfee Total Protection (20240912)","Norton Security (20240912)","Panda Dome (20240912)","Quick Heal Internet Security (20240912)","Sophos Home Premium (20240912)","SpyHunter5 (20240912)","Total AV Antivirus Pro (20240912)","VIPRE Advanced Security (20240912)","VirIT eXplorer PRO (20240912)","Webroot SecureAnywhere (20240912)","Windows Defender (20240912)","FortectPremium (20240912)"],"avAllowList":["ESET Internet Security (20240912)","K7 Total Security (20240912)","Kaspersky Internet Security (20220215)","Tencent PC Manager (20220215)","Trend Micro Internet Security (20240912)","KasperskyPremium (20240912)"]},{"isRevoked":"False","fileName":"FreeYouTubeToMP4Converter.exe","companyName":"Digital Wave Ltd","productName":"Free YouTube to MP4 Converter","productVersion":"4.3.51.623","fileVersion":"4.3.51.623","hashMD5":"02245fd423d73098175942108da453eb","hashSHA1":"3fed80f576e2c9a009371ee58251d972ea8c657c","hashSHA256":"851e0881d4160d8ce4add1ead40a3a09933b10fab841a35e37be64f0bd48571a","digitalCertThumbprint":"C934990D27B9D3CE6D5914E7494A993FA4F860E2","digitalCertIssuer":"CN=DigiCert EV Code Signing CA (SHA2), OU=www.digicert.com, O=DigiCert Inc, C=US","digitalCertIssuedTo":"CN=Digital Wave Ltd, O=Digital Wave Ltd, L=London, C=GB, SERIALNUMBER=06823196, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=GB","sourceIndex":"1720","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"vidnotifier.exe","companyName":"Digital Wave Ltd","productName":"Vidnotifier","productVersion":"1.1.11.623","fileVersion":"1.1.11.623","hashMD5":"d2ecc4d0b71d22987894274227e7262e","hashSHA1":"39572d74a90a6b844e99a18a016a7f23b245db1a","hashSHA256":"85d03cee9a7423c40b7669312424dfb454b9155729f5c61f5d5ffb158ce58600","digitalCertThumbprint":"C934990D27B9D3CE6D5914E7494A993FA4F860E2","digitalCertIssuer":"CN=DigiCert EV Code Signing CA (SHA2), OU=www.digicert.com, O=DigiCert Inc, C=US","digitalCertIssuedTo":"CN=Digital Wave Ltd, O=Digital Wave Ltd, L=London, C=GB, SERIALNUMBER=06823196, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=GB","sourceIndex":"1720","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"dvdvideosoft website","reference":"","landingPage":"https://www.dvdvideosoft.com/youtube-to-mp4-converter-en","directDownloadingLink":"https://www.dvdvideosoft.com/download.htm?fname=FreeYouTubeToMP4Converter.exe&ls=guideWin","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.dvdvideosoft.com/download.htm?fname=FreeYouTubeToMP4Converter.exe&ls=guideWin","sourceIndex":"1720"}],"sampleFiles":["220203/FreeYoutubeToMP4Converter-220131/4.3.51.623/Samples/FreeStudioManager.exe","220203/FreeYoutubeToMP4Converter-220131/4.3.51.623/Samples/FreeYouTubeToMP4Converter_4.3.51.623_o_ffcee9e9-2052-4bfa-8587-c915f61c8fa7.exe","220203/FreeYoutubeToMP4Converter-220131/4.3.51.623/Samples/FreeYouTubeToMP4Converter.exe","220203/FreeYoutubeToMP4Converter-220131/4.3.51.623/Samples/vidnotifier.exe"],"imageFiles":["220203/FreeYoutubeToMP4Converter-220131/4.3.51.623/Images/ACR-109/FreeYTVtoMP4 Bundle.png","220203/FreeYoutubeToMP4Converter-220131/4.3.51.623/Images/ACR-039/FreeYTVtoMP4 Bundle.png","220203/FreeYoutubeToMP4Converter-220131/4.3.51.623/Images/ACR-043/FreeYTVtoMP4 Bundle.png","220203/FreeYoutubeToMP4Converter-220131/4.3.51.623/Images/ACR-043/VidNotifier.png","220203/FreeYoutubeToMP4Converter-220131/4.3.51.623/Images/ACR-043/VidNotifier Startup.png","220203/FreeYoutubeToMP4Converter-220131/4.3.51.623/Images/ACR-048/FreeStudio x ControlPanel.png","220203/FreeYoutubeToMP4Converter-220131/4.3.51.623/Images/ACR-017/FreeYTVtoMP4 UAC.png"],"nonDeceptorImageFiles":["220203/FreeYoutubeToMP4Converter-220131/4.3.51.623/Images/ACR-044/FreeYTVtoMP4 Bundle.png","220203/FreeYoutubeToMP4Converter-220131/4.3.51.623/Images/ACR-040/FreeStudioManager Install Location.png","220203/FreeYoutubeToMP4Converter-220131/4.3.51.623/Images/ACR-065/FreeYTVtoMP4 EULA.png","220203/FreeYoutubeToMP4Converter-220131/4.3.51.623/Images/ACR-065/FreeYTVtoMP4 About.png","220203/FreeYoutubeToMP4Converter-220131/4.3.51.623/Images/ACR-065/FreeYTVtoMP4 Landing Page.png","220203/FreeYoutubeToMP4Converter-220131/4.3.51.623/Images/ACR-099/FreeYTVtoMP4 About.png","220203/FreeYoutubeToMP4Converter-220131/4.3.51.623/Images/ACR-099/FreeYTVtoMP4 Landing Page.png"],"guid":"7d9b1d04-7d72-4162-8010-fc0c2bcd2791_4.3.51.623_1","appID":"FreeYoutubeToMP4Converter-220131","dateAdded":"240911","deceptorType":"App","name":"Free Youtube To MP4 Converter","company":"Digital Wave Ltd","version":"4.3.51.623","sigName":"Deceptor:Win32/FreeYoutubeToMP4Converter!109039043048017","lastKnownStatus":"4.3.51.623;4.3.119.711","lastKnownDate":"240911","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10,Windows Server","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2024-09-11T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":566},{"violations":{"ACR-109":"The app installs \"FreeStudioManager\" without disclosing it to the user and getting user consent. \n","ACR-042":"1. The app installs \"FreeStudioManager\" and \"FreeCodecPack\" without disclosing it to the user and getting user consent.\n2. Third-party \"The Qt Company Ltd\" components are installed without any disclosure\n","ACR-043":"1. The app installs \"FreeStudioManager\" and \"FreeCodecPack\" without disclosing it to the user and getting user consent.\n2. Third-party \"The Qt Company Ltd\" components are installed without any disclosure\n","ACR-107":"The app includes \"Qt5\" components during the installation but the EULA does not contain any disclosure regarding this.\n","ACR-048":"The app does not provide control the cancel the installation process.\nThe non-disclosed app components is hidden from standard uninstall entry, limiting user to remove/delete/uninstall it: \"DVDVideoSoft Free Studio\" \n","ACR-017":"The application logo is way too similar to the windows logo, misleading representation for the app source. \n","ACR-084":"The non-disclosed app components is hidden from standard uninstall entry.\n","ACR-116":"The non-disclosed app components is hidden from standard uninstall entry, thus preventing the platform's standard uninstall method.\n","ACR-039":"The app installs \"FreeStudioManager\" without disclosing it to the user and getting user consent.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"FreeYouTubeToMP4Converter_4.3.112.304_u_6babd765-d02d-4476-a1c3-5847b1206fdd.exe","isInstaller":"True","companyName":"Digital Wave Ltd                                            ","productName":"Free YouTube To MP4 Converter (sc)                          ","productVersion":"4.3.119.711                                       ","fileVersion":"4.3.119.711         ","hashMD5":"42e3d4bda4156c70a4a9643f08bb210f","hashSHA1":"9be80ccf4e371174e57df97d68b23aa9b99ce656","hashSHA256":"61eb76587272a2636b86d7cba1a71e0bbbf4129171af02fa5822380b38d54bb4","digitalCertThumbprint":"C644B30CB1377BB542DE7BA6D74E7625F8C3B18B","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Digital Wave Ltd","storeId":"","sourceIndex":"551","avBlockList":["360 Total Security (20241203)","Avast Premium Security (20241203)","AVG Internet Security (20241203)","Avira Internet Security (20241203)","COMODO Antivirus (20241203)","Dr.Web Security Space (20241203)","FortectPremium (20241203)","K7 Total Security (20241203)","Malwarebytes Premium (20241203)","McAfee Total Protection (20241203)","Norton Security (20241203)","Panda Dome (20241203)","Quick Heal Internet Security (20241203)","Sophos Home Premium (20241203)","SpyHunter5 (20241203)","Total AV Antivirus Pro (20241203)","VirIT eXplorer PRO (20241203)"],"avAllowList":["Bitdefender Internet Security (20241203)","ESET Internet Security (20241203)","G DATA INTERNET SECURITY (20241203)","KasperskyPremium (20241203)","Trend Micro Internet Security (20241203)","VIPRE Advanced Security (20241203)","Webroot SecureAnywhere (20241203)","Windows Defender (20241203)"]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on windows app","reference":"","landingPage":"https://www.dvdvideosoft.com/youtube-to-mp4-converter-en","directDownloadingLink":"https://www.dvdvideosoft.com/download.htm?fname=FreeYouTubeToMP4Converter.exe&ls=guideWin","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.dvdvideosoft.com/download.htm?fname=FreeYouTubeToMP4Converter.exe&ls=guideWin","sourceIndex":"551"}],"sampleFiles":["240911/FreeYoutubeToMP4Converter-220131/4.3.119.711/Samples/FreeYouTubeToMP4Converter_4.3.112.304_u_6babd765-d02d-4476-a1c3-5847b1206fdd.exe"],"imageFiles":["240911/FreeYoutubeToMP4Converter-220131/4.3.119.711/Images/ACR-109/ACR-109.PNG","240911/FreeYoutubeToMP4Converter-220131/4.3.119.711/Images/ACR-039/ACR-039.PNG","240911/FreeYoutubeToMP4Converter-220131/4.3.119.711/Images/ACR-043/ACR-043.PNG","240911/FreeYoutubeToMP4Converter-220131/4.3.119.711/Images/ACR-043/ACR-043_1.PNG","240911/FreeYoutubeToMP4Converter-220131/4.3.119.711/Images/ACR-043/ACR-043_2.PNG","240911/FreeYoutubeToMP4Converter-220131/4.3.119.711/Images/ACR-107/ACR-107.PNG","240911/FreeYoutubeToMP4Converter-220131/4.3.119.711/Images/ACR-042/ACR-042.PNG","240911/FreeYoutubeToMP4Converter-220131/4.3.119.711/Images/ACR-042/ACR-042_1.PNG","240911/FreeYoutubeToMP4Converter-220131/4.3.119.711/Images/ACR-042/ACR-042_2.PNG","240911/FreeYoutubeToMP4Converter-220131/4.3.119.711/Images/ACR-048/ACR-048.PNG","240911/FreeYoutubeToMP4Converter-220131/4.3.119.711/Images/ACR-048/ACR-048_1.PNG","240911/FreeYoutubeToMP4Converter-220131/4.3.119.711/Images/ACR-017/ACR-017.PNG","240911/FreeYoutubeToMP4Converter-220131/4.3.119.711/Images/ACR-084/ACR-084.PNG","240911/FreeYoutubeToMP4Converter-220131/4.3.119.711/Images/ACR-116/ACR-116.PNG"],"nonDeceptorImageFiles":[],"guid":"7d9b1d04-7d72-4162-8010-fc0c2bcd2791_4.3.119.711_1","appID":"FreeYoutubeToMP4Converter-220131","dateAdded":"240911","deceptorType":"App","name":"Free Youtube To MP4 Converter","company":"Digital Wave Ltd","version":"4.3.119.711","lastKnownStatus":"4.3.51.623;4.3.119.711","lastKnownDate":"240911","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10,Windows Server","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2024-09-11T20:15:36.9047766+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":565},{"violations":{"ACR-048":"The app uses a stealth mode, which shields it from uninstallation through platform standard applications. The app is also installed in a hidden folder.\n","ACR-007":"The app does not provide explicit notification to the targeted consumer when it is running and uses a hotkey to hide from them.\n","ACR-084":"The app uses a stealth mode, which requires the consumer to use a hotkey to access it. The app is also installed in a hidden folder.\n","ACR-086":"The app does not inform the consumer of how their data is being used and hides from the consumer using a hotkey.\n","ACR-116":"The app cannot be uninstalled through the Control Panel.\n"},"nonDeceptorViolations":{"ACR-040":"The app is installed in a hidden folder.\n","ACR-065":"The app does not display links to the EULA.\nThe landing page does not display links to the EULA.\n","ACR-161":"The landing page contains unsubstantiated testimonials.\n","ACR-099":"The landing page does not display links to uninstall information\n"},"samples":[{"isRevoked":"False","fileName":"install.exe","isInstaller":"True","companyName":"MCsoft","fileVersion":"2.2","hashMD5":"c2bd5acc580766d6575ad3f97c629ab0","hashSHA1":"9503d76ca773cd3c16f547b8c08f3cd9adfa09e3","hashSHA256":"ad44b53919507995ae8248ad6b7a71d90379151f59cbd2f478acdbea717a681c","digitalCertThumbprint":"CCBA6A68A18F22AFBD1A65DE99506A138B1C3D39","digitalCertIssuer":"CN=GlobalSign CodeSigning CA - SHA256 - G3, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"CN=MCsoft, O=MCsoft, L=Perm, S=Perm Krai, C=RU","sourceIndex":"552","avBlockList":["360 Total Security (20240926)","Avast Internet Security (20200224)","AVG Internet Security (20240926)","Avira Internet Security (20240926)","Bitdefender Internet Security (20240926)","COMODO Antivirus (20240926)","Dr.Web Security Space (20240926)","ESET Internet Security (20240926)","G DATA INTERNET SECURITY (20240926)","K7 Total Security (20240926)","Kaspersky Internet Security (20200709)","Malwarebytes Premium (20240926)","McAfee Total Protection (20240926)","Norton Security (20240926)","Panda Dome (20240926)","Quick Heal Internet Security (20240926)","Sophos Home Premium (20240926)","SpyHunter5 (20240926)","Tencent PC Manager (20200709)","Trend Micro Internet Security (20240926)","VIPRE Advanced Security (20240926)","VirIT eXplorer PRO (20240926)","Webroot SecureAnywhere (20240926)","Windows Defender (20240926)","Avast Premium Security (20240926)","Total AV Antivirus Pro (20240926)","FortectPremium (20240926)","KasperskyPremium (20240926)"],"avAllowList":[]},{"isRevoked":"False","fileName":"main.exe","companyName":"MCsoft","fileVersion":"5.9","hashMD5":"7de1ad7cb4cad86439a47baed98875f6","hashSHA1":"5251b31d8ee0ec645826a3ec8426d425b151b2e4","hashSHA256":"33ddaa03503bfb0cdb84b3c6a4ae8d7d21cb322bc30e1d259ae795d4d7020dbb","digitalCertThumbprint":"CCBA6A68A18F22AFBD1A65DE99506A138B1C3D39","digitalCertIssuer":"CN=GlobalSign CodeSigning CA - SHA256 - G3, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"CN=MCsoft, O=MCsoft, L=Perm, S=Perm Krai, C=RU","sourceIndex":"552","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"main1.exe","isInstaller":"True","companyName":"MCsoft","fileVersion":"5.9","hashMD5":"a9b4f2457428bd135f8e6759027a3e66","hashSHA1":"389d8a83f45c59f8bfb33514cc25c79c077d71dc","hashSHA256":"46fc5a843a144a475e60fab0a1a82bb061ef9004db7b27b9a677df1b5c4e2c89","digitalCertThumbprint":"B3D6872DA3E4740C5BA9E938F59638D1657CCE21","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Sergey N. Popadenko, O=Sergey N. Popadenko, STREET=\"p. Znamensky, Sukhoy p., 6\", L=Krasnodar, S=Krasnodar District, PostalCode=354055, C=RU","sourceIndex":"552","avBlockList":["360 Total Security (20241203)","Avast Premium Security (20241203)","AVG Internet Security (20241203)","Avira Internet Security (20241203)","Bitdefender Internet Security (20241203)","COMODO Antivirus (20241203)","Dr.Web Security Space (20241203)","ESET Internet Security (20241203)","FortectPremium (20241203)","G DATA INTERNET SECURITY (20241203)","K7 Total Security (20241203)","KasperskyPremium (20241203)","Malwarebytes Premium (20241203)","McAfee Total Protection (20241203)","Norton Security (20241203)","Panda Dome (20241203)","Quick Heal Internet Security (20241203)","Sophos Home Premium (20241203)","SpyHunter5 (20241203)","Total AV Antivirus Pro (20241203)","Trend Micro Internet Security (20241203)","VIPRE Advanced Security (20241203)","VirIT eXplorer PRO (20241203)","Webroot SecureAnywhere (20241203)","Windows Defender (20241203)"],"avAllowList":[]},{"isRevoked":"False","fileName":"neospy_en_240826.exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"82a6511766015d3c9150ea7bc1feaf1c","hashSHA1":"88544b38ee1a4f70c6eb54b29a113448b4321cba","hashSHA256":"d534114a07ae6e0cd4a324f0f3b37b8de34763eaf2a6dbecffee1db47158c06a","digitalCertThumbprint":"59EC51FEC9576FB4DD55525DDDD4F10FF18F42DB","digitalCertIssuer":"CN=Sectigo Public Code Signing CA R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=Dmytro Haponiuk, O=Dmytro Haponiuk, S=Poltavska oblast, C=UA","sourceIndex":"552","avBlockList":["360 Total Security (20241205)","Avast Premium Security (20241205)","AVG Internet Security (20241205)","Avira Internet Security (20241205)","Bitdefender Internet Security (20241205)","ESET Internet Security (20241205)","FortectPremium (20241205)","G DATA INTERNET SECURITY (20241205)","K7 Total Security (20241205)","KasperskyPremium (20241205)","Malwarebytes Premium (20241205)","McAfee Total Protection (20241205)","Norton Security (20241205)","Panda Dome (20241205)","Quick Heal Internet Security (20241205)","Sophos Home Premium (20241205)","SpyHunter5 (20241205)","Total AV Antivirus Pro (20241205)","VIPRE Advanced Security (20241205)","VirIT eXplorer PRO (20241205)","Webroot SecureAnywhere (20241205)"],"avAllowList":["COMODO Antivirus (20241205)","Dr.Web Security Space (20241205)","Trend Micro Internet Security (20241205)","Windows Defender (20241205)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"","landingPage":"http://neospy.net/","directDownloadingLink":"http://193.124.18.115/download/en/neospy_pro/","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://193.124.18.115/download/en/neospy_pro/","sourceIndex":"552"}],"sampleFiles":["240909/NeoSpy-200122/5.9/Samples/install.exe","240909/NeoSpy-200122/5.9/Samples/main.exe","240909/NeoSpy-200122/5.9/Samples/main1.exe","240909/NeoSpy-200122/5.9/Samples/neospy_en_240826.exe"],"imageFiles":["240909/NeoSpy-200122/5.9/Images/ACR-048/NeoSpy 5.9 Uninstsall.png","240909/NeoSpy-200122/5.9/Images/ACR-048/NeoSpy 5.9 Hide.png","240909/NeoSpy-200122/5.9/Images/ACR-048/NeoSpy 5.9 Hidden.png","240909/NeoSpy-200122/5.9/Images/ACR-007/NeoSpy 5.9 Hide.png","240909/NeoSpy-200122/5.9/Images/ACR-007/NeoSpy 5.9 Hotkey.png","240909/NeoSpy-200122/5.9/Images/ACR-084/NeoSpy 5.9 Hotkey.png","240909/NeoSpy-200122/5.9/Images/ACR-084/NeoSpy 5.9 Hidden.png","240909/NeoSpy-200122/5.9/Images/ACR-086/NeoSpy 5.9 Hotkey.png","240909/NeoSpy-200122/5.9/Images/ACR-116/NeoSpy 5.9 Uninstsall.png"],"nonDeceptorImageFiles":["240909/NeoSpy-200122/5.9/Images/ACR-040/NeoSpy 5.9 Hidden.png","240909/NeoSpy-200122/5.9/Images/ACR-065/NeoSpy 5.9 About.png","240909/NeoSpy-200122/5.9/Images/ACR-065/NeoSpy 5.9 Landing Page.png","240909/NeoSpy-200122/5.9/Images/ACR-161/NeoSpy 5.9 Testimonials.png","240909/NeoSpy-200122/5.9/Images/ACR-099/NeoSpy 5.9 Landing Page.png"],"guid":"19b9a674-eec4-4e80-bbd7-d3dd6d9a3d81_5.9_1","appID":"NeoSpy-200122","dateAdded":"240909","deceptorType":"App","name":"NeoSpy","company":"NeoSpy","version":"5.9","sigName":"Deceptor:Win32/NeoSpy!048007084086116","lastKnownStatus":"5.8;5.9","lastKnownDate":"240909","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Adults only","monetization":"up-sell to paid","lastUpdate":"2024-09-10T04:56:32.8482484+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":567},{"violations":{"ACR-003":"The application exaggerates system files as being errors, thereby misleading or scaring user to take action.\n","ACR-118":"When the user attempts to completely uninstall the application, it retains some of its components on the device without the user's consent.\n"},"nonDeceptorViolations":{"ACR-065":"The application's install wizard has no link to the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThe application has no link to a webpage that shows the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\n","ACR-092":"The application has no certificate information it is unsigned.\n","ACR-157":"The application has no certificate information it is unsigned.\n","ACR-099":"The application has no link to a webpage that shows how to uninstall the app.\nThe application's internal offer webpage has no link to a webpage that shows how to uninstall the app.\n","ACR-167":"The application's EULA has no mention of a 30 days refund policy.\n"},"samples":[{"isRevoked":"False","fileName":"DLLEscort_Setup.exe","isInstaller":"True","productName":"DLLEscort","productVersion":"2018","fileVersion":"2018","hashMD5":"d2fd135d6f92f56159018478dc94087f","hashSHA1":"bd1d6e7e4f0d6184dfe14c89107e1ec5750e1c32","hashSHA256":"603bbd9bef747a86982be6946bf945141140f4b36e08a7c3f362dde79541bfaa","sourceIndex":"553","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"DLLEscort.exe","companyName":"n/a","productName":"n/a","productVersion":"n/a","fileVersion":"n/a","hashMD5":"cfec14fed441ef61ea0a08c8b4c0f4ce","hashSHA1":"4cfc31ff0192525a9e3ee98ecceafeaae0feebd1","hashSHA256":"cd45ef55fcb082736864848d5675531ab7c2c4358249355798f5b5abc538d3ec","sourceIndex":"553","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"DLLEscort [2].exe","fileVersion":"0.0","hashMD5":"4da6f289e5cf792c5d6943cca66b4dba","hashSHA1":"aeebcd42e7caa19e593a0b26b5e8f6e8c69635ec","hashSHA256":"d4903ee9bb895613c41de7dc9ef0cb57a32eba3b32cfecfe23b09635cd6e2770","sourceIndex":"553","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"DLLEscort_Setup [2].exe","isInstaller":"True","fileVersion":"2021.0","hashMD5":"7d18338703c7087c6edd283e813a16a7","hashSHA1":"5b6892dd09c4f601419f286c86241f25d9f45630","hashSHA256":"cf9a877114799de4b672fa766e57f1de3423c0d6e1e5300e679ea282be3913fa","sourceIndex":"553","avBlockList":["Avast Premium Security (20241205)","AVG Internet Security (20241205)","Avira Internet Security (20241205)","Bitdefender Internet Security (20241205)","Dr.Web Security Space (20241205)","ESET Internet Security (20241205)","FortectPremium (20241205)","G DATA INTERNET SECURITY (20241205)","K7 Total Security (20241205)","KasperskyPremium (20241205)","Malwarebytes Premium (20241205)","McAfee Total Protection (20241205)","Norton Security (20241205)","Panda Dome (20241205)","Quick Heal Internet Security (20241205)","Sophos Home Premium (20241205)","SpyHunter5 (20241205)","Total AV Antivirus Pro (20241205)","Trend Micro Internet Security (20241205)","VIPRE Advanced Security (20241205)","VirIT eXplorer PRO (20241205)","Webroot SecureAnywhere (20241205)","Windows Defender (20241205)"],"avAllowList":["360 Total Security (20241205)","COMODO Antivirus (20241205)"]},{"isRevoked":"False","fileName":"DLLEscort_Setup_240828.exe","isInstaller":"True","fileVersion":"3.3","hashMD5":"7feec6e700ad4a2e4f3447ec6d2eb070","hashSHA1":"0326052067416ada902c8398d288d5391215508f","hashSHA256":"5f2cb66440a945dfe754ee2091046bafc70e96ace5bbd439c14dc73e36075ee6","sourceIndex":"553","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"google.com (remove computer errors free)","landingPage":"http://www.dllescort.com/","directDownloadingLink":"http://www.dllescort.com/DLLEscort_Setup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://www.dllescort.com/DLLEscort_Setup.exe","sourceIndex":"553"}],"sampleFiles":["240909/DLLEscort-180424/2.6.20/Samples/DLLEscort_Setup.exe","240909/DLLEscort-180424/2.6.20/Samples/DLLEscort.exe","240909/DLLEscort-180424/2.6.20/Samples/DLLEscort [2].exe","240909/DLLEscort-180424/2.6.20/Samples/DLLEscort_Setup [2].exe","240909/DLLEscort-180424/2.6.20/Samples/DLLEscort_Setup_240828.exe"],"imageFiles":["240909/DLLEscort-180424/2.6.20/Images/ACR-003/ACR_003_SOFTWARE_SCREENSHOT_1.PNG","240909/DLLEscort-180424/2.6.20/Images/ACR-003/ACR_003_SOFTWARE_SCREENSHOT_2.PNG","240909/DLLEscort-180424/2.6.20/Images/ACR-003/ACR_003_SOFTWARE_SCREENSHOT_3.PNG","240909/DLLEscort-180424/2.6.20/Images/ACR-118/ACR_118_UNINSTALL.PNG"],"nonDeceptorImageFiles":["240909/DLLEscort-180424/2.6.20/Images/ACR-065/ACR_065_INSTALL.PNG","240909/DLLEscort-180424/2.6.20/Images/ACR-065/ACR_065_SOFTWARE.PNG","240909/DLLEscort-180424/2.6.20/Images/ACR-092/ACR_092_SOFTWARE.PNG","240909/DLLEscort-180424/2.6.20/Images/ACR-157/ACR_157_SOFTWARE.PNG","240909/DLLEscort-180424/2.6.20/Images/ACR-099/ACR_099_SOFTWARE.PNG","240909/DLLEscort-180424/2.6.20/Images/ACR-099/ACR_099_INTERNAL_OFFERS.PNG","240909/DLLEscort-180424/2.6.20/Images/ACR-167/ACR_167_DOCS.PNG"],"guid":"b3608584-cd5b-445e-94b4-5a5e4962ef37_2.6.20_1","appID":"DLLEscort-180424","dateAdded":"240909","deceptorType":"App","name":"DLLEscort","company":"DLLEscort","version":"2.6.20","sigName":"Deceptor:Win32/DllEscort!003118","lastKnownStatus":"Deceptor:2.6.20;2021","lastKnownDate":"240909","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 10,Windows 7,Windows 8,Windows Vista,Windows XP","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,paid","lastUpdate":"2024-09-10T04:54:39.321352+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":4,"sortOrder":569},{"violations":{"ACR-048":"The app uses a stealth mode, which shields it from uninstallation through platform standard applications. The app is also installed in a hidden folder.\n","ACR-007":"The app does not provide explicit notification to the targeted consumer when it is running and uses a hotkey to hide from them.\n","ACR-084":"The app uses a stealth mode, which requires the consumer to use a hotkey to access it. The app is also installed in a hidden folder.\n","ACR-086":"The app does not inform the consumer of how their data is being used and hides from the consumer using a hotkey.\n","ACR-116":"The app cannot be uninstalled through the Control Panel.\n"},"nonDeceptorViolations":{"ACR-040":"The app is installed in a hidden folder.\n","ACR-065":"The app does not display links to the EULA.\nThe landing page does not display links to the EULA.\n","ACR-161":"The landing page contains unsubstantiated testimonials.\n","ACR-099":"The landing page does not display links to uninstall information\n"},"samples":[{"isRevoked":"False","fileName":"install.exe","isInstaller":"True","companyName":"MCsoft","fileVersion":"2.0","hashMD5":"859970c9596323fc5b597dc903659e36","hashSHA1":"dea5d6cccfda567f81af974686f7fbce32deb802","hashSHA256":"089808e4c1b75d37d1b5d0debfb258ce3d6b027d98eb2486eb0b372f4fbcf095","digitalCertThumbprint":"CCBA6A68A18F22AFBD1A65DE99506A138B1C3D39","digitalCertIssuer":"CN=GlobalSign CodeSigning CA - SHA256 - G3, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"CN=MCsoft, O=MCsoft, L=Perm, S=Perm Krai, C=RU","sourceIndex":"2578","avBlockList":["360 Total Security (20200709)","Avast Internet Security (20200224)","AVG Internet Security (20200709)","Avira Internet Security (20200709)","Bitdefender Internet Security (20200709)","Dr.Web Security Space (20200709)","ESET Internet Security (20200709)","G DATA INTERNET SECURITY (20200709)","K7 Total Security (20200709)","Kaspersky Internet Security (20200709)","Malwarebytes Premium (20200709)","McAfee Total Protection (20200709)","Norton Security (20200709)","Panda Dome (20200709)","Quick Heal Internet Security (20200709)","Sophos Home Premium (20200709)","SpyHunter5 (20200709)","Tencent PC Manager (20200709)","VIPRE Advanced Security (20200709)","VirIT eXplorer PRO (20200709)","Webroot SecureAnywhere (20200709)","Windows Defender (20200709)","Avast Premium Security (20200709)","Total AV Antivirus Pro (20200709)"],"avAllowList":["COMODO Antivirus (20200709)","Trend Micro Internet Security (20200709)"]},{"isRevoked":"False","fileName":"main.exe","companyName":"MCsoft","fileVersion":"5.8","hashMD5":"1372fb293396680b2492b2ae49ad44d6","hashSHA1":"8da6b1972a8d616cdabe8568049acb4f5322d7dc","hashSHA256":"8a07390e85a5bbf44c889f1b806abe6a57eed9b93559d9af859a21ef270475d0","digitalCertThumbprint":"CCBA6A68A18F22AFBD1A65DE99506A138B1C3D39","digitalCertIssuer":"CN=GlobalSign CodeSigning CA - SHA256 - G3, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"CN=MCsoft, O=MCsoft, L=Perm, S=Perm Krai, C=RU","sourceIndex":"2578","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"","landingPage":"http://neospy.net/","directDownloadingLink":"http://193.124.18.115/download/en/neospy_pro/","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://193.124.18.115/download/en/neospy_pro/","sourceIndex":"2578"}],"sampleFiles":["200123/NeoSpy-200122/5.8/Samples/install.exe","200123/NeoSpy-200122/5.8/Samples/main.exe"],"imageFiles":["200123/NeoSpy-200122/5.8/Images/ACR-048/NeoSpy Hotkey.png","200123/NeoSpy-200122/5.8/Images/ACR-048/NeoSpy Hidden.png","200123/NeoSpy-200122/5.8/Images/ACR-048/NeoSpy Hidden Folder.png","200123/NeoSpy-200122/5.8/Images/ACR-007/NeoSpy Hidden.png","200123/NeoSpy-200122/5.8/Images/ACR-007/NeoSpy Hotkey.png","200123/NeoSpy-200122/5.8/Images/ACR-084/NeoSpy Hotkey.png","200123/NeoSpy-200122/5.8/Images/ACR-084/NeoSpy Hidden Folder.png","200123/NeoSpy-200122/5.8/Images/ACR-086/NeoSpy Hotkey.png","200123/NeoSpy-200122/5.8/Images/ACR-116/NeoSpy Uninstall.png"],"nonDeceptorImageFiles":["200123/NeoSpy-200122/5.8/Images/ACR-040/NeoSpy Hidden Folder.png","200123/NeoSpy-200122/5.8/Images/ACR-065/NeoSpy Settings.png","200123/NeoSpy-200122/5.8/Images/ACR-065/NeoSpy Landing Page.png","200123/NeoSpy-200122/5.8/Images/ACR-161/NeoSpy Testimonials.png","200123/NeoSpy-200122/5.8/Images/ACR-099/NeoSpy Landing Page.png"],"guid":"19b9a674-eec4-4e80-bbd7-d3dd6d9a3d81_5.8_1","appID":"NeoSpy-200122","dateAdded":"240909","deceptorType":"App","name":"NeoSpy","company":"NeoSpy","version":"5.8","sigName":"Deceptor:Win32/NeoSpyStalkerware!048007084086116","lastKnownStatus":"5.8;5.9","lastKnownDate":"240909","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Adults only","monetization":"up-sell to paid","lastUpdate":"2024-09-09T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":568},{"violations":{"ACR-003":"The application exaggerates system files as being errors, thereby misleading or scaring user to take action.\n","ACR-004":"Does not fix problems for free, costs money to fix them.\n","ACR-118":"When the user attempts to completely uninstall the application, it retains some of its components on the device without the user's consent.\n","ACR-014":"Errors Displayed by App\n"},"nonDeceptorViolations":{"ACR-065":"The application's install wizard has no link to the Returns and Cancellation Policy, Privacy Policy.\nThe application has no link to a webpage that shows the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThe app's landing page does not have links to the app's EULA and/or Terms of Service, Returns and Cancellations Policy.\nThe internal offer page does not display links to the app's EULA and/or Terms of Service, Returns and Cancellations Policy.\n","ACR-092":"The application has no certificate information it is unsigned.\n","ACR-157":"The application has no certificate information it is unsigned.\n","ACR-099":"The application has no link to a webpage that shows how to uninstall the app.\nThe application's landing page does not show links to a webpage that shows how to uninstall the app. \nThe application's internal offer webpage has no link to a webpage that shows how to uninstall the app.\n","ACR-167":"The application's EULA has no mention of a 30 days refund policy.\n"},"samples":[{"isRevoked":"False","fileName":"DLLEscort.exe","fileVersion":"0.0","hashMD5":"1f85fb1529ff913b5d40fd4594c821a8","hashSHA1":"6aa24fb86d8ecad695dd3dfb6a4da8438f39aeba","hashSHA256":"f0a3c534812f05e1402a7c2d6268845ddf8936149fad688f8392f3bb5ac96588","sourceIndex":"2135","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"DLLEscort_Setup.exe","isInstaller":"True","fileVersion":"2020.0.0.0","hashMD5":"ed151d3e3aae815769ed501902080465","hashSHA1":"0ef96920560b82f61685f0527be79ae4f9ad3f85","hashSHA256":"3b5dbbd8d1408a33f404d9de8f59bed4f8a234dd28961b0656bae224d4c1d808","sourceIndex":"2135","avBlockList":["Avast Premium Security (20211118)","AVG Internet Security (20211118)","Avira Internet Security (20211118)","Bitdefender Internet Security (20211118)","COMODO Antivirus (20211118)","Dr.Web Security Space (20211118)","ESET Internet Security (20211118)","G DATA INTERNET SECURITY (20211118)","K7 Total Security (20211118)","Kaspersky Internet Security (20211118)","Malwarebytes Premium (20211118)","McAfee Total Protection (20211118)","Norton Security (20211118)","Panda Dome (20211118)","Quick Heal Internet Security (20211118)","Sophos Home Premium (20211118)","SpyHunter5 (20211118)","Tencent PC Manager (20211118)","Total AV Antivirus Pro (20211118)","Trend Micro Internet Security (20211118)","VIPRE Advanced Security (20211118)","VirIT eXplorer PRO (20211118)","Webroot SecureAnywhere (20211118)","Windows Defender (20211118)"],"avAllowList":["360 Total Security (20211118)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"google.com (remove computer errors free)","landingPage":"http://www.dllescort.com/","directDownloadingLink":"http://www.dllescort.com/DLLEscort_Setup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://www.dllescort.com/DLLEscort_Setup.exe","sourceIndex":"2135"}],"sampleFiles":["200811/DLLEscort-180424/2020/Samples/DLLEscort.exe","200811/DLLEscort-180424/2020/Samples/DLLEscort_Setup.exe"],"imageFiles":["200811/DLLEscort-180424/2020/Images/ACR-003/ACR_003_SOFTWARE_SCREENSHOT_1.PNG","200811/DLLEscort-180424/2020/Images/ACR-003/ACR_003_SOFTWARE_SCREENSHOT_2.PNG","200811/DLLEscort-180424/2020/Images/ACR-003/ACR_003_SOFTWARE_SCREENSHOT_3.PNG","200811/DLLEscort-180424/2020/Images/ACR-118/uninstall.png","200811/DLLEscort-180424/2020/Images/ACR-014/DLLEscort ACR_014 #2 Software.png","200811/DLLEscort-180424/2020/Images/ACR-014/DLLEscort ACR_014 Software.png","200811/DLLEscort-180424/2020/Images/ACR-004/DLLEscort ACR_004 Software.png"],"nonDeceptorImageFiles":["200811/DLLEscort-180424/2020/Images/ACR-065/DLLEscort ACR_065 Install.png","200811/DLLEscort-180424/2020/Images/ACR-065/ACR_065_INSTALL.png","200811/DLLEscort-180424/2020/Images/ACR-065/ACR_065_SOFTWARE.PNG","200811/DLLEscort-180424/2020/Images/ACR-065/DLLEscort ACR_065 Software.png","200811/DLLEscort-180424/2020/Images/ACR-065/DLLEscort ACR_065 Landing Page.png","200811/DLLEscort-180424/2020/Images/ACR-065/DLLEscort ACR_065 Internal Offers.png","200811/DLLEscort-180424/2020/Images/ACR-092/NO_CERTIFICATE_INFORMATION.png","200811/DLLEscort-180424/2020/Images/ACR-157/DLLEscort ACR_157 Software.png","200811/DLLEscort-180424/2020/Images/ACR-157/NO_CERTIFICATE_INFORMATION.png","200811/DLLEscort-180424/2020/Images/ACR-099/ACR_099_SOFTWARE.PNG","200811/DLLEscort-180424/2020/Images/ACR-099/DLLEscort ACR_099 Software.png","200811/DLLEscort-180424/2020/Images/ACR-099/DLLEscort ACR_099 Landing Page.png","200811/DLLEscort-180424/2020/Images/ACR-099/ACR_099_INTERNAL_OFFERS.PNG","200811/DLLEscort-180424/2020/Images/ACR-099/DLLEscort ACR_099 Internal Offers.png","200811/DLLEscort-180424/2020/Images/ACR-167/ACR_167_DOCS.PNG","200811/DLLEscort-180424/2020/Images/ACR-167/DLLEscort ACR_167 Docs.png"],"guid":"b3608584-cd5b-445e-94b4-5a5e4962ef37_2020_1","appID":"DLLEscort-180424","dateAdded":"240909","deceptorType":"App","name":"DLLEscort","company":"DLLEscort","version":"2020","sigName":"Deceptor:Win32/DllEscort!003004014118","lastKnownStatus":"Deceptor:2.6.20;2021","lastKnownDate":"240909","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 10,Windows 7,Windows 8,Windows Vista,Windows XP","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,paid","lastUpdate":"2024-09-09T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":4,"sortOrder":571},{"violations":{"ACR-003":"The application exaggerates system files as being errors, thereby misleading or scaring user to take action.\n","ACR-004":"Does not fix problems for free, costs money to fix them.\n","ACR-118":"When the user attempts to completely uninstall the application, it retains some of its components on the device without the user's consent.\n","ACR-014":"Errors Displayed by App\n"},"nonDeceptorViolations":{"ACR-065":"The application's install wizard has no link to the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nAryeman- No Link to Privacy Policy\nThe application has no link to a webpage that shows the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nNo link to EULA on Landing Page\nNo link to EULA on Internal Offers\n","ACR-092":"The application has no certificate information it is unsigned.\n","ACR-157":"The application has no certificate information it is unsigned.\n","ACR-099":"The application has no link to a webpage that shows how to uninstall the app.\nThe application's internal offer webpage has no link to a webpage that shows how to uninstall the app.\n","ACR-167":"The application's EULA has no mention of a 30 days refund policy.\n"},"samples":[{"isRevoked":"False","fileName":"DLLEscort.exe","isInstaller":"True","companyName":"N/A","productName":"DLLEscort","productVersion":"2018","fileVersion":"2018.0.0.0","hashMD5":"8d21585c3c33eafaa55b4cf153f214d2","hashSHA1":"238ed2136289c8345f2a8dbf2f510a47132da14c","hashSHA256":"7ca25b4ed5d0fed4098467a86ad5078f58a21a02a8895bf1379632f7ed119bec","sourceIndex":"3380","avBlockList":["Avast Internet Security (20190404)","AVG Internet Security (20210708)","Avira Internet Security (20210708)","Bitdefender Internet Security (20210708)","ESET Internet Security (20210708)","G DATA INTERNET SECURITY (20210708)","K7 Total Security (20210708)","Kaspersky Internet Security (20210708)","Malwarebytes Premium (20210708)","McAfee Total Protection (20210708)","Norton Security (20210708)","Panda Dome (20210708)","Sophos Home Premium (20210708)","Trend Micro Internet Security (20210708)","VirIT eXplorer PRO (20210708)","Webroot SecureAnywhere (20210708)","Windows Defender (20210708)","COMODO Antivirus (20210708)","Dr.Web Security Space (20210708)","Quick Heal Internet Security (20210708)","SpyHunter5 (20210708)","Tencent PC Manager (20210708)","VIPRE Advanced Security (20210708)","Avast Premium Security (20210708)","Total AV Antivirus Pro (20210708)"],"avAllowList":["360 Total Security (20210708)","F-PROT Antivirus for Windows (20190404)"]},{"isRevoked":"False","fileName":"DLLEscort_Setup.exe","isInstaller":"True","companyName":"N/A","productName":"N/A","productVersion":"N/A","fileVersion":"2018.0","hashMD5":"1c591d902e2d78a2e0008437ca731c0a","hashSHA1":"3eb1c00880d0e988f929966ac7c03becb6e7647e","hashSHA256":"92917f826603b848ea6a125749d784efb0a90b3cd1d76f6f62604f7c62392968","sourceIndex":"3380","avBlockList":["Avast Internet Security (20190404)","AVG Internet Security (20190404)","Avira Internet Security (20190404)","ESET Internet Security (20190404)","G DATA INTERNET SECURITY (20190404)","K7 Total Security (20190404)","Kaspersky Internet Security (20190404)","Malwarebytes Premium (20190404)","McAfee Total Protection (20190404)","Norton Security (20190404)","Panda Dome (20190404)","Sophos Home Premium (20190404)","Trend Micro Internet Security (20190404)","VirIT eXplorer PRO (20190404)","Webroot SecureAnywhere (20190404)","Windows Defender (20190404)","360 Total Security (20190404)","COMODO Antivirus (20190404)","Dr.Web Security Space (20190404)","Quick Heal Internet Security (20190404)","SpyHunter5 (20190404)","Tencent PC Manager (20190404)"],"avAllowList":["Bitdefender Internet Security (20190404)","F-PROT Antivirus for Windows (20190404)","VIPRE Advanced Security (20190404)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"google.com (remove computer errors free)","landingPage":"http://www.dllescort.com/","directDownloadingLink":"http://www.dllescort.com/DLLEscort_Setup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://www.dllescort.com/DLLEscort_Setup.exe","sourceIndex":"3380"}],"sampleFiles":["190110/DLLEscort-180424/2018.0.0.0/Samples/DLLEscort.exe","190110/DLLEscort-180424/2018.0.0.0/Samples/DLLEscort_Setup.exe"],"imageFiles":["190110/DLLEscort-180424/2018.0.0.0/Images/ACR-003/ACR_003_SOFTWARE_SCREENSHOT_1.PNG","190110/DLLEscort-180424/2018.0.0.0/Images/ACR-003/ACR_003_SOFTWARE_SCREENSHOT_2.PNG","190110/DLLEscort-180424/2018.0.0.0/Images/ACR-003/ACR_003_SOFTWARE_SCREENSHOT_3.PNG","190110/DLLEscort-180424/2018.0.0.0/Images/ACR-118/ACR_118_UNINSTALL.PNG","190110/DLLEscort-180424/2018.0.0.0/Images/ACR-118/DLLEscort ACR_118 Uninstall.png","190110/DLLEscort-180424/2018.0.0.0/Images/ACR-014/DLLEscort ACR_014 #2 Software.png","190110/DLLEscort-180424/2018.0.0.0/Images/ACR-014/DLLEscort ACR_014 Software.png","190110/DLLEscort-180424/2018.0.0.0/Images/ACR-004/DLLEscort ACR_004 Software.png"],"nonDeceptorImageFiles":["190110/DLLEscort-180424/2018.0.0.0/Images/ACR-065/ACR_065_INSTALL.PNG","190110/DLLEscort-180424/2018.0.0.0/Images/ACR-065/DLLEscort ACR_065 Install.png","190110/DLLEscort-180424/2018.0.0.0/Images/ACR-065/ACR_065_SOFTWARE.PNG","190110/DLLEscort-180424/2018.0.0.0/Images/ACR-065/DLLEscort ACR_065 Software.png","190110/DLLEscort-180424/2018.0.0.0/Images/ACR-065/DLLEscort ACR_065 Landing Page.png","190110/DLLEscort-180424/2018.0.0.0/Images/ACR-065/DLLEscort ACR_065 Internal Offers.png","190110/DLLEscort-180424/2018.0.0.0/Images/ACR-092/ACR_092_SOFTWARE.PNG","190110/DLLEscort-180424/2018.0.0.0/Images/ACR-092/DLLEscort ACR_092 Software.png","190110/DLLEscort-180424/2018.0.0.0/Images/ACR-157/ACR_157_SOFTWARE.PNG","190110/DLLEscort-180424/2018.0.0.0/Images/ACR-157/DLLEscort ACR_157 Software.png","190110/DLLEscort-180424/2018.0.0.0/Images/ACR-099/ACR_099_SOFTWARE.PNG","190110/DLLEscort-180424/2018.0.0.0/Images/ACR-099/DLLEscort ACR_099 Software.png","190110/DLLEscort-180424/2018.0.0.0/Images/ACR-099/ACR_099_INTERNAL_OFFERS.PNG","190110/DLLEscort-180424/2018.0.0.0/Images/ACR-099/DLLEscort ACR_099 Internal Offers.png","190110/DLLEscort-180424/2018.0.0.0/Images/ACR-167/ACR_167_DOCS.PNG","190110/DLLEscort-180424/2018.0.0.0/Images/ACR-167/DLLEscort ACR_167 Docs.png"],"guid":"b3608584-cd5b-445e-94b4-5a5e4962ef37_2018.0.0.0_1","appID":"DLLEscort-180424","dateAdded":"240909","deceptorType":"App","name":"DLLEscort","company":"DLLEscort","version":"2018.0.0.0","sigName":"Deceptor:Win32/DllEscort!003004014118","lastKnownStatus":"Deceptor:2.6.20;2021","lastKnownDate":"240909","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 10,Windows 7,Windows 8,Windows Vista,Windows XP","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,paid","lastUpdate":"2024-09-09T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":4,"sortOrder":572},{"violations":{"ACR-048":"1. The app enables the consumer to hide the app from the desktop and installed app list, which limits the targeted consumer's ability to control the app.\n2. The app does not provide any control to quit the app completely.\n3. The app does not provide any control to disable the startup it created.\n","ACR-007":"The app enables the consumer to hide it from the desktop, and the installed apps list, which prevents the targeted consumer from being aware of the app's presence. The app does not display explicit notification when it is running and requires a hotkey and password to open it.\n","ACR-084":"1. The app enables the installing consumer to hide the app from the targeted consumer: it prevents the app from showing in the desktop and control panel. The app uses a hotkey and password to hide its presence.\n2. The app creates a startup entry without the consumer's knowledge and consent.\n3. On closing the app it minimizes to system tray and the process runs silently in the background, hiding its presence from the consumer.\n","ACR-086":"The app does not inform the consumer how it transfers data. It also requires a hotkey and password to open it, which prevents the targeted consumer from understanding what data is collected and transmitted.\n","ACR-097":"During the install, the app prompts the user to exclude it from antivirus detection. In the setting, it also recommend user to add the app in the exception list.\n","ACR-116":"The app cannot be uninstalled by platform standard uninstall method.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components on the device without the consumer's consent.\n","ACR-014":"The app calls itself \"syscrb.exe”, which is not related to the name \"Best Free Keylogger\", which misleads the targeted consumer.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files\\Best Free Keylogger\\CBAccess\\CBAccess.exe","companyName":"","productName":"CBAccess","productVersion":"1.0.0.0","fileVersion":"1.0.0.0","hashMD5":"880bc48473c99cd781ea6db706fc2ed3","hashSHA1":"7058a945e026df75ca3ceb597bf4f77aeefcec30","hashSHA256":"36e26df41bbb09719050563fcfc195ac10098f8ca98b8121a9b4fd20f5910d42","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"556","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Program Files\\Best Free Keylogger\\syscrb.exe","companyName":"bestxsoftware","productName":"","productVersion":"6.0.0.0","fileVersion":"6.0.0.0","hashMD5":"811620702659cf36f3e0bf0a499b1566","hashSHA1":"80ce6926b0ec0b1ba8d91444a9fa543a3c39f500","hashSHA256":"79fc5c10bcf7fa203ad23df148c073ae60c22b19443d6c1baccd64c4d605f42c","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"556","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"installer_free.exe","isInstaller":"True","companyName":"                                                            ","productName":"Best free keylogger                                         ","productVersion":"free                                              ","fileVersion":"                    ","hashMD5":"c8c7c08fa317ebffb98becb51c21c788","hashSHA1":"2e66936c4aaa522f96831e431c46a3c2b907391f","hashSHA256":"698793705a235c7ca772ea242009ec1b668f72c4b7f4253ebe9f12e8279a1828","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"556","avBlockList":["360 Total Security (20241205)","Avast Premium Security (20241205)","AVG Internet Security (20241205)","Avira Internet Security (20241205)","Bitdefender Internet Security (20241205)","COMODO Antivirus (20241205)","ESET Internet Security (20241205)","FortectPremium (20241205)","G DATA INTERNET SECURITY (20241205)","K7 Total Security (20241205)","KasperskyPremium (20241205)","Malwarebytes Premium (20241205)","McAfee Total Protection (20241205)","Norton Security (20241205)","Panda Dome (20241205)","Quick Heal Internet Security (20241205)","Sophos Home Premium (20241205)","SpyHunter5 (20241205)","Total AV Antivirus Pro (20241205)","VIPRE Advanced Security (20241205)","VirIT eXplorer PRO (20241205)","Webroot SecureAnywhere (20241205)","Windows Defender (20241205)"],"avAllowList":["Dr.Web Security Space (20241205)","Trend Micro Internet Security (20241205)"]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on windows app","reference":"","landingPage":"https://bestxsoftware.com/","directDownloadingLink":"https://u.pcloud.link/publink/show?code=XZvVaxXZEkbgS4jQjNBmiAwzrOPQIzKxiXk0#returl=https%3A//u.pcloud.link/publink/show%3Fcode%3DXZvVaxXZEkbgS4jQjNBmiAwzrOPQIzKxiXk0&page=login","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://u.pcloud.link/publink/show?code=XZvVaxXZEkbgS4jQjNBmiAwzrOPQIzKxiXk0#returl=https%3A//u.pcloud.link/publink/show%3Fcode%3DXZvVaxXZEkbgS4jQjNBmiAwzrOPQIzKxiXk0&page=login","sourceIndex":"556"}],"sampleFiles":["240909/BestFreeKeyloggerLite-191121/8.0.1/Samples/installer_free.exe"],"imageFiles":["240909/BestFreeKeyloggerLite-191121/8.0.1/Images/ACR-048/ACR-048.PNG","240909/BestFreeKeyloggerLite-191121/8.0.1/Images/ACR-048/ACR-048_1.PNG","240909/BestFreeKeyloggerLite-191121/8.0.1/Images/ACR-048/ACR-048_2.PNG","240909/BestFreeKeyloggerLite-191121/8.0.1/Images/ACR-048/ACR-048_3.PNG","240909/BestFreeKeyloggerLite-191121/8.0.1/Images/ACR-048/ACR-048_4.PNG","240909/BestFreeKeyloggerLite-191121/8.0.1/Images/ACR-048/ACR-048_5.PNG","240909/BestFreeKeyloggerLite-191121/8.0.1/Images/ACR-048/ACR-048_6.PNG","240909/BestFreeKeyloggerLite-191121/8.0.1/Images/ACR-007/ACR-007.PNG","240909/BestFreeKeyloggerLite-191121/8.0.1/Images/ACR-007/ACR-007_1.PNG","240909/BestFreeKeyloggerLite-191121/8.0.1/Images/ACR-007/ACR-007_2.PNG","240909/BestFreeKeyloggerLite-191121/8.0.1/Images/ACR-007/ACR-007_3.PNG","240909/BestFreeKeyloggerLite-191121/8.0.1/Images/ACR-007/ACR-007_4.PNG","240909/BestFreeKeyloggerLite-191121/8.0.1/Images/ACR-014/ACR-014.PNG","240909/BestFreeKeyloggerLite-191121/8.0.1/Images/ACR-084/ACR-084.PNG","240909/BestFreeKeyloggerLite-191121/8.0.1/Images/ACR-084/ACR-084_1.PNG","240909/BestFreeKeyloggerLite-191121/8.0.1/Images/ACR-084/ACR-084_2.PNG","240909/BestFreeKeyloggerLite-191121/8.0.1/Images/ACR-084/ACR-084_3.PNG","240909/BestFreeKeyloggerLite-191121/8.0.1/Images/ACR-084/ACR-084_4.PNG","240909/BestFreeKeyloggerLite-191121/8.0.1/Images/ACR-084/ACR-084_5.PNG","240909/BestFreeKeyloggerLite-191121/8.0.1/Images/ACR-084/ACR-084_6.PNG","240909/BestFreeKeyloggerLite-191121/8.0.1/Images/ACR-084/ACR-084_7.PNG","240909/BestFreeKeyloggerLite-191121/8.0.1/Images/ACR-086/ACR-086.PNG","240909/BestFreeKeyloggerLite-191121/8.0.1/Images/ACR-086/ACR-086_1.PNG","240909/BestFreeKeyloggerLite-191121/8.0.1/Images/ACR-086/ACR-086_2.PNG","240909/BestFreeKeyloggerLite-191121/8.0.1/Images/ACR-086/ACR-086_3.PNG","240909/BestFreeKeyloggerLite-191121/8.0.1/Images/ACR-086/ACR-086_4.PNG","240909/BestFreeKeyloggerLite-191121/8.0.1/Images/ACR-086/ACR-086_5.PNG","240909/BestFreeKeyloggerLite-191121/8.0.1/Images/ACR-086/ACR-086_6.PNG","240909/BestFreeKeyloggerLite-191121/8.0.1/Images/ACR-097/ACR-097.PNG","240909/BestFreeKeyloggerLite-191121/8.0.1/Images/ACR-097/ACR-097_1.PNG","240909/BestFreeKeyloggerLite-191121/8.0.1/Images/ACR-116/ACR-116.PNG","240909/BestFreeKeyloggerLite-191121/8.0.1/Images/ACR-118/ACR-118.PNG"],"nonDeceptorImageFiles":[],"guid":"a50d5e94-3fa8-4ad0-a41d-0fa937e65694_8.0.1_1","appID":"BestFreeKeyloggerLite-191121","dateAdded":"240909","deceptorType":"App","name":"Best Free Keylogger Lite","company":"Bestx Software","version":"8.0.1","lastKnownStatus":"Deceptor: 6.1.0;7.0.0.0;7.2.0;7.2.1;7.2.2;7.3.1;7.4.0;7.4.1;8.0.1","lastKnownDate":"240909","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 10,Windows 8,Windows 7,Windows Vista","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Adults only","monetization":"up-sell to paid,paid","lastUpdate":"2026-05-12T22:59:50.7126971+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":9,"sortOrder":573},{"violations":{"ACR-048":"1. The app enables the consumer to hide the app from the desktop and installed app list, which limits the targeted consumer's ability to control the app.\n2. The app does not provide any control to quit the app completely.\n3. The app does not provide any control to disable the startup it created.\n\n","ACR-007":"The app enables the consumer to hide it from the desktop, and the installed apps list, which prevents the targeted consumer from being aware of the app's presence. The app does not display explicit notification when it is running and requires a hotkey and password to open it.\n","ACR-084":"1. The app enables the installing consumer to hide the app from the targeted consumer: it prevents the app from showing in the desktop and control panel. The app uses a hotkey and password to hide its presence.\n2. The app creates a startup entry without the consumer's knowledge and consent.\n3. On closing the app it minimizes to system tray and the process runs silently in the background, hiding its presence from the consumer.\n","ACR-086":"The app does not inform the consumer how it transfers data. It also requires a hotkey and password to open it, which prevents the targeted consumer from understanding what data is collected and transmitted.\n","ACR-097":"During the install, the app prompts the user to exclude it from antivirus detection. In the setting, it also recommend user to add the app in the exception list.\n","ACR-116":"The app cannot be uninstalled by platform standard uninstall method.\n","ACR-014":"The app calls itself \"syscrb.exe”, which is not related to the name \"Best Free Keylogger\", which misleads the targeted consumer.\n"},"nonDeceptorViolations":{"ACR-038":"The app does not disclose the Original filename, Company name, Product name, Product version, File version for all the executables.\n","ACR-040":"The app is installed in a Hidden Folder named \"Best Free Keylogger\" and it calls itself \"syscrb.exe\".\n","ACR-065":"The install wizard does not display links to the Returns and Cancellation Policy or the Privacy Policy.\nThe app does not display links to the EULA or Terms of Service, the Returns and Cancellation Policy or the Privacy Policy.\nThe landing page does not display links to the EULA or Terms of Service,  or the Returns and Cancellation Policy.\nThe internal offer page does not display link to the EULA or Terms of Service.\n","ACR-002":"The app shows different names as \"syscrb.exe\" in the running service/apps section.\n","ACR-161":"The landing offer page has testimonials that have no links back to a source so consumers can verify if they're real.\n","ACR-092":"The app does not provide Digital signatures for the Installer file.\n","ACR-167":"The app only provides a 15-day refund policy and not a 30-day refund policy.\n","ACR-017":"The app elevates its consumer trust level by displaying unverifiable logos.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files\\Best Free Keylogger\\syscrb.exe","companyName":"bestxsoftware","productName":"","productVersion":"7.4.4.0","fileVersion":"7.4.4.0","hashMD5":"8eddc6d14d19d3cea04ec91bd01e866e","hashSHA1":"740d253b34c4d59b3ccfd4db88adf3cd534525da","hashSHA256":"0a8f95dbce2b436d681ad63f8b2aef258c1e87fbf24984d95d130487581390fc","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1739","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"installer_free.exe","isInstaller":"True","companyName":"                                                            ","productName":"B.F.K.                                                      ","productVersion":"free                                              ","fileVersion":"                    ","hashMD5":"76e1e74420a575f8504002101ac5170f","hashSHA1":"92cb91e636b6d6c408be8fb156949bdd23bfe4fe","hashSHA256":"5f5d8931756b9035029c1e009ef72d2afa79dadd6f4f620a19c88e3cc5173e8f","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1739","avBlockList":["360 Total Security (20220419)","Avast Premium Security (20220419)","AVG Internet Security (20220419)","Avira Internet Security (20220419)","Bitdefender Internet Security (20220419)","COMODO Antivirus (20220419)","Dr.Web Security Space (20220419)","ESET Internet Security (20220419)","G DATA INTERNET SECURITY (20220419)","K7 Total Security (20220419)","Kaspersky Internet Security (20220419)","Malwarebytes Premium (20220419)","McAfee Total Protection (20220419)","Norton Security (20220419)","Panda Dome (20220419)","Quick Heal Internet Security (20220419)","Sophos Home Premium (20220419)","SpyHunter5 (20220419)","Tencent PC Manager (20220419)","Total AV Antivirus Pro (20220419)","Trend Micro Internet Security (20220419)","VIPRE Advanced Security (20220419)","VirIT eXplorer PRO (20220419)","Webroot SecureAnywhere (20220419)","Windows Defender (20220419)"],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Google search- Keylogger","reference":"","landingPage":"https://bestxsoftware.com/","directDownloadingLink":"https://u.pcloud.link/publink/show?code=XZvVaxXZEkbgS4jQjNBmiAwzrOPQIzKxiXk0","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://u.pcloud.link/publink/show?code=XZvVaxXZEkbgS4jQjNBmiAwzrOPQIzKxiXk0","sourceIndex":"1739"}],"sampleFiles":["220104/BestFreeKeyloggerLite-191121/7.4.1/Samples/installer_free.exe"],"imageFiles":["220104/BestFreeKeyloggerLite-191121/7.4.1/Images/ACR-048/ACR-048_Software.JPG","220104/BestFreeKeyloggerLite-191121/7.4.1/Images/ACR-048/ACR-048_Software_1.JPG","220104/BestFreeKeyloggerLite-191121/7.4.1/Images/ACR-048/ACR-048_Software_2.JPG","220104/BestFreeKeyloggerLite-191121/7.4.1/Images/ACR-048/ACR-048_Software_3.JPG","220104/BestFreeKeyloggerLite-191121/7.4.1/Images/ACR-048/ACR-048_Software_4.JPG","220104/BestFreeKeyloggerLite-191121/7.4.1/Images/ACR-048/ACR-048_Software_5.JPG","220104/BestFreeKeyloggerLite-191121/7.4.1/Images/ACR-007/Best Free Keylogger Lite_Interactions [3].png","220104/BestFreeKeyloggerLite-191121/7.4.1/Images/ACR-007/ACR-007_Software.JPG","220104/BestFreeKeyloggerLite-191121/7.4.1/Images/ACR-007/ACR-007_Software_1.JPG","220104/BestFreeKeyloggerLite-191121/7.4.1/Images/ACR-007/ACR-007_Software_2.JPG","220104/BestFreeKeyloggerLite-191121/7.4.1/Images/ACR-007/ACR-007_Software_3.JPG","220104/BestFreeKeyloggerLite-191121/7.4.1/Images/ACR-007/ACR-007_Software_4.JPG","220104/BestFreeKeyloggerLite-191121/7.4.1/Images/ACR-014/ACR-014_Software.JPG","220104/BestFreeKeyloggerLite-191121/7.4.1/Images/ACR-084/ACR-084_Software.JPG","220104/BestFreeKeyloggerLite-191121/7.4.1/Images/ACR-084/ACR-084_Software_1.JPG","220104/BestFreeKeyloggerLite-191121/7.4.1/Images/ACR-084/ACR-084_Software_2.JPG","220104/BestFreeKeyloggerLite-191121/7.4.1/Images/ACR-084/ACR-084_Software_3.JPG","220104/BestFreeKeyloggerLite-191121/7.4.1/Images/ACR-084/ACR-084_Software_4.JPG","220104/BestFreeKeyloggerLite-191121/7.4.1/Images/ACR-084/ACR-084_Software_5.JPG","220104/BestFreeKeyloggerLite-191121/7.4.1/Images/ACR-084/ACR-084_Software_6.JPG","220104/BestFreeKeyloggerLite-191121/7.4.1/Images/ACR-084/ACR-084_Software_7.JPG","220104/BestFreeKeyloggerLite-191121/7.4.1/Images/ACR-086/ACR-086_Software.JPG","220104/BestFreeKeyloggerLite-191121/7.4.1/Images/ACR-086/ACR-086_Software_1.JPG","220104/BestFreeKeyloggerLite-191121/7.4.1/Images/ACR-086/ACR-086_Software_2.JPG","220104/BestFreeKeyloggerLite-191121/7.4.1/Images/ACR-086/ACR-086_Software_3.JPG","220104/BestFreeKeyloggerLite-191121/7.4.1/Images/ACR-086/ACR-086_Software_4.JPG","220104/BestFreeKeyloggerLite-191121/7.4.1/Images/ACR-086/ACR-086_Software_5.JPG","220104/BestFreeKeyloggerLite-191121/7.4.1/Images/ACR-086/ACR-086_Software_6.JPG","220104/BestFreeKeyloggerLite-191121/7.4.1/Images/ACR-097/ACR-097_Software.JPG","220104/BestFreeKeyloggerLite-191121/7.4.1/Images/ACR-097/ACR-097_Software_1.JPG","220104/BestFreeKeyloggerLite-191121/7.4.1/Images/ACR-116/ACR-116_Uninstall.JPG"],"nonDeceptorImageFiles":["220104/BestFreeKeyloggerLite-191121/7.4.1/Images/ACR-038/ACR-038_Install_No_Detail.JPG","220104/BestFreeKeyloggerLite-191121/7.4.1/Images/ACR-040/ACR-040_Install.JPG","220104/BestFreeKeyloggerLite-191121/7.4.1/Images/ACR-040/ACR-040_Install_1.JPG","220104/BestFreeKeyloggerLite-191121/7.4.1/Images/ACR-065/ACR-065_Install.JPG","220104/BestFreeKeyloggerLite-191121/7.4.1/Images/ACR-065/ACR-065_Software.JPG","220104/BestFreeKeyloggerLite-191121/7.4.1/Images/ACR-065/ACR-065_Landingpage_No_Docs.jpg","220104/BestFreeKeyloggerLite-191121/7.4.1/Images/ACR-065/ACR-065_InternalOffers_No_Docs.jpg","220104/BestFreeKeyloggerLite-191121/7.4.1/Images/ACR-002/ACR-002_Software.JPG","220104/BestFreeKeyloggerLite-191121/7.4.1/Images/ACR-017/ACR-017_Landingpage.JPG","220104/BestFreeKeyloggerLite-191121/7.4.1/Images/ACR-161/ACR-161_Landingpage.JPG","220104/BestFreeKeyloggerLite-191121/7.4.1/Images/ACR-092/ACR-092_Software.JPG","220104/BestFreeKeyloggerLite-191121/7.4.1/Images/ACR-167/ACR-167_Docs.jpg"],"guid":"a50d5e94-3fa8-4ad0-a41d-0fa937e65694_7.4.1_1","appID":"BestFreeKeyloggerLite-191121","dateAdded":"240909","deceptorType":"App","name":"Best Free Keylogger Lite","company":"Bestx Software","version":"7.4.1","lastKnownStatus":"Deceptor: 6.1.0;7.0.0.0;7.2.0;7.2.1;7.2.2;7.3.1;7.4.0;7.4.1;8.0.1","lastKnownDate":"240909","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 10,Windows 8,Windows 7,Windows Vista","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Adults only","monetization":"up-sell to paid,paid","lastUpdate":"2024-09-09T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":9,"sortOrder":574},{"violations":{"ACR-048":"The app is installed in a hidden folder and requires a hotkey and password to open it, which limits the consumer's ability to close and uninstall the app.\n","ACR-007":"The app enables the consumer to require a password and a hotkey to open it.\n","ACR-084":"The app enables the consumer to require a password and hotkey to open it.\n","ACR-086":"The app does not inform the targeted consumer how it collects data and it uses a hotkey and password to hide its presence.\n","ACR-097":"During the install, the app prompts the user to exclude it from antivirus detection. In the setting, it also recommend user to add the app in the exception list.\n","ACR-116":"The app cannot be uninstalled by platform standard uninstall method.\n","ACR-014":"The app calls itself \"syscrb.exe”, which is not related to the name \"Best Free Keylogger\", which misleads the targeted consumer.\n"},"nonDeceptorViolations":{"ACR-038":"The app does not disclose the Original filename, Company name, Product name, Product version, File version for all the executables.\n","ACR-040":"The app is installed in a Hidden Folder named \"Best Free Keylogger\" and it calls itself \"syscrb.exe\".\n","ACR-065":"The install wizard does not display links to the Returns and Cancellation Policy or the Privacy Policy.\nThe app does not display links to the EULA or Terms of Service, the Returns and Cancellation Policy or the Privacy Policy.\nThe landing page does not display links to the EULA or Terms of Service,  or the Returns and Cancellation Policy.\nThe internal offer page does not display link to the EULA or Terms of Service.\n","ACR-002":"The App shows different names as \"syscrb.exe\" in the running service/apps section.\n","ACR-161":"The landing offer page has testimonials that have no links back to a source so consumers can verify if they're real.\n","ACR-092":"The application has no signed certificate it is unsigned.\n","ACR-167":"The app only provides a 15-day refund policy and not a 30-day refund policy.\n","ACR-017":"The app elevates its consumer trust level by displaying unverifiable logos.\n"},"samples":[],"additionalFiles":[],"sources":[{"howFound":"","reference":"Hunt.Search","landingPage":"https://bestxsoftware.com/","directDownloadingLink":"https://vc546.pcloud.com/dHZBpthJeZKSIDHCZZZvVlav7Z2ZZb6JZkZvVaxXZvYisXjiiHr4LFGiKR8qBO5oY1Cj7/installer_free.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://vc546.pcloud.com/dHZBpthJeZKSIDHCZZZvVlav7Z2ZZb6JZkZvVaxXZvYisXjiiHr4LFGiKR8qBO5oY1Cj7/installer_free.exe","sourceIndex":"1815"}],"sampleFiles":[],"imageFiles":["210921/BestFreeKeyloggerLite-191121/7.4.0/Images/ACR-048/Best Free Keylogger Lite_Files [1].png","210921/BestFreeKeyloggerLite-191121/7.4.0/Images/ACR-048/Best Free Keylogger Lite_Interactions [1].png","210921/BestFreeKeyloggerLite-191121/7.4.0/Images/ACR-048/Best Free Keylogger Lite_Interactions [2].png","210921/BestFreeKeyloggerLite-191121/7.4.0/Images/ACR-048/Best Free Keylogger Lite_Interactions [3].png","210921/BestFreeKeyloggerLite-191121/7.4.0/Images/ACR-048/Best Free Keylogger Lite_Interactions [4].png","210921/BestFreeKeyloggerLite-191121/7.4.0/Images/ACR-048/Best Free Keylogger Lite_Interactions [5].png","210921/BestFreeKeyloggerLite-191121/7.4.0/Images/ACR-007/Best Free Keylogger Lite_Interactions [1].png","210921/BestFreeKeyloggerLite-191121/7.4.0/Images/ACR-007/Best Free Keylogger Lite_Interactions [2].png","210921/BestFreeKeyloggerLite-191121/7.4.0/Images/ACR-007/Best Free Keylogger Lite_Interactions [3].png","210921/BestFreeKeyloggerLite-191121/7.4.0/Images/ACR-007/Best Free Keylogger Lite_Interactions [4].png","210921/BestFreeKeyloggerLite-191121/7.4.0/Images/ACR-007/Best Free Keylogger Lite_Interactions [5].png","210921/BestFreeKeyloggerLite-191121/7.4.0/Images/ACR-014/Best Free Keylogger Lite_RunningProcess [1].png","210921/BestFreeKeyloggerLite-191121/7.4.0/Images/ACR-084/Best Free Keylogger Lite_Interactions [1].png","210921/BestFreeKeyloggerLite-191121/7.4.0/Images/ACR-084/Best Free Keylogger Lite_Interactions [2].png","210921/BestFreeKeyloggerLite-191121/7.4.0/Images/ACR-084/Best Free Keylogger Lite_Interactions [3].png","210921/BestFreeKeyloggerLite-191121/7.4.0/Images/ACR-084/Best Free Keylogger Lite_Interactions [4].png","210921/BestFreeKeyloggerLite-191121/7.4.0/Images/ACR-084/Best Free Keylogger Lite_Interactions [5].png","210921/BestFreeKeyloggerLite-191121/7.4.0/Images/ACR-086/Best Free Keylogger Lite_Interactions [1].png","210921/BestFreeKeyloggerLite-191121/7.4.0/Images/ACR-086/Best Free Keylogger Lite_Interactions [2].png","210921/BestFreeKeyloggerLite-191121/7.4.0/Images/ACR-086/Best Free Keylogger Lite_Interactions [3].png","210921/BestFreeKeyloggerLite-191121/7.4.0/Images/ACR-086/Best Free Keylogger Lite_Interactions [4].png","210921/BestFreeKeyloggerLite-191121/7.4.0/Images/ACR-086/Best Free Keylogger Lite_Interactions [5].png","210921/BestFreeKeyloggerLite-191121/7.4.0/Images/ACR-086/Best Free Keylogger Lite_Interactions [6].png","210921/BestFreeKeyloggerLite-191121/7.4.0/Images/ACR-086/Best Free Keylogger Lite_Interactions [7].png","210921/BestFreeKeyloggerLite-191121/7.4.0/Images/ACR-097/Best Free Keylogger Lite_Install [5].png","210921/BestFreeKeyloggerLite-191121/7.4.0/Images/ACR-097/Best Free Keylogger Lite_Interactions [9].png","210921/BestFreeKeyloggerLite-191121/7.4.0/Images/ACR-116/Best Free Keylogger Lite_ControlPanel [1].png"],"nonDeceptorImageFiles":["210921/BestFreeKeyloggerLite-191121/7.4.0/Images/ACR-038/Best Free Keylogger Lite_FileProperty [3].png","210921/BestFreeKeyloggerLite-191121/7.4.0/Images/ACR-038/Best Free Keylogger Lite_FileProperty [4].png","210921/BestFreeKeyloggerLite-191121/7.4.0/Images/ACR-040/Best Free Keylogger Lite_Files [1].png","210921/BestFreeKeyloggerLite-191121/7.4.0/Images/ACR-040/Best Free Keylogger Lite_RunningProcess [1].png","210921/BestFreeKeyloggerLite-191121/7.4.0/Images/ACR-065/Best Free Keylogger Lite_Install [1].png","210921/BestFreeKeyloggerLite-191121/7.4.0/Images/ACR-065/Best Free Keylogger Lite_Install [2].png","210921/BestFreeKeyloggerLite-191121/7.4.0/Images/ACR-065/Best Free Keylogger Lite_Install [3].png","210921/BestFreeKeyloggerLite-191121/7.4.0/Images/ACR-065/Best Free Keylogger Lite_Install [5].png","210921/BestFreeKeyloggerLite-191121/7.4.0/Images/ACR-065/Best Free Keylogger Lite_Install [6].png","210921/BestFreeKeyloggerLite-191121/7.4.0/Images/ACR-065/Best Free Keylogger Lite_About [1].png","210921/BestFreeKeyloggerLite-191121/7.4.0/Images/ACR-065/Best Free Keylogger Lite_LandingPage [1].png","210921/BestFreeKeyloggerLite-191121/7.4.0/Images/ACR-065/Best Free Keylogger Lite_OfferPage [1].png","210921/BestFreeKeyloggerLite-191121/7.4.0/Images/ACR-002/Best Free Keylogger Lite_RunningProcess [1].png","210921/BestFreeKeyloggerLite-191121/7.4.0/Images/ACR-017/Best Free Keylogger Lite_LandingPage [2].png","210921/BestFreeKeyloggerLite-191121/7.4.0/Images/ACR-161/Best Free Keylogger Lite_LandingPage [3].png","210921/BestFreeKeyloggerLite-191121/7.4.0/Images/ACR-092/Best Free Keylogger Lite_FileProperty [1].png","210921/BestFreeKeyloggerLite-191121/7.4.0/Images/ACR-092/Best Free Keylogger Lite_FileProperty [2].png","210921/BestFreeKeyloggerLite-191121/7.4.0/Images/ACR-167/Best Free Keylogger Pro_Bestxsoftware Refund Policy.png"],"guid":"a50d5e94-3fa8-4ad0-a41d-0fa937e65694_7.4.0_1","appID":"BestFreeKeyloggerLite-191121","dateAdded":"240909","deceptorType":"App","name":"Best Free Keylogger Lite","company":"Bestx Software","version":"7.4.0","sigName":"Deceptor:Win32/BestFreeKeyloggerLiteStalkerware!048007014084086097116","lastKnownStatus":"Deceptor: 6.1.0;7.0.0.0;7.2.0;7.2.1;7.2.2;7.3.1;7.4.0;7.4.1;8.0.1","lastKnownDate":"240909","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 10,Windows 8,Windows 7,Windows Vista","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Adults only","monetization":"up-sell to paid,paid","lastUpdate":"2024-09-09T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":9,"sortOrder":575},{"violations":{"ACR-048":"The app is installed in a hidden folder and requires a hotkey and password to open it, which limits the consumer's ability to close and uninstall the app.\n","ACR-007":"The app does not explicit notification to the targeted consumer when it is running. It also requires a hotkey and a password to open it.\n","ACR-084":"The app uses a hotkey and password to hide its presence.\n","ACR-086":"The app does not inform the targeted consumer how it collects data and it uses a hotkey and password to hide its presence.\n","ACR-097":"During the install, the app prompts the user to exclude it from antivirus detection.\n","ACR-116":"The app cannot be uninstalled by platform standard uninstall method.\n"},"nonDeceptorViolations":{"ACR-040":"The app is installed in a System Hidden Folder named \"Best Free Keylogger\" and it calls itself \"syscrb\".\n","ACR-065":"The install does not display links to the Returns and Cancellation Policy or the Privacy Policy.\nThe app does not display links to the EULA, the Returns and Cancellation Policy or the Privacy Policy.\nThe landing page does not display links to the EULA, the Returns and Cancellation Policy or the Privacy Policy.\nThe internal offers page does not display links to the EULA, the Returns and Cancellation Policy or the Privacy Policy.\n"},"samples":[{"isRevoked":"False","fileName":"installer_free.exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"bb55d6a650fdaf946ebcdd26c24f989d","hashSHA1":"1366fd9116936b5e878d7ea636a04037f1d0a030","hashSHA256":"2994ea459f6c8b771a2d694a6a23c27415f2de29b0ecb00261b9cc3cb3356ccf","digitalCertThumbprint":"A1EED01E058B4C337F5E7040A0BA5CAE34A58F87","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Bestxsoftware, O=Bestxsoftware, STREET=\"45/B, Kehelella,\", L=Badalgama, S=Western Province, C=LK","sourceIndex":"2598","avBlockList":["360 Total Security (20210604)","Avast Internet Security (20191226)","AVG Internet Security (20210604)","Avira Internet Security (20210604)","Bitdefender Internet Security (20210604)","COMODO Antivirus (20210604)","Dr.Web Security Space (20210604)","ESET Internet Security (20210604)","G DATA INTERNET SECURITY (20210604)","K7 Total Security (20210604)","Kaspersky Internet Security (20210604)","Malwarebytes Premium (20210604)","McAfee Total Protection (20210604)","Norton Security (20210604)","Panda Dome (20210604)","Quick Heal Internet Security (20210604)","Sophos Home Premium (20210604)","Tencent PC Manager (20210604)","Trend Micro Internet Security (20210604)","VIPRE Advanced Security (20210604)","VirIT eXplorer PRO (20210604)","Webroot SecureAnywhere (20210604)","Windows Defender (20210604)","Avast Premium Security (20210604)","SpyHunter5 (20210604)","Total AV Antivirus Pro (20210604)"],"avAllowList":[]},{"isRevoked":"False","fileName":"syscrb.exe","companyName":"bestxsoftware","fileVersion":"1.5","hashMD5":"16698e2078a7ab6806399a9b24da4f64","hashSHA1":"7b4451734900bd7c4111c606ca4a31e042be42fe","hashSHA256":"453e79c81b69bc50ae91ee153e9ef130d2aa8c8387eafdbeeabc52bde1f72be4","digitalCertThumbprint":"A1EED01E058B4C337F5E7040A0BA5CAE34A58F87","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Bestxsoftware, O=Bestxsoftware, STREET=\"45/B, Kehelella,\", L=Badalgama, S=Western Province, C=LK","sourceIndex":"2598","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"\"apps like spyrix\" - Google search","reference":"Hunt.Search","landingPage":"https://bestxsoftware.com/","directDownloadingLink":"https://bestxsoftware.com/download/installer_free_v_6.1.0(password=1234).zip","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://bestxsoftware.com/download/installer_free_v_6.1.0(password=1234).zip","sourceIndex":"2598"}],"sampleFiles":["191125/BestFreeKeyloggerLite-191121/6.1.0/Samples/installer_free.exe","191125/BestFreeKeyloggerLite-191121/6.1.0/Samples/syscrb.exe"],"imageFiles":["191125/BestFreeKeyloggerLite-191121/6.1.0/Images/ACR-048/BestFreeKeyloggerLite Hidden File.png","191125/BestFreeKeyloggerLite-191121/6.1.0/Images/ACR-048/BestFreeKeyloggerLite Password.png","191125/BestFreeKeyloggerLite-191121/6.1.0/Images/ACR-048/BestFreeKeyloggerLite Hotkey.png","191125/BestFreeKeyloggerLite-191121/6.1.0/Images/ACR-007/BestFreeKeyloggerLite Password.png","191125/BestFreeKeyloggerLite-191121/6.1.0/Images/ACR-007/BestFreeKeyloggerLite Hotkey.png","191125/BestFreeKeyloggerLite-191121/6.1.0/Images/ACR-084/BestFreeKeyloggerLite Hotkey.png","191125/BestFreeKeyloggerLite-191121/6.1.0/Images/ACR-084/BestFreeKeyloggerLite Password.png","191125/BestFreeKeyloggerLite-191121/6.1.0/Images/ACR-086/BestFreeKeyloggerLite Password.png","191125/BestFreeKeyloggerLite-191121/6.1.0/Images/ACR-086/BestFreeKeyloggerLite Hotkey.png","191125/BestFreeKeyloggerLite-191121/6.1.0/Images/ACR-097/BestFreeKeyloggerLite AVs.png","191125/BestFreeKeyloggerLite-191121/6.1.0/Images/ACR-116/BestFreeKeyloggerLite Uninstall.png"],"nonDeceptorImageFiles":["191125/BestFreeKeyloggerLite-191121/6.1.0/Images/ACR-040/BestFreeKeyloggerLite Hidden File.png","191125/BestFreeKeyloggerLite-191121/6.1.0/Images/ACR-040/BestFreeKeyloggerLite Different Name.png","191125/BestFreeKeyloggerLite-191121/6.1.0/Images/ACR-065/BestFreeKeyloggerLite EULA.png","191125/BestFreeKeyloggerLite-191121/6.1.0/Images/ACR-065/BestFreeKeyloggerLite Install.png","191125/BestFreeKeyloggerLite-191121/6.1.0/Images/ACR-065/BestFreeKeyloggerLite About.png","191125/BestFreeKeyloggerLite-191121/6.1.0/Images/ACR-065/BestFreeKeyloggerLite Landing Page.png","191125/BestFreeKeyloggerLite-191121/6.1.0/Images/ACR-065/BestFreeKeyloggerLite Internal Offers.png"],"guid":"a50d5e94-3fa8-4ad0-a41d-0fa937e65694_6.1.0_1","appID":"BestFreeKeyloggerLite-191121","dateAdded":"240909","deceptorType":"App","name":"Best Free Keylogger Lite","company":"Bestx Software","version":"6.1.0","sigName":"Deceptor:Win32/BestFreeKeyloggerLiteStalkerware!048007084086097116","lastKnownStatus":"Deceptor: 6.1.0;7.0.0.0;7.2.0;7.2.1;7.2.2;7.3.1;7.4.0;7.4.1;8.0.1","lastKnownDate":"240909","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 10,Windows 8,Windows 7,Windows Vista","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Adults only","monetization":"up-sell to paid","lastUpdate":"2024-09-09T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":9,"sortOrder":581},{"violations":{"ACR-048":"The app is installed in a hidden folder and requires a hotkey and password to open it, which limits the consumer's ability to close and uninstall the app.\n","ACR-007":"The app does not explicit notification to the targeted consumer when it is running. It also requires a hotkey and a password to open it.\n","ACR-084":"The app uses a hotkey and password to hide its presence.\n","ACR-086":"The app does not inform the targeted consumer how it collects data and it uses a hotkey and password to hide its presence.\n","ACR-097":"During the install, the app prompts the user to exclude it from antivirus detection.\n","ACR-116":"The app cannot be uninstalled by platform standard uninstall method.\n"},"nonDeceptorViolations":{"ACR-040":"The app is installed in a System Hidden Folder named \"Best Free Keylogger\" and it calls itself \"syscrb\".\n","ACR-065":"The install does not display links to the Returns and Cancellation Policy or the Privacy Policy.\nThe app does not display links to the EULA, the Returns and Cancellation Policy or the Privacy Policy.\nThe landing page does not display links to the EULA, the Returns and Cancellation Policy or the Privacy Policy.\n"},"samples":[{"isRevoked":"False","fileName":"tmp3038.exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"479977cb3fcbf001e879b4bfce4f1aed","hashSHA1":"53a4c1ee8b85d13a4d9f603a26656ff13ceb1fab","hashSHA256":"e5c63f676a31448d93b372c33f9c4d3277e51d57ac5af79c88ed9968b0c47472","sourceIndex":"2395","avBlockList":["360 Total Security (20210527)","Avast Premium Security (20210527)","AVG Internet Security (20210527)","Avira Internet Security (20210527)","Bitdefender Internet Security (20210527)","COMODO Antivirus (20210527)","Dr.Web Security Space (20210527)","ESET Internet Security (20210527)","G DATA INTERNET SECURITY (20210527)","K7 Total Security (20210527)","Kaspersky Internet Security (20210527)","Malwarebytes Premium (20210527)","McAfee Total Protection (20210527)","Norton Security (20210527)","Panda Dome (20210527)","Quick Heal Internet Security (20210527)","Sophos Home Premium (20210527)","SpyHunter5 (20210527)","Tencent PC Manager (20210527)","Total AV Antivirus Pro (20210527)","VIPRE Advanced Security (20210527)","VirIT eXplorer PRO (20210527)","Webroot SecureAnywhere (20210527)","Windows Defender (20210527)"],"avAllowList":["Trend Micro Internet Security (20210527)"]},{"isRevoked":"False","fileName":"syscrb.exe","companyName":"bestxsoftware","fileVersion":"7.0","hashMD5":"bf92df38e3ed45c23d581fec2c15b4f9","hashSHA1":"861b97d980b1ad8f0b1b01ec034d3eb87a88869e","hashSHA256":"d69b238438fc9b322b3f9000da2b5514503f59b9abb38d2f2cbae956165c9179","sourceIndex":"2395","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"\"apps like spyrix\" - Google search","reference":"Hunt.Search","landingPage":"https://bestxsoftware.com/","directDownloadingLink":"https://bestxsoftware.com/download/installer_free_v_6.1.0(password=1234).zip","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://bestxsoftware.com/download/installer_free_v_6.1.0(password=1234).zip","sourceIndex":"2395"}],"sampleFiles":["200702/BestFreeKeyloggerLite-191121/7.0.0.0/Samples/tmp3038.exe","200702/BestFreeKeyloggerLite-191121/7.0.0.0/Samples/syscrb.exe"],"imageFiles":["200702/BestFreeKeyloggerLite-191121/7.0.0.0/Images/ACR-048/Best Free Keylogger 6.2.0 Hidden.png","200702/BestFreeKeyloggerLite-191121/7.0.0.0/Images/ACR-048/Best Free Keylogger 6.2.0 Hotkey.png","200702/BestFreeKeyloggerLite-191121/7.0.0.0/Images/ACR-048/Best Free Keylogger 6.2.0 Password.png","200702/BestFreeKeyloggerLite-191121/7.0.0.0/Images/ACR-007/Best Free Keylogger 6.2.0 Hotkey.png","200702/BestFreeKeyloggerLite-191121/7.0.0.0/Images/ACR-007/Best Free Keylogger 6.2.0 Password.png","200702/BestFreeKeyloggerLite-191121/7.0.0.0/Images/ACR-084/Best Free Keylogger 6.2.0 Password.png","200702/BestFreeKeyloggerLite-191121/7.0.0.0/Images/ACR-084/Best Free Keylogger 6.2.0 Hotkey.png","200702/BestFreeKeyloggerLite-191121/7.0.0.0/Images/ACR-086/Best Free Keylogger 6.2.0 Hotkey.png","200702/BestFreeKeyloggerLite-191121/7.0.0.0/Images/ACR-086/Best Free Keylogger 6.2.0 Password.png","200702/BestFreeKeyloggerLite-191121/7.0.0.0/Images/ACR-097/Best Free Keylogger 6.2.0 AV.png","200702/BestFreeKeyloggerLite-191121/7.0.0.0/Images/ACR-116/Best Free Keylogger 6.2.0 Uninstall.png"],"nonDeceptorImageFiles":["200702/BestFreeKeyloggerLite-191121/7.0.0.0/Images/ACR-040/Best Free Keylogger 6.2.0 Task Manager.png","200702/BestFreeKeyloggerLite-191121/7.0.0.0/Images/ACR-040/Hidden Folder.PNG","200702/BestFreeKeyloggerLite-191121/7.0.0.0/Images/ACR-065/Best Free Keylogger 6.2.0 Install.png","200702/BestFreeKeyloggerLite-191121/7.0.0.0/Images/ACR-065/Best Free Keylogger 6.2.0 EULA.png","200702/BestFreeKeyloggerLite-191121/7.0.0.0/Images/ACR-065/Best Free Keylogger 6.2.0 About.png","200702/BestFreeKeyloggerLite-191121/7.0.0.0/Images/ACR-065/Best Free Keylogger 6.2.0 Landing Page.png"],"guid":"a50d5e94-3fa8-4ad0-a41d-0fa937e65694_7.0.0.0_1","appID":"BestFreeKeyloggerLite-191121","dateAdded":"240909","deceptorType":"App","name":"Best Free Keylogger Lite","company":"Bestx Software","version":"7.0.0.0","sigName":"Deceptor:Win32/KeyloggerLiteStalkerware!048007084086097116","lastKnownStatus":"Deceptor: 6.1.0;7.0.0.0;7.2.0;7.2.1;7.2.2;7.3.1;7.4.0;7.4.1;8.0.1","lastKnownDate":"240909","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 10,Windows 8,Windows 7,Windows Vista","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Adults only","monetization":"up-sell to paid","lastUpdate":"2024-09-09T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":9,"sortOrder":580},{"violations":{"ACR-048":"The app is installed in a hidden folder and requires a hotkey and password to open it, which limits the consumer's ability to close and uninstall the app.\n","ACR-007":"The app does not explicit notification to the targeted consumer when it is running. It also requires a hotkey and a password to open it.\n","ACR-084":"The app enables the consumer to install it in \"Invisible Mode\", which hides all app icons and notifications. It also enables the consumer to require a password and hotkey to open it.\n","ACR-086":"The app does not inform the targeted consumer how it collects data and it uses a hotkey and password to hide its presence.\n","ACR-097":"During the install, the app prompts the user to exclude it from antivirus detection.\n","ACR-116":"The app cannot be uninstalled by platform standard uninstall method.\n","ACR-014":"The app calls itself \"syscrb.exe”, which is not related to the name \"Best Free Keylogger\", which misleads the targeted consumer.\n"},"nonDeceptorViolations":{"ACR-038":"The app does not disclose the Original filename, Company name, Product name, Product version, File version for all the executables.\n","ACR-040":"The app is installed in a System Hidden Folder named \"Best Free Keylogger\" and it calls itself \"syscrb\".\n","ACR-045":"\"Free Download\" highlights \"Free\" misleads user. The functionality that requires consumer payment in order to be activated needs to be marked clearly in landing page. Otherwise app should remove \"free\" word.\n","ACR-065":"The install does not display links to the Returns and Cancellation Policy or the Privacy Policy.\nThe app does not display links to the EULA, the Returns and Cancellation Policy or the Privacy Policy.\nThe landing page does not display links to the EULA or Terms of Service,  or the Returns and Cancellation Policy.\nThe internal offer page does not display links to the EULA or Terms of Service,  or the Returns and Cancellation Policy.\n","ACR-002":"The App shows different names as \"syscrb.exe\" in the running service/apps section.\n","ACR-092":"The app does not provide Digital signatures for the main executable.\n","ACR-167":"The app only provides a 15-day refund policy and not a 30-day refund policy.\n","ACR-017":"The app elevates its consumer trust level by displaying unverifiable logos.\n"},"samples":[{"isRevoked":"False","fileName":"installer_free.exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"364b8c20431c6a3e16c74ee95df72812","hashSHA1":"b2cc270e553779a07dddd2166fd2ae91ff6c08c8","hashSHA256":"fa14795e8f77f95c1c71ef303244b3d2ef0dc247a75ba1daa39ea2c10118d1a2","sourceIndex":"2030","avBlockList":["360 Total Security (20211028)","Avast Premium Security (20211028)","AVG Internet Security (20211028)","Avira Internet Security (20211028)","Bitdefender Internet Security (20211028)","COMODO Antivirus (20211028)","Dr.Web Security Space (20211028)","ESET Internet Security (20211028)","G DATA INTERNET SECURITY (20211028)","K7 Total Security (20211028)","Kaspersky Internet Security (20211028)","Malwarebytes Premium (20211028)","McAfee Total Protection (20211028)","Norton Security (20211028)","Panda Dome (20211028)","Quick Heal Internet Security (20211028)","Sophos Home Premium (20211028)","SpyHunter5 (20211028)","Tencent PC Manager (20211028)","Total AV Antivirus Pro (20211028)","Trend Micro Internet Security (20211028)","VIPRE Advanced Security (20211028)","VirIT eXplorer PRO (20211028)","Webroot SecureAnywhere (20211028)","Windows Defender (20211028)"],"avAllowList":[]},{"isRevoked":"False","fileName":"syscrb.exe","companyName":"bestxsoftware","fileVersion":"7.2","hashMD5":"f28631d4590de83bc41acf55c13494eb","hashSHA1":"d642b189c5888bb59c84e89ddacfb94b78fa3117","hashSHA256":"230a63075f0c79760ddf0f5f9ac99d85078ce4968ff1788b3f3837bf09231475","sourceIndex":"2030","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"\"apps like spyrix\" - Google search","reference":"Hunt.Search","landingPage":"https://bestxsoftware.com/index.html","directDownloadingLink":"https://mega.nz/b24ba4d5-504e-4575-844a-264cc58d00a2","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://mega.nz/b24ba4d5-504e-4575-844a-264cc58d00a2","sourceIndex":"2030"}],"sampleFiles":["201214/BestFreeKeyloggerLite-191121/7.2.0/Samples/installer_free.exe","201214/BestFreeKeyloggerLite-191121/7.2.0/Samples/syscrb.exe"],"imageFiles":["201214/BestFreeKeyloggerLite-191121/7.2.0/Images/ACR-048/Best Free Keylogger Lite_HiddenDirectory [1].png","201214/BestFreeKeyloggerLite-191121/7.2.0/Images/ACR-048/Best Free Keylogger Lite_Interactions [1].png","201214/BestFreeKeyloggerLite-191121/7.2.0/Images/ACR-048/Best Free Keylogger Lite_Interactions [2].png","201214/BestFreeKeyloggerLite-191121/7.2.0/Images/ACR-048/Best Free Keylogger Lite_Interactions [3].png","201214/BestFreeKeyloggerLite-191121/7.2.0/Images/ACR-007/Best Free Keylogger Lite_Interactions [1].png","201214/BestFreeKeyloggerLite-191121/7.2.0/Images/ACR-007/Best Free Keylogger Lite_Interactions [2].png","201214/BestFreeKeyloggerLite-191121/7.2.0/Images/ACR-007/Best Free Keylogger Lite_Interactions [3].png","201214/BestFreeKeyloggerLite-191121/7.2.0/Images/ACR-014/Best Free Keylogger Lite_RunningProcess [1].png","201214/BestFreeKeyloggerLite-191121/7.2.0/Images/ACR-084/Best Free Keylogger Lite_Interactions [1].png","201214/BestFreeKeyloggerLite-191121/7.2.0/Images/ACR-084/Best Free Keylogger Lite_Interactions [2].png","201214/BestFreeKeyloggerLite-191121/7.2.0/Images/ACR-084/Best Free Keylogger Lite_Interactions [3].png","201214/BestFreeKeyloggerLite-191121/7.2.0/Images/ACR-084/Best Free Keylogger Lite_Interactions [4].png","201214/BestFreeKeyloggerLite-191121/7.2.0/Images/ACR-086/Best Free Keylogger 6.2.0 Hotkey.png","201214/BestFreeKeyloggerLite-191121/7.2.0/Images/ACR-086/Best Free Keylogger Lite_Interactions [1].png","201214/BestFreeKeyloggerLite-191121/7.2.0/Images/ACR-086/Best Free Keylogger Lite_Interactions [2].png","201214/BestFreeKeyloggerLite-191121/7.2.0/Images/ACR-086/Best Free Keylogger Lite_Interactions [3].png","201214/BestFreeKeyloggerLite-191121/7.2.0/Images/ACR-086/Best Free Keylogger Lite_Settings [1].png","201214/BestFreeKeyloggerLite-191121/7.2.0/Images/ACR-086/Best Free Keylogger Lite_Settings [2].png","201214/BestFreeKeyloggerLite-191121/7.2.0/Images/ACR-086/Best Free Keylogger Lite_Settings [3].png","201214/BestFreeKeyloggerLite-191121/7.2.0/Images/ACR-116/Best Free Keylogger Lite_ControlPanel [1].png"],"nonDeceptorImageFiles":["201214/BestFreeKeyloggerLite-191121/7.2.0/Images/ACR-038/Best Free Keylogger Lite_FileProperty [1].png","201214/BestFreeKeyloggerLite-191121/7.2.0/Images/ACR-040/Best Free Keylogger 6.2.0 Task Manager.png","201214/BestFreeKeyloggerLite-191121/7.2.0/Images/ACR-040/Hidden Folder.PNG","201214/BestFreeKeyloggerLite-191121/7.2.0/Images/ACR-045/Best Free Keylogger Lite_LandingPage [1].png","201214/BestFreeKeyloggerLite-191121/7.2.0/Images/ACR-065/Best Free Keylogger Lite_Installs [1].png","201214/BestFreeKeyloggerLite-191121/7.2.0/Images/ACR-065/Best Free Keylogger Lite_Installs [2].png","201214/BestFreeKeyloggerLite-191121/7.2.0/Images/ACR-065/Best Free Keylogger Lite_About [1].png","201214/BestFreeKeyloggerLite-191121/7.2.0/Images/ACR-065/Best Free Keylogger Lite_OfferPage [1].png","201214/BestFreeKeyloggerLite-191121/7.2.0/Images/ACR-002/Best Free Keylogger Lite_RunningProcess [1].png","201214/BestFreeKeyloggerLite-191121/7.2.0/Images/ACR-017/Best Free Keylogger Lite_LandingPage [2].png","201214/BestFreeKeyloggerLite-191121/7.2.0/Images/ACR-092/Best Free Keylogger Lite_FileProperty [4].png","201214/BestFreeKeyloggerLite-191121/7.2.0/Images/ACR-167/Best Free Keylogger Lite_Refund Policy [1].png"],"guid":"a50d5e94-3fa8-4ad0-a41d-0fa937e65694_7.2.0_1","appID":"BestFreeKeyloggerLite-191121","dateAdded":"240909","deceptorType":"App","name":"Best Free Keylogger Lite","company":"Bestx Software","version":"7.2.0","sigName":"Deceptor:Win32/BestFreeKeyloggerLiteStalkerware!048007014084086097116","lastKnownStatus":"Deceptor: 6.1.0;7.0.0.0;7.2.0;7.2.1;7.2.2;7.3.1;7.4.0;7.4.1;8.0.1","lastKnownDate":"240909","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 10,Windows 8,Windows 7,Windows Vista","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Adults only","monetization":"up-sell to paid","lastUpdate":"2024-09-09T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":9,"sortOrder":579},{"violations":{"ACR-048":"The app is installed in a hidden folder and requires a hotkey and password to open it, which limits the consumer's ability to close and uninstall the app.\n","ACR-007":"The app does not provide explicit notification when it is running and it allows the consumer to enable stealth mode, which hides all app activity from the targeted consumer. The app also enables the consumer to require a password and a hotkey to open it.\n","ACR-084":"The app enables the consumer to install it in \"Invisible Mode\", which hides all app icons and notifications. It also enables the consumer to require a password and hotkey to open it.\n","ACR-086":"The app does not inform the targeted consumer how it collects data and it uses a hotkey and password to hide its presence.\n","ACR-097":"During the install, the app prompts the user to exclude it from antivirus detection.\n","ACR-116":"The app cannot be uninstalled by platform standard uninstall method.\n","ACR-014":"The app calls itself \"syscrb.exe”, which is not related to the name \"Best Free Keylogger\", which misleads the targeted consumer.\n"},"nonDeceptorViolations":{"ACR-038":"The app does not disclose the Original filename, Company name, Product name, Product version, File version for all the executables.\n","ACR-040":"The app is installed in a Hidden Folder named \"Best Free Keylogger\" and it calls itself \"syscrb.exe\".\n","ACR-045":"\"Free Download\" highlights \"Free\" misleads user. The functionality that requires consumer payment in order to be activated needs to be marked clearly in landing page. Otherwise app should remove \"free\" word.\n","ACR-065":"The install wizard does not display links to the Returns and Cancellation Policy or the Privacy Policy.\nThe app does not display links to the EULA, the Returns and Cancellation Policy or the Privacy Policy.\nThe landing page does not display links to the EULA or Terms of Service,  or the Returns and Cancellation Policy.\nThe internal offer page does not display link to the EULA or Terms of Service.\n","ACR-002":"The App shows different names as \"syscrb.exe\" in the running service/apps section.\n","ACR-161":"The landing offer page has testimonials that have no links back to a source so consumers can verify if they're real.\n","ACR-092":"The app does not provide Digital signatures for the main executables.\n","ACR-167":"The app only provides a 15-day refund policy and not a 30-day refund policy.\n","ACR-017":"The app elevates its consumer trust level by displaying unverifiable logos.\n"},"samples":[{"isRevoked":"False","fileName":"installer_free.exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"a8fa6cb61384f2cca02f262486d332c9","hashSHA1":"fa665ea98ce9f829aa1923b89a89a6f08ef32280","hashSHA256":"a5701e1d4cdb5599bfa5cb235f2099948c0404ba6708cb114ea668786c7ab57a","sourceIndex":"1989","avBlockList":["360 Total Security (20211111)","Avast Premium Security (20211111)","AVG Internet Security (20211111)","Avira Internet Security (20211111)","Bitdefender Internet Security (20211111)","COMODO Antivirus (20211111)","Dr.Web Security Space (20211111)","ESET Internet Security (20211111)","G DATA INTERNET SECURITY (20211111)","K7 Total Security (20211111)","Kaspersky Internet Security (20211111)","Malwarebytes Premium (20211111)","McAfee Total Protection (20211111)","Norton Security (20211111)","Panda Dome (20211111)","Quick Heal Internet Security (20211111)","Sophos Home Premium (20211111)","SpyHunter5 (20211111)","Tencent PC Manager (20211111)","Total AV Antivirus Pro (20211111)","Trend Micro Internet Security (20211111)","VIPRE Advanced Security (20211111)","VirIT eXplorer PRO (20211111)","Webroot SecureAnywhere (20211111)","Windows Defender (20211111)"],"avAllowList":[]},{"isRevoked":"False","fileName":"syscrb.exe","companyName":"bestxsoftware","fileVersion":"7.2","hashMD5":"647570f549305357a343a9d1182255ae","hashSHA1":"6b99c98e628f56e4c50d273bac64111f37c04bc1","hashSHA256":"d9bb076692dd72337ba6cac58f00430a38d4081843548ec4ea396adf150fd7a6","sourceIndex":"1989","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"Hunt.Search","landingPage":"https://bestxsoftware.com/","directDownloadingLink":"https://mega.nz/77f81a20-7418-4409-82aa-469b4d4cebfd","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://mega.nz/77f81a20-7418-4409-82aa-469b4d4cebfd","sourceIndex":"1989"}],"sampleFiles":["210215/BestFreeKeyloggerLite-191121/7.2.1/Samples/installer_free.exe","210215/BestFreeKeyloggerLite-191121/7.2.1/Samples/syscrb.exe"],"imageFiles":["210215/BestFreeKeyloggerLite-191121/7.2.1/Images/ACR-048/Best Free Keylogger_HiddenDirectory [1].png","210215/BestFreeKeyloggerLite-191121/7.2.1/Images/ACR-048/Best Free Keylogger_Interactions [1] Hotkey.png","210215/BestFreeKeyloggerLite-191121/7.2.1/Images/ACR-048/Best Free Keylogger_Interactions [2] Password.png","210215/BestFreeKeyloggerLite-191121/7.2.1/Images/ACR-048/Best Free Keylogger_Interactions [3] Password.png","210215/BestFreeKeyloggerLite-191121/7.2.1/Images/ACR-048/Best Free Keylogger_Interactions [4] InvisibleMode.png","210215/BestFreeKeyloggerLite-191121/7.2.1/Images/ACR-048/Best Free Keylogger_Interactions [6] HotkeyPassword.png","210215/BestFreeKeyloggerLite-191121/7.2.1/Images/ACR-007/Best Free Keylogger_Interactions [1] Hotkey.png","210215/BestFreeKeyloggerLite-191121/7.2.1/Images/ACR-007/Best Free Keylogger_Interactions [2] Password.png","210215/BestFreeKeyloggerLite-191121/7.2.1/Images/ACR-007/Best Free Keylogger_Interactions [3] Password.png","210215/BestFreeKeyloggerLite-191121/7.2.1/Images/ACR-007/Best Free Keylogger_Interactions [4] InvisibleMode.png","210215/BestFreeKeyloggerLite-191121/7.2.1/Images/ACR-007/Best Free Keylogger_Interactions [6] HotkeyPassword.png","210215/BestFreeKeyloggerLite-191121/7.2.1/Images/ACR-007/Best Free Keylogger_Interactions [8] Monitoring.png","210215/BestFreeKeyloggerLite-191121/7.2.1/Images/ACR-014/Best Free Keylogger_RunningProcess [1].png","210215/BestFreeKeyloggerLite-191121/7.2.1/Images/ACR-084/Best Free Keylogger_Interactions [1] Hotkey.png","210215/BestFreeKeyloggerLite-191121/7.2.1/Images/ACR-084/Best Free Keylogger_Interactions [2] Password.png","210215/BestFreeKeyloggerLite-191121/7.2.1/Images/ACR-084/Best Free Keylogger_Interactions [3] Password.png","210215/BestFreeKeyloggerLite-191121/7.2.1/Images/ACR-084/Best Free Keylogger_Interactions [4] InvisibleMode.png","210215/BestFreeKeyloggerLite-191121/7.2.1/Images/ACR-086/Best Free Keylogger_Interactions [1] Hotkey.png","210215/BestFreeKeyloggerLite-191121/7.2.1/Images/ACR-086/Best Free Keylogger_Interactions [2] Password.png","210215/BestFreeKeyloggerLite-191121/7.2.1/Images/ACR-086/Best Free Keylogger_Interactions [3] Password.png","210215/BestFreeKeyloggerLite-191121/7.2.1/Images/ACR-086/Best Free Keylogger_Interactions [4] InvisibleMode.png","210215/BestFreeKeyloggerLite-191121/7.2.1/Images/ACR-086/Best Free Keylogger_Interactions [6] HotkeyPassword.png","210215/BestFreeKeyloggerLite-191121/7.2.1/Images/ACR-086/Best Free Keylogger_Interactions [7] Monitoring.png","210215/BestFreeKeyloggerLite-191121/7.2.1/Images/ACR-086/Best Free Keylogger_Interactions [8] Monitoring.png","210215/BestFreeKeyloggerLite-191121/7.2.1/Images/ACR-086/Best Free Keylogger_Interactions [9] Monitoring.png","210215/BestFreeKeyloggerLite-191121/7.2.1/Images/ACR-086/Best Free Keylogger_Interactions [10] Report.png","210215/BestFreeKeyloggerLite-191121/7.2.1/Images/ACR-097/Best Free Keylogger_Install [5] AntiVirusException.png","210215/BestFreeKeyloggerLite-191121/7.2.1/Images/ACR-097/Best Free Keylogger_Interactions [12] AV FP.png","210215/BestFreeKeyloggerLite-191121/7.2.1/Images/ACR-116/Best Free Keylogger_ControlPanel [1].png"],"nonDeceptorImageFiles":["210215/BestFreeKeyloggerLite-191121/7.2.1/Images/ACR-038/Best Free Keylogger_FileProperty [1].png","210215/BestFreeKeyloggerLite-191121/7.2.1/Images/ACR-038/Best Free Keylogger_FileProperty [2].png","210215/BestFreeKeyloggerLite-191121/7.2.1/Images/ACR-040/Best Free Keylogger_HiddenDirectory [1].png","210215/BestFreeKeyloggerLite-191121/7.2.1/Images/ACR-040/Best Free Keylogger_RunningProcess [1].png","210215/BestFreeKeyloggerLite-191121/7.2.1/Images/ACR-045/Best Free Keylogger_LandingPage [1].png","210215/BestFreeKeyloggerLite-191121/7.2.1/Images/ACR-045/Best Free Keylogger_LandingPage [2].png","210215/BestFreeKeyloggerLite-191121/7.2.1/Images/ACR-065/Best Free Keylogger_Install [1].png","210215/BestFreeKeyloggerLite-191121/7.2.1/Images/ACR-065/Best Free Keylogger_Install [2].png","210215/BestFreeKeyloggerLite-191121/7.2.1/Images/ACR-065/Best Free Keylogger_Install [3].png","210215/BestFreeKeyloggerLite-191121/7.2.1/Images/ACR-065/Best Free Keylogger_Install [4].png","210215/BestFreeKeyloggerLite-191121/7.2.1/Images/ACR-065/Best Free Keylogger_Install [5] AntiVirusException.png","210215/BestFreeKeyloggerLite-191121/7.2.1/Images/ACR-065/Best Free Keylogger_Install [6].png","210215/BestFreeKeyloggerLite-191121/7.2.1/Images/ACR-065/Best Free Keylogger_About [1].png","210215/BestFreeKeyloggerLite-191121/7.2.1/Images/ACR-065/Best Free Keylogger_LandingPage [5].png","210215/BestFreeKeyloggerLite-191121/7.2.1/Images/ACR-065/Best Free Keylogger_OfferPage [1].png","210215/BestFreeKeyloggerLite-191121/7.2.1/Images/ACR-002/Best Free Keylogger_RunningProcess [1].png","210215/BestFreeKeyloggerLite-191121/7.2.1/Images/ACR-017/Best Free Keylogger_LandingPage [4].png","210215/BestFreeKeyloggerLite-191121/7.2.1/Images/ACR-017/Best Free Keylogger_LandingPage [5].png","210215/BestFreeKeyloggerLite-191121/7.2.1/Images/ACR-161/Best Free Keylogger_LandingPage [3].png","210215/BestFreeKeyloggerLite-191121/7.2.1/Images/ACR-161/Best Free Keylogger_LandingPage [5].png","210215/BestFreeKeyloggerLite-191121/7.2.1/Images/ACR-092/Best Free Keylogger_FileProperty [3].png","210215/BestFreeKeyloggerLite-191121/7.2.1/Images/ACR-092/Best Free Keylogger_FileProperty [4].png","210215/BestFreeKeyloggerLite-191121/7.2.1/Images/ACR-167/Bestxsoftware Refund Policy.png"],"guid":"a50d5e94-3fa8-4ad0-a41d-0fa937e65694_7.2.1_1","appID":"BestFreeKeyloggerLite-191121","dateAdded":"240909","deceptorType":"App","name":"Best Free Keylogger Lite","company":"Bestx Software","version":"7.2.1","lastKnownStatus":"Deceptor: 6.1.0;7.0.0.0;7.2.0;7.2.1;7.2.2;7.3.1;7.4.0;7.4.1;8.0.1","lastKnownDate":"240909","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 10,Windows 8,Windows 7,Windows Vista","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Adults only","monetization":"up-sell to paid","lastUpdate":"2024-09-09T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":9,"sortOrder":578},{"violations":{"ACR-048":"The app is installed in a hidden folder and requires a hotkey and password to open it, which limits the consumer's ability to close and uninstall the app.\n","ACR-007":"The app enables the consumer to require a password and a hotkey to open it.\n","ACR-084":"The app enables the consumer to require a password and hotkey to open it.\n","ACR-086":"The app does not inform the targeted consumer how it collects data and it uses a hotkey and password to hide its presence.\n","ACR-097":"During the install, the app prompts the user to exclude it from antivirus detection.\n","ACR-116":"The app cannot be uninstalled by platform standard uninstall method.\n","ACR-014":"The app calls itself \"syscrb.exe”, which is not related to the name \"Best Free Keylogger\", which misleads the targeted consumer.\n"},"nonDeceptorViolations":{"ACR-038":"The app does not disclose the Original filename, Company name, Product name, Product version, File version for all the executables.\n","ACR-040":"The app is installed in a Hidden Folder named \"Best Free Keylogger\" and it calls itself \"syscrb.exe\".\n","ACR-065":"The install wizard does not display links to the Returns and Cancellation Policy or the Privacy Policy.\nThe app does not display links to the EULA or Terms of Service, the Returns and Cancellation Policy or the Privacy Policy.\nThe landing page does not display links to the EULA or Terms of Service,  or the Returns and Cancellation Policy.\nThe internal offer page does not display link to the EULA or Terms of Service.\n","ACR-002":"The App shows different names as \"syscrb.exe\" in the running service/apps section.\n","ACR-161":"The landing offer page has testimonials that have no links back to a source so consumers can verify if they're real.\n","ACR-092":"The app does not provide Digital signatures for the installer and main executable.\n","ACR-167":"The app only provides a 15-day refund policy and not a 30-day refund policy.\n","ACR-017":"The app elevates its consumer trust level by displaying unverifiable logos.\n"},"samples":[{"isRevoked":"False","fileName":"installer_free.exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"6d91d0b5a69d9bdd4545c4b4b7f1d503","hashSHA1":"670ee669b56780c09dc13c0a54f0059b7520b5bc","hashSHA256":"76b3cf97dc43b13e6fb09272c6c18e2f020416011693623e57d95075042e408e","sourceIndex":"1982","avBlockList":["360 Total Security (20210601)","Avast Premium Security (20210601)","AVG Internet Security (20210601)","Avira Internet Security (20210601)","Bitdefender Internet Security (20210601)","COMODO Antivirus (20210601)","Dr.Web Security Space (20210601)","ESET Internet Security (20210601)","G DATA INTERNET SECURITY (20210601)","K7 Total Security (20210601)","Kaspersky Internet Security (20210601)","Malwarebytes Premium (20210601)","McAfee Total Protection (20210601)","Norton Security (20210601)","Panda Dome (20210601)","Quick Heal Internet Security (20210601)","Sophos Home Premium (20210601)","SpyHunter5 (20210601)","Tencent PC Manager (20210601)","Total AV Antivirus Pro (20210601)","VIPRE Advanced Security (20210601)","VirIT eXplorer PRO (20210601)","Webroot SecureAnywhere (20210601)","Windows Defender (20210601)"],"avAllowList":["Trend Micro Internet Security (20210601)"]},{"isRevoked":"False","fileName":"syscrb.exe","companyName":"bestxsoftware","fileVersion":"7.2","hashMD5":"933880c74a7a5a3336c7515c9aea3ed9","hashSHA1":"fd529a7ff5e921c27efcd91ca6e0d7b121339c10","hashSHA256":"30a504d8d2b94f0a6f35552c8e9b828324c52d75236c6152d724ff03b09598e9","sourceIndex":"1982","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"Hunt.Search","landingPage":"https://bestxsoftware.com/","directDownloadingLink":"https://mega.nz/6e106842-83e3-47b6-8c6d-26a35b822590","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://mega.nz/6e106842-83e3-47b6-8c6d-26a35b822590","sourceIndex":"1982"}],"sampleFiles":["210311/BestFreeKeyloggerLite-191121/7.2.2/Samples/installer_free.exe","210311/BestFreeKeyloggerLite-191121/7.2.2/Samples/syscrb.exe"],"imageFiles":["210311/BestFreeKeyloggerLite-191121/7.2.2/Images/ACR-048/Best Free Keylogger Lite_HiddenDirectory [1].png","210311/BestFreeKeyloggerLite-191121/7.2.2/Images/ACR-048/Best Free Keylogger Lite_Interactions [1].png","210311/BestFreeKeyloggerLite-191121/7.2.2/Images/ACR-048/Best Free Keylogger Lite_Interactions [2].png","210311/BestFreeKeyloggerLite-191121/7.2.2/Images/ACR-048/Best Free Keylogger Lite_Interactions [3].png","210311/BestFreeKeyloggerLite-191121/7.2.2/Images/ACR-048/Best Free Keylogger Lite_Interactions [6] Settings.png","210311/BestFreeKeyloggerLite-191121/7.2.2/Images/ACR-007/Best Free Keylogger Lite_Interactions [1].png","210311/BestFreeKeyloggerLite-191121/7.2.2/Images/ACR-007/Best Free Keylogger Lite_Interactions [2].png","210311/BestFreeKeyloggerLite-191121/7.2.2/Images/ACR-007/Best Free Keylogger Lite_Interactions [3].png","210311/BestFreeKeyloggerLite-191121/7.2.2/Images/ACR-007/Best Free Keylogger Lite_Interactions [4].png","210311/BestFreeKeyloggerLite-191121/7.2.2/Images/ACR-007/Best Free Keylogger Lite_Interactions [6] Settings.png","210311/BestFreeKeyloggerLite-191121/7.2.2/Images/ACR-014/Best Free Keylogger Lite_RunningProcess [1].png","210311/BestFreeKeyloggerLite-191121/7.2.2/Images/ACR-084/Best Free Keylogger Lite_Interactions [1].png","210311/BestFreeKeyloggerLite-191121/7.2.2/Images/ACR-084/Best Free Keylogger Lite_Interactions [2].png","210311/BestFreeKeyloggerLite-191121/7.2.2/Images/ACR-084/Best Free Keylogger Lite_Interactions [3].png","210311/BestFreeKeyloggerLite-191121/7.2.2/Images/ACR-084/Best Free Keylogger Lite_Interactions [6] Settings.png","210311/BestFreeKeyloggerLite-191121/7.2.2/Images/ACR-086/Best Free Keylogger Lite_Interactions [1].png","210311/BestFreeKeyloggerLite-191121/7.2.2/Images/ACR-086/Best Free Keylogger Lite_Interactions [2].png","210311/BestFreeKeyloggerLite-191121/7.2.2/Images/ACR-086/Best Free Keylogger Lite_Interactions [3].png","210311/BestFreeKeyloggerLite-191121/7.2.2/Images/ACR-086/Best Free Keylogger Lite_Interactions [4].png","210311/BestFreeKeyloggerLite-191121/7.2.2/Images/ACR-086/Best Free Keylogger Lite_Interactions [6] Settings.png","210311/BestFreeKeyloggerLite-191121/7.2.2/Images/ACR-086/Best Free Keylogger Lite_Interactions [7] Settings.png","210311/BestFreeKeyloggerLite-191121/7.2.2/Images/ACR-086/Best Free Keylogger Lite_Interactions [8] Settings.png","210311/BestFreeKeyloggerLite-191121/7.2.2/Images/ACR-097/Best Free Keylogger Lite_Install [6].png","210311/BestFreeKeyloggerLite-191121/7.2.2/Images/ACR-116/Best Free Keylogger Lite_ControlPanel [1].png"],"nonDeceptorImageFiles":["210311/BestFreeKeyloggerLite-191121/7.2.2/Images/ACR-038/Best Free Keylogger Lite_FileProperty [1].png","210311/BestFreeKeyloggerLite-191121/7.2.2/Images/ACR-038/Best Free Keylogger Lite_FileProperty [3].png","210311/BestFreeKeyloggerLite-191121/7.2.2/Images/ACR-040/Best Free Keylogger Lite_HiddenDirectory [1].png","210311/BestFreeKeyloggerLite-191121/7.2.2/Images/ACR-040/Best Free Keylogger Lite_RunningProcess [1].png","210311/BestFreeKeyloggerLite-191121/7.2.2/Images/ACR-065/Best Free Keylogger Lite_Install [1].png","210311/BestFreeKeyloggerLite-191121/7.2.2/Images/ACR-065/Best Free Keylogger Lite_Install [3].png","210311/BestFreeKeyloggerLite-191121/7.2.2/Images/ACR-065/Best Free Keylogger Lite_Install [4].png","210311/BestFreeKeyloggerLite-191121/7.2.2/Images/ACR-065/Best Free Keylogger Lite_Install [6].png","210311/BestFreeKeyloggerLite-191121/7.2.2/Images/ACR-065/Best Free Keylogger Lite_Install [8].png","210311/BestFreeKeyloggerLite-191121/7.2.2/Images/ACR-065/Best Free Keylogger Lite_About [1].png","210311/BestFreeKeyloggerLite-191121/7.2.2/Images/ACR-065/Best Free Keylogger_LandingPage [1].png","210311/BestFreeKeyloggerLite-191121/7.2.2/Images/ACR-065/Best Free Keylogger_OfferPage [1].png","210311/BestFreeKeyloggerLite-191121/7.2.2/Images/ACR-002/Best Free Keylogger Lite_RunningProcess [1].png","210311/BestFreeKeyloggerLite-191121/7.2.2/Images/ACR-017/Best Free Keylogger_LandingPage [1].png","210311/BestFreeKeyloggerLite-191121/7.2.2/Images/ACR-017/Best Free Keylogger_LandingPage [4].png","210311/BestFreeKeyloggerLite-191121/7.2.2/Images/ACR-161/Best Free Keylogger_LandingPage [3].png","210311/BestFreeKeyloggerLite-191121/7.2.2/Images/ACR-092/Best Free Keylogger Lite_FileProperty [2].png","210311/BestFreeKeyloggerLite-191121/7.2.2/Images/ACR-092/Best Free Keylogger Lite_FileProperty [4].png","210311/BestFreeKeyloggerLite-191121/7.2.2/Images/ACR-167/Best Free Keylogger_RefundPolicy [1].png"],"guid":"a50d5e94-3fa8-4ad0-a41d-0fa937e65694_7.2.2_1","appID":"BestFreeKeyloggerLite-191121","dateAdded":"240909","deceptorType":"App","name":"Best Free Keylogger Lite","company":"Bestx Software","version":"7.2.2","lastKnownStatus":"Deceptor: 6.1.0;7.0.0.0;7.2.0;7.2.1;7.2.2;7.3.1;7.4.0;7.4.1;8.0.1","lastKnownDate":"240909","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 10,Windows 8,Windows 7,Windows Vista","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Adults only","monetization":"up-sell to paid","lastUpdate":"2024-09-09T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":9,"sortOrder":577},{"violations":{"ACR-003":"The application exaggerates system files as being errors, thereby misleading or scaring user to take action.\n","ACR-004":"App does not provide free fixes for the scan results that can't be permanently fixed. It uses issues identified during free scanning to upsell user the fix, requiring user to purchase subscription service to fix all results identified during free scan.\n","ACR-118":"When the user attempts to completely uninstall the application, it retains some of its components on the device without the user's consent.\n","ACR-014":"The Errors Displayed by App\n"},"nonDeceptorViolations":{"ACR-038":" The app does not disclose the Original filename, Company name, Product name, Product version, File version for the main executable.\n","ACR-065":"The app's install wizard has no link to the Returns and Cancellation Policy, Privacy Policy.\nThe app has no link to a webpage that shows the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThe app's landing page does not have links to the app's EULA and/or Terms of Service, Returns and Cancellations Policy.\nThe internal offer page does not display links to the app's EULA and/or Terms of Service, Returns and Cancellations Policy.\n","ACR-002":"The App's version is not consistent between App install and internal offer page\nThe App's version is not consistent between App install and internal offer page\n","ACR-092":"The app does not provide Digital signatures for the main executables.\n","ACR-157":"The application has no certificate information it is unsigned.\n","ACR-099":"The app has no link to a webpage that shows how to uninstall the app.\nThe app's landing page does not show links to a webpage that shows how to uninstall the app. \nThe app's internal offer webpage has no link to a webpage that shows how to uninstall the app.\n","ACR-167":"The application's EULA has no mention of a 30 days refund policy.\n"},"samples":[{"isRevoked":"False","fileName":"DLLEscort_Setup.exe","isInstaller":"True","fileVersion":"2021.0","hashMD5":"be597e7c45939a9154f52ee1e1b589a4","hashSHA1":"b05c29939cb34ca209937012596d681e776cd5df","hashSHA256":"0704f5d269e8cf063f5c91f16b5fc540de2704a28fcf351dd3e540e65eb25838","sourceIndex":"1600","avBlockList":["Avast Premium Security (20240926)","AVG Internet Security (20240926)","Avira Internet Security (20240926)","Bitdefender Internet Security (20240926)","COMODO Antivirus (20240926)","Dr.Web Security Space (20240926)","ESET Internet Security (20240926)","G DATA INTERNET SECURITY (20240926)","Kaspersky Internet Security (20211104)","Malwarebytes Premium (20240926)","McAfee Total Protection (20240926)","Norton Security (20240926)","Panda Dome (20240926)","Quick Heal Internet Security (20240926)","Sophos Home Premium (20240926)","SpyHunter5 (20240926)","Tencent PC Manager (20211104)","Total AV Antivirus Pro (20240926)","Trend Micro Internet Security (20240926)","VIPRE Advanced Security (20240926)","VirIT eXplorer PRO (20240926)","Webroot SecureAnywhere (20240926)","Windows Defender (20240926)","FortectPremium (20240926)","KasperskyPremium (20240926)"],"avAllowList":["360 Total Security (20240926)","K7 Total Security (20240926)"]},{"isRevoked":"False","fileName":"DLLEscort.exe","fileVersion":"0.0","hashMD5":"4da6f289e5cf792c5d6943cca66b4dba","hashSHA1":"aeebcd42e7caa19e593a0b26b5e8f6e8c69635ec","hashSHA256":"d4903ee9bb895613c41de7dc9ef0cb57a32eba3b32cfecfe23b09635cd6e2770","sourceIndex":"1600","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"DLLEscort_Setup[2].exe","isInstaller":"True","fileVersion":"2021.0","hashMD5":"0da81857e09e67edf1e1d3d435ed932f","hashSHA1":"2092dcd40266f56ce6e7417e1e2b930bea07a475","hashSHA256":"c7afc358a9e0b53910b91422eadb13fbfd36270bf6461222f069320a6d8f7d3e","sourceIndex":"1600","avBlockList":["Avast Premium Security (20241203)","AVG Internet Security (20241203)","Avira Internet Security (20241203)","Bitdefender Internet Security (20241203)","Dr.Web Security Space (20241203)","ESET Internet Security (20241203)","FortectPremium (20241203)","G DATA INTERNET SECURITY (20241203)","K7 Total Security (20241203)","KasperskyPremium (20241203)","Malwarebytes Premium (20241203)","McAfee Total Protection (20241203)","Norton Security (20241203)","Panda Dome (20241203)","Quick Heal Internet Security (20241203)","Sophos Home Premium (20241203)","SpyHunter5 (20241203)","Total AV Antivirus Pro (20241203)","Trend Micro Internet Security (20241203)","VIPRE Advanced Security (20241203)","VirIT eXplorer PRO (20241203)","Webroot SecureAnywhere (20241203)","Windows Defender (20241203)"],"avAllowList":["360 Total Security (20241203)","COMODO Antivirus (20241203)"]},{"isRevoked":"False","fileName":"DLLEscort_Setup [3].exe","isInstaller":"True","fileVersion":"2021.0","hashMD5":"7d18338703c7087c6edd283e813a16a7","hashSHA1":"5b6892dd09c4f601419f286c86241f25d9f45630","hashSHA256":"cf9a877114799de4b672fa766e57f1de3423c0d6e1e5300e679ea282be3913fa","sourceIndex":"1600","avBlockList":["Avast Premium Security (20241205)","AVG Internet Security (20241205)","Avira Internet Security (20241205)","Bitdefender Internet Security (20241205)","Dr.Web Security Space (20241205)","ESET Internet Security (20241205)","FortectPremium (20241205)","G DATA INTERNET SECURITY (20241205)","K7 Total Security (20241205)","KasperskyPremium (20241205)","Malwarebytes Premium (20241205)","McAfee Total Protection (20241205)","Norton Security (20241205)","Panda Dome (20241205)","Quick Heal Internet Security (20241205)","Sophos Home Premium (20241205)","SpyHunter5 (20241205)","Total AV Antivirus Pro (20241205)","Trend Micro Internet Security (20241205)","VIPRE Advanced Security (20241205)","VirIT eXplorer PRO (20241205)","Webroot SecureAnywhere (20241205)","Windows Defender (20241205)"],"avAllowList":["360 Total Security (20241205)","COMODO Antivirus (20241205)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"google.com (remove computer errors free)","landingPage":"http://www.dllescort.com/","directDownloadingLink":"https://www.dllescort.com/DLLEscort_Setup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.dllescort.com/DLLEscort_Setup.exe","sourceIndex":"1600"}],"sampleFiles":["211221/DLLEscort-180424/2021/Samples/DLLEscort_Setup.exe","211221/DLLEscort-180424/2021/Samples/DLLEscort.exe","211221/DLLEscort-180424/2021/Samples/DLLEscort_Setup[2].exe","211221/DLLEscort-180424/2021/Samples/DLLEscort_Setup [3].exe"],"imageFiles":["211221/DLLEscort-180424/2021/Images/ACR-003/DLLEscort_Interactions [2].png","211221/DLLEscort-180424/2021/Images/ACR-003/DLLEscort_Interactions [3].png","211221/DLLEscort-180424/2021/Images/ACR-003/DLLEscort_Interactions [5].png","211221/DLLEscort-180424/2021/Images/ACR-003/DLLEscort_Interactions [4].png","211221/DLLEscort-180424/2021/Images/ACR-118/DLLEscort_RetainedFilesafterUninstall [1].png","211221/DLLEscort-180424/2021/Images/ACR-014/DLLEscort_Interactions [3].png","211221/DLLEscort-180424/2021/Images/ACR-004/DLLEscort_Interactions [3].png","211221/DLLEscort-180424/2021/Images/ACR-004/DLLEscort_Interactions [4].png"],"nonDeceptorImageFiles":["211221/DLLEscort-180424/2021/Images/ACR-038/DLLEscort_FileProperty [2].png","211221/DLLEscort-180424/2021/Images/ACR-065/DLLEscort_Install [1].png","211221/DLLEscort-180424/2021/Images/ACR-065/DLLEscort_Install [2].png","211221/DLLEscort-180424/2021/Images/ACR-065/DLLEscort_Install [3].png","211221/DLLEscort-180424/2021/Images/ACR-065/DLLEscort_Install [4].png","211221/DLLEscort-180424/2021/Images/ACR-065/DLLEscort_About [1].png","211221/DLLEscort-180424/2021/Images/ACR-065/DLLEscort_LandingPage [1].png","211221/DLLEscort-180424/2021/Images/ACR-065/DLLEscort_LandingPage [2].png","211221/DLLEscort-180424/2021/Images/ACR-065/DLLEscort_OfferPage [1].png","211221/DLLEscort-180424/2021/Images/ACR-002/DLLEscort_Install [1].png","211221/DLLEscort-180424/2021/Images/ACR-002/DLLEscort_OfferPage [1].png","211221/DLLEscort-180424/2021/Images/ACR-002/DLLEscort_OfferPage [1].png","211221/DLLEscort-180424/2021/Images/ACR-002/DLLEscort_Install [1].png","211221/DLLEscort-180424/2021/Images/ACR-092/DLLEscort_FileProperty [3].png","211221/DLLEscort-180424/2021/Images/ACR-092/DLLEscort_FileProperty [4].png","211221/DLLEscort-180424/2021/Images/ACR-157/DLLEscort_FileProperty [3].png","211221/DLLEscort-180424/2021/Images/ACR-157/DLLEscort_FileProperty [4].png","211221/DLLEscort-180424/2021/Images/ACR-099/DLLEscort_About [1].png","211221/DLLEscort-180424/2021/Images/ACR-099/DLLEscort_About [2].png","211221/DLLEscort-180424/2021/Images/ACR-099/DLLEscort_LandingPage [1].png","211221/DLLEscort-180424/2021/Images/ACR-099/DLLEscort_LandingPage [2].png","211221/DLLEscort-180424/2021/Images/ACR-099/DLLEscort_OfferPage [1].png"],"guid":"b3608584-cd5b-445e-94b4-5a5e4962ef37_2021_1","appID":"DLLEscort-180424","dateAdded":"240909","deceptorType":"App","name":"DLLEscort","company":"DLLEscort","version":"2021","lastKnownStatus":"Deceptor:2.6.20;2021","lastKnownDate":"240909","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 10,Windows 7,Windows 8,Windows Vista,Windows XP","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,paid","lastUpdate":"2024-09-09T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":4,"sortOrder":570},{"violations":{"ACR-048":"The app is installed in a hidden folder and requires a hotkey and password to open it, which limits the consumer's ability to close and uninstall the app.\n","ACR-007":"The app enables the consumer to require a password and a hotkey to open it.\n","ACR-084":"The app enables the consumer to require a password and hotkey to open it.\n","ACR-086":"The app does not inform the targeted consumer how it collects data and it uses a hotkey and password to hide its presence.\n","ACR-097":"During the install, the app prompts the user to exclude it from antivirus detection.\n","ACR-116":"The app cannot be uninstalled by platform standard uninstall method.\n","ACR-014":"The app calls itself \"syscrb.exe”, which is not related to the name \"Best Free Keylogger\", which misleads the targeted consumer.\n"},"nonDeceptorViolations":{"ACR-038":"The app does not disclose the Original filename, Company name, Product name, Product version, File version for all the executables.\n","ACR-040":"The app is installed in a Hidden Folder named \"Best Free Keylogger\" and it calls itself \"syscrb.exe\".\n","ACR-065":"The install wizard does not display links to the Returns and Cancellation Policy or the Privacy Policy.\nThe app does not display links to the EULA or Terms of Service, the Returns and Cancellation Policy or the Privacy Policy.\nThe landing page does not display links to the EULA or Terms of Service,  or the Returns and Cancellation Policy.\nThe internal offer page does not display link to the EULA or Terms of Service.\n","ACR-002":"The App shows different names as \"syscrb.exe\" in the running service/apps section.\n","ACR-161":"The landing offer page has testimonials that have no links back to a source so consumers can verify if they're real.\n","ACR-092":"The app does not provide Digital signatures for the installer and main executable.\n","ACR-167":"The app only provides a 15-day refund policy and not a 30-day refund policy.\n","ACR-017":"The app elevates its consumer trust level by displaying unverifiable logos.\n"},"samples":[{"isRevoked":"False","fileName":"installer_free.exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"085bc7150da060d96cc108210d673758","hashSHA1":"bf6f6511a29cb6afce8256d4d8aa1108723bec89","hashSHA256":"57531162faa76d830d70bc3a449de8ecd0bd9855142f7b66d68942870beea7be","sourceIndex":"1884","avBlockList":["360 Total Security (20211014)","Avast Premium Security (20211014)","AVG Internet Security (20211014)","Avira Internet Security (20211014)","Bitdefender Internet Security (20211014)","COMODO Antivirus (20211014)","Dr.Web Security Space (20211014)","ESET Internet Security (20211014)","G DATA INTERNET SECURITY (20211014)","K7 Total Security (20211014)","Kaspersky Internet Security (20211014)","Malwarebytes Premium (20211014)","McAfee Total Protection (20211014)","Norton Security (20211014)","Panda Dome (20211014)","Quick Heal Internet Security (20211014)","Sophos Home Premium (20211014)","SpyHunter5 (20211014)","Tencent PC Manager (20211014)","Total AV Antivirus Pro (20211014)","VIPRE Advanced Security (20211014)","VirIT eXplorer PRO (20211014)","Webroot SecureAnywhere (20211014)","Windows Defender (20211014)"],"avAllowList":["Trend Micro Internet Security (20211014)"]},{"isRevoked":"False","fileName":"syscrb.exe","companyName":"bestxsoftware","fileVersion":"7.3","hashMD5":"68656c69143797a90784b73d62e8d5f0","hashSHA1":"8aeb3db313126b8e6c59ff81b7bbca90325f3d71","hashSHA256":"20ed885f26e43900dce1fca8a4bdc5ca53aadfa7f84c998754e4b7c483572e04","sourceIndex":"1884","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"Hunt.Search","landingPage":"https://bestxsoftware.com/","directDownloadingLink":"https://vc544.pcloud.com/dHZ46x571ZOKdQbgZZZ57Nbv7Z2ZZ92RZkZa719XZ4O61b9JSbJ0Oubuo2DkN3hSG59SV/installer_free.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://vc544.pcloud.com/dHZ46x571ZOKdQbgZZZ57Nbv7Z2ZZ92RZkZa719XZ4O61b9JSbJ0Oubuo2DkN3hSG59SV/installer_free.exe","sourceIndex":"1884"}],"sampleFiles":["210623/BestFreeKeyloggerLite-191121/7.3.1/Samples/installer_free.exe","210623/BestFreeKeyloggerLite-191121/7.3.1/Samples/syscrb.exe"],"imageFiles":["210623/BestFreeKeyloggerLite-191121/7.3.1/Images/ACR-048/Best Free Keylogger Lite_Interactions [1].png","210623/BestFreeKeyloggerLite-191121/7.3.1/Images/ACR-048/Best Free Keylogger Lite_Interactions [2].png","210623/BestFreeKeyloggerLite-191121/7.3.1/Images/ACR-048/Best Free Keylogger Lite_Interactions [3].png","210623/BestFreeKeyloggerLite-191121/7.3.1/Images/ACR-048/Best Free Keylogger Lite_Hidden Directory [1].png","210623/BestFreeKeyloggerLite-191121/7.3.1/Images/ACR-048/Best Free Keylogger Lite_Files [1].png","210623/BestFreeKeyloggerLite-191121/7.3.1/Images/ACR-007/Best Free Keylogger Lite_Interactions [1].png","210623/BestFreeKeyloggerLite-191121/7.3.1/Images/ACR-007/Best Free Keylogger Lite_Interactions [2].png","210623/BestFreeKeyloggerLite-191121/7.3.1/Images/ACR-007/Best Free Keylogger Lite_Interactions [3].png","210623/BestFreeKeyloggerLite-191121/7.3.1/Images/ACR-007/Best Free Keylogger Lite_Settings [1].png","210623/BestFreeKeyloggerLite-191121/7.3.1/Images/ACR-014/Best Free Keylogger Lite_RunningProcess [1].png","210623/BestFreeKeyloggerLite-191121/7.3.1/Images/ACR-084/Best Free Keylogger Lite_Interactions [1].png","210623/BestFreeKeyloggerLite-191121/7.3.1/Images/ACR-084/Best Free Keylogger Lite_Interactions [2].png","210623/BestFreeKeyloggerLite-191121/7.3.1/Images/ACR-084/Best Free Keylogger Lite_Interactions [3].png","210623/BestFreeKeyloggerLite-191121/7.3.1/Images/ACR-084/Best Free Keylogger Lite_Settings [1].png","210623/BestFreeKeyloggerLite-191121/7.3.1/Images/ACR-086/Best Free Keylogger Lite_Interactions [1].png","210623/BestFreeKeyloggerLite-191121/7.3.1/Images/ACR-086/Best Free Keylogger Lite_Interactions [2].png","210623/BestFreeKeyloggerLite-191121/7.3.1/Images/ACR-086/Best Free Keylogger Lite_Interactions [3].png","210623/BestFreeKeyloggerLite-191121/7.3.1/Images/ACR-086/Best Free Keylogger Lite_Settings [1].png","210623/BestFreeKeyloggerLite-191121/7.3.1/Images/ACR-086/Best Free Keylogger Lite_Settings [2].png","210623/BestFreeKeyloggerLite-191121/7.3.1/Images/ACR-086/Best Free Keylogger Lite_Settings [3].png","210623/BestFreeKeyloggerLite-191121/7.3.1/Images/ACR-097/Best Free Keylogger Lite_Install [6].png","210623/BestFreeKeyloggerLite-191121/7.3.1/Images/ACR-116/Best Free Keylogger Lite_ControlPanel [1].png"],"nonDeceptorImageFiles":["210623/BestFreeKeyloggerLite-191121/7.3.1/Images/ACR-038/Best Free Keylogger Lite_FileProperty [1].png","210623/BestFreeKeyloggerLite-191121/7.3.1/Images/ACR-038/Best Free Keylogger Lite_FileProperty [3].png","210623/BestFreeKeyloggerLite-191121/7.3.1/Images/ACR-040/Best Free Keylogger Lite_Files [1].png","210623/BestFreeKeyloggerLite-191121/7.3.1/Images/ACR-040/Best Free Keylogger Lite_RunningProcess [1].png","210623/BestFreeKeyloggerLite-191121/7.3.1/Images/ACR-065/Best Free Keylogger Lite_Install [1].png","210623/BestFreeKeyloggerLite-191121/7.3.1/Images/ACR-065/Best Free Keylogger Lite_Install [3].png","210623/BestFreeKeyloggerLite-191121/7.3.1/Images/ACR-065/Best Free Keylogger Lite_Install [4].png","210623/BestFreeKeyloggerLite-191121/7.3.1/Images/ACR-065/Best Free Keylogger Lite_Install [6].png","210623/BestFreeKeyloggerLite-191121/7.3.1/Images/ACR-065/Best Free Keylogger Lite_Install [10].png","210623/BestFreeKeyloggerLite-191121/7.3.1/Images/ACR-065/Best Free Keylogger Lite_About [1].png","210623/BestFreeKeyloggerLite-191121/7.3.1/Images/ACR-065/Best Free Keylogger Lite_About [2].png","210623/BestFreeKeyloggerLite-191121/7.3.1/Images/ACR-065/Best Free Keylogger Pro_LandingPage.png","210623/BestFreeKeyloggerLite-191121/7.3.1/Images/ACR-065/Best Free Keylogger Pro_OfferPage [1].png","210623/BestFreeKeyloggerLite-191121/7.3.1/Images/ACR-002/Best Free Keylogger Lite_RunningProcess [1].png","210623/BestFreeKeyloggerLite-191121/7.3.1/Images/ACR-017/Best Free Keylogger Pro_LandingPage [3].png","210623/BestFreeKeyloggerLite-191121/7.3.1/Images/ACR-161/Best Free Keylogger Pro_LandingPage [2].png","210623/BestFreeKeyloggerLite-191121/7.3.1/Images/ACR-092/Best Free Keylogger Lite_FileProperty [2].png","210623/BestFreeKeyloggerLite-191121/7.3.1/Images/ACR-092/Best Free Keylogger Lite_FileProperty [4].png","210623/BestFreeKeyloggerLite-191121/7.3.1/Images/ACR-167/Best Free Keylogger Pro_Bestxsoftware Refund Policy.png"],"guid":"a50d5e94-3fa8-4ad0-a41d-0fa937e65694_7.3.1_1","appID":"BestFreeKeyloggerLite-191121","dateAdded":"240909","deceptorType":"App","name":"Best Free Keylogger Lite","company":"Bestx Software","version":"7.3.1","sigName":"Deceptor:Win32/BestFreeKeyloggerLiteStalkerware!048007014084086097116","lastKnownStatus":"Deceptor: 6.1.0;7.0.0.0;7.2.0;7.2.1;7.2.2;7.3.1;7.4.0;7.4.1;8.0.1","lastKnownDate":"240909","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 10,Windows 8,Windows 7,Windows Vista","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Adults only","monetization":"up-sell to paid","lastUpdate":"2024-09-09T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":9,"sortOrder":576},{"violations":{"ACR-003":"The app exaggerates urgency using words like \"Your Privacy might be at risk!\", \"Dangerous\" , \"Severe\" all in red/yellow colors thereby misleading or scaring the user to take action. The App also exaggerated the number of files found.\n","ACR-004":"The shows exaggerated word \"WARNING!\" and when you click the button \"clean now\" , it will redirect you to purchase the app to perform the action.\n\n","ACR-116":"The main executable file was left behind even after app shows uninstall completed.\n","ACR-118":"When uninstalled, it did not delete the main executable file.\n","ACR-014":"App implies that files scanned are \"dangerous\" even though they are just windows temp or log files,which is misleading.\n"},"nonDeceptorViolations":{"ACR-045":"\"Free Download\" and \"Download Free Trial\" highlight \"Free\" misleads user. The functionality that requires consumer payment in order to be activated needs to be marked clearly in landing page. Otherwise app should remove \"free\" word.\n","ACR-065":"The install page does not contain links to the app's Returns and Cancellations Policy, Privacy Policy. \nThe app does not contain links to the app's EULA and/or Terms of Service, Returns and Cancellations Policy, Privacy Policy. \nThe landing page does not display links to the EULA and/or Terms of Service, Returns and Cancellation Policy.\n","ACR-161":"The application's landing page displays testimonials but does not provide any links back to a source so they can be verified. \n","ACR-092":"The application does not have a digital signature.\n","ACR-099":"The app does not display links to uninstall information. \nThe landing page does not display links to uninstall information. \n","ACR-167":"There is no refund policy provided for this application.\n","ACR-166":"The app needs to disclose the license period to the consumer in the internal offers.\n"},"samples":[{"isRevoked":"False","fileName":"cleandrive_setup.exe","isInstaller":"True","companyName":"GSA Software                                                ","fileVersion":"0.0","hashMD5":"a6baf58dc4710add32aefb7e64b17f9b","hashSHA1":"58f127b37fbf4d47d3dcb827e31086f012a39881","hashSHA256":"08119a44a3e8698dd2b890273ddc05b6aec31734c23a8fccb64d2e322d076135","sourceIndex":"2116","avBlockList":["360 Total Security (20200928)","Avast Premium Security (20200928)","AVG Internet Security (20200928)","Avira Internet Security (20200928)","Bitdefender Internet Security (20200928)","ESET Internet Security (20200928)","G DATA INTERNET SECURITY (20200928)","K7 Total Security (20200928)","Kaspersky Internet Security (20200928)","Malwarebytes Premium (20200928)","McAfee Total Protection (20200928)","Norton Security (20200928)","Panda Dome (20200928)","Quick Heal Internet Security (20200928)","Sophos Home Premium (20200928)","SpyHunter5 (20200928)","Tencent PC Manager (20200928)","Total AV Antivirus Pro (20200928)","Trend Micro Internet Security (20200928)","VIPRE Advanced Security (20200928)","VirIT eXplorer PRO (20200928)","Webroot SecureAnywhere (20200928)","Windows Defender (20200928)"],"avAllowList":["COMODO Antivirus (20200928)","Dr.Web Security Space (20200928)"]},{"isRevoked":"False","fileName":"Cleandrive.exe","companyName":"(C) GSA","fileVersion":"3.5","hashMD5":"0260775a94a8735ab26fc266fc28c644","hashSHA1":"2148367cd6f8bbc7340a5de8b6eb0eacdd615d1a","hashSHA256":"0228f8189bea2bc75358a0356b9d88357e901fc3d98c2309ff4a59e34026493d","digitalCertThumbprint":"F19B05B2C406A06B1A801B170955F1693C84C9C6","digitalCertIssuer":"CN=SSL.com EV Code Signing Intermediate CA RSA R3, O=SSL Corp, L=Houston, S=Texas, C=US","digitalCertIssuedTo":"OID.1.3.6.1.4.1.311.60.2.1.3=DE, OID.1.3.6.1.4.1.311.60.2.1.2=Mecklenburg Vorpommern, OID.1.3.6.1.4.1.311.60.2.1.1=Rostock, OID.2.5.4.15=Private Organization, CN=Gesellschaft für Softwareentwicklung und Analytik GmbH, SERIALNUMBER=HRB 12514, O=Gesellschaft für Softwareentwicklung und Analytik GmbH, L=Rostock, S=Mecklenburg Vorpommern, C=DE","sourceIndex":"2116","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"https://www.gsa-online.de/","landingPage":"https://www.gsa-online.de/product/cleandrive/#","directDownloadingLink":"https://www.gsa-online.de/download/cleandrive_setup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.gsa-online.de/download/cleandrive_setup.exe","sourceIndex":"2116"}],"sampleFiles":["200902/GSACleanDrive-181211/3.50/Samples/cleandrive_setup.exe","200902/GSACleanDrive-181211/3.50/Samples/CleanDrive.exe"],"imageFiles":["200902/GSACleanDrive-181211/3.50/Images/ACR-003/GSA CleanDrive_Interaction [1].png","200902/GSACleanDrive-181211/3.50/Images/ACR-003/GSA CleanDrive_Interaction [2] Scanning.png","200902/GSACleanDrive-181211/3.50/Images/ACR-003/GSA CleanDrive_Interaction [3] ScanResults.png","200902/GSACleanDrive-181211/3.50/Images/ACR-003/GSA CleanDrive_Interaction [5] Register.png","200902/GSACleanDrive-181211/3.50/Images/ACR-003/GSA CleanDrive_Interaction [6] ScanResults.png","200902/GSACleanDrive-181211/3.50/Images/ACR-014/GSA CleanDrive_Interaction [3] ScanResults.png","200902/GSACleanDrive-181211/3.50/Images/ACR-004/GSA CleanDrive_Interaction [1].png","200902/GSACleanDrive-181211/3.50/Images/ACR-004/GSA CleanDrive_Interaction [2] Scanning.png","200902/GSACleanDrive-181211/3.50/Images/ACR-004/GSA CleanDrive_Interaction [3] ScanResults.png","200902/GSACleanDrive-181211/3.50/Images/ACR-004/GSA CleanDrive_Interaction [4] Register.png","200902/GSACleanDrive-181211/3.50/Images/ACR-004/GSA CleanDrive_Interaction [5] Register.png","200902/GSACleanDrive-181211/3.50/Images/ACR-004/GSA CleanDrive_Interaction [6] ScanResults.png","200902/GSACleanDrive-181211/3.50/Images/ACR-004/GSA CleanDrive_OfferPage [1].png","200902/GSACleanDrive-181211/3.50/Images/ACR-116/GSA_CleanDrive_Uninstall [1].png","200902/GSACleanDrive-181211/3.50/Images/ACR-116/GSA_CleanDrive_Uninstall [2].png","200902/GSACleanDrive-181211/3.50/Images/ACR-116/GSA_CleanDrive_Uninstall [3].png","200902/GSACleanDrive-181211/3.50/Images/ACR-116/GSA_CleanDrive_Uninstall [4].png","200902/GSACleanDrive-181211/3.50/Images/ACR-116/GSA_CleanDrive_Uninstall [6] RetainedFile.png","200902/GSACleanDrive-181211/3.50/Images/ACR-118/GSA_CleanDrive_Uninstall [4].png","200902/GSACleanDrive-181211/3.50/Images/ACR-118/GSA_CleanDrive_Uninstall [6] RetainedFile.png"],"nonDeceptorImageFiles":["200902/GSACleanDrive-181211/3.50/Images/ACR-099/GSA CleanDrive_Interaction [1].png","200902/GSACleanDrive-181211/3.50/Images/ACR-099/GSA CleanDrive_Interaction [8] Settings.png","200902/GSACleanDrive-181211/3.50/Images/ACR-099/GSA CleanDrive_LandingPage [5].png","200902/GSACleanDrive-181211/3.50/Images/ACR-099/GSA CleanDrive_LandingPage [6].png","200902/GSACleanDrive-181211/3.50/Images/ACR-161/GSA CleanDrive_LandingPage [1] Testimonials.png","200902/GSACleanDrive-181211/3.50/Images/ACR-167/GSA_CleanDrive_RefundPolicy[1].png","200902/GSACleanDrive-181211/3.50/Images/ACR-045/GSA CleanDrive_LandingPage [3] Download Free Trial.png","200902/GSACleanDrive-181211/3.50/Images/ACR-045/GSA CleanDrive_LandingPage [3] Free Download.png","200902/GSACleanDrive-181211/3.50/Images/ACR-065/GSA CleanDrive_Install [1].png","200902/GSACleanDrive-181211/3.50/Images/ACR-065/GSA CleanDrive_Install [2].png","200902/GSACleanDrive-181211/3.50/Images/ACR-065/GSA CleanDrive_Install [5].png","200902/GSACleanDrive-181211/3.50/Images/ACR-065/GSA CleanDrive_Interaction [1].png","200902/GSACleanDrive-181211/3.50/Images/ACR-065/GSA CleanDrive_Interaction [7] Settings.png","200902/GSACleanDrive-181211/3.50/Images/ACR-065/GSA CleanDrive_Interaction [8] Settings.png","200902/GSACleanDrive-181211/3.50/Images/ACR-065/GSA CleanDrive_LandingPage [5].png","200902/GSACleanDrive-181211/3.50/Images/ACR-065/GSA CleanDrive_LandingPage [6].png","200902/GSACleanDrive-181211/3.50/Images/ACR-065/GSA CleanDrive_LandingPage [7].png","200902/GSACleanDrive-181211/3.50/Images/ACR-065/GSA CleanDrive_LandingPage [8].png","200902/GSACleanDrive-181211/3.50/Images/ACR-092/GSA CleanDrive_Installer_Unsigned [1].png","200902/GSACleanDrive-181211/3.50/Images/ACR-092/GSA CleanDrive_Installer_Unsigned [2].png","200902/GSACleanDrive-181211/3.50/Images/ACR-166/GSA CleanDrive_OfferPage [1].png"],"guid":"71869226-ba42-4a62-be52-fbb96e04c4b5_3.50_1","appID":"GSACleanDrive-181211","dateAdded":"240905","deceptorType":"App","name":"GSA CleanDrive","company":"GSA GmbH","version":"3.50","sigName":"Deceptor:Win32/GSACleanDrive!003014004116118","lastKnownStatus":"Deceptor:3.47;3.48;3.49;3.50;3.52","lastKnownDate":"240905","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows Vista,Windows XP,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2024-09-05T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":5,"sortOrder":583},{"violations":{"ACR-003":"The app exaggerates urgency using words like \"Your Privacy might be at risk!\", \"Dangerous\" , \"Severe\" all in red/yellow colors thereby misleading or scaring the user to take action. The App also exaggerated the number of files found.\n","ACR-004":"The shows exaggerated word \"WARNING!\" and when you click the button \"clean now\" , it will redirect you to purchase the app to perform the action.\n\n","ACR-116":"The main executable file was left behind even after app shows uninstall completed.\n","ACR-118":"When uninstalled, it did not delete the main executable file.\n","ACR-014":"App implies that files scanned are \"dangerous\" even though they are just windows temp or log files,which is misleading.\n"},"nonDeceptorViolations":{"ACR-045":"\"Free Download\" highlights \"Free\" misleads user. The functionality that requires consumer payment in order to be activated needs to be marked clearly in landing page. Otherwise app should remove \"free\" word.\n","ACR-065":"The install page does not contain links to the app's Returns and Cancellations Policy, Privacy Policy. \nThe app does not contain links to the app's EULA and/or Terms of Service, Returns and Cancellations Policy, Privacy Policy. \nThe landing page does not display links to the EULA and/or Terms of Service, Returns and Cancellation Policy.\n","ACR-161":"The application's landing page displays testimonials but does not provide any links back to a source so they can be verified. \n","ACR-099":"The app does not display links to uninstall information. \nThe landing page does not display links to uninstall information. \n","ACR-167":"There is no refund policy provided for this application.\n","ACR-166":"The app needs to disclose the license period to the consumer in the internal offers.\n"},"samples":[{"isRevoked":"False","fileName":"cleandrive_setup.exe","isInstaller":"True","companyName":"GSA Software                                                ","fileVersion":"0.0","hashMD5":"59b8a6e478a1c4163ee9ceb8e775d75a","hashSHA1":"2531158e300a706c9da1e5814ee51d918b139603","hashSHA256":"0b6ff8e1888a47b067aabe4e9c408ead19a72819c835c106e9b416cf4dec8492","digitalCertThumbprint":"F19B05B2C406A06B1A801B170955F1693C84C9C6","digitalCertIssuer":"CN=SSL.com EV Code Signing Intermediate CA RSA R3, O=SSL Corp, L=Houston, S=Texas, C=US","digitalCertIssuedTo":"OID.1.3.6.1.4.1.311.60.2.1.3=DE, OID.1.3.6.1.4.1.311.60.2.1.2=Mecklenburg Vorpommern, OID.1.3.6.1.4.1.311.60.2.1.1=Rostock, OID.2.5.4.15=Private Organization, CN=Gesellschaft für Softwareentwicklung und Analytik GmbH, SERIALNUMBER=HRB 12514, O=Gesellschaft für Softwareentwicklung und Analytik GmbH, L=Rostock, S=Mecklenburg Vorpommern, C=DE","sourceIndex":"2125","avBlockList":["360 Total Security (20200903)","Avast Premium Security (20200903)","AVG Internet Security (20200903)","Avira Internet Security (20200903)","Bitdefender Internet Security (20200903)","ESET Internet Security (20200903)","G DATA INTERNET SECURITY (20200903)","K7 Total Security (20200903)","Kaspersky Internet Security (20200903)","Malwarebytes Premium (20200903)","McAfee Total Protection (20200903)","Norton Security (20200903)","Panda Dome (20200903)","Sophos Home Premium (20200903)","SpyHunter5 (20200903)","Tencent PC Manager (20200903)","Total AV Antivirus Pro (20200903)","Trend Micro Internet Security (20200903)","VIPRE Advanced Security (20200903)","VirIT eXplorer PRO (20200903)","Windows Defender (20200903)"],"avAllowList":["COMODO Antivirus (20200903)","Dr.Web Security Space (20200903)","Quick Heal Internet Security (20200903)","Webroot SecureAnywhere (20200903)"]},{"isRevoked":"False","fileName":"CleanDrive.exe","companyName":"GSA","fileVersion":"3.4","hashMD5":"979cf3bc17fdc1be24f9fb3a2ae19ce4","hashSHA1":"46df96bd756cd52806eec8a8b4eb049ad237be70","hashSHA256":"e3189eb788ddbf0ba8a58795495712bd352716f49df922f63674e94dc63992d2","digitalCertThumbprint":"F19B05B2C406A06B1A801B170955F1693C84C9C6","digitalCertIssuer":"CN=SSL.com EV Code Signing Intermediate CA RSA R3, O=SSL Corp, L=Houston, S=Texas, C=US","digitalCertIssuedTo":"OID.1.3.6.1.4.1.311.60.2.1.3=DE, OID.1.3.6.1.4.1.311.60.2.1.2=Mecklenburg Vorpommern, OID.1.3.6.1.4.1.311.60.2.1.1=Rostock, OID.2.5.4.15=Private Organization, CN=Gesellschaft für Softwareentwicklung und Analytik GmbH, SERIALNUMBER=HRB 12514, O=Gesellschaft für Softwareentwicklung und Analytik GmbH, L=Rostock, S=Mecklenburg Vorpommern, C=DE","sourceIndex":"2125","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"","landingPage":"https://www.gsa-online.de/product/cleandrive/#","directDownloadingLink":"https://www.gsa-online.de/download/cleandrive_setup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.gsa-online.de/download/cleandrive_setup.exe","sourceIndex":"2125"}],"sampleFiles":["200825/GSACleanDrive-181211/3.49/Samples/cleandrive_setup.exe","200825/GSACleanDrive-181211/3.49/Samples/CleanDrive.exe"],"imageFiles":["200825/GSACleanDrive-181211/3.49/Images/ACR-003/GSA_CleanDrive_Interaction [1].png","200825/GSACleanDrive-181211/3.49/Images/ACR-003/GSA_CleanDrive_Interaction [3] ScanResults.png","200825/GSACleanDrive-181211/3.49/Images/ACR-003/GSA_CleanDrive_Interaction [4] ScanResults.png","200825/GSACleanDrive-181211/3.49/Images/ACR-003/GSA_CleanDrive_Interaction [5] ScanResults.png","200825/GSACleanDrive-181211/3.49/Images/ACR-014/GSA_CleanDrive_Interaction [3] ScanResults.png","200825/GSACleanDrive-181211/3.49/Images/ACR-004/GSA_CleanDrive_Interaction [1].png","200825/GSACleanDrive-181211/3.49/Images/ACR-004/GSA_CleanDrive_Interaction [2] Scanning.png","200825/GSACleanDrive-181211/3.49/Images/ACR-004/GSA_CleanDrive_Interaction [3] ScanResults.png","200825/GSACleanDrive-181211/3.49/Images/ACR-004/GSA_CleanDrive_Interaction [4] ScanResults.png","200825/GSACleanDrive-181211/3.49/Images/ACR-116/GSA_CleanDrive_Uninstall [1].png","200825/GSACleanDrive-181211/3.49/Images/ACR-116/GSA_CleanDrive_Uninstall [2].png","200825/GSACleanDrive-181211/3.49/Images/ACR-116/GSA_CleanDrive_Uninstall [3].png","200825/GSACleanDrive-181211/3.49/Images/ACR-116/GSA_CleanDrive_Uninstall [4].png","200825/GSACleanDrive-181211/3.49/Images/ACR-116/GSA_CleanDrive_Uninstall [5] RetainedFile.png","200825/GSACleanDrive-181211/3.49/Images/ACR-118/GSA_CleanDrive_Uninstall [4].png","200825/GSACleanDrive-181211/3.49/Images/ACR-118/GSA_CleanDrive_Uninstall [5] RetainedFile.png"],"nonDeceptorImageFiles":["200825/GSACleanDrive-181211/3.49/Images/ACR-099/GSA_CleanDrive_Interaction [1].png","200825/GSACleanDrive-181211/3.49/Images/ACR-099/GSA_CleanDrive_Settings [1].png","200825/GSACleanDrive-181211/3.49/Images/ACR-099/GSA_CleanDrive_LandingPage [6].png","200825/GSACleanDrive-181211/3.49/Images/ACR-099/GSA_CleanDrive_LandingPage [5].png","200825/GSACleanDrive-181211/3.49/Images/ACR-099/GSA_CleanDrive_Manuals [1].png","200825/GSACleanDrive-181211/3.49/Images/ACR-099/GSA_CleanDrive_Manuals [2].png","200825/GSACleanDrive-181211/3.49/Images/ACR-161/GSA_CleanDrive_LandingPage [2] Testimonials.png","200825/GSACleanDrive-181211/3.49/Images/ACR-167/GSA_CleanDrive_LandingPage [4] Refund.png","200825/GSACleanDrive-181211/3.49/Images/ACR-045/GSA_CleanDrive_LandingPage [1].png","200825/GSACleanDrive-181211/3.49/Images/ACR-065/GSA_CleanDrive_Install [1].png","200825/GSACleanDrive-181211/3.49/Images/ACR-065/GSA_CleanDrive_Install [2].png","200825/GSACleanDrive-181211/3.49/Images/ACR-065/GSA_CleanDrive_Install [4].png","200825/GSACleanDrive-181211/3.49/Images/ACR-065/GSA_CleanDrive_Interaction [1].png","200825/GSACleanDrive-181211/3.49/Images/ACR-065/GSA_CleanDrive_Settings [1].png","200825/GSACleanDrive-181211/3.49/Images/ACR-065/GSA_CleanDrive_LandingPage_.png","200825/GSACleanDrive-181211/3.49/Images/ACR-065/GSA_CleanDrive_LandingPage.png","200825/GSACleanDrive-181211/3.49/Images/ACR-065/GSA_CleanDrive_LandingPage [5].png","200825/GSACleanDrive-181211/3.49/Images/ACR-166/GSA_CleanDrive_OfferPage.png"],"guid":"71869226-ba42-4a62-be52-fbb96e04c4b5_3.49_1","appID":"GSACleanDrive-181211","dateAdded":"240905","deceptorType":"App","name":"GSA CleanDrive","company":"GSA GmbH","version":"3.49","sigName":"Deceptor:Win32/GSACleanDrive!003014004116118","lastKnownStatus":"Deceptor:3.47;3.48;3.49;3.50;3.52","lastKnownDate":"240905","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows Vista,Windows XP,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2024-09-05T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":5,"sortOrder":584},{"violations":{"ACR-003":"The app exaggerates urgency using words like \"Your Privacy might be at risk!\", \"Dangerous\" , \"Severe\" all in red/yellow colors thereby misleading or scaring the user to take action. The App also exaggerated the number of files found.\n","ACR-004":"The shows exaggerated word \"WARNING!\" and when you click the button \"clean now\" , it will redirect you to purchase the app to perform the action.\n\n","ACR-116":"When uninstalled, it did not delete the main executable file even deleting it manually.\n","ACR-118":"When uninstalled, it did not delete the main executable file even deleting it manually.\n","ACR-014":"App implies that files scanned are \"dangerous\" even though they are just windows temp or log files,which is misleading.\n"},"nonDeceptorViolations":{"ACR-045":"\"Free Download\" highlights \"Free\" misleads user. The functionality that requires consumer payment in order to be activated needs to be marked clearly in landing page. Otherwise app should remove \"free\" word.\n","ACR-065":"The install page does not contain links to the app's Returns and Cancellations Policy, Privacy Policy. \nThe app does not contain links to the app's EULA and/or Terms of Service, Returns and Cancellations Policy, Privacy Policy. \nThe landing page does not display links to the EULA and/or Terms of Service, Returns and Cancellation Policy.\n","ACR-161":"The application's landing page displays testimonials but does not provide any links back to a source so they can be verified. \n","ACR-099":"The app does not display links to uninstall information. \nThe landing page does not display links to uninstall information. \n","ACR-167":"There is no refund policy provided for this application.\n","ACR-166":"The app needs to disclose the license period to the consumer in the internal offers.\n"},"samples":[{"isRevoked":"False","fileName":"cleandrive_setup.exe","isInstaller":"True","companyName":"GSA Software                                                ","fileVersion":"0.0","hashMD5":"893f02e34be55f23bf3fcc931d4a2233","hashSHA1":"cf81890668665120d5c2de923cdc2aae6a459391","hashSHA256":"97e55c8d1b66e6b88ef3ab11940698fe2f14dec08648617e01a4f5bd557477b7","digitalCertThumbprint":"17DFFBAB0931DFAFD29EBEFD77A561E4F5B2C0DF","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=GSA Geselschaft fuer Softwareentwicklung und Analytik GmbH, O=GSA Geselschaft fuer Softwareentwicklung und Analytik GmbH, STREET=Krischanweg 7, L=Rostock, S=Mecklenburg Vorpommern, PostalCode=18069, C=DE","sourceIndex":"2146","avBlockList":["360 Total Security (20200813)","Avast Premium Security (20200813)","AVG Internet Security (20200813)","Avira Internet Security (20200813)","Bitdefender Internet Security (20200813)","Dr.Web Security Space (20200813)","ESET Internet Security (20200813)","G DATA INTERNET SECURITY (20200813)","K7 Total Security (20200813)","Malwarebytes Premium (20200813)","McAfee Total Protection (20200813)","Norton Security (20200813)","Panda Dome (20200813)","Sophos Home Premium (20200813)","Tencent PC Manager (20200813)","Total AV Antivirus Pro (20200813)","VIPRE Advanced Security (20200813)","VirIT eXplorer PRO (20200813)","Webroot SecureAnywhere (20200813)","Windows Defender (20200813)","Kaspersky Internet Security (20200813)"],"avAllowList":["COMODO Antivirus (20200813)","Quick Heal Internet Security (20200813)","SpyHunter5 (20200813)","Trend Micro Internet Security (20200813)"]},{"isRevoked":"False","fileName":"CleanDrive.exe","companyName":"GSA","fileVersion":"3.4","hashMD5":"e7dd798f92951bb81cea3a037277cdd0","hashSHA1":"019962765210075c40f754388012859dac8650e0","hashSHA256":"b1680bb8a194b753fc04ad4f544496650f872ca6a6dbb2ad182e2aa1154a046a","digitalCertThumbprint":"17DFFBAB0931DFAFD29EBEFD77A561E4F5B2C0DF","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=GSA Geselschaft fuer Softwareentwicklung und Analytik GmbH, O=GSA Geselschaft fuer Softwareentwicklung und Analytik GmbH, STREET=Krischanweg 7, L=Rostock, S=Mecklenburg Vorpommern, PostalCode=18069, C=DE","sourceIndex":"2146","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"google search \"clean drive\"","reference":"","landingPage":"https://www.gsa-online.de/product/cleandrive/#","directDownloadingLink":"https://www.gsa-online.de/download/cleandrive_setup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.gsa-online.de/download/cleandrive_setup.exe","sourceIndex":"2146"}],"sampleFiles":["200727/GSACleanDrive-181211/3.48/Samples/cleandrive_setup.exe","200727/GSACleanDrive-181211/3.48/Samples/CleanDrive.exe"],"imageFiles":["200727/GSACleanDrive-181211/3.48/Images/ACR-003/CleanDrive_Interaction [1].png","200727/GSACleanDrive-181211/3.48/Images/ACR-003/CleanDrive_Interaction [1]_.png","200727/GSACleanDrive-181211/3.48/Images/ACR-003/CleanDrive_Interaction [2]_.png","200727/GSACleanDrive-181211/3.48/Images/ACR-003/CleanDrive_Interaction [3].png","200727/GSACleanDrive-181211/3.48/Images/ACR-014/CleanDrive_Interaction [4].png","200727/GSACleanDrive-181211/3.48/Images/ACR-004/CleanDrive_Interaction [1]_.png","200727/GSACleanDrive-181211/3.48/Images/ACR-004/CleanDrive_Interaction [2]_.png","200727/GSACleanDrive-181211/3.48/Images/ACR-004/CleanDrive_Interaction [3]_.png","200727/GSACleanDrive-181211/3.48/Images/ACR-116/CleanDrive_Uninstall [1].png","200727/GSACleanDrive-181211/3.48/Images/ACR-116/CleanDrive_Uninstall [2].png","200727/GSACleanDrive-181211/3.48/Images/ACR-116/CleanDrive_Uninstall [3].png","200727/GSACleanDrive-181211/3.48/Images/ACR-116/CleanDrive_Uninstall [4].png"],"nonDeceptorImageFiles":["200727/GSACleanDrive-181211/3.48/Images/ACR-099/CleanDrive_Interaction [1].png","200727/GSACleanDrive-181211/3.48/Images/ACR-099/CleanDrive_Settings [1].png","200727/GSACleanDrive-181211/3.48/Images/ACR-099/CleanDrive_Settings [2].png","200727/GSACleanDrive-181211/3.48/Images/ACR-099/CleanDrive_LandingPage [1].png","200727/GSACleanDrive-181211/3.48/Images/ACR-099/CleanDrive_Manuals and Documentation [1].png","200727/GSACleanDrive-181211/3.48/Images/ACR-099/CleanDrive_Manuals and Documentation [2].png","200727/GSACleanDrive-181211/3.48/Images/ACR-161/CleanDrive_LandingPage [3].png","200727/GSACleanDrive-181211/3.48/Images/ACR-167/CleanDrive_Refund [1].png","200727/GSACleanDrive-181211/3.48/Images/ACR-045/CleanDrive_LandingPage [1].png","200727/GSACleanDrive-181211/3.48/Images/ACR-045/CleanDrive_LandingPage [2].png","200727/GSACleanDrive-181211/3.48/Images/ACR-065/CleanDrive_Install [1].png","200727/GSACleanDrive-181211/3.48/Images/ACR-065/CleanDrive_Install [2].png","200727/GSACleanDrive-181211/3.48/Images/ACR-065/CleanDrive_Install [3].png","200727/GSACleanDrive-181211/3.48/Images/ACR-065/CleanDrive_Interaction [1].png","200727/GSACleanDrive-181211/3.48/Images/ACR-065/CleanDrive_Settings [1].png","200727/GSACleanDrive-181211/3.48/Images/ACR-065/CleanDrive_Settings [2].png","200727/GSACleanDrive-181211/3.48/Images/ACR-065/CleanDrive_LandingPage [4].png","200727/GSACleanDrive-181211/3.48/Images/ACR-065/CleanDrive_LandingPage [5].png","200727/GSACleanDrive-181211/3.48/Images/ACR-166/CleanDrive_OfferPage [1].png"],"guid":"71869226-ba42-4a62-be52-fbb96e04c4b5_3.48_1","appID":"GSACleanDrive-181211","dateAdded":"240905","deceptorType":"App","name":"GSA CleanDrive","company":"GSA GmbH","version":"3.48","sigName":"Deceptor:Win32/GSACleanDrive!003014004116118","lastKnownStatus":"Deceptor:3.47;3.48;3.49;3.50;3.52","lastKnownDate":"240905","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows Vista,Windows XP,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2024-09-05T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":5,"sortOrder":585},{"violations":{"ACR-003":"App makes exaggerated claims about the system's health (displaying the status as \"Your Privacy might be at risk!\", \"Dangerous\" all in red/yellow colors); , thereby misleading or scaring the user to take action. The App also exaggerated the number of files found.\n","ACR-004":" shows exaggerated word \"WARNING!\" and when you click the button \"clean now\" or \"repair now!\" it will redirect you to purchase the app to perfrom the action.\n\n","ACR-116":"When uninstalled, it did not delete the main executable file even deleting it manually.\n","ACR-118":"When uninstalled, it did not delete the main executable file even deleting it manually.\n","ACR-014":"App implies that files scanned are \"dangerous\" even though they are just windows temp or log files,which is misleading.\n"},"nonDeceptorViolations":{"ACR-161":" The application's landing page displays testimonials that are not specific to the app and does not provide any links back to a source so they can be verified. \n\n","ACR-099":"  The application has no link or information that shows how it can be uninstalled. Even in the Landing page and documentations page.\n\n","ACR-167":"There is no refund policy provided for this application.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\GSA Cleandrive\\CleanDrive.exe","companyName":"GSA","productName":"GSA Cleandrive","productVersion":"3.47","fileVersion":"3.4.7.0","hashMD5":"9e8ad63b85ae298ad5a203e320db1395","hashSHA1":"f2e264cec500136cc451d795395fcafe88839dd0","hashSHA256":"6d8dba0c4df38b8f410fab2255fc1fcfc377e16c44f180a2a0875bf36d6164a5","digitalCertThumbprint":"765B93721F53918B60F79D99C312EB27B1B6D03F","sourceIndex":"3498","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"cleandrive_setup.exe","isInstaller":"True","companyName":"GSA Software                                                ","productName":"GSA Cleandrive                                              ","productVersion":"3.47","fileVersion":"                    ","hashMD5":"931ef83dcbeeaf7a4d2a9e5023f0f1fd","hashSHA1":"0914803f93ad6a10e36e08a2c262955600ccbef0","hashSHA256":"589c71e5917fa94a049ba5e66acdbf4eb019a7b5b733d4aa6852942d4743445b","digitalCertThumbprint":"765B93721F53918B60F79D99C312EB27B1B6D03F","sourceIndex":"3498","avBlockList":["Avast Internet Security (20190309)","AVG Internet Security (20200820)","Avira Internet Security (20200820)","Bitdefender Internet Security (20200820)","ESET Internet Security (20200820)","G DATA INTERNET SECURITY (20200820)","K7 Total Security (20200820)","Kaspersky Internet Security (20200820)","Malwarebytes Premium (20200820)","McAfee Total Protection (20200820)","Norton Security (20200820)","Panda Dome (20200820)","Sophos Home Premium (20200820)","Trend Micro Internet Security (20200820)","VirIT eXplorer PRO (20200820)","Webroot SecureAnywhere (20200820)","Windows Defender (20200820)","Avast Premium Security (20200820)","Quick Heal Internet Security (20200820)","SpyHunter5 (20200820)","Tencent PC Manager (20200820)","Total AV Antivirus Pro (20200820)","VIPRE Advanced Security (20200820)"],"avAllowList":["360 Total Security (20200820)","COMODO Antivirus (20200820)","Dr.Web Security Space (20200820)"]},{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\GSA Cleandrive\\unins000.exe","fileVersion":"51.52.0.0","hashMD5":"738fec13c6da09846941b2500a28a5f2","hashSHA1":"b90241ef9879ccc59bbe55b1cae5dfea5180bc63","hashSHA256":"c19f34be054d9cda4fb9fede5c7ec2e5a7005f98441d17849cf2a3fea00d4f7c","digitalCertThumbprint":"765B93721F53918B60F79D99C312EB27B1B6D03F","sourceIndex":"3498","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"","landingPage":"https://www.gsa-online.de/product/cleandrive/#","directDownloadingLink":"https://www.gsa-online.de/download/cleandrive_setup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.gsa-online.de/download/cleandrive_setup.exe","sourceIndex":"3498"}],"sampleFiles":["181213/GSACleanDrive-181211/3.47/Samples/cleandrive_setup.exe"],"imageFiles":["181213/GSACleanDrive-181211/3.47/Images/ACR-003/exagg.png","181213/GSACleanDrive-181211/3.47/Images/ACR-003/exagg2.png","181213/GSACleanDrive-181211/3.47/Images/ACR-014/014.png","181213/GSACleanDrive-181211/3.47/Images/ACR-004/004.png","181213/GSACleanDrive-181211/3.47/Images/ACR-116/uninstall.png","181213/GSACleanDrive-181211/3.47/Images/ACR-118/uninstall.png"],"nonDeceptorImageFiles":["181213/GSACleanDrive-181211/3.47/Images/ACR-099/manuals.png","181213/GSACleanDrive-181211/3.47/Images/ACR-161/reviews.png","181213/GSACleanDrive-181211/3.47/Images/ACR-167/no_refund.png"],"guid":"71869226-ba42-4a62-be52-fbb96e04c4b5_3.47_1","appID":"GSACleanDrive-181211","dateAdded":"240905","deceptorType":"App","name":"GSA CleanDrive","company":"GSA GmbH","version":"3.47","sigName":"Deceptor:Win32/GSACleanDrive!003004014116118","lastKnownStatus":"Deceptor:3.47;3.48;3.49;3.50;3.52","lastKnownDate":"240905","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows Vista,Windows XP,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2024-09-05T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":5,"sortOrder":586},{"violations":{"ACR-003":"The app exaggerates urgency using words like \"Your Privacy might be at risk!\", \"Dangerous\", \"Severe\" and \"Warning\" using red/yellow colors thereby misleading or scaring the user to take action. \n","ACR-004":"The app uses exaggerated or alarming colors and words such as \"Your Privacy is at risk!\", \"Dangerous\", \"Severe\" and \"Warning\" in red/yellow colors across the app.\n\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components on the device without the consumer's consent.\n","ACR-014":"App implies that files scanned are \"dangerous\" even though they are just windows temp or log files,which is misleading.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"cleandrive_setup.exe","isInstaller":"True","companyName":"GSA Software                                                ","fileVersion":"0.0","hashMD5":"ff1cdb6f390200ea0815f892c6fd61d7","hashSHA1":"fefccc69c0e13e0a2d69a69defe745d7695ca668","hashSHA256":"939ec6385c7e5164365bdfd6ded513b21e4bd054116ee9e526cc81f44f661cfa","digitalCertThumbprint":"7B8989255FBBF3DEF398FA0A92BC99F085E204BF","digitalCertIssuer":"CN=SSL.com EV Code Signing Intermediate CA RSA R3, O=SSL Corp, L=Houston, S=Texas, C=US","digitalCertIssuedTo":"OID.1.3.6.1.4.1.311.60.2.1.3=DE, OID.1.3.6.1.4.1.311.60.2.1.2=Mecklenburg Vorpommern, OID.1.3.6.1.4.1.311.60.2.1.1=Rostock, OID.2.5.4.15=Private Organization, CN=GSA Gesellschaft f. Softwareentwicklung u. Analytik GmbH, SERIALNUMBER=HRB 12514, O=GSA Gesellschaft f. Softwareentwicklung u. Analytik GmbH, L=Rostock, S=Mecklenburg Vorpommern, C=DE","sourceIndex":"558","avBlockList":["360 Total Security (20240924)","Avast Premium Security (20240924)","AVG Internet Security (20240924)","Avira Internet Security (20240924)","ESET Internet Security (20240924)","FortectPremium (20240924)","K7 Total Security (20240924)","Malwarebytes Premium (20240924)","Norton Security (20240924)","Panda Dome (20240924)","Quick Heal Internet Security (20240924)","Sophos Home Premium (20240924)","SpyHunter5 (20240924)","Total AV Antivirus Pro (20240924)","VirIT eXplorer PRO (20240924)","Webroot SecureAnywhere (20240924)"],"avAllowList":["Bitdefender Internet Security (20240924)","COMODO Antivirus (20240924)","Dr.Web Security Space (20240924)","G DATA INTERNET SECURITY (20240924)","KasperskyPremium (20240924)","McAfee Total Protection (20240924)","Trend Micro Internet Security (20240924)","VIPRE Advanced Security (20240924)","Windows Defender (20240924)"]},{"isRevoked":"False","fileName":"Cleandrive.exe","companyName":"(C) GSA","fileVersion":"3.5","hashMD5":"dd821e3324b40f5bf2a774c37e941d40","hashSHA1":"a84df271be4905eedf47ae705014332622c99c13","hashSHA256":"256d72b2e9f46d7d3fdc73b35d33cffb24556f8f3e8dd3fdb025049415bdf036","digitalCertThumbprint":"7B8989255FBBF3DEF398FA0A92BC99F085E204BF","digitalCertIssuer":"CN=SSL.com EV Code Signing Intermediate CA RSA R3, O=SSL Corp, L=Houston, S=Texas, C=US","digitalCertIssuedTo":"OID.1.3.6.1.4.1.311.60.2.1.3=DE, OID.1.3.6.1.4.1.311.60.2.1.2=Mecklenburg Vorpommern, OID.1.3.6.1.4.1.311.60.2.1.1=Rostock, OID.2.5.4.15=Private Organization, CN=GSA Gesellschaft f. Softwareentwicklung u. Analytik GmbH, SERIALNUMBER=HRB 12514, O=GSA Gesellschaft f. Softwareentwicklung u. Analytik GmbH, L=Rostock, S=Mecklenburg Vorpommern, C=DE","sourceIndex":"558","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on windows app","reference":"","landingPage":"https://www.gsa-online.de/product/cleandrive/","directDownloadingLink":"https://www.gsa-online.de/download/cleandrive_setup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.gsa-online.de/download/cleandrive_setup.exe","sourceIndex":"558"}],"sampleFiles":["240905/GSACleanDrive-181211/3.52/Samples/cleandrive_setup.exe"],"imageFiles":["240905/GSACleanDrive-181211/3.52/Images/ACR-003/ACR-003.PNG","240905/GSACleanDrive-181211/3.52/Images/ACR-003/ACR-003_1.PNG","240905/GSACleanDrive-181211/3.52/Images/ACR-003/ACR-003_2.PNG","240905/GSACleanDrive-181211/3.52/Images/ACR-003/ACR-003_4.PNG","240905/GSACleanDrive-181211/3.52/Images/ACR-014/ACR-014.PNG","240905/GSACleanDrive-181211/3.52/Images/ACR-004/ACR-003_4.PNG","240905/GSACleanDrive-181211/3.52/Images/ACR-004/ACR-004.PNG","240905/GSACleanDrive-181211/3.52/Images/ACR-004/ACR-004_1.PNG","240905/GSACleanDrive-181211/3.52/Images/ACR-004/ACR-004_2.PNG","240905/GSACleanDrive-181211/3.52/Images/ACR-118/ACR-118.PNG"],"nonDeceptorImageFiles":[],"guid":"71869226-ba42-4a62-be52-fbb96e04c4b5_3.52_1","appID":"GSACleanDrive-181211","dateAdded":"240905","deceptorType":"App","name":"GSA CleanDrive","company":"GSA GmbH","version":"3.52","lastKnownStatus":"Deceptor:3.47;3.48;3.49;3.50;3.52","lastKnownDate":"240905","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows Vista,Windows XP,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2026-05-12T22:59:50.778797+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":5,"sortOrder":582},{"violations":{"ACR-004":"The app does not provide free fixes for free scan results.\n","ACR-084":"The app does not list its own software in the \" App Uninstaller\"   under Cleanup Tools category.\n"},"nonDeceptorViolations":{"ACR-045":"Free Download\" highlights \"Free\" misleads user. The functionality that requires consumer payment in order to be activated needs to be marked clearly in landing page. Otherwise app should remove \"free\" word.\n","ACR-065":"The install does not display links to the EULA or the Privacy Policy.\nThe app does not display links to the EULA or the Privacy Policy.\n"},"samples":[{"isRevoked":"False","fileName":"macclean-en-mac.dmg","isInstaller":"True","fileVersion":"0.","hashMD5":"c5690007c6aacae502f9048e310ba242","hashSHA1":"6d1f2039c0c4f5ef90fc474477ed3837b424e6df","hashSHA256":"b265cfca98a03fe196b63733ad4331f396365839ee8f0a451e6b273f21af188b","sourceIndex":"560","avBlockList":["Avast Security for Mac (20241010)","Avira Security for Mac (20241010)","Bitdefender Antivirus for Mac (20241010)","ESET Cyber Security Pro for Mac (20241010)","Norton Security for Mac (20241010)","Sophos Home Premium For Mac (20241010)","SpyHunterforMac (20241010)","Trend Micro Antivirus for Mac (20241010)"],"avAllowList":["G DATA AntiVirus for Mac (20241010)","K7 Antivirus for Mac (20241010)","Kaspersky Internet Security for Mac (20241010)","McAfee Internet Security for Mac (20241010)"]},{"isRevoked":"False","fileName":"MacClean","fileVersion":"0.","hashMD5":"eee3f91c07556011241c3eb70287ec73","hashSHA1":"b98c94f25d653414e4a01f1123ff627c3221b156","hashSHA256":"fe5f217c45c15aa2c59b270e545201b92181b294d519f3ba14522fbc675f4d97","sourceIndex":"560","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"MacClean%20Security%20Engine","fileVersion":"0.","hashMD5":"10bf34e4a490bac9ab6db6cc803a3deb","hashSHA1":"c23e3e21ae24ff6126c7f16327b9fee334a329d3","hashSHA256":"c79ca7346f2c6b724b467e6b3173db32e4183851a34b22d983aaf53aa671208f","sourceIndex":"560","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"","landingPage":"https://www.imobie.com/macclean/","directDownloadingLink":"https://dl.imobie.com/macclean-en-mac.dmg ","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://dl.imobie.com/macclean-en-mac.dmg ","sourceIndex":"560"}],"sampleFiles":["240904/MacClean-200709/3.6.2/Samples/macclean-en-mac.dmg","240904/MacClean-200709/3.6.2/Samples/MacClean","240904/MacClean-200709/3.6.2/Samples/MacClean%20Security%20Engine"],"imageFiles":["240904/MacClean-200709/3.6.2/Images/ACR-004/App12.png","240904/MacClean-200709/3.6.2/Images/ACR-004/App13.png","240904/MacClean-200709/3.6.2/Images/ACR-004/App14.png","240904/MacClean-200709/3.6.2/Images/ACR-004/App15.png","240904/MacClean-200709/3.6.2/Images/ACR-004/App16.png","240904/MacClean-200709/3.6.2/Images/ACR-004/App17.png","240904/MacClean-200709/3.6.2/Images/ACR-004/App18.png","240904/MacClean-200709/3.6.2/Images/ACR-004/App19.png","240904/MacClean-200709/3.6.2/Images/ACR-004/App20.png","240904/MacClean-200709/3.6.2/Images/ACR-004/App21.png","240904/MacClean-200709/3.6.2/Images/ACR-004/App23.png","240904/MacClean-200709/3.6.2/Images/ACR-004/App24.png","240904/MacClean-200709/3.6.2/Images/ACR-004/App25.png","240904/MacClean-200709/3.6.2/Images/ACR-004/App26.png","240904/MacClean-200709/3.6.2/Images/ACR-004/App27.png","240904/MacClean-200709/3.6.2/Images/ACR-004/App28.png","240904/MacClean-200709/3.6.2/Images/ACR-004/App29.png","240904/MacClean-200709/3.6.2/Images/ACR-004/App30.png","240904/MacClean-200709/3.6.2/Images/ACR-084/App27.png"],"nonDeceptorImageFiles":["240904/MacClean-200709/3.6.2/Images/ACR-045/MacClean 3 - Clean Optimize and Protect Your Mac from Malicious Threats1.png","240904/MacClean-200709/3.6.2/Images/ACR-065/install1.png","240904/MacClean-200709/3.6.2/Images/ACR-065/install2.png","240904/MacClean-200709/3.6.2/Images/ACR-065/App1.png","240904/MacClean-200709/3.6.2/Images/ACR-065/App11.png"],"guid":"faf555e4-4190-4970-9443-c16ce99d94a1_3.6.2_1","appID":"MacClean-200709","dateAdded":"240904","deceptorType":"MacOS App","name":"Mac Clean","company":"iMobie Inc.","version":"3.6.2","lastKnownStatus":"3.6.2","lastKnownDate":"240904","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2024-09-04T21:58:03.8251964+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":587},{"violations":{"ACR-004":"The app does not provide free fixes for free scan results.\n"},"nonDeceptorViolations":{"ACR-065":"The install does not display links to the EULA or the Privacy Policy.\nThe app does not display links to the EULA or the Privacy Policy.\n","ACR-099":"The app does not display links to uninstall information.\nThe landing page does not display links to uninstall information.\nThe internal offers page does not display links to uninstall information.\n"},"samples":[{"isRevoked":"False","fileName":"MacClean","fileVersion":"0.","hashMD5":"","hashSHA1":"","hashSHA256":"e4efa913b18a2ec3e07f784b12449fc303ec8029d3b042ddeae933c94b77878c","sourceIndex":"2005","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"macclean-en-mac.dmg","isInstaller":"True","fileVersion":"0.","hashMD5":"4dc65f7e0b4133ec257a613ff648922b","hashSHA1":"ed0ed49badadc73dadad7a9a7bf89ac0ccdbfc24","hashSHA256":"34ac5e7334da3494b9fcfcd2e13cf9dd247024c716b080db64f37a897252a28a","sourceIndex":"2005","avBlockList":["Avast Security for Mac (20210413)","Avira Security for Mac (20210413)","Bitdefender Antivirus for Mac (20210413)","ESET Cyber Security Pro for Mac (20210413)","G DATA AntiVirus for Mac (20210413)","K7 Antivirus for Mac (20210413)","McAfee Internet Security for Mac (20210413)","Norton Security for Mac (20210413)","Sophos Home Premium For Mac (20210413)","Trend Micro Antivirus for Mac (20210413)"],"avAllowList":["Kaspersky Internet Security for Mac (20210413)"]},{"isRevoked":"False","fileName":"MacClean_","fileVersion":"0.","hashMD5":"a222ffc4ffd7a665b54c807d4dc7c889","hashSHA1":"c21e01b4b993a10f99573e09334ce106cf7756f0","hashSHA256":"d553c0038c68b512a540cc2dfd9c4573201c60ce92191a0cbfe426db9659d882","sourceIndex":"2005","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"macclean-en-mac_.dmg","isInstaller":"True","fileVersion":"0.","hashMD5":"1d38982f342791150559287ecc4e43df","hashSHA1":"daa2e4bb89f683ace20b6a7519cc9d9c429f8bfa","hashSHA256":"ba88055972a8c01bf31aa9748b34ebc8ea54b90775ae29103c2455dbb320fcc6","sourceIndex":"2005","avBlockList":["Avast Security for Mac (20210511)","Avira Security for Mac (20210511)","Bitdefender Antivirus for Mac (20210511)","ESET Cyber Security Pro for Mac (20210511)","G DATA AntiVirus for Mac (20210511)","K7 Antivirus for Mac (20210511)","Norton Security for Mac (20210511)","Sophos Home Premium For Mac (20210511)","Trend Micro Antivirus for Mac (20210511)"],"avAllowList":["Kaspersky Internet Security for Mac (20210511)","McAfee Internet Security for Mac (20210511)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"","landingPage":"https://www.imobie.com/macclean/","directDownloadingLink":"https://www.imobie.com/macclean/download.htm","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.imobie.com/macclean/download.htm","sourceIndex":"2005"}],"sampleFiles":["210112/MacClean-200709/3.6.0/Samples/MacClean","210112/MacClean-200709/3.6.0/Samples/macclean-en-mac.dmg","210112/MacClean-200709/3.6.0/Samples/MacClean_","210112/MacClean-200709/3.6.0/Samples/macclean-en-mac_.dmg"],"imageFiles":["210112/MacClean-200709/3.6.0/Images/ACR-004/MacClean 004 1.gif","210112/MacClean-200709/3.6.0/Images/ACR-004/MacClean 004 2.gif"],"nonDeceptorImageFiles":["210112/MacClean-200709/3.6.0/Images/ACR-065/MacClean Install.png","210112/MacClean-200709/3.6.0/Images/ACR-065/MacClean About.png","210112/MacClean-200709/3.6.0/Images/ACR-099/MacClean About.png","210112/MacClean-200709/3.6.0/Images/ACR-099/MacClean Landing Page.png","210112/MacClean-200709/3.6.0/Images/ACR-099/MacClean Internal Offers.png"],"guid":"faf555e4-4190-4970-9443-c16ce99d94a1_3.6.0_1","appID":"MacClean-200709","dateAdded":"240904","deceptorType":"MacOS App","name":"Mac Clean","company":"iMobie Inc.","version":"3.6.0","sigName":"Deceptor:MacOS/MacClean!004","lastKnownStatus":"3.6.2","lastKnownDate":"240904","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2024-09-04T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":588},{"violations":{"ACR-048":"The app enables the consumer to hide the app from the system tray, which limits the targeted consumer's ability to close the app.\n","ACR-084":"The app enables the installing consumer to hide the app from the targeted consumer.  It prevents the app from showing in system tray, and locates its installation files inside of the System32 folder with random filename.\n","ACR-086":"The app does not inform the targeted consumer how it collects data and who it is transmitting their data to.\n","ACR-116":"The app cannot be uninstalled by platform standard uninstall method.\n","ACR-014":"The app calls itself  into random executable files, which is not related to the name \"PC Agent\", which misleads the targeted consumer.\n"},"nonDeceptorViolations":{"ACR-038":"The app installer does not have a name that allows it to be clearly identified by the targeted consumer as related to the app. The app does not disclose the Original filename, Company name, Product name, Product version, File version for all the executables.\n","ACR-040":"The app is installed into System32 directory , using random filename which is completely unrelated to the app name. \n","ACR-065":"The install wizard does not display links to the Returns and Cancellation Policy and its Privacy Policy. \nThe app does not display links to the Returns and Cancellation Policy or the Privacy Policy. \nThe landing page does not display links to the Returns and Cancellation Policy\nThe internal offers page does not display links to the Returns and Cancellation Policy\n","ACR-092":"The app does not provide Digital signature for the main executables.\n","ACR-167":"The application's has no mention of a 30 days refund policy.\n"},"samples":[{"isRevoked":"False","fileName":"PCagent.exe","isInstaller":"True","fileVersion":"1.0","hashMD5":"687d315df4c000d1afd8dd825e084658","hashSHA1":"483220368480eb5c0c4f55723804e8c493a3fd62","hashSHA256":"38d925e450bd6f0536fe8c26e49de7f7ce527d6ac19b587830e206f1ad4fb2b7","sourceIndex":"1856","avBlockList":["360 Total Security (20211005)","Avast Premium Security (20211005)","AVG Internet Security (20211005)","Avira Internet Security (20211005)","Bitdefender Internet Security (20211005)","Dr.Web Security Space (20211005)","ESET Internet Security (20211005)","G DATA INTERNET SECURITY (20211005)","K7 Total Security (20211005)","Kaspersky Internet Security (20211005)","Malwarebytes Premium (20211005)","McAfee Total Protection (20211005)","Norton Security (20211005)","Panda Dome (20211005)","Quick Heal Internet Security (20211005)","Sophos Home Premium (20211005)","SpyHunter5 (20211005)","Tencent PC Manager (20211005)","Total AV Antivirus Pro (20211005)","Trend Micro Internet Security (20211005)","VIPRE Advanced Security (20211005)","VirIT eXplorer PRO (20211005)","Webroot SecureAnywhere (20211005)","Windows Defender (20211005)"],"avAllowList":["COMODO Antivirus (20211005)"]},{"isRevoked":"False","fileName":"qoxodi.dll","fileVersion":"0.0","hashMD5":"350a5b909e929d64ca142816ee35097e","hashSHA1":"5fe8ed43de2d45352be1c9fb97c06f15a5545b2c","hashSHA256":"44cebadee754b7eb03e625d4abebe63f924e798868acae91f5be82e5ae88992a","sourceIndex":"1856","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"qoxodi.exe","fileVersion":"1.0","hashMD5":"bd7dfe9b1bb6e914424d3afee499dfa6","hashSHA1":"04e1f912c4c674d084f55d5844e00397997785f0","hashSHA256":"e8ab599883df58a6459797abdf3097a5314c3a675af3ca6017ff082a79b44344","sourceIndex":"1856","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"PCagent [2].exe","isInstaller":"True","fileVersion":"1.0","hashMD5":"a601d4d3f892a86845523dea186de83d","hashSHA1":"667246ec96f859d21a8ebbc774832580d7374fad","hashSHA256":"f80429a5310cc1dff9bb475a6bb61978a1923c0ead012a728fdcfc0213f021b4","sourceIndex":"1856","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"yipoge.dll","fileVersion":"0.0","hashMD5":"c106dc77773d80ba476e9c135300bdd3","hashSHA1":"fd186177abf59c9bea8b0b061a77320952cf0127","hashSHA256":"74e927d62e0d8dc02885dd25abd303d605eef718950f7174b55dc4930762d996","sourceIndex":"1856","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"yipoge.exe","fileVersion":"1.0","hashMD5":"ca0bf7ccb1f010f755bd030b03b1c786","hashSHA1":"ae04b76f9b58604f24ba63c6782e7e54d10fef61","hashSHA256":"086e40141f2f0aa4e52a61f8ec6647367560f77f63b3b9826dc6a6c88dc186ed","sourceIndex":"1856","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"","landingPage":"http://www.blue-series.com/en/products/pc-agent/","directDownloadingLink":"http://www.blue-series.com/downloads/4d3a846b7c8f838db189f9ff1cf9b4661a0756fe/PCagent.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://www.blue-series.com/downloads/4d3a846b7c8f838db189f9ff1cf9b4661a0756fe/PCagent.exe","sourceIndex":"1856"}],"sampleFiles":["210622/PCAgent-210301/8.55/Samples/PCagent.exe","210622/PCAgent-210301/8.55/Samples/qoxodi.dll","210622/PCAgent-210301/8.55/Samples/qoxodi.exe","210622/PCAgent-210301/8.55/Samples/PCagent [2].exe","210622/PCAgent-210301/8.55/Samples/yipoge.dll","210622/PCAgent-210301/8.55/Samples/yipoge.exe"],"imageFiles":["210622/PCAgent-210301/8.55/Images/ACR-084/PCagent_Files [1].png","210622/PCAgent-210301/8.55/Images/ACR-084/PCagent_RunningProcess [1].png","210622/PCAgent-210301/8.55/Images/ACR-084/PCagent_Settings [5_].png","210622/PCAgent-210301/8.55/Images/ACR-086/PCagent_Settings [6].png","210622/PCAgent-210301/8.55/Images/ACR-086/PCagent_Settings [7].png","210622/PCAgent-210301/8.55/Images/ACR-086/PCagent_Settings [8].png","210622/PCAgent-210301/8.55/Images/ACR-048/PCagent_Settings [5_].png","210622/PCAgent-210301/8.55/Images/ACR-014/PCagent_Files [1].png","210622/PCAgent-210301/8.55/Images/ACR-014/PCagent_RunningProcess [1].png","210622/PCAgent-210301/8.55/Images/ACR-116/PCagent_ControlPanel [1].png"],"nonDeceptorImageFiles":["210622/PCAgent-210301/8.55/Images/ACR-038/PCagent_FileProperty [1].png","210622/PCAgent-210301/8.55/Images/ACR-038/PCagent_FileProperty [3].png","210622/PCAgent-210301/8.55/Images/ACR-040/PCagent_Files [1].png","210622/PCAgent-210301/8.55/Images/ACR-065/PCagent_Install [1].png","210622/PCAgent-210301/8.55/Images/ACR-092/PCagent_FileProperty [2].png","210622/PCAgent-210301/8.55/Images/ACR-092/PCagent_FileProperty [4].png","210622/PCAgent-210301/8.55/Images/ACR-092/PCagent_FileProperty [5].png","210622/PCAgent-210301/8.55/Images/ACR-065/PCagent_About [1].png","210622/PCAgent-210301/8.55/Images/ACR-065/PCagent_LandingPage [1].png","210622/PCAgent-210301/8.55/Images/ACR-065/PCagent_LandingPage [2].png","210622/PCAgent-210301/8.55/Images/ACR-065/PCagent_OfferPage [1].png"],"guid":"4295460b-9864-4a3a-9d41-8246cdc8f4f5_8.55_1","appID":"PCAgent-210301","dateAdded":"240902","deceptorType":"App","name":"PC Agent","company":"7TECH LTD","version":"8.55","sigName":"Deceptor:Win32/PCAgentStalkerware!084086048014116","lastKnownStatus":"8.53;8.55;8.56;8.67.0.0","lastKnownDate":"240902","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2024-09-02T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":4,"sortOrder":597},{"violations":{"ACR-109":"The app installs the \"1 click Destruction\" without disclosing them to the user or getting user consent and also not disclosed the relationship to the app during installation.\n","ACR-042":"Installer also installs \"1 click Destruction\" without a user accepting any offer for this.\n","ACR-043":"App installs 1 click destruction without prior disclosure\n","ACR-048":"The app has no control to close the processes that runs silently in the background within the app's settings. The control to remove the created startups is incoherent, disabled by default but leaves the entries on the list. \n","ACR-084":"1. When the app is closed, processes continue to run silently in the background without any notification.\n2. The app creates an undisclosed scheduled task to perform an action without the user's knowledge and consent. \n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components on the device without the consumer's consent.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"sss20intdle.exe","isInstaller":"True","companyName":"Steganos Software GmbH","productName":"Steganos Product Downloader 1","productVersion":"1.3.0 Rev 12419","fileVersion":"1.3.0 Rev 12419","hashMD5":"06caa863d4760a10c44a7f9dc3e3f5e7","hashSHA1":"4a8f24da15b6bdb249ccebe5129766295dbae7f3","hashSHA256":"419b52ef206ee35a57c66e17d4e420408a4b10477cb4fb42e9109627dab6c131","digitalCertThumbprint":"97740C5F5AE35F5F453496DDD32DA7595DFE875C","digitalCertIssuer":"GlobalSign CodeSigning CA - SHA256 - G3","digitalCertIssuedTo":"Steganos Software GmbH","storeId":"","sourceIndex":"565","avBlockList":["Avast Premium Security (20241008)","AVG Internet Security (20241008)","Avira Internet Security (20241008)","Bitdefender Internet Security (20241008)","FortectPremium (20241008)","K7 Total Security (20241008)","KasperskyPremium (20241008)","McAfee Total Protection (20241008)","Norton Security (20241008)","Panda Dome (20241008)","Quick Heal Internet Security (20241008)","Sophos Home Premium (20241008)","SpyHunter5 (20241008)","Total AV Antivirus Pro (20241008)","VIPRE Advanced Security (20241008)","VirIT eXplorer PRO (20241008)","Webroot SecureAnywhere (20241008)"],"avAllowList":["360 Total Security (20241008)","COMODO Antivirus (20241008)","Dr.Web Security Space (20241008)","ESET Internet Security (20241008)","G DATA INTERNET SECURITY (20241008)","Malwarebytes Premium (20241008)","Trend Micro Internet Security (20241008)","Windows Defender (20241008)"]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on windows app","reference":"","landingPage":"https://www.steganos.com/en/summer-2024-steganos-privacy-suite","directDownloadingLink":"https://file.steganos.com/software/downloader/steganos/sss20intdle.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://file.steganos.com/software/downloader/steganos/sss20intdle.exe","sourceIndex":"565"}],"sampleFiles":["240902/SteganosPrivacySuite-180406/20.0.14/Samples/sss20intdle.exe"],"imageFiles":["240902/SteganosPrivacySuite-180406/20.0.14/Images/ACR-109/ACR-109.PNG","240902/SteganosPrivacySuite-180406/20.0.14/Images/ACR-043/ACR-043.PNG","240902/SteganosPrivacySuite-180406/20.0.14/Images/ACR-042/ACR-042.PNG","240902/SteganosPrivacySuite-180406/20.0.14/Images/ACR-084/ACR-084.PNG","240902/SteganosPrivacySuite-180406/20.0.14/Images/ACR-084/ACR-084_1.PNG","240902/SteganosPrivacySuite-180406/20.0.14/Images/ACR-048/ACR-048.PNG","240902/SteganosPrivacySuite-180406/20.0.14/Images/ACR-048/ACR-048_1.PNG","240902/SteganosPrivacySuite-180406/20.0.14/Images/ACR-048/ACR-048_2.PNG","240902/SteganosPrivacySuite-180406/20.0.14/Images/ACR-118/ACR-118.PNG"],"nonDeceptorImageFiles":[],"guid":"f4dce9d3-360f-4b03-ab78-c59d9ca2cedd_20.0.14_1","appID":"SteganosPrivacySuite-180406","dateAdded":"240902","deceptorType":"App","name":"Steganos Privacy Suite","company":"Steganos","version":"20.0.14","lastKnownStatus":"Deceptor:19,20.0.7,20;20.0.14","lastKnownDate":"240902","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2026-05-12T22:59:51.1232932+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":4,"sortOrder":589},{"violations":{"ACR-042":"The installer proceeds without obtaining user permission. Installer also installs \"1 click Destruction\" without a user accepting any offer for this.\n","ACR-043":"App installs 1 click destruction without prior disclosure\n","ACR-046":"The installer has no disclosures and options.\n","ACR-048":"The installer has no way to stop the installation after the initial launch.\n"},"nonDeceptorViolations":{"ACR-065":"There are no links on the installer that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\n","ACR-099":"The application's landing page has no link or information that shows how it can be uninstalled.\nThe application's internal offer page has no link or information that shows how it can be uninstalled.\n"},"samples":[{"isRevoked":"False","fileName":"sss20int.exe","isInstaller":"True","companyName":"Steganos Software GmbH","fileVersion":"20.0","hashMD5":"a28d85ad75620254b0035eabb6a44810","hashSHA1":"bfb21b219c9c67a1e76d7d9e0b31e6c4a2a34c32","hashSHA256":"e14941cd6ee2a4af540193b8df3c1bc988c50c413ff24210570d0e651cb1f8c0","digitalCertThumbprint":"D60C3C09D7AC9002AB63D4C30A395CCA91278A44","digitalCertIssuer":"CN=GlobalSign CodeSigning CA - SHA256 - G3, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"E=certificates@steganos.com, CN=Steganos Software GmbH, O=Steganos Software GmbH, L=Berlin, S=Berlin, C=DE","sourceIndex":"3044","avBlockList":["Avast Internet Security (20190829)","AVG Internet Security (20240903)","Avira Internet Security (20240903)","Bitdefender Internet Security (20240903)","Panda Dome (20240903)","Sophos Home Premium (20240903)","VIPRE Advanced Security (20240903)","VirIT eXplorer PRO (20240903)","Webroot SecureAnywhere (20240903)","McAfee Total Protection (20240903)","Norton Security (20240903)","Avast Premium Security (20240903)","FortectPremium (20240903)","SpyHunter5 (20240903)","Total AV Antivirus Pro (20240903)"],"avAllowList":["360 Total Security (20240903)","COMODO Antivirus (20240903)","Dr.Web Security Space (20240903)","ESET Internet Security (20240903)","G DATA INTERNET SECURITY (20240903)","K7 Total Security (20240903)","Kaspersky Internet Security (20190829)","Malwarebytes Premium (20240903)","Quick Heal Internet Security (20240903)","Tencent PC Manager (20190829)","Trend Micro Internet Security (20240903)","Windows Defender (20240903)","KasperskyPremium (20240903)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.DownloadSite","reference":"www.bestvistadownloads.com","landingPage":"https://www.steganos.com/en/steganos-privacy-suite-20-download","directDownloadingLink":"https://file.steganos.com/software/downloader/steganos/sss20intdle.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://file.steganos.com/software/downloader/steganos/sss19intdle.exe","sourceIndex":"3044"}],"sampleFiles":["190604/SteganosPrivacySuite-180406/20/Samples/sss20int.exe"],"imageFiles":["190604/SteganosPrivacySuite-180406/20/Images/ACR-043/install.gif","190604/SteganosPrivacySuite-180406/20/Images/ACR-046/installer.png","190604/SteganosPrivacySuite-180406/20/Images/ACR-042/install.gif","190604/SteganosPrivacySuite-180406/20/Images/ACR-048/cant close.gif"],"nonDeceptorImageFiles":["190604/SteganosPrivacySuite-180406/20/Images/ACR-065/installer.png","190604/SteganosPrivacySuite-180406/20/Images/ACR-099/links.png","190604/SteganosPrivacySuite-180406/20/Images/ACR-099/internal offers.png"],"guid":"f4dce9d3-360f-4b03-ab78-c59d9ca2cedd_20_1","appID":"SteganosPrivacySuite-180406","dateAdded":"240902","deceptorType":"App","name":"Steganos Privacy Suite","company":"Steganos","version":"20","sigName":"Deceptor:Win32/SteganosPrivacySuite!042043046048","lastKnownStatus":"Deceptor:19,20.0.7,20;20.0.14","lastKnownDate":"240902","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2024-09-02T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":4,"sortOrder":590},{"violations":{"ACR-042":"The apps installer proceeds with a silent install, not obtaining user permission before installing.\n"},"nonDeceptorViolations":{"ACR-065":"There are no links on the installer that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThere are no links on the software that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\n","ACR-099":"The application has no link or information that shows how it can be uninstalled.\nThe application's landing page has no link or information that shows how it can be uninstalled.\nThe application's internal offer page has no link or information that shows how it can be uninstalled.\n"},"samples":[{"isRevoked":"False","fileName":"sss19int.exe","isInstaller":"True","companyName":"Steganos Software GmbH","productName":"Steganos Privacy Suite 19","productVersion":"19.0.2.0","fileVersion":"19.0.2.0","hashMD5":"a96f572de907e86bdc1e7ed1b98c8173","hashSHA1":"082522f524048790a3317a856aaa79795defe2be","hashSHA256":"2958814d7771243129a529c993179a9617431b8313f8cfd5601d8cf9a9917200","digitalCertThumbprint":"97740C5F5AE35F5F453496DDD32DA7595DFE875C","digitalCertIssuer":"CN=GlobalSign CodeSigning CA - SHA256 - G3, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"E=certificates@steganos.com, CN=Steganos Software GmbH, O=Steganos Software GmbH, L=Berlin, S=Berlin, C=DE","sourceIndex":"3188","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.DownloadSite","reference":"www.bestvistadownloads.com","landingPage":"https://www.steganos.com/en/steganos-privacy-suite-19","directDownloadingLink":"https://file.steganos.com/software/downloader/steganos/sss19intdle.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://file.steganos.com/software/downloader/steganos/sss19intdle.exe","sourceIndex":"3188"}],"sampleFiles":["190214/SteganosPrivacySuite-180406/19/Samples/sss19int.exe"],"imageFiles":["190214/SteganosPrivacySuite-180406/19/Images/ACR-042/ACR-042_install.mp4"],"nonDeceptorImageFiles":["190214/SteganosPrivacySuite-180406/19/Images/ACR-065/ACR-065_install.JPG","190214/SteganosPrivacySuite-180406/19/Images/ACR-065/ACR-065_software.JPG","190214/SteganosPrivacySuite-180406/19/Images/ACR-099/ACR-099_software.JPG","190214/SteganosPrivacySuite-180406/19/Images/ACR-099/ACR-099_landingpage.JPG","190214/SteganosPrivacySuite-180406/19/Images/ACR-099/ACR-099_internaloffer.JPG"],"guid":"f4dce9d3-360f-4b03-ab78-c59d9ca2cedd_19_1","appID":"SteganosPrivacySuite-180406","dateAdded":"240902","deceptorType":"App","name":"Steganos Privacy Suite","company":"Steganos","version":"19","sigName":"Deceptor:Win32/SteganosPrivacySuite!042","lastKnownStatus":"Deceptor:19,20.0.7,20;20.0.14","lastKnownDate":"240902","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2024-09-02T00:00:00+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":4,"sortOrder":591},{"violations":{"ACR-042":"The apps installer downloads the app automatically without obtaining permission. Although a \"pause\" button is visible, there is no clear way to terminate the download. \n"},"nonDeceptorViolations":{"ACR-065":"There are no links on the installer that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\n"},"samples":[{"isRevoked":"False","fileName":"sss20intdl.exe","isInstaller":"True","companyName":"Steganos Software GmbH","fileVersion":"1.3","hashMD5":"d0f8a58b72e02f8503a0ee712a0ed193","hashSHA1":"2d61600f19f9f5e5f24d7b12cf67b296d3047f02","hashSHA256":"7bbbbf06158868876a18d2e4db130465aec8788c709aad798e6b10a68969685b","digitalCertThumbprint":"97740C5F5AE35F5F453496DDD32DA7595DFE875C","digitalCertIssuer":"CN=GlobalSign CodeSigning CA - SHA256 - G3, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"E=certificates@steganos.com, CN=Steganos Software GmbH, O=Steganos Software GmbH, L=Berlin, S=Berlin, C=DE","sourceIndex":"3193","avBlockList":["Avast Internet Security (20190509)","AVG Internet Security (20190509)","K7 Total Security (20190509)","McAfee Total Protection (20190509)","Norton Security (20190412)","Panda Dome (20190509)","Sophos Home Premium (20190509)","VirIT eXplorer PRO (20190509)","Webroot SecureAnywhere (20190509)","360 Total Security (20190509)"],"avAllowList":["Avira Internet Security (20190509)","Bitdefender Internet Security (20190509)","ESET Internet Security (20190509)","G DATA INTERNET SECURITY (20190509)","Kaspersky Internet Security (20190509)","Malwarebytes Premium (20190509)","Trend Micro Internet Security (20190509)","Windows Defender (20190509)","COMODO Antivirus (20190509)","Dr.Web Security Space (20190509)","F-PROT Antivirus for Windows (20190412)","Quick Heal Internet Security (20190509)","SpyHunter5 (20190412)","Tencent PC Manager (20190509)","VIPRE Advanced Security (20190509)"]},{"isRevoked":"False","fileName":"Suite.exe","companyName":"Steganos Software GmbH","fileVersion":"20.0","hashMD5":"633f82e21d0e555e59b70047534870de","hashSHA1":"4923d0ee2b97f8ace7c094f2dcd62fc6f4d6b815","hashSHA256":"a19505b2bb6250d19de880d0ddc6c1a862ced00661b06aa652a3667ae4e469f4","digitalCertThumbprint":"D60C3C09D7AC9002AB63D4C30A395CCA91278A44","digitalCertIssuer":"CN=GlobalSign CodeSigning CA - SHA256 - G3, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"E=certificates@steganos.com, CN=Steganos Software GmbH, O=Steganos Software GmbH, L=Berlin, S=Berlin, C=DE","sourceIndex":"3193","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.DownloadSite","reference":"www.bestvistadownloads.com","landingPage":"https://www.steganos.com/en/steganos-privacy-suite-19","directDownloadingLink":"https://file.steganos.com/software/downloader/steganos/sss19intdle.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://file.steganos.com/software/downloader/steganos/sss19intdle.exe","sourceIndex":"3193"}],"sampleFiles":["190214/SteganosPrivacySuite-180406/20.0.7/Samples/sss20intdl.exe","190214/SteganosPrivacySuite-180406/20.0.7/Samples/Suite.exe"],"imageFiles":["190214/SteganosPrivacySuite-180406/20.0.7/Images/ACR-042/sps1.PNG"],"nonDeceptorImageFiles":["190214/SteganosPrivacySuite-180406/20.0.7/Images/ACR-065/sps1.PNG"],"guid":"f4dce9d3-360f-4b03-ab78-c59d9ca2cedd_20.0.7_1","appID":"SteganosPrivacySuite-180406","dateAdded":"240902","deceptorType":"App","name":"Steganos Privacy Suite","company":"Steganos","version":"20.0.7","sigName":"Deceptor:Win32/SteganosPrivacySuite!042","lastKnownStatus":"Deceptor:19,20.0.7,20;20.0.14","lastKnownDate":"240902","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2024-09-02T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":4,"sortOrder":592},{"violations":{"ACR-048":"The app is always running in the background after installation and also upon closing the app and there is no option within the app that allows us to disable/remove the running process and quit it completely.\n\n","ACR-007":"The app enables the consumer to hide the installed apps list, which prevents the targeted consumer from being aware of the app's presence since it does not display explicit notifications when it is running\n","ACR-084":"The app attempts to run in the system tray after installation and also upon closing the app, thereby hiding the fact that it is active from the consumer without clearly notifying the user.\n","ACR-086":"The app does not inform the targeted consumer how it collects or transmits their data and it hides from the targeted consumer.\n","ACR-116":"The app enables the consumer to hide it from the targeted consumer, which prevents them from uninstalling it using platform standard features.\n"},"nonDeceptorViolations":{"ACR-092":"The app does not provide Digital signatures for the executable: \"PK_lite.exe\".\n"},"samples":[{"isRevoked":"False","fileName":"PK_lite.exe","isInstaller":"True","fileVersion":"1.3","hashMD5":"793c578d503ed65081dd94fc3fa78e24","hashSHA1":"e32b62b4ebc1cf9b58842959fcd658d0d6e930bd","hashSHA256":"f8e3a15ae874706981fd6cfda537c6045ba21399744929ac93b2c1c45c9530f3","sourceIndex":"564","avBlockList":["360 Total Security (20241022)","Avast Premium Security (20241022)","AVG Internet Security (20241022)","Avira Internet Security (20241022)","Bitdefender Internet Security (20241022)","ESET Internet Security (20241022)","FortectPremium (20241022)","G DATA INTERNET SECURITY (20241022)","K7 Total Security (20241022)","KasperskyPremium (20241022)","Malwarebytes Premium (20241022)","McAfee Total Protection (20241022)","Norton Security (20241022)","Panda Dome (20241022)","Quick Heal Internet Security (20241022)","Sophos Home Premium (20241022)","SpyHunter5 (20241022)","Total AV Antivirus Pro (20241022)","Trend Micro Internet Security (20241022)","VIPRE Advanced Security (20241022)","VirIT eXplorer PRO (20241022)","Webroot SecureAnywhere (20241022)","Windows Defender (20241022)"],"avAllowList":["COMODO Antivirus (20241022)","Dr.Web Security Space (20241022)"]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on windows app","reference":"","landingPage":"https://www.blazingtools.com/","directDownloadingLink":"https://blazingtools-perfect-keylogger-lite.software.informer.com/download/?ca275699","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://blazingtools-perfect-keylogger-lite.software.informer.com/download/?ca275699","sourceIndex":"564"}],"sampleFiles":["240902/PerfectKeylogger-201223/2.2.0.0/Samples/PK_lite.exe"],"imageFiles":["240902/PerfectKeylogger-201223/2.2.0.0/Images/ACR-084/ACR-084.PNG","240902/PerfectKeylogger-201223/2.2.0.0/Images/ACR-086/ACR-086.PNG","240902/PerfectKeylogger-201223/2.2.0.0/Images/ACR-048/ACR-048.PNG","240902/PerfectKeylogger-201223/2.2.0.0/Images/ACR-007/ACR-007.PNG","240902/PerfectKeylogger-201223/2.2.0.0/Images/ACR-116/ACR-116.PNG"],"nonDeceptorImageFiles":["240902/PerfectKeylogger-201223/2.2.0.0/Images/ACR-092/ACR-092.PNG"],"guid":"0e65a561-5ff2-499d-8134-05f449a40b04_2.2.0.0_1","appID":"PerfectKeylogger-201223","dateAdded":"240902","deceptorType":"App","name":"Perfect Keylogger","company":"BLAZINGTOOLS SOFTWARE","version":"2.2.0.0","lastKnownStatus":"1.97;2.2.0.0","lastKnownDate":"240902","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Adults only","monetization":"paid,up-sell to paid","lastUpdate":"2026-05-12T22:59:51.001849+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":593},{"violations":{"ACR-048":"The app is always running in the background and requires a hotkey to be opened, which limits the consumer's ability to close the app.\n","ACR-007":"The app does not provide explicit notification when it is running and it allows the consumer to enable stealth mode, which hides all app activity from the targeted consumer. The app also enables the consumer to require a password and a hotkey to open it.\n","ACR-084":"The app is always running and uses the name \"syskit\" (or any word chosen by the user). It also requires a hotkey to open the app, which hides its presence from the targeted consumer.\n","ACR-086":"The app does not inform the targeted consumer how it collects or transmits their data and it hides from the targeted consumer.\n"},"nonDeceptorViolations":{"ACR-038":"The app installer does not have a name that allows it to be clearly identified by the targeted consumer as related to the app.\n","ACR-040":"The app is installed in a hidden folder.\n","ACR-065":"The install does not display links to the Returns and Cancellation Policy, or the Privacy Policy. \nThe app does not display links to the EULA, the Returns and Cancellation Policy, or the Privacy Policy\nThe landing page does not display links to the Privacy Policy, Returns and Cancellation Policy or the EULA or Terms of Service. \nThe internal offers page does not display links to the Privacy Policy, Returns and Cancellation Policy or the EULA or Terms of Service. \n","ACR-161":"The app’s landing page has testimonials that have no links back to a source so consumers can verify if they're real.\n","ACR-092":"The app does not provide Digital signatures for the main executables.\n","ACR-099":"The app does not display links to uninstall information\nThe landing page does not display links to uninstall information.\nThe internal offers page does not display links to uninstall information.\n","ACR-037":"The application has no privacy policy.\n","ACR-167":"The application's has no mention of a 30 days refund policy.\n"},"samples":[{"isRevoked":"False","fileName":"Install_trial_2019 [pass= blazing8].zip","fileVersion":"0.","hashMD5":"","hashSHA1":"","hashSHA256":"4a2ddd6ff8be5d1717ba75e5891c6eb95d30af8bbfa1752488e1777b173d40dd","sourceIndex":"1866","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"Install_trial.exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"4652bc4c0894882b703edd518e6c0569","hashSHA1":"a8cfbfb61af119eda6946e2096bd43025d371a86","hashSHA256":"050a2b962b2aafebb8e5ba056a8e3b9da9899e50d91ae15a5130467ce0644734","sourceIndex":"1866","avBlockList":["360 Total Security (20240903)","Avast Premium Security (20240903)","AVG Internet Security (20240903)","Avira Internet Security (20240903)","Bitdefender Internet Security (20240903)","ESET Internet Security (20240903)","Kaspersky Internet Security (20211011)","McAfee Total Protection (20240903)","Norton Security (20240903)","Panda Dome (20240903)","Sophos Home Premium (20240903)","SpyHunter5 (20240903)","Tencent PC Manager (20211011)","Total AV Antivirus Pro (20240903)","VIPRE Advanced Security (20240903)","VirIT eXplorer PRO (20240903)","Webroot SecureAnywhere (20240903)","Windows Defender (20240903)","FortectPremium (20240903)","KasperskyPremium (20240903)"],"avAllowList":["COMODO Antivirus (20240903)","Dr.Web Security Space (20240903)","G DATA INTERNET SECURITY (20240903)","K7 Total Security (20240903)","Malwarebytes Premium (20240903)","Quick Heal Internet Security (20240903)","Trend Micro Internet Security (20240903)"]},{"isRevoked":"False","fileName":"syskithk.dll","fileVersion":"0.0","hashMD5":"14fe4327e547ecc3293a7e77db837aef","hashSHA1":"442a31a44658ea03a3f04ce3843b68d32ac8642e","hashSHA256":"47338cb9a203ced3b59438168d4ea5d98a6b40c075fd465dbc43f2c0975d0ec3","sourceIndex":"1866","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"syskiti.dll","fileVersion":"0.","hashMD5":"","hashSHA1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","hashSHA256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sourceIndex":"1866","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"syskitvw.exe","fileVersion":"0.0","hashMD5":"4c67e77a8c035df8add90d422380490f","hashSHA1":"1a6b1132f4f9334fed84b9aebb2561a0042dbfc2","hashSHA256":"54499913cb0ffca16854176e31f420e85c737e5aaa3de4c171a7be5c5bad757c","sourceIndex":"1866","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"syskitwb.dll","fileVersion":"0.0","hashMD5":"b4e9a720f4fe45b77547a2c40f1f1b25","hashSHA1":"4bb09310a7e6dadc426a8441bfc3571ceeae93c8","hashSHA256":"7c427d3bc0aa8ef56c04113a7d4f9e3c50fd151a788f02514d985ea53b7dca78","sourceIndex":"1866","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"Install_trial [2].exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"070ebdc7b4dda1e73157b40703ced95d","hashSHA1":"6e585b572f2277f6fdb7feb31b27e2160a371814","hashSHA256":"ad4a2c0d47301dc1eab24a97d7b8f055cb37359013916b571d73b3b746ccf01e","sourceIndex":"1866","avBlockList":["360 Total Security (20211011)","Avast Premium Security (20211011)","AVG Internet Security (20211011)","Avira Internet Security (20211011)","ESET Internet Security (20211011)","G DATA INTERNET SECURITY (20211011)","K7 Total Security (20211011)","Kaspersky Internet Security (20211011)","Malwarebytes Premium (20211011)","McAfee Total Protection (20211011)","Norton Security (20211011)","Panda Dome (20211011)","Quick Heal Internet Security (20211011)","Sophos Home Premium (20211011)","SpyHunter5 (20211011)","Tencent PC Manager (20211011)","Total AV Antivirus Pro (20211011)","VirIT eXplorer PRO (20211011)","Windows Defender (20211011)"],"avAllowList":["Bitdefender Internet Security (20211011)","COMODO Antivirus (20211011)","Dr.Web Security Space (20211011)","Trend Micro Internet Security (20211011)","VIPRE Advanced Security (20211011)","Webroot SecureAnywhere (20211011)"]},{"isRevoked":"False","fileName":"Install_trial_2021.zip","fileVersion":"0.","hashMD5":"","hashSHA1":"","hashSHA256":"9f87e833e5a4b9276105a51e4183a01d04f41642ebb39b742bc383ad4ff9c0a0","sourceIndex":"1866","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"syskit [2].exe","fileVersion":"1.0","hashMD5":"493c2d76fdcfaa96d4edc63ec6620abb","hashSHA1":"9f7e4381d0ff1938b11aabfec92ae2c1415b0680","hashSHA256":"eef6844a76995888d2a0cccd158c864635ad2c1b17da75cf706767020ddbb90d","sourceIndex":"1866","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Google Search: Keylogger","reference":"https://www.blazingtools.com/","landingPage":"https://www.blazingtools.com/","directDownloadingLink":"https://blazing-download.cx/bpktrial/Install_trial_2019.zip","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://blazing-download.cx/bpktrial/Install_trial_2019.zip","sourceIndex":"1866"}],"sampleFiles":["210707/PerfectKeylogger-201223/1.97/Samples/Install_trial_2019 [pass= blazing8].zip","210707/PerfectKeylogger-201223/1.97/Samples/Install_trial.exe","210707/PerfectKeylogger-201223/1.97/Samples/syskithk.dll","210707/PerfectKeylogger-201223/1.97/Samples/syskiti.dll","210707/PerfectKeylogger-201223/1.97/Samples/syskitvw.exe","210707/PerfectKeylogger-201223/1.97/Samples/syskitwb.dll","210707/PerfectKeylogger-201223/1.97/Samples/Install_trial [2].exe","210707/PerfectKeylogger-201223/1.97/Samples/Install_trial_2021.zip","210707/PerfectKeylogger-201223/1.97/Samples/syskit [2].exe"],"imageFiles":["210707/PerfectKeylogger-201223/1.97/Images/ACR-084/PerfectKeylogger_RunningProcess [3].png","210707/PerfectKeylogger-201223/1.97/Images/ACR-084/PerfectKeylogger_Interactions [2].png","210707/PerfectKeylogger-201223/1.97/Images/ACR-086/PerfectKeylogger_Interactions [2].png","210707/PerfectKeylogger-201223/1.97/Images/ACR-086/PerfectKeylogger_Interactions [3].png","210707/PerfectKeylogger-201223/1.97/Images/ACR-086/PerfectKeylogger_Interactions [4].png","210707/PerfectKeylogger-201223/1.97/Images/ACR-086/PerfectKeylogger_Interactions [5].png","210707/PerfectKeylogger-201223/1.97/Images/ACR-086/PerfectKeylogger_Interactions [6].png","210707/PerfectKeylogger-201223/1.97/Images/ACR-086/PerfectKeylogger_Interactions [7].png","210707/PerfectKeylogger-201223/1.97/Images/ACR-086/PerfectKeylogger_Interactions [8].png","210707/PerfectKeylogger-201223/1.97/Images/ACR-086/PerfectKeylogger_Interactions [9].png","210707/PerfectKeylogger-201223/1.97/Images/ACR-086/PerfectKeylogger_Interactions [10].png","210707/PerfectKeylogger-201223/1.97/Images/ACR-086/PerfectKeylogger_Interactions [11].png","210707/PerfectKeylogger-201223/1.97/Images/ACR-086/PerfectKeylogger_Interactions [12].png","210707/PerfectKeylogger-201223/1.97/Images/ACR-048/PerfectKeylogger_RunningProcess [3].png","210707/PerfectKeylogger-201223/1.97/Images/ACR-048/PerfectKeylogger_Interactions [2].png","210707/PerfectKeylogger-201223/1.97/Images/ACR-007/PerfectKeylogger_Install [5].png","210707/PerfectKeylogger-201223/1.97/Images/ACR-007/PerfectKeylogger_Install [6].png","210707/PerfectKeylogger-201223/1.97/Images/ACR-007/PerfectKeylogger_Interactions [2].png","210707/PerfectKeylogger-201223/1.97/Images/ACR-007/PerfectKeylogger_Interactions [3].png"],"nonDeceptorImageFiles":["210707/PerfectKeylogger-201223/1.97/Images/ACR-038/PerfectKeylogger_FileProperty [1].png","210707/PerfectKeylogger-201223/1.97/Images/ACR-040/PerfectKeylogger_Files [1].png","210707/PerfectKeylogger-201223/1.97/Images/ACR-040/PerfectKeylogger_Install [5].png","210707/PerfectKeylogger-201223/1.97/Images/ACR-065/PerfectKeylogger_Install [1].png","210707/PerfectKeylogger-201223/1.97/Images/ACR-065/PerfectKeylogger_Install [2].png","210707/PerfectKeylogger-201223/1.97/Images/ACR-065/PerfectKeylogger_Install [7].png","210707/PerfectKeylogger-201223/1.97/Images/ACR-092/PerfectKeylogger_FileProperty [2].png","210707/PerfectKeylogger-201223/1.97/Images/ACR-065/PerfectKeylogger_About [1].png","210707/PerfectKeylogger-201223/1.97/Images/ACR-099/PerfectKeylogger_About [1].png","210707/PerfectKeylogger-201223/1.97/Images/ACR-065/PerfectKeylogger_LandingPage [1].png","210707/PerfectKeylogger-201223/1.97/Images/ACR-065/PerfectKeylogger_LandingPage [2].png","210707/PerfectKeylogger-201223/1.97/Images/ACR-099/PerfectKeylogger_LandingPage [1].png","210707/PerfectKeylogger-201223/1.97/Images/ACR-161/PerfectKeylogger_LandingPage [3] Testimonials.png","210707/PerfectKeylogger-201223/1.97/Images/ACR-065/PerfectKeylogger_OfferPage [1].png","210707/PerfectKeylogger-201223/1.97/Images/ACR-099/PerfectKeylogger_OfferPage [1].png"],"guid":"0e65a561-5ff2-499d-8134-05f449a40b04_1.97_1","appID":"PerfectKeylogger-201223","dateAdded":"240902","deceptorType":"App","name":"Perfect Keylogger","company":"BLAZINGTOOLS SOFTWARE","version":"1.97","sigName":"Deceptor:Win32/PerfectKeyloggerStalkerware!084086048007","lastKnownStatus":"1.97;2.2.0.0","lastKnownDate":"240902","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Adults only","monetization":"paid,up-sell to paid","lastUpdate":"2024-09-02T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":594},{"violations":{"ACR-048":"The app enables the consumer to hide the app from the system tray, which limits the targeted consumer's ability to close the app.\n","ACR-007":"The app enables the consumer to hide the installed apps list, thus preventing the customer from uninstalling the app.\n","ACR-084":"The app enables the installing consumer to hide the app from the targeted consumer.  It prevents the app from showing in the control panel and locates its installation files inside of the System32 folder with the random filename.\n","ACR-086":"The app does not inform the targeted consumer how it collects data and who it is transmitting their data to.\n","ACR-116":"The app cannot be uninstalled by platform standard uninstall method.\n"},"nonDeceptorViolations":{"ACR-092":"The app does not provide Digital signature for the executable: \"PCagent.exe\"\n"},"samples":[{"isRevoked":"False","fileName":"PCagent.exe","isInstaller":"True","fileVersion":"8.67","hashMD5":"478354d78eb98accf51c5d397b5fd3f3","hashSHA1":"cce7eea4b4318e2f1d13535dadf218a8be58c2bf","hashSHA256":"2eb1828df9498c63a0b0f56551602179f0ba01a5df6e24e65147734f502ee59f","sourceIndex":"566","avBlockList":["360 Total Security (20240917)","Avast Premium Security (20240917)","AVG Internet Security (20240917)","Avira Internet Security (20240917)","Bitdefender Internet Security (20240917)","Dr.Web Security Space (20240917)","ESET Internet Security (20240917)","FortectPremium (20240917)","G DATA INTERNET SECURITY (20240917)","K7 Total Security (20240917)","KasperskyPremium (20240917)","Malwarebytes Premium (20240917)","McAfee Total Protection (20240917)","Norton Security (20240917)","Panda Dome (20240917)","Quick Heal Internet Security (20240917)","Sophos Home Premium (20240917)","SpyHunter5 (20240917)","Total AV Antivirus Pro (20240917)","VIPRE Advanced Security (20240917)","VirIT eXplorer PRO (20240917)","Webroot SecureAnywhere (20240917)"],"avAllowList":["COMODO Antivirus (20240917)","Trend Micro Internet Security (20240917)","Windows Defender (20240917)"]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on windows app","reference":"","landingPage":"https://www.pc-agent.com/en/products/pc-agent/","directDownloadingLink":"https://www.pc-agent.com/en/products/pc-agent/","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.pc-agent.com/en/products/pc-agent/","sourceIndex":"566"}],"sampleFiles":["240902/PCAgent-210301/8.67.0.0/Samples/PCagent.exe"],"imageFiles":["240902/PCAgent-210301/8.67.0.0/Images/ACR-007/ACR-007.PNG","240902/PCAgent-210301/8.67.0.0/Images/ACR-084/ACR-084.PNG","240902/PCAgent-210301/8.67.0.0/Images/ACR-084/ACR-084_1.PNG","240902/PCAgent-210301/8.67.0.0/Images/ACR-086/ACR-086.PNG","240902/PCAgent-210301/8.67.0.0/Images/ACR-086/ACR-086_1.PNG","240902/PCAgent-210301/8.67.0.0/Images/ACR-086/ACR-086_2.PNG","240902/PCAgent-210301/8.67.0.0/Images/ACR-086/ACR-086_Software_1.png","240902/PCAgent-210301/8.67.0.0/Images/ACR-048/ACR-048.PNG","240902/PCAgent-210301/8.67.0.0/Images/ACR-116/ACR-116.PNG"],"nonDeceptorImageFiles":["240902/PCAgent-210301/8.67.0.0/Images/ACR-092/ACR-092.PNG"],"guid":"4295460b-9864-4a3a-9d41-8246cdc8f4f5_8.67.0.0_1","appID":"PCAgent-210301","dateAdded":"240902","deceptorType":"App","name":"PC Agent","company":"7TECH LTD","version":"8.67.0.0","lastKnownStatus":"8.53;8.55;8.56;8.67.0.0","lastKnownDate":"240902","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2026-05-12T22:59:51.1706692+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":4,"sortOrder":595},{"violations":{"ACR-048":"The app enables the consumer to hide the app from the system tray, which limits the targeted consumer's ability to close the app.\n","ACR-084":"The app enables the installing consumer to hide the app from the targeted consumer.  It prevents the app from showing in system tray, and locates its installation files inside of the System32 folder with random filename.\n","ACR-086":"The app does not inform the targeted consumer how it collects data and who it is transmitting their data to.\n","ACR-116":"The app cannot be uninstalled by platform standard uninstall method.\n","ACR-014":"The app calls itself  into random executable files, which is not related to the name \"PC Agent\", which misleads the targeted consumer.\n"},"nonDeceptorViolations":{"ACR-038":"The app installer does not have a name that allows it to be clearly identified by the targeted consumer as related to the app. The app does not disclose the Original filename, Company name, Product name, Product version, File version for all the executables.\n","ACR-040":"The app is installed into System32 directory , using random filename which is completely unrelated to the app name. \n","ACR-065":"The install wizard does not display links to the Returns and Cancellation Policy and its Privacy Policy. \nThe app does not display links to the Returns and Cancellation Policy or the Privacy Policy. \nThe landing page does not display links to the Returns and Cancellation Policy\nThe internal offers page does not display links to the Returns and Cancellation Policy\n","ACR-092":"The app does not provide Digital signature for the main executables.\n","ACR-167":"The application's has no mention of a 30 days refund policy.\n"},"samples":[{"isRevoked":"False","fileName":"PCagent.exe","isInstaller":"True","fileVersion":"1.0","hashMD5":"9fa5e9442ec472b09d4d7cfaf76f5741","hashSHA1":"949b375645c386bdeead8c26c7026f793105711b","hashSHA256":"d154fc0b30ecde64686d1fd664c96ca30e14c4dfb404e2bed969023c2992d205","sourceIndex":"1823","avBlockList":["360 Total Security (20240903)","Avast Premium Security (20240903)","AVG Internet Security (20240903)","Avira Internet Security (20240903)","Bitdefender Internet Security (20240903)","ESET Internet Security (20240903)","G DATA INTERNET SECURITY (20240903)","K7 Total Security (20240903)","Kaspersky Internet Security (20210923)","Malwarebytes Premium (20240903)","McAfee Total Protection (20240903)","Norton Security (20240903)","Panda Dome (20240903)","Quick Heal Internet Security (20240903)","Sophos Home Premium (20240903)","SpyHunter5 (20240903)","Tencent PC Manager (20210923)","Total AV Antivirus Pro (20240903)","VIPRE Advanced Security (20240903)","VirIT eXplorer PRO (20240903)","Webroot SecureAnywhere (20240903)","Windows Defender (20240903)","FortectPremium (20240903)"],"avAllowList":["COMODO Antivirus (20240903)","Dr.Web Security Space (20240903)","Trend Micro Internet Security (20240903)","KasperskyPremium (20240903)"]},{"isRevoked":"False","fileName":"vuteti.dll","fileVersion":"0.0","hashMD5":"ee419600a72a5935c8bdc59166a6f49a","hashSHA1":"af5994c2c19faad175a1c0c5a790e877b45ccd10","hashSHA256":"68e1a2f373ff65023d7d92c90901c90b9410535b317f933722f02a71ae36c9f5","sourceIndex":"1823","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"vuteti.exe","fileVersion":"1.0","hashMD5":"6311d23ae3f69f176c10158284bd3e78","hashSHA1":"245773c62dd72c64e4d37d31c42f6352e86dc1bf","hashSHA256":"f8b600632a4acf9abf1949f77a4eac0b34143e67e6de2b931f8b747bfc4a78f4","sourceIndex":"1823","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"vuteti.tbl","fileVersion":"0.","hashMD5":"","hashSHA1":"","hashSHA256":"b9006167312295f08f57451f563ef0911909860f80c45142da716d6c8f90d429","sourceIndex":"1823","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"","landingPage":"http://www.blue-series.com/en/products/pc-agent/","directDownloadingLink":"http://www.blue-series.com/downloads/27da822ebb97ec40856068c2d75c2ddf8060d2c5/PCagent.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://www.blue-series.com/downloads/27da822ebb97ec40856068c2d75c2ddf8060d2c5/PCagent.exe","sourceIndex":"1823"}],"sampleFiles":["210831/PCAgent-210301/8.56/Samples/PCagent.exe","210831/PCAgent-210301/8.56/Samples/vuteti.dll","210831/PCAgent-210301/8.56/Samples/vuteti.exe","210831/PCAgent-210301/8.56/Samples/vuteti.tbl"],"imageFiles":["210831/PCAgent-210301/8.56/Images/ACR-084/PCagent_Interactions [7].png","210831/PCAgent-210301/8.56/Images/ACR-084/PCagent_Files [1].png","210831/PCAgent-210301/8.56/Images/ACR-084/PCagent_RunningProcess [1].png","210831/PCAgent-210301/8.56/Images/ACR-086/PCagent_Interactions [8].png","210831/PCAgent-210301/8.56/Images/ACR-086/PCagent_Interactions [9].png","210831/PCAgent-210301/8.56/Images/ACR-086/PCagent_Interactions [10].png","210831/PCAgent-210301/8.56/Images/ACR-048/PCagent_Interactions [7].png","210831/PCAgent-210301/8.56/Images/ACR-014/PCagent_RunningProcess [1].png","210831/PCAgent-210301/8.56/Images/ACR-014/PCagent_Files [1].png","210831/PCAgent-210301/8.56/Images/ACR-116/PCagent_ControlPanel [1].png"],"nonDeceptorImageFiles":["210831/PCAgent-210301/8.56/Images/ACR-038/PCagent_FileProperty [1].png","210831/PCAgent-210301/8.56/Images/ACR-038/PCagent_FileProperty [3].png","210831/PCAgent-210301/8.56/Images/ACR-040/PCagent_Files [1].png","210831/PCAgent-210301/8.56/Images/ACR-065/PCagent_Install [1].png","210831/PCAgent-210301/8.56/Images/ACR-065/PCagent_About [2].png","210831/PCAgent-210301/8.56/Images/ACR-092/PCagent_FileProperty [2].png","210831/PCAgent-210301/8.56/Images/ACR-092/PCagent_FileProperty [4].png","210831/PCAgent-210301/8.56/Images/ACR-092/PCagent_FileProperty [5].png","210831/PCAgent-210301/8.56/Images/ACR-092/PCagent_FileProperty [6].png","210831/PCAgent-210301/8.56/Images/ACR-065/PCagent_About [1].png","210831/PCAgent-210301/8.56/Images/ACR-065/PCagent_LandingPage [1].png","210831/PCAgent-210301/8.56/Images/ACR-065/PCagent_OfferPage [1].png"],"guid":"4295460b-9864-4a3a-9d41-8246cdc8f4f5_8.56_1","appID":"PCAgent-210301","dateAdded":"240902","deceptorType":"App","name":"PC Agent","company":"7TECH LTD","version":"8.56","sigName":"Deceptor:Win32/PCAgentStalkerware!084086048014116","lastKnownStatus":"8.53;8.55;8.56;8.67.0.0","lastKnownDate":"240902","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2024-09-02T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":4,"sortOrder":596},{"violations":{"ACR-048":"The app enables the consumer to hide the app from the system tray, which limits the targeted consumer's ability to close the app.\n","ACR-084":"The app enables the installing consumer to hide the app from the targeted consumer.  It prevents the app from showing in system tray, and locates its installation files inside of the System32 folder with random filename.\n","ACR-086":"The app does not inform the targeted consumer how it collects data and who it is transmitting their data to.\n","ACR-014":"The app calls itself  into random executable files, which is not related to the name \"PC Agent\", which misleads the targeted consumer.\n"},"nonDeceptorViolations":{"ACR-038":"The app installer does not have a name that allows it to be clearly identified by the targeted consumer as related to the app. The app does not disclose the Original filename, Company name, Product name, Product version, File version for all the executables.\n","ACR-040":"The app is installed into System32 directory , using random filename which is completely unrelated to the app name. \n","ACR-065":"The install wizard does not display links to the Returns and Cancellation Policy and its Privacy Policy. \nThe app does not display links to the Returns and Cancellation Policy or the Privacy Policy. \nThe landing page does not display links to the Returns and Cancellation Policy\nThe internal offers page does not display links to the Returns and Cancellation Policy\n","ACR-092":"The app does not provide Digital signature for the main executable.\n","ACR-167":"The application's has no mention of a 30 days refund policy.\n"},"samples":[{"isRevoked":"False","fileName":"PCagent.exe","isInstaller":"True","fileVersion":"1.0","hashMD5":"8f4b1a413cb30b17ca1a14b89ae9f5d9","hashSHA1":"381ed41e9c0939081ce41cf9021732f58cc58daa","hashSHA256":"f7feed1699fe48a03205304546756d91d096d0fb9456043faaaeead34c20fe1f","sourceIndex":"1987","avBlockList":["360 Total Security (20210601)","Avast Premium Security (20210601)","AVG Internet Security (20210601)","Avira Internet Security (20210601)","Bitdefender Internet Security (20210601)","ESET Internet Security (20210601)","G DATA INTERNET SECURITY (20210601)","K7 Total Security (20210601)","Kaspersky Internet Security (20210601)","Malwarebytes Premium (20210601)","McAfee Total Protection (20210601)","Norton Security (20210601)","Panda Dome (20210601)","Quick Heal Internet Security (20210601)","Sophos Home Premium (20210601)","SpyHunter5 (20210601)","Tencent PC Manager (20210601)","Total AV Antivirus Pro (20210601)","Trend Micro Internet Security (20210601)","VIPRE Advanced Security (20210601)","VirIT eXplorer PRO (20210601)","Webroot SecureAnywhere (20210601)"],"avAllowList":["COMODO Antivirus (20210601)","Dr.Web Security Space (20210601)","Windows Defender (20210601)"]},{"isRevoked":"False","fileName":"xatuxi.exe","fileVersion":"1.0","hashMD5":"43d54b1eaa2baec36cea45e6c40dc364","hashSHA1":"ddebfc39abc86f09b037e932c1528ad5113efa6c","hashSHA256":"d95d17a67c70ccdecc1d3ec98aafb3f5edde7ff826cfd7b218726380efb5b171","sourceIndex":"1987","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"yifoxu.exe","fileVersion":"1.0","hashMD5":"c48b6bae5acd9b06aba036ab324fc175","hashSHA1":"788d1d0d4b15d0ed3daf23fb37b98d79778940d7","hashSHA256":"18d54fbe1bfed0684d605e67142095b1cbf0f7d7a1099dd8502f8056919ad28d","sourceIndex":"1987","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"","landingPage":"http://www.blue-series.com/en/products/pc-agent/","directDownloadingLink":"http://www.blue-series.com/downloads/894d58f728c532b05da621f9cce24681775ec6a0/PCagent.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://www.blue-series.com/downloads/894d58f728c532b05da621f9cce24681775ec6a0/PCagent.exe","sourceIndex":"1987"}],"sampleFiles":["210302/PCAgent-210301/8.53/Samples/PCagent.exe","210302/PCAgent-210301/8.53/Samples/xatuxi.exe","210302/PCAgent-210301/8.53/Samples/yifoxu.exe"],"imageFiles":["210302/PCAgent-210301/8.53/Images/ACR-084/PCAgent_Settings [1].png","210302/PCAgent-210301/8.53/Images/ACR-084/PCAgent_Files [1].png","210302/PCAgent-210301/8.53/Images/ACR-086/PCAgent_Settings [2].png","210302/PCAgent-210301/8.53/Images/ACR-086/PCAgent_Settings [4].png","210302/PCAgent-210301/8.53/Images/ACR-086/PCAgent_Settings [5].png","210302/PCAgent-210301/8.53/Images/ACR-048/PCAgent_Settings [1].png","210302/PCAgent-210301/8.53/Images/ACR-014/PCAgent_Files [1].png","210302/PCAgent-210301/8.53/Images/ACR-014/PCAgent_RunningProcess [2].png"],"nonDeceptorImageFiles":["210302/PCAgent-210301/8.53/Images/ACR-038/PCAgent_FileProperty [1].png","210302/PCAgent-210301/8.53/Images/ACR-038/PCAgent_FileProperty [2].png","210302/PCAgent-210301/8.53/Images/ACR-040/PCAgent_Files [1].png","210302/PCAgent-210301/8.53/Images/ACR-065/PCAgent_Install [1].png","210302/PCAgent-210301/8.53/Images/ACR-092/PCAgent_FileProperty [3].png","210302/PCAgent-210301/8.53/Images/ACR-092/PCAgent_FileProperty [4].png","210302/PCAgent-210301/8.53/Images/ACR-065/PCAgent_About [1].png","210302/PCAgent-210301/8.53/Images/ACR-065/PCAgent_About [2].png","210302/PCAgent-210301/8.53/Images/ACR-065/PCAgent_LandingPage [1].png","210302/PCAgent-210301/8.53/Images/ACR-065/PCAgent_LandingPage [2].png","210302/PCAgent-210301/8.53/Images/ACR-065/PCAgent_OfferPage [1].png"],"guid":"4295460b-9864-4a3a-9d41-8246cdc8f4f5_8.53_1","appID":"PCAgent-210301","dateAdded":"240902","deceptorType":"App","name":"PC Agent","company":"7TECH LTD","version":"8.53","sigName":"Deceptor:Win32/PCAgent!084086048014","lastKnownStatus":"8.53;8.55;8.56;8.67.0.0","lastKnownDate":"240902","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2024-09-02T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":4,"sortOrder":598},{"violations":{"ACR-042":"Before consumer makes decision, the installer app already starts to contact RelevantKnowledge service and attempts to download the package.\n","ACR-010":"The RelevantKnowledge is bundled in deceptors. It is distributed by deceptors aggressively and widely. for example: GameGain RK bundler\n","ACR-013":"RK is presented as offer during carrier installation. During installation, the user is interrupted by non-consented offers to silently install unrelated software\n","ACR-060":"The offer network does not disclose itself in RK offer to silently install unrelated software\n","ACR-119":"monetization offer RK is kept running and not uninstalled after carrier app is cancelled during installation or after carrier is uninstalled completed.\n","ACR-059":"RelevantKnowledge is not clearly marked as optional offer. But it is installed as a mandatory offer. RK components are downloaded even consumer choose to decline during install. \n","ACR-039":"RelevantKnowledge usually is installed by another applications (offer in bundler). There is no clear indications of the relationship to the installer application. RelevantKnowledge is presented as the part of the installer application. Even consumer decline RelevantKnowledge app, it is still downloaded nevertheless.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"rk_setup_EN.exe","isInstaller":"True","companyName":"TMRG                                                        ","fileVersion":"1.1","hashMD5":"fba926d9646ef2981f75d25ae3fe5d1a","hashSHA1":"0f6835244911d6d391d91b3a0ce0fa03213b16a0","hashSHA256":"a474c9f855025ec6c93f95b411dc3ab96e2274a2dd60fe514b3d7980261e13fc","digitalCertThumbprint":"8A0B9F56E594181329741D549D529DEA98C225BB","digitalCertIssuer":"CN=Sectigo Public Code Signing CA R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=\"TMRG, Inc.\", O=\"TMRG, Inc.\", S=Virginia, C=US","sourceIndex":"724","avBlockList":["360 Total Security (20240620)","Avast Premium Security (20240620)","AVG Internet Security (20240620)","Avira Internet Security (20240620)","Bitdefender Internet Security (20240620)","COMODO Antivirus (20240620)","Dr.Web Security Space (20240620)","ESET Internet Security (20240620)","G DATA INTERNET SECURITY (20240620)","K7 Total Security (20240620)","Kaspersky Internet Security (20240620)","Malwarebytes Premium (20240620)","Norton Security (20240620)","Panda Dome (20240620)","Quick Heal Internet Security (20240620)","Sophos Home Premium (20240620)","SpyHunter5 (20240620)","Total AV Antivirus Pro (20240620)","VIPRE Advanced Security (20240620)","VirIT eXplorer PRO (20240620)","Webroot SecureAnywhere (20240620)"],"avAllowList":["McAfee Total Protection (20240620)","Trend Micro Internet Security (20240620)","Windows Defender (20240620)"]},{"isRevoked":"False","fileName":"rk_setup_GameGain.exe","isInstaller":"True","companyName":"TMRG                                                        ","fileVersion":"1.1","hashMD5":"6a38c053466eab3656074f81ddc00d77","hashSHA1":"df379f793f93971821506f8d3877d3941d0ebfb5","hashSHA256":"3979455d612a9398808b80b0b6867194a1147d84987ddbaee707a5f01610213a","digitalCertThumbprint":"8A0B9F56E594181329741D549D529DEA98C225BB","digitalCertIssuer":"CN=Sectigo Public Code Signing CA R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=\"TMRG, Inc.\", O=\"TMRG, Inc.\", S=Virginia, C=US","sourceIndex":"724","avBlockList":["Avast Premium Security (20240829)","AVG Internet Security (20240829)","Avira Internet Security (20240829)","Bitdefender Internet Security (20240829)","COMODO Antivirus (20240829)","Dr.Web Security Space (20240829)","ESET Internet Security (20240829)","FortectPremium (20240829)","G DATA INTERNET SECURITY (20240829)","K7 Total Security (20240829)","KasperskyPremium (20240829)","Malwarebytes Premium (20240829)","Norton Security (20240829)","Panda Dome (20240829)","Sophos Home Premium (20240829)","SpyHunter5 (20240829)","Total AV Antivirus Pro (20240829)","VIPRE Advanced Security (20240829)","VirIT eXplorer PRO (20240829)","Webroot SecureAnywhere (20240829)"],"avAllowList":["360 Total Security (20240829)","McAfee Total Protection (20240829)","Quick Heal Internet Security (20240829)","Trend Micro Internet Security (20240829)","Windows Defender (20240829)"]},{"isRevoked":"False","fileName":"rlls.dll","companyName":"TMRG,  Inc.","fileVersion":"4.0","hashMD5":"b4a262f7a440a830de2fabc16327b5c4","hashSHA1":"853981f101c5aaf5374622098302232a39d1c29f","hashSHA256":"4e21d640b6268e273835aa562fe2eb92a4dc7433bf8c8e1a8216ed6d9d74895d","digitalCertThumbprint":"8A0B9F56E594181329741D549D529DEA98C225BB","digitalCertIssuer":"CN=Sectigo Public Code Signing CA R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=\"TMRG, Inc.\", O=\"TMRG, Inc.\", S=Virginia, C=US","sourceIndex":"724","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"rlls64.dll","companyName":"TMRG,  Inc.","fileVersion":"4.0","hashMD5":"5417f1ec92429ef41ed17eb5bbb4f249","hashSHA1":"d6466d8eeea79d822a255f2f645b9aa97a4b5c87","hashSHA256":"3e0354c4a63fbc5d290aded975ce9af33138aa54a4f2c5787dec98a634f89e58","digitalCertThumbprint":"8A0B9F56E594181329741D549D529DEA98C225BB","digitalCertIssuer":"CN=Sectigo Public Code Signing CA R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=\"TMRG, Inc.\", O=\"TMRG, Inc.\", S=Virginia, C=US","sourceIndex":"724","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"rlph.dll","companyName":"TMRG,  Inc.","fileVersion":"1.0","hashMD5":"dab262f4d7d17676f9f80a28116f89e5","hashSHA1":"4d327736e7b7053ca80e6669c439a96efad56886","hashSHA256":"a18a3d167aa0c898ba6b52579729da0c876a6e1caabf3399487ab94f5258b62d","digitalCertThumbprint":"8A0B9F56E594181329741D549D529DEA98C225BB","digitalCertIssuer":"CN=Sectigo Public Code Signing CA R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=\"TMRG, Inc.\", O=\"TMRG, Inc.\", S=Virginia, C=US","sourceIndex":"724","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"rlservice.exe","companyName":"TMRG,  Inc.","fileVersion":"1.1","hashMD5":"34aff57d6f2f1c074573b7aaa573092a","hashSHA1":"e4d460f5c22d6ac58729ce2333c4382b5c916e31","hashSHA256":"6798d3159c8843346506a090a29849683c5bd4ff2c8bfd8ab6c25ccee36867f3","digitalCertThumbprint":"8A0B9F56E594181329741D549D529DEA98C225BB","digitalCertIssuer":"CN=Sectigo Public Code Signing CA R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=\"TMRG, Inc.\", O=\"TMRG, Inc.\", S=Virginia, C=US","sourceIndex":"724","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"rlvknlg.exe","companyName":"TMRG,  Inc.","fileVersion":"1.3","hashMD5":"dedb374c58801ff2b6bb515c87720a93","hashSHA1":"58cb40dcc193eb7ebe8f7788a693bba770d87726","hashSHA256":"f023ae49c44f7eccbda34c5718cf04850fa1986960abebd0334e8a90bdfd3570","digitalCertThumbprint":"8A0B9F56E594181329741D549D529DEA98C225BB","digitalCertIssuer":"CN=Sectigo Public Code Signing CA R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=\"TMRG, Inc.\", O=\"TMRG, Inc.\", S=Virginia, C=US","sourceIndex":"724","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"rlvknlg32.exe","companyName":"TMRG,  Inc.","fileVersion":"1.0","hashMD5":"3f128ed69207decf2fc07526f8dc656c","hashSHA1":"4adf134b4d4b63f61af7c28e559015745d0aba90","hashSHA256":"d58157e9e371f50168a0d6504bdb5b1357d08dc381d0573d3753ca71b2c44787","digitalCertThumbprint":"8A0B9F56E594181329741D549D529DEA98C225BB","digitalCertIssuer":"CN=Sectigo Public Code Signing CA R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=\"TMRG, Inc.\", O=\"TMRG, Inc.\", S=Virginia, C=US","sourceIndex":"724","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"rlvknlg64.exe","companyName":"TMRG,  Inc.","fileVersion":"1.0","hashMD5":"fc1b0b7cd09b3f88a759f3b9a9ac3023","hashSHA1":"629e5c364eda13e372d940ff66604a2ac5faac4c","hashSHA256":"67267daab3d0ebec5e5c61e94f6b8832fda3879bf8beefc48e14c1d35ab8b662","digitalCertThumbprint":"8A0B9F56E594181329741D549D529DEA98C225BB","digitalCertIssuer":"CN=Sectigo Public Code Signing CA R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=\"TMRG, Inc.\", O=\"TMRG, Inc.\", S=Virginia, C=US","sourceIndex":"724","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"security partner report","reference":"","landingPage":"https://www.relevantknowledge.com","directDownloadingLink":"https://www.relevantknowledge.com/Download/rk_setup_EN.exe ","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.relevantknowledge.com/Download/rk_setup_EN.exe ","sourceIndex":"724"}],"sampleFiles":["240303/RelevantKnowledge-201010/1.0.14.10/Samples/rk_setup_EN.exe","240303/RelevantKnowledge-201010/1.0.14.10/Samples/rk_setup_GameGain.exe","240303/RelevantKnowledge-201010/1.0.14.10/Samples/rlls.dll","240303/RelevantKnowledge-201010/1.0.14.10/Samples/rlls64.dll","240303/RelevantKnowledge-201010/1.0.14.10/Samples/rlph.dll","240303/RelevantKnowledge-201010/1.0.14.10/Samples/rlservice.exe","240303/RelevantKnowledge-201010/1.0.14.10/Samples/rlvknlg.exe","240303/RelevantKnowledge-201010/1.0.14.10/Samples/rlvknlg32.exe","240303/RelevantKnowledge-201010/1.0.14.10/Samples/rlvknlg64.exe"],"imageFiles":["240303/RelevantKnowledge-201010/1.0.14.10/Images/ACR-039/RK_Offer.gif","240303/RelevantKnowledge-201010/1.0.14.10/Images/ACR-042/ACR-042_Install_1.png","240303/RelevantKnowledge-201010/1.0.14.10/Images/ACR-042/ACR-042_Install_2.jpeg","240303/RelevantKnowledge-201010/1.0.14.10/Images/ACR-119/RK_Uninstall.JPG","240303/RelevantKnowledge-201010/1.0.14.10/Images/ACR-119/ACR-119_Uninstall_1.jpeg","240303/RelevantKnowledge-201010/1.0.14.10/Images/ACR-119/ACR-119_Uninstall_2.jpeg","240303/RelevantKnowledge-201010/1.0.14.10/Images/ACR-059/RK_Offer_GameGain.JPG","240303/RelevantKnowledge-201010/1.0.14.10/Images/ACR-013/RK_Offer.gif","240303/RelevantKnowledge-201010/1.0.14.10/Images/ACR-013/ACR-013_In-bundle offers_1.jpeg","240303/RelevantKnowledge-201010/1.0.14.10/Images/ACR-060/RK_Offer.gif"],"nonDeceptorImageFiles":[],"guid":"4a1d02da-9ad9-4919-9141-89e903b37b7f_1.0.14.10_1","appID":"RelevantKnowledge-201010","dateAdded":"240827","deceptorType":"App","name":"RelevantKnowledge","company":"RelevantKnowledge","version":"1.0.14.10","lastKnownStatus":"1.0.3.2;1.0.4.1;1.0.5.5;1.0.5.6;1.0.6.1;1.1.0.0;1.0.12.26;1.0.14.10;1.3.340.310","lastKnownDate":"240827","type":"Windows Executable","category":"SysTools & Utilities, Personalization & Search","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"sold in bundle","lastUpdate":"2024-08-27T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":5,"sortOrder":600},{"violations":{"ACR-042":"Before consumer makes decision, the installer app already starts to contact RelevantKnowledge service and attempts to download the package.\n","ACR-010":"The RelevantKnowledge is bundled in deceptors. It is distributed by deceptors aggressively and widely. The example: PCMateBundler (certs: e1caa9e850d616a0c2a245a157e0767a5ddcb431 & AB3BF705268399B80E815D612192384F5DEEE227 )\nsome deceptor examples:\nhxxp://freesoundrecorder.net\nhxxps://www.free-wifi-hotspot.com/download.php?t=freewifihotspotforwindows\nhxxps://windowsdownloads.xyz/2020/02/AutoClicker/FreeAutoClicker.exe\nhxxp://www.free-auto-clicker.com/FreeAutoClicker.exe\nhxxp://free-auto-clicker.com/FreeAutoClicker.exe\nhxxp://www.freemp3cutterjoiner.com/MP3CutterJoinerFree.exe\nhxxp://www.free-wifi-hotspot.com/FreeWiFiHotspot.exe\nhxxp://www.music-editor.net/VidMateVideoConverter.exe\nhxxp://music-editor.net/VidMateVideoConverter.exe\nhxxp://www.free-audio-editor.com/EasyAudioExtractor.exe\nhxxp://free-audio-editor.com/EasyAudioExtractor.exe\nhxxp://audio-tool.net/AudioConvertToolbox.exe\nhxxp://www.audio-tool.net/AudioConvertToolbox.exe\nhxxp://www.ocrtoword.com/FreeOCRtoWord.exe?\nhxxp://www.ocrtoword.com/FreeOCRtoWord.exe\nhxxp://www.free-sound-editor.com/PowerSoundEditorFree.exe\nhxxps://www.free-sound-editor.com/PowerSoundEditorFree.exe\n\n","ACR-013":"RK is presented as offer during carrier installation. During installation, the user is interrupted by non-consented offers to silently install unrelated software\n","ACR-060":"The offer network does not disclose itself in RK offer to silently install unrelated software\n","ACR-119":"monetization offer RK is kept running and not uninstalled after carrier app is uninstalled.\n","ACR-059":"RelevantKnowledge is not clearly marked as optional offer. But it is installed as a mandatory offer. RK components are downloaded even consumer choose to decline during install. \n","ACR-039":"RelevantKnowledge usually is installed by another applications. There is no clear indications of the relationship to the installer application. RelevantKnowledge is presented as the part of the installer application. Even consumer decline RelevantKnowledge app, it is still downloaded nevertheless.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"rlls.dll","companyName":"TMRG,  Inc.","fileVersion":"4.0","hashMD5":"f949546ac2c4c8b6da746f5ac00a9d01","hashSHA1":"106dc92d5e9d362f99a53c212fb58edeff633ab5","hashSHA256":"686681c180705995eab486eb36f1e1365b14f6a2ee1490b81405a333eacc75fa","digitalCertThumbprint":"D362EC5A4BE2AAB2A814455AD92B99021DA22C51","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"TMRG, Inc.\", O=\"TMRG, Inc.\", STREET=11950 Democracy Drive, STREET=Suite 600, L=Reston, S=Virginia, PostalCode=20190, C=US","sourceIndex":"1118","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"rlls64.dll","companyName":"TMRG,  Inc.","fileVersion":"4.0","hashMD5":"cc0d25ff5c41f46a59b592867765c62c","hashSHA1":"0b40ea3fcf48edb9eb709060e53d0814ebd22e52","hashSHA256":"4d322e3c8c62a67ac3503dc47597068a49db53efca80bcba69274b95d15eee6c","digitalCertThumbprint":"D362EC5A4BE2AAB2A814455AD92B99021DA22C51","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"TMRG, Inc.\", O=\"TMRG, Inc.\", STREET=11950 Democracy Drive, STREET=Suite 600, L=Reston, S=Virginia, PostalCode=20190, C=US","sourceIndex":"1118","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"rlservice.exe","companyName":"TMRG,  Inc.","fileVersion":"1.1","hashMD5":"38b3c82edfc1839ff79a8832b56bcf2a","hashSHA1":"d2338078b5e3966958647d12e5e295ff26565efe","hashSHA256":"1e484d332c68e8465005aff8556dfe3c82c9ecfe1c5951927c86ac2f831fa2f8","digitalCertThumbprint":"D362EC5A4BE2AAB2A814455AD92B99021DA22C51","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"TMRG, Inc.\", O=\"TMRG, Inc.\", STREET=11950 Democracy Drive, STREET=Suite 600, L=Reston, S=Virginia, PostalCode=20190, C=US","sourceIndex":"1118","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"rlvknlg.exe","companyName":"TMRG,  Inc.","fileVersion":"1.3","hashMD5":"550737266503571619bc6ca939e4af6b","hashSHA1":"79bf9e67e8196a9f23461963d6901bf39453770c","hashSHA256":"6b66b43a3c497b1fce068c4d1cdaa217701dfe199c85c1804d5739754fcad404","digitalCertThumbprint":"D362EC5A4BE2AAB2A814455AD92B99021DA22C51","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"TMRG, Inc.\", O=\"TMRG, Inc.\", STREET=11950 Democracy Drive, STREET=Suite 600, L=Reston, S=Virginia, PostalCode=20190, C=US","sourceIndex":"1118","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"rlvknlg32.exe","companyName":"TMRG,  Inc.","fileVersion":"1.0","hashMD5":"f00d2b52edb5070c0ea683de04a0a954","hashSHA1":"a2c03636ec18d617bc12395cf8443d76c476c922","hashSHA256":"970aeb123b409ab5de66fe1d421b30c28c17b85faab4f38b947376f87fd4bc2c","digitalCertThumbprint":"D362EC5A4BE2AAB2A814455AD92B99021DA22C51","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"TMRG, Inc.\", O=\"TMRG, Inc.\", STREET=11950 Democracy Drive, STREET=Suite 600, L=Reston, S=Virginia, PostalCode=20190, C=US","sourceIndex":"1118","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"rlvknlg64.exe","companyName":"TMRG,  Inc.","fileVersion":"1.0","hashMD5":"68d7324ba0773b18853916efcffce529","hashSHA1":"e45b1ba70ea8faacfeb2af604cb5b0201f71186c","hashSHA256":"d3c1a00b3765d711acae90a1c130812953f0ea5f4f3ceacf8f19194f3ea8efac","digitalCertThumbprint":"D362EC5A4BE2AAB2A814455AD92B99021DA22C51","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"TMRG, Inc.\", O=\"TMRG, Inc.\", STREET=11950 Democracy Drive, STREET=Suite 600, L=Reston, S=Virginia, PostalCode=20190, C=US","sourceIndex":"1118","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"rk_setup.exe","isInstaller":"True","companyName":"TMRG                                                        ","fileVersion":"1.1","hashMD5":"89c8796cd6169d14531791b7388bc0e9","hashSHA1":"473a91fc861a45122f9f60ee8cd807b57cd2f29d","hashSHA256":"53ef40c6950b12e766195905ffcc596d771b43398ad2eeb2f9a895ab5a8bb278","digitalCertThumbprint":"D362EC5A4BE2AAB2A814455AD92B99021DA22C51","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"TMRG, Inc.\", O=\"TMRG, Inc.\", STREET=11950 Democracy Drive, STREET=Suite 600, L=Reston, S=Virginia, PostalCode=20190, C=US","sourceIndex":"1118","avBlockList":["Avast Premium Security (20240702)","AVG Internet Security (20240702)","Avira Internet Security (20240702)","Bitdefender Internet Security (20240702)","COMODO Antivirus (20240702)","Dr.Web Security Space (20240702)","ESET Internet Security (20240702)","FortectPremium (20240702)","G DATA INTERNET SECURITY (20240702)","K7 Total Security (20240702)","Kaspersky Internet Security (20240702)","Malwarebytes Premium (20240702)","Norton Security (20240702)","Panda Dome (20240702)","Quick Heal Internet Security (20240702)","Sophos Home Premium (20240702)","SpyHunter5 (20240702)","Total AV Antivirus Pro (20240702)","VIPRE Advanced Security (20240702)","VirIT eXplorer PRO (20240702)","Webroot SecureAnywhere (20240702)"],"avAllowList":["360 Total Security (20240702)","McAfee Total Protection (20240702)","Trend Micro Internet Security (20240702)","Windows Defender (20240702)"]}],"additionalFiles":[],"sources":[{"howFound":"Offer in deceptors","reference":"PGWare bundler","landingPage":"offer in bundler","directDownloadingLink":"http://pgware.com/products/gamegain/","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://pgware.com/products/gamegain/","sourceIndex":"1118"}],"sampleFiles":["240303/RelevantKnowledge-201010/1.0.12.26/Samples/rlls.dll","240303/RelevantKnowledge-201010/1.0.12.26/Samples/rlls64.dll","240303/RelevantKnowledge-201010/1.0.12.26/Samples/rlservice.exe","240303/RelevantKnowledge-201010/1.0.12.26/Samples/rlvknlg.exe","240303/RelevantKnowledge-201010/1.0.12.26/Samples/rlvknlg32.exe","240303/RelevantKnowledge-201010/1.0.12.26/Samples/rlvknlg64.exe","240303/RelevantKnowledge-201010/1.0.12.26/Samples/rk_setup.exe"],"imageFiles":["240303/RelevantKnowledge-201010/1.0.12.26/Images/ACR-039/RK_Offer.gif","240303/RelevantKnowledge-201010/1.0.12.26/Images/ACR-042/DLBeforeDiscloseAndUserAction.JPG","240303/RelevantKnowledge-201010/1.0.12.26/Images/ACR-042/RK_042.JPG","240303/RelevantKnowledge-201010/1.0.12.26/Images/ACR-119/RK_Uninstall.JPG","240303/RelevantKnowledge-201010/1.0.12.26/Images/ACR-059/RK_Offer_GameGain.JPG","240303/RelevantKnowledge-201010/1.0.12.26/Images/ACR-013/RK_Offer.gif","240303/RelevantKnowledge-201010/1.0.12.26/Images/ACR-060/RK_Offer.gif"],"nonDeceptorImageFiles":[],"guid":"4a1d02da-9ad9-4919-9141-89e903b37b7f_1.0.12.26_1","appID":"RelevantKnowledge-201010","dateAdded":"240827","deceptorType":"App","name":"RelevantKnowledge","company":"RelevantKnowledge","version":"1.0.12.26","lastKnownStatus":"1.0.3.2;1.0.4.1;1.0.5.5;1.0.5.6;1.0.6.1;1.1.0.0;1.0.12.26;1.0.14.10;1.3.340.310","lastKnownDate":"240827","type":"Windows Executable","category":"SysTools & Utilities, Personalization & Search","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"sold in bundle","lastUpdate":"2024-08-27T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":5,"sortOrder":601},{"violations":{"ACR-042":"Before the consumer makes a decision, the installer app already starts to contact RelevantKnowledge service and running the package.\n","ACR-048":"Once RelevantKnowledge is installed, its service starts running in background without notifying user its running and lack of interface for user to disable the service.\n","ACR-010":"The RelevantKnowledge is bundled in deceptors . It is distributed by deceptors aggressively and widely. The example: TriSun Software Limited apps.\nSome deceptor examples:\nhxxps://1tree.info/p/1tree.zip\nhxxps://www.trisunsoft.com/files/webr.zip\nhxxps://www.trisunsoft.com/files/weso.zip\nhxxps://www.trisunsoft.com/files/wesc.zip\nhxxps://www.trisunsoft.com/files/werf.zip\n","ACR-084":"RK service running in background without user's awareness, and lack of interface for user to disable its service. \n","ACR-059":"RelevantKnowledge is not clearly marked as an optional offer. RK components are downloaded even consumers choose to decline during installation. The decline option is not truthful.\n","ACR-039":"RelevantKnowledge is usually installed by other applications. There are no clear indications of the relationship to the installer application. RelevantKnowledge is presented as a must-accept-offer in the installer application. \n","ACR-155":"RelevantKnowledge offer is designed to look like part of the install workflow. \n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"rk_setup_EN.exe","isInstaller":"True","companyName":"TMRG                                                        ","productName":"RelevantKnowledge","productVersion":"1.1.0","fileVersion":"1.1.0.0","hashMD5":"5f253092541445f2c54db1387cf2fa85","hashSHA1":"a5ddef500aa74d002acb435045f0333583b8c68d","hashSHA256":"5839a8ea8abb19d8211be61bbf07e9084aa214f8d029b733d5d65fb6b70acc54","digitalCertThumbprint":"D362EC5A4BE2AAB2A814455AD92B99021DA22C51","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"TMRG, Inc.\", O=\"TMRG, Inc.\", STREET=11950 Democracy Drive, STREET=Suite 600, L=Reston, S=Virginia, PostalCode=20190, C=US","sourceIndex":"1725","avBlockList":["360 Total Security (20240711)","Avast Premium Security (20240711)","AVG Internet Security (20240711)","Avira Internet Security (20240711)","Bitdefender Internet Security (20240711)","COMODO Antivirus (20240711)","Dr.Web Security Space (20240711)","ESET Internet Security (20240711)","G DATA INTERNET SECURITY (20240711)","K7 Total Security (20240711)","Kaspersky Internet Security (20240711)","Malwarebytes Premium (20240711)","Norton Security (20240711)","Panda Dome (20240711)","Quick Heal Internet Security (20240711)","Sophos Home Premium (20240711)","SpyHunter5 (20240711)","Tencent PC Manager (20220222)","Total AV Antivirus Pro (20240711)","VIPRE Advanced Security (20240711)","VirIT eXplorer PRO (20240711)","Webroot SecureAnywhere (20240711)","FortectPremium (20240711)"],"avAllowList":["McAfee Total Protection (20240711)","Trend Micro Internet Security (20240711)","Windows Defender (20240711)"]},{"isRevoked":"False","fileName":"spt_setup.exe","isInstaller":"True","companyName":"TMRG                                                        ","productName":"RelevantKnowledge","productVersion":"1.1.0","fileVersion":"1.1.0.0","hashMD5":"89c8796cd6169d14531791b7388bc0e9","hashSHA1":"473a91fc861a45122f9f60ee8cd807b57cd2f29d","hashSHA256":"53ef40c6950b12e766195905ffcc596d771b43398ad2eeb2f9a895ab5a8bb278","digitalCertThumbprint":"D362EC5A4BE2AAB2A814455AD92B99021DA22C51","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"TMRG, Inc.\", O=\"TMRG, Inc.\", STREET=11950 Democracy Drive, STREET=Suite 600, L=Reston, S=Virginia, PostalCode=20190, C=US","sourceIndex":"1725","avBlockList":["Avast Premium Security (20240702)","AVG Internet Security (20240702)","Avira Internet Security (20240702)","Bitdefender Internet Security (20240702)","COMODO Antivirus (20240702)","Dr.Web Security Space (20240702)","ESET Internet Security (20240702)","FortectPremium (20240702)","G DATA INTERNET SECURITY (20240702)","K7 Total Security (20240702)","Kaspersky Internet Security (20240702)","Malwarebytes Premium (20240702)","Norton Security (20240702)","Panda Dome (20240702)","Quick Heal Internet Security (20240702)","Sophos Home Premium (20240702)","SpyHunter5 (20240702)","Total AV Antivirus Pro (20240702)","VIPRE Advanced Security (20240702)","VirIT eXplorer PRO (20240702)","Webroot SecureAnywhere (20240702)"],"avAllowList":["360 Total Security (20240702)","McAfee Total Protection (20240702)","Trend Micro Internet Security (20240702)","Windows Defender (20240702)"]},{"isRevoked":"False","fileName":"rlls.dll","companyName":"TMRG,  Inc.","fileVersion":"4.0","hashMD5":"6919cb34edad7aa32b6e962e77a6433b","hashSHA1":"16410c9e2c995e20f20017e64c643ec4e4cd1781","hashSHA256":"992c006f1f39c20a704288a1132cc5e487146d425b0828e6532922a1703c3bb9","digitalCertThumbprint":"D362EC5A4BE2AAB2A814455AD92B99021DA22C51","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"TMRG, Inc.\", O=\"TMRG, Inc.\", STREET=11950 Democracy Drive, STREET=Suite 600, L=Reston, S=Virginia, PostalCode=20190, C=US","sourceIndex":"1725","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"rlls64.dll","companyName":"TMRG,  Inc.","fileVersion":"4.0","hashMD5":"429235b4777b153dd374ff949b18f06a","hashSHA1":"b439e671d325f846c06ccb1996d43618b4be65e2","hashSHA256":"ed9b500c2167cbd1b818a989cb2cc0b9f071a741f890f39638a27d89c0247693","digitalCertThumbprint":"D362EC5A4BE2AAB2A814455AD92B99021DA22C51","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"TMRG, Inc.\", O=\"TMRG, Inc.\", STREET=11950 Democracy Drive, STREET=Suite 600, L=Reston, S=Virginia, PostalCode=20190, C=US","sourceIndex":"1725","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"rlservice.exe","companyName":"TMRG,  Inc.","fileVersion":"1.1","hashMD5":"40bc7aaacab71f603662590a0028e827","hashSHA1":"10a4e3f3dc6aa7ed64eea38ef4bde3ed5dc8d651","hashSHA256":"999b29e03435c9527aa23c3196bc5c7e03c1232a18326d8a06cf304c27b023d3","digitalCertThumbprint":"D362EC5A4BE2AAB2A814455AD92B99021DA22C51","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"TMRG, Inc.\", O=\"TMRG, Inc.\", STREET=11950 Democracy Drive, STREET=Suite 600, L=Reston, S=Virginia, PostalCode=20190, C=US","sourceIndex":"1725","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"rlvknlg.exe","companyName":"TMRG,  Inc.","fileVersion":"1.3","hashMD5":"4895963f5a029d03e1d81cb71ad4168b","hashSHA1":"5420f3bec0794861702adafe263b8c985f026d14","hashSHA256":"74300003a4ea83f68d1eac7a7fe677f190d32eccf9bbbc8110ca6fca62612ec8","digitalCertThumbprint":"D362EC5A4BE2AAB2A814455AD92B99021DA22C51","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"TMRG, Inc.\", O=\"TMRG, Inc.\", STREET=11950 Democracy Drive, STREET=Suite 600, L=Reston, S=Virginia, PostalCode=20190, C=US","sourceIndex":"1725","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"rlvknlg32.exe","companyName":"TMRG,  Inc.","fileVersion":"1.0","hashMD5":"629d3c19cd65593f518986d240aac735","hashSHA1":"46384ebcd7dea578a8618a4c41b4bbd46b6b8a48","hashSHA256":"ed1341c1e6071a289b6fb56968228239d82f53ed9f46fd394683c927147d8595","digitalCertThumbprint":"D362EC5A4BE2AAB2A814455AD92B99021DA22C51","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"TMRG, Inc.\", O=\"TMRG, Inc.\", STREET=11950 Democracy Drive, STREET=Suite 600, L=Reston, S=Virginia, PostalCode=20190, C=US","sourceIndex":"1725","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"rlvknlg64.exe","companyName":"TMRG,  Inc.","fileVersion":"1.0","hashMD5":"d758f0f48ade788cf3ea60c6293c498a","hashSHA1":"1b71832bc8444caf71a3f2216c15152446369104","hashSHA256":"1a6354b9f7510e3bf3d2d122a42d963909c16460fb823b5f4803acd2162dddd6","digitalCertThumbprint":"D362EC5A4BE2AAB2A814455AD92B99021DA22C51","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"TMRG, Inc.\", O=\"TMRG, Inc.\", STREET=11950 Democracy Drive, STREET=Suite 600, L=Reston, S=Virginia, PostalCode=20190, C=US","sourceIndex":"1725","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Offer in deceptors","reference":"Trisun software bundler","landingPage":"https://www.relevantknowledge.com/","directDownloadingLink":"https://www.relevantknowledge.com/Download/rk_setup_EN.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.relevantknowledge.com/Download/rk_setup_EN.exe","sourceIndex":"1725"}],"sampleFiles":["220128/RelevantKnowledge-201010/1.1.0.0/Samples/rk_setup_EN.exe","220128/RelevantKnowledge-201010/1.1.0.0/Samples/spt_setup.exe","220128/RelevantKnowledge-201010/1.1.0.0/Samples/rlls.dll","220128/RelevantKnowledge-201010/1.1.0.0/Samples/rlls64.dll","220128/RelevantKnowledge-201010/1.1.0.0/Samples/rlservice.exe","220128/RelevantKnowledge-201010/1.1.0.0/Samples/rlvknlg.exe","220128/RelevantKnowledge-201010/1.1.0.0/Samples/rlvknlg32.exe","220128/RelevantKnowledge-201010/1.1.0.0/Samples/rlvknlg64.exe"],"imageFiles":["220128/RelevantKnowledge-201010/1.1.0.0/Images/ACR-039/1Tree Install.png","220128/RelevantKnowledge-201010/1.1.0.0/Images/ACR-039/dotNet Install.png","220128/RelevantKnowledge-201010/1.1.0.0/Images/ACR-039/WEPP Install.png","220128/RelevantKnowledge-201010/1.1.0.0/Images/ACR-039/RK_offer_decline.JPG","220128/RelevantKnowledge-201010/1.1.0.0/Images/ACR-042/RK Install Video.mp4","220128/RelevantKnowledge-201010/1.1.0.0/Images/ACR-042/RK_NetworkTraffic_beforeUserAccept.JPG","220128/RelevantKnowledge-201010/1.1.0.0/Images/ACR-048/RK_Service.JPG","220128/RelevantKnowledge-201010/1.1.0.0/Images/ACR-084/RK_Service.JPG","220128/RelevantKnowledge-201010/1.1.0.0/Images/ACR-155/RK Install Video.mp4","220128/RelevantKnowledge-201010/1.1.0.0/Images/ACR-059/RK Install Video.mp4","220128/RelevantKnowledge-201010/1.1.0.0/Images/ACR-059/RK_offer_decline.JPG"],"nonDeceptorImageFiles":[],"guid":"4a1d02da-9ad9-4919-9141-89e903b37b7f_1.1.0.0_1","appID":"RelevantKnowledge-201010","dateAdded":"240827","deceptorType":"App","name":"RelevantKnowledge","company":"RelevantKnowledge","version":"1.1.0.0","lastKnownStatus":"1.0.3.2;1.0.4.1;1.0.5.5;1.0.5.6;1.0.6.1;1.1.0.0;1.0.12.26;1.0.14.10;1.3.340.310","lastKnownDate":"240827","type":"Windows Executable","category":"SysTools & Utilities, Personalization & Search","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"sold in bundle","lastUpdate":"2024-08-27T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":5,"sortOrder":602},{"violations":{"ACR-042":"Before consumer makes decision, the installer app already starts to contact RelevantKnowledge service and attempts to download the package.\n","ACR-047":"Untruthful message repeatedly ask user to update to latest version, instead, it downloads the components of RelevantKnowledge. hxxp://post.securestudies.com/packages/RI1034/ContentI3.exe\nhxxp://post.securestudies.com/packages/RV0267/ContentV3.exe\n","ACR-003":"RelevantKnowledge is downloaded by misleading consumer that they need to update the installer application to latest version.\n","ACR-010":"The RelevantKnowledge is bundled in deceptors. It is distributed by deceptors aggressively and widely. The example: PCMateBundler (certs: e1caa9e850d616a0c2a245a157e0767a5ddcb431 & AB3BF705268399B80E815D612192384F5DEEE227 )\nsome deceptor examples:\nhxxp://freesoundrecorder.net\nhxxps://www.free-wifi-hotspot.com/download.php?t=freewifihotspotforwindows\nhxxps://windowsdownloads.xyz/2020/02/AutoClicker/FreeAutoClicker.exe\nhxxp://www.free-auto-clicker.com/FreeAutoClicker.exe\nhxxp://free-auto-clicker.com/FreeAutoClicker.exe\nhxxp://www.freemp3cutterjoiner.com/MP3CutterJoinerFree.exe\nhxxp://www.free-wifi-hotspot.com/FreeWiFiHotspot.exe\nhxxp://www.music-editor.net/VidMateVideoConverter.exe\nhxxp://music-editor.net/VidMateVideoConverter.exe\nhxxp://www.free-audio-editor.com/EasyAudioExtractor.exe\nhxxp://free-audio-editor.com/EasyAudioExtractor.exe\nhxxp://audio-tool.net/AudioConvertToolbox.exe\nhxxp://www.audio-tool.net/AudioConvertToolbox.exe\nhxxp://www.ocrtoword.com/FreeOCRtoWord.exe?\nhxxp://www.ocrtoword.com/FreeOCRtoWord.exe\nhxxp://www.free-sound-editor.com/PowerSoundEditorFree.exe\nhxxps://www.free-sound-editor.com/PowerSoundEditorFree.exe\n\n","ACR-017":"RelevantKnowldge is installed in fraudulent way by installer application. \n","ACR-119":"Monetization components are attempted to be installed after the installer application is uninstalled. The installer application stays in startup program and run whenever system restart and present the relevant Knowledge even user declined it before. \n","ACR-059":"RelevantKnowledge is not clearly marked as optional offer. But it is installed as a mandatory offer. RK components are downloaded even consumer choose to decline during install. \n","ACR-039":"RelevantKnowledge usually is installed by another applications. There is no clear indications of the relationship to the installer application. RelevantKnowledge is presented as the part of the installer application. Even consumer decline RelevantKnowledge app, it is still downloaded nevertheless.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"RKInstall_050620.exe","isInstaller":"True","companyName":"TMRG,  INC.","fileVersion":"1.0","hashMD5":"3e632d7f0392251dd0b3049734163f5c","hashSHA1":"1790248a7adfe26f3eb442aad693d2c02c2d00ec","hashSHA256":"5ce92e6504fded15eee3767b056997f4c595db8b057f3887a805a1c478ff8d96","digitalCertThumbprint":"D362EC5A4BE2AAB2A814455AD92B99021DA22C51","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"TMRG, Inc.\", O=\"TMRG, Inc.\", STREET=11950 Democracy Drive, STREET=Suite 600, L=Reston, S=Virginia, PostalCode=20190, C=US","sourceIndex":"2095","avBlockList":["360 Total Security (20240430)","Avast Premium Security (20240430)","AVG Internet Security (20240430)","Avira Internet Security (20240430)","Bitdefender Internet Security (20240430)","Dr.Web Security Space (20240430)","ESET Internet Security (20240430)","G DATA INTERNET SECURITY (20240430)","K7 Total Security (20240430)","Kaspersky Internet Security (20240430)","Malwarebytes Premium (20240430)","Norton Security (20240430)","Panda Dome (20240430)","Quick Heal Internet Security (20240430)","Sophos Home Premium (20240430)","SpyHunter5 (20240430)","Tencent PC Manager (20210204)","Total AV Antivirus Pro (20240430)","VIPRE Advanced Security (20240430)","VirIT eXplorer PRO (20240430)","Webroot SecureAnywhere (20240430)"],"avAllowList":["COMODO Antivirus (20240430)","McAfee Total Protection (20240430)","Trend Micro Internet Security (20240430)","Windows Defender (20240430)"]},{"isRevoked":"False","fileName":"RKInstall_051820.exe","isInstaller":"True","companyName":"TMRG,  INC.","fileVersion":"1.0","hashMD5":"53e0b8a1e570bae84ce2f72a1d889b81","hashSHA1":"e44adc04402681b7661a0d32b4db24f77afd90ca","hashSHA256":"34aa24656d5527a5ff1f7eb4ce4e782085618ded3766730c81f8f16a15d7e0ce","digitalCertThumbprint":"D362EC5A4BE2AAB2A814455AD92B99021DA22C51","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"TMRG, Inc.\", O=\"TMRG, Inc.\", STREET=11950 Democracy Drive, STREET=Suite 600, L=Reston, S=Virginia, PostalCode=20190, C=US","sourceIndex":"2095","avBlockList":["Avast Premium Security (20210204)","AVG Internet Security (20210204)","Bitdefender Internet Security (20210204)","COMODO Antivirus (20210204)","Dr.Web Security Space (20210204)","ESET Internet Security (20210204)","G DATA INTERNET SECURITY (20210204)","K7 Total Security (20210204)","Malwarebytes Premium (20210204)","Norton Security (20210204)","Panda Dome (20210204)","Sophos Home Premium (20210204)","SpyHunter5 (20210204)","Tencent PC Manager (20210204)","VIPRE Advanced Security (20210204)","VirIT eXplorer PRO (20210204)","Webroot SecureAnywhere (20210204)","Windows Defender (20210204)"],"avAllowList":["360 Total Security (20210204)","Avira Internet Security (20210204)","Kaspersky Internet Security (20210204)","McAfee Total Protection (20210204)","Quick Heal Internet Security (20210204)","Total AV Antivirus Pro (20210204)","Trend Micro Internet Security (20210204)"]},{"isRevoked":"False","fileName":"RKInstall_052919.exe","isInstaller":"True","companyName":"TMRG,  INC.","fileVersion":"1.0","hashMD5":"76d1bc443d9a01e017783b9a96b6079b","hashSHA1":"32cc7c8ee8d566fba4aa551a956c88764b7309b4","hashSHA256":"6a0b7e36ccfdeac71553f9df3470c5faccb4bd06c37bafea6df13bbc78fb5ca1","digitalCertThumbprint":"D362EC5A4BE2AAB2A814455AD92B99021DA22C51","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"TMRG, Inc.\", O=\"TMRG, Inc.\", STREET=11950 Democracy Drive, STREET=Suite 600, L=Reston, S=Virginia, PostalCode=20190, C=US","sourceIndex":"2095","avBlockList":["360 Total Security (20210204)","Avast Premium Security (20210204)","AVG Internet Security (20210204)","Avira Internet Security (20210204)","Bitdefender Internet Security (20210204)","Dr.Web Security Space (20210204)","ESET Internet Security (20210204)","G DATA INTERNET SECURITY (20210204)","K7 Total Security (20210204)","Kaspersky Internet Security (20210204)","Malwarebytes Premium (20210204)","Norton Security (20210204)","Panda Dome (20210204)","Sophos Home Premium (20210204)","SpyHunter5 (20210204)","Tencent PC Manager (20210204)","Total AV Antivirus Pro (20210204)","VIPRE Advanced Security (20210204)","VirIT eXplorer PRO (20210204)","Webroot SecureAnywhere (20210204)","Windows Defender (20210204)"],"avAllowList":["COMODO Antivirus (20210204)","McAfee Total Protection (20210204)","Quick Heal Internet Security (20210204)","Trend Micro Internet Security (20210204)"]},{"isRevoked":"False","fileName":"RKInstall_072720.exe","isInstaller":"True","companyName":"TMRG,  INC.","fileVersion":"1.0","hashMD5":"cf8361bd4360c31db7ed331a3e855576","hashSHA1":"406a31a34160e6e548e1d259f34fd7399d241462","hashSHA256":"13de78a2a66ae9ba3f464002de34bb065a4b730b490f2d0be147eb55989bc1db","digitalCertThumbprint":"D362EC5A4BE2AAB2A814455AD92B99021DA22C51","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"TMRG, Inc.\", O=\"TMRG, Inc.\", STREET=11950 Democracy Drive, STREET=Suite 600, L=Reston, S=Virginia, PostalCode=20190, C=US","sourceIndex":"2095","avBlockList":["Avast Premium Security (20210204)","AVG Internet Security (20210204)","Avira Internet Security (20210204)","Bitdefender Internet Security (20210204)","COMODO Antivirus (20210204)","Dr.Web Security Space (20210204)","ESET Internet Security (20210204)","G DATA INTERNET SECURITY (20210204)","K7 Total Security (20210204)","Kaspersky Internet Security (20210204)","Malwarebytes Premium (20210204)","Norton Security (20210204)","Panda Dome (20210204)","Quick Heal Internet Security (20210204)","Sophos Home Premium (20210204)","SpyHunter5 (20210204)","Tencent PC Manager (20210204)","Total AV Antivirus Pro (20210204)","VIPRE Advanced Security (20210204)","VirIT eXplorer PRO (20210204)","Webroot SecureAnywhere (20210204)","Windows Defender (20210204)"],"avAllowList":["360 Total Security (20210204)","McAfee Total Protection (20210204)","Trend Micro Internet Security (20210204)"]},{"isRevoked":"False","fileName":"rlls.dll","companyName":"TMRG,  Inc.","fileVersion":"4.0","hashMD5":"c6b44d17dac48e49de59f53184c4f4cb","hashSHA1":"0f51d2f3298285f033d4c2c30743c9b0d9ee2f62","hashSHA256":"4cbf7e8634a85c17062201fb10ad8fc9c9e1992509aabdeb9954103cdb7d2c64","digitalCertThumbprint":"D362EC5A4BE2AAB2A814455AD92B99021DA22C51","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"TMRG, Inc.\", O=\"TMRG, Inc.\", STREET=11950 Democracy Drive, STREET=Suite 600, L=Reston, S=Virginia, PostalCode=20190, C=US","sourceIndex":"2095","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"rlls64.dll","companyName":"TMRG,  Inc.","fileVersion":"4.0","hashMD5":"760d1f8466ffde4ea7ed36bd18102356","hashSHA1":"d87ce4c7b2ecc019a31feefe59d8cc98540aaccb","hashSHA256":"b4d421ef39364747e0d179c2d76869973b2e174befd7fca9eba1320760fcc340","digitalCertThumbprint":"D362EC5A4BE2AAB2A814455AD92B99021DA22C51","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"TMRG, Inc.\", O=\"TMRG, Inc.\", STREET=11950 Democracy Drive, STREET=Suite 600, L=Reston, S=Virginia, PostalCode=20190, C=US","sourceIndex":"2095","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"rlservice.exe","companyName":"TMRG,  Inc.","fileVersion":"1.1","hashMD5":"17fc9a65af9387b131e1644ba73601ad","hashSHA1":"e0e2960ba70725e853fb7ae2926d4c79f6005e93","hashSHA256":"5f23b2adf6ed61f485827abb25590ad6ebdfb2f6badd64becc4d641678fb70f6","digitalCertThumbprint":"D362EC5A4BE2AAB2A814455AD92B99021DA22C51","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"TMRG, Inc.\", O=\"TMRG, Inc.\", STREET=11950 Democracy Drive, STREET=Suite 600, L=Reston, S=Virginia, PostalCode=20190, C=US","sourceIndex":"2095","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"rlvknlg.exe","companyName":"TMRG,  Inc.","fileVersion":"1.3","hashMD5":"9b787481b79a181aee557267978a3b44","hashSHA1":"d920a2510de18a96e233db2ef162958d3be2e643","hashSHA256":"190d82908e219ccfd73120468db67c66c60e694a539fdab7726ee077ce5535fe","digitalCertThumbprint":"D362EC5A4BE2AAB2A814455AD92B99021DA22C51","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"TMRG, Inc.\", O=\"TMRG, Inc.\", STREET=11950 Democracy Drive, STREET=Suite 600, L=Reston, S=Virginia, PostalCode=20190, C=US","sourceIndex":"2095","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"rlvknlg32.exe","companyName":"TMRG,  Inc.","fileVersion":"1.0","hashMD5":"aeaa88b9b7a1a408b377fe1f998deb49","hashSHA1":"1f5a49ec2758bea87cb95d0be30652a04c379f1a","hashSHA256":"8c612abe9ee482cea324210aaab1f86c9187fa80375c43d92c36b7f7d46d8f09","digitalCertThumbprint":"D362EC5A4BE2AAB2A814455AD92B99021DA22C51","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"TMRG, Inc.\", O=\"TMRG, Inc.\", STREET=11950 Democracy Drive, STREET=Suite 600, L=Reston, S=Virginia, PostalCode=20190, C=US","sourceIndex":"2095","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"rlvknlg64.exe","companyName":"TMRG,  Inc.","fileVersion":"1.0","hashMD5":"f76a7b759e011b85cd0814076fcceace","hashSHA1":"ddedb9f81e4252a1c21238b70e21d20fffa296bb","hashSHA256":"7acc1f43614c8c7904de05cae73cadae73c37e2d6b1b88fb6b39e49f9f17b99f","digitalCertThumbprint":"D362EC5A4BE2AAB2A814455AD92B99021DA22C51","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"TMRG, Inc.\", O=\"TMRG, Inc.\", STREET=11950 Democracy Drive, STREET=Suite 600, L=Reston, S=Virginia, PostalCode=20190, C=US","sourceIndex":"2095","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"rkverify.exe","companyName":"T M R G  , INC.","fileVersion":"0.2","hashMD5":"60db193bce83f05363c874fec9b310c5","hashSHA1":"e1ceb44b70f37f47d92a02c113b59414ba346d81","hashSHA256":"10fb5a7c13814e3d45fabfe448ea1fd7e3a12fbded649385310b005cfe8ab18f","digitalCertThumbprint":"D362EC5A4BE2AAB2A814455AD92B99021DA22C51","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"TMRG, Inc.\", O=\"TMRG, Inc.\", STREET=11950 Democracy Drive, STREET=Suite 600, L=Reston, S=Virginia, PostalCode=20190, C=US","sourceIndex":"2095","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Offer in deceptors","reference":"PCMate bundler","landingPage":"offer in bundler","directDownloadingLink":"http://www.ocrtoword.com/FreeOCRtoWord.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://www.ocrtoword.com/FreeOCRtoWord.exe","sourceIndex":"2095"}],"sampleFiles":["240303/RelevantKnowledge-201010/1.0.6.1/Samples/RKInstall_050620.exe","240303/RelevantKnowledge-201010/1.0.6.1/Samples/RKInstall_051820.exe","240303/RelevantKnowledge-201010/1.0.6.1/Samples/RKInstall_052919.exe","240303/RelevantKnowledge-201010/1.0.6.1/Samples/RKInstall_072720.exe","240303/RelevantKnowledge-201010/1.0.6.1/Samples/rlls.dll","240303/RelevantKnowledge-201010/1.0.6.1/Samples/rlls64.dll","240303/RelevantKnowledge-201010/1.0.6.1/Samples/rlservice.exe","240303/RelevantKnowledge-201010/1.0.6.1/Samples/rlvknlg.exe","240303/RelevantKnowledge-201010/1.0.6.1/Samples/rlvknlg32.exe","240303/RelevantKnowledge-201010/1.0.6.1/Samples/rlvknlg64.exe","240303/RelevantKnowledge-201010/1.0.6.1/Samples/rkverify.exe"],"imageFiles":["240303/RelevantKnowledge-201010/1.0.6.1/Images/ACR-039/BundleAppInstallEx.PNG","240303/RelevantKnowledge-201010/1.0.6.1/Images/ACR-039/RKPresentedAsPartOfInstallerApp.PNG","240303/RelevantKnowledge-201010/1.0.6.1/Images/ACR-047/UntruthfulMsg.PNG","240303/RelevantKnowledge-201010/1.0.6.1/Images/ACR-042/ConnectRKBeforeInstall.PNG","240303/RelevantKnowledge-201010/1.0.6.1/Images/ACR-042/DLBeforeDiscloseAndUserAction.JPG","240303/RelevantKnowledge-201010/1.0.6.1/Images/ACR-003/UntruthfulMsg.PNG","240303/RelevantKnowledge-201010/1.0.6.1/Images/ACR-017/UntruthfulMsg.PNG","240303/RelevantKnowledge-201010/1.0.6.1/Images/ACR-119/StartupleftAfterUninstall.JPG","240303/RelevantKnowledge-201010/1.0.6.1/Images/ACR-119/UdpatePromptCantDismissed.JPG","240303/RelevantKnowledge-201010/1.0.6.1/Images/ACR-059/RKPresentedAsPartOfInstallerApp.PNG"],"nonDeceptorImageFiles":[],"guid":"4a1d02da-9ad9-4919-9141-89e903b37b7f_1.0.6.1_1","appID":"RelevantKnowledge-201010","dateAdded":"240827","deceptorType":"App","name":"RelevantKnowledge","company":"RelevantKnowledge","version":"1.0.6.1","sigName":"Deceptor:Win32/RelevantKnowledge!039047042003010017119059","lastKnownStatus":"1.0.3.2;1.0.4.1;1.0.5.5;1.0.5.6;1.0.6.1;1.1.0.0;1.0.12.26;1.0.14.10;1.3.340.310","lastKnownDate":"240827","type":"Windows Executable","category":"SysTools & Utilities, Personalization & Search","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"sold in bundle","lastUpdate":"2024-08-27T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":5,"sortOrder":603},{"violations":{},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"FreeWiFiRouter.exe","isInstaller":"True","companyName":"FreeWiFiRouter Co., Ltd.                                    ","fileVersion":"0.0","hashMD5":"322453dfd7ef2386d8ea4b4708edde5f","hashSHA1":"97239df91c9d4fcaa5347f975f844d6086bc3b16","hashSHA256":"93b5e1cdb8fcd72ce90be76157a9f192cdae8b70db7477d8a2e5deb95cfb16ee","sourceIndex":"567","avBlockList":["360 Total Security (20240917)","Avast Premium Security (20240917)","AVG Internet Security (20240917)","Avira Internet Security (20240917)","Bitdefender Internet Security (20240917)","COMODO Antivirus (20240917)","Dr.Web Security Space (20240917)","ESET Internet Security (20240917)","FortectPremium (20240917)","G DATA INTERNET SECURITY (20240917)","K7 Total Security (20240917)","KasperskyPremium (20240917)","Malwarebytes Premium (20240917)","McAfee Total Protection (20240917)","Norton Security (20240917)","Panda Dome (20240917)","Quick Heal Internet Security (20240917)","Sophos Home Premium (20240917)","SpyHunter5 (20240917)","Total AV Antivirus Pro (20240917)","Trend Micro Internet Security (20240917)","VIPRE Advanced Security (20240917)","VirIT eXplorer PRO (20240917)","Webroot SecureAnywhere (20240917)"],"avAllowList":["Windows Defender (20240917)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunted on RK Installer","reference":"","landingPage":"https://freewifirouter.com/","directDownloadingLink":"https://freewifirouter.com/FreeWiFiRouter.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://freewifirouter.com/FreeWiFiRouter.exe","sourceIndex":"567"}],"sampleFiles":["240827/FreeWiFiRouter-231121/08.21.2024/Samples/FreeWiFiRouter.exe"],"imageFiles":[],"nonDeceptorImageFiles":[],"guid":"f9f02c3d-0f18-49a8-90a9-8824e2f3a03c_08.21.2024_1","appID":"FreeWiFiRouter-231121","dateAdded":"240827","deceptorType":"Bundler","name":"Free WiFi Router","company":"FreeWiFiRouter Co., Ltd.","version":"08.21.2024","lastKnownStatus":"8.8.2.4;08.21.2024","lastKnownDate":"240827","type":"Windows Executable","lastUpdate":"2024-08-27T23:08:45.7480063+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":604},{"violations":{"ACR-109":"The app downloads \"rk_setup.exe\", a RelevantKnowledge file before disclosure and without the consumer's consent\n","ACR-047":"After the app is installed, it prompts the user with an \"Important!\" message to use a \"new version to avoid malfunctions\". This installs the same version of the app and re-runs the install and the offers that the consumer has previously declined\n","ACR-048":"The app does not provide any control to turn off/remove update notification and no option to remove the startup item\n","ACR-010":"The app distributes deceptor application. The offer in this app, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software\n","ACR-083":"The apps attempt to present the offer repeatedly via its update and startup.\n","ACR-084":" The app creates a startup entry without the user's knowledge and consent\n","ACR-118":"Upon uninstallation, it retains some of its components on the device without the user's knowledge and consent\n","ACR-057":"The app bundles the \"Relevant Knowledge\" offer which does not allow the consumer to decline the offer\n","ACR-071":"It attempts to force the acceptance of \"Relevant Knowledge\" by graying out the Next button when the user choose to Decline. Thus, forcing the user to only accept the offer and proceed with the installation\n","ACR-075":"After the app is installed, it prompts the user with an \"Important!\" message to use a \"new version to avoid malfunctions\". This installs the same version of the app and re-runs the install and the offers that the user has previously declined\n","ACR-014":"After the app is installed, it misleads the user with an \"Important!\" message to use a \"new version to avoid malfunctions\". This installs the same version of the app and re-runs the install and the offers that the user has previously declined\n","ACR-059":"Offer not clearly marked as an offer. Instead, it is presented as a component of the carrier.\n","ACR-155":"Offers are designed to look like part of the install workflow\n"},"nonDeceptorViolations":{"ACR-106":"App offers deceptive application 'Relevant Knowledge market survey\n","ACR-092":" The app does not have a valid digital signature for the installer and other executables\n","ACR-123":"The app does not remove dropped root certificates and startup item even after uninstalling\n"},"samples":[{"isRevoked":"False","fileName":"FreeWiFiRouter.exe","isInstaller":"True","companyName":"FreeWiFiRouter Co. Ltd.                                    ","productName":"Free WiFi Router                                            ","productVersion":"                                                  ","fileVersion":"                    ","hashMD5":"ea2a6e820f8a4c39265133b72f2c6c75","hashSHA1":"eb242f1fc82f0b8ee94abec7a47e990cf04a1440","hashSHA256":"badc2ca01e7c706e042ca401dfda79f52f21d6e7610e71fe9acac5c833a56e06","digitalCertThumbprint":"E323A663BC722856F054FADEE2B07EA215692ED4","digitalCertIssuer":"Sectigo Public Code Signing CA EV R36","digitalCertIssuedTo":"Beijing QingSoft Creative Information Technology Co. Ltd.","storeId":"","sourceIndex":"717","avBlockList":["360 Total Security (20240829)","Avast Premium Security (20240829)","AVG Internet Security (20240829)","Avira Internet Security (20240829)","Bitdefender Internet Security (20240829)","COMODO Antivirus (20240829)","Dr.Web Security Space (20240829)","ESET Internet Security (20240829)","G DATA INTERNET SECURITY (20240829)","K7 Total Security (20240829)","Kaspersky Internet Security (20240620)","Malwarebytes Premium (20240829)","McAfee Total Protection (20240829)","Norton Security (20240829)","Panda Dome (20240829)","Quick Heal Internet Security (20240829)","Sophos Home Premium (20240829)","SpyHunter5 (20240829)","Total AV Antivirus Pro (20240829)","Trend Micro Internet Security (20240829)","VIPRE Advanced Security (20240829)","VirIT eXplorer PRO (20240829)","Webroot SecureAnywhere (20240829)","Windows Defender (20240829)","FortectPremium (20240829)","KasperskyPremium (20240829)"],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunted on RK Installer","reference":"","landingPage":"https://freewifirouter.com/","directDownloadingLink":"https://freewifirouter.com/FreeWiFiRouter.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://freewifirouter.com/FreeWiFiRouter.exe","sourceIndex":"717"}],"sampleFiles":["240307/FreeWiFiRouter-231121/8.8.2.4/Samples/FreeWiFiRouter.exe"],"imageFiles":["240307/FreeWiFiRouter-231121/8.8.2.4/Images/ACR-109/ACR-109_Install_1.png","240307/FreeWiFiRouter-231121/8.8.2.4/Images/ACR-010/ACR-010_Install_1.png","240307/FreeWiFiRouter-231121/8.8.2.4/Images/ACR-013/ACR-013_Install_1.png","240307/FreeWiFiRouter-231121/8.8.2.4/Images/ACR-083/ACR-083_Software_1.png","240307/FreeWiFiRouter-231121/8.8.2.4/Images/ACR-083/ACR-083_Software_2.png","240307/FreeWiFiRouter-231121/8.8.2.4/Images/ACR-084/ACR-084_Software_1.png","240307/FreeWiFiRouter-231121/8.8.2.4/Images/ACR-048/ACR-048_Software_1.png","240307/FreeWiFiRouter-231121/8.8.2.4/Images/ACR-048/ACR-048_Software_2.png","240307/FreeWiFiRouter-231121/8.8.2.4/Images/ACR-014/ACR-014_Software_1.png","240307/FreeWiFiRouter-231121/8.8.2.4/Images/ACR-014/ACR-014_Software_2.png","240307/FreeWiFiRouter-231121/8.8.2.4/Images/ACR-118/ACR-118_Uninstall_1.png","240307/FreeWiFiRouter-231121/8.8.2.4/Images/ACR-118/ACR-118_Uninstall_2.png","240307/FreeWiFiRouter-231121/8.8.2.4/Images/ACR-075/ACR-075_Bundler-made offers_1.png","240307/FreeWiFiRouter-231121/8.8.2.4/Images/ACR-075/ACR-075_Bundler-made offers_2.png","240307/FreeWiFiRouter-231121/8.8.2.4/Images/ACR-057/ACR-057_Bundler-made offers_1.png","240307/FreeWiFiRouter-231121/8.8.2.4/Images/ACR-059/ACR-059_Bundler-made offers_1.png","240307/FreeWiFiRouter-231121/8.8.2.4/Images/ACR-060/ACR-060_Bundler-made offers_1.png","240307/FreeWiFiRouter-231121/8.8.2.4/Images/ACR-071/ACR-071_Bundler-made offers_1.png","240307/FreeWiFiRouter-231121/8.8.2.4/Images/ACR-155/ACR-155_Bundler-made offers_1.png","240307/FreeWiFiRouter-231121/8.8.2.4/Images/ACR-047/ACR-047_Bundler-made offers_1.png","240307/FreeWiFiRouter-231121/8.8.2.4/Images/ACR-047/ACR-047_Bundler-made offers_2.png"],"nonDeceptorImageFiles":["240307/FreeWiFiRouter-231121/8.8.2.4/Images/ACR-106/ACR-106_Software_1.png","240307/FreeWiFiRouter-231121/8.8.2.4/Images/ACR-092/ACR-092_Software_1.png","240307/FreeWiFiRouter-231121/8.8.2.4/Images/ACR-092/ACR-092_Software_2.png","240307/FreeWiFiRouter-231121/8.8.2.4/Images/ACR-123/ACR-123_Uninstall_1.png","240307/FreeWiFiRouter-231121/8.8.2.4/Images/ACR-123/ACR-123_Uninstall_2.png"],"guid":"f9f02c3d-0f18-49a8-90a9-8824e2f3a03c_8.8.2.4_1","appID":"FreeWiFiRouter-231121","dateAdded":"240827","deceptorType":"Bundler","name":"Free WiFi Router","company":"FreeWiFiRouter Co., Ltd.","version":"8.8.2.4","lastKnownStatus":"8.8.2.4;08.21.2024","lastKnownDate":"240827","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"cross-sell other apps,install offers","lastUpdate":"2024-08-27T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":605},{"violations":{"ACR-048":"Once user choose to accept RK to install, no way to exit the installation, the standard close option is disabled.\n","ACR-007":"1. Application doesn't notify all the affected parties for the data collected from the system software installed. Although the party who installed the software accept the statement during software installation, the affected parties still need to be notified when their online behavior data is collected. \n2. The app does not obtain user informed consent to reduce the consumer's security posture caused by installing a trusted root certificates\n","ACR-013":"Application doesn't obtain the explicit informed user consent for running RK setup. The \"next\" misleads user that it is required for continue installation. It is misleadingly presented as mandatory component that user has to agree for install the application. \n","ACR-084":"1. After RK installed, it is immediately minimized to systray without notifying user its service is running, and its service running in background without user's awareness. User has no idea how to close the service if they don't check the hidden icon under systray. \n2. After User choose to \"Quit\" RK. Its service (rlservice.exe) is still running in background without user awareness and having no clue how to complete close the application.\n","ACR-118":"Multiple executable files are left after application has been uninstalled.\n","ACR-039":"RelevantKnowledge is usually installed by other applications. Although it is presented as an optional download during installation, user can't proceed the installation without accept it.  The Decline option doesn't enable \"next\" to proceed install the software that user choose, which misleads user that they have to choose accept.\n","ACR-155":"RelevantKnowledge offer is designed to look like part of the install workflow. User is misled that they have to choose \"Accept\" to proceed installation of the software they choose. The \"Decline\" doesn't enable user to proceed the installation of the software\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"rk_setup_EN.exe","isInstaller":"True","companyName":"TMRG                                                        ","fileVersion":"1.1","hashMD5":"3b7d4e97375023744e43b144a8b1d855","hashSHA1":"9f27dc4fad5b67b922ace53a10c99ceb42680582","hashSHA256":"22f5a156c6773fff499f9e1c1f4986ddbf7fa1ec66981d301a4582ee69e7b4e2","digitalCertThumbprint":"9E8BAD8B8FF388AE7C360DA59231961CC469F3A1","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=\"TMRG, Inc\", O=\"TMRG, Inc\", L=Reston, S=Virginia, C=US","sourceIndex":"569","avBlockList":["360 Total Security (20241008)","Avast Premium Security (20241008)","AVG Internet Security (20241008)","Avira Internet Security (20241008)","Bitdefender Internet Security (20241008)","COMODO Antivirus (20241008)","ESET Internet Security (20241008)","FortectPremium (20241008)","G DATA INTERNET SECURITY (20241008)","K7 Total Security (20241008)","KasperskyPremium (20241008)","Malwarebytes Premium (20241008)","McAfee Total Protection (20241008)","Norton Security (20241008)","Panda Dome (20241008)","Quick Heal Internet Security (20241008)","Sophos Home Premium (20241008)","SpyHunter5 (20241008)","Total AV Antivirus Pro (20241008)","VIPRE Advanced Security (20241008)","VirIT eXplorer PRO (20241008)","Webroot SecureAnywhere (20241008)"],"avAllowList":["Dr.Web Security Space (20241008)","Trend Micro Internet Security (20241008)","Windows Defender (20241008)"]},{"isRevoked":"False","fileName":"rlls.dll","companyName":"TMRG,  Inc.","fileVersion":"4.0","hashMD5":"0019c97989541a682f85b94567fafce5","hashSHA1":"75091c135e2cac4e51a0c96d53d76be5511720df","hashSHA256":"b6cdabe85eef397a57071a27a4c7df77c0ddcef6af9736adcd2022466a356da6","digitalCertThumbprint":"8A0B9F56E594181329741D549D529DEA98C225BB","digitalCertIssuer":"CN=Sectigo Public Code Signing CA R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=\"TMRG, Inc.\", O=\"TMRG, Inc.\", S=Virginia, C=US","sourceIndex":"569","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"rlls64.dll","companyName":"TMRG,  Inc.","fileVersion":"4.0","hashMD5":"ddcdd44a790e377202a537d82873b197","hashSHA1":"58b4f2747e3e8abe3269b95a8d470c56f7654675","hashSHA256":"6fc0c31a41609eed02c628df0f72901255ee3cb91cd84db9d11aa293d2f1895d","digitalCertThumbprint":"8A0B9F56E594181329741D549D529DEA98C225BB","digitalCertIssuer":"CN=Sectigo Public Code Signing CA R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=\"TMRG, Inc.\", O=\"TMRG, Inc.\", S=Virginia, C=US","sourceIndex":"569","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"rlph.dll","companyName":"TMRG,  Inc.","fileVersion":"1.0","hashMD5":"366048503dcf3a6b709b6bf960a2e6b5","hashSHA1":"1d45fed62c9d334552c3292a51f671629fb2ff27","hashSHA256":"b3e9afc4bb3f194153db4e113611d35b80d27527479f252ed48af868c2d9703d","digitalCertThumbprint":"8A0B9F56E594181329741D549D529DEA98C225BB","digitalCertIssuer":"CN=Sectigo Public Code Signing CA R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=\"TMRG, Inc.\", O=\"TMRG, Inc.\", S=Virginia, C=US","sourceIndex":"569","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"rlvknlg.exe","companyName":"TMRG,  Inc.","fileVersion":"1.3","hashMD5":"969ae0fb8d881fa7876f0ec3e7ce7178","hashSHA1":"f1d24f7bc22db5ee6d0b701192f55dcb238ccf34","hashSHA256":"134e5904ba356fc088df35ffeb6df571ef86e82e6525ea9346560d5e648ea6a7","digitalCertThumbprint":"8A0B9F56E594181329741D549D529DEA98C225BB","digitalCertIssuer":"CN=Sectigo Public Code Signing CA R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=\"TMRG, Inc.\", O=\"TMRG, Inc.\", S=Virginia, C=US","sourceIndex":"569","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"rlvknlg32.exe","companyName":"TMRG,  Inc.","fileVersion":"1.0","hashMD5":"db737c3c6387bbd84ca2faf56c29c1ac","hashSHA1":"01c2857a2037b1e05e1652160fe47561a12bbc7a","hashSHA256":"c930a3acb364504a9a14f8a6a097ee72e52d323b3bf69e2aeea6d9994dcaf8c4","digitalCertThumbprint":"8A0B9F56E594181329741D549D529DEA98C225BB","digitalCertIssuer":"CN=Sectigo Public Code Signing CA R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=\"TMRG, Inc.\", O=\"TMRG, Inc.\", S=Virginia, C=US","sourceIndex":"569","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"rlvknlg64.exe","companyName":"TMRG,  Inc.","fileVersion":"1.0","hashMD5":"5b3ee9e756154370785e23b9363d5149","hashSHA1":"6719495a049252940a71885197f02b77e5808ac6","hashSHA256":"0b93fe6bab84deb0d24f1a5f8a160f3fde0595e57f8841238c3c6097746ad6a3","digitalCertThumbprint":"8A0B9F56E594181329741D549D529DEA98C225BB","digitalCertIssuer":"CN=Sectigo Public Code Signing CA R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=\"TMRG, Inc.\", O=\"TMRG, Inc.\", S=Virginia, C=US","sourceIndex":"569","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"rlservice.exe","companyName":"TMRG,  Inc.","fileVersion":"1.1","hashMD5":"e43d2eafac2c83d99b90fa0384c3246e","hashSHA1":"10f7a003f4ada626ac23ea7ee56f9e9785f13919","hashSHA256":"0124d3fdd9e47e563711591a6ab159cf09c03d1da48a92dc131de9cce9fc1c60","digitalCertThumbprint":"8A0B9F56E594181329741D549D529DEA98C225BB","digitalCertIssuer":"CN=Sectigo Public Code Signing CA R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=\"TMRG, Inc.\", O=\"TMRG, Inc.\", S=Virginia, C=US","sourceIndex":"569","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Offer in deceptors","reference":"PCMate bundler","landingPage":"offer in bundler","directDownloadingLink":"http://www.ocrtoword.com/FreeOCRtoWord.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://www.ocrtoword.com/FreeOCRtoWord.exe","sourceIndex":"569"}],"sampleFiles":["240827/RelevantKnowledge-201010/1.3.340.310/Samples/rk_setup_EN.exe","240827/RelevantKnowledge-201010/1.3.340.310/Samples/rlls.dll","240827/RelevantKnowledge-201010/1.3.340.310/Samples/rlls64.dll","240827/RelevantKnowledge-201010/1.3.340.310/Samples/rlph.dll","240827/RelevantKnowledge-201010/1.3.340.310/Samples/rlvknlg.exe","240827/RelevantKnowledge-201010/1.3.340.310/Samples/rlvknlg32.exe","240827/RelevantKnowledge-201010/1.3.340.310/Samples/rlvknlg64.exe","240827/RelevantKnowledge-201010/1.3.340.310/Samples/rlservice.exe"],"imageFiles":["240827/RelevantKnowledge-201010/1.3.340.310/Images/ACR-039/ACR-039_Install_1.png","240827/RelevantKnowledge-201010/1.3.340.310/Images/ACR-048/ACR-048_Software_1.png","240827/RelevantKnowledge-201010/1.3.340.310/Images/ACR-007/ACR-007_Software_1.png","240827/RelevantKnowledge-201010/1.3.340.310/Images/ACR-007/ACR-007_Software_2.png","240827/RelevantKnowledge-201010/1.3.340.310/Images/ACR-084/ACR-084_Software_1.png","240827/RelevantKnowledge-201010/1.3.340.310/Images/ACR-084/ACR-084_Software_2.png","240827/RelevantKnowledge-201010/1.3.340.310/Images/ACR-084/ACR-084_Software_3.png","240827/RelevantKnowledge-201010/1.3.340.310/Images/ACR-118/ACR-118_Uninstall_1.png","240827/RelevantKnowledge-201010/1.3.340.310/Images/ACR-118/ACR-118_Uninstall_2.png","240827/RelevantKnowledge-201010/1.3.340.310/Images/ACR-013/ACR-013_Install_1.png"],"nonDeceptorImageFiles":[],"guid":"4a1d02da-9ad9-4919-9141-89e903b37b7f_1.3.340.310_1","appID":"RelevantKnowledge-201010","dateAdded":"240827","deceptorType":"App","name":"RelevantKnowledge","company":"RelevantKnowledge","version":"1.3.340.310","lastKnownStatus":"1.0.3.2;1.0.4.1;1.0.5.5;1.0.5.6;1.0.6.1;1.1.0.0;1.0.12.26;1.0.14.10;1.3.340.310","lastKnownDate":"240827","type":"Windows Executable","category":"SysTools & Utilities, Personalization & Search","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"sold in bundle","lastUpdate":"2024-08-27T20:40:49.2531162+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":5,"sortOrder":599},{"violations":{"ACR-003":"The app uses traffic light colors and gauges to raise an exaggerated sense of urgency for the consumer, thereby misleading or scaring the consumer to take action.\n","ACR-004":"1. The app applies traffic light colors and gauges in free scanning result,  it is unsubstantiated and exaggerates the sense of urgency for the consumer.\n2. Outdated driver reported is not substantiated (driver version missing, new driver version and data missing)\n3. The application doesn't provide a free fix (driver update) instead offering a subscription that the user needs to pay to fix it.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components on the device without the consumer's consent or notifying the user.\n","ACR-014":"1. The app uses traffic light colors and gauges to raise an exaggerated sense of urgency for the consumer, thereby misleading or scaring the consumer to take action.\n2. In the scan summary page the statement \"Upgrade to paid version to update '0' more drivers\" is misleading as it seems to suggest that despite upgrading the user can not update the drivers.\n3. The app displays 2 same startups in the task manager, thereby showing an extra/duplicate startup.\n"},"nonDeceptorViolations":{"ACR-040":"The app drops some of its components in a hidden folder \"C:\\Users\\User\\AppData\\Local\\Temp\"\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\Winoids Driver Fixer\\Winoids.exe","companyName":"","productName":"","productVersion":"0.0.0.0","fileVersion":"0.0.0.0","hashMD5":"22f6a989f565fecd99572d96c272f02e","hashSHA1":"c2b61b2654e9248b7c433f97375fee3b41c4ed59","hashSHA256":"6109e6625a6547c854b2c1e7d2accf9ce69d78d15e47deffa6e4839cad52dc74","digitalCertThumbprint":"CD398DFA60754073AD973D0686A8FC4ED5AF7795","digitalCertIssuer":"Sectigo Public Code Signing CA EV R36","digitalCertIssuedTo":"Compsquad LLC","storeId":"","sourceIndex":"576","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"WinoidsDriverFixerSetup.exe","isInstaller":"True","companyName":"Winoids Driver Updater","productName":"Winoids Driver Fixer","productVersion":"1.2.0.0","fileVersion":"1.2.0.0","hashMD5":"f3af55ccb1bf0ebe10af94936c6cd5f0","hashSHA1":"af75159f8d9783abb772f145ab8094b73b9c26a3","hashSHA256":"2bded1925ecfbc7c50080c2cdb0b673101a57ef6b6985efb4da14df8bc3815e9","digitalCertThumbprint":"CD398DFA60754073AD973D0686A8FC4ED5AF7795","digitalCertIssuer":"Sectigo Public Code Signing CA EV R36","digitalCertIssuedTo":"Compsquad LLC","storeId":"","sourceIndex":"576","avBlockList":["360 Total Security (20240820)","Avast Premium Security (20240820)","AVG Internet Security (20240820)","Avira Internet Security (20240820)","Bitdefender Internet Security (20240820)","COMODO Antivirus (20240820)","ESET Internet Security (20240820)","G DATA INTERNET SECURITY (20240820)","K7 Total Security (20240820)","Malwarebytes Premium (20240820)","McAfee Total Protection (20240820)","Norton Security (20240820)","Panda Dome (20240820)","Sophos Home Premium (20240820)","SpyHunter5 (20240820)","Total AV Antivirus Pro (20240820)","Trend Micro Internet Security (20240820)","VIPRE Advanced Security (20240820)","VirIT eXplorer PRO (20240820)","Webroot SecureAnywhere (20240820)","Windows Defender (20240820)","FortectPremium (20240820)"],"avAllowList":["Dr.Web Security Space (20240820)","Kaspersky Internet Security (20240530)","Quick Heal Internet Security (20240820)","KasperskyPremium (20240820)"]},{"isRevoked":"False","fileName":"WinoidsDriverFixerSetup_080724.exe","isInstaller":"True","companyName":"Winoids Driver Updater","fileVersion":"1.2","hashMD5":"fe62da89242cf0410838884607f09f27","hashSHA1":"5d2005e6be661db004b721188d321b44d5324e18","hashSHA256":"61c4d64e0fca2638203c21c02961734451bf5e24e3f9f3e5b1d9cdb293ce33e9","digitalCertThumbprint":"CD398DFA60754073AD973D0686A8FC4ED5AF7795","digitalCertIssuer":"CN=Sectigo Public Code Signing CA EV R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=Compsquad LLC, O=Compsquad LLC, S=California, C=US, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.2=California, OID.1.3.6.1.4.1.311.60.2.1.3=US, SERIALNUMBER=202203810603","sourceIndex":"576","avBlockList":["360 Total Security (20240829)","Avast Premium Security (20240829)","AVG Internet Security (20240829)","Avira Internet Security (20240829)","Bitdefender Internet Security (20240829)","ESET Internet Security (20240829)","FortectPremium (20240829)","G DATA INTERNET SECURITY (20240829)","K7 Total Security (20240829)","Malwarebytes Premium (20240829)","McAfee Total Protection (20240829)","Norton Security (20240829)","Panda Dome (20240829)","Quick Heal Internet Security (20240829)","Sophos Home Premium (20240829)","SpyHunter5 (20240829)","Total AV Antivirus Pro (20240829)","VIPRE Advanced Security (20240829)","VirIT eXplorer PRO (20240829)","Webroot SecureAnywhere (20240829)","Windows Defender (20240829)"],"avAllowList":["COMODO Antivirus (20240829)","Dr.Web Security Space (20240829)","KasperskyPremium (20240829)","Trend Micro Internet Security (20240829)"]},{"isRevoked":"False","fileName":"Winoids_080724.exe","fileVersion":"1.0","hashMD5":"c9f0033666cb0b7ef412127a6683aca5","hashSHA1":"a5d144125da3a7bfc71e232bc696a51b5edf2698","hashSHA256":"04eb62a1431ede80486efb80759afc77ab042d5761c2838ea41e948ac908cbd6","digitalCertThumbprint":"CD398DFA60754073AD973D0686A8FC4ED5AF7795","digitalCertIssuer":"CN=Sectigo Public Code Signing CA EV R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=Compsquad LLC, O=Compsquad LLC, S=California, C=US, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.2=California, OID.1.3.6.1.4.1.311.60.2.1.3=US, SERIALNUMBER=202203810603","sourceIndex":"576","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunting","reference":"","landingPage":"https://www.winoids.com/product","directDownloadingLink":"https://www.winoids.com/WinoidsDriverFixerSetup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.winoids.com/WinoidsDriverFixerSetup.exe","sourceIndex":"576"}],"sampleFiles":["240807/WinoidsDriverFixer-240426/1.2.0.0/Samples/WinoidsDriverFixerSetup.exe","240807/WinoidsDriverFixer-240426/1.2.0.0/Samples/WinoidsDriverFixerSetup_080724.exe","240807/WinoidsDriverFixer-240426/1.2.0.0/Samples/Winoids_080724.exe"],"imageFiles":["240807/WinoidsDriverFixer-240426/1.2.0.0/Images/ACR-004/ACR-004.PNG","240807/WinoidsDriverFixer-240426/1.2.0.0/Images/ACR-004/ACR-004_1.PNG","240807/WinoidsDriverFixer-240426/1.2.0.0/Images/ACR-004/ACR-004_2.PNG","240807/WinoidsDriverFixer-240426/1.2.0.0/Images/ACR-004/ACR-004_3.PNG","240807/WinoidsDriverFixer-240426/1.2.0.0/Images/ACR-003/ACR-003.PNG","240807/WinoidsDriverFixer-240426/1.2.0.0/Images/ACR-003/ACR-003_1.PNG","240807/WinoidsDriverFixer-240426/1.2.0.0/Images/ACR-014/ACR-014.PNG","240807/WinoidsDriverFixer-240426/1.2.0.0/Images/ACR-014/ACR-014_1.PNG","240807/WinoidsDriverFixer-240426/1.2.0.0/Images/ACR-014/ACR-014_2.PNG","240807/WinoidsDriverFixer-240426/1.2.0.0/Images/ACR-118/ACR-118.PNG"],"nonDeceptorImageFiles":["240807/WinoidsDriverFixer-240426/1.2.0.0/Images/ACR-040/ACR-040.PNG"],"guid":"f3f2470b-ec69-42d0-a7df-41fb47262fbd_1.2.0.0_1","appID":"WinoidsDriverFixer-240426","dateAdded":"240807","deceptorType":"App","name":"Winoids Driver Fixer","company":"Winoids Driver Updater","version":"1.2.0.0","lastKnownStatus":"1.2.0.0","lastKnownDate":"240807","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10,Windows 11","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2024-08-07T17:16:12.9608233+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":606},{"violations":{"ACR-109":"The application silently installs \"K-Lite Codec Pack\" before the user chooses and agrees to install or without disclosing the relationship to the app during installation.\n","ACR-042":"1. The application silently installs the \"K-Lite Codec Pack\" without disclosing the relationship to the app during installation.\n2. Open source projects \"FFmpeg\" and \"Qt5\" are installed without any disclosure in EULA.\n","ACR-043":"1. The application silently installs the \"K-Lite Codec Pack\" without disclosing the relationship to the app during installation.\n2. Open source projects \"FFmpeg\" and \"Qt5\" are installed without any disclosure in EULA.\n","ACR-107":"The app does not obtain any authorization for using third-party components: \"K-Lite Codec Pack\", \"FFmpeg\" and \"Qt5\"\n","ACR-048":"The app does not provide any control to remove the scheduled task within the app's settings.\n","ACR-004":"The application doesn't provide a free fix for the recovery instead offering the subscription payment option to recovery the reported files.\n","ACR-084":"The app creates an undisclosed scheduled task to perform an action without the user's knowledge and consent\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components it installed on the device without the consumer's consent or notifying the user.\n","ACR-039":"The app installs the \"K-Lite Codec Pack\" without disclosing the relationship to the app during installation.\n","ACR-165":"The app does not mention clearly that the Auto-renewal policy and does not disclose whether there might be a change in price after the subscription period.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"StellarDataRecovery-H.exe","isInstaller":"True","companyName":"Stellar Information Technology Pvt Ltd.                     ","productName":"Stellar Data Recovery                                       ","productVersion":"11.0.0.8                                          ","fileVersion":"11.0.0.8            ","hashMD5":"a7bb376857a5d30e49dd847f9ef98724","hashSHA1":"1cd75ddf7fb1e985e83398d1331c39e699475d07","hashSHA256":"d54ad45f4aa02141e095a6f71b9e92554d914396fc0627340fc0403919235e1c","digitalCertThumbprint":"CBDD73B7B7C27DE9E7ED76771C777D5F0A646A76","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Stellar Information Technology Private Limited","storeId":"","sourceIndex":"583","avBlockList":["360 Total Security (20241001)","Avast Premium Security (20241001)","AVG Internet Security (20241001)","Avira Internet Security (20241001)","ESET Internet Security (20241001)","K7 Total Security (20241001)","Norton Security (20241001)","Panda Dome (20241001)","Quick Heal Internet Security (20241001)","Sophos Home Premium (20241001)","SpyHunter5 (20241001)","Total AV Antivirus Pro (20241001)","VirIT eXplorer PRO (20241001)","Webroot SecureAnywhere (20241001)"],"avAllowList":["Bitdefender Internet Security (20241001)","COMODO Antivirus (20241001)","Dr.Web Security Space (20241001)","FortectPremium (20240822)","G DATA INTERNET SECURITY (20241001)","KasperskyPremium (20241001)","Malwarebytes Premium (20241001)","McAfee Total Protection (20241001)","Trend Micro Internet Security (20241001)","VIPRE Advanced Security (20241001)","Windows Defender (20241001)"]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on windows app","reference":"","landingPage":"https://www.stellarinfo.com/","directDownloadingLink":"https://www.stellarinfo.com/thankyou/wdrstd/thankyou.php?c=us","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.stellarinfo.com/thankyou/wdrstd/thankyou.php?c=us","sourceIndex":"583"}],"sampleFiles":["240730/StellarDataRecovery-240312/11.0.0.8/Samples/StellarDataRecovery-H.exe"],"imageFiles":["240730/StellarDataRecovery-240312/11.0.0.8/Images/ACR-109/ACR-109.PNG","240730/StellarDataRecovery-240312/11.0.0.8/Images/ACR-109/ACR-109_1.PNG","240730/StellarDataRecovery-240312/11.0.0.8/Images/ACR-039/ACR-039.PNG","240730/StellarDataRecovery-240312/11.0.0.8/Images/ACR-039/ACR-039_1.PNG","240730/StellarDataRecovery-240312/11.0.0.8/Images/ACR-043/ACR-043.PNG","240730/StellarDataRecovery-240312/11.0.0.8/Images/ACR-043/ACR-043_1.PNG","240730/StellarDataRecovery-240312/11.0.0.8/Images/ACR-043/ACR-043_2.PNG","240730/StellarDataRecovery-240312/11.0.0.8/Images/ACR-043/ACR-043_3.PNG","240730/StellarDataRecovery-240312/11.0.0.8/Images/ACR-107/ACR-107.PNG","240730/StellarDataRecovery-240312/11.0.0.8/Images/ACR-107/ACR-107_1.PNG","240730/StellarDataRecovery-240312/11.0.0.8/Images/ACR-107/ACR-107_2.PNG","240730/StellarDataRecovery-240312/11.0.0.8/Images/ACR-107/ACR-107_3.PNG","240730/StellarDataRecovery-240312/11.0.0.8/Images/ACR-042/ACR-042.PNG","240730/StellarDataRecovery-240312/11.0.0.8/Images/ACR-042/ACR-042_1.PNG","240730/StellarDataRecovery-240312/11.0.0.8/Images/ACR-042/ACR-042_2.PNG","240730/StellarDataRecovery-240312/11.0.0.8/Images/ACR-042/ACR-042_3.PNG","240730/StellarDataRecovery-240312/11.0.0.8/Images/ACR-004/ACR-004.PNG","240730/StellarDataRecovery-240312/11.0.0.8/Images/ACR-004/ACR-004_1.PNG","240730/StellarDataRecovery-240312/11.0.0.8/Images/ACR-084/ACR-084.PNG","240730/StellarDataRecovery-240312/11.0.0.8/Images/ACR-048/ACR-048.PNG","240730/StellarDataRecovery-240312/11.0.0.8/Images/ACR-048/ACR-048_1.PNG","240730/StellarDataRecovery-240312/11.0.0.8/Images/ACR-118/ACR-118.PNG","240730/StellarDataRecovery-240312/11.0.0.8/Images/ACR-165/ACR-165.PNG"],"nonDeceptorImageFiles":[],"guid":"5d9ed1e0-3e07-420c-9658-71ecbfee6bee_11.0.0.8_1","appID":"StellarDataRecovery-240312","dateAdded":"240730","deceptorType":"App","name":"Stellar Data Recovery","company":"Stellar Information Technology Pvt Ltd.","version":"11.0.0.8","lastKnownStatus":"11.0.0.6;11.0.0.8","lastKnownDate":"240730","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows Vista,Windows 7,Windows XP,Windows 8,Windows 10,Windows 11","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2024-07-30T17:59:42.7579382+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":607},{"violations":{"ACR-109":"The application silently installs \"K-Lite Codec Pack\" before the user chooses and agrees to install or without disclosing the relationship to the app during installation.\n","ACR-042":"1. The application silently installs the \"K-Lite Codec Pack\" without disclosing the relationship to the app during installation.\n2. Open source projects \"FFmpeg\" and \"Qt5\" are installed without any disclosure in EULA.\n","ACR-043":"1. The application silently installs the \"K-Lite Codec Pack\" without disclosing the relationship to the app during installation.\n2. Open source projects \"FFmpeg\" and \"Qt5\" are installed without any disclosure in EULA.\n","ACR-107":"The app does not obtain any authorization for using third-party components: \"K-Lite Codec Pack\", \"FFmpeg\" and \"Qt5\"\n","ACR-048":"The app does not provide any control to remove the scheduled task within the app's settings.\n","ACR-004":"The application doesn't provide a free fix for the recovery instead offering the subscription payment option to recovery the reported files.\n","ACR-084":"The app creates an undisclosed scheduled task to perform an action without the user's knowledge and consent\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components it installed on the device without the consumer's consent or notifying the user.\n","ACR-039":"The app installs the \"K-Lite Codec Pack\" without disclosing the relationship to the app during installation.\n","ACR-165":"The app does not mention clearly that the Auto-renewal policy and does not disclose whether there might be a change in price after the subscription period.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files\\Stellar Data Recovery\\StellarDataRecovery.exe","companyName":"","productName":"","productVersion":"","fileVersion":"","hashMD5":"ee64276b826e68282c43daac6c42ac00","hashSHA1":"4f2338ee17024d1750ab4ffa6cd66aaea3483b3e","hashSHA256":"966ec0845cbcff69c64959dce2f0f78aeaeb47dccbbf0de27208ef56556370e3","digitalCertThumbprint":"CBDD73B7B7C27DE9E7ED76771C777D5F0A646A76","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Stellar Information Technology Private Limited","storeId":"","sourceIndex":"715","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"StellarDataRecovery-H.exe","isInstaller":"True","companyName":"Stellar Information Technology Pvt Ltd.                     ","productName":"Stellar Data Recovery                                       ","productVersion":"11.0.0.6                                          ","fileVersion":"11.0.0.6            ","hashMD5":"9ea3aab016a5310a8c0001af6924d54d","hashSHA1":"08da9bffbfff53493f01f7bd02654080477377b8","hashSHA256":"19efd0a338456eddea09d85ddef198f4f8782b53a065a588804c9fbaa72c375c","digitalCertThumbprint":"CBDD73B7B7C27DE9E7ED76771C777D5F0A646A76","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Stellar Information Technology Private Limited","storeId":"","sourceIndex":"715","avBlockList":["Avast Premium Security (20240815)","AVG Internet Security (20240815)","Avira Internet Security (20240815)","ESET Internet Security (20240815)","K7 Total Security (20240815)","Norton Security (20240815)","Panda Dome (20240815)","Sophos Home Premium (20240815)","SpyHunter5 (20240815)","Total AV Antivirus Pro (20240815)","VirIT eXplorer PRO (20240815)"],"avAllowList":["360 Total Security (20240815)","Bitdefender Internet Security (20240815)","COMODO Antivirus (20240815)","Dr.Web Security Space (20240815)","G DATA INTERNET SECURITY (20240815)","Kaspersky Internet Security (20240620)","Malwarebytes Premium (20240815)","McAfee Total Protection (20240815)","Quick Heal Internet Security (20240815)","Trend Micro Internet Security (20240815)","VIPRE Advanced Security (20240815)","Webroot SecureAnywhere (20240815)","Windows Defender (20240815)","FortectPremium (20240815)","KasperskyPremium (20240815)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt on Data recovery applications","reference":"","landingPage":"https://www.stellarinfo.com/","directDownloadingLink":"https://www.stellarinfo.com/thankyou/wdrstd/thankyou.php?c=us","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.stellarinfo.com/thankyou/wdrstd/thankyou.php?c=us","sourceIndex":"715"}],"sampleFiles":["240313/StellarDataRecovery-240312/11.0.0.6/Samples/StellarDataRecovery-H.exe"],"imageFiles":["240313/StellarDataRecovery-240312/11.0.0.6/Images/ACR-109/ACR-109.PNG","240313/StellarDataRecovery-240312/11.0.0.6/Images/ACR-109/ACR-109_1.PNG","240313/StellarDataRecovery-240312/11.0.0.6/Images/ACR-039/ACR-039.PNG","240313/StellarDataRecovery-240312/11.0.0.6/Images/ACR-039/ACR-039_1.PNG","240313/StellarDataRecovery-240312/11.0.0.6/Images/ACR-043/ACR-043.PNG","240313/StellarDataRecovery-240312/11.0.0.6/Images/ACR-043/ACR-043_1.PNG","240313/StellarDataRecovery-240312/11.0.0.6/Images/ACR-043/ACR-043_2.PNG","240313/StellarDataRecovery-240312/11.0.0.6/Images/ACR-043/ACR-043_3.PNG","240313/StellarDataRecovery-240312/11.0.0.6/Images/ACR-107/ACR-107.PNG","240313/StellarDataRecovery-240312/11.0.0.6/Images/ACR-107/ACR-107_1.PNG","240313/StellarDataRecovery-240312/11.0.0.6/Images/ACR-107/ACR-107_2.PNG","240313/StellarDataRecovery-240312/11.0.0.6/Images/ACR-107/ACR-107_3.PNG","240313/StellarDataRecovery-240312/11.0.0.6/Images/ACR-042/ACR-042.PNG","240313/StellarDataRecovery-240312/11.0.0.6/Images/ACR-042/ACR-042_1.PNG","240313/StellarDataRecovery-240312/11.0.0.6/Images/ACR-042/ACR-042_2.PNG","240313/StellarDataRecovery-240312/11.0.0.6/Images/ACR-042/ACR-042_3.PNG","240313/StellarDataRecovery-240312/11.0.0.6/Images/ACR-004/ACR-004_3.PNG","240313/StellarDataRecovery-240312/11.0.0.6/Images/ACR-004/ACR-004_4.PNG","240313/StellarDataRecovery-240312/11.0.0.6/Images/ACR-084/ACR-084.PNG","240313/StellarDataRecovery-240312/11.0.0.6/Images/ACR-048/ACR-048.PNG","240313/StellarDataRecovery-240312/11.0.0.6/Images/ACR-048/ACR-048_1.PNG","240313/StellarDataRecovery-240312/11.0.0.6/Images/ACR-118/ACR-118.PNG","240313/StellarDataRecovery-240312/11.0.0.6/Images/ACR-165/ACR-165.PNG"],"nonDeceptorImageFiles":[],"guid":"5d9ed1e0-3e07-420c-9658-71ecbfee6bee_11.0.0.6_1","appID":"StellarDataRecovery-240312","dateAdded":"240730","deceptorType":"App","name":"Stellar Data Recovery","company":"Stellar Information Technology Pvt Ltd.","version":"11.0.0.6","lastKnownStatus":"11.0.0.6;11.0.0.8","lastKnownDate":"240730","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows Vista,Windows 7,Windows XP,Windows 8,Windows 10,Windows 11","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2024-07-30T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":608},{"violations":{"ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software.\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software.\n","ACR-014":"When the \"Skip All\" option in the offer is clicked, it displays another prompt with a statement: \"Are you sure you want to quit PowerISO 8.8 setup?\" which misleads the user to think that the powerISO app installation will not proceed without accepting the offers.\n","ACR-155":"Offers are designed to look like part of the install workflow\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"PowerISO8-x64.exe","isInstaller":"True","companyName":"Power Software Ltd","productName":"PowerISO Setup","productVersion":"8.8.0.0","fileVersion":"8.8.0.0","hashMD5":"d97f67727477fe53ad6ccfa39a105e73","hashSHA1":"fa22f77021312b68bd367eb1a18b6d0452e35661","hashSHA256":"7d767e17246f7c418cfb080bf3dd95f707f69eabd7588befa02bc22b9ffc9193","digitalCertThumbprint":"A93D73E5EE4823415B2D7B5EA0AB40853810D620","digitalCertIssuer":"SSL.com Code Signing Intermediate CA RSA R1","digitalCertIssuedTo":"Power Software Limited","storeId":"","sourceIndex":"585","avBlockList":["Avira Internet Security (20240919)","Bitdefender Internet Security (20240919)","COMODO Antivirus (20240919)","ESET Internet Security (20240919)","FortectPremium (20240919)","G DATA INTERNET SECURITY (20240919)","K7 Total Security (20240919)","KasperskyPremium (20240919)","Malwarebytes Premium (20240919)","Norton Security (20240919)","Panda Dome (20240919)","Quick Heal Internet Security (20240919)","Sophos Home Premium (20240919)","SpyHunter5 (20240919)","VIPRE Advanced Security (20240919)","VirIT eXplorer PRO (20240919)","Webroot SecureAnywhere (20240919)"],"avAllowList":["360 Total Security (20240919)","Avast Premium Security (20240919)","AVG Internet Security (20240919)","Dr.Web Security Space (20240919)","McAfee Total Protection (20240919)","Total AV Antivirus Pro (20240919)","Trend Micro Internet Security (20240919)","Windows Defender (20240919)"]},{"isRevoked":"False","fileName":"PowerISO8.exe","isInstaller":"True","companyName":"Power Software Ltd","productName":"PowerISO Setup","productVersion":"8.8.0.0","fileVersion":"8.8.0.0","hashMD5":"51508b5686d652016a6d062e4f9ae016","hashSHA1":"6b956a4a7a9aeb281da3aac0209e060a8ee0338e","hashSHA256":"cfa70f51a334341d766e3205fe89bed59ccd06f6de2ff706893b2f884f5b796c","digitalCertThumbprint":"A93D73E5EE4823415B2D7B5EA0AB40853810D620","digitalCertIssuer":"SSL.com Code Signing Intermediate CA RSA R1","digitalCertIssuedTo":"Power Software Limited","storeId":"","sourceIndex":"585","avBlockList":["Avira Internet Security (20241001)","Bitdefender Internet Security (20241001)","COMODO Antivirus (20241001)","Dr.Web Security Space (20241001)","ESET Internet Security (20241001)","FortectPremium (20241001)","G DATA INTERNET SECURITY (20241001)","K7 Total Security (20241001)","KasperskyPremium (20241001)","Malwarebytes Premium (20241001)","Norton Security (20241001)","Panda Dome (20241001)","Quick Heal Internet Security (20241001)","Sophos Home Premium (20241001)","SpyHunter5 (20241001)","VirIT eXplorer PRO (20241001)","Webroot SecureAnywhere (20241001)"],"avAllowList":["360 Total Security (20241001)","Avast Premium Security (20241001)","AVG Internet Security (20241001)","McAfee Total Protection (20241001)","Total AV Antivirus Pro (20241001)","Trend Micro Internet Security (20241001)","VIPRE Advanced Security (20241001)","Windows Defender (20241001)"]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on windows app","reference":"PUPnMB","landingPage":"https://www.poweriso.com/","directDownloadingLink":"https://www.poweriso.com/download.htm","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.poweriso.com/download.htm","sourceIndex":"585"}],"sampleFiles":["240725/PowerISO-180306/8.8/Samples/PowerISO8-x64.exe","240725/PowerISO-180306/8.8/Samples/PowerISO8.exe"],"imageFiles":["240725/PowerISO-180306/8.8/Images/ACR-013/ACR-013.PNG","240725/PowerISO-180306/8.8/Images/ACR-013/ACR-013_1.PNG","240725/PowerISO-180306/8.8/Images/ACR-060/ACR-060.PNG","240725/PowerISO-180306/8.8/Images/ACR-060/ACR-060_1.PNG","240725/PowerISO-180306/8.8/Images/ACR-014/ACR-014.PNG","240725/PowerISO-180306/8.8/Images/ACR-014/ACR-014_1.PNG","240725/PowerISO-180306/8.8/Images/ACR-155/ACR-155.PNG","240725/PowerISO-180306/8.8/Images/ACR-155/ACR-155_1.PNG"],"nonDeceptorImageFiles":[],"guid":"ac1ad976-308d-4392-98a9-3ee3b07ceedc_8.8_1","appID":"PowerISO-180306","dateAdded":"240725","deceptorType":"App","name":"PowerISO","company":"Power Software Ltd.","version":"8.8","lastKnownStatus":"8.6.0.0;8.8","lastKnownDate":"240725","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2024-07-25T22:19:50.4670751+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":609},{"violations":{"ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software.\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software.\n","ACR-118":"When the user attempts to completely uninstall the application, some components are retained on the device without the user's consent.\n"},"nonDeceptorViolations":{"ACR-065":"The application's install wizard has no link to the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThe application has no link to a webpage that shows the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThe application's landing page has no link to the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThe application's internal offer webpage has no link to a website that shows the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\n","ACR-099":"The application has no link to a webpage that shows how to uninstall the app.\nThe application's landing page has no link to a webpage that shows how to uninstall the app.\nThe application's internal offer webpage has no link to a webpage that shows how to uninstall the app.\n","ACR-167":"The application's EULA has no mention of a 30 days refund policy.\n"},"samples":[{"isRevoked":"False","fileName":"PowerISO8-x64.exe","isInstaller":"True","companyName":"Power Software Ltd","fileVersion":"8.6","hashMD5":"7513a757a9b43ceda8d7614dcc73957e","hashSHA1":"26f283f8b0e4900974a629ec9b567db989186d77","hashSHA256":"29a96e7b461b21fe4c2a037798aaa9adce3b047a1a81e486352a090e1dba2656","digitalCertThumbprint":"A93D73E5EE4823415B2D7B5EA0AB40853810D620","digitalCertIssuer":"CN=SSL.com Code Signing Intermediate CA RSA R1, O=SSL Corp, L=Houston, S=Texas, C=US","digitalCertIssuedTo":"CN=Power Software Limited, O=Power Software Limited, L=Sheung Wan, C=HK","sourceIndex":"877","avBlockList":["Avast Premium Security (20240801)","AVG Internet Security (20240801)","Avira Internet Security (20240801)","Bitdefender Internet Security (20240801)","COMODO Antivirus (20240801)","Dr.Web Security Space (20240801)","ESET Internet Security (20240801)","G DATA INTERNET SECURITY (20240801)","K7 Total Security (20240801)","Kaspersky Internet Security (20240222)","Malwarebytes Premium (20240801)","Norton Security (20240801)","Panda Dome (20240801)","Quick Heal Internet Security (20240801)","Sophos Home Premium (20240801)","SpyHunter5 (20240801)","Total AV Antivirus Pro (20240801)","VIPRE Advanced Security (20240801)","VirIT eXplorer PRO (20240801)","Webroot SecureAnywhere (20240801)","FortectPremium (20240801)","KasperskyPremium (20240801)"],"avAllowList":["360 Total Security (20240801)","McAfee Total Protection (20240801)","Trend Micro Internet Security (20240801)","Windows Defender (20240801)"]},{"isRevoked":"False","fileName":"PowerISO8.exe","isInstaller":"True","companyName":"Power Software Ltd","fileVersion":"8.6","hashMD5":"64b0b34e3c3219b1b3d7687c5804bd05","hashSHA1":"62ac72a029c911236ef2a844d02f4ca0c72077ef","hashSHA256":"7cf74b58caaeb417c010c01d9d585cdaa6069b897f07d695b255586109fde49f","digitalCertThumbprint":"A93D73E5EE4823415B2D7B5EA0AB40853810D620","digitalCertIssuer":"CN=SSL.com Code Signing Intermediate CA RSA R1, O=SSL Corp, L=Houston, S=Texas, C=US","digitalCertIssuedTo":"CN=Power Software Limited, O=Power Software Limited, L=Sheung Wan, C=HK","sourceIndex":"877","avBlockList":["Avast Premium Security (20240806)","AVG Internet Security (20240806)","Avira Internet Security (20240806)","Bitdefender Internet Security (20240806)","COMODO Antivirus (20240806)","Dr.Web Security Space (20240806)","ESET Internet Security (20240806)","G DATA INTERNET SECURITY (20240806)","K7 Total Security (20240806)","Kaspersky Internet Security (20240222)","Malwarebytes Premium (20240806)","Norton Security (20240806)","Panda Dome (20240806)","Quick Heal Internet Security (20240806)","Sophos Home Premium (20240806)","SpyHunter5 (20240806)","Total AV Antivirus Pro (20240806)","VIPRE Advanced Security (20240806)","VirIT eXplorer PRO (20240806)","Webroot SecureAnywhere (20240806)","FortectPremium (20240806)","KasperskyPremium (20240806)"],"avAllowList":["360 Total Security (20240806)","McAfee Total Protection (20240806)","Trend Micro Internet Security (20240806)","Windows Defender (20240806)"]}],"additionalFiles":[],"sources":[{"howFound":"dotnet setup","reference":"","landingPage":"https://www.poweriso.net/","directDownloadingLink":"https://www.poweriso.net/PowerISO8-x64.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.poweriso.net/PowerISO8-x64.exe","sourceIndex":"877"}],"sampleFiles":["231004/PowerISO-180306/8.6.0.0/Samples/PowerISO8-x64.exe","231004/PowerISO-180306/8.6.0.0/Samples/PowerISO8.exe"],"imageFiles":["231004/PowerISO-180306/8.6.0.0/Images/ACR-118/ACR-118.jpg","231004/PowerISO-180306/8.6.0.0/Images/ACR-013/OptionalOffer.jpg","231004/PowerISO-180306/8.6.0.0/Images/ACR-013/OptionalOffer-2.jpg","231004/PowerISO-180306/8.6.0.0/Images/ACR-060/OptionalOffer.jpg","231004/PowerISO-180306/8.6.0.0/Images/ACR-060/OptionalOffer-2.jpg"],"nonDeceptorImageFiles":["231004/PowerISO-180306/8.6.0.0/Images/ACR-065/Install_PowerISo.jpg","231004/PowerISO-180306/8.6.0.0/Images/ACR-065/About_PowerISo.jpg","231004/PowerISO-180306/8.6.0.0/Images/ACR-065/LP_PowerISO.png","231004/PowerISO-180306/8.6.0.0/Images/ACR-065/InternalOffer_PowerISO.png","231004/PowerISO-180306/8.6.0.0/Images/ACR-099/About_PowerISo.jpg","231004/PowerISO-180306/8.6.0.0/Images/ACR-099/LP_PowerISO.png","231004/PowerISO-180306/8.6.0.0/Images/ACR-099/InternalOffer_PowerISO.png","231004/PowerISO-180306/8.6.0.0/Images/ACR-167/EULA_PowerISO.jpeg"],"guid":"ac1ad976-308d-4392-98a9-3ee3b07ceedc_8.6.0.0_1","appID":"PowerISO-180306","dateAdded":"240725","deceptorType":"App","name":"PowerISO","company":"Power Software Ltd.","version":"8.6.0.0","lastKnownStatus":"8.6.0.0;8.8","lastKnownDate":"240725","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2024-07-25T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":610},{"violations":{"ACR-042":" App drops hidden file/potential offer app info in hidden folder without user permission\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"frostwire-6.12.0.windows.exe","isInstaller":"True","fileVersion":"6.12","hashMD5":"102995a5b58de2cfc017d677ecc049f7","hashSHA1":"5aa25caa49ef2cffc1032db01f9c3ffcd811db41","hashSHA256":"57fad42313274c164223c20cbb1483bd40218d0a614b78e5618a02b83892405f","digitalCertThumbprint":"D9136C425626F5A27821BC3ED4FB330CE6F9B3F5","digitalCertIssuer":"CN=Domain The Net Technologies Ltd CA for Code Signing R2, O=Domain The Net Technologies Ltd, C=IL","digitalCertIssuedTo":"CN=FrostWire LLC, O=FrostWire LLC, L=Miami Beach, S=Florida, C=US","sourceIndex":"1065","avBlockList":["360 Total Security (20240725)","Avira Internet Security (20240725)","COMODO Antivirus (20240725)","Dr.Web Security Space (20240725)","ESET Internet Security (20240725)","G DATA INTERNET SECURITY (20240725)","Kaspersky Internet Security (20240725)","Malwarebytes Premium (20240725)","Norton Security (20240725)","Panda Dome (20240725)","Sophos Home Premium (20240725)","SpyHunter5 (20240725)","Total AV Antivirus Pro (20240725)","VirIT eXplorer PRO (20240725)","Webroot SecureAnywhere (20240725)","FortectPremium (20240725)"],"avAllowList":["Avast Premium Security (20240725)","AVG Internet Security (20240725)","Bitdefender Internet Security (20240725)","K7 Total Security (20240725)","McAfee Total Protection (20240725)","Quick Heal Internet Security (20240725)","Trend Micro Internet Security (20240725)","VIPRE Advanced Security (20240725)","Windows Defender (20240725)"]},{"isRevoked":"False","fileName":"FrostWire.exe","companyName":"FrostWire","fileVersion":"1.0","hashMD5":"3548534fe1326cc27f9481195ee43056","hashSHA1":"7ab036e17c59e7513894dc49288f7bbb55a85bb7","hashSHA256":"28124e3395fa42f326fe5b3f59e1f50568adb729ea1c7c211c07e0b52441c9b8","sourceIndex":"1065","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Download Sites - Uptodownload.com","reference":"","landingPage":"https://www.frostwire.com/","directDownloadingLink":"https://www.frostwire.com/download/?os=windows","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.frostwire.com/download/?os=windows","sourceIndex":"1065"}],"sampleFiles":["230601/FrostWire-220517/6.12.0/Samples/frostwire-6.12.0.windows.exe","230601/FrostWire-220517/6.12.0/Samples/FrostWire.exe"],"imageFiles":["230601/FrostWire-220517/6.12.0/Images/ACR-042/ACR-042.jpg","230601/FrostWire-220517/6.12.0/Images/ACR-013/Offer.jpg","230601/FrostWire-220517/6.12.0/Images/ACR-060/Offer.jpg"],"nonDeceptorImageFiles":[],"guid":"41ed223c-c2f5-4e4f-8709-7a1c0e001587_6.12.0_1","appID":"FrostWire-220517","dateAdded":"240722","deceptorType":"App","name":"Frostwire","company":"FrostWire LLC","version":"6.12.0","lastKnownStatus":"6.11.0;6.12.0;6.13.0;6.13.2","lastKnownDate":"240722","type":"Windows Executable","category":"Bundlers & Downloaders","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2024-07-22T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":6,"sortOrder":614},{"violations":{"ACR-042":" App drops hidden file/potential offer app info in hidden folder without user permission\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"frostwire-6.13.1.windows.exe","isInstaller":"True","fileVersion":"6.13","hashMD5":"e680a7190fb8fb96a7c1af4042d415dd","hashSHA1":"eef7647129bf0883a4c38f91bb20687306360cdc","hashSHA256":"5b0ea1ba6adcfe97dee43d8fd9af9ba966e955b16dac84eb9c564858bafea2c2","digitalCertThumbprint":"D9136C425626F5A27821BC3ED4FB330CE6F9B3F5","digitalCertIssuer":"CN=Domain The Net Technologies Ltd CA for Code Signing R2, O=Domain The Net Technologies Ltd, C=IL","digitalCertIssuedTo":"CN=FrostWire LLC, O=FrostWire LLC, L=Miami Beach, S=Florida, C=US","sourceIndex":"776","avBlockList":["360 Total Security (20240801)","Avira Internet Security (20240801)","Bitdefender Internet Security (20240801)","COMODO Antivirus (20240801)","Dr.Web Security Space (20240801)","ESET Internet Security (20240801)","G DATA INTERNET SECURITY (20240801)","Kaspersky Internet Security (20240521)","Malwarebytes Premium (20240801)","Norton Security (20240801)","Panda Dome (20240801)","Sophos Home Premium (20240801)","SpyHunter5 (20240801)","Total AV Antivirus Pro (20240801)","VIPRE Advanced Security (20240801)","VirIT eXplorer PRO (20240801)","Webroot SecureAnywhere (20240801)","FortectPremium (20240801)","KasperskyPremium (20240801)"],"avAllowList":["Avast Premium Security (20240801)","AVG Internet Security (20240801)","K7 Total Security (20240801)","McAfee Total Protection (20240801)","Quick Heal Internet Security (20240801)","Trend Micro Internet Security (20240801)","Windows Defender (20240801)"]},{"isRevoked":"False","fileName":"frostwire-6.13.1.windows_231103.exe","isInstaller":"True","fileVersion":"6.13","hashMD5":"0dc9197c35373469d95226a135c12684","hashSHA1":"40da22b920f3ebc137be182e36d7c517c2add458","hashSHA256":"582b346b6f140bcaecf02608b26761dd3f4b3809b49ffa195d8c1e7bee73946a","digitalCertThumbprint":"ABD9D5320A12728F8CBA287A858FF561391EAD37","digitalCertIssuer":"CN=Domain The Net Technologies Ltd CA for Code Signing R2, O=Domain The Net Technologies Ltd, C=IL","digitalCertIssuedTo":"CN=FrostWire LLC, O=FrostWire LLC, L=Miami Beach, S=Florida, C=US","sourceIndex":"776","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"frostwire-6.13.1.windows_231109.exe","isInstaller":"True","fileVersion":"6.13","hashMD5":"c0594b030c65f0238a373ac5bc8fc6f2","hashSHA1":"3dae6142e777139b67e59db5cf0b08c1bdb3b5b4","hashSHA256":"86b1cc6caecabadd8706511b80916fb3f4e03b7fc40e61d9eeddb8fb49627859","digitalCertThumbprint":"ABD9D5320A12728F8CBA287A858FF561391EAD37","digitalCertIssuer":"CN=Domain The Net Technologies Ltd CA for Code Signing R2, O=Domain The Net Technologies Ltd, C=IL","digitalCertIssuedTo":"CN=FrostWire LLC, O=FrostWire LLC, L=Miami Beach, S=Florida, C=US","sourceIndex":"776","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"frostwire-6.13.1.windows_231226.exe","isInstaller":"True","fileVersion":"6.13","hashMD5":"ee25164276804dc7c7d3c4bf1d45577d","hashSHA1":"df0cd57f11d1e822f1e8505570cef2ada33cf362","hashSHA256":"4d824e052cfd7aac94e4ea6cf8935431139732e990ab543f55922075aa9eaec4","digitalCertThumbprint":"ABD9D5320A12728F8CBA287A858FF561391EAD37","digitalCertIssuer":"CN=Domain The Net Technologies Ltd CA for Code Signing R2, O=Domain The Net Technologies Ltd, C=IL","digitalCertIssuedTo":"CN=FrostWire LLC, O=FrostWire LLC, L=Miami Beach, S=Florida, C=US","sourceIndex":"776","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Download Sites - Uptodownload.com","reference":"","landingPage":"https://www.frostwire.com/","directDownloadingLink":"https://www.frostwire.com/download/?os=windows","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.frostwire.com/download/?os=windows","sourceIndex":"776"}],"sampleFiles":["231226/FrostWire-220517/6.13.1/Samples/frostwire-6.13.1.windows.exe","231226/FrostWire-220517/6.13.1/Samples/frostwire-6.13.1.windows_231103.exe","231226/FrostWire-220517/6.13.1/Samples/frostwire-6.13.1.windows_231109.exe","231226/FrostWire-220517/6.13.1/Samples/frostwire-6.13.1.windows_231226.exe"],"imageFiles":["231226/FrostWire-220517/6.13.1/Images/ACR-042/ACR-042.jpg","231226/FrostWire-220517/6.13.1/Images/ACR-013/OptionalOffer.jpg","231226/FrostWire-220517/6.13.1/Images/ACR-060/OptionalOffer.jpg"],"nonDeceptorImageFiles":[],"guid":"41ed223c-c2f5-4e4f-8709-7a1c0e001587_6.13.1_1","appID":"FrostWire-220517","dateAdded":"240722","deceptorType":"App","name":"Frostwire","company":"FrostWire LLC","version":"6.13.1","lastKnownStatus":"6.11.0;6.12.0;6.13.0;6.13.2","lastKnownDate":"240722","type":"Windows Executable","category":"Bundlers & Downloaders","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2024-07-22T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":6,"sortOrder":612},{"violations":{"ACR-042":" App drops hidden file/potential offer app info in hidden folder without user permission\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"frostwire-6.13.1.windows.exe","isInstaller":"True","fileVersion":"6.13","hashMD5":"e680a7190fb8fb96a7c1af4042d415dd","hashSHA1":"eef7647129bf0883a4c38f91bb20687306360cdc","hashSHA256":"5b0ea1ba6adcfe97dee43d8fd9af9ba966e955b16dac84eb9c564858bafea2c2","digitalCertThumbprint":"D9136C425626F5A27821BC3ED4FB330CE6F9B3F5","digitalCertIssuer":"CN=Domain The Net Technologies Ltd CA for Code Signing R2, O=Domain The Net Technologies Ltd, C=IL","digitalCertIssuedTo":"CN=FrostWire LLC, O=FrostWire LLC, L=Miami Beach, S=Florida, C=US","sourceIndex":"846","avBlockList":["360 Total Security (20240801)","Avira Internet Security (20240801)","Bitdefender Internet Security (20240801)","COMODO Antivirus (20240801)","Dr.Web Security Space (20240801)","ESET Internet Security (20240801)","G DATA INTERNET SECURITY (20240801)","Kaspersky Internet Security (20240521)","Malwarebytes Premium (20240801)","Norton Security (20240801)","Panda Dome (20240801)","Sophos Home Premium (20240801)","SpyHunter5 (20240801)","Total AV Antivirus Pro (20240801)","VIPRE Advanced Security (20240801)","VirIT eXplorer PRO (20240801)","Webroot SecureAnywhere (20240801)","FortectPremium (20240801)","KasperskyPremium (20240801)"],"avAllowList":["Avast Premium Security (20240801)","AVG Internet Security (20240801)","K7 Total Security (20240801)","McAfee Total Protection (20240801)","Quick Heal Internet Security (20240801)","Trend Micro Internet Security (20240801)","Windows Defender (20240801)"]}],"additionalFiles":[],"sources":[{"howFound":"Download Sites - Uptodownload.com","reference":"","landingPage":"https://www.frostwire.com/","directDownloadingLink":"https://www.frostwire.com/download/?os=windows","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.frostwire.com/download/?os=windows","sourceIndex":"846"}],"sampleFiles":["231023/FrostWire-220517/6.13.0/Samples/frostwire-6.13.1.windows.exe"],"imageFiles":["231023/FrostWire-220517/6.13.0/Images/ACR-042/ACR-042_frostwire.jpg","231023/FrostWire-220517/6.13.0/Images/ACR-013/Frostwire_OptionalOffer.jpg","231023/FrostWire-220517/6.13.0/Images/ACR-060/Frostwire_OptionalOffer.jpg"],"nonDeceptorImageFiles":[],"guid":"41ed223c-c2f5-4e4f-8709-7a1c0e001587_6.13.0_1","appID":"FrostWire-220517","dateAdded":"240722","deceptorType":"App","name":"Frostwire","company":"FrostWire LLC","version":"6.13.0","lastKnownStatus":"6.11.0;6.12.0;6.13.0;6.13.2","lastKnownDate":"240722","type":"Windows Executable","category":"Bundlers & Downloaders","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2024-07-22T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":6,"sortOrder":613},{"violations":{"ACR-042":" App drops hidden file/potential offer app info in hidden folder without user permission\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"frostwire-6.11.0.windows.exe","isInstaller":"True","fileVersion":"6.11","hashMD5":"0e9a6ef2a545e1c3e8616a6923f78d40","hashSHA1":"37318ea0f0465556eacec98b74830c5edb3a8010","hashSHA256":"f20d66b647f15a5cd5f590b3065a1ef2bcd9dad307478437766640f16d416bbf","digitalCertThumbprint":"D9136C425626F5A27821BC3ED4FB330CE6F9B3F5","digitalCertIssuer":"CN=Domain The Net Technologies Ltd CA for Code Signing R2, O=Domain The Net Technologies Ltd, C=IL","digitalCertIssuedTo":"CN=FrostWire LLC, O=FrostWire LLC, L=Miami Beach, S=Florida, C=US","sourceIndex":"1166","avBlockList":["360 Total Security (20230418)","Avira Internet Security (20230418)","Bitdefender Internet Security (20230418)","COMODO Antivirus (20230418)","Dr.Web Security Space (20230418)","ESET Internet Security (20230418)","G DATA INTERNET SECURITY (20230418)","K7 Total Security (20230418)","Kaspersky Internet Security (20230418)","Malwarebytes Premium (20230418)","McAfee Total Protection (20230418)","Norton Security (20230418)","Panda Dome (20230418)","Quick Heal Internet Security (20230418)","Sophos Home Premium (20230418)","SpyHunter5 (20230418)","Total AV Antivirus Pro (20230418)","VIPRE Advanced Security (20230418)","VirIT eXplorer PRO (20230418)","Webroot SecureAnywhere (20230418)"],"avAllowList":["Avast Premium Security (20230418)","AVG Internet Security (20230418)","Trend Micro Internet Security (20230418)","Windows Defender (20230418)"]}],"additionalFiles":[],"sources":[{"howFound":"Download Sites - Uptodownload.com","reference":"","landingPage":"https://www.frostwire.com/","directDownloadingLink":"https://www.frostwire.com/download/?os=windows","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.frostwire.com/download/?os=windows","sourceIndex":"1166"}],"sampleFiles":["230406/FrostWire-220517/6.11.0/Samples/frostwire-6.11.0.windows.exe"],"imageFiles":["230406/FrostWire-220517/6.11.0/Images/ACR-042/Frost_043_042.JPG","230406/FrostWire-220517/6.11.0/Images/ACR-013/ACR-013.JPG","230406/FrostWire-220517/6.11.0/Images/ACR-013/ACR-013_1.JPG","230406/FrostWire-220517/6.11.0/Images/ACR-060/ACR-060.JPG","230406/FrostWire-220517/6.11.0/Images/ACR-060/ACR-060_1.JPG"],"nonDeceptorImageFiles":[],"guid":"41ed223c-c2f5-4e4f-8709-7a1c0e001587_6.11.0_1","appID":"FrostWire-220517","dateAdded":"240722","deceptorType":"App","name":"Frostwire","company":"FrostWire LLC","version":"6.11.0","lastKnownStatus":"6.11.0;6.12.0;6.13.0;6.13.2","lastKnownDate":"240722","type":"Windows Executable","category":"Bundlers & Downloaders","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2024-07-22T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":6,"sortOrder":615},{"violations":{"ACR-048":"The app does not provide control to disable the startup item within the app's settings.\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software\n","ACR-084":"The app creates an undisclosed Startup to perform an action without the user's knowledge and consent. \n","ACR-097":"The app adds an exception for Windows firewall without disclosing relevant info and getting consent from the user.\n"},"nonDeceptorViolations":{"ACR-092":"The app does not have a digital signature for the \"FrostWire.exe\" executable.\n"},"samples":[{"isRevoked":"False","fileName":"frostwire-6.13.2.windows.exe","isInstaller":"True","companyName":"                                                            ","productName":"Frostwire                                                   ","productVersion":"6.13.2                                            ","fileVersion":"6.13.2              ","hashMD5":"bd352ada33c61ceb9db09d3601b302bc","hashSHA1":"2ece05e008eca40c17172ae72b5c0d29f81b664b","hashSHA256":"887c5af40ba3a354696ee0be278d482bdca6a262e3a0520bb32368ca17ac5357","digitalCertThumbprint":"4C2BAE5980F97631C4016AF260EECDEBB0DF9636","digitalCertIssuer":"Sectigo Public Code Signing CA R36","digitalCertIssuedTo":"FrostWire LLC","storeId":"","sourceIndex":"589","avBlockList":["360 Total Security (20241008)","COMODO Antivirus (20241008)","Dr.Web Security Space (20241008)","ESET Internet Security (20241008)","FortectPremium (20241008)","G DATA INTERNET SECURITY (20241008)","K7 Total Security (20241008)","KasperskyPremium (20241008)","Malwarebytes Premium (20241008)","Norton Security (20241008)","Panda Dome (20241008)","Sophos Home Premium (20241008)","SpyHunter5 (20241008)","VirIT eXplorer PRO (20241008)","Webroot SecureAnywhere (20241008)"],"avAllowList":["Avast Premium Security (20241008)","AVG Internet Security (20241008)","Avira Internet Security (20241008)","Bitdefender Internet Security (20241008)","McAfee Total Protection (20241008)","Quick Heal Internet Security (20241008)","Total AV Antivirus Pro (20241008)","Trend Micro Internet Security (20241008)","VIPRE Advanced Security (20241008)","Windows Defender (20241008)"]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on windows app","reference":"","landingPage":"https://www.frostwire.com/","directDownloadingLink":"https://www.frostwire.com/download/?os=windows","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.frostwire.com/download/?os=windows","sourceIndex":"589"}],"sampleFiles":["240722/FrostWire-220517/6.13.2/Samples/frostwire-6.13.2.windows.exe"],"imageFiles":["240722/FrostWire-220517/6.13.2/Images/ACR-084/ACR-084.PNG","240722/FrostWire-220517/6.13.2/Images/ACR-097/ACR-097.PNG","240722/FrostWire-220517/6.13.2/Images/ACR-048/ACR-048.PNG","240722/FrostWire-220517/6.13.2/Images/ACR-048/ACR-048_1.PNG","240722/FrostWire-220517/6.13.2/Images/ACR-013/ACR-013.PNG","240722/FrostWire-220517/6.13.2/Images/ACR-013/ACR-013_1.PNG","240722/FrostWire-220517/6.13.2/Images/ACR-060/ACR-060.PNG","240722/FrostWire-220517/6.13.2/Images/ACR-060/ACR-060_1.PNG"],"nonDeceptorImageFiles":["240722/FrostWire-220517/6.13.2/Images/ACR-092/ACR-092.PNG"],"guid":"41ed223c-c2f5-4e4f-8709-7a1c0e001587_6.13.2_1","appID":"FrostWire-220517","dateAdded":"240722","deceptorType":"App","name":"Frostwire","company":"FrostWire LLC","version":"6.13.2","lastKnownStatus":"6.11.0;6.12.0;6.13.0;6.13.2","lastKnownDate":"240722","type":"Windows Executable","category":"Bundlers & Downloaders","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2024-07-22T21:30:57.8443206+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":6,"sortOrder":611},{"violations":{"ACR-042":" App drops hidden file/potential offer app info in hidden folder without user permission\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software\n"},"nonDeceptorViolations":{"ACR-027":"Interstitial does not declare it's an ad or offer for its own mobile torrent app\n"},"samples":[{"isRevoked":"False","fileName":"frostwire-6.10.0.windows.exe","isInstaller":"True","companyName":"                                                            ","productName":"Frostwire                                                   ","productVersion":"6.10.0                                            ","fileVersion":"6.10.0              ","hashMD5":"756048f7127288fbff0537c80efad2c5","hashSHA1":"25cf589943605229fc846808e3ec799f7d0df4c6","hashSHA256":"29e08911030250b6c4e9d2a96b447d6bf6efd880ab464a526c9b5ad94adaffb5","digitalCertThumbprint":"D9136C425626F5A27821BC3ED4FB330CE6F9B3F5","digitalCertIssuer":"Domain The Net Technologies Ltd CA for Code Signing R2","digitalCertIssuedTo":"FrostWire LLC","storeId":"","sourceIndex":"1167","avBlockList":["360 Total Security (20240730)","Avira Internet Security (20240730)","COMODO Antivirus (20240730)","Dr.Web Security Space (20240730)","ESET Internet Security (20240730)","G DATA INTERNET SECURITY (20240730)","Kaspersky Internet Security (20230525)","Malwarebytes Premium (20240730)","Norton Security (20240730)","Panda Dome (20240730)","Sophos Home Premium (20240730)","SpyHunter5 (20240730)","Total AV Antivirus Pro (20240730)","VirIT eXplorer PRO (20240730)","Webroot SecureAnywhere (20240730)","FortectPremium (20240730)","KasperskyPremium (20240730)"],"avAllowList":["Avast Premium Security (20240730)","AVG Internet Security (20240730)","Bitdefender Internet Security (20240730)","K7 Total Security (20240730)","McAfee Total Protection (20240730)","Quick Heal Internet Security (20240730)","Trend Micro Internet Security (20240730)","VIPRE Advanced Security (20240730)","Windows Defender (20240730)"]}],"additionalFiles":[],"sources":[{"howFound":"Download Sites - Uptodownload.com","reference":"","landingPage":"https://www.frostwire.com/","directDownloadingLink":"https://www.frostwire.com/download/?os=windows","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.frostwire.com/download/?os=windows","sourceIndex":"1167"}],"sampleFiles":["230406/FrostWire-220517/6.10.0/Samples/frostwire-6.10.0.windows.exe"],"imageFiles":["230406/FrostWire-220517/6.10.0/Images/ACR-042/Frost_043_042.JPG","230406/FrostWire-220517/6.10.0/Images/ACR-013/ACR-013.JPG","230406/FrostWire-220517/6.10.0/Images/ACR-013/ACR-013_1.JPG","230406/FrostWire-220517/6.10.0/Images/ACR-060/ACR-060.JPG","230406/FrostWire-220517/6.10.0/Images/ACR-060/ACR-060_1.JPG"],"nonDeceptorImageFiles":["230406/FrostWire-220517/6.10.0/Images/ACR-027/ACR-027.JPG"],"guid":"41ed223c-c2f5-4e4f-8709-7a1c0e001587_6.10.0_1","appID":"FrostWire-220517","dateAdded":"240722","deceptorType":"App","name":"Frostwire","company":"FrostWire LLC","version":"6.10.0","lastKnownStatus":"6.11.0;6.12.0;6.13.0;6.13.2","lastKnownDate":"240722","type":"Windows Executable","category":"Bundlers & Downloaders","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2024-07-22T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":6,"sortOrder":616},{"violations":{"ACR-048":"Cannot close the app or cancel the install once the process has started.\nClosing the software completely does not stop all background tasks, leaving the user no way to stop them.\n\n","ACR-007":"App doesn't obtain informed user consent about the security risks associated with joining a peer to peer network during installation.\nApp provides no notice to the user about the security risks associated with joining a peer to peer network, which means users cannot give informed consent.\n","ACR-084":"Closing the software completely removes the app from the system tray while continuing to run background tasks.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"BitVPNSetup.exe","isInstaller":"True","companyName":"Talktone, Inc.                                              ","fileVersion":"2019.12","hashMD5":"bcb6d5e70234e3512b1789364f140969","hashSHA1":"35ba69f2df18ac76eed85e5c558244b03dc5144d","hashSHA256":"705a854f10b9f6e69631b7a42388a268dfb2465498165924d7f4e5fa6e0ed172","digitalCertThumbprint":"126073B39DBF488A110A8195EB113314EA41FCA0","digitalCertIssuer":"CN=DigiCert SHA2 Assured ID Code Signing CA, OU=www.digicert.com, O=DigiCert Inc, C=US","digitalCertIssuedTo":"CN=\"Talktone, Inc\", O=\"Talktone, Inc\", L=SUNNYVALE, S=California, C=US","sourceIndex":"591","avBlockList":["ESET Internet Security (20240829)","FortectPremium (20240829)","Kaspersky Internet Security (20240725)","Norton Security (20240829)","Panda Dome (20240829)","Sophos Home Premium (20240829)","SpyHunter5 (20240829)","VirIT eXplorer PRO (20240829)","Webroot SecureAnywhere (20240829)"],"avAllowList":["360 Total Security (20240829)","Avast Premium Security (20240829)","AVG Internet Security (20240829)","Avira Internet Security (20240829)","Bitdefender Internet Security (20240829)","COMODO Antivirus (20240829)","Dr.Web Security Space (20240829)","G DATA INTERNET SECURITY (20240829)","K7 Total Security (20240829)","Malwarebytes Premium (20240829)","McAfee Total Protection (20240829)","Quick Heal Internet Security (20240829)","Total AV Antivirus Pro (20240829)","Trend Micro Internet Security (20240829)","VIPRE Advanced Security (20240829)","Windows Defender (20240829)","KasperskyPremium (20240829)"]},{"isRevoked":"False","fileName":"bitvpn.exe","companyName":"Talktone","fileVersion":"0.0","hashMD5":"20394e27d6bb218fef0ca092cdc75aaf","hashSHA1":"dc3cd4ad6ac126065bbaa6a0cad80b691c259c27","hashSHA256":"bcbad3c27a03305b3ba7990370e520a5d715853c6f3d0786d6be350ef7ca5cfb","digitalCertThumbprint":"126073B39DBF488A110A8195EB113314EA41FCA0","digitalCertIssuer":"CN=DigiCert SHA2 Assured ID Code Signing CA, OU=www.digicert.com, O=DigiCert Inc, C=US","digitalCertIssuedTo":"CN=\"Talktone, Inc\", O=\"Talktone, Inc\", L=SUNNYVALE, S=California, C=US","sourceIndex":"591","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Search for P2P VPN","reference":"","landingPage":"https://www.bitvpn.net/","directDownloadingLink":"https://statich5.cheapmessageapp.com/bitvpn_download/windows/BitVPNSetup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://statich5.cheapmessageapp.com/bitvpn_download/windows/BitVPNSetup.exe","sourceIndex":"591"}],"sampleFiles":["240717/Bitvpn-240717/0.0.14/Samples/BitVPNSetup.exe","240717/Bitvpn-240717/0.0.14/Samples/bitvpn.exe"],"imageFiles":["240717/Bitvpn-240717/0.0.14/Images/ACR-048/NoCancelInstall.png","240717/Bitvpn-240717/0.0.14/Images/ACR-007/InstallerAutoAgree.png","240717/Bitvpn-240717/0.0.14/Images/ACR-084/BackgroundInternetConnection.png","240717/Bitvpn-240717/0.0.14/Images/ACR-084/BackgroundProcess.png","240717/Bitvpn-240717/0.0.14/Images/ACR-048/BackgroundProcess.png","240717/Bitvpn-240717/0.0.14/Images/ACR-007/InstallerAutoAgree.png"],"nonDeceptorImageFiles":[],"guid":"3e8fe0a7-674f-469a-b5ae-105e5ded63e2_0.0.14_1","appID":"Bitvpn-240717","dateAdded":"240717","deceptorType":"App","name":"BitVPN","company":"Talktone Inc","version":"0.0.14","lastKnownStatus":"0.0.14","lastKnownDate":"240717","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 7,Windows 8,Windows 10,Windows 11,Windows XP,Windows Vista","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2024-07-17T22:01:25.5096415+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":617},{"violations":{"ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software.\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software\n","ACR-084":"On closing the app, application doesn't exit completely. It runs silently in the background, hiding the fact that it is active from the consumer without any notification. \n","ACR-097":"During installation, the app has default setting to evade the default system security guard \"Add exception to windows firewall rules\". \n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains main program \"BitLord.exe\" and its components on the device. And it is still running in the background.\n"},"nonDeceptorViolations":{"ACR-092":"The app does not have a digital signature for the \"BitLord.exe\" executable.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\BitLord\\BitLord.exe","companyName":"House of Life","productName":"BitLord","productVersion":"2.4.6-359","fileVersion":"2.4.6-359","hashMD5":"d8d6a299e567998f3a13a7ada2d38547","hashSHA1":"1650de72e010969247c10172871e420012a8be4e","hashSHA256":"d9c3f796e53263a3f85845f321806918a67b58e082b8a7ae2cd20dee0f963645","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"950","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"BitlordSetup.exe","isInstaller":"True","companyName":"                                                            ","productName":"House Of Life                                               ","productVersion":"2.4.6.358                                         ","fileVersion":"2.4.6.358           ","hashMD5":"5364cfd44d52b253469b99cd4b0f1a91","hashSHA1":"d57cea65aaf149a284bd287a1d33d29d9e873a89","hashSHA256":"3ad1aed8bd704152157ac92afed1c51e60f205fbdce1365bad8eb9b3a69544d0","digitalCertThumbprint":"F6B0F2E4B7EB277F1D72BB5B09823E615BD339C0","digitalCertIssuer":"Domain The Net Technologies Ltd CA for Code Signing R2","digitalCertIssuedTo":"House of Life","storeId":"","sourceIndex":"950","avBlockList":["360 Total Security (20240718)","Avira Internet Security (20240718)","COMODO Antivirus (20240718)","Dr.Web Security Space (20240718)","ESET Internet Security (20240718)","G DATA INTERNET SECURITY (20240718)","Kaspersky Internet Security (20240718)","Malwarebytes Premium (20240718)","McAfee Total Protection (20240718)","Norton Security (20240718)","Panda Dome (20240718)","Quick Heal Internet Security (20240718)","Sophos Home Premium (20240718)","SpyHunter5 (20240718)","Total AV Antivirus Pro (20240718)","VirIT eXplorer PRO (20240718)","Webroot SecureAnywhere (20240718)","FortectPremium (20240718)"],"avAllowList":["Avast Premium Security (20240718)","AVG Internet Security (20240718)","Bitdefender Internet Security (20240718)","K7 Total Security (20240718)","Trend Micro Internet Security (20240718)","VIPRE Advanced Security (20240718)","Windows Defender (20240718)"]}],"additionalFiles":[],"sources":[{"howFound":"Torrent - Uptodownload.com","reference":"","landingPage":"https://www.bitlord.com/","directDownloadingLink":"https://dsiumkslra27n.cloudfront.net/EVFN6epm6/74.85.307.59/BitlordSetup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://dsiumkslra27n.cloudfront.net/EVFN6epm6/74.85.307.59/BitlordSetup.exe","sourceIndex":"950"}],"sampleFiles":["230728/bitlord-220518/2.4.6.359/Samples/BitlordSetup.exe"],"imageFiles":["230728/bitlord-220518/2.4.6.359/Images/ACR-084/ACR-084_Software_1.png","230728/bitlord-220518/2.4.6.359/Images/ACR-097/ACR-097_Software_1.png","230728/bitlord-220518/2.4.6.359/Images/ACR-118/ACR-118_Uninstall_1.png","230728/bitlord-220518/2.4.6.359/Images/ACR-118/ACR-118_Uninstall_2.png","230728/bitlord-220518/2.4.6.359/Images/ACR-118/ACR-118_Uninstall_3.png","230728/bitlord-220518/2.4.6.359/Images/ACR-013/ACR-013_Install_1.png","230728/bitlord-220518/2.4.6.359/Images/ACR-013/ACR-013_Install_2.png","230728/bitlord-220518/2.4.6.359/Images/ACR-013/ACR-013_Install_3.png","230728/bitlord-220518/2.4.6.359/Images/ACR-060/ACR-060_Bundler-made offers_1.png","230728/bitlord-220518/2.4.6.359/Images/ACR-060/ACR-060_Bundler-made offers_2.png","230728/bitlord-220518/2.4.6.359/Images/ACR-060/ACR-060_Bundler-made offers_3.png"],"nonDeceptorImageFiles":["230728/bitlord-220518/2.4.6.359/Images/ACR-092/ACR-092_Software_1.png"],"guid":"d22d718a-1e1a-4570-b9bf-5ca783933c65_2.4.6.359_1","appID":"bitlord-220518","dateAdded":"240708","deceptorType":"App","name":"Bit Lord","company":"www.bitlord.com","version":"2.4.6.359","lastKnownStatus":"2.4.6.358;2.4.6.359;2.4.6.363;2.4.6.365","lastKnownDate":"240708","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 8,Windows 7,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2026-05-12T23:00:03.1571036+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":4,"sortOrder":620},{"violations":{"ACR-043":"The \"Bitlord\" components get dropped in one click disclosing the installation path.\n","ACR-048":"The app does not provide any control to cancel the installation. Even on canceling it installs the application.\n","ACR-084":"On closing the app, application doesn't exit completely. It runs silently in the background, hiding the fact that it is active from the consumer without any notification. \n","ACR-097":"During installation, the app has default setting to evade the default system security guard \"Add exception to windows firewall rules\". \n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains main program \"BitLord.exe\" and its components on the device. And it is still running in the background.\n"},"nonDeceptorViolations":{"ACR-092":"The app does not have a digital signature for the \"BitLord.exe\" executable.\n"},"samples":[{"isRevoked":"False","fileName":"BitlordSetup.exe-5234cd925873feff87965216e88adebaa7b9349383906bbd4a7c471f4023b6ba","isInstaller":"True","companyName":"","productName":"","productVersion":"","fileVersion":"2.4","hashMD5":"bb7701d6da492352bb2ac2c86462d253","hashSHA1":"339afb386d5667ce36528de65d6809582b9697b9","hashSHA256":"5234cd925873feff87965216e88adebaa7b9349383906bbd4a7c471f4023b6ba","digitalCertThumbprint":"45F87292A4CACE61F672646A03EDE2B42ED4A3FB","digitalCertIssuer":"CN=Domain The Net Technologies Ltd CA for Code Signing R2, O=Domain The Net Technologies Ltd, C=IL","digitalCertIssuedTo":"CN=House Of Life, O=House Of Life, L=Sogndal, S=Vestland, C=NO","storeId":"","uriToBlock":"","sourceIndex":"1200","avBlockList":["360 Total Security (20240806)","Avira Internet Security (20240806)","Bitdefender Internet Security (20240806)","COMODO Antivirus (20240806)","Dr.Web Security Space (20240806)","ESET Internet Security (20240806)","G DATA INTERNET SECURITY (20240806)","K7 Total Security (20240806)","Kaspersky Internet Security (20230928)","Malwarebytes Premium (20240806)","McAfee Total Protection (20240806)","Norton Security (20240806)","Panda Dome (20240806)","Quick Heal Internet Security (20240806)","Sophos Home Premium (20240806)","SpyHunter5 (20240806)","Total AV Antivirus Pro (20240806)","Trend Micro Internet Security (20240806)","VIPRE Advanced Security (20240806)","VirIT eXplorer PRO (20240806)","Webroot SecureAnywhere (20240806)","FortectPremium (20240806)","KasperskyPremium (20240806)"],"avAllowList":["Avast Premium Security (20240806)","AVG Internet Security (20240806)","Windows Defender (20240806)"]},{"isRevoked":"False","fileName":"BitLord.exe-bc5c393f3843084004648ba9c017fea1d20a7df384df0b45768c530b0ae8887a","companyName":"House of Life","fileVersion":"2.4","hashMD5":"cfe2a7bbd80126ad929b4524498a7646","hashSHA1":"a7db66626be62c79d01ee31a031f4d23e6f15347","hashSHA256":"bc5c393f3843084004648ba9c017fea1d20a7df384df0b45768c530b0ae8887a","sourceIndex":"1200","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"bitlord website","reference":"","landingPage":"https://www.bitlord.com/","directDownloadingLink":"https://dsiumkslra27n.cloudfront.net/ACSNaGz7n/9.13.2.0/BitlordSetup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://dsiumkslra27n.cloudfront.net/ACSNaGz7n/9.13.2.0/BitlordSetup.exe","sourceIndex":"1200"}],"sampleFiles":["230308/bitlord-220518/2.4.6.358/Samples/BitlordSetup.exe-5234cd925873feff87965216e88adebaa7b9349383906bbd4a7c471f4023b6ba","230308/bitlord-220518/2.4.6.358/Samples/BitLord.exe-bc5c393f3843084004648ba9c017fea1d20a7df384df0b45768c530b0ae8887a"],"imageFiles":["230308/bitlord-220518/2.4.6.358/Images/ACR-043/ACR-043.png","230308/bitlord-220518/2.4.6.358/Images/ACR-048/ACR-048.png","230308/bitlord-220518/2.4.6.358/Images/ACR-084/ACR-084.png","230308/bitlord-220518/2.4.6.358/Images/ACR-097/ACR-097.png","230308/bitlord-220518/2.4.6.358/Images/ACR-118/ACR-118_1.png","230308/bitlord-220518/2.4.6.358/Images/ACR-118/ACR-118_2.png","230308/bitlord-220518/2.4.6.358/Images/ACR-118/ACR-118_3.png","230308/bitlord-220518/2.4.6.358/Images/ACR-118/ACR-118_4.png"],"nonDeceptorImageFiles":["230308/bitlord-220518/2.4.6.358/Images/ACR-092/ACR-092.png"],"guid":"d22d718a-1e1a-4570-b9bf-5ca783933c65_2.4.6.358_1","appID":"bitlord-220518","dateAdded":"240708","deceptorType":"App","name":"Bit Lord","company":"www.bitlord.com","version":"2.4.6.358","lastKnownStatus":"2.4.6.358;2.4.6.359;2.4.6.363;2.4.6.365","lastKnownDate":"240708","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 8,Windows 7,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2026-05-12T23:00:10.9612231+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":4,"sortOrder":621},{"violations":{"ACR-042":"Open source project \"QT6\" is installed without any disclosure in EULA.\n","ACR-043":"Third-party \"QT6\" components are installed without any disclosure\n","ACR-107":"The app does not disclose relevant license information about 'QT6'\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software.\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software\n","ACR-084":"On closing the app, application doesn't exit completely. It runs silently in the background, hiding the fact that it is active from the consumer without any notification. \n","ACR-097":"During installation, the app has default setting to bypass the default system security guard \"Add exception to windows firewall rules\". \n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains main program \"BitLord.exe\" and its components on the device without the consumer's consent or notifying the user.\n"},"nonDeceptorViolations":{"ACR-092":"The app does not have a digital signature for the \"BitLord.exe\" executable.\n"},"samples":[{"isRevoked":"False","fileName":"BitlordSetup.exe","isInstaller":"True","companyName":"                                                            ","productName":"House Of Life                                               ","productVersion":"2.4.6.359                                         ","fileVersion":"2.4.6.359           ","hashMD5":"a27cd3b8c873f7046a4d4d4b09415841","hashSHA1":"8c21306c3bb3db953369e64a12939fe622e41661","hashSHA256":"6cb9512bbe0b4bf67b34177a31eec03b3ad68c0d7ae05f768de611c7ac0e1f03","digitalCertThumbprint":"6EA7DAAF7866386C668F23BF010058E9DD284B51","digitalCertIssuer":"Sectigo Public Code Signing CA R36","digitalCertIssuedTo":"House of Life","storeId":"","sourceIndex":"612","avBlockList":["360 Total Security (20240905)","COMODO Antivirus (20240905)","Dr.Web Security Space (20240905)","ESET Internet Security (20240905)","FortectPremium (20240905)","G DATA INTERNET SECURITY (20240905)","K7 Total Security (20240905)","KasperskyPremium (20240905)","Malwarebytes Premium (20240905)","McAfee Total Protection (20240905)","Norton Security (20240905)","Panda Dome (20240905)","Quick Heal Internet Security (20240905)","Sophos Home Premium (20240905)","SpyHunter5 (20240905)","VirIT eXplorer PRO (20240905)","Webroot SecureAnywhere (20240905)","Windows Defender (20240905)"],"avAllowList":["Avast Premium Security (20240905)","AVG Internet Security (20240905)","Avira Internet Security (20240905)","Bitdefender Internet Security (20240905)","Total AV Antivirus Pro (20240905)","Trend Micro Internet Security (20240905)","VIPRE Advanced Security (20240905)"]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on windows app","reference":"","landingPage":"https://www.bitlord.com/","directDownloadingLink":"https://dsiumkslra27n.cloudfront.net/EVFN6epm6/74.85.307.59/BitlordSetup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://dsiumkslra27n.cloudfront.net/EVFN6epm6/74.85.307.59/BitlordSetup.exe","sourceIndex":"612"}],"sampleFiles":["240708/bitlord-220518/2.4.6.365/Samples/BitlordSetup.exe"],"imageFiles":["240708/bitlord-220518/2.4.6.365/Images/ACR-043/ACR-043.PNG","240708/bitlord-220518/2.4.6.365/Images/ACR-107/ACR-107.PNG","240708/bitlord-220518/2.4.6.365/Images/ACR-042/ACR-042.PNG","240708/bitlord-220518/2.4.6.365/Images/ACR-084/ACR-084.PNG","240708/bitlord-220518/2.4.6.365/Images/ACR-097/ACR-097.PNG","240708/bitlord-220518/2.4.6.365/Images/ACR-097/ACR-097_1.PNG","240708/bitlord-220518/2.4.6.365/Images/ACR-118/ACR-118.PNG","240708/bitlord-220518/2.4.6.365/Images/ACR-013/ACR-013.PNG","240708/bitlord-220518/2.4.6.365/Images/ACR-013/ACR-013_1.PNG","240708/bitlord-220518/2.4.6.365/Images/ACR-060/ACR-060.PNG","240708/bitlord-220518/2.4.6.365/Images/ACR-060/ACR-060_1.PNG"],"nonDeceptorImageFiles":["240708/bitlord-220518/2.4.6.365/Images/ACR-092/ACR-092.PNG"],"guid":"d22d718a-1e1a-4570-b9bf-5ca783933c65_2.4.6.365_1","appID":"bitlord-220518","dateAdded":"240708","deceptorType":"App","name":"Bit Lord","company":"www.bitlord.com","version":"2.4.6.365","lastKnownStatus":"2.4.6.358;2.4.6.359;2.4.6.363;2.4.6.365","lastKnownDate":"240708","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 8,Windows 7,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2026-05-12T22:59:53.4514265+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":4,"sortOrder":618},{"violations":{"ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software.\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software\n","ACR-084":"On closing the app, application doesn't exit completely. It runs silently in the background, hiding the fact that it is active from the consumer without any notification. \n","ACR-097":"During installation, the app has default setting to evade the default system security guard \"Add exception to windows firewall rules\". \n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains main program \"BitLord.exe\" and its components on the device. And it is still running in the background.\n"},"nonDeceptorViolations":{"ACR-092":"The app does not have a digital signature for the \"BitLord.exe\" executable.\n"},"samples":[{"isRevoked":"False","fileName":"BitlordSetup.exe","isInstaller":"True","companyName":"                                                            ","productName":"House Of Life                                               ","productVersion":"2.4.6.359                                         ","fileVersion":"2.4.6.359           ","hashMD5":"92e2e02039b93b093256e8e1f168d9a6","hashSHA1":"a7d999ccd66f57f31af6ca1065a60bc1f4334692","hashSHA256":"5edc4317d5f8b3e2816f88df40c4a112faa7cd0de27409ceebf80cfc588aef54","digitalCertThumbprint":"4DA5DEF6FB4EE6324DD4BCA0A7027E986D494E79","digitalCertIssuer":"Domain The Net Technologies Ltd CA for Code Signing R2","digitalCertIssuedTo":"House of Life","storeId":"","sourceIndex":"897","avBlockList":["360 Total Security (20231005)","Avira Internet Security (20231005)","Bitdefender Internet Security (20231005)","COMODO Antivirus (20231005)","Dr.Web Security Space (20231005)","ESET Internet Security (20231005)","G DATA INTERNET SECURITY (20231005)","K7 Total Security (20231005)","Kaspersky Internet Security (20231005)","Malwarebytes Premium (20231005)","McAfee Total Protection (20231005)","Norton Security (20231005)","Panda Dome (20231005)","Quick Heal Internet Security (20231005)","Sophos Home Premium (20231005)","SpyHunter5 (20231005)","Total AV Antivirus Pro (20231005)","VIPRE Advanced Security (20231005)","VirIT eXplorer PRO (20231005)","Webroot SecureAnywhere (20231005)"],"avAllowList":["Avast Premium Security (20231005)","AVG Internet Security (20231005)","Trend Micro Internet Security (20231005)","Windows Defender (20231005)"]}],"additionalFiles":[],"sources":[{"howFound":"Torrent - Uptodownload.com","reference":"","landingPage":"https://www.bitlord.com/","directDownloadingLink":"https://dsiumkslra27n.cloudfront.net/EVFN6epm6/74.85.307.59/BitlordSetup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://dsiumkslra27n.cloudfront.net/EVFN6epm6/74.85.307.59/BitlordSetup.exe","sourceIndex":"897"}],"sampleFiles":["230921/bitlord-220518/2.4.6.363/Samples/BitlordSetup.exe"],"imageFiles":["230921/bitlord-220518/2.4.6.363/Images/ACR-084/ACR-084_Software_1.png","230921/bitlord-220518/2.4.6.363/Images/ACR-097/ACR-097_Software_1.png","230921/bitlord-220518/2.4.6.363/Images/ACR-118/ACR-118_Uninstall_1.png","230921/bitlord-220518/2.4.6.363/Images/ACR-013/ACR-013_Install_1.png","230921/bitlord-220518/2.4.6.363/Images/ACR-013/ACR-013_Install_2.png","230921/bitlord-220518/2.4.6.363/Images/ACR-060/ACR-060_Bundler-made offers_1.png","230921/bitlord-220518/2.4.6.363/Images/ACR-060/ACR-060_Bundler-made offers_2.png"],"nonDeceptorImageFiles":["230921/bitlord-220518/2.4.6.363/Images/ACR-092/ACR-092_Software_1.png"],"guid":"d22d718a-1e1a-4570-b9bf-5ca783933c65_2.4.6.363_1","appID":"bitlord-220518","dateAdded":"240708","deceptorType":"App","name":"Bit Lord","company":"www.bitlord.com","version":"2.4.6.363","lastKnownStatus":"2.4.6.358;2.4.6.359;2.4.6.363;2.4.6.365","lastKnownDate":"240708","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 8,Windows 7,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2026-05-12T23:00:01.4286056+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":4,"sortOrder":619},{"violations":{"ACR-048":"App does not allow user to cancel the installation process once started.\n","ACR-085":"App sends user search data to onestart.ai and search.yahoo.com without explicit user consent.\n","ACR-086":"App sends search data to both onestart.ai and search.yahoo.com neither disclosure nor consent from the user.\n","ACR-104":"App serves Yahoo! search results without making it clear at prompt time that the search will be fulfilled by Yahoo!\n"},"nonDeceptorViolations":{"ACR-040":"App installs in hidden AppData folder without telling the user and does not give the user a way to change the install location.\n"},"samples":[{"isRevoked":"False","fileName":"onestart.exe","companyName":"OneStart.ai","fileVersion":"124.0","hashMD5":"b149d441582f292b88673f69d8e6b6a1","hashSHA1":"f9cb87f996d79d844f674dcb2e2d8dd5ea4a72ed","hashSHA256":"2ecb4f4952ff58f72b06732a9e7e9ef3eb3807d24d1757cc2c1d35199dcf0d3a","digitalCertThumbprint":"EB5A7872B0563D261362F00BC6AF0AFC36877A89","digitalCertIssuer":"CN=SSL.com EV Code Signing Intermediate CA RSA R3, O=SSL Corp, L=Houston, S=Texas, C=US","digitalCertIssuedTo":"OID.1.3.6.1.4.1.311.60.2.1.3=PA, OID.2.5.4.15=Private Organization, CN=Apollo Technologies Inc, SERIALNUMBER=155722923, O=Apollo Technologies Inc, L=Panama City, C=PA","sourceIndex":"618","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"OneStartInstaller-v5.5.235.0.msi","isInstaller":"True","fileVersion":"0.","hashMD5":"a02197fb3c42b2f38ec77a01655b617a","hashSHA1":"f9a092c5b1aee361e2dc430722fecd7267b3855c","hashSHA256":"28c28cbae27a0181fc037624874e7ca9d17fdf63c25a869447e02173c45f67b9","sourceIndex":"618","avBlockList":["360 Total Security (20240820)","Avast Premium Security (20240820)","AVG Internet Security (20240820)","Avira Internet Security (20240820)","ESET Internet Security (20240820)","FortectPremium (20240820)","K7 Total Security (20240820)","Kaspersky Internet Security (20240718)","Malwarebytes Premium (20240820)","Norton Security (20240820)","Panda Dome (20240820)","Quick Heal Internet Security (20240820)","Sophos Home Premium (20240820)","SpyHunter5 (20240820)","Total AV Antivirus Pro (20240820)","VirIT eXplorer PRO (20240820)","Windows Defender (20240820)","KasperskyPremium (20240820)"],"avAllowList":["Bitdefender Internet Security (20240820)","COMODO Antivirus (20240820)","Dr.Web Security Space (20240820)","G DATA INTERNET SECURITY (20240820)","McAfee Total Protection (20240820)","Trend Micro Internet Security (20240820)","VIPRE Advanced Security (20240820)","Webroot SecureAnywhere (20240820)"]}],"additionalFiles":[],"sources":[{"howFound":"Submitted to DeceptorReport","reference":"","landingPage":"onestart.ai","directDownloadingLink":"https://onestart.ai/resources/files/OneStartInstaller-v5.5.235.0.msi","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://onestart.ai/resources/files/OneStartInstaller-v5.5.235.0.msi","sourceIndex":"618"}],"sampleFiles":["240625/Onestart-240613/124.0.6367.209/Samples/onestart.exe","240625/Onestart-240613/124.0.6367.209/Samples/OneStartInstaller-v5.5.235.0.msi"],"imageFiles":["240625/Onestart-240613/124.0.6367.209/Images/ACR-048/CancelInstall.png","240625/Onestart-240613/124.0.6367.209/Images/ACR-086/DefaultSearch.png","240625/Onestart-240613/124.0.6367.209/Images/ACR-086/Fiddler.png","240625/Onestart-240613/124.0.6367.209/Images/ACR-086/SearchLandingPage.png","240625/Onestart-240613/124.0.6367.209/Images/ACR-104/DefaultSearch.png","240625/Onestart-240613/124.0.6367.209/Images/ACR-104/Fiddler.png","240625/Onestart-240613/124.0.6367.209/Images/ACR-104/SearchLandingPage.png","240625/Onestart-240613/124.0.6367.209/Images/ACR-085/DefaultSearch.png","240625/Onestart-240613/124.0.6367.209/Images/ACR-085/Fiddler.png","240625/Onestart-240613/124.0.6367.209/Images/ACR-085/SearchLandingPage.png"],"nonDeceptorImageFiles":["240625/Onestart-240613/124.0.6367.209/Images/ACR-040/ACR-040_Install_1.png"],"guid":"5525f830-b77b-4bdc-a042-4c2ea0f688c9_124.0.6367.209_1","appID":"Onestart-240613","dateAdded":"240625","deceptorType":"App","name":"OneStart","company":"OneStart Technologies","version":"124.0.6367.209","lastKnownStatus":"124.0.6367.209","lastKnownDate":"240625","type":"Windows Executable","category":"Personalization & Search","targetOS":"Windows 7,Windows 8,Windows 10,Windows 11","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"search","lastUpdate":"2024-06-25T21:45:02.4238113+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":622},{"violations":{"ACR-046":"\"Participate in the Customer Experience Improvement Program\" is checked by default. No relevant disclosure of what data it collects.\n","ACR-004":"Application doesn't provide free fix (recovery) instead offering subscription that user need to pay to fix it.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"cisdem-datarecovery.exe","isInstaller":"True","companyName":"Cisdem Data Recovery                                        ","productName":"Cisdem Data Recovery                                        ","productVersion":"18.0.0.0                                          ","fileVersion":"18.0.0.0            ","hashMD5":"2d4b4196ba2cade5a1147f2a036e3ac3","hashSHA1":"b5b52d1341e38907adc4d97c9b70c7c0db253d83","hashSHA256":"82c4bdb87f2d939547a422ad4aaab9650f963047fd8dc7723119fe6c07a58413","digitalCertThumbprint":"E044E920D56ECE15D7A21DD058651A3F2166CFD6","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"CHENGDU YIWO Tech Development Co. Ltd.","storeId":"","sourceIndex":"581","avBlockList":["Avast Premium Security (20240702)","AVG Internet Security (20240702)","COMODO Antivirus (20240702)","ESET Internet Security (20240702)","FortectPremium (20240702)","K7 Total Security (20240702)","Norton Security (20240702)","Panda Dome (20240702)","Sophos Home Premium (20240702)","SpyHunter5 (20240702)","VirIT eXplorer PRO (20240702)","Webroot SecureAnywhere (20240702)"],"avAllowList":["360 Total Security (20240702)","Avira Internet Security (20240702)","Bitdefender Internet Security (20240702)","Dr.Web Security Space (20240702)","G DATA INTERNET SECURITY (20240702)","Kaspersky Internet Security (20240702)","Malwarebytes Premium (20240702)","McAfee Total Protection (20240702)","Quick Heal Internet Security (20240702)","Total AV Antivirus Pro (20240702)","Trend Micro Internet Security (20240702)","VIPRE Advanced Security (20240702)","Windows Defender (20240702)"]}],"additionalFiles":[],"sources":[{"howFound":"Random search for recovery apps","reference":"","landingPage":"https://www.cisdem.com/data-recovery-windows.html","directDownloadingLink":"https://download.cisdem.com/cisdem-datarecovery.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://download.cisdem.com/cisdem-datarecovery.exe","sourceIndex":"581"}],"sampleFiles":["240624/CisdemDataRecovery-240402/18.0.0.0/Samples/cisdem-datarecovery.exe"],"imageFiles":["240624/CisdemDataRecovery-240402/18.0.0.0/Images/ACR-046/ACR-046.PNG","240624/CisdemDataRecovery-240402/18.0.0.0/Images/ACR-004/ACR-004.PNG","240624/CisdemDataRecovery-240402/18.0.0.0/Images/ACR-004/ACR-004_1.PNG"],"nonDeceptorImageFiles":[],"guid":"6bffa4e8-8d55-4eec-bc07-4ef5d9460206_18.0.0.0_1","appID":"CisdemDataRecovery-240402","dateAdded":"240624","deceptorType":"App","name":"Cisdem Data Recovery","company":"Cisdem","version":"18.0.0.0","firstVendorContactDate":"240802","firstAppEsteemReplyDate":"240802","firstResolvedDate":"240802","firstResolvedVersion":"19.0.0.0","resolved":"TRUE","lastKnownStatus":"17.0.0.0;18.0.0.0","lastKnownDate":"240624","type":"Windows Executable","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10,Windows 11","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"none","lastUpdate":"2024-08-02T17:15:03.5923361+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":623},{"violations":{"ACR-046":"\"Participate in the Customer Experience Improvement Program\" is checked by default. No relevant disclosure of what data it collects.\n","ACR-004":"Application doesn't provide free fix (recovery) instead offering subscription that user need to pay to fix it.\n"},"nonDeceptorViolations":{"ACR-035":"No EULA/Terms of Service is provided for the app\n","ACR-036":"Material functionality provided by third parties is not disclosed.\n"},"samples":[{"isRevoked":"False","fileName":"cisdem-datarecovery.exe","isInstaller":"True","companyName":"Cisdem Data Recovery                                        ","fileVersion":"17.0","hashMD5":"01b969150ece7c0ef987500d6b05c195","hashSHA1":"8625aef9ffa8fcc6943b08bdf259990ee28ac223","hashSHA256":"7702ac44237bafc492852949482391ad877cc315557fe3af061e722c5af3fe31","digitalCertThumbprint":"E044E920D56ECE15D7A21DD058651A3F2166CFD6","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=\"CHENGDU YIWO Tech Development Co., Ltd.\", O=\"CHENGDU YIWO Tech Development Co., Ltd.\", L=成都市, S=四川省, C=CN, SERIALNUMBER=91510107765360104N, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.1=武侯区, OID.1.3.6.1.4.1.311.60.2.1.2=四川省, OID.1.3.6.1.4.1.311.60.2.1.3=CN","sourceIndex":"666","avBlockList":["360 Total Security (20240613)","Avast Premium Security (20240613)","AVG Internet Security (20240613)","Avira Internet Security (20240613)","Bitdefender Internet Security (20240613)","ESET Internet Security (20240613)","G DATA INTERNET SECURITY (20240613)","K7 Total Security (20240613)","McAfee Total Protection (20240613)","Norton Security (20240613)","Panda Dome (20240613)","Sophos Home Premium (20240613)","SpyHunter5 (20240613)","Total AV Antivirus Pro (20240613)","VIPRE Advanced Security (20240613)","VirIT eXplorer PRO (20240613)","Webroot SecureAnywhere (20240613)","Windows Defender (20240613)"],"avAllowList":["COMODO Antivirus (20240613)","Dr.Web Security Space (20240613)","Kaspersky Internet Security (20240613)","Malwarebytes Premium (20240613)","Quick Heal Internet Security (20240613)","Trend Micro Internet Security (20240613)"]}],"additionalFiles":[],"sources":[{"howFound":"random search for recovery apps","reference":"","landingPage":"https://www.cisdem.com/data-recovery-windows.html","directDownloadingLink":"https://download.cisdem.com/cisdem-datarecovery.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://download.cisdem.com/cisdem-datarecovery.exe","sourceIndex":"666"}],"sampleFiles":["240402/CisdemDataRecovery-240402/17.0.0.0/Samples/cisdem-datarecovery.exe"],"imageFiles":["240402/CisdemDataRecovery-240402/17.0.0.0/Images/ACR-046/ACR-046_Install_1.png","240402/CisdemDataRecovery-240402/17.0.0.0/Images/ACR-004/ACR-004_Software_1.png","240402/CisdemDataRecovery-240402/17.0.0.0/Images/ACR-004/ACR-004_Software_2.png","240402/CisdemDataRecovery-240402/17.0.0.0/Images/ACR-004/ACR-004_Software_3.png"],"nonDeceptorImageFiles":["240402/CisdemDataRecovery-240402/17.0.0.0/Images/ACR-036/ACR-036_Docs_1.png","240402/CisdemDataRecovery-240402/17.0.0.0/Images/ACR-036/ACR-036_Docs_2.png"],"guid":"6bffa4e8-8d55-4eec-bc07-4ef5d9460206_17.0.0.0_1","appID":"CisdemDataRecovery-240402","dateAdded":"240624","deceptorType":"App","name":"Cisdem Data Recovery","company":"Cisdem","version":"17.0.0.0","firstVendorContactDate":"240802","firstAppEsteemReplyDate":"240802","firstResolvedDate":"240802","firstResolvedVersion":"19.0.0.0","resolved":"TRUE","lastKnownStatus":"17.0.0.0;18.0.0.0","lastKnownDate":"240624","type":"Windows Executable","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10,Windows 11","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"none","lastUpdate":"2024-08-02T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":624},{"violations":{"ACR-048":"1. The app enables the consumer to hide the app from the system tray, which limits the targeted consumer's ability to control the app.\n2. The app does not provide any control to disable the startup it created.\n","ACR-007":"1. The app enables the consumer to hide it from the system tray, the desktop, and the installed apps list, which prevents the targeted consumer from being aware of the app's presence. The  app does not display explicit notification when it is running and requires a password to open it.\n2. The app attempts to evade security investigations by modifying installer and main file hash per download from it’s landing page.\n","ACR-084":"1. The app enables the installing consumer to hide the app from the targeted consumer: it prevents the app from showing in the system tray and control panel. The app uses a password to hide its presence.\n2. The app creates a startup item without the user's knowledge an consent.\n","ACR-086":"The app does not inform the targeted consumer who it is transmitting its data to. The app does not inform the targeted consumer how it collects data and it uses a password to hide its presence.\n","ACR-097":"The app attempts to evade security investigations by modifying installer and main file hash per download from it’s landing page.\n","ACR-116":"The app enables the consumer to hide it from the targeted consumer, which prevents them from uninstalling it using platform standard features.\n","ACR-014":"The app calls itself \"clvhost.exe” which is not related to the app's name.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"C:\\ProgramData\\{FO16FA1A-AA91-C56A-654F-E3865DA10DAT}\\clvhost.exe","companyName":"CLEVERCONTROL LLC","productName":"clvhost","productVersion":"11.5.1032.0","fileVersion":"11.5.1032.0","hashMD5":"6e520070dd48bfe4b63d1f6d24034e89","hashSHA1":"5b1731259eadfc9c7da0fc22bcecab63053352d6","hashSHA256":"0b0a4ac5c105d9cb9ab759eb5e40258dc5ac1601b553a4e9b1a607ee5a56d589","digitalCertThumbprint":"BE8B670DF23AE7AED8D726ADD008C18760F8FF1A","digitalCertIssuer":"GlobalSign GCC R45 CodeSigning CA 2020","digitalCertIssuedTo":"CLEVERCONTROL LLC","storeId":"","sourceIndex":"1059","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"CleverControl .NET for vocale8971@ozatvn.com.msi","isInstaller":"True","productVersion":"11.5.1032.0","fileVersion":"11.5.1032.0","hashMD5":"a76ca55fdb1e8d85eed8e0a8c95bee1f","hashSHA1":"be49b497493bdd4a10005ecff2a74bbb33a3ecd8","hashSHA256":"09a94ac474b17c502a6526023d0d9af3415e82e418917a90acac3cb6dc3e4a00","digitalCertThumbprint":"BE8B670DF23AE7AED8D726ADD008C18760F8FF1A","digitalCertIssuer":"GlobalSign GCC R45 CodeSigning CA 2020","digitalCertIssuedTo":"CLEVERCONTROL LLC","sourceIndex":"1059","avBlockList":["360 Total Security (20240723)","Avast Premium Security (20240723)","AVG Internet Security (20240723)","Avira Internet Security (20240723)","COMODO Antivirus (20240723)","Dr.Web Security Space (20240723)","ESET Internet Security (20240723)","G DATA INTERNET SECURITY (20240723)","K7 Total Security (20240723)","Kaspersky Internet Security (20240723)","Malwarebytes Premium (20240723)","Norton Security (20240723)","Panda Dome (20240723)","Quick Heal Internet Security (20240723)","Sophos Home Premium (20240723)","SpyHunter5 (20240723)","Total AV Antivirus Pro (20240723)","VirIT eXplorer PRO (20240723)","Webroot SecureAnywhere (20240723)","FortectPremium (20240723)"],"avAllowList":["Bitdefender Internet Security (20240723)","McAfee Total Protection (20240723)","Trend Micro Internet Security (20240723)","VIPRE Advanced Security (20240723)","Windows Defender (20240723)"]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on windows app","reference":"","landingPage":"https://clevercontrol.com/","directDownloadingLink":"https://clevercontrol.net/win/?email=vocale8971@ozatvn.com","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://clevercontrol.net/win/?email=vocale8971@ozatvn.com","sourceIndex":"1059"}],"sampleFiles":["230606/clevercontrol-211224/11.5.1032.0/Samples/CleverControl .NET for vocale8971@ozatvn.com.msi"],"imageFiles":["230606/clevercontrol-211224/11.5.1032.0/Images/ACR-116/ACR-116.JPG","230606/clevercontrol-211224/11.5.1032.0/Images/ACR-014/ACR-014.JPG","230606/clevercontrol-211224/11.5.1032.0/Images/ACR-007/ACR-007.JPG","230606/clevercontrol-211224/11.5.1032.0/Images/ACR-007/ACR-007_1.JPG","230606/clevercontrol-211224/11.5.1032.0/Images/ACR-007/ACR-007_2.JPG","230606/clevercontrol-211224/11.5.1032.0/Images/ACR-048/ACR-048.JPG","230606/clevercontrol-211224/11.5.1032.0/Images/ACR-048/ACR-048_1.JPG","230606/clevercontrol-211224/11.5.1032.0/Images/ACR-048/ACR-048_2.JPG","230606/clevercontrol-211224/11.5.1032.0/Images/ACR-097/ACR-097.JPG","230606/clevercontrol-211224/11.5.1032.0/Images/ACR-086/ACR-086.JPG","230606/clevercontrol-211224/11.5.1032.0/Images/ACR-086/ACR-086_1.JPG","230606/clevercontrol-211224/11.5.1032.0/Images/ACR-084/ACR-084.JPG","230606/clevercontrol-211224/11.5.1032.0/Images/ACR-084/ACR-084_1.JPG","230606/clevercontrol-211224/11.5.1032.0/Images/ACR-084/ACR-084_2.JPG","230606/clevercontrol-211224/11.5.1032.0/Images/ACR-084/ACR-084_3.JPG","230606/clevercontrol-211224/11.5.1032.0/Images/ACR-084/ACR-084_4.JPG"],"nonDeceptorImageFiles":[],"guid":"316c9eaa-6a87-405d-b166-0383c8605120_11.5.1032.0_1","appID":"clevercontrol-211224","dateAdded":"240620","deceptorType":"App","name":"Clever Control","company":"Clever Control LLC","version":"11.5.1032.0","lastKnownStatus":"11.5.36;11.5.1022.1;11.5.1031.5;11.5.1032.0;11.5.1032.1;11.5.1033.2;11.5.1033.3;11.5.1033.4;11.5.1034.1;11.5.1034.9;11.5.1035.2;11.5.1035.3;11.5.1035.4;11.5.1036.1;11.5.1037.0;11.5.1037.3;11.5.1039.5","lastKnownDate":"240620","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2024-06-20T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":17,"sortOrder":641},{"violations":{"ACR-048":"1. The app enables the consumer to hide the app from the system tray, which limits the targeted consumer's ability to control the app.\n2. The app does not provide any control to disable the startup it created.\n","ACR-007":"1. The app enables the consumer to hide it from the system tray, the desktop, and the installed apps list, which prevents the targeted consumer from being aware of the app's presence. The  app does not display explicit notification when it is running and requires a password to open it.\n2. The app attempts to evade security investigations by modifying installer and main file hash per download from it’s landing page.\n","ACR-084":"1. The app enables the installing consumer to hide the app from the targeted consumer: it prevents the app from showing in the system tray and control panel. The app uses a password to hide its presence.\n2. The app creates a startup item without the user's knowledge an consent.\n","ACR-086":"The app does not inform the targeted consumer who it is transmitting its data to. The app does not inform the targeted consumer how it collects data and it uses a password to hide its presence.\n","ACR-097":"The app attempts to evade security investigations by modifying installer and main file hash per download from it’s landing page.\n","ACR-116":"The app enables the consumer to hide it from the targeted consumer, which prevents them from uninstalling it using platform standard features.\n","ACR-014":"The app calls itself \"clvhost.exe” which is not related to the app's name.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"C:\\Users\\All Users\\{FO16FA1A-AA91-C56A-654F-E3865DA10DAT}\\clvhost.exe","companyName":"CLEVERCONTROL LLC","productName":"clvhost","productVersion":"11.5.1031.5","fileVersion":"11.5.1031.5","hashMD5":"0bda6b8d46efbedee3c411d1e182f5dd","hashSHA1":"6942eadc9c55c1e95c8a3bd76420772d7f35713d","hashSHA256":"3c90585ff5136fc8320b8e70f3314e147417caa1a04923a4d409425366413565","digitalCertThumbprint":"63495C670AE813F13465BEF5288FD7E64D35CCF2","digitalCertIssuer":"GlobalSign GCC R45 CodeSigning CA 2020","digitalCertIssuedTo":"Clevercontrol LLC","storeId":"","sourceIndex":"1052","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Users\\All Users\\{FO16FA1A-AA91-C56A-654F-E3865DA10DAT}\\clvhost1.exe","companyName":"CLEVERCONTROL LLC","productName":"clvhost","productVersion":"11.5.1031.5","fileVersion":"11.5.1031.5","hashMD5":"cb7e814b5f5cc7b5cd9b53d431d6be96","hashSHA1":"fc11ee66c0fdb0fa42a7b4f58b9b8a2cf2ff838f","hashSHA256":"2f1e8c0e361966f9e27fa10ff5c9c59241a8f12ba0f061024eb6f0b2af02b793","digitalCertThumbprint":"63495C670AE813F13465BEF5288FD7E64D35CCF2","digitalCertIssuer":"GlobalSign GCC R45 CodeSigning CA 2020","digitalCertIssuedTo":"Clevercontrol LLC","storeId":"","sourceIndex":"1052","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"CleverControl .NET for coceg65466@soombo.com.msi","isInstaller":"True","companyName":"","productName":"","productVersion":"","fileVersion":"0","hashMD5":"cbe05ca94663359ac11d35bb1513e6c7","hashSHA1":"5b366797cf6eb83896bef0f401798ecb9060d647","hashSHA256":"1b332f71068e2d44aeaa36fa4ca21db257e7b6d37cf50749efde198172aa363a","digitalCertThumbprint":"","digitalCertIssuer":"","digitalCertIssuedTo":"","storeId":"","sourceIndex":"1052","avBlockList":["Avast Premium Security (20230518)","AVG Internet Security (20230518)","Avira Internet Security (20230518)","Dr.Web Security Space (20230518)","ESET Internet Security (20230518)","K7 Total Security (20230518)","Kaspersky Internet Security (20230518)","Norton Security (20230518)","Quick Heal Internet Security (20230518)","Sophos Home Premium (20230518)","SpyHunter5 (20230518)","Total AV Antivirus Pro (20230518)","VirIT eXplorer PRO (20230518)","Windows Defender (20230518)"],"avAllowList":["360 Total Security (20230518)","Bitdefender Internet Security (20230518)","COMODO Antivirus (20230518)","G DATA INTERNET SECURITY (20230518)","Malwarebytes Premium (20230518)","McAfee Total Protection (20230518)","Panda Dome (20230518)","Trend Micro Internet Security (20230518)","VIPRE Advanced Security (20230518)","Webroot SecureAnywhere (20230518)"]},{"isRevoked":"False","fileName":"CleverControl .NET for vabaye8260@pixiil.com.msi","isInstaller":"True","companyName":"","productName":"","productVersion":"","fileVersion":"0","hashMD5":"c8b4c6c81a77dc7ed76b77f17ec137ed","hashSHA1":"3642a6b9796304868c3155b8630123e75443da48","hashSHA256":"58b21c6f63128d440f35c236168e419ab454a365698c7398a2acc2fc0f5f7206","digitalCertThumbprint":"","digitalCertIssuer":"","digitalCertIssuedTo":"","storeId":"","sourceIndex":"1052","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Google search-keyloggers","reference":"","landingPage":"https://clevercontrol.com/","directDownloadingLink":"https://clevercontrol.pro/download-dotnet/vabaye8260@pixiil.com","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://clevercontrol.pro/download-dotnet/vabaye8260@pixiil.com","sourceIndex":"1052"}],"sampleFiles":["230606/clevercontrol-211224/11.5.1031.5/Samples/CleverControl .NET for coceg65466@soombo.com.msi","230606/clevercontrol-211224/11.5.1031.5/Samples/CleverControl .NET for vabaye8260@pixiil.com.msi"],"imageFiles":["230606/clevercontrol-211224/11.5.1031.5/Images/ACR-116/ACR-116.JPG","230606/clevercontrol-211224/11.5.1031.5/Images/ACR-014/ACR-014.JPG","230606/clevercontrol-211224/11.5.1031.5/Images/ACR-007/ACR-007.JPG","230606/clevercontrol-211224/11.5.1031.5/Images/ACR-007/ACR-007_1.JPG","230606/clevercontrol-211224/11.5.1031.5/Images/ACR-007/ACR-007_2.JPG","230606/clevercontrol-211224/11.5.1031.5/Images/ACR-048/ACR-048 (1).JPG","230606/clevercontrol-211224/11.5.1031.5/Images/ACR-048/ACR-048 (2).JPG","230606/clevercontrol-211224/11.5.1031.5/Images/ACR-048/ACR-048_2.JPG","230606/clevercontrol-211224/11.5.1031.5/Images/ACR-097/ACR-097.JPG","230606/clevercontrol-211224/11.5.1031.5/Images/ACR-086/ACR-086 (1).JPG","230606/clevercontrol-211224/11.5.1031.5/Images/ACR-086/ACR-086 (2).JPG","230606/clevercontrol-211224/11.5.1031.5/Images/ACR-084/ACR-084.JPG","230606/clevercontrol-211224/11.5.1031.5/Images/ACR-084/ACR-084_1.JPG","230606/clevercontrol-211224/11.5.1031.5/Images/ACR-084/ACR-084_2.JPG","230606/clevercontrol-211224/11.5.1031.5/Images/ACR-084/ACR-084_3.JPG","230606/clevercontrol-211224/11.5.1031.5/Images/ACR-084/ACR-084_4.JPG"],"nonDeceptorImageFiles":[],"guid":"316c9eaa-6a87-405d-b166-0383c8605120_11.5.1031.5_1","appID":"clevercontrol-211224","dateAdded":"240620","deceptorType":"App","name":"Clever Control","company":"Clever Control LLC","version":"11.5.1031.5","lastKnownStatus":"11.5.36;11.5.1022.1;11.5.1031.5;11.5.1032.0;11.5.1032.1;11.5.1033.2;11.5.1033.3;11.5.1033.4;11.5.1034.1;11.5.1034.9;11.5.1035.2;11.5.1035.3;11.5.1035.4;11.5.1036.1;11.5.1037.0;11.5.1037.3;11.5.1039.5","lastKnownDate":"240620","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2024-06-20T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":17,"sortOrder":640},{"violations":{"ACR-048":"1. The app enables the consumer to hide the app from the system tray, which limits the targeted consumer's ability to control the app.\n2. The app does not provide any control to disable the startup it created.\n","ACR-007":"1. The app enables the consumer to hide it from the system tray, the desktop, and the installed apps list, which prevents the targeted consumer from being aware of the app's presence. The  app does not display explicit notification when it is running and requires a password to open it.\n2. The app attempts to evade security investigations by modifying installer and main file hash per download from it’s landing page.\n","ACR-084":"1. The app enables the installing consumer to hide the app from the targeted consumer: it prevents the app from showing in the system tray and control panel. The app uses a password to hide its presence.\n2. The app creates a startup item without the user's knowledge and consent.\n","ACR-086":"The app does not inform the targeted consumer who it is transmitting its data to. The app does not inform the targeted consumer how it collects data and it uses a password to hide its presence.\n","ACR-097":"The app attempts to evade security investigations by modifying installer and main file hash per download from it’s landing page.\n","ACR-116":"The app enables the consumer to hide it from the targeted consumer, which prevents them from uninstalling it using platform standard features.\n","ACR-014":"The app calls itself \"clvhost.exe” which is not related to the app's name.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"C:\\ProgramData\\{FO16FA1A-AA91-C56A-654F-E3865DA10DAT}\\clvhost.exe","companyName":"CLEVERCONTROL LLC","productName":"clvhost","productVersion":"11.5.1032.1","fileVersion":"11.5.1032.1","hashMD5":"d6ac1b7e2bc61efd300f79dae276dad6","hashSHA1":"be0a3fd2c494ae725da5ce709507c3330e7e686a","hashSHA256":"684ea5e7545a247c614e13c37d7200a207a1875372a4107401ff5f24a693d4a3","digitalCertThumbprint":"BE8B670DF23AE7AED8D726ADD008C18760F8FF1A","digitalCertIssuer":"GlobalSign GCC R45 CodeSigning CA 2020","digitalCertIssuedTo":"CLEVERCONTROL LLC","storeId":"","sourceIndex":"1051","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"CleverControl .NET for tolofi4473@soremap.com.msi","isInstaller":"True","companyName":"CLEVERCONTROL LLC","productVersion":"11.5.1032.1","fileVersion":"11.5.1032.1","hashMD5":"1b0a61a01d1a0840f1e309e399f285d6","hashSHA1":"8e2c1fc716a7c4f77b8b99262f557b9255d053f8","hashSHA256":"0da73a1cf1b3003e812d129df1af3b4e60f6eaf59f961a8c4027ba2632cf161b","digitalCertThumbprint":"BE8B670DF23AE7AED8D726ADD008C18760F8FF1A","digitalCertIssuer":"GlobalSign GCC R45 CodeSigning CA 2020","digitalCertIssuedTo":"CLEVERCONTROL LLC","sourceIndex":"1051","avBlockList":["360 Total Security (20240509)","Avast Premium Security (20240509)","AVG Internet Security (20240509)","Avira Internet Security (20240509)","COMODO Antivirus (20240509)","Dr.Web Security Space (20240509)","ESET Internet Security (20240509)","G DATA INTERNET SECURITY (20240509)","K7 Total Security (20240509)","Kaspersky Internet Security (20240509)","Malwarebytes Premium (20240509)","McAfee Total Protection (20240509)","Norton Security (20240509)","Panda Dome (20240509)","Quick Heal Internet Security (20240509)","Sophos Home Premium (20240509)","SpyHunter5 (20240509)","Total AV Antivirus Pro (20240509)","VirIT eXplorer PRO (20240509)","Webroot SecureAnywhere (20240509)"],"avAllowList":["Bitdefender Internet Security (20240509)","Trend Micro Internet Security (20240509)","VIPRE Advanced Security (20240509)","Windows Defender (20240509)"]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on keylogger app","reference":"","landingPage":"https://clevercontrol.com/","directDownloadingLink":"https://clevercontrol.pro/download-dotnet/tolofi4473@soremap.com","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://clevercontrol.pro/download-dotnet/tolofi4473@soremap.com","sourceIndex":"1051"}],"sampleFiles":["230614/clevercontrol-211224/11.5.1032.1/Samples/CleverControl .NET for tolofi4473@soremap.com.msi"],"imageFiles":["230614/clevercontrol-211224/11.5.1032.1/Images/ACR-116/ACR-116.JPG","230614/clevercontrol-211224/11.5.1032.1/Images/ACR-014/ACR-014.JPG","230614/clevercontrol-211224/11.5.1032.1/Images/ACR-007/ACR-007.JPG","230614/clevercontrol-211224/11.5.1032.1/Images/ACR-007/ACR-007_1.JPG","230614/clevercontrol-211224/11.5.1032.1/Images/ACR-007/ACR-007_2.JPG","230614/clevercontrol-211224/11.5.1032.1/Images/ACR-048/ACR-048.JPG","230614/clevercontrol-211224/11.5.1032.1/Images/ACR-048/ACR-048_1.JPG","230614/clevercontrol-211224/11.5.1032.1/Images/ACR-048/ACR-048_2.JPG","230614/clevercontrol-211224/11.5.1032.1/Images/ACR-097/ACR-097.JPG","230614/clevercontrol-211224/11.5.1032.1/Images/ACR-086/ACR-086.JPG","230614/clevercontrol-211224/11.5.1032.1/Images/ACR-086/ACR-086_1.JPG","230614/clevercontrol-211224/11.5.1032.1/Images/ACR-084/ACR-084.JPG","230614/clevercontrol-211224/11.5.1032.1/Images/ACR-084/ACR-084_1.JPG","230614/clevercontrol-211224/11.5.1032.1/Images/ACR-084/ACR-084_2.JPG","230614/clevercontrol-211224/11.5.1032.1/Images/ACR-084/ACR-084_3.JPG","230614/clevercontrol-211224/11.5.1032.1/Images/ACR-084/ACR-084_4.JPG"],"nonDeceptorImageFiles":[],"guid":"316c9eaa-6a87-405d-b166-0383c8605120_11.5.1032.1_1","appID":"clevercontrol-211224","dateAdded":"240620","deceptorType":"App","name":"Clever Control","company":"Clever Control LLC","version":"11.5.1032.1","lastKnownStatus":"11.5.36;11.5.1022.1;11.5.1031.5;11.5.1032.0;11.5.1032.1;11.5.1033.2;11.5.1033.3;11.5.1033.4;11.5.1034.1;11.5.1034.9;11.5.1035.2;11.5.1035.3;11.5.1035.4;11.5.1036.1;11.5.1037.0;11.5.1037.3;11.5.1039.5","lastKnownDate":"240620","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2024-06-20T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":17,"sortOrder":639},{"violations":{"ACR-048":"1. The app enables the consumer to hide the app from the system tray, which limits the targeted consumer's ability to control the app.\n2. The app does not provide any control to disable the startup it created.\n","ACR-007":"1. The app enables the consumer to hide it from the system tray, the desktop, and the installed apps list, which prevents the targeted consumer from being aware of the app's presence. The  app does not display explicit notification when it is running and requires a password to open it.\n2. The app attempts to evade security investigations by modifying installer and main file hash per download from it’s landing page.\n","ACR-084":"1. The app enables the installing consumer to hide the app from the targeted consumer: it prevents the app from showing in the system tray and control panel. The app uses a password to hide its presence.\n2. The app creates a startup item without the user's knowledge and consent.\n","ACR-086":"The app does not inform the targeted consumer who it is transmitting its data to. The app does not inform the targeted consumer how it collects data and it uses a password to hide its presence.\n","ACR-097":"The app attempts to evade security investigations by modifying installer and main file hash per download from it’s landing page.\n","ACR-116":"The app enables the consumer to hide it from the targeted consumer, which prevents them from uninstalling it using platform standard features.\n","ACR-014":"The app calls itself \"clvhost.exe” which is not related to the app's name.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"C:\\ProgramData\\{FO16FA1A-AA91-C56A-654F-E3865DA10DAT}\\clvhost.exe","companyName":"CLEVERCONTROL LLC","productName":"clvhost","productVersion":"11.5.1033.2","fileVersion":"11.5.1033.2","hashMD5":"e345d98ea20f5e70f44a69e728ea0b0b","hashSHA1":"7180f03af3735a9d52ae5f1a0121912db07ed8f0","hashSHA256":"1adf82e03473e54aa3787c07bd9ccf65a1a6be8f5d6c3562c3441b38a70e192d","digitalCertThumbprint":"BE8B670DF23AE7AED8D726ADD008C18760F8FF1A","digitalCertIssuer":"GlobalSign GCC R45 CodeSigning CA 2020","digitalCertIssuedTo":"CLEVERCONTROL LLC","storeId":"","sourceIndex":"977","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"CleverControl .NET for fijepit901@kameili.com.msi","isInstaller":"True","companyName":"CLEVERCONTROL LLC","productVersion":"11.5.1033.2","fileVersion":"11.5.1033.2","hashMD5":"345f6e0f10266d42306ed008c86a33f9","hashSHA1":"beed295cff707c8c828a4ab38232d1847c448dae","hashSHA256":"66e827f6a24052db07525455dc274e4e7e517fc991e061e9e369efccf0572dd0","digitalCertThumbprint":"BE8B670DF23AE7AED8D726ADD008C18760F8FF1A","digitalCertIssuer":"GlobalSign GCC R45 CodeSigning CA 2020","digitalCertIssuedTo":"CLEVERCONTROL LLC","sourceIndex":"977","avBlockList":["Avast Premium Security (20230815)","AVG Internet Security (20230815)","Avira Internet Security (20230815)","COMODO Antivirus (20230815)","Dr.Web Security Space (20230815)","ESET Internet Security (20230815)","G DATA INTERNET SECURITY (20230815)","K7 Total Security (20230815)","Kaspersky Internet Security (20230815)","Malwarebytes Premium (20230815)","Norton Security (20230815)","Quick Heal Internet Security (20230815)","Sophos Home Premium (20230815)","SpyHunter5 (20230815)","Total AV Antivirus Pro (20230815)","VirIT eXplorer PRO (20230815)","Webroot SecureAnywhere (20230815)"],"avAllowList":["360 Total Security (20230815)","Bitdefender Internet Security (20230815)","McAfee Total Protection (20230815)","Panda Dome (20230815)","Trend Micro Internet Security (20230815)","VIPRE Advanced Security (20230815)","Windows Defender (20230815)"]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on windows app","reference":"","landingPage":"https://clevercontrol.com/","directDownloadingLink":"https://clevercontrol.net/win/?email=fijepit901@kameili.com","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://clevercontrol.net/win/?email=fijepit901@kameili.com","sourceIndex":"977"}],"sampleFiles":["230717/clevercontrol-211224/11.5.1033.2/Samples/CleverControl .NET for fijepit901@kameili.com.msi"],"imageFiles":["230717/clevercontrol-211224/11.5.1033.2/Images/ACR-116/ACR-116_Uninstall_1.png","230717/clevercontrol-211224/11.5.1033.2/Images/ACR-014/ACR-014_Software_1.png","230717/clevercontrol-211224/11.5.1033.2/Images/ACR-007/ACR-007_Software_1.png","230717/clevercontrol-211224/11.5.1033.2/Images/ACR-007/ACR-007_Software_2.png","230717/clevercontrol-211224/11.5.1033.2/Images/ACR-007/ACR-007_Software_3.png","230717/clevercontrol-211224/11.5.1033.2/Images/ACR-007/ACR-007_Software_4.png","230717/clevercontrol-211224/11.5.1033.2/Images/ACR-048/ACR-048_Software_1.png","230717/clevercontrol-211224/11.5.1033.2/Images/ACR-048/ACR-048_Software_2.png","230717/clevercontrol-211224/11.5.1033.2/Images/ACR-048/ACR-048_Software_3.png","230717/clevercontrol-211224/11.5.1033.2/Images/ACR-097/ACR-097_Software_1.png","230717/clevercontrol-211224/11.5.1033.2/Images/ACR-086/ACR-086_Software_1.png","230717/clevercontrol-211224/11.5.1033.2/Images/ACR-086/ACR-086_Software_2.png","230717/clevercontrol-211224/11.5.1033.2/Images/ACR-084/ACR-084_Software_1.png","230717/clevercontrol-211224/11.5.1033.2/Images/ACR-084/ACR-084_Software_2.png","230717/clevercontrol-211224/11.5.1033.2/Images/ACR-084/ACR-084_Software_3.png","230717/clevercontrol-211224/11.5.1033.2/Images/ACR-084/ACR-084_Software_4.png","230717/clevercontrol-211224/11.5.1033.2/Images/ACR-084/ACR-084_Software_5.png"],"nonDeceptorImageFiles":[],"guid":"316c9eaa-6a87-405d-b166-0383c8605120_11.5.1033.2_1","appID":"clevercontrol-211224","dateAdded":"240620","deceptorType":"App","name":"Clever Control","company":"Clever Control LLC","version":"11.5.1033.2","lastKnownStatus":"11.5.36;11.5.1022.1;11.5.1031.5;11.5.1032.0;11.5.1032.1;11.5.1033.2;11.5.1033.3;11.5.1033.4;11.5.1034.1;11.5.1034.9;11.5.1035.2;11.5.1035.3;11.5.1035.4;11.5.1036.1;11.5.1037.0;11.5.1037.3;11.5.1039.5","lastKnownDate":"240620","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2024-06-20T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":17,"sortOrder":638},{"violations":{"ACR-048":"1. The app enables the consumer to hide the app from the system tray, which limits the targeted consumer's ability to control the app.\n2. The app does not provide any control to disable the startup it created.\n","ACR-007":"1. The app enables the consumer to hide it from the system tray, the desktop, and the installed apps list, which prevents the targeted consumer from being aware of the app's presence. The  app does not display explicit notification when it is running and requires a password to open it.\n2. The app attempts to evade security investigations by modifying installer and main file hash per download from it’s landing page.\n","ACR-084":"1. The app enables the installing consumer to hide the app from the targeted consumer: it prevents the app from showing in the system tray and control panel. The app uses a password to hide its presence.\n2. The app creates a startup item without the user's knowledge and consent.\n","ACR-086":"The app does not inform the targeted consumer who it is transmitting its data to. The app does not inform the targeted consumer how it collects data and it uses a password to hide its presence.\n","ACR-097":"The app attempts to evade security investigations by modifying installer and main file hash per download from it’s landing page.\n","ACR-116":"The app enables the consumer to hide it from the targeted consumer, which prevents them from uninstalling it using platform standard features.\n","ACR-014":"The app calls itself \"clvhost.exe” which is not related to the app's name.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"C:\\ProgramData\\{FO16FA1A-AA91-C56A-654F-E3865DA10DAT}\\clvhost.exe","companyName":"CLEVERCONTROL LLC","productName":"clvhost","productVersion":"11.5.1033.3","fileVersion":"11.5.1033.3","hashMD5":"1e0883046af0f911f5f4b22d466c7d7a","hashSHA1":"f77bc64e42326805a1402120fa075571865683f3","hashSHA256":"ac13fe1d67a45a0825570d92b5318ba3d2e23ac648a42f0c7a8ff6f4480a4b8a","digitalCertThumbprint":"BE8B670DF23AE7AED8D726ADD008C18760F8FF1A","digitalCertIssuer":"GlobalSign GCC R45 CodeSigning CA 2020","digitalCertIssuedTo":"CLEVERCONTROL LLC","storeId":"","sourceIndex":"922","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"CleverControl .NET for famat12848@bagonew.com.msi","isInstaller":"True","companyName":"CLEVERCONTROL LLC","productVersion":"11.5.1033.3","fileVersion":"11.5.1033.3","hashMD5":"a7d91be04bcd8cadcb432f99efccdef4","hashSHA1":"da954feff25898a19bd01cf2877116dbb7e3ce98","hashSHA256":"2239c1f120f2177e0b931ee88e817fe9ca161a13368910d82d7c3fa4e4e63451","digitalCertThumbprint":"BE8B670DF23AE7AED8D726ADD008C18760F8FF1A","digitalCertIssuer":"GlobalSign GCC R45 CodeSigning CA 2020","digitalCertIssuedTo":"CLEVERCONTROL LLC","sourceIndex":"922","avBlockList":["360 Total Security (20240606)","Avast Premium Security (20240606)","AVG Internet Security (20240606)","Avira Internet Security (20240606)","Bitdefender Internet Security (20240606)","COMODO Antivirus (20240606)","Dr.Web Security Space (20240606)","ESET Internet Security (20240606)","G DATA INTERNET SECURITY (20240606)","K7 Total Security (20240606)","Kaspersky Internet Security (20240606)","Malwarebytes Premium (20240606)","McAfee Total Protection (20240606)","Norton Security (20240606)","Panda Dome (20240606)","Quick Heal Internet Security (20240606)","Sophos Home Premium (20240606)","SpyHunter5 (20240606)","Total AV Antivirus Pro (20240606)","VirIT eXplorer PRO (20240606)","Webroot SecureAnywhere (20240606)"],"avAllowList":["Trend Micro Internet Security (20240606)","VIPRE Advanced Security (20240606)","Windows Defender (20240606)"]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on keylogger app","reference":"","landingPage":"https://clevercontrol.com/","directDownloadingLink":"https://clevercontrol.net/win/?email=famat12848@bagonew.com","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://clevercontrol.net/win/?email=famat12848@bagonew.com","sourceIndex":"922"}],"sampleFiles":["231026/clevercontrol-211224/11.5.1033.3/Samples/CleverControl .NET for famat12848@bagonew.com.msi"],"imageFiles":["231026/clevercontrol-211224/11.5.1033.3/Images/ACR-116/ACR-116.PNG","231026/clevercontrol-211224/11.5.1033.3/Images/ACR-014/ACR-014.PNG","231026/clevercontrol-211224/11.5.1033.3/Images/ACR-007/ACR-007.PNG","231026/clevercontrol-211224/11.5.1033.3/Images/ACR-007/ACR-007_1.PNG","231026/clevercontrol-211224/11.5.1033.3/Images/ACR-007/ACR-007_2.PNG","231026/clevercontrol-211224/11.5.1033.3/Images/ACR-007/ACR-007_3.PNG","231026/clevercontrol-211224/11.5.1033.3/Images/ACR-048/ACR-048.PNG","231026/clevercontrol-211224/11.5.1033.3/Images/ACR-048/ACR-048_1.PNG","231026/clevercontrol-211224/11.5.1033.3/Images/ACR-048/ACR-048_2.PNG","231026/clevercontrol-211224/11.5.1033.3/Images/ACR-097/ACR-097.PNG","231026/clevercontrol-211224/11.5.1033.3/Images/ACR-086/ACR-086.PNG","231026/clevercontrol-211224/11.5.1033.3/Images/ACR-086/ACR-086_1.PNG","231026/clevercontrol-211224/11.5.1033.3/Images/ACR-084/ACR-084.PNG","231026/clevercontrol-211224/11.5.1033.3/Images/ACR-084/ACR-084_1.PNG","231026/clevercontrol-211224/11.5.1033.3/Images/ACR-084/ACR-084_2.PNG","231026/clevercontrol-211224/11.5.1033.3/Images/ACR-084/ACR-084_3.PNG","231026/clevercontrol-211224/11.5.1033.3/Images/ACR-084/ACR-084_4.PNG"],"nonDeceptorImageFiles":[],"guid":"316c9eaa-6a87-405d-b166-0383c8605120_11.5.1033.3_1","appID":"clevercontrol-211224","dateAdded":"240620","deceptorType":"App","name":"Clever Control","company":"Clever Control LLC","version":"11.5.1033.3","lastKnownStatus":"11.5.36;11.5.1022.1;11.5.1031.5;11.5.1032.0;11.5.1032.1;11.5.1033.2;11.5.1033.3;11.5.1033.4;11.5.1034.1;11.5.1034.9;11.5.1035.2;11.5.1035.3;11.5.1035.4;11.5.1036.1;11.5.1037.0;11.5.1037.3;11.5.1039.5","lastKnownDate":"240620","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2024-06-20T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":17,"sortOrder":637},{"violations":{"ACR-048":"1. The app enables the consumer to hide the app from the control panel and system tray, which limits the targeted consumer's ability to control the app.\n2. The app does not provide any control to disable the startup it created.\n","ACR-007":"1. The app enables the consumer to hide it from the system tray, the desktop, and the installed apps list, which prevents the targeted consumer from being aware of the app's presence. The  app does not display explicit notification when it is running and requires a password to open it.\n2. The app attempts to evade security investigations by modifying installer and main file hash per download from it’s landing page.\n","ACR-084":"1. The app enables the installing consumer to hide the app from the targeted consumer: it prevents the app from showing in the system tray and control panel. The app uses a password to hide its presence.\n2. The app creates a startup item without the user's knowledge and consent.\n","ACR-086":"The app does not inform the targeted consumer who it is transmitting its data to. The app does not inform the targeted consumer how it collects data and it uses a password to hide its presence.\n","ACR-097":"The app attempts to evade security investigations by modifying installer and main file hash per download from it’s landing page.\n","ACR-116":"The app enables the consumer to hide it from the targeted consumer, which prevents them from uninstalling it using platform standard features.\n","ACR-014":"The app calls itself \"clvhost.exe” which is not related to the app's name.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"C:\\ProgramData\\{FO16FA1A-AA91-C56A-654F-E3865DA10DAT}\\clvhost.exe","companyName":"CLEVERCONTROL LLC","productName":"clvhost","productVersion":"11.5.1033.4","fileVersion":"11.5.1033.4","hashMD5":"c583ca3cfc009c8b657c81d4242cc491","hashSHA1":"72f56a492f02f9b972e4274bda85ef924ac6baf2","hashSHA256":"4dbb47d800c9860d06d4aa6eb7c6399f115d81cd7d8135acacb471956d61a5bf","digitalCertThumbprint":"BE8B670DF23AE7AED8D726ADD008C18760F8FF1A","digitalCertIssuer":"GlobalSign GCC R45 CodeSigning CA 2020","digitalCertIssuedTo":"CLEVERCONTROL LLC","storeId":"","sourceIndex":"879","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"CleverControl .NET for piwev99103@cdeter.com.msi","isInstaller":"True","companyName":"CLEVERCONTROL LLC","productVersion":"11.5.1033.4","fileVersion":"11.5.1033.4","hashMD5":"95ed24a4834c4b1e9841cab1399537f0","hashSHA1":"c909e1b7ebd72855729730a013faa0bce3795c27","hashSHA256":"737864599ec7a80c3c1a3d6af89f49fb464560087c25e021941e4f8b07bcffe5","digitalCertThumbprint":"BE8B670DF23AE7AED8D726ADD008C18760F8FF1A","digitalCertIssuer":"GlobalSign GCC R45 CodeSigning CA 2020","digitalCertIssuedTo":"CLEVERCONTROL LLC","sourceIndex":"879","avBlockList":["360 Total Security (20240130)","Avast Premium Security (20240130)","AVG Internet Security (20240130)","Avira Internet Security (20240130)","COMODO Antivirus (20240130)","Dr.Web Security Space (20240130)","ESET Internet Security (20240130)","G DATA INTERNET SECURITY (20240130)","K7 Total Security (20240130)","Kaspersky Internet Security (20240130)","Malwarebytes Premium (20240130)","Norton Security (20240130)","Panda Dome (20240130)","Quick Heal Internet Security (20240130)","Sophos Home Premium (20240130)","SpyHunter5 (20240130)","Total AV Antivirus Pro (20240130)","VirIT eXplorer PRO (20240130)","Webroot SecureAnywhere (20240130)"],"avAllowList":["Bitdefender Internet Security (20240130)","McAfee Total Protection (20240130)","Trend Micro Internet Security (20240130)","VIPRE Advanced Security (20240130)","Windows Defender (20240130)"]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on windows app","reference":"","landingPage":"https://clevercontrol.com/","directDownloadingLink":"https://clevercontrol.net/win/?email=piwev99103%40cdeter.com","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://clevercontrol.net/win/?email=piwev99103%40cdeter.com","sourceIndex":"879"}],"sampleFiles":["231002/clevercontrol-211224/11.5.1033.4/Samples/CleverControl .NET for piwev99103@cdeter.com.msi"],"imageFiles":["231002/clevercontrol-211224/11.5.1033.4/Images/ACR-116/ACR-116.PNG","231002/clevercontrol-211224/11.5.1033.4/Images/ACR-014/ACR-014.PNG","231002/clevercontrol-211224/11.5.1033.4/Images/ACR-007/ACR-007.PNG","231002/clevercontrol-211224/11.5.1033.4/Images/ACR-007/ACR-007_1.PNG","231002/clevercontrol-211224/11.5.1033.4/Images/ACR-007/ACR-007_2.PNG","231002/clevercontrol-211224/11.5.1033.4/Images/ACR-007/ACR-007_3.PNG","231002/clevercontrol-211224/11.5.1033.4/Images/ACR-048/ACR-048.PNG","231002/clevercontrol-211224/11.5.1033.4/Images/ACR-048/ACR-048_1.PNG","231002/clevercontrol-211224/11.5.1033.4/Images/ACR-048/ACR-048_2.PNG","231002/clevercontrol-211224/11.5.1033.4/Images/ACR-048/ACR-048_3.PNG","231002/clevercontrol-211224/11.5.1033.4/Images/ACR-097/ACR-097.PNG","231002/clevercontrol-211224/11.5.1033.4/Images/ACR-086/ACR-086.PNG","231002/clevercontrol-211224/11.5.1033.4/Images/ACR-086/ACR-086_1.PNG","231002/clevercontrol-211224/11.5.1033.4/Images/ACR-084/ACR-084.PNG","231002/clevercontrol-211224/11.5.1033.4/Images/ACR-084/ACR-084_1.PNG","231002/clevercontrol-211224/11.5.1033.4/Images/ACR-084/ACR-084_2.PNG","231002/clevercontrol-211224/11.5.1033.4/Images/ACR-084/ACR-084_3.PNG","231002/clevercontrol-211224/11.5.1033.4/Images/ACR-084/ACR-084_4.PNG"],"nonDeceptorImageFiles":[],"guid":"316c9eaa-6a87-405d-b166-0383c8605120_11.5.1033.4_1","appID":"clevercontrol-211224","dateAdded":"240620","deceptorType":"App","name":"Clever Control","company":"Clever Control LLC","version":"11.5.1033.4","lastKnownStatus":"11.5.36;11.5.1022.1;11.5.1031.5;11.5.1032.0;11.5.1032.1;11.5.1033.2;11.5.1033.3;11.5.1033.4;11.5.1034.1;11.5.1034.9;11.5.1035.2;11.5.1035.3;11.5.1035.4;11.5.1036.1;11.5.1037.0;11.5.1037.3;11.5.1039.5","lastKnownDate":"240620","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2024-06-20T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":17,"sortOrder":636},{"violations":{"ACR-048":"1. The app enables the consumer to hide the app from the system tray, the desktop, and the control panel, which limits the targeted consumer's ability to control the app.\n2. The app does not provide any control to disable the startup it created.\n","ACR-007":"1. The app enables the consumer to hide it from the system tray, the desktop, and the installed apps list, which prevents the targeted consumer from being aware of the app's presence. The app does not display explicit notifications when it is running and requires a password to open it.\n2. The app attempts to evade security investigations by modifying the installer and main file hash per download from its landing page.\n","ACR-084":"1. The app enables the installing consumer to hide the app from the targeted consumer: it prevents the app from showing in the system tray, the desktop, and the control panel. The app uses a password to hide its presence.\n2. The app creates a startup item without the user's knowledge and consent.\n","ACR-086":"The app does not inform the targeted consumer who it is transmitting its data to. The app does not inform the targeted consumer how it collects data and it uses a password to hide its presence.\n","ACR-097":"The app attempts to evade security investigations by modifying installer and main file hash per download from it’s landing page.\n","ACR-116":"The app enables the consumer to hide it from the targeted consumer, which prevents them from uninstalling it using platform standard features.\n","ACR-014":"The app calls itself \"clvhost.exe” which is not related to the app's name.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"C:\\ProgramData\\{FO16FA1A-AA91-C56A-654F-E3865DA10DAT}\\clvhost.exe","companyName":"CLEVERCONTROL LLC","productName":"clvhost","productVersion":"11.5.1034.1","fileVersion":"11.5.1034.1","hashMD5":"c8f33f528534535ce0617ae865738268","hashSHA1":"01decac94d6a710f0efb4102ed6f3d38c84da2b2","hashSHA256":"49facea27323c284aa536191887b7ab29e8cb917466f7d7ffccb6da1934b0abf","digitalCertThumbprint":"BE8B670DF23AE7AED8D726ADD008C18760F8FF1A","digitalCertIssuer":"GlobalSign GCC R45 CodeSigning CA 2020","digitalCertIssuedTo":"CLEVERCONTROL LLC","storeId":"","sourceIndex":"840","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"CleverControl .NET for jejoda1087@wermink.com.msi","isInstaller":"True","companyName":"CLEVERCONTROL LLC","productVersion":"11.5.1034.1","fileVersion":"11.5.1034.1","hashMD5":"4f5c16ab6128ec2708fc3a776dc16f56","hashSHA1":"026976d29849ff66d5a0ab39a8dafec088bd2e96","hashSHA256":"5e88392f08093e107931de4429609bca09bb205e4f378d1eaaf2817220649d0a","digitalCertThumbprint":"BE8B670DF23AE7AED8D726ADD008C18760F8FF1A","digitalCertIssuer":"GlobalSign GCC R45 CodeSigning CA 2020","digitalCertIssuedTo":"CLEVERCONTROL LLC","sourceIndex":"840","avBlockList":["360 Total Security (20240808)","Avast Premium Security (20240808)","AVG Internet Security (20240808)","Avira Internet Security (20240808)","Bitdefender Internet Security (20240808)","COMODO Antivirus (20240808)","Dr.Web Security Space (20240808)","ESET Internet Security (20240808)","G DATA INTERNET SECURITY (20240808)","K7 Total Security (20240808)","Kaspersky Internet Security (20240528)","Malwarebytes Premium (20240808)","Norton Security (20240808)","Panda Dome (20240808)","Quick Heal Internet Security (20240808)","Sophos Home Premium (20240808)","SpyHunter5 (20240808)","Total AV Antivirus Pro (20240808)","VirIT eXplorer PRO (20240808)","Webroot SecureAnywhere (20240808)","FortectPremium (20240808)","KasperskyPremium (20240808)"],"avAllowList":["McAfee Total Protection (20240808)","Trend Micro Internet Security (20240808)","VIPRE Advanced Security (20240808)","Windows Defender (20240808)"]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on windows app","reference":"","landingPage":"https://clevercontrol.com/","directDownloadingLink":"https://clevercontrol.net/win/?email=jejoda1087%wermink.com","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://clevercontrol.net/win/?email=jejoda1087%wermink.com","sourceIndex":"840"}],"sampleFiles":["231026/clevercontrol-211224/11.5.1034.1/Samples/CleverControl .NET for jejoda1087@wermink.com.msi"],"imageFiles":["231026/clevercontrol-211224/11.5.1034.1/Images/ACR-116/ACR-116.PNG","231026/clevercontrol-211224/11.5.1034.1/Images/ACR-014/ACR-014.PNG","231026/clevercontrol-211224/11.5.1034.1/Images/ACR-007/ACR-007.PNG","231026/clevercontrol-211224/11.5.1034.1/Images/ACR-007/ACR-007_1.PNG","231026/clevercontrol-211224/11.5.1034.1/Images/ACR-007/ACR-007_2.PNG","231026/clevercontrol-211224/11.5.1034.1/Images/ACR-007/ACR-007_3.PNG","231026/clevercontrol-211224/11.5.1034.1/Images/ACR-048/ACR-048.PNG","231026/clevercontrol-211224/11.5.1034.1/Images/ACR-048/ACR-048_1.PNG","231026/clevercontrol-211224/11.5.1034.1/Images/ACR-048/ACR-048_2.PNG","231026/clevercontrol-211224/11.5.1034.1/Images/ACR-048/ACR-048_3.PNG","231026/clevercontrol-211224/11.5.1034.1/Images/ACR-097/ACR-097.PNG","231026/clevercontrol-211224/11.5.1034.1/Images/ACR-086/ACR-086.PNG","231026/clevercontrol-211224/11.5.1034.1/Images/ACR-086/ACR-086_1.PNG","231026/clevercontrol-211224/11.5.1034.1/Images/ACR-084/ACR-084.PNG","231026/clevercontrol-211224/11.5.1034.1/Images/ACR-084/ACR-084_1.PNG","231026/clevercontrol-211224/11.5.1034.1/Images/ACR-084/ACR-084_2.PNG","231026/clevercontrol-211224/11.5.1034.1/Images/ACR-084/ACR-084_3.PNG","231026/clevercontrol-211224/11.5.1034.1/Images/ACR-084/ACR-084_4.PNG"],"nonDeceptorImageFiles":[],"guid":"316c9eaa-6a87-405d-b166-0383c8605120_11.5.1034.1_1","appID":"clevercontrol-211224","dateAdded":"240620","deceptorType":"App","name":"Clever Control","company":"Clever Control LLC","version":"11.5.1034.1","lastKnownStatus":"11.5.36;11.5.1022.1;11.5.1031.5;11.5.1032.0;11.5.1032.1;11.5.1033.2;11.5.1033.3;11.5.1033.4;11.5.1034.1;11.5.1034.9;11.5.1035.2;11.5.1035.3;11.5.1035.4;11.5.1036.1;11.5.1037.0;11.5.1037.3;11.5.1039.5","lastKnownDate":"240620","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2024-06-20T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":17,"sortOrder":635},{"violations":{"ACR-048":"1. The app enables the consumer to hide the app from the system tray, the desktop, and the control panel, which limits the targeted consumer's ability to control the app. The app uses a password to hide its presence.\n2. The app does not provide any control to disable the startup it created.\n","ACR-007":"The app enables the consumer to hide it from the system tray, the desktop, and the installed apps list, which prevents the targeted consumer from being aware of the app's presence. The app does not display explicit notifications when it is running and requires a password to open it.\n\n","ACR-084":"1. The app enables the installing consumer to hide the app from the targeted consumer: it prevents the app from showing in the system tray, the desktop, and the control panel. The app uses a password to hide its presence.\n2. The app creates a startup item without the user's knowledge and consent.\n","ACR-086":"The app does not inform the targeted consumer who it is transmitting its data to. The app does not inform the targeted consumer how it collects data and it uses a password to hide its presence.\n","ACR-097":"The app attempts to evade security investigations by modifying the installer and main file hash per download from its landing page.\n","ACR-116":"The app enables the consumer to hide it from the targeted consumer, which prevents them from uninstalling it using platform standard features.\n","ACR-014":"The app calls itself \"clvhost.exe” which is not related to the app's name.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"C:\\ProgramData\\{FO16FA1A-AA91-C56A-654F-E3865DA10DAT}\\clvhost.exe","companyName":"CLEVERCONTROL LLC","productName":"clvhost","productVersion":"11.5.1035.4","fileVersion":"11.5.1035.4","hashMD5":"5ff1c2949661c9d363cba19a2a8a23be","hashSHA1":"45c2252aa2636b9f489e7ceb9d4222fc9bf66ab4","hashSHA256":"532010696287ec0b3b5ea2ce83a4f25b0c65e63a72df6c182285fcfbe0daea5a","digitalCertThumbprint":"5CBB692CC5CC069030018BC2664E4E814831A0F3","digitalCertIssuer":"GlobalSign GCC R45 CodeSigning CA 2020","digitalCertIssuedTo":"CLEVERCONTROL LLC","storeId":"","sourceIndex":"723","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"CleverControl .NET for hebekol984@comsb.com.msi","isInstaller":"True","companyName":"CLEVERCONTROL LLC","productVersion":"11.5.1035.4","fileVersion":"11.5.1035.4","hashMD5":"5cca45a08aaa161ab5e0f4f61eadd405","hashSHA1":"aa1bc0963e02fe7d1da3a4efd544324795edf46f","hashSHA256":"5bd6c14ee8547aad4816c510817d8642cfa9e232b9c1a00aeacf8d4dc3e704d2","digitalCertThumbprint":"5CBB692CC5CC069030018BC2664E4E814831A0F3","digitalCertIssuer":"GlobalSign GCC R45 CodeSigning CA 2020","digitalCertIssuedTo":"CLEVERCONTROL LLC","sourceIndex":"723","avBlockList":["360 Total Security (20240730)","Avast Premium Security (20240730)","AVG Internet Security (20240730)","Avira Internet Security (20240730)","Bitdefender Internet Security (20240730)","COMODO Antivirus (20240730)","Dr.Web Security Space (20240730)","ESET Internet Security (20240730)","FortectPremium (20240730)","G DATA INTERNET SECURITY (20240730)","K7 Total Security (20240730)","KasperskyPremium (20240730)","Malwarebytes Premium (20240730)","Norton Security (20240730)","Panda Dome (20240730)","Quick Heal Internet Security (20240730)","Sophos Home Premium (20240730)","SpyHunter5 (20240730)","VIPRE Advanced Security (20240730)","VirIT eXplorer PRO (20240730)","Webroot SecureAnywhere (20240730)","Windows Defender (20240730)"],"avAllowList":["McAfee Total Protection (20240730)","Total AV Antivirus Pro (20240730)","Trend Micro Internet Security (20240730)"]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on windows app","reference":"","landingPage":"https://clevercontrol.com/","directDownloadingLink":"https://clevercontrol.pro/download-dotnet/hebekol984@comsb.com","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://clevercontrol.pro/download-dotnet/hebekol984@comsb.com","sourceIndex":"723"}],"sampleFiles":["240304/clevercontrol-211224/11.5.1035.4/Samples/CleverControl%20.NET%20for%20hebekol984%40comsb.com.msi"],"imageFiles":["240304/clevercontrol-211224/11.5.1035.4/Images/ACR-116/ACR-116.PNG","240304/clevercontrol-211224/11.5.1035.4/Images/ACR-014/ACR-014.PNG","240304/clevercontrol-211224/11.5.1035.4/Images/ACR-007/ACR-007.PNG","240304/clevercontrol-211224/11.5.1035.4/Images/ACR-007/ACR-007_1.PNG","240304/clevercontrol-211224/11.5.1035.4/Images/ACR-007/ACR-007_2.PNG","240304/clevercontrol-211224/11.5.1035.4/Images/ACR-007/ACR-007_3.PNG","240304/clevercontrol-211224/11.5.1035.4/Images/ACR-048/ACR-048.PNG","240304/clevercontrol-211224/11.5.1035.4/Images/ACR-048/ACR-048_1.PNG","240304/clevercontrol-211224/11.5.1035.4/Images/ACR-048/ACR-048_2.PNG","240304/clevercontrol-211224/11.5.1035.4/Images/ACR-048/ACR-048_3.PNG","240304/clevercontrol-211224/11.5.1035.4/Images/ACR-097/ACR-097.PNG","240304/clevercontrol-211224/11.5.1035.4/Images/ACR-086/ACR-086.PNG","240304/clevercontrol-211224/11.5.1035.4/Images/ACR-086/ACR-086_1.PNG","240304/clevercontrol-211224/11.5.1035.4/Images/ACR-084/ACR-084.PNG","240304/clevercontrol-211224/11.5.1035.4/Images/ACR-084/ACR-084_1.PNG","240304/clevercontrol-211224/11.5.1035.4/Images/ACR-084/ACR-084_2.PNG","240304/clevercontrol-211224/11.5.1035.4/Images/ACR-084/ACR-084_3.PNG","240304/clevercontrol-211224/11.5.1035.4/Images/ACR-084/ACR-084_4.PNG"],"nonDeceptorImageFiles":[],"guid":"316c9eaa-6a87-405d-b166-0383c8605120_11.5.1035.4_1","appID":"clevercontrol-211224","dateAdded":"240620","deceptorType":"App","name":"Clever Control","company":"Clever Control LLC","version":"11.5.1035.4","lastKnownStatus":"11.5.36;11.5.1022.1;11.5.1031.5;11.5.1032.0;11.5.1032.1;11.5.1033.2;11.5.1033.3;11.5.1033.4;11.5.1034.1;11.5.1034.9;11.5.1035.2;11.5.1035.3;11.5.1035.4;11.5.1036.1;11.5.1037.0;11.5.1037.3;11.5.1039.5","lastKnownDate":"240620","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2024-06-20T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":17,"sortOrder":631},{"violations":{"ACR-048":"1. The app enables the consumer to hide the app from the system tray, the desktop, and the control panel, which limits the targeted consumer's ability to control the app. The app uses a password to hide its presence.\n2. The app does not provide any control to disable the startup it created.\n","ACR-007":"The app enables the consumer to hide it from the system tray, the desktop, and the installed apps list, which prevents the targeted consumer from being aware of the app's presence. The app does not display explicit notifications when it is running and requires a password to open it.\n\n","ACR-084":"1. The app enables the installing consumer to hide the app from the targeted consumer: it prevents the app from showing in the system tray, the desktop, and the control panel. The app uses a password to hide its presence.\n2. The app creates a startup item without the user's knowledge and consent.\n","ACR-086":"The app does not inform the targeted consumer who it is transmitting its data to. The app does not inform the targeted consumer how it collects data and it uses a password to hide its presence.\n","ACR-116":"The app enables the consumer to hide it from the targeted consumer, which prevents them from uninstalling it using platform standard features.\n","ACR-014":"The app calls itself \"clvhost.exe” which is not related to the app's name.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"C:\\ProgramData\\{FO16FA1A-AA91-C56A-654F-E3865DA10DAT}\\clvhost.exe","companyName":"CLEVERCONTROL LLC","productName":"clvhost","productVersion":"11.5.1035.2","fileVersion":"11.5.1035.2","hashMD5":"a4ecaf01e5f37a230bce4ab1ef032b2d","hashSHA1":"cbbe47cbde69dbddf55c39dd90786c83c0cd75a3","hashSHA256":"3dd5b055a29983e2ebd9014027e18110fa462fabfe7bf98f5e18c0c8ddb70bf1","digitalCertThumbprint":"5CBB692CC5CC069030018BC2664E4E814831A0F3","digitalCertIssuer":"GlobalSign GCC R45 CodeSigning CA 2020","digitalCertIssuedTo":"CLEVERCONTROL LLC","storeId":"","sourceIndex":"746","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"CleverControl .NET for gidak13474@grassdev.com.msi","isInstaller":"True","companyName":"CLEVERCONTROL LLC","productVersion":"11.5.1035.2","fileVersion":"11.5.1035.2","hashMD5":"ff431a63dbbc3e929497c1907729a09c","hashSHA1":"4e76966e85eb4bd61e565898e2b339f3dfa52a16","hashSHA256":"20ae1c890c3a3549f900cfae5372d3567067da2291db6f6b246b9902b303b7f7","digitalCertThumbprint":"5CBB692CC5CC069030018BC2664E4E814831A0F3","digitalCertIssuer":"GlobalSign GCC R45 CodeSigning CA 2020","digitalCertIssuedTo":"CLEVERCONTROL LLC","sourceIndex":"746","avBlockList":["360 Total Security (20240530)","Avast Premium Security (20240530)","AVG Internet Security (20240530)","Avira Internet Security (20240530)","Bitdefender Internet Security (20240530)","COMODO Antivirus (20240530)","Dr.Web Security Space (20240530)","ESET Internet Security (20240530)","G DATA INTERNET SECURITY (20240530)","K7 Total Security (20240530)","Kaspersky Internet Security (20240530)","Malwarebytes Premium (20240530)","Norton Security (20240530)","Panda Dome (20240530)","Quick Heal Internet Security (20240530)","Sophos Home Premium (20240530)","SpyHunter5 (20240530)","Total AV Antivirus Pro (20240530)","VIPRE Advanced Security (20240530)","VirIT eXplorer PRO (20240530)","Webroot SecureAnywhere (20240530)"],"avAllowList":["McAfee Total Protection (20240530)","Trend Micro Internet Security (20240530)","Windows Defender (20240530)"]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on windows app","reference":"","landingPage":"https://clevercontrol.com/","directDownloadingLink":"https://clevercontrol.net/win/?email=gidak13474%grassdev.com","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://clevercontrol.net/win/?email=gidak13474%grassdev.com","sourceIndex":"746"}],"sampleFiles":["240130/clevercontrol-211224/11.5.1035.2/Samples/CleverControl%20.NET%20for%20gidak13474%40grassdev.com.msi"],"imageFiles":["240130/clevercontrol-211224/11.5.1035.2/Images/ACR-116/ACR-116.PNG","240130/clevercontrol-211224/11.5.1035.2/Images/ACR-014/ACR-014.PNG","240130/clevercontrol-211224/11.5.1035.2/Images/ACR-007/ACR-007.PNG","240130/clevercontrol-211224/11.5.1035.2/Images/ACR-007/ACR-007_1.PNG","240130/clevercontrol-211224/11.5.1035.2/Images/ACR-007/ACR-007_2.PNG","240130/clevercontrol-211224/11.5.1035.2/Images/ACR-048/ACR-048.PNG","240130/clevercontrol-211224/11.5.1035.2/Images/ACR-048/ACR-048_1.PNG","240130/clevercontrol-211224/11.5.1035.2/Images/ACR-048/ACR-048_2.PNG","240130/clevercontrol-211224/11.5.1035.2/Images/ACR-048/ACR-048_3.PNG","240130/clevercontrol-211224/11.5.1035.2/Images/ACR-086/ACR-086.PNG","240130/clevercontrol-211224/11.5.1035.2/Images/ACR-086/ACR-086_1.PNG","240130/clevercontrol-211224/11.5.1035.2/Images/ACR-084/ACR-084.PNG","240130/clevercontrol-211224/11.5.1035.2/Images/ACR-084/ACR-084_1.PNG","240130/clevercontrol-211224/11.5.1035.2/Images/ACR-084/ACR-084_2.PNG","240130/clevercontrol-211224/11.5.1035.2/Images/ACR-084/ACR-084_3.PNG","240130/clevercontrol-211224/11.5.1035.2/Images/ACR-084/ACR-084_4.PNG"],"nonDeceptorImageFiles":[],"guid":"316c9eaa-6a87-405d-b166-0383c8605120_11.5.1035.2_1","appID":"clevercontrol-211224","dateAdded":"240620","deceptorType":"App","name":"Clever Control","company":"Clever Control LLC","version":"11.5.1035.2","lastKnownStatus":"11.5.36;11.5.1022.1;11.5.1031.5;11.5.1032.0;11.5.1032.1;11.5.1033.2;11.5.1033.3;11.5.1033.4;11.5.1034.1;11.5.1034.9;11.5.1035.2;11.5.1035.3;11.5.1035.4;11.5.1036.1;11.5.1037.0;11.5.1037.3;11.5.1039.5","lastKnownDate":"240620","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2024-06-20T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":17,"sortOrder":633},{"violations":{"ACR-048":"1. The app enables the consumer to hide the app from the system tray, the desktop, and the control panel, which limits the targeted consumer's ability to control the app. The app uses a password to hide its presence.\n2. The app does not provide any control to disable the startup it created.\n","ACR-007":"The app enables the consumer to hide it from the system tray, the desktop, and the installed apps list, which prevents the targeted consumer from being aware of the app's presence. The app does not display explicit notifications when it is running and requires a password to open it.\n\n","ACR-084":"1. The app enables the installing consumer to hide the app from the targeted consumer: it prevents the app from showing in the system tray, the desktop, and the control panel. The app uses a password to hide its presence.\n2. The app creates a startup item without the user's knowledge and consent.\n","ACR-086":"The app does not inform the targeted consumer who it is transmitting its data to. The app does not inform the targeted consumer how it collects data and it uses a password to hide its presence.\n","ACR-097":"The app attempts to evade security investigations by modifying the installer and main file hash per download from its landing page.\n","ACR-116":"The app enables the consumer to hide it from the targeted consumer, which prevents them from uninstalling it using platform standard features.\n","ACR-014":"The app calls itself \"clvhost.exe” which is not related to the app's name.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"C:\\ProgramData\\{FO16FA1A-AA91-C56A-654F-E3865DA10DAT}\\clvhost.exe","companyName":"CLEVERCONTROL LLC","productName":"clvhost","productVersion":"11.5.1035.3","fileVersion":"11.5.1035.3","hashMD5":"5f179f658a7ed2c60e0b8e295b194d5d","hashSHA1":"edbe1dbec4af8c8e00ca61c783dfa5506caf3796","hashSHA256":"023cb3ab57c1eb65dbf5d32e460c8d21766116d34408e0e645336b0df3c9354a","digitalCertThumbprint":"5CBB692CC5CC069030018BC2664E4E814831A0F3","digitalCertIssuer":"GlobalSign GCC R45 CodeSigning CA 2020","digitalCertIssuedTo":"CLEVERCONTROL LLC","storeId":"","sourceIndex":"733","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"CleverControl%2520.NET%2520for%2520redires642%2540fahih.comNew.msi","isInstaller":"True","companyName":"CLEVERCONTROL LLC","fileVersion":"0.","hashMD5":"7cb500850b1b08ee49b49b344b301321","hashSHA1":"4acb6661c704c223bbed6235fd0b829ac39418bd","hashSHA256":"945856ae009fbc52d98575a5644dae317edeb24f397f2c2480181197341a369a","digitalCertThumbprint":"5cbb692cc5cc069030018bc2664e4e814831a0f3","digitalCertIssuedTo":"CLEVERCONTROL LLC","sourceIndex":"733","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on windows app","reference":"","landingPage":"https://clevercontrol.com/","directDownloadingLink":"https://dashboard.clevercontrol.com/?from=2024-02-05+00:00:00&to=2024-02-13+21:44:47&period=last_7_days&userIds=[]","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://dashboard.clevercontrol.com/?from=2024-02-05+00:00:00&to=2024-02-13+21:44:47&period=last_7_days&userIds=[]","sourceIndex":"733"}],"sampleFiles":["240214/clevercontrol-211224/11.5.1035.3/Samples/CleverControl%20.NET%20for%20redires642%40fahih.com.msi"],"imageFiles":["240214/clevercontrol-211224/11.5.1035.3/Images/ACR-116/ACR-116.PNG","240214/clevercontrol-211224/11.5.1035.3/Images/ACR-014/ACR-014.PNG","240214/clevercontrol-211224/11.5.1035.3/Images/ACR-007/ACR-007.PNG","240214/clevercontrol-211224/11.5.1035.3/Images/ACR-007/ACR-007_1.PNG","240214/clevercontrol-211224/11.5.1035.3/Images/ACR-007/ACR-007_2.PNG","240214/clevercontrol-211224/11.5.1035.3/Images/ACR-007/ACR-007_3.PNG","240214/clevercontrol-211224/11.5.1035.3/Images/ACR-048/ACR-048.PNG","240214/clevercontrol-211224/11.5.1035.3/Images/ACR-048/ACR-048_1.PNG","240214/clevercontrol-211224/11.5.1035.3/Images/ACR-048/ACR-048_2.PNG","240214/clevercontrol-211224/11.5.1035.3/Images/ACR-048/ACR-048_3.PNG","240214/clevercontrol-211224/11.5.1035.3/Images/ACR-097/ACR-097.PNG","240214/clevercontrol-211224/11.5.1035.3/Images/ACR-086/ACR-086.PNG","240214/clevercontrol-211224/11.5.1035.3/Images/ACR-086/ACR-086_1.PNG","240214/clevercontrol-211224/11.5.1035.3/Images/ACR-084/ACR-084.PNG","240214/clevercontrol-211224/11.5.1035.3/Images/ACR-084/ACR-084_1.PNG","240214/clevercontrol-211224/11.5.1035.3/Images/ACR-084/ACR-084_2.PNG","240214/clevercontrol-211224/11.5.1035.3/Images/ACR-084/ACR-084_3.PNG","240214/clevercontrol-211224/11.5.1035.3/Images/ACR-084/ACR-084_4.PNG"],"nonDeceptorImageFiles":[],"guid":"316c9eaa-6a87-405d-b166-0383c8605120_11.5.1035.3_1","appID":"clevercontrol-211224","dateAdded":"240620","deceptorType":"App","name":"Clever Control","company":"Clever Control LLC","version":"11.5.1035.3","lastKnownStatus":"11.5.36;11.5.1022.1;11.5.1031.5;11.5.1032.0;11.5.1032.1;11.5.1033.2;11.5.1033.3;11.5.1033.4;11.5.1034.1;11.5.1034.9;11.5.1035.2;11.5.1035.3;11.5.1035.4;11.5.1036.1;11.5.1037.0;11.5.1037.3;11.5.1039.5","lastKnownDate":"240620","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2024-06-20T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":17,"sortOrder":632},{"violations":{"ACR-048":"1. The app enables the consumer to hide the app from the system tray, the desktop, and the control panel, which limits the targeted consumer's ability to control the app. The app uses a password to hide its presence.\n2. The app does not provide any control to disable the startup it created.\n","ACR-007":"1. The app enables the consumer to hide it from the system tray, the desktop, and the installed apps list, which prevents the targeted consumer from being aware of the app's presence. The app does not display explicit notifications when it is running and requires a password to open it.\n2. The app attempts to evade security investigations by modifying the installer and main file hash per download from its landing page.\n\n","ACR-084":"1. The app enables the installing consumer to hide the app from the targeted consumer: it prevents the app from showing in the system tray, the desktop, and the control panel. The app uses a password to hide its presence.\n2. The app creates a startup item without the user's knowledge and consent.\n","ACR-086":"The app does not inform the targeted consumer who it is transmitting its data to. The app does not inform the targeted consumer how it collects data and it uses a password to hide its presence.\n","ACR-097":"The app attempts to evade security investigations by modifying the installer and main file hash per download from its landing page.\n","ACR-116":"The app enables the consumer to hide it from the targeted consumer, which prevents them from uninstalling it using platform standard features.\n","ACR-014":"The app calls itself \"clvhost.exe” which is not related to the app's name.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"C:\\ProgramData\\{FO16FA1A-AA91-C56A-654F-E3865DA10DAT}\\clvhost.exe","companyName":"CLEVERCONTROL LLC","productName":"clvhost","productVersion":"11.5.1037.0","fileVersion":"11.5.1037.0","hashMD5":"620bfb74893aec6920f657e2d015ca95","hashSHA1":"d8c6cbd1781173a5ecd108c53a0998a1d52d0510","hashSHA256":"7c6ee4336822cb909a40abae10e21c78757f9bddac87674349259708ca1f7892","digitalCertThumbprint":"5CBB692CC5CC069030018BC2664E4E814831A0F3","digitalCertIssuer":"GlobalSign GCC R45 CodeSigning CA 2020","digitalCertIssuedTo":"CLEVERCONTROL LLC","storeId":"","sourceIndex":"664","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"CleverControl .NET for qazrfv@gmail.com.msi","isInstaller":"True","companyName":"CLEVERCONTROL LLC","productVersion":"11.5.1037.0","fileVersion":"11.5.1037.0","hashMD5":"98ec806d3ad6a75580d4e3aba783458c","hashSHA1":"151542f38a253fe026d41c3eb90ab0ea77942686","hashSHA256":"a461576a259f0700dd5db9a1da006a49e8d10f056b42811d9b8bd4843e144dcb","digitalCertThumbprint":"5CBB692CC5CC069030018BC2664E4E814831A0F3","digitalCertIssuer":"GlobalSign GCC R45 CodeSigning CA 2020","digitalCertIssuedTo":"CLEVERCONTROL LLC","sourceIndex":"664","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on windows app","reference":"","landingPage":"https://clevercontrol.com/","directDownloadingLink":"https://clevercontrol.pro/download-dotnet/qazrfv@gmail.com","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://clevercontrol.pro/download-dotnet/qazrfv@gmail.com","sourceIndex":"664"}],"sampleFiles":["240404/clevercontrol-211224/11.5.1037.0/Samples/CleverControl%20.NET%20for%20qazrfv%40gmail.com.msi"],"imageFiles":["240404/clevercontrol-211224/11.5.1037.0/Images/ACR-116/ACR-116.PNG","240404/clevercontrol-211224/11.5.1037.0/Images/ACR-014/ACR-014.PNG","240404/clevercontrol-211224/11.5.1037.0/Images/ACR-007/ACR-007.PNG","240404/clevercontrol-211224/11.5.1037.0/Images/ACR-007/ACR-007_1.PNG","240404/clevercontrol-211224/11.5.1037.0/Images/ACR-007/ACR-007_2.PNG","240404/clevercontrol-211224/11.5.1037.0/Images/ACR-007/ACR-007_3.PNG","240404/clevercontrol-211224/11.5.1037.0/Images/ACR-048/ACR-048.PNG","240404/clevercontrol-211224/11.5.1037.0/Images/ACR-048/ACR-048_1.PNG","240404/clevercontrol-211224/11.5.1037.0/Images/ACR-048/ACR-048_2.PNG","240404/clevercontrol-211224/11.5.1037.0/Images/ACR-048/ACR-048_3.PNG","240404/clevercontrol-211224/11.5.1037.0/Images/ACR-097/ACR-097.PNG","240404/clevercontrol-211224/11.5.1037.0/Images/ACR-086/ACR-086.PNG","240404/clevercontrol-211224/11.5.1037.0/Images/ACR-086/ACR-086_1.PNG","240404/clevercontrol-211224/11.5.1037.0/Images/ACR-084/ACR-084.PNG","240404/clevercontrol-211224/11.5.1037.0/Images/ACR-084/ACR-084_1.PNG","240404/clevercontrol-211224/11.5.1037.0/Images/ACR-084/ACR-084_2.PNG","240404/clevercontrol-211224/11.5.1037.0/Images/ACR-084/ACR-084_3.PNG","240404/clevercontrol-211224/11.5.1037.0/Images/ACR-084/ACR-084_4.PNG"],"nonDeceptorImageFiles":[],"guid":"316c9eaa-6a87-405d-b166-0383c8605120_11.5.1037.0_1","appID":"clevercontrol-211224","dateAdded":"240620","deceptorType":"App","name":"Clever Control","company":"Clever Control LLC","version":"11.5.1037.0","lastKnownStatus":"11.5.36;11.5.1022.1;11.5.1031.5;11.5.1032.0;11.5.1032.1;11.5.1033.2;11.5.1033.3;11.5.1033.4;11.5.1034.1;11.5.1034.9;11.5.1035.2;11.5.1035.3;11.5.1035.4;11.5.1036.1;11.5.1037.0;11.5.1037.3;11.5.1039.5","lastKnownDate":"240620","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2024-06-20T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":17,"sortOrder":629},{"violations":{"ACR-048":"1. The app enables the consumer to hide the app from the system tray, the desktop, and the control panel, which limits the targeted consumer's ability to control the app. The app uses a password to hide its presence.\n2. The app does not provide any control to disable the startup it created.\n","ACR-007":"1. The app enables the consumer to hide it from the system tray, the desktop, and the installed apps list, which prevents the targeted consumer from being aware of the app's presence. The app does not display explicit notifications when it is running and requires a password to open it.\n2. The app attempts to evade security investigations by modifying the installer and main file hash per download from its landing page.\n\n","ACR-084":"1. The app enables the installing consumer to hide the app from the targeted consumer: it prevents the app from showing in the system tray, the desktop, and the control panel. The app uses a password to hide its presence.\n2. The app creates a startup item without the user's knowledge and consent.\n","ACR-086":"The app does not inform the targeted consumer who it is transmitting its data to. The app does not inform the targeted consumer how it collects data and it uses a password to hide its presence.\n","ACR-097":"The app attempts to evade security investigations by modifying the installer and main file hash per download from its landing page.\n","ACR-116":"The app enables the consumer to hide it from the targeted consumer, which prevents them from uninstalling it using platform standard features.\n","ACR-014":"The app calls itself \"clvhost.exe” which is not related to the app's name.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"C:\\ProgramData\\{FO16FA1A-AA91-C56A-654F-E3865DA10DAT}\\clvhost.exe","companyName":"CLEVERCONTROL LLC","productName":"clvhost","productVersion":"11.5.1037.3","fileVersion":"11.5.1037.3","hashMD5":"198979f36f18fa1e46bebf618f600dd1","hashSHA1":"3928e1fbad03a2befccf1c0d325ddb53d1e7491d","hashSHA256":"b2e7c70f5ae890e812ece85bbe1a0b9546011eed90e02f35dfeaf0459927d1ed","digitalCertThumbprint":"5CBB692CC5CC069030018BC2664E4E814831A0F3","digitalCertIssuer":"GlobalSign GCC R45 CodeSigning CA 2020","digitalCertIssuedTo":"CLEVERCONTROL LLC","storeId":"","sourceIndex":"650","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"CleverControl .NET for ximapic504@funvane.com.msi","isInstaller":"True","companyName":"CLEVERCONTROL LLC","productVersion":"11.5.1037.3","fileVersion":"11.5.1037.3","hashMD5":"e3f1391ac3105fdf7ee90694558fd27a","hashSHA1":"7901a012136d3f6b9d1f232517aee7ea781fc6bc","hashSHA256":"54a10b4b7ae7f14a9fce4c9cc603e94163794d8fac91d4d422d0ce41ded2da13","digitalCertThumbprint":"5CBB692CC5CC069030018BC2664E4E814831A0F3","digitalCertIssuer":"GlobalSign GCC R45 CodeSigning CA 2020","digitalCertIssuedTo":"CLEVERCONTROL LLC","sourceIndex":"650","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Google search-keyloggers","reference":"","landingPage":"https://clevercontrol.com/","directDownloadingLink":"https://dashboard.clevercontrol.com/?from=2024-04-19+00:00:00&to=2024-04-25+23:59:59&period=last_7_days&userIds=[]","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://dashboard.clevercontrol.com/?from=2024-04-19+00:00:00&to=2024-04-25+23:59:59&period=last_7_days&userIds=[]","sourceIndex":"650"}],"sampleFiles":["240429/clevercontrol-211224/11.5.1037.3/Samples/CleverControl%20.NET%20for%20ximapic504%40funvane.com.msi"],"imageFiles":["240429/clevercontrol-211224/11.5.1037.3/Images/ACR-116/ACR-116.PNG","240429/clevercontrol-211224/11.5.1037.3/Images/ACR-014/ACR-014.PNG","240429/clevercontrol-211224/11.5.1037.3/Images/ACR-007/ACR-007.PNG","240429/clevercontrol-211224/11.5.1037.3/Images/ACR-007/ACR-007_1.PNG","240429/clevercontrol-211224/11.5.1037.3/Images/ACR-007/ACR-007_2.PNG","240429/clevercontrol-211224/11.5.1037.3/Images/ACR-007/ACR-007_3.PNG","240429/clevercontrol-211224/11.5.1037.3/Images/ACR-048/ACR-048.PNG","240429/clevercontrol-211224/11.5.1037.3/Images/ACR-048/ACR-048_1.PNG","240429/clevercontrol-211224/11.5.1037.3/Images/ACR-048/ACR-048_2.PNG","240429/clevercontrol-211224/11.5.1037.3/Images/ACR-048/ACR-048_3.PNG","240429/clevercontrol-211224/11.5.1037.3/Images/ACR-097/ACR-097.PNG","240429/clevercontrol-211224/11.5.1037.3/Images/ACR-086/ACR-086.PNG","240429/clevercontrol-211224/11.5.1037.3/Images/ACR-086/ACR-086_1.PNG","240429/clevercontrol-211224/11.5.1037.3/Images/ACR-084/ACR-084.PNG","240429/clevercontrol-211224/11.5.1037.3/Images/ACR-084/ACR-084_1.PNG","240429/clevercontrol-211224/11.5.1037.3/Images/ACR-084/ACR-084_2.PNG","240429/clevercontrol-211224/11.5.1037.3/Images/ACR-084/ACR-084_3.PNG","240429/clevercontrol-211224/11.5.1037.3/Images/ACR-084/ACR-084_4.PNG"],"nonDeceptorImageFiles":[],"guid":"316c9eaa-6a87-405d-b166-0383c8605120_11.5.1037.3_1","appID":"clevercontrol-211224","dateAdded":"240620","deceptorType":"App","name":"Clever Control","company":"Clever Control LLC","version":"11.5.1037.3","lastKnownStatus":"11.5.36;11.5.1022.1;11.5.1031.5;11.5.1032.0;11.5.1032.1;11.5.1033.2;11.5.1033.3;11.5.1033.4;11.5.1034.1;11.5.1034.9;11.5.1035.2;11.5.1035.3;11.5.1035.4;11.5.1036.1;11.5.1037.0;11.5.1037.3;11.5.1039.5","lastKnownDate":"240620","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2024-06-20T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":17,"sortOrder":628},{"violations":{"ACR-048":"1. The app enables the consumer to hide the app from the system tray, the desktop, and the control panel, which limits the targeted consumer's ability to control the app. The app uses a password to hide its presence.\n2. The app does not provide any control to disable the startup it created.\n","ACR-007":"1. The app enables the consumer to hide it from the system tray, the desktop, and the installed apps list, which prevents the targeted consumer from being aware of the app's presence. The app does not display explicit notifications when it is running and requires a password to open it.\n2. The app attempts to evade security investigations by modifying the installer and main file hash per download from its landing page.\n\n","ACR-084":"1. The app enables the installing consumer to hide the app from the targeted consumer: it prevents the app from showing in the system tray, the desktop, and installed program in control panel . The app uses a password to hide its presence.\n2. The app creates a startup item without the user's knowledge and consent.\n","ACR-086":"The app does not inform the targeted consumer who it is transmitting its data to. The app does not inform the targeted consumer how it collects data and it uses a password to hide its presence.\n","ACR-097":"The app attempts to evade security investigations by modifying the installer and main file hash per download from its landing page.\n","ACR-116":"The app enables the consumer to hide it from the targeted consumer, which prevents them from uninstalling it using platform standard features.\n","ACR-014":"The app calls itself \"clvhost.exe” which is not related to the app's name.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"C:\\ProgramData\\{FO16FA1A-AA91-C56A-654F-E3865DA10DAT}\\clvhost.exe","companyName":"CLEVERCONTROL LLC","productName":"clvhost","productVersion":"11.5.1039.5","fileVersion":"11.5.1039.5","hashMD5":"6644cd65e0bf776f2ff42f58ae5dddb3","hashSHA1":"88943bc42a1734e4b03d165d0feefe4b9bf78758","hashSHA256":"f200e6fc273e3d8cda470e90ab6cacdd240e05be5ffc27807a2e390fd10f6dfa","digitalCertThumbprint":"5CBB692CC5CC069030018BC2664E4E814831A0F3","digitalCertIssuer":"GlobalSign GCC R45 CodeSigning CA 2020","digitalCertIssuedTo":"CLEVERCONTROL LLC","storeId":"","sourceIndex":"628","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"CleverControl .NET for rikil53304@fna6.com.msi","isInstaller":"True","companyName":"CLEVERCONTROL LLC","productVersion":"11.5.1039.5","fileVersion":"11.5.1039.5","hashMD5":"e74f854ca27c5a2aba1d04241ec245f4","hashSHA1":"086537662e97eb619c175b4f1706333d8b6e49ee","hashSHA256":"e2477b844e0d0c637b5ed82c3f511ed41490ccf17a377218668b3ca6adc5733d","digitalCertThumbprint":"5CBB692CC5CC069030018BC2664E4E814831A0F3","digitalCertIssuer":"GlobalSign GCC R45 CodeSigning CA 2020","digitalCertIssuedTo":"CLEVERCONTROL LLC","sourceIndex":"628","avBlockList":["360 Total Security (20240905)","Avast Premium Security (20240905)","AVG Internet Security (20240905)","Avira Internet Security (20240905)","Bitdefender Internet Security (20240905)","COMODO Antivirus (20240905)","Dr.Web Security Space (20240905)","ESET Internet Security (20240905)","FortectPremium (20240905)","G DATA INTERNET SECURITY (20240905)","K7 Total Security (20240905)","KasperskyPremium (20240905)","Malwarebytes Premium (20240905)","McAfee Total Protection (20240905)","Norton Security (20240905)","Panda Dome (20240905)","Quick Heal Internet Security (20240905)","Sophos Home Premium (20240905)","SpyHunter5 (20240905)","Total AV Antivirus Pro (20240905)","VIPRE Advanced Security (20240905)","VirIT eXplorer PRO (20240905)","Webroot SecureAnywhere (20240905)"],"avAllowList":["Trend Micro Internet Security (20240905)","Windows Defender (20240905)"]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on windows app","reference":"","landingPage":"https://clevercontrol.com/","directDownloadingLink":"https://dashboard.clevercontrol.com/users-view?from=2024-06-11+00:00:00&to=2024-06-17+23:59:59&period=last_7_days","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://dashboard.clevercontrol.com/users-view?from=2024-06-11+00:00:00&to=2024-06-17+23:59:59&period=last_7_days","sourceIndex":"628"}],"sampleFiles":["240620/clevercontrol-211224/11.5.1039.5/Samples/CleverControl%20.NET%20for%20rikil53304%40fna6.com.msi"],"imageFiles":["240620/clevercontrol-211224/11.5.1039.5/Images/ACR-116/ACR-116.PNG","240620/clevercontrol-211224/11.5.1039.5/Images/ACR-014/ACR-014.PNG","240620/clevercontrol-211224/11.5.1039.5/Images/ACR-007/ACR-007.PNG","240620/clevercontrol-211224/11.5.1039.5/Images/ACR-007/ACR-007_1.PNG","240620/clevercontrol-211224/11.5.1039.5/Images/ACR-007/ACR-007_2.PNG","240620/clevercontrol-211224/11.5.1039.5/Images/ACR-007/ACR-007_3.PNG","240620/clevercontrol-211224/11.5.1039.5/Images/ACR-048/ACR-048.PNG","240620/clevercontrol-211224/11.5.1039.5/Images/ACR-048/ACR-048_1.PNG","240620/clevercontrol-211224/11.5.1039.5/Images/ACR-048/ACR-048_2.PNG","240620/clevercontrol-211224/11.5.1039.5/Images/ACR-048/ACR-048_3.PNG","240620/clevercontrol-211224/11.5.1039.5/Images/ACR-097/ACR-097.PNG","240620/clevercontrol-211224/11.5.1039.5/Images/ACR-086/ACR-086.PNG","240620/clevercontrol-211224/11.5.1039.5/Images/ACR-086/ACR-086_1.PNG","240620/clevercontrol-211224/11.5.1039.5/Images/ACR-084/ACR-084.PNG","240620/clevercontrol-211224/11.5.1039.5/Images/ACR-084/ACR-084_1.PNG","240620/clevercontrol-211224/11.5.1039.5/Images/ACR-084/ACR-084_2.PNG","240620/clevercontrol-211224/11.5.1039.5/Images/ACR-084/ACR-084_3.PNG","240620/clevercontrol-211224/11.5.1039.5/Images/ACR-084/ACR-084_4.PNG"],"nonDeceptorImageFiles":[],"guid":"316c9eaa-6a87-405d-b166-0383c8605120_11.5.1039.5_1","appID":"clevercontrol-211224","dateAdded":"240620","deceptorType":"App","name":"Clever Control","company":"Clever Control LLC","version":"11.5.1039.5","lastKnownStatus":"11.5.36;11.5.1022.1;11.5.1031.5;11.5.1032.0;11.5.1032.1;11.5.1033.2;11.5.1033.3;11.5.1033.4;11.5.1034.1;11.5.1034.9;11.5.1035.2;11.5.1035.3;11.5.1035.4;11.5.1036.1;11.5.1037.0;11.5.1037.3;11.5.1039.5","lastKnownDate":"240620","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2024-06-20T17:03:45.4175222+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":17,"sortOrder":627},{"violations":{"ACR-004":"The app shows scan results for free, but when the user tries to recover the data, the app requires a purchase of an auto-renewing subscription.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"DoYourDataRecoveryForMacTrial.dmg","isInstaller":"True","fileVersion":"0.","hashMD5":"c088f1f2353c14afbd1754e953db1db5","hashSHA1":"e012d5a95e6d72812374c80c1cb47507b2f888e5","hashSHA256":"0a95b178841c2c1236845b38f50259868edab34025aa091611f6476ff845a41e","sourceIndex":"624","avBlockList":["Avast Security for Mac (20240910)","Avira Security for Mac (20240910)","Norton Security for Mac (20240910)","SpyHunterforMac (20240910)","Trend Micro Antivirus for Mac (20240910)"],"avAllowList":["Bitdefender Antivirus for Mac (20240910)","ESET Cyber Security Pro for Mac (20240910)","G DATA AntiVirus for Mac (20240910)","K7 Antivirus for Mac (20240910)","Kaspersky Internet Security for Mac (20240910)","McAfee Internet Security for Mac (20240910)","Sophos Home Premium For Mac (20240813)"]},{"isRevoked":"False","fileName":"Do%20Your%20Data%20Recovery.app.zip","fileVersion":"0.","hashMD5":"c5c05ff20f1e7fa60db6a658e53a605c","hashSHA1":"a155e692561b5b7e3267f15d2a5b9e74095f421b","hashSHA256":"320f18cf7765ef323909a01fdc7139cb94852074acccce188d90f041e79afff9","sourceIndex":"624","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"DeceptorReport","reference":"","landingPage":"https://www.doyourdata.com/mac-data-recovery-software/","directDownloadingLink":"https://www.doyourdata.com/trial/DoYourDataRecoveryForMacTrial.dmg","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.doyourdata.com/trial/DoYourDataRecoveryForMacTrial.dmg","sourceIndex":"624"}],"sampleFiles":["240620/Doyourdatarecovery-240612/8.8/Samples/DoYourDataRecoveryForMacTrial.dmg","240620/Doyourdatarecovery-240612/8.8/Samples/Do%20Your%20Data%20Recovery.app.zip"],"imageFiles":["240620/Doyourdatarecovery-240612/8.8/Images/ACR-004/Screenshot 2024-06-12 at 11.32.47 AM.png","240620/Doyourdatarecovery-240612/8.8/Images/ACR-004/Screenshot 2024-06-12 at 11.34.08 AM.png","240620/Doyourdatarecovery-240612/8.8/Images/ACR-004/Screenshot 2024-06-12 at 11.34.35 AM.png"],"nonDeceptorImageFiles":[],"guid":"16c49949-5455-4c31-bce0-5920bbfdf900_8.8_1","appID":"Doyourdatarecovery-240612","dateAdded":"240620","deceptorType":"MacOS App","name":"Do Your Data Recovery","company":"DoYourData Software","version":"8.8","lastKnownStatus":"8.8","lastKnownDate":"240620","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2024-06-20T18:51:47.6933443+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":626},{"violations":{"ACR-004":"The app shows scan results for free, but requires a purchase of an auto-renewing subscription to recover any of the data shown.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"StellarDataRecovery-4.dmg","isInstaller":"True","fileVersion":"0.","hashMD5":"a2dac12b693209101b99ea290a429988","hashSHA1":"27b99591ae3a3a3a0c9e7ced2bc03435bc1d5a69","hashSHA256":"91922520be2eed38c48ebdd23c170b1a5767a9571e8a88781cdfa6a466e75ec7","sourceIndex":"625","avBlockList":["Avast Security for Mac (20240813)","Avira Security for Mac (20240813)","ESET Cyber Security Pro for Mac (20240813)","K7 Antivirus for Mac (20240813)","Norton Security for Mac (20240813)","SpyHunterforMac (20240813)","Trend Micro Antivirus for Mac (20240813)"],"avAllowList":["Bitdefender Antivirus for Mac (20240813)","G DATA AntiVirus for Mac (20240813)","Kaspersky Internet Security for Mac (20240813)","McAfee Internet Security for Mac (20240813)","Sophos Home Premium For Mac (20240813)"]},{"isRevoked":"False","fileName":"StellarDataRecovery.dmg","isInstaller":"True","fileVersion":"0.","hashMD5":"bbde64a37b2066433af2ae48b7f442ed","hashSHA1":"c309f58a1ea82e69a52126ed32cd84567cc5b285","hashSHA256":"38af6f777a61266485cd4acd8aeacea80fb1f6ecf7515b1d36825006a9d4c2c3","sourceIndex":"625","avBlockList":["Avast Security for Mac (20240910)","Avira Security for Mac (20240910)","Bitdefender Antivirus for Mac (20240910)","ESET Cyber Security Pro for Mac (20240910)","G DATA AntiVirus for Mac (20240910)","K7 Antivirus for Mac (20240910)","Norton Security for Mac (20240910)","SpyHunterforMac (20240910)","Trend Micro Antivirus for Mac (20240910)"],"avAllowList":["Kaspersky Internet Security for Mac (20240910)","McAfee Internet Security for Mac (20240910)","Sophos Home Premium For Mac (20240910)"]},{"isRevoked":"False","fileName":"StellarDataRecovery-2.dmg","isInstaller":"True","fileVersion":"0.","hashMD5":"030ae201618c76c21d2198c648d46892","hashSHA1":"98d531f39617f099e92292927f8c333e658b7cdb","hashSHA256":"55a398297e7180b9961a2dee0443ef25b888ee28239ad98c61a776625db74e3d","sourceIndex":"625","avBlockList":["Avast Security for Mac (20240709)","Avira Security for Mac (20240709)","ESET Cyber Security Pro for Mac (20240709)","Norton Security for Mac (20240709)","SpyHunterforMac (20240709)","Trend Micro Antivirus for Mac (20240709)"],"avAllowList":["Bitdefender Antivirus for Mac (20240709)","G DATA AntiVirus for Mac (20240709)","K7 Antivirus for Mac (20240709)","Kaspersky Internet Security for Mac (20240709)","McAfee Internet Security for Mac (20240709)","Sophos Home Premium For Mac (20240709)"]},{"isRevoked":"False","fileName":"StellarDataRecovery.app.zip","fileVersion":"0.","hashMD5":"50e1b97bb44853b65b371e9d0f770552","hashSHA1":"72d19e1e08d3c326c4e618379f21bca3d91a98fe","hashSHA256":"eb98dd33e22267d40b4039064b15e97b42066c530e2fe8ed14218e9d94e0feec","sourceIndex":"625","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"StellarDataRecovery%202.app.zip","fileVersion":"0.","hashMD5":"9c2fe4390ad93f40fc9de0dfb603a80a","hashSHA1":"50b9a024df5fbd435b987a9eef40b2253151f127","hashSHA256":"424be19b1e71fc8dbd30049f62f1cec742905de4f7f209e8fac92f19e4663e0a","sourceIndex":"625","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"StellarDataRecovery%204.app.zip","fileVersion":"0.","hashMD5":"cf7b76d10d07655f15cca256fd5656b0","hashSHA1":"8b3c797543cd2a5b9c87902dabd4f70db5814702","hashSHA256":"231d2f5680da48d25ebbba2d9de7763279030c2c87475dec3c1ebcd92446cc93","sourceIndex":"625","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Search for Data Recovery Apps","reference":"","landingPage":"https://www.stellarinfo.com/stellar-data-recovery-mac-standard.php","directDownloadingLink":"https://cloud.stellarinfo.com/StellarDataRecovery.dmg.zip?_ga=2.218873689.1339920150.1718228878-622017230.1718228878","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://cloud.stellarinfo.com/StellarDataRecovery.dmg.zip?_ga=2.218873689.1339920150.1718228878-622017230.1718228878","sourceIndex":"625"},{"howFound":"","reference":"","landingPage":"https://www.stellarinfo.com/data-recovery-mac.php","directDownloadingLink":"https://cloud.stellarinfo.com/StellarDataRecoveryProfessional.dmg.zip?_ga=2.213588180.1339920150.1718228878-622017230.1718228878","ipv4":"","ipv6":"","sourceIndex":"626"},{"howFound":"","reference":"","landingPage":"https://www.stellarinfo.com/mac-data-recovery-technician.php","directDownloadingLink":"https://cloud.stellarinfo.com/StellarDataRecoveryTechnician.dmg.zip?_ga=2.185236457.1339920150.1718228878-622017230.1718228878","ipv4":"","ipv6":"","sourceIndex":"627"}],"sampleFiles":["240620/Stellardatarecoverymac-240612/12.0.0.0/Samples/StellarDataRecovery-4.dmg","240620/Stellardatarecoverymac-240612/12.0.0.0/Samples/StellarDataRecovery.dmg","240620/Stellardatarecoverymac-240612/12.0.0.0/Samples/StellarDataRecovery-2.dmg","240620/Stellardatarecoverymac-240612/12.0.0.0/Samples/StellarDataRecovery.app.zip","240620/Stellardatarecoverymac-240612/12.0.0.0/Samples/StellarDataRecovery%202.app.zip","240620/Stellardatarecoverymac-240612/12.0.0.0/Samples/StellarDataRecovery%204.app.zip"],"imageFiles":["240620/Stellardatarecoverymac-240612/12.0.0.0/Images/ACR-004/Screenshot 2024-06-12 at 3.04.31 PM.png","240620/Stellardatarecoverymac-240612/12.0.0.0/Images/ACR-004/Screenshot 2024-06-12 at 3.05.05 PM.png","240620/Stellardatarecoverymac-240612/12.0.0.0/Images/ACR-004/Screenshot 2024-06-12 at 3.05.33 PM.png"],"nonDeceptorImageFiles":[],"guid":"ce488d79-76e1-44fa-a48b-bfa33f9f10be_12.0.0.0_1","appID":"Stellardatarecoverymac-240612","dateAdded":"240620","deceptorType":"MacOS App","name":"Stellar Data Recovery for Mac","company":"Stellar Data Recovery Inc.","version":"12.0.0.0","lastKnownStatus":"12.0.0.0","lastKnownDate":"240620","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetCustomer":"consumer,enterprise","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,paid","lastUpdate":"2024-06-20T18:43:52.6165478+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":625},{"violations":{"ACR-048":"1. The app enables the consumer to hide the app from the system tray, the desktop, and the control panel, which limits the targeted consumer's ability to control the app.\n2. The app does not provide any control to disable the startup it created.\n","ACR-007":"1. The app enables the consumer to hide it from the system tray, the desktop, and the installed apps list, which prevents the targeted consumer from being aware of the app's presence. The app does not display explicit notifications when it is running and requires a password to open it.\n2. The app attempts to evade security investigations by modifying the installer and main file hash per download from its landing page.\n","ACR-084":"1. The app enables the installing consumer to hide the app from the targeted consumer: it prevents the app from showing in the system tray, the desktop, and the control panel. The app uses a password to hide its presence.\n2. The app creates a startup item without the user's knowledge and consent.\n","ACR-086":"The app does not inform the targeted consumer who it is transmitting its data to. The app does not inform the targeted consumer how it collects data and it uses a password to hide its presence.\n","ACR-097":"The app attempts to evade security investigations by modifying installer and main file hash per download from it’s landing page.\n","ACR-116":"The app enables the consumer to hide it from the targeted consumer, which prevents them from uninstalling it using platform standard features.\n","ACR-014":"The app calls itself \"clvhost.exe” which is not related to the app's name.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"C:\\ProgramData\\{FO16FA1A-AA91-C56A-654F-E3865DA10DAT}\\clvhost.exe","companyName":"CLEVERCONTROL LLC","productName":"clvhost","productVersion":"11.5.1034.9","fileVersion":"11.5.1034.9","hashMD5":"af2d0533564f835dcf7ae83c8e2be108","hashSHA1":"e48301f3a71385ea57e8a25c9e52e9a411a09bc4","hashSHA256":"dcd9c7dff77805dbf3c06d420e2d68ae9dbc0bf9371357e9fe17bcd58a64e371","digitalCertThumbprint":"5CBB692CC5CC069030018BC2664E4E814831A0F3","digitalCertIssuer":"GlobalSign GCC R45 CodeSigning CA 2020","digitalCertIssuedTo":"CLEVERCONTROL LLC","storeId":"","sourceIndex":"772","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"CleverControl .NET for rekeme6034@wikfee.com.msi","isInstaller":"True","companyName":"CLEVERCONTROL LLC","productVersion":"11.5.1034.9","fileVersion":"11.5.1034.9","hashMD5":"746084cce4d2f160a5c1f2e6e86f42cb","hashSHA1":"b696a4ef4b33d98e2dca0b69112a1f7e535d5d61","hashSHA256":"05303566c279b2d46b20efef678088f39a79c93d1d9f258776a957e352640432","digitalCertThumbprint":"5CBB692CC5CC069030018BC2664E4E814831A0F3","digitalCertIssuer":"GlobalSign GCC R45 CodeSigning CA 2020","digitalCertIssuedTo":"CLEVERCONTROL LLC","sourceIndex":"772","avBlockList":["360 Total Security (20240307)","Avast Premium Security (20240307)","AVG Internet Security (20240307)","Avira Internet Security (20240307)","Bitdefender Internet Security (20240307)","COMODO Antivirus (20240307)","Dr.Web Security Space (20240307)","ESET Internet Security (20240307)","G DATA INTERNET SECURITY (20240307)","K7 Total Security (20240307)","Kaspersky Internet Security (20240307)","Malwarebytes Premium (20240307)","Norton Security (20240307)","Panda Dome (20240307)","Sophos Home Premium (20240307)","SpyHunter5 (20240307)","Total AV Antivirus Pro (20240307)","VIPRE Advanced Security (20240307)","VirIT eXplorer PRO (20240307)","Webroot SecureAnywhere (20240307)"],"avAllowList":["McAfee Total Protection (20240307)","Quick Heal Internet Security (20240307)","Trend Micro Internet Security (20240307)","Windows Defender (20240307)"]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on windows app","reference":"","landingPage":"https://clevercontrol.com/","directDownloadingLink":"https://dashboard.clevercontrol.com/?period=last_7_days&from=2023-12-27%2000%3A00%3A00&to=2024-01-03%2002%3A08%3A59&userIds=%5B%5D","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://dashboard.clevercontrol.com/?period=last_7_days&from=2023-12-27%2000%3A00%3A00&to=2024-01-03%2002%3A08%3A59&userIds=%5B%5D","sourceIndex":"772"}],"sampleFiles":["240105/clevercontrol-211224/11.5.1034.9/Samples/CleverControl%20.NET%20for%20rekeme6034%40wikfee.com.msi"],"imageFiles":["240105/clevercontrol-211224/11.5.1034.9/Images/ACR-116/ACR-116.PNG","240105/clevercontrol-211224/11.5.1034.9/Images/ACR-014/ACR-014.PNG","240105/clevercontrol-211224/11.5.1034.9/Images/ACR-007/ACR-007.PNG","240105/clevercontrol-211224/11.5.1034.9/Images/ACR-007/ACR-007_1.PNG","240105/clevercontrol-211224/11.5.1034.9/Images/ACR-007/ACR-007_2.PNG","240105/clevercontrol-211224/11.5.1034.9/Images/ACR-007/ACR-007_3.PNG","240105/clevercontrol-211224/11.5.1034.9/Images/ACR-048/ACR-048.PNG","240105/clevercontrol-211224/11.5.1034.9/Images/ACR-048/ACR-048_1.PNG","240105/clevercontrol-211224/11.5.1034.9/Images/ACR-048/ACR-048_3.PNG","240105/clevercontrol-211224/11.5.1034.9/Images/ACR-048/ACR-048_Software_1.png","240105/clevercontrol-211224/11.5.1034.9/Images/ACR-097/ACR-097.PNG","240105/clevercontrol-211224/11.5.1034.9/Images/ACR-086/ACR-086.PNG","240105/clevercontrol-211224/11.5.1034.9/Images/ACR-086/ACR-086_1.PNG","240105/clevercontrol-211224/11.5.1034.9/Images/ACR-084/ACR-084.PNG","240105/clevercontrol-211224/11.5.1034.9/Images/ACR-084/ACR-084_1.PNG","240105/clevercontrol-211224/11.5.1034.9/Images/ACR-084/ACR-084_2.PNG","240105/clevercontrol-211224/11.5.1034.9/Images/ACR-084/ACR-084_3.PNG","240105/clevercontrol-211224/11.5.1034.9/Images/ACR-084/ACR-084_Software_1.png"],"nonDeceptorImageFiles":[],"guid":"316c9eaa-6a87-405d-b166-0383c8605120_11.5.1034.9_1","appID":"clevercontrol-211224","dateAdded":"240620","deceptorType":"App","name":"Clever Control","company":"Clever Control LLC","version":"11.5.1034.9","lastKnownStatus":"11.5.36;11.5.1022.1;11.5.1031.5;11.5.1032.0;11.5.1032.1;11.5.1033.2;11.5.1033.3;11.5.1033.4;11.5.1034.1;11.5.1034.9;11.5.1035.2;11.5.1035.3;11.5.1035.4;11.5.1036.1;11.5.1037.0;11.5.1037.3;11.5.1039.5","lastKnownDate":"240620","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2024-06-20T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":17,"sortOrder":634},{"violations":{"ACR-048":"1. The app enables the consumer to hide the app from the system tray, the desktop, and the control panel, which limits the targeted consumer's ability to control the app. The app uses a password to hide its presence.\n2. The app does not provide any control to disable the startup it created.\n","ACR-007":"1. The app enables the consumer to hide it from the system tray, the desktop, and the installed apps list, which prevents the targeted consumer from being aware of the app's presence. The app does not display explicit notifications when it is running and requires a password to open it.\n2. The app attempts to evade security investigations by modifying the installer and main file hash per download from its landing page.\n\n","ACR-084":"1. The app enables the installing consumer to hide the app from the targeted consumer: it prevents the app from showing in the system tray, the desktop, and the control panel. The app uses a password to hide its presence.\n2. The app creates a startup item without the user's knowledge and consent.\n","ACR-086":"The app does not inform the targeted consumer who it is transmitting its data to. The app does not inform the targeted consumer how it collects data and it uses a password to hide its presence.\n","ACR-097":"The app attempts to evade security investigations by modifying the installer and main file hash per download from its landing page.\n","ACR-116":"The app enables the consumer to hide it from the targeted consumer, which prevents them from uninstalling it using platform standard features.\n","ACR-014":"The app calls itself \"clvhost.exe” which is not related to the app's name.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"C:\\ProgramData\\{FO16FA1A-AA91-C56A-654F-E3865DA10DAT}\\clvhost.exe","companyName":"CLEVERCONTROL LLC","productName":"clvhost","productVersion":"11.5.1036.1","fileVersion":"11.5.1036.1","hashMD5":"889e0fbdfb7a312d18ab184757cab39d","hashSHA1":"ff5f797640d2d38700d0323d69eae568b87f47f8","hashSHA256":"d0226aa56beae54cb99e5620649467a5b9d0581d91bd87e2d2d947bfe6cc2949","digitalCertThumbprint":"5CBB692CC5CC069030018BC2664E4E814831A0F3","digitalCertIssuer":"GlobalSign GCC R45 CodeSigning CA 2020","digitalCertIssuedTo":"CLEVERCONTROL LLC","storeId":"","sourceIndex":"703","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"CleverControl .NET for sacedep377@mnsaf.com.msi","isInstaller":"True","companyName":"CLEVERCONTROL LLC","productVersion":"11.5.1036.1","fileVersion":"11.5.1036.1","hashMD5":"20b63d176316b52887e1c08cd73f5e2c","hashSHA1":"ce554bbe0c640b057fc94eef292356a495d645a2","hashSHA256":"ddf15170e88e1fd9260556cbd0b53bb3781597e5876999e2f4c22249397a59c1","digitalCertThumbprint":"5CBB692CC5CC069030018BC2664E4E814831A0F3","digitalCertIssuer":"GlobalSign GCC R45 CodeSigning CA 2020","digitalCertIssuedTo":"CLEVERCONTROL LLC","sourceIndex":"703","avBlockList":["360 Total Security (20240328)","Avast Premium Security (20240328)","AVG Internet Security (20240328)","Avira Internet Security (20240328)","Bitdefender Internet Security (20240328)","COMODO Antivirus (20240328)","Dr.Web Security Space (20240328)","ESET Internet Security (20240328)","G DATA INTERNET SECURITY (20240328)","Kaspersky Internet Security (20240328)","Malwarebytes Premium (20240328)","Panda Dome (20240328)","Quick Heal Internet Security (20240328)","Sophos Home Premium (20240328)","SpyHunter5 (20240328)","Total AV Antivirus Pro (20240328)","VIPRE Advanced Security (20240328)","VirIT eXplorer PRO (20240328)","Webroot SecureAnywhere (20240328)"],"avAllowList":["K7 Total Security (20240328)","McAfee Total Protection (20240328)","Norton Security (20240328)","Trend Micro Internet Security (20240328)","Windows Defender (20240328)"]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on windows app","reference":"","landingPage":"https://clevercontrol.com/","directDownloadingLink":"https://clevercontrol.net/win/?email=sacedep377%mnsaf.com","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://clevercontrol.net/win/?email=sacedep377%mnsaf.com","sourceIndex":"703"}],"sampleFiles":["240325/clevercontrol-211224/11.5.1036.1/Samples/CleverControl%20.NET%20for%20sacedep377%40mnsaf.com.msi"],"imageFiles":["240325/clevercontrol-211224/11.5.1036.1/Images/ACR-116/ACR-116.PNG","240325/clevercontrol-211224/11.5.1036.1/Images/ACR-014/ACR-014.PNG","240325/clevercontrol-211224/11.5.1036.1/Images/ACR-007/ACR-007.PNG","240325/clevercontrol-211224/11.5.1036.1/Images/ACR-007/ACR-007_1.PNG","240325/clevercontrol-211224/11.5.1036.1/Images/ACR-007/ACR-007_2.PNG","240325/clevercontrol-211224/11.5.1036.1/Images/ACR-007/ACR-007_3.PNG","240325/clevercontrol-211224/11.5.1036.1/Images/ACR-048/ACR-048.PNG","240325/clevercontrol-211224/11.5.1036.1/Images/ACR-048/ACR-048_1.PNG","240325/clevercontrol-211224/11.5.1036.1/Images/ACR-048/ACR-048_2.PNG","240325/clevercontrol-211224/11.5.1036.1/Images/ACR-048/ACR-048_3.PNG","240325/clevercontrol-211224/11.5.1036.1/Images/ACR-097/ACR-097.PNG","240325/clevercontrol-211224/11.5.1036.1/Images/ACR-086/ACR-086.PNG","240325/clevercontrol-211224/11.5.1036.1/Images/ACR-086/ACR-086_1.PNG","240325/clevercontrol-211224/11.5.1036.1/Images/ACR-084/ACR-084.PNG","240325/clevercontrol-211224/11.5.1036.1/Images/ACR-084/ACR-084_1.PNG","240325/clevercontrol-211224/11.5.1036.1/Images/ACR-084/ACR-084_2.PNG","240325/clevercontrol-211224/11.5.1036.1/Images/ACR-084/ACR-084_3.PNG","240325/clevercontrol-211224/11.5.1036.1/Images/ACR-084/ACR-084_4.PNG"],"nonDeceptorImageFiles":[],"guid":"316c9eaa-6a87-405d-b166-0383c8605120_11.5.1036.1_1","appID":"clevercontrol-211224","dateAdded":"240620","deceptorType":"App","name":"Clever Control","company":"Clever Control LLC","version":"11.5.1036.1","lastKnownStatus":"11.5.36;11.5.1022.1;11.5.1031.5;11.5.1032.0;11.5.1032.1;11.5.1033.2;11.5.1033.3;11.5.1033.4;11.5.1034.1;11.5.1034.9;11.5.1035.2;11.5.1035.3;11.5.1035.4;11.5.1036.1;11.5.1037.0;11.5.1037.3;11.5.1039.5","lastKnownDate":"240620","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2024-06-20T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":17,"sortOrder":630},{"violations":{"ACR-048":"1. The app enables the consumer to hide the app from the system tray, which limits the targeted consumer's ability to control the app.\n2. The app does not provide any control to disable the startup it created.\n","ACR-007":"The app enables the consumer to hide it from the system tray, the desktop, and the installed apps list, which prevents the targeted consumer from being aware of the app's presence. The  app does not display explicit notification when it is running and requires a password to open it.\n","ACR-084":"The app enables the installing consumer to hide the app from the targeted consumer: it prevents the app from showing in the system tray and control panel. The app uses a password to hide its presence.\n","ACR-086":"The app does not inform the targeted consumer who it is transmitting their data to. The app does not inform the targeted consumer how it collects data and it uses a password to hide its presence.\n","ACR-097":"During downloading and installation, it prompts the user to disable antivirus protection / exclude it from Windows defender detection.\n","ACR-116":"The app enables the consumer to hide it from the targeted consumer, which prevents them from uninstalling it using platform standard features.\n","ACR-014":"The app calls itself \"clv.exe” without company attributes info.\n\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"C:\\ProgramData\\Security Monitor\\{0276FACA-AA90-C56A-65FF-D3865DA10EAD}\\clv.exe","companyName":"","productName":"","productVersion":"","fileVersion":"","hashMD5":"69c58867ebcdce48a1c2cdfcde82f8a0","hashSHA1":"24c24d37bb2388f2a208e64e34f09cc2f781b546","hashSHA256":"d55d3fc927f31df205c1a6f104b13b5c2912ae5dddd25df812ce2715f63196c2","digitalCertThumbprint":"B8C567E9BE421D196F0F932FEBE59975B451AF71","digitalCertIssuer":"Sectigo RSA Code Signing CA","digitalCertIssuedTo":"CLEVERCONTROL LLC","storeId":"","sourceIndex":"1747","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"CleverControlSetup.exe","isInstaller":"True","companyName":"CLEVERCONTROL LLC                                           ","productName":"                                                            ","productVersion":"{cm:MyAppVer}                                     ","fileVersion":"{cm:MyAppVer}       ","hashMD5":"783b301962a698f187dd52c1d1d23472","hashSHA1":"124bb2c77a33c5340711d020de070fca8430801c","hashSHA256":"fda29d07b9dfacbb4bd8a7d34f752ba8431fe73f9e0b9daa84d02e91414c3f07","digitalCertThumbprint":"B8C567E9BE421D196F0F932FEBE59975B451AF71","digitalCertIssuer":"Sectigo RSA Code Signing CA","digitalCertIssuedTo":"CLEVERCONTROL LLC","storeId":"","sourceIndex":"1747","avBlockList":["360 Total Security (20220106)","Avast Premium Security (20220106)","AVG Internet Security (20220106)","Avira Internet Security (20220106)","Bitdefender Internet Security (20220106)","Dr.Web Security Space (20220106)","ESET Internet Security (20220106)","G DATA INTERNET SECURITY (20220106)","K7 Total Security (20220106)","Kaspersky Internet Security (20220106)","Malwarebytes Premium (20220106)","McAfee Total Protection (20220106)","Norton Security (20220106)","Panda Dome (20220106)","Quick Heal Internet Security (20220106)","Sophos Home Premium (20220106)","SpyHunter5 (20220106)","Tencent PC Manager (20220106)","Total AV Antivirus Pro (20220106)","VIPRE Advanced Security (20220106)","VirIT eXplorer PRO (20220106)","Webroot SecureAnywhere (20220106)","Windows Defender (20220106)"],"avAllowList":["COMODO Antivirus (20220106)","Trend Micro Internet Security (20220106)"]}],"additionalFiles":[],"sources":[{"howFound":"Google search-keyloggers","reference":"","landingPage":"https://clevercontrol.com/","directDownloadingLink":"https://clevercontrol.net/","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://clevercontrol.net/","sourceIndex":"1747"}],"sampleFiles":["211224/clevercontrol-211224/11.5.36/Samples/CleverControlSetup.exe"],"imageFiles":["211224/clevercontrol-211224/11.5.36/Images/ACR-116/ACR-116_Software_Hides_In_Control_Panel.JPG","211224/clevercontrol-211224/11.5.36/Images/ACR-014/ACR-014_Software_Misleading_App_Name.JPG","211224/clevercontrol-211224/11.5.36/Images/ACR-007/ACR-007_Software_Hides_App_1.JPG","211224/clevercontrol-211224/11.5.36/Images/ACR-007/ACR-007_Software_Requires_Sign_In.JPG","211224/clevercontrol-211224/11.5.36/Images/ACR-048/ACR-048_Software_Requires_Sign_In_To_Launch.JPG","211224/clevercontrol-211224/11.5.36/Images/ACR-048/ACR-048_Software_Requires_Sign_In.JPG","211224/clevercontrol-211224/11.5.36/Images/ACR-048/ACR-048_Software_No_Control.JPG","211224/clevercontrol-211224/11.5.36/Images/ACR-048/ACR-048_Software_No_Control_1.JPG","211224/clevercontrol-211224/11.5.36/Images/ACR-097/ACR-097_Software_Excludes_AV.JPG","211224/clevercontrol-211224/11.5.36/Images/ACR-097/ACR-097_Software_Excludes_AV_1.jpg","211224/clevercontrol-211224/11.5.36/Images/ACR-097/ACR-097_Software_Excludes_AV_2.jpg","211224/clevercontrol-211224/11.5.36/Images/ACR-086/ACR-086_Software_Requires_Sign_In_To_Launch.JPG","211224/clevercontrol-211224/11.5.36/Images/ACR-086/ACR-086_Software_Requires_Sign_In.JPG","211224/clevercontrol-211224/11.5.36/Images/ACR-084/ACR-084_Software_Hides_App.JPG","211224/clevercontrol-211224/11.5.36/Images/ACR-084/ACR-084_Software_Hides_App_1.JPG","211224/clevercontrol-211224/11.5.36/Images/ACR-084/ACR-084_Software_Hides_App_2.JPG","211224/clevercontrol-211224/11.5.36/Images/ACR-084/ACR-084_Software_Requires_Sign_In.JPG"],"nonDeceptorImageFiles":[],"guid":"316c9eaa-6a87-405d-b166-0383c8605120_11.5.36_1","appID":"clevercontrol-211224","dateAdded":"240620","deceptorType":"App","name":"Clever Control","company":"Clever Control LLC","version":"11.5.36","sigName":"Deceptor:Win32/CleverControl!116014007048097086084","lastKnownStatus":"11.5.36;11.5.1022.1;11.5.1031.5;11.5.1032.0;11.5.1032.1;11.5.1033.2;11.5.1033.3;11.5.1033.4;11.5.1034.1;11.5.1034.9;11.5.1035.2;11.5.1035.3;11.5.1035.4;11.5.1036.1;11.5.1037.0;11.5.1037.3;11.5.1039.5","lastKnownDate":"240620","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2024-06-20T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":17,"sortOrder":643},{"violations":{"ACR-048":"1. The app enables the consumer to hide the app from the system tray, which limits the targeted consumer's ability to control the app.\n2. The app does not provide any control to disable the startup it created.\n","ACR-007":"The app enables the consumer to hide it from the system tray, the desktop, and the installed apps list, which prevents the targeted consumer from being aware of the app's presence. The  app does not display explicit notification when it is running and requires a password to open it.\n","ACR-084":"The app enables the installing consumer to hide the app from the targeted consumer: it prevents the app from showing in the system tray and control panel. The app uses a password to hide its presence.\n","ACR-086":"The app does not inform the targeted consumer who it is transmitting their data to. The app does not inform the targeted consumer how it collects data and it uses a password to hide its presence.\n","ACR-116":"The app enables the consumer to hide it from the targeted consumer, which prevents them from uninstalling it using platform standard features.\n","ACR-014":"The app calls itself \"clv.exe” which is not related to the app's name.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"C:\\ProgramData\\{FO16FA1A-AA91-C56A-654F-E3865DA10DAT}\\clsvs.exe","companyName":"CLEVERCONTROL LLC","productName":"clsvs","productVersion":"11.5.2.1","fileVersion":"11.5.2.1","hashMD5":"4d84f9a5f7cb29a370b9aab37f584704","hashSHA1":"0537aea3e6b4e56f912e53a99c15b5cc2f146daa","hashSHA256":"2caf27d8b9b284f19a156bbd81ee33432ba9a8107f75c328e64294cb650cc5b8","digitalCertThumbprint":"63495C670AE813F13465BEF5288FD7E64D35CCF2","digitalCertIssuer":"GlobalSign GCC R45 CodeSigning CA 2020","digitalCertIssuedTo":"Clevercontrol LLC","storeId":"","sourceIndex":"1498","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\ProgramData\\{FO16FA1A-AA91-C56A-654F-E3865DA10DAT}\\clvhost.exe","companyName":"CLEVERCONTROL LLC","productName":"clvhost","productVersion":"11.5.1022.1","fileVersion":"11.5.1022.1","hashMD5":"9f7855c007e06982e82d2e90892f616f","hashSHA1":"3077af0dc278fc5329a32a79793c9fb09354776a","hashSHA256":"6f335fb31024b51f8ba2d6e33ccd4a85244c432d13312bf9e349d9bedc534018","digitalCertThumbprint":"63495C670AE813F13465BEF5288FD7E64D35CCF2","digitalCertIssuer":"GlobalSign GCC R45 CodeSigning CA 2020","digitalCertIssuedTo":"Clevercontrol LLC","storeId":"","sourceIndex":"1498","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"CleverControlSetup.msi","isInstaller":"True","companyName":"CLEVERCONTROL LLC","productVersion":"11.5.1022.1","fileVersion":"11.5.1022.1","hashMD5":"d0d16e254e3b2484a2d1edcea9679eaa","hashSHA1":"012541a1c3f7fad46e70718b47b7c9b720689022","hashSHA256":"9575286eef4d790366040f31f9c756a74a9ec5c9aded990a1be16bb42fab58f0","sourceIndex":"1498","avBlockList":["360 Total Security (20240725)","Avast Premium Security (20240725)","AVG Internet Security (20240725)","Avira Internet Security (20240725)","Bitdefender Internet Security (20240725)","COMODO Antivirus (20240725)","Dr.Web Security Space (20240725)","ESET Internet Security (20240725)","G DATA INTERNET SECURITY (20240725)","K7 Total Security (20240725)","Kaspersky Internet Security (20240725)","Malwarebytes Premium (20240725)","McAfee Total Protection (20240725)","Norton Security (20240725)","Panda Dome (20240725)","Quick Heal Internet Security (20240725)","Sophos Home Premium (20240725)","SpyHunter5 (20240725)","Total AV Antivirus Pro (20240725)","Trend Micro Internet Security (20240725)","VIPRE Advanced Security (20240725)","VirIT eXplorer PRO (20240725)","Webroot SecureAnywhere (20240725)","Windows Defender (20240725)","FortectPremium (20240725)"],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Google search-keyloggers","reference":"","landingPage":"https://clevercontrol.com/","directDownloadingLink":"https://dashboard.clevercontrol.com/summary?from=2022-07-20%2000%3A00%3A00&to=2022-07-27%2002%3A57%3A16&period=last_7_days&userIds=%5B%5D","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://dashboard.clevercontrol.com/summary?from=2022-07-20%2000%3A00%3A00&to=2022-07-27%2002%3A57%3A16&period=last_7_days&userIds=%5B%5D","sourceIndex":"1498"}],"sampleFiles":["220727/clevercontrol-211224/11.5.1022.1/Samples/CleverControlSetup.msi"],"imageFiles":["220727/clevercontrol-211224/11.5.1022.1/Images/ACR-116/ACR-116_Uninstall.JPG","220727/clevercontrol-211224/11.5.1022.1/Images/ACR-014/ACR-014_Software.JPG","220727/clevercontrol-211224/11.5.1022.1/Images/ACR-007/ACR-007_Software.JPG","220727/clevercontrol-211224/11.5.1022.1/Images/ACR-007/ACR-007_Software_1.JPG","220727/clevercontrol-211224/11.5.1022.1/Images/ACR-048/ACR-048_Software.JPG","220727/clevercontrol-211224/11.5.1022.1/Images/ACR-048/ACR-048_Software_1.JPG","220727/clevercontrol-211224/11.5.1022.1/Images/ACR-048/ACR-048_Software_2.JPG","220727/clevercontrol-211224/11.5.1022.1/Images/ACR-086/ACR-086_Software.JPG","220727/clevercontrol-211224/11.5.1022.1/Images/ACR-086/ACR-086_Software_1.JPG","220727/clevercontrol-211224/11.5.1022.1/Images/ACR-084/ACR-084_Software.JPG","220727/clevercontrol-211224/11.5.1022.1/Images/ACR-084/ACR-084_Software_1.JPG","220727/clevercontrol-211224/11.5.1022.1/Images/ACR-084/ACR-084_Software_2.JPG","220727/clevercontrol-211224/11.5.1022.1/Images/ACR-084/ACR-084_Software_3.JPG"],"nonDeceptorImageFiles":[],"guid":"316c9eaa-6a87-405d-b166-0383c8605120_11.5.1022.1_1","appID":"clevercontrol-211224","dateAdded":"240620","deceptorType":"App","name":"Clever Control","company":"Clever Control LLC","version":"11.5.1022.1","lastKnownStatus":"11.5.36;11.5.1022.1;11.5.1031.5;11.5.1032.0;11.5.1032.1;11.5.1033.2;11.5.1033.3;11.5.1033.4;11.5.1034.1;11.5.1034.9;11.5.1035.2;11.5.1035.3;11.5.1035.4;11.5.1036.1;11.5.1037.0;11.5.1037.3;11.5.1039.5","lastKnownDate":"240620","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2024-06-20T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":17,"sortOrder":642},{"violations":{"ACR-043":"Open source project \"Qt5\" is installed without any disclosure in EULA.\n","ACR-004":"The application doesn't provide a free fix for all items reported, only allows to recover up to 1 GB of data. Instead, it offers auto-renewing subscription payment to completely recover files scanned.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"DoYourDataRecoveryFree.exe","isInstaller":"True","companyName":"DoYourData                                                  ","fileVersion":"8.0","hashMD5":"8ce7a8bdaea0edf0d254af20d2d497f8","hashSHA1":"bb7e1ac4db61d686a9d961eb7c006e77e004f9e2","hashSHA256":"e723f7442f48618c142d51bc21ce205cced141374df52281ca4cb9b9917707a3","digitalCertThumbprint":"254E69DC4437E997F8B440A706969D152F068DEB","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=\"Chengdu Shengxuan Technology Co., Ltd.\", O=\"Chengdu Shengxuan Technology Co., Ltd.\", L=成都市, S=四川省, C=CN, SERIALNUMBER=91510100MA6ADXEC52, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.1=成都高新技术产业开发区, OID.1.3.6.1.4.1.311.60.2.1.2=四川省, OID.1.3.6.1.4.1.311.60.2.1.3=CN","sourceIndex":"208","avBlockList":["ESET Internet Security (20240820)","Norton Security (20240820)","Panda Dome (20240820)","Quick Heal Internet Security (20240820)","Sophos Home Premium (20240820)","VirIT eXplorer PRO (20240820)","Webroot SecureAnywhere (20240820)","Windows Defender (20240820)","FortectPremium (20240820)"],"avAllowList":["360 Total Security (20240820)","Avast Premium Security (20240820)","AVG Internet Security (20240820)","Avira Internet Security (20240820)","Bitdefender Internet Security (20240820)","COMODO Antivirus (20240820)","Dr.Web Security Space (20240820)","G DATA INTERNET SECURITY (20240820)","K7 Total Security (20240820)","Kaspersky Internet Security (20240625)","Malwarebytes Premium (20240820)","McAfee Total Protection (20240820)","SpyHunter5 (20240820)","Total AV Antivirus Pro (20240820)","Trend Micro Internet Security (20240820)","VIPRE Advanced Security (20240820)","KasperskyPremium (20240820)"]},{"isRevoked":"False","fileName":"Main.exe","companyName":"DoYourData","fileVersion":"17.0","hashMD5":"8390e90bcb42b9bc9216c7b9d0d4511c","hashSHA1":"4da604ac5b0699d4233890bcdeba71142e5dd1bd","hashSHA256":"e761284b43f7174c026d56de0c3186887e628c9c75e554f904d5707f3cfa5328","digitalCertThumbprint":"254E69DC4437E997F8B440A706969D152F068DEB","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=\"Chengdu Shengxuan Technology Co., Ltd.\", O=\"Chengdu Shengxuan Technology Co., Ltd.\", L=成都市, S=四川省, C=CN, SERIALNUMBER=91510100MA6ADXEC52, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.1=成都高新技术产业开发区, OID.1.3.6.1.4.1.311.60.2.1.2=四川省, OID.1.3.6.1.4.1.311.60.2.1.3=CN","sourceIndex":"208","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Submitted to DeceptorReport","reference":"","landingPage":"https://www.doyourdata.com/data-recovery-software/free-data-recovery-software.html","directDownloadingLink":"https://www.doyourdata.com/free/DoYourDataRecoveryFree.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.doyourdata.com/free/DoYourDataRecoveryFree.exe","sourceIndex":"208"}],"sampleFiles":["240612/Doyourdatarecovery-240611/8.0/Samples/DoYourDataRecoveryFree.exe","240612/Doyourdatarecovery-240611/8.0/Samples/Main.exe"],"imageFiles":["240612/Doyourdatarecovery-240611/8.0/Images/ACR-043/qt5.png","240612/Doyourdatarecovery-240611/8.0/Images/ACR-004/ACR004.png","240612/Doyourdatarecovery-240611/8.0/Images/ACR-004/ACR004_2.png","240612/Doyourdatarecovery-240611/8.0/Images/ACR-004/ACR-004_Software_1.png"],"nonDeceptorImageFiles":[],"guid":"ad662fb8-a313-4b9c-b87b-c2f991c2f12f_8.0_1","appID":"Doyourdatarecovery-240611","dateAdded":"240612","deceptorType":"App","name":"Do Your Data Recovery","company":"DoYourData Software","version":"8.0","firstResolvedVersion":"8.2","resolved":"TRUE","lastKnownStatus":"Deceptor:8.0","lastKnownDate":"240611","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows Vista,Windows 7,Windows 8,Windows 10,Windows 11,Windows Server","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,paid","lastUpdate":"2025-05-09T22:43:15.4762567+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":644},{"violations":{"ACR-046":"Collecting data via \"Participate in customer experience improvement plan\" is checked by default and not visible to the user by default. No relevant disclosure of what data it collects.\n","ACR-048":"The app does not provide any control to cancel the installation.\n","ACR-004":"1. The app exaggerates issues and raises urgency for the identified issues with the \"Red\" font, thereby misleading or scaring the consumer to take action.\n2. The application doesn't provide a free fix (recovery) instead offering a subscription that the user needs to pay to fix it.\n","ACR-097":"The app adds an exception for Windows firewall to lower default default system security posture without disclosing relevant info and get consent from user.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components on the device without the consumer's consent or notifying the user.\n"},"nonDeceptorViolations":{"ACR-040":"The app drops some of its components in a hidden folder.\n","ACR-123":"Even after a reboot and uninstall, the application did not remove itself from the firewall exception that was added during installation.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\Tenorshare\\4DDiG DLL Fixer\\4DDiG DLL Fixer.exe","companyName":"Tenorshare","productName":"DllRepair_4DDIG","productVersion":"1.0.0.12","fileVersion":"1.0.0.12","hashMD5":"1cfdc71a48d99c5dd72e179647a77029","hashSHA1":"0a501814e92d8b8adf600865b7702a5e1a8ec56f","hashSHA256":"18c57812fab87f4e6a7dbca4215d6a977565c0894c5ae027527bd38e442d4901","digitalCertThumbprint":"59FECDA87C479A14A82E3EF696F9E6A9002A3752","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Tenorshare Co. Ltd.","storeId":"","sourceIndex":"711","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"4ddig-dll-fixer_11710474111499682501.exe","isInstaller":"True","companyName":"Tenorshare Co. Ltd.","productName":"20240112175350","productVersion":"2.7.11.0","fileVersion":"2.7.11.0","hashMD5":"70407233e32cda7de35aa5110938ec90","hashSHA1":"be6b24c27573132be7382cbad4f732a355caa2b4","hashSHA256":"50909be4da07c6e0d2592569510d82da02c8d58a5bce14599221913fd58d9a91","digitalCertThumbprint":"59FECDA87C479A14A82E3EF696F9E6A9002A3752","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Tenorshare Co. Ltd.","storeId":"","sourceIndex":"711","avBlockList":["Avast Premium Security (20240815)","AVG Internet Security (20240815)","Avira Internet Security (20240815)","Bitdefender Internet Security (20240815)","Dr.Web Security Space (20240815)","ESET Internet Security (20240815)","G DATA INTERNET SECURITY (20240815)","K7 Total Security (20240815)","Malwarebytes Premium (20240815)","Norton Security (20240815)","Panda Dome (20240815)","Sophos Home Premium (20240815)","SpyHunter5 (20240815)","Total AV Antivirus Pro (20240815)","VIPRE Advanced Security (20240815)","VirIT eXplorer PRO (20240815)","Webroot SecureAnywhere (20240815)","Windows Defender (20240815)","FortectPremium (20240815)"],"avAllowList":["360 Total Security (20240815)","COMODO Antivirus (20240815)","Kaspersky Internet Security (20240530)","McAfee Total Protection (20240815)","Quick Heal Internet Security (20240815)","Trend Micro Internet Security (20240815)","KasperskyPremium (20240815)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt of 4ddig apps","reference":"","landingPage":"https://www.4ddig.net/dll-fixer.html","directDownloadingLink":"https://download.tenorshare.net/downloads/4ddig-dll-fixer_8122.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://download.tenorshare.net/downloads/4ddig-dll-fixer_8122.exe","sourceIndex":"711"}],"sampleFiles":["240315/4DDiGDLLFixer-240315/1.0.0.12/Samples/4ddig-dll-fixer_11710474111499682501.exe"],"imageFiles":["240315/4DDiGDLLFixer-240315/1.0.0.12/Images/ACR-046/ACR-046.PNG","240315/4DDiGDLLFixer-240315/1.0.0.12/Images/ACR-046/ACR-046_1.PNG","240315/4DDiGDLLFixer-240315/1.0.0.12/Images/ACR-048/ACR-048.PNG","240315/4DDiGDLLFixer-240315/1.0.0.12/Images/ACR-004/ACR-004.PNG","240315/4DDiGDLLFixer-240315/1.0.0.12/Images/ACR-004/ACR-004_1.PNG","240315/4DDiGDLLFixer-240315/1.0.0.12/Images/ACR-004/ACR-004_2.PNG","240315/4DDiGDLLFixer-240315/1.0.0.12/Images/ACR-097/ACR-097.PNG","240315/4DDiGDLLFixer-240315/1.0.0.12/Images/ACR-118/ACR-118.PNG"],"nonDeceptorImageFiles":["240315/4DDiGDLLFixer-240315/1.0.0.12/Images/ACR-040/ACR-040.PNG","240315/4DDiGDLLFixer-240315/1.0.0.12/Images/ACR-123/ACR-123.PNG"],"guid":"e95cf1ae-cea2-4fdf-a65e-9b3811efa912_1.0.0.12_1","appID":"4DDiGDLLFixer-240315","dateAdded":"240604","deceptorType":"App","name":"4DDiG DLL Fixer","company":"Tenorshare Co., Ltd.","version":"1.0.0.12","lastKnownStatus":"1.0.0.12;1.0.2.3;1.0.3.7","lastKnownDate":"240604","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10,Windows 11","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2024-06-04T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":3,"sortOrder":659},{"violations":{"ACR-042":"The app installs Trusted Root Certificates without obtaining the consumer's permission through explicit user action.\n","ACR-043":"The app does not provide information regarding the Trusted Root Certificates that are installed and the potential risk introduced to the user system after its installation.\n","ACR-048":"The app does not provide control to remove its process & notifications completely within the app's settings. \n","ACR-007":"The app does not obtain user consent to reduce the consumer's security posture caused by installing a trusted root certificates\n","ACR-084":"On quitting the app, the application doesn't exit completely. Process run in the background, hiding the fact that it is active from the consumer without any notification.\n","ACR-118":"The app does not remove the installed root certificates even after uninstalling.\n"},"nonDeceptorViolations":{"ACR-045":"The app doesn't describe clearly what effect it causes on the user's system by installing a Trusted Root certificates\n","ACR-123":"The app does not remove the installed root certificates even after uninstalling\n","ACR-014":"The app misleads by displaying the status as \"Exposed\" on the landing pages (https://turbovpn.com/download/windows), even though another VPN (ExpressVPN) is on and running.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\TurboVPN\\TurboVPN.exe","companyName":"inovative Connecting","productName":"TurboVPN","productVersion":"2.24.0.0","fileVersion":"2.24.0.0","hashMD5":"147b80de109d585bdd9f1291e31327b6","hashSHA1":"40a65d0fda0eb9143e0d2ed5b73c0056528ea1e4","hashSHA256":"3e8ca397a8712f24821ec119e2a3846d242021c66934f65e148ff344b4148b83","digitalCertThumbprint":"B621CF3191921926F1C9A6B96201051EE3EFD13E","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"INNOVATIVE CONNECTING PTE. LIMITED","storeId":"","sourceIndex":"722","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\TurboVPN\\turbo_vpn-service.exe","companyName":"Innovative Connecting","productName":"turbo_vpn-service","productVersion":"1.0.0.1","fileVersion":"1.0.0.1","hashMD5":"24c2fa02827daa1a565765d25873051b","hashSHA1":"9b0e07effb5fa32c0520078aad9e6d9e5e67971d","hashSHA256":"0a2f29b8b1b648abaf2e346d325186812f7a0f675163d61eeca08b27cb9eccd7","digitalCertThumbprint":"B621CF3191921926F1C9A6B96201051EE3EFD13E","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"INNOVATIVE CONNECTING PTE. LIMITED","storeId":"","sourceIndex":"722","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"TurboVPN_setup.exe","isInstaller":"True","companyName":"Innovative Connecting","productName":"TurboVPN","productVersion":"2.24.0.0","fileVersion":"2.24.0.0","hashMD5":"1c3cbc60f4893b76ea941647026015e5","hashSHA1":"9533bb4005d1b1e387e93c6fedd6df5eb2cba17c","hashSHA256":"77ea0713009782e09bebd0750c56a5be774c67a5e43b5d1a3f1741a5e2a0a734","digitalCertThumbprint":"B621CF3191921926F1C9A6B96201051EE3EFD13E","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"INNOVATIVE CONNECTING PTE. LIMITED","storeId":"","sourceIndex":"722","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on windows app","reference":"","landingPage":"https://turbovpn.com/download/windows","directDownloadingLink":"https://turbovpn.com/download/windows","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://turbovpn.com/download/windows","sourceIndex":"722"}],"sampleFiles":["240304/turbovpn-220315/2.24.0.0/Samples/TurboVPN_setup.exe"],"imageFiles":["240304/turbovpn-220315/2.24.0.0/Images/ACR-043/ACR-043.PNG","240304/turbovpn-220315/2.24.0.0/Images/ACR-042/ACR-042.PNG","240304/turbovpn-220315/2.24.0.0/Images/ACR-084/ACR-084.PNG","240304/turbovpn-220315/2.24.0.0/Images/ACR-048/ACR-048.PNG","240304/turbovpn-220315/2.24.0.0/Images/ACR-048/ACR-048_1.PNG","240304/turbovpn-220315/2.24.0.0/Images/ACR-007/ACR-007.PNG","240304/turbovpn-220315/2.24.0.0/Images/ACR-118/ACR-118.PNG"],"nonDeceptorImageFiles":["240304/turbovpn-220315/2.24.0.0/Images/ACR-045/ACR-045.PNG","240304/turbovpn-220315/2.24.0.0/Images/ACR-123/ACR-123.PNG","240304/turbovpn-220315/2.24.0.0/Images/ACR-014/ACR-014.PNG"],"guid":"fd6c576f-8e1d-470a-9dc6-14d3207f10a7_2.24.0.0_1","appID":"turbovpn-220315","dateAdded":"240604","deceptorType":"App","name":"Turbo VPN","company":"INNOVATIVE CONNECTING PTE","version":"2.24.0.0","lastKnownStatus":"2.16.0.0;2.16.1.0;2.17.1.0;2.18.0.0;2.19.0.0;2.20.0.0;2.21.0.0;2.22.0.0;2.23.0.0;2.24.0;2.25.0;2.26.0.0","lastKnownDate":"240604","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,in-app purchases","lastUpdate":"2024-06-04T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":12,"sortOrder":647},{"violations":{"ACR-042":"The app installs Trusted Root Certificates without obtaining the consumer's permission through explicit user action.\n","ACR-043":"The app does not provide information regarding the Trusted Root Certificates that are installed and the potential risk introduced to the user system after its installation.\n","ACR-048":"The app does not provide control to remove its process & notifications completely within the app's settings. \n","ACR-007":"The app does not obtain user consent to reduce the consumer's security posture caused by installing a trusted root certificates\n","ACR-084":"On quitting the app, the application doesn't exit completely. Process run in the background, hiding the fact that it is active from the consumer without any notification.\n","ACR-118":"The app does not remove an installed root certificates even after uninstalling.\n"},"nonDeceptorViolations":{"ACR-045":"The app doesn't describe clearly what effect it causes on the user's system by installing a Trusted Root certificates\n","ACR-123":"The app does not remove an installed root certificates even after uninstalling\n","ACR-014":"The app misleads by displaying the status as \"Exposed\" on the landing pages (https://turbovpn.com/), even though another VPN (ExpressVPN) is on and running.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\TurboVPN\\TurboVPN.exe","companyName":"inovative Connecting","productName":"TurboVPN","productVersion":"2.23.0.0","fileVersion":"2.23.0.0","hashMD5":"13e7c905453cf1e8ea1e78fffe418655","hashSHA1":"eb1b7d36ad915faa9c062db535fffaaf0f61c928","hashSHA256":"0b2030fa60b6378c6d4c87d3d10d9862e3e29cf40b39b9b41682c7f529a3c610","digitalCertThumbprint":"B621CF3191921926F1C9A6B96201051EE3EFD13E","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"INNOVATIVE CONNECTING PTE. LIMITED","storeId":"","sourceIndex":"845","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\TurboVPN\\turbo_vpn-service.exe","companyName":"Innovative Connecting","productName":"turbo_vpn-service","productVersion":"1.0.0.1","fileVersion":"1.0.0.1","hashMD5":"24c2fa02827daa1a565765d25873051b","hashSHA1":"9b0e07effb5fa32c0520078aad9e6d9e5e67971d","hashSHA256":"0a2f29b8b1b648abaf2e346d325186812f7a0f675163d61eeca08b27cb9eccd7","digitalCertThumbprint":"B621CF3191921926F1C9A6B96201051EE3EFD13E","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"INNOVATIVE CONNECTING PTE. LIMITED","storeId":"","sourceIndex":"845","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"TurboVPN_setup.exe","isInstaller":"True","companyName":"Innovative Connecting","productName":"TurboVPN","productVersion":"2.23.0.0","fileVersion":"2.23.0.0","hashMD5":"1e27c9978cabe892612bd1c6021dc6ea","hashSHA1":"863dfebb5efd1256f5a573cdb8eb79b063bc6845","hashSHA256":"c8568a1be386f0a5686153b9f94954c51236c42b86eef6975a86db5bebfbac6e","digitalCertThumbprint":"B621CF3191921926F1C9A6B96201051EE3EFD13E","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"INNOVATIVE CONNECTING PTE. LIMITED","storeId":"","sourceIndex":"845","avBlockList":["Avast Premium Security (20240123)","AVG Internet Security (20240123)","Avira Internet Security (20240123)","G DATA INTERNET SECURITY (20240123)","K7 Total Security (20240123)","Malwarebytes Premium (20240123)","McAfee Total Protection (20240123)","Norton Security (20240123)","Panda Dome (20240123)","Quick Heal Internet Security (20240123)","Sophos Home Premium (20240123)","SpyHunter5 (20240123)","Total AV Antivirus Pro (20240123)","VirIT eXplorer PRO (20240123)","Webroot SecureAnywhere (20240123)"],"avAllowList":["360 Total Security (20240123)","Bitdefender Internet Security (20240123)","COMODO Antivirus (20240123)","Dr.Web Security Space (20240123)","ESET Internet Security (20240123)","Kaspersky Internet Security (20240123)","Trend Micro Internet Security (20240123)","VIPRE Advanced Security (20240123)","Windows Defender (20240123)"]}],"additionalFiles":[],"sources":[{"howFound":"Google search- VPN","reference":"","landingPage":"https://turbovpn.com/download/windows","directDownloadingLink":"https://turbovpn.com/download/windows","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://turbovpn.com/download/windows","sourceIndex":"845"}],"sampleFiles":["231023/turbovpn-220315/2.23.0.0/Samples/TurboVPN_setup.exe"],"imageFiles":["231023/turbovpn-220315/2.23.0.0/Images/ACR-043/ACR-043_Install_1.png","231023/turbovpn-220315/2.23.0.0/Images/ACR-042/ACR-042_Install_1.png","231023/turbovpn-220315/2.23.0.0/Images/ACR-084/ACR-084_Software_1.png","231023/turbovpn-220315/2.23.0.0/Images/ACR-048/ACR-048_Software_1.png","231023/turbovpn-220315/2.23.0.0/Images/ACR-048/ACR-048_Software_2.png","231023/turbovpn-220315/2.23.0.0/Images/ACR-007/ACR-007_Software_1.png","231023/turbovpn-220315/2.23.0.0/Images/ACR-118/ACR-118_Uninstall_1.png"],"nonDeceptorImageFiles":["231023/turbovpn-220315/2.23.0.0/Images/ACR-045/ACR-045_Install_1.png","231023/turbovpn-220315/2.23.0.0/Images/ACR-123/ACR-123_Uninstall_1.png","231023/turbovpn-220315/2.23.0.0/Images/ACR-014/ACR-014.JPG"],"guid":"fd6c576f-8e1d-470a-9dc6-14d3207f10a7_2.23.0.0_1","appID":"turbovpn-220315","dateAdded":"240604","deceptorType":"App","name":"Turbo VPN","company":"INNOVATIVE CONNECTING PTE","version":"2.23.0.0","lastKnownStatus":"2.16.0.0;2.16.1.0;2.17.1.0;2.18.0.0;2.19.0.0;2.20.0.0;2.21.0.0;2.22.0.0;2.23.0.0;2.24.0;2.25.0;2.26.0.0","lastKnownDate":"240604","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,in-app purchases","lastUpdate":"2024-06-04T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":12,"sortOrder":648},{"violations":{"ACR-042":"The app installs Trusted Root Certificates without obtaining the consumer's permission through explicit user action.\n","ACR-043":"The app does not provide information regarding the Trusted Root Certificates that are installed and the potential risk introduced to the user system after its installation.\n","ACR-048":"The app does not provide control to remove its process & notifications completely within the app's settings. \n","ACR-007":"The app does not obtain user consent to reduce the consumer's security posture caused by installing a trusted root certificates\n","ACR-084":"On quitting the app, the application doesn't exit completely. Process run in the background, hiding the fact that it is active from the consumer without any notification.\n","ACR-118":"The app does not remove an installed root certificates even after uninstalling.\n"},"nonDeceptorViolations":{"ACR-045":"The app doesn't describe clearly what effect it causes on the user's system by installing a Trusted Root certificates\n","ACR-123":"The app does not remove an installed root certificates even after uninstalling\n","ACR-014":"The app misleads by displaying the status as \"Exposed\" on the landing pages (https://turbovpn.com/), even though another VPN (ExpressVPN) is on and running.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\TurboVPN\\turbo_vpn-service.exe","companyName":"Innovative Connecting","productName":"turbo_vpn-service","productVersion":"1.0.0.1","fileVersion":"1.0.0.1","hashMD5":"24c2fa02827daa1a565765d25873051b","hashSHA1":"9b0e07effb5fa32c0520078aad9e6d9e5e67971d","hashSHA256":"0a2f29b8b1b648abaf2e346d325186812f7a0f675163d61eeca08b27cb9eccd7","digitalCertThumbprint":"B621CF3191921926F1C9A6B96201051EE3EFD13E","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"INNOVATIVE CONNECTING PTE. LIMITED","storeId":"","sourceIndex":"884","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"TurboVPN_setup.exe","isInstaller":"True","companyName":"Innovative Connecting","productName":"TurboVPN","productVersion":"2.22.0.0","fileVersion":"2.22.0.0","hashMD5":"4c8ba1bc52e4b34eccc78c2cc3fefdf9","hashSHA1":"81ae354140c1b38bd89a4d566a276ab5941b24cd","hashSHA256":"7de9a76c82c214dc3d89d37798199f9409fc2926af84bd4c8750a32131a77704","digitalCertThumbprint":"B621CF3191921926F1C9A6B96201051EE3EFD13E","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"INNOVATIVE CONNECTING PTE. LIMITED","storeId":"","sourceIndex":"884","avBlockList":["Avast Premium Security (20240321)","AVG Internet Security (20240321)","Avira Internet Security (20240321)","G DATA INTERNET SECURITY (20240321)","K7 Total Security (20240321)","Malwarebytes Premium (20240321)","McAfee Total Protection (20240321)","Norton Security (20240321)","Panda Dome (20240321)","Quick Heal Internet Security (20240321)","Sophos Home Premium (20240321)","SpyHunter5 (20240321)","Total AV Antivirus Pro (20240321)","VirIT eXplorer PRO (20240321)","Webroot SecureAnywhere (20240321)"],"avAllowList":["360 Total Security (20240321)","Bitdefender Internet Security (20240321)","COMODO Antivirus (20240321)","Dr.Web Security Space (20240321)","ESET Internet Security (20240321)","Kaspersky Internet Security (20240321)","Trend Micro Internet Security (20240321)","VIPRE Advanced Security (20240321)","Windows Defender (20240321)"]}],"additionalFiles":[],"sources":[{"howFound":"Google search- VPN","reference":"","landingPage":"https://turbovpn.com/download/windows","directDownloadingLink":"https://turbovpn.com/download/windows","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://turbovpn.com/download/windows","sourceIndex":"884"}],"sampleFiles":["230929/turbovpn-220315/2.22.0.0/Samples/TurboVPN_setup.exe"],"imageFiles":["230929/turbovpn-220315/2.22.0.0/Images/ACR-043/ACR-043_Install_1.png","230929/turbovpn-220315/2.22.0.0/Images/ACR-042/ACR-042_Install_1.png","230929/turbovpn-220315/2.22.0.0/Images/ACR-084/ACR-084_Software_1.png","230929/turbovpn-220315/2.22.0.0/Images/ACR-048/ACR-048_Software_1.png","230929/turbovpn-220315/2.22.0.0/Images/ACR-007/ACR-007_Software_1.png","230929/turbovpn-220315/2.22.0.0/Images/ACR-118/ACR-118_Uninstall_1.png"],"nonDeceptorImageFiles":["230929/turbovpn-220315/2.22.0.0/Images/ACR-045/ACR-045_Install_1.png","230929/turbovpn-220315/2.22.0.0/Images/ACR-123/ACR-123_Uninstall_1.png","230929/turbovpn-220315/2.22.0.0/Images/ACR-014/ACR-014_Landing page_1.png"],"guid":"fd6c576f-8e1d-470a-9dc6-14d3207f10a7_2.22.0.0_1","appID":"turbovpn-220315","dateAdded":"240604","deceptorType":"App","name":"Turbo VPN","company":"INNOVATIVE CONNECTING PTE","version":"2.22.0.0","lastKnownStatus":"2.16.0.0;2.16.1.0;2.17.1.0;2.18.0.0;2.19.0.0;2.20.0.0;2.21.0.0;2.22.0.0;2.23.0.0;2.24.0;2.25.0;2.26.0.0","lastKnownDate":"240604","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2024-06-04T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":12,"sortOrder":649},{"violations":{"ACR-042":"The app installs Trusted Root Certificates without obtaining the consumer's permission through explicit user action.\n","ACR-043":"The app does not provide information regarding the Trusted Root Certificates that are installed and the potential risk introduced to the user system after its installation.\n","ACR-048":"The app does not provide control to remove its process & notifications completely within the app's settings. \n","ACR-007":"The app does not obtain user consent to reduce the consumer's security posture caused by installing a trusted root certificates\n","ACR-084":"On quitting the app, the application doesn't exit completely. Several processes run in the background, hiding the fact that it is active from the consumer without any notification.\n","ACR-118":"The app does not remove an installed root certificates even after uninstalling.\n"},"nonDeceptorViolations":{"ACR-045":"The app doesn't describe clearly what effect it causes on the user's system by installing a Trusted Root certificates\n","ACR-123":"The app does not remove an installed root certificates even after uninstalling\n","ACR-014":"The app misleads by displaying the status as \"Exposed\" on the landing pages (https://turbovpn.com/), even though another VPN (ExpressVPN) is on and running.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\TurboVPN\\TurboVPN.exe","companyName":"inovative Connecting","productName":"TurboVPN","productVersion":"2.21.0.0","fileVersion":"2.21.0.0","hashMD5":"06645c86d9abd35526166e7efe104099","hashSHA1":"1b4b5b330a69ec4d9291203b37cd4fd0fcfe2523","hashSHA256":"2e176e200bdf7245226370816aa1d05ae04291b2d286afa353885c0b337d78a4","digitalCertThumbprint":"B621CF3191921926F1C9A6B96201051EE3EFD13E","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"INNOVATIVE CONNECTING PTE. LIMITED","storeId":"","sourceIndex":"1133","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\TurboVPN\\TurboVPNLauncher.exe","companyName":"Innovative Connecting","productName":"TurboVPNLauncher","productVersion":"1.0.0.1","fileVersion":"1.0.0.1","hashMD5":"3683e329119248d66c8e96025d38b738","hashSHA1":"f2c6e9a3b543b0e0a96f25c7fd65c4069048ff95","hashSHA256":"90d173c96764bb9147c0b95cf967cb6b970f50ccd3fb7639631f4d7aecbb7130","digitalCertThumbprint":"B621CF3191921926F1C9A6B96201051EE3EFD13E","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"INNOVATIVE CONNECTING PTE. LIMITED","storeId":"","sourceIndex":"1133","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\TurboVPN\\turbo_vpn-service.exe","companyName":"Innovative Connecting","productName":"turbo_vpn-service","productVersion":"1.0.0.1","fileVersion":"1.0.0.1","hashMD5":"a556861afa15ea74d4cdb9e53ce5559f","hashSHA1":"f65524b4de96930d77355c73f6a9401c97311a9a","hashSHA256":"049b35e5da0e45611120d065c2f4b2370482fca89ddbc2a06bfdd903aa1a5b27","digitalCertThumbprint":"B621CF3191921926F1C9A6B96201051EE3EFD13E","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"INNOVATIVE CONNECTING PTE. LIMITED","storeId":"","sourceIndex":"1133","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"TurboVPN_setup.exe","isInstaller":"True","companyName":"Innovative Connecting","productName":"TurboVPN","productVersion":"2.21.0.0","fileVersion":"2.21.0.0","hashMD5":"91ea7b3382e6827693a86654ee1c6f5e","hashSHA1":"5152ba9aa850c6c71a1a9ebf99a5eacde1393876","hashSHA256":"863851c9af3d438236f517571ff6c4bef7070412fa9f5f0978e769a9491681bb","digitalCertThumbprint":"B621CF3191921926F1C9A6B96201051EE3EFD13E","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"INNOVATIVE CONNECTING PTE. LIMITED","storeId":"","sourceIndex":"1133","avBlockList":["Avast Premium Security (20230928)","AVG Internet Security (20230928)","Avira Internet Security (20230928)","Bitdefender Internet Security (20230928)","G DATA INTERNET SECURITY (20230928)","K7 Total Security (20230928)","Malwarebytes Premium (20230928)","McAfee Total Protection (20230928)","Norton Security (20230928)","Panda Dome (20230928)","Quick Heal Internet Security (20230928)","Sophos Home Premium (20230928)","SpyHunter5 (20230928)","Total AV Antivirus Pro (20230928)","VIPRE Advanced Security (20230928)","VirIT eXplorer PRO (20230928)","Webroot SecureAnywhere (20230928)"],"avAllowList":["360 Total Security (20230928)","COMODO Antivirus (20230928)","Dr.Web Security Space (20230928)","ESET Internet Security (20230928)","Kaspersky Internet Security (20230928)","Trend Micro Internet Security (20230928)","Windows Defender (20230928)"]}],"additionalFiles":[],"sources":[{"howFound":"Google search- VPN","reference":"","landingPage":"https://turbovpn.com/download/windows","directDownloadingLink":"https://turbovpn.com/download/windows","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://turbovpn.com/download/windows","sourceIndex":"1133"}],"sampleFiles":["230501/turbovpn-220315/2.21.0.0/Samples/TurboVPN_setup.exe"],"imageFiles":["230501/turbovpn-220315/2.21.0.0/Images/ACR-043/ACR-043.JPG","230501/turbovpn-220315/2.21.0.0/Images/ACR-042/ACR-042.JPG","230501/turbovpn-220315/2.21.0.0/Images/ACR-084/ACR-084.JPG","230501/turbovpn-220315/2.21.0.0/Images/ACR-048/ACR-048 (1).JPG","230501/turbovpn-220315/2.21.0.0/Images/ACR-048/ACR-048 (2).JPG","230501/turbovpn-220315/2.21.0.0/Images/ACR-007/ACR-007.JPG","230501/turbovpn-220315/2.21.0.0/Images/ACR-118/ACR-118.JPG"],"nonDeceptorImageFiles":["230501/turbovpn-220315/2.21.0.0/Images/ACR-045/ACR-045.JPG","230501/turbovpn-220315/2.21.0.0/Images/ACR-123/ACR-123.JPG","230501/turbovpn-220315/2.21.0.0/Images/ACR-014/ACR-014.JPG"],"guid":"fd6c576f-8e1d-470a-9dc6-14d3207f10a7_2.21.0.0_1","appID":"turbovpn-220315","dateAdded":"240604","deceptorType":"App","name":"Turbo VPN","company":"INNOVATIVE CONNECTING PTE","version":"2.21.0.0","lastKnownStatus":"2.16.0.0;2.16.1.0;2.17.1.0;2.18.0.0;2.19.0.0;2.20.0.0;2.21.0.0;2.22.0.0;2.23.0.0;2.24.0;2.25.0;2.26.0.0","lastKnownDate":"240604","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2024-06-04T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":12,"sortOrder":650},{"violations":{"ACR-042":"The app installs Trusted Root Certificates without obtaining the consumer's permission through explicit user action.\n","ACR-043":"The app does not provide information regarding the Trusted Root Certificates that are installed and the potential risk introduced to the user system after its installation.\n","ACR-048":"The app does not provide control to remove its process & notifications completely within the app's settings. \n","ACR-007":"The app does not obtain user consent to reduce the consumer's security posture caused by installing a trusted root certificates\n","ACR-084":"On quitting the app, the application doesn't exit completely. The \"turbo_vpn-service.exe\" process runs in the background, hiding the fact that it is active from the consumer without any notification.\n","ACR-118":"The app does not remove an installed root certificates even after uninstalling.\n"},"nonDeceptorViolations":{"ACR-045":"The app doesn't describe clearly what effect it causes on the user's system by installing a Trusted Root certificates\n","ACR-123":"The app does not remove an installed root certificates even after uninstalling\n","ACR-014":"The app misleads by displaying the status as \"Exposed\" on the landing pages (https://turbovpn.com/download/windows), even though another VPN (ExpressVPN) is on and running.\n"},"samples":[{"isRevoked":"False","fileName":"TurboVPN_setup.exe","isInstaller":"True","companyName":"Innovative Connecting","fileVersion":"2.20","hashMD5":"20667e2b795ce7b80d121c3c0e021e9a","hashSHA1":"58f6b8630c364d8b398ce1a725c906c3f874049d","hashSHA256":"ec49cd721e81b6bcc49e52891c43339d8e2504b96341290228723c2c5e012023","digitalCertThumbprint":"B621CF3191921926F1C9A6B96201051EE3EFD13E","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=INNOVATIVE CONNECTING PTE. LIMITED, O=INNOVATIVE CONNECTING PTE. LIMITED, L=SINGAPORE, C=SG, SERIALNUMBER=201812738K, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=SG","sourceIndex":"1224","avBlockList":["Avast Premium Security (20240425)","AVG Internet Security (20240425)","Avira Internet Security (20240425)","ESET Internet Security (20240425)","G DATA INTERNET SECURITY (20240425)","Malwarebytes Premium (20240425)","McAfee Total Protection (20240425)","Norton Security (20240425)","Panda Dome (20240425)","Sophos Home Premium (20240425)","SpyHunter5 (20240425)","Total AV Antivirus Pro (20240425)","VirIT eXplorer PRO (20240425)","Webroot SecureAnywhere (20240425)"],"avAllowList":["360 Total Security (20240425)","Bitdefender Internet Security (20240425)","COMODO Antivirus (20240425)","Dr.Web Security Space (20240425)","K7 Total Security (20240425)","Kaspersky Internet Security (20240425)","Quick Heal Internet Security (20240425)","Trend Micro Internet Security (20240425)","VIPRE Advanced Security (20240425)","Windows Defender (20240425)"]},{"isRevoked":"False","fileName":"turbo_vpn-service.exe","companyName":"Innovative Connecting","fileVersion":"1.0","hashMD5":"b9d3e9dad468c3db26943a3af77e4efc","hashSHA1":"4437e53d7949241b05ccbc75733c0c56646675f2","hashSHA256":"4a849efc900276b71cc5a134e110c1b9202b00a44e1fae8ab6fb1683d11f7331","digitalCertThumbprint":"B621CF3191921926F1C9A6B96201051EE3EFD13E","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=INNOVATIVE CONNECTING PTE. LIMITED, O=INNOVATIVE CONNECTING PTE. LIMITED, L=SINGAPORE, C=SG, SERIALNUMBER=201812738K, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=SG","sourceIndex":"1224","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"TurboVPN.exe","companyName":"inovative Connecting","fileVersion":"2.20","hashMD5":"3a6f72189a7d688550b7b1dc603cd356","hashSHA1":"e3103db973e336196cbf9872ea0240d6f8456c27","hashSHA256":"a9d1063995060fee1fcdcc77fbd077ce80ccf3f165b5a45fe9ca41262f0037b7","digitalCertThumbprint":"B621CF3191921926F1C9A6B96201051EE3EFD13E","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=INNOVATIVE CONNECTING PTE. LIMITED, O=INNOVATIVE CONNECTING PTE. LIMITED, L=SINGAPORE, C=SG, SERIALNUMBER=201812738K, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=SG","sourceIndex":"1224","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"TurboVPNLauncher.exe","companyName":"Innovative Connecting","fileVersion":"1.0","hashMD5":"9da3bf2f4095d2c0dd3c23c775679a73","hashSHA1":"a7b9f6fdc0a2c3c12b95eb63dfc45f9890c5dab7","hashSHA256":"a7f404272bc85d09d756478072b87dad3f521c112c2dac016e0de1abae7600fa","digitalCertThumbprint":"B621CF3191921926F1C9A6B96201051EE3EFD13E","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=INNOVATIVE CONNECTING PTE. LIMITED, O=INNOVATIVE CONNECTING PTE. LIMITED, L=SINGAPORE, C=SG, SERIALNUMBER=201812738K, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=SG","sourceIndex":"1224","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Google search- VPN","reference":"","landingPage":"https://turbovpn.com/download/windows","directDownloadingLink":"https://turbovpn.com/download/windows","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://turbovpn.com/download/windows","sourceIndex":"1224"}],"sampleFiles":["230207/turbovpn-220315/2.20.0.0/Samples/TurboVPN_setup.exe"],"imageFiles":["230207/turbovpn-220315/2.20.0.0/Images/ACR-043/ACR-043.JPG","230207/turbovpn-220315/2.20.0.0/Images/ACR-042/ACR-042.JPG","230207/turbovpn-220315/2.20.0.0/Images/ACR-084/ACR-084.JPG","230207/turbovpn-220315/2.20.0.0/Images/ACR-048/ACR-048_Software.JPG","230207/turbovpn-220315/2.20.0.0/Images/ACR-048/ACR-048.JPG","230207/turbovpn-220315/2.20.0.0/Images/ACR-007/ACR-007.JPG","230207/turbovpn-220315/2.20.0.0/Images/ACR-118/ACR-118.JPG"],"nonDeceptorImageFiles":["230207/turbovpn-220315/2.20.0.0/Images/ACR-045/ACR-045.JPG","230207/turbovpn-220315/2.20.0.0/Images/ACR-123/ACR-123.JPG","230207/turbovpn-220315/2.20.0.0/Images/ACR-014/ACR-014.JPG"],"guid":"fd6c576f-8e1d-470a-9dc6-14d3207f10a7_2.20.0.0_1","appID":"turbovpn-220315","dateAdded":"240604","deceptorType":"App","name":"Turbo VPN","company":"INNOVATIVE CONNECTING PTE","version":"2.20.0.0","lastKnownStatus":"2.16.0.0;2.16.1.0;2.17.1.0;2.18.0.0;2.19.0.0;2.20.0.0;2.21.0.0;2.22.0.0;2.23.0.0;2.24.0;2.25.0;2.26.0.0","lastKnownDate":"240604","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2024-06-04T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":12,"sortOrder":651},{"violations":{"ACR-042":"The app installs a Trusted Root Certificate without obtaining the consumer's permission through explicit user action.\n","ACR-043":"The app does not provide information regarding the Trusted Root Certificate that is installed and the potential risk introduced to the user system after its installation.\n","ACR-048":"The app does not provide control to remove its process & notifications completely within the app's settings. \n","ACR-007":"The app does not obtain user consent to reduce the consumer's security posture caused by installing a trusted root certificate.\n\n","ACR-084":"On quitting the app, the application doesn't exit completely. The \"turbo_vpn-service.exe\" process runs in the background, hiding the fact that it is active from the consumer without any notification.\n","ACR-118":"The app does not remove an installed root certificate even after uninstalling.\n"},"nonDeceptorViolations":{"ACR-045":"The app doesn't describe clearly what effect it causes on the user's system by installing a Trusted Root certificate.\n","ACR-123":"The app does not remove an installed root certificate even after uninstalling\n","ACR-014":"The app misleads by displaying the status as \"Exposed\" on the landing pages (https://turbovpn.com/download/windows), even though another VPN (ExpressVPN) is on and running.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files\\TurboVPN\\TurboVPN.exe","companyName":"inovative Connecting","productName":"TurboVPN","productVersion":"2.19.0.0","fileVersion":"2.19.0.0","hashMD5":"06ca386a4ea045956ddb460fb837c76a","hashSHA1":"41a205ddaf669f8437281504b56c616c2844495e","hashSHA256":"e80b89adb54d96864ea1f0a973131cf318ad0927f7fb491816e1fcbdaee6e1d2","digitalCertThumbprint":"B621CF3191921926F1C9A6B96201051EE3EFD13E","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"INNOVATIVE CONNECTING PTE. LIMITED","storeId":"","sourceIndex":"1283","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Program Files\\TurboVPN\\TurboVPNLauncher.exe","companyName":"Innovative Connecting","productName":"TurboVPNLauncher","productVersion":"1.0.0.1","fileVersion":"1.0.0.1","hashMD5":"e78d3e4791468b08dac2cbfb3bde723e","hashSHA1":"a29ebc2b95778a83ae9a26799600a712aaf921df","hashSHA256":"9dbbe7cc01370589215062dd43cad4ce49b06a34be96360beea3e6434937d75b","digitalCertThumbprint":"B621CF3191921926F1C9A6B96201051EE3EFD13E","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"INNOVATIVE CONNECTING PTE. LIMITED","storeId":"","sourceIndex":"1283","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Program Files\\TurboVPN\\turbo_vpn-service.exe","companyName":"Innovative Connecting","productName":"turbo_vpn-service","productVersion":"1.0.0.1","fileVersion":"1.0.0.1","hashMD5":"74c2b57f360074bae69f103b8485d8c2","hashSHA1":"dd58541000b05f620d597bfa02bee8292057fbf9","hashSHA256":"7fed97a18d79c644c65d6b52b03f6dc8beda8c6a5903f4a0912de545e2862c30","digitalCertThumbprint":"B621CF3191921926F1C9A6B96201051EE3EFD13E","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"INNOVATIVE CONNECTING PTE. LIMITED","storeId":"","sourceIndex":"1283","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"TurboVPN_setup.exe","isInstaller":"True","companyName":"Innovative Connecting","productName":"TurboVPN","productVersion":"2.19.0.0","fileVersion":"2.19.0.0","hashMD5":"9489f4c323863dbd90fce01b221263bc","hashSHA1":"78c62af86c7eeb1dd1d89d73c2cc8c34707d3d5a","hashSHA256":"f638b1ff186489c2fdedbbda5c535b5a8b01eb5b016fc0e685a925dad5d15d9b","digitalCertThumbprint":"B621CF3191921926F1C9A6B96201051EE3EFD13E","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"INNOVATIVE CONNECTING PTE. LIMITED","storeId":"","sourceIndex":"1283","avBlockList":["Avast Premium Security (20240723)","AVG Internet Security (20240723)","Avira Internet Security (20240723)","ESET Internet Security (20240723)","K7 Total Security (20240723)","Malwarebytes Premium (20240723)","McAfee Total Protection (20240723)","Norton Security (20240723)","Panda Dome (20240723)","Quick Heal Internet Security (20240723)","Sophos Home Premium (20240723)","SpyHunter5 (20240723)","Total AV Antivirus Pro (20240723)","VirIT eXplorer PRO (20240723)","Webroot SecureAnywhere (20240723)","FortectPremium (20240723)"],"avAllowList":["360 Total Security (20240723)","Bitdefender Internet Security (20240723)","COMODO Antivirus (20240723)","Dr.Web Security Space (20240723)","G DATA INTERNET SECURITY (20240723)","Kaspersky Internet Security (20240723)","Trend Micro Internet Security (20240723)","VIPRE Advanced Security (20240723)","Windows Defender (20240723)"]}],"additionalFiles":[],"sources":[{"howFound":"Google search- VPN","reference":"","landingPage":"https://turbovpn.com/download/windows","directDownloadingLink":"https://turbovpn.com/download/windows","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://turbovpn.com/download/windows","sourceIndex":"1283"}],"sampleFiles":["221204/turbovpn-220315/2.19.0.0/Samples/TurboVPN_setup.exe"],"imageFiles":["221204/turbovpn-220315/2.19.0.0/Images/ACR-043/ACR-043_Install.JPG","221204/turbovpn-220315/2.19.0.0/Images/ACR-042/ACR-042_Install.JPG","221204/turbovpn-220315/2.19.0.0/Images/ACR-084/ACR-084.JPG","221204/turbovpn-220315/2.19.0.0/Images/ACR-048/ACR-048_Software_No_Control_For_Notification.JPG","221204/turbovpn-220315/2.19.0.0/Images/ACR-048/ACR-048.JPG","221204/turbovpn-220315/2.19.0.0/Images/ACR-007/ACR-007_Software.JPG","221204/turbovpn-220315/2.19.0.0/Images/ACR-118/ACR-118_Uninstall.JPG"],"nonDeceptorImageFiles":["221204/turbovpn-220315/2.19.0.0/Images/ACR-045/ACR-045_Install.JPG","221204/turbovpn-220315/2.19.0.0/Images/ACR-123/ACR-123.JPG","221204/turbovpn-220315/2.19.0.0/Images/ACR-014/ACR-014.JPG"],"guid":"fd6c576f-8e1d-470a-9dc6-14d3207f10a7_2.19.0.0_1","appID":"turbovpn-220315","dateAdded":"240604","deceptorType":"App","name":"Turbo VPN","company":"INNOVATIVE CONNECTING PTE","version":"2.19.0.0","lastKnownStatus":"2.16.0.0;2.16.1.0;2.17.1.0;2.18.0.0;2.19.0.0;2.20.0.0;2.21.0.0;2.22.0.0;2.23.0.0;2.24.0;2.25.0;2.26.0.0","lastKnownDate":"240604","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2024-06-04T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":12,"sortOrder":652},{"violations":{"ACR-042":"The app installs a Trusted Root Certificate without obtaining the consumer's permission through explicit user action.\n","ACR-043":"The app does not provide information regarding the Trusted Root Certificate that is installed and the potential risk introduced to the user system after its installation.\n","ACR-048":"The app does not provide control to remove its process & notifications completely within the app's settings. \n","ACR-007":"The app does not obtain user consent to reduce the consumer's security posture caused by installing a trusted root certificate.\n\n","ACR-084":"On quitting the app, the application doesn't exit completely. The \"turbo_vpn-service.exe\" process runs in the background, hiding the fact that it is active from the consumer without any notification.\n","ACR-118":"The app does not remove an installed root certificate even after uninstall.\n","ACR-014":"The app misleads by displaying the status as \"Exposed'\" on the internal offers pages (https://turbovpn.com/pricing), even though another VPN (tunnel bear) is on and running.\n"},"nonDeceptorViolations":{"ACR-045":"The app doesn't describe clearly what effect it causes on the user's system by installing a Trusted Root certificate.\n","ACR-014":"The app misleads by displaying the status as \"Exposed\" on the landing pages (https://turbovpn.com/download/windows), even though another VPN (tunnel bear) is on and running.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\TurboVPN\\TurboVPN.exe","companyName":"inovative Connecting","productName":"TurboVPN","productVersion":"2.18.0.0","fileVersion":"2.18.0.0","hashMD5":"6165aa59c70db3022248fd59f84050df","hashSHA1":"b35a79884a78cff79eff7826a67b24f2d1b088dc","hashSHA256":"0c1d49a8bd02d4c83fc548af920d07e83da48e055cebfd31c57df790df0dfa83","digitalCertThumbprint":"B621CF3191921926F1C9A6B96201051EE3EFD13E","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"INNOVATIVE CONNECTING PTE. LIMITED","storeId":"","sourceIndex":"1629","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\TurboVPN\\TurboVPNLauncher.exe","companyName":"Innovative Connecting","productName":"TurboVPNLauncher","productVersion":"1.0.0.1","fileVersion":"1.0.0.1","hashMD5":"9f5ef8f6a7e06a46ebb02e7066c660f2","hashSHA1":"c5778d4cdbaa5c796e3d390d77dc3dbace871a76","hashSHA256":"fd4e04662ecd378c28685ad012cfd987de83bb7c4b9126f0ac5132801876e6cc","digitalCertThumbprint":"B621CF3191921926F1C9A6B96201051EE3EFD13E","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"INNOVATIVE CONNECTING PTE. LIMITED","storeId":"","sourceIndex":"1629","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\TurboVPN\\turbo_vpn-service.exe","companyName":"Innovative Connecting","productName":"turbo_vpn-service","productVersion":"1.0.0.1","fileVersion":"1.0.0.1","hashMD5":"46c58c89520bbe4e548e7b02c1f88b90","hashSHA1":"df2f258ebcb32d77bca7eb9ea5dd05c72ca37be2","hashSHA256":"c356ec6e9e3723fd6b2035fe6dca48fdde395e9b7ca536153b4391e0c93adf2b","digitalCertThumbprint":"B621CF3191921926F1C9A6B96201051EE3EFD13E","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"INNOVATIVE CONNECTING PTE. LIMITED","storeId":"","sourceIndex":"1629","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"TurboVPN_setup.exe","isInstaller":"True","companyName":"Innovative Connecting","productName":"TurboVPN","productVersion":"2.18.0.0","fileVersion":"2.18.0.0","hashMD5":"a86859ed1f33f73986cb4a2b80c882f4","hashSHA1":"1461a9733815ec95fe8c836de5a5df0636e09f75","hashSHA256":"4863a1eb40ac86f0d5538d3f4116d3ca739652fbffe0702c433fe669088554b8","digitalCertThumbprint":"B621CF3191921926F1C9A6B96201051EE3EFD13E","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"INNOVATIVE CONNECTING PTE. LIMITED","storeId":"","sourceIndex":"1629","avBlockList":["Avast Premium Security (20240801)","AVG Internet Security (20240801)","Avira Internet Security (20240801)","COMODO Antivirus (20240801)","ESET Internet Security (20240801)","G DATA INTERNET SECURITY (20240801)","K7 Total Security (20240801)","Malwarebytes Premium (20240801)","McAfee Total Protection (20240801)","Norton Security (20240801)","Panda Dome (20240801)","Quick Heal Internet Security (20240801)","Sophos Home Premium (20240801)","SpyHunter5 (20240801)","Total AV Antivirus Pro (20240801)","VirIT eXplorer PRO (20240801)","Webroot SecureAnywhere (20240801)","FortectPremium (20240801)"],"avAllowList":["360 Total Security (20240801)","Bitdefender Internet Security (20240801)","Dr.Web Security Space (20240801)","Kaspersky Internet Security (20240314)","Tencent PC Manager (20220519)","Trend Micro Internet Security (20240801)","VIPRE Advanced Security (20240801)","Windows Defender (20240801)"]}],"additionalFiles":[],"sources":[{"howFound":"Google search- VPN","reference":"","landingPage":"https://turbovpn.com/download/windows","directDownloadingLink":"https://turbovpn.com/download/windows","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://turbovpn.com/download/windows","sourceIndex":"1629"}],"sampleFiles":["220505/turbovpn-220315/2.18.0.0/Samples/TurboVPN_setup.exe"],"imageFiles":["220505/turbovpn-220315/2.18.0.0/Images/ACR-043/ACR-043_Install.JPG","220505/turbovpn-220315/2.18.0.0/Images/ACR-042/ACR-042_Install.JPG","220505/turbovpn-220315/2.18.0.0/Images/ACR-084/ACR-084_Software.JPG","220505/turbovpn-220315/2.18.0.0/Images/ACR-048/ACR-048_Software.JPG","220505/turbovpn-220315/2.18.0.0/Images/ACR-048/ACR-048_Software_1.JPG","220505/turbovpn-220315/2.18.0.0/Images/ACR-048/ACR-048_Software_2.JPG","220505/turbovpn-220315/2.18.0.0/Images/ACR-007/ACR-007_Software.JPG","220505/turbovpn-220315/2.18.0.0/Images/ACR-118/ACR-118_Uninstall.JPG","220505/turbovpn-220315/2.18.0.0/Images/ACR-014/ACR-014_InternalOffers.JPG"],"nonDeceptorImageFiles":["220505/turbovpn-220315/2.18.0.0/Images/ACR-045/ACR-045_Install.JPG","220505/turbovpn-220315/2.18.0.0/Images/ACR-014/ACR-014_Landingpage.JPG"],"guid":"fd6c576f-8e1d-470a-9dc6-14d3207f10a7_2.18.0.0_1","appID":"turbovpn-220315","dateAdded":"240604","deceptorType":"App","name":"Turbo VPN","company":"INNOVATIVE CONNECTING PTE","version":"2.18.0.0","lastKnownStatus":"2.16.0.0;2.16.1.0;2.17.1.0;2.18.0.0;2.19.0.0;2.20.0.0;2.21.0.0;2.22.0.0;2.23.0.0;2.24.0;2.25.0;2.26.0.0","lastKnownDate":"240604","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2024-06-04T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":12,"sortOrder":653},{"violations":{"ACR-042":"The app installs a Trusted Root Certificate without obtaining the consumer's permission through explicit user action.\n","ACR-043":"The app does not provide information regarding the Trusted Root Certificate that is installed and the potential risk introduced to the user system after its installation.\n","ACR-048":"The app does not provide control to remove its notifications & process completely within the app's settings. \n","ACR-007":"The app does not obtain user consent to reduce the consumer's security posture caused by installing a trusted root certificate.\n\n","ACR-084":"On quitting the app, the application doesn't exit completely. The \"turbo_vpn-service.exe\" process runs in the background, hiding the fact that it is active from the consumer without any notification.\n","ACR-118":"The app does not remove an installed root certificate even after uninstall.\n","ACR-014":"The app misleads by displaying status as \"Exposed'\" on the internal offers pages (https://turbovpn.com/pricing?plan=vpn.turbo.pc.twoyearsplan.pm65&channel=win), even though another VPN (tunnel bear) is on and running.\n"},"nonDeceptorViolations":{"ACR-045":"The app doesn't describe clearly what effect it causes on the user's system by installing a Trusted Root certificate.\n","ACR-099":"The application does not display links to uninstall information. \n","ACR-014":"The app misleads by displaying status as \"Exposed'\" on the landing pages (https://turbovpn.com/home), even though another VPN (tunnel bear) is on and running.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\TurboVPN\\TurboVPN.exe","companyName":"inovative Connecting","productName":"TurboVPN","productVersion":"2.17.1.0","fileVersion":"2.17.1.0","hashMD5":"c472605a50e8ebb13d25144e9224e9ff","hashSHA1":"474af22f9e1372d186c5b80027eb0168bfdfb272","hashSHA256":"de19d1ef8a0a9be4c0fd3656c26ce806c21e939266b9a5f16110fb6379fa4edf","digitalCertThumbprint":"B621CF3191921926F1C9A6B96201051EE3EFD13E","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"INNOVATIVE CONNECTING PTE. LIMITED","storeId":"","sourceIndex":"1639","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\TurboVPN\\TurboVPNLauncher.exe","companyName":"Innovative Connecting","productName":"TurboVPNLauncher","productVersion":"1.0.0.1","fileVersion":"1.0.0.1","hashMD5":"5fbcf26091679ebd22a7cf5f5c7a77d0","hashSHA1":"559e8f4c07173519b77bb782eed66a765c1b8832","hashSHA256":"9db23474c98bddb4367e367b7aedf8fe76b0ed9be7db944fb1f0c3ac697e989d","digitalCertThumbprint":"B621CF3191921926F1C9A6B96201051EE3EFD13E","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"INNOVATIVE CONNECTING PTE. LIMITED","storeId":"","sourceIndex":"1639","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\TurboVPN\\turbo_vpn-service.exe","companyName":"Innovative Connecting","productName":"turbo_vpn-service","productVersion":"1.0.0.1","fileVersion":"1.0.0.1","hashMD5":"a833694da4c09d8c5d753fd1a43766b0","hashSHA1":"f0aa6de6f9743255f72b480d44831f31e6df0924","hashSHA256":"3d723159b376bca6db50df1254f77a986bf3b474526933d8e794ba14eace11a2","digitalCertThumbprint":"B621CF3191921926F1C9A6B96201051EE3EFD13E","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"INNOVATIVE CONNECTING PTE. LIMITED","storeId":"","sourceIndex":"1639","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"TurboVPN_setup.exe","isInstaller":"True","companyName":"Innovative Connecting","productName":"TurboVPN","productVersion":"2.17.1.0","fileVersion":"2.17.1.0","hashMD5":"c021bf289f33480bb2d4a0d0474a11ca","hashSHA1":"172f1d2859a7229cde7588779bc065c5c00108d1","hashSHA256":"71861a9406893efba1412756e0fa65dfbcf1fcadcc93c6af4f765cd8dde76016","digitalCertThumbprint":"B621CF3191921926F1C9A6B96201051EE3EFD13E","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"INNOVATIVE CONNECTING PTE. LIMITED","storeId":"","sourceIndex":"1639","avBlockList":["Avast Premium Security (20231012)","AVG Internet Security (20231012)","Avira Internet Security (20231012)","Bitdefender Internet Security (20231012)","G DATA INTERNET SECURITY (20231012)","K7 Total Security (20231012)","Malwarebytes Premium (20231012)","McAfee Total Protection (20231012)","Norton Security (20231012)","Panda Dome (20231012)","Quick Heal Internet Security (20231012)","Sophos Home Premium (20231012)","SpyHunter5 (20231012)","Total AV Antivirus Pro (20231012)","VIPRE Advanced Security (20231012)","VirIT eXplorer PRO (20231012)","Webroot SecureAnywhere (20231012)"],"avAllowList":["360 Total Security (20231012)","COMODO Antivirus (20231012)","Dr.Web Security Space (20231012)","ESET Internet Security (20231012)","Kaspersky Internet Security (20231012)","Trend Micro Internet Security (20231012)","Windows Defender (20231012)"]}],"additionalFiles":[],"sources":[{"howFound":"Google search- VPN","reference":"","landingPage":"https://turbovpn.com/download/windows","directDownloadingLink":"https://turbovpn.com/download/windows","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://turbovpn.com/download/windows","sourceIndex":"1639"}],"sampleFiles":["220426/turbovpn-220315/2.17.1.0/Samples/TurboVPN_setup.exe"],"imageFiles":["220426/turbovpn-220315/2.17.1.0/Images/ACR-043/ACR-043_Install.JPG","220426/turbovpn-220315/2.17.1.0/Images/ACR-042/ACR-042_Install.JPG","220426/turbovpn-220315/2.17.1.0/Images/ACR-084/ACR-084_Software.JPG","220426/turbovpn-220315/2.17.1.0/Images/ACR-048/ACR-048_Software.JPG","220426/turbovpn-220315/2.17.1.0/Images/ACR-048/ACR-048_Software_1.JPG","220426/turbovpn-220315/2.17.1.0/Images/ACR-048/ACR-048_Software_2.JPG","220426/turbovpn-220315/2.17.1.0/Images/ACR-007/ACR-007_Software.JPG","220426/turbovpn-220315/2.17.1.0/Images/ACR-118/ACR-118_Uninstall.JPG","220426/turbovpn-220315/2.17.1.0/Images/ACR-014/ACR-014_InternalOffers.JPG"],"nonDeceptorImageFiles":["220426/turbovpn-220315/2.17.1.0/Images/ACR-045/ACR-045_Install.JPG","220426/turbovpn-220315/2.17.1.0/Images/ACR-099/ACR-099_Software_No_UninstallInfo.JPG","220426/turbovpn-220315/2.17.1.0/Images/ACR-014/ACR-014_Landingpage.JPG"],"guid":"fd6c576f-8e1d-470a-9dc6-14d3207f10a7_2.17.1.0_1","appID":"turbovpn-220315","dateAdded":"240604","deceptorType":"App","name":"Turbo VPN","company":"INNOVATIVE CONNECTING PTE","version":"2.17.1.0","lastKnownStatus":"2.16.0.0;2.16.1.0;2.17.1.0;2.18.0.0;2.19.0.0;2.20.0.0;2.21.0.0;2.22.0.0;2.23.0.0;2.24.0;2.25.0;2.26.0.0","lastKnownDate":"240604","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2024-06-04T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":12,"sortOrder":654},{"violations":{"ACR-042":"The app installs a Trusted Root Certificate without obtaining the consumer's permission through explicit user action.\n","ACR-043":"The app does not provide information regarding the Trusted Root Certificate that is installed and the potential risk introduced to the user system after its installation.\n","ACR-048":"The app does not provide control to remove its notifications & process completely within the app's settings. \n","ACR-007":"The app does not obtain user consent to reduce the consumer's security posture caused by installing a trusted root certificate.\n\n","ACR-084":"On quitting the app, the application doesn't exit completely. The \"turbo_vpn-service.exe\" process runs in the background, hiding the fact that it is active from the consumer without any notification.\n"},"nonDeceptorViolations":{"ACR-045":"The app doesn't describe clearly what effect it causes on the user's system by installing a Trusted Root certificate.\n","ACR-123":"The app does not remove an installed root certificate even after uninstall\n","ACR-014":"The app misleads by displaying status as \"Exposed'\" on the landing pages (https://turbovpn.com/home), even though another VPN (tunnel bear) is on and running.\n"},"samples":[{"isRevoked":"False","fileName":"vpnshield_install.exe","isInstaller":"True","companyName":"                                                            ","productName":"vpnshield                                                   ","productVersion":"1.0.0                                             ","fileVersion":"                    ","hashMD5":"7b4f897f3c16309d64f5ec8eef3f7625","hashSHA1":"9ec23f8b39fd9cd1b2106ebb640333c6bcbcab6d","hashSHA256":"61c5e5958bbbc9aebde3110f9a4d749ba435c152ea92b4934acccfd144b7a66f","digitalCertThumbprint":"B57AF0DF869100691424E08388F9BC2A1E3FE783","digitalCertIssuer":"SSL.com EV Code Signing Intermediate CA RSA R3","digitalCertIssuedTo":"BSD LIMITLESS LTD","storeId":"","sourceIndex":"1674","avBlockList":["360 Total Security (20220426)","Avira Internet Security (20220426)","K7 Total Security (20220426)","Malwarebytes Premium (20220426)","McAfee Total Protection (20220426)","Norton Security (20220426)","Panda Dome (20220426)","Quick Heal Internet Security (20220426)","Sophos Home Premium (20220426)","SpyHunter5 (20220426)","Total AV Antivirus Pro (20220426)","VirIT eXplorer PRO (20220426)","Webroot SecureAnywhere (20220426)","Windows Defender (20220426)"],"avAllowList":["Avast Premium Security (20220426)","AVG Internet Security (20220426)","Bitdefender Internet Security (20220426)","COMODO Antivirus (20220426)","Dr.Web Security Space (20220426)","ESET Internet Security (20220426)","G DATA INTERNET SECURITY (20220426)","Kaspersky Internet Security (20220426)","Tencent PC Manager (20220426)","Trend Micro Internet Security (20220426)","VIPRE Advanced Security (20220426)"]},{"isRevoked":"False","fileName":"C:\\Users\\User\\Desktop\\ShieldManager.exe","companyName":"ShieldManager","productName":"ShieldManager","productVersion":"1.0.0","fileVersion":"1.0.0.0","hashMD5":"99b972a717c6728c5c863c51d20590ba","hashSHA1":"49b1ec62ecf2b6a1f479aac754fcc04431a948bd","hashSHA256":"f70f8401dbb796702df488df4d1c9ffd7568a735a68e9b1605249ad4f3d811f3","digitalCertThumbprint":"B57AF0DF869100691424E08388F9BC2A1E3FE783","digitalCertIssuer":"SSL.com EV Code Signing Intermediate CA RSA R3","digitalCertIssuedTo":"BSD LIMITLESS LTD","storeId":"","sourceIndex":"1674","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Users\\User\\Desktop\\ShieldService.exe","companyName":"ShieldService","productName":"ShieldService","productVersion":"1.0.0","fileVersion":"1.0.0.0","hashMD5":"8331134761d0db7b3196280e8fb9c202","hashSHA1":"7fe7f4b5a17dc7aa9969483196dedee7e7512783","hashSHA256":"92997fa0573209c520e9eb35e221b82918d4f570f7489548aa48152a981fa705","digitalCertThumbprint":"B57AF0DF869100691424E08388F9BC2A1E3FE783","digitalCertIssuer":"SSL.com EV Code Signing Intermediate CA RSA R3","digitalCertIssuedTo":"BSD LIMITLESS LTD","storeId":"","sourceIndex":"1674","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\vpnshield\\vpn_shield.exe","companyName":".","productName":"vpnshield","productVersion":"1.0.0","fileVersion":"1.0.0.2","hashMD5":"c7d27c7a545e589ba02068ea0b034978","hashSHA1":"c13869eb7b4f25cc5634a55e242209f7adcb02f1","hashSHA256":"5158ec26ad6ce18c655ebfe3a3b3c67d561b687d915ce96af378930d8583ccaa","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1674","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Google search- VPN","reference":"","landingPage":"https://turbovpn.com/download/windows","directDownloadingLink":"https://turbovpn.com/download/windows","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://turbovpn.com/download/windows","sourceIndex":"1674"}],"sampleFiles":[],"imageFiles":["220328/turbovpn-220315/2.16.1.0/Images/ACR-043/ACR-043.JPG","220328/turbovpn-220315/2.16.1.0/Images/ACR-042/ACR-042.JPG","220328/turbovpn-220315/2.16.1.0/Images/ACR-084/ACR-084.JPG","220328/turbovpn-220315/2.16.1.0/Images/ACR-048/ACR-048.JPG","220328/turbovpn-220315/2.16.1.0/Images/ACR-007/ACR-007.JPG"],"nonDeceptorImageFiles":["220328/turbovpn-220315/2.16.1.0/Images/ACR-045/ACR-045.JPG","220328/turbovpn-220315/2.16.1.0/Images/ACR-123/ACR-123.JPG","220328/turbovpn-220315/2.16.1.0/Images/ACR-014/ACR-014.JPG"],"guid":"fd6c576f-8e1d-470a-9dc6-14d3207f10a7_2.16.1.0_1","appID":"turbovpn-220315","dateAdded":"240604","deceptorType":"App","name":"Turbo VPN","company":"INNOVATIVE CONNECTING PTE","version":"2.16.1.0","lastKnownStatus":"2.16.0.0;2.16.1.0;2.17.1.0;2.18.0.0;2.19.0.0;2.20.0.0;2.21.0.0;2.22.0.0;2.23.0.0;2.24.0;2.25.0;2.26.0.0","lastKnownDate":"240604","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2024-06-04T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":12,"sortOrder":655},{"violations":{"ACR-042":"The app installs a Trusted Root Certificate without obtaining the consumer's permission through explicit user action.\n","ACR-043":"The app does not provide information regarding the Trusted Root Certificate that is installed and the potential risk introduced to the user system after its installation.\n","ACR-048":"The app does not provide control to remove its notifications & process completely within the app's settings. \n","ACR-007":"The app does not obtain user consent to reduce the consumer's security posture caused by installing a trusted root certificate.\n\n","ACR-084":"On quitting the app, the application doesn't exit completely. The \"turbo_vpn-service.exe\" process runs in the background, hiding the fact that it is active from the consumer without any notification.\n"},"nonDeceptorViolations":{"ACR-045":"The app doesn't describe clearly what effect it causes on the user's system by installing a Trusted Root certificate.\n","ACR-014":"The app misleads by displaying status as \"Exposed'\" on the landing pages (https://turbovpn.com/home), even though another VPN (tunnel bear) is on and running.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\TurboVPN\\TurboVPNLauncher.exe","companyName":"Innovative Connecting","productName":"TurboVPNLauncher","productVersion":"1.0.0.1","fileVersion":"1.0.0.1","hashMD5":"2f4d32a1f28325d0a5202adf114bdc36","hashSHA1":"2b568df3687afb75f9276c7d77b7d23d7656f6b5","hashSHA256":"c10ee2793bb2b2870c645226870ca1e6f952c401573326453413ec02cffe7630","digitalCertThumbprint":"07C3E4BF1A3B117D2C462418A99ED28CD41C7808","digitalCertIssuer":"Symantec Class 3 Extended Validation Code Signing CA - G2","digitalCertIssuedTo":"INNOVATIVE CONNECTING PTE. LIMITED","storeId":"","sourceIndex":"1683","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"TurboVPN_setup.exe","isInstaller":"True","companyName":"Innovative Connecting","productName":"TurboVPN","productVersion":"2.16.0.0","fileVersion":"2.16.0.0","hashMD5":"dbe1635622439ea246dbb6c85617dd27","hashSHA1":"0039357bac2029e2a32a9811b59e59695a77fc0a","hashSHA256":"38c187db3dfd098575f61cf0006f51a3c515ab09c2d4f954b5e987f2cb4b822a","digitalCertThumbprint":"07C3E4BF1A3B117D2C462418A99ED28CD41C7808","digitalCertIssuer":"Symantec Class 3 Extended Validation Code Signing CA - G2","digitalCertIssuedTo":"INNOVATIVE CONNECTING PTE. LIMITED","storeId":"","sourceIndex":"1683","avBlockList":["Avast Premium Security (20240613)","AVG Internet Security (20240613)","Avira Internet Security (20240613)","ESET Internet Security (20240613)","G DATA INTERNET SECURITY (20240613)","K7 Total Security (20240613)","Malwarebytes Premium (20240613)","McAfee Total Protection (20240613)","Norton Security (20240613)","Panda Dome (20240613)","Quick Heal Internet Security (20240613)","Sophos Home Premium (20240613)","SpyHunter5 (20240613)","Total AV Antivirus Pro (20240613)","Trend Micro Internet Security (20240613)","VirIT eXplorer PRO (20240613)","Webroot SecureAnywhere (20240613)","Windows Defender (20240613)"],"avAllowList":["360 Total Security (20240613)","Bitdefender Internet Security (20240613)","COMODO Antivirus (20240613)","Dr.Web Security Space (20240613)","Kaspersky Internet Security (20240613)","Tencent PC Manager (20220329)","VIPRE Advanced Security (20240613)"]}],"additionalFiles":[],"sources":[{"howFound":"Google search- VPN","reference":"","landingPage":"https://turbovpn.com/download/windows","directDownloadingLink":"https://turbovpn.com/download/windows","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://turbovpn.com/download/windows","sourceIndex":"1683"}],"sampleFiles":["220316/turbovpn-220315/2.16.0.0/Samples/TurboVPN_setup.exe"],"imageFiles":["220316/turbovpn-220315/2.16.0.0/Images/ACR-043/ACR-043_Install_1.JPG","220316/turbovpn-220315/2.16.0.0/Images/ACR-042/ACR-042_Install_1.JPG","220316/turbovpn-220315/2.16.0.0/Images/ACR-084/ACR-084_Software_Process.JPG","220316/turbovpn-220315/2.16.0.0/Images/ACR-048/ACR-048_Software_No_Control.JPG","220316/turbovpn-220315/2.16.0.0/Images/ACR-048/ACR-048_Software_No_Control_1.JPG","220316/turbovpn-220315/2.16.0.0/Images/ACR-007/ACR-007_Software_1.JPG"],"nonDeceptorImageFiles":["220316/turbovpn-220315/2.16.0.0/Images/ACR-045/ACR-045_Install.JPG","220316/turbovpn-220315/2.16.0.0/Images/ACR-045/ACR-045_Install_1.JPG","220316/turbovpn-220315/2.16.0.0/Images/ACR-014/ACR-014_Landingpage_Misleading.JPG"],"guid":"fd6c576f-8e1d-470a-9dc6-14d3207f10a7_2.16.0.0_1","appID":"turbovpn-220315","dateAdded":"240604","deceptorType":"App","name":"Turbo VPN","company":"INNOVATIVE CONNECTING PTE","version":"2.16.0.0","sigName":"Deceptor:Win32/TurboVPN!043042084048007","lastKnownStatus":"2.16.0.0;2.16.1.0;2.17.1.0;2.18.0.0;2.19.0.0;2.20.0.0;2.21.0.0;2.22.0.0;2.23.0.0;2.24.0;2.25.0;2.26.0.0","lastKnownDate":"240604","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2024-06-04T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":12,"sortOrder":656},{"violations":{"ACR-046":"Collecting data via \"Participate in customer experience improvement plan\" is checked by default and not visible to the user by default. No relevant disclosure of what data it collects.\n","ACR-048":"The app does not provide any control to cancel the installation.\n","ACR-004":"1. The app exaggerates issues and raises urgency for the identified issues with the \"Red\" font, thereby misleading or scaring the consumer to take action.\n2. The application doesn't provide a free fix (recovery) instead offering a subscription that the user needs to pay to fix it.\n","ACR-097":"The app adds an exception for Windows firewall without disclosing relevant info and getting consent from the user.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components on the device without the consumer's consent or notifying the user.\n"},"nonDeceptorViolations":{"ACR-040":"The app drops some of its components in a hidden folder.\n","ACR-123":"Even after a reboot and uninstall, the application did not remove itself from the firewall exception that was added during installation.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\Tenorshare\\4DDiG DLL Fixer\\4DDiG DLL Fixer.exe","companyName":"Tenorshare","productName":"DllRepair_4DDIG","productVersion":"1.0.3.7","fileVersion":"1.0.3.7","hashMD5":"f9b943b266643088b8a0243fff195fbd","hashSHA1":"a4195ec3a375217b05e32cfbb5403c5e9622cec5","hashSHA256":"7e46b4e089dacc441da2a21261e4e097dd62816fcf68b5b5303b51b563bb8b41","digitalCertThumbprint":"2ECF0B0A0DE08C92DB144D11E6F3DC42DD0D0E13","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Tenorshare (Hongkong) Limited","storeId":"","sourceIndex":"633","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"4ddig-dll-fixer.exe","isInstaller":"True","companyName":"Tenorshare Co. Ltd.","productName":"20240520112218","productVersion":"2.7.11.0","fileVersion":"2.7.11.0","hashMD5":"2f3216c1302be5245a3fca0d43d93a28","hashSHA1":"6e010707edbf0170d32498dc84381a1ef3b1efa0","hashSHA256":"a5a7ce992f83d639f95181f2102743183100c08fd2c732afb1c3d4d9e090264b","digitalCertThumbprint":"2ECF0B0A0DE08C92DB144D11E6F3DC42DD0D0E13","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Tenorshare (Hongkong) Limited","storeId":"","sourceIndex":"633","avBlockList":["Avast Premium Security (20240822)","AVG Internet Security (20240822)","Avira Internet Security (20240822)","Bitdefender Internet Security (20240822)","Dr.Web Security Space (20240822)","ESET Internet Security (20240822)","FortectPremium (20240822)","G DATA INTERNET SECURITY (20240822)","K7 Total Security (20240822)","Malwarebytes Premium (20240822)","Norton Security (20240822)","Panda Dome (20240822)","Quick Heal Internet Security (20240822)","Sophos Home Premium (20240822)","SpyHunter5 (20240822)","Total AV Antivirus Pro (20240822)","VIPRE Advanced Security (20240822)","VirIT eXplorer PRO (20240822)","Webroot SecureAnywhere (20240822)","Windows Defender (20240822)"],"avAllowList":["360 Total Security (20240822)","COMODO Antivirus (20240822)","Kaspersky Internet Security (20240723)","McAfee Total Protection (20240822)","Trend Micro Internet Security (20240822)","KasperskyPremium (20240822)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt of 4ddig apps","reference":"","landingPage":"https://www.4ddig.net/dll-fixer.html","directDownloadingLink":"https://download.tenorshare.net/downloads/4ddig-dll-fixer_8122.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://download.tenorshare.net/downloads/4ddig-dll-fixer_8122.exe","sourceIndex":"633"}],"sampleFiles":["240604/4DDiGDLLFixer-240315/1.0.3.7/Samples/4ddig-dll-fixer.exe"],"imageFiles":["240604/4DDiGDLLFixer-240315/1.0.3.7/Images/ACR-046/ACR-046.PNG","240604/4DDiGDLLFixer-240315/1.0.3.7/Images/ACR-046/ACR-046_1.PNG","240604/4DDiGDLLFixer-240315/1.0.3.7/Images/ACR-048/ACR-048.PNG","240604/4DDiGDLLFixer-240315/1.0.3.7/Images/ACR-004/ACR-004.PNG","240604/4DDiGDLLFixer-240315/1.0.3.7/Images/ACR-004/ACR-004_1.PNG","240604/4DDiGDLLFixer-240315/1.0.3.7/Images/ACR-004/ACR-004_2.PNG","240604/4DDiGDLLFixer-240315/1.0.3.7/Images/ACR-097/ACR-097.PNG","240604/4DDiGDLLFixer-240315/1.0.3.7/Images/ACR-097/ACR-097_1.PNG","240604/4DDiGDLLFixer-240315/1.0.3.7/Images/ACR-118/ACR-118.PNG"],"nonDeceptorImageFiles":["240604/4DDiGDLLFixer-240315/1.0.3.7/Images/ACR-040/ACR-040.PNG","240604/4DDiGDLLFixer-240315/1.0.3.7/Images/ACR-123/ACR-123.PNG","240604/4DDiGDLLFixer-240315/1.0.3.7/Images/ACR-123/ACR-123_1.PNG"],"guid":"e95cf1ae-cea2-4fdf-a65e-9b3811efa912_1.0.3.7_1","appID":"4DDiGDLLFixer-240315","dateAdded":"240604","deceptorType":"App","name":"4DDiG DLL Fixer","company":"Tenorshare Co., Ltd.","version":"1.0.3.7","lastKnownStatus":"1.0.0.12;1.0.2.3;1.0.3.7","lastKnownDate":"240604","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10,Windows 11","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2024-06-04T19:02:01.2032134+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":3,"sortOrder":657},{"violations":{"ACR-046":"Collecting data via \"Participate in customer experience improvement plan\" is checked by default and not visible to the user by default. No relevant disclosure of what data it collects.\n","ACR-048":"The app does not provide any control to cancel the installation.\n","ACR-004":"1. The app exaggerates issues and raises urgency for the identified issues with the \"Red\" font, thereby misleading or scaring the consumer to take action.\n2. The application doesn't provide a free fix (recovery) instead offering a subscription that the user needs to pay to fix it.\n","ACR-097":"The app adds an exception for Windows firewall to lower default default system security posture without disclosing relevant info and get consent from user.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components on the device without the consumer's consent or notifying the user.\n"},"nonDeceptorViolations":{"ACR-040":"The app drops some of its components in a hidden folder.\n","ACR-123":"Even after a reboot and uninstall, the application did not remove itself from the firewall exception that was added during installation.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\Tenorshare\\4DDiG DLL Fixer\\4DDiG DLL Fixer.exe","companyName":"Tenorshare","productName":"DllRepair_4DDIG","productVersion":"1.0.2.3","fileVersion":"1.0.2.3","hashMD5":"14749cd389bc9a4d5fa5d712fe895be1","hashSHA1":"c28ffd4042c5bb63013e8d8b8111e191267a94ef","hashSHA256":"8d311e80249898706c0898e92c3b71dbaa0c7a4887c4d2a89440e0293b4d73ee","digitalCertThumbprint":"2ECF0B0A0DE08C92DB144D11E6F3DC42DD0D0E13","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Tenorshare (Hongkong) Limited","storeId":"","sourceIndex":"651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"4ddig-dll-fixer.exe","isInstaller":"True","companyName":"Tenorshare Co. Ltd.","productName":"20240112175350","productVersion":"2.7.11.0","fileVersion":"2.7.11.0","hashMD5":"70407233e32cda7de35aa5110938ec90","hashSHA1":"be6b24c27573132be7382cbad4f732a355caa2b4","hashSHA256":"50909be4da07c6e0d2592569510d82da02c8d58a5bce14599221913fd58d9a91","digitalCertThumbprint":"59FECDA87C479A14A82E3EF696F9E6A9002A3752","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Tenorshare Co. Ltd.","storeId":"","sourceIndex":"651","avBlockList":["Avast Premium Security (20240815)","AVG Internet Security (20240815)","Avira Internet Security (20240815)","Bitdefender Internet Security (20240815)","Dr.Web Security Space (20240815)","ESET Internet Security (20240815)","G DATA INTERNET SECURITY (20240815)","K7 Total Security (20240815)","Malwarebytes Premium (20240815)","Norton Security (20240815)","Panda Dome (20240815)","Sophos Home Premium (20240815)","SpyHunter5 (20240815)","Total AV Antivirus Pro (20240815)","VIPRE Advanced Security (20240815)","VirIT eXplorer PRO (20240815)","Webroot SecureAnywhere (20240815)","Windows Defender (20240815)","FortectPremium (20240815)"],"avAllowList":["360 Total Security (20240815)","COMODO Antivirus (20240815)","Kaspersky Internet Security (20240530)","McAfee Total Protection (20240815)","Quick Heal Internet Security (20240815)","Trend Micro Internet Security (20240815)","KasperskyPremium (20240815)"]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on windows app","reference":"","landingPage":"https://www.4ddig.net/dll-fixer.html","directDownloadingLink":"https://download.tenorshare.net/downloads/4ddig-dll-fixer_8122.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://download.tenorshare.net/downloads/4ddig-dll-fixer_8122.exe","sourceIndex":"651"}],"sampleFiles":["240429/4DDiGDLLFixer-240315/1.0.2.3/Samples/4ddig-dll-fixer.exe"],"imageFiles":["240429/4DDiGDLLFixer-240315/1.0.2.3/Images/ACR-046/ACR-046.PNG","240429/4DDiGDLLFixer-240315/1.0.2.3/Images/ACR-046/ACR-046_1.PNG","240429/4DDiGDLLFixer-240315/1.0.2.3/Images/ACR-048/ACR-048.PNG","240429/4DDiGDLLFixer-240315/1.0.2.3/Images/ACR-004/ACR-004.PNG","240429/4DDiGDLLFixer-240315/1.0.2.3/Images/ACR-004/ACR-004_1.PNG","240429/4DDiGDLLFixer-240315/1.0.2.3/Images/ACR-004/ACR-004_2.PNG","240429/4DDiGDLLFixer-240315/1.0.2.3/Images/ACR-097/ACR-097.PNG","240429/4DDiGDLLFixer-240315/1.0.2.3/Images/ACR-118/ACR-118.PNG"],"nonDeceptorImageFiles":["240429/4DDiGDLLFixer-240315/1.0.2.3/Images/ACR-040/ACR-040.PNG","240429/4DDiGDLLFixer-240315/1.0.2.3/Images/ACR-123/ACR-123.PNG"],"guid":"e95cf1ae-cea2-4fdf-a65e-9b3811efa912_1.0.2.3_1","appID":"4DDiGDLLFixer-240315","dateAdded":"240604","deceptorType":"App","name":"4DDiG DLL Fixer","company":"Tenorshare Co., Ltd.","version":"1.0.2.3","lastKnownStatus":"1.0.0.12;1.0.2.3;1.0.3.7","lastKnownDate":"240604","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10,Windows 11","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2024-06-04T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":3,"sortOrder":658},{"violations":{"ACR-042":"The app installs Trusted Root Certificates without obtaining the consumer's permission through explicit user action.\n","ACR-043":"The app does not provide information regarding the Trusted Root Certificates that are installed and the potential risk introduced to the user system after its installation.\n","ACR-048":"The app does not provide control to remove its process & notifications completely within the app's settings. \n","ACR-007":"The app does not obtain user consent to reduce the consumer's security posture caused by installing a trusted root certificates\n","ACR-084":"On quitting the app, the application doesn't exit completely. Process run in the background, hiding the fact that it is active from the consumer without any notification.\n","ACR-118":"The app does not remove the installed root certificates even after uninstalling.\n"},"nonDeceptorViolations":{"ACR-045":"The app doesn't describe clearly what effect it causes on the user's system by installing a Trusted Root certificates\n","ACR-123":"The app does not remove the installed root certificates even after uninstalling\n","ACR-014":"The app misleads by displaying the status as \"Exposed\" on the landing pages (https://turbovpn.com/download/windows), even though another VPN (ExpressVPN) is on and running.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\TurboVPN\\TurboVPN.exe","companyName":"inovative Connecting","productName":"TurboVPN","productVersion":"2.25.0.0","fileVersion":"2.25.0.0","hashMD5":"7f60818481d91137e498d420fa238c6d","hashSHA1":"3fa415ac3788a05e6951abebecb034882811fc4e","hashSHA256":"9f4a5f0ffdb8f675aeb9e233a675a9c9d671e3868657e2d08b140766ee9a9859","digitalCertThumbprint":"C0B0B6871F4782604BBD883A073592B24AECF707","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"INNOVATIVE CONNECTING PTE. LIMITED","storeId":"","sourceIndex":"653","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\TurboVPN\\turbo_vpn-service.exe","companyName":"Innovative Connecting","productName":"turbo_vpn-service","productVersion":"1.0.0.1","fileVersion":"1.0.0.1","hashMD5":"3e79008493e96c678fc401b2bcc6adaf","hashSHA1":"ea631176ffa788f920c31ae0c660a6e4918aec66","hashSHA256":"586ce02e1ceb31854b92159f2cae72e4e6974a119601c02dbb8413ecf37510f2","digitalCertThumbprint":"C0B0B6871F4782604BBD883A073592B24AECF707","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"INNOVATIVE CONNECTING PTE. LIMITED","storeId":"","sourceIndex":"653","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"TurboVPN_setup.exe","isInstaller":"True","companyName":"Innovative Connecting","productName":"TurboVPN","productVersion":"2.25.0.0","fileVersion":"2.25.0.0","hashMD5":"6b455956e8c87fd866e504345887c4fb","hashSHA1":"f5901eecd570a2923450685f8404fd7dc7495a21","hashSHA256":"7939ea7d99b58a9611faedb8a6551339e6659e9898e1836bc9f8818335d326c9","digitalCertThumbprint":"C0B0B6871F4782604BBD883A073592B24AECF707","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"INNOVATIVE CONNECTING PTE. LIMITED","storeId":"","sourceIndex":"653","avBlockList":["Avast Premium Security (20240604)","AVG Internet Security (20240604)","Avira Internet Security (20240604)","ESET Internet Security (20240604)","G DATA INTERNET SECURITY (20240604)","K7 Total Security (20240604)","Malwarebytes Premium (20240604)","Norton Security (20240604)","Panda Dome (20240604)","Quick Heal Internet Security (20240604)","Sophos Home Premium (20240604)","SpyHunter5 (20240604)","Total AV Antivirus Pro (20240604)","VirIT eXplorer PRO (20240604)","Webroot SecureAnywhere (20240604)"],"avAllowList":["360 Total Security (20240604)","Bitdefender Internet Security (20240604)","COMODO Antivirus (20240604)","Dr.Web Security Space (20240604)","Kaspersky Internet Security (20240604)","McAfee Total Protection (20240604)","Trend Micro Internet Security (20240604)","VIPRE Advanced Security (20240604)","Windows Defender (20240604)"]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on windows app","reference":"","landingPage":"https://turbovpn.com/download/windows","directDownloadingLink":"https://turbovpn.com/download/windows","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://turbovpn.com/download/windows","sourceIndex":"653"}],"sampleFiles":["240429/turbovpn-220315/2.25.0.0/Samples/TurboVPN_setup.exe"],"imageFiles":["240429/turbovpn-220315/2.25.0.0/Images/ACR-043/ACR-043.PNG","240429/turbovpn-220315/2.25.0.0/Images/ACR-042/ACR-042.PNG","240429/turbovpn-220315/2.25.0.0/Images/ACR-084/ACR-084.PNG","240429/turbovpn-220315/2.25.0.0/Images/ACR-048/ACR-048.PNG","240429/turbovpn-220315/2.25.0.0/Images/ACR-048/ACR-048_1.PNG","240429/turbovpn-220315/2.25.0.0/Images/ACR-007/ACR-007.PNG","240429/turbovpn-220315/2.25.0.0/Images/ACR-118/ACR-118.PNG"],"nonDeceptorImageFiles":["240429/turbovpn-220315/2.25.0.0/Images/ACR-045/ACR-045.PNG","240429/turbovpn-220315/2.25.0.0/Images/ACR-123/ACR-123.PNG","240429/turbovpn-220315/2.25.0.0/Images/ACR-014/ACR-014.PNG"],"guid":"fd6c576f-8e1d-470a-9dc6-14d3207f10a7_2.25.0.0_1","appID":"turbovpn-220315","dateAdded":"240604","deceptorType":"App","name":"Turbo VPN","company":"INNOVATIVE CONNECTING PTE","version":"2.25.0.0","lastKnownStatus":"2.16.0.0;2.16.1.0;2.17.1.0;2.18.0.0;2.19.0.0;2.20.0.0;2.21.0.0;2.22.0.0;2.23.0.0;2.24.0;2.25.0;2.26.0.0","lastKnownDate":"240604","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,in-app purchases","lastUpdate":"2024-06-04T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":12,"sortOrder":646},{"violations":{"ACR-042":"The app installs Trusted Root Certificates without obtaining the consumer's permission through explicit user action.\n","ACR-043":"The app does not provide information regarding the Trusted Root Certificates that are installed and the potential risk introduced to the user system after its installation.\n","ACR-048":"The app does not provide control to remove its process completely within the app settings\n","ACR-007":"The app does not obtain user consent to reduce the consumer's security posture caused by installing a trusted root certificates\n","ACR-084":"On quitting the app, the application doesn't exit completely. Process run in the background, hiding the fact that it is active from the consumer without any notification.\n","ACR-118":"The app does not remove the installed root certificates even after uninstalling.\n"},"nonDeceptorViolations":{"ACR-045":"The app doesn't describe clearly what effect it causes on the user's system by installing a Trusted Root certificates\n","ACR-123":"The app does not remove the installed root certificates even after uninstalling\n","ACR-014":"The app misleads by displaying the status as \"Exposed\" on the landing pages (https://turbovpn.com/download/windows), even though another VPN (ExpressVPN) is on and running.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\TurboVPN\\TurboVPN.exe","companyName":"inovative Connecting","productName":"TurboVPN","productVersion":"2.26.0.0","fileVersion":"2.26.0.0","hashMD5":"781ae32e7d42865284b8a21e83e7fedd","hashSHA1":"7b51184832c98699cbf28af1979eadefbd706ea3","hashSHA256":"cb8f3977c6137d48557e530fd05887c23ab68e7a1aedec02166dae5fa8e00f45","digitalCertThumbprint":"C0B0B6871F4782604BBD883A073592B24AECF707","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"INNOVATIVE CONNECTING PTE. LIMITED","storeId":"","sourceIndex":"634","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\TurboVPN\\turbo_vpn-service.exe","companyName":"Innovative Connecting","productName":"turbo_vpn-service","productVersion":"1.0.0.1","fileVersion":"1.0.0.1","hashMD5":"cba8718cf01a7d489d00695bed5011f6","hashSHA1":"63a7be85a2d82b29bfeb9ef3b1ca200074a21646","hashSHA256":"f60c1a3ad6152061a8c2921d5a5cd925ca64f88892dcc632571ccd753f1dea61","digitalCertThumbprint":"C0B0B6871F4782604BBD883A073592B24AECF707","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"INNOVATIVE CONNECTING PTE. LIMITED","storeId":"","sourceIndex":"634","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"TurboVPN_setup.exe","isInstaller":"True","companyName":"Innovative Connecting","productName":"TurboVPN","productVersion":"2.26.0.0","fileVersion":"2.26.0.0","hashMD5":"df96bc092b1ab5a0408d6e9f1a73b040","hashSHA1":"213aca467554c527f844c7cb733ab6cd2e1cdc62","hashSHA256":"82d36ec0f74ba240259122268de8ecb4374d82af78406dfa4bd99318a17599f1","digitalCertThumbprint":"C0B0B6871F4782604BBD883A073592B24AECF707","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"INNOVATIVE CONNECTING PTE. LIMITED","storeId":"","sourceIndex":"634","avBlockList":["Avast Premium Security (20240822)","AVG Internet Security (20240822)","Avira Internet Security (20240822)","ESET Internet Security (20240822)","FortectPremium (20240822)","G DATA INTERNET SECURITY (20240822)","Malwarebytes Premium (20240822)","Norton Security (20240822)","Panda Dome (20240822)","Quick Heal Internet Security (20240822)","Sophos Home Premium (20240822)","SpyHunter5 (20240822)","Total AV Antivirus Pro (20240822)","VirIT eXplorer PRO (20240822)","Webroot SecureAnywhere (20240822)"],"avAllowList":["360 Total Security (20240822)","Bitdefender Internet Security (20240822)","COMODO Antivirus (20240822)","Dr.Web Security Space (20240822)","K7 Total Security (20240822)","KasperskyPremium (20240822)","McAfee Total Protection (20240822)","Trend Micro Internet Security (20240822)","VIPRE Advanced Security (20240822)","Windows Defender (20240822)"]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on VPN apps","reference":"","landingPage":"https://turbovpn.com/download/windows","directDownloadingLink":"https://turbovpn.com/download/windows","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://turbovpn.com/download/windows","sourceIndex":"634"}],"sampleFiles":["240604/turbovpn-220315/2.26.0.0/Samples/TurboVPN_setup.exe"],"imageFiles":["240604/turbovpn-220315/2.26.0.0/Images/ACR-043/ACR-043.PNG","240604/turbovpn-220315/2.26.0.0/Images/ACR-042/ACR-042.PNG","240604/turbovpn-220315/2.26.0.0/Images/ACR-084/ACR-084.PNG","240604/turbovpn-220315/2.26.0.0/Images/ACR-048/ACR-048.PNG","240604/turbovpn-220315/2.26.0.0/Images/ACR-048/ACR-048_1.PNG","240604/turbovpn-220315/2.26.0.0/Images/ACR-007/ACR-007.PNG","240604/turbovpn-220315/2.26.0.0/Images/ACR-118/ACR-118.PNG"],"nonDeceptorImageFiles":["240604/turbovpn-220315/2.26.0.0/Images/ACR-045/ACR-045.PNG","240604/turbovpn-220315/2.26.0.0/Images/ACR-123/ACR-123.PNG","240604/turbovpn-220315/2.26.0.0/Images/ACR-014/ACR-014.PNG"],"guid":"fd6c576f-8e1d-470a-9dc6-14d3207f10a7_2.26.0.0_1","appID":"turbovpn-220315","dateAdded":"240604","deceptorType":"App","name":"Turbo VPN","company":"INNOVATIVE CONNECTING PTE","version":"2.26.0.0","lastKnownStatus":"2.16.0.0;2.16.1.0;2.17.1.0;2.18.0.0;2.19.0.0;2.20.0.0;2.21.0.0;2.22.0.0;2.23.0.0;2.24.0;2.25.0;2.26.0.0","lastKnownDate":"240604","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,in-app purchases","lastUpdate":"2024-06-04T18:42:07.2183488+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":12,"sortOrder":645},{"violations":{"ACR-046":"\"Agree to participate in the Customer Experience Improvement Program\" is checked by default and hidden under custom installation, which requires the user to expend it to see the details.\n","ACR-004":"Application doesn't provide free fix for all items reported, only allow to recover up to 1GB of data. Instead it requires a paid license to completely recover files shown.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"pdr-free-online.exe","isInstaller":"True","companyName":"MiniTool Software Limited","fileVersion":"11.9","hashMD5":"0bcb66efb733670805f654d8a337d7cf","hashSHA1":"a6d09d8249b30cd94e9c95f387681eb03ade47ac","hashSHA256":"940cbe93151ceb3803b20761b6d2c585d5fc8b7ab5d3a653650baf869216f9be","digitalCertThumbprint":"66D0676C92147E6EE17CE0DD252AD52C796512EB","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=MiniTool Software Limited, O=MiniTool Software Limited, L=Tsim Sha Tsui, C=HK","sourceIndex":"637","avBlockList":["Avast Premium Security (20240801)","AVG Internet Security (20240801)","Avira Internet Security (20240801)","ESET Internet Security (20240801)","K7 Total Security (20240801)","Malwarebytes Premium (20240801)","Norton Security (20240801)","Panda Dome (20240801)","Sophos Home Premium (20240801)","SpyHunter5 (20240801)","Total AV Antivirus Pro (20240801)","VirIT eXplorer PRO (20240801)","Webroot SecureAnywhere (20240801)","Windows Defender (20240801)","FortectPremium (20240801)"],"avAllowList":["360 Total Security (20240801)","Bitdefender Internet Security (20240801)","COMODO Antivirus (20240801)","Dr.Web Security Space (20240801)","G DATA INTERNET SECURITY (20240801)","Kaspersky Internet Security (20240702)","McAfee Total Protection (20240801)","Quick Heal Internet Security (20240801)","Trend Micro Internet Security (20240801)","VIPRE Advanced Security (20240801)"]},{"isRevoked":"False","fileName":"powerdatarecovery.exe","companyName":"MiniTool Software Limited","fileVersion":"11.9","hashMD5":"a09562105fd90d57427be05fe767820f","hashSHA1":"a0683176e6b2249271955b1df9bf0d9977ccbfe9","hashSHA256":"3effffbec99b89998fd3c904026bbaf639a3a85f83a5ce0738d218df2783c8b8","digitalCertThumbprint":"66D0676C92147E6EE17CE0DD252AD52C796512EB","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=MiniTool Software Limited, O=MiniTool Software Limited, L=Tsim Sha Tsui, C=HK","sourceIndex":"637","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"random search for recovery apps","reference":"","landingPage":"https://www.minitool.com/data-recovery-software/?utm_source=minitool.com&utm_medium=redirection&utm_campaign=home-banner","directDownloadingLink":"https://cdn2.minitool.com/?p=pdr&e=pdr-free","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://cdn2.minitool.com/?p=pdr&e=pdr-free","sourceIndex":"637"},{"howFound":"follow-up search for new version","reference":"","landingPage":"https://www.minitool.com/data-recovery-software/free-for-windows.html","directDownloadingLink":"https://cdn2.minitool.com/?p=pdr&e=pdr-free","ipv4":"","ipv6":"","sourceIndex":"638"}],"sampleFiles":["240522/MiniToolPowerDataRecovery-240328/11.9.0.0/Samples/pdr-free-online.exe","240522/MiniToolPowerDataRecovery-240328/11.9.0.0/Samples/PowerDataRecovery.exe"],"imageFiles":["240522/MiniToolPowerDataRecovery-240328/11.9.0.0/Images/ACR-046/ACR46.png","240522/MiniToolPowerDataRecovery-240328/11.9.0.0/Images/ACR-004/ACR4.png","240522/MiniToolPowerDataRecovery-240328/11.9.0.0/Images/ACR-004/ACR4_2.png"],"nonDeceptorImageFiles":[],"guid":"e52198d7-1241-4253-9129-5a01fd6d3341_11.9.0.0_1","appID":"MiniToolPowerDataRecovery-240328","dateAdded":"240522","deceptorType":"App","name":"MiniTool Power Data Recovery","company":"MiniTool Software Limited","version":"11.9.0.0","firstVendorContactDate":"240329","lastKnownStatus":"11.8.0.0;11.9.0.0","lastKnownDate":"240522","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10,Windows 11","targetBrowser":"None","targetCustomer":"consumer","monetization":"up-sell to paid,paid","lastUpdate":"2024-05-22T21:12:21.4525738+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":660},{"violations":{"ACR-046":"\"Agree to participate in the Customer Experience Improvement Program\" is checked by default and hidden under custom installation, which requires the user to expend it to see the details.\n","ACR-004":"Application doesn't provide free fix for all items reported, only allow to recover up to 1GB of data. Instead it offers subscription payment to completely recover files scanned.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"pdr-free-online.exe","isInstaller":"True","companyName":"MiniTool Software Limited","fileVersion":"11.8","hashMD5":"df191b37555f4389eb47268fe34fc59f","hashSHA1":"195b69cba70ab39c25dc172430a36c172f6218b8","hashSHA256":"feaa37241fff48ea74c3f431a64d8b9913df7dca177d42dc1c87278484c51d56","digitalCertThumbprint":"21A6610A7729E2569C20DBF8C27C27E709E4680E","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=MiniTool Software Limited, O=MiniTool Software Limited, STREET=\"Suite 820, 8 Floor, Ocean Centre\", STREET=\"Harbour City, 5 Canton Road, Tsim Sha Tsui\", STREET=Kowloon, L=Hong Kong, C=HK","sourceIndex":"669","avBlockList":["Avast Premium Security (20240613)","AVG Internet Security (20240613)","Avira Internet Security (20240613)","ESET Internet Security (20240613)","G DATA INTERNET SECURITY (20240613)","K7 Total Security (20240613)","Malwarebytes Premium (20240613)","Norton Security (20240613)","Panda Dome (20240613)","Sophos Home Premium (20240613)","SpyHunter5 (20240613)","Total AV Antivirus Pro (20240613)","VirIT eXplorer PRO (20240613)","Webroot SecureAnywhere (20240613)"],"avAllowList":["360 Total Security (20240613)","Bitdefender Internet Security (20240613)","COMODO Antivirus (20240613)","Dr.Web Security Space (20240613)","Kaspersky Internet Security (20240613)","McAfee Total Protection (20240613)","Quick Heal Internet Security (20240613)","Trend Micro Internet Security (20240613)","VIPRE Advanced Security (20240613)","Windows Defender (20240613)"]},{"isRevoked":"False","fileName":"powerdatarecovery.exe","companyName":"MiniTool Software Limited","fileVersion":"11.8","hashMD5":"1ccb532dbc66f845ba02453f37448123","hashSHA1":"cbbb7292246631a524053277948275cba49c96e8","hashSHA256":"223103d81b02216d1e1d547b1b11d4733e7040d10fbea204d513d3833f40c895","digitalCertThumbprint":"21A6610A7729E2569C20DBF8C27C27E709E4680E","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=MiniTool Software Limited, O=MiniTool Software Limited, STREET=\"Suite 820, 8 Floor, Ocean Centre\", STREET=\"Harbour City, 5 Canton Road, Tsim Sha Tsui\", STREET=Kowloon, L=Hong Kong, C=HK","sourceIndex":"669","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"random search for recovery apps","reference":"","landingPage":"https://www.minitool.com/data-recovery-software/?utm_source=minitool.com&utm_medium=redirection&utm_campaign=home-banner","directDownloadingLink":"https://cdn2.minitool.com/?p=pdr&e=pdr-free","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://cdn2.minitool.com/?p=pdr&e=pdr-free","sourceIndex":"669"}],"sampleFiles":["240329/MiniToolPowerDataRecovery-240328/11.8.0.0/Samples/pdr-free-online.exe","240329/MiniToolPowerDataRecovery-240328/11.8.0.0/Samples/PowerDataRecovery.exe"],"imageFiles":["240329/MiniToolPowerDataRecovery-240328/11.8.0.0/Images/ACR-046/ACR-046_Install_1.png","240329/MiniToolPowerDataRecovery-240328/11.8.0.0/Images/ACR-004/ACR-004_Software_1.png","240329/MiniToolPowerDataRecovery-240328/11.8.0.0/Images/ACR-004/ACR-004_Software_2.png"],"nonDeceptorImageFiles":[],"guid":"e52198d7-1241-4253-9129-5a01fd6d3341_11.8.0.0_1","appID":"MiniToolPowerDataRecovery-240328","dateAdded":"240522","deceptorType":"App","name":"MiniTool Power Data Recovery","company":"MiniTool Software Limited","version":"11.8.0.0","firstVendorContactDate":"240329","lastKnownStatus":"11.8.0.0;11.9.0.0","lastKnownDate":"240522","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10,Windows 11","targetBrowser":"None","targetCustomer":"consumer","monetization":"up-sell to paid,paid","lastUpdate":"2024-05-22T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":661},{"violations":{"ACR-048":"The app does not provide any control to cancel the installation.\n","ACR-004":"Application doesn't provide free fix (recovery) for all the items identified by the scan, instead requiring the user to pay for a subscription to complete the recovery.\n"},"nonDeceptorViolations":{"ACR-123":"Even after a reboot and uninstall, the application did not remove itself from the firewall exception that was added during installation.\n"},"samples":[{"isRevoked":"False","fileName":"drw_free_installer.153.exe","isInstaller":"True","fileVersion":"18.0","hashMD5":"6e3bc255dc7b79e452c66610c741eb95","hashSHA1":"972d9adbec19dd1277b4329fa13641847ca18c87","hashSHA256":"bdb74a31956e7c2ce7a3c6344ac7265d84b735c1038a390168f01d6d9fa43b3a","digitalCertThumbprint":"E044E920D56ECE15D7A21DD058651A3F2166CFD6","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=\"CHENGDU YIWO Tech Development Co., Ltd.\", O=\"CHENGDU YIWO Tech Development Co., Ltd.\", L=成都市, S=四川省, C=CN, SERIALNUMBER=91510107765360104N, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.1=武侯区, OID.1.3.6.1.4.1.311.60.2.1.2=四川省, OID.1.3.6.1.4.1.311.60.2.1.3=CN","sourceIndex":"590","avBlockList":["360 Total Security (20240613)","Avast Premium Security (20240613)","AVG Internet Security (20240613)","Avira Internet Security (20240613)","Bitdefender Internet Security (20240613)","COMODO Antivirus (20240613)","ESET Internet Security (20240613)","G DATA INTERNET SECURITY (20240613)","K7 Total Security (20240613)","Malwarebytes Premium (20240613)","McAfee Total Protection (20240613)","Norton Security (20240613)","Panda Dome (20240613)","Quick Heal Internet Security (20240613)","Sophos Home Premium (20240613)","SpyHunter5 (20240613)","Total AV Antivirus Pro (20240613)","Trend Micro Internet Security (20240613)","VirIT eXplorer PRO (20240613)","Webroot SecureAnywhere (20240613)","Windows Defender (20240613)"],"avAllowList":["Dr.Web Security Space (20240613)","Kaspersky Internet Security (20240613)","VIPRE Advanced Security (20240613)"]},{"isRevoked":"False","fileName":"DRW.exe","companyName":"CHENGDU YIWO Tech Development Co., Ltd","fileVersion":"18.0","hashMD5":"5b767d70b7a16801ee1045a7858f8f13","hashSHA1":"2d03632788ec7865b66fbbed970f2ae7c85cebe5","hashSHA256":"548299e700d58d443a76d31118333e263afd74e851778d52255b2e667540caa5","digitalCertThumbprint":"E044E920D56ECE15D7A21DD058651A3F2166CFD6","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=\"CHENGDU YIWO Tech Development Co., Ltd.\", O=\"CHENGDU YIWO Tech Development Co., Ltd.\", L=成都市, S=四川省, C=CN, SERIALNUMBER=91510107765360104N, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.1=武侯区, OID.1.3.6.1.4.1.311.60.2.1.2=四川省, OID.1.3.6.1.4.1.311.60.2.1.3=CN","sourceIndex":"590","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Customer report","reference":"Data recovery","landingPage":"https://www.easeus.com/datarecoverywizard/free-data-recovery-software.htm","directDownloadingLink":"https://down.easeus.com/product/drw_free?ref=%2Fdatarecoverywizard%2Ffree-data-recovery-software.htm","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://down.easeus.com/product/drw_free?ref=%2Fdatarecoverywizard%2Ffree-data-recovery-software.htm","sourceIndex":"590"}],"sampleFiles":["240522/EaseUSDataRecovery-240228/18.0.0.0/Samples/drw_free_installer.17163965532645b153.exe","240522/EaseUSDataRecovery-240228/18.0.0.0/Samples/DRW.exe"],"imageFiles":["240522/EaseUSDataRecovery-240228/18.0.0.0/Images/ACR-048/ACR48.png","240522/EaseUSDataRecovery-240228/18.0.0.0/Images/ACR-004/ACR4.png","240522/EaseUSDataRecovery-240228/18.0.0.0/Images/ACR-004/ACR4_2.png","240522/EaseUSDataRecovery-240228/18.0.0.0/Images/ACR-004/ACR4_3.png"],"nonDeceptorImageFiles":["240522/EaseUSDataRecovery-240228/18.0.0.0/Images/ACR-123/ACR123.png"],"guid":"bdb1f2da-698b-4798-b34a-3c7ed0b1d24b_18.0.0.0_1","appID":"EaseUSDataRecovery-240228","dateAdded":"240522","deceptorType":"App","name":"EaseUS Data Recovery","company":"EaseUS","version":"18.0.0.0","firstVendorContactDate":"240424","firstAppEsteemReplyDate":"240424","firstResolvedDate":"240722","firstResolvedVersion":"18.0.0(build 20240508)","resolved":"TRUE","lastKnownStatus":"17.0.0.0;18.0.0.0","lastKnownDate":"240722","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 7,Windows 8,Windows 10,Windows 11","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,paid","lastUpdate":"2024-07-22T20:11:07.7310224+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":662},{"violations":{"ACR-048":"The app does not provide any control to cancel the installation.\n","ACR-004":"Application doesn't provide free fix (recovery) for all the items reported can be recovered  instead offering subscription that user need to pay to fix it. \n"},"nonDeceptorViolations":{"ACR-065":"The EULA in the installation prompt throws a 403 error.\n","ACR-123":"Even after a reboot and uninstall, the application did not remove itself from the firewall exception that was added during installation.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files\\EaseUS\\EaseUS Data Recovery Wizard\\DRW.exe","companyName":"CHENGDU YIWO Tech Development Co. Ltd","productName":"EaseUS Data Recovery Wizard","productVersion":"17.0.0.0","fileVersion":"17.0.0.0","hashMD5":"3a7e4768cdb1d9c03cae07412c70a36e","hashSHA1":"d053e46d0c73a418c466e8d9d5570dc1594b33c0","hashSHA256":"e040bed95246037ede1f71d13292b28e8e54e6aeadd38885a342c14ddd9970f7","digitalCertThumbprint":"E044E920D56ECE15D7A21DD058651A3F2166CFD6","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"CHENGDU YIWO Tech Development Co. Ltd.","storeId":"","sourceIndex":"654","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Program Files\\EaseUS\\EaseUS Data Recovery Wizard\\DRWUI.exe","companyName":"CHENGDU YIWO Tech Development Co. Ltd","productName":"EaseUS Data Recovery Wizard","productVersion":"17.0.0.0","fileVersion":"17.0.0.0","hashMD5":"3050b5e9a9016b66217ca2fa75a9385f","hashSHA1":"0d2ae0eb16f67e60a0fe54d1c6667b50b684e04b","hashSHA256":"c775ad51db4ca1db729fa9796e4d56dce7d87b3912f65cef694c37a4fd78dd69","digitalCertThumbprint":"E044E920D56ECE15D7A21DD058651A3F2166CFD6","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"CHENGDU YIWO Tech Development Co. Ltd.","storeId":"","sourceIndex":"654","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"drw_google_trial_installer.17091445141982b581648a9283860.exe","isInstaller":"True","companyName":"","productName":"","productVersion":"","fileVersion":"","hashMD5":"789e380fb028eae5575b11abf440d4cd","hashSHA1":"b37e989e4f185d8606b6f66494f816a4278c5bee","hashSHA256":"8f6a60dbc178b95d6099fe381fa21e0f22f1ea4bb5ef77b2253848a2a191a44d","digitalCertThumbprint":"E044E920D56ECE15D7A21DD058651A3F2166CFD6","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"CHENGDU YIWO Tech Development Co. Ltd.","storeId":"","sourceIndex":"654","avBlockList":["Avast Premium Security (20240625)","AVG Internet Security (20240625)","COMODO Antivirus (20240625)","ESET Internet Security (20240625)","K7 Total Security (20240625)","McAfee Total Protection (20240625)","Norton Security (20240625)","Panda Dome (20240625)","Quick Heal Internet Security (20240625)","Sophos Home Premium (20240625)","SpyHunter5 (20240625)","Total AV Antivirus Pro (20240625)","VirIT eXplorer PRO (20240625)"],"avAllowList":["360 Total Security (20240625)","Avira Internet Security (20240625)","Bitdefender Internet Security (20240625)","Dr.Web Security Space (20240625)","G DATA INTERNET SECURITY (20240625)","Kaspersky Internet Security (20240625)","Malwarebytes Premium (20240625)","Trend Micro Internet Security (20240625)","VIPRE Advanced Security (20240625)","Webroot SecureAnywhere (20240625)","Windows Defender (20240625)"]}],"additionalFiles":[],"sources":[{"howFound":"Customer report","reference":"Data recovery","landingPage":"https://www.easeus.com/datarecoverywizard/free-data-recovery-software.htm","directDownloadingLink":"https://down.easeus.com/product/drw_free?ref=%2Fdatarecoverywizard%2Ffree-data-recovery-software.htm","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://down.easeus.com/product/drw_free?ref=%2Fdatarecoverywizard%2Ffree-data-recovery-software.htm","sourceIndex":"654"}],"sampleFiles":["240301/EaseUSDataRecovery-240228/17.0.0.0/Samples/drw_google_trial_installer.17091445141982b581648a9283860.exe"],"imageFiles":["240301/EaseUSDataRecovery-240228/17.0.0.0/Images/ACR-048/ACR-048.PNG","240301/EaseUSDataRecovery-240228/17.0.0.0/Images/ACR-004/ACR-004.PNG","240301/EaseUSDataRecovery-240228/17.0.0.0/Images/ACR-004/ACR-004_1.PNG","240301/EaseUSDataRecovery-240228/17.0.0.0/Images/ACR-004/ACR-004_Software_1.png","240301/EaseUSDataRecovery-240228/17.0.0.0/Images/ACR-004/ACR-004_Software_2.png"],"nonDeceptorImageFiles":["240301/EaseUSDataRecovery-240228/17.0.0.0/Images/ACR-065/1- installre.PNG","240301/EaseUSDataRecovery-240228/17.0.0.0/Images/ACR-065/ACR-065_Install_1.png","240301/EaseUSDataRecovery-240228/17.0.0.0/Images/ACR-123/ACR-123.PNG"],"guid":"bdb1f2da-698b-4798-b34a-3c7ed0b1d24b_17.0.0.0_1","appID":"EaseUSDataRecovery-240228","dateAdded":"240522","deceptorType":"App","name":"EaseUS Data Recovery","company":"EaseUS","version":"17.0.0.0","firstVendorContactDate":"240424","firstAppEsteemReplyDate":"240424","firstResolvedDate":"240722","firstResolvedVersion":"18.0.0(build 20240508)","resolved":"TRUE","lastKnownStatus":"17.0.0.0;18.0.0.0","lastKnownDate":"240722","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10,Windows 11","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2024-07-22T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":663},{"violations":{"ACR-046":"\"Make Opera the default browser\" and collection of usage information are prechecked and not visible by default and can be viewed only once Options is clicked.\n","ACR-048":"The app does not provide any control to cancel the installation.\n","ACR-014":"The \"Accept and Install\" button is misleading because it makes users think that clicking it only installs Opera Browser, not changes user's default browser settings.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"OperaSetup.exe","isInstaller":"True","companyName":"Opera Software","fileVersion":"109.0","hashMD5":"b9398c871197a7da75e9e8058193e1c0","hashSHA1":"e4ddc7afdb1d8e2fcdc42ca593ce9cd7f3675393","hashSHA256":"f368f068e386213ac7f9510034a3afa21df8fc7102d8ffc295f2ee390f3b0cd6","digitalCertThumbprint":"DF5FD715A2B5AC4E29249B51B3A331F1E44214C3","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Opera Norway AS, O=Opera Norway AS, L=Oslo, S=Oslo, C=NO, SERIALNUMBER=916 368 127, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=NO","sourceIndex":"217","avBlockList":["K7 Total Security (20240530)","Norton Security (20240530)","Sophos Home Premium (20240530)","SpyHunter5 (20240530)","Webroot SecureAnywhere (20240530)"],"avAllowList":["360 Total Security (20240530)","Avast Premium Security (20240530)","AVG Internet Security (20240530)","Avira Internet Security (20240530)","Bitdefender Internet Security (20240530)","COMODO Antivirus (20240530)","Dr.Web Security Space (20240530)","ESET Internet Security (20240530)","G DATA INTERNET SECURITY (20240530)","Kaspersky Internet Security (20240530)","Malwarebytes Premium (20240530)","McAfee Total Protection (20240530)","Panda Dome (20240530)","Quick Heal Internet Security (20240530)","Total AV Antivirus Pro (20240530)","Trend Micro Internet Security (20240530)","VIPRE Advanced Security (20240530)","VirIT eXplorer PRO (20240530)","Windows Defender (20240530)"]}],"additionalFiles":[],"sources":[{"howFound":"AVTest results","reference":"","landingPage":"https://www.opera.com","directDownloadingLink":"https://www.opera.com/computer/thanks?ni=stable&os=windows","ipv4":"","ipv6":"","landingPageWildChar":"","directDownloadingLinkWildChar":"https://www.opera.com/computer/thanks?ni=stable&os=windows","sourceIndex":"217"},{"howFound":"","reference":"","landingPage":"","directDownloadingLink":"https://net.geo.opera.com/opera/stable/windows?utm_source=%28direct%29&utm_medium=doc&utm_campaign=%28direct%29&http_referrer=missing&utm_site=opera_com&dl_token=36279068","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://net.geo.opera.com/opera/stable/windows?utm_source=%28direct%29&utm_medium=doc&utm_campaign=%28direct%29&http_referrer=missing&utm_site=opera_com&dl_token=36279068","sourceIndex":"218"},{"howFound":"","reference":"","landingPage":"","directDownloadingLink":"https://www.opera.com/partner?utm_medium=pb&utm_source=softonic&utm_campaign=search","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.opera.com/partner?utm_medium=pb&utm_source=softonic&utm_campaign=search","sourceIndex":"219"}],"sampleFiles":["240516/operabrowser-220312/110.0.5130.23/Samples/OperaSetup.exe"],"imageFiles":["240516/operabrowser-220312/110.0.5130.23/Images/ACR-046/ACR-046_Install_1.png","240516/operabrowser-220312/110.0.5130.23/Images/ACR-048/ACR-048_Install_1.png","240516/operabrowser-220312/110.0.5130.23/Images/ACR-014/ACR-014_Install_1.png","240516/operabrowser-220312/110.0.5130.23/Images/ACR-014/ACR-014_Install_2.png"],"nonDeceptorImageFiles":[],"guid":"6f184b05-be22-465a-aa3a-35ffe84afffb_110.0.5130.23_1","appID":"operabrowser-220312","dateAdded":"240516","deceptorType":"App","name":"Opera Browser","company":"Opera Software","version":"110.0.5130.23","firstVendorContactDate":"250424","firstAppEsteemReplyDate":"250424","firstResolvedDate":"250424","firstResolvedVersion":"118.0.5461.60","resolved":"TRUE","lastKnownStatus":"110.0.5130.23","lastKnownDate":"240516","type":"Windows Executable","category":"SysTools & Utilities, Personalization & Search","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,search","lastUpdate":"2025-04-25T01:33:24.032378+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":664},{"violations":{"ACR-047":"The BrightVPN  offer is prompted every time the user start to relaunch the app that has been previously declined. \n","ACR-048":"The app does not provide control to cancel the installation process.\n","ACR-013":"During launching the application, the user is interrupted by non-consented offers to silently install unrelated software. \n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software.\n","ACR-059":" The Offer is not clearly marked as an Optional Offer.\n"},"nonDeceptorViolations":{"ACR-040":"The app drops all its components in a hidden path(C:\\Users\\User\\AppData\\Local\\) without the user's knowledge. \n"},"samples":[{"isRevoked":"False","fileName":"ViberSetup.exe","isInstaller":"True","companyName":"2010-2024 Viber Media S.a.r.l","productName":"Viber","productVersion":"22.6.1.0","fileVersion":"22.6.1.0","hashMD5":"ddaee89210068bcce82032a8a01c410b","hashSHA1":"91c146190cf2a357e872d2050deb13951358c8ab","hashSHA256":"0659a4d52863d9bad8542d2c349d21c8ed7c4aa110eb8ecc3a92b30a397875b1","digitalCertThumbprint":"903A30BDB94A424F30D95B5F614CA6FB4790B70B","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Viber Media S.a r.l.","storeId":"","sourceIndex":"615","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on windows app","reference":"","landingPage":"https://www.viber.com/en/","directDownloadingLink":"https://download.cdn.viber.com/desktop/windows/ViberSetup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://download.cdn.viber.com/desktop/windows/ViberSetup.exe","sourceIndex":"615"}],"sampleFiles":["240515/Viber-220602/22.6.1.0/Samples/ViberSetup.exe"],"imageFiles":["240515/Viber-220602/22.6.1.0/Images/ACR-048/ACR-048.PNG","240515/Viber-220602/22.6.1.0/Images/ACR-059/ACR-059.PNG","240515/Viber-220602/22.6.1.0/Images/ACR-060/ACR-060.PNG","240515/Viber-220602/22.6.1.0/Images/ACR-047/ACR-047.PNG","240515/Viber-220602/22.6.1.0/Images/ACR-013/ACR-013.PNG"],"nonDeceptorImageFiles":["240515/Viber-220602/22.6.1.0/Images/ACR-040/ACR-040.PNG"],"guid":"3236f7f7-3ddc-4281-94e0-57c5cafdb49a_22.6.1.0_1","appID":"Viber-220602","dateAdded":"240515","deceptorType":"App","name":"Viber","company":"Viber Media S.à r.l.","version":"22.6.1.0","firstVendorContactDate":"240528","firstAppEsteemReplyDate":"240528","firstResolvedDate":"240702","firstResolvedVersion":"23.0.0.0","resolved":"TRUE","lastKnownStatus":"20.2.0.2;21.0.0.0;22.3.0.0;22.5.0.1;22.6.1.0","lastKnownDate":"240515","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","lastUpdate":"2024-07-02T07:14:54.6408876+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":5,"sortOrder":665},{"violations":{"ACR-047":"The BrightVPN  offer is prompted every time the user start to relaunch the app that has been previously declined. \n","ACR-048":"The app does not provide control to cancel the installation process.\n","ACR-013":"During launching the application, the user is interrupted by non-consented offers to silently install unrelated software. \n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software.\n","ACR-059":" The Offer is not clearly marked as an Optional Offer.\n"},"nonDeceptorViolations":{"ACR-040":"The app drops all its components in a hidden path(C:\\Users\\User\\AppData\\Local\\) without the user's knowledge. \n"},"samples":[{"isRevoked":"False","fileName":"Viber.exe","isInstaller":"True","companyName":"Viber Media S.à r.l.","fileVersion":"22.5","hashMD5":"8dff8efb854d88fad5a741843ef4ade0","hashSHA1":"79b6c740bef2ccffb17e88d67e93e33671f9fec3","hashSHA256":"9ebae8c6020cd417b05cd2be473acdcbb48a5cb7755005dacc4219c8a7ec85c5","digitalCertThumbprint":"903A30BDB94A424F30D95B5F614CA6FB4790B70B","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Viber Media S.a r.l., O=Viber Media S.a r.l., L=Luxembourg, C=LU, SERIALNUMBER=B184956, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=LU","sourceIndex":"648","avBlockList":["Norton Security (20240604)","SpyHunter5 (20240604)","VirIT eXplorer PRO (20240604)"],"avAllowList":["360 Total Security (20240604)","Avast Premium Security (20240604)","AVG Internet Security (20240604)","Avira Internet Security (20240604)","Bitdefender Internet Security (20240604)","COMODO Antivirus (20240604)","Dr.Web Security Space (20240604)","ESET Internet Security (20240604)","G DATA INTERNET SECURITY (20240604)","K7 Total Security (20240604)","Kaspersky Internet Security (20240604)","Malwarebytes Premium (20240604)","McAfee Total Protection (20240604)","Panda Dome (20240604)","Quick Heal Internet Security (20240604)","Sophos Home Premium (20240604)","Total AV Antivirus Pro (20240604)","Trend Micro Internet Security (20240604)","VIPRE Advanced Security (20240604)","Webroot SecureAnywhere (20240604)","Windows Defender (20240604)"]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on windows app","reference":"","landingPage":"https://www.viber.com/en/","directDownloadingLink":"https://download.cdn.viber.com/desktop/windows/ViberSetup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://download.cdn.viber.com/desktop/windows/ViberSetup.exe","sourceIndex":"648"}],"sampleFiles":["240429/Viber-220602/22.5.0.1/Samples/Viber.exe"],"imageFiles":["240429/Viber-220602/22.5.0.1/Images/ACR-048/ACR-048.PNG","240429/Viber-220602/22.5.0.1/Images/ACR-059/ACR-059.PNG","240429/Viber-220602/22.5.0.1/Images/ACR-060/ACR-060.PNG","240429/Viber-220602/22.5.0.1/Images/ACR-047/ACR-047.PNG","240429/Viber-220602/22.5.0.1/Images/ACR-013/ACR-013.PNG"],"nonDeceptorImageFiles":["240429/Viber-220602/22.5.0.1/Images/ACR-040/ACR-040.PNG"],"guid":"3236f7f7-3ddc-4281-94e0-57c5cafdb49a_22.5.0.1_1","appID":"Viber-220602","dateAdded":"240515","deceptorType":"App","name":"Viber","company":"Viber Media S.à r.l.","version":"22.5.0.1","firstVendorContactDate":"240528","firstAppEsteemReplyDate":"240528","firstResolvedDate":"240702","firstResolvedVersion":"23.0.0.0","resolved":"TRUE","lastKnownStatus":"20.2.0.2;21.0.0.0;22.3.0.0;22.5.0.1;22.6.1.0","lastKnownDate":"240515","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","lastUpdate":"2024-07-02T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":5,"sortOrder":666},{"violations":{"ACR-042":"Open source project \"QT6\" is installed without any disclosure in EULA.\n","ACR-043":"Open source project \"QT6\" is installed without any disclosure in EULA. \n","ACR-047":"The BrightVPN  offer is prompted every time the user start to relaunch the app that has been previously declined. \n","ACR-107":"The app does not disclose relevant license information about 'QT6'.\n","ACR-048":"The app does not provide control to cancel the installation process.\n","ACR-013":"During launching the application, the user is interrupted by non-consented offers to silently install unrelated software. \n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software.\n","ACR-059":" The Offer is not clearly marked as an Optional Offer.\n"},"nonDeceptorViolations":{"ACR-040":"The app drops all its components in a hidden path(C:\\Users\\User\\AppData\\Local\\) without the user's knowledge. \n"},"samples":[{"isRevoked":"False","fileName":"ViberSetup.exe","isInstaller":"True","companyName":"2010-2024 Viber Media S.a.r.l","productName":"Viber","productVersion":"22.3.0.0","fileVersion":"22.3.0.0","hashMD5":"0f42aab067053d84043ba02ebb932811","hashSHA1":"abf1d8e52a7c539647fd7d3b8658cf485c7df443","hashSHA256":"8a7ee635d9bd503ee09cc3efe7e440fbf2aa8b09944388523caf84633983c4fc","digitalCertThumbprint":"EF8D3430DA3BE4F0E1A10BA54A80E2B011DBB6D9","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Viber Media S.a r.l.","storeId":"","sourceIndex":"667","avBlockList":["COMODO Antivirus (20240521)","Norton Security (20240521)","SpyHunter5 (20240521)","VirIT eXplorer PRO (20240521)","Webroot SecureAnywhere (20240521)"],"avAllowList":["360 Total Security (20240521)","Avast Premium Security (20240521)","AVG Internet Security (20240521)","Avira Internet Security (20240521)","Bitdefender Internet Security (20240521)","Dr.Web Security Space (20240521)","ESET Internet Security (20240521)","G DATA INTERNET SECURITY (20240521)","K7 Total Security (20240521)","Kaspersky Internet Security (20240521)","Malwarebytes Premium (20240521)","McAfee Total Protection (20240521)","Panda Dome (20240521)","Quick Heal Internet Security (20240521)","Sophos Home Premium (20240521)","Total AV Antivirus Pro (20240521)","Trend Micro Internet Security (20240521)","VIPRE Advanced Security (20240521)","Windows Defender (20240521)"]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on windows app","reference":"","landingPage":"https://www.viber.com/en/","directDownloadingLink":"https://download.cdn.viber.com/desktop/windows/ViberSetup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://download.cdn.viber.com/desktop/windows/ViberSetup.exe","sourceIndex":"667"}],"sampleFiles":["240401/Viber-220602/22.3.0.0/Samples/ViberSetup.exe"],"imageFiles":["240401/Viber-220602/22.3.0.0/Images/ACR-043/ACR-043.PNG","240401/Viber-220602/22.3.0.0/Images/ACR-107/ACR-107.PNG","240401/Viber-220602/22.3.0.0/Images/ACR-042/ACR-042.PNG","240401/Viber-220602/22.3.0.0/Images/ACR-048/ACR-048_Install.PNG","240401/Viber-220602/22.3.0.0/Images/ACR-059/ACR-059.PNG","240401/Viber-220602/22.3.0.0/Images/ACR-060/ACR-060.PNG","240401/Viber-220602/22.3.0.0/Images/ACR-047/ACR-047.PNG","240401/Viber-220602/22.3.0.0/Images/ACR-013/ACR-013.PNG"],"nonDeceptorImageFiles":["240401/Viber-220602/22.3.0.0/Images/ACR-040/ACR-040.PNG"],"guid":"3236f7f7-3ddc-4281-94e0-57c5cafdb49a_22.3.0.0_1","appID":"Viber-220602","dateAdded":"240515","deceptorType":"App","name":"Viber","company":"Viber Media S.à r.l.","version":"22.3.0.0","firstVendorContactDate":"240528","firstAppEsteemReplyDate":"240528","firstResolvedDate":"240702","firstResolvedVersion":"23.0.0.0","resolved":"TRUE","lastKnownStatus":"20.2.0.2;21.0.0.0;22.3.0.0;22.5.0.1;22.6.1.0","lastKnownDate":"240515","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","lastUpdate":"2024-07-02T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":5,"sortOrder":667},{"violations":{"ACR-042":"Open source project \"QT6\" is installed without any disclosure in EULA.\n","ACR-043":"Open source project \"QT6\" is installed without any disclosure in EULA. \n","ACR-047":"The BrightVPN  offer is prompted every time the user start to relaunch the app that has been previously declined. \n","ACR-107":"The app does not disclose relevant license information about 'QT6'.\n","ACR-048":"The app does not provide control to cancel the installation process.\n","ACR-013":"During launching the application, the user is interrupted by non-consented offers to silently install unrelated software. \n","ACR-059":" The Offer is not clearly marked as an Optional Offer.\n"},"nonDeceptorViolations":{"ACR-040":"The app drops all its components in a hidden path(C:\\Users\\User\\AppData\\Local\\) without the user's knowledge. \n"},"samples":[{"isRevoked":"False","fileName":"ViberSetup.exe","isInstaller":"True","companyName":"2010-2023 Viber Media S.a.r.l","fileVersion":"21.0","hashMD5":"df77cf5b1f9c7ac62be33fce601cbe2e","hashSHA1":"48cf8012aa206c5b1a6f556e2cbd7c584fead3a9","hashSHA256":"c237902a7a5454cae6d52bbc5df0c19e3a7cd3e89c78737158ad30e8b1dbec18","digitalCertThumbprint":"0FB8028E56E7BDEE0B66B962FA9539E50C5C3544","digitalCertIssuer":"CN=Sectigo Public Code Signing CA R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=Viber Media S.à r.l., O=Viber Media S.à r.l., S=Luxembourg, C=LU","sourceIndex":"896","avBlockList":["Norton Security (20240411)","Panda Dome (20240411)","Sophos Home Premium (20240411)","SpyHunter5 (20240411)","VirIT eXplorer PRO (20240411)","Webroot SecureAnywhere (20240411)"],"avAllowList":["360 Total Security (20240411)","Avast Premium Security (20240411)","AVG Internet Security (20240411)","Avira Internet Security (20240411)","Bitdefender Internet Security (20240411)","COMODO Antivirus (20240411)","Dr.Web Security Space (20240411)","ESET Internet Security (20240411)","G DATA INTERNET SECURITY (20240411)","K7 Total Security (20240411)","Kaspersky Internet Security (20240411)","Malwarebytes Premium (20240411)","McAfee Total Protection (20240411)","Quick Heal Internet Security (20240411)","Total AV Antivirus Pro (20240411)","Trend Micro Internet Security (20240411)","VIPRE Advanced Security (20240411)","Windows Defender (20240411)"]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt","reference":"","landingPage":"https://www.viber.com/en/","directDownloadingLink":"https://download.cdn.viber.com/desktop/windows/ViberSetup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://download.cdn.viber.com/desktop/windows/ViberSetup.exe","sourceIndex":"896"}],"sampleFiles":["230925/Viber-220602/21.0.0.0/Samples/ViberSetup.exe"],"imageFiles":["230925/Viber-220602/21.0.0.0/Images/ACR-043/ACR-040.jpg","230925/Viber-220602/21.0.0.0/Images/ACR-107/ACR-040.jpg","230925/Viber-220602/21.0.0.0/Images/ACR-042/ACR-040.jpg","230925/Viber-220602/21.0.0.0/Images/ACR-048/Installation.jpg","230925/Viber-220602/21.0.0.0/Images/ACR-059/BtightVPNOffer.jpg","230925/Viber-220602/21.0.0.0/Images/ACR-047/ACR-047_Bundler-made offers_1.png","230925/Viber-220602/21.0.0.0/Images/ACR-013/ACR-013_Bundler-made offers_1.png"],"nonDeceptorImageFiles":["230925/Viber-220602/21.0.0.0/Images/ACR-040/ACR-040.jpg"],"guid":"3236f7f7-3ddc-4281-94e0-57c5cafdb49a_21.0.0.0_1","appID":"Viber-220602","dateAdded":"240515","deceptorType":"App","name":"Viber","company":"Viber Media S.à r.l.","version":"21.0.0.0","firstVendorContactDate":"240528","firstAppEsteemReplyDate":"240528","firstResolvedDate":"240702","firstResolvedVersion":"23.0.0.0","resolved":"TRUE","lastKnownStatus":"20.2.0.2;21.0.0.0;22.3.0.0;22.5.0.1;22.6.1.0","lastKnownDate":"240515","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","lastUpdate":"2024-07-02T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":5,"sortOrder":668},{"violations":{"ACR-042":"1. The \"AVAST\" component gets dropped before the user attempts to accept the offer.\n2. Open source project \"QT6\" is installed without any disclosure in EULA.\n","ACR-043":"1. The \"AVAST\" component gets dropped before the user attempts to accept the offer.\n2. Open source project \"QT6\" is installed without any disclosure in EULA. \n","ACR-047":"The \"AVAST\" offer is prompted every time the user attempts to exit and relaunch the app that has been previously declined. \n","ACR-107":"The app does not disclose relevant license information about 'QT6'.\n","ACR-048":"The app does not provide control to cancel the installation process.\n"},"nonDeceptorViolations":{"ACR-040":"The app drops all its components in a hidden path(C:\\Users\\User\\AppData\\Local\\) without the user's knowledge. \n"},"samples":[{"isRevoked":"False","fileName":"ViberSetup.exe","isInstaller":"True","companyName":"2010-2023 Viber Media S.a.r.l","productName":"Viber","productVersion":"20.2.0.2","fileVersion":"20.2.0.2","hashMD5":"d801a863de374a9b3e159aa44b4905dc","hashSHA1":"4e41aa6d6f8c93b9537fd373464b533d4b725206","hashSHA256":"d0e1d237288f2e1466836ed3ba05c2309c9f5ebaedd96635bf57ccfd89b259c7","digitalCertThumbprint":"0FB8028E56E7BDEE0B66B962FA9539E50C5C3544","digitalCertIssuer":"Sectigo Public Code Signing CA R36","digitalCertIssuedTo":"Viber Media S.à r.l.","storeId":"","sourceIndex":"1008","avBlockList":["ESET Internet Security (20240606)","K7 Total Security (20240606)","Norton Security (20240606)","Panda Dome (20240606)","Sophos Home Premium (20240606)","SpyHunter5 (20240606)","VirIT eXplorer PRO (20240606)","Webroot SecureAnywhere (20240606)","Windows Defender (20240606)"],"avAllowList":["360 Total Security (20240606)","Avast Premium Security (20240606)","AVG Internet Security (20240606)","Avira Internet Security (20240606)","Bitdefender Internet Security (20240606)","COMODO Antivirus (20240606)","Dr.Web Security Space (20240606)","G DATA INTERNET SECURITY (20240606)","Kaspersky Internet Security (20240606)","Malwarebytes Premium (20240606)","McAfee Total Protection (20240606)","Quick Heal Internet Security (20240606)","Total AV Antivirus Pro (20240606)","Trend Micro Internet Security (20240606)","VIPRE Advanced Security (20240606)"]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt","reference":"","landingPage":"https://www.viber.com/en/","directDownloadingLink":"https://download.cdn.viber.com/desktop/windows/ViberSetup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://download.cdn.viber.com/desktop/windows/ViberSetup.exe","sourceIndex":"1008"}],"sampleFiles":["230710/Viber-220602/20.2.0.2/Samples/ViberSetup.exe"],"imageFiles":["230710/Viber-220602/20.2.0.2/Images/ACR-043/ACR-043.JPG","230710/Viber-220602/20.2.0.2/Images/ACR-043/ACR-043 (2).JPG","230710/Viber-220602/20.2.0.2/Images/ACR-107/ACR-107.JPG","230710/Viber-220602/20.2.0.2/Images/ACR-042/ACR-042.JPG","230710/Viber-220602/20.2.0.2/Images/ACR-042/ACR-042_1.JPG","230710/Viber-220602/20.2.0.2/Images/ACR-048/ACR-048.JPG","230710/Viber-220602/20.2.0.2/Images/ACR-047/ACR-047.JPG"],"nonDeceptorImageFiles":["230710/Viber-220602/20.2.0.2/Images/ACR-040/ACR-040.JPG"],"guid":"3236f7f7-3ddc-4281-94e0-57c5cafdb49a_20.2.0.2_1","appID":"Viber-220602","dateAdded":"240515","deceptorType":"App","name":"Viber","company":"Viber Media S.à r.l.","version":"20.2.0.2","firstVendorContactDate":"240528","firstAppEsteemReplyDate":"240528","firstResolvedDate":"240702","firstResolvedVersion":"23.0.0.0","resolved":"TRUE","lastKnownStatus":"20.2.0.2;21.0.0.0;22.3.0.0;22.5.0.1;22.6.1.0","lastKnownDate":"240515","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","lastUpdate":"2024-07-02T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":5,"sortOrder":669},{"violations":{"ACR-048":"The app does not provide any control to disable the startup it created.\n","ACR-084":"The app creates an undisclosed startup for DiagnosticDriver to perform action without the consumer's knowledge and consent. When app is closed, DiagnosticDriver runs silently in the background, hiding the fact that it is active from the consumer without any notification.\n","ACR-039":"The app silently installs \"DiagnosticDriver\" without disclosing its relationship to the app during installation.\n"},"nonDeceptorViolations":{"ACR-040":"The app drops its other components in a hidden path \"C:\\Users\\User\\AppData\\Local\\DiagnosticDriver\" without user's knowledge.\n","ACR-065":"The app does not disclose EULA and Privacy Policy at installation and software.\n"},"samples":[{"isRevoked":"False","fileName":"systemutilities.msi","isInstaller":"True","fileVersion":"0.","hashMD5":"41eda719c231e212e02b2683d36edfa4","hashSHA1":"7257a3350b7b856c16b146ff063f002b42903543","hashSHA256":"1c6191ddeb164efff30358f7de88022577b6bfe0dfbe0a29ab0f3a2b25637bd2","sourceIndex":"647","avBlockList":["360 Total Security (20240604)","Avast Premium Security (20240604)","AVG Internet Security (20240604)","Avira Internet Security (20240604)","K7 Total Security (20240604)","Malwarebytes Premium (20240604)","Norton Security (20240604)","Sophos Home Premium (20240604)","SpyHunter5 (20240604)","Total AV Antivirus Pro (20240604)","VirIT eXplorer PRO (20240604)"],"avAllowList":["Bitdefender Internet Security (20240604)","COMODO Antivirus (20240604)","Dr.Web Security Space (20240604)","ESET Internet Security (20240604)","G DATA INTERNET SECURITY (20240604)","Kaspersky Internet Security (20240604)","McAfee Total Protection (20240604)","Panda Dome (20240604)","Quick Heal Internet Security (20240604)","Trend Micro Internet Security (20240604)","VIPRE Advanced Security (20240604)","Webroot SecureAnywhere (20240604)","Windows Defender (20240604)"]}],"additionalFiles":[],"sources":[{"howFound":"random search","reference":"","landingPage":"https://system-utilities.com/","directDownloadingLink":"https://soft.system-utilities.com/get/default/vanilla/systemutilities.msi","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://soft.system-utilities.com/get/default/vanilla/systemutilities.msi","sourceIndex":"647"}],"sampleFiles":["240429/SystemUtilities-240425/1.2.0.0/Samples/systemutilities.msi"],"imageFiles":["240429/SystemUtilities-240425/1.2.0.0/Images/ACR-039/ACR-039_Install_1.png","240429/SystemUtilities-240425/1.2.0.0/Images/ACR-084/ACR-084_Software_1.png","240429/SystemUtilities-240425/1.2.0.0/Images/ACR-084/ACR-084_Software_2.png","240429/SystemUtilities-240425/1.2.0.0/Images/ACR-048/ACR-048_Software_1.png"],"nonDeceptorImageFiles":["240429/SystemUtilities-240425/1.2.0.0/Images/ACR-040/ACR-040_Install_1.png","240429/SystemUtilities-240425/1.2.0.0/Images/ACR-040/ACR-040_Install_2.png","240429/SystemUtilities-240425/1.2.0.0/Images/ACR-065/ACR-065.gif"],"guid":"8f99ace0-96bf-438b-bbfb-5e61a0de9b98_1.2.0.0_1","appID":"SystemUtilities-240425","dateAdded":"240429","deceptorType":"App","name":"System Utilities","company":"Sol Digital Solutions Limited","version":"1.2.0.0","lastKnownStatus":"1.2.0.0","lastKnownDate":"240429","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 10,Windows 11,Windows 7,Windows 8","targetBrowser":"None","targetCustomer":"consumer","monetization":"none","lastUpdate":"2024-04-29T22:07:47.3430471+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":670},{"violations":{"ACR-048":"Scheduled tasks created without providing options/settings for user to disable them.\n\n","ACR-050":"ClearBar doesn't obey user's search engine setting. It enforces \"Clear\" (yahoo search result)  as the search engine in spite of user choice.\n\n","ACR-084":"ClearBar process running in background without notifying user when it is minimized.\n\n"},"nonDeceptorViolations":{"ACR-040":"application is installed in hidden folder without providing option for user to change it.\n"},"samples":[{"isRevoked":"False","fileName":"Clear-EasyPrint.b7002.SK040.ch%20(1).exe","isInstaller":"True","companyName":"Clear.App                                                   ","fileVersion":"1.1","hashMD5":"1f986151da117b4d0ffe2b5338ba8d90","hashSHA1":"8687e9acc6404fdc77b094e180f533aca46a0747","hashSHA256":"6b62f628f7e87cc66110e7429cc894c0967d9e85f9fae319d3b2f643fc245f94","digitalCertThumbprint":"17E6B9535839369889BB9AD0DF5A712973A264AB","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=ClearBar, O=ClearBar, L=San Francisco, S=California, C=US","sourceIndex":"655","avBlockList":["360 Total Security (20240604)","Avast Premium Security (20240604)","AVG Internet Security (20240604)","Avira Internet Security (20240604)","Bitdefender Internet Security (20240604)","ESET Internet Security (20240604)","G DATA INTERNET SECURITY (20240604)","K7 Total Security (20240604)","Kaspersky Internet Security (20240604)","Malwarebytes Premium (20240604)","Norton Security (20240604)","Panda Dome (20240604)","Sophos Home Premium (20240604)","SpyHunter5 (20240604)","Total AV Antivirus Pro (20240604)","VIPRE Advanced Security (20240604)","VirIT eXplorer PRO (20240604)","Webroot SecureAnywhere (20240604)"],"avAllowList":["COMODO Antivirus (20240604)","Dr.Web Security Space (20240604)","McAfee Total Protection (20240604)","Quick Heal Internet Security (20240604)","Trend Micro Internet Security (20240604)","Windows Defender (20240604)"]},{"isRevoked":"False","fileName":"Clear-EasyPrint.b7002.SK040.ch.exe","isInstaller":"True","companyName":"Clear.App                                                   ","fileVersion":"1.1","hashMD5":"a196bf8e7bdadac7a17007ad2f75ba2d","hashSHA1":"e7418c4025c3097bf7b05cc8b330e3a85a38186a","hashSHA256":"e161a46fe428d16d2d006c0c2415b36710278c7e273fe409e51010a2bc6404c9","digitalCertThumbprint":"17E6B9535839369889BB9AD0DF5A712973A264AB","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=ClearBar, O=ClearBar, L=San Francisco, S=California, C=US","sourceIndex":"655","avBlockList":["360 Total Security (20240604)","Avast Premium Security (20240604)","AVG Internet Security (20240604)","Avira Internet Security (20240604)","Bitdefender Internet Security (20240604)","ESET Internet Security (20240604)","G DATA INTERNET SECURITY (20240604)","K7 Total Security (20240604)","Kaspersky Internet Security (20240604)","Malwarebytes Premium (20240604)","Norton Security (20240604)","Panda Dome (20240604)","Quick Heal Internet Security (20240604)","Sophos Home Premium (20240604)","SpyHunter5 (20240604)","Total AV Antivirus Pro (20240604)","Trend Micro Internet Security (20240604)","VIPRE Advanced Security (20240604)","VirIT eXplorer PRO (20240604)","Webroot SecureAnywhere (20240604)"],"avAllowList":["COMODO Antivirus (20240604)","Dr.Web Security Space (20240604)","McAfee Total Protection (20240604)","Windows Defender (20240604)"]}],"additionalFiles":[],"sources":[{"howFound":"Customer report","reference":"","landingPage":"https://clearbar.app","directDownloadingLink":"https://easyprint.app/lp/ez7-chroma-spc/","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://easyprint.app/lp/ez7-chroma-spc/","sourceIndex":"655"}],"sampleFiles":["240420/ClearBar-240420/1.1.1.0/Samples/Clear-EasyPrint.b7002.SK040.ch%20(1).exe","240420/ClearBar-240420/1.1.1.0/Samples/Clear-EasyPrint.b7002.SK040.ch.exe"],"imageFiles":["240420/ClearBar-240420/1.1.1.0/Images/ACR-048/ACR-048_Software_1.png","240420/ClearBar-240420/1.1.1.0/Images/ACR-050/ACR-050_Software_1.png","240420/ClearBar-240420/1.1.1.0/Images/ACR-050/ACR-050_Software_2.png"],"nonDeceptorImageFiles":["240420/ClearBar-240420/1.1.1.0/Images/ACR-040/ACR-040_Install_1.png"],"guid":"7cb94790-5caa-4692-858b-99b1a30f56e2_1.1.1.0_1","appID":"ClearBar-240420","dateAdded":"240420","deceptorType":"App","name":"ClearBar","company":"ClearBar","version":"1.1.1.0","lastKnownStatus":"1.1.1.0","lastKnownDate":"240420","type":"Windows Executable","targetOS":"None","targetBrowser":"None","lastUpdate":"2024-04-21T00:16:32.8582814+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":671},{"violations":{"ACR-057":"The app needs to provide a clear way to accept and decline optional offers. The offer requires the user to uncheck a prechecked checkbox in order to decline the offer.\n","ACR-055":"Accept and decline for the optional offer must be obvious. Unchecking the preselected AVS Video Converter is not a straightforward option for decline.\n","ACR-059":"An offer that is not related to the main app should be clearly marked as \"Optional Offer\".\n","ACR-155":"The optional offer is inserted to masquerade as part of the installation flow.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"AVSMediaPlayer-setup.exe","isInstaller":"True","companyName":"Online Media Technologies Ltd.                              ","fileVersion":"5.6","hashMD5":"8212da807dc4cf4de3b1be3a3224a53e","hashSHA1":"461b1b6c73fcfe05a00046c0307d993c3072fa1f","hashSHA256":"b3b8c51e7544102f119fa11639e607e4e7c752c620d6db40738186d55d8c17ae","digitalCertThumbprint":"21A8BD16143F28225161B35C7DD456CCCD018901","digitalCertIssuer":"CN=DigiCert SHA2 Assured ID Code Signing CA, OU=www.digicert.com, O=DigiCert Inc, C=US","digitalCertIssuedTo":"CN=Online Media Technologies Ltd., O=Online Media Technologies Ltd., L=London, C=GB","sourceIndex":"876","avBlockList":["Avira Internet Security (20240625)","McAfee Total Protection (20240625)","Norton Security (20240625)","Panda Dome (20240625)","Sophos Home Premium (20240625)","SpyHunter5 (20240625)","Total AV Antivirus Pro (20240625)","VirIT eXplorer PRO (20240625)","Webroot SecureAnywhere (20240625)"],"avAllowList":["360 Total Security (20240625)","Avast Premium Security (20240625)","AVG Internet Security (20240625)","Bitdefender Internet Security (20240625)","COMODO Antivirus (20240625)","Dr.Web Security Space (20240625)","ESET Internet Security (20240625)","G DATA INTERNET SECURITY (20240625)","K7 Total Security (20240625)","Kaspersky Internet Security (20240625)","Malwarebytes Premium (20240625)","Quick Heal Internet Security (20240625)","Trend Micro Internet Security (20240625)","VIPRE Advanced Security (20240625)","Windows Defender (20240625)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.search: mediaplayers","reference":"","landingPage":"https://www.avs4you.com/de/avs-free-media-player.aspx","directDownloadingLink":"https://downloads.avs4you.com/distributives/AVSMediaPlayer.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://downloads.avs4you.com/distributives/AVSMediaPlayer.exe","sourceIndex":"876"}],"sampleFiles":["231004/AVSMediaPlayer-231004/5.6.2.155/Samples/AVSMediaPlayer-setup.exe"],"imageFiles":["231004/AVSMediaPlayer-231004/5.6.2.155/Images/ACR-055/AdditionalOffer.jpg","231004/AVSMediaPlayer-231004/5.6.2.155/Images/ACR-057/AdditionalOffer.jpg","231004/AVSMediaPlayer-231004/5.6.2.155/Images/ACR-059/AdditionalOffer.jpg","231004/AVSMediaPlayer-231004/5.6.2.155/Images/ACR-155/AdditionalOffer.jpg"],"nonDeceptorImageFiles":[],"guid":"bcee770d-f736-44da-bdf3-2e554ebbe169_5.6.2.155_1","appID":"AVSMediaPlayer-231004","dateAdded":"240416","deceptorType":"App","name":"AVS Media Player","company":"Ascensio System SIA","version":"5.6.2.155","lastKnownStatus":"5.6.2.155;5.6.4.158","lastKnownDate":"240416","type":"Windows Executable","category":"Media players","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2024-04-16T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":673},{"violations":{"ACR-057":"The app needs to provide a clear way to accept and decline optional offers. The offer requires the user to uncheck a prechecked checkbox in order to decline the offer.\n","ACR-055":"Accept and decline for the optional offer must be obvious. Unchecking the preselected AVS Video Converter is not a straightforward option for decline.\n","ACR-059":"An offer that is not related to the main app should be clearly marked as \"Optional Offer\".\n","ACR-155":"The optional offer is inserted to masquerade as part of the installation flow.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"AVSMediaPlayer.exe","isInstaller":"True","companyName":"Ascensio System SIA                                         ","productName":"AVS Media Player                                            ","productVersion":"5.6.4.158                                         ","fileVersion":"5.6.4.158           ","hashMD5":"13cc1372276845ec2c86320ce14a337c","hashSHA1":"fad0c65a978c26a08d95783aff46ee383cf4c911","hashSHA256":"224d6c839b9aaa18f08332c16ac921c8d74cbbb717e99c87fe1f20fbebb89bc3","digitalCertThumbprint":"1D24B4A35C426920BE429EC32E1A85012DE4CD01","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"SIA ","storeId":"","sourceIndex":"657","avBlockList":["Avira Internet Security (20240606)","Bitdefender Internet Security (20240606)","K7 Total Security (20240606)","Malwarebytes Premium (20240606)","Norton Security (20240606)","Panda Dome (20240606)","Sophos Home Premium (20240606)","SpyHunter5 (20240606)","Total AV Antivirus Pro (20240606)","VIPRE Advanced Security (20240606)","VirIT eXplorer PRO (20240606)","Webroot SecureAnywhere (20240606)","Windows Defender (20240606)"],"avAllowList":["360 Total Security (20240606)","Avast Premium Security (20240606)","AVG Internet Security (20240606)","COMODO Antivirus (20240606)","Dr.Web Security Space (20240606)","ESET Internet Security (20240606)","G DATA INTERNET SECURITY (20240606)","Kaspersky Internet Security (20240606)","McAfee Total Protection (20240606)","Quick Heal Internet Security (20240606)","Trend Micro Internet Security (20240606)"]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on windows app","reference":"","landingPage":"https://www.avs4you.com/de/avs-free-media-player.aspx","directDownloadingLink":"https://downloads.avs4you.com/distributives/AVSMediaPlayer.exe?_gl=1*wi4qjg*_ga*MTY0NzMzMzM0Ni4xNzEzMjY1NjE2*_ga_BWSZ9WEBRH*MTcxMzI2NTYxNS4xLjAuMTcxMzI2NTYyMi41My4wLjA.","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://downloads.avs4you.com/distributives/AVSMediaPlayer.exe?_gl=1*wi4qjg*_ga*MTY0NzMzMzM0Ni4xNzEzMjY1NjE2*_ga_BWSZ9WEBRH*MTcxMzI2NTYxNS4xLjAuMTcxMzI2NTYyMi41My4wLjA.","sourceIndex":"657"}],"sampleFiles":["240416/AVSMediaPlayer-231004/5.6.4.158/Samples/AVSMediaPlayer.exe"],"imageFiles":["240416/AVSMediaPlayer-231004/5.6.4.158/Images/ACR-055/ACR-055_Install_1.png","240416/AVSMediaPlayer-231004/5.6.4.158/Images/ACR-057/ACR-057_In-bundle offers_1.png","240416/AVSMediaPlayer-231004/5.6.4.158/Images/ACR-059/ACR-059_In-bundle offers_1.png","240416/AVSMediaPlayer-231004/5.6.4.158/Images/ACR-155/ACR-155_In-bundle offers_1.png"],"nonDeceptorImageFiles":[],"guid":"bcee770d-f736-44da-bdf3-2e554ebbe169_5.6.4.158_1","appID":"AVSMediaPlayer-231004","dateAdded":"240416","deceptorType":"App","name":"AVS Media Player","company":"Ascensio System SIA","version":"5.6.4.158","lastKnownStatus":"5.6.2.155;5.6.4.158","lastKnownDate":"240416","type":"Windows Executable","category":"Media players","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2024-04-16T16:34:30.5762903+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":672},{"violations":{"ACR-006":"Application doesn't provide the value as it claims. The converted PDF can't be open and present error. Not a single document (.txt) can be converted successfully without errors. \n","ACR-104":"Application changes default search engine which is not relevant to application's value proposition. It doesn't disclose clear information and notification about the changes.\n","ACR-014":"The application misleads user that it installs PDFFixer and SumatraPDF, but only SumatraPDF installed as PDFReader\n"},"nonDeceptorViolations":{"ACR-040":"Application is installed in hidden folder without notifying user\n"},"samples":[{"isRevoked":"False","fileName":"Pdfixers.exe","isInstaller":"True","fileVersion":"1.0","hashMD5":"b4440eea7367c3fb04a89225df4022a6","hashSHA1":"5a6c01f821f10f6ed1f1283ecba36c5bacfb5838","hashSHA256":"a024a18e27707738adcd7b5a740c5a93534b4b8c9d3b947f6d85740af19d17d0","digitalCertThumbprint":"40C0CB1A69BC8AF1256B2862D729A330937B4CFF","digitalCertIssuer":"CN=GlobalSign GCC R45 EV CodeSigning CA 2020, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"CN=ADSMARKETO LLC, O=ADSMARKETO LLC, STREET=\"Rybolovetska street, building 49\", L=Kyiv, S=Kyiv, C=UA, OID.1.3.6.1.4.1.311.60.2.1.3=UA, SERIALNUMBER=45092259, OID.2.5.4.15=Private Organization","sourceIndex":"659","avBlockList":["Avast Premium Security (20240606)","AVG Internet Security (20240606)","Avira Internet Security (20240606)","Bitdefender Internet Security (20240606)","ESET Internet Security (20240606)","G DATA INTERNET SECURITY (20240606)","K7 Total Security (20240606)","Kaspersky Internet Security (20240606)","Malwarebytes Premium (20240606)","Norton Security (20240606)","Panda Dome (20240606)","Quick Heal Internet Security (20240606)","Sophos Home Premium (20240606)","SpyHunter5 (20240606)","Total AV Antivirus Pro (20240606)","Trend Micro Internet Security (20240606)","VIPRE Advanced Security (20240606)","VirIT eXplorer PRO (20240606)","Webroot SecureAnywhere (20240606)"],"avAllowList":["360 Total Security (20240606)","COMODO Antivirus (20240606)","Dr.Web Security Space (20240606)","McAfee Total Protection (20240606)","Windows Defender (20240606)"]}],"additionalFiles":[],"sources":[{"howFound":"customer report","reference":"","landingPage":"https://pdffixers.com/","directDownloadingLink":"https://pdffixers.com/downloadPage.html","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://pdffixers.com/downloadPage.html","sourceIndex":"659"},{"howFound":"","reference":"","landingPage":"https://pdfixers.com/","directDownloadingLink":"https://pdfixers.com/downloadPage.html","ipv4":"","ipv6":"","sourceIndex":"660"}],"sampleFiles":["240413/PDFFixers-240413/3.5.2.0/Samples/PDFixers.exe"],"imageFiles":["240413/PDFFixers-240413/3.5.2.0/Images/ACR-104/ACR-104_Software_1.png","240413/PDFFixers-240413/3.5.2.0/Images/ACR-006/ACR-006_Software_1.png","240413/PDFFixers-240413/3.5.2.0/Images/ACR-014/ACR-014_Software_1.png"],"nonDeceptorImageFiles":["240413/PDFFixers-240413/3.5.2.0/Images/ACR-040/ACR-040_Install_1.png"],"guid":"a96149a5-3977-4a89-bf38-1c8072fe7f1d_3.5.2.0_1","appID":"PDFFixers-240413","dateAdded":"240413","deceptorType":"App","name":"PDFFixers","company":" ADSMARKETO LLC","version":"3.5.2.0","lastKnownStatus":"3.5.2.0","lastKnownDate":"240413","type":"Windows Executable","category":"Productivity, Personalization & Search","targetOS":"None","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"install offers","lastUpdate":"2024-04-14T00:48:08.1246405+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":674},{"violations":{"ACR-109":"The app downloads \"spt_setup.exe\", a RelevantKnowledge file without the consumer's consent.\n","ACR-048":"The \"Decline\" button does not have any control, drops a RelevantKnowledge file “spt_setup.exe” regardless.\n\n","ACR-010":"The app distributes deceptor application. The offer in this app, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control. \n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software \n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software \n","ACR-118":"Upon uninstallation, it leaves its other components along with a \"curl-ca-bundle.crt\" and other components on the device without user's knowledge.\n","ACR-057":"The app bundles the \"Relevant Knowledge\" offer which does not allow the consumer to decline the offer. \n","ACR-071":"It attempts to force the acceptance of \"Relevant Knowledge\" by graying out the Next button when the user choose to Decline. Thus, forcing the user to only accept the offer and proceed with the installation.\n","ACR-059":"Offer not clearly marked as an offer. Instead, it is presented as a component of the carrier.\n","ACR-155":"Offers are designed to look like part of the install workflow. \n"},"nonDeceptorViolations":{"ACR-106":"App offers deceptive application 'Relevant Knowledge market survey'. \n","ACR-123":"The app does not remove an dropped root certificates even after uninstalling \n"},"samples":[{"isRevoked":"False","fileName":"imagetopdf_setup.exe","isInstaller":"True","companyName":"zxt2007.com                                                 ","productName":"Image To PDF                                                ","productVersion":"3.7.0.0                                           ","fileVersion":"3.7.0.0             ","hashMD5":"b9c578cbaaba29c7b7d54e3903a516fe","hashSHA1":"82dc60db7994720c26056c49b023f4fce9f317b4","hashSHA256":"7d47f81c4c2ac42872dfa4711b806cb917ba48cdcad0f93adffdc991a22dc22f","digitalCertThumbprint":"712DF3A60A8F334303B1E517176B87B88C7C25D5","digitalCertIssuer":"Sectigo Public Code Signing CA R36","digitalCertIssuedTo":"张晓彤","storeId":"","sourceIndex":"662","avBlockList":["360 Total Security (20240613)","Avast Premium Security (20240613)","AVG Internet Security (20240613)","Avira Internet Security (20240613)","Dr.Web Security Space (20240613)","ESET Internet Security (20240613)","G DATA INTERNET SECURITY (20240613)","K7 Total Security (20240613)","Kaspersky Internet Security (20240613)","Malwarebytes Premium (20240613)","McAfee Total Protection (20240613)","Norton Security (20240613)","Panda Dome (20240613)","Sophos Home Premium (20240613)","SpyHunter5 (20240613)","Total AV Antivirus Pro (20240613)","Trend Micro Internet Security (20240613)","VirIT eXplorer PRO (20240613)","Webroot SecureAnywhere (20240613)"],"avAllowList":["Bitdefender Internet Security (20240613)","COMODO Antivirus (20240613)","Quick Heal Internet Security (20240613)","VIPRE Advanced Security (20240613)","Windows Defender (20240613)"]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on windows app","reference":"","landingPage":"http://en.zxt2007.com/picture-tools/imagetopdf.html","directDownloadingLink":"http://en.zxt2007.com/download/imagetopdf_setup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://en.zxt2007.com/download/imagetopdf_setup.exe","sourceIndex":"662"}],"sampleFiles":["240405/ImagetoPDF-220606/3.7.0.0/Samples/imagetopdf_setup.exe"],"imageFiles":["240405/ImagetoPDF-220606/3.7.0.0/Images/ACR-109/ACR-109.PNG","240405/ImagetoPDF-220606/3.7.0.0/Images/ACR-048/ACR-048.PNG","240405/ImagetoPDF-220606/3.7.0.0/Images/ACR-010/ACR-010.PNG","240405/ImagetoPDF-220606/3.7.0.0/Images/ACR-118/ACR-118.PNG","240405/ImagetoPDF-220606/3.7.0.0/Images/ACR-057/ACR-057.PNG","240405/ImagetoPDF-220606/3.7.0.0/Images/ACR-059/ACR-059.PNG","240405/ImagetoPDF-220606/3.7.0.0/Images/ACR-071/ACR-071.PNG","240405/ImagetoPDF-220606/3.7.0.0/Images/ACR-155/ACR-155.PNG","240405/ImagetoPDF-220606/3.7.0.0/Images/ACR-013/ACR-013.PNG","240405/ImagetoPDF-220606/3.7.0.0/Images/ACR-060/ACR-060.PNG"],"nonDeceptorImageFiles":["240405/ImagetoPDF-220606/3.7.0.0/Images/ACR-106/ACR-106.PNG","240405/ImagetoPDF-220606/3.7.0.0/Images/ACR-123/ACR-123.PNG"],"guid":"19c6c2e7-39d7-4039-9551-0d0065370800_3.7.0.0_1","appID":"ImagetoPDF-220606","dateAdded":"240405","deceptorType":"App","name":"Image to PDF","company":"ZXT2007.com","version":"3.7.0.0","lastKnownStatus":"2.6.0.0;3.6.0.0;3.7.0.0","lastKnownDate":"240405","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"cross-sell other apps,sold in bundle,none","lastUpdate":"2024-04-05T16:56:15.3738196+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":3,"sortOrder":675},{"violations":{"ACR-109":"The app downloads \"spt_setup.exe\", a RelevantKnowledge file without the consumer's consent.\n","ACR-042":"The app drops the Root Certificate files before obtaining the consumer's permission through explicit user action in the installation prompt \n","ACR-043":"The app drops the Root Certificate files without disclosing in during installation\n","ACR-048":"The \"Decline\" button does not have any control, drops a RelevantKnowledge file “spt_setup.exe” regardless.\n\n","ACR-007":"The app does not obtain user consent for dropping the Root Certificate files to reduce the consumer's security posture caused by the installation prompt. \n","ACR-010":"The app distributes deceptor application. The offer in this app, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control. \n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software \n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software \n","ACR-118":"Upon uninstallation, it leaves its other components along with a \"curl-ca-bundle.crt\" and other components on the device without user's knowledge.\n","ACR-057":"The app bundles the \"Relevant Knowledge\" offer which does not allow the consumer to decline the offer. \n","ACR-071":"It attempts to force the acceptance of \"Relevant Knowledge\" by graying out the Next button when the user choose to Decline. Thus, forcing the user to only accept the offer and proceed with the installation.\n","ACR-059":"Offer not clearly marked as an offer. Instead, it is presented as a component of the carrier.\n","ACR-155":"Offers are designed to look like part of the install workflow. \n"},"nonDeceptorViolations":{"ACR-045":"The app does not describe clearly and straightforwardly what effect is caused to the user's system due to the dropped Cert file in the installation prompt\n","ACR-106":"App offers deceptive application 'Relevant Knowledge market survey'. \n","ACR-092":" The main executable is not digitally signed. \n","ACR-123":"The app does not remove an dropped root certificates even after uninstalling \n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\Image To PDF\\ImageToPDF.exe","companyName":"zxt2007.com","productName":"Image To PDF","productVersion":"3.6.0.0","fileVersion":"3.6.0.0","hashMD5":"665765a3db371eaca3cec3ffdf02e997","hashSHA1":"ee79c0f2688fa512b62e2ad2ece46c386e2b8280","hashSHA256":"0f4d26f0dd152a259cf8b64562bcaef4822f82534dccb91ef4d856385a481b19","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1079","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"imagetopdf_setup.exe","isInstaller":"True","companyName":"zxt2007.com                                                 ","productName":"Image To PDF                                                ","productVersion":"3.6.0.0                                           ","fileVersion":"3.6.0.0             ","hashMD5":"1b7a6b10c78b36a73711d9894f817a88","hashSHA1":"df97f997a9e5ffd25778c20f0490bb47969b8f86","hashSHA256":"e0854f67e004d040bbf31fdf7ad81a2c6ffc53bc5bd5abacc409441c5410b2ef","digitalCertThumbprint":"712DF3A60A8F334303B1E517176B87B88C7C25D5","digitalCertIssuer":"Sectigo Public Code Signing CA R36","digitalCertIssuedTo":"张晓彤","storeId":"","sourceIndex":"1079","avBlockList":["360 Total Security (20240716)","Avast Premium Security (20240716)","AVG Internet Security (20240716)","Avira Internet Security (20240716)","Bitdefender Internet Security (20240716)","COMODO Antivirus (20240716)","Dr.Web Security Space (20240716)","ESET Internet Security (20240716)","G DATA INTERNET SECURITY (20240716)","K7 Total Security (20240716)","Kaspersky Internet Security (20240716)","Malwarebytes Premium (20240716)","McAfee Total Protection (20240716)","Norton Security (20240716)","Panda Dome (20240716)","Sophos Home Premium (20240716)","SpyHunter5 (20240716)","Total AV Antivirus Pro (20240716)","Trend Micro Internet Security (20240716)","VIPRE Advanced Security (20240716)","VirIT eXplorer PRO (20240716)","Webroot SecureAnywhere (20240716)","FortectPremium (20240716)"],"avAllowList":["Quick Heal Internet Security (20240716)","Windows Defender (20240716)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.search: Free tools","reference":"","landingPage":"http://en.zxt2007.com/picture-tools/imagetopdf.html ","directDownloadingLink":"http://en.zxt2007.com/download.php?id=imagetopdf_setup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://en.zxt2007.com/download.php?id=imagetopdf_setup.exe","sourceIndex":"1079"}],"sampleFiles":["230530/ImagetoPDF-220606/3.6.0.0/Samples/imagetopdf_setup.exe"],"imageFiles":["230530/ImagetoPDF-220606/3.6.0.0/Images/ACR-109/ACR-109.JPG","230530/ImagetoPDF-220606/3.6.0.0/Images/ACR-043/ACR-043.JPG","230530/ImagetoPDF-220606/3.6.0.0/Images/ACR-042/ACR-042.JPG","230530/ImagetoPDF-220606/3.6.0.0/Images/ACR-048/ACR-048.JPG","230530/ImagetoPDF-220606/3.6.0.0/Images/ACR-007/ACR-007.JPG","230530/ImagetoPDF-220606/3.6.0.0/Images/ACR-010/ACR-010.JPG","230530/ImagetoPDF-220606/3.6.0.0/Images/ACR-118/ACR-118.JPG","230530/ImagetoPDF-220606/3.6.0.0/Images/ACR-057/ACR-057.JPG","230530/ImagetoPDF-220606/3.6.0.0/Images/ACR-059/ACR-059.JPG","230530/ImagetoPDF-220606/3.6.0.0/Images/ACR-071/ACR-071.JPG","230530/ImagetoPDF-220606/3.6.0.0/Images/ACR-155/ACR-155.JPG","230530/ImagetoPDF-220606/3.6.0.0/Images/ACR-013/ACR-013.JPG","230530/ImagetoPDF-220606/3.6.0.0/Images/ACR-060/ACR-060.JPG"],"nonDeceptorImageFiles":["230530/ImagetoPDF-220606/3.6.0.0/Images/ACR-045/ACR-045.JPG","230530/ImagetoPDF-220606/3.6.0.0/Images/ACR-106/ACR-106.JPG","230530/ImagetoPDF-220606/3.6.0.0/Images/ACR-092/ACR-092.JPG","230530/ImagetoPDF-220606/3.6.0.0/Images/ACR-123/ACR-123.JPG"],"guid":"19c6c2e7-39d7-4039-9551-0d0065370800_3.6.0.0_1","appID":"ImagetoPDF-220606","dateAdded":"240405","deceptorType":"App","name":"Image to PDF","company":"ZXT2007.com","version":"3.6.0.0","lastKnownStatus":"2.6.0.0;3.6.0.0;3.7.0.0","lastKnownDate":"240405","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"cross-sell other apps,sold in bundle,none","lastUpdate":"2024-04-05T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":3,"sortOrder":676},{"violations":{"ACR-109":"The app downloads \"spt_setup.exe\", a RelevantKnowledge file without the consumer's consent.\n","ACR-048":"The \"Decline\" button does not have any control, drops a RelevantKnowledge file “spt_setup.exe” regardless.\n\n","ACR-010":"The app distributes deceptor application. The offer in this app, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control. \n","ACR-118":"Upon uninstallation, it leaves its other components along with a \"curl-ca-bundle.crt\" on the device without user's knowledge.\n","ACR-057":"The app bundles the \"Relevant Knowledge\" offer which does not allow the consumer to decline the offer. \n","ACR-071":"It attempts to force the acceptance of \"Relevant Knowledge\" by graying out the Next button when the user choose to Decline. Thus, forcing the user to only accept the offer and proceed with the installation.\n","ACR-059":"Offer not clearly marked as an offer. Instead, it is presented as a component of the carrier.\n","ACR-155":"Offers are designed to look like part of the install workflow. \n"},"nonDeceptorViolations":{"ACR-065":"Carrier app has no EULA screen. The first offer's (Relevant Knowledge) EULA misleads consumers into thinking it is the EULA for the carrier app.\n","ACR-106":"App offers deceptive application 'Relevant Knowledge market survey'. \n","ACR-092":" The main executable is not digitally signed. \n"},"samples":[{"isRevoked":"False","fileName":"ImageToPDF.exe","companyName":"ZXT2007.com","productName":"Image To PDF","productVersion":"2.6","fileVersion":"2.6","hashMD5":"bcb87a169f877266357efb1676f238ce","hashSHA1":"cb5c0644d10deeede96503da8ab892101e5b45fa","hashSHA256":"c59764dbab5ca70a740f196a68377a8f87b544f5ffc2c15a44e6c6163b8283e2","sourceIndex":"1575","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"imagetopdf_setup.exe","isInstaller":"True","companyName":"zxt2007.com                                                 ","productName":"Image To PDF","fileVersion":"2.6","hashMD5":"46e10f234a6cd27230111bad3e0eb037","hashSHA1":"b911ef2cf83ce72aaef410321e7e030a0ec68753","hashSHA256":"bd67ba68af17b788891dd67f738fd1e0a873d09309f37bd7e9cee6f6b48050df","digitalCertThumbprint":"F9283AF7C9A41620F82A6E97A447E47D12070ABB","digitalCertIssuer":"CN=TalentPersonal","digitalCertIssuedTo":"CN=TalentPersonal","sourceIndex":"1575","avBlockList":["360 Total Security (20240411)","Avast Premium Security (20240411)","AVG Internet Security (20240411)","Avira Internet Security (20240411)","Bitdefender Internet Security (20240411)","Dr.Web Security Space (20240411)","ESET Internet Security (20240411)","G DATA INTERNET SECURITY (20240411)","K7 Total Security (20230831)","Kaspersky Internet Security (20240411)","Malwarebytes Premium (20240411)","McAfee Total Protection (20240411)","Norton Security (20240411)","Panda Dome (20240411)","Quick Heal Internet Security (20240411)","Sophos Home Premium (20240411)","SpyHunter5 (20240411)","Total AV Antivirus Pro (20240411)","Trend Micro Internet Security (20240411)","VIPRE Advanced Security (20240411)","VirIT eXplorer PRO (20240411)","Webroot SecureAnywhere (20240411)","Windows Defender (20240411)"],"avAllowList":["COMODO Antivirus (20240411)","Tencent PC Manager (20220609)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.search: Free tools","reference":"","landingPage":"http://en.zxt2007.com/picture-tools/imagetopdf.html ","directDownloadingLink":"http://en.zxt2007.com/download.php?id=imagetopdf_setup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://en.zxt2007.com/download.php?id=imagetopdf_setup.exe","sourceIndex":"1575"}],"sampleFiles":["220606/ImagetoPDF-220606/2.6.0.0/Samples/ImageToPDF.exe","220606/ImagetoPDF-220606/2.6.0.0/Samples/imagetopdf_setup.exe"],"imageFiles":["220606/ImagetoPDF-220606/2.6.0.0/Images/ACR-109/ACR-109_048_rksetup.jpg","220606/ImagetoPDF-220606/2.6.0.0/Images/ACR-048/ACR-109_048_rksetup.jpg","220606/ImagetoPDF-220606/2.6.0.0/Images/ACR-010/RelevantKnowledge.jpg","220606/ImagetoPDF-220606/2.6.0.0/Images/ACR-118/ACR-118_Remnants.jpg","220606/ImagetoPDF-220606/2.6.0.0/Images/ACR-057/RelevantKnowledge.jpg","220606/ImagetoPDF-220606/2.6.0.0/Images/ACR-059/RelevantKnowledge.jpg","220606/ImagetoPDF-220606/2.6.0.0/Images/ACR-071/RelevantKnowledge.jpg","220606/ImagetoPDF-220606/2.6.0.0/Images/ACR-155/RelevantKnowledge.jpg"],"nonDeceptorImageFiles":["220606/ImagetoPDF-220606/2.6.0.0/Images/ACR-065/RelevantKnowledge.jpg","220606/ImagetoPDF-220606/2.6.0.0/Images/ACR-106/RelevantKnowledge.jpg","220606/ImagetoPDF-220606/2.6.0.0/Images/ACR-092/ACR_092_NoDigiSig.jpg"],"guid":"19c6c2e7-39d7-4039-9551-0d0065370800_2.6.0.0_1","appID":"ImagetoPDF-220606","dateAdded":"240405","deceptorType":"App","name":"Image to PDF","company":"ZXT2007.com","version":"2.6.0.0","lastKnownStatus":"2.6.0.0;3.6.0.0;3.7.0.0","lastKnownDate":"240405","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"cross-sell other apps,sold in bundle,none","lastUpdate":"2024-04-05T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":3,"sortOrder":677},{"violations":{"ACR-004":"Application doesn't provide free fix for scanned items, instead it offers subscription payment to recover files scanned.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"iboysoftdatarecovery-setup.exe","isInstaller":"True","companyName":"iBoysoft                                                    ","fileVersion":"0.0","hashMD5":"b7902ba6474cf93a43f36ed5f6482acf","hashSHA1":"bd184ab9ca5b161daac7a6157acd301b11ac2c00","hashSHA256":"a05f67aec1ccfb8f091c91f7119998fce61aa200a649c2895fa11e03ef4aa2c5","digitalCertThumbprint":"5691BDDDAEDC258FD0D4C8C11036DD227F820716","digitalCertIssuer":"CN=DigiCert Global G3 Code Signing ECC SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=\"Chengdu Aibo Tech Co., Ltd.\", O=\"Chengdu Aibo Tech Co., Ltd.\", L=成都市, S=四川省, C=CN","sourceIndex":"665","avBlockList":["Avira Internet Security (20240613)","Bitdefender Internet Security (20240613)","ESET Internet Security (20240613)","G DATA INTERNET SECURITY (20240613)","K7 Total Security (20240613)","Malwarebytes Premium (20240613)","Norton Security (20240613)","Panda Dome (20240613)","Sophos Home Premium (20240613)","SpyHunter5 (20240613)","Total AV Antivirus Pro (20240613)","VIPRE Advanced Security (20240613)","VirIT eXplorer PRO (20240613)","Webroot SecureAnywhere (20240613)"],"avAllowList":["360 Total Security (20240613)","Avast Premium Security (20240613)","AVG Internet Security (20240613)","COMODO Antivirus (20240613)","Dr.Web Security Space (20240613)","Kaspersky Internet Security (20240613)","McAfee Total Protection (20240613)","Quick Heal Internet Security (20240613)","Trend Micro Internet Security (20240613)","Windows Defender (20240613)"]}],"additionalFiles":[],"sources":[{"howFound":"random search for recovery apps","reference":"","landingPage":"https://iboysoft.com/data-recovery/free-data-recovery.html","directDownloadingLink":"https://download.iboysoft.com/download/downloadfile.php?p=datarecovery&d=notrial_home_de&_gl=1*yy6qeb*_ga*MTg3MDAwNjI1NC4xNzEyMDQ0NTgx*_ga_ZTY9GRXHEE*MTcxMjA0NDU4MS4xLjAuMTcxMjA0NDU4MS4wLjAuMA..","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://download.iboysoft.com/download/downloadfile.php?p=datarecovery&d=notrial_home_de&_gl=1*yy6qeb*_ga*MTg3MDAwNjI1NC4xNzEyMDQ0NTgx*_ga_ZTY9GRXHEE*MTcxMjA0NDU4MS4xLjAuMTcxMjA0NDU4MS4wLjAuMA..","sourceIndex":"665"}],"sampleFiles":["240402/iBoysoftDataRecovery-240402/5.6.8/Samples/iboysoftdatarecovery-setup.exe"],"imageFiles":["240402/iBoysoftDataRecovery-240402/5.6.8/Images/ACR-004/ACR-004_Software_1.png","240402/iBoysoftDataRecovery-240402/5.6.8/Images/ACR-004/ACR-004_Software_2.png","240402/iBoysoftDataRecovery-240402/5.6.8/Images/ACR-004/ACR-004_Software_3.png"],"nonDeceptorImageFiles":[],"guid":"93acfafe-8d27-4d09-958b-831eef9d2328_5.6.8_1","appID":"iBoysoftDataRecovery-240402","dateAdded":"240402","deceptorType":"App","name":"iBoysoft Free Data Recovery","company":"iBoysoft","version":"5.6.8","lastKnownStatus":"5.6.8","lastKnownDate":"240402","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10,Windows 11","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,paid","lastUpdate":"2024-04-02T20:34:16.3022945+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":678},{"violations":{"ACR-048":"The app does not provide any control to cancel the installation.\nThe app does not provide control to disable/remove the startup, background process, and quit the app completely within the app's settings.\n","ACR-084":"On quitting the app, the application doesn't exit completely. It runs silently in the background, hiding the fact that it is active from the consumer without any notification.\n","ACR-014":"The app displays a misleading statement that \"Your real IP : visible\" (another VPN is running and real IP is hidden by it) \n\n"},"nonDeceptorViolations":{"ACR-092":"The app does not have a digital signature for any executable.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files\\Oko VPN\\1.5.0\\OkoVPN.exe","companyName":"OkoVPN","productName":"OkoVPN","productVersion":"1.5.0.0","fileVersion":"1.5.0.0","hashMD5":"5b7768ed1cde525239c485d40280afd8","hashSHA1":"e0b047f72e99a061b75fb2e80b8080a35b067150","hashSHA256":"c33636bae96d00e9711bf3b01c4c5b9329ddb30e0f8673eac6e61269440699e8","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"259","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Program Files\\Oko VPN\\1.5.0\\Vpn.Service.exe","companyName":"Vpn.Service","productName":"Vpn.Service","productVersion":"1.5.0.0","fileVersion":"1.5.0.0","hashMD5":"cfb3c60bb541ea76fb12b0f9ea2e9d20","hashSHA1":"706fc1ae02bfe32c9818f1d138ee5e61462477a7","hashSHA256":"35c305f60c53d2226fbf76702cc37ba292c8f4e02125def6622316c267ce2c12","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"259","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Program Files\\Oko VPN\\Common\\Vpn.Logging.exe","companyName":"Vpn.Logging","productName":"Vpn.Logging","productVersion":"1.5.0.0","fileVersion":"1.5.0.0","hashMD5":"9ec6b0f032d3496799044d448d89832f","hashSHA1":"04dd5b2f5f10865c434749701d05b77ada45d621","hashSHA256":"1da77e56070586a9b8de2116d1c5f32849db892b03e13d1141b4ecd5405b767a","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"259","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"OkoVPN-Installer-1.5.0.exe","isInstaller":"True","companyName":"","productName":"","productVersion":"","fileVersion":"","hashMD5":"18964cd33d8957964bbe73074638ee71","hashSHA1":"d97c10e5ea84f2d9dd4617f302714e14faa1b289","hashSHA256":"f519a029e0561da0ed4d085a80781b2cbb419dab5ef00bc7c23a099ba55c3621","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"259","avBlockList":["360 Total Security (20240618)","Avast Premium Security (20240618)","AVG Internet Security (20240618)","Avira Internet Security (20240618)","Bitdefender Internet Security (20240618)","COMODO Antivirus (20240618)","Dr.Web Security Space (20240618)","G DATA INTERNET SECURITY (20240618)","K7 Total Security (20240618)","Kaspersky Internet Security (20240618)","Malwarebytes Premium (20240618)","McAfee Total Protection (20240618)","Norton Security (20240618)","Panda Dome (20240618)","Quick Heal Internet Security (20240618)","Sophos Home Premium (20240618)","SpyHunter5 (20240618)","Total AV Antivirus Pro (20240618)","VIPRE Advanced Security (20240618)","VirIT eXplorer PRO (20240618)","Webroot SecureAnywhere (20240618)"],"avAllowList":["ESET Internet Security (20240618)","Trend Micro Internet Security (20240618)","Windows Defender (20240618)"]}],"additionalFiles":[],"sources":[{"howFound":"VPN","reference":"","landingPage":"https://okovpn.com/","directDownloadingLink":"https://okovpn.com/files/OkoVPN-Installer-1.5.0.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://okovpn.com/files/OkoVPN-Installer-1.5.0.exe","sourceIndex":"259"}],"sampleFiles":["240327/OKOVPN-240326/1.5/Samples/OkoVPN-Installer-1.5.0.exe"],"imageFiles":["240327/OKOVPN-240326/1.5/Images/ACR-048/ACR-048.PNG","240327/OKOVPN-240326/1.5/Images/ACR-084/ACR-084_1.PNG","240327/OKOVPN-240326/1.5/Images/ACR-048/ACR-048_Software.PNG","240327/OKOVPN-240326/1.5/Images/ACR-048/ACR-048_Software_1.PNG","240327/OKOVPN-240326/1.5/Images/ACR-014/ACR-014.PNG"],"nonDeceptorImageFiles":["240327/OKOVPN-240326/1.5/Images/ACR-092/ACR-092.PNG","240327/OKOVPN-240326/1.5/Images/ACR-092/ACR-092_1.PNG"],"guid":"e2081c5c-833f-4ef0-8c3a-4c364a83d557_1.5_1","appID":"OKOVPN-240326","dateAdded":"240327","deceptorType":"App","name":"OKO VPN","company":"OKOVPN","version":"1.5","lastKnownStatus":"1.5","lastKnownDate":"250102","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 8,Windows 7,Windows 10,Windows 11","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2025-01-02T18:58:07.7636263+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":679},{"violations":{"ACR-004":"Application doesn't provide free fix for all items reported, only allow to recover 3 files. Instead it offers subscription payment to completely recover files scanned.\n","ACR-014":"Data Recovery feature does not match what is displayed on Landing page and allowed in software.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"FileRecovery_Free.exe","isInstaller":"True","fileVersion":"1.24","hashMD5":"fa6c122bfc3d3e0652b816dea7506c30","hashSHA1":"6e5dff133182bceb41dd54166707a336fa4c3887","hashSHA256":"789e265fe7c5b72d0d43e092ffee7347c4d17e5be84c75e752245cbe3a99418b","digitalCertThumbprint":"208315C82C4A57E1BD8C1AD0E7C9B536E6C07405","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Glarysoft Ltd, O=Glarysoft Ltd, S=Beijing, C=CN, SERIALNUMBER=91110108680456115E, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.1=Haidian District, OID.1.3.6.1.4.1.311.60.2.1.2=Beijing, OID.1.3.6.1.4.1.311.60.2.1.3=CN","sourceIndex":"635","avBlockList":["Avast Premium Security (20240411)","AVG Internet Security (20240411)","Avira Internet Security (20240411)","ESET Internet Security (20240411)","G DATA INTERNET SECURITY (20240411)","K7 Total Security (20240411)","Norton Security (20240411)","Panda Dome (20240411)","Quick Heal Internet Security (20240411)","Sophos Home Premium (20240411)","SpyHunter5 (20240411)","Total AV Antivirus Pro (20240411)","VirIT eXplorer PRO (20240411)","Webroot SecureAnywhere (20240411)"],"avAllowList":["360 Total Security (20240411)","Bitdefender Internet Security (20240411)","COMODO Antivirus (20240411)","Dr.Web Security Space (20240411)","Kaspersky Internet Security (20240411)","Malwarebytes Premium (20240411)","McAfee Total Protection (20240411)","Trend Micro Internet Security (20240411)","VIPRE Advanced Security (20240411)","Windows Defender (20240411)"]},{"isRevoked":"False","fileName":"FileRecovery.exe","companyName":"Glarysoft Ltd","fileVersion":"1.0","hashMD5":"7c7340dd3f60ca510c4e9506f1253d53","hashSHA1":"1577becfeb6c37b94840e42851c0f59085f0d4da","hashSHA256":"44c3c5028514f5814cbec5a03b657358027a5e05cfd51d6c1f6b28005c522941","digitalCertThumbprint":"208315C82C4A57E1BD8C1AD0E7C9B536E6C07405","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Glarysoft Ltd, O=Glarysoft Ltd, S=Beijing, C=CN, SERIALNUMBER=91110108680456115E, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.1=Haidian District, OID.1.3.6.1.4.1.311.60.2.1.2=Beijing, OID.1.3.6.1.4.1.311.60.2.1.3=CN","sourceIndex":"635","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"random search for recovery apps","reference":"","landingPage":"https://www.glarysoft.com/file-recovery-free/","directDownloadingLink":"https://download.glarysoft.com/FileRecovery_Free.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://download.glarysoft.com/FileRecovery_Free.exe","sourceIndex":"635"}],"sampleFiles":["240327/GlarysoftFileRecovery-240327/1.24.0.24/Samples/FileRecovery_Free.exe","240327/GlarysoftFileRecovery-240327/1.24.0.24/Samples/FileRecovery.exe"],"imageFiles":["240327/GlarysoftFileRecovery-240327/1.24.0.24/Images/ACR-004/ACR-004_Software_1.png","240327/GlarysoftFileRecovery-240327/1.24.0.24/Images/ACR-004/ACR-004_Software_2.png","240327/GlarysoftFileRecovery-240327/1.24.0.24/Images/ACR-014/ACR-014_Software_1.png","240327/GlarysoftFileRecovery-240327/1.24.0.24/Images/ACR-014/ACR-014_Software_2.png","240327/GlarysoftFileRecovery-240327/1.24.0.24/Images/ACR-014/ACR-014_Software_3.png"],"nonDeceptorImageFiles":[],"guid":"00bf9080-ab9e-406d-a323-7bf3c659c391_1.24.0.24_1","appID":"GlarysoftFileRecovery-240327","dateAdded":"240327","deceptorType":"App","name":"Glarysoft File Recovery","company":"Glarysoft Ltd","version":"1.24.0.24","firstVendorContactDate":"240530","firstAppEsteemReplyDate":"240604","firstResolvedDate":"240604","firstResolvedVersion":"1.25.0.25","resolved":"TRUE","lastKnownStatus":"1.24.0.24","lastKnownDate":"240327","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10,Windows 11","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,paid","lastUpdate":"2024-06-04T18:41:13.2255388+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":680},{"violations":{"ACR-004":"The application doesn't provide a free fix (recovery) for scan results, and offer a subscription that the user needs to pay to fix it.\n","ACR-014":"The \"Save\" button leads to purchase flow. It misleads the user that the scanned items will be fixed (save the recovered files) after clicking button. \n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"sfware-data-recovery.exe","isInstaller":"True","companyName":"SFWare Software                                             ","fileVersion":"2.0","hashMD5":"490d44898a7c30036d46ff30d2cce463","hashSHA1":"be8b584d8443e29ddc9d65091a8104bc742748f0","hashSHA256":"c2771a2e7272c330b8656d3987021efdc29bf5ef1e20ec53be37bf13fa1fbed3","digitalCertThumbprint":"3E009177BF40B8F4F2846DD63F6143B2FDAAACE1","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Versacor Offshore Software Private Limited, O=Versacor Offshore Software Private Limited, L=Bengaluru, S=Karnataka, C=IN, SERIALNUMBER=032151, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=IN","sourceIndex":"702","avBlockList":["Dr.Web Security Space (20240618)","ESET Internet Security (20240618)","K7 Total Security (20240618)","Norton Security (20240618)","Panda Dome (20240618)","Quick Heal Internet Security (20240618)","Sophos Home Premium (20240618)","SpyHunter5 (20240618)","VirIT eXplorer PRO (20240618)","Webroot SecureAnywhere (20240618)"],"avAllowList":["360 Total Security (20240618)","Avast Premium Security (20240618)","AVG Internet Security (20240618)","Avira Internet Security (20240618)","Bitdefender Internet Security (20240618)","COMODO Antivirus (20240618)","G DATA INTERNET SECURITY (20240618)","Kaspersky Internet Security (20240618)","Malwarebytes Premium (20240618)","McAfee Total Protection (20240618)","Total AV Antivirus Pro (20240618)","Trend Micro Internet Security (20240618)","VIPRE Advanced Security (20240618)","Windows Defender (20240618)"]},{"isRevoked":"False","fileName":"sf-recovery.exe","companyName":"SFWare Software","fileVersion":"2.0","hashMD5":"9fa88de3cc33af51c6de34badabb168d","hashSHA1":"b986604a9a668a065e8428a97475d2e43a9ae374","hashSHA256":"303458a659fa75c1c7207029f954244fbaeae64a3650a2fb07b7cdeb5690d6ed","digitalCertThumbprint":"3E009177BF40B8F4F2846DD63F6143B2FDAAACE1","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Versacor Offshore Software Private Limited, O=Versacor Offshore Software Private Limited, L=Bengaluru, S=Karnataka, C=IN, SERIALNUMBER=032151, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=IN","sourceIndex":"702","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"random search for recovery apps","reference":"","landingPage":"https://www.sfware.com/","directDownloadingLink":"https://08dc6b4b17ace69260b6-8cec0142b5ff04d94513603d1b0645ac.ssl.cf2.rackcdn.com/sfware-data-recovery.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://08dc6b4b17ace69260b6-8cec0142b5ff04d94513603d1b0645ac.ssl.cf2.rackcdn.com/sfware-data-recovery.exe","sourceIndex":"702"}],"sampleFiles":["240325/SFWareDataRecoverySoftware-240322/2.0.0.1/Samples/sfware-data-recovery.exe","240325/SFWareDataRecoverySoftware-240322/2.0.0.1/Samples/sf-recovery.exe"],"imageFiles":["240325/SFWareDataRecoverySoftware-240322/2.0.0.1/Images/ACR-004/ACR-004_Software_1.png","240325/SFWareDataRecoverySoftware-240322/2.0.0.1/Images/ACR-004/ACR-004_Software_2.png","240325/SFWareDataRecoverySoftware-240322/2.0.0.1/Images/ACR-014/ACR-014_Software_1.png","240325/SFWareDataRecoverySoftware-240322/2.0.0.1/Images/ACR-014/ACR-014_Software_2.png"],"nonDeceptorImageFiles":[],"guid":"f767d021-f485-427e-b50f-aa26b6eefef1_2.0.0.1_1","appID":"SFWareDataRecoverySoftware-240322","dateAdded":"240325","deceptorType":"App","name":"SFWare Data Recovery Software","company":"SFWare Software","version":"2.0.0.1","lastKnownStatus":"2.0.0.1","lastKnownDate":"240325","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10,Windows 11","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,paid","lastUpdate":"2024-03-26T01:10:50.7830681+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":681},{"violations":{"ACR-109":"The app downloads \"spt_setup.exe\", a RelevantKnowledge file without the consumer's consent.\n\n","ACR-048":"The \"Decline\" button does not have any control. Upon clicking the button, it drops a RelevantKnowledge file “spt_setup.exe” regardless.\n\n","ACR-010":"The app distributes deceptor application. The offer in this app, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control. \n\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software\n","ACR-118":"Upon uninstallation, it retains some executables and many of its other components along with a \"curl-ca-bundle.crt\" and other components on the device without user's knowledge.\n\n","ACR-057":"The app bundles the \"Relevant Knowledge\" offer which does not allow the consumer to decline the offer. \n\n","ACR-071":"It attempts to force the acceptance of \"Relevant Knowledge\" by graying out the Next button when the user choose to Decline. Thus, forcing the user to only accept the offer and proceed with the installation.\n\n","ACR-059":"Offer not clearly marked as an offer. Instead, it is presented as a component of the carrier.\n\n","ACR-155":"Offers are designed to look like part of the install workflow. \n\n"},"nonDeceptorViolations":{"ACR-106":"App offers deceptive application 'Relevant Knowledge market survey'. \n\n","ACR-123":"The app does not remove an dropped root certificates even after uninstalling\n"},"samples":[{"isRevoked":"False","fileName":"imageconverter_setup.exe","isInstaller":"True","companyName":"zxt2007.com                                                 ","productName":"Best Free Image Converter                                   ","productVersion":"7.1.1.0                                           ","fileVersion":"7.1.1.0             ","hashMD5":"486132c040c7e1eb7af71bfeed4b2295","hashSHA1":"2529061f5e0d01ae90eaa00d632d9d9d95e4b399","hashSHA256":"31a81c4f0f1a723d8229bb03e979f5ca02aada9ef23091e476cbf66f0e917b52","digitalCertThumbprint":"712DF3A60A8F334303B1E517176B87B88C7C25D5","digitalCertIssuer":"Sectigo Public Code Signing CA R36","digitalCertIssuedTo":"张晓彤","storeId":"","sourceIndex":"707","avBlockList":["360 Total Security (20240618)","Avast Premium Security (20240618)","AVG Internet Security (20240618)","Avira Internet Security (20240618)","Bitdefender Internet Security (20240618)","COMODO Antivirus (20240618)","Dr.Web Security Space (20240618)","ESET Internet Security (20240618)","G DATA INTERNET SECURITY (20240618)","K7 Total Security (20240618)","Kaspersky Internet Security (20240618)","Malwarebytes Premium (20240618)","McAfee Total Protection (20240618)","Norton Security (20240618)","Panda Dome (20240618)","Quick Heal Internet Security (20240618)","Sophos Home Premium (20240618)","SpyHunter5 (20240618)","Total AV Antivirus Pro (20240618)","VirIT eXplorer PRO (20240618)","Webroot SecureAnywhere (20240618)"],"avAllowList":["Trend Micro Internet Security (20240618)","VIPRE Advanced Security (20240618)","Windows Defender (20240618)"]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on windows app","reference":"","landingPage":"http://en.zxt2007.com/picture-tools/imageconverter.html","directDownloadingLink":"en.zxt2007.com/download/imageconverter_setup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"en.zxt2007.com/download/imageconverter_setup.exe","sourceIndex":"707"}],"sampleFiles":["240321/BestFreeImageConverter-220607/7.1.1.0/Samples/imageconverter_setup.exe"],"imageFiles":["240321/BestFreeImageConverter-220607/7.1.1.0/Images/ACR-109/ACR-109.PNG","240321/BestFreeImageConverter-220607/7.1.1.0/Images/ACR-048/ACR-048.PNG","240321/BestFreeImageConverter-220607/7.1.1.0/Images/ACR-010/ACR-010.PNG","240321/BestFreeImageConverter-220607/7.1.1.0/Images/ACR-118/ACR-118.PNG","240321/BestFreeImageConverter-220607/7.1.1.0/Images/ACR-057/ACR-057.PNG","240321/BestFreeImageConverter-220607/7.1.1.0/Images/ACR-059/ACR-059.PNG","240321/BestFreeImageConverter-220607/7.1.1.0/Images/ACR-071/ACR-071.PNG","240321/BestFreeImageConverter-220607/7.1.1.0/Images/ACR-155/ACR-155.PNG","240321/BestFreeImageConverter-220607/7.1.1.0/Images/ACR-013/ACR-013.PNG","240321/BestFreeImageConverter-220607/7.1.1.0/Images/ACR-060/ACR-060.PNG"],"nonDeceptorImageFiles":["240321/BestFreeImageConverter-220607/7.1.1.0/Images/ACR-106/ACR-106.PNG","240321/BestFreeImageConverter-220607/7.1.1.0/Images/ACR-123/ACR-123.PNG"],"guid":"b7541cf1-f001-41d2-bcb3-10f1ba7a3222_7.1.1.0_1","appID":"BestFreeImageConverter-220607","dateAdded":"240321","deceptorType":"App","name":"Best Free Image Converter","company":"zxt2007.com","version":"7.1.1.0","lastKnownStatus":"5.1.5.1;6.6.0.0;7.1.1.0","lastKnownDate":"240321","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows Vista,Windows XP,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"cross-sell other apps,sold in bundle","lastUpdate":"2024-03-21T16:54:48.8699559+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":3,"sortOrder":682},{"violations":{"ACR-109":"The app downloads \"spt_setup.exe\", a RelevantKnowledge file without the consumer's consent.\n\n","ACR-042":"The app drops the Root Certificate files before obtaining the consumer's permission through explicit user action in the installation prompt \n","ACR-043":"The app drops the Root Certificate files without disclosing in during installation \n","ACR-048":"The \"Decline\" button does not have any control. Upon clicking the button, it drops a RelevantKnowledge file “spt_setup.exe” regardless.\n\n","ACR-007":"The app does not obtain user consent for dropping the Root Certificate files to reduce the consumer's security posture caused by the installation prompt.\n","ACR-010":"The app distributes deceptor application. The offer in this app, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control. \n\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software\n","ACR-118":"Upon uninstallation, it retains some executables and many of its other components along with a \"curl-ca-bundle.crt\" and other components on the device without user's knowledge.\n\n","ACR-057":"The app bundles the \"Relevant Knowledge\" offer which does not allow the consumer to decline the offer. \n\n","ACR-071":"It attempts to force the acceptance of \"Relevant Knowledge\" by graying out the Next button when the user choose to Decline. Thus, forcing the user to only accept the offer and proceed with the installation.\n\n","ACR-059":"Offer not clearly marked as an offer. Instead, it is presented as a component of the carrier.\n\n","ACR-155":"Offers are designed to look like part of the install workflow. \n\n"},"nonDeceptorViolations":{"ACR-045":"The app does not describe clearly and straightforwardly what effect is caused to the user's system due to the dropped Cert file in the installation prompt \n","ACR-106":"App offers deceptive application 'Relevant Knowledge market survey'. \n\n","ACR-092":" The main executable does not have a digital signature\n\n","ACR-123":"The app does not remove an dropped root certificates even after uninstalling\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\Best Free Image Converter\\PConverter.exe","companyName":"zxt2007.com","productName":"Best Free Image Converter","productVersion":"6.6.0.0","fileVersion":"6.6.0.0","hashMD5":"d54fce7cef588929c2580a25601662f2","hashSHA1":"8eb5aec439910b4a3c25d1128032aa958bbee8de","hashSHA256":"8c2804a34618c1f99d3e1a72f563d7433f0b4edbe6f8fbf8d1cf173181bd3bbe","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1076","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"imageconverter_setup.exe","isInstaller":"True","companyName":"zxt2007.com                                                 ","productName":"Best Free Image Converter                                   ","productVersion":"6.6.0.0                                           ","fileVersion":"6.6.0.0             ","hashMD5":"2115e219ff93c9935bc2598b47ecce72","hashSHA1":"51fb4ad79139e01ca017a36105f27effa326c847","hashSHA256":"ecf0807287f00693302ab06ab7d7aec4b2feafcfe48c90496470b8ad855660bb","digitalCertThumbprint":"712DF3A60A8F334303B1E517176B87B88C7C25D5","digitalCertIssuer":"Sectigo Public Code Signing CA R36","digitalCertIssuedTo":"张晓彤","storeId":"","sourceIndex":"1076","avBlockList":["360 Total Security (20240416)","Avast Premium Security (20240416)","AVG Internet Security (20240416)","Avira Internet Security (20240416)","Bitdefender Internet Security (20240416)","COMODO Antivirus (20240416)","Dr.Web Security Space (20240416)","ESET Internet Security (20240416)","G DATA INTERNET SECURITY (20240416)","K7 Total Security (20240416)","Kaspersky Internet Security (20240416)","Malwarebytes Premium (20240416)","McAfee Total Protection (20240416)","Norton Security (20240416)","Panda Dome (20240416)","Quick Heal Internet Security (20240416)","Sophos Home Premium (20240416)","SpyHunter5 (20240416)","Total AV Antivirus Pro (20240416)","VIPRE Advanced Security (20240416)","VirIT eXplorer PRO (20240416)","Webroot SecureAnywhere (20240416)"],"avAllowList":["Trend Micro Internet Security (20240416)","Windows Defender (20240416)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.search: Free tools","reference":"","landingPage":"http://en.zxt2007.com/picture-tools/imageconverter.html","directDownloadingLink":"http://en.zxt2007.com/download.php?id=imageconverter_setup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://en.zxt2007.com/download.php?id=imageconverter_setup.exe","sourceIndex":"1076"}],"sampleFiles":["230531/BestFreeImageConverter-220607/6.6.0.0/Samples/imageconverter_setup.exe"],"imageFiles":["230531/BestFreeImageConverter-220607/6.6.0.0/Images/ACR-109/ACR-109.JPG","230531/BestFreeImageConverter-220607/6.6.0.0/Images/ACR-043/ACR-043.JPG","230531/BestFreeImageConverter-220607/6.6.0.0/Images/ACR-042/ACR-042.JPG","230531/BestFreeImageConverter-220607/6.6.0.0/Images/ACR-048/ACR-048.JPG","230531/BestFreeImageConverter-220607/6.6.0.0/Images/ACR-007/ACR-007.JPG","230531/BestFreeImageConverter-220607/6.6.0.0/Images/ACR-010/ACR-010.JPG","230531/BestFreeImageConverter-220607/6.6.0.0/Images/ACR-118/ACR-118.JPG","230531/BestFreeImageConverter-220607/6.6.0.0/Images/ACR-057/ACR-057.JPG","230531/BestFreeImageConverter-220607/6.6.0.0/Images/ACR-059/ACR-059.JPG","230531/BestFreeImageConverter-220607/6.6.0.0/Images/ACR-071/ACR-071.JPG","230531/BestFreeImageConverter-220607/6.6.0.0/Images/ACR-155/ACR-155.JPG","230531/BestFreeImageConverter-220607/6.6.0.0/Images/ACR-013/ACR-013.JPG","230531/BestFreeImageConverter-220607/6.6.0.0/Images/ACR-060/ACR-060.JPG"],"nonDeceptorImageFiles":["230531/BestFreeImageConverter-220607/6.6.0.0/Images/ACR-045/ACR-045.JPG","230531/BestFreeImageConverter-220607/6.6.0.0/Images/ACR-106/ACR-106.JPG","230531/BestFreeImageConverter-220607/6.6.0.0/Images/ACR-092/ACR-092.JPG","230531/BestFreeImageConverter-220607/6.6.0.0/Images/ACR-123/ACR-123.JPG"],"guid":"b7541cf1-f001-41d2-bcb3-10f1ba7a3222_6.6.0.0_1","appID":"BestFreeImageConverter-220607","dateAdded":"240321","deceptorType":"App","name":"Best Free Image Converter","company":"zxt2007.com","version":"6.6.0.0","lastKnownStatus":"5.1.5.1;6.6.0.0;7.1.1.0","lastKnownDate":"240321","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows Vista,Windows XP,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"cross-sell other apps,sold in bundle","lastUpdate":"2024-03-21T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":3,"sortOrder":683},{"violations":{"ACR-109":"The app downloads \"spt_setup.exe\", a RelevantKnowledge file without the consumer's consent.\n\n","ACR-048":"The \"Decline\" button does not have any control. Upon clicking the button, it drops a RelevantKnowledge file “spt_setup.exe” regardless.\n\n","ACR-010":"The app distributes deceptor application. The offer in this app, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control. \n\n","ACR-118":"Upon uninstallation, it retains some executables and many of its other components along with a \"curl-ca-bundle.crt\" on the device without user's knowledge.\n\n","ACR-057":"The app bundles the \"Relevant Knowledge\" offer which does not allow the consumer to decline the offer. \n\n","ACR-071":"It attempts to force the acceptance of \"Relevant Knowledge\" by graying out the Next button when the user choose to Decline. Thus, forcing the user to only accept the offer and proceed with the installation.\n\n","ACR-059":"Offer not clearly marked as an offer. Instead, it is presented as a component of the carrier.\n\n","ACR-155":"Offers are designed to look like part of the install workflow. \n\n"},"nonDeceptorViolations":{"ACR-065":"Carrier app has no EULA screen. The first offer's (Relevant Knowledge) EULA misleads consumers into thinking it is the EULA for the carrier app.\n\n","ACR-106":"App offers deceptive application 'Relevant Knowledge market survey'. \n\n","ACR-092":" The main executable has untrusted root certificate. \n\n"},"samples":[{"isRevoked":"False","fileName":"imageconverter_setup.exe","isInstaller":"True","companyName":"zxt2007.com                                                 ","productName":"Best Free Image Converter          ","productVersion":"5.1.5.1 ","fileVersion":"5.1.5.1 ","hashMD5":"033bdaca8bd6b538b68feb0a1ab26062","hashSHA1":"4accd099253820257f938ecb95a9b5028091b787","hashSHA256":"5af63c56e60a60f8f8dd663a0eba5a112cad6e7bef4e97b921adb5e7faaf9614","digitalCertThumbprint":"F9283AF7C9A41620F82A6E97A447E47D12070ABB","digitalCertIssuer":"CN=TalentPersonal","digitalCertIssuedTo":"CN=TalentPersonal","sourceIndex":"1570","avBlockList":["360 Total Security (20240326)","Avast Premium Security (20240326)","AVG Internet Security (20240326)","Avira Internet Security (20240326)","Bitdefender Internet Security (20240326)","COMODO Antivirus (20240326)","Dr.Web Security Space (20240326)","ESET Internet Security (20240326)","G DATA INTERNET SECURITY (20240326)","K7 Total Security (20240326)","Kaspersky Internet Security (20240326)","Malwarebytes Premium (20240326)","McAfee Total Protection (20240326)","Norton Security (20240326)","Panda Dome (20240326)","Sophos Home Premium (20240326)","SpyHunter5 (20240326)","Total AV Antivirus Pro (20240326)","VIPRE Advanced Security (20240326)","VirIT eXplorer PRO (20240326)","Webroot SecureAnywhere (20240326)","Windows Defender (20240326)"],"avAllowList":["Quick Heal Internet Security (20240326)","Tencent PC Manager (20220728)","Trend Micro Internet Security (20240326)"]},{"isRevoked":"False","fileName":"PConverter.exe","companyName":"ZXT2007.com","productName":"Best Free Image Converter          ","fileVersion":"5.1.5.1 ","hashMD5":"ef4d2314b152218b7ad6ca0be93babb5","hashSHA1":"9eefc834c17522e33d0da8c3e2220245a45f5cd9","hashSHA256":"8e383b0175a85a1ab0e7e158ca8d7ed9ced899521231874e88468d384a5ee0f8","digitalCertThumbprint":"F9283AF7C9A41620F82A6E97A447E47D12070ABB","digitalCertIssuer":"CN=TalentPersonal","digitalCertIssuedTo":"CN=TalentPersonal","sourceIndex":"1570","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.search: Free tools","reference":"","landingPage":"http://en.zxt2007.com/picture-tools/imageconverter.html","directDownloadingLink":"http://en.zxt2007.com/download.php?id=imageconverter_setup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://en.zxt2007.com/download.php?id=imageconverter_setup.exe","sourceIndex":"1570"}],"sampleFiles":["220607/BestFreeImageConverter-220607/5.1.5.1/Samples/imageconverter_setup.exe","220607/BestFreeImageConverter-220607/5.1.5.1/Samples/PConverter.exe"],"imageFiles":["220607/BestFreeImageConverter-220607/5.1.5.1/Images/ACR-109/ACR-109_048_RKSetup.jpg","220607/BestFreeImageConverter-220607/5.1.5.1/Images/ACR-048/ACR-109_048_RKSetup.jpg","220607/BestFreeImageConverter-220607/5.1.5.1/Images/ACR-010/RelevantKnowledge.jpg","220607/BestFreeImageConverter-220607/5.1.5.1/Images/ACR-118/ACR-118_Remnants.jpg","220607/BestFreeImageConverter-220607/5.1.5.1/Images/ACR-057/RelevantKnowledge.jpg","220607/BestFreeImageConverter-220607/5.1.5.1/Images/ACR-059/RelevantKnowledge.jpg","220607/BestFreeImageConverter-220607/5.1.5.1/Images/ACR-071/RelevantKnowledge.jpg","220607/BestFreeImageConverter-220607/5.1.5.1/Images/ACR-155/RelevantKnowledge.jpg"],"nonDeceptorImageFiles":["220607/BestFreeImageConverter-220607/5.1.5.1/Images/ACR-065/RelevantKnowledge.jpg","220607/BestFreeImageConverter-220607/5.1.5.1/Images/ACR-106/RelevantKnowledge.jpg","220607/BestFreeImageConverter-220607/5.1.5.1/Images/ACR-092/ACR-092_UntrustedRC.jpg"],"guid":"b7541cf1-f001-41d2-bcb3-10f1ba7a3222_5.1.5.1_1","appID":"BestFreeImageConverter-220607","dateAdded":"240321","deceptorType":"App","name":"Best Free Image Converter","company":"zxt2007.com","version":"5.1.5.1","lastKnownStatus":"5.1.5.1;6.6.0.0;7.1.1.0","lastKnownDate":"240321","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows Vista,Windows XP,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"cross-sell other apps,sold in bundle","lastUpdate":"2024-03-21T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":3,"sortOrder":684},{"violations":{"ACR-109":"The app downloads \"spt_setup.exe\", a RelevantKnowledge file without the consumer's consent\n","ACR-048":"The \"Decline\" button does not have any control, drops a RelevantKnowledge file “spt_setup.exe” regardless. \n","ACR-010":"The app bundler distributes deceptor application. The offer in this bundler, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control. \n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software\n","ACR-118":"Upon uninstallation, it leaves its other components along with a \"curl-ca-bundle.crt\" and other components on the device without user's knowledge. \n","ACR-057":"The app bundles the \"Relevant Knowledge\" offer which does not allow the consumer to decline the offer. \n","ACR-071":"It attempts to force the acceptance of \"Relevant Knowledge\" by graying out the Next button when the user choose to Decline. Thus, forcing the user to only accept the offer and proceed with the installation.\n","ACR-059":"Offer not clearly marked as an offer. Instead, it is presented as a component of the carrier.\n","ACR-155":"Offers are designed to look like part of the install workflow. \n"},"nonDeceptorViolations":{"ACR-106":"App offers non declinable  unwanted application 'Relevant Knowledge market survey\".\n"},"samples":[{"isRevoked":"False","fileName":"minicadviewer_setup.exe","isInstaller":"True","companyName":"zxt2007.com                                                 ","productName":"Mini CAD Viewer                                             ","productVersion":"3.6.1.0                                           ","fileVersion":"3.6.1.0             ","hashMD5":"a18a2e8327aff3f1767f791778c18679","hashSHA1":"b2f0f90c34a9b5a76b364b820c45616c26800ae7","hashSHA256":"323e498d5b57722dbc54f970f165151b806f1891db060945e5a4f37aaddb467c","digitalCertThumbprint":"712DF3A60A8F334303B1E517176B87B88C7C25D5","digitalCertIssuer":"Sectigo Public Code Signing CA R36","digitalCertIssuedTo":"张晓彤","storeId":"","sourceIndex":"708","avBlockList":["360 Total Security (20240625)","Avast Premium Security (20240625)","AVG Internet Security (20240625)","Avira Internet Security (20240625)","Bitdefender Internet Security (20240625)","COMODO Antivirus (20240625)","Dr.Web Security Space (20240625)","ESET Internet Security (20240625)","G DATA INTERNET SECURITY (20240625)","K7 Total Security (20240625)","Kaspersky Internet Security (20240625)","Malwarebytes Premium (20240625)","McAfee Total Protection (20240625)","Norton Security (20240625)","Panda Dome (20240625)","Sophos Home Premium (20240625)","SpyHunter5 (20240625)","Total AV Antivirus Pro (20240625)","Trend Micro Internet Security (20240625)","VirIT eXplorer PRO (20240625)","Webroot SecureAnywhere (20240625)","Windows Defender (20240625)"],"avAllowList":["Quick Heal Internet Security (20240625)","VIPRE Advanced Security (20240625)"]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on windows app","reference":"","landingPage":"https://en.zxt2007.com/picture-tools/minicadviewer.html","directDownloadingLink":"https://en.zxt2007.com/download/minicadviewer_setup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://en.zxt2007.com/download/minicadviewer_setup.exe","sourceIndex":"708"}],"sampleFiles":["240320/minicadviewer-230529/3.6.1.0/Samples/minicadviewer_setup.exe"],"imageFiles":["240320/minicadviewer-230529/3.6.1.0/Images/ACR-109/ACR-109.PNG","240320/minicadviewer-230529/3.6.1.0/Images/ACR-048/ACR-048.PNG","240320/minicadviewer-230529/3.6.1.0/Images/ACR-010/ACR-010.PNG","240320/minicadviewer-230529/3.6.1.0/Images/ACR-013/ACR-013.PNG","240320/minicadviewer-230529/3.6.1.0/Images/ACR-118/ACR-118.PNG","240320/minicadviewer-230529/3.6.1.0/Images/ACR-057/ACR-057.PNG","240320/minicadviewer-230529/3.6.1.0/Images/ACR-059/ACR-059.PNG","240320/minicadviewer-230529/3.6.1.0/Images/ACR-060/ACR-060.PNG","240320/minicadviewer-230529/3.6.1.0/Images/ACR-071/ACR-071.PNG","240320/minicadviewer-230529/3.6.1.0/Images/ACR-155/ACR-155.PNG"],"nonDeceptorImageFiles":["240320/minicadviewer-230529/3.6.1.0/Images/ACR-106/ACR-106.PNG"],"guid":"ba0e17c9-3882-47c6-ab70-2d21318c011e_3.6.1.0_1","appID":"minicadviewer-230529","dateAdded":"240320","deceptorType":"Bundler","name":"Mini CAD Viewer","company":"zxt2007.com","version":"3.6.1.0","lastKnownStatus":"3.3.0.0;3.4.0.0;3.6.1.0","lastKnownDate":"240320","type":"Windows Executable","category":"Media editors","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"sold in bundle","lastUpdate":"2024-03-20T16:36:18.4141779+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":3,"sortOrder":685},{"violations":{"ACR-109":"The app downloads \"spt_setup.exe\", a RelevantKnowledge file without the consumer's consent\n","ACR-048":"The \"Decline\" button does not have any control, drops a RelevantKnowledge file “spt_setup.exe” regardless. \n","ACR-010":"The app bundler distributes deceptor application. The offer in this bundler, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control. \n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software\n","ACR-118":"Upon uninstallation, it leaves its other components along with a \"curl-ca-bundle.crt\" and other components on the device without user's knowledge. \n","ACR-057":"The app bundles the \"Relevant Knowledge\" offer which does not allow the consumer to decline the offer. \n","ACR-071":"It attempts to force the acceptance of \"Relevant Knowledge\" by graying out the Next button when the user choose to Decline. Thus, forcing the user to only accept the offer and proceed with the installation.\n","ACR-059":"Offer not clearly marked as an offer. Instead, it is presented as a component of the carrier.\n","ACR-155":"Offers are designed to look like part of the install workflow. \n"},"nonDeceptorViolations":{"ACR-106":"App offers deceptive application 'Relevant Knowledge market survey'.\n","ACR-092":"The main executable is not digitally signed\n"},"samples":[{"isRevoked":"False","fileName":"minicadviewer_setup.exe","isInstaller":"True","companyName":"zxt2007.com                                                 ","productName":"Mini CAD Viewer                                             ","productVersion":"3.4.0.0                                           ","fileVersion":"3.4.0.0             ","hashMD5":"bdf4be85962b79c5804491f35a3f05a6","hashSHA1":"bacc3af774c66761ea7614f8a1c4454f4c2487b6","hashSHA256":"e1a3a0564f53c02abb2fadd9d2db96ccf6bb18cd37fe2d744ab743d105a02d94","digitalCertThumbprint":"712DF3A60A8F334303B1E517176B87B88C7C25D5","digitalCertIssuer":"Sectigo Public Code Signing CA R36","digitalCertIssuedTo":"张晓彤","storeId":"","sourceIndex":"1015","avBlockList":["360 Total Security (20240723)","Avast Premium Security (20240723)","AVG Internet Security (20240723)","Avira Internet Security (20240723)","Bitdefender Internet Security (20240723)","COMODO Antivirus (20240723)","Dr.Web Security Space (20240723)","ESET Internet Security (20240723)","G DATA INTERNET SECURITY (20240723)","K7 Total Security (20240723)","Kaspersky Internet Security (20240723)","Malwarebytes Premium (20240723)","McAfee Total Protection (20240723)","Norton Security (20240723)","Panda Dome (20240723)","Quick Heal Internet Security (20240723)","Sophos Home Premium (20240723)","SpyHunter5 (20240723)","Total AV Antivirus Pro (20240723)","Trend Micro Internet Security (20240723)","VirIT eXplorer PRO (20240723)","Webroot SecureAnywhere (20240723)","FortectPremium (20240723)"],"avAllowList":["VIPRE Advanced Security (20240723)","Windows Defender (20240723)"]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on windows app","reference":"","landingPage":"http://en.zxt2007.com/picture-tools/minicadviewer.html","directDownloadingLink":"http://en.zxt2007.com/download/minicadviewer_setup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://en.zxt2007.com/download/minicadviewer_setup.exe","sourceIndex":"1015"}],"sampleFiles":["230705/minicadviewer-230529/3.4.0.0/Samples/minicadviewer_setup.exe"],"imageFiles":["230705/minicadviewer-230529/3.4.0.0/Images/ACR-109/ACR-109.JPG","230705/minicadviewer-230529/3.4.0.0/Images/ACR-048/ACR-048.JPG","230705/minicadviewer-230529/3.4.0.0/Images/ACR-010/ACR-010.JPG","230705/minicadviewer-230529/3.4.0.0/Images/ACR-013/ACR-013.JPG","230705/minicadviewer-230529/3.4.0.0/Images/ACR-118/ACR-118.JPG","230705/minicadviewer-230529/3.4.0.0/Images/ACR-057/ACR-057.JPG","230705/minicadviewer-230529/3.4.0.0/Images/ACR-059/ACR-059.JPG","230705/minicadviewer-230529/3.4.0.0/Images/ACR-060/ACR-060.JPG","230705/minicadviewer-230529/3.4.0.0/Images/ACR-071/ACR-071.JPG","230705/minicadviewer-230529/3.4.0.0/Images/ACR-155/ACR-155.JPG"],"nonDeceptorImageFiles":["230705/minicadviewer-230529/3.4.0.0/Images/ACR-106/ACR-106.JPG","230705/minicadviewer-230529/3.4.0.0/Images/ACR-092/ACR-092.JPG"],"guid":"ba0e17c9-3882-47c6-ab70-2d21318c011e_3.4.0.0_1","appID":"minicadviewer-230529","dateAdded":"240320","deceptorType":"Bundler","name":"Mini CAD Viewer","company":"zxt2007.com","version":"3.4.0.0","lastKnownStatus":"3.3.0.0;3.4.0.0;3.6.1.0","lastKnownDate":"240320","type":"Windows Executable","category":"Media editors","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"sold in bundle","lastUpdate":"2024-03-20T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":3,"sortOrder":686},{"violations":{"ACR-109":"The app downloads \"spt_setup.exe\", a RelevantKnowledge file without the consumer's consent\n","ACR-042":"The app drops the Root Certificate files before obtaining the consumer's permission through explicit user action in the installation prompt \n","ACR-043":"The app drops the Root Certificate files without disclosing in during installation\n","ACR-048":"The \"Decline\" button does not have any control, drops a RelevantKnowledge file “spt_setup.exe” regardless. \n","ACR-007":"The app does not obtain user consent for dropping the Root Certificate files to reduce the consumer's security posture caused by the installation prompt.\n","ACR-010":"The app bundler distributes deceptor application. The offer in this bundler, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control. \n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software\n","ACR-118":"Upon uninstallation, it leaves its other components along with a \"curl-ca-bundle.crt\" and other components on the device without user's knowledge. \n","ACR-057":"The app bundles the \"Relevant Knowledge\" offer which does not allow the consumer to decline the offer. \n","ACR-071":"It attempts to force the acceptance of \"Relevant Knowledge\" by graying out the Next button when the user choose to Decline. Thus, forcing the user to only accept the offer and proceed with the installation.\n","ACR-059":"Offer not clearly marked as an offer. Instead, it is presented as a component of the carrier.\n","ACR-155":"Offers are designed to look like part of the install workflow. \n"},"nonDeceptorViolations":{"ACR-045":"The app does not describe clearly and straightforwardly what effect is caused to the user's system due to the dropped Cert file in the installation prompt \n","ACR-106":"App offers deceptive application 'Relevant Knowledge market survey'.\n","ACR-092":"The main executable is not digitally signed\n","ACR-123":"The app does not remove an dropped root certificates even after uninstalling\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\Mini CAD Viewer\\MiniCADViewer.exe","companyName":"ZXT2007.com","productName":"Mini CAD Viewer","productVersion":"3.3.0.0","fileVersion":"3.3.0.0","hashMD5":"a4430629f70b2c2f50f40ccf625c11bc","hashSHA1":"562357471fb30c16c9cc1eeb6f134e12b3c6e3e3","hashSHA256":"c913c29360761544f3c9dedbb1e1d10cb1d2621b32d546a549a81408b778f16e","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1077","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"minicadviewer_setup.exe","isInstaller":"True","companyName":"zxt2007.com                                                 ","productName":"Mini CAD Viewer                                             ","productVersion":"3.3.0.0                                           ","fileVersion":"3.3.0.0             ","hashMD5":"91c42d9509111ace98269a991a2f6fb5","hashSHA1":"d774f288f022a3f37bd3e09db20046d71fb49d8c","hashSHA256":"960a2e4339317800009951f95421c9bd121d79cd909e8feecd515d2bc6f32615","digitalCertThumbprint":"712DF3A60A8F334303B1E517176B87B88C7C25D5","digitalCertIssuer":"Sectigo Public Code Signing CA R36","digitalCertIssuedTo":"张晓彤","storeId":"","sourceIndex":"1077","avBlockList":["360 Total Security (20240618)","Avast Premium Security (20240618)","AVG Internet Security (20240618)","Avira Internet Security (20240618)","Bitdefender Internet Security (20240618)","COMODO Antivirus (20240618)","Dr.Web Security Space (20240618)","ESET Internet Security (20240618)","G DATA INTERNET SECURITY (20240618)","Kaspersky Internet Security (20240618)","Malwarebytes Premium (20240618)","McAfee Total Protection (20240618)","Norton Security (20240618)","Panda Dome (20240618)","Sophos Home Premium (20240618)","SpyHunter5 (20240618)","Total AV Antivirus Pro (20240618)","Trend Micro Internet Security (20240618)","VIPRE Advanced Security (20240618)","VirIT eXplorer PRO (20240618)","Webroot SecureAnywhere (20240618)"],"avAllowList":["K7 Total Security (20240618)","Quick Heal Internet Security (20240618)","Windows Defender (20240618)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunted on RK installer","reference":"","landingPage":"http://en.zxt2007.com/picture-tools/minicadviewer.html","directDownloadingLink":"http://en.zxt2007.com/download/minicadviewer_setup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://en.zxt2007.com/download/minicadviewer_setup.exe","sourceIndex":"1077"}],"sampleFiles":["230531/minicadviewer-230529/3.3.0.0/Samples/minicadviewer_setup.exe"],"imageFiles":["230531/minicadviewer-230529/3.3.0.0/Images/ACR-109/ACR-109.JPG","230531/minicadviewer-230529/3.3.0.0/Images/ACR-043/ACR-043.JPG","230531/minicadviewer-230529/3.3.0.0/Images/ACR-042/ACR-042.JPG","230531/minicadviewer-230529/3.3.0.0/Images/ACR-048/ACR-048.JPG","230531/minicadviewer-230529/3.3.0.0/Images/ACR-007/ACR-007.JPG","230531/minicadviewer-230529/3.3.0.0/Images/ACR-010/ACR-010.JPG","230531/minicadviewer-230529/3.3.0.0/Images/ACR-013/ACR-013.JPG","230531/minicadviewer-230529/3.3.0.0/Images/ACR-118/ACR-118.JPG","230531/minicadviewer-230529/3.3.0.0/Images/ACR-057/ACR-057.JPG","230531/minicadviewer-230529/3.3.0.0/Images/ACR-059/ACR-059.JPG","230531/minicadviewer-230529/3.3.0.0/Images/ACR-060/ACR-060.JPG","230531/minicadviewer-230529/3.3.0.0/Images/ACR-071/ACR-071.JPG","230531/minicadviewer-230529/3.3.0.0/Images/ACR-155/ACR-155.JPG"],"nonDeceptorImageFiles":["230531/minicadviewer-230529/3.3.0.0/Images/ACR-045/ACR-045.JPG","230531/minicadviewer-230529/3.3.0.0/Images/ACR-106/ACR-106.JPG","230531/minicadviewer-230529/3.3.0.0/Images/ACR-092/ACR-092.JPG","230531/minicadviewer-230529/3.3.0.0/Images/ACR-123/ACR-123.JPG"],"guid":"ba0e17c9-3882-47c6-ab70-2d21318c011e_3.3.0.0_1","appID":"minicadviewer-230529","dateAdded":"240320","deceptorType":"Bundler","name":"Mini CAD Viewer","company":"zxt2007.com","version":"3.3.0.0","lastKnownStatus":"3.3.0.0;3.4.0.0;3.6.1.0","lastKnownDate":"240320","type":"Windows Executable","category":"Media editors","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"sold in bundle","lastUpdate":"2024-03-20T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":3,"sortOrder":687},{"violations":{"ACR-007":"App does not obtain user consent to reduce the consumer's security posture caused by sharing ip/network connection.\n","ACR-084":"The app hides in the system tray once the installation gets completed.\n","ACR-155":"The GlobalHop SDK is included in the application installation by default without explicitly disclosing its usage and impacts to user's system in separate prompt. \n"},"nonDeceptorViolations":{"ACR-040":"The app installs all files to a different location <C:\\Users\\User\\AppData\\Roaming\\Roaming\\decacopy> instead of the standard location.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Users\\User\\AppData\\Roaming\\Roaming\\decacopy\\Decacopy.exe","companyName":"","productName":"","productVersion":"1.2.5.2","fileVersion":"1.2.5.2","hashMD5":"c173b119e951ac2ff52c83b1783703b8","hashSHA1":"1afbfc9831d62a9bfa7737fed659be94c1b55ec7","hashSHA256":"8a29d548a2e9bd774587945b4b179501fa786ebc1bb58eeb1a65066146bb715d","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"592","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"decacopy.exe","isInstaller":"True","companyName":"Globalhop                                                   ","productName":"Decacopy Lite                                               ","productVersion":"1.2.5.2                                           ","fileVersion":"                    ","hashMD5":"aae68e4b8614540ef68134fca3532bf1","hashSHA1":"02e8cef3df4d009c07b3a3b7e24a3ddebbbf6157","hashSHA256":"ec8d51ad6e5cbd9b807350299346ec6d9d1813e11b6a9e14fdadc885625ccca4","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"592","avBlockList":["360 Total Security (20240618)","Avast Premium Security (20240618)","AVG Internet Security (20240618)","Avira Internet Security (20240618)","ESET Internet Security (20240618)","G DATA INTERNET SECURITY (20240618)","Kaspersky Internet Security (20240618)","Malwarebytes Premium (20240618)","McAfee Total Protection (20240618)","Norton Security (20240618)","Panda Dome (20240618)","Sophos Home Premium (20240618)","SpyHunter5 (20240618)","Total AV Antivirus Pro (20240618)","VirIT eXplorer PRO (20240618)","Webroot SecureAnywhere (20240618)"],"avAllowList":["Bitdefender Internet Security (20240618)","COMODO Antivirus (20240618)","Dr.Web Security Space (20240618)","K7 Total Security (20240618)","Quick Heal Internet Security (20240618)","Tencent PC Manager (20220602)","Trend Micro Internet Security (20240618)","VIPRE Advanced Security (20240618)","Windows Defender (20240618)"]}],"additionalFiles":[],"sources":[{"howFound":"Globalhop SDK","reference":"","landingPage":"https://download.cnet.com/Decacopy-Lite-Clipboard-Manager/3000-2384_4-78625932.html","directDownloadingLink":"https://download.cnet.com/Decacopy-Lite-Clipboard-Manager/3001-2384_4-78625932.html","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://download.cnet.com/Decacopy-Lite-Clipboard-Manager/3001-2384_4-78625932.html","sourceIndex":"592"},{"howFound":"","reference":"","landingPage":"https://www.decacopy.com/","ipv4":"","ipv6":"","sourceIndex":"593"}],"sampleFiles":["240319/Decacopy-220524/1.2.5.2/Samples/decacopy.exe"],"imageFiles":["240319/Decacopy-220524/1.2.5.2/Images/ACR-007/ACR-007_Install.JPG","240319/Decacopy-220524/1.2.5.2/Images/ACR-084/ACR-084_Software.JPG","240319/Decacopy-220524/1.2.5.2/Images/ACR-155/ACR-155_InbundlOffers.JPG"],"nonDeceptorImageFiles":["240319/Decacopy-220524/1.2.5.2/Images/ACR-040/ACR-040_Install.JPG"],"guid":"d5401aee-64e7-47bc-9132-898aaad1d63f_1.2.5.2_1","appID":"Decacopy-220524","dateAdded":"240319","deceptorType":"App","name":"Decacopy","company":"Globalhop Ltd","version":"1.2.5.2","firstVendorContactDate":"240604","firstResolvedDate":"240717","lastKnownStatus":"1.2.5.2","lastKnownDate":"240717","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2024-07-17T21:45:51.1634085+00:00","notDistributed":true,"familyName":"Globalhop","numInFamily":17,"numInAppID":1,"sortOrder":256},{"violations":{"ACR-007":"The app does not obtain user explicit consent which reduces the consumer's security posture caused by sharing internet resources. \nThe app does not display explicit notification about the potential risk in security posture caused by sharing network connection when the app is re-enabled at least for the 1st time.\n","ACR-084":"The process keeps running in the background despite disabling app and connection option. There is no clear control for borrowing resource.\n","ACR-155":"The GlobalHop SDK is included in the application installation by default without explicitly disclosing its usage and impacts on the user's system on a separate prompt.\n"},"nonDeceptorViolations":{"ACR-040":"The app installs itself by default in a hidden path \"%AppData%\\Local\\Programs\\\"\n"},"samples":[{"isRevoked":"False","fileName":"setuptaskbarify.exe","isInstaller":"True","companyName":"Taskbarify                                                  ","fileVersion":"1.0","hashMD5":"ea31f087b2a513e548b24db65c93c739","hashSHA1":"7b869a17e256cb18e4b6007888b4174d1bc057b3","hashSHA256":"51abded2d54d4b8c78cd9197b0ce55dbc94c7a52ccf67edffe721d4e1de5b59f","digitalCertThumbprint":"1BB26C027214454F668B780B3DB025E3E81B0307","digitalCertIssuer":"CN=Sectigo Public Code Signing CA EV R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=Cleversort FZ-LLC, O=Cleversort FZ-LLC, S=Ra’s al Khaymah, C=AE, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=AE, SERIALNUMBER=11478657","sourceIndex":"596","avBlockList":["360 Total Security (20240618)","Avast Premium Security (20240618)","AVG Internet Security (20240618)","Avira Internet Security (20240618)","Bitdefender Internet Security (20240618)","ESET Internet Security (20240618)","G DATA INTERNET SECURITY (20240618)","K7 Total Security (20240618)","Kaspersky Internet Security (20240618)","Malwarebytes Premium (20240618)","Norton Security (20240618)","Panda Dome (20240618)","Quick Heal Internet Security (20240618)","Sophos Home Premium (20240618)","SpyHunter5 (20240618)","Total AV Antivirus Pro (20240618)","Trend Micro Internet Security (20240618)","VIPRE Advanced Security (20240618)","VirIT eXplorer PRO (20240618)","Webroot SecureAnywhere (20240618)"],"avAllowList":["COMODO Antivirus (20240618)","Dr.Web Security Space (20240618)","McAfee Total Protection (20240618)","Windows Defender (20240618)"]}],"additionalFiles":[],"sources":[{"howFound":"proxyware apps, globalhop","reference":"","landingPage":"https://taskbarify.com/","directDownloadingLink":"https://taskbarify.com/download/setuptaskbarify.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://taskbarify.com/download/setuptaskbarify.exe","sourceIndex":"596"}],"sampleFiles":["240315/Taskbarify-240315/1.0.1.0/Samples/setuptaskbarify.exe"],"imageFiles":["240315/Taskbarify-240315/1.0.1.0/Images/ACR-007/ACR-007_Install_1.png","240315/Taskbarify-240315/1.0.1.0/Images/ACR-007/ACR-007_Install_2.png","240315/Taskbarify-240315/1.0.1.0/Images/ACR-084/ACR-084_Software_1.png","240315/Taskbarify-240315/1.0.1.0/Images/ACR-084/ACR-084_Software_2.png","240315/Taskbarify-240315/1.0.1.0/Images/ACR-007/setuptaskbarify.gif","240315/Taskbarify-240315/1.0.1.0/Images/ACR-155/ACR-155_Bundler-made offers_1.png","240315/Taskbarify-240315/1.0.1.0/Images/ACR-155/ACR-155_Bundler-made offers_2.png"],"nonDeceptorImageFiles":["240315/Taskbarify-240315/1.0.1.0/Images/ACR-040/ACR-040_Install_1.png"],"guid":"263eec42-2e7a-46ff-9a26-820ff16335ee_1.0.1.0_1","appID":"Taskbarify-240315","dateAdded":"240315","deceptorType":"App","name":"Taskbarify","company":"Globalhop","version":"1.0.1.0","firstVendorContactDate":"240531","firstAppEsteemReplyDate":"240604","firstResolvedDate":"240712","firstResolvedVersion":"1.0.3.0","resolved":"TRUE","lastKnownStatus":"1.0.1.0","lastKnownDate":"240712","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10,Windows 11","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"net proxy","lastUpdate":"2024-07-12T21:25:34.0502863+00:00","notDistributed":false,"familyName":"Globalhop","numInFamily":17,"numInAppID":1,"sortOrder":257},{"violations":{"ACR-007":"The app does not obtain user explicit consent which reduces the consumer's security posture caused by sharing internet resources.\nThe app does not display explicit notification about the potential risk in security posture caused by sharing network connection when the app is re-enabled at least for the 1st time.\n","ACR-084":"The process keeps running in the background despite disabling app and connection option. There is no clear control for borrowing resource. \n","ACR-155":"The GlobalHop SDK is included in the application installation by default without explicitly disclosing its usage and impacts on the user's system on a separate prompt. \n"},"nonDeceptorViolations":{"ACR-040":"The app installs itself by default in a hidden path \"%AppData%\\Local\\Programs\\\" \n"},"samples":[{"isRevoked":"False","fileName":"Barousel-setup.exe","isInstaller":"True","companyName":"Barousel                                                    ","fileVersion":"1.0","hashMD5":"9ab1976f7ec064a90b4a1226fcf529ac","hashSHA1":"4db4dacc4e5f81968edc1effdfaad17ecbf2aa92","hashSHA256":"5af626495e7f9790e9ef30578a15834aefa5cb4278da8e926f73f701a5419722","digitalCertThumbprint":"C6D0201889888E307CC1525F1F2304ADC3676DD5","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Cleversort FZ-LLC, O=Cleversort FZ-LLC, L=Ras-Al-Khaimah, S=Ras-Al-Khaimah, C=AE, SERIALNUMBER=46000244, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.2=Ras Al Khaimah, OID.1.3.6.1.4.1.311.60.2.1.3=AE","sourceIndex":"601","avBlockList":["360 Total Security (20240620)","Avast Premium Security (20240620)","AVG Internet Security (20240620)","Avira Internet Security (20240620)","Bitdefender Internet Security (20240620)","ESET Internet Security (20240620)","G DATA INTERNET SECURITY (20240620)","K7 Total Security (20240620)","Kaspersky Internet Security (20240620)","Malwarebytes Premium (20240620)","McAfee Total Protection (20240620)","Norton Security (20240620)","Panda Dome (20240620)","Quick Heal Internet Security (20240620)","Sophos Home Premium (20240620)","SpyHunter5 (20240620)","Total AV Antivirus Pro (20240620)","Trend Micro Internet Security (20240620)","VIPRE Advanced Security (20240620)","VirIT eXplorer PRO (20240620)","Webroot SecureAnywhere (20240620)"],"avAllowList":["COMODO Antivirus (20240620)","Dr.Web Security Space (20240620)","Windows Defender (20240620)"]}],"additionalFiles":[],"sources":[{"howFound":"proxyware apps, globalhop","reference":"","landingPage":"https://www.barousel.com/","directDownloadingLink":"https://www.barousel.com/download/Barousel.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.barousel.com/download/Barousel.exe","sourceIndex":"601"}],"sampleFiles":["240312/Barousel-240312/1.0.2.0/Samples/Barousel-setup.exe"],"imageFiles":["240312/Barousel-240312/1.0.2.0/Images/ACR-007/ACR-007_Install_1.png","240312/Barousel-240312/1.0.2.0/Images/ACR-084/ACR-084_Software_1.png","240312/Barousel-240312/1.0.2.0/Images/ACR-084/ACR-084_Software_2.png","240312/Barousel-240312/1.0.2.0/Images/ACR-007/barousel.mp4","240312/Barousel-240312/1.0.2.0/Images/ACR-155/ACR-155_Bundler-made offers_1.png","240312/Barousel-240312/1.0.2.0/Images/ACR-155/ACR-155_Bundler-made offers_2.png"],"nonDeceptorImageFiles":["240312/Barousel-240312/1.0.2.0/Images/ACR-040/ACR-040_Install_1.png"],"guid":"80125939-43c5-4c80-9428-47eb846fd470_1.0.2.0_1","appID":"Barousel-240312","dateAdded":"240312","deceptorType":"App","name":"Barousel","company":"Globalhop","version":"1.0.2.0","firstVendorContactDate":"240531","firstAppEsteemReplyDate":"240604","firstResolvedDate":"240712","firstResolvedVersion":"1.0.6.0","resolved":"TRUE","lastKnownStatus":"1.0.2.0","lastKnownDate":"240312","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10,Windows 11","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"net proxy,none","lastUpdate":"2024-07-12T21:13:13.0745214+00:00","notDistributed":false,"familyName":"Globalhop","numInFamily":17,"numInAppID":1,"sortOrder":260},{"violations":{"ACR-048":"The App does not provide an option to cancel the startup of its own. It also runs silently in the background which can make it difficult to disable or uninstall the app completely. Elements are also located  hidden folders making it a challenge for ordinary users to remove it manually. \n","ACR-007":"App does not obtain user consent to reduce the consumer's security posture caused by sharing ip/network connection \n","ACR-084":"The app runs silently in the background and runs in the system tray immediately after installation hiding the fact that it is active from the consumer. It also creates a startup entry without the user's knowledge and consent.\n","ACR-155":"The GlobalHop SDK is included in the application installation by default without explicitly disclosing its usage and impacts to user's system in separate prompt. \n"},"nonDeceptorViolations":{"ACR-040":"The App installs itself by default in a hidden folder Appdata/Local/Programs\n","ACR-099":"The application does not display links to uninstall information. \nLanding page does not display links to uninstall information. \n"},"samples":[{"isRevoked":"False","fileName":"TaskbarSystem.exe1","productName":"Taskbar system    ","fileVersion":"1.0","hashMD5":"78277c5729caed0f1b41994e68f44c0f","hashSHA1":"8a9f3b789f9aa2af36c8ba48a99f3a210b55492c","hashSHA256":"a579b7c030d8b301d42487725eaa0718baf1b2e8401879a04f076fd5c7c7bf51","digitalCertThumbprint":"D042AEC9E0D8D497818C2C3BD2E1CE562C04C3A5","digitalCertIssuer":"CN=DigiCert SHA2 Assured ID Code Signing CA, OU=www.digicert.com, O=DigiCert Inc, C=US","digitalCertIssuedTo":"CN=Globalhop Ltd TOO, O=Globalhop Ltd TOO, L=Almaty, C=KZ","sourceIndex":"1511","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"taskbarsystem-setup.exe1","isInstaller":"True","companyName":"Taskbar system                                              ","productName":"Taskbar system           ","fileVersion":"1.0","hashMD5":"fa22ea3bcf63f1bfb0773dc5771b32ac","hashSHA1":"fd4893dfa4445626a797aaf520a4d7f3c76da1b8","hashSHA256":"7f414d8546d87b96cd55148442265f31b6ab25bba3769cc0165ec2d66dabed9a","digitalCertThumbprint":"D042AEC9E0D8D497818C2C3BD2E1CE562C04C3A5","digitalCertIssuer":"CN=DigiCert SHA2 Assured ID Code Signing CA, OU=www.digicert.com, O=DigiCert Inc, C=US","digitalCertIssuedTo":"CN=Globalhop Ltd TOO, O=Globalhop Ltd TOO, L=Almaty, C=KZ","sourceIndex":"1511","avBlockList":["360 Total Security (20240425)","Avast Premium Security (20240425)","AVG Internet Security (20240425)","Bitdefender Internet Security (20240425)","ESET Internet Security (20240425)","G DATA INTERNET SECURITY (20240425)","K7 Total Security (20240425)","Kaspersky Internet Security (20240425)","Malwarebytes Premium (20240425)","McAfee Total Protection (20240425)","Norton Security (20240425)","Panda Dome (20240425)","Quick Heal Internet Security (20240425)","Sophos Home Premium (20240425)","SpyHunter5 (20240425)","Trend Micro Internet Security (20240425)","VIPRE Advanced Security (20240425)","VirIT eXplorer PRO (20240425)","Webroot SecureAnywhere (20240425)","Windows Defender (20240425)"],"avAllowList":["Avira Internet Security (20240425)","COMODO Antivirus (20240425)","Dr.Web Security Space (20240425)","Tencent PC Manager (20220602)","Total AV Antivirus Pro (20240425)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.search: Globalhop Ltd","reference":"Walliant","landingPage":"https://taskbarsystem.com/","directDownloadingLink":"https://taskbarsystem.com/download/taskbarsystem.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://taskbarsystem.com/download/taskbarsystem.exe","sourceIndex":"1511"}],"sampleFiles":["220526/Taskbarsystem-220525/1.0/Samples/TaskbarSystem.exe1","220526/Taskbarsystem-220525/1.0/Samples/taskbarsystem-setup.exe1"],"imageFiles":["220526/Taskbarsystem-220525/1.0/Images/ACR-007/ACR-007_155sharingresources.jpg","220526/Taskbarsystem-220525/1.0/Images/ACR-084/ACR-048_084_startup.jpg","220526/Taskbarsystem-220525/1.0/Images/ACR-048/ACR-048_084_startup.jpg","220526/Taskbarsystem-220525/1.0/Images/ACR-048/ACR-048_084_backgroundprocess.jpg","220526/Taskbarsystem-220525/1.0/Images/ACR-048/ACR-048_084_118_uninstall.jpg","220526/Taskbarsystem-220525/1.0/Images/ACR-155/ACR-007_155sharingresources.jpg"],"nonDeceptorImageFiles":["220526/Taskbarsystem-220525/1.0/Images/ACR-040/ACR-040_hiddenfolder.jpg","220526/Taskbarsystem-220525/1.0/Images/ACR-099/ACR-099_About.gif","220526/Taskbarsystem-220525/1.0/Images/ACR-099/TaskbarSystem_LandingPage.jpeg"],"guid":"70f667a0-1b3f-491b-946e-d0b46ad3d8fc_1.0_1","appID":"Taskbarsystem-220525","dateAdded":"240312","deceptorType":"App","name":"Taskbar System","company":"Taskbar system","version":"1.0","firstVendorContactDate":"240531","firstAppEsteemReplyDate":"240604","firstResolvedDate":"240717","firstResolvedVersion":"1.0.11.0","resolved":"TRUE","lastKnownStatus":"1.0; 1.0.5.0","lastKnownDate":"240717","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"none","lastUpdate":"2024-07-17T00:00:00+00:00","notDistributed":false,"familyName":"Globalhop","numInFamily":17,"numInAppID":2,"sortOrder":259},{"violations":{"ACR-007":"The app does not obtain user explicit consent which reduces the consumer's security posture caused by sharing internet resources.\nThe app does not display explicit notification about the potential risk in security posture caused by sharing network connection when the sharing resource is re-enabled at least for the 1st time. \n","ACR-084":"The process keeps running in the background despite being disabled simultaneously with the disabling of \"Share resource\" option.\n","ACR-155":"The GlobalHop SDK is included in the application installation by default without explicitly disclosing its usage and impacts on the user's system on a separate prompt.\n"},"nonDeceptorViolations":{"ACR-040":"The app installs itself by default in a hidden path \"%AppData%\\Local\\Programs\\\" \n"},"samples":[{"isRevoked":"False","fileName":"taskbarsystem-setup.exe","isInstaller":"True","companyName":"Taskbar system                                              ","fileVersion":"1.0","hashMD5":"271c0218165e4be1872c5501d26bfbe5","hashSHA1":"344c9253b66c6ff706ab2640f5e3d709f3e94fb4","hashSHA256":"db19e6a6bbb3d65b550cca9367744625f8bfbfa0e51276495e2509b9f491616d","digitalCertThumbprint":"02AE726E551C4BAA06F351EAB27853D035713619","digitalCertIssuer":"CN=DigiCert SHA2 Assured ID Code Signing CA, OU=www.digicert.com, O=DigiCert Inc, C=US","digitalCertIssuedTo":"CN=Globalhop Ltd, O=Globalhop Ltd, L=Almaty, C=KZ","sourceIndex":"594","avBlockList":["360 Total Security (20240620)","Avast Premium Security (20240620)","AVG Internet Security (20240620)","Avira Internet Security (20240620)","ESET Internet Security (20240620)","G DATA INTERNET SECURITY (20240620)","K7 Total Security (20240620)","Kaspersky Internet Security (20240620)","Malwarebytes Premium (20240620)","McAfee Total Protection (20240620)","Norton Security (20240620)","Panda Dome (20240620)","Quick Heal Internet Security (20240620)","Sophos Home Premium (20240620)","SpyHunter5 (20240620)","Total AV Antivirus Pro (20240620)","Trend Micro Internet Security (20240620)","VirIT eXplorer PRO (20240620)","Webroot SecureAnywhere (20240620)"],"avAllowList":["Bitdefender Internet Security (20240620)","COMODO Antivirus (20240620)","Dr.Web Security Space (20240620)","VIPRE Advanced Security (20240620)","Windows Defender (20240620)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.search: Globalhop Ltd","reference":"Walliant","landingPage":"https://taskbarsystem.com/","directDownloadingLink":"https://taskbarsystem.com/download/taskbarsystem.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://taskbarsystem.com/download/taskbarsystem.exe","sourceIndex":"594"}],"sampleFiles":["240312/Taskbarsystem-220525/1.0.5.0/Samples/taskbarsystem-setup.exe"],"imageFiles":["240312/Taskbarsystem-220525/1.0.5.0/Images/ACR-007/ACR-007_Install_1.png","240312/Taskbarsystem-220525/1.0.5.0/Images/ACR-007/ACR-007_Install_2.png","240312/Taskbarsystem-220525/1.0.5.0/Images/ACR-084/ACR-084_Software_1.png","240312/Taskbarsystem-220525/1.0.5.0/Images/ACR-007/taskbarsystem.mp4","240312/Taskbarsystem-220525/1.0.5.0/Images/ACR-155/ACR-155_Bundler-made offers_1.png","240312/Taskbarsystem-220525/1.0.5.0/Images/ACR-155/ACR-155_Bundler-made offers_2.png"],"nonDeceptorImageFiles":["240312/Taskbarsystem-220525/1.0.5.0/Images/ACR-040/ACR-040_Install_1.png"],"guid":"70f667a0-1b3f-491b-946e-d0b46ad3d8fc_1.0.5.0_1","appID":"Taskbarsystem-220525","dateAdded":"240312","deceptorType":"App","name":"Taskbar System","company":"Taskbar system","version":"1.0.5.0","firstVendorContactDate":"240531","firstAppEsteemReplyDate":"240604","firstResolvedDate":"240717","firstResolvedVersion":"1.0.11.0","resolved":"TRUE","lastKnownStatus":"1.0; 1.0.5.0","lastKnownDate":"240717","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"none,net proxy","lastUpdate":"2024-07-17T21:39:20.7129207+00:00","notDistributed":false,"familyName":"Globalhop","numInFamily":17,"numInAppID":2,"sortOrder":258},{"violations":{"ACR-048":"The app enables the consumer to hide the app from the installed app list, which prevents it from being uninstalled easily.\n","ACR-007":"The app enables the consumer to hide it from the system tray, the desktop, and the installed apps list, which prevents the targeted consumer from being aware of the app's presence.\n","ACR-084":"The app enables the user to hide the app from the system tray, the desktop, and the installed program list. The app is installed in a hidden folder and requires a hotkey to open it.\n","ACR-086":"The app does not inform the targeted consumer who it is transmitting data to or what data it is collecting.\n","ACR-097":"Before downloading the installer, the app site prompts the user to disable anti-virus and add this app in the exclusion list in order to prevent detection.\n","ACR-116":"The app enables the consumer to hide it from the installed apps list.\n"},"nonDeceptorViolations":{"ACR-040":"The app is installed in a hidden folder \"ProgramData\".\n","ACR-065":"The install wizard does not display links to the Returns and Cancellation Policy or the Privacy Policy. \nThe app does not display links to the EULA or Terms of Service, the Returns and Cancellation Policy, or the Privacy Policy.\n","ACR-161":"The app’s landing page has testimonials that have no links back to a source so consumers can verify if they're real.\n","ACR-082":"The app enables the user to violate many laws.\n","ACR-099":"The app does not display links to uninstall information. \nThe landing page does not display links to uninstall information.\nThe internal offers page does not display links to uninstall information.\n","ACR-167":"The app only provides a 14-day refund policy and not a 30-day refund policy.\n","ACR-017":"The app elevates its consumer trust level by displaying unverifiable logos.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\ProgramData\\Security Monitor\\{78DDAC00-CE01-0AC2-C12A-7139DF1233AC}\\sem.exe","companyName":"","productName":"Host application","productVersion":"1.0.11.5","fileVersion":"1.0.11.5","hashMD5":"ca9d3a1dd3d7b042b07a213763e3fe10","hashSHA1":"2d94209969ce1c363770ae0ace9784791a55c38e","hashSHA256":"1fbfcaa8610dd6d722272dc92841f19159dc7912bdfeb727036e579978930d15","digitalCertThumbprint":"9B88ED90A88B281436F496523949B7BE176ACE66","digitalCertIssuer":"Sectigo Public Code Signing CA R36","digitalCertIssuedTo":"CLEVERCONTROL LLC","storeId":"","sourceIndex":"1444","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\ProgramData\\Security Monitor\\{78DDAC00-CE01-0AC2-C12A-7139DF1233AC}\\sps.exe","companyName":"","productName":"","productVersion":"1.0.0.0","fileVersion":"1.0.0.0","hashMD5":"145ed96686a848e71bb0c49ae6b29468","hashSHA1":"6bf6c513188e0f170594b2fa9f37fb14a018bd4c","hashSHA256":"6c66b3fac9d345fce08ec759cb71f35031b999a2e5fcfe0b81915dd0ce6773aa","digitalCertThumbprint":"9B88ED90A88B281436F496523949B7BE176ACE66","digitalCertIssuer":"Sectigo Public Code Signing CA R36","digitalCertIssuedTo":"CLEVERCONTROL LLC","storeId":"","sourceIndex":"1444","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\ProgramData\\Security Monitor\\{78DDAC00-CE01-0AC2-C12A-7139DF1233AC}\\spmm.exe","companyName":"","productName":"","productVersion":"","fileVersion":"","hashMD5":"6790550794515fdd78e56d34d2848f24","hashSHA1":"20a9c66871b86d38d9e4266dad9bba5b3ce95a7d","hashSHA256":"a9ff1661d080ce108ac18b738be1b899e28167178fadff81b73cc08fa4d9b094","digitalCertThumbprint":"9B88ED90A88B281436F496523949B7BE176ACE66","digitalCertIssuer":"Sectigo Public Code Signing CA R36","digitalCertIssuedTo":"CLEVERCONTROL LLC","storeId":"","sourceIndex":"1444","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"spyrixemployeeSetup.exe","isInstaller":"True","companyName":"                                                            ","productName":"                                                            ","productVersion":"                                                  ","fileVersion":"                    ","hashMD5":"c59377f08bf1cc1176aa177b4b641c2a","hashSHA1":"b2ca60747d6ee22ec7d8e323c7ea84e95e159fbe","hashSHA256":"53529c31a72fc27628588a0a16b3ec1c855811255506f2d01aaa8e08af669048","digitalCertThumbprint":"9B88ED90A88B281436F496523949B7BE176ACE66","digitalCertIssuer":"Sectigo Public Code Signing CA R36","digitalCertIssuedTo":"CLEVERCONTROL LLC","storeId":"","sourceIndex":"1444","avBlockList":["Avast Premium Security (20230928)","AVG Internet Security (20230928)","Avira Internet Security (20230928)","COMODO Antivirus (20230928)","Dr.Web Security Space (20230928)","ESET Internet Security (20230928)","G DATA INTERNET SECURITY (20230928)","K7 Total Security (20230928)","Kaspersky Internet Security (20230928)","Malwarebytes Premium (20230928)","McAfee Total Protection (20230928)","Norton Security (20230928)","Panda Dome (20220927)","Quick Heal Internet Security (20230928)","Sophos Home Premium (20230928)","SpyHunter5 (20230928)","Total AV Antivirus Pro (20230928)","VirIT eXplorer PRO (20230928)","Webroot SecureAnywhere (20230928)"],"avAllowList":["360 Total Security (20230928)","Bitdefender Internet Security (20230928)","Trend Micro Internet Security (20230928)","VIPRE Advanced Security (20230928)","Windows Defender (20230928)"]}],"additionalFiles":[],"sources":[{"howFound":"Google Search: windows keylogger","reference":"https://www.spyrix.com","landingPage":"https://www.spyrix.com/employee-monitoring.php","directDownloadingLink":"https://ep-download.securespyrix.com/download/sem/spyrixemployee.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://ep-download.securespyrix.com/download/sem/spyrixemployee.exe","sourceIndex":"1444"}],"sampleFiles":["220831/SpyrixEmployeeMonitoring-201202/11.5.41/Samples/spyrixemployeeSetup.exe"],"imageFiles":["220831/SpyrixEmployeeMonitoring-201202/11.5.41/Images/ACR-048/ACR-048.JPG","220831/SpyrixEmployeeMonitoring-201202/11.5.41/Images/ACR-048/ACR-048_1.JPG","220831/SpyrixEmployeeMonitoring-201202/11.5.41/Images/ACR-048/ACR-048_2.JPG","220831/SpyrixEmployeeMonitoring-201202/11.5.41/Images/ACR-007/ACR-007.JPG","220831/SpyrixEmployeeMonitoring-201202/11.5.41/Images/ACR-007/ACR-007_1.JPG","220831/SpyrixEmployeeMonitoring-201202/11.5.41/Images/ACR-007/ACR-007_2.JPG","220831/SpyrixEmployeeMonitoring-201202/11.5.41/Images/ACR-084/ACR-084.JPG","220831/SpyrixEmployeeMonitoring-201202/11.5.41/Images/ACR-084/ACR-084_1.JPG","220831/SpyrixEmployeeMonitoring-201202/11.5.41/Images/ACR-084/ACR-084_2.JPG","220831/SpyrixEmployeeMonitoring-201202/11.5.41/Images/ACR-086/ACR-086.JPG","220831/SpyrixEmployeeMonitoring-201202/11.5.41/Images/ACR-086/ACR-086_1.JPG","220831/SpyrixEmployeeMonitoring-201202/11.5.41/Images/ACR-086/ACR-086_2.JPG","220831/SpyrixEmployeeMonitoring-201202/11.5.41/Images/ACR-086/ACR-086_3.JPG","220831/SpyrixEmployeeMonitoring-201202/11.5.41/Images/ACR-086/ACR-086_4.JPG","220831/SpyrixEmployeeMonitoring-201202/11.5.41/Images/ACR-097/ACR-097.JPG","220831/SpyrixEmployeeMonitoring-201202/11.5.41/Images/ACR-097/ACR-097_1.JPG","220831/SpyrixEmployeeMonitoring-201202/11.5.41/Images/ACR-116/ACR-116.JPG","220831/SpyrixEmployeeMonitoring-201202/11.5.41/Images/ACR-116/ACR-116_1.JPG"],"nonDeceptorImageFiles":["220831/SpyrixEmployeeMonitoring-201202/11.5.41/Images/ACR-040/ACR-040.JPG","220831/SpyrixEmployeeMonitoring-201202/11.5.41/Images/ACR-040/ACR-040_1.JPG","220831/SpyrixEmployeeMonitoring-201202/11.5.41/Images/ACR-065/ACR-065_Install.JPG","220831/SpyrixEmployeeMonitoring-201202/11.5.41/Images/ACR-082/ACR-082.JPG","220831/SpyrixEmployeeMonitoring-201202/11.5.41/Images/ACR-065/ACR-065_Software.JPG","220831/SpyrixEmployeeMonitoring-201202/11.5.41/Images/ACR-099/ACR-099_Software.JPG","220831/SpyrixEmployeeMonitoring-201202/11.5.41/Images/ACR-167/ACR-167.jpg","220831/SpyrixEmployeeMonitoring-201202/11.5.41/Images/ACR-099/ACR-099_landingpage.jpg","220831/SpyrixEmployeeMonitoring-201202/11.5.41/Images/ACR-017/ACR-017.JPG","220831/SpyrixEmployeeMonitoring-201202/11.5.41/Images/ACR-161/ACR-161.jpg","220831/SpyrixEmployeeMonitoring-201202/11.5.41/Images/ACR-099/ACR-099_InternalOffers.jpg"],"guid":"3fa1317b-618c-4ad8-9265-0b77ebfc15e1_11.5.41_1","appID":"SpyrixEmployeeMonitoring-201202","dateAdded":"240311","deceptorType":"App","name":"Spyrix Employee Monitoring","company":"Spyrix Software","version":"11.5.41","lastKnownStatus":"11.5.30;11.5.31;11.5.41;11.6.11;11.6.15","lastKnownDate":"240311","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 7,Windows 8,Windows 10,Windows Vista,Windows XP","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Adults only","monetization":"paid,up-sell to paid","lastUpdate":"2024-03-11T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":5,"sortOrder":690},{"violations":{"ACR-048":"The app enables the consumer to hide the app from the installed app list, which prevents it from being uninstalled easily.\n","ACR-007":"The app enables the consumer to hide it from the system tray, the desktop, and the installed apps list, which prevents the targeted consumer from being aware of the app's presence.\n","ACR-084":"The app enables the user to hide the app from the system tray, the desktop, and the installed program list. The app is installed in a hidden folder and requires a hotkey to open it.\n","ACR-086":"The app does not inform the targeted consumer who it is transmitting data to or what data it is collecting.\n","ACR-097":"Before downloading the installer, the app site prompts the user to disable anti-virus and add “C:\\ProgramData\\Security Monitor” in the exclusion list in order to prevent detection.\n","ACR-116":"The app enables the consumer to hide it from the installed apps list.\n"},"nonDeceptorViolations":{"ACR-040":"The app is installed in a hidden folder \"ProgramData\".\n","ACR-065":"The install wizard does not display links to the Returns and Cancellation Policy or the Privacy Policy. \nThe app does not display links to the EULA or Terms of Service, the Returns and Cancellation Policy, or the Privacy Policy.\n","ACR-002":"The App's version is not consistent between App interaction, install and landing page.\nThe App's version is not consistent between App interaction, install and landing page\nThe App's version is not consistent between App interaction, install and landing page\n","ACR-161":"The app’s landing page has testimonials that have no links back to a source so consumers can verify if they're real.\n","ACR-082":"The app enables the user to violate many laws.\n","ACR-099":"The app does not display links to uninstall information. \nThe landing page does not display links to uninstall information.\nThe internal offers page does not display links to uninstall information.\n","ACR-167":"The app only provides a 14-day refund policy and not a 30-day refund policy.\n","ACR-017":"The app elevates its consumer trust level by displaying unverifiable logos.\n"},"samples":[{"isRevoked":"False","fileName":"sem.exe","fileVersion":"1.0","hashMD5":"e01afe9b2725071c9f9ae70b9a14a151","hashSHA1":"9c1f8a5681e43f1afdb13b7c9fe420600807d7b7","hashSHA256":"7c8bb37240bf4f379d2f85315978f417e10c82a4b48dec931e359e6217965dc5","digitalCertThumbprint":"B22DB1A99D7724ABD190FB489A83D9FAFB76D631","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Clever Security Software Ltd, OU=Security, O=Clever Security Software Ltd, STREET=Chynoweth House, L=Blackwater, S=Truro, PostalCode=TR4 8UN, C=GB","sourceIndex":"1880","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"spmm.exe","fileVersion":"0.0","hashMD5":"e54f071412845b1aad5959ea64afffc8","hashSHA1":"e7baa058dcde08453afe91513d555b0ee6c5c92b","hashSHA256":"8a44cdd85b6476a8d56dbe5dc09142a44e0e732b0e2d59b91a1bb1d380e11007","digitalCertThumbprint":"B22DB1A99D7724ABD190FB489A83D9FAFB76D631","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Clever Security Software Ltd, OU=Security, O=Clever Security Software Ltd, STREET=Chynoweth House, L=Blackwater, S=Truro, PostalCode=TR4 8UN, C=GB","sourceIndex":"1880","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"spyrixemployee.exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"639cf4dedae3f1a3342a39dec9d7bee9","hashSHA1":"0d13e2141d221b8b2486f258e4b58bfc79a74953","hashSHA256":"f6fa5e7de7d9a59360ab93ac40a94018393c5bc3ceef42ec662b39fd4f10ddc1","digitalCertThumbprint":"B22DB1A99D7724ABD190FB489A83D9FAFB76D631","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Clever Security Software Ltd, OU=Security, O=Clever Security Software Ltd, STREET=Chynoweth House, L=Blackwater, S=Truro, PostalCode=TR4 8UN, C=GB","sourceIndex":"1880","avBlockList":["360 Total Security (20240620)","Avast Premium Security (20240620)","AVG Internet Security (20240620)","Avira Internet Security (20240620)","Bitdefender Internet Security (20240620)","COMODO Antivirus (20240620)","Dr.Web Security Space (20240620)","ESET Internet Security (20240620)","G DATA INTERNET SECURITY (20240620)","K7 Total Security (20240620)","Kaspersky Internet Security (20240620)","Malwarebytes Premium (20240620)","McAfee Total Protection (20240620)","Norton Security (20240620)","Panda Dome (20240620)","Quick Heal Internet Security (20240620)","Sophos Home Premium (20240620)","SpyHunter5 (20240620)","Tencent PC Manager (20210527)","Total AV Antivirus Pro (20240620)","Trend Micro Internet Security (20240620)","VIPRE Advanced Security (20240620)","VirIT eXplorer PRO (20240620)","Webroot SecureAnywhere (20240620)","Windows Defender (20240620)"],"avAllowList":[]},{"isRevoked":"False","fileName":"sem [2].exe","fileVersion":"0.0","hashMD5":"0f171d9b2ea20c0d13453d3f10a26a38","hashSHA1":"6204cd446954cdfe2d3f908569ce030ec9f69139","hashSHA256":"b9a5364396e0a099abfe0f746114be9cb7cfda16004e06cab5cc7ea004c98748","sourceIndex":"1880","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"spmm [2].exe","fileVersion":"0.0","hashMD5":"b978b056c458ecc3435f8d1553383f51","hashSHA1":"02d3a95ff322e31878330761a01569ec4b660c0b","hashSHA256":"307fe1fcfc4de5d6a1e426af9c448febaffc828f4eb862d4d402d69ea38918a1","sourceIndex":"1880","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"spyrixemployee [2].exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"f888f8913f4c0d1515e161306e199d78","hashSHA1":"2d75f9edfe4d3dc33395c04d194590c7e1374fc0","hashSHA256":"4979745487afabedf0eedf1005907ee4341b7462c8f2692b3ee0198f46528438","digitalCertThumbprint":"B22DB1A99D7724ABD190FB489A83D9FAFB76D631","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Clever Security Software Ltd, OU=Security, O=Clever Security Software Ltd, STREET=Chynoweth House, L=Blackwater, S=Truro, PostalCode=TR4 8UN, C=GB","sourceIndex":"1880","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"https://www.spyrix.com","landingPage":"https://www.spyrix.com/employee-monitoring.php","directDownloadingLink":"https://cdfn-download.securespyrix.com/download/sem/spyrixemployee.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://cdfn-download.securespyrix.com/download/sem/spyrixemployee.exe","sourceIndex":"1880"}],"sampleFiles":["210627/SpyrixEmployeeMonitoring-201202/11.5.31/Samples/sem.exe","210627/SpyrixEmployeeMonitoring-201202/11.5.31/Samples/spmm.exe","210627/SpyrixEmployeeMonitoring-201202/11.5.31/Samples/spyrixemployee.exe","210627/SpyrixEmployeeMonitoring-201202/11.5.31/Samples/sem [2].exe","210627/SpyrixEmployeeMonitoring-201202/11.5.31/Samples/spmm [2].exe","210627/SpyrixEmployeeMonitoring-201202/11.5.31/Samples/spyrixemployee [2].exe"],"imageFiles":["210627/SpyrixEmployeeMonitoring-201202/11.5.31/Images/ACR-048/SpyrixEmployeeMonitor_Interactions [4].png","210627/SpyrixEmployeeMonitoring-201202/11.5.31/Images/ACR-048/SpyrixEmployeeMonitor_SettingWizard [4].png","210627/SpyrixEmployeeMonitoring-201202/11.5.31/Images/ACR-048/SpyrixEmployeeMonitor_RunningProcess [2].png","210627/SpyrixEmployeeMonitoring-201202/11.5.31/Images/ACR-007/SpyrixEmployeeMonitor_SettingWizard [4].png","210627/SpyrixEmployeeMonitoring-201202/11.5.31/Images/ACR-007/SpyrixEmployeeMonitor_Interactions [4].png","210627/SpyrixEmployeeMonitoring-201202/11.5.31/Images/ACR-007/SpyrixEmployeeMonitor_RunningProcess [2].png","210627/SpyrixEmployeeMonitoring-201202/11.5.31/Images/ACR-084/SpyrixEmployeeMonitor_Interactions [4].png","210627/SpyrixEmployeeMonitoring-201202/11.5.31/Images/ACR-084/SpyrixEmployeeMonitor_SettingWizard [4].png","210627/SpyrixEmployeeMonitoring-201202/11.5.31/Images/ACR-084/SpyrixEmployeeMonitor_RunningProcess [2].png","210627/SpyrixEmployeeMonitoring-201202/11.5.31/Images/ACR-086/SpyrixEmployeeMonitor_SettingWizard [4].png","210627/SpyrixEmployeeMonitoring-201202/11.5.31/Images/ACR-086/SpyrixEmployeeMonitor_SettingWizard [5].png","210627/SpyrixEmployeeMonitoring-201202/11.5.31/Images/ACR-086/SpyrixEmployeeMonitor_SettingWizard [6].png","210627/SpyrixEmployeeMonitoring-201202/11.5.31/Images/ACR-086/SpyrixEmployeeMonitor_Interactions [3].png","210627/SpyrixEmployeeMonitoring-201202/11.5.31/Images/ACR-086/SpyrixEmployeeMonitor_Interactions [7].png","210627/SpyrixEmployeeMonitoring-201202/11.5.31/Images/ACR-097/SpyrixEmployeeMonitor_LandingPage [3].png","210627/SpyrixEmployeeMonitoring-201202/11.5.31/Images/ACR-097/SpyrixEmployeeMonitor_LandingPage [4].png","210627/SpyrixEmployeeMonitoring-201202/11.5.31/Images/ACR-097/SpyrixEmployeeMonitor_LandingPage [5].png","210627/SpyrixEmployeeMonitoring-201202/11.5.31/Images/ACR-097/SpyrixEmployeeMonitor_LandingPage [6].png","210627/SpyrixEmployeeMonitoring-201202/11.5.31/Images/ACR-116/SpyrixEmployeeMonitor_RunningProcess [2].png","210627/SpyrixEmployeeMonitoring-201202/11.5.31/Images/ACR-116/SpyrixEmployeeMonitor_SettingWizard [4].png"],"nonDeceptorImageFiles":["210627/SpyrixEmployeeMonitoring-201202/11.5.31/Images/ACR-040/SpyrixEmployeeMonitor_HiddenDirectory [1].png","210627/SpyrixEmployeeMonitoring-201202/11.5.31/Images/ACR-040/SpyrixEmployeeMonitor_HiddenDirectory [2].png","210627/SpyrixEmployeeMonitoring-201202/11.5.31/Images/ACR-065/SpyrixEmployeeMonitor_Install [1].png","210627/SpyrixEmployeeMonitoring-201202/11.5.31/Images/ACR-065/SpyrixEmployeeMonitor_Install [2].png","210627/SpyrixEmployeeMonitoring-201202/11.5.31/Images/ACR-065/SpyrixEmployeeMonitor_Install [3].png","210627/SpyrixEmployeeMonitoring-201202/11.5.31/Images/ACR-065/SpyrixEmployeeMonitor_Install [5].png","210627/SpyrixEmployeeMonitoring-201202/11.5.31/Images/ACR-002/SpyrixEmployeeMonitor_Install [1].png","210627/SpyrixEmployeeMonitoring-201202/11.5.31/Images/ACR-002/SpyrixEmployeeMonitor_About [1].png","210627/SpyrixEmployeeMonitoring-201202/11.5.31/Images/ACR-002/SpyrixEmployeeMonitor_LandingPage [4].png","210627/SpyrixEmployeeMonitoring-201202/11.5.31/Images/ACR-082/SpyrixEmployeeMonitor_LandingPage [9].png","210627/SpyrixEmployeeMonitoring-201202/11.5.31/Images/ACR-065/SpyrixEmployeeMonitor_About [1].png","210627/SpyrixEmployeeMonitoring-201202/11.5.31/Images/ACR-099/SpyrixEmployeeMonitor_About [1].png","210627/SpyrixEmployeeMonitoring-201202/11.5.31/Images/ACR-002/SpyrixEmployeeMonitor_About [1].png","210627/SpyrixEmployeeMonitoring-201202/11.5.31/Images/ACR-002/SpyrixEmployeeMonitor_Install [1].png","210627/SpyrixEmployeeMonitoring-201202/11.5.31/Images/ACR-002/SpyrixEmployeeMonitor_LandingPage [4].png","210627/SpyrixEmployeeMonitoring-201202/11.5.31/Images/ACR-167/Spyrix_RefundPolicy [1].png","210627/SpyrixEmployeeMonitoring-201202/11.5.31/Images/ACR-099/SpyrixEmployeeMonitor_LandingPage [1].png","210627/SpyrixEmployeeMonitoring-201202/11.5.31/Images/ACR-099/SpyrixEmployeeMonitor_LandingPage [2].png","210627/SpyrixEmployeeMonitoring-201202/11.5.31/Images/ACR-002/SpyrixEmployeeMonitor_LandingPage [4].png","210627/SpyrixEmployeeMonitoring-201202/11.5.31/Images/ACR-002/SpyrixEmployeeMonitor_About [1].png","210627/SpyrixEmployeeMonitoring-201202/11.5.31/Images/ACR-002/SpyrixEmployeeMonitor_Install [1].png","210627/SpyrixEmployeeMonitoring-201202/11.5.31/Images/ACR-017/SpyrixEmployeeMonitor_LandingPage [7].png","210627/SpyrixEmployeeMonitoring-201202/11.5.31/Images/ACR-161/SpyrixEmployeeMonitor_LandingPage [8].png","210627/SpyrixEmployeeMonitoring-201202/11.5.31/Images/ACR-099/SpyrixEmployeeMonitor_OfferPage [1].png"],"guid":"3fa1317b-618c-4ad8-9265-0b77ebfc15e1_11.5.31_1","appID":"SpyrixEmployeeMonitoring-201202","dateAdded":"240311","deceptorType":"App","name":"Spyrix Employee Monitoring","company":"Spyrix Software","version":"11.5.31","sigName":"Deceptor:Win32/SpyrixEmployeeMonitoringStalkerware!048007084086097116","lastKnownStatus":"11.5.30;11.5.31;11.5.41;11.6.11;11.6.15","lastKnownDate":"240311","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 7,Windows 8,Windows 10,Windows Vista,Windows XP","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Adults only","monetization":"paid,up-sell to paid","lastUpdate":"2024-03-11T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":5,"sortOrder":691},{"violations":{"ACR-048":"The app enables the consumer to hide the app from the installed app list, which prevents it from being uninstalled easily.\n","ACR-007":"The app enables the consumer to hide it from the system tray, the desktop, and the installed apps list, which prevents the targeted consumer from being aware of the app's presence.\n","ACR-084":"The app enables the user to hide the app from the system tray, the desktop, and the installed program list.\n","ACR-086":"The app does not inform the targeted consumer who it is transmitting data to or what data it is collecting.\n","ACR-097":"Before downloading the installer, the app site prompts the user to disable anti-virus and add “C:\\ProgramData\\Security Monitor” in the exclusion list in order to prevent detection.\n","ACR-116":"The app enables the consumer to hide it from the installed apps list.\n"},"nonDeceptorViolations":{"ACR-040":"The app is installed in a hidden folder \"ProgramData\".\n","ACR-065":"The install does not display links to the Returns and Cancellation Policy or the Privacy Policy. \nThe app does not display links to the EULA or Terms of Service, the Returns and Cancellation Policy, or the Privacy Policy.\n","ACR-161":"The landing page displays unverifiable testimonials.\n","ACR-082":"The app enables the user to violate many laws.\n","ACR-167":"The app only provides a 14-day refund policy and not a 30-day refund policy.\n"},"samples":[{"isRevoked":"False","fileName":"spyrixemployee.exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"9ff0112612e20aacf3bb02e5d55fabbb","hashSHA1":"86c832cee9c275f3fd19ae35d7d6ebfc70cb00e6","hashSHA256":"37c303ac18c7b8a900c17fc7c42ffa3bf2f7cd41c6119b055d4600a3f805fca8","digitalCertThumbprint":"B22DB1A99D7724ABD190FB489A83D9FAFB76D631","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Clever Security Software Ltd, OU=Security, O=Clever Security Software Ltd, STREET=Chynoweth House, L=Blackwater, S=Truro, PostalCode=TR4 8UN, C=GB","sourceIndex":"2038","avBlockList":["360 Total Security (20210316)","Avast Premium Security (20210316)","AVG Internet Security (20210316)","Avira Internet Security (20210316)","Bitdefender Internet Security (20210316)","COMODO Antivirus (20210316)","Dr.Web Security Space (20210316)","ESET Internet Security (20210316)","G DATA INTERNET SECURITY (20210316)","K7 Total Security (20210316)","Kaspersky Internet Security (20210316)","Malwarebytes Premium (20210316)","McAfee Total Protection (20210316)","Norton Security (20210316)","Panda Dome (20210316)","Quick Heal Internet Security (20210316)","Sophos Home Premium (20210316)","SpyHunter5 (20210316)","Tencent PC Manager (20210316)","Total AV Antivirus Pro (20210316)","VIPRE Advanced Security (20210316)","VirIT eXplorer PRO (20210316)","Webroot SecureAnywhere (20210316)","Windows Defender (20210316)"],"avAllowList":["Trend Micro Internet Security (20210316)"]},{"isRevoked":"False","fileName":"sem.exe","fileVersion":"1.0","hashMD5":"96eff45b2975f5ab963b7bd16b24419e","hashSHA1":"818c62b7ae4c5e2b0190c67928600371c6ded587","hashSHA256":"55f2a78a766eeef17915286af4b7f1159a04c86d68be49277d46201b4e5fd860","digitalCertThumbprint":"B22DB1A99D7724ABD190FB489A83D9FAFB76D631","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Clever Security Software Ltd, OU=Security, O=Clever Security Software Ltd, STREET=Chynoweth House, L=Blackwater, S=Truro, PostalCode=TR4 8UN, C=GB","sourceIndex":"2038","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"spmm.exe","fileVersion":"0.0","hashMD5":"2194a30bd86dc7d6ccf2d1b6a615b7dd","hashSHA1":"04f8ac4d3bc3c36393db92acc5932fcb5d7320f7","hashSHA256":"50fda504996e33ab64bee7d7afc45335e90e7b0446215cc1af9665371506e6cf","digitalCertThumbprint":"B22DB1A99D7724ABD190FB489A83D9FAFB76D631","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Clever Security Software Ltd, OU=Security, O=Clever Security Software Ltd, STREET=Chynoweth House, L=Blackwater, S=Truro, PostalCode=TR4 8UN, C=GB","sourceIndex":"2038","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"spr.exe","fileVersion":"0.0","hashMD5":"f5e240dd9bb66c543a867233638a8d16","hashSHA1":"a3c80df8942640e893bcba32e89aa1214a456717","hashSHA256":"37de779e0499ebc9e0b6d7cbea38022cc5afc92ec9d78788fae125cc65011317","digitalCertThumbprint":"B22DB1A99D7724ABD190FB489A83D9FAFB76D631","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Clever Security Software Ltd, OU=Security, O=Clever Security Software Ltd, STREET=Chynoweth House, L=Blackwater, S=Truro, PostalCode=TR4 8UN, C=GB","sourceIndex":"2038","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"sps.exe","fileVersion":"1.0","hashMD5":"b372d59d6c59e4a51465a954445da818","hashSHA1":"ddd32631d49267c4275c140a27a506468ce5e99b","hashSHA256":"9c5988619438a3c95b1127b60d62c4a19e2dfde939494c4bd6f401ddff8eebee","digitalCertThumbprint":"B22DB1A99D7724ABD190FB489A83D9FAFB76D631","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Clever Security Software Ltd, OU=Security, O=Clever Security Software Ltd, STREET=Chynoweth House, L=Blackwater, S=Truro, PostalCode=TR4 8UN, C=GB","sourceIndex":"2038","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Google Search: windows keylogger","reference":"https://www.spyrix.com","landingPage":"https://www.spyrix.com/employee-monitoring.php","directDownloadingLink":"https://ep-download.securespyrix.com/download/sem/spyrixemployee.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://ep-download.securespyrix.com/download/sem/spyrixemployee.exe","sourceIndex":"2038"}],"sampleFiles":["201202/SpyrixEmployeeMonitoring-201202/11.5.30/Samples/spyrixemployee.exe","201202/SpyrixEmployeeMonitoring-201202/11.5.30/Samples/sem.exe","201202/SpyrixEmployeeMonitoring-201202/11.5.30/Samples/spmm.exe","201202/SpyrixEmployeeMonitoring-201202/11.5.30/Samples/spr.exe","201202/SpyrixEmployeeMonitoring-201202/11.5.30/Samples/sps.exe"],"imageFiles":["201202/SpyrixEmployeeMonitoring-201202/11.5.30/Images/ACR-048/Spyrix Employee Monitor_ControlPanel [1].png","201202/SpyrixEmployeeMonitoring-201202/11.5.30/Images/ACR-048/Spyrix Employee Monitor_Install [10].png","201202/SpyrixEmployeeMonitoring-201202/11.5.30/Images/ACR-007/Spyrix Employee Monitor_ControlPanel [1].png","201202/SpyrixEmployeeMonitoring-201202/11.5.30/Images/ACR-007/Spyrix Employee Monitor_Install [10].png","201202/SpyrixEmployeeMonitoring-201202/11.5.30/Images/ACR-084/Spyrix Employee Monitor_Install [10].png","201202/SpyrixEmployeeMonitoring-201202/11.5.30/Images/ACR-086/Spyrix Employee Monitor_Install [9].png","201202/SpyrixEmployeeMonitoring-201202/11.5.30/Images/ACR-086/Spyrix Employee Monitor_Install [10].png","201202/SpyrixEmployeeMonitoring-201202/11.5.30/Images/ACR-086/Spyrix Employee Monitor_Interactions [1].png","201202/SpyrixEmployeeMonitoring-201202/11.5.30/Images/ACR-086/Spyrix Employee Monitor_Interactions [2].png","201202/SpyrixEmployeeMonitoring-201202/11.5.30/Images/ACR-097/Spyrix Employee Monitor_Download [1].png","201202/SpyrixEmployeeMonitoring-201202/11.5.30/Images/ACR-097/Spyrix Employee Monitor_Download [2].png","201202/SpyrixEmployeeMonitoring-201202/11.5.30/Images/ACR-097/Spyrix Employee Monitor_Download [3].png","201202/SpyrixEmployeeMonitoring-201202/11.5.30/Images/ACR-116/Spyrix Employee Monitor_ControlPanel [1].png"],"nonDeceptorImageFiles":["201202/SpyrixEmployeeMonitoring-201202/11.5.30/Images/ACR-040/Spyrix Employee Monitor_Files [1].png","201202/SpyrixEmployeeMonitoring-201202/11.5.30/Images/ACR-040/Spyrix Employee Monitor_Files [2].png","201202/SpyrixEmployeeMonitoring-201202/11.5.30/Images/ACR-065/Spyrix Employee Monitor_Install [1].png","201202/SpyrixEmployeeMonitoring-201202/11.5.30/Images/ACR-065/Spyrix Employee Monitor_Install [2].png","201202/SpyrixEmployeeMonitoring-201202/11.5.30/Images/ACR-082/Spyrix Employee Monitor_LandingPage [2].png","201202/SpyrixEmployeeMonitoring-201202/11.5.30/Images/ACR-065/Spyrix Employee Monitor_About [1].png","201202/SpyrixEmployeeMonitoring-201202/11.5.30/Images/ACR-167/Spyrix Employee Monitor_Return and refund policy.png","201202/SpyrixEmployeeMonitoring-201202/11.5.30/Images/ACR-161/Spyrix Employee Monitor_LandingPage [3] Testimonials.png"],"guid":"3fa1317b-618c-4ad8-9265-0b77ebfc15e1_11.5.30_1","appID":"SpyrixEmployeeMonitoring-201202","dateAdded":"240311","deceptorType":"App","name":"Spyrix Employee Monitoring","company":"Spyrix Software","version":"11.5.30","sigName":"Deceptor:Win32/SpyrixEmployeeMonitoringStalkerware!048007084086097116","lastKnownStatus":"11.5.30;11.5.31;11.5.41;11.6.11;11.6.15","lastKnownDate":"240311","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 7,Windows 8,Windows 10,Windows Vista,Windows XP","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Adults only","monetization":"paid,up-sell to paid","lastUpdate":"2024-03-11T00:00:00+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":5,"sortOrder":692},{"violations":{"ACR-007":"The app does not obtain user explicit consent which reduces the consumer's security posture caused by sharing internet resources.\nThe app does not display explicit notification about the potential risk in security posture caused by sharing network connection when the app is re-enabled at least for the 1st time.\n","ACR-084":" The process keeps running in the background despite disabling app and connection option. Not clear control  for borrowing resource. \n","ACR-155":"The GlobalHop SDK is included in the application installation by default without explicitly disclosing its usage and impacts on the user's system on a separate prompt.\n"},"nonDeceptorViolations":{"ACR-040":"The app installs itself by default in a hidden path \"%AppData%\\Local\\Programs\\\"  \n"},"samples":[{"isRevoked":"False","fileName":"stopabit-setup.exe","isInstaller":"True","companyName":"Stopabit                                                    ","productName":"Stopabit   ","fileVersion":"1.0.2.0             ","hashMD5":"69bf068d2015b017d1b013bce883d26d","hashSHA1":"f9dfa607ab08d456f01d5322b601670ce61d0ae7","hashSHA256":"a832013e3dc290a2b569ee22e8f0f57dcca23c8309f45d998a9ca85835a92e13","digitalCertThumbprint":"5A7DE11C1A8C17C208B25587947E8F443AB02AC0","digitalCertIssuer":"CN=Sectigo Public Code Signing CA EV R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=Cleversort FZ-LLC, O=Cleversort FZ-LLC, S=Ras Al Khaimah, C=AE, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=AE, SERIALNUMBER=11478657","sourceIndex":"597","avBlockList":["360 Total Security (20240620)","Avast Premium Security (20240620)","AVG Internet Security (20240620)","Avira Internet Security (20240620)","Bitdefender Internet Security (20240620)","ESET Internet Security (20240620)","G DATA INTERNET SECURITY (20240620)","K7 Total Security (20240620)","Kaspersky Internet Security (20240620)","Malwarebytes Premium (20240620)","McAfee Total Protection (20240620)","Norton Security (20240620)","Panda Dome (20240620)","Quick Heal Internet Security (20240620)","Sophos Home Premium (20240620)","SpyHunter5 (20240620)","Total AV Antivirus Pro (20240620)","Trend Micro Internet Security (20240620)","VIPRE Advanced Security (20240620)","VirIT eXplorer PRO (20240620)","Webroot SecureAnywhere (20240620)"],"avAllowList":["COMODO Antivirus (20240620)","Dr.Web Security Space (20240620)","Windows Defender (20240620)"]}],"additionalFiles":[],"sources":[{"howFound":"proxyware apps, globalhop","reference":"","landingPage":"https://www.stopabit.com/","directDownloadingLink":"https://www.stopabit.com/download/stopabit.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.stopabit.com/download/stopabit.exe","sourceIndex":"597"}],"sampleFiles":["240311/Stopabit-240311/1.0.2.0/Samples/stopabit-setup.exe"],"imageFiles":["240311/Stopabit-240311/1.0.2.0/Images/ACR-007/ACR-007_Install_1.png","240311/Stopabit-240311/1.0.2.0/Images/ACR-084/ACR-084_Software_1.png","240311/Stopabit-240311/1.0.2.0/Images/ACR-084/ACR-084_Software_2.png","240311/Stopabit-240311/1.0.2.0/Images/ACR-007/ACR-007_Software_1.png","240311/Stopabit-240311/1.0.2.0/Images/ACR-007/StopAbit.mp4","240311/Stopabit-240311/1.0.2.0/Images/ACR-155/ACR-155_Bundler-made offers_1.png"],"nonDeceptorImageFiles":["240311/Stopabit-240311/1.0.2.0/Images/ACR-040/ACR-040_Install_1.png"],"guid":"cd8424b6-ce15-42de-a387-2597a8eaee7b_1.0.2.0_1","appID":"Stopabit-240311","dateAdded":"240311","deceptorType":"App","name":"StopAbit","company":"Globalhop","version":"1.0.2.0","firstVendorContactDate":"240531","firstAppEsteemReplyDate":"240604","firstResolvedDate":"240712","firstResolvedVersion":"1.0.10.0","resolved":"TRUE","lastKnownStatus":"1.0.2.0","lastKnownDate":"240712","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10,Windows 11","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"net proxy","lastUpdate":"2024-07-12T21:21:32.6076659+00:00","notDistributed":false,"familyName":"Globalhop","numInFamily":17,"numInAppID":1,"sortOrder":263},{"violations":{"ACR-048":"The App does not provide an option to cancel the startup of its own. It also runs silently in the background using a different icon from installation. It makes it difficult to disable or uninstall the app completely. Elements are also located  hidden folders making it a challenge for ordinary users to remove it manually.\n","ACR-007":"App does not obtain user consent to reduce the consumer's security posture caused by sharing ip/network connection\n","ACR-084":"The App runs silently in the background, hiding the fact that it is active from the consumer.\n","ACR-155":"The GlobalHop SDK is included in the application installation by default without explicitly disclosing its usage and impacts to user's system in separate prompt.\n"},"nonDeceptorViolations":{"ACR-040":"The App installs itself by default in a hidden folder Appdata/Local/Programs\n","ACR-099":"The application does not display links to uninstall information. \nThe landing page does not display links to uninstall information.\n"},"samples":[{"isRevoked":"False","fileName":"walliant.exe","companyName":"Walliant","productName":"Walliant","productVersion":"1.0","fileVersion":"1.0","hashMD5":"24391d500587e3912718f264ac10d090","hashSHA1":"f25451ec8eaa0ff41439ca6c312055883533a26b","hashSHA256":"494be16884968c6e4ba6c1319eb8ac41fb1fb7964d403ab4efe22557668ee4d9","digitalCertThumbprint":"CFEB87A65844EE099CF460B5B46994D94D64FA70","digitalCertIssuer":"CN=DigiCert SHA2 Assured ID Code Signing CA, OU=www.digicert.com, O=DigiCert Inc, C=US","digitalCertIssuedTo":"CN=Globalhop Ltd, O=Globalhop Ltd, L=Almaty, C=KZ","sourceIndex":"1510","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"walliant-setup.exe","isInstaller":"True","companyName":"Walliant                                                    ","productName":"Walliant","productVersion":"1.0","fileVersion":"1.0","hashMD5":"ba7f294f0432b79b2692b553f7f3872a","hashSHA1":"0d1274b5dba140fb8530d3f2d860da2b3dda8ba7","hashSHA256":"45dddb0a13d0d3061c46cf32bc8c2997808dc726bcc81d054b684a9067aa3074","digitalCertThumbprint":"CFEB87A65844EE099CF460B5B46994D94D64FA70","digitalCertIssuer":"CN=DigiCert SHA2 Assured ID Code Signing CA, OU=www.digicert.com, O=DigiCert Inc, C=US","digitalCertIssuedTo":"CN=Globalhop Ltd, O=Globalhop Ltd, L=Almaty, C=KZ","sourceIndex":"1510","avBlockList":["360 Total Security (20240620)","Avast Premium Security (20240620)","AVG Internet Security (20240620)","Avira Internet Security (20240620)","Bitdefender Internet Security (20240620)","ESET Internet Security (20240620)","G DATA INTERNET SECURITY (20240620)","Kaspersky Internet Security (20240620)","Malwarebytes Premium (20240620)","McAfee Total Protection (20240620)","Norton Security (20240620)","Panda Dome (20240620)","Quick Heal Internet Security (20240620)","Sophos Home Premium (20240620)","SpyHunter5 (20240620)","Total AV Antivirus Pro (20240620)","Trend Micro Internet Security (20240620)","VIPRE Advanced Security (20240620)","VirIT eXplorer PRO (20240620)","Webroot SecureAnywhere (20240620)","Windows Defender (20240620)"],"avAllowList":["COMODO Antivirus (20240620)","Dr.Web Security Space (20240620)","K7 Total Security (20240620)","Tencent PC Manager (20220531)"]},{"isRevoked":"False","fileName":"Countly.dll","companyName":"Countly","fileVersion":"20.5","hashMD5":"ef1f145128473f2ea8f3c06dca43b7c7","hashSHA1":"e31b8131dc767fada7a0f643ad978a2379f7fcce","hashSHA256":"80ab364db1d0daf81cfed365bc49979f8c5261299e01a9872a653dc70618126d","sourceIndex":"1510","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"sdk.dll","fileVersion":"0.0","hashMD5":"d161b2a93877da6a4f0cdb7bdbf87c3e","hashSHA1":"8766ab203fe699545e066b02a627d258a42411da","hashSHA256":"5551371473f92cc63d6c3c2463f93d89ce8053a1560f91e6707c79a801c3745a","sourceIndex":"1510","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"hunt.search","reference":"","landingPage":"https://walliant.com/","directDownloadingLink":"https://walliant.com/download/walliant.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://walliant.com/download/walliant.exe","sourceIndex":"1510"}],"sampleFiles":["220524/Walliant-220523/1.0/Samples/walliant.exe","220524/Walliant-220523/1.0/Samples/walliant-setup.exe","220524/Walliant-220523/1.0/Samples/Countly.dll","220524/Walliant-220523/1.0/Samples/sdk.dll"],"imageFiles":["220524/Walliant-220523/1.0/Images/ACR-084/ACR-084_RunninginBackground.jpg","220524/Walliant-220523/1.0/Images/ACR-007/GlobalHop_007.JPG","220524/Walliant-220523/1.0/Images/ACR-048/ACR-048_DiffLogo_RunBackground.jpg","220524/Walliant-220523/1.0/Images/ACR-048/Walliant_Uninstall.jpg","220524/Walliant-220523/1.0/Images/ACR-155/GlobalHop_007.JPG"],"nonDeceptorImageFiles":["220524/Walliant-220523/1.0/Images/ACR-040/Walliant_HiddenFolder.jpg","220524/Walliant-220523/1.0/Images/ACR-099/Walliant_About.gif","220524/Walliant-220523/1.0/Images/ACR-099/Walliant_LandingPage.jpeg"],"guid":"e5257089-4570-46a1-bdb5-60339150c0e1_1.0_1","appID":"Walliant-220523","dateAdded":"240311","deceptorType":"App","name":"Walliant","company":"Walliant","version":"1.0","firstVendorContactDate":"240531","firstAppEsteemReplyDate":"240604","firstResolvedDate":"240712","firstResolvedVersion":"1.0.16.0","resolved":"TRUE","lastKnownStatus":"1.0; 1.0.12.0","lastKnownDate":"240712","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows 7,Windows Vista,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"none","lastUpdate":"2024-07-12T00:00:00+00:00","notDistributed":false,"familyName":"Globalhop","numInFamily":17,"numInAppID":2,"sortOrder":262},{"violations":{"ACR-007":"The app does not obtain user explicit consent which reduces the consumer's security posture caused by sharing internet resources.\nThe app does not display explicit notification about the potential risk in security posture caused by sharing network connection, when the app is re-enabled at least for the 1st time. \n","ACR-084":"The process keeps running in the background despite disabling app and connection option. No clear control to borrowing resource. \n","ACR-155":"The GlobalHop SDK is included in the application installation by default without explicitly disclosing its usage and impacts on the user's system on a separate prompt. \n"},"nonDeceptorViolations":{"ACR-040":"The app installs itself by default in a hidden path \"%AppData%\\Local\\Programs\\\" \n"},"samples":[{"isRevoked":"False","fileName":"walliant-setup.exe","isInstaller":"True","companyName":"Walliant                                                    ","fileVersion":"1.0.12.0","hashMD5":"96a2cbe809b25c20ccc7d01e0c76e10e","hashSHA1":"f39fef0e78b05d5f1878f68e160d83bdf24ab50f","hashSHA256":"e85c9eb65c1a2eaa03c64d4a7b30c2b245d42b8c34689af0f90c8fd7068ecde0","digitalCertThumbprint":"C6D0201889888E307CC1525F1F2304ADC3676DD5","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Cleversort FZ-LLC, O=Cleversort FZ-LLC, L=Ras-Al-Khaimah, S=Ras-Al-Khaimah, C=AE, SERIALNUMBER=46000244, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.2=Ras Al Khaimah, OID.1.3.6.1.4.1.311.60.2.1.3=AE","sourceIndex":"603","avBlockList":["360 Total Security (20240416)","Avast Premium Security (20240416)","AVG Internet Security (20240416)","Avira Internet Security (20240416)","ESET Internet Security (20240416)","G DATA INTERNET SECURITY (20240416)","K7 Total Security (20240416)","Kaspersky Internet Security (20240416)","Malwarebytes Premium (20240416)","McAfee Total Protection (20240416)","Norton Security (20240416)","Panda Dome (20240416)","Quick Heal Internet Security (20240416)","Sophos Home Premium (20240416)","SpyHunter5 (20240416)","Total AV Antivirus Pro (20240416)","Trend Micro Internet Security (20240416)","VirIT eXplorer PRO (20240416)","Webroot SecureAnywhere (20240416)","Windows Defender (20240416)"],"avAllowList":["Bitdefender Internet Security (20240416)","COMODO Antivirus (20240416)","Dr.Web Security Space (20240416)","VIPRE Advanced Security (20240416)"]}],"additionalFiles":[],"sources":[{"howFound":"hunt.search","reference":"","landingPage":"https://walliant.com/","directDownloadingLink":"https://walliant.com/download/walliant.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://walliant.com/download/walliant.exe","sourceIndex":"603"}],"sampleFiles":["240311/Walliant-220523/1.0.12.0/Samples/walliant-setup.exe"],"imageFiles":["240311/Walliant-220523/1.0.12.0/Images/ACR-084/ACR-084_Software_1.png","240311/Walliant-220523/1.0.12.0/Images/ACR-007/ACR-007_Install_1.png","240311/Walliant-220523/1.0.12.0/Images/ACR-007/ACR-007_Install_2.png","240311/Walliant-220523/1.0.12.0/Images/ACR-007/Walliant.mp4","240311/Walliant-220523/1.0.12.0/Images/ACR-155/ACR-155_In-bundle offers_1.png","240311/Walliant-220523/1.0.12.0/Images/ACR-155/ACR-155_In-bundle offers_2.png"],"nonDeceptorImageFiles":["240311/Walliant-220523/1.0.12.0/Images/ACR-040/ACR-040_Install_1.png"],"guid":"e5257089-4570-46a1-bdb5-60339150c0e1_1.0.12.0_1","appID":"Walliant-220523","dateAdded":"240311","deceptorType":"App","name":"Walliant","company":"Walliant","version":"1.0.12.0","firstVendorContactDate":"240531","firstAppEsteemReplyDate":"240604","firstResolvedDate":"240712","firstResolvedVersion":"1.0.16.0","resolved":"TRUE","lastKnownStatus":"1.0; 1.0.12.0","lastKnownDate":"240712","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows 7,Windows Vista,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"none,net proxy","lastUpdate":"2024-07-12T21:09:10.3498103+00:00","notDistributed":false,"familyName":"Globalhop","numInFamily":17,"numInAppID":2,"sortOrder":261},{"violations":{"ACR-048":"The app enables the consumer to hide the app from the desktop and control panel, which prevents it from being uninstalled easily. The app uses a password to hide its presence.\n","ACR-007":"The app enables the consumer to hide it from the desktop and the installed apps list, which prevents the targeted consumer from being aware of the app's presence. The app does not display explicit notifications when it is running and requires a password to open it.\n","ACR-084":"The app enables the user to hide the app from the desktop and the installed program list. The app is installed in a hidden folder and requires a hotkey to open it.\n","ACR-086":"The app does not inform the targeted consumer who it is transmitting data to or what data it is collecting.\n","ACR-097":"Before downloading the installer, the app site prompts the user to disable anti-virus and add “C:\\ProgramData\\Security Monitor” in the exclusion list in order to prevent detection.\n","ACR-116":"The app enables the consumer to hide it from the installed apps list.\n","ACR-014":"The app calls itself \"sem.exe” which is not related to the app's name.\n"},"nonDeceptorViolations":{"ACR-082":"The app enables the user to violate many laws.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\ProgramData\\Security Monitor\\{78DDAC00-CE01-0AC2-C12A-7139DF1233AC}\\sem.exe","companyName":"","productName":"Host application","productVersion":"1.0.11.6","fileVersion":"1.0.11.6","hashMD5":"2e2d3324286f1b01b85fe963e985561f","hashSHA1":"cb5439581d0026025bca867ba661684f53384241","hashSHA256":"629a2d6b1900c38fbd1551e017fb8ba5b81e5d5dc86c20977a3f01b4f037da72","digitalCertThumbprint":"3808A26A7AA1A7F08944370EDD5149F514CF6B0F","digitalCertIssuer":"GlobalSign GCC R45 CodeSigning CA 2020","digitalCertIssuedTo":"CLEVERCONTROL LLC","storeId":"","sourceIndex":"716","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\ProgramData\\Security Monitor\\{78DDAC00-CE01-0AC2-C12A-7139DF1233AC}\\spmm.exe","companyName":"","productName":"","productVersion":"","fileVersion":"","hashMD5":"6d9e0074298a206b6c74301f9a9a60f3","hashSHA1":"831c79b42544f74421481c4bf4876eef9f807714","hashSHA256":"bc2e3f0a9e9b65ebbc452ef7474e4fe0e7b9800fa79534fa20a2f28b97b66f33","digitalCertThumbprint":"3808A26A7AA1A7F08944370EDD5149F514CF6B0F","digitalCertIssuer":"GlobalSign GCC R45 CodeSigning CA 2020","digitalCertIssuedTo":"CLEVERCONTROL LLC","storeId":"","sourceIndex":"716","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\ProgramData\\Security Monitor\\{78DDAC00-CE01-0AC2-C12A-7139DF1233AC}\\sps.exe","companyName":"","productName":"","productVersion":"1.0.0.0","fileVersion":"1.0.0.0","hashMD5":"ab4638d7d5c43eded6f5147ac1a3476b","hashSHA1":"e13f37ddef346d1de02dc288cb9a657d619c9196","hashSHA256":"a46d95fb4245426665d97d75463f02d684330e7b64f465b482c96db263ababc3","digitalCertThumbprint":"3808A26A7AA1A7F08944370EDD5149F514CF6B0F","digitalCertIssuer":"GlobalSign GCC R45 CodeSigning CA 2020","digitalCertIssuedTo":"CLEVERCONTROL LLC","storeId":"","sourceIndex":"716","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\ProgramData\\Security Monitor\\{78DDAC00-CE01-0AC2-C12A-7139DF1233AC}\\wlg.exe","companyName":"","productName":"URLLogger","productVersion":"1.0.0.9","fileVersion":"1.0.0.9","hashMD5":"b364bd0c69a0f8131cbc10dc9a912ffb","hashSHA1":"536256f7a22a9de580b675f1cc6bc49834863c11","hashSHA256":"e5868e241ecd086e9127e54eb27a9dee7f71ebc19acd7f4f882f639fb4b82c74","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"716","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"spyrixemployee.exe","isInstaller":"True","companyName":"                                                            ","productName":"                                                            ","productVersion":"                                                  ","fileVersion":"                    ","hashMD5":"4d1decb8a26fe01b44af0cc7233aafcc","hashSHA1":"f11cb94f08138cd513bc527ab1251263f286b867","hashSHA256":"2b82c85bb43b569c0024cae790bc2ea1870b8ee7eadbd7ec9457f966e7c17192","digitalCertThumbprint":"3808A26A7AA1A7F08944370EDD5149F514CF6B0F","digitalCertIssuer":"GlobalSign GCC R45 CodeSigning CA 2020","digitalCertIssuedTo":"CLEVERCONTROL LLC","storeId":"","sourceIndex":"716","avBlockList":["360 Total Security (20240625)","Avast Premium Security (20240625)","AVG Internet Security (20240625)","Avira Internet Security (20240625)","Bitdefender Internet Security (20240625)","Dr.Web Security Space (20240625)","ESET Internet Security (20240625)","G DATA INTERNET SECURITY (20240625)","K7 Total Security (20240625)","Kaspersky Internet Security (20240625)","Malwarebytes Premium (20240625)","McAfee Total Protection (20240625)","Norton Security (20240625)","Panda Dome (20240625)","Quick Heal Internet Security (20240625)","Sophos Home Premium (20240625)","SpyHunter5 (20240625)","Total AV Antivirus Pro (20240625)","Trend Micro Internet Security (20240625)","VIPRE Advanced Security (20240625)","VirIT eXplorer PRO (20240625)","Webroot SecureAnywhere (20240625)"],"avAllowList":["COMODO Antivirus (20240625)","Windows Defender (20240625)"]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on windows app","reference":"","landingPage":"https://www.spyrix.com/employee-monitoring.php","directDownloadingLink":"https://spyrix.app/sem.html","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://spyrix.app/sem.html","sourceIndex":"716"}],"sampleFiles":["240311/SpyrixEmployeeMonitoring-201202/11.6.15/Samples/spyrixemployee.exe"],"imageFiles":["240311/SpyrixEmployeeMonitoring-201202/11.6.15/Images/ACR-048/ACR-048.PNG","240311/SpyrixEmployeeMonitoring-201202/11.6.15/Images/ACR-048/ACR-048_1.PNG","240311/SpyrixEmployeeMonitoring-201202/11.6.15/Images/ACR-048/ACR-048_2.PNG","240311/SpyrixEmployeeMonitoring-201202/11.6.15/Images/ACR-048/ACR-048_3.PNG","240311/SpyrixEmployeeMonitoring-201202/11.6.15/Images/ACR-007/ACR-007.PNG","240311/SpyrixEmployeeMonitoring-201202/11.6.15/Images/ACR-007/ACR-007_1.PNG","240311/SpyrixEmployeeMonitoring-201202/11.6.15/Images/ACR-007/ACR-007_2.PNG","240311/SpyrixEmployeeMonitoring-201202/11.6.15/Images/ACR-007/ACR-007_3.PNG","240311/SpyrixEmployeeMonitoring-201202/11.6.15/Images/ACR-084/ACR-084.PNG","240311/SpyrixEmployeeMonitoring-201202/11.6.15/Images/ACR-084/ACR-084_1.PNG","240311/SpyrixEmployeeMonitoring-201202/11.6.15/Images/ACR-084/ACR-084_2.PNG","240311/SpyrixEmployeeMonitoring-201202/11.6.15/Images/ACR-084/ACR-084_3.PNG","240311/SpyrixEmployeeMonitoring-201202/11.6.15/Images/ACR-084/ACR-084_4.PNG","240311/SpyrixEmployeeMonitoring-201202/11.6.15/Images/ACR-086/ACR-086.PNG","240311/SpyrixEmployeeMonitoring-201202/11.6.15/Images/ACR-086/ACR-086_1.PNG","240311/SpyrixEmployeeMonitoring-201202/11.6.15/Images/ACR-086/ACR-086_2.PNG","240311/SpyrixEmployeeMonitoring-201202/11.6.15/Images/ACR-097/ACR-097.PNG","240311/SpyrixEmployeeMonitoring-201202/11.6.15/Images/ACR-097/ACR-097_1.PNG","240311/SpyrixEmployeeMonitoring-201202/11.6.15/Images/ACR-097/ACR-097_2.PNG","240311/SpyrixEmployeeMonitoring-201202/11.6.15/Images/ACR-014/ACR-014.PNG","240311/SpyrixEmployeeMonitoring-201202/11.6.15/Images/ACR-116/ACR-116.PNG"],"nonDeceptorImageFiles":["240311/SpyrixEmployeeMonitoring-201202/11.6.15/Images/ACR-082/ACR-082.PNG"],"guid":"3fa1317b-618c-4ad8-9265-0b77ebfc15e1_11.6.15_1","appID":"SpyrixEmployeeMonitoring-201202","dateAdded":"240311","deceptorType":"App","name":"Spyrix Employee Monitoring","company":"Spyrix Software","version":"11.6.15","lastKnownStatus":"11.5.30;11.5.31;11.5.41;11.6.11;11.6.15","lastKnownDate":"240311","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 7,Windows 8,Windows 10,Windows Vista,Windows XP","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Adults only","monetization":"paid,up-sell to paid","lastUpdate":"2026-05-12T22:59:56.6194586+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":5,"sortOrder":688},{"violations":{"ACR-048":"The app enables the consumer to hide the app from the installed app list and system tray, which prevents it from being uninstalled easily.\n","ACR-007":"The app enables the consumer to hide it from the system tray, the desktop, and the installed apps list, which prevents the targeted consumer from being aware of the app's presence. The app does not display explicit notifications when it is running and requires a password to open it.\n","ACR-084":"The app enables the user to hide the app from the system tray, the desktop, and the installed program list. The app is installed in a hidden folder and requires a hotkey to open it.\n","ACR-086":"The app does not inform the targeted consumer who it is transmitting data to or what data it is collecting.\n","ACR-097":"Before downloading the installer, the app site prompts the user to disable anti-virus and add this app in the exclusion list in order to prevent detection.\n","ACR-116":"The app enables the consumer to hide it from the installed apps list.\n"},"nonDeceptorViolations":{"ACR-040":"The app is installed in a hidden folder \"ProgramData\".\n","ACR-082":"The app enables the user to violate many laws.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Users\\All Users\\Security Monitor\\{78DDAC00-CE01-0AC2-C12A-7139DF1233AC}\\sem.exe","companyName":"","productName":"Host application","productVersion":"1.0.11.6","fileVersion":"1.0.11.6","hashMD5":"11aa0344ce5ea8b99e6a4fb52798a64a","hashSHA1":"14823ddbe52f67ea11dcd6f35b1195e031ff92ee","hashSHA256":"167f57034f7ded6d84ecaa44cf88b4942afce19e0b73661064954fc1399e7798","digitalCertThumbprint":"4401F710FD4FD877A624BE3002FFA278BE291A61","digitalCertIssuer":"GlobalSign GCC R45 CodeSigning CA 2020","digitalCertIssuedTo":"CLEVERCONTROL LLC","storeId":"","sourceIndex":"953","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Users\\All Users\\Security Monitor\\{78DDAC00-CE01-0AC2-C12A-7139DF1233AC}\\spmm.exe","companyName":"","productName":"","productVersion":"","fileVersion":"","hashMD5":"9c435f3191d2f8c854c6af3b49f597ce","hashSHA1":"8f6ab1e07df5b6e51b443a714e544a855c9e58ca","hashSHA256":"a39d96ddca5569f68c44005409d0ca00e1422bdc397405a7aedf43e5c4bbaf01","digitalCertThumbprint":"4401F710FD4FD877A624BE3002FFA278BE291A61","digitalCertIssuer":"GlobalSign GCC R45 CodeSigning CA 2020","digitalCertIssuedTo":"CLEVERCONTROL LLC","storeId":"","sourceIndex":"953","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Users\\All Users\\Security Monitor\\{78DDAC00-CE01-0AC2-C12A-7139DF1233AC}\\sps.exe","companyName":"","productName":"","productVersion":"1.0.0.0","fileVersion":"1.0.0.0","hashMD5":"158fa6648c2e4a91dc1974f9242b9d43","hashSHA1":"a942f425d3fc28cd19c03a53b1a894c2a5b5fbfe","hashSHA256":"406b96f8bbcc9badb7ad209d55583edfcf950243207bdf5a5a6bdd44dada03f0","digitalCertThumbprint":"4401F710FD4FD877A624BE3002FFA278BE291A61","digitalCertIssuer":"GlobalSign GCC R45 CodeSigning CA 2020","digitalCertIssuedTo":"CLEVERCONTROL LLC","storeId":"","sourceIndex":"953","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"spyrixemployee.exe","isInstaller":"True","companyName":"                                                            ","productName":"                                                            ","productVersion":"                                                  ","fileVersion":"                    ","hashMD5":"44a3c71c6c445d655edc95fe87035c03","hashSHA1":"c91c346f1f6cfc1a0e3a1675fabe71712f450720","hashSHA256":"57ef2f0186cb711e83bbdcdf21a2e9c2b388059d0e40cefcc7e969341697e112","digitalCertThumbprint":"4401F710FD4FD877A624BE3002FFA278BE291A61","digitalCertIssuer":"GlobalSign GCC R45 CodeSigning CA 2020","digitalCertIssuedTo":"CLEVERCONTROL LLC","storeId":"","sourceIndex":"953","avBlockList":["360 Total Security (20230926)","Avast Premium Security (20230926)","AVG Internet Security (20230926)","Avira Internet Security (20230926)","COMODO Antivirus (20230926)","Dr.Web Security Space (20230926)","ESET Internet Security (20230926)","G DATA INTERNET SECURITY (20230926)","K7 Total Security (20230926)","Kaspersky Internet Security (20230926)","Malwarebytes Premium (20230926)","McAfee Total Protection (20230926)","Norton Security (20230926)","Panda Dome (20230926)","Quick Heal Internet Security (20230926)","Sophos Home Premium (20230926)","SpyHunter5 (20230926)","Total AV Antivirus Pro (20230926)","VirIT eXplorer PRO (20230926)","Webroot SecureAnywhere (20230926)","Windows Defender (20230926)"],"avAllowList":["Bitdefender Internet Security (20230926)","Trend Micro Internet Security (20230926)","VIPRE Advanced Security (20230926)"]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on windows app","reference":"","landingPage":"https://www.spyrix.com/employee-monitoring.php","directDownloadingLink":"https://spyrix.app/sem.html","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://spyrix.app/sem.html","sourceIndex":"953"}],"sampleFiles":["230726/SpyrixEmployeeMonitoring-201202/11.6.11/Samples/spyrixemployee.exe"],"imageFiles":["230726/SpyrixEmployeeMonitoring-201202/11.6.11/Images/ACR-048/ACR-048_Install_1.png","230726/SpyrixEmployeeMonitoring-201202/11.6.11/Images/ACR-048/ACR-048_Install_2.png","230726/SpyrixEmployeeMonitoring-201202/11.6.11/Images/ACR-048/ACR-048_Install_3.png","230726/SpyrixEmployeeMonitoring-201202/11.6.11/Images/ACR-007/ACR-007_Install_1.png","230726/SpyrixEmployeeMonitoring-201202/11.6.11/Images/ACR-007/ACR-007_Install_2.png","230726/SpyrixEmployeeMonitoring-201202/11.6.11/Images/ACR-007/ACR-007_Install_3.png","230726/SpyrixEmployeeMonitoring-201202/11.6.11/Images/ACR-084/ACR-084_Software_1.png","230726/SpyrixEmployeeMonitoring-201202/11.6.11/Images/ACR-084/ACR-084_Software_2.png","230726/SpyrixEmployeeMonitoring-201202/11.6.11/Images/ACR-084/ACR-084_Software_3.png","230726/SpyrixEmployeeMonitoring-201202/11.6.11/Images/ACR-084/ACR-084_Software_4.png","230726/SpyrixEmployeeMonitoring-201202/11.6.11/Images/ACR-086/ACR-086_Software_1.png","230726/SpyrixEmployeeMonitoring-201202/11.6.11/Images/ACR-086/ACR-086_Software_2.png","230726/SpyrixEmployeeMonitoring-201202/11.6.11/Images/ACR-086/ACR-086_Software_3.png","230726/SpyrixEmployeeMonitoring-201202/11.6.11/Images/ACR-086/ACR-086_Software_4.png","230726/SpyrixEmployeeMonitoring-201202/11.6.11/Images/ACR-097/ACR-097_Software_1.png","230726/SpyrixEmployeeMonitoring-201202/11.6.11/Images/ACR-097/ACR-097_Software_2.png","230726/SpyrixEmployeeMonitoring-201202/11.6.11/Images/ACR-097/ACR-097_Software_3.png","230726/SpyrixEmployeeMonitoring-201202/11.6.11/Images/ACR-097/ACR-097_Software_4.PNG","230726/SpyrixEmployeeMonitoring-201202/11.6.11/Images/ACR-116/ACR-116_Uninstall_1.png"],"nonDeceptorImageFiles":["230726/SpyrixEmployeeMonitoring-201202/11.6.11/Images/ACR-040/ACR-040_Install_1.png","230726/SpyrixEmployeeMonitoring-201202/11.6.11/Images/ACR-082/ACR-082_Software_1.png"],"guid":"3fa1317b-618c-4ad8-9265-0b77ebfc15e1_11.6.11_1","appID":"SpyrixEmployeeMonitoring-201202","dateAdded":"240311","deceptorType":"App","name":"Spyrix Employee Monitoring","company":"Spyrix Software","version":"11.6.11","lastKnownStatus":"11.5.30;11.5.31;11.5.41;11.6.11;11.6.15","lastKnownDate":"240311","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 7,Windows 8,Windows 10,Windows Vista,Windows XP","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Adults only","monetization":"paid,up-sell to paid","lastUpdate":"2026-05-12T23:00:03.2565158+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":5,"sortOrder":689},{"violations":{"ACR-048":"The app is always running in the background, which limits the consumer's ability to close the app. The app uses a password to hide its presence\n","ACR-007":"The app does not provide explicit notification to the targeted consumer when it is running and it allows the consumer to enable stealth mode. It also requires a password to open it.\n","ACR-084":"The app enables the consumer to install it in \"Stealth Mode\", which hides all app icons and notifications. It also enables the consumer to require a password to open it.\n\n","ACR-086":"The app does not inform the targeted consumer who it is transmitting its data to. The app does not inform the targeted consumer how it collects data and it uses a password to hide its presence.\n","ACR-097":"Before downloading the installer, the app site prompts the user to disable anti-virus and add “C:\\ProgramData\\Security Monitor” in the exclusion list in order to prevent detection.\n","ACR-014":"The app calls itself \"akl.exe”, which is not related to the name \"Actual Keylogger\", which misleads the targeted consumer.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"C:\\ProgramData\\Security Monitor\\{AKC34567-KCQR-WW34-AK47-INUM589023MY}\\akl.exe","companyName":"","productName":"","productVersion":"","fileVersion":"","hashMD5":"1f186504de8df9c31c56696da8602dac","hashSHA1":"de68602f9b3aa4cf2dcad11f23a117b19046202c","hashSHA256":"8e76dbbbdee539aff4768672b9c34b89df700d2710c54c342ab55a0f61f28428","digitalCertThumbprint":"6F411AC2CDC83D971A512E45DAD28B899FF497FF","digitalCertIssuer":"GlobalSign GCC R45 CodeSigning CA 2020","digitalCertIssuedTo":"CLEVERCONTROL LLC","storeId":"","sourceIndex":"718","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\ProgramData\\Security Monitor\\{AKC34567-KCQR-WW34-AK47-INUM589023MY}\\spmm.exe","companyName":"","productName":"","productVersion":"","fileVersion":"","hashMD5":"8ad660cc4d01a51265a7789d0e2b1dd0","hashSHA1":"d3114361b7ed78e954961a5b6eae27acc6eda69e","hashSHA256":"358f0a123b4f8b9364aaa0cdaf3111d7be55ced365f0609d6daf08dc10bb25f4","digitalCertThumbprint":"6F411AC2CDC83D971A512E45DAD28B899FF497FF","digitalCertIssuer":"GlobalSign GCC R45 CodeSigning CA 2020","digitalCertIssuedTo":"CLEVERCONTROL LLC","storeId":"","sourceIndex":"718","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\ProgramData\\Security Monitor\\{AKC34567-KCQR-WW34-AK47-INUM589023MY}\\sps.exe","companyName":"","productName":"","productVersion":"1.0.0.0","fileVersion":"1.0.0.0","hashMD5":"2851624f64474781d9e86aefd4221eb5","hashSHA1":"9a00f562ef7658dafa40f68f972034d7192b1b4d","hashSHA256":"904de3321c57018de062141cc46f4d318894ae9f998703b37bb107f443cf897f","digitalCertThumbprint":"6F411AC2CDC83D971A512E45DAD28B899FF497FF","digitalCertIssuer":"GlobalSign GCC R45 CodeSigning CA 2020","digitalCertIssuedTo":"CLEVERCONTROL LLC","storeId":"","sourceIndex":"718","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\ProgramData\\Security Monitor\\{AKC34567-KCQR-WW34-AK47-INUM589023MY}\\wlg.exe","companyName":"","productName":"URLLogger","productVersion":"1.0.0.9","fileVersion":"1.0.0.9","hashMD5":"b364bd0c69a0f8131cbc10dc9a912ffb","hashSHA1":"536256f7a22a9de580b675f1cc6bc49834863c11","hashSHA256":"e5868e241ecd086e9127e54eb27a9dee7f71ebc19acd7f4f882f639fb4b82c74","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"718","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"actualkeylogger.exe","isInstaller":"True","companyName":"                                                            ","productName":"                                                            ","productVersion":"                                                  ","fileVersion":"                    ","hashMD5":"c67ac856b8ae7d766e182e413f8cfefb","hashSHA1":"a7159c5d4ee076a70618790337f264467585d769","hashSHA256":"b75d9babc6e9a4c1b7b3a18a42b9b89bb6a371822d909e6d8195b0b7b2cc6f36","digitalCertThumbprint":"6F411AC2CDC83D971A512E45DAD28B899FF497FF","digitalCertIssuer":"GlobalSign GCC R45 CodeSigning CA 2020","digitalCertIssuedTo":"CLEVERCONTROL LLC","storeId":"","sourceIndex":"718","avBlockList":["360 Total Security (20240430)","Avast Premium Security (20240430)","AVG Internet Security (20240430)","Avira Internet Security (20240430)","COMODO Antivirus (20240430)","Dr.Web Security Space (20240430)","ESET Internet Security (20240430)","G DATA INTERNET SECURITY (20240430)","K7 Total Security (20240430)","Kaspersky Internet Security (20240430)","Malwarebytes Premium (20240430)","McAfee Total Protection (20240430)","Norton Security (20240430)","Panda Dome (20240430)","Quick Heal Internet Security (20240430)","Sophos Home Premium (20240430)","SpyHunter5 (20240430)","Total AV Antivirus Pro (20240430)","VirIT eXplorer PRO (20240430)","Webroot SecureAnywhere (20240430)"],"avAllowList":["Bitdefender Internet Security (20240430)","Trend Micro Internet Security (20240430)","VIPRE Advanced Security (20240430)","Windows Defender (20240430)"]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on keylogger app","reference":"","landingPage":"https://www.actualkeylogger.com/","directDownloadingLink":"https://actualsecure.com/","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://actualsecure.com/","sourceIndex":"718"}],"sampleFiles":["240307/ActualKeylogger-201211/8.6.15/Samples/actualkeylogger.exe"],"imageFiles":["240307/ActualKeylogger-201211/8.6.15/Images/ACR-084/ACR-084.PNG","240307/ActualKeylogger-201211/8.6.15/Images/ACR-084/ACR-084_1.PNG","240307/ActualKeylogger-201211/8.6.15/Images/ACR-084/ACR-084_2.PNG","240307/ActualKeylogger-201211/8.6.15/Images/ACR-084/ACR-084_3.PNG","240307/ActualKeylogger-201211/8.6.15/Images/ACR-086/ACR-086.PNG","240307/ActualKeylogger-201211/8.6.15/Images/ACR-086/ACR-086_1.PNG","240307/ActualKeylogger-201211/8.6.15/Images/ACR-086/ACR-086_2.PNG","240307/ActualKeylogger-201211/8.6.15/Images/ACR-086/ACR-086_3.PNG","240307/ActualKeylogger-201211/8.6.15/Images/ACR-086/ACR-086_4.PNG","240307/ActualKeylogger-201211/8.6.15/Images/ACR-097/ACR-097.PNG","240307/ActualKeylogger-201211/8.6.15/Images/ACR-097/ACR-097_Software_1.png","240307/ActualKeylogger-201211/8.6.15/Images/ACR-048/ACR-048.PNG","240307/ActualKeylogger-201211/8.6.15/Images/ACR-048/ACR-048_1.PNG","240307/ActualKeylogger-201211/8.6.15/Images/ACR-048/ACR-048_2.PNG","240307/ActualKeylogger-201211/8.6.15/Images/ACR-007/ACR-007.PNG","240307/ActualKeylogger-201211/8.6.15/Images/ACR-007/ACR-007_1.PNG","240307/ActualKeylogger-201211/8.6.15/Images/ACR-007/ACR-007_2.PNG","240307/ActualKeylogger-201211/8.6.15/Images/ACR-014/ACR-014.PNG"],"nonDeceptorImageFiles":[],"guid":"caa7d7c8-e52c-4758-a606-09bfb1126dfe_8.6.15_1","appID":"ActualKeylogger-201211","dateAdded":"240307","deceptorType":"App","name":"Actual Keylogger ","company":"Actual Keylogger Software","version":"8.6.15","lastKnownStatus":"5.5.18;8.5.31;8.5.33;8.6.15","lastKnownDate":"240307","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Adults only","monetization":"paid,up-sell to paid","lastUpdate":"2026-05-12T22:59:56.6814263+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":5,"sortOrder":693},{"violations":{"ACR-048":"The app is always running in the background, which limits the consumer's ability to close the app.\n","ACR-007":"The app does not provide explicit notification to the targeted consumer when it is running and it allows the consumer to enable stealth mode. It also requires a password to open it.\n","ACR-084":"The app enables the consumer to install it in \"Stealth Mode\", which hides all app icons and notifications. It also enables the consumer to require a password to open it.\n\n","ACR-086":"The app does not inform the targeted consumer how it collects or transmits user data, as it hides from them using password.\n","ACR-097":"Before downloading the installer, the app site prompts the user to disable anti-virus and add “C:\\ProgramData\\Security Monitor” in the exclusion list in order to prevent detection.\n","ACR-014":"The app calls itself \"akl.exe”, which is not related to the name \"Actual Keylogger\", which misleads the targeted consumer.\n"},"nonDeceptorViolations":{"ACR-038":"The app does not disclose the Original filename, Company name, Product name, Product version, File version for all the executables.\n","ACR-040":"The app is installed in a hidden folder \"ProgramData\".\n","ACR-065":"The install wizard does not display links to the Returns and Cancellation Policy or the Privacy Policy. \nThe app does not display links to the EULA or Terms of Service, the Returns and Cancellation Policy or the Privacy Policy. \nThe landing page does not display links to the EULA or Terms of Service,  or the Returns and Cancellation Policy or the Privacy Policy.\nThe internal offer page does not display links to the EULA or Terms of Service,  or the Returns and Cancellation Policy or the Privacy Policy.\n","ACR-099":"The app does not display links to uninstall information. \nThe landing page does not display links to uninstall information. \nThe internal offers page does not display links to uninstall information.\n","ACR-035":"No EULA/Terms of Service, Returns and Cancellation Policy or Privacy Policy is provided for the app.\n","ACR-036":"No EULA/Terms of Service, Returns and Cancellation Policy or Privacy Policy is provided for the app.\n","ACR-037":"No Privacy Policy is provided for the app.\n","ACR-167":"The application's has no mention of a 30 days refund policy.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\ProgramData\\Security Monitor\\{AKC34567-KCQR-WW34-AK47-INUM589023MY}\\spmm.exe","companyName":"","productName":"","productVersion":"","fileVersion":"","hashMD5":"747abc81aa09b323875e12fe54ba1e14","hashSHA1":"b3ba84a7e58e07dfb5d1d24bd8aeb8012a71300f","hashSHA256":"c3290924409d426a3fe133e2bafd2b2ef9c36dd69b694084a8e259cad77f3118","digitalCertThumbprint":"DDD8B64D35E1E9F9A6442A9CF47C6CDF006EE978","digitalCertIssuer":"Sectigo Public Code Signing CA R36","digitalCertIssuedTo":"LLC KLEVER","storeId":"","sourceIndex":"1534","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\ProgramData\\Security Monitor\\{AKC34567-KCQR-WW34-AK47-INUM589023MY}\\sps.exe","companyName":"","productName":"","productVersion":"1.0.0.0","fileVersion":"1.0.0.0","hashMD5":"967d9415b598f18510ff3fb0f4aeb687","hashSHA1":"57f4669a675da305e6d9b13a5e0acc56c30e425e","hashSHA256":"6691e4e0efc610b7bc25ef7ae9018fa80a59b118c19869bc03366ca26fbfa879","digitalCertThumbprint":"DDD8B64D35E1E9F9A6442A9CF47C6CDF006EE978","digitalCertIssuer":"Sectigo Public Code Signing CA R36","digitalCertIssuedTo":"LLC KLEVER","storeId":"","sourceIndex":"1534","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Users\\All Users\\Security Monitor\\{AKC34567-KCQR-WW34-AK47-INUM589023MY}\\akl.exe","companyName":"","productName":"","productVersion":"","fileVersion":"","hashMD5":"6859de24893cb0a6bb37fb2584943c2a","hashSHA1":"06a56612471f63725a335063ae8344ed85be855e","hashSHA256":"3fef4092c452f0a12cda9727ee807d61473e59d88f0f12c1b119948b857936b6","digitalCertThumbprint":"DDD8B64D35E1E9F9A6442A9CF47C6CDF006EE978","digitalCertIssuer":"Sectigo Public Code Signing CA R36","digitalCertIssuedTo":"LLC KLEVER","storeId":"","sourceIndex":"1534","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"actualkeylogger.exe","isInstaller":"True","companyName":"                                                            ","productName":"                                                            ","productVersion":"                                                  ","fileVersion":"                    ","hashMD5":"6a8189ae37bb806a2cbe5c3cad7fe8f0","hashSHA1":"c4f55d323fa60b8ce2fa7069a291058cb133f283","hashSHA256":"3df73ff56162114f1002d379546ec4a3efe3bd888b06e9e994c613d00f45be5d","digitalCertThumbprint":"DDD8B64D35E1E9F9A6442A9CF47C6CDF006EE978","digitalCertIssuer":"Sectigo Public Code Signing CA R36","digitalCertIssuedTo":"LLC KLEVER","storeId":"","sourceIndex":"1534","avBlockList":["360 Total Security (20240620)","Avast Premium Security (20240620)","AVG Internet Security (20240620)","Avira Internet Security (20240620)","Bitdefender Internet Security (20240620)","COMODO Antivirus (20240620)","Dr.Web Security Space (20240620)","ESET Internet Security (20240620)","G DATA INTERNET SECURITY (20240620)","K7 Total Security (20240620)","Kaspersky Internet Security (20240620)","Malwarebytes Premium (20240620)","Norton Security (20240620)","Panda Dome (20240620)","Quick Heal Internet Security (20240620)","Sophos Home Premium (20240620)","SpyHunter5 (20240620)","Total AV Antivirus Pro (20240620)","VIPRE Advanced Security (20240620)","VirIT eXplorer PRO (20240620)","Webroot SecureAnywhere (20240620)","McAfee Total Protection (20240620)"],"avAllowList":["Tencent PC Manager (20220630)","Trend Micro Internet Security (20240620)","Windows Defender (20240620)"]}],"additionalFiles":[],"sources":[{"howFound":"Google Search: Keylogger","reference":"","landingPage":"https://www.actualkeylogger.com/","directDownloadingLink":"https://actualsecure.net/download/actual/actualkeylogger.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://actualsecure.net/download/actual/actualkeylogger.exe","sourceIndex":"1534"}],"sampleFiles":["220627/ActualKeylogger-201211/8.5.41/Samples/actualkeylogger.exe"],"imageFiles":["220627/ActualKeylogger-201211/8.5.41/Images/ACR-084/ACR-084_Software.JPG","220627/ActualKeylogger-201211/8.5.41/Images/ACR-084/ACR-084_Software_1.JPG","220627/ActualKeylogger-201211/8.5.41/Images/ACR-084/3- signin.JPG","220627/ActualKeylogger-201211/8.5.41/Images/ACR-086/ACR-086_Software.JPG","220627/ActualKeylogger-201211/8.5.41/Images/ACR-086/ACR-086_Software_1.JPG","220627/ActualKeylogger-201211/8.5.41/Images/ACR-086/ACR-086_Software_2.JPG","220627/ActualKeylogger-201211/8.5.41/Images/ACR-086/ACR-086_Software_3.JPG","220627/ActualKeylogger-201211/8.5.41/Images/ACR-086/ACR-086_Software_4.JPG","220627/ActualKeylogger-201211/8.5.41/Images/ACR-097/ACR-097_Software.JPG","220627/ActualKeylogger-201211/8.5.41/Images/ACR-048/ACR-048_Software.JPG","220627/ActualKeylogger-201211/8.5.41/Images/ACR-048/ACR-048_Software_1.JPG","220627/ActualKeylogger-201211/8.5.41/Images/ACR-007/ACR-007_Software.JPG","220627/ActualKeylogger-201211/8.5.41/Images/ACR-007/ACR-007_Software_1.JPG","220627/ActualKeylogger-201211/8.5.41/Images/ACR-007/ACR-007_Software_2.JPG","220627/ActualKeylogger-201211/8.5.41/Images/ACR-014/ACR-014_Software.JPG"],"nonDeceptorImageFiles":["220627/ActualKeylogger-201211/8.5.41/Images/ACR-038/ACR-038_Install.JPG","220627/ActualKeylogger-201211/8.5.41/Images/ACR-038/ACR-038_Install_1.JPG","220627/ActualKeylogger-201211/8.5.41/Images/ACR-040/ACR-040_Install.JPG","220627/ActualKeylogger-201211/8.5.41/Images/ACR-065/ACR-065_Install.JPG","220627/ActualKeylogger-201211/8.5.41/Images/ACR-065/ACR-065_Software.JPG","220627/ActualKeylogger-201211/8.5.41/Images/ACR-099/ACR-099_Software.JPG","220627/ActualKeylogger-201211/8.5.41/Images/ACR-065/ACR-065_Landingpage.jpg","220627/ActualKeylogger-201211/8.5.41/Images/ACR-099/ACR-099_Landingpage.jpg","220627/ActualKeylogger-201211/8.5.41/Images/ACR-065/ACR-065_InternalOffers.jpg","220627/ActualKeylogger-201211/8.5.41/Images/ACR-099/ACR-099_InternalOffers.jpg"],"guid":"caa7d7c8-e52c-4758-a606-09bfb1126dfe_8.5.41_1","appID":"ActualKeylogger-201211","dateAdded":"240307","deceptorType":"App","name":"Actual Keylogger ","company":"Actual Keylogger Software","version":"8.5.41","lastKnownStatus":"5.5.18;8.5.31;8.5.33;8.6.15","lastKnownDate":"240307","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Adults only","monetization":"paid,up-sell to paid","lastUpdate":"2024-03-07T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":5,"sortOrder":694},{"violations":{"ACR-048":"The app is always running in the background and requires a hotkey to be opened, which limits the consumer's ability to close the app.\n","ACR-007":"The app does not explicit notification to the targeted consumer when it is running and it allows the consumer to enable stealth mode. It also requires a hotkey and a password to open it.\n","ACR-084":"The app enables the consumer to install it in \"Stealth Mode\", which hides all app icons and notifications. It also enables the consumer to require a password and hotkey to open it.\n","ACR-086":"The app does not inform the targeted consumer how it collects or transmits user data, as it hides from them using a hotkey and password.\n","ACR-097":"Before downloading the installer, the app site prompts the user to disable anti-virus and add “C:\\ProgramData\\Security Monitor” in the exclusion list in order to prevent detection.\n"},"nonDeceptorViolations":{"ACR-038":"The app does not disclose the Original filename, Company name, Product name, Product version, File version for all the executables.\n","ACR-040":"The app is installed in a hidden folder \"ProgramData\".\n","ACR-065":"The install wizard does not display links to the Returns and Cancellation Policy or the Privacy Policy. \nThe app does not display links to the EULA or Terms of Service, the Returns and Cancellation Policy or the Privacy Policy. \nThe landing page does not display links to the EULA or Terms of Service,  or the Returns and Cancellation Policy or the Privacy Policy.\nThe internal offer page does not display links to the EULA or Terms of Service,  or the Returns and Cancellation Policy or the Privacy Policy.\n","ACR-099":"The app does not display links to uninstall information. \nThe landing page does not display links to uninstall information. \nThe internal offers page does not display links to uninstall information.\n","ACR-035":"No EULA/Terms of Service, Returns and Cancellation Policy or Privacy Policy is provided for the app.\n","ACR-036":"No EULA/Terms of Service, Returns and Cancellation Policy or Privacy Policy is provided for the app.\n","ACR-037":"No Privacy Policy is provided for the app.\n","ACR-167":"The application's has no mention of a 30 days refund policy.\n"},"samples":[{"isRevoked":"False","fileName":"akl.exe","fileVersion":"1.0","hashMD5":"60743ab804cdec0189746c31a1d18056","hashSHA1":"effcc8d824dbb784a76be5bf0c01ccf90a168f9c","hashSHA256":"5a98fd9fff3cfd8295e23c12af3933622ed161d20aacb025811b47ee056d5a17","digitalCertThumbprint":"8CAC68AB0961BA80647FC717E64D354B1F3B6286","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=LLC KLEVER, O=LLC KLEVER, STREET=\"Vorontsovskaya St., 19B Et / pom / Kom 1 / I / 1b Rab.M.2\", L=Moscow, PostalCode=109147, C=RU","sourceIndex":"1811","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"setup_actual_keylogger.exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"f00ce997d4a4f4934756e39b074b277e","hashSHA1":"6172dddbde8bf0b1784390c30951b78693865157","hashSHA256":"e89fe5a6241fdf6d43fc869f7586399c8cccad6e0f70e3348dc14bbeb69900e7","digitalCertThumbprint":"72AC470090250CAD99569D7291B7214C8AB0C0E1","digitalCertIssuer":"CN=Sectigo Public Code Signing CA R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=CLEVERCONTROL LLC, O=CLEVERCONTROL LLC, L=BOCA RATON, S=Florida, C=US","sourceIndex":"1811","avBlockList":["360 Total Security (20240711)","Avast Premium Security (20240711)","AVG Internet Security (20240711)","Avira Internet Security (20240711)","COMODO Antivirus (20240711)","Dr.Web Security Space (20240711)","ESET Internet Security (20240711)","G DATA INTERNET SECURITY (20240711)","K7 Total Security (20240711)","Kaspersky Internet Security (20240711)","Malwarebytes Premium (20240711)","McAfee Total Protection (20240711)","Norton Security (20240711)","Panda Dome (20240711)","Quick Heal Internet Security (20240711)","Sophos Home Premium (20240711)","SpyHunter5 (20240711)","Tencent PC Manager (20210921)","Total AV Antivirus Pro (20240711)","VirIT eXplorer PRO (20240711)","Webroot SecureAnywhere (20240711)","Windows Defender (20240711)","FortectPremium (20240711)"],"avAllowList":["Bitdefender Internet Security (20240711)","Trend Micro Internet Security (20240711)","VIPRE Advanced Security (20240711)"]},{"isRevoked":"False","fileName":"spmm.exe","fileVersion":"0.0","hashMD5":"856ba19c9f46abd1abd159900f93516b","hashSHA1":"fa37f383722ba74daca0253e1197d84ac26fa802","hashSHA256":"b05f963c6a47adc999c0201d1da89a41c5d521c3d69903b3256497c086c305e5","digitalCertThumbprint":"8CAC68AB0961BA80647FC717E64D354B1F3B6286","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=LLC KLEVER, O=LLC KLEVER, STREET=\"Vorontsovskaya St., 19B Et / pom / Kom 1 / I / 1b Rab.M.2\", L=Moscow, PostalCode=109147, C=RU","sourceIndex":"1811","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"actualkeylogger [2].exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"5778f3941144a354e428d1fecb6fa340","hashSHA1":"38c8719bbb4026f75557730c922e49a0f1031056","hashSHA256":"7df306884ae45d2116439821bfe4d83f47a00d0c3e3b716fdd18fe79c678efa8","digitalCertThumbprint":"8CAC68AB0961BA80647FC717E64D354B1F3B6286","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=LLC KLEVER, O=LLC KLEVER, STREET=\"Vorontsovskaya St., 19B Et / pom / Kom 1 / I / 1b Rab.M.2\", L=Moscow, PostalCode=109147, C=RU","sourceIndex":"1811","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"akl [2].exe","fileVersion":"1.0","hashMD5":"4515e3de1282705aec2806c632f4014d","hashSHA1":"1b4631923f358d8e710d2da8a0f0f50fba6e6fa2","hashSHA256":"78d2038ee31ab99b78bcdfd6f3815ac5c65406aba2e3f4a4c2fbb2b0137945ce","digitalCertThumbprint":"8CAC68AB0961BA80647FC717E64D354B1F3B6286","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=LLC KLEVER, O=LLC KLEVER, STREET=\"Vorontsovskaya St., 19B Et / pom / Kom 1 / I / 1b Rab.M.2\", L=Moscow, PostalCode=109147, C=RU","sourceIndex":"1811","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"spmm [2].exe","fileVersion":"0.0","hashMD5":"b8fb34cbc96095e48a6cbef8d010a8a2","hashSHA1":"331407d9a421178b3ade2fd29410a3156902a350","hashSHA256":"966244ff679555b12c9f1d06ac60b5fe9e2df05713cb2ab40c83c95ba23a19c3","digitalCertThumbprint":"8CAC68AB0961BA80647FC717E64D354B1F3B6286","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=LLC KLEVER, O=LLC KLEVER, STREET=\"Vorontsovskaya St., 19B Et / pom / Kom 1 / I / 1b Rab.M.2\", L=Moscow, PostalCode=109147, C=RU","sourceIndex":"1811","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Google Search: Keylogger","reference":"https://www.actualkeylogger.com/","landingPage":"https://www.actualkeylogger.com/","directDownloadingLink":"https://actualsecure.net/setup_actual.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://actualsecure.net/setup_actual.exe","sourceIndex":"1811"}],"sampleFiles":["211011/ActualKeylogger-201211/8.5.33/Samples/akl.exe","211011/ActualKeylogger-201211/8.5.33/Samples/setup_actual_keylogger.exe","211011/ActualKeylogger-201211/8.5.33/Samples/spmm.exe","211011/ActualKeylogger-201211/8.5.33/Samples/actualkeylogger [2].exe","211011/ActualKeylogger-201211/8.5.33/Samples/akl [2].exe","211011/ActualKeylogger-201211/8.5.33/Samples/spmm [2].exe"],"imageFiles":["211011/ActualKeylogger-201211/8.5.33/Images/ACR-084/Actual Keylogger_Interactions [3].png","211011/ActualKeylogger-201211/8.5.33/Images/ACR-084/Actual Keylogger_Interactions [1].png","211011/ActualKeylogger-201211/8.5.33/Images/ACR-086/Actual Keylogger_Interactions [4].png","211011/ActualKeylogger-201211/8.5.33/Images/ACR-086/Actual Keylogger_Settings [6].png","211011/ActualKeylogger-201211/8.5.33/Images/ACR-086/Actual Keylogger_Settings [7].png","211011/ActualKeylogger-201211/8.5.33/Images/ACR-086/Actual Keylogger_Interactions [3].png","211011/ActualKeylogger-201211/8.5.33/Images/ACR-097/Actual Keylogger_DownloadPage [1].png","211011/ActualKeylogger-201211/8.5.33/Images/ACR-097/Actual Keylogger_DownloadPage [2].png","211011/ActualKeylogger-201211/8.5.33/Images/ACR-097/Actual Keylogger_DownloadPage [3].png","211011/ActualKeylogger-201211/8.5.33/Images/ACR-048/Actual Keylogger_Interactions [3].png","211011/ActualKeylogger-201211/8.5.33/Images/ACR-048/Actual Keylogger_RunningProcess [1].png","211011/ActualKeylogger-201211/8.5.33/Images/ACR-007/Actual Keylogger_Interactions [1].png","211011/ActualKeylogger-201211/8.5.33/Images/ACR-007/Actual Keylogger_Interactions [3].png"],"nonDeceptorImageFiles":["211011/ActualKeylogger-201211/8.5.33/Images/ACR-038/Actual Keylogger_FileProperty [1].png","211011/ActualKeylogger-201211/8.5.33/Images/ACR-038/Actual Keylogger_FileProperty [2].png","211011/ActualKeylogger-201211/8.5.33/Images/ACR-040/Actual Keylogger_Files [1].png","211011/ActualKeylogger-201211/8.5.33/Images/ACR-040/Actual Keylogger_Files [2].png","211011/ActualKeylogger-201211/8.5.33/Images/ACR-065/Actual Keylogger_Install [1].png","211011/ActualKeylogger-201211/8.5.33/Images/ACR-065/Actual Keylogger_Install [2].png","211011/ActualKeylogger-201211/8.5.33/Images/ACR-065/Actual Keylogger_Install [3].png","211011/ActualKeylogger-201211/8.5.33/Images/ACR-065/Actual Keylogger_Install [4].png","211011/ActualKeylogger-201211/8.5.33/Images/ACR-065/Actual Keylogger_About [1].png","211011/ActualKeylogger-201211/8.5.33/Images/ACR-099/Actual Keylogger_About [1].png","211011/ActualKeylogger-201211/8.5.33/Images/ACR-065/Actual Keylogger_LandingPage [1].png","211011/ActualKeylogger-201211/8.5.33/Images/ACR-099/Actual Keylogger_LandingPage [1].png","211011/ActualKeylogger-201211/8.5.33/Images/ACR-065/Actual Keylogger_OfferPage [1].png","211011/ActualKeylogger-201211/8.5.33/Images/ACR-099/Actual Keylogger_OfferPage [1].png"],"guid":"caa7d7c8-e52c-4758-a606-09bfb1126dfe_8.5.33_1","appID":"ActualKeylogger-201211","dateAdded":"240307","deceptorType":"App","name":"Actual Keylogger ","company":"Actual Keylogger Software","version":"8.5.33","sigName":"Deceptor:Win32/ActualKeylogger!084086097048007","lastKnownStatus":"5.5.18;8.5.31;8.5.33;8.6.15","lastKnownDate":"240307","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Adults only","monetization":"paid,up-sell to paid","lastUpdate":"2024-03-07T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":5,"sortOrder":695},{"violations":{"ACR-048":"The app is always running in the background and requires a hotkey to be opened, which limits the consumer's ability to close the app.\n","ACR-007":"The app does not explicit notification to the targeted consumer when it is running. It also requires a hotkey and a password to open it.\n","ACR-084":"The app enables the consumer to require a password and hotkey to open it.\n","ACR-086":"The app does not inform the targeted consumer how it collects or transmits user data, as it hides from them using a hotkey and password.\n","ACR-097":"Before downloading the installer, the app site prompts the user to disable anti-virus and add “C:\\ProgramData\\Security Monitor” in the exclusion list in order to prevent detection.\n"},"nonDeceptorViolations":{"ACR-038":"The app does not disclose the Original filename, Company name, Product name, Product version, File version for all the executables.\n","ACR-040":"The app is installed in a hidden folder \"ProgramData\".\n","ACR-065":"The install does not display links to the Returns and Cancellation Policy or the Privacy Policy. \nThe app does not display links to the EULA or Terms of Service, the Returns and Cancellation Policy or the Privacy Policy. \nThe landing page does not display links to the EULA or Terms of Service,  or the Returns and Cancellation Policy or the Privacy Policy.\nThe internal offer page does not display links to the EULA or Terms of Service,  or the Returns and Cancellation Policy or the Privacy Policy.\n","ACR-099":"The app does not display links to uninstall information. \nThe landing page does not display links to uninstall information. \nThe internal offers page does not display links to uninstall information.\n","ACR-037":"The application has no Privacy Policy.\n","ACR-167":"The application's has no mention of a 30 days refund policy.\n"},"samples":[{"isRevoked":"False","fileName":"actualkeylogger.exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"c0af14def598f9ac0a57e5862dd3029a","hashSHA1":"a28137cd5919e7d0bd05f30a5c9ed5c287ea6961","hashSHA256":"16893081b73bff4df7ed8f3f48a18eb2ed32c7d055ded87695cccd3be07b0f8a","digitalCertThumbprint":"7EC79998CC60F60CBCF8C5287C888C619CEB74E7","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Craft LLC, O=Craft LLC, STREET=\"Melkombinatovsky travel, 8a5 office;1st floor\", L=Kirov, S=Kirov Region, PostalCode=610017, C=RU","sourceIndex":"2031","avBlockList":["360 Total Security (20210601)","Avast Premium Security (20210601)","AVG Internet Security (20210601)","Avira Internet Security (20210601)","Bitdefender Internet Security (20210601)","Dr.Web Security Space (20210601)","ESET Internet Security (20210601)","G DATA INTERNET SECURITY (20210601)","K7 Total Security (20210601)","Kaspersky Internet Security (20210601)","Malwarebytes Premium (20210601)","McAfee Total Protection (20210601)","Norton Security (20210601)","Panda Dome (20210601)","Quick Heal Internet Security (20210601)","Sophos Home Premium (20210601)","SpyHunter5 (20210601)","Tencent PC Manager (20210601)","Total AV Antivirus Pro (20210601)","Trend Micro Internet Security (20210601)","VIPRE Advanced Security (20210601)","VirIT eXplorer PRO (20210601)","Webroot SecureAnywhere (20210601)","Windows Defender (20210601)"],"avAllowList":["COMODO Antivirus (20210601)"]},{"isRevoked":"False","fileName":"akl.exe","fileVersion":"1.0","hashMD5":"e1e045246b209b90538e517116b02ec3","hashSHA1":"8803c06637b78d45cd539028d3e913bca9a3670c","hashSHA256":"7c28490e5e06805a8fcccad7db1666d6c11322c3503ef0a4e89a1c66fcec4ae9","digitalCertThumbprint":"7EC79998CC60F60CBCF8C5287C888C619CEB74E7","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Craft LLC, O=Craft LLC, STREET=\"Melkombinatovsky travel, 8a5 office;1st floor\", L=Kirov, S=Kirov Region, PostalCode=610017, C=RU","sourceIndex":"2031","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"spmm.exe","fileVersion":"0.0","hashMD5":"8b80534a95a1d13ef0b9a5b28c0e9d14","hashSHA1":"5909d225e158598aaf1edbf6da4ab925dbd5b299","hashSHA256":"77538755f7c3afbc8ae6e1f27b8452e27104c9d050d757d963569f4d0caf47e6","digitalCertThumbprint":"7EC79998CC60F60CBCF8C5287C888C619CEB74E7","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Craft LLC, O=Craft LLC, STREET=\"Melkombinatovsky travel, 8a5 office;1st floor\", L=Kirov, S=Kirov Region, PostalCode=610017, C=RU","sourceIndex":"2031","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Google Search: Keylogger","reference":"https://www.actualkeylogger.com/","landingPage":"https://www.actualkeylogger.com/","directDownloadingLink":"https://actualsecure.net/download/actual/actualkeylogger.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://actualsecure.net/download/actual/actualkeylogger.exe","sourceIndex":"2031"}],"sampleFiles":["201214/ActualKeylogger-201211/5.5.18/Samples/actualkeylogger.exe","201214/ActualKeylogger-201211/5.5.18/Samples/akl.exe","201214/ActualKeylogger-201211/5.5.18/Samples/spmm.exe"],"imageFiles":["201214/ActualKeylogger-201211/5.5.18/Images/ACR-084/Actual Keylogger_Interactions [4].png","201214/ActualKeylogger-201211/5.5.18/Images/ACR-086/Actual Keylogger_Interactions [4].png","201214/ActualKeylogger-201211/5.5.18/Images/ACR-086/Actual Keylogger_ Wizard [2].png","201214/ActualKeylogger-201211/5.5.18/Images/ACR-086/Actual Keylogger_ Wizard [9].png","201214/ActualKeylogger-201211/5.5.18/Images/ACR-097/Actual Keylogger_DownloadPage [1].png","201214/ActualKeylogger-201211/5.5.18/Images/ACR-097/Actual Keylogger_DownloadPage [2].png","201214/ActualKeylogger-201211/5.5.18/Images/ACR-097/Actual Keylogger_DownloadPage [3].png","201214/ActualKeylogger-201211/5.5.18/Images/ACR-048/Actual Keylogger_RunningProcess [1].png","201214/ActualKeylogger-201211/5.5.18/Images/ACR-048/Actual Keylogger_Interactions [4].png","201214/ActualKeylogger-201211/5.5.18/Images/ACR-007/Actual Keylogger_Interactions [2].png","201214/ActualKeylogger-201211/5.5.18/Images/ACR-007/Actual Keylogger_Interactions [4].png"],"nonDeceptorImageFiles":["201214/ActualKeylogger-201211/5.5.18/Images/ACR-038/Actual Keylogger_FileProperty [1].png","201214/ActualKeylogger-201211/5.5.18/Images/ACR-038/Actual Keylogger_FileProperty [2].png","201214/ActualKeylogger-201211/5.5.18/Images/ACR-040/Actual Keylogger_Files [1].png","201214/ActualKeylogger-201211/5.5.18/Images/ACR-040/Actual Keylogger_Files [2].png","201214/ActualKeylogger-201211/5.5.18/Images/ACR-065/Actual Keylogger_Install [1].png","201214/ActualKeylogger-201211/5.5.18/Images/ACR-065/Actual Keylogger_Install [2].png","201214/ActualKeylogger-201211/5.5.18/Images/ACR-065/Actual Keylogger_Install [3].png","201214/ActualKeylogger-201211/5.5.18/Images/ACR-065/Actual Keylogger_ About [1].png","201214/ActualKeylogger-201211/5.5.18/Images/ACR-099/Actual Keylogger_ About [1].png","201214/ActualKeylogger-201211/5.5.18/Images/ACR-065/Actual Keylogger_LandingPage [1].png","201214/ActualKeylogger-201211/5.5.18/Images/ACR-099/Actual Keylogger_LandingPage [1].png","201214/ActualKeylogger-201211/5.5.18/Images/ACR-065/Actual Keylogger_OfferPage [1].png","201214/ActualKeylogger-201211/5.5.18/Images/ACR-099/Actual Keylogger_OfferPage [1].png"],"guid":"caa7d7c8-e52c-4758-a606-09bfb1126dfe_5.5.18_1","appID":"ActualKeylogger-201211","dateAdded":"240307","deceptorType":"App","name":"Actual Keylogger ","company":"Actual Keylogger Software","version":"5.5.18","sigName":"Deceptor:Win32/ActualKeyloggerStalkerware!084086097048007","lastKnownStatus":"5.5.18;8.5.31;8.5.33;8.6.15","lastKnownDate":"240307","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Adults only","monetization":"paid,up-sell to paid","lastUpdate":"2024-03-07T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":5,"sortOrder":697},{"violations":{"ACR-048":"The app is always running in the background and requires a hotkey to be opened, which limits the consumer's ability to close the app.\n","ACR-007":"The app does not explicit notification to the targeted consumer when it is running and it allows the consumer to enable stealth mode. It also requires a hotkey and a password to open it.\n","ACR-084":"The app enables the consumer to install it in \"Stealth Mode\", which hides all app icons and notifications. It also enables the consumer to require a password and hotkey to open it.\n","ACR-086":"The app does not inform the targeted consumer how it collects or transmits user data, as it hides from them using a hotkey and password.\n","ACR-097":"Before downloading the installer, the app site prompts the user to disable anti-virus and add “C:\\ProgramData\\Security Monitor” in the exclusion list in order to prevent detection.\n"},"nonDeceptorViolations":{"ACR-038":"The app does not disclose the Original filename, Company name, Product name, Product version, File version for all the executables.\n","ACR-040":"The app is installed in a hidden folder \"ProgramData\".\n","ACR-065":"The install wizard does not display links to the Returns and Cancellation Policy or the Privacy Policy. \nThe app does not display links to the EULA or Terms of Service, the Returns and Cancellation Policy or the Privacy Policy. \nThe landing page does not display links to the EULA or Terms of Service,  or the Returns and Cancellation Policy or the Privacy Policy.\nThe internal offer page does not display links to the EULA or Terms of Service,  or the Returns and Cancellation Policy or the Privacy Policy.\n","ACR-099":"The app does not display links to uninstall information. \nThe landing page does not display links to uninstall information. \nThe internal offers page does not display links to uninstall information.\n","ACR-035":"No EULA/Terms of Service, Returns and Cancellation Policy or Privacy Policy is provided for the app.\n","ACR-036":"No EULA/Terms of Service, Returns and Cancellation Policy or Privacy Policy is provided for the app.\n","ACR-037":"No Privacy Policy is provided for the app.\n","ACR-167":"The application's has no mention of a 30 days refund policy.\n"},"samples":[{"isRevoked":"False","fileName":"spmm.exe","fileVersion":"0.0","hashMD5":"82578a6a97b63a4125300387753ee6e8","hashSHA1":"4991e6b2139ae1ded591ab78d0bbdbec7b7db2dd","hashSHA256":"bf53a6eb459534d7dade4247a848f5081cf175134427489be3b1c6362883e1ed","digitalCertThumbprint":"E1229BACFDF8FE16488BDAC52A2330EA301CB63C","digitalCertIssuer":"CN=thawte SHA256 Code Signing CA, O=\"thawte, Inc.\", C=US","digitalCertIssuedTo":"L=Truro, CN=Clever Security Software Ltd, O=Clever Security Software Ltd, C=GB","sourceIndex":"1904","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"actualkeylogger.exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"c07a4d26028191c396c1d72d3990f76c","hashSHA1":"aa332bbeaf19b9778afe2e986379cb55d14c8a6b","hashSHA256":"d18fa15fe28e764a4565be81c78382fcf84f31b665f538142551198e9b355cac","digitalCertThumbprint":"E1229BACFDF8FE16488BDAC52A2330EA301CB63C","digitalCertIssuer":"CN=thawte SHA256 Code Signing CA, O=\"thawte, Inc.\", C=US","digitalCertIssuedTo":"L=Truro, CN=Clever Security Software Ltd, O=Clever Security Software Ltd, C=GB","sourceIndex":"1904","avBlockList":["360 Total Security (20240625)","Avast Premium Security (20240625)","AVG Internet Security (20240625)","Avira Internet Security (20240625)","Bitdefender Internet Security (20240625)","COMODO Antivirus (20240625)","Dr.Web Security Space (20240625)","ESET Internet Security (20240625)","G DATA INTERNET SECURITY (20240625)","K7 Total Security (20240625)","Kaspersky Internet Security (20240625)","Malwarebytes Premium (20240625)","McAfee Total Protection (20240625)","Norton Security (20240625)","Panda Dome (20240625)","Quick Heal Internet Security (20240625)","Sophos Home Premium (20240625)","SpyHunter5 (20240625)","Tencent PC Manager (20211207)","Total AV Antivirus Pro (20240625)","Trend Micro Internet Security (20240625)","VIPRE Advanced Security (20240625)","Webroot SecureAnywhere (20240625)","VirIT eXplorer PRO (20240625)"],"avAllowList":["Windows Defender (20240625)"]},{"isRevoked":"False","fileName":"akl.exe","fileVersion":"1.0","hashMD5":"57f03a1721a15cc29a7c5e4add440272","hashSHA1":"07f840d53ae4bf6c84d39da3ca215335f915efa4","hashSHA256":"a3b08fbe1c2040ce8f8f7d33ad9967c539a3a50b3d4164a53e4683d02b6093df","digitalCertThumbprint":"E1229BACFDF8FE16488BDAC52A2330EA301CB63C","digitalCertIssuer":"CN=thawte SHA256 Code Signing CA, O=\"thawte, Inc.\", C=US","digitalCertIssuedTo":"L=Truro, CN=Clever Security Software Ltd, O=Clever Security Software Ltd, C=GB","sourceIndex":"1904","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"actualkeylogger [2].exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"ddb0c58f6e2ebb5cbda29453c26f3392","hashSHA1":"bc8319a9ad77dc05c31a236687e0d9d63c104401","hashSHA256":"4b00032f66ca48c3d799142784243744adeb5490c7e0e2d4e4f4681ac5745005","digitalCertThumbprint":"8CAC68AB0961BA80647FC717E64D354B1F3B6286","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=LLC KLEVER, O=LLC KLEVER, STREET=\"Vorontsovskaya St., 19B Et / pom / Kom 1 / I / 1b Rab.M.2\", L=Moscow, PostalCode=109147, C=RU","sourceIndex":"1904","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"akl [2].exe","fileVersion":"0.0","hashMD5":"a1f8806662c1ea4ddb1aa665c59284a7","hashSHA1":"087cf88e35a63fcfe07d36650847d5da92fe1ec4","hashSHA256":"84cc50118eecd87e1b34aa1070f9a40b086628787a8ce4924899b01ce75842fc","sourceIndex":"1904","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"spmm [2].exe","fileVersion":"0.0","hashMD5":"137e35a9b49a65aae6b65c066975b38e","hashSHA1":"a96c786344bbf0f9b34f7ab434072990d5ccb888","hashSHA256":"573da7866aaa77e24eea9a0bff125fbe230937b5c6e396fcc6c2fce5edd0a9bf","sourceIndex":"1904","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Google Search: Keylogger","reference":"https://www.actualkeylogger.com/","landingPage":"https://www.actualkeylogger.com/","directDownloadingLink":"https://actualsecure.net/download/actual/actualkeylogger.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://actualsecure.net/download/actual/actualkeylogger.exe","sourceIndex":"1904"}],"sampleFiles":["210603/ActualKeylogger-201211/8.5.31/Samples/spmm.exe","210603/ActualKeylogger-201211/8.5.31/Samples/actualkeylogger.exe","210603/ActualKeylogger-201211/8.5.31/Samples/akl.exe","210603/ActualKeylogger-201211/8.5.31/Samples/actualkeylogger [2].exe","210603/ActualKeylogger-201211/8.5.31/Samples/akl [2].exe","210603/ActualKeylogger-201211/8.5.31/Samples/spmm [2].exe"],"imageFiles":["210603/ActualKeylogger-201211/8.5.31/Images/ACR-084/Actual Keylogger_Interactions [7]_.png","210603/ActualKeylogger-201211/8.5.31/Images/ACR-084/Actual Keylogger_Interactions [8].png","210603/ActualKeylogger-201211/8.5.31/Images/ACR-086/Actual Keylogger_Interactions [2].png","210603/ActualKeylogger-201211/8.5.31/Images/ACR-086/Actual Keylogger_Interactions [3].png","210603/ActualKeylogger-201211/8.5.31/Images/ACR-086/Actual Keylogger_Interactions [8].png","210603/ActualKeylogger-201211/8.5.31/Images/ACR-097/Actual Keylogger_LandingPage [2].png","210603/ActualKeylogger-201211/8.5.31/Images/ACR-097/Actual Keylogger_LandingPage [3].png","210603/ActualKeylogger-201211/8.5.31/Images/ACR-097/Actual Keylogger_LandingPage [4].png","210603/ActualKeylogger-201211/8.5.31/Images/ACR-048/Actual Keylogger_RunningProcess [1].png","210603/ActualKeylogger-201211/8.5.31/Images/ACR-048/Actual Keylogger_Interactions [8].png","210603/ActualKeylogger-201211/8.5.31/Images/ACR-007/Actual Keylogger_Interactions [2].png","210603/ActualKeylogger-201211/8.5.31/Images/ACR-007/Actual Keylogger_Interactions [7]_.png","210603/ActualKeylogger-201211/8.5.31/Images/ACR-007/Actual Keylogger_Interactions [8].png"],"nonDeceptorImageFiles":["210603/ActualKeylogger-201211/8.5.31/Images/ACR-038/Actual Keylogger_FileProperty [1].png","210603/ActualKeylogger-201211/8.5.31/Images/ACR-038/Actual Keylogger_FileProperty [2].png","210603/ActualKeylogger-201211/8.5.31/Images/ACR-040/Actual Keylogger_HiddenDirectory [1].png","210603/ActualKeylogger-201211/8.5.31/Images/ACR-040/Actual Keylogger_HiddenDirectory [2].png","210603/ActualKeylogger-201211/8.5.31/Images/ACR-065/Actual Keylogger_Install [1].png","210603/ActualKeylogger-201211/8.5.31/Images/ACR-065/Actual Keylogger_Install [2].png","210603/ActualKeylogger-201211/8.5.31/Images/ACR-065/Actual Keylogger_Install [3].png","210603/ActualKeylogger-201211/8.5.31/Images/ACR-065/Actual Keylogger_Install [5].png","210603/ActualKeylogger-201211/8.5.31/Images/ACR-065/Actual Keylogger_About [1].png","210603/ActualKeylogger-201211/8.5.31/Images/ACR-099/Actual Keylogger_About [1].png","210603/ActualKeylogger-201211/8.5.31/Images/ACR-065/Actual Keylogger_LandingPage [1].png","210603/ActualKeylogger-201211/8.5.31/Images/ACR-099/Actual Keylogger_LandingPage [1].png","210603/ActualKeylogger-201211/8.5.31/Images/ACR-065/Actual Keylogger_OfferPage [1].png","210603/ActualKeylogger-201211/8.5.31/Images/ACR-099/Actual Keylogger_OfferPage [1].png"],"guid":"caa7d7c8-e52c-4758-a606-09bfb1126dfe_8.5.31_1","appID":"ActualKeylogger-201211","dateAdded":"240307","deceptorType":"App","name":"Actual Keylogger ","company":"Actual Keylogger Software","version":"8.5.31","lastKnownStatus":"5.5.18;8.5.31;8.5.33;8.6.15","lastKnownDate":"240307","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Adults only","monetization":"paid,up-sell to paid","lastUpdate":"2024-03-07T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":5,"sortOrder":696},{"violations":{"ACR-048":"The app enables the consumer to hide the app from the installed app list, which prevents it from being uninstalled easily.\n","ACR-007":"The app enables the consumer to hide it from the system tray, the desktop, and the installed apps list, which prevents the targeted consumer from being aware of the app's presence.\n","ACR-084":"The app enables the user to hide the app from the system tray, the desktop, and the installed program list.\n","ACR-086":"The app does not inform the targeted consumer who it is transmitting data to or what data it is collecting.\n","ACR-116":"The app enables the consumer to hide it from the installed apps list.\n","ACR-014":"App changes its name to \"System Component\" inside the task manager, which misleads the targeted consumer.\n"},"nonDeceptorViolations":{"ACR-065":"The install does not display links to the Returns and Cancellation Policy or the Privacy Policy.\nThe app does not display links to the EULA, the Returns and Cancellation Policy, or the Privacy Policy.\nThe internal offers page does not display links to the EULA, the Returns and Cancellation Policy, or the Privacy Policy.\n","ACR-161":"The landing page displays unverifiable testimonials.\n","ACR-082":"The app enables the user to violate many laws.\n","ACR-099":"The app does not display links to uninstall information.\nThe landing page does not display links to uninstall information.\nThe internal offers page does not display links to uninstall information.\n","ACR-167":"The app only provides a 14-day refund policy and not a 30-day refund policy.\n"},"samples":[{"isRevoked":"False","fileName":"spm_setup.exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"f4a6fee6e9bac4ef5e72c218108ab030","hashSHA1":"0d6d26faea9c0d63715a7519cf50ef51f4cef1f2","hashSHA256":"1ef13e6d62feea893c9b9615c962cf39ee2ca849e18eb6828fef2e9ed3923a22","digitalCertThumbprint":"5FA46108758D76666A521B3ACB0F207778B73F7B","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Clever Security Software Ltd, OU=Security, O=Clever Security Software Ltd, STREET=Chynoweth House, L=Blackwater, S=Truro, PostalCode=TR4 8UN, C=GB","sourceIndex":"2536","avBlockList":["360 Total Security (20240516)","Avast Internet Security (20200224)","AVG Internet Security (20240516)","Avira Internet Security (20240516)","Bitdefender Internet Security (20240516)","COMODO Antivirus (20240516)","Dr.Web Security Space (20240516)","ESET Internet Security (20240516)","G DATA INTERNET SECURITY (20240516)","K7 Total Security (20240516)","Malwarebytes Premium (20240516)","McAfee Total Protection (20240516)","Norton Security (20240516)","Panda Dome (20240516)","Quick Heal Internet Security (20240516)","Sophos Home Premium (20240516)","SpyHunter5 (20240516)","Tencent PC Manager (20210527)","VIPRE Advanced Security (20240516)","VirIT eXplorer PRO (20240516)","Webroot SecureAnywhere (20240516)","Windows Defender (20240516)","Kaspersky Internet Security (20240516)","Avast Premium Security (20240516)","Total AV Antivirus Pro (20240516)"],"avAllowList":["Trend Micro Internet Security (20240516)"]},{"isRevoked":"False","fileName":"sime64.exe","fileVersion":"1.0","hashMD5":"bffde5b3b7e3cc7ccf1014a81eee8dc6","hashSHA1":"0ec575b4028732348e4d1892773683b7c4ae1034","hashSHA256":"334ab2ab8d1cc6e10cc8bbaed583620dd2effb7c3411b2419045c4273f084c4b","digitalCertThumbprint":"5FA46108758D76666A521B3ACB0F207778B73F7B","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Clever Security Software Ltd, OU=Security, O=Clever Security Software Ltd, STREET=Chynoweth House, L=Blackwater, S=Truro, PostalCode=TR4 8UN, C=GB","sourceIndex":"2536","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"spm.exe","fileVersion":"1.0","hashMD5":"a26da15eb634b0ee6369086b49d42cdc","hashSHA1":"1908d2277e7c9c82824881bbb5e6391da02b186a","hashSHA256":"529a83255d2dbd9adcc1d28020cc9f18550eda6b2d935474fbb37d359af0c12d","digitalCertThumbprint":"5FA46108758D76666A521B3ACB0F207778B73F7B","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Clever Security Software Ltd, OU=Security, O=Clever Security Software Ltd, STREET=Chynoweth House, L=Blackwater, S=Truro, PostalCode=TR4 8UN, C=GB","sourceIndex":"2536","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"spmm.exe","fileVersion":"0.0","hashMD5":"26f31f9afcef876e65a59db367785e16","hashSHA1":"594c411fc487f4118e98b7332786be5ed299d192","hashSHA256":"ba6369bc539ca4c2352ad855cecb6d597d915c362f7f3a65020c7c3efce4f3aa","digitalCertThumbprint":"5FA46108758D76666A521B3ACB0F207778B73F7B","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Clever Security Software Ltd, OU=Security, O=Clever Security Software Ltd, STREET=Chynoweth House, L=Blackwater, S=Truro, PostalCode=TR4 8UN, C=GB","sourceIndex":"2536","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"sps.exe","fileVersion":"1.0","hashMD5":"6a21267b0f84f7b292f5126072411f74","hashSHA1":"b7990bd233dc5941c2f55b2f4c8b688c422645a1","hashSHA256":"5870d70d4334fcb1c30b8471fe4255faea0559bf51152a370145b9dfa6569029","digitalCertThumbprint":"5FA46108758D76666A521B3ACB0F207778B73F7B","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Clever Security Software Ltd, OU=Security, O=Clever Security Software Ltd, STREET=Chynoweth House, L=Blackwater, S=Truro, PostalCode=TR4 8UN, C=GB","sourceIndex":"2536","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"Hunt.Search","landingPage":"http://www.spyrix.com/","directDownloadingLink":"secursprx.com/download/spm/spm_setup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"secursprx.com/download/spm/spm_setup.exe","sourceIndex":"2536"}],"sampleFiles":["200214/Spyrix-191025/11.5.2/Samples/spm_setup.exe","200214/Spyrix-191025/11.5.2/Samples/sime64.exe","200214/Spyrix-191025/11.5.2/Samples/spm.exe","200214/Spyrix-191025/11.5.2/Samples/spmm.exe","200214/Spyrix-191025/11.5.2/Samples/sps.exe"],"imageFiles":["200214/Spyrix-191025/11.5.2/Images/ACR-048/Spyrix Uninstall Attempt.png","200214/Spyrix-191025/11.5.2/Images/ACR-048/Spyrix Hide App Fixed.png","200214/Spyrix-191025/11.5.2/Images/ACR-048/Spyrix Hide App.png","200214/Spyrix-191025/11.5.2/Images/ACR-007/Spyrix Hide App Fixed.png","200214/Spyrix-191025/11.5.2/Images/ACR-007/Spyrix Hide App.png","200214/Spyrix-191025/11.5.2/Images/ACR-014/Spyrix Different Name System Component.png","200214/Spyrix-191025/11.5.2/Images/ACR-014/Picture6.png","200214/Spyrix-191025/11.5.2/Images/ACR-084/Spyrix Hide App Fixed.png","200214/Spyrix-191025/11.5.2/Images/ACR-084/Spyrix Hide App.png","200214/Spyrix-191025/11.5.2/Images/ACR-084/Picture3.png","200214/Spyrix-191025/11.5.2/Images/ACR-086/Spyrix Monitorinh.png","200214/Spyrix-191025/11.5.2/Images/ACR-086/Spyrix Hide App Fixed.png","200214/Spyrix-191025/11.5.2/Images/ACR-086/Spyrix Hide App.png","200214/Spyrix-191025/11.5.2/Images/ACR-086/Picture4.png","200214/Spyrix-191025/11.5.2/Images/ACR-116/Spyrix Uninstall Attempt.png","200214/Spyrix-191025/11.5.2/Images/ACR-116/Spyrix Hide App Fixed.png","200214/Spyrix-191025/11.5.2/Images/ACR-116/Spyrix Hide App.png"],"nonDeceptorImageFiles":["200214/Spyrix-191025/11.5.2/Images/ACR-099/Spyrix About Page.png","200214/Spyrix-191025/11.5.2/Images/ACR-099/Spyrix Bottom of Landing Page.png","200214/Spyrix-191025/11.5.2/Images/ACR-099/Spyrix Bottom of Internal Offers.png","200214/Spyrix-191025/11.5.2/Images/ACR-082/Spyrix Disclaimer.png","200214/Spyrix-191025/11.5.2/Images/ACR-082/Picture9.png","200214/Spyrix-191025/11.5.2/Images/ACR-167/Spyrix Refund Policy.png","200214/Spyrix-191025/11.5.2/Images/ACR-161/Spyrix Testimonials.png","200214/Spyrix-191025/11.5.2/Images/ACR-065/Spyrix EULA.png","200214/Spyrix-191025/11.5.2/Images/ACR-065/picture5.png","200214/Spyrix-191025/11.5.2/Images/ACR-065/Spyrix About Page.png","200214/Spyrix-191025/11.5.2/Images/ACR-065/Spyrix Bottom of Internal Offers.png","200214/Spyrix-191025/11.5.2/Images/ACR-065/Spyrix Internal Offers Top.png"],"guid":"0028385f-ef94-4496-81c2-fc3792e5ca9a_11.5.2_1","appID":"Spyrix-191025","dateAdded":"240306","deceptorType":"App","name":"Spyrix Personal Monitor","company":"Spyrix Security Inc.","version":"11.5.2","sigName":"Deceptor:Win32/SpyrixPersonalMonitor!048007014084086116 ","lastKnownStatus":"11.5.2;11.5.21;11.5.18;11.5.30;11.5.31;11.5.34;11.6.11;11.6.12;11.6.15","lastKnownDate":"240306","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 10,Windows 8,Windows 7","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Adults only","monetization":"up-sell to paid","lastUpdate":"2024-03-06T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":10,"sortOrder":706},{"violations":{"ACR-048":"The app does not provide a clear way to enable/disable borrowing activity. \n","ACR-007":"The app does not obtain user explicit consent which reduces the consumer's security posture caused by sharing internet resources. \nThe app does not display explicit notification about the potential risk in security posture caused by sharing resources.\n","ACR-084":"The app does not clearly indicate sharing activity.\n"},"nonDeceptorViolations":{"ACR-098":"The app needs to provide control to adjust the schedule and rate of borrowing while the \"Clear Play Tube\" is running.\n"},"samples":[{"isRevoked":"False","fileName":"clearplaytube-setup.exe","isInstaller":"True","companyName":"Clear Play Tube LLC                                         ","fileVersion":"0.0","hashMD5":"b17615246c8ef5b7ba8c09ae7f0835ff","hashSHA1":"02724f40d7bbc1a9e1b6216ad73e396991a0ba98","hashSHA256":"f6cf1faeb1aee5e96ddce1adab3736e4391f12ff26e22805f3d3769b766a2d32","digitalCertThumbprint":"F25177C5DDD6A1BDD9119FB81B9A5356B28491B3","digitalCertIssuer":"CN=SSL.com EV Code Signing Intermediate CA RSA R3, O=SSL Corp, L=Houston, S=Texas, C=US","digitalCertIssuedTo":"OID.1.3.6.1.4.1.311.60.2.1.3=GB, OID.2.5.4.15=Private Organization, CN=CITRUS PR LTD, SERIALNUMBER=14299326, O=CITRUS PR LTD, L=London, S=England, C=GB","sourceIndex":"720","avBlockList":["360 Total Security (20240620)","Avast Premium Security (20240620)","AVG Internet Security (20240620)","Avira Internet Security (20240620)","Bitdefender Internet Security (20240620)","COMODO Antivirus (20240620)","Dr.Web Security Space (20240620)","ESET Internet Security (20240620)","G DATA INTERNET SECURITY (20240620)","K7 Total Security (20240620)","Kaspersky Internet Security (20240620)","McAfee Total Protection (20240620)","Norton Security (20240620)","Panda Dome (20240620)","Quick Heal Internet Security (20240620)","Sophos Home Premium (20240620)","SpyHunter5 (20240620)","Total AV Antivirus Pro (20240620)","VIPRE Advanced Security (20240620)","VirIT eXplorer PRO (20240620)","Webroot SecureAnywhere (20240620)"],"avAllowList":["Malwarebytes Premium (20240620)","Trend Micro Internet Security (20240620)","Windows Defender (20240620)"]}],"additionalFiles":[],"sources":[{"howFound":"random hunt","reference":"https://clearplaytube.com/","landingPage":"","directDownloadingLink":"https://clearplaytube.com/release/clearplaytube.zip","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://clearplaytube.com/release/clearplaytube.zip","sourceIndex":"720"}],"sampleFiles":["240306/ClearPlayTube-240306/1.0.0/Samples/clearplaytube-setup.exe"],"imageFiles":["240306/ClearPlayTube-240306/1.0.0/Images/ACR-007/ACR-007_Install_1.png","240306/ClearPlayTube-240306/1.0.0/Images/ACR-007/ACR-007_Install_2.png","240306/ClearPlayTube-240306/1.0.0/Images/ACR-084/ACR-084_Software_1.png","240306/ClearPlayTube-240306/1.0.0/Images/ACR-084/ACR-084_Software_2.png","240306/ClearPlayTube-240306/1.0.0/Images/ACR-084/ACR-084_Software_3.png","240306/ClearPlayTube-240306/1.0.0/Images/ACR-048/ACR-048_Software_1.png","240306/ClearPlayTube-240306/1.0.0/Images/ACR-048/ACR-048_Software_2.png","240306/ClearPlayTube-240306/1.0.0/Images/ACR-007/ACR-007_Software_1.png"],"nonDeceptorImageFiles":["240306/ClearPlayTube-240306/1.0.0/Images/ACR-098/ACR-098_Software_1.png","240306/ClearPlayTube-240306/1.0.0/Images/ACR-098/ACR-098_Software_2.png"],"guid":"ae9a4fc3-3251-4bd2-9b4a-c74a50704e75_1.0.0_1","appID":"ClearPlayTube-240306","dateAdded":"240306","deceptorType":"App","name":"Clear Play Tube","company":"Clear Play Tube LLC","version":"1.0.0","lastKnownStatus":"1.0.0","lastKnownDate":"240306","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 10,Windows 11","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Adults only","monetization":"mining","lastUpdate":"2024-03-06T20:01:51.3070231+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":708},{"violations":{"ACR-048":"The app enables the consumer to hide the app from the installed app list, which prevents it from being uninstalled easily.\n","ACR-007":"The app enables the consumer to hide it from the system tray, the desktop, and the installed apps list, which prevents the targeted consumer from being aware of the app's presence.\n","ACR-084":"The app enables the user to hide the app from the system tray, the desktop, and the installed program list.\n","ACR-086":"The app does not inform the targeted consumer who it is transmitting data to or what data it is collecting.\n","ACR-116":"The app enables the consumer to hide it from the installed apps list.\n","ACR-014":"App changes its name to \"System Component\" inside the task manager, which misleads the targeted consumer.\n"},"nonDeceptorViolations":{"ACR-065":"The install does not display links to the Returns and Cancellation Policy or the Privacy Policy.\nThe app does not display links to the EULA, the Returns and Cancellation Policy, or the Privacy Policy.\nThe internal offers page does not display links to the EULA, the Returns and Cancellation Policy, or the Privacy Policy.\n","ACR-161":"The landing page displays unverifiable testimonials.\n","ACR-082":"The app enables the user to violate many laws.\n","ACR-099":"The app does not display links to uninstall information.\nThe landing page does not display links to uninstall information.\nThe internal offers page does not display links to uninstall information.\n","ACR-167":"The app only provides a 14-day refund policy and not a 30-day refund policy.\n"},"samples":[{"isRevoked":"False","fileName":"spm_setup.exe","isInstaller":"True","companyName":"Spyrix Security Inc.                                        ","fileVersion":"11.4","hashMD5":"ee30f7ef4df5740a2fa6675af4b11059","hashSHA1":"0aba836455095879baa8b7725ff729ce8924f63f","hashSHA256":"29b98cda998d0b92dc2ba903eda7a6b95bcac88be32c2252d6cba4162eda8704","digitalCertThumbprint":"5FA46108758D76666A521B3ACB0F207778B73F7B","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Clever Security Software Ltd, OU=Security, O=Clever Security Software Ltd, STREET=Chynoweth House, L=Blackwater, S=Truro, PostalCode=TR4 8UN, C=GB","sourceIndex":"2537","avBlockList":["360 Total Security (20191223)","Avast Internet Security (20191223)","AVG Internet Security (20191223)","Avira Internet Security (20191223)","Bitdefender Internet Security (20191223)","COMODO Antivirus (20191223)","ESET Internet Security (20191223)","G DATA INTERNET SECURITY (20191223)","K7 Total Security (20191223)","Kaspersky Internet Security (20191223)","Malwarebytes Premium (20191223)","McAfee Total Protection (20191223)","Norton Security (20191223)","Panda Dome (20191223)","Quick Heal Internet Security (20191223)","Sophos Home Premium (20191223)","Tencent PC Manager (20191223)","Trend Micro Internet Security (20191223)","VIPRE Advanced Security (20191223)","VirIT eXplorer PRO (20191223)","Webroot SecureAnywhere (20191223)","Windows Defender (20191223)"],"avAllowList":["Dr.Web Security Space (20191223)"]},{"isRevoked":"False","fileName":"spm.exe","fileVersion":"1.0","hashMD5":"048d5f6df63d9583909c11ccef4ed4ba","hashSHA1":"a6b5670c3f343592590111301f72038d5bd3ea45","hashSHA256":"bf4396d6fd7624bed28647ca11bb65dd5cc4ab88ba9f288ccf58c10e47e37af4","digitalCertThumbprint":"5FA46108758D76666A521B3ACB0F207778B73F7B","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Clever Security Software Ltd, OU=Security, O=Clever Security Software Ltd, STREET=Chynoweth House, L=Blackwater, S=Truro, PostalCode=TR4 8UN, C=GB","sourceIndex":"2537","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"spmm.exe","fileVersion":"0.0","hashMD5":"0f49147ad1a2d2c0f8854604c2bd2fa3","hashSHA1":"4475c4b04e9e0682e0e36b702dec2f276f05edb6","hashSHA256":"9b676341fbf58ed5e510962efdfa69bbf0b7a9bd97a761eb3c871adc6016b5b9","digitalCertThumbprint":"5FA46108758D76666A521B3ACB0F207778B73F7B","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Clever Security Software Ltd, OU=Security, O=Clever Security Software Ltd, STREET=Chynoweth House, L=Blackwater, S=Truro, PostalCode=TR4 8UN, C=GB","sourceIndex":"2537","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"sps.exe","fileVersion":"1.0","hashMD5":"12451acca4d142c141912dfa1967ad7c","hashSHA1":"bda73cd83584352a7d971c20af57b180d295e3aa","hashSHA256":"91e904ee1e8e96f0e6e11912c668a2100312b9b78755125d9e179838166d5e39","digitalCertThumbprint":"5FA46108758D76666A521B3ACB0F207778B73F7B","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Clever Security Software Ltd, OU=Security, O=Clever Security Software Ltd, STREET=Chynoweth House, L=Blackwater, S=Truro, PostalCode=TR4 8UN, C=GB","sourceIndex":"2537","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"sime64.exe","fileVersion":"1.0","hashMD5":"607798ee9c78eaa89e69035a9d40405b","hashSHA1":"72e85d0bff965420a4aaa4998337d1dd22a84808","hashSHA256":"eca3dd22674c29268a60621d127e5980ad8128817fb23b8ad25addd62127d73d","digitalCertThumbprint":"5FA46108758D76666A521B3ACB0F207778B73F7B","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Clever Security Software Ltd, OU=Security, O=Clever Security Software Ltd, STREET=Chynoweth House, L=Blackwater, S=Truro, PostalCode=TR4 8UN, C=GB","sourceIndex":"2537","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"Hunt.Search","landingPage":"http://www.spyrix.com/","directDownloadingLink":"secursprx.com/downloads/spm_setup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"secursprx.com/downloads/spm_setup.exe","sourceIndex":"2537"}],"sampleFiles":["200214/Spyrix-191025/11.4.6/Samples/spm_setup.exe","200214/Spyrix-191025/11.4.6/Samples/spm.exe","200214/Spyrix-191025/11.4.6/Samples/spmm.exe","200214/Spyrix-191025/11.4.6/Samples/sps.exe","200214/Spyrix-191025/11.4.6/Samples/sime64.exe"],"imageFiles":["200214/Spyrix-191025/11.4.6/Images/ACR-048/Spyrix Uninstall Attempt.png","200214/Spyrix-191025/11.4.6/Images/ACR-048/Spyrix Hide App Fixed.png","200214/Spyrix-191025/11.4.6/Images/ACR-048/Spyrix Hide App.png","200214/Spyrix-191025/11.4.6/Images/ACR-007/Spyrix Hide App Fixed.png","200214/Spyrix-191025/11.4.6/Images/ACR-007/Spyrix Hide App.png","200214/Spyrix-191025/11.4.6/Images/ACR-014/Spyrix Different Name System Component.png","200214/Spyrix-191025/11.4.6/Images/ACR-084/Spyrix Hide App Fixed.png","200214/Spyrix-191025/11.4.6/Images/ACR-084/Spyrix Hide App.png","200214/Spyrix-191025/11.4.6/Images/ACR-086/Spyrix Monitorinh.png","200214/Spyrix-191025/11.4.6/Images/ACR-086/Spyrix Hide App Fixed.png","200214/Spyrix-191025/11.4.6/Images/ACR-086/Spyrix Hide App.png","200214/Spyrix-191025/11.4.6/Images/ACR-116/Spyrix Uninstall Attempt.png","200214/Spyrix-191025/11.4.6/Images/ACR-116/Spyrix Hide App Fixed.png","200214/Spyrix-191025/11.4.6/Images/ACR-116/Spyrix Hide App.png"],"nonDeceptorImageFiles":["200214/Spyrix-191025/11.4.6/Images/ACR-099/Spyrix About Page.png","200214/Spyrix-191025/11.4.6/Images/ACR-099/Spyrix Bottom of Landing Page.png","200214/Spyrix-191025/11.4.6/Images/ACR-099/Spyrix Bottom of Internal Offers.png","200214/Spyrix-191025/11.4.6/Images/ACR-082/Spyrix Disclaimer.png","200214/Spyrix-191025/11.4.6/Images/ACR-167/Spyrix Refund Policy.png","200214/Spyrix-191025/11.4.6/Images/ACR-161/Spyrix Testimonials.png","200214/Spyrix-191025/11.4.6/Images/ACR-065/Spyrix EULA.png","200214/Spyrix-191025/11.4.6/Images/ACR-065/Spyrix About Page.png","200214/Spyrix-191025/11.4.6/Images/ACR-065/Spyrix Bottom of Internal Offers.png","200214/Spyrix-191025/11.4.6/Images/ACR-065/Spyrix Internal Offers Top.png"],"guid":"0028385f-ef94-4496-81c2-fc3792e5ca9a_11.4.6_1","appID":"Spyrix-191025","dateAdded":"240306","deceptorType":"App","name":"Spyrix Personal Monitor","company":"Spyrix Security Inc.","version":"11.4.6","sigName":"Deceptor:Win32/SpyrixStalkerware!007014048084086116","lastKnownStatus":"11.5.2;11.5.21;11.5.18;11.5.30;11.5.31;11.5.34;11.6.11;11.6.12;11.6.15","lastKnownDate":"240306","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 10,Windows 8,Windows 7","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Adults only","monetization":"up-sell to paid","lastUpdate":"2024-03-06T00:00:00+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":10,"sortOrder":707},{"violations":{"ACR-048":"The app requires a hotkey or password and is in a hidden folder, limiting the targeted consumer's ability to close, delete, disable, or uninstall the app.\n","ACR-007":"The app does not explicit notification to the targeted consumer when it is running. It also requires a hotkey and a password to open it.\n","ACR-084":"The app uses a hotkey and password to hide its presence.\n","ACR-086":"The app does not inform the targeted consumer how it collects data and it uses a hotkey and password to hide its presence.\n","ACR-097":"Before downloading the installer, the app site prompts the user to disable anti-virus and add “C:\\ProgramData\\Security Monitor” in the exclusion list in order to prevent detection.\n"},"nonDeceptorViolations":{"ACR-040":"The app installs itself in a hidden folder \"Program Data\".\n","ACR-065":"The install does not display links to the Returns and Cancellation Policy or the Privacy Policy. \nThe app does not display links to the EULA, the Returns and Cancellation Policy or the Privacy Policy. \n","ACR-002":"The App's version is not consistent between App interaction/Install and download site (version 11.5.21 vs version 11.5.15 ) The App's version is not consistent between App interaction and its install and download site.\nThe App's version is not consistent between App interaction/Install and download site (version 11.5.21 vs version 11.5.15 ) The App's version is not consistent between App interaction and its install and download site.\n","ACR-161":"The landing page displays unverifiable testimonials.\n","ACR-082":"The app enables the user to violate many laws.\n","ACR-099":"The app does not display links to uninstall information.\nThe landing page does not display links to uninstall information.\nThe internal offers page does not display links to uninstall information.\n","ACR-167":"The app only provides a 14-day refund policy and not a 30-day refund policy.\n"},"samples":[{"isRevoked":"False","fileName":"spm_setup.exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"a0f2a1aa1843c7d2437060e8d22114f0","hashSHA1":"d2fa5eeac406d2e09b584602ea1e640d67e92cae","hashSHA256":"0f64b96a096ead5a839a74c5e128842413c3b6f75904a212958234033bbc80c8","digitalCertThumbprint":"B22DB1A99D7724ABD190FB489A83D9FAFB76D631","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Clever Security Software Ltd, OU=Security, O=Clever Security Software Ltd, STREET=Chynoweth House, L=Blackwater, S=Truro, PostalCode=TR4 8UN, C=GB","sourceIndex":"2405","avBlockList":["360 Total Security (20240620)","Avast Premium Security (20240620)","AVG Internet Security (20240620)","Avira Internet Security (20240620)","Bitdefender Internet Security (20240620)","COMODO Antivirus (20240620)","Dr.Web Security Space (20240620)","ESET Internet Security (20240620)","G DATA INTERNET SECURITY (20240620)","K7 Total Security (20240620)","Kaspersky Internet Security (20240620)","Malwarebytes Premium (20240620)","McAfee Total Protection (20240620)","Norton Security (20240620)","Panda Dome (20240620)","Quick Heal Internet Security (20240620)","Sophos Home Premium (20240620)","SpyHunter5 (20240620)","Tencent PC Manager (20200716)","Total AV Antivirus Pro (20240620)","VIPRE Advanced Security (20240620)","VirIT eXplorer PRO (20240620)","Webroot SecureAnywhere (20240620)","Windows Defender (20240620)"],"avAllowList":["Trend Micro Internet Security (20240620)"]},{"isRevoked":"False","fileName":"spm.exe","fileVersion":"1.0","hashMD5":"4cc906dde7fbf9f081af4a3fb832d49d","hashSHA1":"91bc8db987ced68b3fe8a67abc0e903aade9af84","hashSHA256":"9049ffff2a4c73a0505f8c3fc062ffc0af3670bbc3f9b03ac4d9d464ac5cd9ab","digitalCertThumbprint":"B22DB1A99D7724ABD190FB489A83D9FAFB76D631","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Clever Security Software Ltd, OU=Security, O=Clever Security Software Ltd, STREET=Chynoweth House, L=Blackwater, S=Truro, PostalCode=TR4 8UN, C=GB","sourceIndex":"2405","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Google Search: keylogger","reference":"","landingPage":"http://www.spyrix.com/","directDownloadingLink":"https://securespyrix.com/download/spm/spm_setup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://securespyrix.com/download/spm/spm_setup.exe","sourceIndex":"2405"}],"sampleFiles":["200625/Spyrix-191025/11.5.21/Samples/spm_setup.exe","200625/Spyrix-191025/11.5.21/Samples/spm.exe"],"imageFiles":["200625/Spyrix-191025/11.5.21/Images/ACR-007/Spyrix Personal Monitor_Interaction [3].png","200625/Spyrix-191025/11.5.21/Images/ACR-084/Spyrix Personal Monitor_Interaction [3].png","200625/Spyrix-191025/11.5.21/Images/ACR-086/Spyrix Personal Monitor_Interaction [3].png","200625/Spyrix-191025/11.5.21/Images/ACR-086/Spyrix Personal Monitor_Install [7].png","200625/Spyrix-191025/11.5.21/Images/ACR-086/Spyrix Personal Monitor_Install [8].png","200625/Spyrix-191025/11.5.21/Images/ACR-086/Spyrix Personal Monitor_Install [10].png","200625/Spyrix-191025/11.5.21/Images/ACR-097/Spyrix Personal Monitor_Download [1].png","200625/Spyrix-191025/11.5.21/Images/ACR-097/Spyrix Personal Monitor_Download [2].png","200625/Spyrix-191025/11.5.21/Images/ACR-097/Spyrix Personal Monitor_Download [3].png","200625/Spyrix-191025/11.5.21/Images/ACR-097/Spyrix Personal Monitor_Download [4].png"],"nonDeceptorImageFiles":["200625/Spyrix-191025/11.5.21/Images/ACR-040/Spyrix Personal Monitor_Files [1].png","200625/Spyrix-191025/11.5.21/Images/ACR-040/Spyrix Personal Monitor_Files [2].png","200625/Spyrix-191025/11.5.21/Images/ACR-002/Spyrix Personal Monitor_Install [1]_.png","200625/Spyrix-191025/11.5.21/Images/ACR-002/Spyrix Personal Monitor_About [1]_ .png","200625/Spyrix-191025/11.5.21/Images/ACR-002/Spyrix Personal Monitor_Download [1]_.png","200625/Spyrix-191025/11.5.21/Images/ACR-099/Spyrix Personal Monitor_About [1].png","200625/Spyrix-191025/11.5.21/Images/ACR-099/Spyrix Personal Monitor_LandingPage [3].png","200625/Spyrix-191025/11.5.21/Images/ACR-099/Spyrix Personal Monitor_OfferPage [1].png","200625/Spyrix-191025/11.5.21/Images/ACR-099/Spyrix Personal Monitor_OfferPage [2].png","200625/Spyrix-191025/11.5.21/Images/ACR-099/Spyrix Personal Monitor_OfferPage[3].png","200625/Spyrix-191025/11.5.21/Images/ACR-082/Spyrix Personal Monitor_LandingPage [1].png","200625/Spyrix-191025/11.5.21/Images/ACR-167/Spyrix Personal Monitor_Refund [1].png","200625/Spyrix-191025/11.5.21/Images/ACR-161/Spyrix Personal Monitor_Testimonials [1].png","200625/Spyrix-191025/11.5.21/Images/ACR-065/Spyrix Personal Monitor_Install [1].png","200625/Spyrix-191025/11.5.21/Images/ACR-065/Spyrix Personal Monitor_Install [2].png","200625/Spyrix-191025/11.5.21/Images/ACR-065/Spyrix Personal Monitor_About [1].png"],"guid":"0028385f-ef94-4496-81c2-fc3792e5ca9a_11.5.21_1","appID":"Spyrix-191025","dateAdded":"240306","deceptorType":"App","name":"Spyrix Personal Monitor","company":"Spyrix Security Inc.","version":"11.5.21","sigName":"Deceptor:Win32/SpyrixPersonalMonitorStalkerware!048007084086097","lastKnownStatus":"11.5.2;11.5.21;11.5.18;11.5.30;11.5.31;11.5.34;11.6.11;11.6.12;11.6.15","lastKnownDate":"240306","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 10,Windows 8,Windows 7","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Adults only","monetization":"up-sell to paid,paid","lastUpdate":"2024-03-06T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":10,"sortOrder":705},{"violations":{"ACR-048":"The app enables the consumer to hide the app from the installed app list, which prevents it from being uninstalled easily.\n","ACR-007":"The app enables the consumer to hide it from the system tray, the desktop, and the installed apps list, which prevents the targeted consumer from being aware of the app's presence.\n","ACR-084":"The app enables the user to hide the app from the system tray, the desktop, and the installed program list.\n","ACR-086":"The app does not inform the targeted consumer who it is transmitting data to or what data it is collecting.\n","ACR-116":"The app enables the consumer to hide it from the installed apps list.\n","ACR-014":"App changes its name to \"System Component\" inside the task manager, which misleads the targeted consumer.\n"},"nonDeceptorViolations":{"ACR-065":"The install does not display links to the Returns and Cancellation Policy or the Privacy Policy.\nThe app does not display links to the EULA, the Returns and Cancellation Policy, or the Privacy Policy.\nThe internal offers page does not display links to the EULA, the Returns and Cancellation Policy, or the Privacy Policy.\n","ACR-161":"The landing page displays unverifiable testimonials.\n","ACR-082":"The app enables the user to violate many laws.\n","ACR-099":"The app does not display links to uninstall information.\nThe landing page does not display links to uninstall information.\nThe internal offers page does not display links to uninstall information.\n","ACR-167":"The app only provides a 14-day refund policy and not a 30-day refund policy.\n"},"samples":[{"isRevoked":"False","fileName":"spm_setup.exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"af69577344ace6203e4ab8a115274398","hashSHA1":"111aec260bcdc073f9e85a51fa2f9d55c05362fb","hashSHA256":"ac7e394345e8ed467ad2405bcbfe252b55262c9ca7fc1bd6042203d0e19e11ca","digitalCertThumbprint":"B22DB1A99D7724ABD190FB489A83D9FAFB76D631","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Clever Security Software Ltd, OU=Security, O=Clever Security Software Ltd, STREET=Chynoweth House, L=Blackwater, S=Truro, PostalCode=TR4 8UN, C=GB","sourceIndex":"2159","avBlockList":["360 Total Security (20240430)","Avast Premium Security (20240430)","AVG Internet Security (20240430)","Avira Internet Security (20240430)","Bitdefender Internet Security (20240430)","COMODO Antivirus (20240430)","Dr.Web Security Space (20240430)","ESET Internet Security (20240430)","G DATA INTERNET SECURITY (20240430)","K7 Total Security (20240430)","Kaspersky Internet Security (20240430)","Malwarebytes Premium (20240430)","McAfee Total Protection (20240430)","Norton Security (20240430)","Panda Dome (20240430)","Quick Heal Internet Security (20240430)","Sophos Home Premium (20240430)","SpyHunter5 (20240430)","Tencent PC Manager (20200930)","Total AV Antivirus Pro (20240430)","Trend Micro Internet Security (20240430)","VIPRE Advanced Security (20240430)","VirIT eXplorer PRO (20240430)","Webroot SecureAnywhere (20240430)","Windows Defender (20240430)"],"avAllowList":[]},{"isRevoked":"False","fileName":"spm.exe","fileVersion":"1.0","hashMD5":"5ead8963c374b1b9e882daf3b1dda020","hashSHA1":"f89266d5ab2c0eeb0b7d6afe3cc37f6fd61d63af","hashSHA256":"b4cf81c8a0f69e23ba164174ca1f1a4eaa7b57456b9e3c787b1c3f1d053b0028","digitalCertThumbprint":"B22DB1A99D7724ABD190FB489A83D9FAFB76D631","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Clever Security Software Ltd, OU=Security, O=Clever Security Software Ltd, STREET=Chynoweth House, L=Blackwater, S=Truro, PostalCode=TR4 8UN, C=GB","sourceIndex":"2159","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"Hunt.Search","landingPage":"http://www.spyrix.com/","directDownloadingLink":"secursprx.com/downloads/spm_setup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"secursprx.com/downloads/spm_setup.exe","sourceIndex":"2159"}],"sampleFiles":["200716/Spyrix-191025/11.5.18/Samples/spm_setup.exe","200716/Spyrix-191025/11.5.18/Samples/spm.exe"],"imageFiles":["200716/Spyrix-191025/11.5.18/Images/ACR-048/Spyrix Uninstall Attempt.png","200716/Spyrix-191025/11.5.18/Images/ACR-048/Spyrix Hide App Fixed.png","200716/Spyrix-191025/11.5.18/Images/ACR-048/Spyrix Hide App.png","200716/Spyrix-191025/11.5.18/Images/ACR-007/Spyrix Hide App Fixed.png","200716/Spyrix-191025/11.5.18/Images/ACR-007/Spyrix Hide App.png","200716/Spyrix-191025/11.5.18/Images/ACR-014/Spyrix Different Name System Component.png","200716/Spyrix-191025/11.5.18/Images/ACR-014/Spyrix Different Name System Component 2.png","200716/Spyrix-191025/11.5.18/Images/ACR-084/Spyrix Hide App Fixed.png","200716/Spyrix-191025/11.5.18/Images/ACR-084/Spyrix Hide App.png","200716/Spyrix-191025/11.5.18/Images/ACR-084/Spyrix Hide.png","200716/Spyrix-191025/11.5.18/Images/ACR-086/Spyrix Monitorinh.png","200716/Spyrix-191025/11.5.18/Images/ACR-086/Spyrix Hide App Fixed.png","200716/Spyrix-191025/11.5.18/Images/ACR-086/Spyrix Hide App.png","200716/Spyrix-191025/11.5.18/Images/ACR-086/Picture4.png","200716/Spyrix-191025/11.5.18/Images/ACR-116/Spyrix Uninstall Attempt.png","200716/Spyrix-191025/11.5.18/Images/ACR-116/Spyrix Hide App Fixed.png","200716/Spyrix-191025/11.5.18/Images/ACR-116/Spyrix Hide App.png"],"nonDeceptorImageFiles":["200716/Spyrix-191025/11.5.18/Images/ACR-099/Spyrix About Page.png","200716/Spyrix-191025/11.5.18/Images/ACR-099/Spyrix Bottom of Landing Page.png","200716/Spyrix-191025/11.5.18/Images/ACR-099/Spyrix Bottom of Internal Offers.png","200716/Spyrix-191025/11.5.18/Images/ACR-082/Spyrix Disclaimer.png","200716/Spyrix-191025/11.5.18/Images/ACR-082/Picture9.png","200716/Spyrix-191025/11.5.18/Images/ACR-167/Spyrix Refund Policy.png","200716/Spyrix-191025/11.5.18/Images/ACR-161/Spyrix Testimonials.png","200716/Spyrix-191025/11.5.18/Images/ACR-065/Spyrix EULA.png","200716/Spyrix-191025/11.5.18/Images/ACR-065/Spyrix About Page.png","200716/Spyrix-191025/11.5.18/Images/ACR-065/Spyrix Bottom of Internal Offers.png","200716/Spyrix-191025/11.5.18/Images/ACR-065/Spyrix Internal Offers Top.png"],"guid":"0028385f-ef94-4496-81c2-fc3792e5ca9a_11.5.18_1","appID":"Spyrix-191025","dateAdded":"240306","deceptorType":"App","name":"Spyrix Personal Monitor","company":"Spyrix Security Inc.","version":"11.5.18","sigName":"Deceptor:Win32/SpyrixPersonalMonitorStalkerware!048007014084086116","lastKnownStatus":"11.5.2;11.5.21;11.5.18;11.5.30;11.5.31;11.5.34;11.6.11;11.6.12;11.6.15","lastKnownDate":"240306","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 10,Windows 8,Windows 7","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Adults only","monetization":"up-sell to paid","lastUpdate":"2024-03-06T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":10,"sortOrder":704},{"violations":{"ACR-048":"The app enables the consumer to hide the app from the installed app list, which prevents it from being uninstalled easily.\nThe app requires a hotkey or password and is limiting the targeted consumer's ability to close, delete, disable, or uninstall the app.\n","ACR-007":"The app enables the consumer to hide it from the system tray, the desktop, and the installed apps list, which prevents the targeted consumer from being aware of the app's presence.\nThe app does not display explicit notification when it is running and requires a hotkey to open it.\n","ACR-084":"The app enables the user to hide the app from the system tray, the desktop, and the installed program list.\nThe app is installed in a hidden folder and requires a hotkey to open it.\n","ACR-086":"The app does not inform the targeted consumer who it is transmitting data to or what data it is collecting.\n","ACR-097":"Before downloading the installer, the app site prompts the user to disable anti-virus and add “C:\\ProgramData\\Security Monitor” in the exclusion list in order to prevent detection.\n","ACR-116":"The app enables the consumer to hide it from the installed apps list.\n"},"nonDeceptorViolations":{"ACR-040":"The app is installed in a hidden folder \"ProgramData\".\n","ACR-065":"The install does not display links to the Returns and Cancellation Policy or the Privacy Policy.\nThe app does not display links to the EULA or Terms of Service, the Returns and Cancellation Policy, or the Privacy Policy.\n","ACR-002":"The App's version is not consistent between App interaction, install and landing page\nThe App's version is not consistent between App interaction, install and landing page\nThe App's version is not consistent between App interaction, install and landing page\n","ACR-161":"The app’s landing page has testimonials that have no links back to a source so consumers can verify if they're real.\n","ACR-082":"The app enables the user to violate many laws.\n","ACR-099":"The app does not display links to uninstall information.\nThe landing page does not display links to uninstall information.\nThe internal offers page does not display links to uninstall information.\n","ACR-167":"The app only provides a 14-day refund policy and not a 30-day refund policy.\n","ACR-017":"The app elevates its consumer trust level by displaying unverifiable logos.\n"},"samples":[{"isRevoked":"False","fileName":"spm_setup.exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"39995882aadd829ee97bd2350dae353d","hashSHA1":"94b75b92ac0943e06c763c0541f17d5ca2a48578","hashSHA256":"c6d26fd894eee8af0228937b568da05d7c36234ae1475ae05c68fe501f72dc3d","digitalCertThumbprint":"B22DB1A99D7724ABD190FB489A83D9FAFB76D631","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Clever Security Software Ltd, OU=Security, O=Clever Security Software Ltd, STREET=Chynoweth House, L=Blackwater, S=Truro, PostalCode=TR4 8UN, C=GB","sourceIndex":"2039","avBlockList":["360 Total Security (20240314)","Avast Premium Security (20240314)","AVG Internet Security (20240314)","Avira Internet Security (20240314)","Bitdefender Internet Security (20240314)","COMODO Antivirus (20240314)","Dr.Web Security Space (20240314)","ESET Internet Security (20240314)","G DATA INTERNET SECURITY (20240314)","K7 Total Security (20240314)","Kaspersky Internet Security (20240314)","Malwarebytes Premium (20240314)","McAfee Total Protection (20240314)","Norton Security (20240314)","Panda Dome (20240314)","Quick Heal Internet Security (20240314)","Sophos Home Premium (20240314)","SpyHunter5 (20240314)","Tencent PC Manager (20210422)","Total AV Antivirus Pro (20240314)","VIPRE Advanced Security (20240314)","VirIT eXplorer PRO (20240314)","Webroot SecureAnywhere (20240314)","Windows Defender (20240314)"],"avAllowList":["Trend Micro Internet Security (20240314)"]},{"isRevoked":"False","fileName":"spm.exe","fileVersion":"1.0","hashMD5":"c464aea4012a07261023c8c6e9d17f10","hashSHA1":"499eee5ab0fd452ad14f8f8e496efad6d7bc52a5","hashSHA256":"fb08ed331e30e2a9c5ef94c9783ba86e94a63e4432f191b1682cd4dbfe8f4e78","digitalCertThumbprint":"B22DB1A99D7724ABD190FB489A83D9FAFB76D631","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Clever Security Software Ltd, OU=Security, O=Clever Security Software Ltd, STREET=Chynoweth House, L=Blackwater, S=Truro, PostalCode=TR4 8UN, C=GB","sourceIndex":"2039","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"spmm.exe","fileVersion":"0.0","hashMD5":"1092548233fa239a9e0387fbec69786b","hashSHA1":"0ccc198942579aa4cc4b35f6525fe321ff982609","hashSHA256":"9e9e0b0c3664b05f95d6605f7ea5e83395da0e0a40569fa2422c80561bacaf89","digitalCertThumbprint":"B22DB1A99D7724ABD190FB489A83D9FAFB76D631","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Clever Security Software Ltd, OU=Security, O=Clever Security Software Ltd, STREET=Chynoweth House, L=Blackwater, S=Truro, PostalCode=TR4 8UN, C=GB","sourceIndex":"2039","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"spr.exe","fileVersion":"0.0","hashMD5":"4412fe26f6afb61162d2e4d3ffbbca04","hashSHA1":"46af18811629c5035baf34e7f81e849da81454cf","hashSHA256":"22dd6f329fb0e0e54b18dde55441142af5d3a156ef20d5acf9aae325fa6ae2df","digitalCertThumbprint":"B22DB1A99D7724ABD190FB489A83D9FAFB76D631","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Clever Security Software Ltd, OU=Security, O=Clever Security Software Ltd, STREET=Chynoweth House, L=Blackwater, S=Truro, PostalCode=TR4 8UN, C=GB","sourceIndex":"2039","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"sps.exe","fileVersion":"1.0","hashMD5":"46392d0b1b8214086607a7c163f64d26","hashSHA1":"69bd340ce7c60f3273c34d26571925feaac836f6","hashSHA256":"dbc8900f9fa8081d75fc8fa60bc7897c2b8ddf75f2957dee0da33548ebfcce80","digitalCertThumbprint":"B22DB1A99D7724ABD190FB489A83D9FAFB76D631","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Clever Security Software Ltd, OU=Security, O=Clever Security Software Ltd, STREET=Chynoweth House, L=Blackwater, S=Truro, PostalCode=TR4 8UN, C=GB","sourceIndex":"2039","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"Hunt.Search","landingPage":"https://spyrix.app/spyrix-personal-monitor.php","directDownloadingLink":"https://wr-download.securespyrix.com/download/spm/spm_setup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://wr-download.securespyrix.com/download/spm/spm_setup.exe","sourceIndex":"2039"}],"sampleFiles":["201202/Spyrix-191025/11.5.30/Samples/spm_setup.exe","201202/Spyrix-191025/11.5.30/Samples/spm.exe","201202/Spyrix-191025/11.5.30/Samples/spmm.exe","201202/Spyrix-191025/11.5.30/Samples/spr.exe","201202/Spyrix-191025/11.5.30/Samples/sps.exe"],"imageFiles":["201202/Spyrix-191025/11.5.30/Images/ACR-048/Spyrix Personal Monitor_ControlPanel [1].png","201202/Spyrix-191025/11.5.30/Images/ACR-048/Spyrix Personal Monitor_Interactions [4].png","201202/Spyrix-191025/11.5.30/Images/ACR-048/Spyrix Personal Monitor_Interactions [23].png","201202/Spyrix-191025/11.5.30/Images/ACR-007/Spyrix Personal Monitor_Interactions [4].png","201202/Spyrix-191025/11.5.30/Images/ACR-007/Spyrix Personal Monitor_Interactions [23].png","201202/Spyrix-191025/11.5.30/Images/ACR-084/Spyrix Personal Monitor_Interactions [4].png","201202/Spyrix-191025/11.5.30/Images/ACR-084/Spyrix Personal Monitor_Interactions [23].png","201202/Spyrix-191025/11.5.30/Images/ACR-086/Spyrix Personal Monitor_Interactions [4].png","201202/Spyrix-191025/11.5.30/Images/ACR-086/Spyrix Personal Monitor_Interactions [6].png","201202/Spyrix-191025/11.5.30/Images/ACR-086/Spyrix Personal Monitor_Interactions [15].png","201202/Spyrix-191025/11.5.30/Images/ACR-097/Spyrix Personal Monitor_Download [1].png","201202/Spyrix-191025/11.5.30/Images/ACR-097/Spyrix Personal Monitor_Download [2].png","201202/Spyrix-191025/11.5.30/Images/ACR-097/Spyrix Personal Monitor_Download [3].png","201202/Spyrix-191025/11.5.30/Images/ACR-116/Spyrix Personal Monitor_Interactions [4].png","201202/Spyrix-191025/11.5.30/Images/ACR-116/Spyrix Personal Monitor_ControlPanel [1].png"],"nonDeceptorImageFiles":["201202/Spyrix-191025/11.5.30/Images/ACR-040/Spyrix Personal Monitor_Files [1].png","201202/Spyrix-191025/11.5.30/Images/ACR-040/Spyrix Personal Monitor_Files [2].png","201202/Spyrix-191025/11.5.30/Images/ACR-002/Spyrix Personal Monitor_About [1].png","201202/Spyrix-191025/11.5.30/Images/ACR-002/Spyrix Personal Monitor_Download [1].png","201202/Spyrix-191025/11.5.30/Images/ACR-002/Spyrix Personal Monitor_Install [1].png","201202/Spyrix-191025/11.5.30/Images/ACR-002/Spyrix Personal Monitor_About [1].png","201202/Spyrix-191025/11.5.30/Images/ACR-002/Spyrix Personal Monitor_Install [1].png","201202/Spyrix-191025/11.5.30/Images/ACR-002/Spyrix Personal Monitor_Download [1].png","201202/Spyrix-191025/11.5.30/Images/ACR-002/Spyrix Personal Monitor_Download [1].png","201202/Spyrix-191025/11.5.30/Images/ACR-002/Spyrix Personal Monitor_About [1].png","201202/Spyrix-191025/11.5.30/Images/ACR-002/Spyrix Personal Monitor_Install [1].png","201202/Spyrix-191025/11.5.30/Images/ACR-017/Spyrix Personal Monitor_LandingPage [4] Awards.png","201202/Spyrix-191025/11.5.30/Images/ACR-099/Spyrix Personal Monitor_About [1].png","201202/Spyrix-191025/11.5.30/Images/ACR-099/Spyrix Personal Monitor_LandingPage [1].png","201202/Spyrix-191025/11.5.30/Images/ACR-099/Spyrix Personal Monitor_OfferPage [1].png","201202/Spyrix-191025/11.5.30/Images/ACR-082/Spyrix Personal Monitor_LandingPage [3].png","201202/Spyrix-191025/11.5.30/Images/ACR-167/Spyrix _Return and refund policy.png","201202/Spyrix-191025/11.5.30/Images/ACR-161/Spyrix Personal Monitor_LandingPage [5] Testimonials.png","201202/Spyrix-191025/11.5.30/Images/ACR-065/Spyrix Personal Monitor_Install [1].png","201202/Spyrix-191025/11.5.30/Images/ACR-065/Spyrix Personal Monitor_Install [2].png","201202/Spyrix-191025/11.5.30/Images/ACR-065/Spyrix Personal Monitor_Install [3].png","201202/Spyrix-191025/11.5.30/Images/ACR-065/Spyrix Personal Monitor_Install [4].png","201202/Spyrix-191025/11.5.30/Images/ACR-065/Spyrix Personal Monitor_About [1].png"],"guid":"0028385f-ef94-4496-81c2-fc3792e5ca9a_11.5.30_1","appID":"Spyrix-191025","dateAdded":"240306","deceptorType":"App","name":"Spyrix Personal Monitor","company":"Spyrix Security Inc.","version":"11.5.30","sigName":"Deceptor:Win32/SpyrixPersonalMonitor!048007084086097116","lastKnownStatus":"11.5.2;11.5.21;11.5.18;11.5.30;11.5.31;11.5.34;11.6.11;11.6.12;11.6.15","lastKnownDate":"240306","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 10,Windows 8,Windows 7","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Adults only","monetization":"up-sell to paid","lastUpdate":"2024-03-06T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":10,"sortOrder":703},{"violations":{"ACR-048":"The app enables the consumer to hide the app from the installed app list, which prevents it from being uninstalled easily.\nThe app requires a hotkey or password and is limiting the targeted consumer's ability to close, delete, disable, or uninstall the app.\n","ACR-007":"The app enables the consumer to hide it from the system tray, the desktop, and the installed apps list, which prevents the targeted consumer from being aware of the app's presence. The  app does not display explicit notification when it is running and requires a hotkey and password to open it.\n","ACR-084":"The app enables the user to hide the app from the system tray, the desktop, and the installed program list. The app is installed in a hidden folder and requires a hotkey and password to open it.\n","ACR-086":"The app does not inform the targeted consumer who it is transmitting data to or what data it is collecting.\n","ACR-097":"Before downloading the installer, the app site prompts the user to disable anti-virus and add “C:\\ProgramData\\Security Monitor” in the exclusion list in order to prevent detection.\n","ACR-116":"The app enables the consumer to hide it from the installed apps list.\n"},"nonDeceptorViolations":{"ACR-040":"The app is installed in a hidden folder \"ProgramData\".\n","ACR-065":"The install does not display links to the Returns and Cancellation Policy or the Privacy Policy.\nThe app does not display links to the EULA or Terms of Service, the Returns and Cancellation Policy, or the Privacy Policy.\n","ACR-002":"The App's version is not consistent between App interaction, install and landing page\nThe App's version is not consistent between App interaction, install and landing page\nThe App's version is not consistent between App interaction, install and landing page\n","ACR-161":"The app’s landing page has testimonials that have no links back to a source so consumers can verify if they're real.\n","ACR-082":"The app enables the user to violate many laws.\n","ACR-099":"The app does not display links to uninstall information.\nThe landing page does not display links to uninstall information.\nThe internal offers page does not display links to uninstall information.\n","ACR-167":"The app only provides a 14-day refund policy and not a 30-day refund policy.\n","ACR-017":"The app elevates its consumer trust level by displaying unverifiable logos.\n"},"samples":[{"isRevoked":"False","fileName":"spm_setup.exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"04d16e2e04293d2d8fcbc9036ce2b087","hashSHA1":"3a7a91906dabc751e144a3a44ef968852c819f52","hashSHA256":"1cf8102b3420d6177de6b1b4c108ffded10df48e11cbf488d89e5d1cc4a36c6f","digitalCertThumbprint":"B22DB1A99D7724ABD190FB489A83D9FAFB76D631","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Clever Security Software Ltd, OU=Security, O=Clever Security Software Ltd, STREET=Chynoweth House, L=Blackwater, S=Truro, PostalCode=TR4 8UN, C=GB","sourceIndex":"1879","avBlockList":["360 Total Security (20210622)","Avast Premium Security (20210622)","AVG Internet Security (20210622)","Avira Internet Security (20210622)","Bitdefender Internet Security (20210622)","COMODO Antivirus (20210622)","Dr.Web Security Space (20210622)","ESET Internet Security (20210622)","G DATA INTERNET SECURITY (20210622)","K7 Total Security (20210622)","Kaspersky Internet Security (20210622)","Malwarebytes Premium (20210622)","McAfee Total Protection (20210622)","Norton Security (20210622)","Panda Dome (20210622)","Quick Heal Internet Security (20210622)","Sophos Home Premium (20210622)","SpyHunter5 (20210622)","Tencent PC Manager (20210622)","Total AV Antivirus Pro (20210622)","Trend Micro Internet Security (20210622)","VIPRE Advanced Security (20210622)","VirIT eXplorer PRO (20210622)","Webroot SecureAnywhere (20210622)","Windows Defender (20210622)"],"avAllowList":[]},{"isRevoked":"False","fileName":"spm.exe","fileVersion":"1.0","hashMD5":"be7d756fa94ed6907a05006658279b8e","hashSHA1":"7b0637a43a1e1ee36977bbe095396daf1a061440","hashSHA256":"c12882c564648fa35cca33acb1617c32022dc40b1e52c200de5e40a436212868","digitalCertThumbprint":"B22DB1A99D7724ABD190FB489A83D9FAFB76D631","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Clever Security Software Ltd, OU=Security, O=Clever Security Software Ltd, STREET=Chynoweth House, L=Blackwater, S=Truro, PostalCode=TR4 8UN, C=GB","sourceIndex":"1879","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"spmm.exe","fileVersion":"0.0","hashMD5":"2e223acf4da5a7569cefedaba4eb7d06","hashSHA1":"cc7c2b50c356ae0fffaee7005c09e73be295936d","hashSHA256":"89b9f3c7de1ab218227a3a041c2a3e5341336c51cd7f0c5eaf2ae72b90664a32","digitalCertThumbprint":"B22DB1A99D7724ABD190FB489A83D9FAFB76D631","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Clever Security Software Ltd, OU=Security, O=Clever Security Software Ltd, STREET=Chynoweth House, L=Blackwater, S=Truro, PostalCode=TR4 8UN, C=GB","sourceIndex":"1879","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"spm [2].exe","fileVersion":"1.0","hashMD5":"4d89b4976c079d8005b88eac7f732406","hashSHA1":"aefdbcedf1661cbdf8df6364f84af37804a0a567","hashSHA256":"6ffea446f07b9976d716d0234dd830a6bd1a5b627ca6d50d2efbe349dcdc9ac9","digitalCertThumbprint":"B22DB1A99D7724ABD190FB489A83D9FAFB76D631","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Clever Security Software Ltd, OU=Security, O=Clever Security Software Ltd, STREET=Chynoweth House, L=Blackwater, S=Truro, PostalCode=TR4 8UN, C=GB","sourceIndex":"1879","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"spm_setup [2].exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"768c934fc4d0da03b14943eb9a1afaf9","hashSHA1":"2b578a79b9a7ed64c29d49645fddb3bfddf17cd1","hashSHA256":"f3fa93e6941980a8571301433e3f40b12e93e13ead4c801f5104623b6b14ba01","digitalCertThumbprint":"B22DB1A99D7724ABD190FB489A83D9FAFB76D631","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Clever Security Software Ltd, OU=Security, O=Clever Security Software Ltd, STREET=Chynoweth House, L=Blackwater, S=Truro, PostalCode=TR4 8UN, C=GB","sourceIndex":"1879","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"spmm [2].exe","fileVersion":"0.0","hashMD5":"ad5ce0646fef47dd3cd912da30894310","hashSHA1":"1b75074424c22f7623376019684d3ead2698be1f","hashSHA256":"6a9335e18ff566f34b9d46fd19c5ae1229d159107cf28a2943e03799d309823e","digitalCertThumbprint":"B22DB1A99D7724ABD190FB489A83D9FAFB76D631","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Clever Security Software Ltd, OU=Security, O=Clever Security Software Ltd, STREET=Chynoweth House, L=Blackwater, S=Truro, PostalCode=TR4 8UN, C=GB","sourceIndex":"1879","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"Hunt.Search","landingPage":"https://spyrix.app/spyrix-personal-monitor.php","directDownloadingLink":"https://brhj-download.securespyrix.com/download/spm/spm_setup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://brhj-download.securespyrix.com/download/spm/spm_setup.exe","sourceIndex":"1879"}],"sampleFiles":["210627/Spyrix-191025/11.5.31/Samples/spm_setup.exe","210627/Spyrix-191025/11.5.31/Samples/spm.exe","210627/Spyrix-191025/11.5.31/Samples/spmm.exe","210627/Spyrix-191025/11.5.31/Samples/spm [2].exe","210627/Spyrix-191025/11.5.31/Samples/spm_setup [2].exe","210627/Spyrix-191025/11.5.31/Samples/spmm [2].exe"],"imageFiles":["210627/Spyrix-191025/11.5.31/Images/ACR-048/SpyrixPersonalMonitor_ControlPanel [2].png","210627/Spyrix-191025/11.5.31/Images/ACR-048/SpyrixPersonalMonitor_RunningProcess [1].png","210627/Spyrix-191025/11.5.31/Images/ACR-048/SpyrixPersonalMonitor_Interactions [4].png","210627/Spyrix-191025/11.5.31/Images/ACR-007/SpyrixPersonalMonitor_Interactions [4].png","210627/Spyrix-191025/11.5.31/Images/ACR-007/SpyrixPersonalMonitor_SettingWizard [4].png","210627/Spyrix-191025/11.5.31/Images/ACR-084/SpyrixPersonalMonitor_SettingWizard [4].png","210627/Spyrix-191025/11.5.31/Images/ACR-084/SpyrixPersonalMonitor_HiddenDirectory [1].png","210627/Spyrix-191025/11.5.31/Images/ACR-084/SpyrixPersonalMonitor_HiddenDirectory [2].png","210627/Spyrix-191025/11.5.31/Images/ACR-086/SpyrixPersonalMonitor_SettingWizard [6].png","210627/Spyrix-191025/11.5.31/Images/ACR-086/SpyrixPersonalMonitor_Interactions [2] EventLog.png","210627/Spyrix-191025/11.5.31/Images/ACR-086/SpyrixPersonalMonitor_Interactions [3].png","210627/Spyrix-191025/11.5.31/Images/ACR-086/SpyrixPersonalMonitor_Interactions [4].png","210627/Spyrix-191025/11.5.31/Images/ACR-097/SpyrixPersonalMonitor_LandingPage [2].png","210627/Spyrix-191025/11.5.31/Images/ACR-097/SpyrixPersonalMonitor_LandingPage [3].png","210627/Spyrix-191025/11.5.31/Images/ACR-097/SpyrixPersonalMonitor_LandingPage [4].png","210627/Spyrix-191025/11.5.31/Images/ACR-116/SpyrixPersonalMonitor_SettingWizard [4].png"],"nonDeceptorImageFiles":["210627/Spyrix-191025/11.5.31/Images/ACR-040/SpyrixPersonalMonitor_HiddenDirectory [1].png","210627/Spyrix-191025/11.5.31/Images/ACR-040/SpyrixPersonalMonitor_HiddenDirectory [2].png","210627/Spyrix-191025/11.5.31/Images/ACR-002/SpyrixPersonalMonitor_Install [1].png","210627/Spyrix-191025/11.5.31/Images/ACR-002/SpyrixPersonalMonitor_About [1].png","210627/Spyrix-191025/11.5.31/Images/ACR-002/SpyrixPersonalMonitor_LandingPage [2].png","210627/Spyrix-191025/11.5.31/Images/ACR-002/SpyrixPersonalMonitor_About [1].png","210627/Spyrix-191025/11.5.31/Images/ACR-002/SpyrixPersonalMonitor_Install [1].png","210627/Spyrix-191025/11.5.31/Images/ACR-002/SpyrixPersonalMonitor_LandingPage [2].png","210627/Spyrix-191025/11.5.31/Images/ACR-002/SpyrixPersonalMonitor_LandingPage [2].png","210627/Spyrix-191025/11.5.31/Images/ACR-002/SpyrixPersonalMonitor_Install [1].png","210627/Spyrix-191025/11.5.31/Images/ACR-002/SpyrixPersonalMonitor_About [1].png","210627/Spyrix-191025/11.5.31/Images/ACR-017/SpyrixPersonalMonitor_LandingPage [8].png","210627/Spyrix-191025/11.5.31/Images/ACR-099/SpyrixPersonalMonitor_About [1].png","210627/Spyrix-191025/11.5.31/Images/ACR-099/SpyrixPersonalMonitor_LandingPage [1_].png","210627/Spyrix-191025/11.5.31/Images/ACR-099/SpyrixPersonalMonitor_LandingPage [1].png","210627/Spyrix-191025/11.5.31/Images/ACR-099/SpyrixPersonalMonitor_OfferPage [1].png","210627/Spyrix-191025/11.5.31/Images/ACR-082/SpyrixPersonalMonitor_LandingPage [6].png","210627/Spyrix-191025/11.5.31/Images/ACR-167/SpyrixPersonalMonitor_RefundPolicy [1].png","210627/Spyrix-191025/11.5.31/Images/ACR-161/SpyrixPersonalMonitor_LandingPage [7].png","210627/Spyrix-191025/11.5.31/Images/ACR-065/SpyrixPersonalMonitor_Install [1].png","210627/Spyrix-191025/11.5.31/Images/ACR-065/SpyrixPersonalMonitor_Install [2].png","210627/Spyrix-191025/11.5.31/Images/ACR-065/SpyrixPersonalMonitor_Install [3].png","210627/Spyrix-191025/11.5.31/Images/ACR-065/SpyrixPersonalMonitor_Install [5].png","210627/Spyrix-191025/11.5.31/Images/ACR-065/SpyrixPersonalMonitor_About [1].png"],"guid":"0028385f-ef94-4496-81c2-fc3792e5ca9a_11.5.31_1","appID":"Spyrix-191025","dateAdded":"240306","deceptorType":"App","name":"Spyrix Personal Monitor","company":"Spyrix Security Inc.","version":"11.5.31","sigName":"Deceptor:Win32/SpyrixPersonalMonitorStalkerware!048007084086097116","lastKnownStatus":"11.5.2;11.5.21;11.5.18;11.5.30;11.5.31;11.5.34;11.6.11;11.6.12;11.6.15","lastKnownDate":"240306","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 10,Windows 8,Windows 7","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Adults only","monetization":"up-sell to paid","lastUpdate":"2024-03-06T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":10,"sortOrder":702},{"violations":{"ACR-048":"The app requires a hotkey or password and is limiting the targeted consumer's ability to close, delete, disable the app.\n","ACR-007":"The app enables the consumer to hide it from the system tray, the desktop, and the installed apps list, which prevents the targeted consumer from being aware of the app's presence. The  app does not display explicit notification when it is running and requires a hotkey and password to open it.\n","ACR-017":"The app elevates its consumer trust level by displaying unverifiable logos in the Internal offers page.\n","ACR-084":"The app enables the user to hide the app from the system tray, the desktop, and the installed program list. The app is installed in a hidden folder and requires a hotkey and password to open it.\n","ACR-086":"The app does not inform the targeted consumer who it is transmitting data to or what data it is collecting.\n","ACR-097":"Before downloading the installer, the app site prompts the user to disable anti-virus and add “C:\\ProgramData\\Security Monitor” in the exclusion list in order to prevent detection.\n","ACR-116":"The app enables the consumer to hide it from the installed apps list.\n"},"nonDeceptorViolations":{"ACR-040":"The app is installed in a hidden folder \"ProgramData\".\n","ACR-065":"The install does not display links to the Returns and Cancellation Policy or the Privacy Policy.\nThe app does not display links to the EULA or Terms of Service, the Returns and Cancellation Policy, or the Privacy Policy.\n","ACR-161":"The app’s landing page has testimonials that have no links back to a source so consumers can verify if they're real.\n","ACR-082":"The app enables the user to violate many laws.\n","ACR-099":"The app does not display links to uninstall information in the software.\nThe landing page does not display links to uninstall information.\nThe internal offers page does not display links to uninstall information.\n","ACR-167":"The app only provides a 14-day refund policy and not a 30-day refund policy.\n","ACR-017":"The app elevates its consumer trust level by displaying unverifiable logos in the landing page.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\ProgramData\\Security Monitor\\{89DF3612-BE12-A0A6-D34F-FD696F512FCB}\\spm.exe","companyName":"","productName":"Host application","productVersion":"1.0.11.5","fileVersion":"1.0.11.5","hashMD5":"e32a10e76938c3b20d773d6710fb6eab","hashSHA1":"a0619d56afc79ab42fc2900326f6e11768c985fb","hashSHA256":"c98f429b091a94b91a646df1919d2c6e652c0a4bcf3514498546119685448b07","digitalCertThumbprint":"B8C567E9BE421D196F0F932FEBE59975B451AF71","digitalCertIssuer":"Sectigo RSA Code Signing CA","digitalCertIssuedTo":"CLEVERCONTROL LLC","storeId":"","sourceIndex":"1777","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"spm_setup.exe","isInstaller":"True","companyName":"                                                            ","productName":"                                                            ","productVersion":"                                                  ","fileVersion":"                    ","hashMD5":"9bb949672658967c73998186548f9323","hashSHA1":"1ee8cdf672cb2d4bb9db9ed43dba196c56d71f48","hashSHA256":"98c3a651f83bcd685d70faf2b87acf0af47038786dba95e7ba0c13d0fcce98eb","digitalCertThumbprint":"B8C567E9BE421D196F0F932FEBE59975B451AF71","digitalCertIssuer":"Sectigo RSA Code Signing CA","digitalCertIssuedTo":"CLEVERCONTROL LLC","storeId":"","sourceIndex":"1777","avBlockList":["Avast Premium Security (20231003)","AVG Internet Security (20231003)","Avira Internet Security (20231003)","Bitdefender Internet Security (20231003)","Dr.Web Security Space (20231003)","ESET Internet Security (20231003)","G DATA INTERNET SECURITY (20231003)","K7 Total Security (20231003)","Kaspersky Internet Security (20231003)","Malwarebytes Premium (20231003)","McAfee Total Protection (20231003)","Norton Security (20231003)","Panda Dome (20231003)","Quick Heal Internet Security (20231003)","Sophos Home Premium (20231003)","SpyHunter5 (20231003)","Tencent PC Manager (20220106)","Total AV Antivirus Pro (20231003)","VIPRE Advanced Security (20231003)","VirIT eXplorer PRO (20231003)","Webroot SecureAnywhere (20231003)","Windows Defender (20231003)"],"avAllowList":["360 Total Security (20231003)","COMODO Antivirus (20231003)","Trend Micro Internet Security (20231003)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt on keyloggers","reference":"","landingPage":"https://www.spyrix.com/","directDownloadingLink":"https://spyrix.app/spm.html","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://spyrix.app/spm.html","sourceIndex":"1777"}],"sampleFiles":["211202/Spyrix-191025/11.5.34/Samples/spm_setup.exe"],"imageFiles":["211202/Spyrix-191025/11.5.34/Images/ACR-048/ACR-048_Software_Hotkeys_Used.JPG","211202/Spyrix-191025/11.5.34/Images/ACR-007/ACR-007_Software_False_Claims.JPG","211202/Spyrix-191025/11.5.34/Images/ACR-007/ACR-007_Software_False_Claims_1.JPG","211202/Spyrix-191025/11.5.34/Images/ACR-017/ACR-017_InternalOffers_Unverifiable_Logos.JPG","211202/Spyrix-191025/11.5.34/Images/ACR-084/ACR-084_Software_Hides.JPG","211202/Spyrix-191025/11.5.34/Images/ACR-084/ACR-084_Software_Hides_1.JPG","211202/Spyrix-191025/11.5.34/Images/ACR-084/ACR-084_Software_Hides_2.JPG","211202/Spyrix-191025/11.5.34/Images/ACR-086/ACR-086_Software_Transmits_Data.JPG","211202/Spyrix-191025/11.5.34/Images/ACR-086/ACR-086_Software_Transmits_Data_1.JPG","211202/Spyrix-191025/11.5.34/Images/ACR-086/ACR-086_Software_Transmits_Data_2.JPG","211202/Spyrix-191025/11.5.34/Images/ACR-086/ACR-086_Software_Transmits_Data_3.JPG","211202/Spyrix-191025/11.5.34/Images/ACR-097/ACR-097_Software_Evades_Security.JPG","211202/Spyrix-191025/11.5.34/Images/ACR-097/ACR-097_Software_Evades_Security_1.JPG","211202/Spyrix-191025/11.5.34/Images/ACR-097/ACR-097_Software_Evades_Security_2.JPG","211202/Spyrix-191025/11.5.34/Images/ACR-116/ACR-116_Uninstall_Hides_App.JPG"],"nonDeceptorImageFiles":["211202/Spyrix-191025/11.5.34/Images/ACR-040/ACR-040_Install_Hidden_Location.JPG","211202/Spyrix-191025/11.5.34/Images/ACR-040/ACR-040_Install_Hidden_Location_1.JPG","211202/Spyrix-191025/11.5.34/Images/ACR-017/ACR-017_LandingPage_Unverifiable_Logos.JPG","211202/Spyrix-191025/11.5.34/Images/ACR-099/ACR-099_Software_No_Uninstall_Information.jpg","211202/Spyrix-191025/11.5.34/Images/ACR-099/ACR-099_LandingPage_No_Uninstall_Information.JPG","211202/Spyrix-191025/11.5.34/Images/ACR-099/ACR-099_LandingPage_No_Uninstall_Information_1.JPG","211202/Spyrix-191025/11.5.34/Images/ACR-099/SpyrixPersonalMonitor_OfferPage [1].png","211202/Spyrix-191025/11.5.34/Images/ACR-082/ACR-082_Software_Violates_Laws.JPG","211202/Spyrix-191025/11.5.34/Images/ACR-167/ACR-167_Docs_Insufficient_Days_Refund.JPG","211202/Spyrix-191025/11.5.34/Images/ACR-161/ACR-161_LandingPage_Unverifiable_Testimonials.JPG","211202/Spyrix-191025/11.5.34/Images/ACR-065/ACR-065_Install_No_Docs_1.JPG","211202/Spyrix-191025/11.5.34/Images/ACR-065/ACR-065_Software_No_Docs.jpg"],"guid":"0028385f-ef94-4496-81c2-fc3792e5ca9a_11.5.34_1","appID":"Spyrix-191025","dateAdded":"240306","deceptorType":"App","name":"Spyrix Personal Monitor","company":"Spyrix Security Inc.","version":"11.5.34","lastKnownStatus":"11.5.2;11.5.21;11.5.18;11.5.30;11.5.31;11.5.34;11.6.11;11.6.12;11.6.15","lastKnownDate":"240306","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 10,Windows 8,Windows 7,Windows XP,Windows Vista","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2024-03-06T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":10,"sortOrder":701},{"violations":{"ACR-048":"The app requires a hotkey or password and is limiting the targeted consumer's ability to close, delete, disable the app.\n","ACR-007":"The app enables the consumer to hide it from the system tray, the desktop, and the installed apps list, which prevents the targeted consumer from being aware of the app's presence. The  app does not display explicit notification when it is running and requires a hotkey and password to open it.\n","ACR-017":"The app elevates its consumer trust level by displaying unverifiable logos in the Internal offers page.\n","ACR-084":"The app enables the user to hide the app from the system tray, the desktop, and the installed program list. The app is installed in a hidden folder and requires a hotkey and password to open it.\n","ACR-086":"The app does not inform the targeted consumer who it is transmitting data to or what data it is collecting.\n","ACR-097":"Before downloading the installer, the app site prompts the user to disable anti-virus and add “C:\\ProgramData\\Security Monitor” in the exclusion list in order to prevent detection.\n","ACR-116":"The app enables the consumer to hide it from the installed apps list.\n"},"nonDeceptorViolations":{"ACR-040":"The app is installed in a hidden folder \"ProgramData\".\n","ACR-082":"The app enables the user to violate many laws.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\ProgramData\\Security Monitor\\{89DF3612-BE12-A0A6-D34F-FD696F512FCB}\\spm.exe","companyName":"","productName":"Host application","productVersion":"1.0.11.6","fileVersion":"1.0.11.6","hashMD5":"9575f91d5d9f33cfc65c996d81d79f74","hashSHA1":"0c53b53b8a69fa4c6d6290cabc2286c2e9d7808b","hashSHA256":"62abc146d96fd11f0abbcab81088ccd0dae14b2d9d3839d6eeba928f85705491","digitalCertThumbprint":"4401F710FD4FD877A624BE3002FFA278BE291A61","digitalCertIssuer":"GlobalSign GCC R45 CodeSigning CA 2020","digitalCertIssuedTo":"CLEVERCONTROL LLC","storeId":"","sourceIndex":"1042","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\ProgramData\\Security Monitor\\{89DF3612-BE12-A0A6-D34F-FD696F512FCB}\\spmm.exe","companyName":"","productName":"","productVersion":"","fileVersion":"","hashMD5":"73d1cae3f76c3e5ac49517259c296f6b","hashSHA1":"1b3707731521219f53396882d3771ff349224766","hashSHA256":"743733666a6e8e34c38945a98887f158cee069d58afea0a32a7f0cf83e99971c","digitalCertThumbprint":"4401F710FD4FD877A624BE3002FFA278BE291A61","digitalCertIssuer":"GlobalSign GCC R45 CodeSigning CA 2020","digitalCertIssuedTo":"CLEVERCONTROL LLC","storeId":"","sourceIndex":"1042","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\ProgramData\\Security Monitor\\{89DF3612-BE12-A0A6-D34F-FD696F512FCB}\\spr.exe","companyName":"","productName":"","productVersion":"1.0.0.0","fileVersion":"1.0.0.0","hashMD5":"d6a7d0b6607f5285c2d10c4edd8ef7fd","hashSHA1":"41c97edc2a61400187132dccbbee35b29226dd43","hashSHA256":"d3ede5a421452e5d0dadadd1e8b782fdeeff801c85f93aec4cc5c75bf495c42b","digitalCertThumbprint":"4401F710FD4FD877A624BE3002FFA278BE291A61","digitalCertIssuer":"GlobalSign GCC R45 CodeSigning CA 2020","digitalCertIssuedTo":"CLEVERCONTROL LLC","storeId":"","sourceIndex":"1042","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\ProgramData\\Security Monitor\\{89DF3612-BE12-A0A6-D34F-FD696F512FCB}\\sps.exe","companyName":"","productName":"","productVersion":"1.0.0.0","fileVersion":"1.0.0.0","hashMD5":"b1b3e7ca32c8dcdf90b36671c0671936","hashSHA1":"014cbfca58a45227929bd9ee201ef4830ad153bd","hashSHA256":"07caf4b5090a1a198398acfbd7310709c4e62fc6f0ebb7bf10467e54991e7cb3","digitalCertThumbprint":"4401F710FD4FD877A624BE3002FFA278BE291A61","digitalCertIssuer":"GlobalSign GCC R45 CodeSigning CA 2020","digitalCertIssuedTo":"CLEVERCONTROL LLC","storeId":"","sourceIndex":"1042","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"spm_setup.exe","isInstaller":"True","companyName":"                                                            ","productName":"                                                            ","productVersion":"                                                  ","fileVersion":"                    ","hashMD5":"58525ad22dc425ce3ee11d1d34492f69","hashSHA1":"b679003bab7492cbb24f5cc274fca90d6c2f7b5c","hashSHA256":"51bfd8539a85e26a967ba19b47fc7576eda84550ccb737467df848e5c1915337","digitalCertThumbprint":"4401F710FD4FD877A624BE3002FFA278BE291A61","digitalCertIssuer":"GlobalSign GCC R45 CodeSigning CA 2020","digitalCertIssuedTo":"CLEVERCONTROL LLC","storeId":"","sourceIndex":"1042","avBlockList":["360 Total Security (20230829)","Avast Premium Security (20230829)","AVG Internet Security (20230829)","Avira Internet Security (20230829)","COMODO Antivirus (20230829)","Dr.Web Security Space (20230829)","ESET Internet Security (20230829)","G DATA INTERNET SECURITY (20230829)","K7 Total Security (20230829)","Kaspersky Internet Security (20230829)","Malwarebytes Premium (20230829)","McAfee Total Protection (20230829)","Norton Security (20230829)","Panda Dome (20230829)","Quick Heal Internet Security (20230829)","Sophos Home Premium (20230829)","SpyHunter5 (20230829)","Total AV Antivirus Pro (20230829)","Trend Micro Internet Security (20230829)","VirIT eXplorer PRO (20230829)","Webroot SecureAnywhere (20230829)"],"avAllowList":["Bitdefender Internet Security (20230829)","VIPRE Advanced Security (20230829)","Windows Defender (20230829)"]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on windows app","reference":"","landingPage":"https://www.spyrix.com/","directDownloadingLink":"https://spyrix.app/spm.html","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://spyrix.app/spm.html","sourceIndex":"1042"}],"sampleFiles":["230616/Spyrix-191025/11.6.11/Samples/spm_setup.exe"],"imageFiles":["230616/Spyrix-191025/11.6.11/Images/ACR-048/ACR-048.JPG","230616/Spyrix-191025/11.6.11/Images/ACR-048/ACR-048_1.JPG","230616/Spyrix-191025/11.6.11/Images/ACR-007/ACR-007.JPG","230616/Spyrix-191025/11.6.11/Images/ACR-007/ACR-007_1.JPG","230616/Spyrix-191025/11.6.11/Images/ACR-007/ACR-007_2.JPG","230616/Spyrix-191025/11.6.11/Images/ACR-017/ACR-017.JPG","230616/Spyrix-191025/11.6.11/Images/ACR-084/ACR-084_1.JPG","230616/Spyrix-191025/11.6.11/Images/ACR-084/ACR-084_2.JPG","230616/Spyrix-191025/11.6.11/Images/ACR-084/ACR-084_3.JPG","230616/Spyrix-191025/11.6.11/Images/ACR-084/ACR-084_4.JPG","230616/Spyrix-191025/11.6.11/Images/ACR-086/ACR-086.JPG","230616/Spyrix-191025/11.6.11/Images/ACR-086/ACR-086_1.JPG","230616/Spyrix-191025/11.6.11/Images/ACR-086/ACR-086_2.JPG","230616/Spyrix-191025/11.6.11/Images/ACR-086/ACR-086_3.JPG","230616/Spyrix-191025/11.6.11/Images/ACR-097/ACR-097.JPG","230616/Spyrix-191025/11.6.11/Images/ACR-097/ACR-097_1.JPG","230616/Spyrix-191025/11.6.11/Images/ACR-097/ACR-097_2.JPG","230616/Spyrix-191025/11.6.11/Images/ACR-097/ACR-097_3.JPG","230616/Spyrix-191025/11.6.11/Images/ACR-116/ACR-116.JPG"],"nonDeceptorImageFiles":["230616/Spyrix-191025/11.6.11/Images/ACR-040/ACR-040.JPG","230616/Spyrix-191025/11.6.11/Images/ACR-040/ACR-040_1.JPG","230616/Spyrix-191025/11.6.11/Images/ACR-082/ACR-082.JPG"],"guid":"0028385f-ef94-4496-81c2-fc3792e5ca9a_11.6.11_1","appID":"Spyrix-191025","dateAdded":"240306","deceptorType":"App","name":"Spyrix Personal Monitor","company":"Spyrix Security Inc.","version":"11.6.11","lastKnownStatus":"11.5.2;11.5.21;11.5.18;11.5.30;11.5.31;11.5.34;11.6.11;11.6.12;11.6.15","lastKnownDate":"240306","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 10,Windows 8,Windows 7,Windows XP,Windows Vista","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2026-05-12T23:00:05.6773812+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":10,"sortOrder":700},{"violations":{"ACR-048":"The app requires a hotkey or password and is limiting the targeted consumer's ability to close, delete, disable the app.\n","ACR-007":"The app enables the consumer to hide it from the system tray, the desktop, and the installed apps list, which prevents the targeted consumer from being aware of the app's presence. The  app does not display explicit notification when it is running and requires a hotkey and password to open it.\n","ACR-084":"The app enables the user to hide the app from the system tray, the desktop, and the installed program list. The app is installed in a hidden folder and requires a hotkey and password to open it.\n","ACR-086":"The app does not inform the targeted consumer who it is transmitting data to or what data it is collecting.\n","ACR-097":"Before downloading the installer, the app site prompts the user to disable anti-virus and add “C:\\ProgramData\\Security Monitor” in the exclusion list in order to prevent detection.\n","ACR-116":"The app enables the consumer to hide it from the installed apps list.\n"},"nonDeceptorViolations":{"ACR-040":"The app is installed in a hidden folder \"ProgramData\".\n","ACR-082":"The app enables the user to violate many laws.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Users\\All Users\\Security Monitor\\{78DDAC00-CE01-0AC2-C12A-7139DF1233AC}\\spmm.exe","companyName":"","productName":"","productVersion":"","fileVersion":"","hashMD5":"a32cd2d683786eee1d63cb986f786379","hashSHA1":"992039d9e8e00bd483d60b358240779b7323a804","hashSHA256":"ae27a86c890c4ee457e7ed1503b25acd46c30b6bcdf5f5a6e4dc60795420f398","digitalCertThumbprint":"4401F710FD4FD877A624BE3002FFA278BE291A61","digitalCertIssuer":"GlobalSign GCC R45 CodeSigning CA 2020","digitalCertIssuedTo":"CLEVERCONTROL LLC","storeId":"","sourceIndex":"883","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Users\\All Users\\Security Monitor\\{78DDAC00-CE01-0AC2-C12A-7139DF1233AC}\\spr.exe","companyName":"","productName":"","productVersion":"1.0.0.0","fileVersion":"1.0.0.0","hashMD5":"4730402560bcff83fba40e4a3557855c","hashSHA1":"2ec22bfe15218955610ea6f3b1bbd0e99a3d931c","hashSHA256":"9b630f4f133b0ec987c46bec76348597123d219fadf4a7f712d59a34892e338c","digitalCertThumbprint":"4401F710FD4FD877A624BE3002FFA278BE291A61","digitalCertIssuer":"GlobalSign GCC R45 CodeSigning CA 2020","digitalCertIssuedTo":"CLEVERCONTROL LLC","storeId":"","sourceIndex":"883","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Users\\All Users\\Security Monitor\\{78DDAC00-CE01-0AC2-C12A-7139DF1233AC}\\sps.exe","companyName":"","productName":"","productVersion":"1.0.0.0","fileVersion":"1.0.0.0","hashMD5":"d55dd0bad51d48c8d1c1f11cb46053d9","hashSHA1":"918911a96475c0aebd3db3621e434ac4e3a55b13","hashSHA256":"e7bc5835935b1967e3dec10e9b4db3bace0946807c48699e59cb0b033818de8c","digitalCertThumbprint":"4401F710FD4FD877A624BE3002FFA278BE291A61","digitalCertIssuer":"GlobalSign GCC R45 CodeSigning CA 2020","digitalCertIssuedTo":"CLEVERCONTROL LLC","storeId":"","sourceIndex":"883","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Users\\All Users\\Security Monitor\\{78DDAC00-CE01-0AC2-C12A-7139DF1233AC}\\sem.exe","companyName":"","productName":"Host application","productVersion":"1.0.11.6","fileVersion":"1.0.11.6","hashMD5":"2434c800b15e8c7cc717004b759f9c50","hashSHA1":"caee7a23cd54c67c8904df9332a5f7e087db4392","hashSHA256":"96b37f4c78a378921f44fee5e38df035126182f9354ae5c6d7fb816a0b3b819a","digitalCertThumbprint":"4401F710FD4FD877A624BE3002FFA278BE291A61","digitalCertIssuer":"GlobalSign GCC R45 CodeSigning CA 2020","digitalCertIssuedTo":"CLEVERCONTROL LLC","storeId":"","sourceIndex":"883","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"spyrixemployee.exe","isInstaller":"True","companyName":"                                                            ","productName":"                                                            ","productVersion":"                                                  ","fileVersion":"                    ","hashMD5":"6c13d14781e14c7de3c46d021af99641","hashSHA1":"01ac5edb2782aaedd089a76d8f940a3fb24359b4","hashSHA256":"a3d378181e22ede87c61a231a5716e1508561cd1e83b8ffce250463f9b688998","digitalCertThumbprint":"4401F710FD4FD877A624BE3002FFA278BE291A61","digitalCertIssuer":"GlobalSign GCC R45 CodeSigning CA 2020","digitalCertIssuedTo":"CLEVERCONTROL LLC","storeId":"","sourceIndex":"883","avBlockList":["360 Total Security (20231017)","Avast Premium Security (20231017)","AVG Internet Security (20231017)","Avira Internet Security (20231017)","COMODO Antivirus (20231017)","Dr.Web Security Space (20231017)","ESET Internet Security (20231017)","G DATA INTERNET SECURITY (20231017)","K7 Total Security (20231017)","Kaspersky Internet Security (20231017)","Malwarebytes Premium (20231017)","McAfee Total Protection (20231017)","Norton Security (20231017)","Panda Dome (20231017)","Sophos Home Premium (20231017)","SpyHunter5 (20231017)","Total AV Antivirus Pro (20231017)","VirIT eXplorer PRO (20231017)","Webroot SecureAnywhere (20231017)"],"avAllowList":["Bitdefender Internet Security (20231017)","Quick Heal Internet Security (20231017)","Trend Micro Internet Security (20231017)","VIPRE Advanced Security (20231017)","Windows Defender (20231017)"]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"Hunt.Search","landingPage":"http://www.spyrix.com/","directDownloadingLink":"https://spyrix.app/sem.html","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://spyrix.app/sem.html","sourceIndex":"883"}],"sampleFiles":["230929/Spyrix-191025/11.6.12/Samples/spyrixemployee.exe"],"imageFiles":["230929/Spyrix-191025/11.6.12/Images/ACR-048/ACR-048.JPG","230929/Spyrix-191025/11.6.12/Images/ACR-048/ACR-048_1.JPG","230929/Spyrix-191025/11.6.12/Images/ACR-007/ACR-007 (1).JPG","230929/Spyrix-191025/11.6.12/Images/ACR-007/ACR-007 (2).JPG","230929/Spyrix-191025/11.6.12/Images/ACR-007/ACR-007.JPG","230929/Spyrix-191025/11.6.12/Images/ACR-084/ACR-084 (1).JPG","230929/Spyrix-191025/11.6.12/Images/ACR-084/ACR-084 (2).JPG","230929/Spyrix-191025/11.6.12/Images/ACR-084/ACR-084_3.JPG","230929/Spyrix-191025/11.6.12/Images/ACR-086/ACR-086.JPG","230929/Spyrix-191025/11.6.12/Images/ACR-086/ACR-086_1.JPG","230929/Spyrix-191025/11.6.12/Images/ACR-086/ACR-086_2.JPG","230929/Spyrix-191025/11.6.12/Images/ACR-086/ACR-086_3.JPG","230929/Spyrix-191025/11.6.12/Images/ACR-097/ACR-097.JPG","230929/Spyrix-191025/11.6.12/Images/ACR-097/ACR-097 (1).JPG","230929/Spyrix-191025/11.6.12/Images/ACR-097/ACR-097 (2).JPG","230929/Spyrix-191025/11.6.12/Images/ACR-097/ACR-097 (3).JPG","230929/Spyrix-191025/11.6.12/Images/ACR-116/ACR-116.JPG"],"nonDeceptorImageFiles":["230929/Spyrix-191025/11.6.12/Images/ACR-040/ACR-040.JPG","230929/Spyrix-191025/11.6.12/Images/ACR-040/ACR-040_1.JPG","230929/Spyrix-191025/11.6.12/Images/ACR-082/ACR-082.JPG"],"guid":"0028385f-ef94-4496-81c2-fc3792e5ca9a_11.6.12_1","appID":"Spyrix-191025","dateAdded":"240306","deceptorType":"App","name":"Spyrix Personal Monitor","company":"Spyrix Security Inc.","version":"11.6.12","lastKnownStatus":"11.5.2;11.5.21;11.5.18;11.5.30;11.5.31;11.5.34;11.6.11;11.6.12;11.6.15","lastKnownDate":"240306","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 10,Windows 8,Windows 7,Windows XP,Windows Vista","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2026-05-12T23:00:01.093723+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":10,"sortOrder":699},{"violations":{"ACR-048":"The app enables the consumer to hide the app from the desktop and the control panel, which limits the targeted consumer's ability to control the app. The app uses a password to hide its presence\n","ACR-007":"The app enables the consumer to hide it from the desktop, and the installed apps list, which prevents the targeted consumer from being aware of the app's presence. The app does not display explicit notifications when it is running and requires a hotkey and password to open it.\n","ACR-084":"The app enables the user to hide the app from the desktop and the installed program list. The app is installed in a hidden folder and requires a hotkey and password to open it.\n","ACR-086":"The app does not inform the targeted consumer who it is transmitting its data to. The app does not inform the targeted consumer how it collects data and it uses a password to hide its presence.\n","ACR-097":"Before downloading the installer, the app site prompts the user to disable anti-virus and add “C:\\ProgramData\\Security Monitor” in the exclusion list in order to prevent detection.\n","ACR-116":"The app enables the consumer to hide it from the installed apps list.\n","ACR-014":"The app calls itself \"spm.exe” which is not related to the app's name.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"C:\\ProgramData\\Security Monitor\\{89DF3612-BE12-A0A6-D34F-FD696F512FCB}\\spm.exe","companyName":"","productName":"Host application","productVersion":"1.0.11.6","fileVersion":"1.0.11.6","hashMD5":"f69357018fea30c11b4d911181f82422","hashSHA1":"130d8104c4ff3cd880d60d90eff56f3ae8ca9228","hashSHA256":"d941a5f495eb430bdcd6e61dc28774c7d6b29bad62efb2134917a897145a6bf3","digitalCertThumbprint":"3808A26A7AA1A7F08944370EDD5149F514CF6B0F","digitalCertIssuer":"GlobalSign GCC R45 CodeSigning CA 2020","digitalCertIssuedTo":"CLEVERCONTROL LLC","storeId":"","sourceIndex":"721","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\ProgramData\\Security Monitor\\{89DF3612-BE12-A0A6-D34F-FD696F512FCB}\\spmm.exe","companyName":"","productName":"","productVersion":"","fileVersion":"","hashMD5":"cb40b842fe985b9d12292d7c4fac0c79","hashSHA1":"4158086c26f01e6e11296d48a862a66aae480694","hashSHA256":"4fd0abb9da27bed20b6960cc59f80747696fcfc19c98015d3d49b3d931f240e9","digitalCertThumbprint":"3808A26A7AA1A7F08944370EDD5149F514CF6B0F","digitalCertIssuer":"GlobalSign GCC R45 CodeSigning CA 2020","digitalCertIssuedTo":"CLEVERCONTROL LLC","storeId":"","sourceIndex":"721","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\ProgramData\\Security Monitor\\{89DF3612-BE12-A0A6-D34F-FD696F512FCB}\\spr.exe","companyName":"","productName":"","productVersion":"1.0.0.0","fileVersion":"1.0.0.0","hashMD5":"acdc0e6b5bcf9c07946166a690f5e4fe","hashSHA1":"6559c2fe9ea64e2e3fdf0f9fb7184ff6bc7c5f6d","hashSHA256":"9eaf3509a28643909f13a955bc3ffa89b267b4042cbd6b7c55181327eb139eb8","digitalCertThumbprint":"3808A26A7AA1A7F08944370EDD5149F514CF6B0F","digitalCertIssuer":"GlobalSign GCC R45 CodeSigning CA 2020","digitalCertIssuedTo":"CLEVERCONTROL LLC","storeId":"","sourceIndex":"721","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\ProgramData\\Security Monitor\\{89DF3612-BE12-A0A6-D34F-FD696F512FCB}\\sps.exe","companyName":"","productName":"","productVersion":"1.0.0.0","fileVersion":"1.0.0.0","hashMD5":"6e5251d042411c7d38f5dc1b6a660215","hashSHA1":"41b3863f06d8c5573ac89e79e25c98a1c3d6df92","hashSHA256":"8d21926c20c30d8b68e2a3802e1589b24678d24a638fda04549828a330a41a3c","digitalCertThumbprint":"3808A26A7AA1A7F08944370EDD5149F514CF6B0F","digitalCertIssuer":"GlobalSign GCC R45 CodeSigning CA 2020","digitalCertIssuedTo":"CLEVERCONTROL LLC","storeId":"","sourceIndex":"721","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"spm_setup.exe","isInstaller":"True","companyName":"                                                            ","productName":"                                                            ","productVersion":"                                                  ","fileVersion":"                    ","hashMD5":"fc35ff9a236230b0abc1a449286e97c9","hashSHA1":"1812414a94983763c459245174aecea6194648d4","hashSHA256":"97a9eeb8d3f3ef69f8929b140a3a728759da382fa9c23f337d3553ef694a707b","digitalCertThumbprint":"3808A26A7AA1A7F08944370EDD5149F514CF6B0F","digitalCertIssuer":"GlobalSign GCC R45 CodeSigning CA 2020","digitalCertIssuedTo":"CLEVERCONTROL LLC","storeId":"","sourceIndex":"721","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on windows app","reference":"Hunt.Search","landingPage":"https://www.spyrix.com/","directDownloadingLink":"https://spyrix.app/spm.html","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://spyrix.app/spm.html","sourceIndex":"721"}],"sampleFiles":["240306/Spyrix-191025/11.6.15/Samples/spm_setup.exe"],"imageFiles":["240306/Spyrix-191025/11.6.15/Images/ACR-048/ACR-048_1.PNG","240306/Spyrix-191025/11.6.15/Images/ACR-048/ACR-048_2.PNG","240306/Spyrix-191025/11.6.15/Images/ACR-048/ACR-048_3.PNG","240306/Spyrix-191025/11.6.15/Images/ACR-048/ACR-048_4.PNG","240306/Spyrix-191025/11.6.15/Images/ACR-007/ACR-007.PNG","240306/Spyrix-191025/11.6.15/Images/ACR-007/ACR-007_1.PNG","240306/Spyrix-191025/11.6.15/Images/ACR-007/ACR-007_2.PNG","240306/Spyrix-191025/11.6.15/Images/ACR-007/ACR-007_3.PNG","240306/Spyrix-191025/11.6.15/Images/ACR-014/ACR-014.PNG","240306/Spyrix-191025/11.6.15/Images/ACR-084/ACR-084.PNG","240306/Spyrix-191025/11.6.15/Images/ACR-084/ACR-084_1.PNG","240306/Spyrix-191025/11.6.15/Images/ACR-084/ACR-084_2.PNG","240306/Spyrix-191025/11.6.15/Images/ACR-084/ACR-084_3.PNG","240306/Spyrix-191025/11.6.15/Images/ACR-084/ACR-084_4.PNG","240306/Spyrix-191025/11.6.15/Images/ACR-084/ACR-084_5.PNG","240306/Spyrix-191025/11.6.15/Images/ACR-086/ACR-086.PNG","240306/Spyrix-191025/11.6.15/Images/ACR-086/ACR-086_1.PNG","240306/Spyrix-191025/11.6.15/Images/ACR-086/ACR-086_2.PNG","240306/Spyrix-191025/11.6.15/Images/ACR-097/ACR-097.PNG","240306/Spyrix-191025/11.6.15/Images/ACR-097/ACR-097_1.PNG","240306/Spyrix-191025/11.6.15/Images/ACR-097/ACR-097_2.PNG","240306/Spyrix-191025/11.6.15/Images/ACR-097/ACR-097_3.PNG","240306/Spyrix-191025/11.6.15/Images/ACR-116/ACR-116.PNG"],"nonDeceptorImageFiles":[],"guid":"0028385f-ef94-4496-81c2-fc3792e5ca9a_11.6.15_1","appID":"Spyrix-191025","dateAdded":"240306","deceptorType":"App","name":"Spyrix Personal Monitor","company":"Spyrix Security Inc.","version":"11.6.15","lastKnownStatus":"11.5.2;11.5.21;11.5.18;11.5.30;11.5.31;11.5.34;11.6.11;11.6.12;11.6.15","lastKnownDate":"240306","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 10,Windows 8,Windows 7,Windows XP,Windows Vista","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2026-05-12T22:59:56.7800161+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":10,"sortOrder":698},{"violations":{"ACR-042":"Third-party components \"TAP Driver Windows\", \"Open VPN\" and \"Wintun\" are dropped without any disclosure.\n","ACR-043":"1. Third-party components \"TAP Driver Windows\", \"Open VPN\" and \"Wintun\" are dropped without any disclosure.\n2. The \"WhitehatVPN\" components get dropped in one click without asking the user's permission and disclosing the installation path.\n","ACR-107":"The app does not obtain any authorization for using third-party components: \"TAP Driver Windows\", \"Open VPN\" and \"Wintun\" \n","ACR-048":"The app does not provide any control to close the app completely and remove its background processes within the app's settings.\n","ACR-003":"The app displays misleading status \"Your IP is Unprotected\" when VPN connection is turned off. Although system has another VPN service is running.\n","ACR-007":"The app does not obtain explicit user consent to reduce the consumer's security posture caused by sharing IP/network connection for sharing internet resources.\n","ACR-084":"On closing the app, all the processes run silently in the background, hiding the fact that it is active from the consumer and may record the system's Usage Data and metrics including IP. \n","ACR-014":"The application presents misleading status even when the system has a VPN program already installed.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"C:\\Users\\User\\AppData\\Roaming\\HIGH SPEED RABBIT LIMITED\\WhitehatVPN\\WhitehatData.exe","companyName":"HIGH SPEED WHITEHAT LIMITED","productName":"WhitehatData","productVersion":"1.22.11.26","fileVersion":"1.22.11.26","hashMD5":"637b95d94a9e2449a013c2a5cdc7ec22","hashSHA1":"082ca6140c32bc994ab9b2682c8fe4b073e0f905","hashSHA256":"122fac0b0d282d446ac08f9a6c579d7563b3651736b1921d8590a0a9bb37ab3f","digitalCertThumbprint":"B1476909A9370074A35F2D3E3906E7BC8859FEAB","digitalCertIssuer":"WoTrus Code Signing 2021 CA","digitalCertIssuedTo":"HIGH SPEED RABBIT LIMITED","storeId":"","sourceIndex":"1037","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Users\\User\\AppData\\Roaming\\HIGH SPEED RABBIT LIMITED\\WhitehatVPN\\WhitehatVPN.exe","companyName":"HIGH SPEED WHITEHAT LIMITED","productName":"WhitehatVPN","productVersion":"1.22.11.29","fileVersion":"1.22.11.29","hashMD5":"6f21c4dcbf9d4f064f14c1f8b817d05e","hashSHA1":"7ecb8656def9bb1ea99807ceeda17ee0a5ed2c7d","hashSHA256":"7d269744a6d66e72a07a9c2febd9797533d704822dab9dcf395db0c464584f14","digitalCertThumbprint":"B1476909A9370074A35F2D3E3906E7BC8859FEAB","digitalCertIssuer":"WoTrus Code Signing 2021 CA","digitalCertIssuedTo":"HIGH SPEED RABBIT LIMITED","storeId":"","sourceIndex":"1037","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"WhiteHatVPN1_22_11_28_3.exe","isInstaller":"True","companyName":"HIGH SPEED RABBIT LIMITED","productName":"WhitehatVPN","productVersion":"1.22.11.29","fileVersion":"1.22.11.29","hashMD5":"f1e36e3d780827c818b5426dba6931bd","hashSHA1":"6942b2441c0fb33efafb870fec8ca4fd4ee5a234","hashSHA256":"e73d723bdb32ae7d4a86ed55fa581a9717a335111cfa60ce2edd221da5229a32","digitalCertThumbprint":"B1476909A9370074A35F2D3E3906E7BC8859FEAB","digitalCertIssuer":"WoTrus Code Signing 2021 CA","digitalCertIssuedTo":"HIGH SPEED RABBIT LIMITED","storeId":"","sourceIndex":"1037","avBlockList":["360 Total Security (20240716)","Avast Premium Security (20240716)","AVG Internet Security (20240716)","Avira Internet Security (20240716)","ESET Internet Security (20240716)","G DATA INTERNET SECURITY (20240716)","K7 Total Security (20240716)","Kaspersky Internet Security (20240716)","Malwarebytes Premium (20240716)","McAfee Total Protection (20240716)","Norton Security (20240716)","Panda Dome (20240716)","Quick Heal Internet Security (20240716)","Sophos Home Premium (20240716)","SpyHunter5 (20240716)","Total AV Antivirus Pro (20240716)","VirIT eXplorer PRO (20240716)","Webroot SecureAnywhere (20240716)","Windows Defender (20240716)","FortectPremium (20240716)"],"avAllowList":["Bitdefender Internet Security (20240716)","COMODO Antivirus (20240716)","Dr.Web Security Space (20240716)","Trend Micro Internet Security (20240716)","VIPRE Advanced Security (20240716)"]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on windows app","reference":"","landingPage":"https://www.whitehatvpn.com/","directDownloadingLink":"https://www.whitehatvpn.com/download.html","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.whitehatvpn.com/download.html","sourceIndex":"1037"}],"sampleFiles":["230622/WhitehatVPN-221212/1.22.11.29/Samples/WhiteHatVPN1_22_11_28_3.exe"],"imageFiles":["230622/WhitehatVPN-221212/1.22.11.29/Images/ACR-043/ACR-043.JPG","230622/WhitehatVPN-221212/1.22.11.29/Images/ACR-043/ACR-043_1.JPG","230622/WhitehatVPN-221212/1.22.11.29/Images/ACR-043/ACR-043_2.JPG","230622/WhitehatVPN-221212/1.22.11.29/Images/ACR-043/ACR-043_3.JPG","230622/WhitehatVPN-221212/1.22.11.29/Images/ACR-107/ACR-107.JPG","230622/WhitehatVPN-221212/1.22.11.29/Images/ACR-107/ACR-107_1.JPG","230622/WhitehatVPN-221212/1.22.11.29/Images/ACR-107/ACR-107_2.JPG","230622/WhitehatVPN-221212/1.22.11.29/Images/ACR-042/ACR-042.JPG","230622/WhitehatVPN-221212/1.22.11.29/Images/ACR-042/ACR-042_1.JPG","230622/WhitehatVPN-221212/1.22.11.29/Images/ACR-042/ACR-042_2.JPG","230622/WhitehatVPN-221212/1.22.11.29/Images/ACR-007/ACR-007.JPG","230622/WhitehatVPN-221212/1.22.11.29/Images/ACR-007/ACR-007_1.JPG","230622/WhitehatVPN-221212/1.22.11.29/Images/ACR-084/ACR-084.JPG","230622/WhitehatVPN-221212/1.22.11.29/Images/ACR-084/ACR-084_1.JPG","230622/WhitehatVPN-221212/1.22.11.29/Images/ACR-084/ACR-084_2.JPG","230622/WhitehatVPN-221212/1.22.11.29/Images/ACR-048/ACR-048.JPG","230622/WhitehatVPN-221212/1.22.11.29/Images/ACR-048/ACR-048_1.JPG","230622/WhitehatVPN-221212/1.22.11.29/Images/ACR-003/ACR-003.JPG","230622/WhitehatVPN-221212/1.22.11.29/Images/ACR-014/ACR-014.JPG"],"nonDeceptorImageFiles":[],"guid":"97b0746f-3293-4194-bb87-96b87bede060_1.22.11.29_1","appID":"WhitehatVPN-221212","dateAdded":"240301","deceptorType":"App","name":"WhiteHat VPN","company":"HIGH SPEED RABBIT LIMITED","version":"1.22.11.29","lastKnownStatus":"1.22.12.9;1.23.1.6;1.22.11.29;1.23.0.15;1.22.11.28;1.24.1.11","lastKnownDate":"240301","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"none","lastUpdate":"2024-03-01T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":6,"sortOrder":712},{"violations":{"ACR-109":"The application silently installs the app \"TAP Driver Windows\" before the user chose and agrees to install or without disclosing the relationship to the app during installation.\n","ACR-042":"1. The application silently installs the app \"TAP Driver Windows\" without disclosing the relationship to the app during installation. \n2. Third-party components \"Open VPN\" and \"Wintun\" are installed without any disclosure. \n","ACR-043":"1. The application silently installs the app \"TAP Driver Windows\" without disclosing the relationship to the app during installation. \n2. Third-party components \"Open VPN\" and \"Wintun\" are installed without any disclosure.\n3. The \"WhitehatVPN\" components get dropped in one click without asking the user's permission and disclosing the installation path\n","ACR-107":"The app does not obtain any authorization for using third-party components: Open VPN and Wintun. \n","ACR-048":"The app does not provide any control to remove the startup and close the app completely and remove its background processes within the app's settings.\n","ACR-003":"The app displays misleading status \"Your IP is Unprotected\" when VPN connection is turned off. Although system has another VPN service is running.\n","ACR-007":"The app does not obtain explicit user consent to reduce the consumer's security posture caused by sharing IP/network connection for sharing internet resources.\n","ACR-084":"1. The app creates undisclosed startup items to perform actions without the consumer's knowledge and consent.\n2. On closing the app, all the processes run silently in the background, hiding the fact that it is active from the consumer and may record the system's Usage Data and metrics including IP. \n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components on the device without the consumer's consent.\n","ACR-014":"The application presents misleading status even when the system has a VPN program already installed and running\n","ACR-039":"The app silently installs Tap windows program without disclosing the relationship to the app during installation. \n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\HIGH SPEED RABBIT LIMITE\\WhitehatVPN\\WhitehatVPN.exe","companyName":"HIGH SPEED WHITEHAT LIMITED","productName":"WhitehatVPN","productVersion":"1.23.06.25","fileVersion":"1.23.6.25","hashMD5":"a14ce514e33f3e5d2af6fe5a9e88c04a","hashSHA1":"ba93f963b4542f0d8d8c21e9a814b6ea8facef81","hashSHA256":"c63c655e695b27fa4999d277504048516ed1d91d67316255970bae6f3f53efeb","digitalCertThumbprint":"B1476909A9370074A35F2D3E3906E7BC8859FEAB","digitalCertIssuer":"WoTrus Code Signing 2021 CA","digitalCertIssuedTo":"HIGH SPEED RABBIT LIMITED","storeId":"","sourceIndex":"1014","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"whitehatvpn230615.exe","isInstaller":"True","companyName":"HIGH SPEED RABBIT LIMITE","productName":"WhitehatVPN","productVersion":"1.23.0.15","fileVersion":"1.23.0.15","hashMD5":"09dc312570dcb4b40721e972d00f9005","hashSHA1":"442dfd645c81b6a4fb26c8847b0db0a01ba04f5d","hashSHA256":"e535d87e7584d5d1636df18a860978dbd6cf8178b109636659dcf893cb34c095","digitalCertThumbprint":"B1476909A9370074A35F2D3E3906E7BC8859FEAB","digitalCertIssuer":"WoTrus Code Signing 2021 CA","digitalCertIssuedTo":"HIGH SPEED RABBIT LIMITED","storeId":"","sourceIndex":"1014","avBlockList":["360 Total Security (20230817)","Avast Premium Security (20230817)","AVG Internet Security (20230817)","Avira Internet Security (20230817)","Bitdefender Internet Security (20230817)","COMODO Antivirus (20230817)","ESET Internet Security (20230817)","G DATA INTERNET SECURITY (20230817)","K7 Total Security (20230817)","Kaspersky Internet Security (20230817)","Malwarebytes Premium (20230817)","McAfee Total Protection (20230817)","Norton Security (20230817)","Panda Dome (20230817)","Quick Heal Internet Security (20230817)","Sophos Home Premium (20230817)","SpyHunter5 (20230817)","Total AV Antivirus Pro (20230817)","VIPRE Advanced Security (20230817)","VirIT eXplorer PRO (20230817)","Webroot SecureAnywhere (20230817)","Windows Defender (20230817)"],"avAllowList":["Dr.Web Security Space (20230817)","Trend Micro Internet Security (20230817)"]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on windows app","reference":"","landingPage":"https://www.whitehatvpn.com","directDownloadingLink":"https://www.whitehatvpn.com/download.html","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.whitehatvpn.com/download.html","sourceIndex":"1014"}],"sampleFiles":["230706/WhitehatVPN-221212/1.23.0.15/Samples/whitehatvpn230615.exe"],"imageFiles":["230706/WhitehatVPN-221212/1.23.0.15/Images/ACR-109/ACR-109.JPG","230706/WhitehatVPN-221212/1.23.0.15/Images/ACR-109/ACR-109_1.JPG","230706/WhitehatVPN-221212/1.23.0.15/Images/ACR-039/ACR-039.JPG","230706/WhitehatVPN-221212/1.23.0.15/Images/ACR-039/ACR-039_1.JPG","230706/WhitehatVPN-221212/1.23.0.15/Images/ACR-043/ACR-043.JPG","230706/WhitehatVPN-221212/1.23.0.15/Images/ACR-043/ACR-043_1.JPG","230706/WhitehatVPN-221212/1.23.0.15/Images/ACR-043/ACR-043_2.JPG","230706/WhitehatVPN-221212/1.23.0.15/Images/ACR-043/ACR-043_3.JPG","230706/WhitehatVPN-221212/1.23.0.15/Images/ACR-107/ACR-107.JPG","230706/WhitehatVPN-221212/1.23.0.15/Images/ACR-107/ACR-107_1.JPG","230706/WhitehatVPN-221212/1.23.0.15/Images/ACR-042/ACR-042.JPG","230706/WhitehatVPN-221212/1.23.0.15/Images/ACR-042/ACR-042_1.JPG","230706/WhitehatVPN-221212/1.23.0.15/Images/ACR-042/ACR-042_2.JPG","230706/WhitehatVPN-221212/1.23.0.15/Images/ACR-007/ACR-007.JPG","230706/WhitehatVPN-221212/1.23.0.15/Images/ACR-007/ACR-007_1.JPG","230706/WhitehatVPN-221212/1.23.0.15/Images/ACR-084/ACR-084.JPG","230706/WhitehatVPN-221212/1.23.0.15/Images/ACR-084/ACR-084_1.JPG","230706/WhitehatVPN-221212/1.23.0.15/Images/ACR-084/ACR-084_2.JPG","230706/WhitehatVPN-221212/1.23.0.15/Images/ACR-084/ACR-084_3.JPG","230706/WhitehatVPN-221212/1.23.0.15/Images/ACR-048/ACR-048.JPG","230706/WhitehatVPN-221212/1.23.0.15/Images/ACR-048/ACR-048_1.JPG","230706/WhitehatVPN-221212/1.23.0.15/Images/ACR-048/ACR-048_2.JPG","230706/WhitehatVPN-221212/1.23.0.15/Images/ACR-003/ACR-003.JPG","230706/WhitehatVPN-221212/1.23.0.15/Images/ACR-014/ACR-014.JPG","230706/WhitehatVPN-221212/1.23.0.15/Images/ACR-118/ACR-118.JPG"],"nonDeceptorImageFiles":[],"guid":"97b0746f-3293-4194-bb87-96b87bede060_1.23.0.15_1","appID":"WhitehatVPN-221212","dateAdded":"240301","deceptorType":"App","name":"WhiteHat VPN","company":"HIGH SPEED RABBIT LIMITED","version":"1.23.0.15","lastKnownStatus":"1.22.12.9;1.23.1.6;1.22.11.29;1.23.0.15;1.22.11.28;1.24.1.11","lastKnownDate":"240301","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"none","lastUpdate":"2024-03-01T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":6,"sortOrder":711},{"violations":{"ACR-109":"The application silently installs the app \"TAP Driver Windows\" before the user chose and agrees to install or without disclosing the relationship to the app during installation.\n","ACR-042":"1. The application silently installs the app \"TAP Driver Windows\" without disclosing the relationship to the app during installation. \n2. Third-party components \"Open VPN\" and \"Wintun\" are installed without any disclosure. \n3. The \"WhitehatVPN\" components get dropped in one click without asking the user's permission and disclosing the installation path\n","ACR-043":"1. The application silently installs the app \"TAP Driver Windows\" without disclosing the relationship to the app during installation. \n2. Third-party components \"Open VPN\" and \"Wintun\" are installed without any disclosure.\n\n","ACR-107":"The app does not obtain any authorization for using third-party components: Open VPN and Wintun. \n","ACR-048":"The app does not provide any control to close the app completely and remove its background processes within the app's settings.\n","ACR-003":"The app displays misleading status \"Your IP is Unprotected\" when VPN connection is turned off. Although system has another VPN service is running.\n","ACR-007":"The app does not obtain explicit user consent to reduce the consumer's security posture caused by sharing IP/network connection for sharing internet resources.\n","ACR-084":"On closing the app, all the processes run silently in the background, hiding the fact that it is active from the consumer and may record the system's Usage Data and metrics including IP. \n","ACR-117":"The app attempts to conceal the Uninstall button at Uninstall.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components on the device without the consumer's consent.\n","ACR-119":"The app retains its monetization components after uninstall.\n","ACR-014":"The application presents misleading status even when the system has a VPN program already installed and running\n","ACR-039":"The app silently installs Tap windows program without disclosing the relationship to the app during installation. \n","ACR-124":"The app attempts to conceal the Uninstall button at Uninstall.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\HIGH SPEED RABBIT LIMITED\\WhitehatVPN\\WhitehatVPN.exe","companyName":"HIGH SPEED WHITEHAT LIMITED","productName":"WhitehatVPN","productVersion":"1.22.11.28","fileVersion":"1.22.11.28","hashMD5":"a74d56414c7517e7de55c81a72620274","hashSHA1":"4886f15519916f41cdbc04be1fb2017914bba4c4","hashSHA256":"257125f7d831043b4eb86f73d8500bccaafb1f8467c7d08429ead638e7a07ede","digitalCertThumbprint":"B1476909A9370074A35F2D3E3906E7BC8859FEAB","digitalCertIssuer":"WoTrus Code Signing 2021 CA","digitalCertIssuedTo":"HIGH SPEED RABBIT LIMITED","storeId":"","sourceIndex":"889","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"WhiteHatVPN1_22_11_28_1.exe","isInstaller":"True","companyName":"HIGH SPEED RABBIT LIMITED","productName":"WhitehatVPN","productVersion":"1.22.11.28","fileVersion":"1.22.11.28","hashMD5":"652d1235d21b74068342ba47e5eeed71","hashSHA1":"711c21fb541353e0e816138f269d393763dabba5","hashSHA256":"ac3e9f24f6a19481dca137aadfa4c4d40c24f618d5bff436622fa85b23f24ac3","digitalCertThumbprint":"B1476909A9370074A35F2D3E3906E7BC8859FEAB","digitalCertIssuer":"WoTrus Code Signing 2021 CA","digitalCertIssuedTo":"HIGH SPEED RABBIT LIMITED","storeId":"","sourceIndex":"889","avBlockList":["360 Total Security (20240523)","Avast Premium Security (20240523)","AVG Internet Security (20240523)","Avira Internet Security (20240523)","COMODO Antivirus (20240523)","ESET Internet Security (20240523)","G DATA INTERNET SECURITY (20240523)","K7 Total Security (20240523)","Kaspersky Internet Security (20240523)","Malwarebytes Premium (20240523)","McAfee Total Protection (20240523)","Norton Security (20240523)","Panda Dome (20240523)","Quick Heal Internet Security (20240523)","Sophos Home Premium (20240523)","SpyHunter5 (20240523)","Total AV Antivirus Pro (20240523)","VirIT eXplorer PRO (20240523)","Webroot SecureAnywhere (20240523)","Windows Defender (20240523)"],"avAllowList":["Bitdefender Internet Security (20240523)","Dr.Web Security Space (20240523)","Trend Micro Internet Security (20240523)","VIPRE Advanced Security (20240523)"]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on windows app","reference":"","landingPage":"https://www.whitehatvpn.com","directDownloadingLink":"https://www.whitehatvpn.com/download.html","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.whitehatvpn.com/download.html","sourceIndex":"889"}],"sampleFiles":["230927/WhitehatVPN-221212/1.22.11.28/Samples/WhiteHatVPN1_22_11_28_1.exe"],"imageFiles":["230927/WhitehatVPN-221212/1.22.11.28/Images/ACR-109/ACR-109.PNG","230927/WhitehatVPN-221212/1.22.11.28/Images/ACR-109/ACR-109_1.PNG","230927/WhitehatVPN-221212/1.22.11.28/Images/ACR-039/ACR-039.PNG","230927/WhitehatVPN-221212/1.22.11.28/Images/ACR-039/ACR-039_1.PNG","230927/WhitehatVPN-221212/1.22.11.28/Images/ACR-043/ACR-043.PNG","230927/WhitehatVPN-221212/1.22.11.28/Images/ACR-043/ACR-043_1.PNG","230927/WhitehatVPN-221212/1.22.11.28/Images/ACR-043/ACR-043_2.PNG","230927/WhitehatVPN-221212/1.22.11.28/Images/ACR-107/ACR-107.PNG","230927/WhitehatVPN-221212/1.22.11.28/Images/ACR-107/ACR-107_1.PNG","230927/WhitehatVPN-221212/1.22.11.28/Images/ACR-042/ACR-042.PNG","230927/WhitehatVPN-221212/1.22.11.28/Images/ACR-042/ACR-042_1.PNG","230927/WhitehatVPN-221212/1.22.11.28/Images/ACR-042/ACR-042_2.PNG","230927/WhitehatVPN-221212/1.22.11.28/Images/ACR-042/ACR-042_3.PNG","230927/WhitehatVPN-221212/1.22.11.28/Images/ACR-007/ACR-007.PNG","230927/WhitehatVPN-221212/1.22.11.28/Images/ACR-007/ACR-007_1.PNG","230927/WhitehatVPN-221212/1.22.11.28/Images/ACR-084/ACR-084.PNG","230927/WhitehatVPN-221212/1.22.11.28/Images/ACR-084/ACR-084_1.PNG","230927/WhitehatVPN-221212/1.22.11.28/Images/ACR-084/ACR-084_2.PNG","230927/WhitehatVPN-221212/1.22.11.28/Images/ACR-048/ACR-048.PNG","230927/WhitehatVPN-221212/1.22.11.28/Images/ACR-048/ACR-048_1.PNG","230927/WhitehatVPN-221212/1.22.11.28/Images/ACR-003/ACR-003.PNG","230927/WhitehatVPN-221212/1.22.11.28/Images/ACR-014/ACR-014.PNG","230927/WhitehatVPN-221212/1.22.11.28/Images/ACR-117/ACR-117.PNG","230927/WhitehatVPN-221212/1.22.11.28/Images/ACR-118/ACR-118.PNG","230927/WhitehatVPN-221212/1.22.11.28/Images/ACR-119/ACR-119.PNG","230927/WhitehatVPN-221212/1.22.11.28/Images/ACR-124/ACR-124.PNG"],"nonDeceptorImageFiles":[],"guid":"97b0746f-3293-4194-bb87-96b87bede060_1.22.11.28_1","appID":"WhitehatVPN-221212","dateAdded":"240301","deceptorType":"App","name":"WhiteHat VPN","company":"HIGH SPEED RABBIT LIMITED","version":"1.22.11.28","lastKnownStatus":"1.22.12.9;1.23.1.6;1.22.11.29;1.23.0.15;1.22.11.28;1.24.1.11","lastKnownDate":"240301","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"none","lastUpdate":"2024-03-01T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":6,"sortOrder":710},{"violations":{"ACR-042":"Third-party components \"TAP Driver Windows\", \"Open VPN\" and \"Wintun\" are dropped without any disclosure.\n\n","ACR-043":"Third-party components \"TAP Driver Windows\", \"Open VPN\" and \"Wintun\" are dropped without any disclosure.\n","ACR-107":"The app does not obtain any authorization for using third-party components: TAP Driver Windows, Open VPN, and Wintun. \n","ACR-048":"The resource sharing service is still running even after the application exit. \n","ACR-003":"The app displays misleading status \"Your IP is Unprotected\" when VPN connection is turned off. Although system has another VPN service is running.\n","ACR-084":"1. Processes still run silently in the background without any notification when application VPN is disconnected and closed. \n2. The app creates undisclosed startup items to perform actions without the consumer's knowledge and consent.\n","ACR-014":"The application presents misleading status even when the system has a VPN program already installed and running\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\HIGH SPEED WHITEHAT LIMITED\\WhitehatVPN\\WhitehatServer.exe","companyName":"HIGH SPEED WHITEHAT LIMITED","productName":"WhitehatServer","productVersion":"1.24.1.11","fileVersion":"1.24.1.11","hashMD5":"944f034076e57a6b6429989e83a80406","hashSHA1":"52c113fd629f40addbcdcd1356e6a0410c0e8f75","hashSHA256":"7f069936d639cb245139b9fb1040c6941412d73afad8d7388f253503bb9dc664","digitalCertThumbprint":"8D5A50B33EA992EC9B6C495546E4ACD9D4D5F84B","digitalCertIssuer":"GlobalSign GCC R45 EV CodeSigning CA 2020","digitalCertIssuedTo":"HIGH SPEED RABBIT LIMITED","storeId":"","sourceIndex":"725","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\HIGH SPEED WHITEHAT LIMITED\\WhitehatVPN\\WhitehatVPN.exe","companyName":"HIGH SPEED WHITEHAT LIMITED","productName":"WhitehatVPN","productVersion":"1.24.1.10","fileVersion":"1.24.1.10","hashMD5":"5b89b1d73d8d9a6c746692980b5826c4","hashSHA1":"65ffb3cb0a1e7071d0235e33f8d5dcf2ba4370ad","hashSHA256":"ca11af4c8998fb0496dba7bbdcc58eb229486e6cb6b9a98d8cd79530bfb8ea4a","digitalCertThumbprint":"8D5A50B33EA992EC9B6C495546E4ACD9D4D5F84B","digitalCertIssuer":"GlobalSign GCC R45 EV CodeSigning CA 2020","digitalCertIssuedTo":"HIGH SPEED RABBIT LIMITED","storeId":"","sourceIndex":"725","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"WhitehatVPNInstall.exe","isInstaller":"True","companyName":"HIGH SPEED WHITEHAT LIMITED","productName":"WhitehatVPNInstall","productVersion":"1.24.1.11","fileVersion":"1.24.1.11","hashMD5":"a3ebcc054af549ea7af504c6fc88c9bf","hashSHA1":"d0db23566bc1c4477dbaf7fd9bfce530d4da770f","hashSHA256":"17cdb1803f4a2bf66247b1c7348a1b4b428128453c6fd0a8ec32197ea75c092f","digitalCertThumbprint":"8D5A50B33EA992EC9B6C495546E4ACD9D4D5F84B","digitalCertIssuer":"GlobalSign GCC R45 EV CodeSigning CA 2020","digitalCertIssuedTo":"HIGH SPEED RABBIT LIMITED","storeId":"","sourceIndex":"725","avBlockList":["Avast Premium Security (20240502)","AVG Internet Security (20240502)","Avira Internet Security (20240502)","K7 Total Security (20240502)","Kaspersky Internet Security (20240502)","Malwarebytes Premium (20240502)","Norton Security (20240502)","Panda Dome (20240502)","Sophos Home Premium (20240502)","SpyHunter5 (20240502)","Total AV Antivirus Pro (20240502)","VirIT eXplorer PRO (20240502)","Webroot SecureAnywhere (20240502)"],"avAllowList":["360 Total Security (20240502)","Bitdefender Internet Security (20240502)","COMODO Antivirus (20240502)","Dr.Web Security Space (20240502)","ESET Internet Security (20240502)","G DATA INTERNET SECURITY (20240502)","McAfee Total Protection (20240502)","Quick Heal Internet Security (20240502)","Trend Micro Internet Security (20240502)","VIPRE Advanced Security (20240502)","Windows Defender (20240502)"]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on windows app","reference":"","landingPage":"https://www.whitehatvpn.com","directDownloadingLink":"https://www.whitehatvpn.com/download.html","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.whitehatvpn.com/download.html","sourceIndex":"725"}],"sampleFiles":["240301/WhitehatVPN-221212/1.24.1.11/Samples/WhitehatVPNInstall.exe"],"imageFiles":["240301/WhitehatVPN-221212/1.24.1.11/Images/ACR-043/ACR-043.PNG","240301/WhitehatVPN-221212/1.24.1.11/Images/ACR-043/ACR-043_1.PNG","240301/WhitehatVPN-221212/1.24.1.11/Images/ACR-043/ACR-043_2.PNG","240301/WhitehatVPN-221212/1.24.1.11/Images/ACR-107/ACR-107.PNG","240301/WhitehatVPN-221212/1.24.1.11/Images/ACR-107/ACR-107_1.PNG","240301/WhitehatVPN-221212/1.24.1.11/Images/ACR-107/ACR-107_2.PNG","240301/WhitehatVPN-221212/1.24.1.11/Images/ACR-042/ACR-042.PNG","240301/WhitehatVPN-221212/1.24.1.11/Images/ACR-042/ACR-042_1.PNG","240301/WhitehatVPN-221212/1.24.1.11/Images/ACR-042/ACR-042_2.PNG","240301/WhitehatVPN-221212/1.24.1.11/Images/ACR-084/ACR-084.PNG","240301/WhitehatVPN-221212/1.24.1.11/Images/ACR-084/ACR-084_1.PNG","240301/WhitehatVPN-221212/1.24.1.11/Images/ACR-084/ACR-084_2.PNG","240301/WhitehatVPN-221212/1.24.1.11/Images/ACR-084/ACR-084_3.PNG","240301/WhitehatVPN-221212/1.24.1.11/Images/ACR-084/ACR-084_Software_1.png","240301/WhitehatVPN-221212/1.24.1.11/Images/ACR-048/ACR-048_2.PNG","240301/WhitehatVPN-221212/1.24.1.11/Images/ACR-048/ACR-048_Software_1.png","240301/WhitehatVPN-221212/1.24.1.11/Images/ACR-003/ACR-003.PNG","240301/WhitehatVPN-221212/1.24.1.11/Images/ACR-014/ACR-014.PNG"],"nonDeceptorImageFiles":[],"guid":"97b0746f-3293-4194-bb87-96b87bede060_1.24.1.11_1","appID":"WhitehatVPN-221212","dateAdded":"240301","deceptorType":"App","name":"WhiteHat VPN","company":"HIGH SPEED RABBIT LIMITED","version":"1.24.1.11","lastKnownStatus":"1.22.12.9;1.23.1.6;1.22.11.29;1.23.0.15;1.22.11.28;1.24.1.11","lastKnownDate":"240301","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"none","lastUpdate":"2024-03-01T22:40:33.026917+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":6,"sortOrder":709},{"violations":{"ACR-109":"The application silently installs the app \"TAP Driver Windows\" before the user chose and agrees to install or without disclosing the relationship to the app during installation.\n","ACR-042":"1. The application silently installs the app \"TAP Driver Windows\" without disclosing the relationship to the app during installation. \n2. Third-party components \"Open VPN\" and \"Wintun\" are installed without any disclosure.\n","ACR-043":"1. The application silently installs the app \"TAP Driver Windows\" without disclosing the relationship to the app during installation. \n2. Third-party components \"Open VPN\" and \"Wintun\" are installed without any disclosure.\n3. The \"WhitehatVPN\" components get dropped in one click without asking the user's permission and disclosing the installation path.\n","ACR-107":"The app does not obtain any authorization for using third-party components: Open VPN and Wintun.\n","ACR-048":"The app does not provide any control to close the app completely and remove its background processes within the app's settings.\n","ACR-003":"The app displays misleading status \"Your IP is Unprotected\" when VPN connection is turned off. Although system has another VPN service is running.\n","ACR-007":"The app does not obtain explicit user consent to reduce the consumer's security posture caused by sharing IP/network connection for sharing internet resources.\n","ACR-084":"On closing the app, all the processes run silently in the background, hiding the fact that it is active from the consumer and may record the system's Usage Data and metrics including IP. \n","ACR-117":" The app attempts to conceal the Uninstall button at Uninstall. \n","ACR-118":"When the consumer attempts to completely uninstall the app, it deliberately retains some of its components on the device without the consumer's consent or notifying the user.\n","ACR-014":"The application presents misleading status even when the system has a VPN program already installed.\n","ACR-039":"The app silently installs Tap windows program without disclosing the relationship to the app during installation.\n","ACR-124":"The app attempts to conceal the Uninstall button at Uninstall. \n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\HIGH SPEED RABBIT LIMITED\\WhitehatVPN\\WhitehatData.exe","companyName":"HIGH SPEED WHITEHAT LIMITED","productName":"WhitehatData","productVersion":"1.22.11.26","fileVersion":"1.22.11.26","hashMD5":"c0f3af18ac34f721e11fdf5e9174b609","hashSHA1":"e1c7aeff4b65491ec002ff3b3ae65e0e359fba0f","hashSHA256":"a50b04f4ab94b0ced67368d38cd8c4b75ab26bffce2f04f3841232a984cbfd21","digitalCertThumbprint":"B1476909A9370074A35F2D3E3906E7BC8859FEAB","digitalCertIssuer":"WoTrus Code Signing 2021 CA","digitalCertIssuedTo":"HIGH SPEED RABBIT LIMITED","storeId":"","sourceIndex":"1115","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\HIGH SPEED RABBIT LIMITED\\WhitehatVPN\\WhitehatVPN.exe","companyName":"HIGH SPEED WHITEHAT LIMITED","productName":"WhitehatVPN","productVersion":"1.23.01.06","fileVersion":"1.23.1.6","hashMD5":"aad3e4e500a61f1777b22cc46f130be9","hashSHA1":"c78392a26705d7dbbb34c5389c55eeee8069816c","hashSHA256":"0b207a2e7d4abb3ace89327c3e77c171ae4c19f14d1c56ec41ae1498086f0d6d","digitalCertThumbprint":"B1476909A9370074A35F2D3E3906E7BC8859FEAB","digitalCertIssuer":"WoTrus Code Signing 2021 CA","digitalCertIssuedTo":"HIGH SPEED RABBIT LIMITED","storeId":"","sourceIndex":"1115","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"WhiteHatVPN12316__.exe","isInstaller":"True","companyName":"HIGH SPEED RABBIT LIMITED","productName":"WhitehatVPN","productVersion":"1.23.1.6","fileVersion":"1.23.1.6","hashMD5":"137d8b9d82330d1c2e6a00d26174b8c2","hashSHA1":"90937d0a6126c1029a69c555c2758bde88bf1b99","hashSHA256":"5e2d5a0043d7006e64844ed2c8af7357d6d37999ed2114a5b3831b317278c7d9","digitalCertThumbprint":"B1476909A9370074A35F2D3E3906E7BC8859FEAB","digitalCertIssuer":"WoTrus Code Signing 2021 CA","digitalCertIssuedTo":"HIGH SPEED RABBIT LIMITED","storeId":"","sourceIndex":"1115","avBlockList":["360 Total Security (20230525)","Avast Premium Security (20230525)","AVG Internet Security (20230525)","Avira Internet Security (20230525)","Bitdefender Internet Security (20230525)","COMODO Antivirus (20230525)","ESET Internet Security (20230525)","G DATA INTERNET SECURITY (20230525)","K7 Total Security (20230525)","Kaspersky Internet Security (20230525)","Malwarebytes Premium (20230525)","McAfee Total Protection (20230525)","Norton Security (20230525)","Panda Dome (20230525)","Quick Heal Internet Security (20230525)","Sophos Home Premium (20230525)","SpyHunter5 (20230525)","Total AV Antivirus Pro (20230525)","VIPRE Advanced Security (20230525)","VirIT eXplorer PRO (20230525)","Webroot SecureAnywhere (20230525)","Windows Defender (20230525)"],"avAllowList":["Dr.Web Security Space (20230525)","Trend Micro Internet Security (20230525)"]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on windows app","reference":"","landingPage":"https://www.whitehatvpn.com/","directDownloadingLink":"https://www.whitehatvpn.com/download.html","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.whitehatvpn.com/download.html","sourceIndex":"1115"}],"sampleFiles":["230508/WhitehatVPN-221212/1.23.1.6/Samples/WhiteHatVPN12316__.exe"],"imageFiles":["230508/WhitehatVPN-221212/1.23.1.6/Images/ACR-109/ACR-109.JPG","230508/WhitehatVPN-221212/1.23.1.6/Images/ACR-109/ACR-109_1.JPG","230508/WhitehatVPN-221212/1.23.1.6/Images/ACR-039/ACR-039.JPG","230508/WhitehatVPN-221212/1.23.1.6/Images/ACR-039/ACR-039_1.JPG","230508/WhitehatVPN-221212/1.23.1.6/Images/ACR-043/ACR-043.JPG","230508/WhitehatVPN-221212/1.23.1.6/Images/ACR-043/ACR-043_1.JPG","230508/WhitehatVPN-221212/1.23.1.6/Images/ACR-043/ACR-043_2.JPG","230508/WhitehatVPN-221212/1.23.1.6/Images/ACR-043/ACR-043_3.JPG","230508/WhitehatVPN-221212/1.23.1.6/Images/ACR-107/ACR-107_1.JPG","230508/WhitehatVPN-221212/1.23.1.6/Images/ACR-107/ACR-107_2.JPG","230508/WhitehatVPN-221212/1.23.1.6/Images/ACR-042/ACR-042.JPG","230508/WhitehatVPN-221212/1.23.1.6/Images/ACR-042/ACR-042_1.JPG","230508/WhitehatVPN-221212/1.23.1.6/Images/ACR-042/ACR-042_2.JPG","230508/WhitehatVPN-221212/1.23.1.6/Images/ACR-007/ACR-007.JPG","230508/WhitehatVPN-221212/1.23.1.6/Images/ACR-007/ACR-007_1.JPG","230508/WhitehatVPN-221212/1.23.1.6/Images/ACR-084/ACR-084.JPG","230508/WhitehatVPN-221212/1.23.1.6/Images/ACR-084/ACR-084_1.JPG","230508/WhitehatVPN-221212/1.23.1.6/Images/ACR-084/ACR-084_2.JPG","230508/WhitehatVPN-221212/1.23.1.6/Images/ACR-048/ACR-048.JPG","230508/WhitehatVPN-221212/1.23.1.6/Images/ACR-048/ACR-048_1.JPG","230508/WhitehatVPN-221212/1.23.1.6/Images/ACR-003/ACR-003.JPG","230508/WhitehatVPN-221212/1.23.1.6/Images/ACR-014/ACR-014.JPG","230508/WhitehatVPN-221212/1.23.1.6/Images/ACR-117/ACR-117.JPG","230508/WhitehatVPN-221212/1.23.1.6/Images/ACR-118/ACR-118.JPG","230508/WhitehatVPN-221212/1.23.1.6/Images/ACR-124/ACR-124.JPG"],"nonDeceptorImageFiles":[],"guid":"97b0746f-3293-4194-bb87-96b87bede060_1.23.1.6_1","appID":"WhitehatVPN-221212","dateAdded":"240301","deceptorType":"App","name":"WhiteHat VPN","company":"HIGH SPEED RABBIT LIMITED","version":"1.23.1.6","lastKnownStatus":"1.22.12.9;1.23.1.6;1.22.11.29;1.23.0.15;1.22.11.28;1.24.1.11","lastKnownDate":"240301","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"none","lastUpdate":"2024-03-01T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":6,"sortOrder":713},{"violations":{"ACR-043":"Third party components \"Open VPN\" and \"Wintun\" are installed without any disclosure in the EULA.\n","ACR-107":"The app does not obtain any authorization for using third-party components: Open VPN and Wintun.\n","ACR-003":"The app displays \"Your IP is Unprotected\" when disconnected from the VPN. This is misleading with unsubstantiated claim.\n","ACR-007":"The app does not obtain explicit user consent to reduce the consumer's security posture caused by sharing IP/network connection for sharing internet resources.\n\n","ACR-084":"Quitting the app keeps other processes running in the background without notifying the consumer and may record system's Usage Data and metrics including IP. \n","ACR-117":" The app attempts to conceal the Uninstall button at Uninstall. \n","ACR-014":"The application presents misleading status even when the system has a VPN program already installed.\n","ACR-039":"The app silently installs Tap windows program without disclosing the relationship to the app during installation.\n"},"nonDeceptorViolations":{"ACR-099":"The app does not display links to uninstall information. \nLanding Page does not display links to uninstall information. \n"},"samples":[{"isRevoked":"False","fileName":"WhitehatVPN.exe","isInstaller":"True","companyName":"HIGH SPEED WHITEHAT LIMITED","productName":"WhitehatVPN","productVersion":"1.22.12.8","fileVersion":"1.22.12.8","hashMD5":"e63a342351e247e1323ce575f72bd674","hashSHA1":"31ac064c1b37adba6856ff481c01d4a48933abd0","hashSHA256":"b796f5a944dc6b73aee9268925e9aae09740983f1d746b59d27a33129353b345","digitalCertThumbprint":"B1476909A9370074A35F2D3E3906E7BC8859FEAB","digitalCertIssuer":"CN=WoTrus Code Signing 2021 CA, O=WoTrus CA Limited, C=CN","digitalCertIssuedTo":"CN=HIGH SPEED RABBIT LIMITED, O=HIGH SPEED RABBIT LIMITED, L=London, C=GB","sourceIndex":"1247","avBlockList":["360 Total Security (20240723)","Avast Premium Security (20240723)","AVG Internet Security (20240723)","Avira Internet Security (20240723)","Bitdefender Internet Security (20240723)","COMODO Antivirus (20240723)","ESET Internet Security (20240723)","G DATA INTERNET SECURITY (20240723)","K7 Total Security (20240723)","Kaspersky Internet Security (20240723)","Malwarebytes Premium (20240723)","McAfee Total Protection (20240723)","Norton Security (20240723)","Panda Dome (20240723)","Quick Heal Internet Security (20240723)","Sophos Home Premium (20240723)","SpyHunter5 (20240723)","Total AV Antivirus Pro (20240723)","Trend Micro Internet Security (20240723)","VIPRE Advanced Security (20240723)","VirIT eXplorer PRO (20240723)","Webroot SecureAnywhere (20240723)","Windows Defender (20240723)","FortectPremium (20240723)"],"avAllowList":["Dr.Web Security Space (20240723)"]},{"isRevoked":"False","fileName":"WhiteHatVPN1_22_12_9.exe","isInstaller":"True","companyName":"HIGH SPEED RABBIT LIMITED","productName":"WhitehatVPN","fileVersion":"1.22.12.9","hashMD5":"3a45f190d4713355ade3a97a53b1f0b8","hashSHA1":"8a925b278ebec1f0ee429bfab1c51112eddb3750","hashSHA256":"4f0439fd31a007958fe6747ae0e7f4303e0229121dd4021d34f39a9644a02f1f","digitalCertThumbprint":"B1476909A9370074A35F2D3E3906E7BC8859FEAB","digitalCertIssuer":"CN=WoTrus Code Signing 2021 CA, O=WoTrus CA Limited, C=CN","digitalCertIssuedTo":"CN=HIGH SPEED RABBIT LIMITED, O=HIGH SPEED RABBIT LIMITED, L=London, C=GB","sourceIndex":"1247","avBlockList":["360 Total Security (20230119)","Avast Premium Security (20230119)","AVG Internet Security (20230119)","Avira Internet Security (20230119)","Bitdefender Internet Security (20230119)","ESET Internet Security (20230119)","G DATA INTERNET SECURITY (20230119)","K7 Total Security (20230119)","McAfee Total Protection (20230119)","Norton Security (20230119)","Panda Dome (20230119)","Sophos Home Premium (20230119)","SpyHunter5 (20230119)","Total AV Antivirus Pro (20230119)","VIPRE Advanced Security (20230119)","VirIT eXplorer PRO (20230119)"],"avAllowList":["COMODO Antivirus (20230119)","Dr.Web Security Space (20230119)","Kaspersky Internet Security (20230119)","Malwarebytes Premium (20230119)","Quick Heal Internet Security (20230119)","Trend Micro Internet Security (20230119)","Webroot SecureAnywhere (20230119)","Windows Defender (20230119)"]}],"additionalFiles":[],"sources":[{"howFound":"searched vpn for windows on google","reference":"","landingPage":"https://www.whitehatvpn.com","directDownloadingLink":"https://www.whitehatvpn.com/download.html","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.whitehatvpn.com/download.html","sourceIndex":"1247"}],"sampleFiles":["230113/WhitehatVPN-221212/1.22.12.9/Samples/WhitehatVPN.exe","230113/WhitehatVPN-221212/1.22.12.9/Samples/WhiteHatVPN1_22_12_9.exe"],"imageFiles":["230113/WhitehatVPN-221212/1.22.12.9/Images/ACR-039/ACR-039_TAPWindows-b.jpg","230113/WhitehatVPN-221212/1.22.12.9/Images/ACR-039/ACR-039_TAPWindows.jpg","230113/WhitehatVPN-221212/1.22.12.9/Images/ACR-043/OpenVPN.jpg","230113/WhitehatVPN-221212/1.22.12.9/Images/ACR-043/Wintun.jpg","230113/WhitehatVPN-221212/1.22.12.9/Images/ACR-107/OpenVPN.jpg","230113/WhitehatVPN-221212/1.22.12.9/Images/ACR-107/Wintun.jpg","230113/WhitehatVPN-221212/1.22.12.9/Images/ACR-107/ACR-107_3rdParty.jpg","230113/WhitehatVPN-221212/1.22.12.9/Images/ACR-007/ACR-007_SharingIP_resources.jpg","230113/WhitehatVPN-221212/1.22.12.9/Images/ACR-007/ACR-007_DataUsage.jpg","230113/WhitehatVPN-221212/1.22.12.9/Images/ACR-084/ACR-048_084.jpg","230113/WhitehatVPN-221212/1.22.12.9/Images/ACR-084/ACR-007_DataUsage.jpg","230113/WhitehatVPN-221212/1.22.12.9/Images/ACR-084/UsageData.jpg","230113/WhitehatVPN-221212/1.22.12.9/Images/ACR-003/ACR-003_014_UnprotectedStatus.jpg","230113/WhitehatVPN-221212/1.22.12.9/Images/ACR-014/ACR-003_014_UnprotectedStatus.jpg","230113/WhitehatVPN-221212/1.22.12.9/Images/ACR-117/ACR-117_Obscured_Uninstall_button.jpg"],"nonDeceptorImageFiles":["230113/WhitehatVPN-221212/1.22.12.9/Images/ACR-099/ACR-099.jpg","230113/WhitehatVPN-221212/1.22.12.9/Images/ACR-099/WhitehatVPN_LandingPage.jpeg"],"guid":"97b0746f-3293-4194-bb87-96b87bede060_1.22.12.9_1","appID":"WhitehatVPN-221212","dateAdded":"240301","deceptorType":"App","name":"WhiteHat VPN","company":"HIGH SPEED RABBIT LIMITED","version":"1.22.12.9","lastKnownStatus":"1.22.12.9;1.23.1.6;1.22.11.29;1.23.0.15;1.22.11.28;1.24.1.11","lastKnownDate":"240301","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"none","lastUpdate":"2024-03-01T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":6,"sortOrder":714},{"violations":{"ACR-007":"The app does not obtain user explicit consent which reduces the consumer's security posture caused by sharing internet resources.\nThe app does not display explicit notification about the potential risk in security posture caused by sharing network connection, when the app is re-enabled at least for the 1st time.\n\n\n","ACR-084":"The process keeps running in the background despite disabling app and connection option. \n"},"nonDeceptorViolations":{"ACR-040":"The app drops all its components in the hidden path \"%AppData%\\Local\\Programs\\\"\n\n","ACR-098":"The app needs to provide control to adjust the schedule and rate while the \"Pinaview\" process is running. \n"},"samples":[{"isRevoked":"False","fileName":"Pinaview-setup.exe","isInstaller":"True","companyName":"Pinaview                                                    ","fileVersion":"1.0","hashMD5":"c66d326bd45c934336733a5334933504","hashSHA1":"cf439e26adae38501c41ca0ae35352f6a7cbeb6c","hashSHA256":"96ca11e568ee3d43f4e4068d0b791f17b95f3cc47291c7903b692c92afa22609","digitalCertThumbprint":"1BB26C027214454F668B780B3DB025E3E81B0307","digitalCertIssuer":"CN=Sectigo Public Code Signing CA EV R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=Cleversort FZ-LLC, O=Cleversort FZ-LLC, S=Ra’s al Khaymah, C=AE, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=AE, SERIALNUMBER=11478657","sourceIndex":"599","avBlockList":["360 Total Security (20240430)","Avast Premium Security (20240430)","AVG Internet Security (20240430)","Avira Internet Security (20240430)","Bitdefender Internet Security (20240430)","ESET Internet Security (20240430)","G DATA INTERNET SECURITY (20240430)","K7 Total Security (20240430)","Kaspersky Internet Security (20240430)","Malwarebytes Premium (20240430)","Norton Security (20240430)","Panda Dome (20240430)","Quick Heal Internet Security (20240430)","Sophos Home Premium (20240430)","SpyHunter5 (20240430)","Total AV Antivirus Pro (20240430)","Trend Micro Internet Security (20240430)","VIPRE Advanced Security (20240430)","VirIT eXplorer PRO (20240430)","Webroot SecureAnywhere (20240430)"],"avAllowList":["COMODO Antivirus (20240430)","Dr.Web Security Space (20240430)","McAfee Total Protection (20240430)","Windows Defender (20240430)"]}],"additionalFiles":[],"sources":[{"howFound":"bandwidth sharing, passive income, SDK","reference":"","landingPage":"https://pinaview.com/","directDownloadingLink":"https://pinaview.com/downloads/Pinaview.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://pinaview.com/downloads/Pinaview.exe","sourceIndex":"599"}],"sampleFiles":["240229/Pinaview-240229/1.0.2.0/Samples/Pinaview-setup.exe"],"imageFiles":["240229/Pinaview-240229/1.0.2.0/Images/ACR-007/ACR-007_Install_1.png","240229/Pinaview-240229/1.0.2.0/Images/ACR-084/ACR-084_Software_1.png","240229/Pinaview-240229/1.0.2.0/Images/ACR-084/ACR-084_Software_2.png","240229/Pinaview-240229/1.0.2.0/Images/ACR-007/ACR-007_Software.gif"],"nonDeceptorImageFiles":["240229/Pinaview-240229/1.0.2.0/Images/ACR-040/ACR-040_Install_1.png","240229/Pinaview-240229/1.0.2.0/Images/ACR-098/ACR-098_Software_1.png","240229/Pinaview-240229/1.0.2.0/Images/ACR-098/ACR-098_Software_2.png"],"guid":"e201cd1a-d013-4129-b5cb-272677a0b8a2_1.0.2.0_1","appID":"Pinaview-240229","dateAdded":"240229","deceptorType":"App","name":"Pinaview","company":"Globalhop","version":"1.0.2.0","firstVendorContactDate":"240531","firstAppEsteemReplyDate":"240604","firstResolvedDate":"240712","firstResolvedVersion":"1.0.6.0","resolved":"TRUE","lastKnownStatus":"1.0.2.0","lastKnownDate":"240712","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 8,Windows 10,Windows 11,Windows 7","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"net proxy,none","lastUpdate":"2024-07-12T21:18:14.8746828+00:00","notDistributed":false,"familyName":"Globalhop","numInFamily":17,"numInAppID":1,"sortOrder":265},{"violations":{"ACR-007":"The app does not obtain user explicit consent which reduces the consumer's security posture caused by sharing internet resources.\nThe app does not display explicit notification about the potential risk in security posture caused by sharing network connection, when the app is re-enabled at least for the 1st time.\n","ACR-084":"The process keeps running in the background despite disabling app and connection option. \n"},"nonDeceptorViolations":{"ACR-040":"The app drops all its components in the hidden path \"%AppData%\\Local\\Programs\\\"\n","ACR-098":"The app needs to provide control to adjust the schedule and rate while the \"Viewndow\" process is running.\n"},"samples":[{"isRevoked":"False","fileName":"viewndowlp.exe","isInstaller":"True","companyName":"Viewndow                                                    ","fileVersion":"1.0","hashMD5":"45dc770549a636543076e997f0a30637","hashSHA1":"1b239a825198db0801be8da11dced088e14747a9","hashSHA256":"9e51f4f0e3b15565d5fcc874888e331f35d0948795e5c46a2ef74bfb3ff9c946","digitalCertThumbprint":"1BB26C027214454F668B780B3DB025E3E81B0307","digitalCertIssuer":"CN=Sectigo Public Code Signing CA EV R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=Cleversort FZ-LLC, O=Cleversort FZ-LLC, S=Ra’s al Khaymah, C=AE, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=AE, SERIALNUMBER=11478657","sourceIndex":"600","avBlockList":["360 Total Security (20240430)","Avast Premium Security (20240430)","AVG Internet Security (20240430)","Avira Internet Security (20240430)","Bitdefender Internet Security (20240430)","ESET Internet Security (20240430)","G DATA INTERNET SECURITY (20240430)","K7 Total Security (20240430)","Kaspersky Internet Security (20240430)","Malwarebytes Premium (20240430)","Norton Security (20240430)","Panda Dome (20240430)","Quick Heal Internet Security (20240430)","Sophos Home Premium (20240430)","SpyHunter5 (20240430)","Total AV Antivirus Pro (20240430)","Trend Micro Internet Security (20240430)","VIPRE Advanced Security (20240430)","VirIT eXplorer PRO (20240430)","Webroot SecureAnywhere (20240430)"],"avAllowList":["COMODO Antivirus (20240430)","Dr.Web Security Space (20240430)","McAfee Total Protection (20240430)","Windows Defender (20240430)"]}],"additionalFiles":[],"sources":[{"howFound":"bandwidth sharing, passive income, SDK","reference":"","landingPage":"https://viewndow.com/","directDownloadingLink":"https://viewndow.com/downloads/viewndowlp.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://viewndow.com/downloads/viewndowlp.exe","sourceIndex":"600"}],"sampleFiles":["240229/Viewndow-240229/1.0.6.0/Samples/viewndowlp.exe"],"imageFiles":["240229/Viewndow-240229/1.0.6.0/Images/ACR-007/ACR-007_Install_1.png","240229/Viewndow-240229/1.0.6.0/Images/ACR-084/ACR-084_Software_1.png","240229/Viewndow-240229/1.0.6.0/Images/ACR-084/ACR-084_Software_2.png","240229/Viewndow-240229/1.0.6.0/Images/ACR-007/ACR-007_Software.gif"],"nonDeceptorImageFiles":["240229/Viewndow-240229/1.0.6.0/Images/ACR-040/ACR-040_Install_1.png","240229/Viewndow-240229/1.0.6.0/Images/ACR-098/ACR-098_Software_1.png","240229/Viewndow-240229/1.0.6.0/Images/ACR-098/ACR-098_Software_2.png"],"guid":"c7dd9beb-567f-4901-8d1a-e2715946d0d7_1.0.6.0_1","appID":"Viewndow-240229","dateAdded":"240229","deceptorType":"App","name":"Viewndow","company":"Globalhop","version":"1.0.6.0","firstVendorContactDate":"240531","firstAppEsteemReplyDate":"240604","firstResolvedDate":"240712","firstResolvedVersion":"1.0.8.0","resolved":"TRUE","lastKnownStatus":"1.0.6.0","lastKnownDate":"240712","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows 7,Windows 8,Windows 10,Windows 11,Windows Vista","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"net proxy,none","lastUpdate":"2024-07-12T21:14:47.1043735+00:00","notDistributed":false,"familyName":"Globalhop","numInFamily":17,"numInAppID":1,"sortOrder":264},{"violations":{"ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software. \n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"FileZilla_3.66.5_win64_sponsored2-setup.exe","isInstaller":"True","companyName":"Tim Kosse","productName":"FileZilla","productVersion":"3.66.5","fileVersion":"3.66.5","hashMD5":"861c54a22491b35880f4ec629cfd699f","hashSHA1":"71a32e0d99f6d6a36770bf60686c4ac04eb9d70c","hashSHA256":"dbde8a4bd71bb1fbc0511cdb657dfeffdaedc513aa425f856043532a7cba6fce","digitalCertThumbprint":"E57CE01F6A5E1D4C522BC68488AF53D9BAD13AB7","digitalCertIssuer":"Sectigo Public Code Signing CA R36","digitalCertIssuedTo":"Tim Kosse","storeId":"","sourceIndex":"726","avBlockList":["ESET Internet Security (20240725)","G DATA INTERNET SECURITY (20240725)","Malwarebytes Premium (20240725)","Norton Security (20240725)","Quick Heal Internet Security (20240725)","Sophos Home Premium (20240725)","SpyHunter5 (20240725)","VirIT eXplorer PRO (20240725)","Webroot SecureAnywhere (20240725)","FortectPremium (20240725)"],"avAllowList":["360 Total Security (20240725)","Avast Premium Security (20240725)","AVG Internet Security (20240725)","Avira Internet Security (20240725)","Bitdefender Internet Security (20240725)","COMODO Antivirus (20240725)","Dr.Web Security Space (20240725)","K7 Total Security (20240725)","Kaspersky Internet Security (20240725)","McAfee Total Protection (20240725)","Panda Dome (20240725)","Total AV Antivirus Pro (20240725)","Trend Micro Internet Security (20240725)","VIPRE Advanced Security (20240725)","Windows Defender (20240725)"]}],"additionalFiles":[],"sources":[{"howFound":"Security Partner Report","reference":"","landingPage":"https://filezilla-project.org/download.php?type=client","directDownloadingLink":"https://download.filezilla-project.org/client/FileZilla_3.66.5_win64_sponsored2-setup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://download.filezilla-project.org/client/FileZilla_3.66.5_win64_sponsored2-setup.exe","sourceIndex":"726"}],"sampleFiles":["240227/FileZilla-240223/3.66.5/Samples/FileZilla_3.66.5_win64_sponsored2-setup.exe"],"imageFiles":["240227/FileZilla-240223/3.66.5/Images/ACR-013/ACR-013.PNG","240227/FileZilla-240223/3.66.5/Images/ACR-060/ACR-060.PNG"],"nonDeceptorImageFiles":[],"guid":"643776a7-0ad9-4afc-a7e4-9f82810281b9_3.66.5_1","appID":"FileZilla-240223","dateAdded":"240227","deceptorType":"Bundler","name":"FileZilla","company":"Tim Kosse","version":"3.66.5","lastKnownStatus":"3.66.5","lastKnownDate":"240227","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10,Windows 11","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2024-02-27T21:05:49.8763687+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":715},{"violations":{"ACR-109":"The app downloads \"\"rk_setup.exe\", a RelevantKnowledge file before disclosure and without the consumer's consent.\n\n","ACR-048":"The \"Decline\" button does not have any control. Despite declining RelevantKnowledge app, it is still downloaded RelevantKnowledge file “\"rk_setup.exe” nevertheless.\n\n","ACR-010":"The app distributes deceptor application. The offer in this app, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control. \n\n","ACR-057":"The app bundles the \"Relevant Knowledge\" offer which does not allow the consumer to decline the offer. \n\n","ACR-071":"It attempts to force the acceptance of \"Relevant Knowledge\" by graying out the Next button when the user choose to Decline. Thus, forcing the user to only accept the offer and proceed with the installation.\n\n","ACR-059":"Offer not clearly marked as an offer. Instead, it is presented as a component of the carrier.\n\n","ACR-039":"There is no clear indications of the relationship to the installer application. RelevantKnowledge is presented as part of the installer application. Despite declining RelevantKnowledge app, it still downloaded RelevantKnowledge file “rk_setup.exe” regardless.\n\n","ACR-155":"Offers are designed to look like part of the install workflow. \n\n"},"nonDeceptorViolations":{"ACR-002":"The App's version is inconsistent between App interaction and its install (version 10.8.2.4 vs version 10.8.0) \n\nThe App's version is inconsistent between App interaction and its install (version 10.8.2.4 vs version 10.8.0) \n\n","ACR-106":"App offers deceptive application 'Relevant Knowledge market survey'. \n\n"},"samples":[{"isRevoked":"False","fileName":"MusicEditorFree.exe","fileVersion":"0.0","hashMD5":"4f2294cb6778079e0f3392664e68adef","hashSHA1":"51988286cfd5b7b780b63f5f99bea6eb7536d93c","hashSHA256":"5a66f4c0a077cd744c3bbbbe4810828b3bfb97f8309f2602f44058120b3f8711","sourceIndex":"1486","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"MusicEditorFree-setup.exe","isInstaller":"True","companyName":"Copyright© 2005-2019 MEFMedia, Inc.                         ","fileVersion":"0.0","hashMD5":"2a9ee2d650aba69210ed0005329d05d1","hashSHA1":"54e8c89a72ac4caa8ab2f8a7da6f3f288d44fb00","hashSHA256":"b4b60a57af269849ce9432f34f25dab29d1551c596ddc2cf727c6be3faf9a6b0","digitalCertThumbprint":"561906D7998D780F5F5E93C36DCD77674F8236A3","digitalCertIssuer":"CN=Sectigo Public Code Signing CA R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=\"Beijing QingSoft Creative Information Technology Co., Ltd.\", O=\"Beijing QingSoft Creative Information Technology Co., Ltd.\", S=Beijing Shi, C=CN","sourceIndex":"1486","avBlockList":["360 Total Security (20240227)","Avast Premium Security (20240227)","AVG Internet Security (20240227)","Avira Internet Security (20240227)","Bitdefender Internet Security (20240227)","COMODO Antivirus (20240227)","Dr.Web Security Space (20240227)","ESET Internet Security (20240227)","G DATA INTERNET SECURITY (20240227)","K7 Total Security (20240227)","Kaspersky Internet Security (20240227)","Malwarebytes Premium (20240227)","McAfee Total Protection (20240227)","Norton Security (20240227)","Panda Dome (20240227)","Sophos Home Premium (20240227)","SpyHunter5 (20240227)","Total AV Antivirus Pro (20240227)","VIPRE Advanced Security (20240227)","VirIT eXplorer PRO (20240227)","Webroot SecureAnywhere (20240227)","Windows Defender (20240227)"],"avAllowList":["Quick Heal Internet Security (20240227)","Tencent PC Manager (20220804)","Trend Micro Internet Security (20240227)"]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"","landingPage":"https://music-editor.net/","directDownloadingLink":"https://music-editor.net/MusicEditorFree.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://music-editor.net/MusicEditorFree.exe","sourceIndex":"1486"}],"sampleFiles":["220801/MusicEditorFree-220729/10.8/Samples/MusicEditorFree.exe","220801/MusicEditorFree-220729/10.8/Samples/MusicEditorFree-setup.exe"],"imageFiles":["220801/MusicEditorFree-220729/10.8/Images/ACR-109/ACR-109_039_048-RK_setup.jpg","220801/MusicEditorFree-220729/10.8/Images/ACR-039/ACR-109_039_048-RK_setup.jpg","220801/MusicEditorFree-220729/10.8/Images/ACR-048/ACR-109_039_048-RK_setup.jpg","220801/MusicEditorFree-220729/10.8/Images/ACR-010/RelevantKnowledge.jpg","220801/MusicEditorFree-220729/10.8/Images/ACR-057/RelevantKnowledge.jpg","220801/MusicEditorFree-220729/10.8/Images/ACR-059/RelevantKnowledge.jpg","220801/MusicEditorFree-220729/10.8/Images/ACR-071/RelevantKnowledge.jpg","220801/MusicEditorFree-220729/10.8/Images/ACR-155/RelevantKnowledge.jpg"],"nonDeceptorImageFiles":["220801/MusicEditorFree-220729/10.8/Images/ACR-002/ACR-002_Mismatched_version.jpg","220801/MusicEditorFree-220729/10.8/Images/ACR-106/RelevantKnowledge.jpg","220801/MusicEditorFree-220729/10.8/Images/ACR-002/ACR-002_Mismatched_version.jpg"],"guid":"cfea653f-9ed2-426d-9fcf-d62007931275_10.8_1","appID":"MusicEditorFree-220729","dateAdded":"240220","deceptorType":"App","name":"Music Editor Free","company":"MEFMedia","version":"10.8","lastKnownStatus":"10.8;10.8.3.0","lastKnownDate":"240220","type":"Windows Executable","category":"Media editors, SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 8,Windows 7,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"cross-sell other apps","lastUpdate":"2024-02-20T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":719},{"violations":{"ACR-109":"The app downloads \"rk_setup.exe\", a RelevantKnowledge file before disclosure and without the consumer's consent\n","ACR-042":"The app initiates network communications with 3rd party offer provider before obtaining user consent\n","ACR-010":"The app distributes deceptor application. The offer in this app, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software\n","ACR-118":"Upon uninstallation, it retains some of its components on the device without the user's knowledge and consent\n","ACR-057":"The app bundles the \"Relevant Knowledge\" offer which does not allow the consumer to decline the offer\n","ACR-071":"It attempts to force the acceptance of \"Relevant Knowledge\" by graying out the Next button when the user choose to Decline. Thus, forcing the user to only accept the offer and proceed with the installation\n\n","ACR-059":"Offer not clearly marked as an offer. Instead, it is presented as a component of the carrier.\n","ACR-155":"Offers are designed to look like part of the install workflow\n"},"nonDeceptorViolations":{"ACR-106":"App offers deceptive application 'Relevant Knowledge market survey\n","ACR-092":"The installer and main executables are not digitally signed\n","ACR-123":"The app does not remove dropped root certificates even after uninstalling\n"},"samples":[{"isRevoked":"False","fileName":"MusicEditorFree.exe","isInstaller":"True","companyName":"Copyright© 2005-2024 MEFMedia Inc.                         ","productName":"Music Editor Free                                           ","productVersion":"                    ","fileVersion":"                    ","hashMD5":"ad07c4d5e9f290e3e914a75f89ceeba2","hashSHA1":"941e3357772ec502259b03678936136011d57222","hashSHA256":"b3888d58cbde1b7fbe0639b2f7bb4434548476a34742371a9c5f582b70ae89e9","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"728","avBlockList":["360 Total Security (20240725)","Avast Premium Security (20240725)","AVG Internet Security (20240725)","Avira Internet Security (20240725)","Bitdefender Internet Security (20240725)","COMODO Antivirus (20240725)","Dr.Web Security Space (20240725)","ESET Internet Security (20240725)","G DATA INTERNET SECURITY (20240725)","K7 Total Security (20240725)","Kaspersky Internet Security (20240725)","Malwarebytes Premium (20240725)","McAfee Total Protection (20240725)","Norton Security (20240725)","Panda Dome (20240725)","Sophos Home Premium (20240725)","SpyHunter5 (20240725)","Total AV Antivirus Pro (20240725)","Trend Micro Internet Security (20240725)","VIPRE Advanced Security (20240725)","VirIT eXplorer PRO (20240725)","Webroot SecureAnywhere (20240725)","Windows Defender (20240725)","FortectPremium (20240725)"],"avAllowList":["Quick Heal Internet Security (20240725)"]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"","landingPage":"https://music-editor.net/","directDownloadingLink":"https://music-editor.net/MusicEditorFree.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://music-editor.net/MusicEditorFree.exe","sourceIndex":"728"}],"sampleFiles":["240220/MusicEditorFree-220729/10.8.3.0/Samples/MusicEditorFree.exe"],"imageFiles":["240220/MusicEditorFree-220729/10.8.3.0/Images/ACR-109/ACR-109_Install_1.png","240220/MusicEditorFree-220729/10.8.3.0/Images/ACR-042/ACR-042_Install_1.png","240220/MusicEditorFree-220729/10.8.3.0/Images/ACR-010/ACR-010_Install_1.png","240220/MusicEditorFree-220729/10.8.3.0/Images/ACR-013/ACR-013_Install_1.png","240220/MusicEditorFree-220729/10.8.3.0/Images/ACR-118/ACR-118_Uninstall_1.png","240220/MusicEditorFree-220729/10.8.3.0/Images/ACR-118/ACR-118_Uninstall_2.png","240220/MusicEditorFree-220729/10.8.3.0/Images/ACR-057/ACR-057_Bundler-made offers_1.png","240220/MusicEditorFree-220729/10.8.3.0/Images/ACR-059/ACR-059_Bundler-made offers_1.png","240220/MusicEditorFree-220729/10.8.3.0/Images/ACR-071/ACR-071_Bundler-made offers_1.png","240220/MusicEditorFree-220729/10.8.3.0/Images/ACR-155/ACR-155_Bundler-made offers_1.png","240220/MusicEditorFree-220729/10.8.3.0/Images/ACR-060/ACR-060_Bundler-made offers_1.png"],"nonDeceptorImageFiles":["240220/MusicEditorFree-220729/10.8.3.0/Images/ACR-106/ACR-106_Software_1.png","240220/MusicEditorFree-220729/10.8.3.0/Images/ACR-092/ACR-092_Software_1.png","240220/MusicEditorFree-220729/10.8.3.0/Images/ACR-092/ACR-092_Software_2.png","240220/MusicEditorFree-220729/10.8.3.0/Images/ACR-123/ACR-123_Uninstall_1.png"],"guid":"cfea653f-9ed2-426d-9fcf-d62007931275_10.8.3.0_1","appID":"MusicEditorFree-220729","dateAdded":"240220","deceptorType":"App","name":"Music Editor Free","company":"MEFMedia","version":"10.8.3.0","lastKnownStatus":"10.8;10.8.3.0","lastKnownDate":"240220","type":"Windows Executable","category":"Media editors, SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 8,Windows 7,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"cross-sell other apps","lastUpdate":"2024-02-20T23:35:40.3597689+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":718},{"violations":{"ACR-109":"The app downloads \"\"rk_setup.exe\", a RelevantKnowledge file before disclosure and without the consumer's consent.\n\n","ACR-048":"The \"Decline\" button does not have any control. Despite declining RelevantKnowledge app, it is still downloaded RelevantKnowledge file “\"rk_setup.exe” nevertheless.\n\n","ACR-010":"There is no clear indications of the relationship to the installer application. RelevantKnowledge is presented as part of the installer application. Despite declining RelevantKnowledge app, it still downloaded RelevantKnowledge file “rk_setup.exe” regardless.\n\n","ACR-057":"The app bundles the \"Relevant Knowledge\" offer which does not allow the consumer to decline the offer. \n\n","ACR-071":"It attempts to force the acceptance of \"Relevant Knowledge\" by graying out the Next button when the user choose to Decline. Thus, forcing the user to only accept the offer and proceed with the installation.\n\n","ACR-059":"Offer not clearly marked as an offer. Instead, it is presented as a component of the carrier.\n\n","ACR-039":"There is no clear indications of the relationship to the installer application. RelevantKnowledge is presented as part of the installer application. Despite declining RelevantKnowledge app, it still downloaded RelevantKnowledge file “rk_setup.exe” regardless.\n\n","ACR-155":"Offers are designed to look like part of the install workflow. \n\n"},"nonDeceptorViolations":{"ACR-002":"The App's version is inconsistent between App interaction and its install (version4.8.2.4 vs version 4.8.0) \n\nThe App's version is inconsistent between App interaction and its install (version4.8.2.4 vs version 4.8.0) \n\n","ACR-106":"App offers deceptive application 'Relevant Knowledge market survey'. \n\n"},"samples":[{"isRevoked":"False","fileName":"VidMateVideoConverter.exe","productName":"VidMate Video Converter   ","fileVersion":"1.0","hashMD5":"a9cefb316ac0c2da57081d88b67e843e","hashSHA1":"f64f68df08f14c5029ba55197b3ffdec4cb9218c","hashSHA256":"49b03b416419e4210e58c8398ab01c736200361f176f1d0f3bcd8128dcf43c51","sourceIndex":"1489","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"VidMateVideoConverter-setup.exe","isInstaller":"True","companyName":"MEFMedia Co., Ltd.                                          ","productName":"VidMate Video Converter   ","fileVersion":"0.0","hashMD5":"ca22b9c8750b9a7395944f9337457597","hashSHA1":"5069fc52f671ff3e6af4f7f8ca5797eabbebb208","hashSHA256":"0bf935cd539eb91e853cd99584f217f18574ab638ab19c625f55f94ea54ef881","digitalCertThumbprint":"561906D7998D780F5F5E93C36DCD77674F8236A3","digitalCertIssuer":"CN=Sectigo Public Code Signing CA R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=\"Beijing QingSoft Creative Information Technology Co., Ltd.\", O=\"Beijing QingSoft Creative Information Technology Co., Ltd.\", S=Beijing Shi, C=CN","sourceIndex":"1489","avBlockList":["360 Total Security (20240307)","Avast Premium Security (20240307)","AVG Internet Security (20240307)","Avira Internet Security (20240307)","Bitdefender Internet Security (20240307)","Dr.Web Security Space (20240307)","ESET Internet Security (20240307)","G DATA INTERNET SECURITY (20240307)","K7 Total Security (20240307)","Kaspersky Internet Security (20240307)","Malwarebytes Premium (20240307)","McAfee Total Protection (20240307)","Norton Security (20240307)","Panda Dome (20240307)","Sophos Home Premium (20240307)","SpyHunter5 (20240307)","Total AV Antivirus Pro (20240307)","VIPRE Advanced Security (20240307)","VirIT eXplorer PRO (20240307)","Webroot SecureAnywhere (20240307)","Windows Defender (20240307)"],"avAllowList":["COMODO Antivirus (20240307)","Quick Heal Internet Security (20240307)","Trend Micro Internet Security (20240307)"]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"","landingPage":"https://music-editor.net/vidmatevideoconverter/","directDownloadingLink":"https://music-editor.net/VidMateVideoConverter.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://music-editor.net/VidMateVideoConverter.exe","sourceIndex":"1489"}],"sampleFiles":["220801/VidMateVideoConverter-220729/8.8.0/Samples/VidMateVideoConverter.exe","220801/VidMateVideoConverter-220729/8.8.0/Samples/VidMateVideoConverter-setup.exe"],"imageFiles":["220801/VidMateVideoConverter-220729/8.8.0/Images/ACR-109/ACR-109_039_048-RK_setup.jpg","220801/VidMateVideoConverter-220729/8.8.0/Images/ACR-039/ACR-109_039_048-RK_setup.jpg","220801/VidMateVideoConverter-220729/8.8.0/Images/ACR-048/ACR-109_039_048-RK_setup.jpg","220801/VidMateVideoConverter-220729/8.8.0/Images/ACR-010/RelevantKnowledge.jpg","220801/VidMateVideoConverter-220729/8.8.0/Images/ACR-057/RelevantKnowledge.jpg","220801/VidMateVideoConverter-220729/8.8.0/Images/ACR-059/RelevantKnowledge.jpg","220801/VidMateVideoConverter-220729/8.8.0/Images/ACR-071/RelevantKnowledge.jpg","220801/VidMateVideoConverter-220729/8.8.0/Images/ACR-155/RelevantKnowledge.jpg"],"nonDeceptorImageFiles":["220801/VidMateVideoConverter-220729/8.8.0/Images/ACR-106/RelevantKnowledge.jpg","220801/VidMateVideoConverter-220729/8.8.0/Images/ACR-002/ACR-002_VidMateVideo.jpg"],"guid":"6260c083-3629-419a-aa5d-47141a2ec2f5_8.8.0_1","appID":"VidMateVideoConverter-220729","dateAdded":"240220","deceptorType":"App","name":"VidMate Video Converter","company":"MEFMedia","version":"8.8.0","lastKnownStatus":"8.8.0;8.8.3.0","lastKnownDate":"240220","type":"Windows Executable","category":"Media editors, SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"cross-sell other apps","lastUpdate":"2024-02-20T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":717},{"violations":{"ACR-109":"The app downloads \"rk_setup.exe\", a RelevantKnowledge file before disclosure and without the consumer's consent\n\n","ACR-042":"The app initiates network communications with 3rd party offer provider before obtaining user consent\n","ACR-010":"The app distributes deceptor application. The offer in this app, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control\n\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software\n","ACR-118":"Upon uninstallation, it retains some of its components on the device without the user's knowledge and consent\n","ACR-057":"The app bundles the \"Relevant Knowledge\" offer which does not allow the consumer to decline the offer\n\n","ACR-071":"It attempts to force the acceptance of \"Relevant Knowledge\" by graying out the Next button when the user choose to Decline. Thus, forcing the user to only accept the offer and proceed with the installation\n\n","ACR-059":"Offer not clearly marked as an offer. Instead, it is presented as a component of the carrier.\n\n","ACR-155":"Offers are designed to look like part of the install workflow\n\n"},"nonDeceptorViolations":{"ACR-106":"App offers deceptive application 'Relevant Knowledge market survey\n","ACR-092":"The installer and main executables are not digitally signed\n","ACR-123":"The app does not remove dropped root certificates even after uninstalling\n"},"samples":[{"isRevoked":"False","fileName":"VidMateVideoConverter.exe","isInstaller":"True","companyName":"MEFMedia Co. Ltd.                                          ","productName":"VidMate Video Converter                                     ","productVersion":"                    ","fileVersion":"                    ","hashMD5":"8c66d3eea8e032d0b7639190dbed7cf2","hashSHA1":"15848529dafb02be1237d628ac031387e9021d57","hashSHA256":"5b2871cd802f9a414c00b5724385600b2394ce04af2d511a9ca3a447aee9624f","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"730","avBlockList":["360 Total Security (20240725)","Avast Premium Security (20240725)","AVG Internet Security (20240725)","Avira Internet Security (20240725)","Bitdefender Internet Security (20240725)","COMODO Antivirus (20240725)","Dr.Web Security Space (20240725)","ESET Internet Security (20240725)","G DATA INTERNET SECURITY (20240725)","K7 Total Security (20240725)","Kaspersky Internet Security (20240725)","Malwarebytes Premium (20240725)","McAfee Total Protection (20240725)","Norton Security (20240725)","Panda Dome (20240725)","Sophos Home Premium (20240725)","SpyHunter5 (20240725)","Total AV Antivirus Pro (20240725)","Trend Micro Internet Security (20240725)","VIPRE Advanced Security (20240725)","VirIT eXplorer PRO (20240725)","Webroot SecureAnywhere (20240725)","FortectPremium (20240725)"],"avAllowList":["Quick Heal Internet Security (20240725)","Windows Defender (20240725)"]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"","landingPage":"https://music-editor.net/vidmatevideoconverter/","directDownloadingLink":"https://music-editor.net/VidMateVideoConverter.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://music-editor.net/VidMateVideoConverter.exe","sourceIndex":"730"}],"sampleFiles":["240220/VidMateVideoConverter-220729/8.8.3.0/Samples/VidMateVideoConverter.exe"],"imageFiles":["240220/VidMateVideoConverter-220729/8.8.3.0/Images/ACR-109/ACR-109_Install_1.png","240220/VidMateVideoConverter-220729/8.8.3.0/Images/ACR-042/ACR-042_Install_1.png","240220/VidMateVideoConverter-220729/8.8.3.0/Images/ACR-010/ACR-010_Install_1.png","240220/VidMateVideoConverter-220729/8.8.3.0/Images/ACR-013/ACR-013_Install_1.png","240220/VidMateVideoConverter-220729/8.8.3.0/Images/ACR-118/ACR-118_Uninstall_1.png","240220/VidMateVideoConverter-220729/8.8.3.0/Images/ACR-118/ACR-118_Uninstall_2.png","240220/VidMateVideoConverter-220729/8.8.3.0/Images/ACR-057/ACR-057_Bundler-made offers_1.png","240220/VidMateVideoConverter-220729/8.8.3.0/Images/ACR-059/ACR-059_Bundler-made offers_1.png","240220/VidMateVideoConverter-220729/8.8.3.0/Images/ACR-071/ACR-071_Bundler-made offers_1.png","240220/VidMateVideoConverter-220729/8.8.3.0/Images/ACR-155/ACR-155_Bundler-made offers_1.png","240220/VidMateVideoConverter-220729/8.8.3.0/Images/ACR-060/ACR-060_Bundler-made offers_1.png"],"nonDeceptorImageFiles":["240220/VidMateVideoConverter-220729/8.8.3.0/Images/ACR-106/ACR-106_Software_1.png","240220/VidMateVideoConverter-220729/8.8.3.0/Images/ACR-092/ACR-092_Software_1.png","240220/VidMateVideoConverter-220729/8.8.3.0/Images/ACR-092/ACR-092_Software_2.png","240220/VidMateVideoConverter-220729/8.8.3.0/Images/ACR-123/ACR-123_Uninstall_1.png"],"guid":"6260c083-3629-419a-aa5d-47141a2ec2f5_8.8.3.0_1","appID":"VidMateVideoConverter-220729","dateAdded":"240220","deceptorType":"App","name":"VidMate Video Converter","company":"MEFMedia","version":"8.8.3.0","lastKnownStatus":"8.8.0;8.8.3.0","lastKnownDate":"240220","type":"Windows Executable","category":"Media editors, SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"cross-sell other apps","lastUpdate":"2024-02-20T23:32:32.924948+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":716},{"violations":{"ACR-057":"The app needs to provide a clear way to accept and decline optional offers.\n","ACR-055":"Accept and decline for the optional offers must be obvious. Unchecking a preselected checkbox on the other offer is also not a straightforward option for decline.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"Andy_47.260_1096_26_x64.exe","isInstaller":"True","companyName":"Andy OS Inc.","fileVersion":"1.0","hashMD5":"00f93a78b4e447c8d80e588878b8d99e","hashSHA1":"ac1508d0de07079acc7a12fc45885456305766b2","hashSHA256":"270453aada7a064e133890794e84270599723b3bfa0121104abdad1a79a13b7b","digitalCertThumbprint":"39A4848ECEFD4F052A01F890AFD400C307AF7D77","digitalCertIssuer":"CN=Entrust Extended Validation Code Signing CA - EVCS2, O=\"Entrust, Inc.\", C=US","digitalCertIssuedTo":"CN=6785719 Canada Inc., SERIALNUMBER=1216537-6, OID.2.5.4.15=Private Organization, O=6785719 Canada Inc., OID.1.3.6.1.4.1.311.60.2.1.3=CA, L=Saint Laurent, S=Quebec, C=CA","sourceIndex":"732","avBlockList":["360 Total Security (20240725)","Avast Premium Security (20240725)","AVG Internet Security (20240725)","Avira Internet Security (20240725)","Bitdefender Internet Security (20240725)","COMODO Antivirus (20240725)","Dr.Web Security Space (20240725)","ESET Internet Security (20240725)","G DATA INTERNET SECURITY (20240725)","K7 Total Security (20240725)","Kaspersky Internet Security (20240725)","Malwarebytes Premium (20240725)","McAfee Total Protection (20240725)","Norton Security (20240725)","Panda Dome (20240725)","Quick Heal Internet Security (20240725)","Sophos Home Premium (20240725)","SpyHunter5 (20240725)","Total AV Antivirus Pro (20240725)","Trend Micro Internet Security (20240725)","VirIT eXplorer PRO (20240725)","Webroot SecureAnywhere (20240725)","Windows Defender (20240725)","FortectPremium (20240725)"],"avAllowList":["VIPRE Advanced Security (20240725)"]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"","landingPage":"https://www.andyroid.net/","directDownloadingLink":"https://sdl.adaware.com/?bundleid=AR001&savename=Andy_47.260_1096_26_x64.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://sdl.adaware.com/?bundleid=AR001&savename=Andy_47.260_1096_26_x64.exe","sourceIndex":"732"}],"sampleFiles":["240219/AndyOS-240219/1.0.0.0/Samples/Andy_47.260_1096_26_x64.exe"],"imageFiles":["240219/AndyOS-240219/1.0.0.0/Images/ACR-057/ACR-057_Bundler-made offers_1.png","240219/AndyOS-240219/1.0.0.0/Images/ACR-057/ACR-057_Bundler-made offers_2.png","240219/AndyOS-240219/1.0.0.0/Images/ACR-055/ACR-055_Install_1.png","240219/AndyOS-240219/1.0.0.0/Images/ACR-055/ACR-055_Install_2.png"],"nonDeceptorImageFiles":[],"guid":"ba181fba-758a-4a58-b98e-12cb011cd7d5_1.0.0.0_1","appID":"AndyOS-240219","dateAdded":"240219","deceptorType":"Bundler","name":"Andy OS","company":"Andy OS Inc.","version":"1.0.0.0","lastKnownStatus":"1.0.0.0","lastKnownDate":"240219","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 7,Windows 8","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","lastUpdate":"2024-02-19T21:31:29.8204447+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":720},{"violations":{"ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software.\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software.\n","ACR-057":"The app needs to provide a clear way to accept and decline optional offers. The offer requires the user to switch off the options one by one in order to decline the offer,.\n","ACR-055":"The Accept/Decline options are not made obvious to the consumer in the offers.\n","ACR-155":"Offers are designed to look like part of the install workflow.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"TrayTorrentSetup.exe","isInstaller":"True","companyName":"ITVA LLC","fileVersion":"3.0","hashMD5":"0ec73b21bf321ec84393a2240cd33c65","hashSHA1":"e6f346aab0cb18b58a143855c310eaf96397713d","hashSHA256":"ca659bc5b7eb618ce62f192cfa44737a483b243f2fcae8051133705933097766","digitalCertThumbprint":"6A0DACED63B0082C94BD17A0DA9F38F6D9C146BD","digitalCertIssuer":"CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"CN=ITVA LLC, O=ITVA LLC, STREET=\"Parhomenko pr., 27/2 lit. A, office 6-N\", L=Saint Petersburg, S=Saint Petersburg, C=RU, OID.1.3.6.1.4.1.311.60.2.1.2=Saint Petersburg, OID.1.3.6.1.4.1.311.60.2.1.3=RU, SERIALNUMBER=1107847001591, OID.2.5.4.15=Private Organization","sourceIndex":"738","avBlockList":["Avast Premium Security (20240725)","AVG Internet Security (20240725)","Avira Internet Security (20240725)","Dr.Web Security Space (20240725)","ESET Internet Security (20240725)","G DATA INTERNET SECURITY (20240725)","K7 Total Security (20240725)","Kaspersky Internet Security (20240725)","Malwarebytes Premium (20240725)","McAfee Total Protection (20240725)","Norton Security (20240725)","Panda Dome (20240725)","Quick Heal Internet Security (20240725)","Sophos Home Premium (20240725)","SpyHunter5 (20240725)","Total AV Antivirus Pro (20240725)","VirIT eXplorer PRO (20240725)","Webroot SecureAnywhere (20240725)","FortectPremium (20240725)"],"avAllowList":["360 Total Security (20240725)","Bitdefender Internet Security (20240725)","COMODO Antivirus (20240725)","Trend Micro Internet Security (20240725)","VIPRE Advanced Security (20240725)","Windows Defender (20240725)"]}],"additionalFiles":[],"sources":[{"howFound":"ramdom hunt","reference":"","landingPage":"https://traytorrent.ru/","directDownloadingLink":"http://traytorrent.ru/downloads/TrayTorrentSetup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://traytorrent.ru/downloads/TrayTorrentSetup.exe","sourceIndex":"738"}],"sampleFiles":["240207/TrayTorrent-240207/3.0.28.0/Samples/TrayTorrentSetup.exe"],"imageFiles":["240207/TrayTorrent-240207/3.0.28.0/Images/ACR-013/ACR-013_Install_1.png","240207/TrayTorrent-240207/3.0.28.0/Images/ACR-055/ACR-055_Install_1.png","240207/TrayTorrent-240207/3.0.28.0/Images/ACR-057/ACR-057_Bundler-made offers_1.png","240207/TrayTorrent-240207/3.0.28.0/Images/ACR-060/ACR-060_Bundler-made offers_1.png","240207/TrayTorrent-240207/3.0.28.0/Images/ACR-155/ACR-155_Bundler-made offers_1.png"],"nonDeceptorImageFiles":[],"guid":"f45de030-a2d2-40a0-945f-9c1351d3c04d_3.0.28.0_1","appID":"TrayTorrent-240207","dateAdded":"240207","deceptorType":"App","name":"Tray Torrent","company":"ITVA LLC","version":"3.0.28.0","lastKnownStatus":"3.0.28.0","lastKnownDate":"240207","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"cross-sell other apps,sold in bundle","lastUpdate":"2024-02-07T18:07:26.2166194+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":721},{"violations":{"ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software.\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software.\n","ACR-057":"The app needs to provide a clear way to accept and decline optional offers.\n","ACR-055":"Accept and decline for the optional offers must be obvious. Unchecking a preselected checkbox on the other offer is also not a straightforward option for decline.\n","ACR-059":"An offer that is not related to the main app should be clearly marked as \"Optional Offer\".\n","ACR-155":"Offers are designed to look like part of the install workflow.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"AzSetup.exe","isInstaller":"True","companyName":"AzTorrent Ltd.","fileVersion":"0.9","hashMD5":"fbf7b9f3882b5b2a9fe4db77254bdf18","hashSHA1":"0ecc29241b4e5414876598bc13f496366d9c6992","hashSHA256":"c6446cb64763e9ee0a32f5b2b3fba8976711642457cd8a45bb3c9c062e729461","digitalCertThumbprint":"9C1DFB73A73C251EBD6B345D83790E1CF6E8E0EA","digitalCertIssuer":"CN=thawte SHA256 Code Signing CA - G2, O=\"thawte, Inc.\", C=US","digitalCertIssuedTo":"CN=AzTorrent ltd, O=AzTorrent ltd, L=Saint Petersburg, C=RU","sourceIndex":"841","avBlockList":["360 Total Security (20240725)","Avast Premium Security (20240725)","AVG Internet Security (20240725)","Avira Internet Security (20240725)","Dr.Web Security Space (20240725)","ESET Internet Security (20240725)","K7 Total Security (20240725)","Kaspersky Internet Security (20240725)","Malwarebytes Premium (20240725)","McAfee Total Protection (20240725)","Norton Security (20240725)","Panda Dome (20240725)","Quick Heal Internet Security (20240725)","Sophos Home Premium (20240725)","SpyHunter5 (20240725)","Total AV Antivirus Pro (20240725)","VirIT eXplorer PRO (20240725)","Webroot SecureAnywhere (20240725)","Windows Defender (20240725)","FortectPremium (20240725)"],"avAllowList":["Bitdefender Internet Security (20240725)","COMODO Antivirus (20240725)","G DATA INTERNET SECURITY (20240725)","Trend Micro Internet Security (20240725)","VIPRE Advanced Security (20240725)"]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"","landingPage":"https://aztorrent.ru","directDownloadingLink":"https://dl2.aztorrent.ru/AzSetup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://dl2.aztorrent.ru/AzSetup.exe","sourceIndex":"841"}],"sampleFiles":["231025/AzTorrent-231025/0.9.5.28/Samples/AzSetup.exe"],"imageFiles":["231025/AzTorrent-231025/0.9.5.28/Images/ACR-055/Recommended Software.jpg","231025/AzTorrent-231025/0.9.5.28/Images/ACR-013/Recommended Software.jpg","231025/AzTorrent-231025/0.9.5.28/Images/ACR-057/Recommended Software.jpg","231025/AzTorrent-231025/0.9.5.28/Images/ACR-059/Recommended Software.jpg","231025/AzTorrent-231025/0.9.5.28/Images/ACR-060/Recommended Software.jpg","231025/AzTorrent-231025/0.9.5.28/Images/ACR-155/Recommended Software.jpg"],"nonDeceptorImageFiles":[],"guid":"cdcd096e-437d-45ae-8fa8-fd94d9cbae0d_0.9.5.28_1","appID":"AzTorrent-231025","dateAdded":"240207","deceptorType":"App","name":"AzTorrent","company":"AzTorrent Ltd.","version":"0.9.5.28","lastKnownStatus":"0.9.5.28","lastKnownDate":"240207","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"sold in bundle","lastUpdate":"2024-02-07T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":723},{"violations":{"ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software.\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software.\n","ACR-057":"The app needs to provide a clear way to accept and decline optional offers.\n","ACR-055":"Accept and decline for the optional offers must be obvious. Unchecking a preselected checkbox on the other offer is also not a straightforward option for decline.\n","ACR-059":"An offer that is not related to the main app should be clearly marked as \"Optional Offer\".\n","ACR-155":"Offers are designed to look like part of the install workflow.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"AzSetup.exe","isInstaller":"True","companyName":"Az Software LLC","fileVersion":"0.9","hashMD5":"65e758371312c1b0f196d71258c5ccc3","hashSHA1":"f5b58a0953d323a7e25c0aa213ba522afb568f5e","hashSHA256":"d311509ef08c9eb1b0505bef41b4ec206b82beb5ee756f680cf4b0bcfab10189","digitalCertThumbprint":"EAFDE6BF7708205C93102B175E23ECBCD4C9DB3E","digitalCertIssuer":"CN=GlobalSign GCC R45 CodeSigning CA 2020, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"E=info@aztorrent.ru, CN=AZ SOFTWARE LLC, O=AZ SOFTWARE LLC, L=Nizhny Novgorod, S=Nizhegorodskaya oblast, C=RU","sourceIndex":"739","avBlockList":["Avast Premium Security (20240227)","AVG Internet Security (20240227)","Avira Internet Security (20240227)","COMODO Antivirus (20240227)","ESET Internet Security (20240227)","Kaspersky Internet Security (20240227)","Malwarebytes Premium (20240227)","McAfee Total Protection (20240227)","Norton Security (20240227)","Panda Dome (20240227)","Quick Heal Internet Security (20240227)","Sophos Home Premium (20240227)","SpyHunter5 (20240227)","Total AV Antivirus Pro (20240227)","VirIT eXplorer PRO (20240227)","Webroot SecureAnywhere (20240227)"],"avAllowList":["360 Total Security (20240227)","Bitdefender Internet Security (20240227)","Dr.Web Security Space (20240227)","G DATA INTERNET SECURITY (20240227)","K7 Total Security (20240227)","Trend Micro Internet Security (20240227)","VIPRE Advanced Security (20240227)","Windows Defender (20240227)"]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"","landingPage":"https://aztorrent.ru","directDownloadingLink":"https://dl.aztorrent.ru/AzSetup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://dl.aztorrent.ru/AzSetup.exe","sourceIndex":"739"}],"sampleFiles":["240207/AzTorrent-231025/0.9.5.28_new/Samples/AzSetup.exe"],"imageFiles":["240207/AzTorrent-231025/0.9.5.28_new/Images/ACR-055/ACR-055_Install_1.png","240207/AzTorrent-231025/0.9.5.28_new/Images/ACR-013/ACR-013_Install_1.png","240207/AzTorrent-231025/0.9.5.28_new/Images/ACR-057/ACR-057_Bundler-made offers_1.png","240207/AzTorrent-231025/0.9.5.28_new/Images/ACR-059/ACR-059_Bundler-made offers_1.png","240207/AzTorrent-231025/0.9.5.28_new/Images/ACR-060/ACR-060_Bundler-made offers_1.png","240207/AzTorrent-231025/0.9.5.28_new/Images/ACR-155/ACR-155_Bundler-made offers_1.png"],"nonDeceptorImageFiles":[],"guid":"cdcd096e-437d-45ae-8fa8-fd94d9cbae0d_0.9.5.28_new_1","appID":"AzTorrent-231025","dateAdded":"240207","deceptorType":"App","name":"AzTorrent","company":"AzTorrent Ltd.","version":"0.9.5.28_new","lastKnownStatus":"0.9.5.28","lastKnownDate":"240207","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"sold in bundle","lastUpdate":"2024-02-07T18:05:01.9609063+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":722},{"violations":{"ACR-013":"During installation, the user is interrupted by non-consented offer to silently install unrelated software.\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software.\n","ACR-053":"App doesn’t allow the consumer to skip all offers at once.\n","ACR-055":"The Accept/Decline options are not made obvious to the consumer in the offers.\n","ACR-059":"The offers are not clearly marked as an offer and they are also not marked as optional.\n","ACR-155":"Offers are designed to look like part of the install workflow.\n"},"nonDeceptorViolations":{"ACR-040":"The app drops all its components in the hidden path \"C:\\Users\\User\\AppData\\Local\\Programs\\Steam\".\n","ACR-065":"The install does not display link for the app's EULA and/or Terms of Service and Privacy Policy information.\n"},"samples":[{"isRevoked":"False","fileName":"steam_Soft_app.exe","isInstaller":"True","companyName":"Stеаm                                                       ","fileVersion":"19.43","hashMD5":"ab51591f0dce7c915e50a896e04aab9e","hashSHA1":"fbcf9e95a63d04b889b4e5ccd91f9870de465713","hashSHA256":"8ffc2c083fa86875f1597e8c99da42802e4d64d4de6bb8f2cb977864e66b3d5b","digitalCertThumbprint":"06E3FE86E3984806973D6CC74073374E86CD5DC5","digitalCertIssuer":"CN=SSL.com Code Signing Intermediate CA RSA R1, O=SSL Corp, L=Houston, S=Texas, C=US","digitalCertIssuedTo":"CN=RADOVAS UK LIMITED, O=RADOVAS UK LIMITED, L=Yeovil, C=GB","sourceIndex":"742","avBlockList":["360 Total Security (20240227)","Avast Premium Security (20240227)","AVG Internet Security (20240227)","Avira Internet Security (20240227)","Dr.Web Security Space (20240227)","ESET Internet Security (20240227)","G DATA INTERNET SECURITY (20240227)","K7 Total Security (20240227)","Kaspersky Internet Security (20240227)","Malwarebytes Premium (20240227)","Norton Security (20240227)","Panda Dome (20240227)","Quick Heal Internet Security (20240227)","Sophos Home Premium (20240227)","SpyHunter5 (20240227)","Total AV Antivirus Pro (20240227)","VirIT eXplorer PRO (20240227)","Webroot SecureAnywhere (20240227)","Windows Defender (20240227)"],"avAllowList":["Bitdefender Internet Security (20240227)","COMODO Antivirus (20240227)","McAfee Total Protection (20240227)","Trend Micro Internet Security (20240227)","VIPRE Advanced Security (20240227)"]},{"isRevoked":"False","fileName":"UnoSetup.exe","isInstaller":"True","companyName":"UnоSetup                                                    ","fileVersion":"0.0","hashMD5":"7a740d1d3e79283717188323b40c4cab","hashSHA1":"bb8b440374d52ae92259ce66d22f70750e372292","hashSHA256":"17627c6e28f68143338d5b06b6d987bb3a75ed8b615d0875a0fa936322c8b401","digitalCertThumbprint":"1D29A8B6E20CDE0422CD41857C2B365E7D9EAAE0","digitalCertIssuer":"CN=GlobalSign GCC R45 CodeSigning CA 2020, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"CN=IP Mind Collaboration, O=IP Mind Collaboration, L=Temirtau, S=Karaganda Region, C=KZ","sourceIndex":"742","avBlockList":["Avira Internet Security (20240227)","Dr.Web Security Space (20240227)","ESET Internet Security (20240227)","G DATA INTERNET SECURITY (20240227)","Kaspersky Internet Security (20240227)","Malwarebytes Premium (20240227)","Norton Security (20240227)","Panda Dome (20240227)","Quick Heal Internet Security (20240227)","Sophos Home Premium (20240227)","SpyHunter5 (20240227)","VirIT eXplorer PRO (20240227)","Webroot SecureAnywhere (20240227)","Total AV Antivirus Pro (20240227)"],"avAllowList":["360 Total Security (20240227)","Avast Premium Security (20240227)","AVG Internet Security (20240227)","Bitdefender Internet Security (20240227)","COMODO Antivirus (20240227)","K7 Total Security (20240227)","McAfee Total Protection (20240227)","Trend Micro Internet Security (20240227)","VIPRE Advanced Security (20240227)","Windows Defender (20240227)"]}],"additionalFiles":[],"sources":[{"howFound":"Deceptor report","reference":"","landingPage":"https://steam.goodlifesoft.com/","directDownloadingLink":"https://steam.goodlifesoft.com/down/steam_Soft_app.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://steam.goodlifesoft.com/down/steam_Soft_app.exe","sourceIndex":"742"}],"sampleFiles":["240205/SteamGoodlifesoft-240131/19.43.59.0/Samples/steam_Soft_app.exe","240205/SteamGoodlifesoft-240131/19.43.59.0/Samples/UnoSetup.exe"],"imageFiles":["240205/SteamGoodlifesoft-240131/19.43.59.0/Images/ACR-053/ACR-053_Install_1.png","240205/SteamGoodlifesoft-240131/19.43.59.0/Images/ACR-053/ACR-053_Install_2.png","240205/SteamGoodlifesoft-240131/19.43.59.0/Images/ACR-053/ACR-053_Install_3.png","240205/SteamGoodlifesoft-240131/19.43.59.0/Images/ACR-055/ACR-055_Install_1.png","240205/SteamGoodlifesoft-240131/19.43.59.0/Images/ACR-055/ACR-055_Install_2.png","240205/SteamGoodlifesoft-240131/19.43.59.0/Images/ACR-055/ACR-055_Install_3.png","240205/SteamGoodlifesoft-240131/19.43.59.0/Images/ACR-013/ACR-013_Install_1.png","240205/SteamGoodlifesoft-240131/19.43.59.0/Images/ACR-013/ACR-013_Install_2.png","240205/SteamGoodlifesoft-240131/19.43.59.0/Images/ACR-013/ACR-013_Install_3.png","240205/SteamGoodlifesoft-240131/19.43.59.0/Images/ACR-059/ACR-059_Bundler-made offers_1.png","240205/SteamGoodlifesoft-240131/19.43.59.0/Images/ACR-059/ACR-059_Bundler-made offers_2.png","240205/SteamGoodlifesoft-240131/19.43.59.0/Images/ACR-059/ACR-059_Bundler-made offers_3.png","240205/SteamGoodlifesoft-240131/19.43.59.0/Images/ACR-060/ACR-060_Bundler-made offers_1.png","240205/SteamGoodlifesoft-240131/19.43.59.0/Images/ACR-060/ACR-060_Bundler-made offers_2.png","240205/SteamGoodlifesoft-240131/19.43.59.0/Images/ACR-060/ACR-060_Bundler-made offers_3.png","240205/SteamGoodlifesoft-240131/19.43.59.0/Images/ACR-155/ACR-155_Bundler-made offers_1.png","240205/SteamGoodlifesoft-240131/19.43.59.0/Images/ACR-155/ACR-155_Bundler-made offers_2.png","240205/SteamGoodlifesoft-240131/19.43.59.0/Images/ACR-155/ACR-155_Bundler-made offers_3.png"],"nonDeceptorImageFiles":["240205/SteamGoodlifesoft-240131/19.43.59.0/Images/ACR-040/ACR-040_Install_1.png","240205/SteamGoodlifesoft-240131/19.43.59.0/Images/ACR-040/ACR-040_Install_2.png","240205/SteamGoodlifesoft-240131/19.43.59.0/Images/ACR-065/ACR-065_Install_1.png"],"guid":"d5f8614f-f429-485b-9ab7-3dadeb42c8ef_19.43.59.0_1","appID":"SteamGoodlifesoft-240131","dateAdded":"240205","deceptorType":"Bundler","name":"SteamGoodlifesoft","company":"RADOVAS UK LIMITED","version":"19.43.59.0","lastKnownStatus":"19.43.59.0","lastKnownDate":"240205","type":"Windows Executable","lastUpdate":"2024-02-05T21:50:54.8074814+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":724},{"violations":{"ACR-107":"Installing WhatsApp without proper authorization from WhatsApp \n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software.\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software.\n","ACR-053":"App bundles more than two offers,  with no skip offers option.\n","ACR-155":"Offers are designed to look like part of the install workflow.\n"},"nonDeceptorViolations":{"ACR-040":"The app installs files in a hidden folder by default.\n"},"samples":[{"isRevoked":"False","fileName":"whatsapp_Soft_app.exe","isInstaller":"True","companyName":"Whatsapр                                                    ","fileVersion":"19.45","hashMD5":"bf3589eaa971f80e00a04855b552cd74","hashSHA1":"7dbd072ad9310b9af9519c8c7b1af3424e512205","hashSHA256":"2d2739bcdeb0e71875ffc0285d636f0acdf4810be68759b2ebf768877b933e13","digitalCertThumbprint":"06E3FE86E3984806973D6CC74073374E86CD5DC5","digitalCertIssuer":"CN=SSL.com Code Signing Intermediate CA RSA R1, O=SSL Corp, L=Houston, S=Texas, C=US","digitalCertIssuedTo":"CN=RADOVAS UK LIMITED, O=RADOVAS UK LIMITED, L=Yeovil, C=GB","sourceIndex":"743","avBlockList":["360 Total Security (20240227)","Avast Premium Security (20240227)","AVG Internet Security (20240227)","Avira Internet Security (20240227)","Dr.Web Security Space (20240227)","ESET Internet Security (20240227)","G DATA INTERNET SECURITY (20240227)","K7 Total Security (20240227)","Kaspersky Internet Security (20240227)","Malwarebytes Premium (20240227)","McAfee Total Protection (20240227)","Norton Security (20240227)","Panda Dome (20240227)","Quick Heal Internet Security (20240227)","Sophos Home Premium (20240227)","SpyHunter5 (20240227)","Total AV Antivirus Pro (20240227)","VirIT eXplorer PRO (20240227)","Webroot SecureAnywhere (20240227)"],"avAllowList":["Bitdefender Internet Security (20240227)","COMODO Antivirus (20240227)","Trend Micro Internet Security (20240227)","VIPRE Advanced Security (20240227)","Windows Defender (20240227)"]}],"additionalFiles":[],"sources":[{"howFound":"Deceptor report","reference":"","landingPage":"https://whatsapp.softsweet.net/","directDownloadingLink":"https://whatsapp.softsweet.net/down/whatsapp_Soft_app.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://whatsapp.softsweet.net/down/whatsapp_Soft_app.exe","sourceIndex":"743"}],"sampleFiles":["240202/WhatsAppSoftsweet-240130/19.45.0.0/Samples/whatsapp_Soft_app.exe"],"imageFiles":["240202/WhatsAppSoftsweet-240130/19.45.0.0/Images/ACR-053/ACR-053_Install_1.png","240202/WhatsAppSoftsweet-240130/19.45.0.0/Images/ACR-053/ACR-053_Install_2.png","240202/WhatsAppSoftsweet-240130/19.45.0.0/Images/ACR-013/ACR-013_Install_1.png","240202/WhatsAppSoftsweet-240130/19.45.0.0/Images/ACR-013/ACR-013_Install_2.png","240202/WhatsAppSoftsweet-240130/19.45.0.0/Images/ACR-060/ACR-060_Bundler-made offers_1.png","240202/WhatsAppSoftsweet-240130/19.45.0.0/Images/ACR-060/ACR-060_Bundler-made offers_2.png","240202/WhatsAppSoftsweet-240130/19.45.0.0/Images/ACR-155/ACR-155_Bundler-made offers_1.png","240202/WhatsAppSoftsweet-240130/19.45.0.0/Images/ACR-155/ACR-155_Bundler-made offers_2.png"],"nonDeceptorImageFiles":["240202/WhatsAppSoftsweet-240130/19.45.0.0/Images/ACR-040/ACR-040_Install_1.png"],"guid":"7608b712-49a4-49df-8ea3-2706cc5b8469_19.45.0.0_1","appID":"WhatsAppSoftsweet-240130","dateAdded":"240202","deceptorType":"Bundler","name":"WhatsAppSoftsweet","company":"RADOVAS UK LIMITED","version":"19.45.0.0","lastKnownStatus":"19.45.0.0","lastKnownDate":"240202","type":"Windows Executable","category":"Productivity","targetOS":"Windows XP,Windows 8,Windows 7,Windows 10,Windows Server","targetBrowser":"None","ageAppropriate":"12+ appropriate","monetization":"cross-sell other apps,sold in bundle","lastUpdate":"2024-02-03T04:22:39.1522476+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":725},{"violations":{"ACR-013":"During installation, the user is interrupted by non-consented offer to silently install unrelated software.\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software.\n","ACR-053":"App doesn’t allow the consumer to skip all offers at once\n","ACR-055":"The Accept/Decline options are not made obvious to the consumer in the offers.\n","ACR-059":"The offers are not clearly marked as an offer and they are also not marked as optional.\n","ACR-155":"Offers are designed to look like part of the install workflow.\n"},"nonDeceptorViolations":{"ACR-040":"The app drops all its components in the hidden path \"C:\\Users\\User\\AppData\\Local\\Programs\\gLauncher\".\n","ACR-065":"The install does not display link for the app's EULA and/or Terms of Service and Privacy Policy information. \n"},"samples":[{"isRevoked":"False","fileName":"Gtalauncher_Game.exe","isInstaller":"True","companyName":"gLauncher                                                   ","fileVersion":"18.1","hashMD5":"1cabe38c83f8f5c395e56278ca76b14a","hashSHA1":"699aa0cc9a50849f718217d6e61e98267e36496a","hashSHA256":"34221b37084598e8bc4c5008d00356e409bb14f0886342b2ffddf00e1e95e7dc","digitalCertThumbprint":"6EADEBCDCDE09FAA616FC0E3223AC68F767BB396","digitalCertIssuer":"CN=SSL.com Code Signing Intermediate CA RSA R1, O=SSL Corp, L=Houston, S=Texas, C=US","digitalCertIssuedTo":"CN=Smartweights Limited, O=Smartweights Limited, L=Loughborough, C=GB","sourceIndex":"744","avBlockList":["Avast Premium Security (20240227)","AVG Internet Security (20240227)","Avira Internet Security (20240227)","Dr.Web Security Space (20240227)","ESET Internet Security (20240227)","K7 Total Security (20240227)","Kaspersky Internet Security (20240227)","Malwarebytes Premium (20240227)","Norton Security (20240227)","Panda Dome (20240227)","Quick Heal Internet Security (20240227)","Sophos Home Premium (20240227)","SpyHunter5 (20240227)","Total AV Antivirus Pro (20240227)","Trend Micro Internet Security (20240227)","VirIT eXplorer PRO (20240227)","Webroot SecureAnywhere (20240227)"],"avAllowList":["360 Total Security (20240227)","Bitdefender Internet Security (20240227)","COMODO Antivirus (20240227)","G DATA INTERNET SECURITY (20240227)","McAfee Total Protection (20240227)","VIPRE Advanced Security (20240227)","Windows Defender (20240227)"]}],"additionalFiles":[],"sources":[{"howFound":"Deceptor report","reference":"","landingPage":"https://gta.gamezone-inc.com/","directDownloadingLink":"https://gta.gamezone-inc.com/down/Gtalauncher_Game.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://gta.gamezone-inc.com/down/Gtalauncher_Game.exe","sourceIndex":"744"}],"sampleFiles":["240202/GtaGameZone-240130/18.1.34.0/Samples/Gtalauncher_Game.exe"],"imageFiles":["240202/GtaGameZone-240130/18.1.34.0/Images/ACR-053/ACR-053_Install_1.png","240202/GtaGameZone-240130/18.1.34.0/Images/ACR-053/ACR-053_Install_2.png","240202/GtaGameZone-240130/18.1.34.0/Images/ACR-053/ACR-053_Install_3.png","240202/GtaGameZone-240130/18.1.34.0/Images/ACR-055/ACR-055_Install_1.png","240202/GtaGameZone-240130/18.1.34.0/Images/ACR-055/ACR-055_Install_2.png","240202/GtaGameZone-240130/18.1.34.0/Images/ACR-055/ACR-055_Install_3.png","240202/GtaGameZone-240130/18.1.34.0/Images/ACR-013/ACR-013_Install_1.png","240202/GtaGameZone-240130/18.1.34.0/Images/ACR-013/ACR-013_Install_2.png","240202/GtaGameZone-240130/18.1.34.0/Images/ACR-013/ACR-013_Install_3.png","240202/GtaGameZone-240130/18.1.34.0/Images/ACR-059/ACR-059_Bundler-made offers_1.png","240202/GtaGameZone-240130/18.1.34.0/Images/ACR-059/ACR-059_Bundler-made offers_2.png","240202/GtaGameZone-240130/18.1.34.0/Images/ACR-059/ACR-059_Bundler-made offers_3.png","240202/GtaGameZone-240130/18.1.34.0/Images/ACR-060/ACR-060_Bundler-made offers_1.png","240202/GtaGameZone-240130/18.1.34.0/Images/ACR-060/ACR-060_Bundler-made offers_2.png","240202/GtaGameZone-240130/18.1.34.0/Images/ACR-060/ACR-060_Bundler-made offers_3.png","240202/GtaGameZone-240130/18.1.34.0/Images/ACR-155/ACR-155_Bundler-made offers_1.png","240202/GtaGameZone-240130/18.1.34.0/Images/ACR-155/ACR-155_Bundler-made offers_2.png","240202/GtaGameZone-240130/18.1.34.0/Images/ACR-155/ACR-155_Bundler-made offers_3.png"],"nonDeceptorImageFiles":["240202/GtaGameZone-240130/18.1.34.0/Images/ACR-040/ACR-040_Install_1.png","240202/GtaGameZone-240130/18.1.34.0/Images/ACR-040/ACR-040_Install_2.png","240202/GtaGameZone-240130/18.1.34.0/Images/ACR-065/ACR-065_Install_1.png"],"guid":"5ff57561-2630-4c04-946e-3b90b1d79323_18.1.34.0_1","appID":"GtaGameZone-240130","dateAdded":"240202","deceptorType":"Bundler","name":"GtaGameZone","company":"Smartweights Limited","version":"18.1.34.0","lastKnownStatus":"18.1.34.0","lastKnownDate":"240202","type":"Windows Executable","lastUpdate":"2024-02-03T01:28:03.0205721+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":726},{"violations":{"ACR-003":"The app exaggerates system issues and raises urgency for the identified issues with \"Orange\" color bar or \"Red\" font, thereby misleading or scaring the consumer to take action. It also uses traffic light colors and gauges.\n","ACR-004":"App does not provide free fixes for the scan results that can't be permanently fixed. It uses issues identified during free scanning to upsell user the fix, requiring user to purchase subscription service to fix all results identified during free scan. The app uses traffic light colors and gauges to raise an exaggerated sense of urgency for the consumer.\n","ACR-084":"The application does not provide a way to disable the auto-launch of the app.\n","ACR-014":"App claims non-critical items like languages, caches, and logs have alarmingly \"high\" improvement potential.\n"},"nonDeceptorViolations":{"ACR-065":"The install wizard does not display link for the Returns and Cancellation Policy, Privacy Policy information.\nThe app does not display link for the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy information.\nThe landing page does not display link for the EULA and/or Terms of Service and Privacy Policy information.\nThe internal offer page does not display link for the EULA and/or Terms of Service, and Privacy Policy information.\n","ACR-161":"The landing page has testimonials that have no links back to a source so consumers can verify if they're real.\n","ACR-088":"The application beings a scan immediately after installation without user consent.\n","ACR-099":"The app has no link or information that shows how it can be uninstalled. \n"},"samples":[{"isRevoked":"False","fileName":"Macfaster%20Pro","fileVersion":"0.","hashMD5":"7bf36a5240813360f96c7128b6eaf7d5","hashSHA1":"8ea5702d372b7296558bf3440a109f8ea0e76954","hashSHA256":"3eb0604ff6fa18868f284b92a5226166275da1a7df34db324e9c98c8503ef6bf","sourceIndex":"745","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"Mfp_default.pkg","isInstaller":"True","fileVersion":"0.","hashMD5":"c3297aff93a2af0fe5edb88584c2211d","hashSHA1":"8dc031af44a2763fc194cb107099d32b66f17289","hashSHA256":"69a2250d5d2a35fd1c5211875acbdb5e78f7a6636340cd35ed70177d38b698a0","sourceIndex":"745","avBlockList":["Avast Security for Mac (20240709)","Avira Security for Mac (20240709)","Bitdefender Antivirus for Mac (20240709)","ESET Cyber Security Pro for Mac (20240709)","G DATA AntiVirus for Mac (20240709)","Kaspersky Internet Security for Mac (20240709)","Norton Security for Mac (20240709)","Sophos Home Premium For Mac (20240709)","SpyHunterforMac (20240709)","Trend Micro Antivirus for Mac (20240709)"],"avAllowList":["K7 Antivirus for Mac (20240709)","McAfee Internet Security for Mac (20240709)"]}],"additionalFiles":[],"sources":[{"howFound":"Google Search: Mac OS Optimizer App","reference":"https://www.macfasterpro.com","landingPage":"https://www.macfasterpro.com","directDownloadingLink":"https://www.macfasterpro.com/download/Mfp_default.pkg","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.macfasterpro.com/download/Mfp_default.pkg","sourceIndex":"745"}],"sampleFiles":["240201/MacfasterPro-201214/3.1/Samples/Macfaster%20Pro","240201/MacfasterPro-201214/3.1/Samples/Mfp_default.pkg"],"imageFiles":["240201/MacfasterPro-201214/3.1/Images/ACR-004/Application1.png","240201/MacfasterPro-201214/3.1/Images/ACR-004/application3.png","240201/MacfasterPro-201214/3.1/Images/ACR-084/084_.png","240201/MacfasterPro-201214/3.1/Images/ACR-084/084.png","240201/MacfasterPro-201214/3.1/Images/ACR-003/Application1.png","240201/MacfasterPro-201214/3.1/Images/ACR-003/application2.png","240201/MacfasterPro-201214/3.1/Images/ACR-003/application3.png","240201/MacfasterPro-201214/3.1/Images/ACR-014/Application1.png","240201/MacfasterPro-201214/3.1/Images/ACR-014/application2.png","240201/MacfasterPro-201214/3.1/Images/ACR-014/application3.png"],"nonDeceptorImageFiles":["240201/MacfasterPro-201214/3.1/Images/ACR-065/install1.png","240201/MacfasterPro-201214/3.1/Images/ACR-065/install2.png","240201/MacfasterPro-201214/3.1/Images/ACR-088/Application1.png","240201/MacfasterPro-201214/3.1/Images/ACR-065/About.png","240201/MacfasterPro-201214/3.1/Images/ACR-099/About.png","240201/MacfasterPro-201214/3.1/Images/ACR-065/LandingPage.png","240201/MacfasterPro-201214/3.1/Images/ACR-161/LandingPage2.png","240201/MacfasterPro-201214/3.1/Images/ACR-065/OfferPage.png"],"guid":"6bfd1082-bef7-474b-ae54-456a65bd1bac_3.1_1","appID":"MacfasterPro-201214","dateAdded":"240201","deceptorType":"MacOS App","name":"MacFaster Pro ","company":"Macfaster Pro","version":"3.1","lastKnownStatus":"1.2;1.3;2.1;3.1","lastKnownDate":"240201","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,paid","lastUpdate":"2026-05-12T22:59:57.57993+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":4,"sortOrder":727},{"violations":{"ACR-003":"The app exaggerates system issues and raises urgency for the identified issues with \"Orange\" color bar or \"Red\" font, thereby misleading or scaring the consumer to take action. It also uses traffic light colors and gauges.\n","ACR-004":"App does not provide free fixes for the scan results that can't be permanently fixed. It uses issues identified during free scanning to upsell user the fix, requiring user to purchase subscription service to fix all results identified during free scan. The app uses traffic light colors and gauges to raise an exaggerated sense of urgency for the consumer.\n","ACR-084":"The application does not provide a way to disable the auto-launch of the app.\n","ACR-014":"App claims non-critical items like languages, caches, and logs have alarmingly \"high\" improvement potential.\n"},"nonDeceptorViolations":{"ACR-065":"The install wizard does not display link for the Returns and Cancellation Policy, Privacy Policy information.\nThe app does not display link for the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy information.\nThe landing page does not display link for the EULA and/or Terms of Service and Privacy Policy information.\nThe internal offer page does not display link for the EULA and/or Terms of Service, and Privacy Policy information.\n","ACR-161":"The landing page has testimonials that have no links back to a source so consumers can verify if they're real.\n","ACR-088":"The application beings a scan immediately after installation without user consent.\n","ACR-099":"The app has no link or information that shows how it can be uninstalled. \n"},"samples":[{"isRevoked":"False","fileName":"Macfaster Pro","fileVersion":"0.","hashMD5":"","hashSHA1":"","hashSHA256":"93f09233fb50ba4589f2600cd004236fd3866cfe64ad45e34d42bb121c76d8b7","sourceIndex":"1891","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"Macfasterpro.pkg","isInstaller":"True","fileVersion":"0.","hashMD5":"","hashSHA1":"","hashSHA256":"e4a3ce21e3f8e097b06f0f0a007410096303f8b0f8654a8aaad06de2dc78f503","sourceIndex":"1891","avBlockList":["Avast Security for Mac (20211109)","Avira Security for Mac (20211109)","Bitdefender Antivirus for Mac (20211109)","ESET Cyber Security Pro for Mac (20211109)","G DATA AntiVirus for Mac (20211109)","McAfee Internet Security for Mac (20211109)","Norton Security for Mac (20211109)","Sophos Home Premium For Mac (20211109)","Trend Micro Antivirus for Mac (20211109)"],"avAllowList":["K7 Antivirus for Mac (20211109)","Kaspersky Internet Security for Mac (20211109)"]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"https://www.macfasterpro.com","landingPage":"https://www.macfasterpro.com","directDownloadingLink":"https://www.macfasterpro.com/download/Macfasterpro.pkg","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.macfasterpro.com/download/Macfasterpro.pkg","sourceIndex":"1891"}],"sampleFiles":["210614/MacfasterPro-201214/2.1/Samples/Macfaster Pro","210614/MacfasterPro-201214/2.1/Samples/Macfasterpro.pkg"],"imageFiles":["210614/MacfasterPro-201214/2.1/Images/ACR-004/Macfaster Pro_Interactions [1].png","210614/MacfasterPro-201214/2.1/Images/ACR-004/Macfaster Pro_Interactions [2].png","210614/MacfasterPro-201214/2.1/Images/ACR-004/Macfaster Pro_Interactions [3].png","210614/MacfasterPro-201214/2.1/Images/ACR-084/Macfaster Pro_AutoLaunch [1].png","210614/MacfasterPro-201214/2.1/Images/ACR-084/Macfaster Pro_Interactions [4].png","210614/MacfasterPro-201214/2.1/Images/ACR-003/Macfaster Pro_Interactions [1].png","210614/MacfasterPro-201214/2.1/Images/ACR-003/Macfaster Pro_Interactions [3].png","210614/MacfasterPro-201214/2.1/Images/ACR-014/Macfaster Pro_Interactions [1].png","210614/MacfasterPro-201214/2.1/Images/ACR-014/Macfaster Pro_Interactions [3].png"],"nonDeceptorImageFiles":["210614/MacfasterPro-201214/2.1/Images/ACR-065/Macfaster Pro_Install [1].png","210614/MacfasterPro-201214/2.1/Images/ACR-065/Macfaster Pro_Install [2].png","210614/MacfasterPro-201214/2.1/Images/ACR-065/Macfaster Pro_Install [7].png","210614/MacfasterPro-201214/2.1/Images/ACR-088/Macfaster Pro_Scanning [1].gif","210614/MacfasterPro-201214/2.1/Images/ACR-065/Macfaster Pro_About [1].png","210614/MacfasterPro-201214/2.1/Images/ACR-099/Macfaster Pro_About [1].png","210614/MacfasterPro-201214/2.1/Images/ACR-065/Macfaster Pro_LandingPage [1].png","210614/MacfasterPro-201214/2.1/Images/ACR-161/Macfaster Pro_LandingPage [2].png","210614/MacfasterPro-201214/2.1/Images/ACR-065/Macfaster Pro_OfferPage [1].png"],"guid":"6bfd1082-bef7-474b-ae54-456a65bd1bac_2.1_1","appID":"MacfasterPro-201214","dateAdded":"240201","deceptorType":"MacOS App","name":"MacFaster Pro ","company":"Macfaster Pro","version":"2.1","sigName":"Deceptor:MacOS/MacFasterPro!004084003014","lastKnownStatus":"1.2;1.3;2.1;3.1","lastKnownDate":"240201","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,paid","lastUpdate":"2024-02-01T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":4,"sortOrder":728},{"violations":{"ACR-003":"The app exaggerates system issues and raises urgency for the identified issues with \"Orange\" color bar or \"Red\" font, thereby misleading or scaring the consumer to take action. It also uses traffic light colors and gauges.\n","ACR-004":"App does not provide free fixes for the scan results that can't be permanently fixed. It uses issues identified during free scanning to upsell user the fix, requiring user to purchase subscription service to fix all results identified during free scan. The app uses traffic light colors and gauges to raise an exaggerated sense of urgency for the consumer.\n","ACR-084":"The application does not provide a way to disable the auto-launch of the app.\n","ACR-014":"App claims non-critical items like languages, caches, and logs have alarmingly \"high\" improvement potential.\n"},"nonDeceptorViolations":{"ACR-065":"The install wizard does not display link for the Returns and Cancellation Policy, Privacy Policy information.\nThe app does not display link for the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy information.\nThe landing page does not display link for the EULA and/or Terms of Service and Privacy Policy information.\nThe internal offer page does not display link for the EULA and/or Terms of Service, and Privacy Policy information.\n","ACR-161":"The landing page has testimonials that have no links back to a source so consumers can verify if they're real.\n","ACR-088":"The application beings a scan immediately after installation without user consent.\n","ACR-099":"The app has no link or information that shows how it can be uninstalled. \n"},"samples":[{"isRevoked":"False","fileName":"Macfaster Pro","fileVersion":"0.","hashMD5":"3576ab6f89047ddac572cb03d13d0503","hashSHA1":"c9afc31f3f7cf8767415fc5f25d32f04952dc3bb","hashSHA256":"0cf9d074ead8f28de9d47235df1e1a6390e24d96c6d44c291a58fbecf9651ed8","sourceIndex":"1907","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"Macfasterpro.pkg","isInstaller":"True","fileVersion":"0.","hashMD5":"da2241550ac5ed7660b32876195c9136","hashSHA1":"b3ca581c8eaa526d3a17e956ca2fea1349dfb62d","hashSHA256":"ace82d8416bd7088e1b96a4bc1d090e0a735ed63f31cf8418a2bf1f1f6363efc","sourceIndex":"1907","avBlockList":["Avast Security for Mac (20210810)","Avira Security for Mac (20210608)","Bitdefender Antivirus for Mac (20210810)","ESET Cyber Security Pro for Mac (20210810)","G DATA AntiVirus for Mac (20210810)","K7 Antivirus for Mac (20210810)","Norton Security for Mac (20210810)","Trend Micro Antivirus for Mac (20210810)"],"avAllowList":["Kaspersky Internet Security for Mac (20210810)","McAfee Internet Security for Mac (20210810)","Sophos Home Premium For Mac (20210810)"]}],"additionalFiles":[],"sources":[{"howFound":"Google Search: Mac OS Optimizer App","reference":"https://www.macfasterpro.com","landingPage":"https://www.macfasterpro.com","directDownloadingLink":"https://www.macfasterpro.com/download/Macfasterpro.pkg","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.macfasterpro.com/download/Macfasterpro.pkg","sourceIndex":"1907"}],"sampleFiles":["210531/MacfasterPro-201214/1.3/Samples/Macfaster Pro","210531/MacfasterPro-201214/1.3/Samples/Macfasterpro.pkg"],"imageFiles":["210531/MacfasterPro-201214/1.3/Images/ACR-004/Macfaster Pro_Interactions [2].png","210531/MacfasterPro-201214/1.3/Images/ACR-004/Macfaster Pro_Interactions [3].png","210531/MacfasterPro-201214/1.3/Images/ACR-004/Macfaster Pro_Interactions [4].png","210531/MacfasterPro-201214/1.3/Images/ACR-084/Macfaster Pro_AutoLaunch [1].png","210531/MacfasterPro-201214/1.3/Images/ACR-084/Macfaster Pro_AutoLaunch [2].png","210531/MacfasterPro-201214/1.3/Images/ACR-003/Macfaster Pro_Interactions [1].png","210531/MacfasterPro-201214/1.3/Images/ACR-003/Macfaster Pro_Interactions [4].png","210531/MacfasterPro-201214/1.3/Images/ACR-014/Macfaster Pro_Interactions [1].png","210531/MacfasterPro-201214/1.3/Images/ACR-014/Macfaster Pro_Interactions [4].png"],"nonDeceptorImageFiles":["210531/MacfasterPro-201214/1.3/Images/ACR-065/Macfaster Pro_Install [1].png","210531/MacfasterPro-201214/1.3/Images/ACR-065/Macfaster Pro_Install [2].png","210531/MacfasterPro-201214/1.3/Images/ACR-065/Macfaster Pro_Install [3].png","210531/MacfasterPro-201214/1.3/Images/ACR-065/Macfaster Pro_Install [4].png","210531/MacfasterPro-201214/1.3/Images/ACR-088/Macfasterpro.gif","210531/MacfasterPro-201214/1.3/Images/ACR-065/Macfaster Pro_About [1].png","210531/MacfasterPro-201214/1.3/Images/ACR-099/Macfaster Pro_About [1].png","210531/MacfasterPro-201214/1.3/Images/ACR-065/Macfaster Pro_LandingPage [1].png","210531/MacfasterPro-201214/1.3/Images/ACR-161/Macfaster Pro_LandingPage [2].png","210531/MacfasterPro-201214/1.3/Images/ACR-065/Macfaster Pro_OfferPage [1].png","210531/MacfasterPro-201214/1.3/Images/ACR-065/Macfaster Pro_OfferPage [2].png"],"guid":"6bfd1082-bef7-474b-ae54-456a65bd1bac_1.3_1","appID":"MacfasterPro-201214","dateAdded":"240201","deceptorType":"MacOS App","name":"MacFaster Pro ","company":"Macfaster Pro","version":"1.3","sigName":"Deceptor:MacOS/MacFasterPro!004084003014","lastKnownStatus":"1.2;1.3;2.1;3.1","lastKnownDate":"240201","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,paid","lastUpdate":"2024-02-01T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":4,"sortOrder":729},{"violations":{"ACR-003":"The app exaggerates system issues and raises urgency for the identified issues with \"Orange\" color bar or \"Red\" font, thereby misleading or scaring the consumer to take action. It also uses traffic light colors and gauges.\n","ACR-004":"App does not provide free fixes for the scan results that can't be permanently fixed. It uses issues identified during free scanning to upsell user the fix, requiring user to purchase subscription service to fix all results identified during free scan. The app uses traffic light colors and gauges to raise an exaggerated sense of urgency for the consumer.\n","ACR-084":"The application does not provide a way to disable the auto-launch of the app.\n","ACR-014":"App claims non-critical items like languages, caches, and logs have alarmingly \"high\" improvement potential.\n"},"nonDeceptorViolations":{"ACR-065":"The install does not display link for the Returns and Cancellation Policy, Privacy Policy information.\nThe app does not display link for the Apps EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy information.\nThe landing page does not display link for the Apps EULA and/or Terms of Service and Privacy Policy information.\nThe internal offer page does not display link for the Apps EULA and/or Terms of Service.\n","ACR-088":"The application beings a scan immediately after installation without user consent.\n","ACR-099":"The app has no link or information that shows how it can be uninstalled. \n"},"samples":[{"isRevoked":"False","fileName":"Macfaster Pro","fileVersion":"0.","hashMD5":"4721b1686bfdbef0f8320cc6344b9dcf","hashSHA1":"2a575ff26d95611c2cb047d48f0965e9ce209208","hashSHA256":"bd17910f81d5b7eb8ef563648d8da288c462f51668d2edf5df34df2c64aa04d6","sourceIndex":"2026","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"Macfasterpro.pkg","isInstaller":"True","fileVersion":"0.","hashMD5":"280c76ce2ff1248e791cf50bb8841595","hashSHA1":"029cfcd78fb3d5247d3d4515488e716af6517ee1","hashSHA256":"becf1b5c1cf6f020ff9367fcf648f61563bbfd3aa76302da7735e7ed4020ca21","sourceIndex":"2026","avBlockList":["Avast Security for Mac (20240611)","Avira Security for Mac (20240611)","Bitdefender Antivirus for Mac (20240611)","ESET Cyber Security Pro for Mac (20240611)","G DATA AntiVirus for Mac (20240611)","K7 Antivirus for Mac (20240611)","McAfee Internet Security for Mac (20240611)","Norton Security for Mac (20240611)","Sophos Home Premium For Mac (20240611)","Trend Micro Antivirus for Mac (20240611)","SpyHunterforMac (20240611)"],"avAllowList":["Kaspersky Internet Security for Mac (20240611)"]}],"additionalFiles":[],"sources":[{"howFound":"Google Search: Mac OS Optimizer App","reference":"https://www.macfasterpro.com","landingPage":"https://www.macfasterpro.com","directDownloadingLink":"https://www.macfasterpro.com/download/Macfasterpro.pkg","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.macfasterpro.com/download/Macfasterpro.pkg","sourceIndex":"2026"}],"sampleFiles":["201214/MacfasterPro-201214/1.2/Samples/Macfaster Pro","201214/MacfasterPro-201214/1.2/Samples/Macfasterpro.pkg"],"imageFiles":["201214/MacfasterPro-201214/1.2/Images/ACR-004/MacFaster Pro_Interactions [1].png","201214/MacfasterPro-201214/1.2/Images/ACR-004/MacFaster Pro_Interactions [6] RegisterProduct.png","201214/MacfasterPro-201214/1.2/Images/ACR-004/MacFaster Pro_Interactions [7].png","201214/MacfasterPro-201214/1.2/Images/ACR-084/MacFaster Pro_AutoLogin [1].png","201214/MacfasterPro-201214/1.2/Images/ACR-003/MacFaster Pro_Interactions [1].png","201214/MacfasterPro-201214/1.2/Images/ACR-003/MacFaster Pro_Interactions [7].png","201214/MacfasterPro-201214/1.2/Images/ACR-014/MacFaster Pro_Interactions [1].png"],"nonDeceptorImageFiles":["201214/MacfasterPro-201214/1.2/Images/ACR-065/MacFaster Pro_Install [1].png","201214/MacfasterPro-201214/1.2/Images/ACR-065/MacFaster Pro_Install [2].png","201214/MacfasterPro-201214/1.2/Images/ACR-065/MacFaster Pro_Install [3].png","201214/MacfasterPro-201214/1.2/Images/ACR-088/MacFaster Pro_scanpost-install.gif","201214/MacfasterPro-201214/1.2/Images/ACR-065/MacFaster Pro_About [1].png","201214/MacfasterPro-201214/1.2/Images/ACR-099/MacFaster Pro_About [1].png","201214/MacfasterPro-201214/1.2/Images/ACR-065/MacFaster Pro_LandingPage [1].png","201214/MacfasterPro-201214/1.2/Images/ACR-065/MacFaster Pro_OfferPage [1].png","201214/MacfasterPro-201214/1.2/Images/ACR-065/MacFaster Pro_OfferPage [2].png","201214/MacfasterPro-201214/1.2/Images/ACR-065/MacFaster Pro_OfferPage [3].png"],"guid":"6bfd1082-bef7-474b-ae54-456a65bd1bac_1.2_1","appID":"MacfasterPro-201214","dateAdded":"240201","deceptorType":"MacOS App","name":"MacFaster Pro ","company":"Macfaster Pro","version":"1.2","sigName":"Deceptor:MacOS/MacFasterPro!004084003014","lastKnownStatus":"1.2;1.3;2.1;3.1","lastKnownDate":"240201","type":"MacOS App","category":"SysTools & Utilities","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,paid","lastUpdate":"2024-02-01T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":4,"sortOrder":730},{"violations":{"ACR-109":"The app downloads \"rk_setup.exe\", a RelevantKnowledge file without the consumer's consent.\n","ACR-010":"The app bundler distributes deceptor application. The offer in this bundler, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control.\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software\n","ACR-118":"Upon uninstallation, it retains some of its components on the device without the user's knowledge and consent\n","ACR-057":"The app bundles the \"Relevant Knowledge\" offer which does not allow the consumer to decline the offer\n","ACR-071":"It attempts to force the acceptance of \"Relevant Knowledge\" by graying out the Next button when the user choose to Decline. Thus, forcing the user to only accept the offer and proceed with the installation\n","ACR-059":"Offer not clearly marked as an offer. Instead, it is presented as a component of the carrier.\n","ACR-155":"Offers are designed to look like part of the install workflow\n"},"nonDeceptorViolations":{"ACR-106":"App offers deceptive application 'Relevant Knowledge market survey\n","ACR-092":"The installer and main executables are not digitally signed\n","ACR-123":"The app does not remove dropped root certificates even after uninstalling\n"},"samples":[{"isRevoked":"False","fileName":"FreeAutoClicker.exe","isInstaller":"True","companyName":"FreeAutoClicker Co. Ltd.                                   ","productName":"Free Auto Clicker                                           ","productVersion":"                    ","fileVersion":"                    ","hashMD5":"c7ced6aef23fa1bfbbc31ff2419ad815","hashSHA1":"ebbece94a93f04400ee9357cad0d0de9368c9d02","hashSHA256":"a0e739f913f98fef9ef79ce3fa512192e27b2b40a1324cf658084ba14589855a","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"747","avBlockList":["Avast Premium Security (20240208)","AVG Internet Security (20240208)","Avira Internet Security (20240208)","Bitdefender Internet Security (20240208)","COMODO Antivirus (20240208)","Dr.Web Security Space (20240208)","ESET Internet Security (20240208)","G DATA INTERNET SECURITY (20240208)","K7 Total Security (20240208)","Kaspersky Internet Security (20240208)","Malwarebytes Premium (20240208)","McAfee Total Protection (20240208)","Norton Security (20240208)","Panda Dome (20240208)","Quick Heal Internet Security (20240208)","Sophos Home Premium (20240208)","SpyHunter5 (20240208)","Total AV Antivirus Pro (20240208)","VIPRE Advanced Security (20240208)","VirIT eXplorer PRO (20240208)","Webroot SecureAnywhere (20240208)"],"avAllowList":["360 Total Security (20240208)","Trend Micro Internet Security (20240208)","Windows Defender (20240208)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunted on RK Installer","reference":"","landingPage":"http://www.free-auto-clicker.com/","directDownloadingLink":"http://www.free-auto-clicker.com/FreeAutoClicker.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://www.free-auto-clicker.com/FreeAutoClicker.exe","sourceIndex":"747"}],"sampleFiles":["240130/FreeAutoClicker-240125/8.8.3.0/Samples/FreeAutoClicker.exe"],"imageFiles":["240130/FreeAutoClicker-240125/8.8.3.0/Images/ACR-109/ACR-109_Install_1.png","240130/FreeAutoClicker-240125/8.8.3.0/Images/ACR-010/ACR-010_Install_1.png","240130/FreeAutoClicker-240125/8.8.3.0/Images/ACR-013/ACR-013_Install_1.png","240130/FreeAutoClicker-240125/8.8.3.0/Images/ACR-118/ACR-118_Uninstall_1.png","240130/FreeAutoClicker-240125/8.8.3.0/Images/ACR-057/ACR-057_Bundler-made offers_1.png","240130/FreeAutoClicker-240125/8.8.3.0/Images/ACR-059/ACR-059_Bundler-made offers_1.png","240130/FreeAutoClicker-240125/8.8.3.0/Images/ACR-060/ACR-060_Bundler-made offers_1.png","240130/FreeAutoClicker-240125/8.8.3.0/Images/ACR-071/ACR-071_Bundler-made offers_1.png","240130/FreeAutoClicker-240125/8.8.3.0/Images/ACR-155/ACR-155_Bundler-made offers_1.png"],"nonDeceptorImageFiles":["240130/FreeAutoClicker-240125/8.8.3.0/Images/ACR-106/ACR-106_Software_1.png","240130/FreeAutoClicker-240125/8.8.3.0/Images/ACR-092/ACR-092_Software_1.png","240130/FreeAutoClicker-240125/8.8.3.0/Images/ACR-123/ACR-123_Uninstall_1.png"],"guid":"1622fdb0-d798-4141-a500-a4116c6df60b_8.8.3.0_1","appID":"FreeAutoClicker-240125","dateAdded":"240130","deceptorType":"Bundler","name":"Free Auto Clicker","company":"FreeAutoClicker Co., Ltd.","version":"8.8.3.0","lastKnownStatus":"8.8.3.0","lastKnownDate":"240130","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"sold in bundle,up-sell to paid","lastUpdate":"2024-01-30T22:38:29.8744856+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":731},{"violations":{"ACR-109":"The app downloads \"rk_setup.exe\", a RelevantKnowledge file before disclosure and without the consumer's consent\n","ACR-042":"The app initiates network communications with 3rd party offer provider before obtaining user consent\n","ACR-010":"The app distributes deceptor application. The offer in this app, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software\n","ACR-118":"Upon uninstallation, it retains some executables along with a \"curl-ca-bundle.crt\" on the device without user's knowledge.\n","ACR-057":"The app bundles the \"Relevant Knowledge\" offer which does not allow the consumer to decline the offer\n","ACR-071":"It attempts to force the acceptance of \"Relevant Knowledge\" by graying out the Next button when the user choose to Decline. Thus, forcing the user to only accept the offer and proceed with the installation\n","ACR-059":"Offer not clearly marked as an offer. Instead, it is presented as a component of the carrier.\n","ACR-155":"Offers are designed to look like part of the install workflow\n"},"nonDeceptorViolations":{"ACR-106":"App offers deceptive application 'Relevant Knowledge market survey\n","ACR-092":"The app's installer and main executable is not digitally signed\n","ACR-123":"The app does not remove dropped root certificates even after uninstalling\n"},"samples":[{"isRevoked":"False","fileName":"dvrsetup.exe","isInstaller":"True","companyName":"Rising Research                                             ","productName":"Digital Video Repair                                        ","productVersion":"3.7.1.2                                           ","fileVersion":"3.7.1.2             ","hashMD5":"4a1b6b30d8a7b7233ba0ed4b6f7c6023","hashSHA1":"0ed4355d4e5c3e81eb06a7e2885f5954ca79d0d2","hashSHA256":"17ed8c48f3e64b00dbe5721b3fb1e37964df7304f215b6d5fe0b89bb0e763806","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"748","avBlockList":["360 Total Security (20240523)","Avast Premium Security (20240523)","AVG Internet Security (20240523)","Avira Internet Security (20240523)","Bitdefender Internet Security (20240523)","COMODO Antivirus (20240523)","ESET Internet Security (20240523)","G DATA INTERNET SECURITY (20240523)","K7 Total Security (20240523)","Kaspersky Internet Security (20240523)","Malwarebytes Premium (20240523)","McAfee Total Protection (20240523)","Norton Security (20240523)","Panda Dome (20240523)","Quick Heal Internet Security (20240523)","Sophos Home Premium (20240523)","SpyHunter5 (20240523)","Total AV Antivirus Pro (20240523)","Trend Micro Internet Security (20240523)","VIPRE Advanced Security (20240523)","VirIT eXplorer PRO (20240523)","Webroot SecureAnywhere (20240523)","Windows Defender (20240523)"],"avAllowList":["Dr.Web Security Space (20240523)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunted on RK installer","reference":"","landingPage":"https://www.risingresearch.com/en/dvr/","directDownloadingLink":"https://www.risingresearch.com/files/dvrsetup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.risingresearch.com/files/dvrsetup.exe","sourceIndex":"748"}],"sampleFiles":["240130/DigitalVideoRepair-230622/3.7.1.2/Samples/dvrsetup.exe"],"imageFiles":["240130/DigitalVideoRepair-230622/3.7.1.2/Images/ACR-109/ACR-109_Install_1.png","240130/DigitalVideoRepair-230622/3.7.1.2/Images/ACR-042/ACR-042_Install_1.png","240130/DigitalVideoRepair-230622/3.7.1.2/Images/ACR-010/ACR-010_Install_1.png","240130/DigitalVideoRepair-230622/3.7.1.2/Images/ACR-013/ACR-013_Install_1.png","240130/DigitalVideoRepair-230622/3.7.1.2/Images/ACR-118/ACR-118_Uninstall_1.png","240130/DigitalVideoRepair-230622/3.7.1.2/Images/ACR-118/ACR-118_Uninstall_2.png","240130/DigitalVideoRepair-230622/3.7.1.2/Images/ACR-057/ACR-057_Bundler-made offers_1.png","240130/DigitalVideoRepair-230622/3.7.1.2/Images/ACR-059/ACR-059_Bundler-made offers_1.png","240130/DigitalVideoRepair-230622/3.7.1.2/Images/ACR-060/ACR-060_Bundler-made offers_1.png","240130/DigitalVideoRepair-230622/3.7.1.2/Images/ACR-071/ACR-071_Bundler-made offers_1.png","240130/DigitalVideoRepair-230622/3.7.1.2/Images/ACR-155/ACR-155_Bundler-made offers_1.png"],"nonDeceptorImageFiles":["240130/DigitalVideoRepair-230622/3.7.1.2/Images/ACR-106/ACR-106_Software_1.png","240130/DigitalVideoRepair-230622/3.7.1.2/Images/ACR-092/ACR-092_Software_1.png","240130/DigitalVideoRepair-230622/3.7.1.2/Images/ACR-123/ACR-123_Uninstall_1.png"],"guid":"bfe02915-9c35-4174-9594-9089b2c80d6f_3.7.1.2_1","appID":"DigitalVideoRepair-230622","dateAdded":"240130","deceptorType":"Bundler","name":"Digital Video Repair","company":"Rising Research","version":"3.7.1.2","lastKnownStatus":"3.7.1.0;3.7.1.2","lastKnownDate":"240130","type":"Windows Executable","category":"Media players","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,sold in bundle","lastUpdate":"2024-01-30T22:37:01.6724718+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":732},{"violations":{"ACR-109":"The app downloads \"rk_setup.exe\", a RelevantKnowledge file before disclosure and without the consumer's consent\n","ACR-042":"The app drops the Root Certificate files before obtaining the consumer's permission through explicit user action in the installation prompt\n","ACR-043":"The app drops the Root Certificate files without disclosing in during installation\n","ACR-048":"The \"Decline\" button does not have any control. Upon clicking the button, it drops a RelevantKnowledge file “rk_setup.exe” regardless\n","ACR-007":"The app does not obtain user consent for dropping the Root Certificate files to reduce the consumer's security posture caused by the installation prompt\n","ACR-010":"The app distributes deceptor application. The offer in this app, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software\n","ACR-118":"Upon uninstallation, it retains some executables and many of its other components along with a \"curl-ca-bundle.crt\" and other components on the device without user's knowledge.\n","ACR-057":"The app bundles the \"Relevant Knowledge\" offer which does not allow the consumer to decline the offer\n","ACR-071":"It attempts to force the acceptance of \"Relevant Knowledge\" by graying out the Next button when the user choose to Decline. Thus, forcing the user to only accept the offer and proceed with the installation\n","ACR-059":"Offer not clearly marked as an offer. Instead, it is presented as a component of the carrier.\n","ACR-155":"Offers are designed to look like part of the install workflow\n"},"nonDeceptorViolations":{"ACR-045":"The app does not describe clearly and straightforwardly what effect is caused to the user's system due to the dropped Cert file in the installation prompt\n","ACR-106":"App offers deceptive application 'Relevant Knowledge market survey\n","ACR-092":"The app's installer and main executable is not digitally signed\n","ACR-123":"The app does not remove dropped root certificates even after uninstalling\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\Rising Research\\Digital Video Repair\\dvr.exe","companyName":"Rising Research","productName":"Digital Video Repair","productVersion":"3.7.1.0","fileVersion":"3.7.1.0","hashMD5":"00ffc32848ac4ae91dd3e2eb81243d74","hashSHA1":"2031d4ac00e87cccf7d91cc2a7d9ffaddd0c549f","hashSHA256":"39e55fd81ea75e32dcd83f1c070f78789d4ddbcd4c2fb48b704330cd4d999fe1","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1033","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"dvrsetup.exe","isInstaller":"True","companyName":"Rising Research                                             ","productName":"Digital Video Repair                                        ","productVersion":"3.7.1.0                                           ","fileVersion":"3.7.1.0             ","hashMD5":"1b7e9f9051b0603bcd8ccf9f03d3fbb7","hashSHA1":"b42c116a03433ddbab60b184965485e602117bd4","hashSHA256":"37f847d442e0abb578e53c04d1b94e43a8009659676ea35f1a2c5756ddd31915","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1033","avBlockList":["360 Total Security (20240307)","Avast Premium Security (20240307)","AVG Internet Security (20240307)","Avira Internet Security (20240307)","Bitdefender Internet Security (20240307)","COMODO Antivirus (20240307)","Dr.Web Security Space (20240307)","ESET Internet Security (20240307)","G DATA INTERNET SECURITY (20240307)","K7 Total Security (20240307)","Kaspersky Internet Security (20240307)","Malwarebytes Premium (20240307)","McAfee Total Protection (20240307)","Norton Security (20240307)","Panda Dome (20240307)","Quick Heal Internet Security (20240307)","Sophos Home Premium (20240307)","SpyHunter5 (20240307)","Total AV Antivirus Pro (20240307)","Trend Micro Internet Security (20240307)","VIPRE Advanced Security (20240307)","VirIT eXplorer PRO (20240307)","Webroot SecureAnywhere (20240307)"],"avAllowList":["Windows Defender (20240307)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunted on RK installer","reference":"","landingPage":"https://www.risingresearch.com/en/dvr/","directDownloadingLink":"https://www.risingresearch.com/files/dvrsetup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.risingresearch.com/files/dvrsetup.exe","sourceIndex":"1033"}],"sampleFiles":["230623/DigitalVideoRepair-230622/3.7.1.0/Samples/dvrsetup.exe"],"imageFiles":["230623/DigitalVideoRepair-230622/3.7.1.0/Images/ACR-109/ACR-109.JPG","230623/DigitalVideoRepair-230622/3.7.1.0/Images/ACR-043/ACR-043.JPG","230623/DigitalVideoRepair-230622/3.7.1.0/Images/ACR-042/ACR-042.JPG","230623/DigitalVideoRepair-230622/3.7.1.0/Images/ACR-048/ACR-048.JPG","230623/DigitalVideoRepair-230622/3.7.1.0/Images/ACR-007/ACR-007.JPG","230623/DigitalVideoRepair-230622/3.7.1.0/Images/ACR-010/ACR-010.JPG","230623/DigitalVideoRepair-230622/3.7.1.0/Images/ACR-013/ACR-013.JPG","230623/DigitalVideoRepair-230622/3.7.1.0/Images/ACR-118/ACR-118.JPG","230623/DigitalVideoRepair-230622/3.7.1.0/Images/ACR-057/ACR-057.JPG","230623/DigitalVideoRepair-230622/3.7.1.0/Images/ACR-059/ACR-059.JPG","230623/DigitalVideoRepair-230622/3.7.1.0/Images/ACR-060/ACR-060.JPG","230623/DigitalVideoRepair-230622/3.7.1.0/Images/ACR-071/ACR-071.JPG","230623/DigitalVideoRepair-230622/3.7.1.0/Images/ACR-155/ACR-155.JPG"],"nonDeceptorImageFiles":["230623/DigitalVideoRepair-230622/3.7.1.0/Images/ACR-045/ACR-045.JPG","230623/DigitalVideoRepair-230622/3.7.1.0/Images/ACR-106/ACR-106.JPG","230623/DigitalVideoRepair-230622/3.7.1.0/Images/ACR-092/ACR-092.JPG","230623/DigitalVideoRepair-230622/3.7.1.0/Images/ACR-123/ACR-123.JPG"],"guid":"bfe02915-9c35-4174-9594-9089b2c80d6f_3.7.1.0_1","appID":"DigitalVideoRepair-230622","dateAdded":"240130","deceptorType":"Bundler","name":"Digital Video Repair","company":"Rising Research","version":"3.7.1.0","lastKnownStatus":"3.7.1.0;3.7.1.2","lastKnownDate":"240130","type":"Windows Executable","category":"Media players","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,sold in bundle","lastUpdate":"2024-01-30T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":733},{"violations":{"ACR-109":"After installation, the app also attempts to install a Google Chrome Extension \"Tampermonkey\" without prior acceptance or agreement during the installation process\n","ACR-042":"The Google Chrome Extension \"TamperMonkey\" was installed as an added feature without obtaining permission from the user.\n","ACR-043":"The added Google Chrome Extension \"Tampermonkey\" was installed, and there is no disclosure about this attempted action\n","ACR-039":"The added Google Chrome Extension \"Tampermonkey\" is a third party software, and there is no disclosure/mentioning of it, and its relation to the app during installation process.\n"},"nonDeceptorViolations":{"ACR-002":"Publisher WONBO Technologies, is not mentioned/disclosed in the EULA and is not consistent with disclosed company Aimersoft Software Co., Ltd.\nCompany Name in the digital signature comes from Wondershare Technology Group Co., Ltd., which was not mentioned/disclosed in the EULA\n","ACR-095":"No user consent on the attempt to install a Google Chrome Extension \"Tampermonkey\"\n"},"samples":[{"isRevoked":"False","fileName":"itube-studio_setup_full1169.exe","isInstaller":"True","fileVersion":"2.0","hashMD5":"edf84aab7f20fa144bb01ea0625340bc","hashSHA1":"b683d4aad9fc088e99f29693e822ebdde8008eaf","hashSHA256":"180abaae38935529daeca673fa9f31e5d664ad90d9f5e96db462b1f15285ac82","digitalCertThumbprint":"9E20AD36ED6A23CD9FBDB46946AABBCD5344F999","digitalCertIssuer":"CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O=\"VeriSign, Inc.\", C=US","digitalCertIssuedTo":"CN=\"WONBO TECHNOLOGY Co.,LIMITED\", OU=IT, O=\"WONBO TECHNOLOGY Co.,LIMITED\", L=Central District, S=Hong Kong, C=HK","sourceIndex":"749","avBlockList":["Avira Internet Security (20220927)","Bitdefender Internet Security (20220927)","Dr.Web Security Space (20220927)","ESET Internet Security (20220927)","K7 Total Security (20220927)","Kaspersky Internet Security (20220927)","McAfee Total Protection (20220927)","Norton Security (20220927)","Panda Dome (20220927)","Sophos Home Premium (20220927)","SpyHunter5 (20220927)","Total AV Antivirus Pro (20220927)","VIPRE Advanced Security (20220927)","VirIT eXplorer PRO (20220927)","Webroot SecureAnywhere (20220927)","Windows Defender (20220927)"],"avAllowList":["360 Total Security (20220927)","Avast Premium Security (20220927)","AVG Internet Security (20220927)","COMODO Antivirus (20220927)","G DATA INTERNET SECURITY (20220927)","Malwarebytes Premium (20220927)","Quick Heal Internet Security (20220927)","Trend Micro Internet Security (20220927)"]}],"additionalFiles":[],"sources":[{"howFound":"Itube Studio Website","reference":"","landingPage":"https://itube.aimersoft.com/","directDownloadingLink":"https://download.aimersoft.com/inst/itube-studio_setup_full1169.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://download.aimersoft.com/inst/itube-studio_setup_full1169.exe","sourceIndex":"749"}],"sampleFiles":["240129/ItubeHDVideoDownloader-220814/7.4.10.1/Samples/itube-studio_setup_full1169.exe"],"imageFiles":["240129/ItubeHDVideoDownloader-220814/7.4.10.1/Images/ACR-109/ACR-109_Install_1.png","240129/ItubeHDVideoDownloader-220814/7.4.10.1/Images/ACR-109/ACR-109_Install_2.png","240129/ItubeHDVideoDownloader-220814/7.4.10.1/Images/ACR-039/ACR-039_Install_1.png","240129/ItubeHDVideoDownloader-220814/7.4.10.1/Images/ACR-039/ACR-039_Install_2.png","240129/ItubeHDVideoDownloader-220814/7.4.10.1/Images/ACR-043/ACR-043_Install_1.png","240129/ItubeHDVideoDownloader-220814/7.4.10.1/Images/ACR-043/ACR-043_Install_2.png","240129/ItubeHDVideoDownloader-220814/7.4.10.1/Images/ACR-042/ACR-042_Install_1.png","240129/ItubeHDVideoDownloader-220814/7.4.10.1/Images/ACR-042/ACR-042_Install_2.png"],"nonDeceptorImageFiles":["240129/ItubeHDVideoDownloader-220814/7.4.10.1/Images/ACR-002/ACR-002_Install_1.png","240129/ItubeHDVideoDownloader-220814/7.4.10.1/Images/ACR-002/ACR-002_Software_1.png","240129/ItubeHDVideoDownloader-220814/7.4.10.1/Images/ACR-002/ACR-002_Software_2.png","240129/ItubeHDVideoDownloader-220814/7.4.10.1/Images/ACR-095/ACR-095_Software_1.png","240129/ItubeHDVideoDownloader-220814/7.4.10.1/Images/ACR-095/ACR-095_Software_2.png"],"guid":"5998044a-d2cf-4dc2-8cee-0640c6e4401b_7.4.10.1_1","appID":"ItubeHDVideoDownloader-220814","dateAdded":"240129","deceptorType":"App","name":"iTube HD Video Downloader","company":"Itube Studio","version":"7.4.10.1","lastKnownStatus":"7.4.9.2;7.4.10.1","lastKnownDate":"240129","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"Chrome,Firefox","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2026-05-12T22:59:57.7092202+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":734},{"violations":{"ACR-109":"After installation, the app also attempts to install a Google Chrome Extension \"Tampermonkey\" without prior acceptance or agreement during the installation process\n","ACR-042":"1. During installation process, if user wants to stop, or not continue installing the APP, a shortcut file is dropped in the desktop of the user, even when user chose to cancel the installation process\n\n2. The Google Chrome Extension \"TamperMonkey\" was installed as an added feature without obtaining permission from the user.\n","ACR-043":"The added Google Chrome Extension \"Tampermonkey\" was installed, and there is no disclosure about this attempted action\n","ACR-039":"The added Google Chrome Extension \"Tampermonkey\" is a third party software, and there is no disclosure/mentioning of it, and its relation to the app during installation process.\n"},"nonDeceptorViolations":{"ACR-002":"Company Name in the digital signature comes from WONBO Technologies, which was not mentioned/disclosed in the EULA where it disclaims Aimersoft Software Co., Ltd is the company owns copyright.\nCompany Name in the digital signature comes from WONBO Technologies, which was not mentioned/disclosed in the EULA\n","ACR-095":"No user consent on the attempt to install a Google Chrome Extension \"Tampermonkey\"\n"},"samples":[{"isRevoked":"False","fileName":"itube-studio_setup_full1169.exe","isInstaller":"True","fileVersion":"2.0","hashMD5":"edf84aab7f20fa144bb01ea0625340bc","hashSHA1":"b683d4aad9fc088e99f29693e822ebdde8008eaf","hashSHA256":"180abaae38935529daeca673fa9f31e5d664ad90d9f5e96db462b1f15285ac82","digitalCertThumbprint":"9E20AD36ED6A23CD9FBDB46946AABBCD5344F999","digitalCertIssuer":"CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O=\"VeriSign, Inc.\", C=US","digitalCertIssuedTo":"CN=\"WONBO TECHNOLOGY Co.,LIMITED\", OU=IT, O=\"WONBO TECHNOLOGY Co.,LIMITED\", L=Central District, S=Hong Kong, C=HK","sourceIndex":"1460","avBlockList":["Avira Internet Security (20220927)","Bitdefender Internet Security (20220927)","Dr.Web Security Space (20220927)","ESET Internet Security (20220927)","K7 Total Security (20220927)","Kaspersky Internet Security (20220927)","McAfee Total Protection (20220927)","Norton Security (20220927)","Panda Dome (20220927)","Sophos Home Premium (20220927)","SpyHunter5 (20220927)","Total AV Antivirus Pro (20220927)","VIPRE Advanced Security (20220927)","VirIT eXplorer PRO (20220927)","Webroot SecureAnywhere (20220927)","Windows Defender (20220927)"],"avAllowList":["360 Total Security (20220927)","Avast Premium Security (20220927)","AVG Internet Security (20220927)","COMODO Antivirus (20220927)","G DATA INTERNET SECURITY (20220927)","Malwarebytes Premium (20220927)","Quick Heal Internet Security (20220927)","Trend Micro Internet Security (20220927)"]},{"isRevoked":"False","fileName":"iTubeStudio.exe","fileVersion":"7.4","hashMD5":"88da10f1ee12c021064ec4e892d5f293","hashSHA1":"ee0709c9ea09ae2d2d9f8029e8aea1284e2fc2c0","hashSHA256":"e8b602faa84dac41ab1dfcaf3661f777a4ae6db23aec59d3a905262e74ccb8c7","digitalCertThumbprint":"CD5FC7720F25BAAC7E3AB590B1521A8989D0E76E","digitalCertIssuer":"CN=DigiCert Assured ID Code Signing CA-1, OU=www.digicert.com, O=DigiCert Inc, C=US","digitalCertIssuedTo":"CN=\"WONBO TECHNOLOGY Co.,LIMITED\", OU=RD, O=\"WONBO TECHNOLOGY Co.,LIMITED\", L=Central, C=HK","sourceIndex":"1460","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Itube Studio Website","reference":"","landingPage":"https://itube.aimersoft.com/","directDownloadingLink":"https://download.aimersoft.com/itube-studio_full1169.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://download.aimersoft.com/itube-studio_full1169.exe","sourceIndex":"1460"}],"sampleFiles":["220816/ItubeHDVideoDownloader-220814/7.4.9.2/Samples/itube-studio_setup_full1169.exe","220816/ItubeHDVideoDownloader-220814/7.4.9.2/Samples/iTubeStudio.exe"],"imageFiles":["220816/ItubeHDVideoDownloader-220814/7.4.9.2/Images/ACR-109/INS_AddedExtension.png","220816/ItubeHDVideoDownloader-220814/7.4.9.2/Images/ACR-109/INS_Error.png","220816/ItubeHDVideoDownloader-220814/7.4.9.2/Images/ACR-109/INS_ErrorPrompt.gif","220816/ItubeHDVideoDownloader-220814/7.4.9.2/Images/ACR-039/INS_EULAPage.png","220816/ItubeHDVideoDownloader-220814/7.4.9.2/Images/ACR-039/INS_ChromeError.png","220816/ItubeHDVideoDownloader-220814/7.4.9.2/Images/ACR-039/INS_Error.png","220816/ItubeHDVideoDownloader-220814/7.4.9.2/Images/ACR-043/INS_AddedExtension.png","220816/ItubeHDVideoDownloader-220814/7.4.9.2/Images/ACR-043/INS_Error.png","220816/ItubeHDVideoDownloader-220814/7.4.9.2/Images/ACR-043/INS_ErrorPrompt.gif","220816/ItubeHDVideoDownloader-220814/7.4.9.2/Images/ACR-042/INS_ChromeError.png","220816/ItubeHDVideoDownloader-220814/7.4.9.2/Images/ACR-042/INS_Error.png","220816/ItubeHDVideoDownloader-220814/7.4.9.2/Images/ACR-042/INS_DroppedShortcut.gif"],"nonDeceptorImageFiles":["220816/ItubeHDVideoDownloader-220814/7.4.9.2/Images/ACR-002/INS_Install1.png","220816/ItubeHDVideoDownloader-220814/7.4.9.2/Images/ACR-002/USE_AppDigitalSign.png","220816/ItubeHDVideoDownloader-220814/7.4.9.2/Images/ACR-002/USE_FileProperties1.png","220816/ItubeHDVideoDownloader-220814/7.4.9.2/Images/ACR-095/INS_AddedExtension.png","220816/ItubeHDVideoDownloader-220814/7.4.9.2/Images/ACR-095/INS_ChromeError.png","220816/ItubeHDVideoDownloader-220814/7.4.9.2/Images/ACR-095/INS_Error.png","220816/ItubeHDVideoDownloader-220814/7.4.9.2/Images/ACR-095/INS_ErrorPrompt.gif"],"guid":"5998044a-d2cf-4dc2-8cee-0640c6e4401b_7.4.9.2_1","appID":"ItubeHDVideoDownloader-220814","dateAdded":"240129","deceptorType":"App","name":"iTube HD Video Downloader","company":"Itube Studio","version":"7.4.9.2","lastKnownStatus":"7.4.9.2;7.4.10.1","lastKnownDate":"240129","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"Chrome,Firefox","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2024-01-29T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":735},{"violations":{"ACR-109":"Download Manager secretly downloads and writes the files (some are set to be hidden and system only file) to consumer system under hidden folder without user agreeing to install.\n","ACR-042":"Download manager communicate with 3rd party website and drops hidden file/potential offer app info in hidden folder without user permission.  \n","ACR-013":" During installation, the user is interrupted by non-consented offers to silently install unrelated software. \n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software.\nThe offer network does not disclose itself in its offers to silently install unrelated software.\n","ACR-075":"After carrier app was cancelled during installation, the offers are still installed without any notification for user.\n","ACR-039":"No clear indications of the relationship for the monetization components from RiseCodes and Carrier app is disclosed to user before offers being prompts. The links for privacy policy and Term of use mislead user that they are for Carrier app. \n(https://hello.softonic.com/privacy-policy/\nhttps://hello.softonic.com/terms-of-use/\nhttps://risecodes.com/privacy\nhttps://risecodes.com/terms)\n\n"},"nonDeceptorViolations":{"ACR-044":"Download manager doesn't disclose its bundling function when user choose to install carrier app.\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software\n"},"samples":[{"isRevoked":"False","fileName":"onelaunch-5.2.1-installer_W7csm-1.exe","isInstaller":"True","fileVersion":"85.71","hashMD5":"5a7c9c2858e7ff37af5aba1de0719338","hashSHA1":"2097a86a165577b90dbd525e2159f858a69ec022","hashSHA256":"8135d64f0308d2822f484f6395ced9bc3bf2e7eb7042999f6d314388f4ee3f0b","digitalCertThumbprint":"A89369F490714403BC8F8BE9D10F9760A41FE359","digitalCertIssuer":"CN=Sectigo Public Code Signing CA R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=Captural Lmk, O=Captural Lmk, S=Tel Aviv, C=IL","sourceIndex":"890","avBlockList":["360 Total Security (20230921)","Avast Premium Security (20230921)","Avira Internet Security (20230921)","COMODO Antivirus (20230921)","Dr.Web Security Space (20230921)","ESET Internet Security (20230921)","G DATA INTERNET SECURITY (20230921)","K7 Total Security (20230921)","Kaspersky Internet Security (20230921)","Malwarebytes Premium (20230921)","Norton Security (20230921)","Panda Dome (20230921)","Quick Heal Internet Security (20230921)","Sophos Home Premium (20230921)","SpyHunter5 (20230921)","Total AV Antivirus Pro (20230921)","VirIT eXplorer PRO (20230921)","Webroot SecureAnywhere (20230921)"],"avAllowList":["AVG Internet Security (20230921)","Bitdefender Internet Security (20230921)","McAfee Total Protection (20230921)","Trend Micro Internet Security (20230921)","VIPRE Advanced Security (20230921)","Windows Defender (20230921)"]},{"isRevoked":"False","fileName":"clamwin-4w3-0.103.2.1-installer_GrT-xr2.exe","isInstaller":"True","fileVersion":"8.7","hashMD5":"5ffdb5ba9fcd98769a9070ee53f996a2","hashSHA1":"2074bdc4d625cb5ce3a5772ed5650b8ed845642d","hashSHA256":"68cf02fcd8cf88cacdc05b7480d46a96fdb3cf4cda1fe483eadabb95fd4466ee","digitalCertThumbprint":"155ACAAB08BBC75D6A0121BDE1867351BD7A0A73","digitalCertIssuer":"CN=Sectigo Public Code Signing CA R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=Captural Lmk, O=Captural Lmk, S=Tel Aviv, C=IL","sourceIndex":"890","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"FileHippo downloading","reference":"","landingPage":"https://filehippo.com/download_360-total-security-free-antivirus/","directDownloadingLink":"https://d3ry3spu9wn6vo.cloudfront.net/files/pvqydisc89/72.683/360-total-security-free-antivirus-10.8.0.1324-installer.exe","ipv4":"https://d3ry3spu9wn6vo.cloudfront.net/files/*","ipv6":"","landingPageWildChar":"https://filehippo.com/download*","directDownloadingLinkWildChar":"https://d3ry3spu9wn6vo.cloudfront.net/files/pvqydisc89/72.683/360-total-security-free-antivirus-10.8.0.1324-installer.exe","sourceIndex":"890"},{"howFound":"","reference":"","landingPage":"https://filehippo.com/download_combo-cleaner/","directDownloadingLink":"https://d3ry3spu9wn6vo.cloudfront.net/files/0tq7rjs9jy/56.8608/combo-cleaner-1.0.42-installer.exe","ipv4":"","ipv6":"","landingPageWildChar":"https://filehippo.com/download*","directDownloadingLinkWildChar":"https://d3ry3spu9wn6vo.cloudfront.net/files/*","sourceIndex":"891"},{"howFound":"","reference":"","landingPage":"https://filehippo.com/download_iobit-uninstaller/","directDownloadingLink":"https://d3ry3spu9wn6vo.cloudfront.net/files/fbpvtcha4j/54.3883/iobit-uninstaller-11.3.0.4-installer.exe","ipv4":"","ipv6":"","landingPageWildChar":"https://filehippo.com/download*","directDownloadingLinkWildChar":"https://d3ry3spu9wn6vo.cloudfront.net/files/*","sourceIndex":"892"},{"howFound":"","reference":"","landingPage":"","directDownloadingLink":"https://filehippo.com/download_onelaunch/","ipv4":"","ipv6":"","sourceIndex":"893"},{"howFound":"DE-site","reference":"","landingPage":"","directDownloadingLink":"https://filehippo.com/launch_download/?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJkb3dubG9hZFR5cGUiOiJyaXNlSW5zdGFsbGVyIiwiZG93bmxvYWRVcmwiOiJodHRwczovL2RvNTRjaGVjZWl5cm8uY2xvdWRmcm9udC5uZXQvZmlsZXMvMGF3d3ZxeGpmMC8xNi45MDk0L2NsYW13aW4tNHczLTAuMTAzLjIuMS1pbnN0YWxsZXIuZXhlIiwicHJvZ3JhbUlkIjoiN2JiOGJjN2UtMTNhMC00ZGE0LThmYmMtZmMwOTE2OTk4Mjk5IiwiaWF0IjoxNjk1ODI1NjAwLCJleHAiOjE2OTU4MjkyMDB9.jrusu6J3tevG5CGNpdf9W8oQOF1RSYfPuhpCQ2QXgi8","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://filehippo.com/launch_download/?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJkb3dubG9hZFR5cGUiOiJyaXNlSW5zdGFsbGVyIiwiZG93bmxvYWRVcmwiOiJodHRwczovL2RvNTRjaGVjZWl5cm8uY2xvdWRmcm9udC5uZXQvZmlsZXMvMGF3d3ZxeGpmMC8xNi45MDk0L2NsYW13aW4tNHczLTAuMTAzLjIuMS1pbnN0YWxsZXIuZXhlIiwicHJvZ3JhbUlkIjoiN2JiOGJjN2UtMTNhMC00ZGE0LThmYmMtZmMwOTE2OTk4Mjk5IiwiaWF0IjoxNjk1ODI1NjAwLCJleHAiOjE2OTU4MjkyMDB9.jrusu6J3tevG5CGNpdf9W8oQOF1RSYfPuhpCQ2QXgi8","sourceIndex":"894"}],"sampleFiles":["230927/RiseDownloadManager-230309/85.71.2401.4231/Samples/onelaunch-5.2.1-installer_W7csm-1.exe","230927/RiseDownloadManager-230309/85.71.2401.4231/Samples/clamwin-4w3-0.103.2.1-installer_GrT-xr2.exe"],"imageFiles":["230927/RiseDownloadManager-230309/85.71.2401.4231/Images/ACR-109/Risecodes_HiddenFile.JPG","230927/RiseDownloadManager-230309/85.71.2401.4231/Images/ACR-109/FileHippo_042_1.JPG","230927/RiseDownloadManager-230309/85.71.2401.4231/Images/ACR-109/Risecodes_FileDropped.JPG","230927/RiseDownloadManager-230309/85.71.2401.4231/Images/ACR-039/Risecodes_DM_IOBIT.JPG","230927/RiseDownloadManager-230309/85.71.2401.4231/Images/ACR-042/Risecodes_Traffic.JPG","230927/RiseDownloadManager-230309/85.71.2401.4231/Images/ACR-042/Risecodes_FileDropped.JPG","230927/RiseDownloadManager-230309/85.71.2401.4231/Images/ACR-042/FileHippo_042.JPG","230927/RiseDownloadManager-230309/85.71.2401.4231/Images/ACR-042/FileHippo_042_1.JPG","230927/RiseDownloadManager-230309/85.71.2401.4231/Images/ACR-013/RiseCodes_Offer_060_3.JPG","230927/RiseDownloadManager-230309/85.71.2401.4231/Images/ACR-013/RiseCodes_Offer_060_2.JPG","230927/RiseDownloadManager-230309/85.71.2401.4231/Images/ACR-013/RiseCodes_Offer_060_1.JPG","230927/RiseDownloadManager-230309/85.71.2401.4231/Images/ACR-013/RiseCodes_Offer_060.JPG","230927/RiseDownloadManager-230309/85.71.2401.4231/Images/ACR-060/RiseCodes_Offer_060.JPG","230927/RiseDownloadManager-230309/85.71.2401.4231/Images/ACR-075/RiseCodes_Offers.JPG","230927/RiseDownloadManager-230309/85.71.2401.4231/Images/ACR-060/ACR-060_1.png","230927/RiseDownloadManager-230309/85.71.2401.4231/Images/ACR-060/ACR-060_2.png","230927/RiseDownloadManager-230309/85.71.2401.4231/Images/ACR-060/ACR-060_3.png","230927/RiseDownloadManager-230309/85.71.2401.4231/Images/ACR-060/ACR-060_4.png"],"nonDeceptorImageFiles":["230927/RiseDownloadManager-230309/85.71.2401.4231/Images/ACR-044/ACR-044_Install_1.png","230927/RiseDownloadManager-230309/85.71.2401.4231/Images/ACR-060/AdNetwork_Rise_060_2.JPG","230927/RiseDownloadManager-230309/85.71.2401.4231/Images/ACR-060/AdNetwork_Rise_060_1.JPG"],"guid":"0e80ee49-1be4-4fa2-bc0e-f753258a3b88_85.71.2401.4231_1","appID":"RiseDownloadManager-230309","dateAdded":"240125","deceptorType":"Bundler","name":"FileHippoDownloadManager","company":"filehippo.com","version":"85.71.2401.4231","lastKnownStatus":"51.1052.0.0;8.7.2431;85.71.2401.4231;27.12.2947.2398;36.26.2683.9493;9.0.2332.0;27.12.2947.2398;9.1.1241.0;13.41.4168.8345","lastKnownDate":"240125","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 10,Windows 8,Windows 7","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"sold in bundle,cross-sell other apps","lastUpdate":"2024-01-25T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":8,"sortOrder":742},{"violations":{"ACR-109":"Download Manager secretly downloads and writes the files (some are set to be hidden and system only file) to consumer system under hidden folder without user agreeing to install.\n","ACR-042":"Download manager communicate with 3rd party website and drops hidden file/potential offer app info in hidden folder without user permission.  \n","ACR-013":" During installation, the user is interrupted by non-consented offers to silently install unrelated software. \n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software.\nThe offer network does not disclose itself in its offers to silently install unrelated software.\n","ACR-075":"After carrier app was cancelled during installation, the offers are still installed without any notification for user.\n","ACR-039":"No clear indications of the relationship for the monetization components from RiseCodes and Carrier app is disclosed to user before offers being prompts. The links for privacy policy and Term of use mislead user that they are for Carrier app. \n(https://hello.softonic.com/privacy-policy/\nhttps://hello.softonic.com/terms-of-use/\nhttps://risecodes.com/privacy\nhttps://risecodes.com/terms)\n\n"},"nonDeceptorViolations":{"ACR-044":"Download manager doesn't disclose its bundling function when user choose to install carrier app.\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software\n"},"samples":[{"isRevoked":"False","fileName":"combo-cleaner-1.0.42-installer_F0fWJ-1.exe","isInstaller":"True","fileVersion":"8.7.2431","hashMD5":"c918e95198cb37275017e61237aba73f","hashSHA1":"7223a92b1187b50b9158650159ecb812d48e130b","hashSHA256":"7db34f66d81c496c3f4e9772edc68949a24ce0a36b889362ab70f481b1674909","digitalCertThumbprint":"155ACAAB08BBC75D6A0121BDE1867351BD7A0A73","digitalCertIssuer":"CN=Sectigo Public Code Signing CA R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=Captural Lmk, O=Captural Lmk, S=Tel Aviv, C=IL","sourceIndex":"820","avBlockList":["360 Total Security (20231005)","Avira Internet Security (20231005)","COMODO Antivirus (20231005)","Dr.Web Security Space (20231005)","ESET Internet Security (20231005)","K7 Total Security (20231005)","Kaspersky Internet Security (20231005)","Malwarebytes Premium (20231005)","McAfee Total Protection (20231005)","Norton Security (20231005)","Panda Dome (20231005)","Quick Heal Internet Security (20231005)","Sophos Home Premium (20231005)","SpyHunter5 (20231005)","Total AV Antivirus Pro (20231005)","Trend Micro Internet Security (20231005)","VirIT eXplorer PRO (20231005)","Webroot SecureAnywhere (20231005)"],"avAllowList":["Avast Premium Security (20231005)","Bitdefender Internet Security (20231005)","G DATA INTERNET SECURITY (20231005)","VIPRE Advanced Security (20231005)","Windows Defender (20231005)","AVG Internet Security (20231005)"]},{"isRevoked":"False","fileName":"combo-cleaner-1.0.42-installer_PgLz-81.exe","isInstaller":"True","fileVersion":"8.7.2431","hashMD5":"1e0489d3a799788ddbda7f036b3a3367","hashSHA1":"08c2263b324178443d9f229cd3c495832a5ff8f4","hashSHA256":"aea39bb6d68599110658107dfc8c9b64a9c429376dffb3891cc17475f8e2a623","digitalCertThumbprint":"155ACAAB08BBC75D6A0121BDE1867351BD7A0A73","digitalCertIssuer":"CN=Sectigo Public Code Signing CA R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=Captural Lmk, O=Captural Lmk, S=Tel Aviv, C=IL","sourceIndex":"820","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"iobit-uninstaller-11.3.0.4-installer_GgYUq-1.exe","isInstaller":"True","fileVersion":"8.7.2431","hashMD5":"abd61748945e23192e097120c7d237bc","hashSHA1":"ab9e7c205c9c17a5bcfd1ac74ac5510860422c8b","hashSHA256":"9fbbda65ae9ccd15a0f5ac9e6dd36a8e06837d6600c29b06d974b06270a63f92","digitalCertThumbprint":"155ACAAB08BBC75D6A0121BDE1867351BD7A0A73","digitalCertIssuer":"CN=Sectigo Public Code Signing CA R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=Captural Lmk, O=Captural Lmk, S=Tel Aviv, C=IL","sourceIndex":"820","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"combo-cleaner-1.0.42-installer_iySZz-1.exe","isInstaller":"True","fileVersion":"8.7","hashMD5":"8721a2268101d70b7fc44fa00b7b4ebf","hashSHA1":"a2e87da56b043f841c0d3ed835492d24db0ea281","hashSHA256":"99d08716cd516defbbc6f9ad3b629451ed72b86693c28be73e9932ecd9090189","digitalCertThumbprint":"155ACAAB08BBC75D6A0121BDE1867351BD7A0A73","digitalCertIssuer":"CN=Sectigo Public Code Signing CA R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=Captural Lmk, O=Captural Lmk, S=Tel Aviv, C=IL","sourceIndex":"820","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"combo-cleaner-1.0.42-installer_mfHCj-1.exe","isInstaller":"True","fileVersion":"8.7","hashMD5":"c1d88a9ab528045d41090d9b3b720f5b","hashSHA1":"72362b24004f028118f33a8afeb9e43d38be643e","hashSHA256":"93c5e379c1fb4c2327b2d8a5d0cfcc374583a861dbaca9c960d70ae4a02caecb","digitalCertThumbprint":"155ACAAB08BBC75D6A0121BDE1867351BD7A0A73","digitalCertIssuer":"CN=Sectigo Public Code Signing CA R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=Captural Lmk, O=Captural Lmk, S=Tel Aviv, C=IL","sourceIndex":"820","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"combo-cleaner-1.0.42-installer_X3Oh-d1.exe","isInstaller":"True","fileVersion":"8.7","hashMD5":"b01445231a203d761f6806350c6b4da7","hashSHA1":"590d3af0e35d10659473c878e80894330ed23c45","hashSHA256":"10f81c435c9a627bd1d8bc04fded50a723cd3afb59ddfd1441288c637fb0e7cc","digitalCertThumbprint":"155ACAAB08BBC75D6A0121BDE1867351BD7A0A73","digitalCertIssuer":"CN=Sectigo Public Code Signing CA R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=Captural Lmk, O=Captural Lmk, S=Tel Aviv, C=IL","sourceIndex":"820","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"3utools-2.65.003-installer_CE5U-U1.exe","isInstaller":"True","fileVersion":"8.7","hashMD5":"f967561bcef2e3e316caa9d2d92d37c5","hashSHA1":"68f2d12de802193d5d443fd5b4507b65f93d03a0","hashSHA256":"7be1efe2bdbaad414fa32afa752d3a062f5da34e2a4167f9f82bb6f75df978af","digitalCertThumbprint":"155ACAAB08BBC75D6A0121BDE1867351BD7A0A73","digitalCertIssuer":"CN=Sectigo Public Code Signing CA R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=Captural Lmk, O=Captural Lmk, S=Tel Aviv, C=IL","sourceIndex":"820","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"pdf-reader-2-installer_k2S-iy1.exe","isInstaller":"True","fileVersion":"8.7","hashMD5":"cc0b6b0e19284e4f22e79e4684c00842","hashSHA1":"78152807318beb1066c9098e3783a9e2d4d54488","hashSHA256":"e2a86c088c9d0d9d7005618e95858bbb39bbd92f72106d31af625573508afba4","digitalCertThumbprint":"3D77862197B955C13BA2BAF68E5B58DADC17D524","digitalCertIssuer":"CN=Sectigo Public Code Signing CA R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=FH Manager, O=FH Manager, S=Tel Aviv, C=IL","sourceIndex":"820","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"itools-4.5.1.8-installer_j3N-hp1.exe","isInstaller":"True","fileVersion":"8.7","hashMD5":"5ffdb5ba9fcd98769a9070ee53f996a2","hashSHA1":"2074bdc4d625cb5ce3a5772ed5650b8ed845642d","hashSHA256":"68cf02fcd8cf88cacdc05b7480d46a96fdb3cf4cda1fe483eadabb95fd4466ee","digitalCertThumbprint":"155ACAAB08BBC75D6A0121BDE1867351BD7A0A73","digitalCertIssuer":"CN=Sectigo Public Code Signing CA R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=Captural Lmk, O=Captural Lmk, S=Tel Aviv, C=IL","sourceIndex":"820","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"combo-cleaner-1.0.42-installer_2Z-8uf1.exe","isInstaller":"True","fileVersion":"8.7","hashMD5":"c8046cd8a0569080f8bbd0659314161c","hashSHA1":"3bcded3df3bd63f521e0838723afdcf03b9738b5","hashSHA256":"a47f652d0d3d1c3dd8cc24bf4664d9bd45aae0b0806eb4dab827ba1eb21faf6f","digitalCertThumbprint":"155ACAAB08BBC75D6A0121BDE1867351BD7A0A73","digitalCertIssuer":"CN=Sectigo Public Code Signing CA R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=Captural Lmk, O=Captural Lmk, S=Tel Aviv, C=IL","sourceIndex":"820","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"brave-browser-1.3.361.133-installer_50rM-w1_231002.exe","isInstaller":"True","fileVersion":"8.7","hashMD5":"7b1993b84c68fc6f86ca598eed242331","hashSHA1":"4e6416be3b7947d91696c7ea320a0e9f1e1ded1e","hashSHA256":"8dfab2b6537ae7514c00dd9c5c438e081d312b60d601fbed75b804932a9e87f0","digitalCertThumbprint":"3D77862197B955C13BA2BAF68E5B58DADC17D524","digitalCertIssuer":"CN=Sectigo Public Code Signing CA R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=FH Manager, O=FH Manager, S=Tel Aviv, C=IL","sourceIndex":"820","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"combo-cleaner-1.0.42-installer_0j-lyF1_231101.exe","isInstaller":"True","fileVersion":"36.26","hashMD5":"1cb0251c6bce6af8fa7676925a74d1f6","hashSHA1":"f74443e75a62fa9e93db8a46d8872c4e78d59047","hashSHA256":"79e752ee50025a566ffea6c1fe3fc9e7347576f37a0cd460afc4a2de5a560d87","digitalCertThumbprint":"2199B2ECFC03C7B258B501E632C315D18CB43E4B","digitalCertIssuer":"CN=Sectigo Public Code Signing CA R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=FH Manager, O=FH Manager, S=Tel Aviv, C=IL","sourceIndex":"820","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"FileHippo downloading","reference":"","landingPage":"https://filehippo.com/download_360-total-security-free-antivirus/","directDownloadingLink":"https://d3ry3spu9wn6vo.cloudfront.net/files/pvqydisc89/72.683/360-total-security-free-antivirus-10.8.0.1324-installer.exe","ipv4":"https://d3ry3spu9wn6vo.cloudfront.net/files/*","ipv6":"","landingPageWildChar":"https://filehippo.com/download*","directDownloadingLinkWildChar":"https://d3ry3spu9wn6vo.cloudfront.net/files/pvqydisc89/72.683/360-total-security-free-antivirus-10.8.0.1324-installer.exe","sourceIndex":"820"},{"howFound":"","reference":"","landingPage":"https://filehippo.com/download_combo-cleaner/","directDownloadingLink":"https://d3ry3spu9wn6vo.cloudfront.net/files/0tq7rjs9jy/56.8608/combo-cleaner-1.0.42-installer.exe","ipv4":"","ipv6":"","landingPageWildChar":"https://filehippo.com/download*","directDownloadingLinkWildChar":"https://d3ry3spu9wn6vo.cloudfront.net/files/*","sourceIndex":"821"},{"howFound":"","reference":"","landingPage":"https://filehippo.com/download_iobit-uninstaller/","directDownloadingLink":"https://d3ry3spu9wn6vo.cloudfront.net/files/fbpvtcha4j/54.3883/iobit-uninstaller-11.3.0.4-installer.exe","ipv4":"","ipv6":"","landingPageWildChar":"https://filehippo.com/download*","directDownloadingLinkWildChar":"https://d3ry3spu9wn6vo.cloudfront.net/files/*","sourceIndex":"822"},{"howFound":"DE site","reference":"","landingPage":"https://filehippo.com/download_combo-cleaner/","directDownloadingLink":"https://filehippo.com/launch_download/?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJkb3dubG9hZFR5cGUiOiJyaXNlSW5zdGFsbGVyIiwiZG93bmxvYWRVcmwiOiJodHRwczovL2Qzcnkzc3B1OXduNnZvLmNsb3VkZnJvbnQubmV0L2ZpbGVzL3RsaHppOXQ0Y2svODguNjAzOC9jb21iby1jbGVhbmVyLTEuMC40Mi1pbnN0YWxsZXIuZXhlIiwicHJvZ3JhbUlkIjoiMjg1M2I5NDMtNjczNC00MDM5LWE2NDItOGExMjVlMGQ2ZTZjIiwiaWF0IjoxNjgyMDk0MjkzLCJleHAiOjE2ODIwOTc4OTN9.SkKR3Q0jcDZE10ubaCJkjqcivmsUuKmLLR8NhM0knoM","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://filehippo.com/launch_download/?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJkb3dubG9hZFR5cGUiOiJyaXNlSW5zdGFsbGVyIiwiZG93bmxvYWRVcmwiOiJodHRwczovL2Qzcnkzc3B1OXduNnZvLmNsb3VkZnJvbnQubmV0L2ZpbGVzL3RsaHppOXQ0Y2svODguNjAzOC9jb21iby1jbGVhbmVyLTEuMC40Mi1pbnN0YWxsZXIuZXhlIiwicHJvZ3JhbUlkIjoiMjg1M2I5NDMtNjczNC00MDM5LWE2NDItOGExMjVlMGQ2ZTZjIiwiaWF0IjoxNjgyMDk0MjkzLCJleHAiOjE2ODIwOTc4OTN9.SkKR3Q0jcDZE10ubaCJkjqcivmsUuKmLLR8NhM0knoM","sourceIndex":"823"},{"howFound":"DE site","reference":"","landingPage":"https://filehippo.com/download_iobit-uninstaller/","directDownloadingLink":"https://filehippo.com/launch_download/?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJkb3dubG9hZFR5cGUiOiJyaXNlSW5zdGFsbGVyIiwiZG93bmxvYWRVcmwiOiJodHRwczovL2Qzcnkzc3B1OXduNnZvLmNsb3VkZnJvbnQubmV0L2ZpbGVzLzIwcDZ1d3FqZ3QvNDIuNTk4L2lvYml0LXVuaW5zdGFsbGVyLTExLjMuMC40LWluc3RhbGxlci5leGUiLCJwcm9ncmFtSWQiOiI4M2EwOGJlNi05NmQxLTExZTYtOGUzZC0wMDE2M2VkODMzZTciLCJpYXQiOjE2ODIwOTQ3MTYsImV4cCI6MTY4MjA5ODMxNn0.3WYpg9dxG4MO9B2FV6yyyoaOWixygXbpvmZm0NHlumo","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://filehippo.com/launch_download/?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJkb3dubG9hZFR5cGUiOiJyaXNlSW5zdGFsbGVyIiwiZG93bmxvYWRVcmwiOiJodHRwczovL2Qzcnkzc3B1OXduNnZvLmNsb3VkZnJvbnQubmV0L2ZpbGVzLzIwcDZ1d3FqZ3QvNDIuNTk4L2lvYml0LXVuaW5zdGFsbGVyLTExLjMuMC40LWluc3RhbGxlci5leGUiLCJwcm9ncmFtSWQiOiI4M2EwOGJlNi05NmQxLTExZTYtOGUzZC0wMDE2M2VkODMzZTciLCJpYXQiOjE2ODIwOTQ3MTYsImV4cCI6MTY4MjA5ODMxNn0.3WYpg9dxG4MO9B2FV6yyyoaOWixygXbpvmZm0NHlumo","sourceIndex":"824"},{"howFound":"DE site","reference":"","landingPage":"https://filehippo.com/download_360-total-security-free-antivirus/","directDownloadingLink":"https://filehippo.com/launch_download/?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJkb3dubG9hZFR5cGUiOiJyaXNlSW5zdGFsbGVyIiwiZG93bmxvYWRVcmwiOiJodHRwczovL2Qzcnkzc3B1OXduNnZvLmNsb3VkZnJvbnQubmV0L2ZpbGVzLzk0d21rNXd3dmMvNDEuMDUyLzM2MC10b3RhbC1zZWN1cml0eS1mcmVlLWFudGl2aXJ1cy0xMC44LjAuMTMyNC1pbnN0YWxsZXIuZXhlIiwicHJvZ3JhbUlkIjoiYmFiNTZkYTEtYTI4Ny01MmNlLThkMTMtYmNjMDY3MmEwNzUxIiwiaWF0IjoxNjgyMDk0MDM3LCJleHAiOjE2ODIwOTc2Mzd9.53w_BlUpek5r3ZttX6UPvfP0DGtkG8Sxn6mIJrCYccE","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://filehippo.com/launch_download/?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJkb3dubG9hZFR5cGUiOiJyaXNlSW5zdGFsbGVyIiwiZG93bmxvYWRVcmwiOiJodHRwczovL2Qzcnkzc3B1OXduNnZvLmNsb3VkZnJvbnQubmV0L2ZpbGVzLzk0d21rNXd3dmMvNDEuMDUyLzM2MC10b3RhbC1zZWN1cml0eS1mcmVlLWFudGl2aXJ1cy0xMC44LjAuMTMyNC1pbnN0YWxsZXIuZXhlIiwicHJvZ3JhbUlkIjoiYmFiNTZkYTEtYTI4Ny01MmNlLThkMTMtYmNjMDY3MmEwNzUxIiwiaWF0IjoxNjgyMDk0MDM3LCJleHAiOjE2ODIwOTc2Mzd9.53w_BlUpek5r3ZttX6UPvfP0DGtkG8Sxn6mIJrCYccE","sourceIndex":"825"},{"howFound":"PH site","reference":"","landingPage":"https://filehippo.com/download_vlc-media-player-64/","directDownloadingLink":"https://d3ry3spu9wn6vo.cloudfront.net/files/tbbiwj4bks/73.130/vlc-media-player-64-3.0.12-installer.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://d3ry3spu9wn6vo.cloudfront.net/files/tbbiwj4bks/73.130/vlc-media-player-64-3.0.12-installer.exe","sourceIndex":"826"},{"howFound":"PH site","reference":"","landingPage":"https://filehippo.com/download_combo-cleaner/","directDownloadingLink":"https://d3ry3spu9wn6vo.cloudfront.net/files/nqs2m91352/72.2315/combo-cleaner-1.0.42-installer.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://d3ry3spu9wn6vo.cloudfront.net/files/nqs2m91352/72.2315/combo-cleaner-1.0.42-installer.exe","sourceIndex":"827"},{"howFound":"DE site","reference":"","landingPage":"https://filehippo.de/download_combo-cleaner/","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://filehippo.de/launch_download/?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJkb3dubG9hZFR5cGUiOiJyaXNlSW5zdGFsbGVyIiwiZG93bmxvYWRVcmwiOiJodHRwczovL2Qzcnkzc3B1OXduNnZvLmNsb3VkZnJvbnQubmV0L2ZpbGVzLzl0Y2d2cTd6bzQvODEuMzY4L2NvbWJvLWNsZWFuZXItMS4wLjQyLWluc3RhbGxlci5leGUiLCJwcm9ncmFtSWQiOiIyODUzYjk0My02NzM0LTQwMzktYTY0Mi04YTEyNWUwZDZlNmMiLCJpYXQiOjE2ODQyMjk4NDMsImV4cCI6MTY4NDIzMzQ0M30.S9PLZ9VLjsqiZMsFbdgUo3mdfvrb9nExif0Lw2SimE8","sourceIndex":"828"},{"howFound":"","reference":"","landingPage":"https://filehippo.de/download_combo-cleaner/","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://d3ry3spu9wn6vo.cloudfront.net/files/qhjcr9kb4g/51.451/combo-cleaner-1.0.42-installer.exe","sourceIndex":"829"},{"howFound":"","reference":"","landingPage":"","directDownloadingLink":"https://filehippo.com/download_iobit-uninstaller/","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://d3ry3spu9wn6vo.cloudfront.net/files/l1yopdrjuf/54.4954/iobit-uninstaller-11.3.0.4-installer.exe","sourceIndex":"830"},{"howFound":"DE-site","reference":"","landingPage":"","directDownloadingLink":"https://filehippo.com/launch_download/?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJkb3dubG9hZFR5cGUiOiJyaXNlSW5zdGFsbGVyIiwiZG93bmxvYWRVcmwiOiJodHRwczovL2Qzcnkzc3B1OXduNnZvLmNsb3VkZnJvbnQubmV0L2ZpbGVzLzNhbWQzMGZ4OWYvNjcuNzY2NC9jb21iby1jbGVhbmVyLTEuMC40Mi1pbnN0YWxsZXIuZXhlIiwicHJvZ3JhbUlkIjoiMjg1M2I5NDMtNjczNC00MDM5LWE2NDItOGExMjVlMGQ2ZTZjIiwiaWF0IjoxNjg1MTAwNDk5LCJleHAiOjE2ODUxMDQwOTl9.1PIGzzShWd8Af6aK7EDznaXiChORbjkIuCn6kHAjJeU","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://filehippo.com/launch_download/?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJkb3dubG9hZFR5cGUiOiJyaXNlSW5zdGFsbGVyIiwiZG93bmxvYWRVcmwiOiJodHRwczovL2Qzcnkzc3B1OXduNnZvLmNsb3VkZnJvbnQubmV0L2ZpbGVzLzNhbWQzMGZ4OWYvNjcuNzY2NC9jb21iby1jbGVhbmVyLTEuMC40Mi1pbnN0YWxsZXIuZXhlIiwicHJvZ3JhbUlkIjoiMjg1M2I5NDMtNjczNC00MDM5LWE2NDItOGExMjVlMGQ2ZTZjIiwiaWF0IjoxNjg1MTAwNDk5LCJleHAiOjE2ODUxMDQwOTl9.1PIGzzShWd8Af6aK7EDznaXiChORbjkIuCn6kHAjJeU","sourceIndex":"831"},{"howFound":"PH site","reference":"","landingPage":"","directDownloadingLink":"https://d3ry3spu9wn6vo.cloudfront.net/files/0yrgleoatx/24.510/3utools-2.65.003-installer.exe","ipv4":"","ipv6":"","landingPageWildChar":"https://filehippo.com/download*","directDownloadingLinkWildChar":"https://d3ry3spu9wn6vo.cloudfront.net/*","sourceIndex":"832"},{"howFound":"PH site","reference":"","landingPage":"","directDownloadingLink":"https://d3ry3spu9wn6vo.cloudfront.net/files/02wk48h3tu/47.8956/pdf-reader-2-installer.exe","ipv4":"","ipv6":"","landingPageWildChar":"https://filehippo.com/download*","directDownloadingLinkWildChar":"https://d3ry3spu9wn6vo.cloudfront.net/*","sourceIndex":"833"},{"howFound":"","reference":"","landingPage":"","directDownloadingLink":"https://filehippo.com/launch_download/?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJkb3dubG9hZFR5cGUiOiJyaXNlSW5zdGFsbGVyIiwiZG93bmxvYWRVcmwiOiJodHRwczovL2Qzcnkzc3B1OXduNnZvLmNsb3VkZnJvbnQubmV0L2ZpbGVzLzUwd2N5ZDFhMHAvNDIuNjUzNC9pdG9vbHMtNC41LjEuOC1pbnN0YWxsZXIuZXhlIiwicHJvZ3JhbUlkIjoiOGQwYjkwNDAtOTZkMS0xMWU2LThhOGUtMDAxNjNlYzlmNWZhIiwiaWF0IjoxNjkwMzgxNTUwLCJleHAiOjE2OTAzODUxNTB9.MtF24iQtwq2MkohpS2zq9EVVq0sok4FNqRf4ybx6b9g","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://filehippo.com/launch_download/?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJkb3dubG9hZFR5cGUiOiJyaXNlSW5zdGFsbGVyIiwiZG93bmxvYWRVcmwiOiJodHRwczovL2Qzcnkzc3B1OXduNnZvLmNsb3VkZnJvbnQubmV0L2ZpbGVzLzUwd2N5ZDFhMHAvNDIuNjUzNC9pdG9vbHMtNC41LjEuOC1pbnN0YWxsZXIuZXhlIiwicHJvZ3JhbUlkIjoiOGQwYjkwNDAtOTZkMS0xMWU2LThhOGUtMDAxNjNlYzlmNWZhIiwiaWF0IjoxNjkwMzgxNTUwLCJleHAiOjE2OTAzODUxNTB9.MtF24iQtwq2MkohpS2zq9EVVq0sok4FNqRf4ybx6b9g","sourceIndex":"834"},{"howFound":"PH site","reference":"","landingPage":"","directDownloadingLink":"https://d3ry3spu9wn6vo.cloudfront.net/files/t4wau1ijpy/77.3365/combo-cleaner-1.0.42-installer.exe","ipv4":"","ipv6":"","landingPageWildChar":"https://filehippo.com/download*","directDownloadingLinkWildChar":"https://d3ry3spu9wn6vo.cloudfront.net/*","sourceIndex":"835"}],"sampleFiles":["231102/RiseDownloadManager-230309/8.7.2431/Samples/combo-cleaner-1.0.42-installer_F0fWJ-1.exe","231102/RiseDownloadManager-230309/8.7.2431/Samples/combo-cleaner-1.0.42-installer_PgLz-81.exe","231102/RiseDownloadManager-230309/8.7.2431/Samples/iobit-uninstaller-11.3.0.4-installer_GgYUq-1.exe","231102/RiseDownloadManager-230309/8.7.2431/Samples/combo-cleaner-1.0.42-installer_iySZz-1.exe","231102/RiseDownloadManager-230309/8.7.2431/Samples/combo-cleaner-1.0.42-installer_mfHCj-1.exe","231102/RiseDownloadManager-230309/8.7.2431/Samples/combo-cleaner-1.0.42-installer_X3Oh-d1.exe","231102/RiseDownloadManager-230309/8.7.2431/Samples/3utools-2.65.003-installer_CE5U-U1.exe","231102/RiseDownloadManager-230309/8.7.2431/Samples/pdf-reader-2-installer_k2S-iy1.exe","231102/RiseDownloadManager-230309/8.7.2431/Samples/itools-4.5.1.8-installer_j3N-hp1.exe","231102/RiseDownloadManager-230309/8.7.2431/Samples/combo-cleaner-1.0.42-installer_2Z-8uf1.exe","231102/RiseDownloadManager-230309/8.7.2431/Samples/brave-browser-1.3.361.133-installer_50rM-w1_231002.exe","231102/RiseDownloadManager-230309/8.7.2431/Samples/combo-cleaner-1.0.42-installer_0j-lyF1_231101.exe"],"imageFiles":["231102/RiseDownloadManager-230309/8.7.2431/Images/ACR-109/Risecodes_HiddenFile.JPG","231102/RiseDownloadManager-230309/8.7.2431/Images/ACR-109/FileHippo_042_1.JPG","231102/RiseDownloadManager-230309/8.7.2431/Images/ACR-109/Risecodes_FileDropped.JPG","231102/RiseDownloadManager-230309/8.7.2431/Images/ACR-039/Risecodes_DM_IOBIT.JPG","231102/RiseDownloadManager-230309/8.7.2431/Images/ACR-042/Risecodes_Traffic.JPG","231102/RiseDownloadManager-230309/8.7.2431/Images/ACR-042/Risecodes_FileDropped.JPG","231102/RiseDownloadManager-230309/8.7.2431/Images/ACR-042/FileHippo_042.JPG","231102/RiseDownloadManager-230309/8.7.2431/Images/ACR-042/FileHippo_042_1.JPG","231102/RiseDownloadManager-230309/8.7.2431/Images/ACR-013/RiseCodes_Offer_060_3.JPG","231102/RiseDownloadManager-230309/8.7.2431/Images/ACR-013/RiseCodes_Offer_060_2.JPG","231102/RiseDownloadManager-230309/8.7.2431/Images/ACR-013/RiseCodes_Offer_060_1.JPG","231102/RiseDownloadManager-230309/8.7.2431/Images/ACR-013/RiseCodes_Offer_060.JPG","231102/RiseDownloadManager-230309/8.7.2431/Images/ACR-060/RiseCodes_Offer_060.JPG","231102/RiseDownloadManager-230309/8.7.2431/Images/ACR-075/RiseCodes_Offers.JPG","231102/RiseDownloadManager-230309/8.7.2431/Images/ACR-060/ACR-060_1.png","231102/RiseDownloadManager-230309/8.7.2431/Images/ACR-060/ACR-060_2.png","231102/RiseDownloadManager-230309/8.7.2431/Images/ACR-060/ACR-060_3.png","231102/RiseDownloadManager-230309/8.7.2431/Images/ACR-060/ACR-060_4.png"],"nonDeceptorImageFiles":["231102/RiseDownloadManager-230309/8.7.2431/Images/ACR-044/Risecodes_DM_IOBIT.JPG","231102/RiseDownloadManager-230309/8.7.2431/Images/ACR-060/AdNetwork_Rise_060_2.JPG","231102/RiseDownloadManager-230309/8.7.2431/Images/ACR-060/AdNetwork_Rise_060_1.JPG"],"guid":"0e80ee49-1be4-4fa2-bc0e-f753258a3b88_8.7.2431_1","appID":"RiseDownloadManager-230309","dateAdded":"240125","deceptorType":"Bundler","name":"FileHippoDownloadManager","company":"filehippo.com","version":"8.7.2431","lastKnownStatus":"51.1052.0.0;8.7.2431;85.71.2401.4231;27.12.2947.2398;36.26.2683.9493;9.0.2332.0;27.12.2947.2398;9.1.1241.0;13.41.4168.8345","lastKnownDate":"240125","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 10,Windows 8,Windows 7","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"sold in bundle,cross-sell other apps","lastUpdate":"2024-01-25T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":8,"sortOrder":741},{"violations":{"ACR-004":"The app provides free scan results, but does not provide a fully functional trial (only provides fixes for 500MB of files) before requiring consumer to pay.\n"},"nonDeceptorViolations":{"ACR-065":"The install does not contain links to the EULA, the Returns and Cancellation Policy, or the Privacy Policy.\nThe app does not display links to the EULA, the Returns and Cancellation Policy, Privacy Policy.\nThe landing page does not display links to the Returns and Cancellation Policy,\n","ACR-099":"The app does not display links to uninstall information.\nThe landing page does not display links to uninstall information.\nThe internal offers page does not display links to uninstall information.\n"},"samples":[{"isRevoked":"False","fileName":"Mac Cleaner","fileVersion":"0.","hashMD5":"b65ed2d9c2a829e2b3109b67cc019aa1","hashSHA1":"c35efd8386ef8574061970fa3d4c7ce87690bc4a","hashSHA256":"0b977bed4139ac1f0d5f942e533049f04e518fbd86d45f7ad55c18e40e3727b0","sourceIndex":"2779","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"mac-cleaner.dmg","isInstaller":"True","fileVersion":"0.","hashMD5":"4ade1537a87a7bb6a9eb87fea0a4e689","hashSHA1":"19c13392cc575d21874e81540a9f77d8009661b4","hashSHA256":"13867b3f78b861ed23f7299a7bc1b86d4d611a9b71d3cde6fc1e381c0d1fd58e","sourceIndex":"2779","avBlockList":["Avast Security for Mac (20240611)","Avira Security for Mac (20240611)","Bitdefender Antivirus for Mac (20240611)","ESET Cyber Security Pro for Mac (20240611)","G DATA AntiVirus for Mac (20240611)","K7 Antivirus for Mac (20240611)","McAfee Internet Security for Mac (20240611)","Norton Security for Mac (20240611)","Sophos Home Premium For Mac (20240611)","Trend Micro Antivirus for Mac (20240611)","SpyHunterforMac (20240611)"],"avAllowList":["Kaspersky Internet Security for Mac (20240611)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"Yahoo search \"Mac cleaner junk remove\"","landingPage":"https://www.apeaksoft.com/mac-cleaner/","directDownloadingLink":"https://download.apeaksoft.com/mac/mac-cleaner.dmg?_ga=2.60901803.606249856.1568683051-763551902.1568683051","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://download.apeaksoft.com/mac/mac-cleaner.dmg?_ga=2.60901803.606249856.1568683051-763551902.1568683051","sourceIndex":"2779"}],"sampleFiles":["190919/ApeaksoftMacCleaner-190515/1.0.16/Samples/mac-cleaner.dmg"],"imageFiles":["190919/ApeaksoftMacCleaner-190515/1.0.16/Images/ACR-004/Mac Cleaner ACR 004.gif"],"nonDeceptorImageFiles":["190919/ApeaksoftMacCleaner-190515/1.0.16/Images/ACR-065/Mac Cleaner Install Page.png","190919/ApeaksoftMacCleaner-190515/1.0.16/Images/ACR-065/Mac Cleaner About Page.png","190919/ApeaksoftMacCleaner-190515/1.0.16/Images/ACR-099/Mac Cleaner About Page.png","190919/ApeaksoftMacCleaner-190515/1.0.16/Images/ACR-099/Bottom of Landing Page.png","190919/ApeaksoftMacCleaner-190515/1.0.16/Images/ACR-099/Bottom of Internal Offers.png","190919/ApeaksoftMacCleaner-190515/1.0.16/Images/ACR-065/Bottom of Internal Offers.png"],"guid":"fb1b3d06-6bc6-4efa-893e-7340d7ceb6fd_1.0.16_1","appID":"ApeaksoftMacCleaner-190515","dateAdded":"240125","deceptorType":"MacOS App","name":"Mac Cleaner","company":"Apeaksoft Technology Limited","version":"1.0.16","sigName":"Deceptor:MacOS/ApeaksoftMacCleaner!004","lastKnownStatus":"Deceptor:1.0.12,1.0.16;1,0,18;1.0.20;1.0.22","lastKnownDate":"240125","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2024-01-25T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":5,"sortOrder":761},{"violations":{"ACR-004":"The app provides a free scan, but then only partially addresses the free scan results (deletes 500MB of files), before requiring the consumer to pay.\n"},"nonDeceptorViolations":{"ACR-065":"The install does not contain links to the EULA, the Returns and Cancellation Policy, or the Privacy Policy.\nThe app does not display links to the EULA, the Returns and Cancellation Policy, Privacy Policy.\nThe landing page does not display links to the Returns and Cancellation Policy,\n","ACR-099":"The app does not display links to uninstall information.\nThe landing page does not display links to uninstall information.\nThe internal offers page does not display links to uninstall information.\n"},"samples":[{"isRevoked":"False","fileName":"Mac Cleaner","fileVersion":"0.","hashMD5":"08fa35c239e22246356eb01676230c5a","hashSHA1":"ac782db24a862d5034845839f67c01a94c4aa748","hashSHA256":"4fb3aaeedb30a41920626de884d93691b9adb6fb23296c79c5a35caa33a4bc88","sourceIndex":"2778","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"mac-cleaner.dmg","isInstaller":"True","fileVersion":"0.","hashMD5":"a5de669db34a9f60254458c1a49dc1fb","hashSHA1":"528e665cfa12ac1561314c68c27141079830afc2","hashSHA256":"f2d7f3d522e28a12c4221a4560f51ddca078124b8f0aa094ca484280428f9905","sourceIndex":"2778","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"Yahoo search \"Mac cleaner junk remove\"","landingPage":"https://www.apeaksoft.com/mac-cleaner/","directDownloadingLink":"https://download.apeaksoft.com/mac/mac-cleaner.dmg?_ga=2.224939289.24806851.1557962959-2035812679.1557962959","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://download.apeaksoft.com/mac/mac-cleaner.dmg?_ga=2.224939289.24806851.1557962959-2035812679.1557962959","sourceIndex":"2778"}],"sampleFiles":["190919/ApeaksoftMacCleaner-190515/1.0.12/Samples/Mac Cleaner","190919/ApeaksoftMacCleaner-190515/1.0.12/Samples/mac-cleaner.dmg"],"imageFiles":["190919/ApeaksoftMacCleaner-190515/1.0.12/Images/ACR-004/ACR004.gif"],"nonDeceptorImageFiles":["190919/ApeaksoftMacCleaner-190515/1.0.12/Images/ACR-065/MacCleaner Install.png","190919/ApeaksoftMacCleaner-190515/1.0.12/Images/ACR-065/MacCleaner About Page.png","190919/ApeaksoftMacCleaner-190515/1.0.12/Images/ACR-099/MacCleaner About Page.png","190919/ApeaksoftMacCleaner-190515/1.0.12/Images/ACR-099/MacCleaner Bottom of Landing Page.png","190919/ApeaksoftMacCleaner-190515/1.0.12/Images/ACR-099/MacCleaner Bottom of Internal Offers.png","190919/ApeaksoftMacCleaner-190515/1.0.12/Images/ACR-065/MacCleaner Bottom of Landing Page.png"],"guid":"fb1b3d06-6bc6-4efa-893e-7340d7ceb6fd_1.0.12_1","appID":"ApeaksoftMacCleaner-190515","dateAdded":"240125","deceptorType":"MacOS App","name":"Mac Cleaner","company":"Apeaksoft Technology Limited","version":"1.0.12","sigName":"Deceptor:MacOS/ApeaksoftMacCleaner!004","lastKnownStatus":"Deceptor:1.0.12,1.0.16;1,0,18;1.0.20;1.0.22","lastKnownDate":"240125","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2024-01-25T00:00:00+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":5,"sortOrder":760},{"violations":{"ACR-004":"The app provides free scan results, but does not provide a fully functional trial (only provides fixes for 500MB of files) before requiring consumer to pay.\n"},"nonDeceptorViolations":{"ACR-065":"The install does not contain links to the EULA, the Returns and Cancellation Policy, or the Privacy Policy.\nThe app does not display links to the EULA, the Returns and Cancellation Policy, Privacy Policy.\nThe landing page does not display links to the Returns and Cancellation Policy\nThe internal offer page does not display links to the Returns and Cancellation Policy\n","ACR-099":"The app does not display links to uninstall information.\nThe landing page does not display links to uninstall information.\nThe internal offers page does not display links to uninstall information.\n"},"samples":[{"isRevoked":"False","fileName":"Mac Cleaner","fileVersion":"0.","hashMD5":"3b3f2232c765255f83a93ac4271a861b","hashSHA1":"8f0bc9c5b05b06430924aed242784fba21f08157","hashSHA256":"b6e1376d9a6752a5cff79030dde04f95d27fe844ba7ab4209bc52a9662662c00","sourceIndex":"2423","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"mac-cleaner.dmg","isInstaller":"True","fileVersion":"0.","hashMD5":"644b36ae5e2dd2ead6e918bea86af5cf","hashSHA1":"3648cc779feaf04e0efb9fad682b80668163eb5b","hashSHA256":"73cfb31b2e4ca472aa12c14e98203ad64b38910c17ca7c6cc5bc5e61c0ffc2f7","sourceIndex":"2423","avBlockList":["Avast Security for Mac (20240312)","Avira Security for Mac (20240312)","ESET Cyber Security Pro for Mac (20240312)","McAfee Internet Security for Mac (20240312)","Norton Security for Mac (20240312)","Sophos Home Premium For Mac (20240312)","Trend Micro Antivirus for Mac (20240312)","SpyHunterforMac (20240312)"],"avAllowList":["Bitdefender Antivirus for Mac (20240312)","G DATA AntiVirus for Mac (20240312)","K7 Antivirus for Mac (20240312)","Kaspersky Internet Security for Mac (20240312)"]}],"additionalFiles":[],"sources":[{"howFound":"Google search \"Mac junk cleaner\"","reference":"https://www.apeaksoft.com/mac-cleaner/","landingPage":"https://www.apeaksoft.com/mac-cleaner/","directDownloadingLink":"https://downloads.apeaksoft.com/mac/mac-cleaner.dmg?_ga=2.24681274.1213689641.1590725495-1135594516.1590725495","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://downloads.apeaksoft.com/mac/mac-cleaner.dmg?_ga=2.24681274.1213689641.1590725495-1135594516.1590725495","sourceIndex":"2423"}],"sampleFiles":["200601/ApeaksoftMacCleaner-190515/1.0.18/Samples/Mac Cleaner","200601/ApeaksoftMacCleaner-190515/1.0.18/Samples/mac-cleaner.dmg"],"imageFiles":["200601/ApeaksoftMacCleaner-190515/1.0.18/Images/ACR-004/Mac Cleaner_Interaction [1].png"],"nonDeceptorImageFiles":["200601/ApeaksoftMacCleaner-190515/1.0.18/Images/ACR-065/Mac Cleaner_Install [1].png","200601/ApeaksoftMacCleaner-190515/1.0.18/Images/ACR-065/Mac Cleaner_About [1].png","200601/ApeaksoftMacCleaner-190515/1.0.18/Images/ACR-065/Mac Cleaner_Interaction [2].png","200601/ApeaksoftMacCleaner-190515/1.0.18/Images/ACR-099/Mac Cleaner_About [1].png","200601/ApeaksoftMacCleaner-190515/1.0.18/Images/ACR-099/Mac Cleaner_LandingPage [1].png","200601/ApeaksoftMacCleaner-190515/1.0.18/Images/ACR-099/Mac Cleaner_LandingPage [2].png","200601/ApeaksoftMacCleaner-190515/1.0.18/Images/ACR-099/Mac Cleaner_OfferPage [1].png","200601/ApeaksoftMacCleaner-190515/1.0.18/Images/ACR-099/Mac Cleaner_OfferPage [2].png","200601/ApeaksoftMacCleaner-190515/1.0.18/Images/ACR-099/Mac Cleaner_OfferPage [3].png","200601/ApeaksoftMacCleaner-190515/1.0.18/Images/ACR-065/Mac Cleaner_LandingPage [1].png","200601/ApeaksoftMacCleaner-190515/1.0.18/Images/ACR-065/Mac Cleaner_LandingPage [2].png","200601/ApeaksoftMacCleaner-190515/1.0.18/Images/ACR-065/Mac Cleaner_OfferPage [1].png","200601/ApeaksoftMacCleaner-190515/1.0.18/Images/ACR-065/Mac Cleaner_OfferPage [2].png","200601/ApeaksoftMacCleaner-190515/1.0.18/Images/ACR-065/Mac Cleaner_OfferPage [3].png"],"guid":"fb1b3d06-6bc6-4efa-893e-7340d7ceb6fd_1.0.18_1","appID":"ApeaksoftMacCleaner-190515","dateAdded":"240125","deceptorType":"MacOS App","name":"Mac Cleaner","company":"Apeaksoft Technology Limited","version":"1.0.18","sigName":"Deceptor:MacOS/MacCleaner!004","lastKnownStatus":"Deceptor:1.0.12,1.0.16;1,0,18;1.0.20;1.0.22","lastKnownDate":"240125","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2024-01-25T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":5,"sortOrder":759},{"violations":{"ACR-004":"The app provides free scan results, but does not provide a fully functional trial (only provides fixes for 500MB of files) before requiring consumer to pay.\n","ACR-164":"The app needs to provide detailed information about how to cancel, renew notification and next payment term's price with these time-bound discount items.\n","ACR-165":"The app does not mention clearly that the Auto-renewal policy and cancellation policy & does not disclose whether there might be a change in price after the subscription period.\n"},"nonDeceptorViolations":{"ACR-045":"\"Free Download\" highlights \"Free\" misleads user. The functionality that requires consumer payment in order to be activated needs to be marked clearly in landing page. Otherwise app should remove \"free\" word.\n","ACR-065":"The install does not contain links to the EULA, the Returns and Cancellation Policy, or the Privacy Policy.\nThe app does not display links to the EULA, the Returns and Cancellation Policy, Privacy Policy.\nThe landing page does not display links to the Returns and Cancellation Policy\nThe internal offer page does not display links to the Returns and Cancellation Policy\n","ACR-161":"The landing page has testimonials that have no links back to a source so consumers can verify if they're real.\n","ACR-099":"The app does not display links to uninstall information.\nThe landing page does not display links to uninstall information.\nThe internal offers page does not display links to uninstall information.\n","ACR-167":"The application's has no mention of a 30 days refund policy.\n"},"samples":[{"isRevoked":"False","fileName":"Mac Cleaner","fileVersion":"0.","hashMD5":"dd64e18fe7eef3c27f7c9b30782763da","hashSHA1":"08c5b3ca0e7fd52e7ad1d2c4b7fda447e3116602","hashSHA256":"6ab14738313aaa4aecddc97f4ea9ef3d0f78ead5b023fae85a1df59b501e4f13","sourceIndex":"1773","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"mac-cleaner.dmg","isInstaller":"True","fileVersion":"0.","hashMD5":"d556cb4503b81a5a083bbb5530f7237e","hashSHA1":"275acbbc619dc3cd2f78167a23554e574a350b31","hashSHA256":"14d10e633cb720ab7b6f7b269e584dce65712b01ca9331c217d0766195b73f17","sourceIndex":"1773","avBlockList":["Avast Security for Mac (20220510)","Avira Security for Mac (20220510)","ESET Cyber Security Pro for Mac (20220510)","K7 Antivirus for Mac (20220510)","Norton Security for Mac (20220510)","Sophos Home Premium For Mac (20220510)","Trend Micro Antivirus for Mac (20220510)"],"avAllowList":["Bitdefender Antivirus for Mac (20220510)","G DATA AntiVirus for Mac (20220510)","Kaspersky Internet Security for Mac (20220510)","McAfee Internet Security for Mac (20220510)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"","landingPage":"https://www.apeaksoft.com/mac-cleaner/","directDownloadingLink":"https://downloads.apeaksoft.com/mac/mac-cleaner.dmg?_ga=2.268221003.435928411.1638866574-736466102.1638866574","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://downloads.apeaksoft.com/mac/mac-cleaner.dmg?_ga=2.268221003.435928411.1638866574-736466102.1638866574","sourceIndex":"1773"}],"sampleFiles":["211207/ApeaksoftMacCleaner-190515/1.0.20/Samples/Mac Cleaner","211207/ApeaksoftMacCleaner-190515/1.0.20/Samples/mac-cleaner.dmg"],"imageFiles":["211207/ApeaksoftMacCleaner-190515/1.0.20/Images/ACR-164/Mac Cleaner_OfferPage [3].png","211207/ApeaksoftMacCleaner-190515/1.0.20/Images/ACR-164/Mac Cleaner_OfferPage [4].png","211207/ApeaksoftMacCleaner-190515/1.0.20/Images/ACR-165/Mac Cleaner_OfferPage [3].png","211207/ApeaksoftMacCleaner-190515/1.0.20/Images/ACR-165/Mac Cleaner_OfferPage [4].png","211207/ApeaksoftMacCleaner-190515/1.0.20/Images/ACR-004/Mac Cleaner_Interactions [1].png"],"nonDeceptorImageFiles":["211207/ApeaksoftMacCleaner-190515/1.0.20/Images/ACR-045/Mac Cleaner_LandingPage [3].png","211207/ApeaksoftMacCleaner-190515/1.0.20/Images/ACR-065/Mac Cleaner_Install [1].png","211207/ApeaksoftMacCleaner-190515/1.0.20/Images/ACR-065/Mac Cleaner_About [1].png","211207/ApeaksoftMacCleaner-190515/1.0.20/Images/ACR-099/Mac Cleaner_About [1].png","211207/ApeaksoftMacCleaner-190515/1.0.20/Images/ACR-099/Mac Cleaner_LandingPage [1].png","211207/ApeaksoftMacCleaner-190515/1.0.20/Images/ACR-099/Mac Cleaner_OfferPage [1].png","211207/ApeaksoftMacCleaner-190515/1.0.20/Images/ACR-161/Mac Cleaner_LandingPage [2].png","211207/ApeaksoftMacCleaner-190515/1.0.20/Images/ACR-065/Mac Cleaner_LandingPage [1].png","211207/ApeaksoftMacCleaner-190515/1.0.20/Images/ACR-065/Mac Cleaner_OfferPage [1].png"],"guid":"fb1b3d06-6bc6-4efa-893e-7340d7ceb6fd_1.0.20_1","appID":"ApeaksoftMacCleaner-190515","dateAdded":"240125","deceptorType":"MacOS App","name":"Mac Cleaner","company":"Apeaksoft Technology Limited","version":"1.0.20","lastKnownStatus":"Deceptor:1.0.12,1.0.16;1,0,18;1.0.20;1.0.22","lastKnownDate":"240125","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2024-01-25T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":5,"sortOrder":758},{"violations":{"ACR-004":"The app provides free scan results, but does not provide a fully functional trial (only provides fixes for 500MB of files) before requiring consumer to pay.\n","ACR-164":"The app needs to provide detailed information about how to cancel and renewal notification\n","ACR-165":"The app does not mention clearly about the Auto-renewal policy and cancellation policy after the subscription period.\n"},"nonDeceptorViolations":{"ACR-045":"\"Free Download\" highlights \"Free\" misleads user. The functionality that requires consumer payment in order to be activated needs to be marked clearly in landing page. Otherwise app should remove \"free\" word.\n","ACR-065":"The install does not contain links to the EULA, the Returns and Cancellation Policy, or the Privacy Policy.\nThe app does not display links to the EULA, the Returns and Cancellation Policy, Privacy Policy.\nThe landing page does not display links to the Returns and Cancellation Policy\nThe internal offer page does not display links to the Returns and Cancellation Policy\n","ACR-161":"The landing page has testimonials that have no links back to a source so consumers can verify if they're real.\n","ACR-099":"The app does not display links to uninstall information.\nThe landing page does not display links to uninstall information.\nThe internal offers page does not display links to uninstall information.\n"},"samples":[{"isRevoked":"False","fileName":"Mac%20Cleaner","fileVersion":"0.","hashMD5":"16607739104846ec964f1756f739e0ea","hashSHA1":"826e4700c330402b70a3003c198e8a698e0341a2","hashSHA256":"8c66e0ae6625049796eb1d0b9941cfb43aa5dc3a26fdf3b10981ccdc09c0f824","sourceIndex":"750","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"mac-cleaner.dmg","isInstaller":"True","fileVersion":"0.","hashMD5":"ea30f5da755cb6acdebd98fd6d4584f1","hashSHA1":"8f222c022e445e42c061089316a84aab484b8e4c","hashSHA256":"d85b3477c6ac5b1b4f4dd955b2f405f635759a8f4c1d0eef0fdd9335226e2fc7","sourceIndex":"750","avBlockList":["Avast Security for Mac (20240514)","Avira Security for Mac (20240514)","ESET Cyber Security Pro for Mac (20240514)","Norton Security for Mac (20240514)","Sophos Home Premium For Mac (20240514)","SpyHunterforMac (20240514)","Trend Micro Antivirus for Mac (20240514)"],"avAllowList":["Bitdefender Antivirus for Mac (20240514)","G DATA AntiVirus for Mac (20240514)","K7 Antivirus for Mac (20240514)","Kaspersky Internet Security for Mac (20240514)","McAfee Internet Security for Mac (20240514)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"Yahoo search \"Mac cleaner junk remove\"","landingPage":"https://www.apeaksoft.com/mac-cleaner/","directDownloadingLink":"https://downloads.apeaksoft.com/mac/mac-cleaner.dmg?_ga=2.182487014.1503947608.1706065599-1037522412.1706065599","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://downloads.apeaksoft.com/mac/mac-cleaner.dmg?_ga=2.182487014.1503947608.1706065599-1037522412.1706065599","sourceIndex":"750"}],"sampleFiles":["240125/ApeaksoftMacCleaner-190515/1.0.22/Samples/Mac%20Cleaner","240125/ApeaksoftMacCleaner-190515/1.0.22/Samples/mac-cleaner.dmg"],"imageFiles":["240125/ApeaksoftMacCleaner-190515/1.0.22/Images/ACR-164/offerpage.png","240125/ApeaksoftMacCleaner-190515/1.0.22/Images/ACR-164/offerpage1.png","240125/ApeaksoftMacCleaner-190515/1.0.22/Images/ACR-164/offerpage2.png","240125/ApeaksoftMacCleaner-190515/1.0.22/Images/ACR-165/offerpage.png","240125/ApeaksoftMacCleaner-190515/1.0.22/Images/ACR-165/offerpage2.png","240125/ApeaksoftMacCleaner-190515/1.0.22/Images/ACR-165/offerpage3.png","240125/ApeaksoftMacCleaner-190515/1.0.22/Images/ACR-004/004.png"],"nonDeceptorImageFiles":["240125/ApeaksoftMacCleaner-190515/1.0.22/Images/ACR-045/LandingPage2.png","240125/ApeaksoftMacCleaner-190515/1.0.22/Images/ACR-065/install.png","240125/ApeaksoftMacCleaner-190515/1.0.22/Images/ACR-065/about2.png","240125/ApeaksoftMacCleaner-190515/1.0.22/Images/ACR-099/about2.png","240125/ApeaksoftMacCleaner-190515/1.0.22/Images/ACR-099/LandingPage.png","240125/ApeaksoftMacCleaner-190515/1.0.22/Images/ACR-099/offerpage.png","240125/ApeaksoftMacCleaner-190515/1.0.22/Images/ACR-161/LandingPage3.png","240125/ApeaksoftMacCleaner-190515/1.0.22/Images/ACR-065/LandingPage.png","240125/ApeaksoftMacCleaner-190515/1.0.22/Images/ACR-065/offerpage.png"],"guid":"fb1b3d06-6bc6-4efa-893e-7340d7ceb6fd_1.0.22_1","appID":"ApeaksoftMacCleaner-190515","dateAdded":"240125","deceptorType":"MacOS App","name":"Mac Cleaner","company":"Apeaksoft Technology Limited","version":"1.0.22","lastKnownStatus":"Deceptor:1.0.12,1.0.16;1,0,18;1.0.20;1.0.22","lastKnownDate":"240125","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2026-05-12T22:59:57.7437889+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":5,"sortOrder":757},{"violations":{"ACR-004":"The app only fixes 500MB of \"junk\" from the free scans and then it requires the user to pay to continue fixing free scan results.\n"},"nonDeceptorViolations":{"ACR-065":"The app's install does not contain links to it's EULA, Returns and Cancellation Policy, or the Privacy Policy.\nThe app's about page does not contain links to it's EULA, Returns and Cancellation Policy, or the Privacy Policy.\n","ACR-099":"The app's internal offers page does not contain links to uninstall information.\nThe app's landing page does not contain links to uninstall information.\nThe app's about page does not contain links to uninstall information.\n"},"samples":[{"isRevoked":"False","fileName":"imymac-powermymac.dmg","isInstaller":"True","companyName":"PowerMyMacPro","fileVersion":"0.","hashMD5":"","hashSHA1":"","hashSHA256":"4896522c3cc304e0c564c38a1944c3d35c3a8ad03232817fc361462af2a261c9","sourceIndex":"3115","avBlockList":["Avast Security for Mac (20220913)","Avira Security for Mac (20220913)","Bitdefender Antivirus for Mac (20220913)","ESET Cyber Security Pro for Mac (20220913)","G DATA AntiVirus for Mac (20220913)","McAfee Internet Security for Mac (20220913)","Norton Security for Mac (20220913)","Sophos Home Premium For Mac (20220913)","Trend Micro Antivirus for Mac (20220913)","Webroot SecureAnywhere AntiVirus for Mac (20200213)"],"avAllowList":["K7 Antivirus for Mac (20220913)","Kaspersky Internet Security for Mac (20220913)"]},{"isRevoked":"False","fileName":"PowerMyMac","companyName":"PowerMyMacPro","fileVersion":"0.","hashMD5":"","hashSHA1":"","hashSHA256":"fa629b78f52670e0e3976c4cd54cd6119442e85e918021cfd62b757befa13516","sourceIndex":"3115","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"iMyMac has another app that is a deceptor","landingPage":"https://www.imymac.com","directDownloadingLink":"https://www.imymac.com/download/imymac-powermymac.dmg","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.imymac.com/download/imymac-powermymac.dmg","sourceIndex":"3115"}],"sampleFiles":["190412/PowerMyMac-190410/1.0.2/Samples/imymac-powermymac.dmg","190412/PowerMyMac-190410/1.0.2/Samples/PowerMyMac"],"imageFiles":["190412/PowerMyMac-190410/1.0.2/Images/ACR-004/PowerMyMac 245MB Left.png","190412/PowerMyMac-190410/1.0.2/Images/ACR-004/PowerMyMac Before Internal Offers.png","190412/PowerMyMac-190410/1.0.2/Images/ACR-004/PowerMyMac Internal Offers.png"],"nonDeceptorImageFiles":["190412/PowerMyMac-190410/1.0.2/Images/ACR-065/PowerMyMac Install.png","190412/PowerMyMac-190410/1.0.2/Images/ACR-065/PowerMyMac About Page.png","190412/PowerMyMac-190410/1.0.2/Images/ACR-099/PowerMyMac Bottom of Internal Offers.png","190412/PowerMyMac-190410/1.0.2/Images/ACR-099/PowerMyMac Bottom of Landing Page.png","190412/PowerMyMac-190410/1.0.2/Images/ACR-099/PowerMyMac About Page.png"],"guid":"a2b25fe8-14b1-4164-a591-6ead241dfa7c_1.0.2_1","appID":"PowerMyMac-190410","dateAdded":"240125","deceptorType":"MacOS App","name":"Power My Mac","company":"iMyMac","version":"1.0.2","sigName":"Deceptor:MacOS/PowerMyMac!004","lastKnownStatus":"Deceptor:1.0.5;1.0.8;1.0.9;1.1.1;1.2.2;1.2.3;1.3.0;5.2.1;5.2.2;5.2.3;5.2.6","lastKnownDate":"240125","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2024-01-25T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":13,"sortOrder":756},{"violations":{"ACR-004":"The app only fixes 500MB of \"junk\" from the free scans and then it requires the user to pay to continue fixing free scan results.\n"},"nonDeceptorViolations":{"ACR-065":"The app's install does not contain links to it's EULA, Returns and Cancellation Policy, or the Privacy Policy.\nThe app's about page does not contain links to it's EULA, Returns and Cancellation Policy, or the Privacy Policy.\n","ACR-099":"The app's internal offers page does not contain links to uninstall information.\nThe app's about page does not contain links to uninstall information.\n"},"samples":[{"isRevoked":"False","fileName":"imymac-powermymac.dmg","isInstaller":"True","fileVersion":"1.0.5","hashMD5":"0f321fb7548b501c877e4a7080981ecb","hashSHA1":"613cdf43af072f125d3ea7cce1acd8e5f8117821","hashSHA256":"f50ac7b59bdd93d34c27413c65a6050f19a5e2defef354c81485e654fbb72b16","sourceIndex":"3067","avBlockList":["Avast Security for Mac (20240514)","Avira Security for Mac (20240514)","Bitdefender Antivirus for Mac (20240514)","ESET Cyber Security Pro for Mac (20240514)","G DATA AntiVirus for Mac (20240514)","McAfee Internet Security for Mac (20240514)","Norton Security for Mac (20240514)","Sophos Home Premium For Mac (20240514)","Trend Micro Antivirus for Mac (20240514)","SpyHunterforMac (20240514)"],"avAllowList":["K7 Antivirus for Mac (20240514)","Kaspersky Internet Security for Mac (20240514)"]},{"isRevoked":"False","fileName":"PowerMyMac","fileVersion":"1.0.5","hashMD5":"a41625ae47242c4f9dc573bbb5fe5940","hashSHA1":"191cdfe5928047ca56e7910f34bd0a6498ae6d7c","hashSHA256":"e44e159b5527e7552ae961c9fbd74b5a20bf6d08443950373bcf5e6066fd247f","digitalCertThumbprint":"1ce9033d690db4d3c6d94d2318b8233d629576a3","digitalCertIssuer":"Apple Root CA","digitalCertIssuedTo":"Guangzhou Zoenzo Network Technology Co., Ltd.","sourceIndex":"3067","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"iMyMac has another app that is a deceptor","landingPage":"https://www.imymac.com","directDownloadingLink":"https://www.imymac.com/download/imymac-powermymac.dmg","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.imymac.com/download/imymac-powermymac.dmg","sourceIndex":"3067"}],"sampleFiles":["190518/PowerMyMac-190410/1.0.5/Samples/imymac-powermymac.dmg","190518/PowerMyMac-190410/1.0.5/Samples/PowerMyMac"],"imageFiles":["190518/PowerMyMac-190410/1.0.5/Images/ACR-004/PowerMyMac ACR004.gif"],"nonDeceptorImageFiles":["190518/PowerMyMac-190410/1.0.5/Images/ACR-065/Screen Shot 2019-05-15 at 4.33.02 PM.png","190518/PowerMyMac-190410/1.0.5/Images/ACR-065/PowerMyMac About Page.png","190518/PowerMyMac-190410/1.0.5/Images/ACR-099/Bottom of Internal Offers.png","190518/PowerMyMac-190410/1.0.5/Images/ACR-099/PowerMyMac About Page.png"],"guid":"a2b25fe8-14b1-4164-a591-6ead241dfa7c_1.0.5_1","appID":"PowerMyMac-190410","dateAdded":"240125","deceptorType":"MacOS App","name":"Power My Mac","company":"iMyMac","version":"1.0.5","sigName":"Deceptor:Win32/PowerMyMac!004","lastKnownStatus":"Deceptor:1.0.5;1.0.8;1.0.9;1.1.1;1.2.2;1.2.3;1.3.0;5.2.1;5.2.2;5.2.3;5.2.6","lastKnownDate":"240125","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2024-01-25T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":13,"sortOrder":755},{"violations":{"ACR-004":"The app only fixes 500MB of \"junk\" from the free scans and then it requires the user to pay to continue fixing free scan results.\n"},"nonDeceptorViolations":{"ACR-065":"The app's install does not contain links to it's EULA, Returns and Cancellation Policy, or the Privacy Policy.\nThe app's about page does not contain links to it's EULA, Returns and Cancellation Policy, or the Privacy Policy.\n","ACR-099":"The app's internal offers page does not contain links to uninstall information.\nThe app's about page does not contain links to uninstall information.\n"},"samples":[{"isRevoked":"False","fileName":"imymac-powermymac.dmg","isInstaller":"True","fileVersion":"0.","hashMD5":"e51af899b7fce31ffb41a50517e899e4","hashSHA1":"abcf2d7dd1f620d7400a3eff4a682ea1e44a2788","hashSHA256":"9c6a8381277c434eefc775dafb8956c21577cfb93ac01032b67597982a3e482d","sourceIndex":"2576","avBlockList":["Avast Security for Mac (20240312)","Bitdefender Antivirus for Mac (20240312)","ESET Cyber Security Pro for Mac (20240312)","G DATA AntiVirus for Mac (20240312)","Kaspersky Internet Security for Mac (20240312)","McAfee Internet Security for Mac (20240312)","Norton Security for Mac (20240312)","Sophos Home Premium For Mac (20240312)","Trend Micro Antivirus for Mac (20240312)","Avira Security for Mac (20240312)","SpyHunterforMac (20240312)"],"avAllowList":["K7 Antivirus for Mac (20240312)"]},{"isRevoked":"False","fileName":"PowerMyMac","fileVersion":"0.","hashMD5":"7fd5ee5a45514916a75c51c4a4bdd703","hashSHA1":"38490078e1ddc5fea94896f87a0276b2e59375d6","hashSHA256":"b3b9582cc4bf9e442b21bb3a3d28cc3c22ca9b11ca8a58ccc9fe3cd12a0f0053","sourceIndex":"2576","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"iMyMac has another app that is a deceptor","landingPage":"https://www.imymac.com/powermymac/","directDownloadingLink":"https://www.imymac.com/download/imymac-powermymac.dmg","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.imymac.com/download/imymac-powermymac.dmg","sourceIndex":"2576"}],"sampleFiles":["200123/PowerMyMac-190410/1.0.8/Samples/imymac-powermymac.dmg","200123/PowerMyMac-190410/1.0.8/Samples/PowerMyMac"],"imageFiles":["200123/PowerMyMac-190410/1.0.8/Images/ACR-004/PowerMyMac ACR-004.gif"],"nonDeceptorImageFiles":["200123/PowerMyMac-190410/1.0.8/Images/ACR-065/PowerMyMac Install.png","200123/PowerMyMac-190410/1.0.8/Images/ACR-065/PowerMyMac About Page.png","200123/PowerMyMac-190410/1.0.8/Images/ACR-099/PowerMyMac Bottom of Internal Offers.png","200123/PowerMyMac-190410/1.0.8/Images/ACR-099/PowerMyMac About Page.png"],"guid":"a2b25fe8-14b1-4164-a591-6ead241dfa7c_1.0.8_1","appID":"PowerMyMac-190410","dateAdded":"240125","deceptorType":"MacOS App","name":"Power My Mac","company":"iMyMac","version":"1.0.8","sigName":"Deceptor:MacOS/PowerMyMac!004","lastKnownStatus":"Deceptor:1.0.5;1.0.8;1.0.9;1.1.1;1.2.2;1.2.3;1.3.0;5.2.1;5.2.2;5.2.3;5.2.6","lastKnownDate":"240125","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2024-01-25T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":13,"sortOrder":754},{"violations":{"ACR-004":"The app only fixes 500MB of \"junk\" from the free scans and then it requires the user to pay to continue fixing free scan results.\n"},"nonDeceptorViolations":{"ACR-045":" \"Free Download\" highlights \"Free\" misleads user. The functionality that requires consumer payment in order to be activated needs to be marked clearly in landing page. Otherwise app should remove \"free\" word.\n","ACR-065":"The app's install does not contain links to it's EULA, Returns and Cancellation Policy, or the Privacy Policy.\nThe app's about page does not contain links to it's EULA, Returns and Cancellation Policy, or the Privacy Policy.\n","ACR-099":"The app's internal offers page does not contain links to uninstall information.\nThe app's about page does not contain links to uninstall information.\n"},"samples":[{"isRevoked":"False","fileName":"imymac-powermymac.dmg","isInstaller":"True","fileVersion":"0.","hashMD5":"fedd1da1498a761900c79bd0a8537e57","hashSHA1":"68d44a70c12e5fb45bc649f65b81e7445e927d75","hashSHA256":"8735060481b7b21bc5c4eef4415b0345166f022021580d14247a37b1b43b59f7","sourceIndex":"2509","avBlockList":["Avast Security for Mac (20210713)","Avira Security for Mac (20210713)","ESET Cyber Security Pro for Mac (20210713)","McAfee Internet Security for Mac (20210713)","Norton Security for Mac (20210713)","Sophos Home Premium For Mac (20210713)","Trend Micro Antivirus for Mac (20210713)"],"avAllowList":["Bitdefender Antivirus for Mac (20210713)","G DATA AntiVirus for Mac (20210713)","K7 Antivirus for Mac (20210713)","Kaspersky Internet Security for Mac (20210713)"]},{"isRevoked":"False","fileName":"PowerMyMac","fileVersion":"0.","hashMD5":"aef013f1138e8f8134d70c2c4e443f18","hashSHA1":" cc250838f096815a24d6ff129061c933ad1c478f","hashSHA256":"80fdff526eff946a7aaf54e1da4aeb58b35a9153657f1eb4b70dbc731b189fa1","sourceIndex":"2509","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"","landingPage":"https://www.imymac.com","directDownloadingLink":"https://www.imymac.com/download/imymac-powermymac.dmg","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.imymac.com/download/imymac-powermymac.dmg","sourceIndex":"2509"}],"sampleFiles":["200409/PowerMyMac-190410/1.0.9/Samples/imymac-powermymac.dmg","200409/PowerMyMac-190410/1.0.9/Samples/PowerMyMac"],"imageFiles":["200409/PowerMyMac-190410/1.0.9/Images/ACR-004/PowerMyMac [2].png","200409/PowerMyMac-190410/1.0.9/Images/ACR-004/PowerMyMac_Purchase [1].png","200409/PowerMyMac-190410/1.0.9/Images/ACR-004/PowerMyMac_Purchase [2].png"],"nonDeceptorImageFiles":["200409/PowerMyMac-190410/1.0.9/Images/ACR-065/PowerMyMac_Installation [1].png","200409/PowerMyMac-190410/1.0.9/Images/ACR-065/PowerMyMac [3].png","200409/PowerMyMac-190410/1.0.9/Images/ACR-065/PowerMyMac [9].png","200409/PowerMyMac-190410/1.0.9/Images/ACR-065/PowerMyMac [10].png","200409/PowerMyMac-190410/1.0.9/Images/ACR-099/PowerMyMac_LandingPage [2].png","200409/PowerMyMac-190410/1.0.9/Images/ACR-099/PowerMyMac_Purchase [1].png","200409/PowerMyMac-190410/1.0.9/Images/ACR-099/PowerMyMac_LandingPage [3].png","200409/PowerMyMac-190410/1.0.9/Images/ACR-099/PowerMyMac_About.png","200409/PowerMyMac-190410/1.0.9/Images/ACR-045/PowerMyMac_LandingPage [2].png"],"guid":"a2b25fe8-14b1-4164-a591-6ead241dfa7c_1.0.9_1","appID":"PowerMyMac-190410","dateAdded":"240125","deceptorType":"MacOS App","name":"Power My Mac","company":"iMyMac","version":"1.0.9","sigName":"Deceptor:MacOS/PowerMyMac!004","lastKnownStatus":"Deceptor:1.0.5;1.0.8;1.0.9;1.1.1;1.2.2;1.2.3;1.3.0;5.2.1;5.2.2;5.2.3;5.2.6","lastKnownDate":"240125","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2024-01-25T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":13,"sortOrder":753},{"violations":{"ACR-004":"The app only fixes 500MB of \"junk\" from the free scans and then it requires the user to pay to continue fixing free scan results.\n"},"nonDeceptorViolations":{"ACR-045":" \"Free Download\" highlights \"Free\" misleads user. The functionality that requires consumer payment in order to be activated needs to be marked clearly in landing page. Otherwise app should remove \"free\" word.\n","ACR-065":"The app's install does not contain links to it's EULA, Returns and Cancellation Policy, or the Privacy Policy.\nThe app's about page does not contain links to it's EULA, Returns and Cancellation Policy, or the Privacy Policy.\n","ACR-099":"The app's internal offers page does not contain links to uninstall information.\nThe app's about page does not contain links to uninstall information.\n"},"samples":[],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"","landingPage":"https://www.fonedog.com/","directDownloadingLink":"https://www.fonedog.com/download/fonedog-powermymac.dmg","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.fonedog.com/download/fonedog-powermymac.dmg","sourceIndex":"2430"}],"sampleFiles":[],"imageFiles":["200526/PowerMyMac-190410/1.1.1/Images/ACR-004/PowerMyMac_Interaction [1].png"],"nonDeceptorImageFiles":["200526/PowerMyMac-190410/1.1.1/Images/ACR-065/PowerMyMac_Install [1].png","200526/PowerMyMac-190410/1.1.1/Images/ACR-065/PowerMyMac_About[1].png","200526/PowerMyMac-190410/1.1.1/Images/ACR-065/PowerMyMac_Interaction [2].png","200526/PowerMyMac-190410/1.1.1/Images/ACR-099/PowerMyMac_OfferPage [1].png","200526/PowerMyMac-190410/1.1.1/Images/ACR-099/PowerMyMac_OfferPage [2].png","200526/PowerMyMac-190410/1.1.1/Images/ACR-099/PowerMyMac_About[1].png","200526/PowerMyMac-190410/1.1.1/Images/ACR-099/PowerMyMac_Interaction [2].png","200526/PowerMyMac-190410/1.1.1/Images/ACR-045/PowerMyMac_LandingPage [1].png"],"guid":"a2b25fe8-14b1-4164-a591-6ead241dfa7c_1.1.1_1","appID":"PowerMyMac-190410","dateAdded":"240125","deceptorType":"MacOS App","name":"Power My Mac","company":"iMyMac","version":"1.1.1","sigName":"Deceptor:MacOS/PowerMyMac!004","lastKnownStatus":"Deceptor:1.0.5;1.0.8;1.0.9;1.1.1;1.2.2;1.2.3;1.3.0;5.2.1;5.2.2;5.2.3;5.2.6","lastKnownDate":"240125","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2024-01-25T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":13,"sortOrder":752},{"violations":{"ACR-004":"The app only fixes 500MB of \"junk\" from the free scans and then it requires the user to pay to continue fixing free scan results.\n"},"nonDeceptorViolations":{"ACR-045":" \"Free Download\" highlights \"Free\" misleads user. The functionality that requires consumer payment in order to be activated needs to be marked clearly in landing page. Otherwise app should remove \"free\" word.\n","ACR-065":"The app's install does not contain links to it's Returns and Cancellation Policy, or the Privacy Policy.\nThe app's about page does not contain links to it's EULA or Terms of Service, Returns and Cancellation Policy, or the Privacy Policy.\n","ACR-099":"The app's internal offers page does not contain links to uninstall information.\nThe app's landing page does not contain links to uninstall information.\nThe app's about page does not contain links to uninstall information.\n"},"samples":[{"isRevoked":"False","fileName":"imymac-powermymac.pkg","isInstaller":"True","fileVersion":"0.","hashMD5":"68820c6b177c8de55d4869cb8138df1c","hashSHA1":"1a1cf45523bf32a67da8025f0a155a2fc2fc50d8","hashSHA256":"dea97cd45b615778e3300a098be62136118df3c0ba2faad6e1cede0ded141e18","sourceIndex":"2041","avBlockList":["Avast Security for Mac (20220412)","Avira Security for Mac (20220412)","Bitdefender Antivirus for Mac (20220412)","ESET Cyber Security Pro for Mac (20220412)","G DATA AntiVirus for Mac (20220412)","K7 Antivirus for Mac (20220412)","McAfee Internet Security for Mac (20220412)","Norton Security for Mac (20220412)","Sophos Home Premium For Mac (20220412)","Trend Micro Antivirus for Mac (20220412)"],"avAllowList":["Kaspersky Internet Security for Mac (20220412)"]},{"isRevoked":"False","fileName":"PowerMyMac","fileVersion":"0.","hashMD5":"16e225282c5c215566ce7b0515b0c49e","hashSHA1":"79ec63955a93fc49442fbffffc8e2c2cb197ce23","hashSHA256":"35160f7842af40e68e15809396c6e18b67f088d3f514390337f34aeefc55a397","sourceIndex":"2041","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"iMyMac has another app that is a deceptor","landingPage":"https://www.imymac.com/mac-cleaner/","directDownloadingLink":"https://www.imymac.com/download/imymac-powermymac.dmg","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.imymac.com/download/imymac-powermymac.dmg","sourceIndex":"2041"}],"sampleFiles":["200526/PowerMyMac-190410/1.2.1/Samples/imymac-powermymac.pkg","200526/PowerMyMac-190410/1.2.1/Samples/PowerMyMac"],"imageFiles":["200526/PowerMyMac-190410/1.2.1/Images/ACR-004/PowerMyMac_Interactions [1].png"],"nonDeceptorImageFiles":["200526/PowerMyMac-190410/1.2.1/Images/ACR-065/PowerMyMac_Install [1].png","200526/PowerMyMac-190410/1.2.1/Images/ACR-065/PowerMyMac_Install [2].png","200526/PowerMyMac-190410/1.2.1/Images/ACR-065/PowerMyMac_Install [3].png","200526/PowerMyMac-190410/1.2.1/Images/ACR-065/PowerMyMac_Install [4].png","200526/PowerMyMac-190410/1.2.1/Images/ACR-065/PowerMyMac_About [1].png","200526/PowerMyMac-190410/1.2.1/Images/ACR-099/PowerMyMac_OfferPage [4].png","200526/PowerMyMac-190410/1.2.1/Images/ACR-099/PowerMyMac_LandingPage [6].png","200526/PowerMyMac-190410/1.2.1/Images/ACR-099/PowerMyMac_About [2].png","200526/PowerMyMac-190410/1.2.1/Images/ACR-099/PowerMyMac_Interactions [3].png","200526/PowerMyMac-190410/1.2.1/Images/ACR-045/PowerMyMac_LandingPage [4].png","200526/PowerMyMac-190410/1.2.1/Images/ACR-045/PowerMyMac_LandingPage [3].png"],"guid":"a2b25fe8-14b1-4164-a591-6ead241dfa7c_1.2.1_1","appID":"PowerMyMac-190410","dateAdded":"240125","deceptorType":"MacOS App","name":"Power My Mac","company":"iMyMac","version":"1.2.1","lastKnownStatus":"Deceptor:1.0.5;1.0.8;1.0.9;1.1.1;1.2.2;1.2.3;1.3.0;5.2.1;5.2.2;5.2.3;5.2.6","lastKnownDate":"240125","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2024-01-25T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":13,"sortOrder":751},{"violations":{"ACR-004":"The app only fixes 500MB of \"junk\" from the free scans and then it requires the user to pay to continue fixing free scan results.\n"},"nonDeceptorViolations":{"ACR-045":" \"Free Download\" highlights \"Free\" misleads user. The functionality that requires consumer payment in order to be activated needs to be marked clearly in landing page. Otherwise app should remove \"free\" word.\n","ACR-065":"The app's install wizard does not contain links to it's Returns and Cancellation Policy, or the Privacy Policy.\nThe app's about page does not contain links to it's EULA or Terms of Service, Returns and Cancellation Policy, or the Privacy Policy.\n","ACR-099":"The app's internal offers page does not contain links to uninstall information.\nThe app's landing page does not contain links to uninstall information.\nThe app's about page does not contain links to uninstall information.\n"},"samples":[{"isRevoked":"False","fileName":"imymac-powermymac.pkg","isInstaller":"True","fileVersion":"0.","hashMD5":"6bf5ff91f8019147fcf2aecd18f280de","hashSHA1":"b0bb571047515142124b48d5b7c7b006df260cbf","hashSHA256":"56afebc9aeafee33537dfe3e3b8f954cfcf7d5740d58d641c74358dc722e240a","sourceIndex":"2028","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"PowerMyMac","fileVersion":"0.","hashMD5":"b3581f469909158c65186eae49e5ee9e","hashSHA1":"eb9d8e814cd10d6941f7796386bf9f95a2bcb918","hashSHA256":"1d04a7dc8a9ae4a60a25d1cb722c6f50e1dcd1c926048f3fe15edd42f8d79ab9","sourceIndex":"2028","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"iMyMac has another app that is a deceptor","landingPage":"https://www.imymac.com/mac-cleaner/","directDownloadingLink":"https://download.imymac.com/download/imymac-powermymac.pkg","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://download.imymac.com/download/imymac-powermymac.pkg","sourceIndex":"2028"}],"sampleFiles":["201217/PowerMyMac-190410/1.2.2/Samples/imymac-powermymac.pkg","201217/PowerMyMac-190410/1.2.2/Samples/PowerMyMac"],"imageFiles":["201217/PowerMyMac-190410/1.2.2/Images/ACR-004/PowerMyMac_Interactions [1].png"],"nonDeceptorImageFiles":["201217/PowerMyMac-190410/1.2.2/Images/ACR-065/PowerMyMac_Install [1].png","201217/PowerMyMac-190410/1.2.2/Images/ACR-065/PowerMyMac_Install [2].png","201217/PowerMyMac-190410/1.2.2/Images/ACR-065/PowerMyMac_Install [3].png","201217/PowerMyMac-190410/1.2.2/Images/ACR-065/PowerMyMac_Install [4].png","201217/PowerMyMac-190410/1.2.2/Images/ACR-065/PowerMyMac_About [1].png","201217/PowerMyMac-190410/1.2.2/Images/ACR-099/PowerMyMac_OfferPage [1].png","201217/PowerMyMac-190410/1.2.2/Images/ACR-099/PowerMyMac_LandingPage [3].png","201217/PowerMyMac-190410/1.2.2/Images/ACR-099/PowerMyMac_About [1].png","201217/PowerMyMac-190410/1.2.2/Images/ACR-045/PowerMyMac_LandingPage [1].png"],"guid":"a2b25fe8-14b1-4164-a591-6ead241dfa7c_1.2.2_1","appID":"PowerMyMac-190410","dateAdded":"240125","deceptorType":"MacOS App","name":"Power My Mac","company":"iMyMac","version":"1.2.2","lastKnownStatus":"Deceptor:1.0.5;1.0.8;1.0.9;1.1.1;1.2.2;1.2.3;1.3.0;5.2.1;5.2.2;5.2.3;5.2.6","lastKnownDate":"240125","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2024-01-25T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":13,"sortOrder":750},{"violations":{"ACR-004":"The app only fixes 500MB of \"junk\" from the free scans and then it requires the user to pay to continue fixing free scan results.\n"},"nonDeceptorViolations":{"ACR-045":" \"Free Download\" highlights \"Free\" misleads user. The functionality that requires consumer payment in order to be activated needs to be marked clearly in landing page. Otherwise app should remove \"free\" word.\n","ACR-065":"The app's install wizard does not contain links to it's Returns and Cancellation Policy, or the Privacy Policy.\nThe app's about page does not contain links to it's EULA or Terms of Service, Returns and Cancellation Policy, or the Privacy Policy.\n","ACR-161":"The landing offer page has testimonials that have no links back to a source so consumers can verify if they're real.\n","ACR-099":"The app's internal offers page does not contain links to uninstall information.\nThe app's landing page does not contain links to uninstall information.\nThe app's about page does not contain links to uninstall information.\n"},"samples":[{"isRevoked":"False","fileName":"imymac-powermymac.pkg","isInstaller":"True","fileVersion":"0.","hashMD5":"28601eb1f6ad7b80fb579981de5b59dd","hashSHA1":"2066414d30fdaaf5559f884a3c708d195e086171","hashSHA256":"69fb475f4b686ae9a02b605a490307b63af657c83fc27b6a4efb32520b096f19","sourceIndex":"2006","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"PowerMyMac","fileVersion":"0.","hashMD5":"9270a77220349dc808084a867a0fed75","hashSHA1":"665b3175b5a7c9ded45d5244511a1071758c92be","hashSHA256":"b05731aa89c60085dff0ce982f03cd1d2806a0f832e40c428c98f0e3b8a37c3a","sourceIndex":"2006","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"","landingPage":"https://www.imymac.com/mac-cleaner/","directDownloadingLink":"https://download.imymac.com/download/imymac-powermymac.pkg","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://download.imymac.com/download/imymac-powermymac.pkg","sourceIndex":"2006"}],"sampleFiles":["210112/PowerMyMac-190410/1.2.3/Samples/imymac-powermymac.pkg","210112/PowerMyMac-190410/1.2.3/Samples/PowerMyMac"],"imageFiles":["210112/PowerMyMac-190410/1.2.3/Images/ACR-004/PowerMyMac_Interactions [1].png"],"nonDeceptorImageFiles":["210112/PowerMyMac-190410/1.2.3/Images/ACR-065/PowerMyMac_Install [1].png","210112/PowerMyMac-190410/1.2.3/Images/ACR-065/PowerMyMac_Install [2].png","210112/PowerMyMac-190410/1.2.3/Images/ACR-065/PowerMyMac_Install [3].png","210112/PowerMyMac-190410/1.2.3/Images/ACR-065/PowerMyMac_About [1].png","210112/PowerMyMac-190410/1.2.3/Images/ACR-099/PowerMyMac_OfferPage [1].png","210112/PowerMyMac-190410/1.2.3/Images/ACR-099/PowerMyMac_LandingPage [5].png","210112/PowerMyMac-190410/1.2.3/Images/ACR-099/PowerMyMac_LandingPage [6].png","210112/PowerMyMac-190410/1.2.3/Images/ACR-099/PowerMyMac_About [1].png","210112/PowerMyMac-190410/1.2.3/Images/ACR-161/PowerMyMac_LandingPage [1] Testimonial.png","210112/PowerMyMac-190410/1.2.3/Images/ACR-045/PowerMyMac_LandingPage [2].png","210112/PowerMyMac-190410/1.2.3/Images/ACR-045/PowerMyMac_LandingPage [3].png","210112/PowerMyMac-190410/1.2.3/Images/ACR-045/PowerMyMac_LandingPage [4].png"],"guid":"a2b25fe8-14b1-4164-a591-6ead241dfa7c_1.2.3_1","appID":"PowerMyMac-190410","dateAdded":"240125","deceptorType":"MacOS App","name":"Power My Mac","company":"iMyMac","version":"1.2.3","lastKnownStatus":"Deceptor:1.0.5;1.0.8;1.0.9;1.1.1;1.2.2;1.2.3;1.3.0;5.2.1;5.2.2;5.2.3;5.2.6","lastKnownDate":"240125","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2024-01-25T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":13,"sortOrder":749},{"violations":{"ACR-004":"App does not provide free fixes for all the scan results that can't be permanently fixed, it can only clean 500MB then uses the remaining issues identified to upsell user the fix, requiring user to purchase subscription service to fix all results identified during free scan.\n"},"nonDeceptorViolations":{"ACR-045":" \"Free Download\" highlights \"Free\" misleads user. The functionality that requires consumer payment in order to be activated needs to be marked clearly in landing page. Otherwise app should remove \"free\" word.\n","ACR-065":"The app's install wizard does not contain links to it's Returns and Cancellation Policy, or the Privacy Policy.\nThe app's about page does not contain links to it's EULA or Terms of Service, Returns and Cancellation Policy, or the Privacy Policy.\n","ACR-161":"The landing page has testimonials that have no links back to a source so consumers can verify if they're real.\n","ACR-099":"The app's internal offers page does not contain links to uninstall information.\nThe app's landing page does not contain links to uninstall information.\nThe app's about page does not contain links to uninstall information.\n"},"samples":[{"isRevoked":"False","fileName":"imymac-powermymac.pkg","isInstaller":"True","fileVersion":"0.","hashMD5":"61a95e95c440d1bfca652ddc183c3cc5","hashSHA1":"625506d8adf55a1376671e933973291a8e88c392","hashSHA256":"1579f1082a076a8a0b2278df54c9c22fd8977f375fe8289ea69feae4f965501a","sourceIndex":"2000","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"PowerMyMac","fileVersion":"0.","hashMD5":"b0da253843d2277aea26e06da094b18b","hashSHA1":"7b6879a13aefe8ef4cf577f38ded51230ee29974","hashSHA256":"ca9d5ee7c65ae15b8f7ec5f1df573f0231d350e537aa9f5315cb45f73547f6d4","sourceIndex":"2000","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"iMyMac has another app that is a deceptor","landingPage":"https://www.imymac.com/mac-cleaner/","directDownloadingLink":"https://download.imymac.com/download/imymac-powermymac.pkg","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://download.imymac.com/download/imymac-powermymac.pkg","sourceIndex":"2000"}],"sampleFiles":["210201/PowerMyMac-190410/1.3.0/Samples/imymac-powermymac.pkg","210201/PowerMyMac-190410/1.3.0/Samples/PowerMyMac"],"imageFiles":["210201/PowerMyMac-190410/1.3.0/Images/ACR-004/PowerMyMac_Interactions [1].png"],"nonDeceptorImageFiles":["210201/PowerMyMac-190410/1.3.0/Images/ACR-065/PowerMyMac_Install [1].png","210201/PowerMyMac-190410/1.3.0/Images/ACR-065/PowerMyMac_Install [2].png","210201/PowerMyMac-190410/1.3.0/Images/ACR-065/PowerMyMac_Install [3].png","210201/PowerMyMac-190410/1.3.0/Images/ACR-065/PowerMyMac_Install [4].png","210201/PowerMyMac-190410/1.3.0/Images/ACR-065/PowerMyMac_About [1].png","210201/PowerMyMac-190410/1.3.0/Images/ACR-099/PowerMyMac_OfferPage [1].png","210201/PowerMyMac-190410/1.3.0/Images/ACR-099/PowerMyMac_LandingPage [1].png","210201/PowerMyMac-190410/1.3.0/Images/ACR-099/PowerMyMac_About [1].png","210201/PowerMyMac-190410/1.3.0/Images/ACR-161/PowerMyMac_LandingPage [4].png","210201/PowerMyMac-190410/1.3.0/Images/ACR-045/PowerMyMac_LandingPage [2].png","210201/PowerMyMac-190410/1.3.0/Images/ACR-045/PowerMyMac_LandingPage [3].png"],"guid":"a2b25fe8-14b1-4164-a591-6ead241dfa7c_1.3.0_1","appID":"PowerMyMac-190410","dateAdded":"240125","deceptorType":"MacOS App","name":"Power My Mac","company":"iMyMac","version":"1.3.0","lastKnownStatus":"Deceptor:1.0.5;1.0.8;1.0.9;1.1.1;1.2.2;1.2.3;1.3.0;5.2.1;5.2.2;5.2.3;5.2.6","lastKnownDate":"240125","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2024-01-25T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":13,"sortOrder":748},{"violations":{"ACR-004":"App does not provide free fixes for all the scan results that can't be permanently fixed, it can only clean 500MB then uses the remaining issues identified to upsell user the fix, requiring user to purchase subscription service to fix all results identified during free scan.\n"},"nonDeceptorViolations":{"ACR-045":" \"Free Download\" highlights \"Free\" misleads user. The functionality that requires consumer payment in order to be activated needs to be marked clearly in landing page. Otherwise app should remove \"free\" word.\n","ACR-065":"The app's install wizard does not contain links to it's Returns and Cancellation Policy, or the Privacy Policy.\nThe app's about page does not contain links to it's EULA or Terms of Service, Returns and Cancellation Policy, or the Privacy Policy.\n","ACR-161":"The landing page has testimonials that have no links back to a source so consumers can verify if they're real.\n","ACR-099":"The app's internal offers page does not contain links to uninstall information.\nThe app's landing page does not contain links to uninstall information.\nThe app's about page does not contain links to uninstall information.\n"},"samples":[{"isRevoked":"False","fileName":"imymac-powermymac.pkg","isInstaller":"True","fileVersion":"0.","hashMD5":"f7ddbb2900966d28f2859b9ec6bc1323","hashSHA1":"5438cd4f0443b56eac758a9b63f38fccb982493c","hashSHA256":"417cef771790d85ff7b38518dbde284f70abacf358b8b84f144489840db4f90e","sourceIndex":"1693","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"PowerMyMac","fileVersion":"0.","hashMD5":"fcb4f1ed61e6930f207c6f207db43d9b","hashSHA1":"10d77b3b929fe71172307cc4a5c19458534bd2e0","hashSHA256":"8985a821b078f35b7ce8199c97bc9e0ba5fc4e11d2cd1c60a22feec1c0a8d0f8","sourceIndex":"1693","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"iMyMac has another app that is a deceptor","landingPage":"https://www.imymac.com/mac-cleaner/","directDownloadingLink":"https://download.imymac.com/download/imymac-powermymac.pkg","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://download.imymac.com/download/imymac-powermymac.pkg","sourceIndex":"1693"}],"sampleFiles":["220306/PowerMyMac-190410/5.2.1/Samples/imymac-powermymac.pkg","220306/PowerMyMac-190410/5.2.1/Samples/PowerMyMac"],"imageFiles":["220306/PowerMyMac-190410/5.2.1/Images/ACR-004/PowerMyMac_Interactions [7].png"],"nonDeceptorImageFiles":["220306/PowerMyMac-190410/5.2.1/Images/ACR-065/PowerMyMac_Install [1].png","220306/PowerMyMac-190410/5.2.1/Images/ACR-065/PowerMyMac_Install [2].png","220306/PowerMyMac-190410/5.2.1/Images/ACR-065/PowerMyMac_Install [3].png","220306/PowerMyMac-190410/5.2.1/Images/ACR-065/PowerMyMac_Install [4].png","220306/PowerMyMac-190410/5.2.1/Images/ACR-065/PowerMyMac_Install [6].png","220306/PowerMyMac-190410/5.2.1/Images/ACR-065/PowerMyMac_About [1].png","220306/PowerMyMac-190410/5.2.1/Images/ACR-065/PowerMyMac_About [1].png","220306/PowerMyMac-190410/5.2.1/Images/ACR-099/PowerMyMac_OfferPage [1].png","220306/PowerMyMac-190410/5.2.1/Images/ACR-099/PowerMyMac_LandingPage [1].png","220306/PowerMyMac-190410/5.2.1/Images/ACR-099/PowerMyMac_About [1].png","220306/PowerMyMac-190410/5.2.1/Images/ACR-161/PowerMyMac_LandingPage [1].png","220306/PowerMyMac-190410/5.2.1/Images/ACR-045/PowerMyMac_LandingPage [1].png"],"guid":"a2b25fe8-14b1-4164-a591-6ead241dfa7c_5.2.1_1","appID":"PowerMyMac-190410","dateAdded":"240125","deceptorType":"MacOS App","name":"Power My Mac","company":"iMyMac","version":"5.2.1","lastKnownStatus":"Deceptor:1.0.5;1.0.8;1.0.9;1.1.1;1.2.2;1.2.3;1.3.0;5.2.1;5.2.2;5.2.3;5.2.6","lastKnownDate":"240125","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2024-01-25T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":13,"sortOrder":747},{"violations":{"ACR-004":"The app does not provide free fixes for all the scan results that can't be permanently fixed, it can only clean 500MB and then uses the remaining issues identified to upsell users the fix, requiring users to purchase a subscription service to fix all results identified during the free scan.\n","ACR-017":"The app elevates its consumer trust level by displaying unverifiable logos.\n"},"nonDeceptorViolations":{"ACR-045":"\"Try it Free\"  highlights \"Free\" misleads the user. The functionality that requires consumer payment in order to be activated needs to be marked clearly on the landing page. Otherwise, the app should remove the \"free\" word.\n","ACR-065":"The app's install wizard does not contain links to its Returns and Cancellation Policy, or the Privacy Policy.\nThe app's about page does not contain links to its EULA or Terms of Service, Returns and Cancellation Policy, or Privacy Policy.\n","ACR-161":"The landing page has testimonials that have no links back to a source so consumers can verify if they're real.\n","ACR-099":"The app's internal offers page does not contain links to uninstall information.\nThe app's landing page does not contain links to uninstall information.\nThe app's about page does not contain links to uninstall information.\n"},"samples":[{"isRevoked":"False","fileName":"imymacpowermymac.pkg","isInstaller":"True","fileVersion":"0.","hashMD5":"544d9bd22e53d517a891a87472fac8ec","hashSHA1":"bf359b4889c78d2e1b16120cf57178d162cf45ec","hashSHA256":"f8089afcb406789144cfba52995b1409e5d6c518ffedc6f040f1a9d6b3f9e6a3","digitalCertThumbprint":"","sourceIndex":"1507","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"PowerMyMac","fileVersion":"0.","hashMD5":"7045b7c41c04751a8cad2684d86ec2b4","hashSHA1":"4cab87ae5b305ae1892b4cb5d5b4207bcd8a4291","hashSHA256":"3fc57bcc84f550db0cdba1402658a45c295945a00c479a66f9c39edc6353ea4a","digitalCertThumbprint":"","sourceIndex":"1507","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"iMyMac has another app that is a deceptor","landingPage":"https://www.imymac.com","directDownloadingLink":"https://www.imymac.com/download/imymac-powermymac.dmg","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.imymac.com/download/imymac-powermymac.dmg","sourceIndex":"1507"}],"sampleFiles":["220720/PowerMyMac-190410/5.2.3/Samples/imymacpowermymac.pkg","220720/PowerMyMac-190410/5.2.3/Samples/PowerMyMac"],"imageFiles":["220720/PowerMyMac-190410/5.2.3/Images/ACR-004/ACR-004.png","220720/PowerMyMac-190410/5.2.3/Images/ACR-017/ACR-017_InternalOffers.jpeg"],"nonDeceptorImageFiles":["220720/PowerMyMac-190410/5.2.3/Images/ACR-065/ACR-065_Install.png","220720/PowerMyMac-190410/5.2.3/Images/ACR-065/ACR-065_Software.png","220720/PowerMyMac-190410/5.2.3/Images/ACR-099/ACR-099_InternalOffers.jpeg","220720/PowerMyMac-190410/5.2.3/Images/ACR-099/ACR-099.jpeg","220720/PowerMyMac-190410/5.2.3/Images/ACR-099/ACR-099_1.jpeg","220720/PowerMyMac-190410/5.2.3/Images/ACR-099/ACR-099_Software.png","220720/PowerMyMac-190410/5.2.3/Images/ACR-161/ACR-161.JPG","220720/PowerMyMac-190410/5.2.3/Images/ACR-045/ACR-045.jpeg","220720/PowerMyMac-190410/5.2.3/Images/ACR-045/ACR-045_1.jpeg"],"guid":"a2b25fe8-14b1-4164-a591-6ead241dfa7c_5.2.3_1","appID":"PowerMyMac-190410","dateAdded":"240125","deceptorType":"MacOS App","name":"Power My Mac","company":"iMyMac","version":"5.2.3","lastKnownStatus":"Deceptor:1.0.5;1.0.8;1.0.9;1.1.1;1.2.2;1.2.3;1.3.0;5.2.1;5.2.2;5.2.3;5.2.6","lastKnownDate":"240125","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2024-01-25T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":13,"sortOrder":745},{"violations":{"ACR-004":"The app does not provide free fixes for all the scan results that can't be permanently fixed, it can only clean 500MB and then uses the remaining issues identified to upsell users the fix, requiring users to purchase a subscription service to fix all results identified during the free scan.\n","ACR-017":"The app elevates its consumer trust level by displaying unverifiable logos.\n"},"nonDeceptorViolations":{"ACR-045":"\"Try it Free\"  highlights \"Free\" misleads the user. The functionality that requires consumer payment in order to be activated needs to be marked clearly on the landing page. Otherwise, the app should remove the \"free\" word.\n","ACR-065":"The app's install wizard does not contain links to its Returns and Cancellation Policy, or the Privacy Policy.\nThe app's about page does not contain links to its EULA or Terms of Service, Returns and Cancellation Policy, or Privacy Policy.\n","ACR-161":"The landing page has testimonials that have no links back to a source so consumers can verify if they're real.\n","ACR-099":"The app's internal offers page does not contain links to uninstall information.\nThe app's landing page does not contain links to uninstall information.\nThe app's about page does not contain links to uninstall information.\n"},"samples":[{"isRevoked":"False","fileName":"imymac-powermymac.pkg","isInstaller":"True","fileVersion":"0.","hashMD5":"d2464eb961fb3ed93fb0925336935e53","hashSHA1":"dcefa59c3661a54663cebd1042a357e7fafc106a","hashSHA256":"d4a04192a3d0805e63e9ad2305f8e765d32d0e1e9e91071a7c74c7760a944ff7","sourceIndex":"751","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"PowerMyMac","fileVersion":"0.","hashMD5":"00bf50aa825fbc39ca9c34726b367569","hashSHA1":"fc717acb80b7a1be9ad99e4d25a61bc87c640373","hashSHA256":"c7aed0df0a9aafd692abdf901daaff4c20e090dd873b76c5eb5ea7488e7ee938","sourceIndex":"751","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"iMyMac has another app that is a deceptor","landingPage":"https://www.imymac.com","directDownloadingLink":"https://download.imymac.com/download/imymac-powermymac.pkg","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://download.imymac.com/download/imymac-powermymac.pkg","sourceIndex":"751"}],"sampleFiles":["240125/PowerMyMac-190410/5.2.6/Samples/imymac-powermymac.pkg","240125/PowerMyMac-190410/5.2.6/Samples/PowerMyMac"],"imageFiles":["240125/PowerMyMac-190410/5.2.6/Images/ACR-004/004.png","240125/PowerMyMac-190410/5.2.6/Images/ACR-017/017.png"],"nonDeceptorImageFiles":["240125/PowerMyMac-190410/5.2.6/Images/ACR-065/065.png","240125/PowerMyMac-190410/5.2.6/Images/ACR-065/about2.png","240125/PowerMyMac-190410/5.2.6/Images/ACR-099/OfferPage.png","240125/PowerMyMac-190410/5.2.6/Images/ACR-099/LandingPage.png","240125/PowerMyMac-190410/5.2.6/Images/ACR-099/LandingPage2.png","240125/PowerMyMac-190410/5.2.6/Images/ACR-099/about2.png","240125/PowerMyMac-190410/5.2.6/Images/ACR-161/161.png","240125/PowerMyMac-190410/5.2.6/Images/ACR-045/045.png","240125/PowerMyMac-190410/5.2.6/Images/ACR-045/045_1.png"],"guid":"a2b25fe8-14b1-4164-a591-6ead241dfa7c_5.2.6_1","appID":"PowerMyMac-190410","dateAdded":"240125","deceptorType":"MacOS App","name":"Power My Mac","company":"iMyMac","version":"5.2.6","lastKnownStatus":"Deceptor:1.0.5;1.0.8;1.0.9;1.1.1;1.2.2;1.2.3;1.3.0;5.2.1;5.2.2;5.2.3;5.2.6","lastKnownDate":"240125","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2026-05-12T22:59:57.7761048+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":13,"sortOrder":744},{"violations":{"ACR-109":"Download Manager secretly downloads and writes the files (some are set to be hidden and system only file) to consumer system under hidden folder without user agreeing to install.\n","ACR-042":"Download manager communicate with 3rd party website and drops hidden file/potential offer app info in hidden folder without user permission.  \n","ACR-013":" During installation, the user is interrupted by non-consented offers to silently install unrelated software. \n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software.\n","ACR-075":"After carrier app was cancelled during installation, the offers are still installed without any notification for user.\n","ACR-039":"No clear indications of the relationship for the monetization components from RiseCodes and Carrier app is disclosed to user before offers being prompts. The links for privacy policy and Term of use mislead user that they are for Carrier app. \n(https://hello.softonic.com/privacy-policy/\nhttps://hello.softonic.com/terms-of-use/\nhttps://risecodes.com/privacy\nhttps://risecodes.com/terms)\n\n"},"nonDeceptorViolations":{"ACR-044":"Download manager doesn't disclose its bundling function when user choose to install carrier app.\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software\n"},"samples":[{"isRevoked":"False","fileName":"combo-cleaner-1.0.42-installer_g-qJxA1.exe","isInstaller":"True","fileVersion":"6.52","hashMD5":"8856e3c4eb8f94f8a1aed57ca9c1b81a","hashSHA1":"14251bb803df486c845552dbe6cc48fbbe847a50","hashSHA256":"01d83022ee501d1074cf05d8067a03fbe3bbf1b2d8a0b9bd8e51597cf6b8a6ef","digitalCertThumbprint":"155ACAAB08BBC75D6A0121BDE1867351BD7A0A73","digitalCertIssuer":"CN=Sectigo Public Code Signing CA R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=Captural Lmk, O=Captural Lmk, S=Tel Aviv, C=IL","sourceIndex":"1175","avBlockList":["360 Total Security (20230926)","Avira Internet Security (20230926)","COMODO Antivirus (20230926)","Dr.Web Security Space (20230926)","ESET Internet Security (20230926)","G DATA INTERNET SECURITY (20230926)","K7 Total Security (20230926)","Kaspersky Internet Security (20230926)","Malwarebytes Premium (20230926)","McAfee Total Protection (20230926)","Norton Security (20230926)","Panda Dome (20230926)","Quick Heal Internet Security (20230926)","Sophos Home Premium (20230926)","SpyHunter5 (20230926)","Total AV Antivirus Pro (20230926)","VirIT eXplorer PRO (20230926)","Webroot SecureAnywhere (20230926)"],"avAllowList":["Avast Premium Security (20230926)","AVG Internet Security (20230926)","Bitdefender Internet Security (20230926)","Trend Micro Internet Security (20230926)","VIPRE Advanced Security (20230926)","Windows Defender (20230926)"]},{"isRevoked":"False","fileName":"combo-cleaner-1.0.42-installer_g-qJxA1.tmp","fileVersion":"6.52","hashMD5":"37d9df7aeef9df344d9e6f7e6fddc815","hashSHA1":"4d81c4471b24cb36a0c8612572b763fca69fd7dc","hashSHA256":"04d8c2ddd05e71659a39f6c1727bbb15f447573332e455487340db011c3b1f54","sourceIndex":"1175","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"free_download_manager_32-6.12.0-installer_2Yrha-1.exe","isInstaller":"True","fileVersion":"6.12","hashMD5":"835b63e6817118536d942173c9237500","hashSHA1":"e5040b154785e50297e505fb3fe338f92ef25a14","hashSHA256":"77b7eedf3ac6108a8cbdb4745e0a927ad5cfc8ca0a275aa50a3c9b6958be2767","digitalCertThumbprint":"3D77862197B955C13BA2BAF68E5B58DADC17D524","digitalCertIssuer":"CN=Sectigo Public Code Signing CA R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=FH Manager, O=FH Manager, S=Tel Aviv, C=IL","sourceIndex":"1175","avBlockList":["360 Total Security (20230413)","Avira Internet Security (20230413)","ESET Internet Security (20230413)","G DATA INTERNET SECURITY (20230413)","K7 Total Security (20230413)","Kaspersky Internet Security (20230413)","Malwarebytes Premium (20230413)","McAfee Total Protection (20230413)","Norton Security (20230413)","Panda Dome (20230413)","Sophos Home Premium (20230413)","SpyHunter5 (20230413)","Total AV Antivirus Pro (20230413)","VirIT eXplorer PRO (20230413)","Webroot SecureAnywhere (20230413)"],"avAllowList":["Avast Premium Security (20230413)","AVG Internet Security (20230413)","Bitdefender Internet Security (20230413)","COMODO Antivirus (20230413)","Dr.Web Security Space (20230413)","Quick Heal Internet Security (20230413)","Trend Micro Internet Security (20230413)","VIPRE Advanced Security (20230413)","Windows Defender (20230413)"]},{"isRevoked":"False","fileName":"free_download_manager_32-6.12.0-installer_2Yrha-1.tmp","fileVersion":"6.12","hashMD5":"3aaa26b7d600f4487a0bfafa856d73f9","hashSHA1":"8c9019ca5fbaa2cb57176bbf5fe7a1b1c505afbf","hashSHA256":"5336360e1d5a2d6c1f26a80599dcb962328795c81660927d1cb107d98a964046","sourceIndex":"1175","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"iobit-uninstaller-11.3.0.4-installer_O7-F421.exe","isInstaller":"True","fileVersion":"6.12","hashMD5":"41ae06d18ed5af6e6a0a4568b6bb7cc4","hashSHA1":"b5d5e7e8a951e96e88215ca140c04b892e2d53de","hashSHA256":"a350cd18e1b18c350088512a4baeaeb0ce8ae7e2bfae80636c61c5ba17103b04","digitalCertThumbprint":"3D77862197B955C13BA2BAF68E5B58DADC17D524","digitalCertIssuer":"CN=Sectigo Public Code Signing CA R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=FH Manager, O=FH Manager, S=Tel Aviv, C=IL","sourceIndex":"1175","avBlockList":["360 Total Security (20230413)","Avira Internet Security (20230413)","ESET Internet Security (20230413)","K7 Total Security (20230413)","Kaspersky Internet Security (20230413)","Malwarebytes Premium (20230413)","McAfee Total Protection (20230413)","Norton Security (20230413)","Panda Dome (20230413)","Quick Heal Internet Security (20230413)","Sophos Home Premium (20230413)","SpyHunter5 (20230413)","Total AV Antivirus Pro (20230413)","VirIT eXplorer PRO (20230413)","Webroot SecureAnywhere (20230413)"],"avAllowList":["Avast Premium Security (20230413)","AVG Internet Security (20230413)","Bitdefender Internet Security (20230413)","COMODO Antivirus (20230413)","Dr.Web Security Space (20230413)","G DATA INTERNET SECURITY (20230413)","Trend Micro Internet Security (20230413)","VIPRE Advanced Security (20230413)","Windows Defender (20230413)"]},{"isRevoked":"False","fileName":"iobit-uninstaller-11.3.0.4-installer_O7-F421.tmp","fileVersion":"6.12","hashMD5":"570ac7dec62a51b18b9359d1e9f3e23b","hashSHA1":"0791494b26ba013034c5861c4b006cb6a9f66a36","hashSHA256":"8c5ffa58d84d9d8eef793c780c20297f0ca93db40ea40fe0c15150718b9f046a","sourceIndex":"1175","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"FileHippo downloading","reference":"","landingPage":"https://filehippo.com/download_360-total-security-free-antivirus/","directDownloadingLink":"https://d3ry3spu9wn6vo.cloudfront.net/files/pvqydisc89/72.683/360-total-security-free-antivirus-10.8.0.1324-installer.exe","ipv4":"https://d3ry3spu9wn6vo.cloudfront.net/files/*","ipv6":"","landingPageWildChar":"https://filehippo.com/download*","directDownloadingLinkWildChar":"https://d3ry3spu9wn6vo.cloudfront.net/files/pvqydisc89/72.683/360-total-security-free-antivirus-10.8.0.1324-installer.exe","sourceIndex":"1175"},{"howFound":"","reference":"","landingPage":"https://filehippo.com/download_combo-cleaner/","directDownloadingLink":"https://d3ry3spu9wn6vo.cloudfront.net/files/0tq7rjs9jy/56.8608/combo-cleaner-1.0.42-installer.exe","ipv4":"","ipv6":"","landingPageWildChar":"https://filehippo.com/download*","directDownloadingLinkWildChar":"https://d3ry3spu9wn6vo.cloudfront.net/files/*","sourceIndex":"1176"},{"howFound":"","reference":"","landingPage":"https://filehippo.com/download_iobit-uninstaller/","directDownloadingLink":"https://d3ry3spu9wn6vo.cloudfront.net/files/fbpvtcha4j/54.3883/iobit-uninstaller-11.3.0.4-installer.exe","ipv4":"","ipv6":"","landingPageWildChar":"https://filehippo.com/download*","directDownloadingLinkWildChar":"https://d3ry3spu9wn6vo.cloudfront.net/files/*","sourceIndex":"1177"}],"sampleFiles":["230403/RiseDownloadManager-230309/51.1052.0.0/Samples/combo-cleaner-1.0.42-installer_g-qJxA1.exe","230403/RiseDownloadManager-230309/51.1052.0.0/Samples/combo-cleaner-1.0.42-installer_g-qJxA1.tmp","230403/RiseDownloadManager-230309/51.1052.0.0/Samples/free_download_manager_32-6.12.0-installer_2Yrha-1.exe","230403/RiseDownloadManager-230309/51.1052.0.0/Samples/free_download_manager_32-6.12.0-installer_2Yrha-1.tmp","230403/RiseDownloadManager-230309/51.1052.0.0/Samples/iobit-uninstaller-11.3.0.4-installer_O7-F421.exe","230403/RiseDownloadManager-230309/51.1052.0.0/Samples/iobit-uninstaller-11.3.0.4-installer_O7-F421.tmp"],"imageFiles":["230403/RiseDownloadManager-230309/51.1052.0.0/Images/ACR-109/Risecodes_HiddenFile.JPG","230403/RiseDownloadManager-230309/51.1052.0.0/Images/ACR-109/FileHippo_042_1.JPG","230403/RiseDownloadManager-230309/51.1052.0.0/Images/ACR-109/Risecodes_FileDropped.JPG","230403/RiseDownloadManager-230309/51.1052.0.0/Images/ACR-039/Risecodes_DM_IOBIT.JPG","230403/RiseDownloadManager-230309/51.1052.0.0/Images/ACR-042/Risecodes_Traffic.JPG","230403/RiseDownloadManager-230309/51.1052.0.0/Images/ACR-042/Risecodes_FileDropped.JPG","230403/RiseDownloadManager-230309/51.1052.0.0/Images/ACR-042/FileHippo_042.JPG","230403/RiseDownloadManager-230309/51.1052.0.0/Images/ACR-042/FileHippo_042_1.JPG","230403/RiseDownloadManager-230309/51.1052.0.0/Images/ACR-013/RiseCodes_Offer_060_3.JPG","230403/RiseDownloadManager-230309/51.1052.0.0/Images/ACR-013/RiseCodes_Offer_060_2.JPG","230403/RiseDownloadManager-230309/51.1052.0.0/Images/ACR-013/RiseCodes_Offer_060_1.JPG","230403/RiseDownloadManager-230309/51.1052.0.0/Images/ACR-013/RiseCodes_Offer_060.JPG","230403/RiseDownloadManager-230309/51.1052.0.0/Images/ACR-060/RiseCodes_Offer_060.JPG","230403/RiseDownloadManager-230309/51.1052.0.0/Images/ACR-075/RiseCodes_Offers.JPG"],"nonDeceptorImageFiles":["230403/RiseDownloadManager-230309/51.1052.0.0/Images/ACR-044/Risecodes_DM_IOBIT.JPG"],"guid":"0e80ee49-1be4-4fa2-bc0e-f753258a3b88_51.1052.0.0_1","appID":"RiseDownloadManager-230309","dateAdded":"240125","deceptorType":"Bundler","name":"FileHippoDownloadManager","company":"filehippo.com","version":"51.1052.0.0","lastKnownStatus":"51.1052.0.0;8.7.2431;85.71.2401.4231;27.12.2947.2398;36.26.2683.9493;9.0.2332.0;27.12.2947.2398;9.1.1241.0;13.41.4168.8345","lastKnownDate":"240125","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 10,Windows 8,Windows 7","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"sold in bundle,cross-sell other apps","lastUpdate":"2024-01-25T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":8,"sortOrder":743},{"violations":{"ACR-109":"Download Manager secretly downloads and writes the files to consumer system under hidden folder without user agreeing to install.\n","ACR-042":"Download manager communicate with 3rd party website and drops hidden file/potential offer app info in hidden folder without user permission.  \n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software. \n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software.\nThe offer network does not disclose itself in its offers to silently install unrelated software.\n","ACR-075":"After carrier app was cancelled during installation, the offers are still installed without any notification for user.\n","ACR-039":"No clear indications of the relationship for the monetization components from RiseCodes and Carrier app is disclosed to user before offers being prompts. The links for privacy policy and Term of use mislead user that they are for Carrier app. \n(https://hello.softonic.com/privacy-policy/\nhttps://hello.softonic.com/terms-of-use/\nhttps://risecodes.com/privacy\nhttps://risecodes.com/terms)\n\n"},"nonDeceptorViolations":{"ACR-044":"Download manager doesn't disclose its bundling function when user choose to install carrier app.\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software\n"},"samples":[{"isRevoked":"False","fileName":"anydesk-7.0.4-installer_uNVu-I1.exe","isInstaller":"True","fileVersion":"36.26","hashMD5":"a58d41606dcaa46dd3a417aa86dcda43","hashSHA1":"f40fdd402e420383ee982795a35c08398c047f26","hashSHA256":"7a4205ecf09a09e68cecf4c2cc52ccf8cbc3484cf58b073336c8745038164ba4","digitalCertThumbprint":"2199B2ECFC03C7B258B501E632C315D18CB43E4B","digitalCertIssuer":"CN=Sectigo Public Code Signing CA R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=FH Manager, O=FH Manager, S=Tel Aviv, C=IL","sourceIndex":"810","avBlockList":["COMODO Antivirus (20240123)","Dr.Web Security Space (20240123)","ESET Internet Security (20240123)","K7 Total Security (20240123)","Kaspersky Internet Security (20240123)","Malwarebytes Premium (20240123)","Norton Security (20240123)","Panda Dome (20240123)","Quick Heal Internet Security (20240123)","Sophos Home Premium (20240123)","SpyHunter5 (20240123)","VirIT eXplorer PRO (20240123)","Webroot SecureAnywhere (20240123)"],"avAllowList":["360 Total Security (20240123)","Avast Premium Security (20240123)","AVG Internet Security (20240123)","Avira Internet Security (20240123)","Bitdefender Internet Security (20240123)","G DATA INTERNET SECURITY (20240123)","McAfee Total Protection (20240123)","Total AV Antivirus Pro (20240123)","Trend Micro Internet Security (20240123)","VIPRE Advanced Security (20240123)","Windows Defender (20240123)"]}],"additionalFiles":[],"sources":[{"howFound":"FileHippo downloading","reference":"","landingPage":"https://filehippo.com/download_360-total-security-free-antivirus/","directDownloadingLink":"https://d3ry3spu9wn6vo.cloudfront.net/files/pvqydisc89/72.683/360-total-security-free-antivirus-10.8.0.1324-installer.exe","ipv4":"https://d3ry3spu9wn6vo.cloudfront.net/files/*","ipv6":"","landingPageWildChar":"https://filehippo.com/download*","directDownloadingLinkWildChar":"https://d3ry3spu9wn6vo.cloudfront.net/files/pvqydisc89/72.683/360-total-security-free-antivirus-10.8.0.1324-installer.exe","sourceIndex":"810"},{"howFound":"","reference":"","landingPage":"https://filehippo.com/download_combo-cleaner/","directDownloadingLink":"https://d3ry3spu9wn6vo.cloudfront.net/files/0tq7rjs9jy/56.8608/combo-cleaner-1.0.42-installer.exe","ipv4":"","ipv6":"","landingPageWildChar":"https://filehippo.com/download*","directDownloadingLinkWildChar":"https://d3ry3spu9wn6vo.cloudfront.net/files/*","sourceIndex":"811"},{"howFound":"","reference":"","landingPage":"https://filehippo.com/download_iobit-uninstaller/","directDownloadingLink":"https://d3ry3spu9wn6vo.cloudfront.net/files/fbpvtcha4j/54.3883/iobit-uninstaller-11.3.0.4-installer.exe","ipv4":"","ipv6":"","landingPageWildChar":"https://filehippo.com/download*","directDownloadingLinkWildChar":"https://d3ry3spu9wn6vo.cloudfront.net/files/*","sourceIndex":"812"},{"howFound":"","reference":"","landingPage":"","directDownloadingLink":"https://do54checeiyro.cloudfront.net/files/4ebnk1kuvq/72.460/anydesk-7.0.4-installer.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://do54checeiyro.cloudfront.net/files/*","sourceIndex":"813"}],"sampleFiles":["231116/RiseDownloadManager-230309/36.26.2683.9493/Samples/anydesk-7.0.4-installer_uNVu-I1.exe"],"imageFiles":["231116/RiseDownloadManager-230309/36.26.2683.9493/Images/ACR-109/bundle.jpg","231116/RiseDownloadManager-230309/36.26.2683.9493/Images/ACR-039/DM.jpg","231116/RiseDownloadManager-230309/36.26.2683.9493/Images/ACR-042/ACR-042.jpg","231116/RiseDownloadManager-230309/36.26.2683.9493/Images/ACR-042/bundle.jpg","231116/RiseDownloadManager-230309/36.26.2683.9493/Images/ACR-013/OptionalOffer.jpg","231116/RiseDownloadManager-230309/36.26.2683.9493/Images/ACR-060/RiseCodes_Offer_060.JPG","231116/RiseDownloadManager-230309/36.26.2683.9493/Images/ACR-075/RiseCodes_Offers.JPG","231116/RiseDownloadManager-230309/36.26.2683.9493/Images/ACR-060/ACR-060_1.png","231116/RiseDownloadManager-230309/36.26.2683.9493/Images/ACR-060/ACR-060_2.png","231116/RiseDownloadManager-230309/36.26.2683.9493/Images/ACR-060/ACR-060_3.png","231116/RiseDownloadManager-230309/36.26.2683.9493/Images/ACR-060/ACR-060_4.png"],"nonDeceptorImageFiles":["231116/RiseDownloadManager-230309/36.26.2683.9493/Images/ACR-044/DM.jpg","231116/RiseDownloadManager-230309/36.26.2683.9493/Images/ACR-060/OptionalOffer.jpg"],"guid":"0e80ee49-1be4-4fa2-bc0e-f753258a3b88_36.26.2683.9493_1","appID":"RiseDownloadManager-230309","dateAdded":"240125","deceptorType":"Bundler","name":"FileHippoDownloadManager","company":"filehippo.com","version":"36.26.2683.9493","lastKnownStatus":"51.1052.0.0;8.7.2431;85.71.2401.4231;27.12.2947.2398;36.26.2683.9493;9.0.2332.0;27.12.2947.2398;9.1.1241.0;13.41.4168.8345","lastKnownDate":"240125","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 10,Windows 8,Windows 7","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"sold in bundle,cross-sell other apps","lastUpdate":"2024-01-25T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":8,"sortOrder":740},{"violations":{"ACR-109":"Download Manager secretly downloads and writes the files to consumer system under hidden folder without user agreeing to install.\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software. \n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software\nThe offer network does not disclose itself in its offers to silently install unrelated software\n","ACR-039":"No clear indications of the relationship for the monetization components from RiseCodes and Carrier app is disclosed to user before offers being prompts. The links for privacy policy and Term of use mislead user that they are for Carrier app. \n(https://hello.softonic.com/privacy-policy/\nhttps://hello.softonic.com/terms-of-use/\nhttps://risecodes.com/privacy\nhttps://risecodes.com/terms)\n\n"},"nonDeceptorViolations":{"ACR-044":"Download manager doesn't disclose its bundling function when user choose to install carrier app.\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software\n"},"samples":[{"isRevoked":"False","fileName":"combo-cleaner-1.0.42-installer_xmC8-F1.exe","isInstaller":"True","fileVersion":"9.0","hashMD5":"0b56d7596fdc35a6ca47eb1409032103","hashSHA1":"14c5ea37a5df0355f93b5af632b145e4547d86de","hashSHA256":"ab250263f3d7bdd7797918c095f86327d5531342d332eff37feac2e632755eab","digitalCertThumbprint":"3D77862197B955C13BA2BAF68E5B58DADC17D524","digitalCertIssuer":"CN=Sectigo Public Code Signing CA R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=FH Manager, O=FH Manager, S=Tel Aviv, C=IL","sourceIndex":"798","avBlockList":["360 Total Security (20240404)","Bitdefender Internet Security (20240404)","COMODO Antivirus (20240404)","Dr.Web Security Space (20240404)","ESET Internet Security (20240404)","G DATA INTERNET SECURITY (20240404)","K7 Total Security (20240404)","Kaspersky Internet Security (20240404)","Malwarebytes Premium (20240404)","Norton Security (20240404)","Panda Dome (20240404)","Quick Heal Internet Security (20240404)","Sophos Home Premium (20240404)","SpyHunter5 (20240404)","VIPRE Advanced Security (20240404)","VirIT eXplorer PRO (20240404)","Webroot SecureAnywhere (20240404)"],"avAllowList":["Avast Premium Security (20240404)","AVG Internet Security (20240404)","Avira Internet Security (20240404)","McAfee Total Protection (20240404)","Total AV Antivirus Pro (20240404)","Trend Micro Internet Security (20240404)","Windows Defender (20240404)"]}],"additionalFiles":[],"sources":[{"howFound":"FileHippo downloading","reference":"","landingPage":"https://filehippo.com/download_360-total-security-free-antivirus/","directDownloadingLink":"https://d3ry3spu9wn6vo.cloudfront.net/files/pvqydisc89/72.683/360-total-security-free-antivirus-10.8.0.1324-installer.exe","ipv4":"https://d3ry3spu9wn6vo.cloudfront.net/files/*","ipv6":"","landingPageWildChar":"https://filehippo.com/download*","directDownloadingLinkWildChar":"https://d3ry3spu9wn6vo.cloudfront.net/files/pvqydisc89/72.683/360-total-security-free-antivirus-10.8.0.1324-installer.exe","sourceIndex":"798"},{"howFound":"","reference":"","landingPage":"https://filehippo.com/download_combo-cleaner/","directDownloadingLink":"https://d3ry3spu9wn6vo.cloudfront.net/files/0tq7rjs9jy/56.8608/combo-cleaner-1.0.42-installer.exe","ipv4":"","ipv6":"","landingPageWildChar":"https://filehippo.com/download*","directDownloadingLinkWildChar":"https://d3ry3spu9wn6vo.cloudfront.net/files/*","sourceIndex":"799"},{"howFound":"","reference":"","landingPage":"https://filehippo.com/download_iobit-uninstaller/","directDownloadingLink":"https://d3ry3spu9wn6vo.cloudfront.net/files/fbpvtcha4j/54.3883/iobit-uninstaller-11.3.0.4-installer.exe","ipv4":"","ipv6":"","landingPageWildChar":"https://filehippo.com/download*","directDownloadingLinkWildChar":"https://d3ry3spu9wn6vo.cloudfront.net/files/*","sourceIndex":"800"},{"howFound":"","reference":"","landingPage":"https://filehippo.com/download_combo-cleaner/post_download/?nodl=1","directDownloadingLink":"https://do54checeiyro.cloudfront.net/files/uq1d9kucz5/34.002/combo-cleaner-1.0.42-installer.exe","ipv4":"","ipv6":"","landingPageWildChar":"https://filehippo.com/download*","directDownloadingLinkWildChar":"https://do54checeiyro.cloudfront.net/files/*","sourceIndex":"801"}],"sampleFiles":["231121/RiseDownloadManager-230309/9.0.2332.0/Samples/combo-cleaner-1.0.42-installer_xmC8-F1.exe"],"imageFiles":["231121/RiseDownloadManager-230309/9.0.2332.0/Images/ACR-109/Screen Shot 2023-11-21 at 2.11.43 PM.png","231121/RiseDownloadManager-230309/9.0.2332.0/Images/ACR-039/Screen Shot 2023-11-21 at 2.12.09 PM.png","231121/RiseDownloadManager-230309/9.0.2332.0/Images/ACR-013/Screen Shot 2023-11-21 at 2.35.47 PM.png","231121/RiseDownloadManager-230309/9.0.2332.0/Images/ACR-013/Screen Shot 2023-11-21 at 2.40.26 PM.png","231121/RiseDownloadManager-230309/9.0.2332.0/Images/ACR-013/Screen Shot 2023-11-21 at 3.23.19 PM.png","231121/RiseDownloadManager-230309/9.0.2332.0/Images/ACR-060/Screen Shot 2023-11-21 at 2.35.47 PM.png","231121/RiseDownloadManager-230309/9.0.2332.0/Images/ACR-060/Screen Shot 2023-11-21 at 2.40.26 PM.png","231121/RiseDownloadManager-230309/9.0.2332.0/Images/ACR-060/Screen Shot 2023-11-21 at 3.23.19 PM.png","231121/RiseDownloadManager-230309/9.0.2332.0/Images/ACR-060/Screen Shot 2023-11-21 at 2.35.47 PM.png","231121/RiseDownloadManager-230309/9.0.2332.0/Images/ACR-060/Screen Shot 2023-11-21 at 2.40.26 PM.png","231121/RiseDownloadManager-230309/9.0.2332.0/Images/ACR-060/Screen Shot 2023-11-21 at 3.23.19 PM.png"],"nonDeceptorImageFiles":["231121/RiseDownloadManager-230309/9.0.2332.0/Images/ACR-044/Screen Shot 2023-11-21 at 2.12.09 PM.png","231121/RiseDownloadManager-230309/9.0.2332.0/Images/ACR-060/Screen Shot 2023-11-21 at 2.35.47 PM.png","231121/RiseDownloadManager-230309/9.0.2332.0/Images/ACR-060/Screen Shot 2023-11-21 at 2.40.26 PM.png","231121/RiseDownloadManager-230309/9.0.2332.0/Images/ACR-060/Screen Shot 2023-11-21 at 3.23.19 PM.png"],"guid":"0e80ee49-1be4-4fa2-bc0e-f753258a3b88_9.0.2332.0_1","appID":"RiseDownloadManager-230309","dateAdded":"240125","deceptorType":"Bundler","name":"FileHippoDownloadManager","company":"filehippo.com","version":"9.0.2332.0","lastKnownStatus":"51.1052.0.0;8.7.2431;85.71.2401.4231;27.12.2947.2398;36.26.2683.9493;9.0.2332.0;27.12.2947.2398;9.1.1241.0;13.41.4168.8345","lastKnownDate":"240125","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 10,Windows 8,Windows 7","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"sold in bundle,cross-sell other apps","lastUpdate":"2024-01-25T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":8,"sortOrder":739},{"violations":{"ACR-004":"App does not provide free fixes for all the scan results that can't be permanently fixed, it can only clean 500MB then uses the remaining issues identified to upsell user the fix, requiring user to purchase subscription service to fix all results identified during free scan.\n"},"nonDeceptorViolations":{"ACR-045":"\"Try it Free\"  highlights \"Free\" misleads user. The functionality that requires consumer payment in order to be activated needs to be marked clearly in landing page. Otherwise app should remove \"free\" word.\n","ACR-065":"The app's install wizard does not contain links to it's Returns and Cancellation Policy, or the Privacy Policy.\nThe app's about page does not contain links to it's EULA or Terms of Service, Returns and Cancellation Policy, or the Privacy Policy.\n","ACR-161":"The landing page has testimonials that have no links back to a source so consumers can verify if they're real.\n","ACR-099":"The app's internal offers page does not contain links to uninstall information.\nThe app's landing page does not contain links to uninstall information.\nThe app's about page does not contain links to uninstall information.\n"},"samples":[{"isRevoked":"False","fileName":"imymac-powermymac.pkg","isInstaller":"True","fileVersion":"0.","hashMD5":"45e220731f27ae5448b6eaeebd38064a","hashSHA1":"00f8bec050d433567ce4614c2cef4aa13ca6e12c","hashSHA256":"d56ca91ad81b4dbfc134d272e516cecd7f99fa59eccff011e7fe7c3a72bc0941","sourceIndex":"1584","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"PowerMyMac","fileVersion":"0.","hashMD5":"d4d3639770415539288fd465e9446aed","hashSHA1":"d8717a9c41d304464bf4046e0f3309cc830180f5","hashSHA256":"9f99efecd8928a8da6997a7ae5a6753508ed8ace706ffb32357f4090ffe61c35","sourceIndex":"1584","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"iMyMac has another app that is a deceptor","landingPage":"https://www.imymac.com","directDownloadingLink":"https://download.imymac.com/download/imymac-powermymac.pkg ","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://download.imymac.com/download/imymac-powermymac.pkg ","sourceIndex":"1584"}],"sampleFiles":["220531/PowerMyMac-190410/5.2.2/Samples/imymac-powermymac.pkg","220531/PowerMyMac-190410/5.2.2/Samples/PowerMyMac"],"imageFiles":["220531/PowerMyMac-190410/5.2.2/Images/ACR-004/PowerMyMac_Interactions [7].png"],"nonDeceptorImageFiles":["220531/PowerMyMac-190410/5.2.2/Images/ACR-065/PowerMyMac_Install [1].png","220531/PowerMyMac-190410/5.2.2/Images/ACR-065/PowerMyMac_Install [2].png","220531/PowerMyMac-190410/5.2.2/Images/ACR-065/PowerMyMac_Install [3].png","220531/PowerMyMac-190410/5.2.2/Images/ACR-065/PowerMyMac_Install [4].png","220531/PowerMyMac-190410/5.2.2/Images/ACR-065/PowerMyMac_About [1].png","220531/PowerMyMac-190410/5.2.2/Images/ACR-099/PowerMyMac_OfferPage [1].png","220531/PowerMyMac-190410/5.2.2/Images/ACR-099/PowerMyMac_LandingPage [1].png","220531/PowerMyMac-190410/5.2.2/Images/ACR-099/PowerMyMac_About [1].png","220531/PowerMyMac-190410/5.2.2/Images/ACR-045/PowerMyMac_LandingPage [1].png"],"guid":"a2b25fe8-14b1-4164-a591-6ead241dfa7c_5.2.2_1","appID":"PowerMyMac-190410","dateAdded":"240125","deceptorType":"MacOS App","name":"Power My Mac","company":"iMyMac","version":"5.2.2","lastKnownStatus":"Deceptor:1.0.5;1.0.8;1.0.9;1.1.1;1.2.2;1.2.3;1.3.0;5.2.1;5.2.2;5.2.3;5.2.6","lastKnownDate":"240125","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2024-01-25T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":13,"sortOrder":746},{"violations":{"ACR-109":"Download Manager secretly downloads and writes the files to consumer system under hidden folder without user agreeing to install.\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software. \n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software\nThe offer network does not disclose itself in its offers to silently install unrelated software\n","ACR-039":"No clear indications of the relationship for the monetization components from RiseCodes and Carrier app is disclosed to user before offers being prompts. The links for privacy policy and Term of use mislead user that they are for Carrier app. \n(https://hello.softonic.com/privacy-policy/\nhttps://hello.softonic.com/terms-of-use/\nhttps://risecodes.com/privacy\nhttps://risecodes.com/terms)\n\n"},"nonDeceptorViolations":{"ACR-044":"Download manager doesn't disclose its bundling function when user choose to install carrier app.\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software\n"},"samples":[{"isRevoked":"False","fileName":"combo-cleaner-1.0.42-installer_pyj-KX1.exe","isInstaller":"True","fileVersion":"9.1","hashMD5":"70701ba408413d45fc44291f925b1996","hashSHA1":"6c9dbd67bb39fd6584f9cb9d16091e7645a02bb5","hashSHA256":"8487773ce1b7ab4aa7ea0f5c86f4c16f416de5f26d334ac1179960726b9e922b","digitalCertThumbprint":"3D77862197B955C13BA2BAF68E5B58DADC17D524","digitalCertIssuer":"CN=Sectigo Public Code Signing CA R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=FH Manager, O=FH Manager, S=Tel Aviv, C=IL","sourceIndex":"768","avBlockList":["Avira Internet Security (20240328)","COMODO Antivirus (20240328)","Dr.Web Security Space (20240328)","ESET Internet Security (20240328)","G DATA INTERNET SECURITY (20240328)","K7 Total Security (20240328)","Kaspersky Internet Security (20240328)","Malwarebytes Premium (20240328)","Norton Security (20240328)","Panda Dome (20240328)","Quick Heal Internet Security (20240328)","Sophos Home Premium (20240328)","SpyHunter5 (20240328)","Total AV Antivirus Pro (20240328)","VirIT eXplorer PRO (20240328)","Webroot SecureAnywhere (20240328)"],"avAllowList":["360 Total Security (20240328)","Avast Premium Security (20240328)","AVG Internet Security (20240328)","Bitdefender Internet Security (20240328)","McAfee Total Protection (20240328)","Trend Micro Internet Security (20240328)","VIPRE Advanced Security (20240328)","Windows Defender (20240328)"]}],"additionalFiles":[],"sources":[{"howFound":"FileHippo downloading","reference":"","landingPage":"https://filehippo.com/download_360-total-security-free-antivirus/","directDownloadingLink":"https://d3ry3spu9wn6vo.cloudfront.net/files/pvqydisc89/72.683/360-total-security-free-antivirus-10.8.0.1324-installer.exe","ipv4":"https://d3ry3spu9wn6vo.cloudfront.net/files/*","ipv6":"","landingPageWildChar":"https://filehippo.com/download*","directDownloadingLinkWildChar":"https://d3ry3spu9wn6vo.cloudfront.net/files/pvqydisc89/72.683/360-total-security-free-antivirus-10.8.0.1324-installer.exe","sourceIndex":"768"},{"howFound":"","reference":"","landingPage":"https://filehippo.com/download_combo-cleaner/","directDownloadingLink":"https://d3ry3spu9wn6vo.cloudfront.net/files/0tq7rjs9jy/56.8608/combo-cleaner-1.0.42-installer.exe","ipv4":"","ipv6":"","landingPageWildChar":"https://filehippo.com/download*","directDownloadingLinkWildChar":"https://d3ry3spu9wn6vo.cloudfront.net/files/*","sourceIndex":"769"},{"howFound":"","reference":"","landingPage":"https://filehippo.com/download_iobit-uninstaller/","directDownloadingLink":"https://d3ry3spu9wn6vo.cloudfront.net/files/fbpvtcha4j/54.3883/iobit-uninstaller-11.3.0.4-installer.exe","ipv4":"","ipv6":"","landingPageWildChar":"https://filehippo.com/download*","directDownloadingLinkWildChar":"https://d3ry3spu9wn6vo.cloudfront.net/files/*","sourceIndex":"770"},{"howFound":"","reference":"","landingPage":"https://filehippo.com/download_combo-cleaner/","directDownloadingLink":"https://do54checeiyro.cloudfront.net/files/hd336w7srd/37.480/combo-cleaner-1.0.42-installer.exe","ipv4":"","ipv6":"","landingPageWildChar":"https://filehippo.com/download*","directDownloadingLinkWildChar":"https://do54checeiyro.cloudfront.net/files/*","sourceIndex":"771"}],"sampleFiles":["240109/RiseDownloadManager-230309/9.1.1241.0/Samples/combo-cleaner-1.0.42-installer_pyj-KX1.exe"],"imageFiles":["240109/RiseDownloadManager-230309/9.1.1241.0/Images/ACR-109/files.png","240109/RiseDownloadManager-230309/9.1.1241.0/Images/ACR-039/download manager.png","240109/RiseDownloadManager-230309/9.1.1241.0/Images/ACR-013/offer 1.png","240109/RiseDownloadManager-230309/9.1.1241.0/Images/ACR-013/offer 2.png","240109/RiseDownloadManager-230309/9.1.1241.0/Images/ACR-060/offer 1.png","240109/RiseDownloadManager-230309/9.1.1241.0/Images/ACR-060/offer 2.png","240109/RiseDownloadManager-230309/9.1.1241.0/Images/ACR-060/offer 1.png","240109/RiseDownloadManager-230309/9.1.1241.0/Images/ACR-060/offer 2.png"],"nonDeceptorImageFiles":["240109/RiseDownloadManager-230309/9.1.1241.0/Images/ACR-044/download manager.png","240109/RiseDownloadManager-230309/9.1.1241.0/Images/ACR-060/offer 1.png","240109/RiseDownloadManager-230309/9.1.1241.0/Images/ACR-060/offer 2.png"],"guid":"0e80ee49-1be4-4fa2-bc0e-f753258a3b88_9.1.1241.0_1","appID":"RiseDownloadManager-230309","dateAdded":"240125","deceptorType":"Bundler","name":"FileHippoDownloadManager","company":"filehippo.com","version":"9.1.1241.0","lastKnownStatus":"51.1052.0.0;8.7.2431;85.71.2401.4231;27.12.2947.2398;36.26.2683.9493;9.0.2332.0;27.12.2947.2398;9.1.1241.0;13.41.4168.8345","lastKnownDate":"240125","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 10,Windows 8,Windows 7","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"sold in bundle,cross-sell other apps","lastUpdate":"2024-01-25T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":8,"sortOrder":737},{"violations":{"ACR-109":"Download Manager secretly downloads and writes the files to consumer system under hidden folder without user agreeing to install.\n","ACR-042":"Download manager communicate with 3rd party website and drops hidden file/potential offer app info in hidden folder without user permission.\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software. \n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software\n","ACR-039":"No clear indications of the relationship for the monetization components from RiseCodes and Carrier app is disclosed to user before offers being prompts. The links for privacy policy and Term of use mislead user that they are for Carrier app. \n(https://hello.softonic.com/privacy-policy/\nhttps://hello.softonic.com/terms-of-use/\nhttps://risecodes.com/privacy\nhttps://risecodes.com/terms)\n\n"},"nonDeceptorViolations":{"ACR-044":"Download manager doesn't disclose its bundling function when user choose to install carrier app.\n"},"samples":[{"isRevoked":"False","fileName":"combo-cleaner-1.0.42-installer_Xo-C851.exe","isInstaller":"True","fileVersion":"13.41","hashMD5":"6c17e306945dbd5281bcddd3a277107a","hashSHA1":"49988c43a7aad18eb938832173ab7313fe365b2f","hashSHA256":"e17b1a3adaa3883162e5927804bbce6372d62cf2989dc2a599a96b952a21bc4f","digitalCertThumbprint":"BA0816E9C5E14B31E81549CC1A70651FCD6C7B52","digitalCertIssuer":"CN=Sectigo Public Code Signing CA R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=FH Manager, O=FH Manager, S=Tel Aviv, C=IL","sourceIndex":"752","avBlockList":["360 Total Security (20240201)","Avira Internet Security (20240201)","COMODO Antivirus (20240201)","Dr.Web Security Space (20240201)","ESET Internet Security (20240201)","G DATA INTERNET SECURITY (20240201)","K7 Total Security (20240201)","Kaspersky Internet Security (20240201)","Malwarebytes Premium (20240201)","Norton Security (20240201)","Panda Dome (20240201)","Quick Heal Internet Security (20240201)","Sophos Home Premium (20240201)","SpyHunter5 (20240201)","Total AV Antivirus Pro (20240201)","VirIT eXplorer PRO (20240201)","Webroot SecureAnywhere (20240201)","Windows Defender (20240201)"],"avAllowList":["Avast Premium Security (20240201)","AVG Internet Security (20240201)","Bitdefender Internet Security (20240201)","McAfee Total Protection (20240201)","Trend Micro Internet Security (20240201)","VIPRE Advanced Security (20240201)"]},{"isRevoked":"False","fileName":"free-rar-password-recovery-3.53-installer_ARg4-g1.exe","isInstaller":"True","fileVersion":"13.41","hashMD5":"e77cc219b1bfbb791bf864477083d725","hashSHA1":"0167ed132d0b02c37b343f1be6676dd4753e5afa","hashSHA256":"66164bac6e603c31a292bda45ed3f9f801e119e046a78eccf9e3815a9c6ece8d","digitalCertThumbprint":"BA0816E9C5E14B31E81549CC1A70651FCD6C7B52","digitalCertIssuer":"CN=Sectigo Public Code Signing CA R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=FH Manager, O=FH Manager, S=Tel Aviv, C=IL","sourceIndex":"752","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"FileHippo downloading","reference":"","landingPage":"https://filehippo.com/download_combo-cleaner/","directDownloadingLink":"https://do54checeiyro.cloudfront.net/files/3dj6rafek6/47.344/combo-cleaner-1.0.42-installer.exe","ipv4":"","ipv6":"","landingPageWildChar":"https://filehippo.com/download*","directDownloadingLinkWildChar":"https://do54checeiyro.cloudfront.net/files/3dj6rafek6/47.344/combo-cleaner-1.0.42-installer.exe","sourceIndex":"752"},{"howFound":"","reference":"","landingPage":"https://filehippo.de/download_free-rar-password-recovery/","directDownloadingLink":"https://do54checeiyro.cloudfront.net/files/yvp4b09eqe/21.853/free-rar-password-recovery-3.53-installer.exe","ipv4":"","ipv6":"","landingPageWildChar":"https://filehippo.com/download*","directDownloadingLinkWildChar":"https://do54checeiyro.cloudfront.net/files/yvp4b09eqe/*","sourceIndex":"753"}],"sampleFiles":["240125/RiseDownloadManager-230309/13.41.4168.8345/Samples/combo-cleaner-1.0.42-installer_Xo-C851.exe","240125/RiseDownloadManager-230309/13.41.4168.8345/Samples/free-rar-password-recovery-3.53-installer_ARg4-g1.exe"],"imageFiles":["240125/RiseDownloadManager-230309/13.41.4168.8345/Images/ACR-109/ACR-109_Install_1.png","240125/RiseDownloadManager-230309/13.41.4168.8345/Images/ACR-039/ACR-039_Install_1.png","240125/RiseDownloadManager-230309/13.41.4168.8345/Images/ACR-042/ACR-042_Install_1.png","240125/RiseDownloadManager-230309/13.41.4168.8345/Images/ACR-042/ACR-042_Install_2.png","240125/RiseDownloadManager-230309/13.41.4168.8345/Images/ACR-013/ACR-013_Install_1.png","240125/RiseDownloadManager-230309/13.41.4168.8345/Images/ACR-060/ACR-060_Bundler-made offers_1.png"],"nonDeceptorImageFiles":["240125/RiseDownloadManager-230309/13.41.4168.8345/Images/ACR-044/ACR-044_Install_1.png"],"guid":"0e80ee49-1be4-4fa2-bc0e-f753258a3b88_13.41.4168.8345_1","appID":"RiseDownloadManager-230309","dateAdded":"240125","deceptorType":"Bundler","name":"FileHippoDownloadManager","company":"filehippo.com","version":"13.41.4168.8345","lastKnownStatus":"51.1052.0.0;8.7.2431;85.71.2401.4231;27.12.2947.2398;36.26.2683.9493;9.0.2332.0;27.12.2947.2398;9.1.1241.0;13.41.4168.8345","lastKnownDate":"240125","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 10,Windows 8,Windows 7","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"sold in bundle,cross-sell other apps","lastUpdate":"2024-01-25T19:50:19.7277449+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":8,"sortOrder":736},{"violations":{"ACR-109":"Download Manager secretly downloads and writes the files to consumer system under hidden folder without user agreeing to install.\n","ACR-042":"Download manager communicate with 3rd party website and drops hidden file/potential offer app info in hidden folder without user permission.  \n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software. \n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software.\nThe offer network does not disclose itself in its offers to silently install unrelated software.\n","ACR-075":"After carrier app was cancelled during installation, the offers are still installed without any notification for user.\n","ACR-039":"No clear indications of the relationship for the monetization components from RiseCodes and Carrier app is disclosed to user before offers being prompts. The links for privacy policy and Term of use mislead user that they are for Carrier app. \n(https://hello.softonic.com/privacy-policy/\nhttps://hello.softonic.com/terms-of-use/\nhttps://risecodes.com/privacy\nhttps://risecodes.com/terms)\n\n"},"nonDeceptorViolations":{"ACR-044":"Download manager doesn't disclose its bundling function when user choose to install carrier app.\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software\n"},"samples":[{"isRevoked":"False","fileName":"anydesk-7.0.4-installer_w8IM-D1.exe","isInstaller":"True","fileVersion":"27.12","hashMD5":"c0b915d66b4097169300f687e04155ef","hashSHA1":"0382430ad611469aaf2b53cf90a61617dd1ec447","hashSHA256":"50360ce930f5e96da0a4e2565f2854d813e4d6b858746f6b80a0f2c899607121","digitalCertThumbprint":"BA0816E9C5E14B31E81549CC1A70651FCD6C7B52","digitalCertIssuer":"CN=Sectigo Public Code Signing CA R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=FH Manager, O=FH Manager, S=Tel Aviv, C=IL","sourceIndex":"785","avBlockList":["360 Total Security (20231205)","Avira Internet Security (20231205)","Bitdefender Internet Security (20231205)","COMODO Antivirus (20231205)","Dr.Web Security Space (20231205)","ESET Internet Security (20231205)","G DATA INTERNET SECURITY (20231205)","K7 Total Security (20231205)","Kaspersky Internet Security (20231205)","Malwarebytes Premium (20231205)","Norton Security (20231205)","Panda Dome (20231205)","Quick Heal Internet Security (20231205)","Sophos Home Premium (20231205)","SpyHunter5 (20231205)","Total AV Antivirus Pro (20231205)","VIPRE Advanced Security (20231205)","VirIT eXplorer PRO (20231205)","Webroot SecureAnywhere (20231205)","Windows Defender (20231205)"],"avAllowList":["Avast Premium Security (20231205)","AVG Internet Security (20231205)","McAfee Total Protection (20231205)","Trend Micro Internet Security (20231205)"]},{"isRevoked":"False","fileName":"teracopy-3.26-installer_HoZ-fC1.exe","isInstaller":"True","fileVersion":"27.12","hashMD5":"750231862323aaa52756884aeb77c955","hashSHA1":"2fac17443e48bca318fcb83a61ffd40cd05f82bf","hashSHA256":"41fe10d5ae6f974b1f447d7d2da24d5c9844e8a973eabefc7b25603d8f8f9f8c","digitalCertThumbprint":"BA0816E9C5E14B31E81549CC1A70651FCD6C7B52","digitalCertIssuer":"CN=Sectigo Public Code Signing CA R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=FH Manager, O=FH Manager, S=Tel Aviv, C=IL","sourceIndex":"785","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"anydesk-7.0.4-installer_fPMZ3-1_231124.exe","isInstaller":"True","fileVersion":"27.12","hashMD5":"836a9f632d00ecdf9f290ea3478f11b0","hashSHA1":"d56c8568eea73f3e920bc09de75f8ca3b4373f32","hashSHA256":"00f54fbb8110ba714edd4aa09dd9c732da65e3d7044d6addf497a55132f01dd8","digitalCertThumbprint":"BA0816E9C5E14B31E81549CC1A70651FCD6C7B52","digitalCertIssuer":"CN=Sectigo Public Code Signing CA R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=FH Manager, O=FH Manager, S=Tel Aviv, C=IL","sourceIndex":"785","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"anydesk-7.0.4-installer_rEa-Pn1_231204.exe","isInstaller":"True","fileVersion":"27.12","hashMD5":"0fa6652d7211eafb869003222fc21c2e","hashSHA1":"944cf4826b1ed2878e8c4cd9ec9b86cd5f632bb5","hashSHA256":"a3a08f926b9506635fa8cd4cb2bb7babedccd9d5f66f1100d0692dc9ab17f1cb","digitalCertThumbprint":"BA0816E9C5E14B31E81549CC1A70651FCD6C7B52","digitalCertIssuer":"CN=Sectigo Public Code Signing CA R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=FH Manager, O=FH Manager, S=Tel Aviv, C=IL","sourceIndex":"785","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"FileHippo downloading","reference":"","landingPage":"https://filehippo.com/download_teracopy/","directDownloadingLink":"https://do54checeiyro.cloudfront.net/files/avtcqilq02/75.3272/teracopy-3.26-installer.exe","ipv4":"https://do54checeiyro.cloudfront.net/files/*","ipv6":"","landingPageWildChar":"https://filehippo.com/download*","directDownloadingLinkWildChar":"https://do54checeiyro.cloudfront.net/files/avtcqilq02/75.3272/teracopy-3.26-installer.exe","sourceIndex":"785"},{"howFound":"","reference":"","landingPage":"","ipv4":"","ipv6":"","sourceIndex":"786"}],"sampleFiles":["231211/RiseDownloadManager-230309/27.12.2947.2398/Samples/anydesk-7.0.4-installer_w8IM-D1.exe","231211/RiseDownloadManager-230309/27.12.2947.2398/Samples/teracopy-3.26-installer_HoZ-fC1.exe","231211/RiseDownloadManager-230309/27.12.2947.2398/Samples/anydesk-7.0.4-installer_fPMZ3-1_231124.exe","231211/RiseDownloadManager-230309/27.12.2947.2398/Samples/anydesk-7.0.4-installer_rEa-Pn1_231204.exe"],"imageFiles":["231211/RiseDownloadManager-230309/27.12.2947.2398/Images/ACR-109/bundle.jpg","231211/RiseDownloadManager-230309/27.12.2947.2398/Images/ACR-039/DM.jpg","231211/RiseDownloadManager-230309/27.12.2947.2398/Images/ACR-042/traffic.jpg","231211/RiseDownloadManager-230309/27.12.2947.2398/Images/ACR-042/bundle.jpg","231211/RiseDownloadManager-230309/27.12.2947.2398/Images/ACR-013/OptionalOffer.jpg","231211/RiseDownloadManager-230309/27.12.2947.2398/Images/ACR-060/RiseCodes_Offer_060.JPG","231211/RiseDownloadManager-230309/27.12.2947.2398/Images/ACR-075/RiseCodes_Offers.JPG","231211/RiseDownloadManager-230309/27.12.2947.2398/Images/ACR-060/ACR-060_1.png","231211/RiseDownloadManager-230309/27.12.2947.2398/Images/ACR-060/ACR-060_2.png","231211/RiseDownloadManager-230309/27.12.2947.2398/Images/ACR-060/ACR-060_3.png","231211/RiseDownloadManager-230309/27.12.2947.2398/Images/ACR-060/ACR-060_4.png"],"nonDeceptorImageFiles":["231211/RiseDownloadManager-230309/27.12.2947.2398/Images/ACR-044/DM.jpg","231211/RiseDownloadManager-230309/27.12.2947.2398/Images/ACR-060/OptionalOffer.jpg"],"guid":"0e80ee49-1be4-4fa2-bc0e-f753258a3b88_27.12.2947.2398_1","appID":"RiseDownloadManager-230309","dateAdded":"240125","deceptorType":"Bundler","name":"FileHippoDownloadManager","company":"filehippo.com","version":"27.12.2947.2398","lastKnownStatus":"51.1052.0.0;8.7.2431;85.71.2401.4231;27.12.2947.2398;36.26.2683.9493;9.0.2332.0;27.12.2947.2398;9.1.1241.0;13.41.4168.8345","lastKnownDate":"240125","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 10,Windows 8,Windows 7","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"sold in bundle,cross-sell other apps","lastUpdate":"2024-01-25T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":8,"sortOrder":738},{"violations":{"ACR-109":"The Offer provider components get dropped without consumer's consent prior to installation.\n","ACR-042":"Prior to installation, hidden executables and offer-related files gets dropped into a hidden folder before obtaining user consent.\n","ACR-043":"Third party components get dropped in one click without asking user's permission and disclosing the installation path.\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software.\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software.\n","ACR-039":"There is no clear indication about the relationship of the monetization components from the third-party monetizer. \n"},"nonDeceptorViolations":{"ACR-044":"No attribution for the download manager is shown at installation. Missing clear information about significant functions of Download Manager: it may show offers during installation. \n","ACR-035":"There is no EULA and the Privacy Policy does not identify the name of the App.\n"},"samples":[{"isRevoked":"False","fileName":"CheatEngine75.exe","isInstaller":"True","fileVersion":"7.5","hashMD5":"609fea742d34dc1d53f0eeb4873b1a0a","hashSHA1":"3232c52da3cb8f47a870162a35cdd75fcae60aea","hashSHA256":"e2e15826b69778e381f25ac8f2b109a377b23f7cf79b5f482e81f4d28c30f95e","digitalCertThumbprint":"7DA5EC34D9A6396D48AF98DD8BB841B1F71BDFD5","digitalCertIssuer":"CN=Sectigo Public Code Signing CA R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=EngineGame, O=EngineGame, S=Tel Aviv, C=IL","sourceIndex":"755","avBlockList":["Avira Internet Security (20240507)","COMODO Antivirus (20240507)","Dr.Web Security Space (20240507)","ESET Internet Security (20240507)","K7 Total Security (20240507)","Kaspersky Internet Security (20240507)","Malwarebytes Premium (20240507)","McAfee Total Protection (20240507)","Norton Security (20240507)","Panda Dome (20240507)","Quick Heal Internet Security (20240507)","Sophos Home Premium (20240507)","SpyHunter5 (20240507)","Total AV Antivirus Pro (20240507)","VirIT eXplorer PRO (20240507)","Webroot SecureAnywhere (20240507)"],"avAllowList":["360 Total Security (20240507)","Avast Premium Security (20240507)","AVG Internet Security (20240507)","Bitdefender Internet Security (20240507)","G DATA INTERNET SECURITY (20240507)","Trend Micro Internet Security (20240507)","VIPRE Advanced Security (20240507)","Windows Defender (20240507)"]},{"isRevoked":"False","fileName":"CheatEngine75_230927.exe","isInstaller":"True","fileVersion":"7.5","hashMD5":"f99cee24157dcaac5997a910795186a5","hashSHA1":"452f5d4016c339bfe97c843bceb5790dc1a4720f","hashSHA256":"b7e052ed2f1fd808bd332fe0b7cfba596f0d75e1134e380d3a7c56a1bf7b6489","digitalCertThumbprint":"9CD94C59500A37C757F126042A8CD752D0C7964D","digitalCertIssuer":"CN=Sectigo Public Code Signing CA R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=EngineGame, O=EngineGame, S=Tel Aviv, C=IL","sourceIndex":"755","avBlockList":["Avira Internet Security (20240507)","COMODO Antivirus (20240507)","Dr.Web Security Space (20240507)","ESET Internet Security (20240507)","K7 Total Security (20240507)","Kaspersky Internet Security (20240507)","Malwarebytes Premium (20240507)","Norton Security (20240507)","Panda Dome (20240507)","Quick Heal Internet Security (20240507)","Sophos Home Premium (20240507)","SpyHunter5 (20240507)","Total AV Antivirus Pro (20240507)","Trend Micro Internet Security (20240507)","VirIT eXplorer PRO (20240507)","Webroot SecureAnywhere (20240507)"],"avAllowList":["360 Total Security (20240507)","Avast Premium Security (20240507)","AVG Internet Security (20240507)","Bitdefender Internet Security (20240507)","G DATA INTERNET SECURITY (20240507)","McAfee Total Protection (20240507)","VIPRE Advanced Security (20240507)","Windows Defender (20240507)"]},{"isRevoked":"False","fileName":"CheatEngine75_230124.exe","isInstaller":"True","fileVersion":"7.5","hashMD5":"96d1196bd8e52d9889656b2960a27e5b","hashSHA1":"75b17106b9aa54ccea7583c8339b81993f27e69e","hashSHA256":"75f32ab1a2e666ca53d9d8e3d9d6d7e64ee068aa92af66bdd1e4f6527e83e1ec","digitalCertThumbprint":"9CD94C59500A37C757F126042A8CD752D0C7964D","digitalCertIssuer":"CN=Sectigo Public Code Signing CA R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=EngineGame, O=EngineGame, S=Tel Aviv, C=IL","sourceIndex":"755","avBlockList":["Avira Internet Security (20240507)","Bitdefender Internet Security (20240507)","COMODO Antivirus (20240507)","Dr.Web Security Space (20240507)","ESET Internet Security (20240507)","G DATA INTERNET SECURITY (20240507)","K7 Total Security (20240507)","Kaspersky Internet Security (20240507)","Malwarebytes Premium (20240507)","Norton Security (20240507)","Panda Dome (20240507)","Quick Heal Internet Security (20240507)","Sophos Home Premium (20240507)","SpyHunter5 (20240507)","Total AV Antivirus Pro (20240507)","VIPRE Advanced Security (20240507)","VirIT eXplorer PRO (20240507)","Webroot SecureAnywhere (20240507)"],"avAllowList":["360 Total Security (20240507)","Avast Premium Security (20240507)","AVG Internet Security (20240507)","McAfee Total Protection (20240507)","Trend Micro Internet Security (20240507)","Windows Defender (20240507)"]}],"additionalFiles":[],"sources":[{"howFound":"through BIBR","reference":"","landingPage":"https://cheatengine.org/","directDownloadingLink":"https://d1vdn3r1396bak.cloudfront.net/installer/7556859/0801310076659006983","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://d1vdn3r1396bak.cloudfront.net/installer/7556859/0801310076659006983","sourceIndex":"755"}],"sampleFiles":["240123/CheatEngine-230320/7.5.0/Samples/CheatEngine75.exe","240123/CheatEngine-230320/7.5.0/Samples/CheatEngine75_230927.exe","240123/CheatEngine-230320/7.5.0/Samples/CheatEngine75_230124.exe"],"imageFiles":["240123/CheatEngine-230320/7.5.0/Images/ACR-109/ACR-109_043_042.jpg","240123/CheatEngine-230320/7.5.0/Images/ACR-039/ACR-039_044.jpg","240123/CheatEngine-230320/7.5.0/Images/ACR-039/PP.jpg","240123/CheatEngine-230320/7.5.0/Images/ACR-043/ACR-109_043_042.jpg","240123/CheatEngine-230320/7.5.0/Images/ACR-042/ACR-109_043_042.jpg","240123/CheatEngine-230320/7.5.0/Images/ACR-013/Optional_Offer1.jpg","240123/CheatEngine-230320/7.5.0/Images/ACR-013/Optional_Offer2.jpg","240123/CheatEngine-230320/7.5.0/Images/ACR-060/Optional_Offer1.jpg","240123/CheatEngine-230320/7.5.0/Images/ACR-060/Optional_Offer2.jpg"],"nonDeceptorImageFiles":["240123/CheatEngine-230320/7.5.0/Images/ACR-044/ACR-039_044.jpg","240123/CheatEngine-230320/7.5.0/Images/ACR-035/PP.jpg"],"guid":"01fe8028-774e-410e-8ae8-304bad346a30_7.5.0_1","appID":"CheatEngine-230320","dateAdded":"240123","deceptorType":"App","name":"CheatEngine","company":"EngineGame","version":"7.5.0","lastKnownStatus":"7.5.0","lastKnownDate":"240123","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Adults only","monetization":"none","lastUpdate":"2024-01-24T07:53:17.7186774+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":770},{"violations":{"ACR-109":"The app downloads \"rk_setup.exe\", a RelevantKnowledge file without the consumer's consent.\n","ACR-048":"The \"Decline\" button does not have any control but still drops a RelevantKnowledge file “rk_setup.exe”.\n","ACR-010":"The app bundler distributes deceptor application. The offer in this bundler, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains \"curl-ca-bundle.crt\" on the device without the consumer's consent or notifying the user.\n","ACR-057":"The app bundles the \"Relevant Knowledge\" offer which does not allow the consumer to decline the offer.\n","ACR-071":"The \"Relevant Knowledge\" offer cannot be declined independently as the installation is unable to proceed when attempting to decline the offer. Thus it forces the user to, only accept the offer and proceed with the installation.\n","ACR-059":"The Offer is not clearly marked as an offer. It is unclear who is recommending the offer.\n","ACR-155":"Offers are designed to look like part of the install workflow.\n"},"nonDeceptorViolations":{"ACR-106":"App offers deceptive application 'Relevant Knowledge market survey'.\n","ACR-092":"The app does not have a digital signature for any executable.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files\\Photo Viewer For Win 10\\Photo Viewer For Win 10.exe","companyName":"","productName":"Picture Viewer For Win 10","productVersion":"1.2.0.0","fileVersion":"1.2.0.0","hashMD5":"75f9cb8a5c9a0b987cb6d40b0e5feafa","hashSHA1":"cc8a458e176416b3cd80ae1ea3018c1f5cc80407","hashSHA256":"695a07456d753b613d119e192c9cfbb04168316fc8a08834ddd3dbe37a1b6b01","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1271","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"PhotoViewerForWin10Setup.exe","isInstaller":"True","companyName":"Photo Viewer For Win 10                                     ","productName":"Photo Viewer For Win 10                                     ","productVersion":"1.3                                               ","fileVersion":"1.3                 ","hashMD5":"f62d3a3a5369a59774ea871be3927727","hashSHA1":"8ea747c8cd1135c6f9fd40540d9aa1d1fb925a1a","hashSHA256":"522b0ab9b884627fb0f1741f6ef14dd9b4d2e088a32986f0531219645c960d08","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1271","avBlockList":["360 Total Security (20230919)","Avast Premium Security (20230919)","AVG Internet Security (20230919)","Avira Internet Security (20230919)","Bitdefender Internet Security (20230919)","COMODO Antivirus (20230919)","Dr.Web Security Space (20230919)","ESET Internet Security (20230919)","G DATA INTERNET SECURITY (20230919)","K7 Total Security (20230919)","Kaspersky Internet Security (20230919)","Malwarebytes Premium (20230919)","McAfee Total Protection (20230919)","Norton Security (20230919)","Panda Dome (20230919)","Quick Heal Internet Security (20230919)","Sophos Home Premium (20230919)","SpyHunter5 (20230919)","Total AV Antivirus Pro (20230919)","Trend Micro Internet Security (20230919)","VIPRE Advanced Security (20230919)","VirIT eXplorer PRO (20230919)","Webroot SecureAnywhere (20230919)","Windows Defender (20230919)"],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on Relevant Knowledge Apps","reference":"","landingPage":"https://www.photoviewerforwin10.com/","directDownloadingLink":"https://www.photoviewerforwin10.com/PhotoViewerForWin10Setup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.photoviewerforwin10.com/PhotoViewerForWin10Setup.exe","sourceIndex":"1271"}],"sampleFiles":["221214/PhotoViewerForWin10-221213/1.3/Samples/PhotoViewerForWin10Setup.exe"],"imageFiles":["221214/PhotoViewerForWin10-221213/1.3/Images/ACR-109/ACR-109.JPG","221214/PhotoViewerForWin10-221213/1.3/Images/ACR-048/ACR-048.JPG","221214/PhotoViewerForWin10-221213/1.3/Images/ACR-010/ACR-010.JPG","221214/PhotoViewerForWin10-221213/1.3/Images/ACR-057/ACR-057.JPG","221214/PhotoViewerForWin10-221213/1.3/Images/ACR-059/ACR-059.JPG","221214/PhotoViewerForWin10-221213/1.3/Images/ACR-071/ACR-071.JPG","221214/PhotoViewerForWin10-221213/1.3/Images/ACR-155/ACR-155.JPG","221214/PhotoViewerForWin10-221213/1.3/Images/ACR-118/ACR-118.JPG"],"nonDeceptorImageFiles":["221214/PhotoViewerForWin10-221213/1.3/Images/ACR-106/ACR-106.JPG","221214/PhotoViewerForWin10-221213/1.3/Images/ACR-092/ACR-092.JPG"],"guid":"51b9ec50-4946-40af-80cf-aeb033e95e4c_1.3_1","appID":"PhotoViewerForWin10-221213","dateAdded":"240123","deceptorType":"App","name":"Photo Viewer For Win 10","company":"Photo Viewer For Win 10","version":"1.3","lastKnownStatus":"1.3;1.8;1.82;2.11;2.7;2.1;2.18;2.21","lastKnownDate":"240123","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"none","lastUpdate":"2024-01-23T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":8,"sortOrder":769},{"violations":{"ACR-109":"The app downloads \"rk_setup.exe\", a RelevantKnowledge file without the consumer's consent.\n","ACR-042":"The app drops the Root Certificate files before obtaining the consumer's permission through explicit user action in the installation prompt \n","ACR-043":"The app drops the Root Certificate files without disclosing in during installation \n","ACR-048":"The \"Decline\" button does not have any control but still drops a RelevantKnowledge file “rk_setup.exe”.\n","ACR-007":"The app does not obtain user consent for dropping the Root Certificate files to reduce the consumer's security posture caused by the installation prompt.\n","ACR-010":"The app bundler distributes deceptor application. The offer in this bundler, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control.\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains \"curl-ca-bundle.crt\" on the device without the consumer's consent or notifying the user.\n","ACR-057":"The app bundles the \"Relevant Knowledge\" offer which does not allow the consumer to decline the offer.\n","ACR-071":"The \"Relevant Knowledge\" offer cannot be declined independently as the installation is unable to proceed when attempting to decline the offer. Thus it forces the user to, only accept the offer and proceed with the installation.\n","ACR-059":"The Offer is not clearly marked as an offer. It is unclear who is recommending the offer.\n","ACR-155":"Offers is designed to look like part of the install workflow.\n"},"nonDeceptorViolations":{"ACR-045":"The app does not describe clearly and straightforwardly what effect is caused to the user's system due to the dropped Cert file in the installation prompt \n","ACR-106":"App offers deceptive application 'Relevant Knowledge market survey'.\n","ACR-092":"The app does not have a digital signature for any executable.\n","ACR-123":"The app does not remove an dropped root certificates even after uninstalling \n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files\\Photo Viewer For Win 10\\Photo Viewer For Win 10.exe","companyName":"","productName":"","productVersion":"","fileVersion":"","hashMD5":"b5b2f5f3ef54d6af9f20b4acab0fc901","hashSHA1":"7801ae7157471001440c4fda51afb8e9fcbd73e4","hashSHA256":"5abb979f5f53b956f59e05df8caec50a89adc0b3c292d6aa0851ff6237b6b659","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1082","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"PhotoViewerForWin10Setup.exe","isInstaller":"True","companyName":"                                                            ","productName":"Photo Viewer For Win 10 and 11                              ","productVersion":"1.8                                               ","fileVersion":"1.8                 ","hashMD5":"44025c75fa43d2d86d3476c8cb60f2b1","hashSHA1":"70c761c4ff2f31823f95ff8efab34893bffdfd73","hashSHA256":"ed4b9af104bfdf6960ab7ad8c373d7f8d7437e865d84012c31611a2d7acb2a48","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1082","avBlockList":["Avast Premium Security (20230926)","AVG Internet Security (20230926)","Avira Internet Security (20230926)","Bitdefender Internet Security (20230926)","ESET Internet Security (20230926)","G DATA INTERNET SECURITY (20230926)","K7 Total Security (20230926)","Kaspersky Internet Security (20230926)","Malwarebytes Premium (20230926)","McAfee Total Protection (20230926)","Norton Security (20230926)","Panda Dome (20230926)","Quick Heal Internet Security (20230926)","Sophos Home Premium (20230926)","SpyHunter5 (20230926)","Total AV Antivirus Pro (20230926)","Trend Micro Internet Security (20230926)","VIPRE Advanced Security (20230926)","VirIT eXplorer PRO (20230926)","Webroot SecureAnywhere (20230926)","Windows Defender (20230926)"],"avAllowList":["360 Total Security (20230926)","COMODO Antivirus (20230926)","Dr.Web Security Space (20230926)"]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on Relevant Knowledge Apps","reference":"","landingPage":"https://www.photoviewerforwin10.com/","directDownloadingLink":"https://www.photoviewerforwin10.com/PhotoViewerForWin10Setup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.photoviewerforwin10.com/PhotoViewerForWin10Setup.exe","sourceIndex":"1082"}],"sampleFiles":["230525/PhotoViewerForWin10-221213/1.8/Samples/PhotoViewerForWin10Setup.exe"],"imageFiles":["230525/PhotoViewerForWin10-221213/1.8/Images/ACR-109/ACR-109.JPG","230525/PhotoViewerForWin10-221213/1.8/Images/ACR-048/ACR-048.JPG","230525/PhotoViewerForWin10-221213/1.8/Images/ACR-010/ACR-010.JPG","230525/PhotoViewerForWin10-221213/1.8/Images/ACR-057/ACR-057.JPG","230525/PhotoViewerForWin10-221213/1.8/Images/ACR-059/ACR-059.JPG","230525/PhotoViewerForWin10-221213/1.8/Images/ACR-071/ACR-071.JPG","230525/PhotoViewerForWin10-221213/1.8/Images/ACR-155/ACR-155.JPG","230525/PhotoViewerForWin10-221213/1.8/Images/ACR-118/ACR-118.JPG","230525/PhotoViewerForWin10-221213/1.8/Images/ACR-043/ACR-043.JPG","230525/PhotoViewerForWin10-221213/1.8/Images/ACR-042/ACR-042.JPG","230525/PhotoViewerForWin10-221213/1.8/Images/ACR-007/ACR-007.JPG","230525/PhotoViewerForWin10-221213/1.8/Images/ACR-013/ACR-013.JPG","230525/PhotoViewerForWin10-221213/1.8/Images/ACR-060/ACR-060.JPG"],"nonDeceptorImageFiles":["230525/PhotoViewerForWin10-221213/1.8/Images/ACR-106/ACR-106.JPG","230525/PhotoViewerForWin10-221213/1.8/Images/ACR-092/ACR-092.JPG","230525/PhotoViewerForWin10-221213/1.8/Images/ACR-045/ACR-045.JPG","230525/PhotoViewerForWin10-221213/1.8/Images/ACR-123/ACR-123.JPG"],"guid":"51b9ec50-4946-40af-80cf-aeb033e95e4c_1.8_1","appID":"PhotoViewerForWin10-221213","dateAdded":"240123","deceptorType":"App","name":"Photo Viewer For Win 10","company":"Photo Viewer For Win 10","version":"1.8","lastKnownStatus":"1.3;1.8;1.82;2.11;2.7;2.1;2.18;2.21","lastKnownDate":"240123","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"none","lastUpdate":"2024-01-23T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":8,"sortOrder":768},{"violations":{"ACR-109":"The app downloads \"rk_setup.exe\", a RelevantKnowledge file without the consumer's consent.\n","ACR-042":"The app drops the Root Certificate files before obtaining the consumer's permission through explicit user action in the installation prompt \n","ACR-043":"The app drops the Root Certificate files without disclosing in during installation \n","ACR-048":"The \"Decline\" button does not have any control but still drops a RelevantKnowledge file “rk_setup.exe”.\n","ACR-007":"The app does not obtain user consent for dropping the Root Certificate files to reduce the consumer's security posture caused by the installation prompt.\n","ACR-010":"The app bundler distributes deceptor application. The offer in this bundler, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control.\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains the main executable and \"curl-ca-bundle.crt\" file on the device without the consumer's consent or notifying the user.\n","ACR-057":"The app bundles the \"Relevant Knowledge\" offer which does not allow the consumer to decline the offer.\n","ACR-071":"The \"Relevant Knowledge\" offer cannot be declined independently as the installation is unable to proceed when attempting to decline the offer. Thus it forces the user to, only accept the offer and proceed with the installation.\n","ACR-059":"The Offer is not clearly marked as an offer. It is unclear who is recommending the offer.\n","ACR-155":"Offers is designed to look like part of the install workflow.\n"},"nonDeceptorViolations":{"ACR-045":"The app does not describe clearly and straightforwardly what effect is caused to the user's system due to the dropped Cert file in the installation prompt \n","ACR-106":"App offers deceptive application 'Relevant Knowledge market survey'.\n","ACR-092":"The app does not have a digital signature for any executable.\n","ACR-123":"The app does not remove an dropped root certificates even after uninstalling \n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files\\Photo Viewer For Win 10\\Photo Viewer For Win 10.exe","companyName":"","productName":"","productVersion":"","fileVersion":"","hashMD5":"b5b2f5f3ef54d6af9f20b4acab0fc901","hashSHA1":"7801ae7157471001440c4fda51afb8e9fcbd73e4","hashSHA256":"5abb979f5f53b956f59e05df8caec50a89adc0b3c292d6aa0851ff6237b6b659","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1053","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"PhotoViewerForWin10SetupD.exe","isInstaller":"True","companyName":"                                                            ","productName":"Photo Viewer For Win 10 and 11                              ","productVersion":"1.82                ","fileVersion":"1.82                ","hashMD5":"57a2a51b0526bbf4c8016ff4931091ed","hashSHA1":"5609346736ea77b0fa0aab8229e8eafeb91090f2","hashSHA256":"997d419dc8dc4c61c8a256e9d7f1f1a6362d8026a2dda9cbc78e1bc99ce48e4b","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1053","avBlockList":["360 Total Security (20240516)","Avast Premium Security (20240516)","AVG Internet Security (20240516)","Avira Internet Security (20240516)","Bitdefender Internet Security (20240516)","COMODO Antivirus (20240516)","Dr.Web Security Space (20240516)","ESET Internet Security (20240516)","G DATA INTERNET SECURITY (20240516)","K7 Total Security (20240516)","Kaspersky Internet Security (20240516)","Malwarebytes Premium (20240516)","McAfee Total Protection (20240516)","Norton Security (20240516)","Panda Dome (20240516)","Quick Heal Internet Security (20240516)","Sophos Home Premium (20240516)","SpyHunter5 (20240516)","Total AV Antivirus Pro (20240516)","Trend Micro Internet Security (20240516)","VIPRE Advanced Security (20240516)","VirIT eXplorer PRO (20240516)","Webroot SecureAnywhere (20240516)","Windows Defender (20240516)"],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on Relevant Knowledge Apps","reference":"","landingPage":"https://www.photoviewerforwin10.com/","directDownloadingLink":"https://www.photoviewerforwin10.com/PhotoViewerForWin10SetupD.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.photoviewerforwin10.com/PhotoViewerForWin10SetupD.exe","sourceIndex":"1053"}],"sampleFiles":["230609/PhotoViewerForWin10-221213/1.82/Samples/PhotoViewerForWin10SetupD.exe"],"imageFiles":["230609/PhotoViewerForWin10-221213/1.82/Images/ACR-109/ACR-109.JPG","230609/PhotoViewerForWin10-221213/1.82/Images/ACR-048/ACR-048.JPG","230609/PhotoViewerForWin10-221213/1.82/Images/ACR-010/ACR-010.JPG","230609/PhotoViewerForWin10-221213/1.82/Images/ACR-057/ACR-057.JPG","230609/PhotoViewerForWin10-221213/1.82/Images/ACR-059/ACR-059.JPG","230609/PhotoViewerForWin10-221213/1.82/Images/ACR-071/ACR-071.JPG","230609/PhotoViewerForWin10-221213/1.82/Images/ACR-155/ACR-155.JPG","230609/PhotoViewerForWin10-221213/1.82/Images/ACR-118/ACR-118.JPG","230609/PhotoViewerForWin10-221213/1.82/Images/ACR-118/ACR-118_2.JPG","230609/PhotoViewerForWin10-221213/1.82/Images/ACR-043/ACR-043.JPG","230609/PhotoViewerForWin10-221213/1.82/Images/ACR-042/ACR-042.JPG","230609/PhotoViewerForWin10-221213/1.82/Images/ACR-007/ACR-007.JPG","230609/PhotoViewerForWin10-221213/1.82/Images/ACR-013/ACR-013.JPG","230609/PhotoViewerForWin10-221213/1.82/Images/ACR-060/ACR-060.JPG"],"nonDeceptorImageFiles":["230609/PhotoViewerForWin10-221213/1.82/Images/ACR-106/ACR-106.JPG","230609/PhotoViewerForWin10-221213/1.82/Images/ACR-092/ACR-092.JPG","230609/PhotoViewerForWin10-221213/1.82/Images/ACR-045/ACR-045.JPG","230609/PhotoViewerForWin10-221213/1.82/Images/ACR-123/ACR-123.JPG"],"guid":"51b9ec50-4946-40af-80cf-aeb033e95e4c_1.82_1","appID":"PhotoViewerForWin10-221213","dateAdded":"240123","deceptorType":"App","name":"Photo Viewer For Win 10","company":"Photo Viewer For Win 10","version":"1.82","lastKnownStatus":"1.3;1.8;1.82;2.11;2.7;2.1;2.18;2.21","lastKnownDate":"240123","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"none","lastUpdate":"2026-05-12T23:00:06.0239955+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":8,"sortOrder":767},{"violations":{"ACR-109":"The app downloads \"rk_setup.exe\", a RelevantKnowledge file without the consumer's consent.\n","ACR-048":"The \"Decline\" button does not have any control but still drops a RelevantKnowledge file “rk_setup.exe”.\n","ACR-010":"The app bundler distributes deceptor application. The offer in this bundler, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control.\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains the main executable and \"curl-ca-bundle.crt\" file on the device without the consumer's consent or notifying the user.\n","ACR-057":"The app bundles the \"Relevant Knowledge\" offer which does not allow the consumer to decline the offer.\n","ACR-071":"The \"Relevant Knowledge\" offer cannot be declined independently as the installation is unable to proceed when attempting to decline the offer. Thus it forces the user to, only accept the offer and proceed with the installation.\n","ACR-059":"The Offer is not clearly marked as an offer. It is unclear who is recommending the offer.\n","ACR-155":"Offers is designed to look like part of the install workflow.\n"},"nonDeceptorViolations":{"ACR-106":"App offers deceptive application 'Relevant Knowledge market survey'.\n","ACR-092":"The app does not have a digital signature for any executable.\n"},"samples":[{"isRevoked":"False","fileName":"PhotoViewerForWin10Setup.exe","isInstaller":"True","companyName":"                                                            ","productName":"Photo Viewer For Windows 10                                 ","productVersion":"2.7                 ","fileVersion":"2.7                 ","hashMD5":"9e8f57334106ac56972fa9f485629195","hashSHA1":"546e9e8f2dcb6a70056f6f00e1c6a23a8fbde739","hashSHA256":"b19a573d99ba89e7d9f32f420d23dd63b7422ed2b31e199ba305d7593cb11ddb","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"948","avBlockList":["Avast Premium Security (20231031)","AVG Internet Security (20231031)","Avira Internet Security (20231031)","Bitdefender Internet Security (20231031)","COMODO Antivirus (20231031)","Dr.Web Security Space (20231031)","ESET Internet Security (20231031)","G DATA INTERNET SECURITY (20231031)","K7 Total Security (20231031)","Kaspersky Internet Security (20231031)","Malwarebytes Premium (20231031)","McAfee Total Protection (20231031)","Norton Security (20231031)","Panda Dome (20231031)","Quick Heal Internet Security (20231031)","Sophos Home Premium (20231031)","SpyHunter5 (20231031)","Total AV Antivirus Pro (20231031)","VIPRE Advanced Security (20231031)","VirIT eXplorer PRO (20231031)","Webroot SecureAnywhere (20231031)","Windows Defender (20231031)"],"avAllowList":["360 Total Security (20231031)","Trend Micro Internet Security (20231031)"]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on Relevant Knowledge Apps","reference":"","landingPage":"https://www.photoviewerforwin10.com/","directDownloadingLink":"https://www.photoviewerforwin10.com/PhotoViewerForWin10Setup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.photoviewerforwin10.com/PhotoViewerForWin10Setup.exe","sourceIndex":"948"}],"sampleFiles":["230731/PhotoViewerForWin10-221213/2.7/Samples/PhotoViewerForWin10Setup.exe"],"imageFiles":["230731/PhotoViewerForWin10-221213/2.7/Images/ACR-109/ACR-109_Install_1.png","230731/PhotoViewerForWin10-221213/2.7/Images/ACR-048/ACR-048_Install_1.png","230731/PhotoViewerForWin10-221213/2.7/Images/ACR-010/ACR-010_Install_1.png","230731/PhotoViewerForWin10-221213/2.7/Images/ACR-057/ACR-057_Bundler-made offers_1.png","230731/PhotoViewerForWin10-221213/2.7/Images/ACR-059/ACR-059_Bundler-made offers_1.png","230731/PhotoViewerForWin10-221213/2.7/Images/ACR-071/ACR-071_Bundler-made offers_1.png","230731/PhotoViewerForWin10-221213/2.7/Images/ACR-155/ACR-155_Bundler-made offers_1.png","230731/PhotoViewerForWin10-221213/2.7/Images/ACR-118/ACR-118_Uninstall_1.png","230731/PhotoViewerForWin10-221213/2.7/Images/ACR-013/ACR-013_Install_1.png","230731/PhotoViewerForWin10-221213/2.7/Images/ACR-060/ACR-060_Bundler-made offers_1.png"],"nonDeceptorImageFiles":["230731/PhotoViewerForWin10-221213/2.7/Images/ACR-106/ACR-106_Software_1.png","230731/PhotoViewerForWin10-221213/2.7/Images/ACR-092/ACR-092_Software_1.png"],"guid":"51b9ec50-4946-40af-80cf-aeb033e95e4c_2.7_1","appID":"PhotoViewerForWin10-221213","dateAdded":"240123","deceptorType":"App","name":"Photo Viewer For Win 10","company":"Photo Viewer For Win 10","version":"2.7","lastKnownStatus":"1.3;1.8;1.82;2.11;2.7;2.1;2.18;2.21","lastKnownDate":"240123","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"none","lastUpdate":"2026-05-12T23:00:03.0809209+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":8,"sortOrder":765},{"violations":{"ACR-109":"The app downloads \"rk_setup.exe\", a RelevantKnowledge file without the consumer's consent.\n","ACR-048":"The \"Decline\" button does not have any control but still drops a RelevantKnowledge file “rk_setup.exe”.\n","ACR-010":"The app bundler distributes deceptor application. The offer in this bundler, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control.\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains the main executable and \"curl-ca-bundle.crt\" file on the device without the consumer's consent or notifying the user.\n","ACR-057":"The app bundles the \"Relevant Knowledge\" offer which does not allow the consumer to decline the offer.\n","ACR-071":"The \"Relevant Knowledge\" offer cannot be declined independently as the installation is unable to proceed when attempting to decline the offer. Thus it forces the user to, only accept the offer and proceed with the installation.\n","ACR-059":"The Offer is not clearly marked as an offer. It is unclear who is recommending the offer.\n","ACR-155":"Offers is designed to look like part of the install workflow.\n"},"nonDeceptorViolations":{"ACR-106":"App offers deceptive application 'Relevant Knowledge market survey'.\n","ACR-092":"The app does not have a digital signature for any executable.\n"},"samples":[{"isRevoked":"False","fileName":"PhotoViewerForWin10Setup.exe","isInstaller":"True","companyName":"Photo Viewer For Win 10                                     ","productName":"Photo Viewer For Win 10 and 11                              ","productVersion":"2.1                 ","fileVersion":"2.1                 ","hashMD5":"dc8b1fd76075cc28bd47300c8a7aff28","hashSHA1":"4a29474ffa0ab42f5708965937b83350cc3fc930","hashSHA256":"640d1fd31e27ae4faebba619a2dc4ef026d0905c7f0619890bfedff0f3612cdf","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"929","avBlockList":["Avast Premium Security (20230928)","AVG Internet Security (20230928)","Avira Internet Security (20230928)","Bitdefender Internet Security (20230928)","COMODO Antivirus (20230928)","Dr.Web Security Space (20230928)","ESET Internet Security (20230928)","G DATA INTERNET SECURITY (20230928)","K7 Total Security (20230928)","Kaspersky Internet Security (20230928)","Malwarebytes Premium (20230928)","McAfee Total Protection (20230928)","Norton Security (20230928)","Panda Dome (20230928)","Quick Heal Internet Security (20230928)","Sophos Home Premium (20230928)","SpyHunter5 (20230928)","Total AV Antivirus Pro (20230928)","Trend Micro Internet Security (20230928)","VIPRE Advanced Security (20230928)","VirIT eXplorer PRO (20230928)","Webroot SecureAnywhere (20230928)"],"avAllowList":["360 Total Security (20230928)","Windows Defender (20230928)"]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on Relevant Knowledge Apps","reference":"","landingPage":"https://www.photoviewerforwin10.com/","directDownloadingLink":"https://www.photoviewerforwin10.com/PhotoViewerForWin10Setup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.photoviewerforwin10.com/PhotoViewerForWin10Setup.exe","sourceIndex":"929"}],"sampleFiles":["230807/PhotoViewerForWin10-221213/2.1/Samples/PhotoViewerForWin10Setup.exe"],"imageFiles":["230807/PhotoViewerForWin10-221213/2.1/Images/ACR-109/ACR-109_Install_1.png","230807/PhotoViewerForWin10-221213/2.1/Images/ACR-048/ACR-048_Install_1.png","230807/PhotoViewerForWin10-221213/2.1/Images/ACR-010/ACR-010_Install_1.png","230807/PhotoViewerForWin10-221213/2.1/Images/ACR-057/ACR-057_Bundler-made offers_1.png","230807/PhotoViewerForWin10-221213/2.1/Images/ACR-059/ACR-059_Bundler-made offers_1.png","230807/PhotoViewerForWin10-221213/2.1/Images/ACR-071/ACR-071_Bundler-made offers_1.png","230807/PhotoViewerForWin10-221213/2.1/Images/ACR-155/ACR-155_Bundler-made offers_1.png","230807/PhotoViewerForWin10-221213/2.1/Images/ACR-118/ACR-118_Uninstall_1.png","230807/PhotoViewerForWin10-221213/2.1/Images/ACR-013/ACR-013_Install_1.png","230807/PhotoViewerForWin10-221213/2.1/Images/ACR-060/ACR-060_Bundler-made offers_1.png"],"nonDeceptorImageFiles":["230807/PhotoViewerForWin10-221213/2.1/Images/ACR-106/ACR-106_Software_1.png","230807/PhotoViewerForWin10-221213/2.1/Images/ACR-092/ACR-092_Software_1.png"],"guid":"51b9ec50-4946-40af-80cf-aeb033e95e4c_2.1_1","appID":"PhotoViewerForWin10-221213","dateAdded":"240123","deceptorType":"App","name":"Photo Viewer For Win 10","company":"Photo Viewer For Win 10","version":"2.1","lastKnownStatus":"1.3;1.8;1.82;2.11;2.7;2.1;2.18;2.21","lastKnownDate":"240123","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"none","lastUpdate":"2026-05-12T23:00:02.7457962+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":8,"sortOrder":764},{"violations":{"ACR-109":"The app downloads \"mnrks.exe\", a RelevantKnowledge file without the consumer's consent.\n","ACR-042":"The app initiates network communications with 3rd party offer provider before obtaining user consent. \n","ACR-048":"The \"Decline\" button does not have any control but still drops a RelevantKnowledge file “mnrks.exe”.\n","ACR-010":"The app bundler distributes deceptor application. The offer in this bundler, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control.\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains the main executable and \"curl-ca-bundle.crt\" file on the device without the consumer's consent or notifying the user.\n","ACR-057":"The app bundles the \"Relevant Knowledge\" offer which does not allow the consumer to decline the offer.\n","ACR-071":"The \"Relevant Knowledge\" offer cannot be declined independently as the installation is unable to proceed when attempting to decline the offer. Thus it forces the user to, only accept the offer and proceed with the installation.\n","ACR-059":"The Offer is not clearly marked as an offer. It is unclear who is recommending the offer.\n","ACR-155":"Offers is designed to look like part of the install workflow.\n"},"nonDeceptorViolations":{"ACR-106":"App offers deceptive application 'Relevant Knowledge market survey'.\n","ACR-092":"The app does not have a digital signature for any executable.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files\\Photo Viewer For Win 10\\Photo Viewer For Win 10.exe","companyName":"","productName":"","productVersion":"","fileVersion":"","hashMD5":"962e3b4a209ceefae61031b794245908","hashSHA1":"170a849aec0961cdc0e6f77f2ab83ec4cfa82201","hashSHA256":"f2537cf99813090d3464e71bcd906a6ef7e41a22eac9f0157d2bbc2244bb33ec","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"882","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"PhotoViewerForWin10Setup.exe","isInstaller":"True","companyName":"Photo Viewer For Win 10                                     ","productName":"Photo Viewer For Win 10                                     ","productVersion":"2.18                ","fileVersion":"2.18                ","hashMD5":"5a845e40650231c23fe0678670bea47d","hashSHA1":"e34cc463e2364497ec07dc07a13b6fdcec5f1db9","hashSHA256":"828e4258acb76e7f45ee239fb9bb93b92191899992d34ed655de66d6b7a17d89","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"882","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on Relevant Knowledge Apps","reference":"","landingPage":"https://www.photoviewerforwin10.com/","directDownloadingLink":"https://www.photoviewerforwin10.com/PhotoViewerForWin10Setup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.photoviewerforwin10.com/PhotoViewerForWin10Setup.exe","sourceIndex":"882"}],"sampleFiles":["231002/PhotoViewerForWin10-221213/2.18/Samples/PhotoViewerForWin10Setup.exe"],"imageFiles":["231002/PhotoViewerForWin10-221213/2.18/Images/ACR-109/ACR-109.JPG","231002/PhotoViewerForWin10-221213/2.18/Images/ACR-048/ACR-048.JPG","231002/PhotoViewerForWin10-221213/2.18/Images/ACR-010/ACR-010.JPG","231002/PhotoViewerForWin10-221213/2.18/Images/ACR-057/ACR-057.JPG","231002/PhotoViewerForWin10-221213/2.18/Images/ACR-059/ACR-059.JPG","231002/PhotoViewerForWin10-221213/2.18/Images/ACR-071/ACR-071.JPG","231002/PhotoViewerForWin10-221213/2.18/Images/ACR-155/ACR-155.JPG","231002/PhotoViewerForWin10-221213/2.18/Images/ACR-118/ACR-118.JPG","231002/PhotoViewerForWin10-221213/2.18/Images/ACR-118/ACR-118_1.JPG","231002/PhotoViewerForWin10-221213/2.18/Images/ACR-042/ACR-042.JPG","231002/PhotoViewerForWin10-221213/2.18/Images/ACR-013/ACR-013.JPG","231002/PhotoViewerForWin10-221213/2.18/Images/ACR-060/ACR-060.JPG"],"nonDeceptorImageFiles":["231002/PhotoViewerForWin10-221213/2.18/Images/ACR-106/ACR-106.JPG","231002/PhotoViewerForWin10-221213/2.18/Images/ACR-092/ACR-092.JPG"],"guid":"51b9ec50-4946-40af-80cf-aeb033e95e4c_2.18_1","appID":"PhotoViewerForWin10-221213","dateAdded":"240123","deceptorType":"App","name":"Photo Viewer For Win 10","company":"Photo Viewer For Win 10","version":"2.18","lastKnownStatus":"1.3;1.8;1.82;2.11;2.7;2.1;2.18;2.21","lastKnownDate":"240123","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"none","lastUpdate":"2026-05-12T23:00:01.0631099+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":8,"sortOrder":763},{"violations":{"ACR-109":"The app downloads \"uprkset.exe\", a RelevantKnowledge file without the consumer's consent.\n","ACR-042":"The app initiates network communications with 3rd party offer provider before obtaining user consent. \n","ACR-010":"The app bundler distributes deceptor application. The offer in this bundler, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control.\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains the main executable and \"curl-ca-bundle.crt\" file on the device without the consumer's consent or notifying the user.\n","ACR-057":"The app bundles the \"Relevant Knowledge\" offer which does not allow the consumer to decline the offer.\n","ACR-071":"The \"Relevant Knowledge\" offer cannot be declined independently as the installation is unable to proceed when attempting to decline the offer. Thus it forces the user to, only accept the offer and proceed with the installation.\n","ACR-059":"The Offer is not clearly marked as an offer. It is unclear who is recommending the offer.\n","ACR-155":"Offers is designed to look like part of the install workflow.\n"},"nonDeceptorViolations":{"ACR-106":"App offers deceptive application 'Relevant Knowledge market survey'.\n","ACR-092":"The app does not have a digital signature for any executable.\n"},"samples":[{"isRevoked":"False","fileName":"PhotoViewerForWin10Setup.exe","isInstaller":"True","companyName":"Photo Viewer For Win 10                                     ","productName":"Photo Viewer For Win 10                                     ","productVersion":"2.21                ","fileVersion":"2.21                ","hashMD5":"877bfa8548195598fc88c0e0ce6899e6","hashSHA1":"9118c3dd43307cc4bce0326d2708363a688b88c8","hashSHA256":"9bb0cfbcf45f7bef0f4f5e88c080c4f9b59f61de2d751fb331e32d32526c1d79","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"756","avBlockList":["Avast Premium Security (20240215)","AVG Internet Security (20240215)","Avira Internet Security (20240215)","Bitdefender Internet Security (20240215)","COMODO Antivirus (20240215)","Dr.Web Security Space (20240215)","ESET Internet Security (20240215)","G DATA INTERNET SECURITY (20240215)","K7 Total Security (20240215)","Kaspersky Internet Security (20240215)","Malwarebytes Premium (20240215)","McAfee Total Protection (20240215)","Norton Security (20240215)","Panda Dome (20240215)","Quick Heal Internet Security (20240215)","Sophos Home Premium (20240215)","SpyHunter5 (20240215)","Total AV Antivirus Pro (20240215)","VIPRE Advanced Security (20240215)","VirIT eXplorer PRO (20240215)","Webroot SecureAnywhere (20240215)","Windows Defender (20240215)"],"avAllowList":["360 Total Security (20240215)","Trend Micro Internet Security (20240215)"]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on Relevant Knowledge Apps","reference":"","landingPage":"https://www.photoviewerforwin10.com/","directDownloadingLink":"https://www.photoviewerforwin10.com/PhotoViewerForWin10Setup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.photoviewerforwin10.com/PhotoViewerForWin10Setup.exe","sourceIndex":"756"}],"sampleFiles":["240123/PhotoViewerForWin10-221213/2.21/Samples/PhotoViewerForWin10Setup.exe"],"imageFiles":["240123/PhotoViewerForWin10-221213/2.21/Images/ACR-109/ACR-109_Install_1.png","240123/PhotoViewerForWin10-221213/2.21/Images/ACR-010/ACR-010_Install_1.png","240123/PhotoViewerForWin10-221213/2.21/Images/ACR-057/ACR-057_Bundler-made offers_1.png","240123/PhotoViewerForWin10-221213/2.21/Images/ACR-059/ACR-059_Bundler-made offers_1.png","240123/PhotoViewerForWin10-221213/2.21/Images/ACR-071/ACR-071_Bundler-made offers_1.png","240123/PhotoViewerForWin10-221213/2.21/Images/ACR-155/ACR-155_Bundler-made offers_1.png","240123/PhotoViewerForWin10-221213/2.21/Images/ACR-118/ACR-118_Uninstall_1.png","240123/PhotoViewerForWin10-221213/2.21/Images/ACR-118/ACR-118_Uninstall_2.png","240123/PhotoViewerForWin10-221213/2.21/Images/ACR-042/ACR-042_Install_1.png","240123/PhotoViewerForWin10-221213/2.21/Images/ACR-013/ACR-013_Install_1.png","240123/PhotoViewerForWin10-221213/2.21/Images/ACR-060/ACR-060_Bundler-made offers_1.png"],"nonDeceptorImageFiles":["240123/PhotoViewerForWin10-221213/2.21/Images/ACR-106/ACR-106_Software_1.png","240123/PhotoViewerForWin10-221213/2.21/Images/ACR-092/ACR-092_Software_1.png"],"guid":"51b9ec50-4946-40af-80cf-aeb033e95e4c_2.21_1","appID":"PhotoViewerForWin10-221213","dateAdded":"240123","deceptorType":"App","name":"Photo Viewer For Win 10","company":"Photo Viewer For Win 10","version":"2.21","lastKnownStatus":"1.3;1.8;1.82;2.11;2.7;2.1;2.18;2.21","lastKnownDate":"240123","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"none","lastUpdate":"2026-05-12T22:59:57.9013226+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":8,"sortOrder":762},{"violations":{"ACR-109":"The app downloads \"rk_setup.exe\", a RelevantKnowledge file without the consumer's consent.\n","ACR-042":"The app drops the Root Certificate files before obtaining the consumer's permission through explicit user action in the installation prompt \n","ACR-043":"The app drops the Root Certificate files without disclosing in during installation \n","ACR-048":"The \"Decline\" button does not have any control but still drops a RelevantKnowledge file “rk_setup.exe”.\n","ACR-007":"The app does not obtain user consent for dropping the Root Certificate files to reduce the consumer's security posture caused by the installation prompt.\n","ACR-010":"The app bundler distributes deceptor application. The offer in this bundler, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control.\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains the main executable and \"curl-ca-bundle.crt\" file on the device without the consumer's consent or notifying the user.\n","ACR-057":"The app bundles the \"Relevant Knowledge\" offer which does not allow the consumer to decline the offer.\n","ACR-071":"The \"Relevant Knowledge\" offer cannot be declined independently as the installation is unable to proceed when attempting to decline the offer. Thus it forces the user to, only accept the offer and proceed with the installation.\n","ACR-059":"The Offer is not clearly marked as an offer. It is unclear who is recommending the offer.\n","ACR-155":"Offers is designed to look like part of the install workflow.\n"},"nonDeceptorViolations":{"ACR-045":"The app does not describe clearly and straightforwardly what effect is caused to the user's system due to the dropped Cert file in the installation prompt \n","ACR-106":"App offers deceptive application 'Relevant Knowledge market survey'.\n","ACR-092":"The app does not have a digital signature for any executable.\n","ACR-123":"The app does not remove an dropped root certificates even after uninstalling \n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files\\Photo Viewer For Win 10\\Photo Viewer For Win 10.exe","companyName":"","productName":"Picture Viewer For Win 10 and 11","productVersion":"1.5.0.0","fileVersion":"2.1.0.0","hashMD5":"59ef384fb4a3253672c61f8cc503c66f","hashSHA1":"c8d098be0a4c6c675b6a6965bb7052d9373a3eac","hashSHA256":"2d20f3c1fa703b758bff1a47fbfcdf7deb9e881aaa767cf3c690f21fbf8f1b89","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1041","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"PhotoViewerForWin10SetupD.exe","isInstaller":"True","companyName":"Photo Viewer For Win 10                                     ","productName":"Photo Viewer For Win 10 and 11                              ","productVersion":"2.11                ","fileVersion":"2.11                ","hashMD5":"5eeef13c4fcfb2614b1ea0b7c76a1e12","hashSHA1":"c0fd8902f431dd747e528c1bf05c9976336ac514","hashSHA256":"a3a5a9cf0df8ab87a06155cbfd5e135a55b55db56dc3b34535f65cf0cbc429e1","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1041","avBlockList":["360 Total Security (20240507)","Avast Premium Security (20240507)","AVG Internet Security (20240507)","Avira Internet Security (20240507)","Bitdefender Internet Security (20240507)","COMODO Antivirus (20240507)","Dr.Web Security Space (20240507)","ESET Internet Security (20240507)","G DATA INTERNET SECURITY (20240507)","K7 Total Security (20240507)","Kaspersky Internet Security (20240507)","Malwarebytes Premium (20240507)","McAfee Total Protection (20240507)","Norton Security (20240507)","Panda Dome (20240507)","Quick Heal Internet Security (20240507)","Sophos Home Premium (20240507)","SpyHunter5 (20240507)","Total AV Antivirus Pro (20240507)","Trend Micro Internet Security (20240507)","VIPRE Advanced Security (20240507)","VirIT eXplorer PRO (20240507)","Webroot SecureAnywhere (20240507)","Windows Defender (20240507)"],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on windows app","reference":"","landingPage":"https://www.photoviewerforwin10.com/","directDownloadingLink":"https://www.photoviewerforwin10.com/PhotoViewerForWin10SetupD.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.photoviewerforwin10.com/PhotoViewerForWin10SetupD.exe","sourceIndex":"1041"}],"sampleFiles":["230616/PhotoViewerForWin10-221213/2.11/Samples/PhotoViewerForWin10SetupD.exe"],"imageFiles":["230616/PhotoViewerForWin10-221213/2.11/Images/ACR-109/ACR-109.JPG","230616/PhotoViewerForWin10-221213/2.11/Images/ACR-048/ACR-048.JPG","230616/PhotoViewerForWin10-221213/2.11/Images/ACR-010/ACR-010.JPG","230616/PhotoViewerForWin10-221213/2.11/Images/ACR-057/ACR-057.JPG","230616/PhotoViewerForWin10-221213/2.11/Images/ACR-059/ACR-059.JPG","230616/PhotoViewerForWin10-221213/2.11/Images/ACR-071/ACR-071.JPG","230616/PhotoViewerForWin10-221213/2.11/Images/ACR-155/ACR-155.JPG","230616/PhotoViewerForWin10-221213/2.11/Images/ACR-118/ACR-118.JPG","230616/PhotoViewerForWin10-221213/2.11/Images/ACR-118/ACR-118_1.JPG","230616/PhotoViewerForWin10-221213/2.11/Images/ACR-043/ACR-043.JPG","230616/PhotoViewerForWin10-221213/2.11/Images/ACR-042/ACR-042.JPG","230616/PhotoViewerForWin10-221213/2.11/Images/ACR-007/ACR-007.JPG","230616/PhotoViewerForWin10-221213/2.11/Images/ACR-013/ACR-013.JPG","230616/PhotoViewerForWin10-221213/2.11/Images/ACR-060/ACR-060.JPG"],"nonDeceptorImageFiles":["230616/PhotoViewerForWin10-221213/2.11/Images/ACR-106/ACR-106.JPG","230616/PhotoViewerForWin10-221213/2.11/Images/ACR-092/ACR-092.JPG","230616/PhotoViewerForWin10-221213/2.11/Images/ACR-092/ACR-092_1.JPG","230616/PhotoViewerForWin10-221213/2.11/Images/ACR-045/ACR-045.JPG","230616/PhotoViewerForWin10-221213/2.11/Images/ACR-123/ACR-123.JPG"],"guid":"51b9ec50-4946-40af-80cf-aeb033e95e4c_2.11_1","appID":"PhotoViewerForWin10-221213","dateAdded":"240123","deceptorType":"App","name":"Photo Viewer For Win 10","company":"Photo Viewer For Win 10","version":"2.11","lastKnownStatus":"1.3;1.8;1.82;2.11;2.7;2.1;2.18;2.21","lastKnownDate":"240123","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"none","lastUpdate":"2026-05-12T23:00:05.6463593+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":8,"sortOrder":766},{"violations":{"ACR-048":"1. The app enables the consumer to hide the app from the system tray, which limits the targeted consumer's ability to close the app and does not list its own app to uninstall in programs and features\n2. The app does not provide any control to disable the startup it created.\n","ACR-007":"The app does not provide explicit notification when it is running. It also requires a hotkey and password to open it. These prevent the targeted consumer from being notified or giving informed consent.\n","ACR-084":"1. On quitting the app, the process runs silently in the background, hiding the fact that it is active from the consumer. \n2. The app enables the installing consumer to hide the app from the targeted consumer: it prevents the app from showing in the system tray, control panel, and is saved in a hidden folder. The app uses a hotkey and password to hide its presence\n3. The app creates a startup to perform an action without the user's knowledge and consent\n","ACR-086":"The app does not inform the consumer how it transfers data. It also requires a hotkey and password to open it, which prevents the targeted consumer from understanding what data is collected and transmitted.\n","ACR-116":"The app enables the consumer to hide it from the installed apps list.\n"},"nonDeceptorViolations":{"ACR-040":"The app installs itself in a hidden folder \"Program Data\".\n","ACR-065":"The app's install wizard does not contain a link to its Privacy Policy. \nThe app does not provide links to the app's EULA & Privacy Policy.\n","ACR-092":"The installer and other executables are not digitally signed\n"},"samples":[{"isRevoked":"False","fileName":"C:\\ProgramData\\HeavenWard\\BestKey\\bestkey.exe","companyName":"HeavenWard","productName":"Best Keylogger for Parents","productVersion":"3.12.6.7","fileVersion":"3.12.6.7","hashMD5":"8b4e8e7dd4694c1d2967bb1f3deed796","hashSHA1":"5d59565b81414deba63b42fcb2d5a1f768b7f01d","hashSHA256":"31a58ba39e00efd7e736cdfa2dc4b30d384b02a45b9896d3d1162eceb0c60dcd","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"757","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"BKPackage.exe","isInstaller":"True","companyName":"HeavenWard","productName":"Best Keylogger for Parents","productVersion":"","fileVersion":"3.12.6.7","hashMD5":"9e35508ad615ea6986129b8e1b087cf5","hashSHA1":"9ec3d86fa82794bf5716bcf54d4872b6e6b8e50d","hashSHA256":"0cf1f23d74f881724b0cc2e5bdbb5ec6aaa583456f870e91f2b02bf32f38dbd5","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"757","avBlockList":["360 Total Security (20240521)","Avast Premium Security (20240521)","AVG Internet Security (20240521)","Avira Internet Security (20240521)","Bitdefender Internet Security (20240521)","COMODO Antivirus (20240521)","ESET Internet Security (20240521)","G DATA INTERNET SECURITY (20240521)","K7 Total Security (20240521)","Kaspersky Internet Security (20240521)","Malwarebytes Premium (20240521)","McAfee Total Protection (20240521)","Norton Security (20240521)","Panda Dome (20240521)","Quick Heal Internet Security (20240521)","Sophos Home Premium (20240521)","SpyHunter5 (20240521)","Total AV Antivirus Pro (20240521)","Trend Micro Internet Security (20240521)","VIPRE Advanced Security (20240521)","VirIT eXplorer PRO (20240521)","Webroot SecureAnywhere (20240521)","Windows Defender (20240521)"],"avAllowList":["Dr.Web Security Space (20240521)"]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"https://www.hwsuite.com/compare-best-keyloggers-for-windows-8.php","landingPage":"https://www.hwsuite.com/download-the-powerful-little-keylogger-for-windows-8.php","directDownloadingLink":"https://hwsuite-2021.online/BKPackage.exe?token=1640612926_d309eb4f01b9574997cf37aa03da3f2a83278fbe&fileName=BKPackage.exe ","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://hwsuite-2021.online/BKPackage.exe?token=1640612926_d309eb4f01b9574997cf37aa03da3f2a83278fbe&fileName=BKPackage.exe ","sourceIndex":"757"}],"sampleFiles":["240122/BestKey-211228/3.12.6.7/Samples/BKPackage.exe"],"imageFiles":["240122/BestKey-211228/3.12.6.7/Images/ACR-084/ACR-084_Software_1.png","240122/BestKey-211228/3.12.6.7/Images/ACR-084/ACR-084_Software_2.png","240122/BestKey-211228/3.12.6.7/Images/ACR-084/ACR-084_Software_3.png","240122/BestKey-211228/3.12.6.7/Images/ACR-084/ACR-084_Software_4.png","240122/BestKey-211228/3.12.6.7/Images/ACR-084/ACR-084_Software_5.png","240122/BestKey-211228/3.12.6.7/Images/ACR-084/ACR-084_Software_6.png","240122/BestKey-211228/3.12.6.7/Images/ACR-084/ACR-084_Software_7.png","240122/BestKey-211228/3.12.6.7/Images/ACR-084/ACR-084_Software_8.png","240122/BestKey-211228/3.12.6.7/Images/ACR-086/ACR-086_Software_1.png","240122/BestKey-211228/3.12.6.7/Images/ACR-086/ACR-086_Software_2.png","240122/BestKey-211228/3.12.6.7/Images/ACR-086/ACR-086_Software_3.png","240122/BestKey-211228/3.12.6.7/Images/ACR-048/ACR-048_Software_1.png","240122/BestKey-211228/3.12.6.7/Images/ACR-048/ACR-048_Software_2.png","240122/BestKey-211228/3.12.6.7/Images/ACR-048/ACR-048_Software_3.png","240122/BestKey-211228/3.12.6.7/Images/ACR-048/ACR-048_Software_4.png","240122/BestKey-211228/3.12.6.7/Images/ACR-048/ACR-048_Software_5.png","240122/BestKey-211228/3.12.6.7/Images/ACR-007/ACR-007_Software_1.png","240122/BestKey-211228/3.12.6.7/Images/ACR-007/ACR-007_Software_2.png","240122/BestKey-211228/3.12.6.7/Images/ACR-007/ACR-007_Software_3.png","240122/BestKey-211228/3.12.6.7/Images/ACR-007/ACR-007_Software_4.png","240122/BestKey-211228/3.12.6.7/Images/ACR-116/ACR-116_Uninstall_1.png"],"nonDeceptorImageFiles":["240122/BestKey-211228/3.12.6.7/Images/ACR-040/ACR-040_Install_1.png","240122/BestKey-211228/3.12.6.7/Images/ACR-065/ACR-065_Install_1.png","240122/BestKey-211228/3.12.6.7/Images/ACR-092/ACR-092_Software_1.png","240122/BestKey-211228/3.12.6.7/Images/ACR-092/ACR-092_Software_2.png","240122/BestKey-211228/3.12.6.7/Images/ACR-065/ACR-065_Software_1.png"],"guid":"037ddee1-c71d-49ab-a54d-53d6af3e48b8_3.12.6.7_1","appID":"BestKey-211228","dateAdded":"240122","deceptorType":"App","name":"BestKey","company":"HeavenWard","version":"3.12.6.7","lastKnownStatus":"3.12.3.1;3.12.5.0;3.12.6.6;3.12.6.7","lastKnownDate":"240122","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,paid","lastUpdate":"2026-05-12T22:59:58.013919+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":4,"sortOrder":772},{"violations":{"ACR-048":"1. The app enables the consumer to hide the app from the system tray, which limits the targeted consumer's ability to close the app. \n2. The app does not provide any control to disable the startup it created.\n","ACR-007":"The app does not provide explicit notification when it is running. It also requires a hotkey and password to open it. These prevent the targeted consumer from being notified or giving informed consent.\n","ACR-084":"1. On quitting the app, the process runs silently in the background, hiding the fact that it is active from the consumer. \n2. The app enables the installing consumer to hide the app from the targeted consumer: it prevents the app from showing in the system tray, control panel, and is saved in a hidden folder. The app uses a hotkey and password to hide its presence. \n","ACR-086":"The app does not inform the consumer how it transfers data. It also requires a hotkey and password to open it, which prevents the targeted consumer from understanding what data is collected and transmitted.\n","ACR-116":"The app enables the consumer to hide it from the installed apps list.\n"},"nonDeceptorViolations":{"ACR-040":"The app installs itself in a hidden folder \"Program Data\".\n","ACR-065":"The app's install wizard does not contain a link to its Privacy Policy. \nThe app does not provide links to the app's EULA & Privacy Policy.\n","ACR-092":"The application has no signed certificate it is unsigned.\n","ACR-099":"The landing page does not display links to uninstall information. \n","ACR-167":"The application's has no mention of a 30 days refund policy.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\ProgramData\\HeavenWard\\BestKey\\bestkey.exe","companyName":"HeavenWard","productName":"Best Keylogger for Parents","productVersion":"3.12.5.0","fileVersion":"3.12.5.0","hashMD5":"128260df5203f8aa2fa185a68e01543d","hashSHA1":"6362ab8331ba65bc35a7e59c3f9fbcbb796e1ef5","hashSHA256":"ea3befe264d4c06eb35a92f5b196878bda746baf951c06e69ac1198625824911","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1692","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"BKPackage.exe","isInstaller":"True","companyName":"HeavenWard","productName":"Best Keylogger for Parents","productVersion":"","fileVersion":"3.12.5.0","hashMD5":"bc6f302b9a9581c6607f5394c7772f8c","hashSHA1":"8317a19a12aafd16d6c00acc1faa86cc7597635f","hashSHA256":"185bc52bb215e7b1c3ace4f9be742f5dbec46f5eb974250f2a929d365c2b3d04","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1692","avBlockList":["360 Total Security (20220317)","Avast Premium Security (20220317)","AVG Internet Security (20220317)","Avira Internet Security (20220317)","Bitdefender Internet Security (20220317)","COMODO Antivirus (20220317)","ESET Internet Security (20220317)","G DATA INTERNET SECURITY (20220317)","K7 Total Security (20220317)","Kaspersky Internet Security (20220317)","Malwarebytes Premium (20220317)","McAfee Total Protection (20220317)","Norton Security (20220317)","Panda Dome (20220317)","Quick Heal Internet Security (20220317)","Sophos Home Premium (20220317)","SpyHunter5 (20220317)","Tencent PC Manager (20220317)","Total AV Antivirus Pro (20220317)","Trend Micro Internet Security (20220317)","VIPRE Advanced Security (20220317)","VirIT eXplorer PRO (20220317)","Webroot SecureAnywhere (20220317)","Windows Defender (20220317)"],"avAllowList":["Dr.Web Security Space (20220317)"]}],"additionalFiles":[],"sources":[{"howFound":"Google search- Keylogger","reference":"","landingPage":"https://www.hwsuite.com/bestkeylogger-the-powerful-little-keylogger-for-windows-8.php","directDownloadingLink":"https://www.hwsuite.com/download-the-powerful-little-keylogger-for-windows-8.php","ipv4":"","ipv6":"","landingPageWildChar":"","directDownloadingLinkWildChar":"https://www.hwsuite.com/download-the-powerful-little-keylogger-for-windows-8.php","sourceIndex":"1692"}],"sampleFiles":["220307/BestKey-211228/3.12.5.0/Samples/BKPackage.exe"],"imageFiles":["220307/BestKey-211228/3.12.5.0/Images/ACR-084/ACR-084_Software.JPG","220307/BestKey-211228/3.12.5.0/Images/ACR-084/ACR-084_Software_1.JPG","220307/BestKey-211228/3.12.5.0/Images/ACR-084/ACR-084_Software_2.JPG","220307/BestKey-211228/3.12.5.0/Images/ACR-084/ACR-084_Software_3.JPG","220307/BestKey-211228/3.12.5.0/Images/ACR-084/ACR-084_Software_4.JPG","220307/BestKey-211228/3.12.5.0/Images/ACR-084/ACR-084_Software_5.JPG","220307/BestKey-211228/3.12.5.0/Images/ACR-086/ACR-086_Software.JPG","220307/BestKey-211228/3.12.5.0/Images/ACR-086/ACR-086_Software_1.JPG","220307/BestKey-211228/3.12.5.0/Images/ACR-086/ACR-086_Software_2.JPG","220307/BestKey-211228/3.12.5.0/Images/ACR-086/ACR-086_Software_3.JPG","220307/BestKey-211228/3.12.5.0/Images/ACR-048/ACR-048_Software_No_Control.JPG","220307/BestKey-211228/3.12.5.0/Images/ACR-048/ACR-048_Software_No_Control_1.JPG","220307/BestKey-211228/3.12.5.0/Images/ACR-048/ACR-048_Software_No_Control_2.JPG","220307/BestKey-211228/3.12.5.0/Images/ACR-048/ACR-048_Software_No_Control_3.JPG","220307/BestKey-211228/3.12.5.0/Images/ACR-048/ACR-048_Software_No_Control_4.JPG","220307/BestKey-211228/3.12.5.0/Images/ACR-007/ACR-086_Software.JPG","220307/BestKey-211228/3.12.5.0/Images/ACR-007/ACR-086_Software_1.JPG","220307/BestKey-211228/3.12.5.0/Images/ACR-007/ACR-086_Software_2.JPG","220307/BestKey-211228/3.12.5.0/Images/ACR-007/ACR-086_Software_3.JPG","220307/BestKey-211228/3.12.5.0/Images/ACR-116/ACR-116_Uninstall.JPG"],"nonDeceptorImageFiles":["220307/BestKey-211228/3.12.5.0/Images/ACR-040/ACR-040_Install.JPG","220307/BestKey-211228/3.12.5.0/Images/ACR-065/ACR-065_Install.JPG","220307/BestKey-211228/3.12.5.0/Images/ACR-092/ACR-092_Software.JPG","220307/BestKey-211228/3.12.5.0/Images/ACR-092/ACR-092_Software_1.JPG","220307/BestKey-211228/3.12.5.0/Images/ACR-065/ACR-065_Software.JPG","220307/BestKey-211228/3.12.5.0/Images/ACR-167/ACR-167_Docs.jpg","220307/BestKey-211228/3.12.5.0/Images/ACR-099/ACR-099_Landingpage_No_UninstallInfo.jpg"],"guid":"037ddee1-c71d-49ab-a54d-53d6af3e48b8_3.12.5.0_1","appID":"BestKey-211228","dateAdded":"240122","deceptorType":"App","name":"BestKey","company":"HeavenWard","version":"3.12.5.0","lastKnownStatus":"3.12.3.1;3.12.5.0;3.12.6.6;3.12.6.7","lastKnownDate":"240122","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,paid","lastUpdate":"2024-01-22T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":4,"sortOrder":774},{"violations":{"ACR-048":"The app is not able to be deleted from the Control Panel\n","ACR-007":"The app does not provide explicit notification when it is running. It also requires a hotkey and password to open it. These prevent the targeted consumer from being notified or giving informed consent.\n","ACR-084":"The app requires a hotkey and password to open it and is saved in a hidden folder, which prevents the targeted consumer from finding it.\n","ACR-086":"The app does not inform the consumer how it transfers data. It also requires a hotkey and password to open it, which prevents the targeted consumer from understanding what data is collected and transmitted.\n","ACR-116":"The app enables the consumer to hide it from the installed apps list.\n"},"nonDeceptorViolations":{"ACR-040":"The app installs itself in a hidden folder \"Program Data\".\n","ACR-092":"The application has no signed certificate it is unsigned.\n","ACR-099":"The landing page does not display links to uninstall information. \n","ACR-167":"The application's has no mention of a 30 days refund policy.\n"},"samples":[{"isRevoked":"False","fileName":"bestkey.exe","companyName":"HeavenWard","fileVersion":"3.12","hashMD5":"d55ee208c25553b3833268a2af023932","hashSHA1":"54aa8026616c9171b35b5b90f0f6a7cb2166fe10","hashSHA256":"0800f32e4356b5a8c6eb0e439f95208b88e104926fe877d8fee8260742c12245","sourceIndex":"1746","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"BKPackage.exe","isInstaller":"True","companyName":"HeavenWard","fileVersion":"3.12","hashMD5":"259c1249f7a6013a7fc9156ef4b66cb4","hashSHA1":"3fbe8eb12803189d28fa100c7296355d91d18a63","hashSHA256":"c8d1aa3775d7fb7f980d6a5989b692f067cc3781af8842a7f0eab0c5298c09fc","sourceIndex":"1746","avBlockList":["360 Total Security (20220113)","Avast Premium Security (20220113)","AVG Internet Security (20220113)","Avira Internet Security (20220113)","Bitdefender Internet Security (20220113)","ESET Internet Security (20220113)","G DATA INTERNET SECURITY (20220113)","K7 Total Security (20220113)","Kaspersky Internet Security (20220113)","Malwarebytes Premium (20220113)","McAfee Total Protection (20220113)","Norton Security (20220113)","Panda Dome (20220113)","Quick Heal Internet Security (20220113)","Sophos Home Premium (20220113)","SpyHunter5 (20220113)","Tencent PC Manager (20220113)","Total AV Antivirus Pro (20220113)","Trend Micro Internet Security (20220113)","VIPRE Advanced Security (20220113)","VirIT eXplorer PRO (20220113)","Webroot SecureAnywhere (20220113)","Windows Defender (20220113)"],"avAllowList":["COMODO Antivirus (20220113)","Dr.Web Security Space (20220113)"]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"https://www.hwsuite.com/compare-best-keyloggers-for-windows-8.php","landingPage":"https://www.hwsuite.com/download-the-powerful-little-keylogger-for-windows-8.php","directDownloadingLink":"https://hwsuite-2021.online/BKPackage.exe?token=1640612926_d309eb4f01b9574997cf37aa03da3f2a83278fbe&fileName=BKPackage.exe ","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://hwsuite-2021.online/BKPackage.exe?token=1640612926_d309eb4f01b9574997cf37aa03da3f2a83278fbe&fileName=BKPackage.exe ","sourceIndex":"1746"}],"sampleFiles":["211228/BestKey-211228/3.12.3.1/Samples/bestkey.exe","211228/BestKey-211228/3.12.3.1/Samples/BKPackage.exe"],"imageFiles":["211228/BestKey-211228/3.12.3.1/Images/ACR-084/BestKey_Interactions [2].png","211228/BestKey-211228/3.12.3.1/Images/ACR-084/BestKey_Files [1].png","211228/BestKey-211228/3.12.3.1/Images/ACR-086/BestKey_Interactions [2].png","211228/BestKey-211228/3.12.3.1/Images/ACR-048/BestKey_ControlPanel [1].png","211228/BestKey-211228/3.12.3.1/Images/ACR-007/BestKey_RunningProcess [1].png","211228/BestKey-211228/3.12.3.1/Images/ACR-007/BestKey_Interactions [2].png","211228/BestKey-211228/3.12.3.1/Images/ACR-007/BestKey_Interactions [4].png","211228/BestKey-211228/3.12.3.1/Images/ACR-116/BestKey_ControlPanel [1].png"],"nonDeceptorImageFiles":["211228/BestKey-211228/3.12.3.1/Images/ACR-040/BestKey_Files [1].png","211228/BestKey-211228/3.12.3.1/Images/ACR-092/BestKey_FileProperty [1].png","211228/BestKey-211228/3.12.3.1/Images/ACR-092/BestKey_FileProperty [2].png","211228/BestKey-211228/3.12.3.1/Images/ACR-092/BestKey_FileProperty [3].png","211228/BestKey-211228/3.12.3.1/Images/ACR-167/BestKey_LandingPage [1].png","211228/BestKey-211228/3.12.3.1/Images/ACR-099/BestKey_LandingPage [1].png"],"guid":"037ddee1-c71d-49ab-a54d-53d6af3e48b8_3.12.3.1_1","appID":"BestKey-211228","dateAdded":"240122","deceptorType":"App","name":"BestKey","company":"HeavenWard","version":"3.12.3.1","sigName":"Deceptor:Win32/BestKey!084086048007116","lastKnownStatus":"3.12.3.1;3.12.5.0;3.12.6.6;3.12.6.7","lastKnownDate":"240122","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,paid","lastUpdate":"2024-01-22T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":4,"sortOrder":775},{"violations":{"ACR-109":"The app downloads \"rk_setup.exe\", a RelevantKnowledge file before disclosure and without the consumer's consent\n","ACR-010":"The app distributes deceptor application. The offer in this app, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software\n","ACR-118":"Upon uninstallation, it retains some executables and many of its other components along with a \"curl-ca-bundle.crt\" and other components on the device without user's knowledge\n","ACR-057":"The app bundles the \"Relevant Knowledge\" offer which does not allow the consumer to decline the offer\n","ACR-071":"It attempts to force the acceptance of \"Relevant Knowledge\" by graying out the Next button when the user choose to Decline. Thus, forcing the user to only accept the offer and proceed with the installation\n","ACR-059":"Offer not clearly marked as an offer. Instead, it is presented as a component of the carrier.\n","ACR-155":"Offers are designed to look like part of the install workflow\n"},"nonDeceptorViolations":{"ACR-106":"App offers deceptive application 'Relevant Knowledge market survey\n","ACR-092":"The app does not have a digital signature for any executable\n","ACR-123":"The app does not remove dropped root certificates even after uninstalling\n"},"samples":[{"isRevoked":"False","fileName":"lector-de-pdf.exe","isInstaller":"True","companyName":"convertidor-de-pdf.com                                      ","fileVersion":"0.0","hashMD5":"b1fa02b3e52ce37f23d3a5d1ee738c70","hashSHA1":"0ec567c5eaf92d81c4e43472eb0a0d23e9e0d962","hashSHA256":"c47d86c2a94eeb58257c585cac8f5bfdc4a190b9646d66ee6faf04e6d88cd272","sourceIndex":"758","avBlockList":["360 Total Security (20240509)","Avast Premium Security (20240509)","AVG Internet Security (20240509)","Avira Internet Security (20240509)","Bitdefender Internet Security (20240509)","COMODO Antivirus (20240509)","Dr.Web Security Space (20240509)","ESET Internet Security (20240509)","G DATA INTERNET SECURITY (20240509)","K7 Total Security (20240509)","Kaspersky Internet Security (20240509)","Malwarebytes Premium (20240509)","McAfee Total Protection (20240509)","Norton Security (20240509)","Panda Dome (20240509)","Quick Heal Internet Security (20240509)","Sophos Home Premium (20240509)","SpyHunter5 (20240509)","Total AV Antivirus Pro (20240509)","Trend Micro Internet Security (20240509)","VIPRE Advanced Security (20240509)","VirIT eXplorer PRO (20240509)","Webroot SecureAnywhere (20240509)","Windows Defender (20240509)"],"avAllowList":[]},{"isRevoked":"False","fileName":"unir-pdf.exe","isInstaller":"True","companyName":"convertidor-de-pdf.com                                      ","fileVersion":"0.0","hashMD5":"d7bc7986785d5d2194506f615bbb2a72","hashSHA1":"ef16458e299030a8e4aa2a8b5833ab515bc7adcf","hashSHA256":"c84dafb3613ef44917484f341ba9143f2bbb0b4e622c8137bc24295dbc7e9082","sourceIndex":"758","avBlockList":["360 Total Security (20240509)","Avast Premium Security (20240509)","AVG Internet Security (20240509)","Avira Internet Security (20240509)","Bitdefender Internet Security (20240509)","COMODO Antivirus (20240509)","ESET Internet Security (20240509)","G DATA INTERNET SECURITY (20240509)","K7 Total Security (20240509)","Kaspersky Internet Security (20240509)","Malwarebytes Premium (20240509)","McAfee Total Protection (20240509)","Norton Security (20240509)","Panda Dome (20240509)","Quick Heal Internet Security (20240509)","Sophos Home Premium (20240509)","SpyHunter5 (20240509)","Total AV Antivirus Pro (20240509)","Trend Micro Internet Security (20240509)","VIPRE Advanced Security (20240509)","VirIT eXplorer PRO (20240509)","Webroot SecureAnywhere (20240509)","Windows Defender (20240509)"],"avAllowList":["Dr.Web Security Space (20240509)"]},{"isRevoked":"False","fileName":"convertir-pdf-a-texto.exe","isInstaller":"True","companyName":"convertidor-de-pdf.com                                      ","fileVersion":"0.0","hashMD5":"e5916d4ca9dfa0ea93683079bf75f6da","hashSHA1":"d7595893a55cadd81dc0921468b066c13121b2f8","hashSHA256":"b3d8d9852ecbbf0830ed87b87e25671fc4b1f40fb281104bfb0c6d1b6b38e767","sourceIndex":"758","avBlockList":["360 Total Security (20240509)","Avast Premium Security (20240509)","AVG Internet Security (20240509)","Avira Internet Security (20240509)","Bitdefender Internet Security (20240509)","ESET Internet Security (20240509)","G DATA INTERNET SECURITY (20240509)","K7 Total Security (20240509)","Kaspersky Internet Security (20240509)","McAfee Total Protection (20240509)","Norton Security (20240509)","Panda Dome (20240509)","Quick Heal Internet Security (20240509)","Sophos Home Premium (20240509)","SpyHunter5 (20240509)","Total AV Antivirus Pro (20240509)","VIPRE Advanced Security (20240509)","VirIT eXplorer PRO (20240509)","Webroot SecureAnywhere (20240509)","Windows Defender (20240509)"],"avAllowList":["COMODO Antivirus (20240509)","Dr.Web Security Space (20240509)","Malwarebytes Premium (20240509)","Trend Micro Internet Security (20240509)"]},{"isRevoked":"False","fileName":"convertidor-de-pdf-a-word.exe","isInstaller":"True","companyName":"convertidor-de-pdf.com                                      ","fileVersion":"0.0","hashMD5":"9f1f28d9f6c92fbee4fe56360e12808c","hashSHA1":"ca5377fd76a419f59c6cdad5755a3ccdd1089662","hashSHA256":"a59c2c5cf27b103278fddcb87316e321eaa067af8174a511d7ef63651b1cefca","sourceIndex":"758","avBlockList":["360 Total Security (20240509)","Avast Premium Security (20240509)","AVG Internet Security (20240509)","Avira Internet Security (20240509)","Bitdefender Internet Security (20240509)","COMODO Antivirus (20240509)","ESET Internet Security (20240509)","G DATA INTERNET SECURITY (20240509)","K7 Total Security (20240509)","Kaspersky Internet Security (20240509)","McAfee Total Protection (20240509)","Norton Security (20240509)","Panda Dome (20240509)","Quick Heal Internet Security (20240509)","Sophos Home Premium (20240509)","SpyHunter5 (20240509)","Total AV Antivirus Pro (20240509)","Trend Micro Internet Security (20240509)","VIPRE Advanced Security (20240509)","VirIT eXplorer PRO (20240509)","Webroot SecureAnywhere (20240509)","Windows Defender (20240509)"],"avAllowList":["Dr.Web Security Space (20240509)","Malwarebytes Premium (20240509)"]},{"isRevoked":"False","fileName":"convertidor-de-word-a-pdf.exe","isInstaller":"True","companyName":"convertidor-de-pdf.com                                      ","fileVersion":"0.0","hashMD5":"d166b24849a5737e65c610ad4c67af91","hashSHA1":"03db86faf031c185f12364a5a462d6ed6cd59942","hashSHA256":"dbad3a47b43bf691aeda9f5c15adf758f7c1cb0831956b1c06ecb256503be70d","sourceIndex":"758","avBlockList":["360 Total Security (20240516)","Avast Premium Security (20240516)","AVG Internet Security (20240516)","Avira Internet Security (20240516)","Bitdefender Internet Security (20240516)","COMODO Antivirus (20240516)","Dr.Web Security Space (20240516)","ESET Internet Security (20240516)","G DATA INTERNET SECURITY (20240516)","K7 Total Security (20240516)","Kaspersky Internet Security (20240516)","Malwarebytes Premium (20240516)","McAfee Total Protection (20240516)","Norton Security (20240516)","Panda Dome (20240516)","Quick Heal Internet Security (20240516)","Sophos Home Premium (20240516)","SpyHunter5 (20240516)","Total AV Antivirus Pro (20240516)","Trend Micro Internet Security (20240516)","VIPRE Advanced Security (20240516)","VirIT eXplorer PRO (20240516)","Webroot SecureAnywhere (20240516)","Windows Defender (20240516)"],"avAllowList":[]},{"isRevoked":"False","fileName":"convertir-imagen-a-pdf.exe","isInstaller":"True","companyName":"convertidor-de-pdf.com                                      ","fileVersion":"0.0","hashMD5":"1aa35a8e5adfcb46d72090cb3f030b95","hashSHA1":"a62701648d670e2efbd7d1da7afd9a1b25e6d2b7","hashSHA256":"7e6a7a5e48eb3660e4d4cc520510dd7bb3daad0320b88945bed8bf293d503e31","sourceIndex":"758","avBlockList":["360 Total Security (20240516)","Avast Premium Security (20240516)","AVG Internet Security (20240516)","Avira Internet Security (20240516)","Bitdefender Internet Security (20240516)","COMODO Antivirus (20240516)","Dr.Web Security Space (20240516)","ESET Internet Security (20240516)","G DATA INTERNET SECURITY (20240516)","K7 Total Security (20240516)","Kaspersky Internet Security (20240516)","McAfee Total Protection (20240516)","Norton Security (20240516)","Panda Dome (20240516)","Quick Heal Internet Security (20240516)","Sophos Home Premium (20240516)","SpyHunter5 (20240516)","Total AV Antivirus Pro (20240516)","Trend Micro Internet Security (20240516)","VIPRE Advanced Security (20240516)","VirIT eXplorer PRO (20240516)","Webroot SecureAnywhere (20240516)","Windows Defender (20240516)"],"avAllowList":["Malwarebytes Premium (20240516)"]},{"isRevoked":"False","fileName":"convertidor-de-pdf_1.exe","isInstaller":"True","companyName":"convertidor-de-pdf.com                                      ","fileVersion":"0.0","hashMD5":"5f26b91c76299babcc61ff665b6fc6ff","hashSHA1":"98a357116bf9d281a8f2669e4150bb083d2e55f3","hashSHA256":"c186e3779827ab80cf33a38e57ac14f3979ca238a19b3d104ce93d5b2efae595","sourceIndex":"758","avBlockList":["360 Total Security (20240516)","Avast Premium Security (20240516)","AVG Internet Security (20240516)","Avira Internet Security (20240516)","COMODO Antivirus (20240516)","Dr.Web Security Space (20240516)","ESET Internet Security (20240516)","G DATA INTERNET SECURITY (20240516)","K7 Total Security (20240516)","Kaspersky Internet Security (20240516)","Malwarebytes Premium (20240516)","McAfee Total Protection (20240516)","Norton Security (20240516)","Panda Dome (20240516)","Quick Heal Internet Security (20240516)","Sophos Home Premium (20240516)","SpyHunter5 (20240516)","Total AV Antivirus Pro (20240516)","VirIT eXplorer PRO (20240516)","Webroot SecureAnywhere (20240516)","Windows Defender (20240516)"],"avAllowList":["Bitdefender Internet Security (20240516)","Trend Micro Internet Security (20240516)","VIPRE Advanced Security (20240516)"]},{"isRevoked":"False","fileName":"convertidor-de-pdf-a-word_1.exe","isInstaller":"True","companyName":"convertidor-de-pdf.com                                      ","fileVersion":"0.0","hashMD5":"01956b664f16d75682646e1490e2f4ab","hashSHA1":"6be515e63f5439731af960e41490419ec6e9308f","hashSHA256":"07568a7702f0c8af6e5ce1012a2a251154f459259ab53f4ebcb40f40f7e896ce","sourceIndex":"758","avBlockList":["360 Total Security (20240521)","Avast Premium Security (20240521)","AVG Internet Security (20240521)","Avira Internet Security (20240521)","Bitdefender Internet Security (20240521)","COMODO Antivirus (20240521)","Dr.Web Security Space (20240521)","ESET Internet Security (20240521)","G DATA INTERNET SECURITY (20240521)","K7 Total Security (20240521)","Kaspersky Internet Security (20240521)","Malwarebytes Premium (20240521)","McAfee Total Protection (20240521)","Norton Security (20240521)","Panda Dome (20240521)","Quick Heal Internet Security (20240521)","Sophos Home Premium (20240521)","SpyHunter5 (20240521)","Total AV Antivirus Pro (20240521)","VIPRE Advanced Security (20240521)","VirIT eXplorer PRO (20240521)","Webroot SecureAnywhere (20240521)","Windows Defender (20240521)"],"avAllowList":["Trend Micro Internet Security (20240521)"]},{"isRevoked":"False","fileName":"convertidor-de-word-a-pdf_1.exe","isInstaller":"True","companyName":"convertidor-de-pdf.com                                      ","fileVersion":"0.0","hashMD5":"4253f324f46b4a231a9e14ea548216b1","hashSHA1":"7a363318f9fb6c74907391fb4edf78a174ba7eed","hashSHA256":"965c4641aab3234c6d712bc84e119519d93d5926c67beb66cf631687fb6ce093","sourceIndex":"758","avBlockList":["360 Total Security (20240521)","Avast Premium Security (20240521)","AVG Internet Security (20240521)","Avira Internet Security (20240521)","Bitdefender Internet Security (20240521)","COMODO Antivirus (20240521)","Dr.Web Security Space (20240521)","ESET Internet Security (20240521)","G DATA INTERNET SECURITY (20240521)","K7 Total Security (20240521)","Kaspersky Internet Security (20240521)","Malwarebytes Premium (20240521)","McAfee Total Protection (20240521)","Norton Security (20240521)","Panda Dome (20240521)","Quick Heal Internet Security (20240521)","Sophos Home Premium (20240521)","SpyHunter5 (20240521)","Total AV Antivirus Pro (20240521)","VIPRE Advanced Security (20240521)","VirIT eXplorer PRO (20240521)","Webroot SecureAnywhere (20240521)","Windows Defender (20240521)"],"avAllowList":["Trend Micro Internet Security (20240521)"]},{"isRevoked":"False","fileName":"convertir-imagen-a-pdf_1.exe","isInstaller":"True","companyName":"convertidor-de-pdf.com                                      ","fileVersion":"0.0","hashMD5":"9106f2d169828d69583d94589c682b7f","hashSHA1":"01e23c6c2800e857d1c08b93776cc8eee5c994a7","hashSHA256":"af3e8455c7d64618469bc354b78669b0cfa7c0a69c409d3f2c41b5b82e8e3ef4","sourceIndex":"758","avBlockList":["360 Total Security (20240521)","Avast Premium Security (20240521)","AVG Internet Security (20240521)","Avira Internet Security (20240521)","Bitdefender Internet Security (20240521)","COMODO Antivirus (20240521)","Dr.Web Security Space (20240521)","ESET Internet Security (20240521)","G DATA INTERNET SECURITY (20240521)","Kaspersky Internet Security (20240521)","Malwarebytes Premium (20240521)","McAfee Total Protection (20240521)","Norton Security (20240521)","Panda Dome (20240521)","Sophos Home Premium (20240521)","SpyHunter5 (20240521)","Total AV Antivirus Pro (20240521)","VIPRE Advanced Security (20240521)","VirIT eXplorer PRO (20240521)","Webroot SecureAnywhere (20240521)","Windows Defender (20240521)"],"avAllowList":["K7 Total Security (20240521)","Quick Heal Internet Security (20240521)","Trend Micro Internet Security (20240521)"]},{"isRevoked":"False","fileName":"convertir-pdf-a-jpg_1.exe","isInstaller":"True","companyName":"convertidor-de-pdf.com                                      ","fileVersion":"0.0","hashMD5":"7e39ec3a9bdaca284155f7a3b490b74a","hashSHA1":"40109075458fa369ad3b06f6f7b9caeac303aa85","hashSHA256":"5373b3c26a0c2479985731155edaf93b2bf69bf91daf4d33500e55bcf1cc03d3","sourceIndex":"758","avBlockList":["360 Total Security (20240521)","Avast Premium Security (20240521)","AVG Internet Security (20240521)","Avira Internet Security (20240521)","Bitdefender Internet Security (20240521)","COMODO Antivirus (20240521)","Dr.Web Security Space (20240521)","ESET Internet Security (20240521)","G DATA INTERNET SECURITY (20240521)","K7 Total Security (20240521)","Kaspersky Internet Security (20240521)","McAfee Total Protection (20240521)","Norton Security (20240521)","Panda Dome (20240521)","Sophos Home Premium (20240521)","SpyHunter5 (20240521)","Total AV Antivirus Pro (20240521)","VirIT eXplorer PRO (20240521)","Webroot SecureAnywhere (20240521)","Windows Defender (20240521)"],"avAllowList":["Malwarebytes Premium (20240521)","Quick Heal Internet Security (20240521)","Trend Micro Internet Security (20240521)","VIPRE Advanced Security (20240521)"]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"","landingPage":"http://www.convertidor-de-pdf.com/downloads.html","directDownloadingLink":"http://www.convertidor-de-pdf.com/download/convertir-imagen-a-pdf.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://www.convertidor-de-pdf.com/download/convertir-imagen-a-pdf.exe","sourceIndex":"758"}],"sampleFiles":["240122/convertidordepdfcomBundle-231016/3.35/Samples/lector-de-pdf.exe","240122/convertidordepdfcomBundle-231016/3.35/Samples/unir-pdf.exe","240122/convertidordepdfcomBundle-231016/3.35/Samples/convertir-pdf-a-texto.exe","240122/convertidordepdfcomBundle-231016/3.35/Samples/convertidor-de-pdf-a-word.exe","240122/convertidordepdfcomBundle-231016/3.35/Samples/convertidor-de-word-a-pdf.exe","240122/convertidordepdfcomBundle-231016/3.35/Samples/convertir-imagen-a-pdf.exe","240122/convertidordepdfcomBundle-231016/3.35/Samples/convertidor-de-pdf_1.exe","240122/convertidordepdfcomBundle-231016/3.35/Samples/convertidor-de-pdf-a-word_1.exe","240122/convertidordepdfcomBundle-231016/3.35/Samples/convertidor-de-word-a-pdf_1.exe","240122/convertidordepdfcomBundle-231016/3.35/Samples/convertir-imagen-a-pdf_1.exe","240122/convertidordepdfcomBundle-231016/3.35/Samples/convertir-pdf-a-jpg_1.exe"],"imageFiles":["240122/convertidordepdfcomBundle-231016/3.35/Images/ACR-109/ACR-109_Install_1.png","240122/convertidordepdfcomBundle-231016/3.35/Images/ACR-010/ACR-010_Install_1.png","240122/convertidordepdfcomBundle-231016/3.35/Images/ACR-013/ACR-013_Install_1.png","240122/convertidordepdfcomBundle-231016/3.35/Images/ACR-118/ACR-118_Uninstall_1.png","240122/convertidordepdfcomBundle-231016/3.35/Images/ACR-057/ACR-057_Bundler-made offers_1.png","240122/convertidordepdfcomBundle-231016/3.35/Images/ACR-059/ACR-059_Bundler-made offers_1.png","240122/convertidordepdfcomBundle-231016/3.35/Images/ACR-060/ACR-060_Bundler-made offers_1.png","240122/convertidordepdfcomBundle-231016/3.35/Images/ACR-071/ACR-071_Bundler-made offers_1.png","240122/convertidordepdfcomBundle-231016/3.35/Images/ACR-155/ACR-155_Bundler-made offers_1.png"],"nonDeceptorImageFiles":["240122/convertidordepdfcomBundle-231016/3.35/Images/ACR-106/ACR-106_Software_1.png","240122/convertidordepdfcomBundle-231016/3.35/Images/ACR-092/ACR-092_Software_1.png","240122/convertidordepdfcomBundle-231016/3.35/Images/ACR-123/ACR-123_Uninstall_1.png"],"guid":"fc6c4e78-ca40-43b3-a3a6-d0c13e04afb7_3.35_1","appID":"convertidordepdfcomBundle-231016","dateAdded":"240122","deceptorType":"Bundler","name":"convertidor-de-pdf.com Bundle","company":"convertidor-de-pdf.com","version":"3.35","lastKnownStatus":"3.35","lastKnownDate":"240122","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"display ads","lastUpdate":"2024-01-22T17:34:20.9382025+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":771},{"violations":{"ACR-048":"1. The app enables the consumer to hide the app from the system tray, which limits the targeted consumer's ability to close the app and does not list its own app to uninstall in programs and features\n2. The app does not provide any control to disable the startup it created.\n","ACR-007":"The app does not provide explicit notification when it is running. It also requires a hotkey and password to open it. These prevent the targeted consumer from being notified or giving informed consent.\n","ACR-084":"1. On quitting the app, the process runs silently in the background, hiding the fact that it is active from the consumer. \n2. The app enables the installing consumer to hide the app from the targeted consumer: it prevents the app from showing in the system tray, control panel, and is saved in a hidden folder. The app uses a hotkey and password to hide its presence\n3. The app creates a startup to perform an action without the user's knowledge and consent\n","ACR-086":"The app does not inform the consumer how it transfers data. It also requires a hotkey and password to open it, which prevents the targeted consumer from understanding what data is collected and transmitted.\n","ACR-116":"The app enables the consumer to hide it from the installed apps list.\n"},"nonDeceptorViolations":{"ACR-040":"The app installs itself in a hidden folder \"Program Data\".\n","ACR-065":"The app's install wizard does not contain a link to its Privacy Policy. \nThe app does not provide links to the app's EULA & Privacy Policy.\n","ACR-092":"The installer and other executables are not digitally signed\n"},"samples":[{"isRevoked":"False","fileName":"C:\\ProgramData\\HeavenWard\\BestKey\\bestkey.exe","companyName":"HeavenWard","productName":"Best Keylogger for Parents","productVersion":"3.12.6.6","fileVersion":"3.12.6.6","hashMD5":"2bcc08adb8b28b83f9d38c4e813fe6fa","hashSHA1":"c27daad45fa2e0e8ab9a0f0f1fe8e8529b99a06c","hashSHA256":"90d9461cb4d3f48eaa3c6ccec2eba1253b9065e2f243f050b812a0cf772aa904","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"817","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"BKPackage.exe","isInstaller":"True","companyName":"HeavenWard","productName":"Best Keylogger for Parents","productVersion":"","fileVersion":"3.12.6.6","hashMD5":"9f922df009aa09e40c3c9023e907bdc3","hashSHA1":"264f6725c9ea4e36fe9400f8032b76dc95968d26","hashSHA256":"a3db00a1f564c044d016f22b2458afd82a2a3d199c17ba6c5c6057f89eb9584d","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"817","avBlockList":["360 Total Security (20240206)","Avast Premium Security (20240206)","AVG Internet Security (20240206)","Avira Internet Security (20240206)","Bitdefender Internet Security (20240206)","COMODO Antivirus (20240206)","ESET Internet Security (20240206)","G DATA INTERNET SECURITY (20240206)","K7 Total Security (20240206)","Kaspersky Internet Security (20240206)","Malwarebytes Premium (20240206)","McAfee Total Protection (20240206)","Norton Security (20240206)","Panda Dome (20240206)","Quick Heal Internet Security (20240206)","Sophos Home Premium (20240206)","SpyHunter5 (20240206)","Total AV Antivirus Pro (20240206)","VIPRE Advanced Security (20240206)","VirIT eXplorer PRO (20240206)","Webroot SecureAnywhere (20240206)","Windows Defender (20240206)"],"avAllowList":["Dr.Web Security Space (20240206)","Trend Micro Internet Security (20240206)"]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"https://www.hwsuite.com/compare-best-keyloggers-for-windows-8.php","landingPage":"https://www.hwsuite.com/download-the-powerful-little-keylogger-for-windows-8.php","directDownloadingLink":"https://hwsuite-2021.online/BKPackage.exe?token=1640612926_d309eb4f01b9574997cf37aa03da3f2a83278fbe&fileName=BKPackage.exe ","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://hwsuite-2021.online/BKPackage.exe?token=1640612926_d309eb4f01b9574997cf37aa03da3f2a83278fbe&fileName=BKPackage.exe ","sourceIndex":"817"}],"sampleFiles":["231109/BestKey-211228/3.12.6.6/Samples/BKPackage.exe"],"imageFiles":["231109/BestKey-211228/3.12.6.6/Images/ACR-084/ACR-084_Software_1.png","231109/BestKey-211228/3.12.6.6/Images/ACR-084/ACR-084_Software_2.png","231109/BestKey-211228/3.12.6.6/Images/ACR-084/ACR-084_Software_3.png","231109/BestKey-211228/3.12.6.6/Images/ACR-084/ACR-084_Software_4.png","231109/BestKey-211228/3.12.6.6/Images/ACR-084/ACR-084_Software_5.png","231109/BestKey-211228/3.12.6.6/Images/ACR-084/ACR-084_Software_6.png","231109/BestKey-211228/3.12.6.6/Images/ACR-084/ACR-084_Software_7.png","231109/BestKey-211228/3.12.6.6/Images/ACR-086/ACR-086_Software_1.png","231109/BestKey-211228/3.12.6.6/Images/ACR-086/ACR-086_Software_2.png","231109/BestKey-211228/3.12.6.6/Images/ACR-086/ACR-086_Software_3.png","231109/BestKey-211228/3.12.6.6/Images/ACR-048/ACR-048_Software_1.png","231109/BestKey-211228/3.12.6.6/Images/ACR-048/ACR-048_Software_2.png","231109/BestKey-211228/3.12.6.6/Images/ACR-048/ACR-048_Software_3.png","231109/BestKey-211228/3.12.6.6/Images/ACR-048/ACR-048_Software_4.png","231109/BestKey-211228/3.12.6.6/Images/ACR-048/ACR-048_Software_5.png","231109/BestKey-211228/3.12.6.6/Images/ACR-007/ACR-007_Software_1.png","231109/BestKey-211228/3.12.6.6/Images/ACR-007/ACR-007_Software_2.png","231109/BestKey-211228/3.12.6.6/Images/ACR-007/ACR-007_Software_3.png","231109/BestKey-211228/3.12.6.6/Images/ACR-007/ACR-007_Software_4.png","231109/BestKey-211228/3.12.6.6/Images/ACR-116/ACR-116_Uninstall_1.png"],"nonDeceptorImageFiles":["231109/BestKey-211228/3.12.6.6/Images/ACR-040/ACR-040_Install_1.png","231109/BestKey-211228/3.12.6.6/Images/ACR-065/ACR-065_Install_1.png","231109/BestKey-211228/3.12.6.6/Images/ACR-092/ACR-092_Software_1.png","231109/BestKey-211228/3.12.6.6/Images/ACR-092/ACR-092_Software_2.png","231109/BestKey-211228/3.12.6.6/Images/ACR-065/ACR-065_Software_1.png"],"guid":"037ddee1-c71d-49ab-a54d-53d6af3e48b8_3.12.6.6_1","appID":"BestKey-211228","dateAdded":"240122","deceptorType":"App","name":"BestKey","company":"HeavenWard","version":"3.12.6.6","lastKnownStatus":"3.12.3.1;3.12.5.0;3.12.6.6;3.12.6.7","lastKnownDate":"240122","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,paid","lastUpdate":"2026-05-12T22:59:59.319983+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":4,"sortOrder":773},{"violations":{"ACR-004":"App does not provide free fixes for the scan results that can't be permanently fixed. It uses issues identified during free scan to upsell user the fix, requiring user to purchase subscription service to fix all results identified during free scan.\n"},"nonDeceptorViolations":{"ACR-065":"The app's about page does not contain links to the EULA, Terms of Service, Returns and Cancellation Policy, or Privacy Policy\nThe app's install page does not contain links to the EULA, Terms of Service, Returns and Cancellations Policy, Privacy Policy.\nThe app's landing page does not contain link to  Returns and Cancellation Policy.\n","ACR-099":"The app's about page does not contain link to uninstall information.\nThe landing page does not contain link to uninstall information.\nThe internal offers page does not contain link to uninstall information.\n"},"samples":[{"isRevoked":"False","fileName":"MacClean","fileVersion":"0.","hashMD5":"eee3f91c07556011241c3eb70287ec73","hashSHA1":"b98c94f25d653414e4a01f1123ff627c3221b156","hashSHA256":"fe5f217c45c15aa2c59b270e545201b92181b294d519f3ba14522fbc675f4d97","sourceIndex":"760","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"macclean-en-mac.dmg","isInstaller":"True","fileVersion":"0.","hashMD5":"c5690007c6aacae502f9048e310ba242","hashSHA1":"6d1f2039c0c4f5ef90fc474477ed3837b424e6df","hashSHA256":"b265cfca98a03fe196b63733ad4331f396365839ee8f0a451e6b273f21af188b","sourceIndex":"760","avBlockList":["Avast Security for Mac (20241010)","Avira Security for Mac (20241010)","Bitdefender Antivirus for Mac (20241010)","ESET Cyber Security Pro for Mac (20241010)","Norton Security for Mac (20241010)","Sophos Home Premium For Mac (20241010)","SpyHunterforMac (20241010)","Trend Micro Antivirus for Mac (20241010)"],"avAllowList":["G DATA AntiVirus for Mac (20241010)","K7 Antivirus for Mac (20241010)","Kaspersky Internet Security for Mac (20241010)","McAfee Internet Security for Mac (20241010)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Submission","reference":"Hazel","landingPage":"https://www.imobie.com/macclean/","directDownloadingLink":"https://www.imobie.com/go/download.php?product=mc&link=installer","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.imobie.com/go/download.php?product=mc&link=installer","sourceIndex":"760"}],"sampleFiles":["240111/MacClean-190501/3.6.2/Samples/MacClean","240111/MacClean-190501/3.6.2/Samples/macclean-en-mac.dmg"],"imageFiles":["240111/MacClean-190501/3.6.2/Images/ACR-004/004_1.png","240111/MacClean-190501/3.6.2/Images/ACR-004/004_2.png","240111/MacClean-190501/3.6.2/Images/ACR-004/004_3.png","240111/MacClean-190501/3.6.2/Images/ACR-004/004_4.png","240111/MacClean-190501/3.6.2/Images/ACR-004/004_5.png","240111/MacClean-190501/3.6.2/Images/ACR-004/004_6.png","240111/MacClean-190501/3.6.2/Images/ACR-004/ACR-004_Software_1.png"],"nonDeceptorImageFiles":["240111/MacClean-190501/3.6.2/Images/ACR-065/about .png","240111/MacClean-190501/3.6.2/Images/ACR-065/install.png","240111/MacClean-190501/3.6.2/Images/ACR-065/LandingPage 2.png","240111/MacClean-190501/3.6.2/Images/ACR-065/LandingPage 1.png","240111/MacClean-190501/3.6.2/Images/ACR-099/about .png","240111/MacClean-190501/3.6.2/Images/ACR-099/LandingPage 2.png","240111/MacClean-190501/3.6.2/Images/ACR-099/LandingPage 1.png","240111/MacClean-190501/3.6.2/Images/ACR-099/offer 4.png","240111/MacClean-190501/3.6.2/Images/ACR-099/offerpage.png"],"guid":"61010b83-0016-4e94-80ce-880e15f464a4_3.6.2_1","appID":"MacClean-190501","dateAdded":"240111","deceptorType":"MacOS App","name":"MacClean","company":"iMobile Inc.","version":"3.6.2","lastKnownStatus":"Deceptor:3.4.1, 3.5.0,3.6.0;3.6.2","lastKnownDate":"240111","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2026-05-12T22:59:58.131343+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":4,"sortOrder":776},{"violations":{"ACR-004":"The app does not provide free fixes for free scan results where the fix is not permanent and asks for subscription payment. The subscription service offered is hard to verify by consumer. \n"},"nonDeceptorViolations":{"ACR-065":"The app's about page does not contain links to the EULA, Terms of Service, Returns and Cancellation Policy, or Privacy Policy\nThe app's install page does not contain links to the EULA, Terms of Service, Returns and Cancellations Policy, Privacy Policy.\nThe app's landing page does not contain links to the EULA, and Returns and Cancellation Policy.\n","ACR-099":"The app's about page does not contain links to uninstall information.\nThe landing page does not contain links to uninstall information.\nThe internal offers page does not contain links to uninstall information.\n"},"samples":[{"isRevoked":"False","fileName":"macclean-en-mac.dmg","isInstaller":"True","fileVersion":"0.","hashMD5":"4dc65f7e0b4133ec257a613ff648922b","hashSHA1":"ed0ed49badadc73dadad7a9a7bf89ac0ccdbfc24","hashSHA256":"34ac5e7334da3494b9fcfcd2e13cf9dd247024c716b080db64f37a897252a28a","sourceIndex":"1402","avBlockList":["Avast Security for Mac (20210413)","Avira Security for Mac (20210413)","Bitdefender Antivirus for Mac (20210413)","ESET Cyber Security Pro for Mac (20210413)","G DATA AntiVirus for Mac (20210413)","K7 Antivirus for Mac (20210413)","McAfee Internet Security for Mac (20210413)","Norton Security for Mac (20210413)","Sophos Home Premium For Mac (20210413)","Trend Micro Antivirus for Mac (20210413)"],"avAllowList":["Kaspersky Internet Security for Mac (20210413)"]},{"isRevoked":"False","fileName":"MacClean","fileVersion":"0.","hashMD5":"c31d9f0db506ca489db1426a4263b8f1","hashSHA1":"8e1cde4cf27756c24ebc73725e69db9e1da25aab","hashSHA256":"342112118af10f84ab8b4c97e11a362ec397908557a7d1f4beaa42129216cc3c","sourceIndex":"1402","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"macclean-en-mac [2].dmg","isInstaller":"True","fileVersion":"0.","hashMD5":"1d38982f342791150559287ecc4e43df","hashSHA1":"daa2e4bb89f683ace20b6a7519cc9d9c429f8bfa","hashSHA256":"ba88055972a8c01bf31aa9748b34ebc8ea54b90775ae29103c2455dbb320fcc6","sourceIndex":"1402","avBlockList":["Avast Security for Mac (20210511)","Avira Security for Mac (20210511)","Bitdefender Antivirus for Mac (20210511)","ESET Cyber Security Pro for Mac (20210511)","G DATA AntiVirus for Mac (20210511)","K7 Antivirus for Mac (20210511)","Norton Security for Mac (20210511)","Sophos Home Premium For Mac (20210511)","Trend Micro Antivirus for Mac (20210511)"],"avAllowList":["Kaspersky Internet Security for Mac (20210511)","McAfee Internet Security for Mac (20210511)"]},{"isRevoked":"False","fileName":"MacClean [2]","fileVersion":"0.","hashMD5":"839e62e5ec9b187ea89d96b1861c71b2","hashSHA1":"c76d80b08f4636695b8ba9c18915b5c8f2579dce","hashSHA256":"e7f06c167d7f01165f2132e3dfdcf5a72be0ea5fef1e2d7c0c83850273ce0098","sourceIndex":"1402","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Submission","reference":"Hazel","landingPage":"https://www.imobie.com/macclean/","directDownloadingLink":"https://www.imobie.com/go/download.php?product=mc&link=installer","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.imobie.com/go/download.php?product=mc&link=installer","sourceIndex":"1402"}],"sampleFiles":["220927/MacClean-190501/3.6.0/Samples/macclean-en-mac.dmg","220927/MacClean-190501/3.6.0/Samples/MacClean","220927/MacClean-190501/3.6.0/Samples/macclean-en-mac [2].dmg","220927/MacClean-190501/3.6.0/Samples/MacClean [2]"],"imageFiles":["220927/MacClean-190501/3.6.0/Images/ACR-004/MacClean ACR-004.gif"],"nonDeceptorImageFiles":["220927/MacClean-190501/3.6.0/Images/ACR-065/MacClean About Page.png","220927/MacClean-190501/3.6.0/Images/ACR-065/Screen Shot 2020-01-29 at 4.20.53 PM.png","220927/MacClean-190501/3.6.0/Images/ACR-065/Screen Shot 2020-01-29 at 4.28.47 PM.png","220927/MacClean-190501/3.6.0/Images/ACR-099/MacClean About Page.png","220927/MacClean-190501/3.6.0/Images/ACR-099/Screen Shot 2020-01-29 at 4.28.47 PM.png","220927/MacClean-190501/3.6.0/Images/ACR-099/Screen Shot 2020-01-29 at 4.31.23 PM.png"],"guid":"61010b83-0016-4e94-80ce-880e15f464a4_3.6.0_1","appID":"MacClean-190501","dateAdded":"240111","deceptorType":"MacOS App","name":"MacClean","company":"iMobile Inc.","version":"3.6.0","sigName":"Deceptor:MacOS/MacClean!004","lastKnownStatus":"Deceptor:3.4.1, 3.5.0,3.6.0;3.6.2","lastKnownDate":"240111","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2024-01-11T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":4,"sortOrder":777},{"violations":{"ACR-004":"App does not provide free fixes for all free scan results that the fix is not permanent and asks for subscription payment. The subscription service offered is hard to verify by consumer. \n"},"nonDeceptorViolations":{"ACR-065":"The app does not show links to the EULA, Terms of Service, Returns and Cancellation Policy, or Privacy Policy\nInstall does not have links to the EULA, the Returns and Cancellation Policy, or the Privacy Policy.\nLanding Page does not have links to the Returns and Cancellation Policy and EULA\n","ACR-099":"The app does not show links to uninstall information.\nThe landing page does not show links to uninstall information.\nThe internal offers page does not show links to uninstall information.\n"},"samples":[{"isRevoked":"False","fileName":"MacClean","fileVersion":"0.","hashMD5":"864c8b7dd74e2eb7619bfb98b6bdb63d","hashSHA1":"bfc5cf49edc2b766c8e22109560097ef1a1b48c5","hashSHA256":"a00232c5390448821d8ee45c16e493976d2009430f72c798bfcbf9e12db3e07d","sourceIndex":"2899","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"MacClean Installer","isInstaller":"True","fileVersion":"0.","hashMD5":"8fd3d7adc320f3f2f558a1bbd3058a6c","hashSHA1":"1f609526ab4ea6956bdaf6516b0f78932548b1cb","hashSHA256":"7d2e28a8aa919c2f2147740e17caedc94e7c0366faa8b5addffb98c9ea1b947d","sourceIndex":"2899","avBlockList":["Avast Security for Mac (20230214)","Avira Security for Mac (20230214)","Bitdefender Antivirus for Mac (20230214)","ESET Cyber Security Pro for Mac (20230214)","G DATA AntiVirus for Mac (20230214)","K7 Antivirus for Mac (20230214)","McAfee Internet Security for Mac (20230214)","Norton Security for Mac (20230214)","Sophos Home Premium For Mac (20230214)","Trend Micro Antivirus for Mac (20230214)"],"avAllowList":["Kaspersky Internet Security for Mac (20230214)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Submission","reference":"Hazel","landingPage":"https://www.imobie.com/macclean/","directDownloadingLink":"https://www.imobie.com/go/download.php?product=mc&link=installer","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.imobie.com/go/download.php?product=mc&link=installer","sourceIndex":"2899"}],"sampleFiles":["190813/MacClean-190501/3.5.0/Samples/MacClean","190813/MacClean-190501/3.5.0/Samples/MacClean Installer"],"imageFiles":["190813/MacClean-190501/3.5.0/Images/ACR-004/MacClean 3 Video (1).gif"],"nonDeceptorImageFiles":["190813/MacClean-190501/3.5.0/Images/ACR-065/Screen Shot 2019-08-09 at 1.07.24 PM.png","190813/MacClean-190501/3.5.0/Images/ACR-065/Screen Shot 2019-08-09 at 1.06.08 PM.png","190813/MacClean-190501/3.5.0/Images/ACR-065/Screen Shot 2019-08-09 at 1.08.29 PM.png","190813/MacClean-190501/3.5.0/Images/ACR-099/Screen Shot 2019-08-09 at 1.07.24 PM.png","190813/MacClean-190501/3.5.0/Images/ACR-099/Screen Shot 2019-08-09 at 1.08.29 PM.png","190813/MacClean-190501/3.5.0/Images/ACR-099/Screen Shot 2019-08-09 at 1.15.21 PM.png"],"guid":"61010b83-0016-4e94-80ce-880e15f464a4_3.5.0_1","appID":"MacClean-190501","dateAdded":"240111","deceptorType":"MacOS App","name":"MacClean","company":"iMobile Inc.","version":"3.5.0","sigName":"Deceptor:MacOS/MacClean!004","lastKnownStatus":"Deceptor:3.4.1, 3.5.0,3.6.0;3.6.2","lastKnownDate":"240111","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2024-01-11T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":4,"sortOrder":778},{"violations":{"ACR-004":"The app does not provide free fixes for free scans.\n"},"nonDeceptorViolations":{"ACR-065":"The app does not show links to the EULA, the Returns and Cancellation Policy, or the Privacy Policy.\nInstall does not have links to the EULA, the Returns and Cancellation Policy, or the Privacy Policy.\nLanding Page does not have links to the Returns and Cancellation Policy.\n","ACR-099":"The app does not show links to uninstall information.\nThe landing page does not show links to uninstall information.\nThe internal offers page does not show links to uninstall information.\n"},"samples":[{"isRevoked":"False","fileName":"MacClean","fileVersion":"0.","hashMD5":"","hashSHA1":"","hashSHA256":"50dcd1e4c8e1567260c22465e7a8c9b7ed2d86f6f997ffd9cafa0a5f230ffa61","sourceIndex":"3084","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"macclean-en-mac.dmg","isInstaller":"True","fileVersion":"0.","hashMD5":"","hashSHA1":"","hashSHA256":"9c35eb5ce75aafc25ee1ff940b887ef866474a71fde0829eb004328ed13380b6","sourceIndex":"3084","avBlockList":["Avast Security for Mac (20230112)","Avira Security for Mac (20230112)","Bitdefender Antivirus for Mac (20230112)","ESET Cyber Security Pro for Mac (20230112)","G DATA AntiVirus for Mac (20230112)","K7 Antivirus for Mac (20230112)","Kaspersky Internet Security for Mac (20230112)","McAfee Internet Security for Mac (20230112)","Norton Security for Mac (20230112)","Sophos Home Premium For Mac (20230112)","Trend Micro Antivirus for Mac (20230112)"],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Submission","reference":"Hazel","landingPage":"https://www.imobie.com/macclean/","directDownloadingLink":"https://www.imobie.com/go/download.php?product=mc&link=installer","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"","sourceIndex":"3084"}],"sampleFiles":["190501/MacClean-190501/3.4.1/Samples/MacClean","190501/MacClean-190501/3.4.1/Samples/macclean-en-mac.dmg"],"imageFiles":["190501/MacClean-190501/3.4.1/Images/ACR-004/MacClean Activation.png","190501/MacClean-190501/3.4.1/Images/ACR-004/MacClean Scan Results.png","190501/MacClean-190501/3.4.1/Images/ACR-004/MacClean Internal Offers.png","190501/MacClean-190501/3.4.1/Images/ACR-004/MacClean ACR-004.gif"],"nonDeceptorImageFiles":["190501/MacClean-190501/3.4.1/Images/ACR-065/MacClean About Page.png","190501/MacClean-190501/3.4.1/Images/ACR-065/MacClean Install 1.png","190501/MacClean-190501/3.4.1/Images/ACR-065/MacClean Install 2.png","190501/MacClean-190501/3.4.1/Images/ACR-065/MacClean Bottom of Landing Page.png","190501/MacClean-190501/3.4.1/Images/ACR-099/MacClean About Page.png","190501/MacClean-190501/3.4.1/Images/ACR-099/MacClean Bottom of Landing Page.png","190501/MacClean-190501/3.4.1/Images/ACR-099/MacClean Internal Offers.png"],"guid":"61010b83-0016-4e94-80ce-880e15f464a4_3.4.1_1","appID":"MacClean-190501","dateAdded":"240111","deceptorType":"MacOS App","name":"MacClean","company":"iMobile Inc.","version":"3.4.1","sigName":"Deceptor:MacOS/MacClean!004","lastKnownStatus":"Deceptor:3.4.1, 3.5.0,3.6.0;3.6.2","lastKnownDate":"240111","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2024-01-11T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":4,"sortOrder":779},{"violations":{"ACR-006":"Search queries result in redirects to undisclosed search engine fonline-search.com before landing to Bing --a functionality associated with browser-hijacking software. Also the monetization approach by search using Bing is not clearly attributed in the software. \n","ACR-084":"The app does not provide a way to completely quit the app.  It continuously run in the background without notification.\n","ACR-103":"While trying to do profile sign-in, the button \"Sign in\" has no action. No function is performed on clicking the \"Sign in\" button. \n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"artificius.exe","companyName":"Dragon Boss Solutions LLC","fileVersion":"113.0","hashMD5":"4402386ff098dede3570eca38bcdb1ab","hashSHA1":"34ecb2299584fec16337cd4c80d05ffe1454731d","hashSHA256":"7da677e643d8a8ddf87fcd626eb7c703cde205f7762989e31ecf95009d9b371a","sourceIndex":"761","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"Setup_x64.exe","isInstaller":"True","companyName":"Dragon Boss Solutions LLC                                   ","fileVersion":"0.0","hashMD5":"2380e3348de1795786c5fedb77922f5f","hashSHA1":"4a6c5a07ffcd0819788a8e2a2d36595e86dcf00c","hashSHA256":"890015ce517b09e1323a869a54eb22f0c07ba79369955d5648b4603952e8414a","digitalCertThumbprint":"657B6E3D8A50E6A9618231230664F9FF3300C6F4","digitalCertIssuer":"CN=GlobalSign GCC R45 CodeSigning CA 2020, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"E=admin@dragonboss.com, CN=Dragon Boss Solutions LLC, O=Dragon Boss Solutions LLC, L=Sharjah, S=Sharjah, C=AE","sourceIndex":"761","avBlockList":["360 Total Security (20240521)","Avast Premium Security (20240521)","AVG Internet Security (20240521)","Avira Internet Security (20240521)","Bitdefender Internet Security (20240521)","COMODO Antivirus (20240521)","ESET Internet Security (20240521)","G DATA INTERNET SECURITY (20240521)","K7 Total Security (20240521)","Kaspersky Internet Security (20240521)","Malwarebytes Premium (20240521)","McAfee Total Protection (20240521)","Norton Security (20240521)","Panda Dome (20240521)","Quick Heal Internet Security (20240521)","Sophos Home Premium (20240521)","SpyHunter5 (20240521)","Total AV Antivirus Pro (20240521)","Trend Micro Internet Security (20240521)","VIPRE Advanced Security (20240521)","VirIT eXplorer PRO (20240521)","Webroot SecureAnywhere (20240521)","Windows Defender (20240521)"],"avAllowList":["Dr.Web Security Space (20240521)"]}],"additionalFiles":[],"sources":[{"howFound":"random search","reference":"","landingPage":"https://www.artificius.com/","directDownloadingLink":"https://www.artificius.com/download/public/Setup_x64.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.artificius.com/download/public/Setup_x64.exe","sourceIndex":"761"}],"sampleFiles":["240110/Artificius-240110/113.0.5616.0/Samples/artificius.exe","240110/Artificius-240110/113.0.5616.0/Samples/Setup_x64.exe"],"imageFiles":["240110/Artificius-240110/113.0.5616.0/Images/ACR-084/ACR-084_Software_1.png","240110/Artificius-240110/113.0.5616.0/Images/ACR-103/ACR-103_Software_1.png","240110/Artificius-240110/113.0.5616.0/Images/ACR-006/bing_redirection.gif","240110/Artificius-240110/113.0.5616.0/Images/ACR-006/ACR-006_Software_1.png","240110/Artificius-240110/113.0.5616.0/Images/ACR-006/ACR-006_Software_2.png","240110/Artificius-240110/113.0.5616.0/Images/ACR-006/RedirectTraffic.JPG"],"nonDeceptorImageFiles":[],"guid":"5c0faaba-a6e4-4356-9917-1a1d9885f1ef_113.0.5616.0_1","appID":"Artificius-240110","dateAdded":"240110","deceptorType":"App","name":"Artificius","company":"Dragon Boss Solutions LLC","version":"113.0.5616.0","lastKnownStatus":"113.0.5616.0","lastKnownDate":"240110","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"search","lastUpdate":"2024-01-10T21:39:11.6389363+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":780},{"violations":{"ACR-109":"The app drops Yandex components under a hidden folder without user agreeing to install.\n","ACR-042":"Unrelated Yandex components get dropped in a hidden folder before user permission through explicit user's action.\n","ACR-048":"The app does not provide clear control to decline the recommended offer.\nThe close(X) performs minimizing the app to system tray without any notification, which limits the targeted consumer's ability to control the app. \n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software.\n","ACR-057":"The app needs to provide a clear way to accept and decline optional offers.\n","ACR-059":"The Offer is not clearly marked as an offer. It is unclear who is recommending the offer.\n","ACR-155":"Offers is designed to look like part of the install workflow.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"SkrinshoterSetup_v3.11.4.29.exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"a994b13958168bac706ad9256b54949c","hashSHA1":"70a4433d16fb203b97c346c39b3ad24e4ac9776e","hashSHA256":"fbea216bf0bc1bd1af5cdb657f020eb42ffca3eccb9b934fc8ed0a84dcb98ff3","digitalCertThumbprint":"A86FAFC2245A773E5AAE108D1849203FB5669226","digitalCertIssuer":"CN=GlobalSign GCC R45 CodeSigning CA 2020, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"E=info@dinohost.ru, CN=OOO Online Center, O=OOO Online Center, L=Yaroslavl, S=Yaroslavskaya oblast, C=RU","sourceIndex":"774","avBlockList":["Avast Premium Security (20240521)","AVG Internet Security (20240521)","Avira Internet Security (20240521)","Bitdefender Internet Security (20240521)","ESET Internet Security (20240521)","G DATA INTERNET SECURITY (20240521)","K7 Total Security (20240521)","Kaspersky Internet Security (20240521)","Malwarebytes Premium (20240521)","McAfee Total Protection (20240521)","Norton Security (20240521)","Panda Dome (20240521)","Quick Heal Internet Security (20240521)","Sophos Home Premium (20240521)","SpyHunter5 (20240521)","Total AV Antivirus Pro (20240521)","Trend Micro Internet Security (20240521)","VIPRE Advanced Security (20240521)","VirIT eXplorer PRO (20240521)","Webroot SecureAnywhere (20240521)","Windows Defender (20240521)"],"avAllowList":["360 Total Security (20240521)","COMODO Antivirus (20240521)","Dr.Web Security Space (20240521)"]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"","landingPage":"https://skrinshoter.ru/","directDownloadingLink":"https://cdn.skrinshoter.ru/SkrinshoterSetup_v3.11.4.29.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://cdn.skrinshoter.ru/SkrinshoterSetup_v3.11.4.29.exe","sourceIndex":"774"}],"sampleFiles":["240104/Skrinshoter-240104/3.11.4.29/Samples/SkrinshoterSetup_v3.11.4.29.exe"],"imageFiles":["240104/Skrinshoter-240104/3.11.4.29/Images/ACR-109/ACR-109_Install_1.png","240104/Skrinshoter-240104/3.11.4.29/Images/ACR-042/ACR-042_Install_1.png","240104/Skrinshoter-240104/3.11.4.29/Images/ACR-048/ACR-048_Install_1.png","240104/Skrinshoter-240104/3.11.4.29/Images/ACR-048/ACR-048_Software_1.png","240104/Skrinshoter-240104/3.11.4.29/Images/ACR-057/ACR-057_In-bundle offers_1.png","240104/Skrinshoter-240104/3.11.4.29/Images/ACR-059/ACR-059_In-bundle offers_1.png","240104/Skrinshoter-240104/3.11.4.29/Images/ACR-060/ACR-060_In-bundle offers_1.png","240104/Skrinshoter-240104/3.11.4.29/Images/ACR-155/ACR-155_In-bundle offers_1.png"],"nonDeceptorImageFiles":[],"guid":"06f6a1e8-748f-48b8-bd8e-8a671403f258_3.11.4.29_1","appID":"Skrinshoter-240104","dateAdded":"240104","deceptorType":"App","name":"Skrinshoter","company":"ООО “СААС”","version":"3.11.4.29","lastKnownStatus":"3.11.4.29","lastKnownDate":"240104","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2024-01-04T17:21:07.1767981+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":781},{"violations":{"ACR-042":"App initiates network communications with 3rd party offer provider before obtaining user consent.\n\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software.\n\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its other components on the device without the consumer's consent.\n","ACR-075":"After carrier app was cancelled during installation, the offers are still installed without any notification for user.\n\n","ACR-039":"There is no clear indication about the relationship of the monetization components from the third-party monetizer. The \"dotSetup License\" links to 'https://cassinilabs.com/privacy-policy' -- misleads user that they are for Carrier app. \n\n"},"nonDeceptorViolations":{"ACR-044":"No explicit attribution for the 3rd party Offer provider is shown at installation. Missing clear information about significant functions that it may show offers during installation.\n"},"samples":[{"isRevoked":"False","fileName":"aTube_Catcher_v0.994.03.051.6.exe","isInstaller":"True","companyName":"","productName":"aTube Installer","productVersion":"1.92.1.8262","fileVersion":"1.92.1.8262","hashMD5":"bf1c147ca45943073d8b02ce2491e787","hashSHA1":"ebeea33ef69b6002504ee42c04d7b2ed44b312ff","hashSHA256":"504ec3e3b3c8d6d294ced5ec1cf840f2b973ab823a47d167800e51cfa635af47","digitalCertThumbprint":"F89566667466023D74567E197BEEB3F464F277D2","digitalCertIssuer":"Domain The Net Technologies Ltd CA for Code Signing R2","digitalCertIssuedTo":"DS Net Corp S.A. de C.V.","storeId":"","sourceIndex":"777","avBlockList":["360 Total Security (20240523)","Avast Premium Security (20240523)","AVG Internet Security (20240523)","Avira Internet Security (20240523)","Bitdefender Internet Security (20240523)","COMODO Antivirus (20240523)","Dr.Web Security Space (20240523)","ESET Internet Security (20240523)","G DATA INTERNET SECURITY (20240523)","K7 Total Security (20240523)","Kaspersky Internet Security (20240523)","Malwarebytes Premium (20240523)","McAfee Total Protection (20240523)","Norton Security (20240523)","Panda Dome (20240523)","Quick Heal Internet Security (20240523)","Sophos Home Premium (20240523)","SpyHunter5 (20240523)","Total AV Antivirus Pro (20240523)","Trend Micro Internet Security (20240523)","VIPRE Advanced Security (20240523)","VirIT eXplorer PRO (20240523)","Webroot SecureAnywhere (20240523)"],"avAllowList":["Windows Defender (20240523)"]},{"isRevoked":"False","fileName":"aTube_Catcher_v1.61.56.91.796.exe","isInstaller":"True","fileVersion":"1.92","hashMD5":"5aa25d2d230a23406c4306669ca86bc3","hashSHA1":"a0ac184a517845e2ec50a33a1731dfff3f0c53ae","hashSHA256":"3a86c278e73fef4598a516ef02f2fc77854090b67a7fdd7598001cf36d8fcb5b","digitalCertThumbprint":"A64D7FB1BFEE08484372CED0ABA3A991625ADC14","digitalCertIssuer":"CN=Domain The Net Technologies Ltd CA for Code Signing R2, O=Domain The Net Technologies Ltd, C=IL","digitalCertIssuedTo":"CN=\"DS Net Corp, S.A. de C.V.\", O=\"DS Net Corp, S.A. de C.V.\", L=Benito Juárez, S=México, C=MX","sourceIndex":"777","avBlockList":["360 Total Security (20240523)","Avast Premium Security (20240523)","AVG Internet Security (20240523)","Avira Internet Security (20240523)","Bitdefender Internet Security (20240523)","COMODO Antivirus (20240523)","Dr.Web Security Space (20240523)","ESET Internet Security (20240523)","G DATA INTERNET SECURITY (20240523)","K7 Total Security (20240523)","Kaspersky Internet Security (20240523)","Malwarebytes Premium (20240523)","McAfee Total Protection (20240523)","Norton Security (20240523)","Panda Dome (20240523)","Quick Heal Internet Security (20240523)","Sophos Home Premium (20240523)","SpyHunter5 (20240523)","Total AV Antivirus Pro (20240523)","Trend Micro Internet Security (20240523)","VIPRE Advanced Security (20240523)","VirIT eXplorer PRO (20240523)","Webroot SecureAnywhere (20240523)","Windows Defender (20240523)"],"avAllowList":[]},{"isRevoked":"False","fileName":"aTube_Catcher_v2.72.05.57.37.4.exe","isInstaller":"True","fileVersion":"1.92","hashMD5":"8fc7ee98b2ac497016c9ba7b603ae994","hashSHA1":"22cf1825d9f7a1d9982bb23f7e6064b98b1b3555","hashSHA256":"91fde646d03ef90e173d95b1bf31baf149b0b4e2e66a5a8c7fe4125429be6c62","digitalCertThumbprint":"A64D7FB1BFEE08484372CED0ABA3A991625ADC14","digitalCertIssuer":"CN=Domain The Net Technologies Ltd CA for Code Signing R2, O=Domain The Net Technologies Ltd, C=IL","digitalCertIssuedTo":"CN=\"DS Net Corp, S.A. de C.V.\", O=\"DS Net Corp, S.A. de C.V.\", L=Benito Juárez, S=México, C=MX","sourceIndex":"777","avBlockList":["360 Total Security (20240523)","Avast Premium Security (20240523)","AVG Internet Security (20240523)","Avira Internet Security (20240523)","Bitdefender Internet Security (20240523)","COMODO Antivirus (20240523)","Dr.Web Security Space (20240523)","ESET Internet Security (20240523)","G DATA INTERNET SECURITY (20240523)","K7 Total Security (20240523)","Kaspersky Internet Security (20240523)","Malwarebytes Premium (20240523)","McAfee Total Protection (20240523)","Norton Security (20240523)","Panda Dome (20240523)","Quick Heal Internet Security (20240523)","Sophos Home Premium (20240523)","SpyHunter5 (20240523)","Total AV Antivirus Pro (20240523)","Trend Micro Internet Security (20240523)","VIPRE Advanced Security (20240523)","VirIT eXplorer PRO (20240523)","Webroot SecureAnywhere (20240523)","Windows Defender (20240523)"],"avAllowList":[]},{"isRevoked":"False","fileName":"aTube_Catcher_v2.83.732.630.9.exe","isInstaller":"True","fileVersion":"1.92","hashMD5":"2656328ef60ed7992abf297c7596c436","hashSHA1":"ab167e590c7107e379ea0bdef365dbe4b5f7e667","hashSHA256":"94d17d02361845b4c3b64dfb4ce744feb3b2be1ed5bde663bcbf8d63efb2a1c3","digitalCertThumbprint":"A64D7FB1BFEE08484372CED0ABA3A991625ADC14","digitalCertIssuer":"CN=Domain The Net Technologies Ltd CA for Code Signing R2, O=Domain The Net Technologies Ltd, C=IL","digitalCertIssuedTo":"CN=\"DS Net Corp, S.A. de C.V.\", O=\"DS Net Corp, S.A. de C.V.\", L=Benito Juárez, S=México, C=MX","sourceIndex":"777","avBlockList":["360 Total Security (20240528)","Avast Premium Security (20240528)","AVG Internet Security (20240528)","Avira Internet Security (20240528)","Bitdefender Internet Security (20240528)","COMODO Antivirus (20240528)","Dr.Web Security Space (20240528)","ESET Internet Security (20240528)","G DATA INTERNET SECURITY (20240528)","K7 Total Security (20240528)","Kaspersky Internet Security (20240528)","Malwarebytes Premium (20240528)","McAfee Total Protection (20240528)","Norton Security (20240528)","Panda Dome (20240528)","Quick Heal Internet Security (20240528)","Sophos Home Premium (20240528)","SpyHunter5 (20240528)","Total AV Antivirus Pro (20240528)","Trend Micro Internet Security (20240528)","VIPRE Advanced Security (20240528)","VirIT eXplorer PRO (20240528)","Webroot SecureAnywhere (20240528)","Windows Defender (20240528)"],"avAllowList":[]},{"isRevoked":"False","fileName":"aTube_Catcher_v3.09.544.783.3_231205.exe","isInstaller":"True","fileVersion":"1.92","hashMD5":"dfbdf8f2b16b36dd13dbcbea5462d2c1","hashSHA1":"a054a53666cb36447d98938dec79d78c1ee5c017","hashSHA256":"abd92b777833d3bee5c8f32d9a82cb753c422cd6afea8609936e2e19900c57a1","digitalCertThumbprint":"A64D7FB1BFEE08484372CED0ABA3A991625ADC14","digitalCertIssuer":"CN=Domain The Net Technologies Ltd CA for Code Signing R2, O=Domain The Net Technologies Ltd, C=IL","digitalCertIssuedTo":"CN=\"DS Net Corp, S.A. de C.V.\", O=\"DS Net Corp, S.A. de C.V.\", L=Benito Juárez, S=México, C=MX","sourceIndex":"777","avBlockList":["360 Total Security (20240528)","Avast Premium Security (20240528)","AVG Internet Security (20240528)","Avira Internet Security (20240528)","Bitdefender Internet Security (20240528)","COMODO Antivirus (20240528)","Dr.Web Security Space (20240528)","ESET Internet Security (20240528)","G DATA INTERNET SECURITY (20240528)","K7 Total Security (20240528)","Kaspersky Internet Security (20240528)","Malwarebytes Premium (20240528)","McAfee Total Protection (20240528)","Norton Security (20240528)","Panda Dome (20240528)","Quick Heal Internet Security (20240528)","Sophos Home Premium (20240528)","SpyHunter5 (20240528)","Total AV Antivirus Pro (20240528)","Trend Micro Internet Security (20240528)","VIPRE Advanced Security (20240528)","VirIT eXplorer PRO (20240528)","Webroot SecureAnywhere (20240528)","Windows Defender (20240528)"],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Random Hunt","reference":"","landingPage":"https://www.atube.me/","directDownloadingLink":"https://dv0rnpkbvfpi2.cloudfront.net/rel/in/v0.650.52.598.4","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://dv0rnpkbvfpi2.cloudfront.net/rel/in/v0.650.52.598.4","sourceIndex":"777"},{"howFound":"","reference":"","landingPage":"","directDownloadingLink":"https://dv0rnpkbvfpi2.cloudfront.net/current/de/v0.91.28.50.427","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://dv0rnpkbvfpi2.cloudfront.net/current/de/v0.91.28.50.427","sourceIndex":"778"},{"howFound":"","reference":"","landingPage":"","directDownloadingLink":"https://dv0rnpkbvfpi2.cloudfront.net/build/de/v5.688.516.37.0","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://dv0rnpkbvfpi2.cloudfront.net/build/de/v5.688.516.37.0","sourceIndex":"779"},{"howFound":"","reference":"","landingPage":"https://www.atube.me/","directDownloadingLink":"https://dv0rnpkbvfpi2.cloudfront.net/rel/ph/v6.86.20.69.30.3","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://dv0rnpkbvfpi2.cloudfront.net/rel/ph/v6.86.20.69.30.3","sourceIndex":"780"},{"howFound":"DE site","reference":"","landingPage":"","directDownloadingLink":"https://dv0rnpkbvfpi2.cloudfront.net/version/de/v9.39.39.620.50","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://dv0rnpkbvfpi2.cloudfront.net/version/de/v9.39.39.620.50","sourceIndex":"781"},{"howFound":"","reference":"","landingPage":"","directDownloadingLink":"https://dv0rnpkbvfpi2.cloudfront.net/version/de/v1.90.47.79.065","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://dv0rnpkbvfpi2.cloudfront.net/version/de/v1.90.47.79.065","sourceIndex":"782"},{"howFound":"DE-site","reference":"","landingPage":"","directDownloadingLink":"https://dv0rnpkbvfpi2.cloudfront.net/v/de/v4.673.558.15.5","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://dv0rnpkbvfpi2.cloudfront.net/v/de/v4.673.558.15.5","sourceIndex":"783"}],"sampleFiles":["231211/aTubecatcher-220609/3.08.9991/Samples/aTube_Catcher_v0.994.03.051.6.exe","231211/aTubecatcher-220609/3.08.9991/Samples/aTube_Catcher_v1.61.56.91.796.exe","231211/aTubecatcher-220609/3.08.9991/Samples/aTube_Catcher_v2.72.05.57.37.4.exe","231211/aTubecatcher-220609/3.08.9991/Samples/aTube_Catcher_v2.83.732.630.9.exe","231211/aTubecatcher-220609/3.08.9991/Samples/aTube_Catcher_v3.09.544.783.3_231205.exe"],"imageFiles":["231211/aTubecatcher-220609/3.08.9991/Images/ACR-039/ACR-039_044.jpg","231211/aTubecatcher-220609/3.08.9991/Images/ACR-042/ACR-042.jpg","231211/aTubecatcher-220609/3.08.9991/Images/ACR-013/OptionalOffer1.jpg","231211/aTubecatcher-220609/3.08.9991/Images/ACR-013/OptionalOffer2.jpg","231211/aTubecatcher-220609/3.08.9991/Images/ACR-118/ACR-118_1.JPG","231211/aTubecatcher-220609/3.08.9991/Images/ACR-118/ACR-118_2.JPG","231211/aTubecatcher-220609/3.08.9991/Images/ACR-075/ACR-075.jpg","231211/aTubecatcher-220609/3.08.9991/Images/ACR-060/OptionalOffer1.jpg","231211/aTubecatcher-220609/3.08.9991/Images/ACR-060/OptionalOffer2.jpg"],"nonDeceptorImageFiles":["231211/aTubecatcher-220609/3.08.9991/Images/ACR-044/ACR-039_044.jpg"],"guid":"8a0a8596-51d5-408b-8130-106990d19917_3.08.9991_1","appID":"aTubecatcher-220609","dateAdded":"231211","deceptorType":"App","name":"aTube Catcher","company":"DsNET","version":"3.08.9991","lastKnownStatus":"3.08.9991","lastKnownDate":"231211","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows Vista,Windows XP,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2023-12-12T01:48:28.0095736+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":788},{"violations":{"ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software.\n\n","ACR-060":"During installation, the user is interrupted by non-consented offers to silently install unrelated software.\n","ACR-097":"During installation, the app suggests the user to disable anti-virus protection in order to prevent detection.\n","ACR-039":"There is no clear indication about the relationship of the monetization components from the third-party monetizer. The relationship is not distinctly disclosed and \"Privacy2\" that links to 'https://rise-platforms.com/privacy-policy/' causes confusion and misleads user that they are for Carrier app.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"MEmu-setup-abroad-sdk.exe","isInstaller":"True","companyName":"Microvirt Software Technology Co. Ltd.","fileVersion":"9.0","hashMD5":"04d14442b0cdf659bb6530a00093110d","hashSHA1":"6c70cf8bc14e87d40a604d6fd46ba0c8be5e602c","hashSHA256":"0b26914d4f792daa32c2d854218a50af7bcd49cf6d6e45a723a1849af037d7be","digitalCertThumbprint":"EC0CF2878191870433EC78C6CD8431A5E1B5FA8B","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=\"Shanghai Microvirt Software Technology Co., Ltd.\", O=\"Shanghai Microvirt Software Technology Co., Ltd.\", S=上海市, C=CN, SERIALNUMBER=9131012030160721XG, OID.1.3.6.1.4.1.311.60.2.1.1=奉贤区, OID.1.3.6.1.4.1.311.60.2.1.2=上海市, OID.1.3.6.1.4.1.311.60.2.1.3=CN, OID.2.5.4.15=Private Organization","sourceIndex":"925","avBlockList":["Bitdefender Internet Security (20230907)","COMODO Antivirus (20230907)","ESET Internet Security (20230907)","K7 Total Security (20230907)","Malwarebytes Premium (20230907)","McAfee Total Protection (20230907)","Norton Security (20230907)","Panda Dome (20230907)","Quick Heal Internet Security (20230907)","Sophos Home Premium (20230907)","SpyHunter5 (20230907)","Total AV Antivirus Pro (20230907)","Trend Micro Internet Security (20230907)","VIPRE Advanced Security (20230907)","VirIT eXplorer PRO (20230907)","Webroot SecureAnywhere (20230907)"],"avAllowList":["360 Total Security (20230907)","Avast Premium Security (20230907)","AVG Internet Security (20230907)","Avira Internet Security (20230907)","Dr.Web Security Space (20230907)","G DATA INTERNET SECURITY (20230907)","Kaspersky Internet Security (20230907)","Windows Defender (20230907)"]}],"additionalFiles":[],"sources":[{"howFound":"hunted through BIBR","reference":"","landingPage":"https://memuplay.com/","directDownloadingLink":"https://www.memuplay.com/download-en.php?from=official_release","ipv4":"","ipv6":"","landingPageWildChar":"","directDownloadingLinkWildChar":"https://www.memuplay.com/download-en.php?from=official_release","sourceIndex":"925"}],"sampleFiles":["230815/MEmuPlay-230321/9.0.3.0/Samples/MEmu-setup-abroad-sdk.exe"],"imageFiles":["230815/MEmuPlay-230321/9.0.3.0/Images/ACR-039/ACR-039_044.jpg","230815/MEmuPlay-230321/9.0.3.0/Images/ACR-013/MEmu_OptionalOffers2.png","230815/MEmuPlay-230321/9.0.3.0/Images/ACR-097/ACR-097.jpg","230815/MEmuPlay-230321/9.0.3.0/Images/ACR-060/OptionalOffer1.jpg","230815/MEmuPlay-230321/9.0.3.0/Images/ACR-060/OptionalOffer2.jpg"],"nonDeceptorImageFiles":[],"guid":"029d8f2d-d915-40c9-8ee5-ef889663f892_9.0.3.0_1","appID":"MEmuPlay-230321","dateAdded":"231211","deceptorType":"App","name":"MEmu Play","company":"Microvirt Software Technology Co. Ltd.","version":"9.0.3.0","firstVendorContactDate":"260408","firstAppEsteemReplyDate":"260408","firstResolvedDate":"260413","firstResolvedVersion":"9.5.1.0","resolved":"TRUE","lastKnownStatus":"8.0.0.0;9.0.0.1;9.0.2.0;9.0.3.0;9.0.5.1;9.0.6.3","lastKnownDate":"231211","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Adults only","monetization":"none","lastUpdate":"2026-04-13T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":6,"sortOrder":784},{"violations":{"ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software.\n\n","ACR-060":"During installation, the user is interrupted by non-consented offers to silently install unrelated software.\n","ACR-097":"During installation, the app suggests the user to disable anti-virus protection in order to prevent detection.\n","ACR-039":"There is no clear indication about the relationship of the monetization components from the third-party monetizer. The relationship is not distinctly disclosed and \"Privacy2\" that links to 'https://rise-platforms.com/privacy-policy/' causes confusion and misleads user that they are for Carrier app.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"MEmu-setup-abroad-sdk.exe","isInstaller":"True","companyName":"Microvirt Software Technology Co. Ltd.","fileVersion":"8.0","hashMD5":"581da0f19ef8388a0ba331ce0a617aaf","hashSHA1":"e050d686c3c5972aaf1a4fdec299e764ef9873eb","hashSHA256":"8fb453bf498acb05af9e0a442f26029cd6c5a3d68431fdff7fc385faf1541b96","digitalCertThumbprint":"EC0CF2878191870433EC78C6CD8431A5E1B5FA8B","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=\"Shanghai Microvirt Software Technology Co., Ltd.\", O=\"Shanghai Microvirt Software Technology Co., Ltd.\", S=上海市, C=CN, SERIALNUMBER=9131012030160721XG, OID.1.3.6.1.4.1.311.60.2.1.1=奉贤区, OID.1.3.6.1.4.1.311.60.2.1.2=上海市, OID.1.3.6.1.4.1.311.60.2.1.3=CN, OID.2.5.4.15=Private Organization","sourceIndex":"1019","avBlockList":["Avira Internet Security (20230914)","Bitdefender Internet Security (20230914)","ESET Internet Security (20230914)","K7 Total Security (20230914)","Malwarebytes Premium (20230914)","Norton Security (20230914)","Panda Dome (20230914)","Sophos Home Premium (20230914)","SpyHunter5 (20230914)","Total AV Antivirus Pro (20230914)","VIPRE Advanced Security (20230914)","VirIT eXplorer PRO (20230914)","Webroot SecureAnywhere (20230914)"],"avAllowList":["360 Total Security (20230914)","Avast Premium Security (20230914)","AVG Internet Security (20230914)","COMODO Antivirus (20230914)","Dr.Web Security Space (20230914)","G DATA INTERNET SECURITY (20230914)","Kaspersky Internet Security (20230914)","McAfee Total Protection (20230914)","Quick Heal Internet Security (20230914)","Trend Micro Internet Security (20230914)","Windows Defender (20230914)"]}],"additionalFiles":[],"sources":[{"howFound":"hunted through BIBR","reference":"","landingPage":"https://memuplay.com/","directDownloadingLink":"https://www.memuplay.com/download-memu-on-pc.html","ipv4":"","ipv6":"","landingPageWildChar":"","directDownloadingLinkWildChar":"https://www.memuplay.com/download-memu-on-pc.html","sourceIndex":"1019"}],"sampleFiles":["230705/MEmuPlay-230321/9.0.2.0/Samples/MEmu-setup-abroad-sdk.exe"],"imageFiles":["230705/MEmuPlay-230321/9.0.2.0/Images/ACR-039/ACR-039_044.jpg","230705/MEmuPlay-230321/9.0.2.0/Images/ACR-013/MEmu_OptionalOffers.png","230705/MEmuPlay-230321/9.0.2.0/Images/ACR-013/MEmu_OptionalOffers2.png","230705/MEmuPlay-230321/9.0.2.0/Images/ACR-097/ACR-097.jpg","230705/MEmuPlay-230321/9.0.2.0/Images/ACR-060/OptionalOffer1.jpg"],"nonDeceptorImageFiles":[],"guid":"029d8f2d-d915-40c9-8ee5-ef889663f892_9.0.2.0_1","appID":"MEmuPlay-230321","dateAdded":"231211","deceptorType":"App","name":"MEmu Play","company":"Microvirt Software Technology Co. Ltd.","version":"9.0.2.0","firstVendorContactDate":"260408","firstAppEsteemReplyDate":"260408","firstResolvedDate":"260413","firstResolvedVersion":"9.5.1.0","resolved":"TRUE","lastKnownStatus":"8.0.0.0;9.0.0.1;9.0.2.0;9.0.3.0;9.0.5.1;9.0.6.3","lastKnownDate":"231211","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Adults only","monetization":"none","lastUpdate":"2026-04-13T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":6,"sortOrder":785},{"violations":{"ACR-097":"During installation, the app suggests the user to disable anti-virus protection in order to prevent detection.\n","ACR-039":"There is no clear indication about the relationship of the monetization components from the third-party monetizer. The relationship is not distinctly disclosed and \"Privacy2\" that links to 'https://rise-platforms.com/privacy-policy/' causes confusion and misleads user that they are for Carrier app.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"MEmu.exe","companyName":"Microvirt Software Technology Co. Ltd.","fileVersion":"9.0","hashMD5":"6a44cc85f64dc0c6c9f3ec8a74dd9ed6","hashSHA1":"1fe15a3b4179db10e99499f78a21e1f59247e8e8","hashSHA256":"33eaf281e903f394046c8336e9c758d0b4c6c44be023e4b0d256c3c6c8d91a94","digitalCertThumbprint":"EC0CF2878191870433EC78C6CD8431A5E1B5FA8B","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=\"Shanghai Microvirt Software Technology Co., Ltd.\", O=\"Shanghai Microvirt Software Technology Co., Ltd.\", S=上海市, C=CN, SERIALNUMBER=9131012030160721XG, OID.1.3.6.1.4.1.311.60.2.1.1=奉贤区, OID.1.3.6.1.4.1.311.60.2.1.2=上海市, OID.1.3.6.1.4.1.311.60.2.1.3=CN, OID.2.5.4.15=Private Organization","sourceIndex":"1097","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"MEmu-setup-abroad-sdk.exe","isInstaller":"True","companyName":"Microvirt Software Technology Co. Ltd.","fileVersion":"8.0","hashMD5":"581da0f19ef8388a0ba331ce0a617aaf","hashSHA1":"e050d686c3c5972aaf1a4fdec299e764ef9873eb","hashSHA256":"8fb453bf498acb05af9e0a442f26029cd6c5a3d68431fdff7fc385faf1541b96","digitalCertThumbprint":"EC0CF2878191870433EC78C6CD8431A5E1B5FA8B","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=\"Shanghai Microvirt Software Technology Co., Ltd.\", O=\"Shanghai Microvirt Software Technology Co., Ltd.\", S=上海市, C=CN, SERIALNUMBER=9131012030160721XG, OID.1.3.6.1.4.1.311.60.2.1.1=奉贤区, OID.1.3.6.1.4.1.311.60.2.1.2=上海市, OID.1.3.6.1.4.1.311.60.2.1.3=CN, OID.2.5.4.15=Private Organization","sourceIndex":"1097","avBlockList":["Avira Internet Security (20230914)","Bitdefender Internet Security (20230914)","ESET Internet Security (20230914)","K7 Total Security (20230914)","Malwarebytes Premium (20230914)","Norton Security (20230914)","Panda Dome (20230914)","Sophos Home Premium (20230914)","SpyHunter5 (20230914)","Total AV Antivirus Pro (20230914)","VIPRE Advanced Security (20230914)","VirIT eXplorer PRO (20230914)","Webroot SecureAnywhere (20230914)"],"avAllowList":["360 Total Security (20230914)","Avast Premium Security (20230914)","AVG Internet Security (20230914)","COMODO Antivirus (20230914)","Dr.Web Security Space (20230914)","G DATA INTERNET SECURITY (20230914)","Kaspersky Internet Security (20230914)","McAfee Total Protection (20230914)","Quick Heal Internet Security (20230914)","Trend Micro Internet Security (20230914)","Windows Defender (20230914)"]}],"additionalFiles":[],"sources":[{"howFound":"hunted through BIBR","reference":"","landingPage":"https://memuplay.com/","directDownloadingLink":"https://www.memuplay.com/download-memu-on-pc.html","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.memuplay.com/download-memu-on-pc.html","sourceIndex":"1097"}],"sampleFiles":["230519/MEmuPlay-230321/9.0.0.1/Samples/MEmu.exe","230519/MEmuPlay-230321/9.0.0.1/Samples/MEmu-setup-abroad-sdk.exe"],"imageFiles":["230519/MEmuPlay-230321/9.0.0.1/Images/ACR-039/ACR-039_044.jpg","230519/MEmuPlay-230321/9.0.0.1/Images/ACR-097/ACR-097.jpg"],"nonDeceptorImageFiles":[],"guid":"029d8f2d-d915-40c9-8ee5-ef889663f892_9.0.0.1_1","appID":"MEmuPlay-230321","dateAdded":"231211","deceptorType":"App","name":"MEmu Play","company":"Microvirt Software Technology Co. Ltd.","version":"9.0.0.1","firstVendorContactDate":"260408","firstAppEsteemReplyDate":"260408","firstResolvedDate":"260413","firstResolvedVersion":"9.5.1.0","resolved":"TRUE","lastKnownStatus":"8.0.0.0;9.0.0.1;9.0.2.0;9.0.3.0;9.0.5.1;9.0.6.3","lastKnownDate":"231211","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Adults only","monetization":"none","lastUpdate":"2026-04-13T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":6,"sortOrder":786},{"violations":{"ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software.\n\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software.\n","ACR-097":"During installation, the app suggests the user to disable anti-virus protection in order to prevent detection.\n","ACR-039":"There is no clear indication about the relationship of the monetization components from the third-party monetizer. The relationship is not distinctly disclosed and \"Privacy2\" that links to 'https://cassinilabs.com/privacy-policy/' causes confusion and misleads user that they are for Carrier app.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"MEmu-setup-abroad-sdk.exe","isInstaller":"True","companyName":"Microvirt Software Technology Co. Ltd.","fileVersion":"8.0","hashMD5":"581da0f19ef8388a0ba331ce0a617aaf","hashSHA1":"e050d686c3c5972aaf1a4fdec299e764ef9873eb","hashSHA256":"8fb453bf498acb05af9e0a442f26029cd6c5a3d68431fdff7fc385faf1541b96","digitalCertThumbprint":"EC0CF2878191870433EC78C6CD8431A5E1B5FA8B","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=\"Shanghai Microvirt Software Technology Co., Ltd.\", O=\"Shanghai Microvirt Software Technology Co., Ltd.\", S=上海市, C=CN, SERIALNUMBER=9131012030160721XG, OID.1.3.6.1.4.1.311.60.2.1.1=奉贤区, OID.1.3.6.1.4.1.311.60.2.1.2=上海市, OID.1.3.6.1.4.1.311.60.2.1.3=CN, OID.2.5.4.15=Private Organization","sourceIndex":"1171","avBlockList":["Avira Internet Security (20230914)","Bitdefender Internet Security (20230914)","ESET Internet Security (20230914)","K7 Total Security (20230914)","Malwarebytes Premium (20230914)","Norton Security (20230914)","Panda Dome (20230914)","Sophos Home Premium (20230914)","SpyHunter5 (20230914)","Total AV Antivirus Pro (20230914)","VIPRE Advanced Security (20230914)","VirIT eXplorer PRO (20230914)","Webroot SecureAnywhere (20230914)"],"avAllowList":["360 Total Security (20230914)","Avast Premium Security (20230914)","AVG Internet Security (20230914)","COMODO Antivirus (20230914)","Dr.Web Security Space (20230914)","G DATA INTERNET SECURITY (20230914)","Kaspersky Internet Security (20230914)","McAfee Total Protection (20230914)","Quick Heal Internet Security (20230914)","Trend Micro Internet Security (20230914)","Windows Defender (20230914)"]}],"additionalFiles":[],"sources":[{"howFound":"hunted through BIBR","reference":"","landingPage":"https://memuplay.com/","directDownloadingLink":"https://www.memuplay.com/download-memu-on-pc.html","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.memuplay.com/download-memu-on-pc.html","sourceIndex":"1171"}],"sampleFiles":["230405/MEmuPlay-230321/8.0.0.0/Samples/MEmu-setup-abroad-sdk.exe"],"imageFiles":["230405/MEmuPlay-230321/8.0.0.0/Images/ACR-039/ACR-039_044.jpg","230405/MEmuPlay-230321/8.0.0.0/Images/ACR-013/OptionalOffer1.jpg","230405/MEmuPlay-230321/8.0.0.0/Images/ACR-013/OptionalOffer2.jpg","230405/MEmuPlay-230321/8.0.0.0/Images/ACR-097/ACR-097.jpg","230405/MEmuPlay-230321/8.0.0.0/Images/ACR-060/OptionalOffer1.jpg","230405/MEmuPlay-230321/8.0.0.0/Images/ACR-060/OptionalOffer2.jpg"],"nonDeceptorImageFiles":[],"guid":"029d8f2d-d915-40c9-8ee5-ef889663f892_8.0.0.0_1","appID":"MEmuPlay-230321","dateAdded":"231211","deceptorType":"App","name":"MEmu Play","company":"Microvirt Software Technology Co. Ltd.","version":"8.0.0.0","firstVendorContactDate":"260408","firstAppEsteemReplyDate":"260408","firstResolvedDate":"260413","firstResolvedVersion":"9.5.1.0","resolved":"TRUE","lastKnownStatus":"8.0.0.0;9.0.0.1;9.0.2.0;9.0.3.0;9.0.5.1;9.0.6.3","lastKnownDate":"231211","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Adults only","monetization":"none","lastUpdate":"2026-04-13T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":6,"sortOrder":787},{"violations":{"ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software.\n\n","ACR-060":"During installation, the user is interrupted by non-consented offers to silently install unrelated software.\n","ACR-097":"During installation, the app suggests the user to disable anti-virus protection in order to prevent detection.\n","ACR-039":"There is no clear indication about the relationship of the monetization components from the third-party monetizer. The relationship is not distinctly disclosed and \"Privacy2\" that links to 'https://rise-platforms.com/privacy-policy/' causes confusion and misleads user that they are for Carrier app.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"MEmu-setup-abroad-sdk.exe","isInstaller":"True","companyName":"Microvirt Software Technology Co. Ltd.","fileVersion":"9.0","hashMD5":"5d0922683a7a35db5b94d4cab59050c1","hashSHA1":"4eccdfe53579ae536b52b65e5ede9c76b190f2d5","hashSHA256":"67471afe10b681416980009ff81f212a08c609ef66aac6ea07054406483b3e83","digitalCertThumbprint":"75354CD431AEC08522F99AAD0FCBE5D80AF59C77","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=\"Shanghai Microvirt Software Technology Co., Ltd.\", O=\"Shanghai Microvirt Software Technology Co., Ltd.\", S=上海市, C=CN, SERIALNUMBER=9131012030160721XG, OID.2.5.4.15=Private organization, OID.1.3.6.1.4.1.311.60.2.1.1=奉贤区, OID.1.3.6.1.4.1.311.60.2.1.2=上海市, OID.1.3.6.1.4.1.311.60.2.1.3=CN","sourceIndex":"109","avBlockList":["ESET Internet Security (20240130)","K7 Total Security (20240130)","Kaspersky Internet Security (20240130)","Malwarebytes Premium (20240130)","Norton Security (20240130)","Panda Dome (20240130)","Quick Heal Internet Security (20240130)","Sophos Home Premium (20240130)","SpyHunter5 (20240130)","VirIT eXplorer PRO (20240130)","Webroot SecureAnywhere (20240130)"],"avAllowList":["360 Total Security (20240130)","Avast Premium Security (20240130)","AVG Internet Security (20240130)","Avira Internet Security (20240130)","Bitdefender Internet Security (20240130)","COMODO Antivirus (20240130)","Dr.Web Security Space (20240130)","G DATA INTERNET SECURITY (20240130)","McAfee Total Protection (20240130)","Total AV Antivirus Pro (20240130)","Trend Micro Internet Security (20240130)","VIPRE Advanced Security (20240130)","Windows Defender (20240130)"]},{"isRevoked":"False","fileName":"MEmu-setup-abroad-sdk-mv_231011.exe","isInstaller":"True","companyName":"Microvirt Software Technology Co. Ltd.","fileVersion":"9.0","hashMD5":"f9ce897d93d4f77bca3cca8541a8addb","hashSHA1":"4ac5a68266c842fb997fd755c9d10d1975baa71f","hashSHA256":"89174acde0ea21562e6186847ba7d12aacd9b2b2132f456dd8335680daadd9a9","digitalCertThumbprint":"75354CD431AEC08522F99AAD0FCBE5D80AF59C77","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=\"Shanghai Microvirt Software Technology Co., Ltd.\", O=\"Shanghai Microvirt Software Technology Co., Ltd.\", S=上海市, C=CN, SERIALNUMBER=9131012030160721XG, OID.2.5.4.15=Private organization, OID.1.3.6.1.4.1.311.60.2.1.1=奉贤区, OID.1.3.6.1.4.1.311.60.2.1.2=上海市, OID.1.3.6.1.4.1.311.60.2.1.3=CN","sourceIndex":"109","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"hunted through BIBR","reference":"","landingPage":"https://memuplay.com/","directDownloadingLink":"https://www.memuplay.com/download-memu-on-pc.html","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.memuplay.com/download-memu-on-pc.html","sourceIndex":"109"}],"sampleFiles":["231211/MEmuPlay-230321/9.0.6.3/Samples/MEmu-setup-abroad-sdk.exe","231211/MEmuPlay-230321/9.0.6.3/Samples/MEmu-setup-abroad-sdk-mv_231011.exe"],"imageFiles":["231211/MEmuPlay-230321/9.0.6.3/Images/ACR-039/rise_privacy.jpg","231211/MEmuPlay-230321/9.0.6.3/Images/ACR-013/OptionalOffer1.jpg","231211/MEmuPlay-230321/9.0.6.3/Images/ACR-013/OptionalOffer2.jpg","231211/MEmuPlay-230321/9.0.6.3/Images/ACR-097/ACR-097.jpg","231211/MEmuPlay-230321/9.0.6.3/Images/ACR-060/OptionalOffer1.jpg","231211/MEmuPlay-230321/9.0.6.3/Images/ACR-060/OptionalOffer2.jpg"],"nonDeceptorImageFiles":[],"guid":"029d8f2d-d915-40c9-8ee5-ef889663f892_9.0.6.3_1","appID":"MEmuPlay-230321","dateAdded":"231211","deceptorType":"App","name":"MEmu Play","company":"Microvirt Software Technology Co. Ltd.","version":"9.0.6.3","firstVendorContactDate":"260408","firstAppEsteemReplyDate":"260408","firstResolvedDate":"260413","firstResolvedVersion":"9.5.1.0","resolved":"TRUE","lastKnownStatus":"8.0.0.0;9.0.0.1;9.0.2.0;9.0.3.0;9.0.5.1;9.0.6.3","lastKnownDate":"231211","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Adults only","monetization":"none","lastUpdate":"2026-04-13T20:45:30.5823563+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":6,"sortOrder":782},{"violations":{"ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software.\n\n","ACR-060":"During installation, the user is interrupted by non-consented offers to silently install unrelated software.\n","ACR-097":"During installation, the app suggests the user to disable anti-virus protection in order to prevent detection.\n","ACR-039":"There is no clear indication about the relationship of the monetization components from the third-party monetizer. The relationship is not distinctly disclosed and \"Privacy2\" that links to 'https://rise-platforms.com/privacy-policy/' causes confusion and misleads user that they are for Carrier app.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"MEmu-setup-abroad-sdk.exe","isInstaller":"True","companyName":"Microvirt Software Technology Co. Ltd.","fileVersion":"9.0","hashMD5":"d94a71d474382524f3d73704e940e74d","hashSHA1":"f63c98cf261f2ca5c5d127185a40d9521ba9a62b","hashSHA256":"e5b76164b655f44a48edd10d595b420ed8e551d160582272385ea923dddd3c34","digitalCertThumbprint":"EC0CF2878191870433EC78C6CD8431A5E1B5FA8B","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=\"Shanghai Microvirt Software Technology Co., Ltd.\", O=\"Shanghai Microvirt Software Technology Co., Ltd.\", S=上海市, C=CN, SERIALNUMBER=9131012030160721XG, OID.1.3.6.1.4.1.311.60.2.1.1=奉贤区, OID.1.3.6.1.4.1.311.60.2.1.2=上海市, OID.1.3.6.1.4.1.311.60.2.1.3=CN, OID.2.5.4.15=Private Organization","sourceIndex":"906","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"hunted through BIBR","reference":"","landingPage":"https://memuplay.com/","directDownloadingLink":"https://www.memuplay.com/download-memu-on-pc.html","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.memuplay.com/download-memu-on-pc.html","sourceIndex":"906"}],"sampleFiles":["230907/MEmuPlay-230321/9.0.5.1/Samples/MEmu-setup-abroad-sdk.exe"],"imageFiles":["230907/MEmuPlay-230321/9.0.5.1/Images/ACR-039/rise_privacy.jpg","230907/MEmuPlay-230321/9.0.5.1/Images/ACR-013/OptionalOffer1.jpg","230907/MEmuPlay-230321/9.0.5.1/Images/ACR-013/OptionalOffer2.jpg","230907/MEmuPlay-230321/9.0.5.1/Images/ACR-097/ACR-097.jpg","230907/MEmuPlay-230321/9.0.5.1/Images/ACR-060/OptionalOffer1.jpg","230907/MEmuPlay-230321/9.0.5.1/Images/ACR-060/OptionalOffer2.jpg"],"nonDeceptorImageFiles":[],"guid":"029d8f2d-d915-40c9-8ee5-ef889663f892_9.0.5.1_1","appID":"MEmuPlay-230321","dateAdded":"231211","deceptorType":"App","name":"MEmu Play","company":"Microvirt Software Technology Co. Ltd.","version":"9.0.5.1","firstVendorContactDate":"260408","firstAppEsteemReplyDate":"260408","firstResolvedDate":"260413","firstResolvedVersion":"9.5.1.0","resolved":"TRUE","lastKnownStatus":"8.0.0.0;9.0.0.1;9.0.2.0;9.0.3.0;9.0.5.1;9.0.6.3","lastKnownDate":"231211","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Adults only","monetization":"none","lastUpdate":"2026-04-13T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":6,"sortOrder":783},{"violations":{"ACR-109":"Download Manager secretly writes the files (some are set to be hidden and system only file) to consumer system under hidden folder without user agreeing to install.\n","ACR-042":"Download manager drops hidden file/potential offer app info in hidden folder without user permission. \n","ACR-043":"The \"DownloadItDownloadManager\" components get dropped in one click without asking the user's permission and disclosing the installation path.\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software.\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software.\n","ACR-075":"After carrier app was cancelled during installation, the offers are still installed without any notification for user.\n","ACR-039":"No clear indications of the relationship for the monetization components from CassiniLabs and Carrier app is disclosed to user before offers being prompts. The links for privacy policy and Term of use mislead user that they are for Carrier app. \n(https://cassinilabs.com/privacy-policy/)\n"},"nonDeceptorViolations":{"ACR-044":"Download manager doesn't disclose its bundling function when user choose to install carrier app.\n"},"samples":[{"isRevoked":"False","fileName":"veezie_pr0t9-1.exe-833064195b0c96bce9a8c00dc95df6bd9fce1092c1260ba0e877810bfc44b0aa","isInstaller":"True","fileVersion":"4.78","hashMD5":"99a9fbd5fee72ce51585309390a46717","hashSHA1":"ff39c56312090a909c2c0c82629c552a3b252a98","hashSHA256":"833064195b0c96bce9a8c00dc95df6bd9fce1092c1260ba0e877810bfc44b0aa","digitalCertThumbprint":"2A144B8B0F3F257E206EA0702CFE73A2F17F47D0","digitalCertIssuer":"CN=Domain The Net Technologies Ltd CA for Code Signing R2, O=Domain The Net Technologies Ltd, C=IL","digitalCertIssuedTo":"CN=INNOVA MEDIA d.o.o., O=INNOVA MEDIA d.o.o., L=Šempeter pri Gorici, S=Goriška, C=SI","sourceIndex":"1173","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunted at BIBR","reference":"","landingPage":"https://veezie.download.it/download","directDownloadingLink":"https://d32vwrrnmnd033.cloudfront.net/yFNO63FSs/7.18.57.9/veezie.exe","ipv4":"","ipv6":"","landingPageWildChar":"https://*.download.it/download","directDownloadingLinkWildChar":"https://d32vwrrnmnd033.cloudfront.net/*","sourceIndex":"1173"}],"sampleFiles":["230405/DownloadItBundler-230321/4.78.2.0/Samples/veezie_pr0t9-1.exe-833064195b0c96bce9a8c00dc95df6bd9fce1092c1260ba0e877810bfc44b0aa"],"imageFiles":["230405/DownloadItBundler-230321/4.78.2.0/Images/ACR-109/ACR-109.png","230405/DownloadItBundler-230321/4.78.2.0/Images/ACR-039/ACR-039_download_it.png","230405/DownloadItBundler-230321/4.78.2.0/Images/ACR-043/ACR-043_download_it.png","230405/DownloadItBundler-230321/4.78.2.0/Images/ACR-042/ACR-042.png","230405/DownloadItBundler-230321/4.78.2.0/Images/ACR-013/ACR-013_1.png","230405/DownloadItBundler-230321/4.78.2.0/Images/ACR-013/ACR-013_2.png","230405/DownloadItBundler-230321/4.78.2.0/Images/ACR-060/ACR-060_1.png","230405/DownloadItBundler-230321/4.78.2.0/Images/ACR-060/ACR-060_2.png","230405/DownloadItBundler-230321/4.78.2.0/Images/ACR-075/ACR-075.png"],"nonDeceptorImageFiles":["230405/DownloadItBundler-230321/4.78.2.0/Images/ACR-044/ACR-044_download_it.png"],"guid":"cca31ef7-caa4-4bc0-a89c-b1591bfeee6b_4.78.2.0_1","appID":"DownloadItBundler-230321","dateAdded":"231206","deceptorType":"Bundler","name":"DownloadItDownloadManager","company":"download.it","version":"4.78.2.0","lastKnownStatus":"4.78.2.0;6.32.1033","lastKnownDate":"231206","type":"Windows Executable","category":"Bundlers & Downloaders","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"sold in bundle","lastUpdate":"2023-12-06T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":790},{"violations":{"ACR-109":"Download Manager secretly writes the files (some are set to be hidden and system only file) to consumer system under hidden folder without user agreeing to install.\n","ACR-042":"Download manager drops hidden file/potential offer app info in hidden folder without user permission. \n","ACR-043":"The \"DownloadItDownloadManager\" components get dropped in one click without asking the user's permission and disclosing the installation path.\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software.\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software.\n","ACR-039":"No clear indications of the relationship for the monetization components from CassiniLabs and Carrier app is disclosed to user before offers being prompts. The links for privacy policy and Term of use mislead user that they are for Carrier app. \n(https://cassinilabs.com/privacy-policy/)\n"},"nonDeceptorViolations":{"ACR-044":"Download manager doesn't disclose its bundling function when user choose to install carrier app.\n"},"samples":[{"isRevoked":"False","fileName":"recuva_Z-EsX71.exe","isInstaller":"True","fileVersion":"6.32","hashMD5":"d31c0667e88d6ace5e0866b65020e8ed","hashSHA1":"ac5e03298f1e2cdce9e592704fedbd43d4038e52","hashSHA256":"16acab9f39ecbc9b51ebd607f7f9f4a954aa4f6b28374079d3b6aa72a9a05fa9","digitalCertThumbprint":"C011031C6E7228944060AC53BBD85486596B7464","digitalCertIssuer":"CN=Domain The Net Technologies Ltd CA for Code Signing R2, O=Domain The Net Technologies Ltd, C=IL","digitalCertIssuedTo":"CN=INNOVA MEDIA d.o.o., O=INNOVA MEDIA d.o.o., L=Sempeter pri Gorici, S=Goriska, C=SI","sourceIndex":"790","avBlockList":["360 Total Security (20240528)","Avira Internet Security (20240528)","COMODO Antivirus (20240528)","Dr.Web Security Space (20240528)","ESET Internet Security (20240528)","G DATA INTERNET SECURITY (20240528)","K7 Total Security (20240528)","Kaspersky Internet Security (20240528)","Malwarebytes Premium (20240528)","Norton Security (20240528)","Panda Dome (20240528)","Quick Heal Internet Security (20240528)","Sophos Home Premium (20240528)","SpyHunter5 (20240528)","Total AV Antivirus Pro (20240528)","Trend Micro Internet Security (20240528)","VirIT eXplorer PRO (20240528)","Webroot SecureAnywhere (20240528)"],"avAllowList":["Avast Premium Security (20240528)","AVG Internet Security (20240528)","Bitdefender Internet Security (20240528)","McAfee Total Protection (20240528)","VIPRE Advanced Security (20240528)","Windows Defender (20240528)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunted at BIBR","reference":"","landingPage":"https://veezie.download.it/download","directDownloadingLink":"https://d32vwrrnmnd033.cloudfront.net/yFNO63FSs/7.18.57.9/veezie.exe","ipv4":"","ipv6":"","landingPageWildChar":"https://*.download.it/download","directDownloadingLinkWildChar":"https://d32vwrrnmnd033.cloudfront.net/yFNO63FSs/7.18.57.9/veezie.exe","sourceIndex":"790"},{"howFound":"DE-site","reference":"","landingPage":"","directDownloadingLink":"https://d20sz0wyeqig84.cloudfront.net/5EHC3rKom/2.9.576.482/recuva.exe","ipv4":"","ipv6":"","landingPageWildChar":"","directDownloadingLinkWildChar":"https://d20sz0wyeqig84.cloudfront.net/*","sourceIndex":"791"}],"sampleFiles":["231206/DownloadItBundler-230321/6.32.1033/Samples/recuva_Z-EsX71.exe"],"imageFiles":["231206/DownloadItBundler-230321/6.32.1033/Images/ACR-109/ACR-109_Install_1.png","231206/DownloadItBundler-230321/6.32.1033/Images/ACR-039/ACR-039_Install_1.png","231206/DownloadItBundler-230321/6.32.1033/Images/ACR-043/ACR-043_Install_1.png","231206/DownloadItBundler-230321/6.32.1033/Images/ACR-042/ACR-042_Install_1.png","231206/DownloadItBundler-230321/6.32.1033/Images/ACR-013/ACR-013_Install_1.png","231206/DownloadItBundler-230321/6.32.1033/Images/ACR-013/ACR-013_Install_2.png","231206/DownloadItBundler-230321/6.32.1033/Images/ACR-060/ACR-060_In-bundle offers_1.png","231206/DownloadItBundler-230321/6.32.1033/Images/ACR-060/ACR-060_In-bundle offers_2.png"],"nonDeceptorImageFiles":["231206/DownloadItBundler-230321/6.32.1033/Images/ACR-044/ACR-044_Install_1.png"],"guid":"cca31ef7-caa4-4bc0-a89c-b1591bfeee6b_6.32.1033_1","appID":"DownloadItBundler-230321","dateAdded":"231206","deceptorType":"Bundler","name":"DownloadItDownloadManager","company":"download.it","version":"6.32.1033","lastKnownStatus":"4.78.2.0;6.32.1033","lastKnownDate":"231206","type":"Windows Executable","category":"Bundlers & Downloaders","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"sold in bundle","lastUpdate":"2023-12-06T22:41:37.2943417+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":789},{"violations":{"ACR-042":"Unrelated components introduced without clear option for user author the explicit permission.\nhttps://rise-platforms.com/privacy/\n","ACR-043":"Third-party \"The Qt Company Ltd\" components are installed without any disclosure \n","ACR-107":"The app does not obtain any authorization for using third-party \"The Qt Company Ltd\" components\n","ACR-048":"The app does not allow the user to cancel the installation.\nThe app does not provide control to remove the startup item and schedule task created during the installation\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software \n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software\n","ACR-084":"The app creates an undisclosed scheduled task and a startup to perform an action without the user's knowledge and consent\n","ACR-118":"When the user attempts to completely uninstall the app, it retains some of the components and other files without the user's knownledge\n"},"nonDeceptorViolations":{"ACR-040":"The app installs files and components in several locations including hidden folders besides the set default without user's knowledge.\n"},"samples":[{"isRevoked":"False","fileName":"DivXInstaller.exe","isInstaller":"True","companyName":"DivX, LLC","fileVersion":"10.10","hashMD5":"410d12aa689f80d64439c6c6ebb6375b","hashSHA1":"db8f15652833347f026927defdb807e6ebe37583","hashSHA256":"6d6899d4a73dbcd1d1f1ca932cda07437b574e9de2440efd16c504774e75522d","digitalCertThumbprint":"40771DEB72F7F99EBC23212A0B483A053DE8208A","digitalCertIssuer":"CN=Sectigo Public Code Signing CA R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=DIVX LLC, O=DIVX LLC, S=California, C=US","sourceIndex":"789","avBlockList":["ESET Internet Security (20240528)","G DATA INTERNET SECURITY (20240528)","K7 Total Security (20240528)","Malwarebytes Premium (20240528)","Norton Security (20240528)","Panda Dome (20240528)","Sophos Home Premium (20240528)","SpyHunter5 (20240528)","VirIT eXplorer PRO (20240528)"],"avAllowList":["360 Total Security (20240528)","Avast Premium Security (20240528)","AVG Internet Security (20240528)","Avira Internet Security (20240528)","Bitdefender Internet Security (20240528)","COMODO Antivirus (20240528)","Dr.Web Security Space (20240528)","Kaspersky Internet Security (20240528)","McAfee Total Protection (20240528)","Quick Heal Internet Security (20240528)","Total AV Antivirus Pro (20240528)","Trend Micro Internet Security (20240528)","VIPRE Advanced Security (20240528)","Webroot SecureAnywhere (20240528)","Windows Defender (20240528)"]},{"isRevoked":"False","fileName":"DivXInstaller_231205.exe","isInstaller":"True","companyName":"DivX, LLC","fileVersion":"10.10","hashMD5":"168e57cc6e585f02efed6d5775e1ae32","hashSHA1":"175e1a6c55fba24040013218181fa5df6e305c8f","hashSHA256":"71f0ded0e9649150be9d292a305497222b595336dd679a76a7d8d83fecf40fa8","digitalCertThumbprint":"40771DEB72F7F99EBC23212A0B483A053DE8208A","digitalCertIssuer":"CN=Sectigo Public Code Signing CA R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=DIVX LLC, O=DIVX LLC, S=California, C=US","sourceIndex":"789","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.search: data collector","reference":"MPC AdCleaner: Cassini Labs -- responsible for software installer ads ","landingPage":"https://www.divx.com/","directDownloadingLink":"https://download.divx.com/stable/divx/DivXInstaller.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://download.divx.com/stable/divx/DivXInstaller.exe","sourceIndex":"789"}],"sampleFiles":["231206/DivXBundle-220531/10.10.1.0/Samples/DivXInstaller.exe","231206/DivXBundle-220531/10.10.1.0/Samples/DivXInstaller_231205.exe"],"imageFiles":["231206/DivXBundle-220531/10.10.1.0/Images/ACR-043/DIVX_QT.jpg","231206/DivXBundle-220531/10.10.1.0/Images/ACR-107/DIVX_QT.jpg","231206/DivXBundle-220531/10.10.1.0/Images/ACR-042/DIVX_AdNetwork-Rise.jpg","231206/DivXBundle-220531/10.10.1.0/Images/ACR-048/DIVX-048Install.jpg","231206/DivXBundle-220531/10.10.1.0/Images/ACR-084/Startups.jpg","231206/DivXBundle-220531/10.10.1.0/Images/ACR-048/Startups.jpg","231206/DivXBundle-220531/10.10.1.0/Images/ACR-118/ACR-118.jpg","231206/DivXBundle-220531/10.10.1.0/Images/ACR-118/ACR-118.jpg","231206/DivXBundle-220531/10.10.1.0/Images/ACR-013/DOptionalOffer.jpg","231206/DivXBundle-220531/10.10.1.0/Images/ACR-013/DOptionalOffer1.jpg","231206/DivXBundle-220531/10.10.1.0/Images/ACR-060/DOptionalOffer.jpg","231206/DivXBundle-220531/10.10.1.0/Images/ACR-060/DOptionalOffer1.jpg"],"nonDeceptorImageFiles":["231206/DivXBundle-220531/10.10.1.0/Images/ACR-040/loc.jpg"],"guid":"5c2ee34e-9bd3-4332-a565-8f9295a5fda5_10.10.1.0_1","appID":"DivXBundle-220531","dateAdded":"231206","deceptorType":"App","name":"DivX Software","company":"DivX, LLC","version":"10.10.1.0","lastKnownStatus":"10.9.1.0;10.10.0.0;10.10.0.1;10.10.1.0","lastKnownDate":"231206","type":"Windows Executable","category":"Media editors, Media players, SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,display ads,in-app purchases,cross-sell other apps","lastUpdate":"2023-12-06T22:45:24.5332583+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":4,"sortOrder":791},{"violations":{"ACR-042":"Unrelated components introduced without clear option for user author the explicit permission.\nhttps://rise-platforms.com/privacy/\n","ACR-043":"Third-party \"The Qt Company Ltd\" components are installed without any disclosure \n","ACR-107":"The app does not obtain any authorization for using third-party \"The Qt Company Ltd\" components\n","ACR-048":"The app does not allow the user to cancel the installation.\nThe app does not provide control to remove the startup item and schedule task created during the installation\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software \n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software\n","ACR-084":"The app creates an undisclosed scheduled task and a startup to perform an action without the user's knowledge and consent\n","ACR-118":"When the user attempts to completely uninstall the app, it retains some of the components and other files without the user's knownledge\n"},"nonDeceptorViolations":{"ACR-040":"The app installs files and components in several locations including hidden folders besides the set default without user's knowledge.\n"},"samples":[{"isRevoked":"False","fileName":"DivXInstaller.exe","isInstaller":"True","companyName":"DivX, LLC","fileVersion":"10.10","hashMD5":"410d12aa689f80d64439c6c6ebb6375b","hashSHA1":"db8f15652833347f026927defdb807e6ebe37583","hashSHA256":"6d6899d4a73dbcd1d1f1ca932cda07437b574e9de2440efd16c504774e75522d","digitalCertThumbprint":"40771DEB72F7F99EBC23212A0B483A053DE8208A","digitalCertIssuer":"CN=Sectigo Public Code Signing CA R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=DIVX LLC, O=DIVX LLC, S=California, C=US","sourceIndex":"902","avBlockList":["ESET Internet Security (20240528)","G DATA INTERNET SECURITY (20240528)","K7 Total Security (20240528)","Malwarebytes Premium (20240528)","Norton Security (20240528)","Panda Dome (20240528)","Sophos Home Premium (20240528)","SpyHunter5 (20240528)","VirIT eXplorer PRO (20240528)"],"avAllowList":["360 Total Security (20240528)","Avast Premium Security (20240528)","AVG Internet Security (20240528)","Avira Internet Security (20240528)","Bitdefender Internet Security (20240528)","COMODO Antivirus (20240528)","Dr.Web Security Space (20240528)","Kaspersky Internet Security (20240528)","McAfee Total Protection (20240528)","Quick Heal Internet Security (20240528)","Total AV Antivirus Pro (20240528)","Trend Micro Internet Security (20240528)","VIPRE Advanced Security (20240528)","Webroot SecureAnywhere (20240528)","Windows Defender (20240528)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.search: data collector","reference":"MPC AdCleaner: Cassini Labs -- responsible for software installer ads ","landingPage":"https://www.divx.com/","directDownloadingLink":"https://download.divx.com/stable/divx/DivXInstaller.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://download.divx.com/stable/divx/DivXInstaller.exe","sourceIndex":"902"}],"sampleFiles":["230911/DivXBundle-220531/10.10.0.1/Samples/DivXInstaller.exe"],"imageFiles":["230911/DivXBundle-220531/10.10.0.1/Images/ACR-043/DIVX_QT.jpg","230911/DivXBundle-220531/10.10.0.1/Images/ACR-107/DIVX_QT.jpg","230911/DivXBundle-220531/10.10.0.1/Images/ACR-042/DIVX_AdNetwork-Rise.jpg","230911/DivXBundle-220531/10.10.0.1/Images/ACR-048/DIVX-048Install.jpg","230911/DivXBundle-220531/10.10.0.1/Images/ACR-084/Startup.jpg","230911/DivXBundle-220531/10.10.0.1/Images/ACR-048/DIVX-Startup.jpg","230911/DivXBundle-220531/10.10.0.1/Images/ACR-118/ACR-118.jpg","230911/DivXBundle-220531/10.10.0.1/Images/ACR-013/OptionalOffer1.jpg","230911/DivXBundle-220531/10.10.0.1/Images/ACR-013/OptionalOffer2.jpg","230911/DivXBundle-220531/10.10.0.1/Images/ACR-060/OptionalOffer1.jpg","230911/DivXBundle-220531/10.10.0.1/Images/ACR-060/OptionalOffer2.jpg"],"nonDeceptorImageFiles":["230911/DivXBundle-220531/10.10.0.1/Images/ACR-040/ACR-040.jpg"],"guid":"5c2ee34e-9bd3-4332-a565-8f9295a5fda5_10.10.0.1_1","appID":"DivXBundle-220531","dateAdded":"231206","deceptorType":"App","name":"DivX Software","company":"DivX, LLC","version":"10.10.0.1","lastKnownStatus":"10.9.1.0;10.10.0.0;10.10.0.1;10.10.1.0","lastKnownDate":"231206","type":"Windows Executable","category":"Media editors, Media players, SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,display ads,in-app purchases,cross-sell other apps","lastUpdate":"2023-12-06T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":4,"sortOrder":792},{"violations":{"ACR-042":"Unrelated components introduced without clear option for user author the explicit permission.\nhttps://rise-platforms.com/privacy/\n","ACR-043":"Third-party \"The Qt Company Ltd\" components are installed without any disclosure \n","ACR-107":"The app does not obtain any authorization for using third-party \"The Qt Company Ltd\" components\n","ACR-048":"The app does not allow the user to cancel the installation\nThe app does not provide control to remove the startup item and schedule task created during the installation\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software \n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software\n","ACR-084":"The app creates an undisclosed scheduled task and a startup to perform an action without the user's knowledge and consent\n","ACR-118":"When the user attempts to completely uninstall the app, it retains some of the components and other files without the user's knownledge\n"},"nonDeceptorViolations":{"ACR-040":"The app installs files and components in several locations including hidden folders besides the set default without user's knowledge.\n"},"samples":[{"isRevoked":"False","fileName":"DivXInstaller.exe","isInstaller":"True","companyName":"DivX LLC","productName":"DivX Setup","productVersion":"10.9.1.0","fileVersion":"10.9.1.0","hashMD5":"056e2ba4f0a1f496980c229b133636a4","hashSHA1":"85fd34b6f3009b5b1e70b19370f1d9e9224586d1","hashSHA256":"19f7783550a64034139bf35b125cd09ca9c0ef88b76c4a7ec2ca030fd5c3ae78","digitalCertThumbprint":"40771DEB72F7F99EBC23212A0B483A053DE8208A","digitalCertIssuer":"Sectigo Public Code Signing CA R36","digitalCertIssuedTo":"DIVX LLC","storeId":"","sourceIndex":"1154","avBlockList":["Avast Premium Security (20230914)","AVG Internet Security (20230914)","Avira Internet Security (20230914)","ESET Internet Security (20230914)","G DATA INTERNET SECURITY (20230914)","K7 Total Security (20230914)","Kaspersky Internet Security (20230914)","Malwarebytes Premium (20230914)","Norton Security (20230914)","Panda Dome (20230914)","Quick Heal Internet Security (20230914)","Sophos Home Premium (20230914)","SpyHunter5 (20230914)","Total AV Antivirus Pro (20230914)","VirIT eXplorer PRO (20230914)","Webroot SecureAnywhere (20230914)"],"avAllowList":["360 Total Security (20230914)","Bitdefender Internet Security (20230914)","COMODO Antivirus (20230914)","Dr.Web Security Space (20230914)","McAfee Total Protection (20230914)","Trend Micro Internet Security (20230914)","VIPRE Advanced Security (20230914)","Windows Defender (20230914)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.search: data collector","reference":"MPC AdCleaner: Cassini Labs -- responsible for software installer ads ","landingPage":"https://www.divx.com/","directDownloadingLink":"https://download.divx.com/stable/divx/DivXInstaller.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://download.divx.com/stable/divx/DivXInstaller.exe","sourceIndex":"1154"}],"sampleFiles":["230419/DivXBundle-220531/10.9.1.0/Samples/DivXInstaller.exe"],"imageFiles":["230419/DivXBundle-220531/10.9.1.0/Images/ACR-043/ACR-043.JPG","230419/DivXBundle-220531/10.9.1.0/Images/ACR-107/ACR-107.JPG","230419/DivXBundle-220531/10.9.1.0/Images/ACR-042/AdNetwork_Rise_042.JPG","230419/DivXBundle-220531/10.9.1.0/Images/ACR-048/ACR-048.JPG","230419/DivXBundle-220531/10.9.1.0/Images/ACR-084/ACR-084.JPG","230419/DivXBundle-220531/10.9.1.0/Images/ACR-048/ACR-048_Software.JPG","230419/DivXBundle-220531/10.9.1.0/Images/ACR-118/ACR-118.JPG","230419/DivXBundle-220531/10.9.1.0/Images/ACR-013/ACR-013.JPG","230419/DivXBundle-220531/10.9.1.0/Images/ACR-060/ACR-060.JPG"],"nonDeceptorImageFiles":["230419/DivXBundle-220531/10.9.1.0/Images/ACR-040/ACR-040.JPG"],"guid":"5c2ee34e-9bd3-4332-a565-8f9295a5fda5_10.9.1.0_1","appID":"DivXBundle-220531","dateAdded":"231206","deceptorType":"App","name":"DivX Software","company":"DivX, LLC","version":"10.9.1.0","lastKnownStatus":"10.9.1.0;10.10.0.0;10.10.0.1;10.10.1.0","lastKnownDate":"231206","type":"Windows Executable","category":"Media editors, Media players, SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,display ads,in-app purchases,cross-sell other apps","lastUpdate":"2023-12-06T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":4,"sortOrder":794},{"violations":{"ACR-042":"Unrelated components introduced without clear option for user author the explicit permission.\nhttps://rise-platforms.com/privacy/\n","ACR-043":"Third-party \"The Qt Company Ltd\" components are installed without any disclosure \n","ACR-107":"The app does not obtain any authorization for using third-party \"The Qt Company Ltd\" components\n","ACR-048":"The app does not allow the user to cancel the installation.\nThe app does not provide control to remove the startup item and schedule task created during the installation\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software \n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software\n","ACR-084":"The app creates an undisclosed scheduled task and a startup to perform an action without the user's knowledge and consent\n","ACR-118":"When the user attempts to completely uninstall the app, it retains some of the components and other files without the user's knownledge\n"},"nonDeceptorViolations":{"ACR-040":"The app installs files and components in several locations including hidden folders besides the set default without user's knowledge.\n"},"samples":[{"isRevoked":"False","fileName":"DivXInstaller.exe","isInstaller":"True","companyName":"DivX, LLC","fileVersion":"10.10","hashMD5":"844fefdcb94558d7dc7e430bf0d216fd","hashSHA1":"dea91be11111fe9349af20a388cd2b46632e6295","hashSHA256":"943e695ce768303d93843b115a10fc25c0c6023b8d65a266a730024c666c82a5","digitalCertThumbprint":"40771DEB72F7F99EBC23212A0B483A053DE8208A","digitalCertIssuer":"CN=Sectigo Public Code Signing CA R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=DIVX LLC, O=DIVX LLC, S=California, C=US","sourceIndex":"967","avBlockList":["Avira Internet Security (20230801)","ESET Internet Security (20230801)","G DATA INTERNET SECURITY (20230801)","Malwarebytes Premium (20230801)","Norton Security (20230801)","Sophos Home Premium (20230801)","SpyHunter5 (20230801)","Total AV Antivirus Pro (20230801)","VirIT eXplorer PRO (20230801)","Webroot SecureAnywhere (20230801)","Windows Defender (20230801)"],"avAllowList":["360 Total Security (20230801)","Avast Premium Security (20230801)","AVG Internet Security (20230801)","Bitdefender Internet Security (20230801)","COMODO Antivirus (20230801)","Dr.Web Security Space (20230801)","K7 Total Security (20230801)","Kaspersky Internet Security (20230801)","McAfee Total Protection (20230801)","Panda Dome (20230801)","Quick Heal Internet Security (20230801)","Trend Micro Internet Security (20230801)","VIPRE Advanced Security (20230801)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.search: data collector","reference":"MPC AdCleaner: Cassini Labs -- responsible for software installer ads ","landingPage":"https://www.divx.com/","directDownloadingLink":"https://download.divx.com/stable/divx/DivXInstaller.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://download.divx.com/stable/divx/DivXInstaller.exe","sourceIndex":"967"}],"sampleFiles":["230724/DivXBundle-220531/10.10.0.0/Samples/DivXInstaller.exe"],"imageFiles":["230724/DivXBundle-220531/10.10.0.0/Images/ACR-043/DIVX_QT.jpg","230724/DivXBundle-220531/10.10.0.0/Images/ACR-107/DIVX_QT.jpg","230724/DivXBundle-220531/10.10.0.0/Images/ACR-042/DIVX_AdNetwork-Rise.jpg","230724/DivXBundle-220531/10.10.0.0/Images/ACR-048/DIVX-048Install.jpg","230724/DivXBundle-220531/10.10.0.0/Images/ACR-084/DIVX-Startup.jpg","230724/DivXBundle-220531/10.10.0.0/Images/ACR-048/DIVX-Startup.jpg","230724/DivXBundle-220531/10.10.0.0/Images/ACR-118/DIVX-ACR-118.jpg","230724/DivXBundle-220531/10.10.0.0/Images/ACR-013/DIVX_OptionalOffer1.jpg","230724/DivXBundle-220531/10.10.0.0/Images/ACR-013/DIVX_OptionalOffer2.jpg","230724/DivXBundle-220531/10.10.0.0/Images/ACR-060/DIVX_OptionalOffer1.jpg","230724/DivXBundle-220531/10.10.0.0/Images/ACR-060/DIVX_OptionalOffer2.jpg"],"nonDeceptorImageFiles":["230724/DivXBundle-220531/10.10.0.0/Images/ACR-040/DIVX-040.jpg"],"guid":"5c2ee34e-9bd3-4332-a565-8f9295a5fda5_10.10.0.0_1","appID":"DivXBundle-220531","dateAdded":"231206","deceptorType":"App","name":"DivX Software","company":"DivX, LLC","version":"10.10.0.0","lastKnownStatus":"10.9.1.0;10.10.0.0;10.10.0.1;10.10.1.0","lastKnownDate":"231206","type":"Windows Executable","category":"Media editors, Media players, SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,display ads,in-app purchases,cross-sell other apps","lastUpdate":"2023-12-06T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":4,"sortOrder":793},{"violations":{"ACR-053":"App doesn’t allow the consumer to skip all offers at once.\n","ACR-055":"The Accept/Decline options are not made obvious to the consumer in the offers.\n","ACR-059":"Offers that are not related to the main app should be marked as \"Optional Offer\" instead of \"Recommended additional software to install\". \n","ACR-155":"Offers are designed to look like part of the install workflow.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"potplayer.g5255.exe","isInstaller":"True","productName":"PotPlayer","fileVersion":"0.0","hashMD5":"c5a278c5f88fef44d1fbedcee5aa1f47","hashSHA1":"32fb12b874977dbd0e9ba808cda59cd511ddad57","hashSHA256":"4085bc8eab59c1d14079cac6ff8ff9d31d48ffa976bed48096893ff5511e3f05","digitalCertThumbprint":"81075F6010EAEEC587BEC43A903979D19D7D1B12","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"LID LABS, OOO\", O=\"LID LABS, OOO\", STREET=d 27 litera B pom 22 proezd Tsentralny, L=Ivanteevka, PostalCode=141282, C=RU","sourceIndex":"792","avBlockList":["Avast Premium Security (20231205)","AVG Internet Security (20231205)","Avira Internet Security (20231205)","Bitdefender Internet Security (20231205)","COMODO Antivirus (20231205)","Dr.Web Security Space (20231205)","ESET Internet Security (20231205)","G DATA INTERNET SECURITY (20231205)","K7 Total Security (20231205)","Kaspersky Internet Security (20231205)","Malwarebytes Premium (20231205)","McAfee Total Protection (20231205)","Norton Security (20231205)","Panda Dome (20231205)","Sophos Home Premium (20231205)","SpyHunter5 (20231205)","Total AV Antivirus Pro (20231205)","VIPRE Advanced Security (20231205)","VirIT eXplorer PRO (20231205)","Webroot SecureAnywhere (20231205)"],"avAllowList":["360 Total Security (20231205)","Quick Heal Internet Security (20231205)","Trend Micro Internet Security (20231205)","Windows Defender (20231205)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.search: Media players ","reference":"","landingPage":"https://appforwin.ru/en/catalog/multimedia/video/potplayer","directDownloadingLink":"https://files.appforwin.ru/wredirect/?u=7b2275746d5f736f75726365223a22646972656374222c2275746d5f6d656469756d223a22637063222c2275746d5f63616d706169676e223a22706f74706c61796572227d&file=potplayer","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://files.appforwin.ru/wredirect/?u=7b2275746d5f736f75726365223a22646972656374222c2275746d5f6d656469756d223a22637063222c2275746d5f63616d706169676e223a22706f74706c61796572227d&file=potplayer","sourceIndex":"792"}],"sampleFiles":["231128/PotPlayer-221108/1.7.21834/Samples/potplayer.g5255.exe"],"imageFiles":["231128/PotPlayer-221108/1.7.21834/Images/ACR-053/ACR-155_053_Offers.gif","231128/PotPlayer-221108/1.7.21834/Images/ACR-055/Unrelated_App_Offer_1.jpg","231128/PotPlayer-221108/1.7.21834/Images/ACR-055/Unrelated_App_Offer_2.jpg","231128/PotPlayer-221108/1.7.21834/Images/ACR-055/Unrelated_App_Offer_3.jpg","231128/PotPlayer-221108/1.7.21834/Images/ACR-059/Unrelated_App_Offer_1.jpg","231128/PotPlayer-221108/1.7.21834/Images/ACR-059/Unrelated_App_Offer_2.jpg","231128/PotPlayer-221108/1.7.21834/Images/ACR-059/Unrelated_App_Offer_3.jpg","231128/PotPlayer-221108/1.7.21834/Images/ACR-155/ACR-155_Offers.gif"],"nonDeceptorImageFiles":[],"guid":"19540528-98b8-46ed-807f-9062e0329ede_1.7.21834_1","appID":"PotPlayer-221108","dateAdded":"231128","deceptorType":"App","name":"PotPlayer","company":"Kakao Corp.","version":"1.7.21834","lastKnownStatus":"1.7.21834","lastKnownDate":"231128","type":"Windows Executable","category":"Media players","targetOS":"Windows XP,Windows Vista,Windows 8,Windows 7,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"cross-sell other apps,display ads","lastUpdate":"2023-11-28T17:54:20.7135973+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":795},{"violations":{"ACR-109":"The app downloads \"spt_setup.exe\", a RelevantKnowledge file before disclosure and without the consumer's consent\n","ACR-048":"The app does not provide any option to remove the startup item\n","ACR-010":"The app distributes deceptor application. The offer in this app, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software\n","ACR-084":"The app creates a startup entry without the user's knowledge and consent\n","ACR-118":"Upon uninstallation, it retains some of its components on the device without the user's knowledge and consent\n","ACR-057":"The app bundles the \"Relevant Knowledge\" offer which does not allow the consumer to decline the offer\n","ACR-071":"It attempts to force the acceptance of \"Relevant Knowledge\" by graying out the Next button when the user choose to Decline. Thus, forcing the user to only accept the offer and proceed with the installation\n","ACR-014":"After installing the app, the update prompt misleads the user with a \"Important!\" message to use a \"new version to avoid malfunctions,\" despite the fact that this update does nothing other than attempt to update.\n","ACR-059":"Offer not clearly marked as an offer. Instead, it is presented as a component of the carrier.\n","ACR-155":"Offers are designed to look like part of the install workflow\n"},"nonDeceptorViolations":{"ACR-106":"App offers deceptive application 'Relevant Knowledge market survey\n","ACR-092":"The app does not have a valid digital signature for the installer and other executables\n","ACR-123":"The app does not remove dropped root certificate and startup item even after uninstalling\n"},"samples":[{"isRevoked":"False","fileName":"AdvancedJPGtoPDFFree.exe","isInstaller":"True","companyName":"PDFCore Co. Ltd.                                           ","productName":"Advanced JPG to PDF Free                                    ","productVersion":"                                                  ","fileVersion":"                    ","hashMD5":"0e2d06f7ae2e9179944a84b25d7385b6","hashSHA1":"d9f8127fbaa3c877cc0ae4e7d334142c0cd7ab92","hashSHA256":"2c9cb335b7a343ab583c318bc0a1a1073cfcbf07b2865c9ae8364376343c758a","digitalCertThumbprint":"347240ECC751AB91D4BA3282DC67ACC9A36D1128","digitalCertIssuer":"COMODO RSA Extended Validation Code Signing CA","digitalCertIssuedTo":"Beijing Qingruan Creative Information Technology Co. Ltd.","storeId":"","sourceIndex":"795","avBlockList":["360 Total Security (20231207)","Avast Premium Security (20231207)","AVG Internet Security (20231207)","Avira Internet Security (20231207)","Bitdefender Internet Security (20231207)","COMODO Antivirus (20231207)","Dr.Web Security Space (20231207)","ESET Internet Security (20231207)","G DATA INTERNET SECURITY (20231207)","K7 Total Security (20231207)","Kaspersky Internet Security (20231207)","Malwarebytes Premium (20231207)","McAfee Total Protection (20231207)","Norton Security (20231207)","Panda Dome (20231207)","Quick Heal Internet Security (20231207)","Sophos Home Premium (20231207)","SpyHunter5 (20231207)","Total AV Antivirus Pro (20231207)","Trend Micro Internet Security (20231207)","VIPRE Advanced Security (20231207)","VirIT eXplorer PRO (20231207)","Webroot SecureAnywhere (20231207)","Windows Defender (20231207)"],"avAllowList":[]},{"isRevoked":"False","fileName":"AdvancedOCRFree.exe","isInstaller":"True","companyName":"PDFCore Co. Ltd.                                           ","productName":"Advanced OCR Free                                           ","productVersion":"                                                  ","fileVersion":"                    ","hashMD5":"cb7677f3b459663e43708da33e163a9b","hashSHA1":"c06dba169c4cfc6e5405c93ef616fc5d84ecc86a","hashSHA256":"37a95db2f3189fe58312b90a0a0d722a258217310890ca4d5f32ff2a891cece7","digitalCertThumbprint":"347240ECC751AB91D4BA3282DC67ACC9A36D1128","digitalCertIssuer":"COMODO RSA Extended Validation Code Signing CA","digitalCertIssuedTo":"Beijing Qingruan Creative Information Technology Co. Ltd.","storeId":"","sourceIndex":"795","avBlockList":["360 Total Security (20231207)","Avast Premium Security (20231207)","AVG Internet Security (20231207)","Avira Internet Security (20231207)","Bitdefender Internet Security (20231207)","COMODO Antivirus (20231207)","Dr.Web Security Space (20231207)","ESET Internet Security (20231207)","G DATA INTERNET SECURITY (20231207)","K7 Total Security (20231207)","Kaspersky Internet Security (20231207)","Malwarebytes Premium (20231207)","McAfee Total Protection (20231207)","Norton Security (20231207)","Panda Dome (20231207)","Quick Heal Internet Security (20231207)","Sophos Home Premium (20231207)","SpyHunter5 (20231207)","Total AV Antivirus Pro (20231207)","VIPRE Advanced Security (20231207)","VirIT eXplorer PRO (20231207)","Webroot SecureAnywhere (20231207)","Windows Defender (20231207)"],"avAllowList":["Trend Micro Internet Security (20231207)"]},{"isRevoked":"False","fileName":"AdvancedPDFUtilitiesFree.exe","isInstaller":"True","companyName":"PDFCore Co. Ltd.                                           ","productName":"Advanced PDF Utilities Free                                 ","productVersion":"                                                  ","fileVersion":"                    ","hashMD5":"998098896a0cdeebd87fc5d5cc634993","hashSHA1":"9dc83f09d42ddc8a2182d225f5d5e1e70f28a945","hashSHA256":"b5a3da499a0e9b56bc7e8dc9e47ed719b8ae58daae603d3395db5ec8725e5e45","digitalCertThumbprint":"347240ECC751AB91D4BA3282DC67ACC9A36D1128","digitalCertIssuer":"COMODO RSA Extended Validation Code Signing CA","digitalCertIssuedTo":"Beijing Qingruan Creative Information Technology Co. Ltd.","storeId":"","sourceIndex":"795","avBlockList":["360 Total Security (20231207)","Avast Premium Security (20231207)","AVG Internet Security (20231207)","Avira Internet Security (20231207)","Bitdefender Internet Security (20231207)","COMODO Antivirus (20231207)","Dr.Web Security Space (20231207)","ESET Internet Security (20231207)","G DATA INTERNET SECURITY (20231207)","K7 Total Security (20231207)","Kaspersky Internet Security (20231207)","Malwarebytes Premium (20231207)","McAfee Total Protection (20231207)","Norton Security (20231207)","Panda Dome (20231207)","Quick Heal Internet Security (20231207)","Sophos Home Premium (20231207)","SpyHunter5 (20231207)","Total AV Antivirus Pro (20231207)","Trend Micro Internet Security (20231207)","VIPRE Advanced Security (20231207)","VirIT eXplorer PRO (20231207)","Webroot SecureAnywhere (20231207)","Windows Defender (20231207)"],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunted on RK Installer","reference":"","landingPage":"https://www.pdfcore.com/index.php","directDownloadingLink":"http://www.pdfcore.com/AdvancedPDFUtilitiesFree.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://www.pdfcore.com/AdvancedPDFUtilitiesFree.exe","sourceIndex":"795"}],"sampleFiles":["231127/PDFCoreBundler-231124/8.8.2.4/Samples/AdvancedJPGtoPDFFree.exe","231127/PDFCoreBundler-231124/8.8.2.4/Samples/AdvancedOCRFree.exe","231127/PDFCoreBundler-231124/8.8.2.4/Samples/AdvancedPDFUtilitiesFree.exe"],"imageFiles":["231127/PDFCoreBundler-231124/8.8.2.4/Images/ACR-109/ACR-109_Install_1.png","231127/PDFCoreBundler-231124/8.8.2.4/Images/ACR-010/ACR-010_Install_1.png","231127/PDFCoreBundler-231124/8.8.2.4/Images/ACR-013/ACR-013_Install_1.png","231127/PDFCoreBundler-231124/8.8.2.4/Images/ACR-084/ACR-084_Software_1.png","231127/PDFCoreBundler-231124/8.8.2.4/Images/ACR-048/ACR-048_Software_1.png","231127/PDFCoreBundler-231124/8.8.2.4/Images/ACR-014/ACR-014_Software_1.png","231127/PDFCoreBundler-231124/8.8.2.4/Images/ACR-118/ACR-118_Uninstall_1.png","231127/PDFCoreBundler-231124/8.8.2.4/Images/ACR-118/ACR-118_Uninstall_2.png","231127/PDFCoreBundler-231124/8.8.2.4/Images/ACR-057/ACR-057_Bundler-made offers_1.png","231127/PDFCoreBundler-231124/8.8.2.4/Images/ACR-059/ACR-059_Bundler-made offers_1.png","231127/PDFCoreBundler-231124/8.8.2.4/Images/ACR-060/ACR-060_Bundler-made offers_1.png","231127/PDFCoreBundler-231124/8.8.2.4/Images/ACR-071/ACR-071_Bundler-made offers_1.png","231127/PDFCoreBundler-231124/8.8.2.4/Images/ACR-155/ACR-155_Bundler-made offers_1.png"],"nonDeceptorImageFiles":["231127/PDFCoreBundler-231124/8.8.2.4/Images/ACR-106/ACR-106_Software_1.png","231127/PDFCoreBundler-231124/8.8.2.4/Images/ACR-092/ACR-092_Software_1.png","231127/PDFCoreBundler-231124/8.8.2.4/Images/ACR-092/ACR-092_Software_2.png","231127/PDFCoreBundler-231124/8.8.2.4/Images/ACR-123/ACR-123_Uninstall_1.png","231127/PDFCoreBundler-231124/8.8.2.4/Images/ACR-123/ACR-123_Uninstall_2.png"],"guid":"8ca1b3e8-c697-4b1b-98ef-0f7e2f925051_8.8.2.4_1","appID":"PDFCoreBundler-231124","dateAdded":"231127","deceptorType":"Bundler","name":"Advanced PDFUtilities Free","company":"PDFCore Co., Ltd","version":"8.8.2.4","lastKnownStatus":"8.8.2.4","lastKnownDate":"231127","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"sold in bundle","lastUpdate":"2023-11-28T02:10:01.7706125+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":796},{"violations":{"ACR-109":"The app downloads \"rk.exe\", a RelevantKnowledge file before disclosure and without the consumer's consent\n","ACR-010":"The app distributes deceptor application. The offer in this app, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software\n","ACR-103":"The \"Buy now\" option on the landing page (https://store.payproglobal.com/checkout?products[1][id]=54890) returns an error page\n","ACR-118":"Upon uninstallation, it retains some of its components on the device without the user's knowledge and consent\n","ACR-057":"The app bundles the \"Relevant Knowledge\" offer which does not allow the consumer to decline the offer\n","ACR-071":"It attempts to force the acceptance of \"Relevant Knowledge\" by graying out the Next button when the user choose to Decline. Thus, forcing the user to only accept the offer and proceed with the installation\n","ACR-059":"Offer not clearly marked as an offer. Instead, it is presented as a component of the carrier\n","ACR-155":"Offers are designed to look like part of the install workflow\n"},"nonDeceptorViolations":{"ACR-106":"App offers deceptive application 'Relevant Knowledge market survey\n","ACR-092":"The installer and main executables are not digitally signed\n","ACR-123":"The app does not remove dropped root certificates even after uninstalling\n"},"samples":[{"isRevoked":"False","fileName":"best-pdf-converter.exe","isInstaller":"True","companyName":"Best PDF Tools                                              ","fileVersion":"0.0","hashMD5":"b5b7bc2528c04f0e280f60b610609710","hashSHA1":"06fc59b3b582730e09e0874e5edc51c8dc376789","hashSHA256":"19e5f6b3d79c37c12c5f1a75b805eb2742d973d802f21916dd54a299f8665f2b","sourceIndex":"796","avBlockList":["360 Total Security (20231205)","Avast Premium Security (20231205)","AVG Internet Security (20231205)","Avira Internet Security (20231205)","Bitdefender Internet Security (20231205)","COMODO Antivirus (20231205)","Dr.Web Security Space (20231205)","ESET Internet Security (20231205)","G DATA INTERNET SECURITY (20231205)","K7 Total Security (20231205)","Kaspersky Internet Security (20231205)","Malwarebytes Premium (20231205)","McAfee Total Protection (20231205)","Norton Security (20231205)","Panda Dome (20231205)","Quick Heal Internet Security (20231205)","Sophos Home Premium (20231205)","SpyHunter5 (20231205)","Total AV Antivirus Pro (20231205)","VirIT eXplorer PRO (20231205)","Webroot SecureAnywhere (20231205)","Windows Defender (20231205)"],"avAllowList":["Trend Micro Internet Security (20231205)","VIPRE Advanced Security (20231205)"]},{"isRevoked":"False","fileName":"best-pdf-tools.exe","isInstaller":"True","companyName":"Best PDF Tools                                              ","fileVersion":"0.0","hashMD5":"7752e4619081cf0d1132a04f42547998","hashSHA1":"87384d1e0e5acf3a8e133e8297e03d3a9a3850e3","hashSHA256":"5c6014336372e4d6c57dc3c84eb31bafc89130e9516baff3a2d4e7eca083572e","sourceIndex":"796","avBlockList":["360 Total Security (20231205)","Avast Premium Security (20231205)","AVG Internet Security (20231205)","Avira Internet Security (20231205)","Bitdefender Internet Security (20231205)","COMODO Antivirus (20231205)","Dr.Web Security Space (20231205)","ESET Internet Security (20231205)","G DATA INTERNET SECURITY (20231205)","K7 Total Security (20231205)","Kaspersky Internet Security (20231205)","Malwarebytes Premium (20231205)","McAfee Total Protection (20231205)","Norton Security (20231205)","Panda Dome (20231205)","Quick Heal Internet Security (20231205)","Sophos Home Premium (20231205)","SpyHunter5 (20231205)","Total AV Antivirus Pro (20231205)","VirIT eXplorer PRO (20231205)","Webroot SecureAnywhere (20231205)","Windows Defender (20231205)"],"avAllowList":["Trend Micro Internet Security (20231205)","VIPRE Advanced Security (20231205)"]},{"isRevoked":"False","fileName":"best-pdf-to-word-converter.exe","isInstaller":"True","companyName":"Best PDF Tools                                              ","fileVersion":"0.0","hashMD5":"970975e954bd9ef6df389d50adf66e34","hashSHA1":"25c6d4da81da06932500b86793fc9c586b35eb3d","hashSHA256":"852a4bfde854043f487e94fe1149ca6ca135a11c7395f38ef2e3e7d457928c00","sourceIndex":"796","avBlockList":["360 Total Security (20231207)","Avast Premium Security (20231207)","AVG Internet Security (20231207)","Avira Internet Security (20231207)","Bitdefender Internet Security (20231207)","COMODO Antivirus (20231207)","Dr.Web Security Space (20231207)","ESET Internet Security (20231207)","G DATA INTERNET SECURITY (20231207)","K7 Total Security (20231207)","Kaspersky Internet Security (20231207)","Malwarebytes Premium (20231207)","McAfee Total Protection (20231207)","Norton Security (20231207)","Panda Dome (20231207)","Sophos Home Premium (20231207)","SpyHunter5 (20231207)","Total AV Antivirus Pro (20231207)","VirIT eXplorer PRO (20231207)","Webroot SecureAnywhere (20231207)","Windows Defender (20231207)"],"avAllowList":["Quick Heal Internet Security (20231207)","Trend Micro Internet Security (20231207)","VIPRE Advanced Security (20231207)"]},{"isRevoked":"False","fileName":"best-word-to-pdf-converter.exe","isInstaller":"True","companyName":"Best PDF Tools                                              ","fileVersion":"0.0","hashMD5":"fc023065fdc65f25ffa515f07bdfc921","hashSHA1":"d96ea3fc2a075cac1ba4dded1f8b2d9f9e3d9d4d","hashSHA256":"347621ece72dd30a3a34a1c6cefd3868d33c6feb57e58de93ef2123167c1ba67","sourceIndex":"796","avBlockList":["360 Total Security (20231207)","Avast Premium Security (20231207)","AVG Internet Security (20231207)","Avira Internet Security (20231207)","Bitdefender Internet Security (20231207)","COMODO Antivirus (20231207)","Dr.Web Security Space (20231207)","ESET Internet Security (20231207)","G DATA INTERNET SECURITY (20231207)","K7 Total Security (20231207)","Kaspersky Internet Security (20231207)","Malwarebytes Premium (20231207)","McAfee Total Protection (20231207)","Norton Security (20231207)","Panda Dome (20231207)","Quick Heal Internet Security (20231207)","Sophos Home Premium (20231207)","SpyHunter5 (20231207)","Total AV Antivirus Pro (20231207)","VirIT eXplorer PRO (20231207)","Webroot SecureAnywhere (20231207)","Windows Defender (20231207)"],"avAllowList":["Trend Micro Internet Security (20231207)","VIPRE Advanced Security (20231207)"]},{"isRevoked":"False","fileName":"combine-pdf.exe","isInstaller":"True","companyName":"Best PDF Tools                                              ","fileVersion":"0.0","hashMD5":"bc72ee29a2e1bf9883f634b789fb3036","hashSHA1":"6fdcd38671d03f38443183718fa99c9ec7bcb113","hashSHA256":"cbdea19e1d81b934ec8b1a3ef90557f4bac0ef1f41cc18e4a68171b85d9bb458","sourceIndex":"796","avBlockList":["360 Total Security (20231207)","Avast Premium Security (20231207)","AVG Internet Security (20231207)","Avira Internet Security (20231207)","COMODO Antivirus (20231207)","Dr.Web Security Space (20231207)","ESET Internet Security (20231207)","G DATA INTERNET SECURITY (20231207)","K7 Total Security (20231207)","Kaspersky Internet Security (20231207)","Malwarebytes Premium (20231207)","McAfee Total Protection (20231207)","Norton Security (20231207)","Panda Dome (20231207)","Sophos Home Premium (20231207)","SpyHunter5 (20231207)","Total AV Antivirus Pro (20231207)","VirIT eXplorer PRO (20231207)","Webroot SecureAnywhere (20231207)","Windows Defender (20231207)"],"avAllowList":["Bitdefender Internet Security (20231207)","Quick Heal Internet Security (20231207)","Trend Micro Internet Security (20231207)","VIPRE Advanced Security (20231207)"]},{"isRevoked":"False","fileName":"document-to-pdf-converter.exe","isInstaller":"True","companyName":"Best PDF Tools                                              ","fileVersion":"0.0","hashMD5":"189f0c0a8fa84d780196c85b494dd513","hashSHA1":"3764729f63cb93aab0c8201ac9fceb03e71c99c2","hashSHA256":"2d03c58bfdc0c77d92ae372c976dbcf6b639f1be11abc22c3a1a8040f2566bc9","sourceIndex":"796","avBlockList":["360 Total Security (20231207)","Avast Premium Security (20231207)","AVG Internet Security (20231207)","Avira Internet Security (20231207)","Bitdefender Internet Security (20231207)","COMODO Antivirus (20231207)","Dr.Web Security Space (20231207)","ESET Internet Security (20231207)","G DATA INTERNET SECURITY (20231207)","K7 Total Security (20231207)","Kaspersky Internet Security (20231207)","McAfee Total Protection (20231207)","Norton Security (20231207)","Panda Dome (20231207)","Sophos Home Premium (20231207)","SpyHunter5 (20231207)","Total AV Antivirus Pro (20231207)","VIPRE Advanced Security (20231207)","VirIT eXplorer PRO (20231207)","Webroot SecureAnywhere (20231207)","Windows Defender (20231207)"],"avAllowList":["Malwarebytes Premium (20231207)","Quick Heal Internet Security (20231207)","Trend Micro Internet Security (20231207)"]},{"isRevoked":"False","fileName":"pdf-to-pdf.exe","isInstaller":"True","companyName":"Best PDF Tools                                              ","fileVersion":"0.0","hashMD5":"da13125071c26266145212a901db69eb","hashSHA1":"9b6b269f4320cb2d92423e17ebbd824ed70f686b","hashSHA256":"433ba95fdd78ca4dceab642e6cb1289fa7b64facebc898a1b0128ea1a871ede0","sourceIndex":"796","avBlockList":["360 Total Security (20231207)","Avast Premium Security (20231207)","AVG Internet Security (20231207)","Avira Internet Security (20231207)","Bitdefender Internet Security (20231207)","COMODO Antivirus (20231207)","Dr.Web Security Space (20231207)","ESET Internet Security (20231207)","G DATA INTERNET SECURITY (20231207)","K7 Total Security (20231207)","Kaspersky Internet Security (20231207)","Malwarebytes Premium (20231207)","McAfee Total Protection (20231207)","Norton Security (20231207)","Panda Dome (20231207)","Quick Heal Internet Security (20231207)","Sophos Home Premium (20231207)","SpyHunter5 (20231207)","Total AV Antivirus Pro (20231207)","VirIT eXplorer PRO (20231207)","Webroot SecureAnywhere (20231207)","Windows Defender (20231207)"],"avAllowList":["Trend Micro Internet Security (20231207)","VIPRE Advanced Security (20231207)"]},{"isRevoked":"False","fileName":"photo-to-pdf-converter.exe","isInstaller":"True","companyName":"Best PDF Tools                                              ","fileVersion":"0.0","hashMD5":"430cd611a985ecc988cbea1df178f6f6","hashSHA1":"8a48e805ff36da884f58d3c4435ea46c9011a367","hashSHA256":"caed822b79b53336e6ca9bb0234f1104cc3fad90463cec216dd5c7a58eb8399d","sourceIndex":"796","avBlockList":["360 Total Security (20231207)","Avast Premium Security (20231207)","AVG Internet Security (20231207)","Avira Internet Security (20231207)","Bitdefender Internet Security (20231207)","COMODO Antivirus (20231207)","Dr.Web Security Space (20231207)","ESET Internet Security (20231207)","G DATA INTERNET SECURITY (20231207)","K7 Total Security (20231207)","Kaspersky Internet Security (20231207)","Malwarebytes Premium (20231207)","McAfee Total Protection (20231207)","Norton Security (20231207)","Panda Dome (20231207)","Sophos Home Premium (20231207)","SpyHunter5 (20231207)","Total AV Antivirus Pro (20231207)","VirIT eXplorer PRO (20231207)","Webroot SecureAnywhere (20231207)","Windows Defender (20231207)"],"avAllowList":["Quick Heal Internet Security (20231207)","Trend Micro Internet Security (20231207)","VIPRE Advanced Security (20231207)"]},{"isRevoked":"False","fileName":"xls-excel-to-pdf-converter.exe","isInstaller":"True","companyName":"Best PDF Tools                                              ","fileVersion":"0.0","hashMD5":"15140447c2637a7fd15934be5c4db806","hashSHA1":"bc390a6a7cce5c93d22f4adacd1ed6b99e9c28df","hashSHA256":"6b1affae1a74f810b3dd692df8c0a7acac4802e05a22b44287e64f4811ba2861","sourceIndex":"796","avBlockList":["360 Total Security (20231207)","Avast Premium Security (20231207)","AVG Internet Security (20231207)","Avira Internet Security (20231207)","Bitdefender Internet Security (20231207)","COMODO Antivirus (20231207)","Dr.Web Security Space (20231207)","ESET Internet Security (20231207)","G DATA INTERNET SECURITY (20231207)","K7 Total Security (20231207)","Kaspersky Internet Security (20231207)","Malwarebytes Premium (20231207)","McAfee Total Protection (20231207)","Norton Security (20231207)","Panda Dome (20231207)","Quick Heal Internet Security (20231207)","Sophos Home Premium (20231207)","SpyHunter5 (20231207)","Total AV Antivirus Pro (20231207)","VIPRE Advanced Security (20231207)","VirIT eXplorer PRO (20231207)","Webroot SecureAnywhere (20231207)","Windows Defender (20231207)"],"avAllowList":["Trend Micro Internet Security (20231207)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunted on RK Installer","reference":"","landingPage":"http://www.best-pdf-tools.com/products.html","directDownloadingLink":"http://www.best-pdf-tools.com/download/best-pdf-converter.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://www.best-pdf-tools.com/download/best-pdf-converter.exe","sourceIndex":"796"}],"sampleFiles":["231127/BestPDFTools-231124/4.x/Samples/best-pdf-converter.exe","231127/BestPDFTools-231124/4.x/Samples/best-pdf-tools.exe","231127/BestPDFTools-231124/4.x/Samples/best-pdf-to-word-converter.exe","231127/BestPDFTools-231124/4.x/Samples/best-word-to-pdf-converter.exe","231127/BestPDFTools-231124/4.x/Samples/combine-pdf.exe","231127/BestPDFTools-231124/4.x/Samples/document-to-pdf-converter.exe","231127/BestPDFTools-231124/4.x/Samples/pdf-to-pdf.exe","231127/BestPDFTools-231124/4.x/Samples/photo-to-pdf-converter.exe","231127/BestPDFTools-231124/4.x/Samples/xls-excel-to-pdf-converter.exe"],"imageFiles":["231127/BestPDFTools-231124/4.x/Images/ACR-109/ACR-109_Install_1.png","231127/BestPDFTools-231124/4.x/Images/ACR-010/ACR-010_Install_1.png","231127/BestPDFTools-231124/4.x/Images/ACR-013/ACR-013_Install_1.png","231127/BestPDFTools-231124/4.x/Images/ACR-103/ACR-103_Software_1.png","231127/BestPDFTools-231124/4.x/Images/ACR-103/ACR-103_Software_2.png","231127/BestPDFTools-231124/4.x/Images/ACR-118/ACR-118_Uninstall_1.png","231127/BestPDFTools-231124/4.x/Images/ACR-118/ACR-118_Uninstall_2.png","231127/BestPDFTools-231124/4.x/Images/ACR-057/ACR-057_Bundler-made offers_1.png","231127/BestPDFTools-231124/4.x/Images/ACR-059/ACR-059_Bundler-made offers_1.png","231127/BestPDFTools-231124/4.x/Images/ACR-060/ACR-060_Bundler-made offers_1.png","231127/BestPDFTools-231124/4.x/Images/ACR-071/ACR-071_Bundler-made offers_1.png","231127/BestPDFTools-231124/4.x/Images/ACR-155/ACR-155_Bundler-made offers_1.png"],"nonDeceptorImageFiles":["231127/BestPDFTools-231124/4.x/Images/ACR-106/ACR-106_Software_1.png","231127/BestPDFTools-231124/4.x/Images/ACR-092/ACR-092_Software_1.png","231127/BestPDFTools-231124/4.x/Images/ACR-123/ACR-123_Uninstall_1.png"],"guid":"473c0615-8e66-4c4c-86b9-d9934a71f8ae_4.x_1","appID":"BestPDFTools-231124","dateAdded":"231127","deceptorType":"Bundler","name":"Best PDF Tools","company":"Best PDF Tools","version":"4.x","lastKnownStatus":"4.x","lastKnownDate":"231127","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 10,Windows 8","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"sold in bundle,up-sell to paid","lastUpdate":"2023-11-28T02:07:44.2968766+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":797},{"violations":{"ACR-109":"The app downloads \"spt_setup.exe\", a RelevantKnowledge file without the consumer's consent\n","ACR-010":"The app distributes deceptor application. The offer in this app, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control. \n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software \n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software \n","ACR-118":"Upon uninstallation, it leaves its other components along with a \"curl-ca-bundle.crt\" and other components on the device without user's knowledge.\n","ACR-057":"The app bundles the \"Relevant Knowledge\" offer which does not allow the consumer to decline the offer\n","ACR-071":"It attempts to force the acceptance of \"Relevant Knowledge\" by graying out the Next button when the user choose to Decline. Thus, forcing the user to only accept the offer and proceed with the installation\n","ACR-059":"Offer not clearly marked as an offer. Instead, it is presented as a component of the carrier\n","ACR-155":"Offers are designed to look like part of the install workflow\n"},"nonDeceptorViolations":{"ACR-106":"App offers deceptive application 'Relevant Knowledge market survey'\n","ACR-123":"The app does not remove dropped root certificates even after uninstalling\n"},"samples":[{"isRevoked":"False","fileName":"VideoCutterJoiner.exe","isInstaller":"True","companyName":"XiangJi Software Studio                                     ","productName":"Fast Video Cutter Joiner                                    ","productVersion":"3.5.0.0                                           ","fileVersion":"3.5.0.0             ","hashMD5":"1b739f376880bc97f52d23d8f386886c","hashSHA1":"b6c184cc93e68d2534dcce4fc41a6657874e9059","hashSHA256":"b24eab2f70e0e8cff4b6ab2fb79e8dbd1ae5458463d46469b589cc593233fe12","digitalCertThumbprint":"712DF3A60A8F334303B1E517176B87B88C7C25D5","digitalCertIssuer":"Sectigo Public Code Signing CA R36","digitalCertIssuedTo":"张晓彤","storeId":"","sourceIndex":"803","avBlockList":["Avast Premium Security (20231214)","AVG Internet Security (20231214)","Avira Internet Security (20231214)","Bitdefender Internet Security (20231214)","COMODO Antivirus (20231214)","Dr.Web Security Space (20231214)","ESET Internet Security (20231214)","G DATA INTERNET SECURITY (20231214)","K7 Total Security (20231214)","Kaspersky Internet Security (20231214)","Malwarebytes Premium (20231214)","McAfee Total Protection (20231214)","Norton Security (20231214)","Panda Dome (20231214)","Quick Heal Internet Security (20231214)","Sophos Home Premium (20231214)","SpyHunter5 (20231214)","Total AV Antivirus Pro (20231214)","VirIT eXplorer PRO (20231214)","Webroot SecureAnywhere (20231214)","Windows Defender (20231214)"],"avAllowList":["360 Total Security (20231214)","Trend Micro Internet Security (20231214)","VIPRE Advanced Security (20231214)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunted on RK installer","reference":"","landingPage":"http://en.zxt2007.com/video-tools/videocutter.html","directDownloadingLink":"http://en.zxt2007.com/download/videocutter_setup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://en.zxt2007.com/download/videocutter_setup.exe","sourceIndex":"803"}],"sampleFiles":["231120/FastVideoCutter-230531/3.5.0.0/Samples/VideoCutterJoiner.exe"],"imageFiles":["231120/FastVideoCutter-230531/3.5.0.0/Images/ACR-109/ACR-109_Install_1.png","231120/FastVideoCutter-230531/3.5.0.0/Images/ACR-010/ACR-010_Install_1.png","231120/FastVideoCutter-230531/3.5.0.0/Images/ACR-013/ACR-013_Install_1.png","231120/FastVideoCutter-230531/3.5.0.0/Images/ACR-118/ACR-118_Uninstall_1.png","231120/FastVideoCutter-230531/3.5.0.0/Images/ACR-057/ACR-057_Bundler-made offers_1.png","231120/FastVideoCutter-230531/3.5.0.0/Images/ACR-059/ACR-059_Bundler-made offers_1.png","231120/FastVideoCutter-230531/3.5.0.0/Images/ACR-060/ACR-060_Bundler-made offers_1.png","231120/FastVideoCutter-230531/3.5.0.0/Images/ACR-071/ACR-071_Bundler-made offers_1.png","231120/FastVideoCutter-230531/3.5.0.0/Images/ACR-155/ACR-155_Bundler-made offers_1.png"],"nonDeceptorImageFiles":["231120/FastVideoCutter-230531/3.5.0.0/Images/ACR-106/ACR-106_Software_1.png","231120/FastVideoCutter-230531/3.5.0.0/Images/ACR-123/ACR-123_Uninstall_1.png"],"guid":"bec75a4e-5631-4aee-933b-d4971099625c_3.5.0.0_1","appID":"FastVideoCutter-230531","dateAdded":"231120","deceptorType":"Bundler","name":"Fast Video Cutter","company":"XiangJi Software Studio","version":"3.5.0.0","lastKnownStatus":"2.2.0.0;3.5.0.0","lastKnownDate":"231120","type":"Windows Executable","category":"Media editors","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"sold in bundle,up-sell to paid","lastUpdate":"2023-11-20T21:51:19.4718428+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":798},{"violations":{"ACR-109":"The app downloads \"spt_setup.exe\", a RelevantKnowledge file without the consumer's consent\n","ACR-042":"The app drops the Root Certificate files before obtaining the consumer's permission through explicit user action in the installation prompt \n","ACR-043":"The app drops the Root Certificate files without disclosing in during installation\n","ACR-048":"The \"Decline\" button does not have any control, drops a RelevantKnowledge file “spt_setup.exe” regardless.\n","ACR-007":"The app does not obtain user consent for dropping the Root Certificate files to reduce the consumer's security posture caused by the installation prompt. \n","ACR-010":"The app distributes deceptor application. The offer in this app, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control. \n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software \n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software \n","ACR-118":"Upon uninstallation, it leaves its other components along with a \"curl-ca-bundle.crt\" and other components on the device without user's knowledge.\n","ACR-057":"The app bundles the \"Relevant Knowledge\" offer which does not allow the consumer to decline the offer\n","ACR-071":"It attempts to force the acceptance of \"Relevant Knowledge\" by graying out the Next button when the user choose to Decline. Thus, forcing the user to only accept the offer and proceed with the installation\n","ACR-059":"Offer not clearly marked as an offer. Instead, it is presented as a component of the carrier\n","ACR-155":"Offers are designed to look like part of the install workflow\n"},"nonDeceptorViolations":{"ACR-045":"The app does not describe clearly and straightforwardly what effect is caused to the user's system due to the dropped Cert file in the installation prompt \n","ACR-106":"App offers deceptive application 'Relevant Knowledge market survey'\n","ACR-092":"The main executable is not digitally signed\n","ACR-123":"The app does not remove dropped root certificates even after uninstalling\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Users\\User\\AppData\\Local\\Fast Video Cutter\\FastCutter.exe","companyName":"XiangJi Software Studio","productName":"Fast Video Cutter","productVersion":"2.2.0.0","fileVersion":"2.2.0.0","hashMD5":"fbe577c4c1a0aee75a6cd15589855d6a","hashSHA1":"208941a0aa4ed8d77b306eba70fdbad8233cb6f5","hashSHA256":"756609f23eb22b46480e1b1187801b463e47954e3b0d4751ec6b46eafb983813","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1069","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"videocutter_setup.exe","isInstaller":"True","companyName":"XiangJi Software Studio                                     ","productName":"Fast Video Cutter                                           ","productVersion":"2.2.0.0                                           ","fileVersion":"2.2.0.0             ","hashMD5":"289fbd6a7d010aff0c58eb90751110d2","hashSHA1":"483e514f53a00ca0a25ffc846fa56c2ecf024e1d","hashSHA256":"e6a0685a40bdede175f3623a4231bfd6af396b741680661466af4688908f3aec","digitalCertThumbprint":"712DF3A60A8F334303B1E517176B87B88C7C25D5","digitalCertIssuer":"Sectigo Public Code Signing CA R36","digitalCertIssuedTo":"张晓彤","storeId":"","sourceIndex":"1069","avBlockList":["360 Total Security (20230608)","Avast Premium Security (20230608)","AVG Internet Security (20230608)","Avira Internet Security (20230608)","Bitdefender Internet Security (20230608)","COMODO Antivirus (20230608)","ESET Internet Security (20230608)","G DATA INTERNET SECURITY (20230608)","K7 Total Security (20230608)","Kaspersky Internet Security (20230608)","Malwarebytes Premium (20230608)","McAfee Total Protection (20230608)","Norton Security (20230608)","Panda Dome (20230608)","Quick Heal Internet Security (20230608)","Sophos Home Premium (20230608)","SpyHunter5 (20230608)","Total AV Antivirus Pro (20230608)","VIPRE Advanced Security (20230608)","VirIT eXplorer PRO (20230608)","Webroot SecureAnywhere (20230608)","Windows Defender (20230608)"],"avAllowList":["Dr.Web Security Space (20230608)","Trend Micro Internet Security (20230608)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunted on RK installer","reference":"","landingPage":"http://en.zxt2007.com/video-tools/videocutter.html","directDownloadingLink":"http://en.zxt2007.com/download/videocutter_setup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://en.zxt2007.com/download/videocutter_setup.exe","sourceIndex":"1069"}],"sampleFiles":["230601/FastVideoCutter-230531/2.2.0.0/Samples/videocutter_setup.exe"],"imageFiles":["230601/FastVideoCutter-230531/2.2.0.0/Images/ACR-109/ACR-109.JPG","230601/FastVideoCutter-230531/2.2.0.0/Images/ACR-043/ACR-043.JPG","230601/FastVideoCutter-230531/2.2.0.0/Images/ACR-042/ACR-042.JPG","230601/FastVideoCutter-230531/2.2.0.0/Images/ACR-048/ACR-048.JPG","230601/FastVideoCutter-230531/2.2.0.0/Images/ACR-007/ACR-007.JPG","230601/FastVideoCutter-230531/2.2.0.0/Images/ACR-010/ACR-010.JPG","230601/FastVideoCutter-230531/2.2.0.0/Images/ACR-013/ACR-013.JPG","230601/FastVideoCutter-230531/2.2.0.0/Images/ACR-118/ACR-118.JPG","230601/FastVideoCutter-230531/2.2.0.0/Images/ACR-057/ACR-057.JPG","230601/FastVideoCutter-230531/2.2.0.0/Images/ACR-059/ACR-059.JPG","230601/FastVideoCutter-230531/2.2.0.0/Images/ACR-060/ACR-060.JPG","230601/FastVideoCutter-230531/2.2.0.0/Images/ACR-071/ACR-071.JPG","230601/FastVideoCutter-230531/2.2.0.0/Images/ACR-155/ACR-155.JPG"],"nonDeceptorImageFiles":["230601/FastVideoCutter-230531/2.2.0.0/Images/ACR-045/ACR-045.JPG","230601/FastVideoCutter-230531/2.2.0.0/Images/ACR-106/ACR-106.JPG","230601/FastVideoCutter-230531/2.2.0.0/Images/ACR-092/ACR-092.JPG","230601/FastVideoCutter-230531/2.2.0.0/Images/ACR-123/ACR-123.JPG"],"guid":"bec75a4e-5631-4aee-933b-d4971099625c_2.2.0.0_1","appID":"FastVideoCutter-230531","dateAdded":"231120","deceptorType":"Bundler","name":"Fast Video Cutter","company":"XiangJi Software Studio","version":"2.2.0.0","lastKnownStatus":"2.2.0.0;3.5.0.0","lastKnownDate":"231120","type":"Windows Executable","category":"Media editors","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"sold in bundle","lastUpdate":"2023-11-20T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":799},{"violations":{"ACR-109":"The app downloads \"spt_setup.exe\", a RelevantKnowledge file before disclosure and without the consumer's consent\n","ACR-010":"The app distributes deceptor application. The offer in this app, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software\n","ACR-118":"Upon uninstallation, it retains some executables and many of its other components along with a \"curl-ca-bundle.crt\" and other components on the device without user's knowledge.\n","ACR-057":"The app bundles the \"Relevant Knowledge\" offer which does not allow the consumer to decline the offer\n","ACR-071":"It attempts to force the acceptance of \"Relevant Knowledge\" by graying out the Next button when the user choose to Decline. Thus, forcing the user to only accept the offer and proceed with the installation\n","ACR-016":"\"Accord CD Ripper Xtreme\" download is launched directly from Ad\n","ACR-059":"Offer not clearly marked as an offer. Instead, it is presented as a component of the carrier.\n","ACR-155":"Offers are designed to look like part of the install workflow\n"},"nonDeceptorViolations":{"ACR-106":"App offers deceptive application 'Relevant Knowledge market survey\n","ACR-092":"The installer executables are not digitally signed\n","ACR-123":"The app does not remove dropped root certificates even after uninstalling.\n"},"samples":[{"isRevoked":"False","fileName":"AudioRecorder.exe","isInstaller":"True","companyName":"Accmeware Corporation                                       ","productName":"Free Audio Recorder                                         ","productVersion":"                                                  ","fileVersion":"                    ","hashMD5":"1b7e19115fb79bf1634db9fec676ff26","hashSHA1":"1801386cf8404179cc9dcd61c86e63161f9efaa7","hashSHA256":"837a0d361ecf841d0dffadf2120ce48f7bac2608d4c9981ddc5582d73304833c","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"802","avBlockList":["360 Total Security (20221018)","Avast Premium Security (20221018)","AVG Internet Security (20221018)","Avira Internet Security (20221018)","Bitdefender Internet Security (20221018)","COMODO Antivirus (20221018)","Dr.Web Security Space (20221018)","ESET Internet Security (20221018)","G DATA INTERNET SECURITY (20221018)","K7 Total Security (20221018)","Kaspersky Internet Security (20221018)","Malwarebytes Premium (20221018)","McAfee Total Protection (20221018)","Norton Security (20221018)","Panda Dome (20221018)","Quick Heal Internet Security (20221018)","Sophos Home Premium (20221018)","SpyHunter5 (20221018)","Total AV Antivirus Pro (20221018)","VIPRE Advanced Security (20221018)","VirIT eXplorer PRO (20221018)","Webroot SecureAnywhere (20221018)","Windows Defender (20221018)"],"avAllowList":["Tencent PC Manager (20220811)","Trend Micro Internet Security (20221018)"]},{"isRevoked":"False","fileName":"CDRipperExp.exe","isInstaller":"True","companyName":"Accmeware Corporation                                       ","productName":"Accord CD Ripper Free                                       ","productVersion":"                                                  ","fileVersion":"                    ","hashMD5":"2908075b691f6d79085b2a9d6d8a47be","hashSHA1":"65d486b64927774d2f099db674be4757d59812d0","hashSHA256":"8bfc357a89231c47501a1de8e4cf2649f3d6383b66f439408c2575203cc72f80","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"802","avBlockList":["Avast Premium Security (20231214)","AVG Internet Security (20231214)","Avira Internet Security (20231214)","Bitdefender Internet Security (20231214)","COMODO Antivirus (20231214)","Dr.Web Security Space (20231214)","ESET Internet Security (20231214)","G DATA INTERNET SECURITY (20231214)","K7 Total Security (20231214)","Kaspersky Internet Security (20231214)","Malwarebytes Premium (20231214)","McAfee Total Protection (20231214)","Norton Security (20231214)","Panda Dome (20231214)","Quick Heal Internet Security (20231214)","Sophos Home Premium (20231214)","SpyHunter5 (20231214)","Total AV Antivirus Pro (20231214)","VIPRE Advanced Security (20231214)","VirIT eXplorer PRO (20231214)","Webroot SecureAnywhere (20231214)","Windows Defender (20231214)"],"avAllowList":["360 Total Security (20231214)","Trend Micro Internet Security (20231214)"]},{"isRevoked":"False","fileName":"Mp3Ripper.exe","isInstaller":"True","companyName":"Accmeware Corporation                                       ","productName":"Mp3 Ripper                                                  ","productVersion":"                                                  ","fileVersion":"                    ","hashMD5":"a76775fc50a183886e6cb948e027b9bb","hashSHA1":"238b64ee09a8b63ddfa8fb2ba27e9119bc1bcce7","hashSHA256":"66f137ed2d4a9785a1cd10554ff65894a5767ea50b5c32f990325225a332b09b","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"802","avBlockList":["360 Total Security (20231214)","Avast Premium Security (20231214)","AVG Internet Security (20231214)","Avira Internet Security (20231214)","Bitdefender Internet Security (20231214)","COMODO Antivirus (20231214)","Dr.Web Security Space (20231214)","ESET Internet Security (20231214)","G DATA INTERNET SECURITY (20231214)","K7 Total Security (20231214)","Kaspersky Internet Security (20231214)","Malwarebytes Premium (20231214)","McAfee Total Protection (20231214)","Norton Security (20231214)","Panda Dome (20231214)","Quick Heal Internet Security (20231214)","Sophos Home Premium (20231214)","SpyHunter5 (20231214)","Total AV Antivirus Pro (20231214)","VIPRE Advanced Security (20231214)","VirIT eXplorer PRO (20231214)","Webroot SecureAnywhere (20231214)","Windows Defender (20231214)"],"avAllowList":["Trend Micro Internet Security (20231214)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt on Relevant Knowledge apps","reference":"","landingPage":"http://www.freecdtomp3.com/mp3_ripper.html","directDownloadingLink":"http://www.freecdtomp3.com/Downloads/Mp3Ripper.zip","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://www.freecdtomp3.com/Downloads/Mp3Ripper.zip","sourceIndex":"802"}],"sampleFiles":["231120/AccmewareBundle-231116/6.x.x.x/Samples/AudioRecorder.exe","231120/AccmewareBundle-231116/6.x.x.x/Samples/CDRipperExp.exe","231120/AccmewareBundle-231116/6.x.x.x/Samples/Mp3Ripper.exe"],"imageFiles":["231120/AccmewareBundle-231116/6.x.x.x/Images/ACR-109/ACR-109_Install_1.png","231120/AccmewareBundle-231116/6.x.x.x/Images/ACR-010/ACR-010_Install_1.png","231120/AccmewareBundle-231116/6.x.x.x/Images/ACR-013/ACR-013_Install_1.png","231120/AccmewareBundle-231116/6.x.x.x/Images/ACR-118/ACR-118_Uninstall_1.png","231120/AccmewareBundle-231116/6.x.x.x/Images/ACR-057/ACR-057_Bundler-made offers_1.png","231120/AccmewareBundle-231116/6.x.x.x/Images/ACR-059/ACR-059_Bundler-made offers_1.png","231120/AccmewareBundle-231116/6.x.x.x/Images/ACR-060/ACR-060_Bundler-made offers_1.png","231120/AccmewareBundle-231116/6.x.x.x/Images/ACR-071/ACR-071_Bundler-made offers_1.png","231120/AccmewareBundle-231116/6.x.x.x/Images/ACR-155/ACR-155_Bundler-made offers_1.png","231120/AccmewareBundle-231116/6.x.x.x/Images/ACR-016/ACR-016_Ads inside app_1.png","231120/AccmewareBundle-231116/6.x.x.x/Images/ACR-016/ACR-016_Ads inside app_2.png"],"nonDeceptorImageFiles":["231120/AccmewareBundle-231116/6.x.x.x/Images/ACR-106/ACR-106_Software_1.png","231120/AccmewareBundle-231116/6.x.x.x/Images/ACR-092/ACR-092_Software_1.png","231120/AccmewareBundle-231116/6.x.x.x/Images/ACR-123/ACR-123_Uninstall_1.png"],"guid":"6a6eea92-4994-4525-b70c-12d27e9e7492_6.x.x.x_1","appID":"AccmewareBundle-231116","dateAdded":"231120","deceptorType":"Bundler","name":"Accmeware Bundle","company":"Accmeware Corporation","version":"6.x.x.x","lastKnownStatus":"6.x.x.x","lastKnownDate":"231120","type":"Windows Executable","category":"Media editors","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2023-11-20T22:04:50.2172257+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":800},{"violations":{"ACR-007":"The app does not provide explicit notification when it is running and it allows the consumer to enable stealth mode, which hides all app activity from the targeted consumer. The app also enables the consumer to require a password and a hotkey to open it. \n","ACR-084":"The app enables the consumer to install it in \"Stealth Mode\", which hides all app icons and notifications. It also enables the consumer to require a password and hotkey to open it.\n","ACR-086":"The app does not inform the consumer how it transfers data. It also requires a hotkey and password to open it, which prevents the targeted consumer from understanding what data is collected and transmitted.\n","ACR-097":"The install prompts the consumer to temporarily disable any Anti-virus software. \n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains \"sinvfct.dll\" on the device without the consumer's consent.\n"},"nonDeceptorViolations":{"ACR-040":"By default, the app is installed in a hidden folder named \"sysconfig\" in Program Files.\n","ACR-045":"\"Free Download\" highlights \"Free\" misleads user. The functionality that requires consumer payment in order to be activated needs to be marked clearly in landing page. Otherwise app should remove \"free\" word.\n","ACR-065":"The install does not display links to the Returns and Cancellation Policy or the Privacy Policy.\nThe app does not display links to the EULA or Terms of Service, the Returns and Cancellation Policy or the Privacy Policy.\n","ACR-161":"The landing page has testimonials that have no links back to a source so consumers can verify if they're real.\n","ACR-099":"The app does not display links to uninstall information. \nThe landing page does not display links to uninstall information.\nThe internal offers page does not display links to uninstall information.\n","ACR-123":"The app does not remove scheduled task even after uninstall.\n","ACR-166":"The app needs to disclose the license period to the consumer in the internal offers.\n","ACR-171":"The offer for \"Extended Download Warranty\" requires the user to opt-out of the payment. \n","ACR-017":"The app elevates its consumer trust level by displaying unverifiable logos on the landing page.\n"},"samples":[{"isRevoked":"False","fileName":"Setup (password=spytech).exe","isInstaller":"True","companyName":" Spytech Software and Design, Inc","productName":"SpyAgent","fileVersion":"0.0","hashMD5":"061f1f9326fdb3ea53813f3bbed895e4","hashSHA1":"23e1fa198124a808c8e5f8421c0da779f7122ead","hashSHA256":"ae71663bfcb374cd5d97a9512eb41005d127646a9e0e74840becf8653356349d","digitalCertThumbprint":"A897582111385A59DD212F5FF561A083E33F38D0","digitalCertIssuer":"CN=Sectigo Public Code Signing CA EV R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=\"Spytech Software and Design, Inc.\", O=\"Spytech Software and Design, Inc.\", L=Red Wing, S=Minnesota, C=US, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.2=Minnesota, OID.1.3.6.1.4.1.311.60.2.1.3=US, SERIALNUMBER=12K-305","sourceIndex":"1704","avBlockList":["360 Total Security (20220426)","Avast Premium Security (20220426)","AVG Internet Security (20220426)","Avira Internet Security (20220426)","Bitdefender Internet Security (20220426)","Dr.Web Security Space (20220426)","ESET Internet Security (20220426)","G DATA INTERNET SECURITY (20220426)","K7 Total Security (20220426)","Kaspersky Internet Security (20220426)","Malwarebytes Premium (20220426)","McAfee Total Protection (20220426)","Norton Security (20220426)","Panda Dome (20220426)","Quick Heal Internet Security (20220426)","Sophos Home Premium (20220426)","SpyHunter5 (20220426)","Tencent PC Manager (20220426)","Total AV Antivirus Pro (20220426)","Trend Micro Internet Security (20220426)","VIPRE Advanced Security (20220426)","VirIT eXplorer PRO (20220426)","Webroot SecureAnywhere (20220426)","Windows Defender (20220426)"],"avAllowList":["COMODO Antivirus (20220426)"]},{"isRevoked":"False","fileName":"sysdiag.exe","companyName":" Spytech Software and Design, Inc","productName":"SpyAgent","fileVersion":"0.0","hashMD5":"eabc691de42217ac7e5d1e5ceb339c6c","hashSHA1":"3f5c1f1227241f75f21a1af162367a5d0ef5ca24","hashSHA256":"6bf711221eb05400695031dda7302c04ae8a3e2e86e3cb9b01c2b9063303e80d","digitalCertThumbprint":"A897582111385A59DD212F5FF561A083E33F38D0","digitalCertIssuer":"CN=Sectigo Public Code Signing CA EV R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=\"Spytech Software and Design, Inc.\", O=\"Spytech Software and Design, Inc.\", L=Red Wing, S=Minnesota, C=US, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.2=Minnesota, OID.1.3.6.1.4.1.311.60.2.1.3=US, SERIALNUMBER=12K-305","sourceIndex":"1704","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"spyagent12.zip","companyName":" Spytech Software and Design, Inc","productName":"SpyAgent ","fileVersion":"0.","hashMD5":"","hashSHA1":"","hashSHA256":"965b9a6c53d00708788bd598e2d6e007a5d3bcbed845f0e342dab35cf22f7168","sourceIndex":"1704","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"apponic.com \"Security\"","reference":"","landingPage":"https://www.spytech-web.com/","directDownloadingLink":"https://spytech-inc.com/dl040218/spyagent12.zip","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://spytech-inc.com/dl040218/spyagent12.zip","sourceIndex":"1704"}],"sampleFiles":["220224/SpyAgent-191118/12.16/Samples/Setup (password=spytech).exe","220224/SpyAgent-191118/12.16/Samples/sysdiag.exe","220224/SpyAgent-191118/12.16/Samples/spyagent12.zip"],"imageFiles":["220224/SpyAgent-191118/12.16/Images/ACR-084/Setup Admin or Stealth Install.png","220224/SpyAgent-191118/12.16/Images/ACR-084/Stealth Mode Notice.png","220224/SpyAgent-191118/12.16/Images/ACR-084/Password Config.png","220224/SpyAgent-191118/12.16/Images/ACR-084/Stealth Config.png","220224/SpyAgent-191118/12.16/Images/ACR-097/Disable AV Prompt.png","220224/SpyAgent-191118/12.16/Images/ACR-097/Notice for AV users.png","220224/SpyAgent-191118/12.16/Images/ACR-118/Retain DLL File.png","220224/SpyAgent-191118/12.16/Images/ACR-007/Setup Admin or Stealth Install.png","220224/SpyAgent-191118/12.16/Images/ACR-007/SpyAgent HotKey.png","220224/SpyAgent-191118/12.16/Images/ACR-007/Stealth Config.png","220224/SpyAgent-191118/12.16/Images/ACR-007/Stealth Mode Notice.png","220224/SpyAgent-191118/12.16/Images/ACR-086/SpyAgent HotKey.png","220224/SpyAgent-191118/12.16/Images/ACR-086/Stealth Config.png","220224/SpyAgent-191118/12.16/Images/ACR-086/Stealth Mode Install.png","220224/SpyAgent-191118/12.16/Images/ACR-086/Stealth Mode Notice.png","220224/SpyAgent-191118/12.16/Images/ACR-086/Stealth Data and Config.png"],"nonDeceptorImageFiles":["220224/SpyAgent-191118/12.16/Images/ACR-040/Install Path.png","220224/SpyAgent-191118/12.16/Images/ACR-065/Install Wizard 1.png","220224/SpyAgent-191118/12.16/Images/ACR-065/License Agreement.png","220224/SpyAgent-191118/12.16/Images/ACR-065/App About.png","220224/SpyAgent-191118/12.16/Images/ACR-099/App About.png","220224/SpyAgent-191118/12.16/Images/ACR-099/SpyTech Landing Page.png","220224/SpyAgent-191118/12.16/Images/ACR-099/BuyNow Page.png","220224/SpyAgent-191118/12.16/Images/ACR-099/Checkout Page.png","220224/SpyAgent-191118/12.16/Images/ACR-099/Purchase Page.png","220224/SpyAgent-191118/12.16/Images/ACR-123/Scheduled Task Created.png","220224/SpyAgent-191118/12.16/Images/ACR-166/Checkout Page.png","220224/SpyAgent-191118/12.16/Images/ACR-166/Purchase Page.png","220224/SpyAgent-191118/12.16/Images/ACR-171/Checkout Page.png","220224/SpyAgent-191118/12.16/Images/ACR-045/Highlights Free.png","220224/SpyAgent-191118/12.16/Images/ACR-017/Unverified Logo 1.png","220224/SpyAgent-191118/12.16/Images/ACR-017/Unverified Logo 2.png","220224/SpyAgent-191118/12.16/Images/ACR-161/Testimonal 1.png","220224/SpyAgent-191118/12.16/Images/ACR-161/Testimonial 2.png"],"guid":"c747bd61-5145-4863-9958-1a987103008b_12.16_1","appID":"SpyAgent-191118","dateAdded":"231116","deceptorType":"App","name":"SpyAgent","company":"Spytech Software and Design Inc.","version":"12.16","lastKnownStatus":"Deceptor:11.10.19;11.40.20;11.50.20;12.16;13.0;13.1;14.0;14.1","lastKnownDate":"231116","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10,Windows Server","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2023-11-16T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":8,"sortOrder":805},{"violations":{"ACR-007":"The app does not provide explicit notification when it is running and it allows the consumer to enable stealth mode, which hides all app activity from the targeted consumer. The app also enables the consumer to require a password and a hotkey to open it.\n","ACR-084":"The app enables the consumer to install it in \"Stealth Mode\", which hides all app icons and notifications. It also enables the consumer to require a password and hotkey to open it.\n","ACR-086":"The app does not inform the targeted consumer how it collects or transmits user data, as it hides from them using a hotkey and password.\n","ACR-097":"The install prompts the consumer to temporarily disable any Anti-virus software.\n"},"nonDeceptorViolations":{"ACR-040":"By default, the app is installed in a hidden folder named \"sysconfig\" in Program Files.\n","ACR-045":"\"Free Download\" highlights \"Free\" misleads user. The functionality that requires consumer payment in order to be activated needs to be marked clearly in landing page. Otherwise app should remove \"free\" word.\n","ACR-065":"The install does not display links to the Returns and Cancellation Policy or the Privacy Policy. \nThe app does not display links to the EULA or Terms of Service, the Returns and Cancellation Policy or the Privacy Policy. \nThe landing page does not display links to the EULA or Terms of Service, the Returns and Cancellation Policy or the Privacy Policy\n","ACR-161":"The landing page displays unverifiable testimonials.\n","ACR-099":"The app does not display links to uninstall information.\nThe landing page does not display links to uninstall information.\nThe internal offers page does not display links to uninstall information.\n","ACR-166":"The app needs to disclose the license period to the consumer in the internal offers.\n","ACR-171":"The offer for \"Extended Download Warranty\" requires the user to opt-out of the payment.\n"},"samples":[{"isRevoked":"False","fileName":"sysdiag.exe","fileVersion":"0.0","hashMD5":"a48a18143d043a96b125492962bc6208","hashSHA1":"ebf322497552941fc2c0897f87ae799a23705b1f","hashSHA256":"552b2e44e7c5362038c8d7b752487caadfc464e24d899ed649d840b235dcf38e","digitalCertThumbprint":"728D51A7208A3B54A775E143DBA1F90EC09FB871","digitalCertIssuer":"CN=COMODO RSA Extended Validation Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"Spytech Software and Design, Inc.\", O=\"Spytech Software and Design, Inc.\", STREET=3505 Wild Turkey Lane, L=Red Wing, S=Minnesota, PostalCode=55066, C=US, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.2=Minnesota, OID.1.3.6.1.4.1.311.60.2.1.3=US, SERIALNUMBER=12K-305","sourceIndex":"2032","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"spyagent11.zip","fileVersion":"0.","hashMD5":"","hashSHA1":"","hashSHA256":"6752859a3f2ae82ec9237ffc8e2192a0294d44d5d628918c6249acd215cce237","sourceIndex":"2032","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"Setup (password=spytech).exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"031cdeb7b4915efeea8f7fa4be1858e6","hashSHA1":"a874751134d960ff9d34f8d53e1a1c8cb3ede1af","hashSHA256":"9ca5a0bf1ca0bd865ba5dad0b0a7fe78b3b1f9f9407434212c216711520c5755","digitalCertThumbprint":"728D51A7208A3B54A775E143DBA1F90EC09FB871","digitalCertIssuer":"CN=COMODO RSA Extended Validation Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"Spytech Software and Design, Inc.\", O=\"Spytech Software and Design, Inc.\", STREET=3505 Wild Turkey Lane, L=Red Wing, S=Minnesota, PostalCode=55066, C=US, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.2=Minnesota, OID.1.3.6.1.4.1.311.60.2.1.3=US, SERIALNUMBER=12K-305","sourceIndex":"2032","avBlockList":["360 Total Security (20210415)","Avast Premium Security (20210415)","AVG Internet Security (20210415)","Avira Internet Security (20210415)","Bitdefender Internet Security (20210415)","COMODO Antivirus (20210415)","Dr.Web Security Space (20210415)","ESET Internet Security (20210415)","G DATA INTERNET SECURITY (20210415)","K7 Total Security (20210415)","Kaspersky Internet Security (20210415)","Malwarebytes Premium (20210415)","McAfee Total Protection (20210415)","Norton Security (20210415)","Panda Dome (20210415)","Quick Heal Internet Security (20210415)","Sophos Home Premium (20210415)","SpyHunter5 (20210415)","Tencent PC Manager (20210415)","Total AV Antivirus Pro (20210415)","Trend Micro Internet Security (20210415)","VIPRE Advanced Security (20210415)","VirIT eXplorer PRO (20210415)","Webroot SecureAnywhere (20210415)","Windows Defender (20210415)"],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"https://www.spytector.com/request-sent.html","reference":"Hunt.Search","landingPage":"https://www.spytech-web.com/spyagent.shtml","directDownloadingLink":"https://www.spytech-web.com/downloadtrial.php?productid=SpyAgent&key=0.9940378982702766","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.spytech-web.com/downloadtrial.php?productid=SpyAgent&key=0.9940378982702766","sourceIndex":"2032"}],"sampleFiles":["201209/SpyAgent-191118/11.50.20/Samples/sysdiag.exe","201209/SpyAgent-191118/11.50.20/Samples/spyagent11.zip","201209/SpyAgent-191118/11.50.20/Samples/Setup (password=spytech).exe"],"imageFiles":["201209/SpyAgent-191118/11.50.20/Images/ACR-007/SpyAgent_Install [6].png","201209/SpyAgent-191118/11.50.20/Images/ACR-007/SpyAgent_Settings [1].png","201209/SpyAgent-191118/11.50.20/Images/ACR-007/SpyAgent_Settings [2].png","201209/SpyAgent-191118/11.50.20/Images/ACR-007/SpyAgent_Interactions [4].png","201209/SpyAgent-191118/11.50.20/Images/ACR-084/SpyAgent_Settings [4].png","201209/SpyAgent-191118/11.50.20/Images/ACR-084/SpyAgent_Settings [1].png","201209/SpyAgent-191118/11.50.20/Images/ACR-084/SpyAgent_Settings [2].png","201209/SpyAgent-191118/11.50.20/Images/ACR-084/SpyAgent_Install [6].png","201209/SpyAgent-191118/11.50.20/Images/ACR-084/SpyAgent_Interactions [4].png","201209/SpyAgent-191118/11.50.20/Images/ACR-086/SpyAgent_Interactions [4].png","201209/SpyAgent-191118/11.50.20/Images/ACR-086/SpyAgent_Settings [1].png","201209/SpyAgent-191118/11.50.20/Images/ACR-086/SpyAgent_Settings [2].png","201209/SpyAgent-191118/11.50.20/Images/ACR-086/SpyAgent_Settings [4].png","201209/SpyAgent-191118/11.50.20/Images/ACR-086/SpyAgent_Settings [5].png","201209/SpyAgent-191118/11.50.20/Images/ACR-097/SpyAgent_Install [2] DisableAV.png","201209/SpyAgent-191118/11.50.20/Images/ACR-097/SpyAgent_Install [7].png","201209/SpyAgent-191118/11.50.20/Images/ACR-097/SpyAgent_Install [8].png"],"nonDeceptorImageFiles":["201209/SpyAgent-191118/11.50.20/Images/ACR-040/SpyAgent_Files [1].png","201209/SpyAgent-191118/11.50.20/Images/ACR-045/SpyAgent_LandingPage [4].png","201209/SpyAgent-191118/11.50.20/Images/ACR-065/SpyAgent_Install [1].png","201209/SpyAgent-191118/11.50.20/Images/ACR-065/SpyAgent_Install [2].png","201209/SpyAgent-191118/11.50.20/Images/ACR-065/SpyAgent_About [1].png","201209/SpyAgent-191118/11.50.20/Images/ACR-065/SpyAgent_LandingPage [1].png","201209/SpyAgent-191118/11.50.20/Images/ACR-161/SpyAgent_LandingPage [2] Testimonial.png","201209/SpyAgent-191118/11.50.20/Images/ACR-161/SpyAgent_LandingPage [3] Testimonial.png","201209/SpyAgent-191118/11.50.20/Images/ACR-099/SpyAgent_LandingPage [1].png","201209/SpyAgent-191118/11.50.20/Images/ACR-099/SpyAgent_OfferPage [1].png","201209/SpyAgent-191118/11.50.20/Images/ACR-099/SpyAgent_OfferPage [2].png","201209/SpyAgent-191118/11.50.20/Images/ACR-099/SpyAgent_OfferPage [3].png","201209/SpyAgent-191118/11.50.20/Images/ACR-166/SpyAgent_OfferPage [1].png","201209/SpyAgent-191118/11.50.20/Images/ACR-166/SpyAgent_OfferPage [2].png","201209/SpyAgent-191118/11.50.20/Images/ACR-166/SpyAgent_OfferPage [3].png","201209/SpyAgent-191118/11.50.20/Images/ACR-171/SpyAgent_OfferPage [3].png"],"guid":"c747bd61-5145-4863-9958-1a987103008b_11.50.20_1","appID":"SpyAgent-191118","dateAdded":"231116","deceptorType":"App","name":"SpyAgent","company":"Spytech Software and Design Inc.","version":"11.50.20","sigName":"Deceptor:Win32/SpyAgent!007084086097","lastKnownStatus":"Deceptor:11.10.19;11.40.20;11.50.20;12.16;13.0;13.1;14.0;14.1","lastKnownDate":"231116","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Adults only","monetization":"up-sell to paid,paid","lastUpdate":"2023-11-16T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":8,"sortOrder":806},{"violations":{"ACR-007":"The app does not provide explicit notification when it is running and it allows the consumer to enable stealth mode, which hides all app activity from the targeted consumer. The app also enables the consumer to require a password and a hotkey to open it.\n","ACR-084":"The app enables the consumer to install it in \"Stealth Mode\", which hides all app icons and notifications. It also enables the consumer to require a password and hotkey to open it.\n","ACR-086":"The app does not inform the targeted consumer how it collects or transmits user data, as it hides from them using a hotkey and password.\n","ACR-097":"The install prompts the consumer to temporarily disable any Anti-virus software.\n"},"nonDeceptorViolations":{"ACR-040":"By default, the app is installed in a hidden folder named \"sysconfig\" in Program Files.\n","ACR-065":"The install does not display links to the Returns and Cancellation Policy or the Privacy Policy. \nThe app does not display links to the EULA, the Returns and Cancellation Policy or the Privacy Policy. \nThe landing page does not display links to the EULA, the Returns and Cancellation Policy or the Privacy Policy\n","ACR-161":"The landing page displays unverifiable testimonials.\n","ACR-099":"The app does not display links to uninstall information.\nThe landing page does not display links to uninstall information.\nThe internal offers page does not display links to uninstall information.\n","ACR-166":"The app needs to disclose the license period to the consumer in the internal offers.\n","ACR-171":"The offer for \"Extended Download Warranty\" requires the user to opt-out of the payment.\n"},"samples":[{"isRevoked":"False","fileName":"Setup (password=spytech).exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"a9620ab6c5538002ec4fe47c9eac22d3","hashSHA1":"417511372dd5dc273e5e76fb65dff252ed198c5f","hashSHA256":"8ce2c493f255303903ba29f1651066ddb56f13c537afda283e97bceb92029db0","digitalCertThumbprint":"728D51A7208A3B54A775E143DBA1F90EC09FB871","digitalCertIssuer":"CN=COMODO RSA Extended Validation Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"Spytech Software and Design, Inc.\", O=\"Spytech Software and Design, Inc.\", STREET=3505 Wild Turkey Lane, L=Red Wing, S=Minnesota, PostalCode=55066, C=US, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.2=Minnesota, OID.1.3.6.1.4.1.311.60.2.1.3=US, SERIALNUMBER=12K-305","sourceIndex":"2145","avBlockList":["360 Total Security (20200921)","Avast Premium Security (20200921)","AVG Internet Security (20200921)","Avira Internet Security (20200921)","Bitdefender Internet Security (20200921)","COMODO Antivirus (20200921)","Dr.Web Security Space (20200921)","ESET Internet Security (20200921)","G DATA INTERNET SECURITY (20200921)","K7 Total Security (20200921)","Kaspersky Internet Security (20200921)","Malwarebytes Premium (20200921)","McAfee Total Protection (20200921)","Norton Security (20200921)","Panda Dome (20200921)","Quick Heal Internet Security (20200921)","Sophos Home Premium (20200921)","SpyHunter5 (20200921)","Tencent PC Manager (20200921)","Total AV Antivirus Pro (20200921)","Trend Micro Internet Security (20200921)","VIPRE Advanced Security (20200921)","VirIT eXplorer PRO (20200921)","Webroot SecureAnywhere (20200921)","Windows Defender (20200921)"],"avAllowList":[]},{"isRevoked":"False","fileName":"sysdiag.exe","fileVersion":"0.0","hashMD5":"71b8824e89e1e4b795e0c27a6a46358e","hashSHA1":"f0a67dfb52df00d416a37be3e0cbd50ac9148cfb","hashSHA256":"30d4dfacb2a4dcc95f26d2f05c6d5a7213d3119af0ed62bc371ce37c004de42a","digitalCertThumbprint":"728D51A7208A3B54A775E143DBA1F90EC09FB871","digitalCertIssuer":"CN=COMODO RSA Extended Validation Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"Spytech Software and Design, Inc.\", O=\"Spytech Software and Design, Inc.\", STREET=3505 Wild Turkey Lane, L=Red Wing, S=Minnesota, PostalCode=55066, C=US, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.2=Minnesota, OID.1.3.6.1.4.1.311.60.2.1.3=US, SERIALNUMBER=12K-305","sourceIndex":"2145","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"https://www.spytech-web.com/spyagent.shtml","reference":"Hunt.Search","landingPage":"https://www.spytech-web.com/","directDownloadingLink":"https://www.spytech-web.com/download-trial.php?productid=SpyAgent&key=0.3544949771586111","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.spytech-web.com/download-trial.php?productid=SpyAgent&key=0.3544949771586111","sourceIndex":"2145"}],"sampleFiles":["200728/SpyAgent-191118/11.40.20/Samples/Setup (password=spytech).exe","200728/SpyAgent-191118/11.40.20/Samples/sysdiag.exe"],"imageFiles":["200728/SpyAgent-191118/11.40.20/Images/ACR-007/SpyAgent_Install [6].png","200728/SpyAgent-191118/11.40.20/Images/ACR-007/SpyAgent_SetUp [4].png","200728/SpyAgent-191118/11.40.20/Images/ACR-007/SpyAgent_SetUp [5] PasswordSetting.png","200728/SpyAgent-191118/11.40.20/Images/ACR-007/SpyAgent_HotKey.png","200728/SpyAgent-191118/11.40.20/Images/ACR-084/SpyAgent_Install [6].png","200728/SpyAgent-191118/11.40.20/Images/ACR-084/SpyAgent_SetUp [4].png","200728/SpyAgent-191118/11.40.20/Images/ACR-084/SpyAgent_SetUp [5] PasswordSetting.png","200728/SpyAgent-191118/11.40.20/Images/ACR-084/SpyAgent_SetUp [6].png","200728/SpyAgent-191118/11.40.20/Images/ACR-084/SpyAgent_SetUp [7].png","200728/SpyAgent-191118/11.40.20/Images/ACR-084/SpyAgent_HotKey.png","200728/SpyAgent-191118/11.40.20/Images/ACR-086/SpyAgent_SetUp [4].png","200728/SpyAgent-191118/11.40.20/Images/ACR-086/SpyAgent_SetUp [5] PasswordSetting.png","200728/SpyAgent-191118/11.40.20/Images/ACR-086/SpyAgent_HotKey.png","200728/SpyAgent-191118/11.40.20/Images/ACR-086/SpyAgent_SetUp [7].png","200728/SpyAgent-191118/11.40.20/Images/ACR-086/SpyAgent_SetUp [8].png","200728/SpyAgent-191118/11.40.20/Images/ACR-086/SpyAgent_SetUp [9]LogSending.png","200728/SpyAgent-191118/11.40.20/Images/ACR-097/SpyAgent_Install [2]_DisableAntivirus.png","200728/SpyAgent-191118/11.40.20/Images/ACR-097/SpyAgent_Setup [1] Antivirus2.png"],"nonDeceptorImageFiles":["200728/SpyAgent-191118/11.40.20/Images/ACR-040/SpyAgent_Files [2].png","200728/SpyAgent-191118/11.40.20/Images/ACR-040/SpyAgent_Install [5].png","200728/SpyAgent-191118/11.40.20/Images/ACR-065/SpyAgent_Install [1].png","200728/SpyAgent-191118/11.40.20/Images/ACR-065/SpyAgent_Install [3].png","200728/SpyAgent-191118/11.40.20/Images/ACR-065/SpyAgent_About [1].png","200728/SpyAgent-191118/11.40.20/Images/ACR-065/SpyAgent_LandingPage [1].png","200728/SpyAgent-191118/11.40.20/Images/ACR-065/SpyAgent_LandingPage [2].png","200728/SpyAgent-191118/11.40.20/Images/ACR-161/SpyAGent_CustomerTestimonials [1].png","200728/SpyAgent-191118/11.40.20/Images/ACR-099/SpyAgent_About [1].png","200728/SpyAgent-191118/11.40.20/Images/ACR-099/SpyAgent_LandingPage [1].png","200728/SpyAgent-191118/11.40.20/Images/ACR-099/SpyAgent_LandingPage [2].png","200728/SpyAgent-191118/11.40.20/Images/ACR-099/SpyAgent_OfferPage [1].png","200728/SpyAgent-191118/11.40.20/Images/ACR-099/SpyAgent_OfferPage [2].png","200728/SpyAgent-191118/11.40.20/Images/ACR-166/SpyAgent_OfferPage [1].png","200728/SpyAgent-191118/11.40.20/Images/ACR-166/SpyAgent_OfferPage [2].png","200728/SpyAgent-191118/11.40.20/Images/ACR-171/SpyAgent_OfferPage [2].png"],"guid":"c747bd61-5145-4863-9958-1a987103008b_11.40.20_1","appID":"SpyAgent-191118","dateAdded":"231116","deceptorType":"App","name":"SpyAgent","company":"Spytech Software and Design Inc.","version":"11.40.20","sigName":"Deceptor:Win32/SpyAgentStalkerware!007084086097","lastKnownStatus":"Deceptor:11.10.19;11.40.20;11.50.20;12.16;13.0;13.1;14.0;14.1","lastKnownDate":"231116","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Adults only","monetization":"up-sell to paid,paid","lastUpdate":"2023-11-16T00:00:00+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":8,"sortOrder":807},{"violations":{"ACR-007":"The app does not provide explicit notification when it is running and it allows the consumer to enable stealth mode, which hides all app activity from the targeted consumer. The app also enables the consumer to require a password and a hotkey to open it.\n","ACR-084":"The app enables the consumer to install it in \"Stealth Mode\", which hides all app icons and notifications. It also enables the consumer to require a password and hotkey to open it.\n","ACR-086":"The app does not inform the targeted consumer how it collects or transmits user data, as it hides from them using a hotkey and password.\n","ACR-097":"The install prompts the consumer to temporarily disable any Anti-virus software.\n"},"nonDeceptorViolations":{"ACR-040":"By default, the app is installed in a hidden folder named \"sysconfig\" in \"Program Files (x86)\".\n","ACR-065":"The install does not display links to the Returns and Cancellation Policy or the Privacy Policy.\nThe app does not display links to the EULA, the Returns and Cancellation Policy or the Privacy Policy.\nThe landing page does not display links to the EULA, the Returns and Cancellation Policy or the Privacy Policy\n","ACR-161":"The landing page displays unverifiable testimonials.\n","ACR-099":"The app does not display links to uninstall information.\nThe landing page does not display links to uninstall information.\nThe internal offers page does not display links to uninstall information.\n"},"samples":[{"isRevoked":"False","fileName":"Setup (password=spytech).exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"2efbf079c79dfde89a46ca9cf5b8b81d","hashSHA1":"622b2557f0559e73026cd654d3dd55cd14f0800a","hashSHA256":"e1fb274b5ed29a44e5eac7187d80755fd668d3bf605556fce5f9cd52a89df242","digitalCertThumbprint":"E964AC4701E77109973F5FBCFA618EEE8659D256","digitalCertIssuer":"CN=COMODO RSA Extended Validation Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"Spytech Software and Design, Inc.\", O=\"Spytech Software and Design, Inc.\", STREET=3505 Wild Turkey Lane, L=Red Wing, S=Minnesota, PostalCode=55066, C=US, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.2=Minnesota, OID.1.3.6.1.4.1.311.60.2.1.3=US, SERIALNUMBER=12K-305","sourceIndex":"2601","avBlockList":["360 Total Security (20220407)","Avast Internet Security (20191219)","AVG Internet Security (20220407)","Avira Internet Security (20220407)","Bitdefender Internet Security (20220407)","COMODO Antivirus (20220407)","Dr.Web Security Space (20220407)","ESET Internet Security (20220407)","G DATA INTERNET SECURITY (20220407)","K7 Total Security (20220407)","Kaspersky Internet Security (20220407)","Malwarebytes Premium (20220407)","McAfee Total Protection (20220407)","Norton Security (20220407)","Panda Dome (20220407)","Quick Heal Internet Security (20220407)","Sophos Home Premium (20220407)","Tencent PC Manager (20220407)","Trend Micro Internet Security (20220407)","VIPRE Advanced Security (20220407)","VirIT eXplorer PRO (20220407)","Webroot SecureAnywhere (20220407)","Windows Defender (20220407)","Avast Premium Security (20220407)","SpyHunter5 (20220407)","Total AV Antivirus Pro (20220407)"],"avAllowList":[]},{"isRevoked":"False","fileName":"sysdiag.exe","fileVersion":"0.0","hashMD5":"944480ddac548369246046bd88be993a","hashSHA1":"06a68a51c15372307a3e3d47d1fb26def2df2e1f","hashSHA256":"cdcbb7f7bf56dcc6589cfa35a829c4f1583c7ae0a29aab73459e85f440b2d950","digitalCertThumbprint":"E964AC4701E77109973F5FBCFA618EEE8659D256","digitalCertIssuer":"CN=COMODO RSA Extended Validation Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"Spytech Software and Design, Inc.\", O=\"Spytech Software and Design, Inc.\", STREET=3505 Wild Turkey Lane, L=Red Wing, S=Minnesota, PostalCode=55066, C=US, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.2=Minnesota, OID.1.3.6.1.4.1.311.60.2.1.3=US, SERIALNUMBER=12K-305","sourceIndex":"2601","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"https://www.spytector.com/request-sent.html","reference":"Hunt.Search","landingPage":"https://www.spytech-web.com/","directDownloadingLink":"https://www.spytech-web.com/download-trial.php?productid=SpyAgent&key=7817a1bfc0d5356d65df258a9c49bb90cef4f7ed0eaf99f0e7","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.spytech-web.com/download-trial.php?productid=SpyAgent&key=7817a1bfc0d5356d65df258a9c49bb90cef4f7ed0eaf99f0e7","sourceIndex":"2601"},{"howFound":"https://www.spytector.com/request-sent.html","reference":"Hunt.Search","landingPage":"https://www.spytech-spyagent.com/","ipv4":"","ipv6":"","sourceIndex":"2602"}],"sampleFiles":["191119/SpyAgent-191118/11.10.19/Samples/Setup (password=spytech).exe","191119/SpyAgent-191118/11.10.19/Samples/sysdiag.exe"],"imageFiles":["191119/SpyAgent-191118/11.10.19/Images/ACR-007/SpyAgent Stealth 1.png","191119/SpyAgent-191118/11.10.19/Images/ACR-007/SpyAgent stealth 2.png","191119/SpyAgent-191118/11.10.19/Images/ACR-007/SpyAgent password.png","191119/SpyAgent-191118/11.10.19/Images/ACR-007/SpyAgent hotkey.png","191119/SpyAgent-191118/11.10.19/Images/ACR-084/SpyAgent stealth 2.png","191119/SpyAgent-191118/11.10.19/Images/ACR-084/SpyAgent Stealth 1.png","191119/SpyAgent-191118/11.10.19/Images/ACR-084/SpyAgent password.png","191119/SpyAgent-191118/11.10.19/Images/ACR-084/SpyAgent hotkey.png","191119/SpyAgent-191118/11.10.19/Images/ACR-086/SpyAgent hotkey.png","191119/SpyAgent-191118/11.10.19/Images/ACR-086/SpyAgent password.png","191119/SpyAgent-191118/11.10.19/Images/ACR-097/SpyAgent AV 2.png","191119/SpyAgent-191118/11.10.19/Images/ACR-097/SpyAgent Disable AV.png"],"nonDeceptorImageFiles":["191119/SpyAgent-191118/11.10.19/Images/ACR-040/SpyAgent Install Location 2.png","191119/SpyAgent-191118/11.10.19/Images/ACR-040/SpyAgent Install Location.png","191119/SpyAgent-191118/11.10.19/Images/ACR-065/SpyAgent EULA.png","191119/SpyAgent-191118/11.10.19/Images/ACR-065/SpyAgent Install.png","191119/SpyAgent-191118/11.10.19/Images/ACR-065/SpyAgent About.png","191119/SpyAgent-191118/11.10.19/Images/ACR-065/SpyAgent B Landing Page.png","191119/SpyAgent-191118/11.10.19/Images/ACR-161/SpyAgent B Landing Page.png","191119/SpyAgent-191118/11.10.19/Images/ACR-099/SpyAgent About.png","191119/SpyAgent-191118/11.10.19/Images/ACR-099/SpyAgent B Landing Page.png","191119/SpyAgent-191118/11.10.19/Images/ACR-099/SpyAgent Internal Offers.png"],"guid":"c747bd61-5145-4863-9958-1a987103008b_11.10.19_1","appID":"SpyAgent-191118","dateAdded":"231116","deceptorType":"App","name":"SpyAgent","company":"Spytech Software and Design Inc.","version":"11.10.19","sigName":"Deceptor:Win32/SpyAgentStalkerware!007084086097","lastKnownStatus":"Deceptor:11.10.19;11.40.20;11.50.20;12.16;13.0;13.1;14.0;14.1","lastKnownDate":"231116","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Adults only","monetization":"up-sell to paid","lastUpdate":"2023-11-16T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":8,"sortOrder":808},{"violations":{"ACR-007":"The app does not provide explicit notification when it is running and it allows the consumer to enable stealth mode, which hides all app activity from the targeted consumer. The app also enables the consumer to require a password and a hotkey to open it. \n","ACR-084":"The app enables the consumer to install it in \"Stealth Mode\", which hides all app icons and notifications. It also enables the consumer to require a password and hotkey to open it.\n","ACR-086":"The app does not inform the consumer how it transfers data. It also requires a hotkey and password to open it, which prevents the targeted consumer from understanding what data is collected and transmitted.\n","ACR-097":"The install prompts the consumer to temporarily disable any Anti-virus software. \n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains \"sinvfct.dll\" on the device without the consumer's consent.\n"},"nonDeceptorViolations":{"ACR-040":"By default, the app is installed in a hidden folder named \"sysconfig\" in Program Files.\n","ACR-065":"The app does not display links to the EULA or Terms of Service, the Returns and Cancellation Policy or the Privacy Policy.\n","ACR-161":"The landing page has testimonials that have no links back to a source so consumers can verify if they're real.\n","ACR-099":"The app does not display links to uninstall information. \nThe landing page does not display links to uninstall information.\nThe internal offers page does not display links to uninstall information.\n","ACR-123":"The app does not remove scheduled task even after uninstall.\n","ACR-167":"The App does not offer an at least 30-day refund and the Refund Policy shown in the App and Landing Page are mismatched.\n","ACR-166":"The app needs to disclose the license period to the consumer in the internal offers.\n","ACR-171":"The offer for \"Extended Download Warranty\" requires the user to opt-out at payment. \n","ACR-017":"The app elevates its consumer trust level by displaying unverifiable logos on the landing page.\n"},"samples":[{"isRevoked":"False","fileName":"Setup (password=spytech).exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"a74019da1bd6744db39bab5285269a9b","hashSHA1":"4511604aca32f57bf15f7f299679ddf3b8ed6955","hashSHA256":"4ed71310dda568be1d955aad3a0ab1008aea6d4a043bc0f6ffb7c274c91d41bf","digitalCertThumbprint":"A897582111385A59DD212F5FF561A083E33F38D0","digitalCertIssuer":"CN=Sectigo Public Code Signing CA EV R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=\"Spytech Software and Design, Inc.\", O=\"Spytech Software and Design, Inc.\", L=Red Wing, S=Minnesota, C=US, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.2=Minnesota, OID.1.3.6.1.4.1.311.60.2.1.3=US, SERIALNUMBER=12K-305","sourceIndex":"1523","avBlockList":["360 Total Security (20230831)","Avast Premium Security (20230831)","AVG Internet Security (20230831)","Avira Internet Security (20230831)","Bitdefender Internet Security (20230831)","Dr.Web Security Space (20230831)","ESET Internet Security (20230831)","G DATA INTERNET SECURITY (20230831)","K7 Total Security (20230831)","Kaspersky Internet Security (20230831)","Malwarebytes Premium (20230831)","McAfee Total Protection (20230831)","Norton Security (20230831)","Panda Dome (20230831)","Quick Heal Internet Security (20230831)","Sophos Home Premium (20230831)","SpyHunter5 (20230831)","Tencent PC Manager (20220714)","Total AV Antivirus Pro (20230831)","VIPRE Advanced Security (20230831)","VirIT eXplorer PRO (20230831)","Webroot SecureAnywhere (20230831)","Windows Defender (20230831)"],"avAllowList":["COMODO Antivirus (20230831)","Trend Micro Internet Security (20230831)"]},{"isRevoked":"False","fileName":"sysdiag.exe","fileVersion":"0.0","hashMD5":"8e40e601af09d18e630cde3b5cb0b899","hashSHA1":"7fb8fde47523345279e05c3f3f9ec6b3885adfaf","hashSHA256":"176cb1caa909e17e26b4e1d1c365490f4f042860892887b4e817e0813e04a288","digitalCertThumbprint":"A897582111385A59DD212F5FF561A083E33F38D0","digitalCertIssuer":"CN=Sectigo Public Code Signing CA EV R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=\"Spytech Software and Design, Inc.\", O=\"Spytech Software and Design, Inc.\", L=Red Wing, S=Minnesota, C=US, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.2=Minnesota, OID.1.3.6.1.4.1.311.60.2.1.3=US, SERIALNUMBER=12K-305","sourceIndex":"1523","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"https://www.spytector.com/request-sent.html","reference":"Hunt.Search","landingPage":"https://www.spytech-web.com/","directDownloadingLink":"https://www.spytech-web.com/download-trial.php?productid=SpyAgent&key=7817a1bfc0d5356d65df258a9c49bb90cef4f7ed0eaf99f0e7","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.spytech-web.com/download-trial.php?productid=SpyAgent&key=7817a1bfc0d5356d65df258a9c49bb90cef4f7ed0eaf99f0e7","sourceIndex":"1523"},{"howFound":"https://www.spytector.com/request-sent.html","reference":"Hunt.Search","landingPage":"https://www.spytech-spyagent.com/","ipv4":"","ipv6":"","sourceIndex":"1524"}],"sampleFiles":["220711/SpyAgent-191118/13.0/Samples/Setup (password=spytech).exe","220711/SpyAgent-191118/13.0/Samples/sysdiag.exe"],"imageFiles":["220711/SpyAgent-191118/13.0/Images/ACR-084/ACR-084-PasswordConfiguration.jpg","220711/SpyAgent-191118/13.0/Images/ACR-084/ACR-084-SetupAdminorStealthInstall.jpg","220711/SpyAgent-191118/13.0/Images/ACR-084/ACR-084_086-StealthModeNotice.jpg","220711/SpyAgent-191118/13.0/Images/ACR-084/ACR-084-StealthConfigjpg.jpg","220711/SpyAgent-191118/13.0/Images/ACR-097/ACR-097_DisableAVPrompt.jpg","220711/SpyAgent-191118/13.0/Images/ACR-097/ACR-097_AVUsersNotice.jpg","220711/SpyAgent-191118/13.0/Images/ACR-118/Retain DLL File.png","220711/SpyAgent-191118/13.0/Images/ACR-007/ACR-007_084_086-SetupAdminorStealthInstall.jpg","220711/SpyAgent-191118/13.0/Images/ACR-007/ACR-007_086_Hotkey.jpg","220711/SpyAgent-191118/13.0/Images/ACR-007/ACR-007_084_086-StealthConfigjpg.jpg","220711/SpyAgent-191118/13.0/Images/ACR-007/ACR-007_084_086-StealthModeNotice.jpg","220711/SpyAgent-191118/13.0/Images/ACR-086/ACR-086_Hotkey.jpg","220711/SpyAgent-191118/13.0/Images/ACR-086/ACR-084_086-StealthConfigjpg.jpg","220711/SpyAgent-191118/13.0/Images/ACR-086/ACR-084_086-SetupAdminorStealthInstall.jpg","220711/SpyAgent-191118/13.0/Images/ACR-086/ACR-084_086-StealthModeNotice.jpg","220711/SpyAgent-191118/13.0/Images/ACR-086/ACR-086-StealthDataandConfig.jpg"],"nonDeceptorImageFiles":["220711/SpyAgent-191118/13.0/Images/ACR-040/ACR-040_HiddenPath.jpg","220711/SpyAgent-191118/13.0/Images/ACR-065/SpyAgent_About.jpg","220711/SpyAgent-191118/13.0/Images/ACR-099/SpyAgent_About.jpg","220711/SpyAgent-191118/13.0/Images/ACR-099/SpyAgent_LandingPage.jpeg","220711/SpyAgent-191118/13.0/Images/ACR-099/CheckOut Page.jpeg","220711/SpyAgent-191118/13.0/Images/ACR-099/PurchasePage.jpeg","220711/SpyAgent-191118/13.0/Images/ACR-123/ScheduledTask.jpg","220711/SpyAgent-191118/13.0/Images/ACR-167/ACR-167_Software_RefundPolicy.jpg","220711/SpyAgent-191118/13.0/Images/ACR-167/ACR-167_LandingPage_RefundPolicy.jpg","220711/SpyAgent-191118/13.0/Images/ACR-166/CheckOut Page.jpeg","220711/SpyAgent-191118/13.0/Images/ACR-166/PurchasePage.jpeg","220711/SpyAgent-191118/13.0/Images/ACR-171/CheckOut Page.jpeg","220711/SpyAgent-191118/13.0/Images/ACR-017/SpyAgentsAwards.jpeg","220711/SpyAgent-191118/13.0/Images/ACR-161/Testimonials.jpeg"],"guid":"c747bd61-5145-4863-9958-1a987103008b_13.0_1","appID":"SpyAgent-191118","dateAdded":"231116","deceptorType":"App","name":"SpyAgent","company":"Spytech Software and Design Inc.","version":"13.0","lastKnownStatus":"Deceptor:11.10.19;11.40.20;11.50.20;12.16;13.0;13.1;14.0;14.1","lastKnownDate":"231116","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10,Windows Server","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,paid","lastUpdate":"2023-11-16T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":8,"sortOrder":804},{"violations":{"ACR-048":"1. The app requires a hotkey or password and is limiting the targeted consumer's ability to close, delete, disable, or uninstall the app. \n2. The app does not inform the targeted consumer of how it collects data. It also requires a password to open it.\n","ACR-007":"The app does not provide explicit notification when it is running and it allows the consumer to enable stealth mode, which hides all app activity from the targeted consumer. The app also enables the consumer to require a password and a hotkey to open it. \n","ACR-084":"The app enables the consumer to install it in \"Stealth Mode\", which hides all app icons and notifications. It also enables the consumer to require a password and hotkey to open it.\n","ACR-086":"The app does not inform the consumer how it transfers data. It also requires a hotkey and password to open it, which prevents the targeted consumer from understanding what data is collected and transmitted.\n","ACR-097":"The install prompts the consumer to temporarily disable any Anti-virus software. \n","ACR-117":"When tried to uninstall the app, it displays a prompt stating that the \"Spytech\" app is uninstalled but in actuality, the app does not get uninstalled.\n","ACR-122":"When tried to uninstall the app, it displays a prompt stating that the \"Spytech\" app is uninstalled but in actuality, the app does not get uninstalled.\n","ACR-014":"The app calls itself \"sysdiag.exe”, which is not related to the name \"spytech SpyAgent\", which misleads the targeted consumer\n","ACR-124":"When tried to uninstall the app, it displays a prompt stating that the \"Spytech\" app is uninstalled but in actuality, the app does not get uninstalled.\n"},"nonDeceptorViolations":{"ACR-123":"The app does not remove scheduled task even after uninstall.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\sysconfig\\sysdiag.exe","companyName":"","productName":"","productVersion":"","fileVersion":"","hashMD5":"38d881743e4ac7a455f80c2ba906462e","hashSHA1":"2a02a63b6a56487733f59e2acb7fa2700cc5997c","hashSHA256":"3b3345708a2bd7f3049717a27c00b04504e478f58d4c121727ddeb6dcda41505","digitalCertThumbprint":"4297EC5DB2607DEF6782B290EBCE98830E742075","digitalCertIssuer":"Sectigo Public Code Signing CA EV R36","digitalCertIssuedTo":"Spytech Software and Design Inc.","storeId":"","sourceIndex":"1114","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"Setup (password=spytech).exe","isInstaller":"True","companyName":"","productName":"","productVersion":"","fileVersion":"","hashMD5":"01a2a820106482f091490a3b7ade41c6","hashSHA1":"168165e585d255593fde513fd3cf3b157335a926","hashSHA256":"7bc3f089ab780ca4e83ef2faa462ece2a45f3979f2603c78b0f587a68c081bf0","digitalCertThumbprint":"4297EC5DB2607DEF6782B290EBCE98830E742075","digitalCertIssuer":"Sectigo Public Code Signing CA EV R36","digitalCertIssuedTo":"Spytech Software and Design Inc.","storeId":"","sourceIndex":"1114","avBlockList":["360 Total Security (20230914)","Avast Premium Security (20230914)","AVG Internet Security (20230914)","Avira Internet Security (20230914)","Bitdefender Internet Security (20230914)","Dr.Web Security Space (20230914)","ESET Internet Security (20230914)","G DATA INTERNET SECURITY (20230914)","K7 Total Security (20230914)","Kaspersky Internet Security (20230914)","Malwarebytes Premium (20230914)","McAfee Total Protection (20230914)","Norton Security (20230914)","Panda Dome (20230914)","Quick Heal Internet Security (20230914)","Sophos Home Premium (20230914)","SpyHunter5 (20230914)","Total AV Antivirus Pro (20230914)","Trend Micro Internet Security (20230914)","VIPRE Advanced Security (20230914)","VirIT eXplorer PRO (20230914)","Webroot SecureAnywhere (20230914)","Windows Defender (20230914)"],"avAllowList":["COMODO Antivirus (20230914)"]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on windows app","reference":"","landingPage":"https://www.spytech-web.com/","directDownloadingLink":"https://spytech-inc.com/dl040218/spyagent13.zip","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://spytech-inc.com/dl040218/spyagent13.zip","sourceIndex":"1114"}],"sampleFiles":["230508/SpyAgent-191118/13.1/Samples/Setup (password=spytech).exe"],"imageFiles":["230508/SpyAgent-191118/13.1/Images/ACR-084/ACR-084.JPG","230508/SpyAgent-191118/13.1/Images/ACR-084/ACR-084_1.JPG","230508/SpyAgent-191118/13.1/Images/ACR-084/ACR-084_2.JPG","230508/SpyAgent-191118/13.1/Images/ACR-084/ACR-084_3.JPG","230508/SpyAgent-191118/13.1/Images/ACR-084/ACR-084_4.JPG","230508/SpyAgent-191118/13.1/Images/ACR-084/ACR-084_5.JPG","230508/SpyAgent-191118/13.1/Images/ACR-097/ACR-097.JPG","230508/SpyAgent-191118/13.1/Images/ACR-097/ACR-097_1.JPG","230508/SpyAgent-191118/13.1/Images/ACR-117/ACR-117.JPG","230508/SpyAgent-191118/13.1/Images/ACR-117/ACR-117_1.JPG","230508/SpyAgent-191118/13.1/Images/ACR-122/ACR-122.JPG","230508/SpyAgent-191118/13.1/Images/ACR-122/ACR-122_1.JPG","230508/SpyAgent-191118/13.1/Images/ACR-124/ACR-124.JPG","230508/SpyAgent-191118/13.1/Images/ACR-124/ACR-124_1.JPG","230508/SpyAgent-191118/13.1/Images/ACR-048/ACR-048.JPG","230508/SpyAgent-191118/13.1/Images/ACR-048/ACR-048_1.JPG","230508/SpyAgent-191118/13.1/Images/ACR-048/ACR-048_2.JPG","230508/SpyAgent-191118/13.1/Images/ACR-048/ACR-048_3.JPG","230508/SpyAgent-191118/13.1/Images/ACR-048/ACR-048_4.JPG","230508/SpyAgent-191118/13.1/Images/ACR-048/ACR-048_5.JPG","230508/SpyAgent-191118/13.1/Images/ACR-007/ACR-007.JPG","230508/SpyAgent-191118/13.1/Images/ACR-007/ACR-007_1.JPG","230508/SpyAgent-191118/13.1/Images/ACR-007/ACR-007_2.JPG","230508/SpyAgent-191118/13.1/Images/ACR-007/ACR-007_3.JPG","230508/SpyAgent-191118/13.1/Images/ACR-007/ACR-007_4.JPG","230508/SpyAgent-191118/13.1/Images/ACR-007/ACR-007_5.JPG","230508/SpyAgent-191118/13.1/Images/ACR-014/ACR-014.JPG","230508/SpyAgent-191118/13.1/Images/ACR-086/ACR-086.JPG","230508/SpyAgent-191118/13.1/Images/ACR-086/ACR-086_1.JPG","230508/SpyAgent-191118/13.1/Images/ACR-086/ACR-086_2.JPG","230508/SpyAgent-191118/13.1/Images/ACR-086/ACR-086_3.JPG","230508/SpyAgent-191118/13.1/Images/ACR-086/ACR-086_4.JPG","230508/SpyAgent-191118/13.1/Images/ACR-086/ACR-086_5.JPG","230508/SpyAgent-191118/13.1/Images/ACR-086/ACR-086_6.JPG"],"nonDeceptorImageFiles":["230508/SpyAgent-191118/13.1/Images/ACR-123/ACR-123.JPG"],"guid":"c747bd61-5145-4863-9958-1a987103008b_13.1_1","appID":"SpyAgent-191118","dateAdded":"231116","deceptorType":"App","name":"SpyAgent","company":"Spytech Software and Design Inc.","version":"13.1","lastKnownStatus":"Deceptor:11.10.19;11.40.20;11.50.20;12.16;13.0;13.1;14.0;14.1","lastKnownDate":"231116","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10,Windows Server","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,paid","lastUpdate":"2023-11-16T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":8,"sortOrder":803},{"violations":{"ACR-048":"1. The app requires a hotkey or password and is limiting the targeted consumer's ability to close, delete, disable, or uninstall the app. \n2. The app does not inform the targeted consumer of how it collects data. It also requires a password to open it.\n","ACR-007":"The app does not provide explicit notification when it is running and it allows the consumer to enable stealth mode, which hides all app activity from the targeted consumer. The app also enables the consumer to require a password and a hotkey to open it. \n","ACR-084":"The app enables the consumer to install it in \"Stealth Mode\", which hides all app icons and notifications. It also enables the consumer to require a password and hotkey to open it.\n","ACR-086":"The app does not inform the consumer how it transfers data. It also requires a hotkey and password to open it, which prevents the targeted consumer from understanding what data is collected and transmitted.\n","ACR-097":"The install prompts the consumer to temporarily disable any Anti-virus software. \n","ACR-117":"When tried to uninstall the app, it displays a prompt stating that the \"Spytech\" app is uninstalled but in actuality, the app does not get uninstalled.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components on the device without the consumer's consent.\n","ACR-122":"When tried to uninstall the app, it displays a prompt stating that the \"Spytech\" app is uninstalled but in actuality, the app does not get uninstalled.\n","ACR-014":"The app calls itself \"sysdiag.exe”, which is not related to the name \"spytech SpyAgent\", which misleads the targeted consumer\n","ACR-124":"When tried to uninstall the app, it displays a prompt stating that the \"Spytech\" app is uninstalled but in actuality, the app does not get uninstalled.\n"},"nonDeceptorViolations":{"ACR-123":"The app does not remove scheduled task even after uninstall.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\sysconfig\\sysdiag.exe","companyName":"","productName":"","productVersion":"","fileVersion":"","hashMD5":"3fa19606c6066b52efcd35bb75ec29e0","hashSHA1":"238b3d5a6df751a8923bf39a976a7d9290cc9614","hashSHA256":"5d12c9e80b6debec44f4cba18ce9ee02c4063c80b7c63f8d76b2a8e739d89998","digitalCertThumbprint":"0F999A1FAF749C55BC095242AD221637850EE6AF","digitalCertIssuer":"Sectigo Public Code Signing CA EV R36","digitalCertIssuedTo":"Spytech Software and Design Inc.","storeId":"","sourceIndex":"1017","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"Setup (password=spytech).exe","isInstaller":"True","companyName":"","productName":"","productVersion":"","fileVersion":"","hashMD5":"1dc5614fdfb5fd21be9a2cacdaef1224","hashSHA1":"4d48aa55ef25f2cbfd35bd90826dfdec6788591a","hashSHA256":"61ee0d89eb9e0a69c02f9f6a7b9a76bbed38706aca9dba2f86edbb097d6c2c6b","digitalCertThumbprint":"0F999A1FAF749C55BC095242AD221637850EE6AF","digitalCertIssuer":"Sectigo Public Code Signing CA EV R36","digitalCertIssuedTo":"Spytech Software and Design Inc.","storeId":"","sourceIndex":"1017","avBlockList":["360 Total Security (20230824)","Avast Premium Security (20230824)","AVG Internet Security (20230824)","Avira Internet Security (20230824)","Bitdefender Internet Security (20230824)","COMODO Antivirus (20230824)","Dr.Web Security Space (20230824)","ESET Internet Security (20230824)","G DATA INTERNET SECURITY (20230824)","K7 Total Security (20230824)","Kaspersky Internet Security (20230824)","Malwarebytes Premium (20230824)","McAfee Total Protection (20230824)","Norton Security (20230824)","Panda Dome (20230824)","Quick Heal Internet Security (20230824)","Sophos Home Premium (20230824)","SpyHunter5 (20230824)","Total AV Antivirus Pro (20230824)","Trend Micro Internet Security (20230824)","VIPRE Advanced Security (20230824)","VirIT eXplorer PRO (20230824)","Webroot SecureAnywhere (20230824)","Windows Defender (20230824)"],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on windows app","reference":"","landingPage":"https://www.spytech-web.com/index.shtml","directDownloadingLink":"https://spytech-inc.com/dl040218/spyagent14.zip","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://spytech-inc.com/dl040218/spyagent14.zip","sourceIndex":"1017"}],"sampleFiles":["230705/SpyAgent-191118/14.0/Samples/Setup (password=spytech).exe"],"imageFiles":["230705/SpyAgent-191118/14.0/Images/ACR-084/ACR-084.JPG","230705/SpyAgent-191118/14.0/Images/ACR-084/ACR-084_1.JPG","230705/SpyAgent-191118/14.0/Images/ACR-084/ACR-084_2.JPG","230705/SpyAgent-191118/14.0/Images/ACR-084/ACR-084_3.JPG","230705/SpyAgent-191118/14.0/Images/ACR-084/ACr-084_4.JPG","230705/SpyAgent-191118/14.0/Images/ACR-084/ACR-084_5.JPG","230705/SpyAgent-191118/14.0/Images/ACR-097/ACR-097.JPG","230705/SpyAgent-191118/14.0/Images/ACR-097/ACR-097_1.JPG","230705/SpyAgent-191118/14.0/Images/ACR-117/ACR-117.JPG","230705/SpyAgent-191118/14.0/Images/ACR-117/ACR-117_1.JPG","230705/SpyAgent-191118/14.0/Images/ACR-118/ACR-118.JPG","230705/SpyAgent-191118/14.0/Images/ACR-122/ACR-122.JPG","230705/SpyAgent-191118/14.0/Images/ACR-122/ACR-122_1.JPG","230705/SpyAgent-191118/14.0/Images/ACR-124/ACR-124.JPG","230705/SpyAgent-191118/14.0/Images/ACR-124/ACR-124_1.JPG","230705/SpyAgent-191118/14.0/Images/ACR-048/ACR-048.JPG","230705/SpyAgent-191118/14.0/Images/ACR-048/ACR-048_1.JPG","230705/SpyAgent-191118/14.0/Images/ACR-048/ACR-048_2.JPG","230705/SpyAgent-191118/14.0/Images/ACR-048/ACR-048_3.JPG","230705/SpyAgent-191118/14.0/Images/ACR-048/ACR-048_4.JPG","230705/SpyAgent-191118/14.0/Images/ACR-048/ACR-048_5.JPG","230705/SpyAgent-191118/14.0/Images/ACR-007/ACR-007.JPG","230705/SpyAgent-191118/14.0/Images/ACR-007/ACR-007_1.JPG","230705/SpyAgent-191118/14.0/Images/ACR-007/ACR-007_2.JPG","230705/SpyAgent-191118/14.0/Images/ACR-007/ACR-007_3.JPG","230705/SpyAgent-191118/14.0/Images/ACR-007/ACR-007_4.JPG","230705/SpyAgent-191118/14.0/Images/ACR-007/ACr-007_5.JPG","230705/SpyAgent-191118/14.0/Images/ACR-014/ACR-014.JPG","230705/SpyAgent-191118/14.0/Images/ACR-086/ACR-086.JPG","230705/SpyAgent-191118/14.0/Images/ACR-086/ACR-086_1.JPG","230705/SpyAgent-191118/14.0/Images/ACR-086/ACR-086_2.JPG","230705/SpyAgent-191118/14.0/Images/ACR-086/ACR-086_3.JPG","230705/SpyAgent-191118/14.0/Images/ACR-086/ACR-086_4.JPG","230705/SpyAgent-191118/14.0/Images/ACR-086/ACR-086_5.JPG"],"nonDeceptorImageFiles":["230705/SpyAgent-191118/14.0/Images/ACR-123/ACR-123.JPG"],"guid":"c747bd61-5145-4863-9958-1a987103008b_14.0_1","appID":"SpyAgent-191118","dateAdded":"231116","deceptorType":"App","name":"SpyAgent","company":"Spytech Software and Design Inc.","version":"14.0","lastKnownStatus":"Deceptor:11.10.19;11.40.20;11.50.20;12.16;13.0;13.1;14.0;14.1","lastKnownDate":"231116","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10,Windows Server","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,paid","lastUpdate":"2023-11-16T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":8,"sortOrder":802},{"violations":{"ACR-048":"1. The app requires a hotkey or password and is limiting the targeted consumer's ability to open, close, delete, disable, or uninstall the app. \n2. The app does not inform the targeted consumer of how it collects data. It also requires a password to open it.\n","ACR-007":"The app does not provide explicit notification when it is running and it allows the consumer to enable stealth mode, which hides all app activity from the targeted consumer. The app also enables the consumer to require a password and a hotkey to open it. \n","ACR-084":"The app enables the consumer to install it in \"Stealth Mode\", which hides all app, app icon, processes, and notifications. It also enables the consumer to require a password and hotkey to open it.\n","ACR-086":"The app does not inform the consumer how it transfers data. It also requires a hotkey and password to open it, which prevents the targeted consumer from understanding what data is collected and transmitted.\n","ACR-097":"The install prompts the consumer to temporarily disable any Anti-virus software. \n","ACR-116":"The app does provide an option to hide its uninstaller from using standard platform method.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components on the device without the consumer's consent.\n","ACR-014":"The app calls itself \"sysdiag.exe”, which is not related to the name \"spytech SpyAgent\", which misleads the targeted consumer\n"},"nonDeceptorViolations":{"ACR-123":"The app does not remove scheduled task even after uninstall.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\sysconfig\\sysdiag.exe","companyName":"","productName":"","productVersion":"","fileVersion":"","hashMD5":"ca42986b8f1a4dd38fed0ab0281b26fc","hashSHA1":"53be5b2a1334d45ef9dcd5839277c4aec5b84683","hashSHA256":"8188c9883b46eceed07cc494ac29a02a1506934fcdd3841ea21d7f30fdfbf16b","digitalCertThumbprint":"0F999A1FAF749C55BC095242AD221637850EE6AF","digitalCertIssuer":"Sectigo Public Code Signing CA EV R36","digitalCertIssuedTo":"Spytech Software and Design Inc.","storeId":"","sourceIndex":"809","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"Setup (password=spytech).exe","isInstaller":"True","companyName":"","productName":"","productVersion":"","fileVersion":"","hashMD5":"5217ea0a5e5f6826f55b6e11addf098f","hashSHA1":"b363f0173dc171c3f8b4a2a4e49de23316b7f40e","hashSHA256":"d06d43488f63eaf56f4afd90e656393a65904e3b049e614d2adb0d8bcf8d3caf","digitalCertThumbprint":"0F999A1FAF749C55BC095242AD221637850EE6AF","digitalCertIssuer":"Sectigo Public Code Signing CA EV R36","digitalCertIssuedTo":"Spytech Software and Design Inc.","storeId":"","sourceIndex":"809","avBlockList":["360 Total Security (20231228)","Avast Premium Security (20231228)","AVG Internet Security (20231228)","Avira Internet Security (20231228)","Bitdefender Internet Security (20231228)","COMODO Antivirus (20231228)","Dr.Web Security Space (20231228)","ESET Internet Security (20231228)","G DATA INTERNET SECURITY (20231228)","K7 Total Security (20231228)","Kaspersky Internet Security (20231228)","Malwarebytes Premium (20231228)","McAfee Total Protection (20231228)","Norton Security (20231228)","Panda Dome (20231228)","Quick Heal Internet Security (20231228)","Sophos Home Premium (20231228)","SpyHunter5 (20231228)","Total AV Antivirus Pro (20231228)","Trend Micro Internet Security (20231228)","VIPRE Advanced Security (20231228)","VirIT eXplorer PRO (20231228)","Webroot SecureAnywhere (20231228)","Windows Defender (20231228)"],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on keylogger app","reference":"","landingPage":"https://www.spytech-web.com/index.shtml","directDownloadingLink":"https://spytech-inc.com/dl040218/spyagent14.zip","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://spytech-inc.com/dl040218/spyagent14.zip","sourceIndex":"809"}],"sampleFiles":["231116/SpyAgent-191118/14.1/Samples/Setup%20(password%3Dspytech).exe"],"imageFiles":["231116/SpyAgent-191118/14.1/Images/ACR-084/ACR-084.PNG","231116/SpyAgent-191118/14.1/Images/ACR-084/ACR-084_1.PNG","231116/SpyAgent-191118/14.1/Images/ACR-084/ACR-084_2.PNG","231116/SpyAgent-191118/14.1/Images/ACR-084/ACR-084_3.PNG","231116/SpyAgent-191118/14.1/Images/ACR-084/ACR-084_5.PNG","231116/SpyAgent-191118/14.1/Images/ACR-097/ACR-097.PNG","231116/SpyAgent-191118/14.1/Images/ACR-097/ACR-097_1.PNG","231116/SpyAgent-191118/14.1/Images/ACR-116/ACR-116.PNG","231116/SpyAgent-191118/14.1/Images/ACR-116/ACR-116_1.PNG","231116/SpyAgent-191118/14.1/Images/ACR-118/ACR-118.PNG","231116/SpyAgent-191118/14.1/Images/ACR-048/ACR-048.PNG","231116/SpyAgent-191118/14.1/Images/ACR-048/ACR-048_1.PNG","231116/SpyAgent-191118/14.1/Images/ACR-048/ACR-048_2.PNG","231116/SpyAgent-191118/14.1/Images/ACR-048/ACR-048_3.PNG","231116/SpyAgent-191118/14.1/Images/ACR-048/ACR-048_4.PNG","231116/SpyAgent-191118/14.1/Images/ACR-048/ACR-048_5.PNG","231116/SpyAgent-191118/14.1/Images/ACR-007/ACR-007.PNG","231116/SpyAgent-191118/14.1/Images/ACR-007/ACR-007_1.PNG","231116/SpyAgent-191118/14.1/Images/ACR-007/ACR-007_2.PNG","231116/SpyAgent-191118/14.1/Images/ACR-007/ACR-007_3.PNG","231116/SpyAgent-191118/14.1/Images/ACR-007/ACR-007_4.PNG","231116/SpyAgent-191118/14.1/Images/ACR-007/ACR-007_5.PNG","231116/SpyAgent-191118/14.1/Images/ACR-014/ACR-014.PNG","231116/SpyAgent-191118/14.1/Images/ACR-086/ACR-086.PNG","231116/SpyAgent-191118/14.1/Images/ACR-086/ACR-086_1.PNG","231116/SpyAgent-191118/14.1/Images/ACR-086/ACR-086_2.PNG","231116/SpyAgent-191118/14.1/Images/ACR-086/ACR-086_3.PNG","231116/SpyAgent-191118/14.1/Images/ACR-086/ACR-086_4.PNG","231116/SpyAgent-191118/14.1/Images/ACR-086/ACR-086_5.PNG"],"nonDeceptorImageFiles":["231116/SpyAgent-191118/14.1/Images/ACR-123/ACR-123.PNG"],"guid":"c747bd61-5145-4863-9958-1a987103008b_14.1_1","appID":"SpyAgent-191118","dateAdded":"231116","deceptorType":"App","name":"SpyAgent","company":"Spytech Software and Design Inc.","version":"14.1","lastKnownStatus":"Deceptor:11.10.19;11.40.20;11.50.20;12.16;13.0;13.1;14.0;14.1","lastKnownDate":"231116","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10,Windows Server","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,paid","lastUpdate":"2023-11-16T19:28:01.9414255+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":8,"sortOrder":801},{"violations":{"ACR-109":"The app downloads \"spt_setup.exe\", a RelevantKnowledge file before disclosure and without the consumer's consent\n","ACR-010":"The app distributes deceptor application. The offer in this app, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software\n","ACR-103":"The \"Buy now\" option in the software and Landing page (https://order.mycommerce.com/cart/view) returns an error page.\n","ACR-118":"Upon uninstallation, it retains some of its components on the device without the user's knowledge and consent.\n","ACR-057":"The app bundles the \"Relevant Knowledge\" offer which does not allow the consumer to decline the offer\n","ACR-071":"It attempts to force the acceptance of \"Relevant Knowledge\" by graying out the Next button when the user choose to Decline. Thus, forcing the user to only accept the offer and proceed with the installation\n","ACR-059":"Offer not clearly marked as an offer. Instead, it is presented as a component of the carrier.\n","ACR-155":"Offers are designed to look like part of the install workflow\n"},"nonDeceptorViolations":{"ACR-106":"App offers deceptive application 'Relevant Knowledge market survey'.\n","ACR-092":"The installer and main executables are not digitally signed\n","ACR-123":"The app does not remove dropped root certificates and other executables even after uninstalling\n"},"samples":[{"isRevoked":"False","fileName":"appletvvideoconverter.exe","isInstaller":"True","companyName":"","productName":"Cute Apple TV Video Converter","productVersion":"                    ","fileVersion":"","hashMD5":"b0fe0a1735cbcdd8ea1616e186777f19","hashSHA1":"fa908aacd9307d8a8e1954054351379ff8030028","hashSHA256":"014ef0c82f8afc8e24d1101caa1c85c26f4454df07e4bc05f99da042038eecea","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","uriToBlock":"","sourceIndex":"815","avBlockList":["360 Total Security (20231214)","Avast Premium Security (20231214)","AVG Internet Security (20231214)","Avira Internet Security (20231214)","Bitdefender Internet Security (20231214)","Dr.Web Security Space (20231214)","ESET Internet Security (20231214)","G DATA INTERNET SECURITY (20231214)","K7 Total Security (20231214)","Kaspersky Internet Security (20231214)","Malwarebytes Premium (20231214)","McAfee Total Protection (20231214)","Norton Security (20231214)","Panda Dome (20231214)","Quick Heal Internet Security (20231214)","Sophos Home Premium (20231214)","SpyHunter5 (20231214)","Total AV Antivirus Pro (20231214)","VIPRE Advanced Security (20231214)","VirIT eXplorer PRO (20231214)","Webroot SecureAnywhere (20231214)","Windows Defender (20231214)"],"avAllowList":["COMODO Antivirus (20231214)","Trend Micro Internet Security (20231214)"]},{"isRevoked":"False","fileName":"audioconverter.exe","isInstaller":"True","companyName":"                                                            ","productName":"Cute Audio Converter Free Vesrion                           ","productVersion":"                                                  ","fileVersion":"                    ","hashMD5":"529143430c3dcd3a12858e7d5fbaa985","hashSHA1":"48f7ec56c78b0f95e5d8ae855810106a4b0dac03","hashSHA256":"33c88839b622d8cd7dd810c3658cd19cb0ad49c91533b8f1a2aec9d219b83da6","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","uriToBlock":"","sourceIndex":"815","avBlockList":["360 Total Security (20231214)","Avast Premium Security (20231214)","AVG Internet Security (20231214)","Avira Internet Security (20231214)","Bitdefender Internet Security (20231214)","COMODO Antivirus (20231214)","Dr.Web Security Space (20231214)","ESET Internet Security (20231214)","G DATA INTERNET SECURITY (20231214)","K7 Total Security (20231214)","Kaspersky Internet Security (20231214)","Malwarebytes Premium (20231214)","McAfee Total Protection (20231214)","Norton Security (20231214)","Panda Dome (20231214)","Quick Heal Internet Security (20231214)","Sophos Home Premium (20231214)","SpyHunter5 (20231214)","Total AV Antivirus Pro (20231214)","VIPRE Advanced Security (20231214)","VirIT eXplorer PRO (20231214)","Webroot SecureAnywhere (20231214)","Windows Defender (20231214)"],"avAllowList":["Trend Micro Internet Security (20231214)"]},{"isRevoked":"False","fileName":"audiomixer.exe","isInstaller":"True","companyName":"                                                            ","productName":"Cute Audio Mixer                                            ","productVersion":"                                                  ","fileVersion":"                    ","hashMD5":"b161d93bab080bcf7748c390cf74e95e","hashSHA1":"b7b51c22c678b9f4c7da4cd021f8aca46716cb85","hashSHA256":"c7641ded564c4460e4f9c5f906d1c804312c5669a189c41c4fcf3b2a4eecd1a2","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","uriToBlock":"","sourceIndex":"815","avBlockList":["360 Total Security (20231214)","Avast Premium Security (20231214)","AVG Internet Security (20231214)","Avira Internet Security (20231214)","Bitdefender Internet Security (20231214)","Dr.Web Security Space (20231214)","ESET Internet Security (20231214)","G DATA INTERNET SECURITY (20231214)","K7 Total Security (20231214)","Kaspersky Internet Security (20231214)","Malwarebytes Premium (20231214)","McAfee Total Protection (20231214)","Norton Security (20231214)","Panda Dome (20231214)","Quick Heal Internet Security (20231214)","Sophos Home Premium (20231214)","SpyHunter5 (20231214)","Total AV Antivirus Pro (20231214)","VIPRE Advanced Security (20231214)","VirIT eXplorer PRO (20231214)","Webroot SecureAnywhere (20231214)","Windows Defender (20231214)"],"avAllowList":["COMODO Antivirus (20231214)","Trend Micro Internet Security (20231214)"]},{"isRevoked":"False","fileName":"aviconverter.exe","isInstaller":"True","companyName":"                                                            ","productName":"Cute AVI Converter                                          ","productVersion":"                                                  ","fileVersion":"                    ","hashMD5":"34af0158863efbe5fbc3280eb0962eba","hashSHA1":"564706b0626ec9c3bdec511f76a80a4f5d296f6a","hashSHA256":"2352a90d24f9a414c749bcf9cd67daa0f54069ea7189f9e4bdac9b4d53d45e30","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","uriToBlock":"","sourceIndex":"815","avBlockList":["360 Total Security (20231219)","Avast Premium Security (20231219)","AVG Internet Security (20231219)","Avira Internet Security (20231219)","Bitdefender Internet Security (20231219)","Dr.Web Security Space (20231219)","ESET Internet Security (20231219)","G DATA INTERNET SECURITY (20231219)","K7 Total Security (20231219)","Kaspersky Internet Security (20231219)","Malwarebytes Premium (20231219)","McAfee Total Protection (20231219)","Norton Security (20231219)","Panda Dome (20231219)","Quick Heal Internet Security (20231219)","Sophos Home Premium (20231219)","SpyHunter5 (20231219)","Total AV Antivirus Pro (20231219)","VIPRE Advanced Security (20231219)","VirIT eXplorer PRO (20231219)","Webroot SecureAnywhere (20231219)","Windows Defender (20231219)"],"avAllowList":["COMODO Antivirus (20231219)","Trend Micro Internet Security (20231219)"]},{"isRevoked":"False","fileName":"avitomovconverter.exe","isInstaller":"True","companyName":"                                                            ","productName":"Cute AVI to MOV Converter                                   ","productVersion":"                                                  ","fileVersion":"                    ","hashMD5":"1d0c5a1604daae0fc4374e9df14ffaa0","hashSHA1":"a4367dd48263ce1511bdc582f08894b7b35c23be","hashSHA256":"391dcf697e414f295b4686a2c2b1cb3539e7243248eeabd865ee00ac6b695ca1","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","uriToBlock":"","sourceIndex":"815","avBlockList":["360 Total Security (20231219)","Avast Premium Security (20231219)","AVG Internet Security (20231219)","Avira Internet Security (20231219)","Bitdefender Internet Security (20231219)","Dr.Web Security Space (20231219)","ESET Internet Security (20231219)","G DATA INTERNET SECURITY (20231219)","K7 Total Security (20231219)","Kaspersky Internet Security (20231219)","Malwarebytes Premium (20231219)","McAfee Total Protection (20231219)","Norton Security (20231219)","Panda Dome (20231219)","Quick Heal Internet Security (20231219)","Sophos Home Premium (20231219)","SpyHunter5 (20231219)","Total AV Antivirus Pro (20231219)","VIPRE Advanced Security (20231219)","VirIT eXplorer PRO (20231219)","Webroot SecureAnywhere (20231219)","Windows Defender (20231219)"],"avAllowList":["COMODO Antivirus (20231219)","Trend Micro Internet Security (20231219)"]},{"isRevoked":"False","fileName":"avitoswfconverter.exe","isInstaller":"True","companyName":"                                                            ","productName":"Cute AVI to SWF Converter                                   ","productVersion":"                                                  ","fileVersion":"                    ","hashMD5":"05505cd5e1cf1d7d4f71321fbf4aad48","hashSHA1":"af0a6810ed644d544614d92625e6660839457ce2","hashSHA256":"0496daea5cd48ace9d4f1eefa2d6e7688d000cf46872bcf687de8fc1f5946763","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","uriToBlock":"","sourceIndex":"815","avBlockList":["360 Total Security (20231219)","Avast Premium Security (20231219)","AVG Internet Security (20231219)","Avira Internet Security (20231219)","Bitdefender Internet Security (20231219)","COMODO Antivirus (20231219)","Dr.Web Security Space (20231219)","ESET Internet Security (20231219)","G DATA INTERNET SECURITY (20231219)","K7 Total Security (20231219)","Kaspersky Internet Security (20231219)","Malwarebytes Premium (20231219)","McAfee Total Protection (20231219)","Norton Security (20231219)","Panda Dome (20231219)","Quick Heal Internet Security (20231219)","Sophos Home Premium (20231219)","SpyHunter5 (20231219)","Total AV Antivirus Pro (20231219)","VIPRE Advanced Security (20231219)","VirIT eXplorer PRO (20231219)","Webroot SecureAnywhere (20231219)","Windows Defender (20231219)"],"avAllowList":["Trend Micro Internet Security (20231219)"]},{"isRevoked":"False","fileName":"cutedvdripper.exe","isInstaller":"True","companyName":"                                                            ","productName":"Cute DVD Ripper                                             ","productVersion":"                                                  ","fileVersion":"                    ","hashMD5":"b4f09df4049e132dbad68853b37f08e2","hashSHA1":"008c8656100e1560caf2407e1d034e1afbd0f132","hashSHA256":"7fac2e25d01e5e6b263fd1478ac3a0ce9dc2e54a39bc262a6c7f5f12d3262452","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","uriToBlock":"","sourceIndex":"815","avBlockList":["360 Total Security (20231219)","Avast Premium Security (20231219)","AVG Internet Security (20231219)","Avira Internet Security (20231219)","Bitdefender Internet Security (20231219)","Dr.Web Security Space (20231219)","ESET Internet Security (20231219)","G DATA INTERNET SECURITY (20231219)","K7 Total Security (20231219)","Kaspersky Internet Security (20231219)","Malwarebytes Premium (20231219)","McAfee Total Protection (20231219)","Norton Security (20231219)","Panda Dome (20231219)","Quick Heal Internet Security (20231219)","Sophos Home Premium (20231219)","SpyHunter5 (20231219)","Total AV Antivirus Pro (20231219)","VIPRE Advanced Security (20231219)","VirIT eXplorer PRO (20231219)","Webroot SecureAnywhere (20231219)","Windows Defender (20231219)"],"avAllowList":["COMODO Antivirus (20231219)","Trend Micro Internet Security (20231219)"]},{"isRevoked":"False","fileName":"divxconverter.exe","isInstaller":"True","companyName":"                                                            ","productName":"Cute DivX Converter                                         ","productVersion":"                                                  ","fileVersion":"                    ","hashMD5":"e03aea4ceedf5ec7dafdf864c827262d","hashSHA1":"638f8e722a6cbef9cf42cc0aacf610a602d98cf3","hashSHA256":"4ef7e5863cc1acfa7cdc9fc2f0c9283abc3205fd966ee108a35372d34fa83034","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","uriToBlock":"","sourceIndex":"815","avBlockList":["360 Total Security (20231219)","Avast Premium Security (20231219)","AVG Internet Security (20231219)","Avira Internet Security (20231219)","Bitdefender Internet Security (20231219)","Dr.Web Security Space (20231219)","ESET Internet Security (20231219)","G DATA INTERNET SECURITY (20231219)","K7 Total Security (20231219)","Kaspersky Internet Security (20231219)","Malwarebytes Premium (20231219)","McAfee Total Protection (20231219)","Norton Security (20231219)","Panda Dome (20231219)","Quick Heal Internet Security (20231219)","Sophos Home Premium (20231219)","SpyHunter5 (20231219)","Total AV Antivirus Pro (20231219)","VIPRE Advanced Security (20231219)","VirIT eXplorer PRO (20231219)","Webroot SecureAnywhere (20231219)","Windows Defender (20231219)"],"avAllowList":["COMODO Antivirus (20231219)","Trend Micro Internet Security (20231219)"]},{"isRevoked":"False","fileName":"dvdto3gpconverter.exe","isInstaller":"True","companyName":"                                                            ","productName":"Cute DVD to 3GP Converter                                   ","productVersion":"                                                  ","fileVersion":"                    ","hashMD5":"19639570c42b6290c742b92addbd53d1","hashSHA1":"a76b9de6f6ac30ac84cfbe7ebad7c5df8648239e","hashSHA256":"bc1921fe6543bbf6fdfccaccd3495f5dd5d9cb746bdeb3cc21c835cc31a3e10e","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","uriToBlock":"","sourceIndex":"815","avBlockList":["360 Total Security (20231219)","Avast Premium Security (20231219)","AVG Internet Security (20231219)","Avira Internet Security (20231219)","Bitdefender Internet Security (20231219)","Dr.Web Security Space (20231219)","ESET Internet Security (20231219)","G DATA INTERNET SECURITY (20231219)","K7 Total Security (20231219)","Kaspersky Internet Security (20231219)","Malwarebytes Premium (20231219)","McAfee Total Protection (20231219)","Norton Security (20231219)","Panda Dome (20231219)","Quick Heal Internet Security (20231219)","Sophos Home Premium (20231219)","SpyHunter5 (20231219)","Total AV Antivirus Pro (20231219)","VIPRE Advanced Security (20231219)","VirIT eXplorer PRO (20231219)","Webroot SecureAnywhere (20231219)","Windows Defender (20231219)"],"avAllowList":["COMODO Antivirus (20231219)","Trend Micro Internet Security (20231219)"]},{"isRevoked":"False","fileName":"dvdtoflvconverter.exe","isInstaller":"True","companyName":"                                                            ","productName":"Cute DVD to FLV Converter                                   ","productVersion":"                                                  ","fileVersion":"                    ","hashMD5":"07178da530eaff4475d06488dc9aeeb9","hashSHA1":"2889b0320261dcae14a7546ae1f913a8f85362de","hashSHA256":"45f6f11dc54fe62cc44b04a95e198676ff5f36684deb10ba9feaf5c7d42b90cc","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","uriToBlock":"","sourceIndex":"815","avBlockList":["360 Total Security (20231219)","Avast Premium Security (20231219)","AVG Internet Security (20231219)","Avira Internet Security (20231219)","Bitdefender Internet Security (20231219)","Dr.Web Security Space (20231219)","ESET Internet Security (20231219)","G DATA INTERNET SECURITY (20231219)","K7 Total Security (20231219)","Kaspersky Internet Security (20231219)","Malwarebytes Premium (20231219)","McAfee Total Protection (20231219)","Norton Security (20231219)","Panda Dome (20231219)","Quick Heal Internet Security (20231219)","Sophos Home Premium (20231219)","SpyHunter5 (20231219)","Total AV Antivirus Pro (20231219)","VIPRE Advanced Security (20231219)","VirIT eXplorer PRO (20231219)","Webroot SecureAnywhere (20231219)","Windows Defender (20231219)"],"avAllowList":["COMODO Antivirus (20231219)","Trend Micro Internet Security (20231219)"]},{"isRevoked":"False","fileName":"dvdtoiphoneconverter.exe","isInstaller":"True","companyName":"                                                            ","productName":"Cute DVD to iPhone Converter                                ","productVersion":"                                                  ","fileVersion":"                    ","hashMD5":"0f375ac8088ef1bae63d6fe1a988e805","hashSHA1":"f646b7ad188da5f7ed0696cf2fac6b970cd31774","hashSHA256":"d106d7e5a81b50a937c4363ec66035ec7efe409427ba3fa0b995b3ac4c4d3a8c","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","uriToBlock":"","sourceIndex":"815","avBlockList":["360 Total Security (20231219)","Avast Premium Security (20231219)","AVG Internet Security (20231219)","Avira Internet Security (20231219)","Bitdefender Internet Security (20231219)","COMODO Antivirus (20231219)","Dr.Web Security Space (20231219)","ESET Internet Security (20231219)","G DATA INTERNET SECURITY (20231219)","K7 Total Security (20231219)","Kaspersky Internet Security (20231219)","Malwarebytes Premium (20231219)","McAfee Total Protection (20231219)","Norton Security (20231219)","Panda Dome (20231219)","Quick Heal Internet Security (20231219)","Sophos Home Premium (20231219)","SpyHunter5 (20231219)","Total AV Antivirus Pro (20231219)","VIPRE Advanced Security (20231219)","VirIT eXplorer PRO (20231219)","Webroot SecureAnywhere (20231219)","Windows Defender (20231219)"],"avAllowList":["Trend Micro Internet Security (20231219)"]},{"isRevoked":"False","fileName":"dvdtoipodconverter.exe","isInstaller":"True","companyName":"                                                            ","productName":"Cute DVD to iPod Converter                                  ","productVersion":"                                                  ","fileVersion":"                    ","hashMD5":"ccb8259f013cfd825014a2942f7a6363","hashSHA1":"4f8d3756cbb735408d252c89218d8bd502249019","hashSHA256":"cde9d274bc82f431afd9f785c8eb56bd0bca492fa30d896680bc1d9571dcdaea","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","uriToBlock":"","sourceIndex":"815","avBlockList":["360 Total Security (20231221)","Avast Premium Security (20231221)","AVG Internet Security (20231221)","Avira Internet Security (20231221)","Bitdefender Internet Security (20231221)","COMODO Antivirus (20231221)","Dr.Web Security Space (20231221)","ESET Internet Security (20231221)","G DATA INTERNET SECURITY (20231221)","K7 Total Security (20231221)","Kaspersky Internet Security (20231221)","Malwarebytes Premium (20231221)","McAfee Total Protection (20231221)","Norton Security (20231221)","Panda Dome (20231221)","Quick Heal Internet Security (20231221)","Sophos Home Premium (20231221)","SpyHunter5 (20231221)","Total AV Antivirus Pro (20231221)","VIPRE Advanced Security (20231221)","VirIT eXplorer PRO (20231221)","Webroot SecureAnywhere (20231221)","Windows Defender (20231221)"],"avAllowList":["Trend Micro Internet Security (20231221)"]},{"isRevoked":"False","fileName":"dvdtomkvconverter.exe","isInstaller":"True","companyName":"                                                            ","productName":"Cute DVD to Mkv Converter                                   ","productVersion":"                                                  ","fileVersion":"                    ","hashMD5":"6b07510d61ec26e9def34fe85d6664c8","hashSHA1":"dcca784ea066f4d177a0dff38d840894255f985c","hashSHA256":"73bf080f2aee2d7b74eccd284bf20756dff7d43b330ea62050ce503c4ec3ffc6","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","uriToBlock":"","sourceIndex":"815","avBlockList":["360 Total Security (20231221)","Avast Premium Security (20231221)","AVG Internet Security (20231221)","Avira Internet Security (20231221)","Bitdefender Internet Security (20231221)","COMODO Antivirus (20231221)","Dr.Web Security Space (20231221)","ESET Internet Security (20231221)","G DATA INTERNET SECURITY (20231221)","K7 Total Security (20231221)","Kaspersky Internet Security (20231221)","Malwarebytes Premium (20231221)","McAfee Total Protection (20231221)","Norton Security (20231221)","Panda Dome (20231221)","Quick Heal Internet Security (20231221)","Sophos Home Premium (20231221)","SpyHunter5 (20231221)","Total AV Antivirus Pro (20231221)","VIPRE Advanced Security (20231221)","VirIT eXplorer PRO (20231221)","Webroot SecureAnywhere (20231221)","Windows Defender (20231221)"],"avAllowList":["Trend Micro Internet Security (20231221)"]},{"isRevoked":"False","fileName":"dvdtomovconverter.exe","isInstaller":"True","companyName":"                                                            ","productName":"Cute DVD to MOV Converter                                   ","productVersion":"                                                  ","fileVersion":"                    ","hashMD5":"df2d910294b3cd88a237ec1468711129","hashSHA1":"d05ada3d929f9fe0aa35f76dfc84e399587beaad","hashSHA256":"b3bbf3d067fd7b915c77ac7a6da9500313868fd09b3d378dd8af6ccb96ca7f87","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","uriToBlock":"","sourceIndex":"815","avBlockList":["360 Total Security (20231221)","Avast Premium Security (20231221)","AVG Internet Security (20231221)","Avira Internet Security (20231221)","Bitdefender Internet Security (20231221)","Dr.Web Security Space (20231221)","ESET Internet Security (20231221)","G DATA INTERNET SECURITY (20231221)","K7 Total Security (20231221)","Kaspersky Internet Security (20231221)","Malwarebytes Premium (20231221)","McAfee Total Protection (20231221)","Norton Security (20231221)","Panda Dome (20231221)","Quick Heal Internet Security (20231221)","Sophos Home Premium (20231221)","SpyHunter5 (20231221)","Total AV Antivirus Pro (20231221)","VIPRE Advanced Security (20231221)","VirIT eXplorer PRO (20231221)","Webroot SecureAnywhere (20231221)","Windows Defender (20231221)"],"avAllowList":["COMODO Antivirus (20231221)","Trend Micro Internet Security (20231221)"]},{"isRevoked":"False","fileName":"dvdtomp4converter.exe","isInstaller":"True","companyName":"                                                            ","productName":"Cute DVD to MP4 Converter                                   ","productVersion":"                                                  ","fileVersion":"                    ","hashMD5":"210cb48b1d7442fe9b7714b13836692e","hashSHA1":"469ec7aff6dfd9ccb0f605b3a35618cae01d2972","hashSHA256":"4549e11dc2c29e0980562f1300cab5234a1c2bf124400a026a20c30e38015fbc","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","uriToBlock":"","sourceIndex":"815","avBlockList":["360 Total Security (20231221)","Avast Premium Security (20231221)","AVG Internet Security (20231221)","Avira Internet Security (20231221)","Bitdefender Internet Security (20231221)","Dr.Web Security Space (20231221)","ESET Internet Security (20231221)","G DATA INTERNET SECURITY (20231221)","K7 Total Security (20231221)","Kaspersky Internet Security (20231221)","Malwarebytes Premium (20231221)","McAfee Total Protection (20231221)","Norton Security (20231221)","Panda Dome (20231221)","Quick Heal Internet Security (20231221)","Sophos Home Premium (20231221)","SpyHunter5 (20231221)","Total AV Antivirus Pro (20231221)","VIPRE Advanced Security (20231221)","VirIT eXplorer PRO (20231221)","Webroot SecureAnywhere (20231221)","Windows Defender (20231221)"],"avAllowList":["COMODO Antivirus (20231221)","Trend Micro Internet Security (20231221)"]},{"isRevoked":"False","fileName":"dvdtopspconverter.exe","isInstaller":"True","companyName":"                                                            ","productName":"Cute DVD to PSP Converter                                   ","productVersion":"                                                  ","fileVersion":"                    ","hashMD5":"b6973d35c0a46b0e7a082363ad1630e0","hashSHA1":"24fba253243fb5b8a75582433164846e54c8b114","hashSHA256":"aaaa622e88d46c9dd34d6f277ee70a3781ffa118561e1bc5aad252d3117946d7","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","uriToBlock":"","sourceIndex":"815","avBlockList":["360 Total Security (20231221)","Avast Premium Security (20231221)","AVG Internet Security (20231221)","Avira Internet Security (20231221)","Bitdefender Internet Security (20231221)","COMODO Antivirus (20231221)","Dr.Web Security Space (20231221)","ESET Internet Security (20231221)","G DATA INTERNET SECURITY (20231221)","K7 Total Security (20231221)","Kaspersky Internet Security (20231221)","Malwarebytes Premium (20231221)","McAfee Total Protection (20231221)","Norton Security (20231221)","Panda Dome (20231221)","Quick Heal Internet Security (20231221)","Sophos Home Premium (20231221)","SpyHunter5 (20231221)","Total AV Antivirus Pro (20231221)","VIPRE Advanced Security (20231221)","VirIT eXplorer PRO (20231221)","Webroot SecureAnywhere (20231221)","Windows Defender (20231221)"],"avAllowList":["Trend Micro Internet Security (20231221)"]},{"isRevoked":"False","fileName":"dvdtoswfconverter.exe","isInstaller":"True","companyName":"                                                            ","productName":"Cute DVD to SWF Converter                                   ","productVersion":"                                                  ","fileVersion":"                    ","hashMD5":"2b850766731f8b024e038295fb46149c","hashSHA1":"19a78ac54407257d091bb256568ed6ad18b4be7b","hashSHA256":"96d399be0e47fe165a95821cef0b7fc772e868a80158d8237f9554eb5ea00fd1","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","uriToBlock":"","sourceIndex":"815","avBlockList":["360 Total Security (20231221)","Avast Premium Security (20231221)","AVG Internet Security (20231221)","Avira Internet Security (20231221)","Bitdefender Internet Security (20231221)","COMODO Antivirus (20231221)","Dr.Web Security Space (20231221)","ESET Internet Security (20231221)","G DATA INTERNET SECURITY (20231221)","K7 Total Security (20231221)","Kaspersky Internet Security (20231221)","Malwarebytes Premium (20231221)","McAfee Total Protection (20231221)","Norton Security (20231221)","Panda Dome (20231221)","Quick Heal Internet Security (20231221)","Sophos Home Premium (20231221)","SpyHunter5 (20231221)","Total AV Antivirus Pro (20231221)","VIPRE Advanced Security (20231221)","VirIT eXplorer PRO (20231221)","Webroot SecureAnywhere (20231221)","Windows Defender (20231221)"],"avAllowList":["Trend Micro Internet Security (20231221)"]},{"isRevoked":"False","fileName":"dvdtoxboxconverter.exe","isInstaller":"True","companyName":"                                                            ","productName":"Cute DVD to Xbox Converter                                  ","productVersion":"                                                  ","fileVersion":"                    ","hashMD5":"6798c634a588285abf7e786d4765d187","hashSHA1":"91f980f3d4bb7f3b567dd223fb11d57de89cb415","hashSHA256":"9876603d8890a85d4cbae936850180ef74941e957fb317a389ee47f7c6bd6473","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","uriToBlock":"","sourceIndex":"815","avBlockList":["360 Total Security (20231221)","Avast Premium Security (20231221)","AVG Internet Security (20231221)","Avira Internet Security (20231221)","Bitdefender Internet Security (20231221)","COMODO Antivirus (20231221)","Dr.Web Security Space (20231221)","ESET Internet Security (20231221)","G DATA INTERNET SECURITY (20231221)","K7 Total Security (20231221)","Kaspersky Internet Security (20231221)","Malwarebytes Premium (20231221)","McAfee Total Protection (20231221)","Norton Security (20231221)","Panda Dome (20231221)","Quick Heal Internet Security (20231221)","Sophos Home Premium (20231221)","SpyHunter5 (20231221)","Total AV Antivirus Pro (20231221)","VIPRE Advanced Security (20231221)","VirIT eXplorer PRO (20231221)","Webroot SecureAnywhere (20231221)","Windows Defender (20231221)"],"avAllowList":["Trend Micro Internet Security (20231221)"]},{"isRevoked":"False","fileName":"dvdtozuneconverter.exe","isInstaller":"True","companyName":"                                                            ","productName":"Cute DVD to Zune Converter                                  ","productVersion":"                                                  ","fileVersion":"                    ","hashMD5":"31fe3988041e52c5a49b05580c766fb2","hashSHA1":"c989940aaecda4d1f1f524633f290c338a5ee22b","hashSHA256":"cd660b30a04453861562b9f8a87f8b79f14bbba457727e0ec26c8ad4b0707bf1","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","uriToBlock":"","sourceIndex":"815","avBlockList":["360 Total Security (20231221)","Avast Premium Security (20231221)","AVG Internet Security (20231221)","Avira Internet Security (20231221)","Bitdefender Internet Security (20231221)","Dr.Web Security Space (20231221)","ESET Internet Security (20231221)","G DATA INTERNET SECURITY (20231221)","K7 Total Security (20231221)","Kaspersky Internet Security (20231221)","Malwarebytes Premium (20231221)","McAfee Total Protection (20231221)","Norton Security (20231221)","Panda Dome (20231221)","Quick Heal Internet Security (20231221)","Sophos Home Premium (20231221)","SpyHunter5 (20231221)","Total AV Antivirus Pro (20231221)","VIPRE Advanced Security (20231221)","VirIT eXplorer PRO (20231221)","Webroot SecureAnywhere (20231221)","Windows Defender (20231221)"],"avAllowList":["COMODO Antivirus (20231221)","Trend Micro Internet Security (20231221)"]},{"isRevoked":"False","fileName":"flvstreamingvideo.exe","isInstaller":"True","companyName":"                                                            ","productName":"Cute FLV Streaming Video Free Version                       ","productVersion":"                                                  ","fileVersion":"                    ","hashMD5":"5249dd768c5df9e4eda63baf3c75c9b6","hashSHA1":"1ea60fcf6b0f9373a1101638d9abd30d087d747e","hashSHA256":"6823a097ffa23dcee2042b709e4e1b6d24871a2ae1b030cbedd5ed0c5f7e88d6","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","uriToBlock":"","sourceIndex":"815","avBlockList":["360 Total Security (20231221)","Avast Premium Security (20231221)","AVG Internet Security (20231221)","Avira Internet Security (20231221)","Bitdefender Internet Security (20231221)","COMODO Antivirus (20231221)","Dr.Web Security Space (20231221)","ESET Internet Security (20231221)","G DATA INTERNET SECURITY (20231221)","K7 Total Security (20231221)","Kaspersky Internet Security (20231221)","Malwarebytes Premium (20231221)","McAfee Total Protection (20231221)","Norton Security (20231221)","Panda Dome (20231221)","Quick Heal Internet Security (20231221)","Sophos Home Premium (20231221)","SpyHunter5 (20231221)","Total AV Antivirus Pro (20231221)","VIPRE Advanced Security (20231221)","VirIT eXplorer PRO (20231221)","Webroot SecureAnywhere (20231221)"],"avAllowList":["Trend Micro Internet Security (20231221)","Windows Defender (20231221)"]},{"isRevoked":"False","fileName":"flvtoswfconverter.exe","isInstaller":"True","companyName":"                                                            ","productName":"Cute FLV to SWF Converter                                   ","productVersion":"                                                  ","fileVersion":"                    ","hashMD5":"14efed3491e4af8b836346abf300013e","hashSHA1":"f5253833702985786471bd85fd6a718b1e4ece43","hashSHA256":"265c1f83a4d37d55965a193eb2942ca17b8b73b58feb522be38632d22387d35c","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","uriToBlock":"","sourceIndex":"815","avBlockList":["360 Total Security (20231221)","Avast Premium Security (20231221)","AVG Internet Security (20231221)","Avira Internet Security (20231221)","Bitdefender Internet Security (20231221)","COMODO Antivirus (20231221)","Dr.Web Security Space (20231221)","ESET Internet Security (20231221)","G DATA INTERNET SECURITY (20231221)","K7 Total Security (20231221)","Kaspersky Internet Security (20231221)","Malwarebytes Premium (20231221)","McAfee Total Protection (20231221)","Norton Security (20231221)","Panda Dome (20231221)","Quick Heal Internet Security (20231221)","Sophos Home Premium (20231221)","SpyHunter5 (20231221)","Total AV Antivirus Pro (20231221)","VIPRE Advanced Security (20231221)","VirIT eXplorer PRO (20231221)","Webroot SecureAnywhere (20231221)","Windows Defender (20231221)"],"avAllowList":["Trend Micro Internet Security (20231221)"]},{"isRevoked":"False","fileName":"flvvideoconverter.exe","isInstaller":"True","companyName":"                                                            ","productName":"Cute FLV Video Converter                                    ","productVersion":"                                                  ","fileVersion":"                    ","hashMD5":"86ebad1565d045cc2a4d6793a7a53c7d","hashSHA1":"8b36e933098aea501632039ee63ad9db71e24f32","hashSHA256":"61a945614789d77b57d10a8e2320b05a383626931b629a2d705d9ade48f34633","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","uriToBlock":"","sourceIndex":"815","avBlockList":["360 Total Security (20231221)","Avast Premium Security (20231221)","AVG Internet Security (20231221)","Avira Internet Security (20231221)","Bitdefender Internet Security (20231221)","Dr.Web Security Space (20231221)","ESET Internet Security (20231221)","G DATA INTERNET SECURITY (20231221)","K7 Total Security (20231221)","Kaspersky Internet Security (20231221)","Malwarebytes Premium (20231221)","McAfee Total Protection (20231221)","Norton Security (20231221)","Panda Dome (20231221)","Quick Heal Internet Security (20231221)","Sophos Home Premium (20231221)","SpyHunter5 (20231221)","Total AV Antivirus Pro (20231221)","VIPRE Advanced Security (20231221)","VirIT eXplorer PRO (20231221)","Webroot SecureAnywhere (20231221)","Windows Defender (20231221)"],"avAllowList":["COMODO Antivirus (20231221)","Trend Micro Internet Security (20231221)"]},{"isRevoked":"False","fileName":"gifconverter.exe","isInstaller":"True","companyName":"                                                            ","productName":"Cute Video to GIF Converter                                 ","productVersion":"                                                  ","fileVersion":"                    ","hashMD5":"5d74ced97d93613f80a5ae9355a34269","hashSHA1":"35cc586d4f7a24febd364c9f2b1e0f4a66e1ff6b","hashSHA256":"9a61c51f461bb6521815c2b11f3c0d5a0c638aecbe94579e0786fd4a503fcae1","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","uriToBlock":"","sourceIndex":"815","avBlockList":["360 Total Security (20231221)","Avast Premium Security (20231221)","AVG Internet Security (20231221)","Avira Internet Security (20231221)","Bitdefender Internet Security (20231221)","Dr.Web Security Space (20231221)","ESET Internet Security (20231221)","G DATA INTERNET SECURITY (20231221)","K7 Total Security (20231221)","Kaspersky Internet Security (20231221)","Malwarebytes Premium (20231221)","McAfee Total Protection (20231221)","Norton Security (20231221)","Panda Dome (20231221)","Quick Heal Internet Security (20231221)","Sophos Home Premium (20231221)","SpyHunter5 (20231221)","Total AV Antivirus Pro (20231221)","VIPRE Advanced Security (20231221)","VirIT eXplorer PRO (20231221)","Webroot SecureAnywhere (20231221)","Windows Defender (20231221)"],"avAllowList":["COMODO Antivirus (20231221)","Trend Micro Internet Security (20231221)"]},{"isRevoked":"False","fileName":"hdvideoconverter.exe","isInstaller":"True","companyName":"                                                            ","productName":"Cute HD Video Converter                                     ","productVersion":"                                                  ","fileVersion":"                    ","hashMD5":"6748e4a3e760c973204670a609ad6246","hashSHA1":"301cf2b072051386a73c88b4b5fc8ae23c062f05","hashSHA256":"07fd5df2afc1eea8677a526591729e17cc054648c790e3821885a0dac928d87f","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","uriToBlock":"","sourceIndex":"815","avBlockList":["360 Total Security (20231221)","Avast Premium Security (20231221)","AVG Internet Security (20231221)","Avira Internet Security (20231221)","Bitdefender Internet Security (20231221)","COMODO Antivirus (20231221)","Dr.Web Security Space (20231221)","ESET Internet Security (20231221)","G DATA INTERNET SECURITY (20231221)","K7 Total Security (20231221)","Kaspersky Internet Security (20231221)","Malwarebytes Premium (20231221)","McAfee Total Protection (20231221)","Norton Security (20231221)","Panda Dome (20231221)","Quick Heal Internet Security (20231221)","Sophos Home Premium (20231221)","SpyHunter5 (20231221)","Total AV Antivirus Pro (20231221)","VIPRE Advanced Security (20231221)","VirIT eXplorer PRO (20231221)","Webroot SecureAnywhere (20231221)","Windows Defender (20231221)"],"avAllowList":["Trend Micro Internet Security (20231221)"]},{"isRevoked":"False","fileName":"iphonevideoconverter.exe","isInstaller":"True","companyName":"                                                            ","productName":"Cute iPhone Video Converter                                 ","productVersion":"                                                  ","fileVersion":"                    ","hashMD5":"74a83bb41700bd7321e1f6168fe66202","hashSHA1":"3a5dae765f3b8bd4982bf0fb48e76f506ec0016e","hashSHA256":"14549ec516738d9a8c5cabeac060ba35d4e80619cd3150db13a8adc9ec47f4ba","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","uriToBlock":"","sourceIndex":"815","avBlockList":["360 Total Security (20231226)","Avast Premium Security (20231226)","AVG Internet Security (20231226)","Avira Internet Security (20231226)","Bitdefender Internet Security (20231226)","COMODO Antivirus (20231226)","Dr.Web Security Space (20231226)","ESET Internet Security (20231226)","G DATA INTERNET SECURITY (20231226)","K7 Total Security (20231226)","Kaspersky Internet Security (20231226)","Malwarebytes Premium (20231226)","McAfee Total Protection (20231226)","Norton Security (20231226)","Panda Dome (20231226)","Quick Heal Internet Security (20231226)","Sophos Home Premium (20231226)","SpyHunter5 (20231226)","Total AV Antivirus Pro (20231226)","VIPRE Advanced Security (20231226)","VirIT eXplorer PRO (20231226)","Webroot SecureAnywhere (20231226)","Windows Defender (20231226)"],"avAllowList":["Trend Micro Internet Security (20231226)"]},{"isRevoked":"False","fileName":"ipodvideoconverter.exe","isInstaller":"True","companyName":"                                                            ","productName":"Cute iPod Video Converter                                   ","productVersion":"                                                  ","fileVersion":"                    ","hashMD5":"bd2768e7713eb2c4f96abf2c8178a252","hashSHA1":"d31ff29c1f2c6b9e6e9e87a29480b54a1dcc530d","hashSHA256":"03dab2f0b30ead37347fb354a773e3ae3f3b8262e3ddb9eaded19a2caa46505a","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","uriToBlock":"","sourceIndex":"815","avBlockList":["360 Total Security (20231226)","Avast Premium Security (20231226)","AVG Internet Security (20231226)","Avira Internet Security (20231226)","Bitdefender Internet Security (20231226)","COMODO Antivirus (20231226)","Dr.Web Security Space (20231226)","ESET Internet Security (20231226)","G DATA INTERNET SECURITY (20231226)","K7 Total Security (20231226)","Kaspersky Internet Security (20231226)","Malwarebytes Premium (20231226)","McAfee Total Protection (20231226)","Norton Security (20231226)","Panda Dome (20231226)","Quick Heal Internet Security (20231226)","Sophos Home Premium (20231226)","SpyHunter5 (20231226)","Total AV Antivirus Pro (20231226)","VIPRE Advanced Security (20231226)","VirIT eXplorer PRO (20231226)","Webroot SecureAnywhere (20231226)","Windows Defender (20231226)"],"avAllowList":["Trend Micro Internet Security (20231226)"]},{"isRevoked":"False","fileName":"mobilevideoconverter.exe","isInstaller":"True","companyName":"                                                            ","productName":"Cute Mobile Video Converter                                 ","productVersion":"                                                  ","fileVersion":"                    ","hashMD5":"5c1de8a3634bbb6bf4d9099f2f7c8a88","hashSHA1":"53565b20f01f8bd16cea1b0cbbdb8ca67821ee96","hashSHA256":"899b5a40fb6b1325bc8bb104fdbb8d3c7eb66c2d7ca7ec542da77f3311b4f5f4","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","uriToBlock":"","sourceIndex":"815","avBlockList":["360 Total Security (20231226)","Avast Premium Security (20231226)","AVG Internet Security (20231226)","Avira Internet Security (20231226)","Bitdefender Internet Security (20231226)","COMODO Antivirus (20231226)","Dr.Web Security Space (20231226)","ESET Internet Security (20231226)","G DATA INTERNET SECURITY (20231226)","K7 Total Security (20231226)","Kaspersky Internet Security (20231226)","Malwarebytes Premium (20231226)","McAfee Total Protection (20231226)","Norton Security (20231226)","Panda Dome (20231226)","Quick Heal Internet Security (20231226)","Sophos Home Premium (20231226)","SpyHunter5 (20231226)","Total AV Antivirus Pro (20231226)","VIPRE Advanced Security (20231226)","VirIT eXplorer PRO (20231226)","Webroot SecureAnywhere (20231226)","Windows Defender (20231226)"],"avAllowList":["Trend Micro Internet Security (20231226)"]},{"isRevoked":"False","fileName":"movtoflvconverter.exe","isInstaller":"True","companyName":"                                                            ","productName":"Cute MOV to FLV Converter                                   ","productVersion":"                                                  ","fileVersion":"                    ","hashMD5":"5099c18ded3efc799977512f12314734","hashSHA1":"d91e9ba8d736a1c1f9b63cce1977ccac8ac62b4b","hashSHA256":"5f9150a8045a43245e3aa4e8215e0d6fa5f493459c547908dd5e5eeee3757a73","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","uriToBlock":"","sourceIndex":"815","avBlockList":["360 Total Security (20231226)","Avast Premium Security (20231226)","AVG Internet Security (20231226)","Avira Internet Security (20231226)","Bitdefender Internet Security (20231226)","COMODO Antivirus (20231226)","Dr.Web Security Space (20231226)","ESET Internet Security (20231226)","G DATA INTERNET SECURITY (20231226)","K7 Total Security (20231226)","Kaspersky Internet Security (20231226)","Malwarebytes Premium (20231226)","McAfee Total Protection (20231226)","Norton Security (20231226)","Panda Dome (20231226)","Quick Heal Internet Security (20231226)","Sophos Home Premium (20231226)","SpyHunter5 (20231226)","Total AV Antivirus Pro (20231226)","VIPRE Advanced Security (20231226)","VirIT eXplorer PRO (20231226)","Webroot SecureAnywhere (20231226)","Windows Defender (20231226)"],"avAllowList":["Trend Micro Internet Security (20231226)"]},{"isRevoked":"False","fileName":"mp4toaviconverter.exe","isInstaller":"True","companyName":"                                                            ","productName":"Cute MP4 to AVI Converter                                   ","productVersion":"                                                  ","fileVersion":"                    ","hashMD5":"2a5b4eb7d0482c1480b9961805f429ca","hashSHA1":"921d35d288ffa965ac8d96d592d3fdeeaf1508aa","hashSHA256":"7966ed4dbf2a89ba5a87601988626549d7fd14d4d01a388c8e47ba7dd67a6d72","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","uriToBlock":"","sourceIndex":"815","avBlockList":["360 Total Security (20231226)","Avast Premium Security (20231226)","AVG Internet Security (20231226)","Avira Internet Security (20231226)","Bitdefender Internet Security (20231226)","Dr.Web Security Space (20231226)","ESET Internet Security (20231226)","G DATA INTERNET SECURITY (20231226)","K7 Total Security (20231226)","Kaspersky Internet Security (20231226)","Malwarebytes Premium (20231226)","McAfee Total Protection (20231226)","Norton Security (20231226)","Panda Dome (20231226)","Quick Heal Internet Security (20231226)","Sophos Home Premium (20231226)","SpyHunter5 (20231226)","Total AV Antivirus Pro (20231226)","VIPRE Advanced Security (20231226)","VirIT eXplorer PRO (20231226)","Webroot SecureAnywhere (20231226)","Windows Defender (20231226)"],"avAllowList":["COMODO Antivirus (20231226)","Trend Micro Internet Security (20231226)"]},{"isRevoked":"False","fileName":"photoslideshow.exe","isInstaller":"True","companyName":"                                                            ","productName":"Cute Photo Slideshow Free Version                           ","productVersion":"                                                  ","fileVersion":"                    ","hashMD5":"14bfccd5d3ab3a30c9b3803a042a1401","hashSHA1":"273a6adbf197678a6dcdc0dfab3b7573021225cb","hashSHA256":"472aa398981c7cca5d905f37c473845ec4ea243b3235753b83d6439a4999f155","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","uriToBlock":"","sourceIndex":"815","avBlockList":["360 Total Security (20231226)","Avast Premium Security (20231226)","AVG Internet Security (20231226)","Avira Internet Security (20231226)","Bitdefender Internet Security (20231226)","COMODO Antivirus (20231226)","Dr.Web Security Space (20231226)","ESET Internet Security (20231226)","G DATA INTERNET SECURITY (20231226)","K7 Total Security (20231226)","Kaspersky Internet Security (20231226)","Malwarebytes Premium (20231226)","McAfee Total Protection (20231226)","Norton Security (20231226)","Panda Dome (20231226)","Quick Heal Internet Security (20231226)","Sophos Home Premium (20231226)","SpyHunter5 (20231226)","Total AV Antivirus Pro (20231226)","VIPRE Advanced Security (20231226)","VirIT eXplorer PRO (20231226)","Webroot SecureAnywhere (20231226)","Windows Defender (20231226)"],"avAllowList":["Trend Micro Internet Security (20231226)"]},{"isRevoked":"False","fileName":"pspvideoconverter.exe","isInstaller":"True","companyName":"                                                            ","productName":"Cute PSP Video Converter                                    ","productVersion":"                                                  ","fileVersion":"                    ","hashMD5":"561178e29bb164a8c7fb1a1f4f320936","hashSHA1":"b087d36f4666d0435c7715bf77f7b62e5451e543","hashSHA256":"43bf763472baaf874292a01db9aaf8d3b6de3ff507d5e9bc05c58458d9db7067","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","uriToBlock":"","sourceIndex":"815","avBlockList":["360 Total Security (20231226)","Avast Premium Security (20231226)","AVG Internet Security (20231226)","Avira Internet Security (20231226)","Bitdefender Internet Security (20231226)","COMODO Antivirus (20231226)","Dr.Web Security Space (20231226)","ESET Internet Security (20231226)","G DATA INTERNET SECURITY (20231226)","K7 Total Security (20231226)","Kaspersky Internet Security (20231226)","Malwarebytes Premium (20231226)","McAfee Total Protection (20231226)","Norton Security (20231226)","Panda Dome (20231226)","Quick Heal Internet Security (20231226)","Sophos Home Premium (20231226)","SpyHunter5 (20231226)","Total AV Antivirus Pro (20231226)","VIPRE Advanced Security (20231226)","VirIT eXplorer PRO (20231226)","Webroot SecureAnywhere (20231226)","Windows Defender (20231226)"],"avAllowList":["Trend Micro Internet Security (20231226)"]},{"isRevoked":"False","fileName":"screenrecorderfree.exe","isInstaller":"True","companyName":"                                                            ","productName":"Cute Screen Recorder Free Version                           ","productVersion":"                                                  ","fileVersion":"                    ","hashMD5":"8e54fd3a9c02cc0fe35f474e8698a5c2","hashSHA1":"6b1647cbbbe0e11ccb0f538f32e4f7132d683b33","hashSHA256":"eb22ffe6905c3d6f892fe04d711a6bfa15cc124ad74924309b959813353b7669","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","uriToBlock":"","sourceIndex":"815","avBlockList":["360 Total Security (20231226)","Avast Premium Security (20231226)","AVG Internet Security (20231226)","Avira Internet Security (20231226)","Bitdefender Internet Security (20231226)","Dr.Web Security Space (20231226)","ESET Internet Security (20231226)","G DATA INTERNET SECURITY (20231226)","K7 Total Security (20231226)","Kaspersky Internet Security (20231226)","Malwarebytes Premium (20231226)","McAfee Total Protection (20231226)","Norton Security (20231226)","Panda Dome (20231226)","Quick Heal Internet Security (20231226)","Sophos Home Premium (20231226)","SpyHunter5 (20231226)","Total AV Antivirus Pro (20231226)","VIPRE Advanced Security (20231226)","VirIT eXplorer PRO (20231226)","Webroot SecureAnywhere (20231226)","Windows Defender (20231226)"],"avAllowList":["COMODO Antivirus (20231226)","Trend Micro Internet Security (20231226)"]},{"isRevoked":"False","fileName":"swfconverter.exe","isInstaller":"True","companyName":"                                                            ","productName":"Cute SWF Converter                                          ","productVersion":"                                                  ","fileVersion":"                    ","hashMD5":"6f084dc99ef1b40d23c8383ab0bbb138","hashSHA1":"2dc8ec98cb40f65da185746a0686d41295a762eb","hashSHA256":"adfe9c600e6ba30fb556b8f1d39c296e8acd3a7d9621a25ea8c671f714351901","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","uriToBlock":"","sourceIndex":"815","avBlockList":["360 Total Security (20231226)","Avast Premium Security (20231226)","AVG Internet Security (20231226)","Avira Internet Security (20231226)","Bitdefender Internet Security (20231226)","COMODO Antivirus (20231226)","Dr.Web Security Space (20231226)","ESET Internet Security (20231226)","G DATA INTERNET SECURITY (20231226)","K7 Total Security (20231226)","Kaspersky Internet Security (20231226)","Malwarebytes Premium (20231226)","McAfee Total Protection (20231226)","Norton Security (20231226)","Panda Dome (20231226)","Quick Heal Internet Security (20231226)","Sophos Home Premium (20231226)","SpyHunter5 (20231226)","Total AV Antivirus Pro (20231226)","VIPRE Advanced Security (20231226)","VirIT eXplorer PRO (20231226)","Webroot SecureAnywhere (20231226)","Windows Defender (20231226)"],"avAllowList":["Trend Micro Internet Security (20231226)"]},{"isRevoked":"False","fileName":"videocutter.exe","isInstaller":"True","companyName":"                                                            ","productName":"Cute Video Cutter                                           ","productVersion":"                                                  ","fileVersion":"                    ","hashMD5":"50cbed9f3e5c865c3f1ac6db359e4084","hashSHA1":"7b5363797dcbc9ac722ff7a486cfa7aac50a809a","hashSHA256":"4dd6ec87573815dbbf9dac9f7fc9c5d471a752cafc13cde47777770d46fdbeb1","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","uriToBlock":"","sourceIndex":"815","avBlockList":["360 Total Security (20231226)","Avast Premium Security (20231226)","AVG Internet Security (20231226)","Avira Internet Security (20231226)","Bitdefender Internet Security (20231226)","COMODO Antivirus (20231226)","Dr.Web Security Space (20231226)","ESET Internet Security (20231226)","G DATA INTERNET SECURITY (20231226)","K7 Total Security (20231226)","Kaspersky Internet Security (20231226)","Malwarebytes Premium (20231226)","McAfee Total Protection (20231226)","Norton Security (20231226)","Panda Dome (20231226)","Quick Heal Internet Security (20231226)","Sophos Home Premium (20231226)","SpyHunter5 (20231226)","Total AV Antivirus Pro (20231226)","VIPRE Advanced Security (20231226)","VirIT eXplorer PRO (20231226)","Webroot SecureAnywhere (20231226)","Windows Defender (20231226)"],"avAllowList":["Trend Micro Internet Security (20231226)"]},{"isRevoked":"False","fileName":"videodubfree.exe","isInstaller":"True","companyName":"                                                            ","productName":"Cute Video Dub Free Version                                 ","productVersion":"                                                  ","fileVersion":"                    ","hashMD5":"4f840a6ebeba9aad37e9b4988c3e5ce4","hashSHA1":"6eb2b453cac2804a61f2201bbb2c8064146c9599","hashSHA256":"7d1274344aa43d74a4fd6867e095ca2f6b74507779f154471d671cddc4ffa2fa","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","uriToBlock":"","sourceIndex":"815","avBlockList":["360 Total Security (20231226)","Avast Premium Security (20231226)","AVG Internet Security (20231226)","Avira Internet Security (20231226)","Bitdefender Internet Security (20231226)","COMODO Antivirus (20231226)","Dr.Web Security Space (20231226)","ESET Internet Security (20231226)","G DATA INTERNET SECURITY (20231226)","K7 Total Security (20231226)","Kaspersky Internet Security (20231226)","Malwarebytes Premium (20231226)","McAfee Total Protection (20231226)","Norton Security (20231226)","Panda Dome (20231226)","Quick Heal Internet Security (20231226)","Sophos Home Premium (20231226)","SpyHunter5 (20231226)","Total AV Antivirus Pro (20231226)","VIPRE Advanced Security (20231226)","VirIT eXplorer PRO (20231226)","Webroot SecureAnywhere (20231226)","Windows Defender (20231226)"],"avAllowList":["Trend Micro Internet Security (20231226)"]},{"isRevoked":"False","fileName":"videotoaudioconverter.exe","isInstaller":"True","companyName":"                                                            ","productName":"Cute Video to Audio Converter                               ","productVersion":"                                                  ","fileVersion":"                    ","hashMD5":"4b0e426f4afeb88cf659fa9843638cdd","hashSHA1":"19ba9e4793b1e6238250ba6d4f2c2dd0863f17aa","hashSHA256":"e26a66eb4fed6d6311bfb16e221c65d6ace3e8772cbe4cfd10c56e34e8f321aa","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","uriToBlock":"","sourceIndex":"815","avBlockList":["360 Total Security (20231228)","Avast Premium Security (20231228)","AVG Internet Security (20231228)","Avira Internet Security (20231228)","Bitdefender Internet Security (20231228)","COMODO Antivirus (20231228)","Dr.Web Security Space (20231228)","ESET Internet Security (20231228)","G DATA INTERNET SECURITY (20231228)","K7 Total Security (20231228)","Kaspersky Internet Security (20231228)","Malwarebytes Premium (20231228)","McAfee Total Protection (20231228)","Norton Security (20231228)","Panda Dome (20231228)","Quick Heal Internet Security (20231228)","Sophos Home Premium (20231228)","SpyHunter5 (20231228)","Total AV Antivirus Pro (20231228)","VIPRE Advanced Security (20231228)","VirIT eXplorer PRO (20231228)","Webroot SecureAnywhere (20231228)","Windows Defender (20231228)"],"avAllowList":["Trend Micro Internet Security (20231228)"]},{"isRevoked":"False","fileName":"videowatermark.exe","isInstaller":"True","companyName":"                                                            ","productName":"Cute Video Watermark                                        ","productVersion":"                                                  ","fileVersion":"                    ","hashMD5":"51a646854e9536229cc5f0405b1d9c44","hashSHA1":"d60dd8eb9263691a84b0d1c9f54c2dc99f5ee247","hashSHA256":"c106bbf3864d271c9ada93fa918e9387090ff05056454dc77a5b71751cca9dfd","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","uriToBlock":"","sourceIndex":"815","avBlockList":["360 Total Security (20231228)","Avast Premium Security (20231228)","AVG Internet Security (20231228)","Avira Internet Security (20231228)","Bitdefender Internet Security (20231228)","COMODO Antivirus (20231228)","Dr.Web Security Space (20231228)","ESET Internet Security (20231228)","G DATA INTERNET SECURITY (20231228)","K7 Total Security (20231228)","Kaspersky Internet Security (20231228)","Malwarebytes Premium (20231228)","McAfee Total Protection (20231228)","Norton Security (20231228)","Panda Dome (20231228)","Quick Heal Internet Security (20231228)","Sophos Home Premium (20231228)","SpyHunter5 (20231228)","Total AV Antivirus Pro (20231228)","VIPRE Advanced Security (20231228)","VirIT eXplorer PRO (20231228)","Webroot SecureAnywhere (20231228)","Windows Defender (20231228)"],"avAllowList":["Trend Micro Internet Security (20231228)"]},{"isRevoked":"False","fileName":"wmv3gpconverter.exe","isInstaller":"True","companyName":"                                                            ","productName":"Cute WMV 3GP Converter                                      ","productVersion":"                                                  ","fileVersion":"                    ","hashMD5":"bd672aba009a4fa6efb31b5d7d93f2bb","hashSHA1":"569b76701ed273f3ad5b67b9df883a908c53dfef","hashSHA256":"256c0343cc02706c1736a887e0db79dcab8ec9ae1eaadf9ec0df8473aa8cb13b","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","uriToBlock":"","sourceIndex":"815","avBlockList":["360 Total Security (20231228)","Avast Premium Security (20231228)","AVG Internet Security (20231228)","Avira Internet Security (20231228)","Bitdefender Internet Security (20231228)","Dr.Web Security Space (20231228)","ESET Internet Security (20231228)","G DATA INTERNET SECURITY (20231228)","K7 Total Security (20231228)","Kaspersky Internet Security (20231228)","Malwarebytes Premium (20231228)","McAfee Total Protection (20231228)","Norton Security (20231228)","Panda Dome (20231228)","Quick Heal Internet Security (20231228)","Sophos Home Premium (20231228)","SpyHunter5 (20231228)","Total AV Antivirus Pro (20231228)","VIPRE Advanced Security (20231228)","VirIT eXplorer PRO (20231228)","Webroot SecureAnywhere (20231228)","Windows Defender (20231228)"],"avAllowList":["COMODO Antivirus (20231228)","Trend Micro Internet Security (20231228)"]},{"isRevoked":"False","fileName":"wmvmp4converter.exe","isInstaller":"True","companyName":"                                                            ","productName":"Cute WMV MP4 Converter                                      ","productVersion":"                                                  ","fileVersion":"                    ","hashMD5":"3f9d6262a16d17a0729451e9bfaca037","hashSHA1":"df5583335e31afcd1da408a61dadeb45fd4a7f17","hashSHA256":"1c57fb46e1334f07e1e322521775f8abab11a79d3f4c13b204399ec024d5e728","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","uriToBlock":"","sourceIndex":"815","avBlockList":["360 Total Security (20231228)","Avast Premium Security (20231228)","AVG Internet Security (20231228)","Avira Internet Security (20231228)","Bitdefender Internet Security (20231228)","COMODO Antivirus (20231228)","Dr.Web Security Space (20231228)","ESET Internet Security (20231228)","G DATA INTERNET SECURITY (20231228)","K7 Total Security (20231228)","Kaspersky Internet Security (20231228)","Malwarebytes Premium (20231228)","McAfee Total Protection (20231228)","Norton Security (20231228)","Panda Dome (20231228)","Quick Heal Internet Security (20231228)","Sophos Home Premium (20231228)","SpyHunter5 (20231228)","Total AV Antivirus Pro (20231228)","VIPRE Advanced Security (20231228)","VirIT eXplorer PRO (20231228)","Webroot SecureAnywhere (20231228)","Windows Defender (20231228)"],"avAllowList":["Trend Micro Internet Security (20231228)"]},{"isRevoked":"False","fileName":"xboxvideoconverter.exe","isInstaller":"True","companyName":"                                                            ","productName":"Cute Xbox Video Converter                                   ","productVersion":"                                                  ","fileVersion":"                    ","hashMD5":"94188a257c76e970900026e44476d5d8","hashSHA1":"04b58616cc76f46fc6f463bc441e77334304b57b","hashSHA256":"fe9a7c07638e4b1a1b34fdad65fb936f48bfeb793cfbea83939ae7322110465a","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","uriToBlock":"","sourceIndex":"815","avBlockList":["360 Total Security (20231228)","Avast Premium Security (20231228)","AVG Internet Security (20231228)","Avira Internet Security (20231228)","Bitdefender Internet Security (20231228)","COMODO Antivirus (20231228)","Dr.Web Security Space (20231228)","ESET Internet Security (20231228)","G DATA INTERNET SECURITY (20231228)","K7 Total Security (20231228)","Kaspersky Internet Security (20231228)","Malwarebytes Premium (20231228)","McAfee Total Protection (20231228)","Norton Security (20231228)","Panda Dome (20231228)","Quick Heal Internet Security (20231228)","Sophos Home Premium (20231228)","SpyHunter5 (20231228)","Total AV Antivirus Pro (20231228)","Trend Micro Internet Security (20231228)","VIPRE Advanced Security (20231228)","VirIT eXplorer PRO (20231228)","Webroot SecureAnywhere (20231228)","Windows Defender (20231228)"],"avAllowList":[]},{"isRevoked":"False","fileName":"xvidconverter.exe","isInstaller":"True","companyName":"                                                            ","productName":"Cute XviD Converter                                         ","productVersion":"                                                  ","fileVersion":"                    ","hashMD5":"5156c2c9aa6c70146fde6a4e1aabb2d7","hashSHA1":"bd1ad4e5421d69d69822e536b69db1ccc841e2ec","hashSHA256":"0251c2897e5af4b0236ca46a00f8df4139e8a4e84a12bf1a6d43423d4e923844","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","uriToBlock":"","sourceIndex":"815","avBlockList":["360 Total Security (20231228)","Avast Premium Security (20231228)","AVG Internet Security (20231228)","Avira Internet Security (20231228)","Bitdefender Internet Security (20231228)","Dr.Web Security Space (20231228)","ESET Internet Security (20231228)","G DATA INTERNET SECURITY (20231228)","K7 Total Security (20231228)","Kaspersky Internet Security (20231228)","Malwarebytes Premium (20231228)","McAfee Total Protection (20231228)","Norton Security (20231228)","Panda Dome (20231228)","Quick Heal Internet Security (20231228)","Sophos Home Premium (20231228)","SpyHunter5 (20231228)","Total AV Antivirus Pro (20231228)","Trend Micro Internet Security (20231228)","VIPRE Advanced Security (20231228)","VirIT eXplorer PRO (20231228)","Webroot SecureAnywhere (20231228)","Windows Defender (20231228)"],"avAllowList":["COMODO Antivirus (20231228)"]},{"isRevoked":"False","fileName":"zunevideoconverter.exe","isInstaller":"True","companyName":"                                                            ","productName":"Cute Zune Video Converter                                   ","productVersion":"                                                  ","fileVersion":"                    ","hashMD5":"60d24728cf56784553b7d6c7109d4ab2","hashSHA1":"bd76688ea8cbd26c45d4745d34e6262c20609a05","hashSHA256":"9bef770e65bb1c5f7c8003c50ff018edf2996dfdf1760f9965dddccd92a82292","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","uriToBlock":"","sourceIndex":"815","avBlockList":["360 Total Security (20240102)","Avast Premium Security (20240102)","AVG Internet Security (20240102)","Avira Internet Security (20240102)","Bitdefender Internet Security (20240102)","COMODO Antivirus (20240102)","Dr.Web Security Space (20240102)","ESET Internet Security (20240102)","G DATA INTERNET SECURITY (20240102)","K7 Total Security (20240102)","Kaspersky Internet Security (20240102)","Malwarebytes Premium (20240102)","McAfee Total Protection (20240102)","Norton Security (20240102)","Panda Dome (20240102)","Quick Heal Internet Security (20240102)","Sophos Home Premium (20240102)","SpyHunter5 (20240102)","Total AV Antivirus Pro (20240102)","VIPRE Advanced Security (20240102)","VirIT eXplorer PRO (20240102)","Webroot SecureAnywhere (20240102)","Windows Defender (20240102)"],"avAllowList":["Trend Micro Internet Security (20240102)"]},{"isRevoked":"False","fileName":"3gpvideoconverter_231031.exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"d563daef7c52311007b9d55abe671729","hashSHA1":"f27da9907624df86c6a5754979e4053a64961b80","hashSHA256":"7164caea561c72e23ba475aac507b279a75f518d3f3a05744317ec201ae73b6d","sourceIndex":"815","avBlockList":["360 Total Security (20240102)","Avast Premium Security (20240102)","AVG Internet Security (20240102)","Avira Internet Security (20240102)","Bitdefender Internet Security (20240102)","COMODO Antivirus (20240102)","Dr.Web Security Space (20240102)","ESET Internet Security (20240102)","G DATA INTERNET SECURITY (20240102)","K7 Total Security (20240102)","Kaspersky Internet Security (20240102)","Malwarebytes Premium (20240102)","McAfee Total Protection (20240102)","Norton Security (20240102)","Panda Dome (20240102)","Quick Heal Internet Security (20240102)","Sophos Home Premium (20240102)","SpyHunter5 (20240102)","Total AV Antivirus Pro (20240102)","VIPRE Advanced Security (20240102)","VirIT eXplorer PRO (20240102)","Webroot SecureAnywhere (20240102)"],"avAllowList":["Trend Micro Internet Security (20240102)","Windows Defender (20240102)"]},{"isRevoked":"False","fileName":"appletvvideoconverter_231031.exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"db980bd11515639ff7e9cc392b5a5a60","hashSHA1":"ed43b077f4208a99d6e7e09db9c26c9d4fadead3","hashSHA256":"79594e73a9bc4ac4bd77490d5afa3c24616bead2acea384932a6ee0e8cfd9e1b","sourceIndex":"815","avBlockList":["360 Total Security (20240102)","Avast Premium Security (20240102)","AVG Internet Security (20240102)","Avira Internet Security (20240102)","Bitdefender Internet Security (20240102)","COMODO Antivirus (20240102)","Dr.Web Security Space (20240102)","ESET Internet Security (20240102)","G DATA INTERNET SECURITY (20240102)","K7 Total Security (20240102)","Kaspersky Internet Security (20240102)","Malwarebytes Premium (20240102)","McAfee Total Protection (20240102)","Norton Security (20240102)","Panda Dome (20240102)","Sophos Home Premium (20240102)","SpyHunter5 (20240102)","Total AV Antivirus Pro (20240102)","VIPRE Advanced Security (20240102)","VirIT eXplorer PRO (20240102)","Webroot SecureAnywhere (20240102)"],"avAllowList":["Quick Heal Internet Security (20240102)","Trend Micro Internet Security (20240102)","Windows Defender (20240102)"]},{"isRevoked":"False","fileName":"audioconverter_231031.exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"c3f26f3f93a5a8d23a7398776d009fe8","hashSHA1":"d7fae4bc18d1b6b25afa80a4d81fa7a8fb67a0e9","hashSHA256":"17e5e7b5b869a4fca46ef4b2360ab77b3ec0616e5da9d88e461d270ae0679608","sourceIndex":"815","avBlockList":["360 Total Security (20240102)","Avast Premium Security (20240102)","AVG Internet Security (20240102)","Avira Internet Security (20240102)","Bitdefender Internet Security (20240102)","COMODO Antivirus (20240102)","Dr.Web Security Space (20240102)","ESET Internet Security (20240102)","G DATA INTERNET SECURITY (20240102)","K7 Total Security (20240102)","Kaspersky Internet Security (20240102)","Malwarebytes Premium (20240102)","McAfee Total Protection (20240102)","Norton Security (20240102)","Panda Dome (20240102)","Quick Heal Internet Security (20240102)","Sophos Home Premium (20240102)","SpyHunter5 (20240102)","Total AV Antivirus Pro (20240102)","VIPRE Advanced Security (20240102)","VirIT eXplorer PRO (20240102)","Webroot SecureAnywhere (20240102)"],"avAllowList":["Trend Micro Internet Security (20240102)","Windows Defender (20240102)"]},{"isRevoked":"False","fileName":"audiomixer_231031.exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"146e67f82a421d1240a7d2ff9c5f393f","hashSHA1":"ef08a706a8457b3557e2e31c99679fd3a1c44386","hashSHA256":"5d9432be945dfe809c02a56dee111881812922f224937de2bbf874c8732b80db","sourceIndex":"815","avBlockList":["360 Total Security (20240102)","Avast Premium Security (20240102)","AVG Internet Security (20240102)","Avira Internet Security (20240102)","Bitdefender Internet Security (20240102)","COMODO Antivirus (20240102)","Dr.Web Security Space (20240102)","ESET Internet Security (20240102)","G DATA INTERNET SECURITY (20240102)","K7 Total Security (20240102)","Kaspersky Internet Security (20240102)","Malwarebytes Premium (20240102)","McAfee Total Protection (20240102)","Norton Security (20240102)","Panda Dome (20240102)","Quick Heal Internet Security (20240102)","Sophos Home Premium (20240102)","SpyHunter5 (20240102)","Total AV Antivirus Pro (20240102)","VIPRE Advanced Security (20240102)","VirIT eXplorer PRO (20240102)","Webroot SecureAnywhere (20240102)"],"avAllowList":["Trend Micro Internet Security (20240102)","Windows Defender (20240102)"]},{"isRevoked":"False","fileName":"aviconverter_231031.exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"0e5312deb16c345dfd12e485b055c928","hashSHA1":"a62d6344a18c689c96598570a069e362ccb8dc8c","hashSHA256":"47ed532f48aa5166c7f8322cfd1b16dfb122f59877db8e9b510626e129248588","sourceIndex":"815","avBlockList":["360 Total Security (20240102)","Avast Premium Security (20240102)","AVG Internet Security (20240102)","Avira Internet Security (20240102)","Bitdefender Internet Security (20240102)","COMODO Antivirus (20240102)","Dr.Web Security Space (20240102)","ESET Internet Security (20240102)","G DATA INTERNET SECURITY (20240102)","K7 Total Security (20240102)","Kaspersky Internet Security (20240102)","Malwarebytes Premium (20240102)","McAfee Total Protection (20240102)","Norton Security (20240102)","Panda Dome (20240102)","Quick Heal Internet Security (20240102)","Sophos Home Premium (20240102)","SpyHunter5 (20240102)","Total AV Antivirus Pro (20240102)","VIPRE Advanced Security (20240102)","VirIT eXplorer PRO (20240102)","Webroot SecureAnywhere (20240102)"],"avAllowList":["Trend Micro Internet Security (20240102)","Windows Defender (20240102)"]},{"isRevoked":"False","fileName":"avitomovconverter_231031.exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"2e4482e3ebdc23c214702cf6dbd426eb","hashSHA1":"53096b2b7224dc7146238001c1c20e219d5ade67","hashSHA256":"20a652de1afa516b04818a2632b0d89a7a8d80727e9033ec08d3741552bbde0c","sourceIndex":"815","avBlockList":["360 Total Security (20240102)","Avast Premium Security (20240102)","AVG Internet Security (20240102)","Avira Internet Security (20240102)","Bitdefender Internet Security (20240102)","COMODO Antivirus (20240102)","Dr.Web Security Space (20240102)","ESET Internet Security (20240102)","G DATA INTERNET SECURITY (20240102)","K7 Total Security (20240102)","Kaspersky Internet Security (20240102)","Malwarebytes Premium (20240102)","McAfee Total Protection (20240102)","Norton Security (20240102)","Panda Dome (20240102)","Quick Heal Internet Security (20240102)","Sophos Home Premium (20240102)","SpyHunter5 (20240102)","Total AV Antivirus Pro (20240102)","VIPRE Advanced Security (20240102)","VirIT eXplorer PRO (20240102)","Webroot SecureAnywhere (20240102)"],"avAllowList":["Trend Micro Internet Security (20240102)","Windows Defender (20240102)"]},{"isRevoked":"False","fileName":"avitoswfconverter_231031.exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"348846a7543a1c6b00f3f8bcccdc2038","hashSHA1":"9a57b08ab06bb468676c2cf68afbc19eb43608eb","hashSHA256":"83a4fa1e90a5738aa08424c169a30a3dc3ea172263fc344df3e7b1ff931547c0","sourceIndex":"815","avBlockList":["360 Total Security (20240102)","Avast Premium Security (20240102)","AVG Internet Security (20240102)","Avira Internet Security (20240102)","Bitdefender Internet Security (20240102)","COMODO Antivirus (20240102)","Dr.Web Security Space (20240102)","ESET Internet Security (20240102)","G DATA INTERNET SECURITY (20240102)","K7 Total Security (20240102)","Kaspersky Internet Security (20240102)","Malwarebytes Premium (20240102)","McAfee Total Protection (20240102)","Norton Security (20240102)","Panda Dome (20240102)","Quick Heal Internet Security (20240102)","Sophos Home Premium (20240102)","SpyHunter5 (20240102)","Total AV Antivirus Pro (20240102)","VIPRE Advanced Security (20240102)","VirIT eXplorer PRO (20240102)","Webroot SecureAnywhere (20240102)"],"avAllowList":["Trend Micro Internet Security (20240102)","Windows Defender (20240102)"]},{"isRevoked":"False","fileName":"cutedvdripper_231031.exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"7d394d81e51a19bd5e9f16d73cea9686","hashSHA1":"7737a5e9111855c03778618f58f26b6c074bf27f","hashSHA256":"a1fefd35af0874ea728668d524872bfa07a0d3dc67f0adfc50524f717d2c6986","sourceIndex":"815","avBlockList":["360 Total Security (20240102)","Avast Premium Security (20240102)","AVG Internet Security (20240102)","Avira Internet Security (20240102)","Bitdefender Internet Security (20240102)","COMODO Antivirus (20240102)","Dr.Web Security Space (20240102)","ESET Internet Security (20240102)","G DATA INTERNET SECURITY (20240102)","K7 Total Security (20240102)","Kaspersky Internet Security (20240102)","Malwarebytes Premium (20240102)","McAfee Total Protection (20240102)","Norton Security (20240102)","Panda Dome (20240102)","Quick Heal Internet Security (20240102)","Sophos Home Premium (20240102)","SpyHunter5 (20240102)","Total AV Antivirus Pro (20240102)","VIPRE Advanced Security (20240102)","VirIT eXplorer PRO (20240102)","Webroot SecureAnywhere (20240102)"],"avAllowList":["Trend Micro Internet Security (20240102)","Windows Defender (20240102)"]},{"isRevoked":"False","fileName":"divxconverter_231031.exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"f4bb1e17c7ba52a3b40b4facc36a7b2c","hashSHA1":"0b0ef5cefbe2d0b4a0c3e6c8e576c4bd95d7793f","hashSHA256":"11457ec889fe81c735903c7f10d48b53368889dd42840cf0930e6d4d98bc4625","sourceIndex":"815","avBlockList":["360 Total Security (20240102)","Avast Premium Security (20240102)","AVG Internet Security (20240102)","Avira Internet Security (20240102)","Bitdefender Internet Security (20240102)","COMODO Antivirus (20240102)","Dr.Web Security Space (20240102)","ESET Internet Security (20240102)","G DATA INTERNET SECURITY (20240102)","K7 Total Security (20240102)","Kaspersky Internet Security (20240102)","Malwarebytes Premium (20240102)","McAfee Total Protection (20240102)","Norton Security (20240102)","Panda Dome (20240102)","Quick Heal Internet Security (20240102)","Sophos Home Premium (20240102)","SpyHunter5 (20240102)","Total AV Antivirus Pro (20240102)","VIPRE Advanced Security (20240102)","VirIT eXplorer PRO (20240102)","Webroot SecureAnywhere (20240102)"],"avAllowList":["Trend Micro Internet Security (20240102)","Windows Defender (20240102)"]},{"isRevoked":"False","fileName":"dvdto3gpconverter_231031.exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"642df4df7abbb00d7374cb44c3058873","hashSHA1":"0ee467e3bcc8d4dd8bcea0fd04e36e041383a4d7","hashSHA256":"1e0a6ca329a6935937f3bdfbab0f7490dd15979cb5a357987ba1f2a0b173829b","sourceIndex":"815","avBlockList":["360 Total Security (20240104)","Avast Premium Security (20240104)","AVG Internet Security (20240104)","Avira Internet Security (20240104)","Bitdefender Internet Security (20240104)","COMODO Antivirus (20240104)","Dr.Web Security Space (20240104)","ESET Internet Security (20240104)","G DATA INTERNET SECURITY (20240104)","K7 Total Security (20240104)","Kaspersky Internet Security (20240104)","Malwarebytes Premium (20240104)","McAfee Total Protection (20240104)","Norton Security (20240104)","Panda Dome (20240104)","Quick Heal Internet Security (20240104)","Sophos Home Premium (20240104)","SpyHunter5 (20240104)","Total AV Antivirus Pro (20240104)","VIPRE Advanced Security (20240104)","VirIT eXplorer PRO (20240104)","Webroot SecureAnywhere (20240104)"],"avAllowList":["Trend Micro Internet Security (20240104)","Windows Defender (20240104)"]},{"isRevoked":"False","fileName":"dvdtoflvconverter_231031.exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"dc12e233315fa8477dbfa66ca1243be2","hashSHA1":"1dd67aed50d52b063ca1c491d6eab8391c99bc50","hashSHA256":"e71b82b592c9346b38b0e20777f0ab16b2384b06a393007b75ea697684b7d19b","sourceIndex":"815","avBlockList":["360 Total Security (20240104)","Avast Premium Security (20240104)","AVG Internet Security (20240104)","Avira Internet Security (20240104)","Bitdefender Internet Security (20240104)","COMODO Antivirus (20240104)","Dr.Web Security Space (20240104)","ESET Internet Security (20240104)","G DATA INTERNET SECURITY (20240104)","K7 Total Security (20240104)","Kaspersky Internet Security (20240104)","Malwarebytes Premium (20240104)","McAfee Total Protection (20240104)","Norton Security (20240104)","Panda Dome (20240104)","Quick Heal Internet Security (20240104)","Sophos Home Premium (20240104)","SpyHunter5 (20240104)","Total AV Antivirus Pro (20240104)","VIPRE Advanced Security (20240104)","VirIT eXplorer PRO (20240104)","Webroot SecureAnywhere (20240104)"],"avAllowList":["Trend Micro Internet Security (20240104)","Windows Defender (20240104)"]},{"isRevoked":"False","fileName":"dvdtoiphoneconverter_231031.exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"30f57ff5624d043ba22b768cec2b25bf","hashSHA1":"2de8016b7e417e2c8f02c07ac44bbdb54a4c3924","hashSHA256":"c18857fa8d593f302be04a3748f0bb86e8cd99646ab5e65ed6411603d2caea54","sourceIndex":"815","avBlockList":["360 Total Security (20240104)","Avast Premium Security (20240104)","AVG Internet Security (20240104)","Avira Internet Security (20240104)","Bitdefender Internet Security (20240104)","COMODO Antivirus (20240104)","Dr.Web Security Space (20240104)","ESET Internet Security (20240104)","G DATA INTERNET SECURITY (20240104)","K7 Total Security (20240104)","Kaspersky Internet Security (20240104)","Malwarebytes Premium (20240104)","McAfee Total Protection (20240104)","Norton Security (20240104)","Panda Dome (20240104)","Quick Heal Internet Security (20240104)","Sophos Home Premium (20240104)","SpyHunter5 (20240104)","Total AV Antivirus Pro (20240104)","VIPRE Advanced Security (20240104)","VirIT eXplorer PRO (20240104)","Webroot SecureAnywhere (20240104)"],"avAllowList":["Trend Micro Internet Security (20240104)","Windows Defender (20240104)"]},{"isRevoked":"False","fileName":"dvdtoipodconverter_231031.exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"3b4b7bcfa8156bff1178a4568bed778a","hashSHA1":"53517b315b8c3e8afbda3009d428562eb49955af","hashSHA256":"f72861fef43e075c7aee92ff447f488c9ef2633a3cf72e7fad04efbf5279e9d8","sourceIndex":"815","avBlockList":["360 Total Security (20240104)","Avast Premium Security (20240104)","AVG Internet Security (20240104)","Avira Internet Security (20240104)","Bitdefender Internet Security (20240104)","COMODO Antivirus (20240104)","Dr.Web Security Space (20240104)","ESET Internet Security (20240104)","G DATA INTERNET SECURITY (20240104)","K7 Total Security (20240104)","Kaspersky Internet Security (20240104)","Malwarebytes Premium (20240104)","McAfee Total Protection (20240104)","Norton Security (20240104)","Panda Dome (20240104)","Sophos Home Premium (20240104)","SpyHunter5 (20240104)","Total AV Antivirus Pro (20240104)","VIPRE Advanced Security (20240104)","VirIT eXplorer PRO (20240104)","Webroot SecureAnywhere (20240104)"],"avAllowList":["Quick Heal Internet Security (20240104)","Trend Micro Internet Security (20240104)","Windows Defender (20240104)"]},{"isRevoked":"False","fileName":"dvdtomkvconverter_231031.exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"9e10aa1c0d0eaface9c25888854e31e8","hashSHA1":"39602179375d67e5a813d4c3dd385589fda51d6d","hashSHA256":"06c61e7527944edd9ccfb1d3e5a49e03032b555077f9639e0818aad3ec3b79c6","sourceIndex":"815","avBlockList":["360 Total Security (20240104)","Avast Premium Security (20240104)","AVG Internet Security (20240104)","Avira Internet Security (20240104)","Bitdefender Internet Security (20240104)","COMODO Antivirus (20240104)","Dr.Web Security Space (20240104)","ESET Internet Security (20240104)","G DATA INTERNET SECURITY (20240104)","K7 Total Security (20240104)","Kaspersky Internet Security (20240104)","Malwarebytes Premium (20240104)","McAfee Total Protection (20240104)","Norton Security (20240104)","Panda Dome (20240104)","Quick Heal Internet Security (20240104)","Sophos Home Premium (20240104)","SpyHunter5 (20240104)","Total AV Antivirus Pro (20240104)","VIPRE Advanced Security (20240104)","VirIT eXplorer PRO (20240104)","Webroot SecureAnywhere (20240104)"],"avAllowList":["Trend Micro Internet Security (20240104)","Windows Defender (20240104)"]},{"isRevoked":"False","fileName":"dvdtomovconverter_231031.exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"c1b0853a5b97c9d23d642d8aa42b644c","hashSHA1":"c53ec1929a2adfe9647d442f28bc9ce79cd7a6e4","hashSHA256":"e116f0ed8b75428b63a854c58a8f2bf88955566951b78345e979824e75b25418","sourceIndex":"815","avBlockList":["360 Total Security (20240104)","Avast Premium Security (20240104)","AVG Internet Security (20240104)","Avira Internet Security (20240104)","Bitdefender Internet Security (20240104)","COMODO Antivirus (20240104)","Dr.Web Security Space (20240104)","ESET Internet Security (20240104)","G DATA INTERNET SECURITY (20240104)","K7 Total Security (20240104)","Kaspersky Internet Security (20240104)","Malwarebytes Premium (20240104)","McAfee Total Protection (20240104)","Norton Security (20240104)","Panda Dome (20240104)","Quick Heal Internet Security (20240104)","Sophos Home Premium (20240104)","SpyHunter5 (20240104)","Total AV Antivirus Pro (20240104)","VIPRE Advanced Security (20240104)","VirIT eXplorer PRO (20240104)","Webroot SecureAnywhere (20240104)"],"avAllowList":["Trend Micro Internet Security (20240104)","Windows Defender (20240104)"]},{"isRevoked":"False","fileName":"dvdtomp4converter_231031.exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"3f8edf2b18c3b307a9f4f456e502e872","hashSHA1":"84b75fb7d2b5c5143ddaf1ffb994ca5934a9ba4d","hashSHA256":"d578043e8293ad131c9cefff932cee9527b3d3fa1b160ce66d73b755eb6004d5","sourceIndex":"815","avBlockList":["360 Total Security (20240104)","Avast Premium Security (20240104)","AVG Internet Security (20240104)","Avira Internet Security (20240104)","Bitdefender Internet Security (20240104)","COMODO Antivirus (20240104)","Dr.Web Security Space (20240104)","ESET Internet Security (20240104)","G DATA INTERNET SECURITY (20240104)","K7 Total Security (20240104)","Kaspersky Internet Security (20240104)","Malwarebytes Premium (20240104)","McAfee Total Protection (20240104)","Norton Security (20240104)","Panda Dome (20240104)","Sophos Home Premium (20240104)","SpyHunter5 (20240104)","Total AV Antivirus Pro (20240104)","VIPRE Advanced Security (20240104)","VirIT eXplorer PRO (20240104)","Webroot SecureAnywhere (20240104)"],"avAllowList":["Quick Heal Internet Security (20240104)","Trend Micro Internet Security (20240104)","Windows Defender (20240104)"]},{"isRevoked":"False","fileName":"dvdtopspconverter_231031.exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"3d50c5d2dff3056f9412553b9274290f","hashSHA1":"9b7de4197ba9f44985d67ebeac2c094d4ff34885","hashSHA256":"642e4142a5819c478fafaca52f57b782c627ea8cf0f4c057913399055846bb42","sourceIndex":"815","avBlockList":["360 Total Security (20240104)","Avast Premium Security (20240104)","AVG Internet Security (20240104)","Avira Internet Security (20240104)","Bitdefender Internet Security (20240104)","COMODO Antivirus (20240104)","Dr.Web Security Space (20240104)","ESET Internet Security (20240104)","G DATA INTERNET SECURITY (20240104)","K7 Total Security (20240104)","Kaspersky Internet Security (20240104)","Malwarebytes Premium (20240104)","McAfee Total Protection (20240104)","Norton Security (20240104)","Panda Dome (20240104)","Quick Heal Internet Security (20240104)","Sophos Home Premium (20240104)","SpyHunter5 (20240104)","Total AV Antivirus Pro (20240104)","VIPRE Advanced Security (20240104)","VirIT eXplorer PRO (20240104)","Webroot SecureAnywhere (20240104)"],"avAllowList":["Trend Micro Internet Security (20240104)","Windows Defender (20240104)"]},{"isRevoked":"False","fileName":"dvdtoswfconverter_231031.exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"2ea5d4d8bf5bf54c605c1fb9db550980","hashSHA1":"d846da60fb2f706035e199e5eeba4a1322bc29f3","hashSHA256":"f450fb47dacdb86fd842b07101bfd447acb4474b58f80287b451bdfe16dfce6a","sourceIndex":"815","avBlockList":["360 Total Security (20240104)","Avast Premium Security (20240104)","AVG Internet Security (20240104)","Avira Internet Security (20240104)","Bitdefender Internet Security (20240104)","COMODO Antivirus (20240104)","Dr.Web Security Space (20240104)","ESET Internet Security (20240104)","G DATA INTERNET SECURITY (20240104)","K7 Total Security (20240104)","Kaspersky Internet Security (20240104)","Malwarebytes Premium (20240104)","McAfee Total Protection (20240104)","Norton Security (20240104)","Panda Dome (20240104)","Sophos Home Premium (20240104)","SpyHunter5 (20240104)","Total AV Antivirus Pro (20240104)","VIPRE Advanced Security (20240104)","VirIT eXplorer PRO (20240104)","Webroot SecureAnywhere (20240104)"],"avAllowList":["Quick Heal Internet Security (20240104)","Trend Micro Internet Security (20240104)","Windows Defender (20240104)"]},{"isRevoked":"False","fileName":"dvdtoxboxconverter_231031.exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"018abc782dc64684ea1be65ae2fa7e89","hashSHA1":"29e7a04f8cc1ec9431a59bc91801b11af4492d0c","hashSHA256":"4be33d91e68856623204d0835b987b074e99c1245606eff91cbbb6ff8f6d6448","sourceIndex":"815","avBlockList":["360 Total Security (20240111)","Avast Premium Security (20240111)","AVG Internet Security (20240111)","Avira Internet Security (20240111)","Bitdefender Internet Security (20240111)","COMODO Antivirus (20240111)","Dr.Web Security Space (20240111)","ESET Internet Security (20240111)","G DATA INTERNET SECURITY (20240111)","K7 Total Security (20240111)","Kaspersky Internet Security (20240111)","Malwarebytes Premium (20240111)","McAfee Total Protection (20240111)","Norton Security (20240111)","Panda Dome (20240111)","Quick Heal Internet Security (20240111)","Sophos Home Premium (20240111)","SpyHunter5 (20240111)","Total AV Antivirus Pro (20240111)","VIPRE Advanced Security (20240111)","VirIT eXplorer PRO (20240111)","Webroot SecureAnywhere (20240111)"],"avAllowList":["Trend Micro Internet Security (20240111)","Windows Defender (20240111)"]},{"isRevoked":"False","fileName":"dvdtozuneconverter_231031.exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"3d1b7bab72bc25806a909a66158ea34a","hashSHA1":"9c8e219dcb2c3f9450dc5a92323ffb5ebd61c024","hashSHA256":"10954778833a0c6eecd46c9ff3176c5e73c6599a23a50744123b6039748a9292","sourceIndex":"815","avBlockList":["360 Total Security (20240111)","Avast Premium Security (20240111)","AVG Internet Security (20240111)","Avira Internet Security (20240111)","Bitdefender Internet Security (20240111)","COMODO Antivirus (20240111)","Dr.Web Security Space (20240111)","ESET Internet Security (20240111)","G DATA INTERNET SECURITY (20240111)","K7 Total Security (20240111)","Kaspersky Internet Security (20240111)","Malwarebytes Premium (20240111)","McAfee Total Protection (20240111)","Norton Security (20240111)","Panda Dome (20240111)","Sophos Home Premium (20240111)","SpyHunter5 (20240111)","Total AV Antivirus Pro (20240111)","VIPRE Advanced Security (20240111)","VirIT eXplorer PRO (20240111)","Webroot SecureAnywhere (20240111)"],"avAllowList":["Quick Heal Internet Security (20240111)","Trend Micro Internet Security (20240111)","Windows Defender (20240111)"]},{"isRevoked":"False","fileName":"flvstreamingvideo_231031.exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"ac16bd577b2ef5e7dc119efa2b9431cc","hashSHA1":"5401e5c75467fc5f244051c40d499bf48d8f6c3a","hashSHA256":"363a634cb36bb85179197b73ba88c6cd13994365624c12a26816efbc8eb8ff70","sourceIndex":"815","avBlockList":["360 Total Security (20240111)","Avast Premium Security (20240111)","AVG Internet Security (20240111)","Avira Internet Security (20240111)","Bitdefender Internet Security (20240111)","COMODO Antivirus (20240111)","Dr.Web Security Space (20240111)","ESET Internet Security (20240111)","G DATA INTERNET SECURITY (20240111)","K7 Total Security (20240111)","Kaspersky Internet Security (20240111)","Malwarebytes Premium (20240111)","McAfee Total Protection (20240111)","Norton Security (20240111)","Panda Dome (20240111)","Quick Heal Internet Security (20240111)","Sophos Home Premium (20240111)","SpyHunter5 (20240111)","Total AV Antivirus Pro (20240111)","VIPRE Advanced Security (20240111)","VirIT eXplorer PRO (20240111)","Webroot SecureAnywhere (20240111)"],"avAllowList":["Trend Micro Internet Security (20240111)","Windows Defender (20240111)"]},{"isRevoked":"False","fileName":"flvtoswfconverter_231031.exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"5e14a2481fbac8bb698ea42b43598853","hashSHA1":"b47121b0ff5cfb0fe62e84b936cb47dfa2e369b1","hashSHA256":"d07600b2bb147d95bb778c7dc4b7e78f5f4dbadad038c57fc4da67cbfbae3667","sourceIndex":"815","avBlockList":["360 Total Security (20240111)","Avast Premium Security (20240111)","AVG Internet Security (20240111)","Avira Internet Security (20240111)","Bitdefender Internet Security (20240111)","COMODO Antivirus (20240111)","Dr.Web Security Space (20240111)","ESET Internet Security (20240111)","G DATA INTERNET SECURITY (20240111)","K7 Total Security (20240111)","Kaspersky Internet Security (20240111)","Malwarebytes Premium (20240111)","McAfee Total Protection (20240111)","Norton Security (20240111)","Panda Dome (20240111)","Sophos Home Premium (20240111)","SpyHunter5 (20240111)","Total AV Antivirus Pro (20240111)","VIPRE Advanced Security (20240111)","VirIT eXplorer PRO (20240111)","Webroot SecureAnywhere (20240111)"],"avAllowList":["Quick Heal Internet Security (20240111)","Trend Micro Internet Security (20240111)","Windows Defender (20240111)"]},{"isRevoked":"False","fileName":"flvvideoconverter_231031.exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"4f29f1285f4c92a7de0a14d61360705b","hashSHA1":"e4ff9087f92e2c03d3e7ce56cdacd6e33496cc05","hashSHA256":"92558ba976d9d3a8d99dc66de60fed13ad9f5d9e49572cd2dd7b951f5c0f51df","sourceIndex":"815","avBlockList":["360 Total Security (20240111)","Avast Premium Security (20240111)","AVG Internet Security (20240111)","Avira Internet Security (20240111)","Bitdefender Internet Security (20240111)","COMODO Antivirus (20240111)","Dr.Web Security Space (20240111)","ESET Internet Security (20240111)","G DATA INTERNET SECURITY (20240111)","K7 Total Security (20240111)","Kaspersky Internet Security (20240111)","Malwarebytes Premium (20240111)","McAfee Total Protection (20240111)","Norton Security (20240111)","Panda Dome (20240111)","Quick Heal Internet Security (20240111)","Sophos Home Premium (20240111)","SpyHunter5 (20240111)","Total AV Antivirus Pro (20240111)","VIPRE Advanced Security (20240111)","VirIT eXplorer PRO (20240111)","Webroot SecureAnywhere (20240111)"],"avAllowList":["Trend Micro Internet Security (20240111)","Windows Defender (20240111)"]},{"isRevoked":"False","fileName":"gifconverter_231031.exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"6390ec9db3bcb8c6cacf3b8a01b27e68","hashSHA1":"be57fc1944bf6c19a7df95e939057f2cce17934c","hashSHA256":"7fb2c6065a61431d9d7896a760d5267c37d0965f9d082a4828dbbe092b7e4df9","sourceIndex":"815","avBlockList":["360 Total Security (20240111)","Avast Premium Security (20240111)","AVG Internet Security (20240111)","Avira Internet Security (20240111)","Bitdefender Internet Security (20240111)","COMODO Antivirus (20240111)","Dr.Web Security Space (20240111)","ESET Internet Security (20240111)","G DATA INTERNET SECURITY (20240111)","K7 Total Security (20240111)","Kaspersky Internet Security (20240111)","Malwarebytes Premium (20240111)","McAfee Total Protection (20240111)","Norton Security (20240111)","Panda Dome (20240111)","Quick Heal Internet Security (20240111)","Sophos Home Premium (20240111)","SpyHunter5 (20240111)","Total AV Antivirus Pro (20240111)","VIPRE Advanced Security (20240111)","VirIT eXplorer PRO (20240111)","Webroot SecureAnywhere (20240111)"],"avAllowList":["Trend Micro Internet Security (20240111)","Windows Defender (20240111)"]},{"isRevoked":"False","fileName":"hdvideoconverter_231031.exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"22468b6bd7973bb20b2975a568cd3a1d","hashSHA1":"c6e55b2c6f639d54a5c50c230f34317c78f0c548","hashSHA256":"1046904a2d073eb9d9e7574c1b84fe34d4e83a7ec69f35c56b4e3a31fc583d98","sourceIndex":"815","avBlockList":["360 Total Security (20240111)","Avast Premium Security (20240111)","AVG Internet Security (20240111)","Avira Internet Security (20240111)","Bitdefender Internet Security (20240111)","COMODO Antivirus (20240111)","Dr.Web Security Space (20240111)","ESET Internet Security (20240111)","G DATA INTERNET SECURITY (20240111)","K7 Total Security (20240111)","Kaspersky Internet Security (20240111)","Malwarebytes Premium (20240111)","McAfee Total Protection (20240111)","Norton Security (20240111)","Panda Dome (20240111)","Sophos Home Premium (20240111)","SpyHunter5 (20240111)","Total AV Antivirus Pro (20240111)","VIPRE Advanced Security (20240111)","VirIT eXplorer PRO (20240111)","Webroot SecureAnywhere (20240111)"],"avAllowList":["Quick Heal Internet Security (20240111)","Trend Micro Internet Security (20240111)","Windows Defender (20240111)"]},{"isRevoked":"False","fileName":"iphonevideoconverter_231031.exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"1a1f9b1a9befce736650534fba9bd1e5","hashSHA1":"8ffa06f6cd30e986ae0a4f04a13d3ff5ea91cd62","hashSHA256":"1ecf6dd0337ffe1001ebce652153dec31d8d7823589c1cccefca8d658f8aa2a2","sourceIndex":"815","avBlockList":["360 Total Security (20240111)","Avast Premium Security (20240111)","AVG Internet Security (20240111)","Avira Internet Security (20240111)","Bitdefender Internet Security (20240111)","COMODO Antivirus (20240111)","Dr.Web Security Space (20240111)","ESET Internet Security (20240111)","G DATA INTERNET SECURITY (20240111)","K7 Total Security (20240111)","Kaspersky Internet Security (20240111)","Malwarebytes Premium (20240111)","McAfee Total Protection (20240111)","Norton Security (20240111)","Panda Dome (20240111)","Quick Heal Internet Security (20240111)","Sophos Home Premium (20240111)","SpyHunter5 (20240111)","Total AV Antivirus Pro (20240111)","VIPRE Advanced Security (20240111)","VirIT eXplorer PRO (20240111)","Webroot SecureAnywhere (20240111)"],"avAllowList":["Trend Micro Internet Security (20240111)","Windows Defender (20240111)"]},{"isRevoked":"False","fileName":"ipodvideoconverter_231031.exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"f56e3a268bc9c2efc625fc1893e81ac5","hashSHA1":"868fb2d5c8025addd87e32640a1e2a271fb8a05f","hashSHA256":"d9b50729ce9158f887c153c0077ba62dc27e7567b52ac5e7104dc84a32e13162","sourceIndex":"815","avBlockList":["360 Total Security (20240111)","Avast Premium Security (20240111)","AVG Internet Security (20240111)","Avira Internet Security (20240111)","Bitdefender Internet Security (20240111)","COMODO Antivirus (20240111)","Dr.Web Security Space (20240111)","ESET Internet Security (20240111)","G DATA INTERNET SECURITY (20240111)","K7 Total Security (20240111)","Kaspersky Internet Security (20240111)","Malwarebytes Premium (20240111)","McAfee Total Protection (20240111)","Norton Security (20240111)","Panda Dome (20240111)","Quick Heal Internet Security (20240111)","Sophos Home Premium (20240111)","SpyHunter5 (20240111)","Total AV Antivirus Pro (20240111)","VIPRE Advanced Security (20240111)","VirIT eXplorer PRO (20240111)","Webroot SecureAnywhere (20240111)"],"avAllowList":["Trend Micro Internet Security (20240111)","Windows Defender (20240111)"]},{"isRevoked":"False","fileName":"mkvconverter_231031.exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"09f0db18e88713882e28caae7dcfdb9f","hashSHA1":"db79e7d94bb945d423e16709a12d0b6185a29fb9","hashSHA256":"fedd74c7f7fe59bb46d32b8433777ed34029479bee4ca210c08b1adda202d343","sourceIndex":"815","avBlockList":["360 Total Security (20240111)","Avast Premium Security (20240111)","AVG Internet Security (20240111)","Avira Internet Security (20240111)","Bitdefender Internet Security (20240111)","COMODO Antivirus (20240111)","Dr.Web Security Space (20240111)","ESET Internet Security (20240111)","G DATA INTERNET SECURITY (20240111)","K7 Total Security (20240111)","Kaspersky Internet Security (20240111)","Malwarebytes Premium (20240111)","McAfee Total Protection (20240111)","Norton Security (20240111)","Panda Dome (20240111)","Quick Heal Internet Security (20240111)","Sophos Home Premium (20240111)","SpyHunter5 (20240111)","Total AV Antivirus Pro (20240111)","VIPRE Advanced Security (20240111)","VirIT eXplorer PRO (20240111)","Webroot SecureAnywhere (20240111)"],"avAllowList":["Trend Micro Internet Security (20240111)","Windows Defender (20240111)"]},{"isRevoked":"False","fileName":"mobilevideoconverter_231031.exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"80270ea274dc1e4e464394a1511fb2bd","hashSHA1":"e0568a1af31bf81d5ebe7ba01780e3f0b89d27fb","hashSHA256":"868c9e85d4d73245c898fcc52f51b812f3881a86ce9d11fb116dc9c98f7bb208","sourceIndex":"815","avBlockList":["360 Total Security (20240116)","Avast Premium Security (20240116)","AVG Internet Security (20240116)","Avira Internet Security (20240116)","Bitdefender Internet Security (20240116)","COMODO Antivirus (20240116)","Dr.Web Security Space (20240116)","ESET Internet Security (20240116)","G DATA INTERNET SECURITY (20240116)","K7 Total Security (20240116)","Kaspersky Internet Security (20240116)","Malwarebytes Premium (20240116)","McAfee Total Protection (20240116)","Norton Security (20240116)","Panda Dome (20240116)","Quick Heal Internet Security (20240116)","Sophos Home Premium (20240116)","SpyHunter5 (20240116)","Total AV Antivirus Pro (20240116)","VIPRE Advanced Security (20240116)","VirIT eXplorer PRO (20240116)","Webroot SecureAnywhere (20240116)"],"avAllowList":["Trend Micro Internet Security (20240116)","Windows Defender (20240116)"]},{"isRevoked":"False","fileName":"movconverter_231031.exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"489f8c95432371188fba890f66f0fe26","hashSHA1":"765db0c41aeb57c4e4cc732efa27884a656c735b","hashSHA256":"aea57bf930d92e3350571741c20a3884392aa51e9fc71c6af580e065b5a986e7","sourceIndex":"815","avBlockList":["360 Total Security (20240116)","Avast Premium Security (20240116)","AVG Internet Security (20240116)","Avira Internet Security (20240116)","Bitdefender Internet Security (20240116)","COMODO Antivirus (20240116)","Dr.Web Security Space (20240116)","ESET Internet Security (20240116)","G DATA INTERNET SECURITY (20240116)","K7 Total Security (20240116)","Kaspersky Internet Security (20240116)","Malwarebytes Premium (20240116)","McAfee Total Protection (20240116)","Norton Security (20240116)","Panda Dome (20240116)","Quick Heal Internet Security (20240116)","Sophos Home Premium (20240116)","SpyHunter5 (20240116)","Total AV Antivirus Pro (20240116)","VIPRE Advanced Security (20240116)","VirIT eXplorer PRO (20240116)","Webroot SecureAnywhere (20240116)"],"avAllowList":["Trend Micro Internet Security (20240116)","Windows Defender (20240116)"]},{"isRevoked":"False","fileName":"videoconverterfree_231031.exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"a2e9658a50c1112accabd467980024d0","hashSHA1":"3d3c48a971d6e8da6c6430147ef014dc2634e180","hashSHA256":"bcb704552d991c2501e522a70e25db39b3eac252cd884c7f58fa72633021c37a","sourceIndex":"815","avBlockList":["360 Total Security (20240116)","Avast Premium Security (20240116)","AVG Internet Security (20240116)","Avira Internet Security (20240116)","Bitdefender Internet Security (20240116)","COMODO Antivirus (20240116)","Dr.Web Security Space (20240116)","ESET Internet Security (20240116)","G DATA INTERNET SECURITY (20240116)","K7 Total Security (20240116)","Kaspersky Internet Security (20240116)","Malwarebytes Premium (20240116)","McAfee Total Protection (20240116)","Norton Security (20240116)","Panda Dome (20240116)","Quick Heal Internet Security (20240116)","Sophos Home Premium (20240116)","SpyHunter5 (20240116)","Total AV Antivirus Pro (20240116)","Trend Micro Internet Security (20240116)","VIPRE Advanced Security (20240116)","VirIT eXplorer PRO (20240116)","Webroot SecureAnywhere (20240116)"],"avAllowList":["Windows Defender (20240116)"]},{"isRevoked":"False","fileName":"videocutter_231031.exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"3da1bb87180c84f7b80b6465033dbf74","hashSHA1":"6353e4367aa85f16cbe4cf712ac4c6aa8d3457e8","hashSHA256":"4f7c17ef1f5d0d015005311f860fd71842f18fbe9c1f195db9cff7fc32c26f20","sourceIndex":"815","avBlockList":["360 Total Security (20240116)","Avast Premium Security (20240116)","AVG Internet Security (20240116)","Avira Internet Security (20240116)","Bitdefender Internet Security (20240116)","COMODO Antivirus (20240116)","Dr.Web Security Space (20240116)","ESET Internet Security (20240116)","G DATA INTERNET SECURITY (20240116)","K7 Total Security (20240116)","Kaspersky Internet Security (20240116)","Malwarebytes Premium (20240116)","McAfee Total Protection (20240116)","Norton Security (20240116)","Panda Dome (20240116)","Quick Heal Internet Security (20240116)","Sophos Home Premium (20240116)","SpyHunter5 (20240116)","Total AV Antivirus Pro (20240116)","VIPRE Advanced Security (20240116)","VirIT eXplorer PRO (20240116)","Webroot SecureAnywhere (20240116)"],"avAllowList":["Trend Micro Internet Security (20240116)","Windows Defender (20240116)"]},{"isRevoked":"False","fileName":"videodubfree_231031.exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"61ba428405dcaaf69925a4064e417fbc","hashSHA1":"c4db7c3a3071eb0db4225f68c82ff9e2bc91fcce","hashSHA256":"fe481c04c6636a342ac8edb70eca77228d8842ebaf90dfb033d4def740c345e0","sourceIndex":"815","avBlockList":["360 Total Security (20240116)","Avast Premium Security (20240116)","AVG Internet Security (20240116)","Avira Internet Security (20240116)","Bitdefender Internet Security (20240116)","COMODO Antivirus (20240116)","Dr.Web Security Space (20240116)","ESET Internet Security (20240116)","G DATA INTERNET SECURITY (20240116)","K7 Total Security (20240116)","Kaspersky Internet Security (20240116)","Malwarebytes Premium (20240116)","McAfee Total Protection (20240116)","Norton Security (20240116)","Panda Dome (20240116)","Sophos Home Premium (20240116)","SpyHunter5 (20240116)","Total AV Antivirus Pro (20240116)","VIPRE Advanced Security (20240116)","VirIT eXplorer PRO (20240116)","Webroot SecureAnywhere (20240116)"],"avAllowList":["Quick Heal Internet Security (20240116)","Trend Micro Internet Security (20240116)","Windows Defender (20240116)"]},{"isRevoked":"False","fileName":"videojoiner_231031.exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"fdd18ba5af1079fdbe4951d22a973e3c","hashSHA1":"2de4ad50e98b0d5cb790c689b63ab69867f6ad27","hashSHA256":"2cf0909f8492fa07a80856c3c261f4d1513b9fa3506708c8c228fe17df151458","sourceIndex":"815","avBlockList":["360 Total Security (20240116)","Avast Premium Security (20240116)","AVG Internet Security (20240116)","Avira Internet Security (20240116)","Bitdefender Internet Security (20240116)","COMODO Antivirus (20240116)","Dr.Web Security Space (20240116)","ESET Internet Security (20240116)","G DATA INTERNET SECURITY (20240116)","K7 Total Security (20240116)","Kaspersky Internet Security (20240116)","Malwarebytes Premium (20240116)","McAfee Total Protection (20240116)","Norton Security (20240116)","Panda Dome (20240116)","Sophos Home Premium (20240116)","SpyHunter5 (20240116)","Total AV Antivirus Pro (20240116)","VIPRE Advanced Security (20240116)","VirIT eXplorer PRO (20240116)","Webroot SecureAnywhere (20240116)"],"avAllowList":["Quick Heal Internet Security (20240116)","Trend Micro Internet Security (20240116)","Windows Defender (20240116)"]},{"isRevoked":"False","fileName":"videotoaudioconverter_231031.exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"277f0ee1f36a75e7f06d6071a32a29ed","hashSHA1":"be3f06b8d0d3f414edb41573b019ad50b737423b","hashSHA256":"a2235accb52cc1ca449ef2004968caa5742219461a583997d321eac7c74265da","sourceIndex":"815","avBlockList":["360 Total Security (20240118)","Avast Premium Security (20240118)","AVG Internet Security (20240118)","Avira Internet Security (20240118)","Bitdefender Internet Security (20240118)","COMODO Antivirus (20240118)","Dr.Web Security Space (20240118)","ESET Internet Security (20240118)","G DATA INTERNET SECURITY (20240118)","K7 Total Security (20240118)","Kaspersky Internet Security (20240118)","Malwarebytes Premium (20240118)","McAfee Total Protection (20240118)","Norton Security (20240118)","Panda Dome (20240118)","Quick Heal Internet Security (20240118)","Sophos Home Premium (20240118)","SpyHunter5 (20240118)","Total AV Antivirus Pro (20240118)","VIPRE Advanced Security (20240118)","VirIT eXplorer PRO (20240118)","Webroot SecureAnywhere (20240118)"],"avAllowList":["Trend Micro Internet Security (20240118)","Windows Defender (20240118)"]},{"isRevoked":"False","fileName":"videowatermark_231031.exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"3847876eeb6fd8560f2819ba793a805e","hashSHA1":"fc80dba6b7c89327dfecc5b5f460e69ead57251e","hashSHA256":"bb9a5c4b2d35dc100659d9f376398dd45828f8f96282f2cf3dda0b2406d08a50","sourceIndex":"815","avBlockList":["360 Total Security (20240118)","Avast Premium Security (20240118)","AVG Internet Security (20240118)","Avira Internet Security (20240118)","Bitdefender Internet Security (20240118)","COMODO Antivirus (20240118)","Dr.Web Security Space (20240118)","ESET Internet Security (20240118)","G DATA INTERNET SECURITY (20240118)","K7 Total Security (20240118)","Kaspersky Internet Security (20240118)","Malwarebytes Premium (20240118)","McAfee Total Protection (20240118)","Norton Security (20240118)","Panda Dome (20240118)","Quick Heal Internet Security (20240118)","Sophos Home Premium (20240118)","SpyHunter5 (20240118)","Total AV Antivirus Pro (20240118)","VIPRE Advanced Security (20240118)","VirIT eXplorer PRO (20240118)","Webroot SecureAnywhere (20240118)"],"avAllowList":["Trend Micro Internet Security (20240118)","Windows Defender (20240118)"]},{"isRevoked":"False","fileName":"wmv3gpconverter_231031.exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"2a82a8e6b40b6103d59272b90a179ffa","hashSHA1":"9877d52b74875e955b2c84537fa99506669d4844","hashSHA256":"a055ae166e690df2317aca47c31ba9ee494eacbd17326da3406ad60ddf27ba8f","sourceIndex":"815","avBlockList":["360 Total Security (20240118)","Avast Premium Security (20240118)","AVG Internet Security (20240118)","Avira Internet Security (20240118)","Bitdefender Internet Security (20240118)","COMODO Antivirus (20240118)","Dr.Web Security Space (20240118)","ESET Internet Security (20240118)","G DATA INTERNET SECURITY (20240118)","K7 Total Security (20240118)","Kaspersky Internet Security (20240118)","Malwarebytes Premium (20240118)","McAfee Total Protection (20240118)","Norton Security (20240118)","Panda Dome (20240118)","Sophos Home Premium (20240118)","SpyHunter5 (20240118)","Total AV Antivirus Pro (20240118)","VIPRE Advanced Security (20240118)","VirIT eXplorer PRO (20240118)"],"avAllowList":["Quick Heal Internet Security (20240118)","Trend Micro Internet Security (20240118)","Webroot SecureAnywhere (20240118)","Windows Defender (20240118)"]},{"isRevoked":"False","fileName":"wmvmp4converter_231031.exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"ef9a2b675641c5e272b7f8bba02e22b1","hashSHA1":"d820b8741c34ed6d2ad86b864d726f3d95bc3806","hashSHA256":"1c192299bee5fd35c0e5755d1e075c4c167120ac7662ce3f9902907e8ff53305","sourceIndex":"815","avBlockList":["360 Total Security (20240118)","Avast Premium Security (20240118)","AVG Internet Security (20240118)","Avira Internet Security (20240118)","Bitdefender Internet Security (20240118)","COMODO Antivirus (20240118)","Dr.Web Security Space (20240118)","ESET Internet Security (20240118)","G DATA INTERNET SECURITY (20240118)","K7 Total Security (20240118)","Kaspersky Internet Security (20240118)","Malwarebytes Premium (20240118)","McAfee Total Protection (20240118)","Norton Security (20240118)","Panda Dome (20240118)","Quick Heal Internet Security (20240118)","Sophos Home Premium (20240118)","SpyHunter5 (20240118)","Total AV Antivirus Pro (20240118)","VIPRE Advanced Security (20240118)","VirIT eXplorer PRO (20240118)","Webroot SecureAnywhere (20240118)"],"avAllowList":["Trend Micro Internet Security (20240118)","Windows Defender (20240118)"]},{"isRevoked":"False","fileName":"xboxvideoconverter_231031.exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"c34b49692702302d461d78e7fb4fa684","hashSHA1":"60999510c0e4b516709d3645e72801742bd50297","hashSHA256":"407fb9d4ed07434fdd2a5d8091c292b3e86363778745ad3df6b52e7b929415a3","sourceIndex":"815","avBlockList":["360 Total Security (20240118)","Avast Premium Security (20240118)","AVG Internet Security (20240118)","Avira Internet Security (20240118)","Bitdefender Internet Security (20240118)","COMODO Antivirus (20240118)","Dr.Web Security Space (20240118)","ESET Internet Security (20240118)","G DATA INTERNET SECURITY (20240118)","K7 Total Security (20240118)","Kaspersky Internet Security (20240118)","Malwarebytes Premium (20240118)","McAfee Total Protection (20240118)","Norton Security (20240118)","Panda Dome (20240118)","Quick Heal Internet Security (20240118)","Sophos Home Premium (20240118)","SpyHunter5 (20240118)","Total AV Antivirus Pro (20240118)","VIPRE Advanced Security (20240118)","VirIT eXplorer PRO (20240118)","Webroot SecureAnywhere (20240118)"],"avAllowList":["Trend Micro Internet Security (20240118)","Windows Defender (20240118)"]},{"isRevoked":"False","fileName":"xvidconverter_231031.exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"7905f2b8112c5991d3f94395f124d7f6","hashSHA1":"98c81931f2fb4baeb06f044657afeac07c8a8f10","hashSHA256":"9b7386bd4bca5835435d4f3102833471f5a14c4392e983f1885c1e145f9692a4","sourceIndex":"815","avBlockList":["360 Total Security (20240118)","Avast Premium Security (20240118)","AVG Internet Security (20240118)","Avira Internet Security (20240118)","Bitdefender Internet Security (20240118)","COMODO Antivirus (20240118)","Dr.Web Security Space (20240118)","ESET Internet Security (20240118)","G DATA INTERNET SECURITY (20240118)","K7 Total Security (20240118)","Kaspersky Internet Security (20240118)","Malwarebytes Premium (20240118)","McAfee Total Protection (20240118)","Norton Security (20240118)","Panda Dome (20240118)","Quick Heal Internet Security (20240118)","Sophos Home Premium (20240118)","SpyHunter5 (20240118)","Total AV Antivirus Pro (20240118)","VIPRE Advanced Security (20240118)","VirIT eXplorer PRO (20240118)","Webroot SecureAnywhere (20240118)"],"avAllowList":["Trend Micro Internet Security (20240118)","Windows Defender (20240118)"]},{"isRevoked":"False","fileName":"zunevideoconverter_231031.exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"b61122bf8b968098e95c9f2aa6ba1cda","hashSHA1":"00c481d60c6554cbc4f5df605f2f57afd1b2c0d1","hashSHA256":"eb92703fe74e71b9e8e0f4b81415ecd0ce746f9698beb295b23ff316322c2241","sourceIndex":"815","avBlockList":["360 Total Security (20240118)","Avast Premium Security (20240118)","AVG Internet Security (20240118)","Avira Internet Security (20240118)","Bitdefender Internet Security (20240118)","COMODO Antivirus (20240118)","Dr.Web Security Space (20240118)","ESET Internet Security (20240118)","G DATA INTERNET SECURITY (20240118)","K7 Total Security (20240118)","Kaspersky Internet Security (20240118)","Malwarebytes Premium (20240118)","McAfee Total Protection (20240118)","Norton Security (20240118)","Panda Dome (20240118)","Quick Heal Internet Security (20240118)","Sophos Home Premium (20240118)","SpyHunter5 (20240118)","Total AV Antivirus Pro (20240118)","VIPRE Advanced Security (20240118)","VirIT eXplorer PRO (20240118)","Webroot SecureAnywhere (20240118)"],"avAllowList":["Trend Micro Internet Security (20240118)","Windows Defender (20240118)"]},{"isRevoked":"False","fileName":"movtoflvconverter_231031.exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"33b52c4d7d96c6e320fced94e7ceb53c","hashSHA1":"d297249921813045e73a351af70e32bcc2b8ad44","hashSHA256":"24e5cd4cfe8f68d9f31daf592c7490135ff22e5d8823aa9ba352224bdd064892","sourceIndex":"815","avBlockList":["360 Total Security (20240118)","Avast Premium Security (20240118)","AVG Internet Security (20240118)","Avira Internet Security (20240118)","Bitdefender Internet Security (20240118)","COMODO Antivirus (20240118)","Dr.Web Security Space (20240118)","ESET Internet Security (20240118)","G DATA INTERNET SECURITY (20240118)","K7 Total Security (20240118)","Kaspersky Internet Security (20240118)","Malwarebytes Premium (20240118)","McAfee Total Protection (20240118)","Norton Security (20240118)","Panda Dome (20240118)","Sophos Home Premium (20240118)","SpyHunter5 (20240118)","Total AV Antivirus Pro (20240118)","VIPRE Advanced Security (20240118)","VirIT eXplorer PRO (20240118)"],"avAllowList":["Quick Heal Internet Security (20240118)","Trend Micro Internet Security (20240118)","Webroot SecureAnywhere (20240118)","Windows Defender (20240118)"]},{"isRevoked":"False","fileName":"movtomp4converter_231031.exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"2eb566d4304adcd788c0d0e982a11241","hashSHA1":"d77962ee0e3a44fa4efeeb5c2d0d23a4756d362b","hashSHA256":"d8faf14c2ff9ab2f92e6b85dbdba2e9d549e80af871f497304eeecc7159994f9","sourceIndex":"815","avBlockList":["360 Total Security (20240118)","Avast Premium Security (20240118)","AVG Internet Security (20240118)","Avira Internet Security (20240118)","Bitdefender Internet Security (20240118)","COMODO Antivirus (20240118)","Dr.Web Security Space (20240118)","ESET Internet Security (20240118)","G DATA INTERNET SECURITY (20240118)","K7 Total Security (20240118)","Kaspersky Internet Security (20240118)","Malwarebytes Premium (20240118)","McAfee Total Protection (20240118)","Norton Security (20240118)","Panda Dome (20240118)","Quick Heal Internet Security (20240118)","Sophos Home Premium (20240118)","SpyHunter5 (20240118)","Total AV Antivirus Pro (20240118)","VIPRE Advanced Security (20240118)","VirIT eXplorer PRO (20240118)"],"avAllowList":["Trend Micro Internet Security (20240118)","Webroot SecureAnywhere (20240118)","Windows Defender (20240118)"]},{"isRevoked":"False","fileName":"mp4toaviconverter_231031.exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"dfb87e75c82f0dc9bfd64df9b66be773","hashSHA1":"33f650089359eda59b38ca46c5ab325b346e6f83","hashSHA256":"048bfb4f7637e4e33250049aac094fbeb2b19732190f014d25864ee94cba8734","sourceIndex":"815","avBlockList":["360 Total Security (20240118)","Avast Premium Security (20240118)","AVG Internet Security (20240118)","Avira Internet Security (20240118)","Bitdefender Internet Security (20240118)","COMODO Antivirus (20240118)","Dr.Web Security Space (20240118)","ESET Internet Security (20240118)","G DATA INTERNET SECURITY (20240118)","K7 Total Security (20240118)","Kaspersky Internet Security (20240118)","Malwarebytes Premium (20240118)","McAfee Total Protection (20240118)","Norton Security (20240118)","Panda Dome (20240118)","Sophos Home Premium (20240118)","SpyHunter5 (20240118)","Total AV Antivirus Pro (20240118)","VIPRE Advanced Security (20240118)","VirIT eXplorer PRO (20240118)","Webroot SecureAnywhere (20240118)"],"avAllowList":["Quick Heal Internet Security (20240118)","Trend Micro Internet Security (20240118)","Windows Defender (20240118)"]},{"isRevoked":"False","fileName":"mp4videoconverter_231031.exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"89edb66a387da97e38470d9bb976658f","hashSHA1":"eb75d53e56c93104cb3d919116ff376731b3389c","hashSHA256":"c4017cace6be1c5c80dfde9968f4cd29bc0ea539616607eaaf43c2473c6052c9","sourceIndex":"815","avBlockList":["360 Total Security (20240123)","Avast Premium Security (20240123)","AVG Internet Security (20240123)","Avira Internet Security (20240123)","Bitdefender Internet Security (20240123)","COMODO Antivirus (20240123)","Dr.Web Security Space (20240123)","ESET Internet Security (20240123)","G DATA INTERNET SECURITY (20240123)","K7 Total Security (20240123)","Kaspersky Internet Security (20240123)","Malwarebytes Premium (20240123)","McAfee Total Protection (20240123)","Norton Security (20240123)","Panda Dome (20240123)","Quick Heal Internet Security (20240123)","Sophos Home Premium (20240123)","SpyHunter5 (20240123)","Total AV Antivirus Pro (20240123)","VIPRE Advanced Security (20240123)","VirIT eXplorer PRO (20240123)","Webroot SecureAnywhere (20240123)"],"avAllowList":["Trend Micro Internet Security (20240123)","Windows Defender (20240123)"]},{"isRevoked":"False","fileName":"photoslideshow_231031.exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"4ce396a243569ec833ec8e039883557c","hashSHA1":"6e0e58d8d6ab4acf1cf8d9e5e63357aee1390616","hashSHA256":"4ee19ace952c8d0f0660eadd4fa89a0bfcb3f7409806375fef7d29db23fb36a9","sourceIndex":"815","avBlockList":["360 Total Security (20240123)","Avast Premium Security (20240123)","AVG Internet Security (20240123)","Avira Internet Security (20240123)","Bitdefender Internet Security (20240123)","COMODO Antivirus (20240123)","Dr.Web Security Space (20240123)","ESET Internet Security (20240123)","G DATA INTERNET SECURITY (20240123)","K7 Total Security (20240123)","Kaspersky Internet Security (20240123)","Malwarebytes Premium (20240123)","McAfee Total Protection (20240123)","Norton Security (20240123)","Panda Dome (20240123)","Sophos Home Premium (20240123)","SpyHunter5 (20240123)","Total AV Antivirus Pro (20240123)","VIPRE Advanced Security (20240123)","VirIT eXplorer PRO (20240123)","Webroot SecureAnywhere (20240123)"],"avAllowList":["Quick Heal Internet Security (20240123)","Trend Micro Internet Security (20240123)","Windows Defender (20240123)"]},{"isRevoked":"False","fileName":"pspvideoconverter_231031.exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"2bceac328c6ba40501da6c3219d289de","hashSHA1":"05a032597f021192451a21ec6ecc920067147bb8","hashSHA256":"e590e8f93f1119e25a51c3f45f3654abb16539290596da8051816056d315e8f6","sourceIndex":"815","avBlockList":["360 Total Security (20240123)","Avast Premium Security (20240123)","AVG Internet Security (20240123)","Avira Internet Security (20240123)","Bitdefender Internet Security (20240123)","COMODO Antivirus (20240123)","Dr.Web Security Space (20240123)","ESET Internet Security (20240123)","G DATA INTERNET SECURITY (20240123)","K7 Total Security (20240123)","Kaspersky Internet Security (20240123)","Malwarebytes Premium (20240123)","McAfee Total Protection (20240123)","Norton Security (20240123)","Panda Dome (20240123)","Quick Heal Internet Security (20240123)","Sophos Home Premium (20240123)","SpyHunter5 (20240123)","Total AV Antivirus Pro (20240123)","VIPRE Advanced Security (20240123)","VirIT eXplorer PRO (20240123)","Webroot SecureAnywhere (20240123)"],"avAllowList":["Trend Micro Internet Security (20240123)","Windows Defender (20240123)"]},{"isRevoked":"False","fileName":"screenrecorderfree_231031.exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"aefeee4174f0e8df7a8d6acf62f8295a","hashSHA1":"b27e13352a1e37610a29e47f1e00f6309aff39a9","hashSHA256":"c23b9e0165897362706a2d0db7a5cfddb73dd3f2e33522a032b80e6b2b5fa0e0","sourceIndex":"815","avBlockList":["360 Total Security (20240123)","Avast Premium Security (20240123)","AVG Internet Security (20240123)","Avira Internet Security (20240123)","Bitdefender Internet Security (20240123)","COMODO Antivirus (20240123)","Dr.Web Security Space (20240123)","ESET Internet Security (20240123)","G DATA INTERNET SECURITY (20240123)","K7 Total Security (20240123)","Kaspersky Internet Security (20240123)","Malwarebytes Premium (20240123)","McAfee Total Protection (20240123)","Norton Security (20240123)","Panda Dome (20240123)","Sophos Home Premium (20240123)","SpyHunter5 (20240123)","Total AV Antivirus Pro (20240123)","VIPRE Advanced Security (20240123)","VirIT eXplorer PRO (20240123)","Webroot SecureAnywhere (20240123)"],"avAllowList":["Quick Heal Internet Security (20240123)","Trend Micro Internet Security (20240123)","Windows Defender (20240123)"]},{"isRevoked":"False","fileName":"swfconverter_231031.exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"00ffa8a3e79f034480a76473a0683e73","hashSHA1":"eb45e4ea7d4e0eed07fdf2bf08f61688f5db4073","hashSHA256":"f6062e08f4b77140bbb670e0d10062f9aeba2a6a18c7c3b94ddcbf76216c21ac","sourceIndex":"815","avBlockList":["360 Total Security (20240123)","Avast Premium Security (20240123)","AVG Internet Security (20240123)","Avira Internet Security (20240123)","Bitdefender Internet Security (20240123)","COMODO Antivirus (20240123)","Dr.Web Security Space (20240123)","ESET Internet Security (20240123)","G DATA INTERNET SECURITY (20240123)","K7 Total Security (20240123)","Kaspersky Internet Security (20240123)","Malwarebytes Premium (20240123)","McAfee Total Protection (20240123)","Norton Security (20240123)","Panda Dome (20240123)","Quick Heal Internet Security (20240123)","Sophos Home Premium (20240123)","SpyHunter5 (20240123)","Total AV Antivirus Pro (20240123)","VIPRE Advanced Security (20240123)","VirIT eXplorer PRO (20240123)","Webroot SecureAnywhere (20240123)"],"avAllowList":["Trend Micro Internet Security (20240123)","Windows Defender (20240123)"]},{"isRevoked":"False","fileName":"videoaudiomergerfree_231031.exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"06442d1132b8658b9202c6865af89837","hashSHA1":"a8eee8f8f8abb0b89bfe7e6ea4f34e1034bf625d","hashSHA256":"e3bbf589a4a9d38e83acdc56aa25c55a69d28c7869ff2fcf24c4a1318ee638e6","sourceIndex":"815","avBlockList":["360 Total Security (20240123)","Avast Premium Security (20240123)","AVG Internet Security (20240123)","Avira Internet Security (20240123)","Bitdefender Internet Security (20240123)","COMODO Antivirus (20240123)","Dr.Web Security Space (20240123)","ESET Internet Security (20240123)","G DATA INTERNET SECURITY (20240123)","K7 Total Security (20240123)","Kaspersky Internet Security (20240123)","Malwarebytes Premium (20240123)","McAfee Total Protection (20240123)","Norton Security (20240123)","Panda Dome (20240123)","Quick Heal Internet Security (20240123)","Sophos Home Premium (20240123)","SpyHunter5 (20240123)","Total AV Antivirus Pro (20240123)","VIPRE Advanced Security (20240123)","VirIT eXplorer PRO (20240123)","Webroot SecureAnywhere (20240123)"],"avAllowList":["Trend Micro Internet Security (20240123)","Windows Defender (20240123)"]},{"isRevoked":"False","fileName":"videoconverter_231031.exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"ff3a6ede0d596bf928eb8171bcb781af","hashSHA1":"07a205d416274037969dd130a24aaec1939fd782","hashSHA256":"6ae35b55f10733fbc080a1d2b058abb138f6f08c62bea58adff4e3168293e3c1","sourceIndex":"815","avBlockList":["360 Total Security (20240123)","Avast Premium Security (20240123)","AVG Internet Security (20240123)","Avira Internet Security (20240123)","Bitdefender Internet Security (20240123)","COMODO Antivirus (20240123)","Dr.Web Security Space (20240123)","ESET Internet Security (20240123)","G DATA INTERNET SECURITY (20240123)","K7 Total Security (20240123)","Kaspersky Internet Security (20240123)","Malwarebytes Premium (20240123)","McAfee Total Protection (20240123)","Norton Security (20240123)","Panda Dome (20240123)","Quick Heal Internet Security (20240123)","Sophos Home Premium (20240123)","SpyHunter5 (20240123)","Total AV Antivirus Pro (20240123)","VIPRE Advanced Security (20240123)","VirIT eXplorer PRO (20240123)","Webroot SecureAnywhere (20240123)"],"avAllowList":["Trend Micro Internet Security (20240123)","Windows Defender (20240123)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt on Relevant Knowledge apps","reference":"","landingPage":"http://www.videotool.net/","directDownloadingLink":"http://www.videotool.net/products.htm","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://www.videotool.net/products.htm","sourceIndex":"815"}],"sampleFiles":["231114/VideotoolNetBundle-221026/4.8.0.16/Samples/appletvvideoconverter.exe","231114/VideotoolNetBundle-221026/4.8.0.16/Samples/audioconverter.exe","231114/VideotoolNetBundle-221026/4.8.0.16/Samples/audiomixer.exe","231114/VideotoolNetBundle-221026/4.8.0.16/Samples/aviconverter.exe","231114/VideotoolNetBundle-221026/4.8.0.16/Samples/avitomovconverter.exe","231114/VideotoolNetBundle-221026/4.8.0.16/Samples/avitoswfconverter.exe","231114/VideotoolNetBundle-221026/4.8.0.16/Samples/cutedvdripper.exe","231114/VideotoolNetBundle-221026/4.8.0.16/Samples/divxconverter.exe","231114/VideotoolNetBundle-221026/4.8.0.16/Samples/dvdto3gpconverter.exe","231114/VideotoolNetBundle-221026/4.8.0.16/Samples/dvdtoflvconverter.exe","231114/VideotoolNetBundle-221026/4.8.0.16/Samples/dvdtoiphoneconverter.exe","231114/VideotoolNetBundle-221026/4.8.0.16/Samples/dvdtoipodconverter.exe","231114/VideotoolNetBundle-221026/4.8.0.16/Samples/dvdtomkvconverter.exe","231114/VideotoolNetBundle-221026/4.8.0.16/Samples/dvdtomovconverter.exe","231114/VideotoolNetBundle-221026/4.8.0.16/Samples/dvdtomp4converter.exe","231114/VideotoolNetBundle-221026/4.8.0.16/Samples/dvdtopspconverter.exe","231114/VideotoolNetBundle-221026/4.8.0.16/Samples/dvdtoswfconverter.exe","231114/VideotoolNetBundle-221026/4.8.0.16/Samples/dvdtoxboxconverter.exe","231114/VideotoolNetBundle-221026/4.8.0.16/Samples/dvdtozuneconverter.exe","231114/VideotoolNetBundle-221026/4.8.0.16/Samples/flvstreamingvideo.exe","231114/VideotoolNetBundle-221026/4.8.0.16/Samples/flvtoswfconverter.exe","231114/VideotoolNetBundle-221026/4.8.0.16/Samples/flvvideoconverter.exe","231114/VideotoolNetBundle-221026/4.8.0.16/Samples/gifconverter.exe","231114/VideotoolNetBundle-221026/4.8.0.16/Samples/hdvideoconverter.exe","231114/VideotoolNetBundle-221026/4.8.0.16/Samples/iphonevideoconverter.exe","231114/VideotoolNetBundle-221026/4.8.0.16/Samples/ipodvideoconverter.exe","231114/VideotoolNetBundle-221026/4.8.0.16/Samples/mobilevideoconverter.exe","231114/VideotoolNetBundle-221026/4.8.0.16/Samples/movtoflvconverter.exe","231114/VideotoolNetBundle-221026/4.8.0.16/Samples/mp4toaviconverter.exe","231114/VideotoolNetBundle-221026/4.8.0.16/Samples/photoslideshow.exe","231114/VideotoolNetBundle-221026/4.8.0.16/Samples/pspvideoconverter.exe","231114/VideotoolNetBundle-221026/4.8.0.16/Samples/screenrecorderfree.exe","231114/VideotoolNetBundle-221026/4.8.0.16/Samples/swfconverter.exe","231114/VideotoolNetBundle-221026/4.8.0.16/Samples/videocutter.exe","231114/VideotoolNetBundle-221026/4.8.0.16/Samples/videodubfree.exe","231114/VideotoolNetBundle-221026/4.8.0.16/Samples/videotoaudioconverter.exe","231114/VideotoolNetBundle-221026/4.8.0.16/Samples/videowatermark.exe","231114/VideotoolNetBundle-221026/4.8.0.16/Samples/wmv3gpconverter.exe","231114/VideotoolNetBundle-221026/4.8.0.16/Samples/wmvmp4converter.exe","231114/VideotoolNetBundle-221026/4.8.0.16/Samples/xboxvideoconverter.exe","231114/VideotoolNetBundle-221026/4.8.0.16/Samples/xvidconverter.exe","231114/VideotoolNetBundle-221026/4.8.0.16/Samples/zunevideoconverter.exe","231114/VideotoolNetBundle-221026/4.8.0.16/Samples/3gpvideoconverter_231031.exe","231114/VideotoolNetBundle-221026/4.8.0.16/Samples/appletvvideoconverter_231031.exe","231114/VideotoolNetBundle-221026/4.8.0.16/Samples/audioconverter_231031.exe","231114/VideotoolNetBundle-221026/4.8.0.16/Samples/audiomixer_231031.exe","231114/VideotoolNetBundle-221026/4.8.0.16/Samples/aviconverter_231031.exe","231114/VideotoolNetBundle-221026/4.8.0.16/Samples/avitomovconverter_231031.exe","231114/VideotoolNetBundle-221026/4.8.0.16/Samples/avitoswfconverter_231031.exe","231114/VideotoolNetBundle-221026/4.8.0.16/Samples/cutedvdripper_231031.exe","231114/VideotoolNetBundle-221026/4.8.0.16/Samples/divxconverter_231031.exe","231114/VideotoolNetBundle-221026/4.8.0.16/Samples/dvdto3gpconverter_231031.exe","231114/VideotoolNetBundle-221026/4.8.0.16/Samples/dvdtoflvconverter_231031.exe","231114/VideotoolNetBundle-221026/4.8.0.16/Samples/dvdtoiphoneconverter_231031.exe","231114/VideotoolNetBundle-221026/4.8.0.16/Samples/dvdtoipodconverter_231031.exe","231114/VideotoolNetBundle-221026/4.8.0.16/Samples/dvdtomkvconverter_231031.exe","231114/VideotoolNetBundle-221026/4.8.0.16/Samples/dvdtomovconverter_231031.exe","231114/VideotoolNetBundle-221026/4.8.0.16/Samples/dvdtomp4converter_231031.exe","231114/VideotoolNetBundle-221026/4.8.0.16/Samples/dvdtopspconverter_231031.exe","231114/VideotoolNetBundle-221026/4.8.0.16/Samples/dvdtoswfconverter_231031.exe","231114/VideotoolNetBundle-221026/4.8.0.16/Samples/dvdtoxboxconverter_231031.exe","231114/VideotoolNetBundle-221026/4.8.0.16/Samples/dvdtozuneconverter_231031.exe","231114/VideotoolNetBundle-221026/4.8.0.16/Samples/flvstreamingvideo_231031.exe","231114/VideotoolNetBundle-221026/4.8.0.16/Samples/flvtoswfconverter_231031.exe","231114/VideotoolNetBundle-221026/4.8.0.16/Samples/flvvideoconverter_231031.exe","231114/VideotoolNetBundle-221026/4.8.0.16/Samples/gifconverter_231031.exe","231114/VideotoolNetBundle-221026/4.8.0.16/Samples/hdvideoconverter_231031.exe","231114/VideotoolNetBundle-221026/4.8.0.16/Samples/iphonevideoconverter_231031.exe","231114/VideotoolNetBundle-221026/4.8.0.16/Samples/ipodvideoconverter_231031.exe","231114/VideotoolNetBundle-221026/4.8.0.16/Samples/mkvconverter_231031.exe","231114/VideotoolNetBundle-221026/4.8.0.16/Samples/mobilevideoconverter_231031.exe","231114/VideotoolNetBundle-221026/4.8.0.16/Samples/movconverter_231031.exe","231114/VideotoolNetBundle-221026/4.8.0.16/Samples/videoconverterfree_231031.exe","231114/VideotoolNetBundle-221026/4.8.0.16/Samples/videocutter_231031.exe","231114/VideotoolNetBundle-221026/4.8.0.16/Samples/videodubfree_231031.exe","231114/VideotoolNetBundle-221026/4.8.0.16/Samples/videojoiner_231031.exe","231114/VideotoolNetBundle-221026/4.8.0.16/Samples/videotoaudioconverter_231031.exe","231114/VideotoolNetBundle-221026/4.8.0.16/Samples/videowatermark_231031.exe","231114/VideotoolNetBundle-221026/4.8.0.16/Samples/wmv3gpconverter_231031.exe","231114/VideotoolNetBundle-221026/4.8.0.16/Samples/wmvmp4converter_231031.exe","231114/VideotoolNetBundle-221026/4.8.0.16/Samples/xboxvideoconverter_231031.exe","231114/VideotoolNetBundle-221026/4.8.0.16/Samples/xvidconverter_231031.exe","231114/VideotoolNetBundle-221026/4.8.0.16/Samples/zunevideoconverter_231031.exe","231114/VideotoolNetBundle-221026/4.8.0.16/Samples/movtoflvconverter_231031.exe","231114/VideotoolNetBundle-221026/4.8.0.16/Samples/movtomp4converter_231031.exe","231114/VideotoolNetBundle-221026/4.8.0.16/Samples/mp4toaviconverter_231031.exe","231114/VideotoolNetBundle-221026/4.8.0.16/Samples/mp4videoconverter_231031.exe","231114/VideotoolNetBundle-221026/4.8.0.16/Samples/photoslideshow_231031.exe","231114/VideotoolNetBundle-221026/4.8.0.16/Samples/pspvideoconverter_231031.exe","231114/VideotoolNetBundle-221026/4.8.0.16/Samples/screenrecorderfree_231031.exe","231114/VideotoolNetBundle-221026/4.8.0.16/Samples/swfconverter_231031.exe","231114/VideotoolNetBundle-221026/4.8.0.16/Samples/videoaudiomergerfree_231031.exe","231114/VideotoolNetBundle-221026/4.8.0.16/Samples/videoconverter_231031.exe"],"imageFiles":["231114/VideotoolNetBundle-221026/4.8.0.16/Images/ACR-109/ACR-109_Install_1.png","231114/VideotoolNetBundle-221026/4.8.0.16/Images/ACR-109/ACR-109.JPG","231114/VideotoolNetBundle-221026/4.8.0.16/Images/ACR-010/ACR-010_Install_1.png","231114/VideotoolNetBundle-221026/4.8.0.16/Images/ACR-010/ACR-010.JPG","231114/VideotoolNetBundle-221026/4.8.0.16/Images/ACR-013/ACR-013_Install_1.png","231114/VideotoolNetBundle-221026/4.8.0.16/Images/ACR-103/ACR-103_Software_1.png","231114/VideotoolNetBundle-221026/4.8.0.16/Images/ACR-103/ACR-103.JPG","231114/VideotoolNetBundle-221026/4.8.0.16/Images/ACR-118/ACR-118_Uninstall_1.png","231114/VideotoolNetBundle-221026/4.8.0.16/Images/ACR-118/ACR-118_Uninstall_2.png","231114/VideotoolNetBundle-221026/4.8.0.16/Images/ACR-118/ACR-118_Uninstall_3.png","231114/VideotoolNetBundle-221026/4.8.0.16/Images/ACR-118/ACR-118.JPG","231114/VideotoolNetBundle-221026/4.8.0.16/Images/ACR-118/ACR-118_1.JPG","231114/VideotoolNetBundle-221026/4.8.0.16/Images/ACR-057/ACR-057_Bundler-made offers_1.png","231114/VideotoolNetBundle-221026/4.8.0.16/Images/ACR-059/ACR-059_Bundler-made offers_1.png","231114/VideotoolNetBundle-221026/4.8.0.16/Images/ACR-059/ACR-059.JPG","231114/VideotoolNetBundle-221026/4.8.0.16/Images/ACR-071/ACR-071_Bundler-made offers_1.png","231114/VideotoolNetBundle-221026/4.8.0.16/Images/ACR-155/ACR-155_Bundler-made offers_1.png","231114/VideotoolNetBundle-221026/4.8.0.16/Images/ACR-155/ACR-155.JPG","231114/VideotoolNetBundle-221026/4.8.0.16/Images/ACR-060/ACR-060_Bundler-made offers_1.png"],"nonDeceptorImageFiles":["231114/VideotoolNetBundle-221026/4.8.0.16/Images/ACR-106/ACR-106_Software_1.png","231114/VideotoolNetBundle-221026/4.8.0.16/Images/ACR-106/ACR-106.JPG","231114/VideotoolNetBundle-221026/4.8.0.16/Images/ACR-092/ACR-092_Software_1.png","231114/VideotoolNetBundle-221026/4.8.0.16/Images/ACR-092/ACR-092.JPG","231114/VideotoolNetBundle-221026/4.8.0.16/Images/ACR-123/ACR-123_Uninstall_1.png","231114/VideotoolNetBundle-221026/4.8.0.16/Images/ACR-123/ACR-123_Uninstall_2.png","231114/VideotoolNetBundle-221026/4.8.0.16/Images/ACR-123/ACR-123_Uninstall_3.png"],"guid":"6604dee1-ca7d-4895-b842-234c87382b48_4.8.0.16_1","appID":"VideotoolNetBundle-221026","dateAdded":"231114","deceptorType":"Bundler","name":"Videotool Net Bundle","company":"Videotool.NET","version":"4.8.0.16","lastKnownStatus":"4.8.0.16","lastKnownDate":"231114","type":"Windows Executable","category":"Media editors, Media players, SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2023-11-15T05:21:22.1618166+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":809},{"violations":{"ACR-109":"At installation, the app also suggest installing a Chrome Extension \"OrangeMonkey\" without prior acceptance or agreement during the installation process.\n","ACR-042":"A Chrome Extension \"OrangeMonkey\" was installed as an added feature without obtaining clear and explicit permission from the user at installation.\n\n","ACR-046":"The third party extension OrangeMonkey is automatically installed on the computer without providing distinct disclosure and option at installation. \n","ACR-048":"Application can't be uninstalled via standard platform interface (control panel-> programs ->uninstall a program)\n","ACR-055":"No decline option was provided at installation.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"SF-Helper-%5B5534474486e3b869%23403%23%5D.exe","isInstaller":"True","companyName":"32/05 team","fileVersion":"1.7","hashMD5":"cb7540975a2d1643707fa30760b36c7b","hashSHA1":"5ae5cd61058dd0979e2c898bda1b07d26d041f3f","hashSHA256":"9c44660a837beaed12beb9cb626ee2886910adefe044f269240a1e2db1ee6dbf","digitalCertThumbprint":"E46AC86AFC42FAC20875BAF04DF391B875DD3DFD","digitalCertIssuer":"CN=GlobalSign GCC R45 EV CodeSigning CA 2020, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"E=itproddev@gmail.com, CN=IT PRODUCT DEVELOPMENT LLC, O=IT PRODUCT DEVELOPMENT LLC, STREET=\"Avenue Sredny V.O, 85U room 57-N, room 7\", L=Saint Petersburg, S=Saint Petersburg, C=RU, OID.1.3.6.1.4.1.311.60.2.1.2=Saint Petersburg, OID.1.3.6.1.4.1.311.60.2.1.3=RU, SERIALNUMBER=1197847203014, OID.2.5.4.15=Private Organization","sourceIndex":"816","avBlockList":["Avast Premium Security (20240123)","AVG Internet Security (20240123)","Avira Internet Security (20240123)","COMODO Antivirus (20240123)","ESET Internet Security (20240123)","K7 Total Security (20240123)","Malwarebytes Premium (20240123)","McAfee Total Protection (20240123)","Norton Security (20240123)","Panda Dome (20240123)","Quick Heal Internet Security (20240123)","Sophos Home Premium (20240123)","SpyHunter5 (20240123)","Total AV Antivirus Pro (20240123)","Trend Micro Internet Security (20240123)","VirIT eXplorer PRO (20240123)","Webroot SecureAnywhere (20240123)","Windows Defender (20240123)"],"avAllowList":["360 Total Security (20240123)","Bitdefender Internet Security (20240123)","Dr.Web Security Space (20240123)","G DATA INTERNET SECURITY (20240123)","Kaspersky Internet Security (20240123)","VIPRE Advanced Security (20240123)"]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"","landingPage":"https://en.savefrom.net","directDownloadingLink":"https://sf-helper.net/dist/2023-06-08/SF-Helper.exe?vid=403&uid=5534474486e3b869&t=1699269379","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://sf-helper.net/dist/2023-06-08/SF-Helper.exe?vid=403&uid=5534474486e3b869&t=1699269379","sourceIndex":"816"}],"sampleFiles":["231110/SavefromHelper-231106/1.7.0.1/Samples/SF-Helper-%5B5534474486e3b869%23403%23%5D.exe"],"imageFiles":["231110/SavefromHelper-231106/1.7.0.1/Images/ACR-109/Agreement.jpg","231110/SavefromHelper-231106/1.7.0.1/Images/ACR-109/OrangeMonkey.jpg","231110/SavefromHelper-231106/1.7.0.1/Images/ACR-109/OrangeMonkey1.jpg","231110/SavefromHelper-231106/1.7.0.1/Images/ACR-046/Agreement.jpg","231110/SavefromHelper-231106/1.7.0.1/Images/ACR-046/OrangeMonkey.jpg","231110/SavefromHelper-231106/1.7.0.1/Images/ACR-046/OrangeMonkey1.jpg","231110/SavefromHelper-231106/1.7.0.1/Images/ACR-055/Agreement.jpg","231110/SavefromHelper-231106/1.7.0.1/Images/ACR-042/Agreement.jpg","231110/SavefromHelper-231106/1.7.0.1/Images/ACR-042/OrangeMonkey.jpg","231110/SavefromHelper-231106/1.7.0.1/Images/ACR-042/OrangeMonkey1.jpg"],"nonDeceptorImageFiles":[],"guid":"460a5310-2ec2-4b97-aedd-41cbf90013c8_1.7.0.1_1","appID":"SavefromHelper-231106","dateAdded":"231110","deceptorType":"App","name":"Savefrom.net Helper","company":"32/05 team","version":"1.7.0.1","lastKnownStatus":"1.7.0.1","lastKnownDate":"231110","type":"Windows Executable","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","lastUpdate":"2023-11-10T21:19:47.8801477+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":810},{"violations":{"ACR-042":"The app installs \"MAGIX Screenshare\" without obtaining the consumer's permission through explicit user action.\n","ACR-043":"Another app named MAGIX Screenshare was installed without disclosure.\n","ACR-003":"The app utilizes the word \"Problem\" in red color to a scan result that cannot be substantiated.\n","ACR-004":"The app uses alarming red and other traffic light colors to differentiate scan results , raising misleading sense of priority to the user. Scan results cannot be substantiated.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"PC_Check_Tuning_Free_2011_DM.exe","isInstaller":"True","companyName":"MAGIX AG","fileVersion":"1.0","hashMD5":"49fed184017f961de50b0496c8aae447","hashSHA1":"fbd332a8da82cdbe9909823fb76049f90a3dd3eb","hashSHA256":"5b3e595d8ce13d578ded0a321dff354d09db1a456de18ab533957a4f19d936b2","digitalCertThumbprint":"D0B7F7021AE4CD7F80661F318410E7A8070C7B64","digitalCertIssuer":"CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O=\"VeriSign, Inc.\", C=US","digitalCertIssuedTo":"CN=Magix AG, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Magix AG, S=Berlin, C=DE","sourceIndex":"258","avBlockList":["Avast Premium Security (20240123)","AVG Internet Security (20240123)","Avira Internet Security (20240123)","ESET Internet Security (20240123)","G DATA INTERNET SECURITY (20240123)","K7 Total Security (20240123)","Malwarebytes Premium (20240123)","Norton Security (20240123)","Quick Heal Internet Security (20240123)","Sophos Home Premium (20240123)","SpyHunter5 (20240123)","Total AV Antivirus Pro (20240123)","VirIT eXplorer PRO (20240123)"],"avAllowList":["360 Total Security (20240123)","Bitdefender Internet Security (20240123)","COMODO Antivirus (20240123)","Dr.Web Security Space (20240123)","Kaspersky Internet Security (20240123)","McAfee Total Protection (20240123)","Panda Dome (20240123)","Trend Micro Internet Security (20240123)","VIPRE Advanced Security (20240123)","Webroot SecureAnywhere (20240123)","Windows Defender (20240123)"]},{"isRevoked":"False","fileName":"TuningStart.EXE","companyName":"MAGIX AG","fileVersion":"6.0","hashMD5":"1ddd6c4c5cfeada3b6979421d168e93b","hashSHA1":"c0148ebc4b1804cfc010c7995212912970a0aec5","hashSHA256":"ad2dc19220b5bb5faff87ba9804c373a8f24ab96811d1c0c8db19900539a282d","digitalCertThumbprint":"E688AF90ADEE80DE60BEEC34F5893350795C27B3","digitalCertIssuer":"CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O=\"VeriSign, Inc.\", C=US","digitalCertIssuedTo":"CN=Magix AG, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Magix AG, S=Berlin, C=DE","sourceIndex":"258","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"","landingPage":"https://www.computerbild.de/download/Magix-PC-Check-Tuning-Free-5291351.html","directDownloadingLink":"https://d.computerbild.de/downloads/2971313/PC_Check_Tuning_Free_2011_DM.exe?__cbodl__=1699349120_b1b84d08e4d8ef0c5c7abfa9847f0900&_chksum_=49fed184017f961de50b0496c8aae447","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://d.computerbild.de/downloads/2971313/PC_Check_Tuning_Free_2011_DM.exe?__cbodl__=1699349120_b1b84d08e4d8ef0c5c7abfa9847f0900&_chksum_=49fed184017f961de50b0496c8aae447","sourceIndex":"258"}],"sampleFiles":["231108/MAGICPCCheckAndTuning-231107/6.0.403.1052/Samples/PC_Check_Tuning_Free_2011_DM.exe","231108/MAGICPCCheckAndTuning-231107/6.0.403.1052/Samples/TuningStart.exe"],"imageFiles":["231108/MAGICPCCheckAndTuning-231107/6.0.403.1052/Images/ACR-043/M_Screenshare.jpg","231108/MAGICPCCheckAndTuning-231107/6.0.403.1052/Images/ACR-042/M_Screenshare.jpg","231108/MAGICPCCheckAndTuning-231107/6.0.403.1052/Images/ACR-004/ACR-004.jpg","231108/MAGICPCCheckAndTuning-231107/6.0.403.1052/Images/ACR-004/ACR-004_.jpg","231108/MAGICPCCheckAndTuning-231107/6.0.403.1052/Images/ACR-003/ACR-004.jpg"],"nonDeceptorImageFiles":[],"guid":"0d22b999-69b6-43a1-bfd0-842ae28e1dd4_6.0.403.1052_1","appID":"MAGICPCCheckAndTuning-231107","dateAdded":"231108","deceptorType":"App","name":"MAGIX PC Check & Tuning","company":"MAGIX AG","version":"6.0.403.1052","lastKnownStatus":"6.0.403.1052","lastKnownDate":"250102","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2025-01-02T19:09:25.4733596+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":811},{"violations":{"ACR-109":"The app installs \"Bonjour\", an Apple Inc. application without the consumer's consent.\n","ACR-042":"1. Some of the third-party components get dropped immediately after executing the installer, without the user's permission. Components are dropped before accepting the license agreement.\n2. App initiates network communications with 3rd party offer provider before obtaining user consent.\n3. The app installs \"Bonjour\", an Apple Inc. application without disclosing it to the user and gets user consent. \n","ACR-043":"1. Some of the third-party components get dropped immediately after executing the installer, without the user's permission. Components are dropped before accepting the license agreement.\n2. The app installs \"Bonjour\", an Apple Inc. application without disclosing it to the user and gets user consent. \n","ACR-048":"The app does not provide control to cancel the installation process.\nThe app does not provide any control to remove the background processes within the app settings\n","ACR-084":"On closing the app, the application doesn't exit completely. It runs silently in the background, hiding the fact that it is active from the consumer without any notification.\n","ACR-097":"The app adds a \"Bonjour Service\" exception to the Windows firewall to evade the default system security guard.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components along with the \"Bonjour\" service application on the device without the consumer's consent. \n","ACR-039":"The app installs another app named \"Bonjour\", an Apple Inc. application without disclosing it to the user and its clear relationship to the main app installed. \n"},"nonDeceptorViolations":{"ACR-123":"The app does not remove the installed \"Bonjour\" service application even after uninstalling.\n"},"samples":[{"isRevoked":"False","fileName":"EpocCam 3.4.0.exe","isInstaller":"True","companyName":"NF001","productName":"Nearfile","productVersion":"7.14.2.0","fileVersion":"1.0.0.6608","hashMD5":"dbad26f300df922f1f04ec9c99d1c044","hashSHA1":"77ecd6c3b551aa01d4545de0d687f6d536d7affc","hashSHA256":"0352d0f3617da798c098b4638be2c5fc93178ddde3010dfced2fae43425aef30","digitalCertThumbprint":"39A4848ECEFD4F052A01F890AFD400C307AF7D77","digitalCertIssuer":"Entrust Extended Validation Code Signing CA - EVCS2","digitalCertIssuedTo":"6785719 Canada Inc.","storeId":"","sourceIndex":"819","avBlockList":["Bitdefender Internet Security (20231116)","COMODO Antivirus (20231116)","Dr.Web Security Space (20231116)","ESET Internet Security (20231116)","K7 Total Security (20231116)","Malwarebytes Premium (20231116)","McAfee Total Protection (20231116)","Norton Security (20231116)","Panda Dome (20231116)","Sophos Home Premium (20231116)","SpyHunter5 (20231116)","VirIT eXplorer PRO (20231116)","Webroot SecureAnywhere (20231116)"],"avAllowList":["360 Total Security (20231116)","Avast Premium Security (20231116)","AVG Internet Security (20231116)","Avira Internet Security (20231116)","G DATA INTERNET SECURITY (20231116)","Kaspersky Internet Security (20231116)","Quick Heal Internet Security (20231116)","Total AV Antivirus Pro (20231116)","Trend Micro Internet Security (20231116)","VIPRE Advanced Security (20231116)","Windows Defender (20231116)"]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt","reference":"","landingPage":"https://nearfile.com/epoccam/","directDownloadingLink":"https://nearfile.com/download/epoccam/","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://nearfile.com/download/epoccam/","sourceIndex":"819"}],"sampleFiles":["231106/EpocCam-231016/3.4.0/Samples/EpocCam 3.4.0.exe"],"imageFiles":["231106/EpocCam-231016/3.4.0/Images/ACR-109/ACR-109.JPG","231106/EpocCam-231016/3.4.0/Images/ACR-039/ACR-039.JPG","231106/EpocCam-231016/3.4.0/Images/ACR-043/ACR-043.JPG","231106/EpocCam-231016/3.4.0/Images/ACR-043/ACR-043(1).JPG","231106/EpocCam-231016/3.4.0/Images/ACR-042/ACR-042.JPG","231106/EpocCam-231016/3.4.0/Images/ACR-042/ACR-042_1.JPG","231106/EpocCam-231016/3.4.0/Images/ACR-042/ACR-042(1).JPG","231106/EpocCam-231016/3.4.0/Images/ACR-048/ACR-048.JPG","231106/EpocCam-231016/3.4.0/Images/ACR-084/ACR-084.JPG","231106/EpocCam-231016/3.4.0/Images/ACR-097/ACR-097_Software_1.png","231106/EpocCam-231016/3.4.0/Images/ACR-048/ACR-048_1.JPG","231106/EpocCam-231016/3.4.0/Images/ACR-118/ACR-118.JPG","231106/EpocCam-231016/3.4.0/Images/ACR-118/ACR-118_1.JPG","231106/EpocCam-231016/3.4.0/Images/ACR-118/ACR-118_2.JPG"],"nonDeceptorImageFiles":["231106/EpocCam-231016/3.4.0/Images/ACR-123/ACR-123.JPG","231106/EpocCam-231016/3.4.0/Images/ACR-123/ACR-123_1.JPG"],"guid":"b8fcc7a3-2a81-4a45-a1a0-99073177846c_3.4.0_1","appID":"EpocCam-231016","dateAdded":"231106","deceptorType":"Bundler","name":"EpocCam","company":"Elgato","version":"3.4.0","lastKnownStatus":"3.4.0","lastKnownDate":"231106","type":"Windows Executable","category":"Bundlers & Downloaders, SysTools & Utilities","targetOS":"Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"inject ads","lastUpdate":"2023-11-08T21:06:53.2107035+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":812},{"violations":{"ACR-042":"App drops potential offer app info in hidden folder without user permission.\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software.\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software.\n","ACR-075":"Yandex offer is still downloaded and installed despite unchecking during installation.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"ABViewer.exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"ab3bd1fa34817eee23d637aa5e816e0e","hashSHA1":"3a1c613eda6dd4dfe26f9b208625d7242767afa4","hashSHA256":"f6c401f362716aadccc56ef1e35fb2dbba893a4d699a8b337e2aaac8da911d23","digitalCertThumbprint":"8222EAB8AE1D7CB69EB6D497A2B63E5E5DBCF8E9","digitalCertIssuer":"CN=GlobalSign GCC R45 EV CodeSigning CA 2020, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"E=ap@maombi.com, CN=LLC Maombi Ru, O=LLC Maombi Ru, STREET=\"ul Presnenskiy Val, 27 / str 9 pomeshch. III Chast Komnaty 5\", L=Moscow, S=Moscow, C=RU, OID.1.3.6.1.4.1.311.60.2.1.2=Moscow, OID.1.3.6.1.4.1.311.60.2.1.3=RU, SERIALNUMBER=1177746572684, OID.2.5.4.15=Private Organization","sourceIndex":"842","avBlockList":["Avast Premium Security (20231102)","AVG Internet Security (20231102)","Avira Internet Security (20231102)","ESET Internet Security (20231102)","K7 Total Security (20231102)","Kaspersky Internet Security (20231102)","Norton Security (20231102)","Panda Dome (20231102)","Sophos Home Premium (20231102)","SpyHunter5 (20231102)","Total AV Antivirus Pro (20231102)","VirIT eXplorer PRO (20231102)","Webroot SecureAnywhere (20231102)"],"avAllowList":["360 Total Security (20231102)","Bitdefender Internet Security (20231102)","COMODO Antivirus (20231102)","Dr.Web Security Space (20231102)","G DATA INTERNET SECURITY (20231102)","Malwarebytes Premium (20231102)","McAfee Total Protection (20231102)","Quick Heal Internet Security (20231102)","Trend Micro Internet Security (20231102)","VIPRE Advanced Security (20231102)","Windows Defender (20231102)"]},{"isRevoked":"False","fileName":"Ad_Muncher.exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"d9c8dc6a68624235d040f8b4130f0dc7","hashSHA1":"e4c3046bf8fdde8fabdd653145eb7eb1484f3717","hashSHA256":"60aef716cbc4c846155c9fb34842470275125e2b9a96bc4e13d34e138fc957c7","digitalCertThumbprint":"8222EAB8AE1D7CB69EB6D497A2B63E5E5DBCF8E9","digitalCertIssuer":"CN=GlobalSign GCC R45 EV CodeSigning CA 2020, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"E=ap@maombi.com, CN=LLC Maombi Ru, O=LLC Maombi Ru, STREET=\"ul Presnenskiy Val, 27 / str 9 pomeshch. III Chast Komnaty 5\", L=Moscow, S=Moscow, C=RU, OID.1.3.6.1.4.1.311.60.2.1.2=Moscow, OID.1.3.6.1.4.1.311.60.2.1.3=RU, SERIALNUMBER=1177746572684, OID.2.5.4.15=Private Organization","sourceIndex":"842","avBlockList":["Avast Premium Security (20231102)","AVG Internet Security (20231102)","Avira Internet Security (20231102)","COMODO Antivirus (20231102)","ESET Internet Security (20231102)","K7 Total Security (20231102)","Kaspersky Internet Security (20231102)","Malwarebytes Premium (20231102)","Norton Security (20231102)","Sophos Home Premium (20231102)","SpyHunter5 (20231102)","Total AV Antivirus Pro (20231102)","VirIT eXplorer PRO (20231102)","Webroot SecureAnywhere (20231102)"],"avAllowList":["360 Total Security (20231102)","Bitdefender Internet Security (20231102)","Dr.Web Security Space (20231102)","G DATA INTERNET SECURITY (20231102)","McAfee Total Protection (20231102)","Panda Dome (20231102)","Quick Heal Internet Security (20231102)","Trend Micro Internet Security (20231102)","VIPRE Advanced Security (20231102)","Windows Defender (20231102)"]},{"isRevoked":"False","fileName":"AppRemover.exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"cf0059fe0dc933373f468f9d8855f162","hashSHA1":"9cb840e16e5bd08c7f2a9070c982779875cf5e5a","hashSHA256":"fea787f9f3014e78e08f12eeea1d6870d231a44b649ba86168b3e8a1b77453c5","digitalCertThumbprint":"8222EAB8AE1D7CB69EB6D497A2B63E5E5DBCF8E9","digitalCertIssuer":"CN=GlobalSign GCC R45 EV CodeSigning CA 2020, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"E=ap@maombi.com, CN=LLC Maombi Ru, O=LLC Maombi Ru, STREET=\"ul Presnenskiy Val, 27 / str 9 pomeshch. III Chast Komnaty 5\", L=Moscow, S=Moscow, C=RU, OID.1.3.6.1.4.1.311.60.2.1.2=Moscow, OID.1.3.6.1.4.1.311.60.2.1.3=RU, SERIALNUMBER=1177746572684, OID.2.5.4.15=Private Organization","sourceIndex":"842","avBlockList":["Avast Premium Security (20231102)","AVG Internet Security (20231102)","Avira Internet Security (20231102)","ESET Internet Security (20231102)","K7 Total Security (20231102)","Kaspersky Internet Security (20231102)","Malwarebytes Premium (20231102)","Norton Security (20231102)","Sophos Home Premium (20231102)","SpyHunter5 (20231102)","Total AV Antivirus Pro (20231102)","VirIT eXplorer PRO (20231102)","Webroot SecureAnywhere (20231102)"],"avAllowList":["360 Total Security (20231102)","Bitdefender Internet Security (20231102)","COMODO Antivirus (20231102)","Dr.Web Security Space (20231102)","G DATA INTERNET SECURITY (20231102)","McAfee Total Protection (20231102)","Panda Dome (20231102)","Quick Heal Internet Security (20231102)","Trend Micro Internet Security (20231102)","VIPRE Advanced Security (20231102)","Windows Defender (20231102)"]},{"isRevoked":"False","fileName":"EasyRecovery_Professional_11.5.0.3.exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"5ef4a33f62fea68ba1ff961933caabca","hashSHA1":"8ca2976c22cd9eb58889a5ca28c965cb979fc70b","hashSHA256":"4d41af2b81a016bf0e46cb511fc4c15b6b815c530067b4f786c3c992e7efcd15","digitalCertThumbprint":"8222EAB8AE1D7CB69EB6D497A2B63E5E5DBCF8E9","digitalCertIssuer":"CN=GlobalSign GCC R45 EV CodeSigning CA 2020, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"E=ap@maombi.com, CN=LLC Maombi Ru, O=LLC Maombi Ru, STREET=\"ul Presnenskiy Val, 27 / str 9 pomeshch. III Chast Komnaty 5\", L=Moscow, S=Moscow, C=RU, OID.1.3.6.1.4.1.311.60.2.1.2=Moscow, OID.1.3.6.1.4.1.311.60.2.1.3=RU, SERIALNUMBER=1177746572684, OID.2.5.4.15=Private Organization","sourceIndex":"842","avBlockList":["Avast Premium Security (20231102)","AVG Internet Security (20231102)","Avira Internet Security (20231102)","COMODO Antivirus (20231102)","ESET Internet Security (20231102)","K7 Total Security (20231102)","Kaspersky Internet Security (20231102)","Malwarebytes Premium (20231102)","Norton Security (20231102)","Panda Dome (20231102)","Sophos Home Premium (20231102)","SpyHunter5 (20231102)","Total AV Antivirus Pro (20231102)","VirIT eXplorer PRO (20231102)","Webroot SecureAnywhere (20231102)"],"avAllowList":["360 Total Security (20231102)","Bitdefender Internet Security (20231102)","Dr.Web Security Space (20231102)","G DATA INTERNET SECURITY (20231102)","McAfee Total Protection (20231102)","Quick Heal Internet Security (20231102)","Trend Micro Internet Security (20231102)","VIPRE Advanced Security (20231102)","Windows Defender (20231102)"]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"","landingPage":"https://maombi.store","directDownloadingLink":"https://maombi.store/download/671/ae2fd989-0361-ca58-2516-d3ab29d5a932/EasyRecovery_Professional_11.5.0.3.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://maombi.store/download/671/ae2fd989-0361-ca58-2516-d3ab29d5a932/EasyRecovery_Professional_11.5.0.3.exe","sourceIndex":"842"},{"howFound":"","reference":"","landingPage":"","directDownloadingLink":"https://maombi.store/download/671/c6c16759-da55-3389-f125-eeaa92c499ea/ABViewer.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://maombi.store/download/671/c6c16759-da55-3389-f125-eeaa92c499ea/ABViewer.exe","sourceIndex":"843"}],"sampleFiles":["231024/MaombiStoreBundler-231024/0.0.0.1/Samples/ABViewer.exe","231024/MaombiStoreBundler-231024/0.0.0.1/Samples/Ad_Muncher.exe","231024/MaombiStoreBundler-231024/0.0.0.1/Samples/AppRemover.exe","231024/MaombiStoreBundler-231024/0.0.0.1/Samples/EasyRecovery_Professional_11.5.0.3.exe"],"imageFiles":["231024/MaombiStoreBundler-231024/0.0.0.1/Images/ACR-042/ACR-042.jpg","231024/MaombiStoreBundler-231024/0.0.0.1/Images/ACR-013/OperaOffer.jpg","231024/MaombiStoreBundler-231024/0.0.0.1/Images/ACR-013/OptionalOffer2.jpg","231024/MaombiStoreBundler-231024/0.0.0.1/Images/ACR-075/Offer_unchecked.jpg","231024/MaombiStoreBundler-231024/0.0.0.1/Images/ACR-075/Yandex.jpg","231024/MaombiStoreBundler-231024/0.0.0.1/Images/ACR-075/YandexServices.jpg","231024/MaombiStoreBundler-231024/0.0.0.1/Images/ACR-060/OperaOffer.jpg","231024/MaombiStoreBundler-231024/0.0.0.1/Images/ACR-060/OptionalOffer2.jpg"],"nonDeceptorImageFiles":[],"guid":"367ac95a-57ca-4f46-8245-d53b75f8df5c_0.0.0.1_1","appID":"MaombiStoreBundler-231024","dateAdded":"231024","deceptorType":"App","name":"Maombi.Store Download Manager","company":"LLC Maombi Ru","version":"0.0.0.1","lastKnownStatus":"231024","lastKnownDate":"231024","type":"Windows Executable","category":"Bundlers & Downloaders","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","monetization":"sold in bundle","lastUpdate":"2023-10-24T19:38:49.2770208+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":814},{"violations":{"ACR-014":"It claims its call center service is certified by AppEsteem and use AppEsteem certified logo to deceives users. AppEsteem never certified this call center. \n"},"nonDeceptorViolations":{},"samples":[],"additionalFiles":[],"sources":[{"howFound":"fraud site","reference":"","landingPage":"https://ustechsupport.live","ipv4":"","ipv6":"","sourceIndex":"844"}],"sampleFiles":[],"imageFiles":[],"nonDeceptorImageFiles":[],"guid":"3ce213e1-6155-4625-96e9-79e5cf9563f2_20231024_1","appID":"ustechsupportlive-231024","dateAdded":"231024","deceptorType":"Affiliate","name":"Ustechsupport.live","company":" ustechsupport.live","version":"20231024","lastKnownStatus":"231024","lastKnownDate":"231024","type":"Affiliate","category":"SysTools & Utilities, Productivity, Bundlers & Downloaders","targetOS":"None","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"call center","lastUpdate":"2023-10-24T19:34:25.8228307+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":813},{"violations":{"ACR-109":"The app downloads \"rk_setup.exe\", a RelevantKnowledge file before disclosure and without the consumer's consent\n","ACR-010":"The app distributes deceptor application. The offer in this app, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software\n","ACR-118":"Upon uninstallation, it retains some executables and many of its other components along with a \"curl-ca-bundle.crt\" and other components on the device without user's knowledge\n","ACR-057":"The app bundles the \"Relevant Knowledge\" offer which does not allow the consumer to decline the offer\n","ACR-071":"It attempts to force the acceptance of \"Relevant Knowledge\" by graying out the Next button when the user choose to Decline. Thus, forcing the user to only accept the offer and proceed with the installation\n","ACR-059":"Offer not clearly marked as an offer. Instead, it is presented as a component of the carrier.\n","ACR-155":"Offers are designed to look like part of the install workflow\n"},"nonDeceptorViolations":{"ACR-106":"App offers deceptive application 'Relevant Knowledge market survey\n","ACR-092":"The installer and main executables are not digitally signed\n","ACR-123":"The app does not remove dropped root certificates even after uninstalling\n"},"samples":[{"isRevoked":"False","fileName":"convertidor-de-pdf-a-word.exe","isInstaller":"True","companyName":"convertidor-de-pdf.com                                      ","productName":"Convertidor de PDF a Word                                   ","productVersion":"                                                  ","fileVersion":"                    ","hashMD5":"9f1f28d9f6c92fbee4fe56360e12808c","hashSHA1":"ca5377fd76a419f59c6cdad5755a3ccdd1089662","hashSHA256":"a59c2c5cf27b103278fddcb87316e321eaa067af8174a511d7ef63651b1cefca","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"849","avBlockList":["360 Total Security (20240509)","Avast Premium Security (20240509)","AVG Internet Security (20240509)","Avira Internet Security (20240509)","Bitdefender Internet Security (20240509)","COMODO Antivirus (20240509)","ESET Internet Security (20240509)","G DATA INTERNET SECURITY (20240509)","K7 Total Security (20240509)","Kaspersky Internet Security (20240509)","McAfee Total Protection (20240509)","Norton Security (20240509)","Panda Dome (20240509)","Quick Heal Internet Security (20240509)","Sophos Home Premium (20240509)","SpyHunter5 (20240509)","Total AV Antivirus Pro (20240509)","Trend Micro Internet Security (20240509)","VIPRE Advanced Security (20240509)","VirIT eXplorer PRO (20240509)","Webroot SecureAnywhere (20240509)","Windows Defender (20240509)"],"avAllowList":["Dr.Web Security Space (20240509)","Malwarebytes Premium (20240509)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunted on RK Installer","reference":"","landingPage":"http://www.convertidor-de-pdf.com/convertidor-de-pdf-a-word.html","directDownloadingLink":"www.convertidor-de-pdf.com/download/convertidor-de-pdf-a-word.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"www.convertidor-de-pdf.com/download/convertidor-de-pdf-a-word.exe","sourceIndex":"849"}],"sampleFiles":["231018/ConverterfromPDFtoWord-231012/3.35/Samples/convertidor-de-pdf-a-word.exe"],"imageFiles":["231018/ConverterfromPDFtoWord-231012/3.35/Images/ACR-109/ACR-109.PNG","231018/ConverterfromPDFtoWord-231012/3.35/Images/ACR-010/ACR-010_Install_1.png","231018/ConverterfromPDFtoWord-231012/3.35/Images/ACR-013/ACR-013_Install_1.png","231018/ConverterfromPDFtoWord-231012/3.35/Images/ACR-118/ACR-118_Uninstall_1.png","231018/ConverterfromPDFtoWord-231012/3.35/Images/ACR-057/ACR-057_Bundler-made offers_1.png","231018/ConverterfromPDFtoWord-231012/3.35/Images/ACR-059/ACR-059_Bundler-made offers_1.png","231018/ConverterfromPDFtoWord-231012/3.35/Images/ACR-060/ACR-060_Bundler-made offers_1.png","231018/ConverterfromPDFtoWord-231012/3.35/Images/ACR-071/ACR-071_Bundler-made offers_1.png","231018/ConverterfromPDFtoWord-231012/3.35/Images/ACR-155/ACR-155_Bundler-made offers_1.png"],"nonDeceptorImageFiles":["231018/ConverterfromPDFtoWord-231012/3.35/Images/ACR-106/ACR-106_Software_1.png","231018/ConverterfromPDFtoWord-231012/3.35/Images/ACR-092/ACR-092_Software_1.png","231018/ConverterfromPDFtoWord-231012/3.35/Images/ACR-123/ACR-123_Uninstall_1.png"],"guid":"ac45c38c-e631-457f-9d08-032e5a32c3dd_3.35_1","appID":"ConverterfromPDFtoWord-231012","dateAdded":"231018","deceptorType":"Bundler","name":"Converter from PDF to Word","company":"convertidor-de-pdf.com","version":"3.35","lastKnownStatus":"3.35","lastKnownDate":"231018","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"display ads","lastUpdate":"2023-10-18T21:03:09.2109167+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":820},{"violations":{"ACR-010":"The app distributes deceptor application. The offer in this app, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control \n"},"nonDeceptorViolations":{},"samples":[],"additionalFiles":[],"sources":[{"howFound":"Hunted on Relevant Knowledge","reference":"","landingPage":"https://syncersoft.com/free.htm","directDownloadingLink":"","ipv4":"","ipv6":"","sourceIndex":"847"}],"sampleFiles":[],"imageFiles":["231018/SyncerSoftBundler-231017/231017/Images/ACR-010/ACR-010_Install_1.png"],"nonDeceptorImageFiles":[],"guid":"31431292-da44-4593-bac7-432bdd683c05_231017_1","appID":"SyncerSoftBundler-231017","dateAdded":"231018","deceptorType":"Affiliate","name":"SyncerSoftDotCom","company":"SyncerSoft","version":"231017","lastKnownStatus":"231018","lastKnownDate":"231018","type":"Affiliate","category":"Media editors","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"sold in bundle,display ads","lastUpdate":"2023-10-18T23:04:07.1173997+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":817},{"violations":{"ACR-109":"The app downloads \"rk_setup.exe\", a RelevantKnowledge file before disclosure and without the consumer's consent\n","ACR-010":"The app distributes deceptor application. The offer in this app, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software\n","ACR-118":"Upon uninstallation, it retains some executables and many of its other components along with a \"curl-ca-bundle.crt\" and other components on the device without user's knowledge.\n","ACR-057":"The app bundles the \"Relevant Knowledge\" offer which does not allow the consumer to decline the offer\n","ACR-071":"It attempts to force the acceptance of \"Relevant Knowledge\" by graying out the Next button when the user choose to Decline. Thus, forcing the user to only accept the offer and proceed with the installation\n","ACR-059":"Offer not clearly marked as an offer. Instead, it is presented as a component of the carrier.\n","ACR-155":"Offers are designed to look like part of the install workflow\n"},"nonDeceptorViolations":{"ACR-106":"App offers deceptive application 'Relevant Knowledge market survey\n","ACR-092":"The installer and main executables are not digitally signed\n","ACR-123":"The app does not remove dropped root certificates even after uninstalling\n"},"samples":[{"isRevoked":"False","fileName":"convertidor-de-word-a-pdf.exe","isInstaller":"True","companyName":"convertidor-de-pdf.com                                      ","productName":"Convertidor de Word a PDF                                   ","productVersion":"                                                  ","fileVersion":"                    ","hashMD5":"d166b24849a5737e65c610ad4c67af91","hashSHA1":"03db86faf031c185f12364a5a462d6ed6cd59942","hashSHA256":"dbad3a47b43bf691aeda9f5c15adf758f7c1cb0831956b1c06ecb256503be70d","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"852","avBlockList":["360 Total Security (20240516)","Avast Premium Security (20240516)","AVG Internet Security (20240516)","Avira Internet Security (20240516)","Bitdefender Internet Security (20240516)","COMODO Antivirus (20240516)","Dr.Web Security Space (20240516)","ESET Internet Security (20240516)","G DATA INTERNET SECURITY (20240516)","K7 Total Security (20240516)","Kaspersky Internet Security (20240516)","Malwarebytes Premium (20240516)","McAfee Total Protection (20240516)","Norton Security (20240516)","Panda Dome (20240516)","Quick Heal Internet Security (20240516)","Sophos Home Premium (20240516)","SpyHunter5 (20240516)","Total AV Antivirus Pro (20240516)","Trend Micro Internet Security (20240516)","VIPRE Advanced Security (20240516)","VirIT eXplorer PRO (20240516)","Webroot SecureAnywhere (20240516)","Windows Defender (20240516)"],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunted on RK Installer","reference":"","landingPage":"http://www.convertidor-de-pdf.com/convertidor-de-word-a-pdf.html","directDownloadingLink":"http://www.convertidor-de-pdf.com/download/convertidor-de-word-a-pdf.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://www.convertidor-de-pdf.com/download/convertidor-de-word-a-pdf.exe","sourceIndex":"852"}],"sampleFiles":["231018/WordconvertertoPDF-231012/3.35/Samples/convertidor-de-word-a-pdf.exe"],"imageFiles":["231018/WordconvertertoPDF-231012/3.35/Images/ACR-109/ACR-109.PNG","231018/WordconvertertoPDF-231012/3.35/Images/ACR-010/ACR-010_Install_1.png","231018/WordconvertertoPDF-231012/3.35/Images/ACR-013/ACR-013_Install_1.png","231018/WordconvertertoPDF-231012/3.35/Images/ACR-118/ACR-118_Uninstall_1.png","231018/WordconvertertoPDF-231012/3.35/Images/ACR-057/ACR-057_Bundler-made offers_1.png","231018/WordconvertertoPDF-231012/3.35/Images/ACR-059/ACR-059_Bundler-made offers_1.png","231018/WordconvertertoPDF-231012/3.35/Images/ACR-060/ACR-060_Bundler-made offers_1.png","231018/WordconvertertoPDF-231012/3.35/Images/ACR-071/ACR-071_Bundler-made offers_1.png","231018/WordconvertertoPDF-231012/3.35/Images/ACR-155/ACR-155_Bundler-made offers_1.png"],"nonDeceptorImageFiles":["231018/WordconvertertoPDF-231012/3.35/Images/ACR-106/ACR-106_Software_1.png","231018/WordconvertertoPDF-231012/3.35/Images/ACR-092/ACR-092_Software_1.png","231018/WordconvertertoPDF-231012/3.35/Images/ACR-123/ACR-123_Uninstall_1.png"],"guid":"dabd0f2e-aa0f-444b-b224-c4fc7f78c920_3.35_1","appID":"WordconvertertoPDF-231012","dateAdded":"231018","deceptorType":"Bundler","name":"Word converter to PDF","company":"convertidor-de-pdf.com","version":"3.35","lastKnownStatus":"3.35","lastKnownDate":"231018","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"display ads","lastUpdate":"2023-10-18T20:49:19.0862813+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":815},{"violations":{"ACR-043":"Open source  'ffmpeg'  is installed without disclosure.\n","ACR-107":"The app does not obtain any authorization for using a third-party component 'ffmpeg'.\n","ACR-010":"The app distributes deceptor application. The offer in this app, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control.\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software.\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains the main executable and \"curl-ca-bundle.crt\" file on the device without the consumer's consent or notifying the user.\n","ACR-059":"Offer not clearly marked as an offer. Instead, it is presented as a component of the carrier.\n"},"nonDeceptorViolations":{"ACR-106":"App offers deceptive application 'Relevant Knowledge market survey.\n","ACR-092":"The app does not have a digital signature for any executable.\n","ACR-123":"The app does not remove dropped root certificates even after uninstalling.\n"},"samples":[{"isRevoked":"False","fileName":"VCDCutterSetup.exe","isInstaller":"True","companyName":"                                                            ","productName":"VCD Cutter                                                  ","productVersion":"1.3                 ","fileVersion":"1.3                 ","hashMD5":"433e4cbd36c2adf13e173bc91de5b7a3","hashSHA1":"f8f497fb4ddbb664b2d2bb5cffc360447d0c9e12","hashSHA256":"89b1edbbe59b55afb58f27c4c81fdbcd98b331855b16a6ffd4475fe99f91be43","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"848","avBlockList":["360 Total Security (20231102)","Avast Premium Security (20231102)","AVG Internet Security (20231102)","Avira Internet Security (20231102)","Bitdefender Internet Security (20231102)","COMODO Antivirus (20231102)","Dr.Web Security Space (20231102)","ESET Internet Security (20231102)","G DATA INTERNET SECURITY (20231102)","K7 Total Security (20231102)","Kaspersky Internet Security (20231102)","Malwarebytes Premium (20231102)","McAfee Total Protection (20231102)","Norton Security (20231102)","Panda Dome (20231102)","Quick Heal Internet Security (20231102)","Sophos Home Premium (20231102)","SpyHunter5 (20231102)","Total AV Antivirus Pro (20231102)","VIPRE Advanced Security (20231102)","VirIT eXplorer PRO (20231102)","Webroot SecureAnywhere (20231102)","Windows Defender (20231102)"],"avAllowList":["Trend Micro Internet Security (20231102)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt on Relevant Knowledge apps","reference":"","landingPage":"https://www.vcd-cutter.com/","directDownloadingLink":"https://www.vcd-cutter.com/VCDCutterSetup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.vcd-cutter.com/VCDCutterSetup.exe","sourceIndex":"848"}],"sampleFiles":["231018/VCDCutter-231017/1.3/Samples/VCDCutterSetup.exe"],"imageFiles":["231018/VCDCutter-231017/1.3/Images/ACR-010/ACR-010.JPG","231018/VCDCutter-231017/1.3/Images/ACR-013/ACR-013.JPG","231018/VCDCutter-231017/1.3/Images/ACR-059/ACR-059.JPG","231018/VCDCutter-231017/1.3/Images/ACR-060/ACR-060.JPG","231018/VCDCutter-231017/1.3/Images/ACR-043/ACR-043.JPG","231018/VCDCutter-231017/1.3/Images/ACR-107/ACR-107.JPG","231018/VCDCutter-231017/1.3/Images/ACR-118/ACR-118_Uninstall_1.png"],"nonDeceptorImageFiles":["231018/VCDCutter-231017/1.3/Images/ACR-106/ACR-106.JPG","231018/VCDCutter-231017/1.3/Images/ACR-092/ACR-092.JPG","231018/VCDCutter-231017/1.3/Images/ACR-123/ACR-123_Uninstall_1.png"],"guid":"a2d279cb-6a04-462b-b70b-75ef28d6ec28_1.3_1","appID":"VCDCutter-231017","dateAdded":"231018","deceptorType":"Bundler","name":"VCD Cutter","company":"vcd-cutter.com","version":"1.3","lastKnownStatus":"1.3","lastKnownDate":"231018","type":"Windows Executable","category":"Media editors","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"display ads","lastUpdate":"2023-10-18T23:01:46.1173162+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":816},{"violations":{"ACR-043":"Open source 'ffmpeg'  is installed without disclosure.\n","ACR-107":"The app does not obtain any authorization for using a third-party component 'ffmpeg'.\n","ACR-010":"The app distributes deceptor application. The offer in this app, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control.\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software.\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains the main executable and \"curl-ca-bundle.crt\" file on the device without the consumer's consent or notifying the user.\n","ACR-059":"Offer not clearly marked as an offer. Instead, it is presented as a component of the carrier.\n"},"nonDeceptorViolations":{"ACR-106":"App offers deceptive application 'Relevant Knowledge market survey.\n","ACR-092":"The app does not have a digital signature for any executable.\n","ACR-123":"The app does not remove dropped root certificates even after uninstalling.\n"},"samples":[{"isRevoked":"False","fileName":"AudioEncoderSetup.exe","isInstaller":"True","companyName":"prvsoft.com                                                 ","fileVersion":"1.2","hashMD5":"93d3765e03bb3ebd379e02490c3e120f","hashSHA1":"115bf84fe12e5fa1c8a7070ba1fbed08209fca97","hashSHA256":"d8d372d4c3a05b5c037c7df1a916b12ba06907dbe6377127c1577b0f24c874c9","sourceIndex":"851","avBlockList":["360 Total Security (20231102)","Avast Premium Security (20231102)","AVG Internet Security (20231102)","Avira Internet Security (20231102)","Bitdefender Internet Security (20231102)","COMODO Antivirus (20231102)","Dr.Web Security Space (20231102)","ESET Internet Security (20231102)","G DATA INTERNET SECURITY (20231102)","K7 Total Security (20231102)","Kaspersky Internet Security (20231102)","Malwarebytes Premium (20231102)","McAfee Total Protection (20231102)","Norton Security (20231102)","Panda Dome (20231102)","Quick Heal Internet Security (20231102)","Sophos Home Premium (20231102)","SpyHunter5 (20231102)","Total AV Antivirus Pro (20231102)","VIPRE Advanced Security (20231102)","VirIT eXplorer PRO (20231102)","Webroot SecureAnywhere (20231102)","Windows Defender (20231102)"],"avAllowList":["Trend Micro Internet Security (20231102)"]},{"isRevoked":"False","fileName":"CDRecoverySetup.exe","isInstaller":"True","companyName":"prvsoft.com                                                 ","fileVersion":"1.2","hashMD5":"9f482d9da07a6f74cd865ff449ea75c5","hashSHA1":"d885ebe2562ebd999d98e8632a0d3e58b14a1668","hashSHA256":"ba159d42cd9fcd57a0d60aecb66b85e1af36a860e1e67b1138484f6d47e1b448","sourceIndex":"851","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"FLVVideoPlayerSetup.exe","isInstaller":"True","companyName":"prvsoft.com                                                 ","fileVersion":"1.2","hashMD5":"470e54d7b13d293b7e2a58f9f5479e88","hashSHA1":"43590938d168c918bcdc204fadc7cb6da3a06a53","hashSHA256":"8099fff5e5511810811e4f64034651052c9cf6eb8025952ea0209c1a87775f2a","sourceIndex":"851","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"MoviePlayerSetup.exe","isInstaller":"True","companyName":"prvsoft.com                                                 ","fileVersion":"1.9","hashMD5":"b9cd3a8f45144c05f6c31f667e9b9e61","hashSHA1":"af81e461bd9cceeaa7b0cd805fff97a7557a1512","hashSHA256":"d0a063c21606467e1fe5eca8ede7a31380e396237313d11bfd280999afd3ab26","sourceIndex":"851","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"MP3VoiceRecorderSetup.exe","isInstaller":"True","companyName":"prvsoft.com                                                 ","fileVersion":"1.2","hashMD5":"614f83066e486d4c514b23cab45abdff","hashSHA1":"e0fdcf72ea9ddcb40f4addfe1c4a2b5d8ac0ed44","hashSHA256":"745fc13245ce0ca0871c000ff56d492270269654583fc703920896b38cc65032","sourceIndex":"851","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"SplitMP3Setup.exe","isInstaller":"True","companyName":"prvsoft.com                                                 ","fileVersion":"1.2","hashMD5":"6047701cd556a75cd33995a14c2ee824","hashSHA1":"47af762cb7905b82f848ccbbcc39cda290348407","hashSHA256":"20ceabbca7bb02832601816dba24f02accc718e35acad8d6154f4c72795281e1","sourceIndex":"851","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"VideoCutterSetup.exe","isInstaller":"True","companyName":"prvsoft.com                                                 ","fileVersion":"1.2","hashMD5":"aa900abc6f616c784909c3f81479039f","hashSHA1":"29245dc77de230614281a8de572df4b185b5cbb3","hashSHA256":"9ad89e87415fec2541cb03fcfe19d66999bf9177aab054342723d90d19d1804c","sourceIndex":"851","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"VideoEncoderSetup.exe","isInstaller":"True","companyName":"prvsoft.com                                                 ","fileVersion":"1.8","hashMD5":"521874e85f9a569fa581d37bb707fabe","hashSHA1":"7c9f05a57bcbeadd9a86c981dc408c2081862a96","hashSHA256":"cb76e99cb35e64e31b41294118ae9b5cae3da08c67380a5ae094fbe75397195c","sourceIndex":"851","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt on Relevant Knowledge","reference":"","landingPage":"https://www.prvsoft.com/video-cutter.html","directDownloadingLink":"https://www.prvsoft.com/downloads/VideoCutterSetup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.prvsoft.com/downloads/VideoCutterSetup.exe","sourceIndex":"851"}],"sampleFiles":["231018/PRVSoftBundler-231018/1.2/Samples/AudioEncoderSetup.exe","231018/PRVSoftBundler-231018/1.2/Samples/CDRecoverySetup.exe","231018/PRVSoftBundler-231018/1.2/Samples/FLVVideoPlayerSetup.exe","231018/PRVSoftBundler-231018/1.2/Samples/MoviePlayerSetup.exe","231018/PRVSoftBundler-231018/1.2/Samples/MP3VoiceRecorderSetup.exe","231018/PRVSoftBundler-231018/1.2/Samples/SplitMP3Setup.exe","231018/PRVSoftBundler-231018/1.2/Samples/VideoCutterSetup.exe","231018/PRVSoftBundler-231018/1.2/Samples/VideoEncoderSetup.exe"],"imageFiles":["231018/PRVSoftBundler-231018/1.2/Images/ACR-043/ACR-043.JPG","231018/PRVSoftBundler-231018/1.2/Images/ACR-107/ACR-107.JPG","231018/PRVSoftBundler-231018/1.2/Images/ACR-010/ACR-010.JPG","231018/PRVSoftBundler-231018/1.2/Images/ACR-013/ACR-013.JPG","231018/PRVSoftBundler-231018/1.2/Images/ACR-118/ACR-118_Uninstall_1.png","231018/PRVSoftBundler-231018/1.2/Images/ACR-059/ACR-059.JPG","231018/PRVSoftBundler-231018/1.2/Images/ACR-060/ACR-060.JPG"],"nonDeceptorImageFiles":["231018/PRVSoftBundler-231018/1.2/Images/ACR-106/ACR-106.JPG","231018/PRVSoftBundler-231018/1.2/Images/ACR-092/ACR-092.JPG","231018/PRVSoftBundler-231018/1.2/Images/ACR-123/ACR-123_Uninstall_1.png"],"guid":"d4f18502-9c4e-472a-868a-43e142e26e9b_1.2_1","appID":"PRVSoftBundler-231018","dateAdded":"231018","deceptorType":"Bundler","name":"PRVSoft Bundler","company":"Prvsoft.com","version":"1.2","lastKnownStatus":"1.2","lastKnownDate":"231018","type":"Windows Executable","category":"Media editors","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"display ads","lastUpdate":"2023-10-18T20:59:36.613704+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":819},{"violations":{"ACR-010":"The apps from \"https://www.prvsoft.com/\" distribute deceptor applications. The offer in this app, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control\n"},"nonDeceptorViolations":{},"samples":[],"additionalFiles":[],"sources":[{"howFound":"Hunted on Relevant Knowledge","reference":"","landingPage":"https://www.prvsoft.com/","ipv4":"","ipv6":"","sourceIndex":"850"}],"sampleFiles":[],"imageFiles":["231018/PRVSoftBundler-231018/231018/Images/ACR-010/ACR-010.JPG"],"nonDeceptorImageFiles":[],"guid":"4d68bd83-692f-4ce4-bf02-9c251f9d84ac_231018_1","appID":"PRVSoftBundler-231018","dateAdded":"231018","deceptorType":"Affiliate","name":"PRVSoft","company":"Prvsoft.com","version":"231018","sigName":"","lastKnownStatus":"231018","lastKnownDate":"231018","type":"Affiliate","category":"Media editors","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"display ads","lastUpdate":"2023-10-18T21:00:39.8736133+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":818},{"violations":{"ACR-109":"The app downloads \"rk_setup.exe\", a RelevantKnowledge file without the consumer's consent.\n","ACR-043":"Third-party component 'ffmpeg' is installed without any disclosure.\n","ACR-107":"The app doesn't disclose relevant license information about using the 'ffmpeg' to the user.\n","ACR-048":"The \"Decline\" button does not have any control but still drops a RelevantKnowledge file “rk_setup.exe”.\n","ACR-010":"The app bundler distributes deceptor application. The offer in this bundler, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control.\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software.\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains the main executable and \"curl-ca-bundle.crt\" file on the device without the consumer's consent or notifying the user.\n","ACR-057":"The app bundles the \"Relevant Knowledge\" offer which does not allow the consumer to decline the offer.\n","ACR-071":"The \"Relevant Knowledge\" offer cannot be declined independently as the installation is unable to proceed when attempting to decline the offer. Thus it forces the user to, only accept the offer and proceed with the installation.\n","ACR-059":"The Offer is not clearly marked as an offer. It is unclear who is recommending the offer.\n","ACR-155":"Offers is designed to look like part of the install workflow.\n"},"nonDeceptorViolations":{"ACR-106":"App offers deceptive application 'Relevant Knowledge market survey'.\n","ACR-092":"The app does not have a digital signature for any executable.\n"},"samples":[{"isRevoked":"False","fileName":"FreeVideoToAudioConverter.exe","isInstaller":"True","companyName":"FAEMedia Co. Ltd.                                          ","productName":"Free Video To Audio Converter 2019                          ","productVersion":"                                                  ","fileVersion":"                    ","hashMD5":"6a8b60b195a49beceb5bb1f00c60ce9e","hashSHA1":"c1f267fae530e67f2e72a4729618bb61870480ca","hashSHA256":"20684345565cc976190760807eecf0d3e116f2acfeed51a5ee1e269f49e96c93","digitalCertThumbprint":"561906D7998D780F5F5E93C36DCD77674F8236A3","digitalCertIssuer":"Sectigo Public Code Signing CA R36","digitalCertIssuedTo":"Beijing QingSoft Creative Information Technology Co. Ltd.","storeId":"","sourceIndex":"854","avBlockList":["Avast Premium Security (20231102)","AVG Internet Security (20231102)","Avira Internet Security (20231102)","Bitdefender Internet Security (20231102)","COMODO Antivirus (20231102)","Dr.Web Security Space (20231102)","ESET Internet Security (20231102)","G DATA INTERNET SECURITY (20231102)","K7 Total Security (20231102)","Kaspersky Internet Security (20231102)","Malwarebytes Premium (20231102)","McAfee Total Protection (20231102)","Norton Security (20231102)","Panda Dome (20231102)","Quick Heal Internet Security (20231102)","Sophos Home Premium (20231102)","SpyHunter5 (20231102)","Total AV Antivirus Pro (20231102)","Trend Micro Internet Security (20231102)","VIPRE Advanced Security (20231102)","VirIT eXplorer PRO (20231102)","Webroot SecureAnywhere (20231102)","Windows Defender (20231102)"],"avAllowList":["360 Total Security (20231102)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt on Relevant Knowledge apps","reference":"","landingPage":"https://free-audio-editor.com/freevideotoaudioconverterforwindows/","directDownloadingLink":"https://free-audio-editor.com/FreeVideoToAudioConverter.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://free-audio-editor.com/FreeVideoToAudioConverter.exe","sourceIndex":"854"}],"sampleFiles":["231017/FreeVideotoAudioConverter-231009/10.1.2.5/Samples/FreeVideoToAudioConverterSetup.exe"],"imageFiles":["231017/FreeVideotoAudioConverter-231009/10.1.2.5/Images/ACR-109/ACR-109_Install_1.jpeg","231017/FreeVideotoAudioConverter-231009/10.1.2.5/Images/ACR-043/ACR-043_Install_1.jpeg","231017/FreeVideotoAudioConverter-231009/10.1.2.5/Images/ACR-107/ACR-107_Install_1.jpeg","231017/FreeVideotoAudioConverter-231009/10.1.2.5/Images/ACR-048/ACR-048_Install_1.jpeg","231017/FreeVideotoAudioConverter-231009/10.1.2.5/Images/ACR-010/ACR-010_Install_1.jpeg","231017/FreeVideotoAudioConverter-231009/10.1.2.5/Images/ACR-013/ACR-013_Install_1.jpeg","231017/FreeVideotoAudioConverter-231009/10.1.2.5/Images/ACR-118/ACR-118_Uninstall_1.jpeg","231017/FreeVideotoAudioConverter-231009/10.1.2.5/Images/ACR-057/ACR-057_Bundler-made offers_1.jpeg","231017/FreeVideotoAudioConverter-231009/10.1.2.5/Images/ACR-059/ACR-059_Bundler-made offers_1.jpeg","231017/FreeVideotoAudioConverter-231009/10.1.2.5/Images/ACR-060/ACR-060_Bundler-made offers_1.jpeg","231017/FreeVideotoAudioConverter-231009/10.1.2.5/Images/ACR-071/ACR-071_Bundler-made offers_1.jpeg","231017/FreeVideotoAudioConverter-231009/10.1.2.5/Images/ACR-155/ACR-155_Bundler-made offers_1.jpeg"],"nonDeceptorImageFiles":["231017/FreeVideotoAudioConverter-231009/10.1.2.5/Images/ACR-106/ACR-106_Software_1.jpeg","231017/FreeVideotoAudioConverter-231009/10.1.2.5/Images/ACR-092/ACR-092_Software_1.jpeg"],"guid":"fd83f490-80d7-445c-959f-90720338bfa3_10.1.2.5_1","appID":"FreeVideotoAudioConverter-231009","dateAdded":"231017","deceptorType":"App","name":"FreeVideoToAudioConverter","company":"FAEMedia Co., Ltd.","version":"10.1.2.5","lastKnownStatus":"10.1.2.5","lastKnownDate":"231017","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 8,Windows 7,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"cross-sell other apps","lastUpdate":"2023-10-17T20:21:52.5175195+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":821},{"violations":{"ACR-109":"The app downloads \"rk_setup.exe\", a RelevantKnowledge file before disclosure and without the consumer's consent.\n","ACR-010":"The app distributes deceptor application. The offer in this app, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software\n","ACR-118":"Upon uninstallation, it retains some executables and many of its other components along with a \"curl-ca-bundle.crt\" and other components on the device without user's knowledge.\n","ACR-057":"The app bundles the \"Relevant Knowledge\" offer which does not allow the consumer to decline the offer\n","ACR-071":"It attempts to force the acceptance of \"Relevant Knowledge\" by graying out the Next button when the user choose to Decline. Thus, forcing the user to only accept the offer and proceed with the installation\n","ACR-059":"Offer not clearly marked as an offer. Instead, it is presented as a component of the carrier.\n","ACR-155":"Offers are designed to look like part of the install workflow\n"},"nonDeceptorViolations":{"ACR-106":"App offers deceptive application 'Relevant Knowledge market survey\n","ACR-092":"The installer and main executables are not digitally signed\n","ACR-123":"The app does not remove dropped root certificates even after uninstalling\n"},"samples":[{"isRevoked":"False","fileName":"convertir-imagen-a-pdf.exe","isInstaller":"True","companyName":"convertidor-de-pdf.com                                      ","productName":"Convertir Imagen a PDF                                      ","productVersion":"                                                  ","fileVersion":"                    ","hashMD5":"1aa35a8e5adfcb46d72090cb3f030b95","hashSHA1":"a62701648d670e2efbd7d1da7afd9a1b25e6d2b7","hashSHA256":"7e6a7a5e48eb3660e4d4cc520510dd7bb3daad0320b88945bed8bf293d503e31","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"853","avBlockList":["360 Total Security (20240516)","Avast Premium Security (20240516)","AVG Internet Security (20240516)","Avira Internet Security (20240516)","Bitdefender Internet Security (20240516)","COMODO Antivirus (20240516)","Dr.Web Security Space (20240516)","ESET Internet Security (20240516)","G DATA INTERNET SECURITY (20240516)","K7 Total Security (20240516)","Kaspersky Internet Security (20240516)","McAfee Total Protection (20240516)","Norton Security (20240516)","Panda Dome (20240516)","Quick Heal Internet Security (20240516)","Sophos Home Premium (20240516)","SpyHunter5 (20240516)","Total AV Antivirus Pro (20240516)","Trend Micro Internet Security (20240516)","VIPRE Advanced Security (20240516)","VirIT eXplorer PRO (20240516)","Webroot SecureAnywhere (20240516)","Windows Defender (20240516)"],"avAllowList":["Malwarebytes Premium (20240516)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunted on RK Installer","reference":"","landingPage":"http://www.convertidor-de-pdf.com/convertir-imagen-a-pdf.html","directDownloadingLink":"www.convertidor-de-pdf.com/download/convertir-imagen-a-pdf.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"www.convertidor-de-pdf.com/download/convertir-imagen-a-pdf.exe","sourceIndex":"853"}],"sampleFiles":["231017/ConvertImagetoPDF-231012/3.35/Samples/convertir-imagen-a-pdf.exe"],"imageFiles":["231017/ConvertImagetoPDF-231012/3.35/Images/ACR-109/ACR-109_Install_1.png","231017/ConvertImagetoPDF-231012/3.35/Images/ACR-010/ACR-010_Install_1.png","231017/ConvertImagetoPDF-231012/3.35/Images/ACR-013/ACR-013_Install_1.png","231017/ConvertImagetoPDF-231012/3.35/Images/ACR-118/ACR-118_Uninstall_1.png","231017/ConvertImagetoPDF-231012/3.35/Images/ACR-057/ACR-057_Bundler-made offers_1.png","231017/ConvertImagetoPDF-231012/3.35/Images/ACR-059/ACR-059_Bundler-made offers_1.png","231017/ConvertImagetoPDF-231012/3.35/Images/ACR-060/ACR-060_Bundler-made offers_1.png","231017/ConvertImagetoPDF-231012/3.35/Images/ACR-071/ACR-071_Bundler-made offers_1.png","231017/ConvertImagetoPDF-231012/3.35/Images/ACR-155/ACR-155_Bundler-made offers_1.png"],"nonDeceptorImageFiles":["231017/ConvertImagetoPDF-231012/3.35/Images/ACR-106/ACR-106_Software_1.png","231017/ConvertImagetoPDF-231012/3.35/Images/ACR-092/ACR-092_Software_1.png","231017/ConvertImagetoPDF-231012/3.35/Images/ACR-123/ACR-123_Uninstall_1.png"],"guid":"b47576b9-a8ac-495e-90d9-098e11019946_3.35_1","appID":"ConvertImagetoPDF-231012","dateAdded":"231017","deceptorType":"Bundler","name":"Convert Image to PDF","company":"convertidor-de-pdf.com","version":"3.35","lastKnownStatus":"3.35","lastKnownDate":"231017","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"display ads","lastUpdate":"2023-10-17T20:29:21.6409433+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":822},{"violations":{"ACR-109":"The app downloads \"spt_setup.exe\", a RelevantKnowledge file without the consumer's consent.\n","ACR-047":"After the app is installed, it prompts the user with an \"Important!\" message to use a \"new version to avoid malfunctions\". This installs the same version of the app and re-runs the install and the offers that the consumer has previously declined.\n","ACR-048":"The app does not provide an option to cancel the startup of its own.\n","ACR-010":"The app bundler distributes deceptor application. The offer in this bundler, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control.\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software\n","ACR-084":"The app creates a startup entry without the user's knowledge and consent.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains the main executable and \"curl-ca-bundle.crt\" file on the device without the consumer's consent or notifying the user.\n","ACR-057":"The app bundles the \"Relevant Knowledge\" offer which does not allow the consumer to decline the offer.\n","ACR-071":"The \"Relevant Knowledge\" offer cannot be declined independently as the installation is unable to proceed when attempting to decline the offer. Thus it forces the user to, only accept the offer and proceed with the installation.\n","ACR-075":"After the app is installed, it prompts the user with an \"Important!\" message to use a \"new version to avoid malfunctions\". This installs the same version of the app and re-runs the install and the offers that the consumer has previously declined.\n","ACR-014":"The app misleads users that they need to install an update while actually, it tries to install the pre-declined component by the user during the install.\n","ACR-059":"The Offer is not clearly marked as an offer. It is unclear who is recommending the offer.\n","ACR-155":"Offers is designed to look like part of the install workflow.\n"},"nonDeceptorViolations":{"ACR-106":"App offers deceptive application 'Relevant Knowledge market survey'.\n","ACR-092":"The app does not have a digital signature for main executable.\n","ACR-123":"The app does not remove dropped root certificates even after uninstalling.\n"},"samples":[{"isRevoked":"False","fileName":"AllFreeAudioConverter_Setup.exe","isInstaller":"True","companyName":"FreeAudioVideoSoftTech Inc.                                ","productName":"All Free Audio Converter                                    ","productVersion":"                                                  ","fileVersion":"                    ","hashMD5":"3398faf098a4681c6bf7cff5a64facd6","hashSHA1":"8946c39b8d2b5912ddbc73516ebc25dd43003da9","hashSHA256":"0eaf8f92701208ef2b6a810416ae943ddd5351f2cb9c44ac403d477238fe6e47","digitalCertThumbprint":"347240ECC751AB91D4BA3282DC67ACC9A36D1128","digitalCertIssuer":"COMODO RSA Extended Validation Code Signing CA","digitalCertIssuedTo":"Beijing Qingruan Creative Information Technology Co. Ltd.","storeId":"","sourceIndex":"858","avBlockList":["360 Total Security (20240206)","Avast Premium Security (20240206)","AVG Internet Security (20240206)","Avira Internet Security (20240206)","Bitdefender Internet Security (20240206)","COMODO Antivirus (20240206)","Dr.Web Security Space (20240206)","ESET Internet Security (20240206)","G DATA INTERNET SECURITY (20240206)","K7 Total Security (20240206)","Kaspersky Internet Security (20240206)","Malwarebytes Premium (20240206)","McAfee Total Protection (20240206)","Norton Security (20240206)","Panda Dome (20240206)","Quick Heal Internet Security (20240206)","Sophos Home Premium (20240206)","SpyHunter5 (20240206)","Total AV Antivirus Pro (20240206)","Trend Micro Internet Security (20240206)","VIPRE Advanced Security (20240206)","VirIT eXplorer PRO (20240206)","Webroot SecureAnywhere (20240206)","Windows Defender (20240206)"],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt on Relevant Knowledge apps","reference":"","landingPage":"https://www.allfreevideoconverter.com/freeaudioconverter/index.html","directDownloadingLink":"https://www.allfreevideoconverter.com/download/AllFreeAudioConverter.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.allfreevideoconverter.com/download/AllFreeAudioConverter.exe","sourceIndex":"858"}],"sampleFiles":["231016/AllFreeAudioConverter-231013/8.8.2.4/Samples/AllFreeAudioConverter_Setup.exe"],"imageFiles":["231016/AllFreeAudioConverter-231013/8.8.2.4/Images/ACR-109/ACR-109_Install_1.jpeg","231016/AllFreeAudioConverter-231013/8.8.2.4/Images/ACR-010/ACR-010_Install_1.jpeg","231016/AllFreeAudioConverter-231013/8.8.2.4/Images/ACR-013/ACR-013_Install_1.jpeg","231016/AllFreeAudioConverter-231013/8.8.2.4/Images/ACR-084/ACR-084_Software_1.jpeg","231016/AllFreeAudioConverter-231013/8.8.2.4/Images/ACR-048/ACR-048_Software_1.jpeg","231016/AllFreeAudioConverter-231013/8.8.2.4/Images/ACR-014/ACR-014_Software_1.jpeg","231016/AllFreeAudioConverter-231013/8.8.2.4/Images/ACR-014/ACR-014_Software_2.jpeg","231016/AllFreeAudioConverter-231013/8.8.2.4/Images/ACR-118/ACR-118_Uninstall_1.jpeg","231016/AllFreeAudioConverter-231013/8.8.2.4/Images/ACR-075/ACR-075_Bundler-made offers_1.jpeg","231016/AllFreeAudioConverter-231013/8.8.2.4/Images/ACR-075/ACR-075_Bundler-made offers_2.jpeg","231016/AllFreeAudioConverter-231013/8.8.2.4/Images/ACR-057/ACR-057_Bundler-made offers_1.jpeg","231016/AllFreeAudioConverter-231013/8.8.2.4/Images/ACR-059/ACR-059_Bundler-made offers_1.jpeg","231016/AllFreeAudioConverter-231013/8.8.2.4/Images/ACR-060/ACR-060_Bundler-made offers_1.jpeg","231016/AllFreeAudioConverter-231013/8.8.2.4/Images/ACR-071/ACR-071_Bundler-made offers_1.jpeg","231016/AllFreeAudioConverter-231013/8.8.2.4/Images/ACR-155/ACR-155_Bundler-made offers_1.jpeg","231016/AllFreeAudioConverter-231013/8.8.2.4/Images/ACR-047/ACR-047_Bundler-made offers_1.jpeg","231016/AllFreeAudioConverter-231013/8.8.2.4/Images/ACR-047/ACR-047_Bundler-made offers_2.jpeg"],"nonDeceptorImageFiles":["231016/AllFreeAudioConverter-231013/8.8.2.4/Images/ACR-106/ACR-106_Software_1.jpeg","231016/AllFreeAudioConverter-231013/8.8.2.4/Images/ACR-092/ACR-092_Software_1.jpeg","231016/AllFreeAudioConverter-231013/8.8.2.4/Images/ACR-123/ACR-123_Uninstall_1.jpeg"],"guid":"7664b0ae-8a92-46a5-8d05-0d2bd5c51ef9_8.8.2.4_1","appID":"AllFreeAudioConverter-231013","dateAdded":"231016","deceptorType":"App","name":"All Free Audio Converter","company":"AllFreeVideoSoft Co., Ltd.","version":"8.8.2.4","lastKnownStatus":"8.8.2.4","lastKnownDate":"231016","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"cross-sell other apps","lastUpdate":"2023-10-16T21:05:45.9206152+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":830},{"violations":{"ACR-010":"The app bundler distributes deceptor application. The offer in this bundler, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control.\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains the main executable and \"curl-ca-bundle.crt\" file on the device without the consumer's consent or notifying the user.\n","ACR-059":"The Offer is not clearly marked as an offer. It is unclear who is recommending the offer.\n"},"nonDeceptorViolations":{"ACR-106":"App offers deceptive application 'Relevant Knowledge market survey'.\n","ACR-092":"The app does not have a digital signature for any executable.\n","ACR-123":"The app does not remove dropped root certificates even after uninstalling.\n"},"samples":[{"isRevoked":"False","fileName":"DVDKnife_Setup.exe","isInstaller":"True","companyName":"                                                            ","productName":"DVD Knife                                                   ","productVersion":"4.1                 ","fileVersion":"4.1                 ","hashMD5":"839074a6ebce3ece53b8671573573d6a","hashSHA1":"af3e6668afb6afdadd642a78d8648ab1d62ee95b","hashSHA256":"53324c64171bc386fe23ac8ba9f276054d5c2e626482fc34ed57651275075b58","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"855","avBlockList":["360 Total Security (20240206)","Avast Premium Security (20240206)","AVG Internet Security (20240206)","Avira Internet Security (20240206)","Bitdefender Internet Security (20240206)","COMODO Antivirus (20240206)","Dr.Web Security Space (20240206)","ESET Internet Security (20240206)","G DATA INTERNET SECURITY (20240206)","K7 Total Security (20240206)","Kaspersky Internet Security (20240206)","Malwarebytes Premium (20240206)","McAfee Total Protection (20240206)","Norton Security (20240206)","Panda Dome (20240206)","Quick Heal Internet Security (20240206)","Sophos Home Premium (20240206)","SpyHunter5 (20240206)","Total AV Antivirus Pro (20240206)","VIPRE Advanced Security (20240206)","VirIT eXplorer PRO (20240206)","Webroot SecureAnywhere (20240206)","Windows Defender (20240206)"],"avAllowList":["Trend Micro Internet Security (20240206)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt on Relevant Knowledge apps","reference":"","landingPage":"https://www.vcsoftwares.com","directDownloadingLink":"https://www.vcsoftwares.com/DK.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.vcsoftwares.com/DK.exe","sourceIndex":"855"}],"sampleFiles":["231016/DVDKnife-231011/4.1/Samples/DVDKnife_Setup.exe"],"imageFiles":["231016/DVDKnife-231011/4.1/Images/ACR-010/ACR-010_Install_1.jpeg","231016/DVDKnife-231011/4.1/Images/ACR-013/ACR-013_Install_1.jpeg","231016/DVDKnife-231011/4.1/Images/ACR-118/ACR-118_Uninstall_1.jpeg","231016/DVDKnife-231011/4.1/Images/ACR-059/ACR-059_Bundler-made offers_1.jpeg","231016/DVDKnife-231011/4.1/Images/ACR-060/ACR-060_Bundler-made offers_1.jpeg"],"nonDeceptorImageFiles":["231016/DVDKnife-231011/4.1/Images/ACR-106/ACR-106_Software_1.jpeg","231016/DVDKnife-231011/4.1/Images/ACR-092/ACR-092_Software_1.jpeg","231016/DVDKnife-231011/4.1/Images/ACR-123/ACR-123_Uninstall_1.jpeg"],"guid":"f983a5af-1072-4ec9-9979-28cb6359beac_4.1_1","appID":"DVDKnife-231011","dateAdded":"231016","deceptorType":"App","name":"DVD Knife","company":"Vicky's Cool Softwares","version":"4.1","lastKnownStatus":"4.1","lastKnownDate":"231016","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows 7,Windows Vista,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"cross-sell other apps","lastUpdate":"2023-10-16T22:02:33.7863685+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":827},{"violations":{"ACR-010":" The apps from \"http://www.convertidor-de-pdf.com/downloads.html\" distribute deceptor applications. The offer in this app, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control\n"},"nonDeceptorViolations":{},"samples":[],"additionalFiles":[],"sources":[{"howFound":"Relevant Knowledge related apps","reference":"","landingPage":"http://www.convertidor-de-pdf.com/downloads.html","ipv4":"","ipv6":"","sourceIndex":"860"}],"sampleFiles":[],"imageFiles":["231016/convertidordepdfcom-231016/231016/Images/ACR-010/ACR-010_Install_1.png"],"nonDeceptorImageFiles":[],"guid":"d790df0b-d6b7-418a-a9f8-479c66b4d1e7_231016_1","appID":"convertidordepdfcom-231016","dateAdded":"231016","deceptorType":"Affiliate","name":"convertidor-de-pdf.com","company":"convertidor-de-pdf.com","version":"231016","lastKnownStatus":"231016","lastKnownDate":"231016","type":"Affiliate","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"display ads","lastUpdate":"2023-10-16T20:02:17.2463199+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":829},{"violations":{"ACR-109":"The app downloads \"rk_setup.exe\", a RelevantKnowledge file before disclosure and without the consumer's consent\n","ACR-010":"The app distributes deceptor application. The offer in this app, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software\n","ACR-118":"Upon uninstallation, it retains some executables and many of its other components along with a \"curl-ca-bundle.crt\" and other components on the device without user's knowledge.\n","ACR-057":"The app bundles the \"Relevant Knowledge\" offer which does not allow the consumer to decline the offer\n","ACR-071":"It attempts to force the acceptance of \"Relevant Knowledge\" by graying out the Next button when the user choose to Decline. Thus, forcing the user to only accept the offer and proceed with the installation\n","ACR-059":"Offer not clearly marked as an offer. Instead, it is presented as a component of the carrier.\n","ACR-155":"Offers are designed to look like part of the install workflow\n"},"nonDeceptorViolations":{"ACR-106":"App offers deceptive application 'Relevant Knowledge market survey\n","ACR-092":"The installer and main executables are not digitally signed\n","ACR-123":"The app does not remove dropped root certificates even after uninstalling\n"},"samples":[{"isRevoked":"False","fileName":"lector-de-pdf.exe","isInstaller":"True","companyName":"convertidor-de-pdf.com                                      ","productName":"Lector de PDF                                               ","productVersion":"                                                  ","fileVersion":"                    ","hashMD5":"b1fa02b3e52ce37f23d3a5d1ee738c70","hashSHA1":"0ec567c5eaf92d81c4e43472eb0a0d23e9e0d962","hashSHA256":"c47d86c2a94eeb58257c585cac8f5bfdc4a190b9646d66ee6faf04e6d88cd272","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"857","avBlockList":["360 Total Security (20240509)","Avast Premium Security (20240509)","AVG Internet Security (20240509)","Avira Internet Security (20240509)","Bitdefender Internet Security (20240509)","COMODO Antivirus (20240509)","Dr.Web Security Space (20240509)","ESET Internet Security (20240509)","G DATA INTERNET SECURITY (20240509)","K7 Total Security (20240509)","Kaspersky Internet Security (20240509)","Malwarebytes Premium (20240509)","McAfee Total Protection (20240509)","Norton Security (20240509)","Panda Dome (20240509)","Quick Heal Internet Security (20240509)","Sophos Home Premium (20240509)","SpyHunter5 (20240509)","Total AV Antivirus Pro (20240509)","Trend Micro Internet Security (20240509)","VIPRE Advanced Security (20240509)","VirIT eXplorer PRO (20240509)","Webroot SecureAnywhere (20240509)","Windows Defender (20240509)"],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunted on RK installer","reference":"","landingPage":"http://www.convertidor-de-pdf.com/lector-de-pdf.html","directDownloadingLink":"http://www.convertidor-de-pdf.com/download/lector-de-pdf.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://www.convertidor-de-pdf.com/download/lector-de-pdf.exe","sourceIndex":"857"}],"sampleFiles":["231016/PDFreader-231013/4.0/Samples/lector-de-pdf.exe"],"imageFiles":["231016/PDFreader-231013/4.0/Images/ACR-109/ACR-109_Install_1.png","231016/PDFreader-231013/4.0/Images/ACR-010/ACR-010_Install_1.png","231016/PDFreader-231013/4.0/Images/ACR-013/ACR-013_Install_1.png","231016/PDFreader-231013/4.0/Images/ACR-118/ACR-118_Uninstall_1.png","231016/PDFreader-231013/4.0/Images/ACR-057/ACR-057_Bundler-made offers_1.png","231016/PDFreader-231013/4.0/Images/ACR-059/ACR-059_Bundler-made offers_1.png","231016/PDFreader-231013/4.0/Images/ACR-060/ACR-060_Bundler-made offers_1.png","231016/PDFreader-231013/4.0/Images/ACR-071/ACR-071_Bundler-made offers_1.png","231016/PDFreader-231013/4.0/Images/ACR-155/ACR-155_Bundler-made offers_1.png"],"nonDeceptorImageFiles":["231016/PDFreader-231013/4.0/Images/ACR-106/ACR-106_Software_1.png","231016/PDFreader-231013/4.0/Images/ACR-092/ACR-092_Software_1.png","231016/PDFreader-231013/4.0/Images/ACR-123/ACR-123_Uninstall_1.png"],"guid":"e8ffdbca-c095-466a-85a3-e67e200d2034_4.0_1","appID":"PDFreader-231013","dateAdded":"231016","deceptorType":"Bundler","name":"PDF Reader","company":"convertidor-de-pdf.com","version":"4.0","lastKnownStatus":"4.0","lastKnownDate":"231016","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"display ads","lastUpdate":"2023-10-16T21:42:00.2033347+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":825},{"violations":{"ACR-109":"The app downloads \"rkverify.exe\" and other RelevantKnowledge files prior to disclosure and without the consumer's consent.\n","ACR-010":"The app distributes deceptor application. The offer in this app, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software\n","ACR-059":"Offer not clearly marked as an offer. Instead, it is presented as a component of the carrier.\n","ACR-155":"Offers are designed to look like part of the install workflow\n"},"nonDeceptorViolations":{"ACR-106":"App offers deceptive application 'Relevant Knowledge market survey\n","ACR-092":"The app does not have a digital signature for any executable\n"},"samples":[{"isRevoked":"False","fileName":"SyncerSoft_Alice-1377_Setup.exe","isInstaller":"True","fileVersion":"1.0","hashMD5":"ea0ab7bbf5b9f8834e7bb7b91803b30f","hashSHA1":"4d6b416608fc2ab75d7b640d4c8e196658dd001c","hashSHA256":"e38cda907dd69c36eb44281c5fa7bedfc93ab05227dc5dbf6532f8f052085ba5","sourceIndex":"861","avBlockList":["360 Total Security (20231116)","Avast Premium Security (20231116)","AVG Internet Security (20231116)","Avira Internet Security (20231116)","Bitdefender Internet Security (20231116)","COMODO Antivirus (20231116)","Dr.Web Security Space (20231116)","ESET Internet Security (20231116)","G DATA INTERNET SECURITY (20231116)","K7 Total Security (20231116)","Kaspersky Internet Security (20231116)","Malwarebytes Premium (20231116)","McAfee Total Protection (20231116)","Norton Security (20231116)","Panda Dome (20231116)","Quick Heal Internet Security (20231116)","Sophos Home Premium (20231116)","SpyHunter5 (20231116)","Total AV Antivirus Pro (20231116)","Trend Micro Internet Security (20231116)","VIPRE Advanced Security (20231116)","VirIT eXplorer PRO (20231116)","Webroot SecureAnywhere (20231116)","Windows Defender (20231116)"],"avAllowList":[]},{"isRevoked":"False","fileName":"SyncerSoft_Amusing_sounds_of_the_body_1_0_Setup.exe","isInstaller":"True","fileVersion":"1.0","hashMD5":"d05fc4d8186c8d8dfc476a3298593c4e","hashSHA1":"b08fbb72d66068d6696793d38727a8b2a58dbf14","hashSHA256":"fbb5a6e5c9a2d3f6d626b3741a60d1a8aab68af02e2106db20504ee8b0a727a5","sourceIndex":"861","avBlockList":["360 Total Security (20231116)","Avast Premium Security (20231116)","AVG Internet Security (20231116)","Avira Internet Security (20231116)","Bitdefender Internet Security (20231116)","COMODO Antivirus (20231116)","Dr.Web Security Space (20231116)","ESET Internet Security (20231116)","G DATA INTERNET SECURITY (20231116)","K7 Total Security (20231116)","Kaspersky Internet Security (20231116)","McAfee Total Protection (20231116)","Norton Security (20231116)","Panda Dome (20231116)","Quick Heal Internet Security (20231116)","Sophos Home Premium (20231116)","SpyHunter5 (20231116)","Total AV Antivirus Pro (20231116)","Trend Micro Internet Security (20231116)","VIPRE Advanced Security (20231116)","VirIT eXplorer PRO (20231116)","Webroot SecureAnywhere (20231116)","Windows Defender (20231116)"],"avAllowList":["Malwarebytes Premium (20231116)"]},{"isRevoked":"False","fileName":"SyncerSoft_AnalogGalaxy_1_0_Setup.exe","isInstaller":"True","fileVersion":"1.0","hashMD5":"e62863eefa2a7d3563945747f77ae515","hashSHA1":"3ba89ab8f2403b220d76b6de9959ede4d8cbd822","hashSHA256":"b4ef7577b79fdab0511693252c9e784a1b0f74d95d390d9703a4864708e77012","sourceIndex":"861","avBlockList":["360 Total Security (20231116)","Avast Premium Security (20231116)","AVG Internet Security (20231116)","Avira Internet Security (20231116)","Bitdefender Internet Security (20231116)","COMODO Antivirus (20231116)","Dr.Web Security Space (20231116)","ESET Internet Security (20231116)","G DATA INTERNET SECURITY (20231116)","K7 Total Security (20231116)","Kaspersky Internet Security (20231116)","Malwarebytes Premium (20231116)","McAfee Total Protection (20231116)","Norton Security (20231116)","Panda Dome (20231116)","Quick Heal Internet Security (20231116)","Sophos Home Premium (20231116)","SpyHunter5 (20231116)","Total AV Antivirus Pro (20231116)","Trend Micro Internet Security (20231116)","VIPRE Advanced Security (20231116)","VirIT eXplorer PRO (20231116)","Webroot SecureAnywhere (20231116)"],"avAllowList":["Windows Defender (20231116)"]},{"isRevoked":"False","fileName":"SyncerSoft_AnalogNexus_1_0_Setup.exe","isInstaller":"True","fileVersion":"1.0","hashMD5":"3c67cc07cfa8f9df13fd43d4a6d9114c","hashSHA1":"e204eccce0e5dc853d4032a18c9e55eb7d5369f5","hashSHA256":"6bf3344e3d9dc15f4db89431f39eaf9bda39a9e9ebcbf0fe4a130afc50782ebb","sourceIndex":"861","avBlockList":["360 Total Security (20231116)","Avast Premium Security (20231116)","AVG Internet Security (20231116)","Avira Internet Security (20231116)","Bitdefender Internet Security (20231116)","COMODO Antivirus (20231116)","Dr.Web Security Space (20231116)","ESET Internet Security (20231116)","G DATA INTERNET SECURITY (20231116)","K7 Total Security (20231116)","Kaspersky Internet Security (20231116)","Malwarebytes Premium (20231116)","McAfee Total Protection (20231116)","Norton Security (20231116)","Panda Dome (20231116)","Quick Heal Internet Security (20231116)","Sophos Home Premium (20231116)","SpyHunter5 (20231116)","Total AV Antivirus Pro (20231116)","Trend Micro Internet Security (20231116)","VIPRE Advanced Security (20231116)","VirIT eXplorer PRO (20231116)","Webroot SecureAnywhere (20231116)","Windows Defender (20231116)"],"avAllowList":[]},{"isRevoked":"False","fileName":"SyncerSoft_AnalogVoice_1_0_Setup.exe","isInstaller":"True","fileVersion":"1.0","hashMD5":"30c70cab26a11527d9369d42d0bd99a7","hashSHA1":"96857658270bc3ed7cefa1998464175ae614c09e","hashSHA256":"226411dcd4e41dc5655b46fec73d4ce5911cc7bf454e381f74ed7be5fc0a48b3","sourceIndex":"861","avBlockList":["360 Total Security (20231116)","Avast Premium Security (20231116)","AVG Internet Security (20231116)","Avira Internet Security (20231116)","Bitdefender Internet Security (20231116)","COMODO Antivirus (20231116)","Dr.Web Security Space (20231116)","ESET Internet Security (20231116)","G DATA INTERNET SECURITY (20231116)","K7 Total Security (20231116)","Kaspersky Internet Security (20231116)","Malwarebytes Premium (20231116)","McAfee Total Protection (20231116)","Norton Security (20231116)","Panda Dome (20231116)","Quick Heal Internet Security (20231116)","Sophos Home Premium (20231116)","SpyHunter5 (20231116)","Total AV Antivirus Pro (20231116)","Trend Micro Internet Security (20231116)","VIPRE Advanced Security (20231116)","VirIT eXplorer PRO (20231116)","Webroot SecureAnywhere (20231116)","Windows Defender (20231116)"],"avAllowList":[]},{"isRevoked":"False","fileName":"SyncerSoft_AnalogWarp_1_0_Setup.exe","isInstaller":"True","fileVersion":"1.0","hashMD5":"979d33f8e3c8a38d2adc31b20e6b9df9","hashSHA1":"54016be4591ff2fbd215fe2788180029ef0c0f75","hashSHA256":"7f260128b7860bc2e8a4d4212583cf9d62e8235883b660522d1b6156c8b14cd7","sourceIndex":"861","avBlockList":["360 Total Security (20240123)","Avast Premium Security (20240123)","AVG Internet Security (20240123)","Avira Internet Security (20240123)","Bitdefender Internet Security (20240123)","COMODO Antivirus (20240123)","Dr.Web Security Space (20240123)","ESET Internet Security (20240123)","G DATA INTERNET SECURITY (20240123)","K7 Total Security (20240123)","Kaspersky Internet Security (20240123)","Malwarebytes Premium (20240123)","McAfee Total Protection (20240123)","Norton Security (20240123)","Panda Dome (20240123)","Quick Heal Internet Security (20240123)","Sophos Home Premium (20240123)","SpyHunter5 (20240123)","Total AV Antivirus Pro (20240123)","Trend Micro Internet Security (20240123)","VIPRE Advanced Security (20240123)","VirIT eXplorer PRO (20240123)","Webroot SecureAnywhere (20240123)","Windows Defender (20240123)"],"avAllowList":[]},{"isRevoked":"False","fileName":"SyncerSoft_BassLandscapes_2_1_Setup.exe","isInstaller":"True","fileVersion":"1.0","hashMD5":"39ae4a2fa38bd41ff7fc797e582534a9","hashSHA1":"bc64185b9a1f7624f97bf387d71f45afe5f01542","hashSHA256":"65d2247d500de46d9f7151e1b8abe922372e7a49b92b6b317068a938f18fab85","sourceIndex":"861","avBlockList":["360 Total Security (20240123)","Avast Premium Security (20240123)","AVG Internet Security (20240123)","Avira Internet Security (20240123)","Bitdefender Internet Security (20240123)","COMODO Antivirus (20240123)","Dr.Web Security Space (20240123)","ESET Internet Security (20240123)","G DATA INTERNET SECURITY (20240123)","K7 Total Security (20240123)","Kaspersky Internet Security (20240123)","Malwarebytes Premium (20240123)","McAfee Total Protection (20240123)","Norton Security (20240123)","Panda Dome (20240123)","Quick Heal Internet Security (20240123)","Sophos Home Premium (20240123)","SpyHunter5 (20240123)","Total AV Antivirus Pro (20240123)","VIPRE Advanced Security (20240123)","VirIT eXplorer PRO (20240123)","Webroot SecureAnywhere (20240123)","Windows Defender (20240123)"],"avAllowList":["Trend Micro Internet Security (20240123)"]},{"isRevoked":"False","fileName":"SyncerSoft_ElectricalNoiseLite_1_0_Setup.exe","isInstaller":"True","fileVersion":"1.0","hashMD5":"721f449eaa424a6c54ed6f21f1b9c84a","hashSHA1":"fc1b74a55ce2f0f0fede07c17f48ddf78a7b1672","hashSHA256":"b90bef522841f8091edff64ab33adaaee36968bcbcb019b66c573ffb49051442","sourceIndex":"861","avBlockList":["360 Total Security (20240201)","Avast Premium Security (20240201)","AVG Internet Security (20240201)","Avira Internet Security (20240201)","Bitdefender Internet Security (20240201)","COMODO Antivirus (20240201)","Dr.Web Security Space (20240201)","ESET Internet Security (20240201)","G DATA INTERNET SECURITY (20240201)","K7 Total Security (20240201)","Kaspersky Internet Security (20240201)","Malwarebytes Premium (20240201)","McAfee Total Protection (20240201)","Norton Security (20240201)","Panda Dome (20240201)","Quick Heal Internet Security (20240201)","Sophos Home Premium (20240201)","SpyHunter5 (20240201)","Total AV Antivirus Pro (20240201)","VIPRE Advanced Security (20240201)","VirIT eXplorer PRO (20240201)","Webroot SecureAnywhere (20240201)","Windows Defender (20240201)"],"avAllowList":["Trend Micro Internet Security (20240201)"]},{"isRevoked":"False","fileName":"SyncerSoft_ElectroBassLandscapes_1_3_Setup.exe","isInstaller":"True","fileVersion":"1.0","hashMD5":"4375a09bc1087df181643f9c39705a6f","hashSHA1":"2c4bc08044383a3450f239eae2cbaa084e2f491e","hashSHA256":"608d8f496bd5c8b473888b991e809ff691e3e89f2d3b7bd778834b8780a6a989","sourceIndex":"861","avBlockList":["360 Total Security (20240201)","Avast Premium Security (20240201)","AVG Internet Security (20240201)","Avira Internet Security (20240201)","Bitdefender Internet Security (20240201)","COMODO Antivirus (20240201)","Dr.Web Security Space (20240201)","ESET Internet Security (20240201)","G DATA INTERNET SECURITY (20240201)","K7 Total Security (20240201)","Kaspersky Internet Security (20240201)","McAfee Total Protection (20240201)","Norton Security (20240201)","Panda Dome (20240201)","Quick Heal Internet Security (20240201)","Sophos Home Premium (20240201)","SpyHunter5 (20240201)","Total AV Antivirus Pro (20240201)","VIPRE Advanced Security (20240201)","VirIT eXplorer PRO (20240201)","Webroot SecureAnywhere (20240201)","Windows Defender (20240201)"],"avAllowList":["Malwarebytes Premium (20240201)","Trend Micro Internet Security (20240201)"]},{"isRevoked":"False","fileName":"SyncerSoft_Estradion-230_1_1_Setup.exe","isInstaller":"True","fileVersion":"1.0","hashMD5":"f0a1cf2bca2f3e35db58588c783c9591","hashSHA1":"be29dfa0e53c4a38bb14af1993644f09e98414c5","hashSHA256":"f8a0800610387b24d4eeb95e15d6562507e37ff1279e2f78657c636d02ea085a","sourceIndex":"861","avBlockList":["360 Total Security (20240201)","Avast Premium Security (20240201)","AVG Internet Security (20240201)","Avira Internet Security (20240201)","Bitdefender Internet Security (20240201)","COMODO Antivirus (20240201)","Dr.Web Security Space (20240201)","ESET Internet Security (20240201)","G DATA INTERNET SECURITY (20240201)","K7 Total Security (20240201)","Kaspersky Internet Security (20240201)","Malwarebytes Premium (20240201)","McAfee Total Protection (20240201)","Norton Security (20240201)","Panda Dome (20240201)","Quick Heal Internet Security (20240201)","Sophos Home Premium (20240201)","SpyHunter5 (20240201)","Total AV Antivirus Pro (20240201)","Trend Micro Internet Security (20240201)","VIPRE Advanced Security (20240201)","VirIT eXplorer PRO (20240201)","Webroot SecureAnywhere (20240201)","Windows Defender (20240201)"],"avAllowList":[]},{"isRevoked":"False","fileName":"SyncerSoft_Flanger_Setup.exe","isInstaller":"True","fileVersion":"1.0","hashMD5":"32fdd574b3347ea5c6b59750b022406c","hashSHA1":"599f83417c7454b32ae031902f6977a3e184f855","hashSHA256":"b3378595c855021d7c2065199694e9df3fd632acd2c72b6b7a8e86ee9306f7b6","sourceIndex":"861","avBlockList":["360 Total Security (20240201)","Avast Premium Security (20240201)","AVG Internet Security (20240201)","Avira Internet Security (20240201)","Bitdefender Internet Security (20240201)","COMODO Antivirus (20240201)","Dr.Web Security Space (20240201)","ESET Internet Security (20240201)","G DATA INTERNET SECURITY (20240201)","K7 Total Security (20240201)","Kaspersky Internet Security (20240201)","Malwarebytes Premium (20240201)","McAfee Total Protection (20240201)","Norton Security (20240201)","Panda Dome (20240201)","Quick Heal Internet Security (20240201)","Sophos Home Premium (20240201)","SpyHunter5 (20240201)","Total AV Antivirus Pro (20240201)","VIPRE Advanced Security (20240201)","VirIT eXplorer PRO (20240201)","Webroot SecureAnywhere (20240201)","Windows Defender (20240201)"],"avAllowList":["Trend Micro Internet Security (20240201)"]},{"isRevoked":"False","fileName":"SyncerSoft_GangnamVocoder_1_0_Setup.exe","isInstaller":"True","fileVersion":"1.0","hashMD5":"9915cee5d6fd90720b478195df874f57","hashSHA1":"20ffd02db55f941086018e29643465d54b22c36c","hashSHA256":"ebe684b0b2cdac0e68bc509b5a7895937aa005db8a8970d933c5e560cbd7e67e","sourceIndex":"861","avBlockList":["360 Total Security (20240201)","Avast Premium Security (20240201)","AVG Internet Security (20240201)","Avira Internet Security (20240201)","Bitdefender Internet Security (20240201)","COMODO Antivirus (20240201)","Dr.Web Security Space (20240201)","ESET Internet Security (20240201)","G DATA INTERNET SECURITY (20240201)","K7 Total Security (20240201)","Kaspersky Internet Security (20240201)","Malwarebytes Premium (20240201)","McAfee Total Protection (20240201)","Norton Security (20240201)","Panda Dome (20240201)","Quick Heal Internet Security (20240201)","Sophos Home Premium (20240201)","SpyHunter5 (20240201)","Total AV Antivirus Pro (20240201)","VIPRE Advanced Security (20240201)","VirIT eXplorer PRO (20240201)","Webroot SecureAnywhere (20240201)","Windows Defender (20240201)"],"avAllowList":["Trend Micro Internet Security (20240201)"]},{"isRevoked":"False","fileName":"SyncerSoft_LizardMorph_1_0_Setup.exe","isInstaller":"True","fileVersion":"1.0","hashMD5":"629bd3c70c850a6af6958b60038b40f9","hashSHA1":"7145a32a037b026a6b3ab9f86e82fe4cb3fcf3e9","hashSHA256":"fbcf73985f75986693be3255f714cf56f8f1f44050d7d15f9fe4704f290c7d18","sourceIndex":"861","avBlockList":["360 Total Security (20240201)","Avast Premium Security (20240201)","AVG Internet Security (20240201)","Avira Internet Security (20240201)","Bitdefender Internet Security (20240201)","COMODO Antivirus (20240201)","Dr.Web Security Space (20240201)","ESET Internet Security (20240201)","G DATA INTERNET SECURITY (20240201)","K7 Total Security (20240201)","Kaspersky Internet Security (20240201)","Malwarebytes Premium (20240201)","McAfee Total Protection (20240201)","Norton Security (20240201)","Panda Dome (20240201)","Quick Heal Internet Security (20240201)","Sophos Home Premium (20240201)","SpyHunter5 (20240201)","Total AV Antivirus Pro (20240201)","VIPRE Advanced Security (20240201)","VirIT eXplorer PRO (20240201)","Webroot SecureAnywhere (20240201)"],"avAllowList":["Trend Micro Internet Security (20240201)","Windows Defender (20240201)"]},{"isRevoked":"False","fileName":"SyncerSoft_PolyvoxStation_2_2_Setup.exe","isInstaller":"True","fileVersion":"1.0","hashMD5":"ed20bced72f84673dbe204710bb91e8b","hashSHA1":"cdc7e5dfeefc7362cc4a761eda4d917c5b734f02","hashSHA256":"af160c0423ee9dcf4c9918d84ada6d589098bdd01d6a29945fdb072ecf294081","sourceIndex":"861","avBlockList":["360 Total Security (20240201)","Avast Premium Security (20240201)","AVG Internet Security (20240201)","Avira Internet Security (20240201)","Bitdefender Internet Security (20240201)","COMODO Antivirus (20240201)","Dr.Web Security Space (20240201)","ESET Internet Security (20240201)","G DATA INTERNET SECURITY (20240201)","K7 Total Security (20240201)","Kaspersky Internet Security (20240201)","Malwarebytes Premium (20240201)","McAfee Total Protection (20240201)","Norton Security (20240201)","Panda Dome (20240201)","Quick Heal Internet Security (20240201)","Sophos Home Premium (20240201)","SpyHunter5 (20240201)","Total AV Antivirus Pro (20240201)","VIPRE Advanced Security (20240201)","VirIT eXplorer PRO (20240201)","Webroot SecureAnywhere (20240201)"],"avAllowList":["Trend Micro Internet Security (20240201)","Windows Defender (20240201)"]},{"isRevoked":"False","fileName":"SyncerSoft_Q9Oldvox_1_0_Setup.exe","isInstaller":"True","fileVersion":"1.0","hashMD5":"32a2e8b9dad937fe2bcd015e05f64c0f","hashSHA1":"c4ccfa0b575fc09e081edae1532f1d55cf0efeee","hashSHA256":"766151673e3d4d06eb7634acbe039d417d355a2e1893b83e56eda20c99c145ae","sourceIndex":"861","avBlockList":["360 Total Security (20240201)","Avast Premium Security (20240201)","AVG Internet Security (20240201)","Avira Internet Security (20240201)","Bitdefender Internet Security (20240201)","COMODO Antivirus (20240201)","Dr.Web Security Space (20240201)","ESET Internet Security (20240201)","G DATA INTERNET SECURITY (20240201)","K7 Total Security (20240201)","Kaspersky Internet Security (20240201)","Malwarebytes Premium (20240201)","McAfee Total Protection (20240201)","Norton Security (20240201)","Panda Dome (20240201)","Quick Heal Internet Security (20240201)","Sophos Home Premium (20240201)","SpyHunter5 (20240201)","Total AV Antivirus Pro (20240201)","VIPRE Advanced Security (20240201)","VirIT eXplorer PRO (20240201)","Webroot SecureAnywhere (20240201)","Windows Defender (20240201)"],"avAllowList":["Trend Micro Internet Security (20240201)"]},{"isRevoked":"False","fileName":"SyncerSoft_Resonator_1_0_Setup.exe","isInstaller":"True","fileVersion":"1.0","hashMD5":"8b4518b347c5b5fc7ff169a430b2e45a","hashSHA1":"ed145f2f17779709f2b9b49a74783a3491a82447","hashSHA256":"2ea1ab4aa40798caa3d2eb4d5c4372368eb6518ccc0c54d2b7fed6886ed99992","sourceIndex":"861","avBlockList":["360 Total Security (20240206)","Avast Premium Security (20240206)","AVG Internet Security (20240206)","Avira Internet Security (20240206)","Bitdefender Internet Security (20240206)","COMODO Antivirus (20240206)","Dr.Web Security Space (20240206)","ESET Internet Security (20240206)","G DATA INTERNET SECURITY (20240206)","K7 Total Security (20240206)","Kaspersky Internet Security (20240206)","Malwarebytes Premium (20240206)","McAfee Total Protection (20240206)","Norton Security (20240206)","Panda Dome (20240206)","Quick Heal Internet Security (20240206)","Sophos Home Premium (20240206)","SpyHunter5 (20240206)","Total AV Antivirus Pro (20240206)","VIPRE Advanced Security (20240206)","VirIT eXplorer PRO (20240206)","Webroot SecureAnywhere (20240206)","Windows Defender (20240206)"],"avAllowList":["Trend Micro Internet Security (20240206)"]},{"isRevoked":"False","fileName":"SyncerSoft_Reverberation_1_0_Setup.exe","isInstaller":"True","fileVersion":"1.0","hashMD5":"53528104bb6eddbcb14f1f3041d56f35","hashSHA1":"8e6c32b1c70ad6009e316159ebc8720018827cdd","hashSHA256":"e55ebbf7b959460708d40b94cb0192e48a7b832e6fc97e8d98704bbf244fddac","sourceIndex":"861","avBlockList":["360 Total Security (20240208)","Avast Premium Security (20240208)","AVG Internet Security (20240208)","Avira Internet Security (20240208)","Bitdefender Internet Security (20240208)","COMODO Antivirus (20240208)","Dr.Web Security Space (20240208)","ESET Internet Security (20240208)","G DATA INTERNET SECURITY (20240208)","K7 Total Security (20240208)","Kaspersky Internet Security (20240208)","Malwarebytes Premium (20240208)","McAfee Total Protection (20240208)","Norton Security (20240208)","Panda Dome (20240208)","Quick Heal Internet Security (20240208)","Sophos Home Premium (20240208)","SpyHunter5 (20240208)","Total AV Antivirus Pro (20240208)","VIPRE Advanced Security (20240208)","VirIT eXplorer PRO (20240208)","Webroot SecureAnywhere (20240208)"],"avAllowList":["Trend Micro Internet Security (20240208)","Windows Defender (20240208)"]},{"isRevoked":"False","fileName":"SyncerSoft_Rhythm-2_Setup.exe","isInstaller":"True","fileVersion":"1.0","hashMD5":"61342ef72aa38f046b5c49d0eec603b3","hashSHA1":"9065d302c0a833833ed6d6748bbc88d8eb840a8f","hashSHA256":"102555e3b13b75e199e3a2a287a33628790760a50d35df47dd8e2519600228c2","sourceIndex":"861","avBlockList":["360 Total Security (20240208)","Avast Premium Security (20240208)","AVG Internet Security (20240208)","Avira Internet Security (20240208)","Bitdefender Internet Security (20240208)","COMODO Antivirus (20240208)","Dr.Web Security Space (20240208)","ESET Internet Security (20240208)","G DATA INTERNET SECURITY (20240208)","K7 Total Security (20240208)","Kaspersky Internet Security (20240208)","Malwarebytes Premium (20240208)","McAfee Total Protection (20240208)","Norton Security (20240208)","Panda Dome (20240208)","Quick Heal Internet Security (20240208)","Sophos Home Premium (20240208)","SpyHunter5 (20240208)","Total AV Antivirus Pro (20240208)","VIPRE Advanced Security (20240208)","VirIT eXplorer PRO (20240208)","Webroot SecureAnywhere (20240208)","Windows Defender (20240208)"],"avAllowList":["Trend Micro Internet Security (20240208)"]},{"isRevoked":"False","fileName":"SyncerSoft_SawLandscapes_Setup.exe","isInstaller":"True","fileVersion":"1.0","hashMD5":"96305b1d0658e8f6777217ce5cfe29dd","hashSHA1":"d75de02903a390d5bc76df9bc8f56a17bd08e633","hashSHA256":"0ab802400e34efa4cc68e6b3b1d664d227a39dceb2d32995a7854d9f33247da4","sourceIndex":"861","avBlockList":["360 Total Security (20240215)","Avast Premium Security (20240215)","AVG Internet Security (20240215)","Avira Internet Security (20240215)","Bitdefender Internet Security (20240215)","COMODO Antivirus (20240215)","Dr.Web Security Space (20240215)","ESET Internet Security (20240215)","G DATA INTERNET SECURITY (20240215)","K7 Total Security (20240215)","Kaspersky Internet Security (20240215)","Malwarebytes Premium (20240215)","McAfee Total Protection (20240215)","Norton Security (20240215)","Panda Dome (20240215)","Quick Heal Internet Security (20240215)","Sophos Home Premium (20240215)","SpyHunter5 (20240215)","Total AV Antivirus Pro (20240215)","Trend Micro Internet Security (20240215)","VIPRE Advanced Security (20240215)","VirIT eXplorer PRO (20240215)","Webroot SecureAnywhere (20240215)","Windows Defender (20240215)"],"avAllowList":[]},{"isRevoked":"False","fileName":"SyncerSoft_Sounds_of_old_TV_games_1_0_Setup.exe","isInstaller":"True","fileVersion":"1.0","hashMD5":"b004b6bcfca2b52bb876a4b2c5050820","hashSHA1":"2d70fc0f4e789f5807971b559ebd1899a719ef1e","hashSHA256":"c3ce792542b2c24437a9c7d46e90c6f78c579301dc8cfa9a27ca2e5c165e2103","sourceIndex":"861","avBlockList":["360 Total Security (20240215)","Avast Premium Security (20240215)","AVG Internet Security (20240215)","Avira Internet Security (20240215)","Bitdefender Internet Security (20240215)","COMODO Antivirus (20240215)","Dr.Web Security Space (20240215)","ESET Internet Security (20240215)","G DATA INTERNET SECURITY (20240215)","K7 Total Security (20240215)","Kaspersky Internet Security (20240215)","Malwarebytes Premium (20240215)","McAfee Total Protection (20240215)","Norton Security (20240215)","Panda Dome (20240215)","Quick Heal Internet Security (20240215)","Sophos Home Premium (20240215)","SpyHunter5 (20240215)","Total AV Antivirus Pro (20240215)","Trend Micro Internet Security (20240215)","VIPRE Advanced Security (20240215)","VirIT eXplorer PRO (20240215)","Webroot SecureAnywhere (20240215)","Windows Defender (20240215)"],"avAllowList":[]},{"isRevoked":"False","fileName":"SyncerSoft_SubsTractor_Setup.exe","isInstaller":"True","fileVersion":"1.0","hashMD5":"7c8843035916234de191178cf2a19af3","hashSHA1":"7a37ba99257b07ae83c2e1b859f25eab869988b9","hashSHA256":"b6f9ea8aaac4192c73e462cc334294de2a8e357a8050ef616f26ba23dac4d024","sourceIndex":"861","avBlockList":["360 Total Security (20240215)","Avast Premium Security (20240215)","AVG Internet Security (20240215)","Avira Internet Security (20240215)","Bitdefender Internet Security (20240215)","COMODO Antivirus (20240215)","Dr.Web Security Space (20240215)","ESET Internet Security (20240215)","G DATA INTERNET SECURITY (20240215)","K7 Total Security (20240215)","Kaspersky Internet Security (20240215)","Malwarebytes Premium (20240215)","McAfee Total Protection (20240215)","Norton Security (20240215)","Panda Dome (20240215)","Quick Heal Internet Security (20240215)","Sophos Home Premium (20240215)","SpyHunter5 (20240215)","Total AV Antivirus Pro (20240215)","Trend Micro Internet Security (20240215)","VIPRE Advanced Security (20240215)","VirIT eXplorer PRO (20240215)","Webroot SecureAnywhere (20240215)","Windows Defender (20240215)"],"avAllowList":[]},{"isRevoked":"False","fileName":"SyncerSoft_UrbanNexus_1_0_Setup.exe","isInstaller":"True","fileVersion":"1.0","hashMD5":"97f0b6281381fb99efc78b3ae2219bb6","hashSHA1":"f45ca2d1b9a78ec53ceeca6dc5d8a03d7e3a82c6","hashSHA256":"6d41c7ddbe9ca420dad759a3f306b96395e3f0760310ff83404aad24cd6f46e8","sourceIndex":"861","avBlockList":["360 Total Security (20240215)","Avast Premium Security (20240215)","AVG Internet Security (20240215)","Avira Internet Security (20240215)","Bitdefender Internet Security (20240215)","COMODO Antivirus (20240215)","Dr.Web Security Space (20240215)","ESET Internet Security (20240215)","G DATA INTERNET SECURITY (20240215)","K7 Total Security (20240215)","Kaspersky Internet Security (20240215)","Malwarebytes Premium (20240215)","McAfee Total Protection (20240215)","Norton Security (20240215)","Panda Dome (20240215)","Quick Heal Internet Security (20240215)","Sophos Home Premium (20240215)","SpyHunter5 (20240215)","Total AV Antivirus Pro (20240215)","Trend Micro Internet Security (20240215)","VIPRE Advanced Security (20240215)","VirIT eXplorer PRO (20240215)","Webroot SecureAnywhere (20240215)","Windows Defender (20240215)"],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunted on Relevant Knowledge","reference":"","landingPage":"https://syncersoft.com/free.htm","directDownloadingLink":"http://www.syncersoft.com/vst/SyncerSoft_UrbanNexus_1_0_Setup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://www.syncersoft.com/vst/SyncerSoft_UrbanNexus_1_0_Setup.exe","sourceIndex":"861"}],"sampleFiles":["231016/SyncerSoftBundler-231016/1.0/Samples/SyncerSoft_Alice-1377_Setup.exe","231016/SyncerSoftBundler-231016/1.0/Samples/SyncerSoft_Amusing_sounds_of_the_body_1_0_Setup.exe","231016/SyncerSoftBundler-231016/1.0/Samples/SyncerSoft_AnalogGalaxy_1_0_Setup.exe","231016/SyncerSoftBundler-231016/1.0/Samples/SyncerSoft_AnalogNexus_1_0_Setup.exe","231016/SyncerSoftBundler-231016/1.0/Samples/SyncerSoft_AnalogVoice_1_0_Setup.exe","231016/SyncerSoftBundler-231016/1.0/Samples/SyncerSoft_AnalogWarp_1_0_Setup.exe","231016/SyncerSoftBundler-231016/1.0/Samples/SyncerSoft_BassLandscapes_2_1_Setup.exe","231016/SyncerSoftBundler-231016/1.0/Samples/SyncerSoft_ElectricalNoiseLite_1_0_Setup.exe","231016/SyncerSoftBundler-231016/1.0/Samples/SyncerSoft_ElectroBassLandscapes_1_3_Setup.exe","231016/SyncerSoftBundler-231016/1.0/Samples/SyncerSoft_Estradion-230_1_1_Setup.exe","231016/SyncerSoftBundler-231016/1.0/Samples/SyncerSoft_Flanger_Setup.exe","231016/SyncerSoftBundler-231016/1.0/Samples/SyncerSoft_GangnamVocoder_1_0_Setup.exe","231016/SyncerSoftBundler-231016/1.0/Samples/SyncerSoft_LizardMorph_1_0_Setup.exe","231016/SyncerSoftBundler-231016/1.0/Samples/SyncerSoft_PolyvoxStation_2_2_Setup.exe","231016/SyncerSoftBundler-231016/1.0/Samples/SyncerSoft_Q9Oldvox_1_0_Setup.exe","231016/SyncerSoftBundler-231016/1.0/Samples/SyncerSoft_Resonator_1_0_Setup.exe","231016/SyncerSoftBundler-231016/1.0/Samples/SyncerSoft_Reverberation_1_0_Setup.exe","231016/SyncerSoftBundler-231016/1.0/Samples/SyncerSoft_Rhythm-2_Setup.exe","231016/SyncerSoftBundler-231016/1.0/Samples/SyncerSoft_SawLandscapes_Setup.exe","231016/SyncerSoftBundler-231016/1.0/Samples/SyncerSoft_Sounds_of_old_TV_games_1_0_Setup.exe","231016/SyncerSoftBundler-231016/1.0/Samples/SyncerSoft_SubsTractor_Setup.exe","231016/SyncerSoftBundler-231016/1.0/Samples/SyncerSoft_UrbanNexus_1_0_Setup.exe"],"imageFiles":["231016/SyncerSoftBundler-231016/1.0/Images/ACR-109/ACR-109_Install_1.png","231016/SyncerSoftBundler-231016/1.0/Images/ACR-010/ACR-010_Install_1.png","231016/SyncerSoftBundler-231016/1.0/Images/ACR-013/ACR-013_Install_1.png","231016/SyncerSoftBundler-231016/1.0/Images/ACR-059/ACR-059_Bundler-made offers_1.png","231016/SyncerSoftBundler-231016/1.0/Images/ACR-060/ACR-060_Bundler-made offers_1.png","231016/SyncerSoftBundler-231016/1.0/Images/ACR-155/ACR-155_Bundler-made offers_1.png"],"nonDeceptorImageFiles":["231016/SyncerSoftBundler-231016/1.0/Images/ACR-106/ACR-106_Software_1.png","231016/SyncerSoftBundler-231016/1.0/Images/ACR-092/ACR-092_Software_1.png"],"guid":"78c1ba60-e651-41ae-b6eb-e4d31b51addd_1.0_1","appID":"SyncerSoftBundler-231016","dateAdded":"231016","deceptorType":"Bundler","name":"SyncerSoft Bundler","company":"SyncerSoft","version":"1.0","lastKnownStatus":"1.0","lastKnownDate":"231016","type":"Windows Executable","category":"Media editors","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"sold in bundle,display ads","lastUpdate":"2023-10-16T19:55:47.8742671+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":824},{"violations":{"ACR-109":"The app downloads \"rk_setup.exe\", a RelevantKnowledge file before disclosure and without the consumer's consent\n","ACR-010":"The app distributes deceptor application. The offer in this app, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software\n","ACR-118":"Upon uninstallation, it retains some executables and many of its other components along with a \"curl-ca-bundle.crt\" and other components on the device without user's knowledge\n","ACR-057":"The app bundles the \"Relevant Knowledge\" offer which does not allow the consumer to decline the offer\n","ACR-071":"It attempts to force the acceptance of \"Relevant Knowledge\" by graying out the Next button when the user choose to Decline. Thus, forcing the user to only accept the offer and proceed with the installation\n","ACR-059":"Offer not clearly marked as an offer. Instead, it is presented as a component of the carrier\n","ACR-155":"Offers are designed to look like part of the install workflow\n"},"nonDeceptorViolations":{"ACR-106":"App offers deceptive application 'Relevant Knowledge market survey\n","ACR-092":"The installer and main executables are not digitally signed\n","ACR-123":"The app does not remove dropped root certificates even after uninstalling\n"},"samples":[{"isRevoked":"False","fileName":"unir-pdf.exe","isInstaller":"True","companyName":"convertidor-de-pdf.com                                      ","productName":"Unir PDF                                                    ","productVersion":"                                                  ","fileVersion":"                    ","hashMD5":"d7bc7986785d5d2194506f615bbb2a72","hashSHA1":"ef16458e299030a8e4aa2a8b5833ab515bc7adcf","hashSHA256":"c84dafb3613ef44917484f341ba9143f2bbb0b4e622c8137bc24295dbc7e9082","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"859","avBlockList":["360 Total Security (20240509)","Avast Premium Security (20240509)","AVG Internet Security (20240509)","Avira Internet Security (20240509)","Bitdefender Internet Security (20240509)","COMODO Antivirus (20240509)","ESET Internet Security (20240509)","G DATA INTERNET SECURITY (20240509)","K7 Total Security (20240509)","Kaspersky Internet Security (20240509)","Malwarebytes Premium (20240509)","McAfee Total Protection (20240509)","Norton Security (20240509)","Panda Dome (20240509)","Quick Heal Internet Security (20240509)","Sophos Home Premium (20240509)","SpyHunter5 (20240509)","Total AV Antivirus Pro (20240509)","Trend Micro Internet Security (20240509)","VIPRE Advanced Security (20240509)","VirIT eXplorer PRO (20240509)","Webroot SecureAnywhere (20240509)","Windows Defender (20240509)"],"avAllowList":["Dr.Web Security Space (20240509)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunted on RK Installer","reference":"","landingPage":"http://www.convertidor-de-pdf.com/unir-pdf.html","directDownloadingLink":"http://www.convertidor-de-pdf.com/download/unir-pdf.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://www.convertidor-de-pdf.com/download/unir-pdf.exe","sourceIndex":"859"}],"sampleFiles":["231016/UnitingPDF-231013/3.35/Samples/unir-pdf.exe"],"imageFiles":["231016/UnitingPDF-231013/3.35/Images/ACR-109/ACR-109_Install_1.png","231016/UnitingPDF-231013/3.35/Images/ACR-010/ACR-010_Install_1.png","231016/UnitingPDF-231013/3.35/Images/ACR-013/ACR-013_Install_1.png","231016/UnitingPDF-231013/3.35/Images/ACR-118/ACR-118_Uninstall_1.png","231016/UnitingPDF-231013/3.35/Images/ACR-057/ACR-057_Bundler-made offers_1.png","231016/UnitingPDF-231013/3.35/Images/ACR-059/ACR-059_Bundler-made offers_1.png","231016/UnitingPDF-231013/3.35/Images/ACR-060/ACR-060_Bundler-made offers_1.png","231016/UnitingPDF-231013/3.35/Images/ACR-071/ACR-071_Bundler-made offers_1.png","231016/UnitingPDF-231013/3.35/Images/ACR-155/ACR-155_Bundler-made offers_1.png"],"nonDeceptorImageFiles":["231016/UnitingPDF-231013/3.35/Images/ACR-106/ACR-106_Software_1.png","231016/UnitingPDF-231013/3.35/Images/ACR-092/ACR-092_Software_1.png","231016/UnitingPDF-231013/3.35/Images/ACR-123/ACR-123_Uninstall_1.png"],"guid":"f41e7e7b-d0b4-49f2-85ff-de64e32c38ba_3.35_1","appID":"UnitingPDF-231013","dateAdded":"231016","deceptorType":"Bundler","name":"Uniting PDF","company":"convertidor-de-pdf.com","version":"3.35","lastKnownStatus":"3.35","lastKnownDate":"231016","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"display ads","lastUpdate":"2023-10-16T20:46:19.4444572+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":823},{"violations":{"ACR-109":"The app drops Yandex components under hidden folder without user agreeing to install.\n","ACR-042":"Unrelated Yandex components get dropped in a hidden folder before user permission through explicit user's action. The user has no option to decline the recommended offer and initiates network communications without consent to completely download and silently install the additional programs after installing the main app.\n","ACR-048":"The app does not provide control to decline the recommended offer.\nThe close(X) performs minimizing the app to system tray without any notification, which limits the targeted consumer's ability to control the app. The app does not provide any control to disable the startup it created.\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software.\n","ACR-057":"The app needs to provide a clear way to accept and decline optional offers.\n","ACR-071":"The additional offer cannot be declined independently, thus forces the user to only accept the offer and proceed with the installation.\n","ACR-059":"The Offer is not clearly marked as an offer. It is unclear who is recommending the offer.\n","ACR-155":"Offers is designed to look like part of the install workflow.\n"},"nonDeceptorViolations":{"ACR-161":"The landing page displays unverifiable testimonials.\n"},"samples":[],"additionalFiles":[{"isRevoked":"False","fileName":"GetVideoSetup_v1.8.0.9.ru.exe","isInstaller":"True","isAdditional":"True","fileVersion":"0.0","hashMD5":"f3781b85e3003996ae13b12d92bcb357","hashSHA1":"62bc3ff4ff4012bc638d9d051a65d46e8d2cf5cc","hashSHA256":"c851454c19f621d54bdcedd1662d86873c2be5475419bbf98ee83fbd2f0be237","digitalCertThumbprint":"A86FAFC2245A773E5AAE108D1849203FB5669226","digitalCertIssuer":"CN=GlobalSign GCC R45 CodeSigning CA 2020, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"E=info@dinohost.ru, CN=OOO Online Center, O=OOO Online Center, L=Yaroslavl, S=Yaroslavskaya oblast, C=RU","sourceIndex":"862","avBlockList":[],"avAllowList":[]}],"sources":[{"howFound":"random hunt","reference":"","landingPage":"https://getvideo.su/","directDownloadingLink":"https://getvideo.su/files/GetVideoSetup_v1.8.0.9.ru.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://getvideo.su/files/GetVideoSetup_v1.8.0.9.ru.exe","sourceIndex":"862"},{"howFound":"","reference":"","landingPage":"https://cybersoft.ru/internet/zagruzka-i-fajloobmen/308-getvideo.html","directDownloadingLink":"https://cdn.getvideo.org/files/GetVideoSetup_v1.8.0.9.ru.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://cdn.getvideo.org/files/GetVideoSetup_v1.8.0.9.ru.exe","sourceIndex":"863"}],"sampleFiles":["231016/GetVideo-231016/1.8.0.9/Samples/GetVideoSetup_v1.8.0.9.ru.exe"],"imageFiles":["231016/GetVideo-231016/1.8.0.9/Images/ACR-109/AdditionalOffer.jpg","231016/GetVideo-231016/1.8.0.9/Images/ACR-042/AdditionalOffer.jpg","231016/GetVideo-231016/1.8.0.9/Images/ACR-042/ACR-042.jpg","231016/GetVideo-231016/1.8.0.9/Images/ACR-048/Yandex.jpg","231016/GetVideo-231016/1.8.0.9/Images/ACR-048/systray.jpg","231016/GetVideo-231016/1.8.0.9/Images/ACR-048/GetVideoStartup.jpg","231016/GetVideo-231016/1.8.0.9/Images/ACR-057/Yandex.jpg","231016/GetVideo-231016/1.8.0.9/Images/ACR-059/Yandex.jpg","231016/GetVideo-231016/1.8.0.9/Images/ACR-060/Yandex.jpg","231016/GetVideo-231016/1.8.0.9/Images/ACR-071/Yandex.jpg","231016/GetVideo-231016/1.8.0.9/Images/ACR-155/Yandex.jpg"],"nonDeceptorImageFiles":["231016/GetVideo-231016/1.8.0.9/Images/ACR-161/Testimonials.jpg"],"guid":"571434da-3f93-4ec9-9165-450f9a7ad592_1.8.0.9_1","appID":"GetVideo-231016","dateAdded":"231016","deceptorType":"App","name":"GetVideo","company":"GetVideo.su","version":"1.8.0.9","lastKnownStatus":"1.8.0.9","lastKnownDate":"231016","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"sold in bundle","lastUpdate":"2023-10-16T17:04:35.2894326+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":826},{"violations":{"ACR-109":"The app downloads \"rk_setup.exe\", a RelevantKnowledge file before disclosure and without the consumer's consent\n","ACR-010":"The app distributes deceptor application. The offer in this app, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software\n","ACR-118":"Upon uninstallation, it retains some executables and many of its other components along with a \"curl-ca-bundle.crt\" and other components on the device without user's knowledge.\n","ACR-057":"The app bundles the \"Relevant Knowledge\" offer which does not allow the consumer to decline the offer\n","ACR-071":"It attempts to force the acceptance of \"Relevant Knowledge\" by graying out the Next button when the user choose to Decline. Thus, forcing the user to only accept the offer and proceed with the installation\n","ACR-059":"Offer not clearly marked as an offer. Instead, it is presented as a component of the carrier.\n","ACR-155":"Offers are designed to look like part of the install workflow\n"},"nonDeceptorViolations":{"ACR-106":"App offers deceptive application 'Relevant Knowledge market survey\n","ACR-092":"The installer and main executables are not digitally signed\n","ACR-123":"The app does not remove dropped root certificates even after uninstalling\n"},"samples":[{"isRevoked":"False","fileName":"convertir-pdf-a-texto.exe","isInstaller":"True","companyName":"convertidor-de-pdf.com                                      ","productName":"Convertir PDF a Texto                                       ","productVersion":"                                                  ","fileVersion":"                    ","hashMD5":"e5916d4ca9dfa0ea93683079bf75f6da","hashSHA1":"d7595893a55cadd81dc0921468b066c13121b2f8","hashSHA256":"b3d8d9852ecbbf0830ed87b87e25671fc4b1f40fb281104bfb0c6d1b6b38e767","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"856","avBlockList":["360 Total Security (20240509)","Avast Premium Security (20240509)","AVG Internet Security (20240509)","Avira Internet Security (20240509)","Bitdefender Internet Security (20240509)","ESET Internet Security (20240509)","G DATA INTERNET SECURITY (20240509)","K7 Total Security (20240509)","Kaspersky Internet Security (20240509)","McAfee Total Protection (20240509)","Norton Security (20240509)","Panda Dome (20240509)","Quick Heal Internet Security (20240509)","Sophos Home Premium (20240509)","SpyHunter5 (20240509)","Total AV Antivirus Pro (20240509)","VIPRE Advanced Security (20240509)","VirIT eXplorer PRO (20240509)","Webroot SecureAnywhere (20240509)","Windows Defender (20240509)"],"avAllowList":["COMODO Antivirus (20240509)","Dr.Web Security Space (20240509)","Malwarebytes Premium (20240509)","Trend Micro Internet Security (20240509)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunted on RK installer","reference":"","landingPage":"http://www.convertidor-de-pdf.com/convertir-pdf-a-texto.html","directDownloadingLink":"http://www.convertidor-de-pdf.com/download/convertir-pdf-a-texto.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://www.convertidor-de-pdf.com/download/convertir-pdf-a-texto.exe","sourceIndex":"856"}],"sampleFiles":["231016/ConvertPDFtoText-231013/3.25/Samples/convertir-pdf-a-texto.exe"],"imageFiles":["231016/ConvertPDFtoText-231013/3.25/Images/ACR-109/ACR-109_Install_1.png","231016/ConvertPDFtoText-231013/3.25/Images/ACR-010/ACR-010_Install_1.png","231016/ConvertPDFtoText-231013/3.25/Images/ACR-013/ACR-013_Install_1.png","231016/ConvertPDFtoText-231013/3.25/Images/ACR-118/ACR-118_Uninstall_1.png","231016/ConvertPDFtoText-231013/3.25/Images/ACR-057/ACR-057_Bundler-made offers_1.png","231016/ConvertPDFtoText-231013/3.25/Images/ACR-059/ACR-059_Bundler-made offers_1.png","231016/ConvertPDFtoText-231013/3.25/Images/ACR-060/ACR-060_Bundler-made offers_1.png","231016/ConvertPDFtoText-231013/3.25/Images/ACR-071/ACR-071_Bundler-made offers_1.png","231016/ConvertPDFtoText-231013/3.25/Images/ACR-155/ACR-155_Bundler-made offers_1.png"],"nonDeceptorImageFiles":["231016/ConvertPDFtoText-231013/3.25/Images/ACR-106/ACR-106_Software_1.png","231016/ConvertPDFtoText-231013/3.25/Images/ACR-092/ACR-092_Software_1.png","231016/ConvertPDFtoText-231013/3.25/Images/ACR-123/ACR-123_Uninstall_1.png"],"guid":"5046c2f8-da44-49a4-b3fd-dd7d5d185378_3.25_1","appID":"ConvertPDFtoText-231013","dateAdded":"231016","deceptorType":"Bundler","name":"Convert PDF to Text","company":"convertidor-de-pdf.com","version":"3.25","lastKnownStatus":"3.25","lastKnownDate":"231016","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"display ads","lastUpdate":"2023-10-16T21:46:38.944781+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":828},{"violations":{"ACR-042":"App initiates network communications with 3rd party offer provider before obtaining user consent.\n","ACR-013":" During installation, the user is interrupted by non-consented offers to silently install unrelated software.\n","ACR-060":" The offer network does not disclose itself in its offers to silently install unrelated software.\n","ACR-039":"There is no clear indication about the relationship of the monetization components from the third-party monetizer. The \"dotSetup License\" links to 'https://rise-platforms.com/privacy/' -- misleads user that they are for Carrier app.\n"},"nonDeceptorViolations":{"ACR-044":"Download manager doesn't disclose its bundling function when user choose to install carrier app.\n"},"samples":[{"isRevoked":"False","fileName":"bleep-6628232774776961-AsystentPobierania_v1.491.46.887.0.exe","isInstaller":"True","fileVersion":"1.92","hashMD5":"7282a34f862a49bf666858b5d3aafe9f","hashSHA1":"1c162978af7cd603a3be87c4e396fac0430b009a","hashSHA256":"016a20e198d889b9b65fc938f4285ac0ad728a38a5afc9b6659cedc1b4a759ed","digitalCertThumbprint":"AF1204E3337BB448DA4706E6BB4B821FC4E32B0F","digitalCertIssuer":"CN=Domain The Net Technologies Ltd CA for Code Signing R2, O=Domain The Net Technologies Ltd, C=IL","digitalCertIssuedTo":"CN=Wirtualna Polska Media SA, O=Wirtualna Polska Media SA, L=Warszawa, S=Mazowieckie, C=PL","sourceIndex":"865","avBlockList":["360 Total Security (20240215)","Avira Internet Security (20240215)","COMODO Antivirus (20240215)","ESET Internet Security (20240215)","G DATA INTERNET SECURITY (20240215)","K7 Total Security (20240215)","Kaspersky Internet Security (20240215)","Malwarebytes Premium (20240215)","McAfee Total Protection (20240215)","Norton Security (20240215)","Panda Dome (20240215)","Quick Heal Internet Security (20240215)","Sophos Home Premium (20240215)","SpyHunter5 (20240215)","Total AV Antivirus Pro (20240215)","Trend Micro Internet Security (20240215)","VirIT eXplorer PRO (20240215)","Webroot SecureAnywhere (20240215)"],"avAllowList":["Avast Premium Security (20240215)","AVG Internet Security (20240215)","Bitdefender Internet Security (20240215)","Dr.Web Security Space (20240215)","VIPRE Advanced Security (20240215)","Windows Defender (20240215)"]}],"additionalFiles":[],"sources":[{"howFound":"dotsetup search","reference":"","landingPage":"https://www.dobreprogramy.pl/camfrog-video-chat,program,windows,6628680826644609/dziekujemy","directDownloadingLink":"https://dobfilesdownloadpl.com/bsTYvwS/9jhw/camfrog-video-chat-6628680826644609-AsystentPobierania.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://dobfilesdownloadpl.com/bsTYvwS/9jhw/camfrog-video-chat-6628680826644609-AsystentPobierania.exe","sourceIndex":"865"},{"howFound":"","reference":"","landingPage":"","directDownloadingLink":"https://dakvm1hb16unn.cloudfront.net/XfrqQCS/HU1o/bleep-6628232774776961-AsystentPobierania.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://dakvm1hb16unn.cloudfront.net/XfrqQCS/HU1o/bleep-6628232774776961-AsystentPobierania.exe","sourceIndex":"866"}],"sampleFiles":["231013/RiseDownloadManager-231012/1.92.2.8615/Samples/camfrog-video-chat-6628680826644609-AsystentPobierania_v1.442.99.945.5.exe"],"imageFiles":["231013/RiseDownloadManager-231012/1.92.2.8615/Images/ACR-039/DobreProgramy_MainApp.jpg","231013/RiseDownloadManager-231012/1.92.2.8615/Images/ACR-042/ACR-042.jpg","231013/RiseDownloadManager-231012/1.92.2.8615/Images/ACR-013/OptionalOffer-1.jpg","231013/RiseDownloadManager-231012/1.92.2.8615/Images/ACR-013/OptionalOffer-2.jpg","231013/RiseDownloadManager-231012/1.92.2.8615/Images/ACR-013/OptionalOffer-a.jpg","231013/RiseDownloadManager-231012/1.92.2.8615/Images/ACR-013/OptionalOffer-b.jpg","231013/RiseDownloadManager-231012/1.92.2.8615/Images/ACR-060/OptionalOffer-1.jpg","231013/RiseDownloadManager-231012/1.92.2.8615/Images/ACR-060/OptionalOffer-2.jpg","231013/RiseDownloadManager-231012/1.92.2.8615/Images/ACR-060/OptionalOffer-a.jpg","231013/RiseDownloadManager-231012/1.92.2.8615/Images/ACR-060/OptionalOffer-b.jpg"],"nonDeceptorImageFiles":["231013/RiseDownloadManager-231012/1.92.2.8615/Images/ACR-044/DobreProgramy_MainApp.jpg"],"guid":"951ad729-1618-4ddd-92d4-82d2fa8901a9_1.92.2.8615_1","appID":"RiseDownloadManager-231012","dateAdded":"231013","deceptorType":"Bundler","name":"DobreProgramyDownloadManager","company":"dobreprogramy.pl","version":"1.92.2.8615","lastKnownStatus":"1.92.2.8615","lastKnownDate":"231013","type":"Windows Executable","category":"Bundlers & Downloaders","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"sold in bundle","lastUpdate":"2023-10-13T18:04:47.9055712+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":831},{"violations":{"ACR-042":"App initiates network communications with 3rd party offer provider before obtaining user consent.\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software.\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software.\n","ACR-039":"There is no clear indication about the relationship of the monetization components from the third-party monetizer. The Privacy Policy link during installation leads to 'https://rise-platforms.com/privacy/' -- misleads user that they are for Carrier app.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"media.player.codec.pack.v4.5.9.setup.exe","isInstaller":"True","companyName":"Cole Williams Software Limited","fileVersion":"4.5","hashMD5":"336ff793dbae7f91d6fc3cc1323ada3c","hashSHA1":"4d5b4cfd6d752e893d0b4c442de68218cdca9d4e","hashSHA256":"dd96f5f3330db1bbe2496c88f139261bf76add604cf6536c611feb653f15ea4e","digitalCertThumbprint":"A767E72032D1BA81871BE92392A05125E06FFA45","digitalCertIssuer":"CN=Sectigo Public Code Signing CA R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=Cole Williams Software Limited, O=Cole Williams Software Limited, S=North East Lincolnshire, C=GB","sourceIndex":"864","avBlockList":["Avast Premium Security (20240215)","AVG Internet Security (20240215)","Avira Internet Security (20240215)","COMODO Antivirus (20240215)","Dr.Web Security Space (20240215)","ESET Internet Security (20240215)","K7 Total Security (20240215)","Kaspersky Internet Security (20240215)","Malwarebytes Premium (20240215)","Norton Security (20240215)","Panda Dome (20240215)","Sophos Home Premium (20240215)","SpyHunter5 (20240215)","Total AV Antivirus Pro (20240215)","VirIT eXplorer PRO (20240215)","Webroot SecureAnywhere (20240215)"],"avAllowList":["360 Total Security (20240215)","Bitdefender Internet Security (20240215)","G DATA INTERNET SECURITY (20240215)","McAfee Total Protection (20240215)","Quick Heal Internet Security (20240215)","Trend Micro Internet Security (20240215)","VIPRE Advanced Security (20240215)","Windows Defender (20240215)"]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"","landingPage":"https://www.mediaplayercodecpack.com/standard/","directDownloadingLink":"https://www.mediaplayercodecpack.com/files/media.player.codec.pack.v4.5.9.setup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.mediaplayercodecpack.com/files/media.player.codec.pack.v4.5.9.setup.exe","sourceIndex":"864"}],"sampleFiles":["231013/MediaPlayerCodePack-231012/4.5.9.0806/Samples/media.player.codec.pack.v4.5.9.setup.exe"],"imageFiles":["231013/MediaPlayerCodePack-231012/4.5.9.0806/Images/ACR-039/MPC_ACR-039.jpg","231013/MediaPlayerCodePack-231012/4.5.9.0806/Images/ACR-042/MPC_ACR-042.jpg","231013/MediaPlayerCodePack-231012/4.5.9.0806/Images/ACR-013/MPC_OptionalOffer.jpg","231013/MediaPlayerCodePack-231012/4.5.9.0806/Images/ACR-013/MPC_OptionalOffer-2.jpg","231013/MediaPlayerCodePack-231012/4.5.9.0806/Images/ACR-060/MPC_OptionalOffer.jpg","231013/MediaPlayerCodePack-231012/4.5.9.0806/Images/ACR-060/MPC_OptionalOffer-2.jpg"],"nonDeceptorImageFiles":[],"guid":"ae94d108-e474-46e7-bea5-61abe7aef98a_4.5.9.0806_1","appID":"MediaPlayerCodePack-231012","dateAdded":"231013","deceptorType":"App","name":"Media Player Codec Pack","company":"Cole Williams Software Limited","version":"4.5.9.0806","lastKnownStatus":"4.5.9.0806","lastKnownDate":"231013","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"","ageAppropriate":"12+ appropriate","monetization":"sold in bundle,none","lastUpdate":"2023-10-13T18:07:21.9405546+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":832},{"violations":{"ACR-109":"The app downloads \"rk_setup.exe\", a RelevantKnowledge file before disclosure and without the consumer's consent.\n","ACR-010":"The app distributes deceptor application. The offer in this app, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software\n","ACR-118":"Upon uninstallation, it retains some executables and many of its other components along with a \"curl-ca-bundle.crt\" and other components on the device without user's knowledge.\n","ACR-057":"The app bundles the \"Relevant Knowledge\" offer which does not allow the consumer to decline the offer\n","ACR-071":"It attempts to force the acceptance of \"Relevant Knowledge\" by graying out the Next button when the user choose to Decline. Thus, forcing the user to only accept the offer and proceed with the installation\n","ACR-059":"Offer not clearly marked as an offer. Instead, it is presented as a component of the carrier.\n","ACR-155":"Offers are designed to look like part of the install workflow\n"},"nonDeceptorViolations":{"ACR-106":"App offers deceptive application 'Relevant Knowledge market survey'.\n","ACR-092":"The installer and main executable is not digitally signed\n","ACR-123":"The app does not remove dropped root certificates even after uninstalling\n"},"samples":[{"isRevoked":"False","fileName":"convertidor-de-pdf.exe","isInstaller":"True","companyName":"convertidor-de-pdf.com                                      ","productName":"Convertidor de PDF                                          ","productVersion":"                                                  ","fileVersion":"                    ","hashMD5":"5634d31b191d22895148c0daa07015d0","hashSHA1":"f802b97f64b1c0aeea3215384d934f2b1725f144","hashSHA256":"202b875810886af31451005b288c095e51bef4324bc7765ad5549c99b9fba314","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"870","avBlockList":["360 Total Security (20240215)","Avast Premium Security (20240215)","AVG Internet Security (20240215)","Avira Internet Security (20240215)","Bitdefender Internet Security (20240215)","COMODO Antivirus (20240215)","Dr.Web Security Space (20240215)","ESET Internet Security (20240215)","G DATA INTERNET SECURITY (20240215)","K7 Total Security (20240215)","Kaspersky Internet Security (20240215)","Malwarebytes Premium (20240215)","McAfee Total Protection (20240215)","Norton Security (20240215)","Panda Dome (20240215)","Quick Heal Internet Security (20240215)","Sophos Home Premium (20240215)","SpyHunter5 (20240215)","Total AV Antivirus Pro (20240215)","Trend Micro Internet Security (20240215)","VIPRE Advanced Security (20240215)","VirIT eXplorer PRO (20240215)","Webroot SecureAnywhere (20240215)","Windows Defender (20240215)"],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunted on RK Installer","reference":"","landingPage":"http://www.convertidor-de-pdf.com/convertidor-de-pdf.html","directDownloadingLink":"http://www.convertidor-de-pdf.com/download/convertidor-de-pdf.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://www.convertidor-de-pdf.com/download/convertidor-de-pdf.exe","sourceIndex":"870"}],"sampleFiles":["231011/PDFConverter-231011/3.3/Samples/convertidor-de-pdf.exe"],"imageFiles":["231011/PDFConverter-231011/3.3/Images/ACR-109/ACR-109_Install_1.png","231011/PDFConverter-231011/3.3/Images/ACR-109/ACR-109_Install_2.png","231011/PDFConverter-231011/3.3/Images/ACR-010/ACR-010_Install_1.png","231011/PDFConverter-231011/3.3/Images/ACR-013/ACR-013_Install_1.png","231011/PDFConverter-231011/3.3/Images/ACR-118/ACR-118_Uninstall_1.png","231011/PDFConverter-231011/3.3/Images/ACR-057/ACR-057_Bundler-made offers_1.png","231011/PDFConverter-231011/3.3/Images/ACR-059/ACR-059_Bundler-made offers_1.png","231011/PDFConverter-231011/3.3/Images/ACR-060/ACR-060_Bundler-made offers_1.png","231011/PDFConverter-231011/3.3/Images/ACR-071/ACR-071_Bundler-made offers_1.png","231011/PDFConverter-231011/3.3/Images/ACR-155/ACR-155_Bundler-made offers_1.png"],"nonDeceptorImageFiles":["231011/PDFConverter-231011/3.3/Images/ACR-106/ACR-106_Software_1.png","231011/PDFConverter-231011/3.3/Images/ACR-092/ACR-092_Software_1.png","231011/PDFConverter-231011/3.3/Images/ACR-123/ACR-123_Uninstall_1.png"],"guid":"22c4e6a0-fa27-4195-a7f6-8501937bba6e_3.3_1","appID":"PDFConverter-231011","dateAdded":"231011","deceptorType":"App","name":"PDF Converter","company":"convertidor-de-pdf.com","version":"3.3","lastKnownStatus":"3.3","lastKnownDate":"231011","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"display ads,up-sell to paid","lastUpdate":"2023-10-11T22:50:43.5074499+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":833},{"violations":{"ACR-010":"The app bundler distributes the deceptor application. The offer in this bundler, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control.\n"},"nonDeceptorViolations":{},"samples":[],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"","landingPage":"https://falcoware.com/","ipv4":"","ipv6":"","sourceIndex":"868"}],"sampleFiles":[],"imageFiles":["231011/FalcoSoftware-231010/2.6.0.2/Images/ACR-010/ACR-010.JPG"],"nonDeceptorImageFiles":[],"guid":"ab8c25e7-c91c-4296-94bc-bc7f9e5a1887_2.6.0.2_1","appID":"FalcoSoftware-231010","dateAdded":"231011","deceptorType":"Download Site","name":"Falco Software","company":"Free Games Downloads, Inc.","version":"2.6.0.2","lastKnownStatus":"231011","lastKnownDate":"231011","type":"Affiliate","category":"Bundlers & Downloaders, Games","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"cross-sell other apps","lastUpdate":"2023-10-12T00:43:24.5089729+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":835},{"violations":{"ACR-109":"The app downloads \"rk_setup.exe\", a RelevantKnowledge file before disclosure and without the consumer's consent\n","ACR-048":"Can you explain (email) to me why this failure applies to ACR-048? I mark it pass for now.\n","ACR-010":"The app distributes deceptor application. The offer in this app, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated\n","ACR-118":"Upon uninstallation, it retains some executables and many of its other components along with a \"curl-ca-bundle.crt\" and other components on the device without user's knowledge.\n","ACR-057":"The app bundles the \"Relevant Knowledge\" offer which does not allow the consumer to decline the offer\n","ACR-071":"It attempts to force the acceptance of \"Relevant Knowledge\" by graying out the Next button when the user choose to Decline. Thus, forcing the user to only accept the offer and proceed with the installation\n","ACR-059":"Offer not clearly marked as an offer. Instead, it is presented as a component of the carrier\n","ACR-155":"Offers are designed to look like part of the install workflow\n"},"nonDeceptorViolations":{"ACR-106":"App offers deceptive application 'Relevant Knowledge market survey\n","ACR-092":"The installer and main executable is not digitally signed\n","ACR-123":"The app does not remove dropped root certificates even after uninstalling\n"},"samples":[{"isRevoked":"False","fileName":"convertir-pdf-a-jpg.exe","isInstaller":"True","companyName":"convertidor-de-pdf.com                                      ","productName":"Convertir PDF a JPG                                         ","productVersion":"                                                  ","fileVersion":"                    ","hashMD5":"280524ea7b4f8841ad1f555db31fa885","hashSHA1":"753c48837a6b7247b7dafce82c979ba53098c449","hashSHA256":"7eca97ed7b2d4e475be9dca8c2b260e7d230e014a5c4f2ad3eceaa3b783a07fd","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"871","avBlockList":["360 Total Security (20240220)","Avast Premium Security (20240220)","AVG Internet Security (20240220)","Avira Internet Security (20240220)","Bitdefender Internet Security (20240220)","COMODO Antivirus (20240220)","Dr.Web Security Space (20240220)","ESET Internet Security (20240220)","G DATA INTERNET SECURITY (20240220)","K7 Total Security (20240220)","Kaspersky Internet Security (20240220)","Malwarebytes Premium (20240220)","McAfee Total Protection (20240220)","Norton Security (20240220)","Panda Dome (20240220)","Quick Heal Internet Security (20240220)","Sophos Home Premium (20240220)","SpyHunter5 (20240220)","Total AV Antivirus Pro (20240220)","Trend Micro Internet Security (20240220)","VIPRE Advanced Security (20240220)","VirIT eXplorer PRO (20240220)","Webroot SecureAnywhere (20240220)","Windows Defender (20240220)"],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunted on Rk Installer","reference":"","landingPage":"http://www.convertidor-de-pdf.com/convertir-pdf-a-jpg.html","directDownloadingLink":"http://www.convertidor-de-pdf.com/download/convertir-pdf-a-jpg.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://www.convertidor-de-pdf.com/download/convertir-pdf-a-jpg.exe","sourceIndex":"871"}],"sampleFiles":["231011/ConvertPDFtoJPG-231011/3.35/Samples/convertir-pdf-a-jpg.exe"],"imageFiles":["231011/ConvertPDFtoJPG-231011/3.35/Images/ACR-010/ACR-010_Install_1.png","231011/ConvertPDFtoJPG-231011/3.35/Images/ACR-013/ACR-013_Install_1.png","231011/ConvertPDFtoJPG-231011/3.35/Images/ACR-071/ACR-071_Bundler-made offers_1.png","231011/ConvertPDFtoJPG-231011/3.35/Images/ACR-109/ACR-109.PNG","231011/ConvertPDFtoJPG-231011/3.35/Images/ACR-048/ACR-048.PNG","231011/ConvertPDFtoJPG-231011/3.35/Images/ACR-118/ACR-118_Uninstall_1.png","231011/ConvertPDFtoJPG-231011/3.35/Images/ACR-057/ACR-057_Bundler-made offers_1.png","231011/ConvertPDFtoJPG-231011/3.35/Images/ACR-059/ACR-059_Bundler-made offers_1.png","231011/ConvertPDFtoJPG-231011/3.35/Images/ACR-060/ACR-060_Bundler-made offers_1.png","231011/ConvertPDFtoJPG-231011/3.35/Images/ACR-155/ACR-155_Bundler-made offers_1.png"],"nonDeceptorImageFiles":["231011/ConvertPDFtoJPG-231011/3.35/Images/ACR-106/ACR-106_Software_1.png","231011/ConvertPDFtoJPG-231011/3.35/Images/ACR-092/ACR-092_Software_1.png","231011/ConvertPDFtoJPG-231011/3.35/Images/ACR-123/ACR-123_Uninstall_1.png"],"guid":"56ececef-49a6-43a5-b5c4-aeab9f983b94_3.35_1","appID":"ConvertPDFtoJPG-231011","dateAdded":"231011","deceptorType":"App","name":"Convert PDF to JPG","company":"convertidor-de-pdf.com","version":"3.35","lastKnownStatus":"3.35","lastKnownDate":"231011","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"display ads","lastUpdate":"2023-10-11T22:48:27.1609427+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":836},{"violations":{"ACR-109":"The app downloads \"rk_setup.exe\", a RelevantKnowledge file without the consumer's consent.\n","ACR-048":"The \"Decline\" button does not have any control but still drops a RelevantKnowledge file “rk_setup.exe”.\n","ACR-010":"The app bundler distributes deceptor application. The offer in this bundler, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control.\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains the main executable and \"curl-ca-bundle.crt\" file on the device without the consumer's consent or notifying the user.\n","ACR-057":"The app bundles the \"Relevant Knowledge\" offer which does not allow the consumer to decline the offer.\n","ACR-071":"The \"Relevant Knowledge\" offer cannot be declined independently as the installation is unable to proceed when attempting to decline the offer. Thus it forces the user to, only accept the offer and proceed with the installation.\n","ACR-059":"The Offer is not clearly marked as an offer. It is unclear who is recommending the offer.\n","ACR-039":"There are no clear indications of the relationship to the installer application. RelevantKnowledge is presented as part of the installer application. Despite declining the RelevantKnowledge app, it downloads the RelevantKnowledge file “rk_setup.exe” regardless.\n","ACR-155":"Offers is designed to look like part of the install workflow.\n"},"nonDeceptorViolations":{"ACR-106":"App offers deceptive application 'Relevant Knowledge market survey'.\n","ACR-092":"The app does not have a digital signature for any executable.\n","ACR-123":"The app does not remove dropped root certificates even after uninstalling.\n"},"samples":[{"isRevoked":"False","fileName":"AudioEditorforFree.exe","isInstaller":"True","companyName":"ARE Inc.                                                   ","productName":"Audio Editor Free                                           ","productVersion":"                                                  ","fileVersion":"                    ","hashMD5":"4d275b5e0623cdeadd6b9aa4dd1513ce","hashSHA1":"1ccf8b78663e48c6f419d7b14024d51948abb03c","hashSHA256":"040405f99ef408fb3b5359aea7d7eef6eb5908962cf1ec1c9f87a33b2d2ae041","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"869","avBlockList":["360 Total Security (20240220)","Avast Premium Security (20240220)","AVG Internet Security (20240220)","Avira Internet Security (20240220)","Bitdefender Internet Security (20240220)","Dr.Web Security Space (20240220)","ESET Internet Security (20240220)","G DATA INTERNET SECURITY (20240220)","K7 Total Security (20240220)","Kaspersky Internet Security (20240220)","Malwarebytes Premium (20240220)","McAfee Total Protection (20240220)","Norton Security (20240220)","Panda Dome (20240220)","Quick Heal Internet Security (20240220)","Sophos Home Premium (20240220)","SpyHunter5 (20240220)","Total AV Antivirus Pro (20240220)","Trend Micro Internet Security (20240220)","VIPRE Advanced Security (20240220)","VirIT eXplorer PRO (20240220)","Webroot SecureAnywhere (20240220)","Windows Defender (20240220)"],"avAllowList":["COMODO Antivirus (20240220)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt on Relevant Knowledge apps","reference":"","landingPage":"http://www.freeaudioeditor.net/","directDownloadingLink":"http://www.freeaudioeditor.net/AudioEditorforFree.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://www.freeaudioeditor.net/AudioEditorforFree.exe","sourceIndex":"869"}],"sampleFiles":[],"imageFiles":["231011/AudioEditorForFree-231010/8.8.3.0/Images/ACR-109/ACR-109_Install_1.jpeg","231011/AudioEditorForFree-231010/8.8.3.0/Images/ACR-039/ACR-039_Install_1.jpeg","231011/AudioEditorForFree-231010/8.8.3.0/Images/ACR-048/ACR-048_Install_1.jpeg","231011/AudioEditorForFree-231010/8.8.3.0/Images/ACR-010/ACR-010_Install_1.jpeg","231011/AudioEditorForFree-231010/8.8.3.0/Images/ACR-013/ACR-013_Install_1.jpeg","231011/AudioEditorForFree-231010/8.8.3.0/Images/ACR-118/ACR-118_Uninstall_1.jpeg","231011/AudioEditorForFree-231010/8.8.3.0/Images/ACR-057/ACR-057_Bundler-made offers_1.jpeg","231011/AudioEditorForFree-231010/8.8.3.0/Images/ACR-059/ACR-059_Bundler-made offers_1.jpeg","231011/AudioEditorForFree-231010/8.8.3.0/Images/ACR-060/ACR-060_Bundler-made offers_1.jpeg","231011/AudioEditorForFree-231010/8.8.3.0/Images/ACR-071/ACR-071_Bundler-made offers_1.jpeg","231011/AudioEditorForFree-231010/8.8.3.0/Images/ACR-155/ACR-155_Bundler-made offers_1.jpeg"],"nonDeceptorImageFiles":["231011/AudioEditorForFree-231010/8.8.3.0/Images/ACR-106/ACR-106_Software_1.jpeg","231011/AudioEditorForFree-231010/8.8.3.0/Images/ACR-092/ACR-092_Software_1.jpeg","231011/AudioEditorForFree-231010/8.8.3.0/Images/ACR-123/ACR-123_Uninstall_1.jpeg"],"guid":"d817a5f1-bdc9-4195-b362-59c94bc92e13_8.8.3.0_1","appID":"AudioEditorForFree-231010","dateAdded":"231011","deceptorType":"App","name":"Audio Editor Free","company":"FreeAudioEditor","version":"8.8.3.0","lastKnownStatus":"8.8.3.0","lastKnownDate":"231011","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"cross-sell other apps","lastUpdate":"2023-10-12T00:41:05.3763895+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":837},{"violations":{"ACR-042":"App drops unrelated components in hidden folder before user permission through explicit user's action.\n","ACR-043":"The app installs shortcuts without disclosing them to the user or getting user consent.\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software.\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software.\n","ACR-057":"The app needs to provide a clear way to accept and decline optional offers. \n","ACR-055":"Accept and decline for the optional offers must be obvious. Unchecking a preselected checkbox on the other offer is also not a straightforward option for decline.\n","ACR-059":"An offer that is not related to the main app should be clearly marked as \"Optional Offer\".\n","ACR-155":"Offers are designed to look like part of the install workflow.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"chrom Soft instal.exe","isInstaller":"True","companyName":"Google Chrome                                               ","fileVersion":"20.37","hashMD5":"689280057353df21c7f135f3462e7b54","hashSHA1":"99f5b1ba541d115d2e5ac0315d4600e3de994d13","hashSHA256":"245495d2937a94a7fbc8cad4fd0c9ac30168cf6df3b96ebff0d2b2a6c82fdf35","digitalCertThumbprint":"92FEF4FCEBA448E79DD2495297DE49FA09F56532","digitalCertIssuer":"CN=SSL.com Code Signing Intermediate CA RSA R1, O=SSL Corp, L=Houston, S=Texas, C=US","digitalCertIssuedTo":"CN=SDS Property Solutions Limited, O=SDS Property Solutions Limited, L=Thornaby, C=GB","sourceIndex":"867","avBlockList":["360 Total Security (20240220)","Avast Premium Security (20240220)","AVG Internet Security (20240220)","Avira Internet Security (20240220)","Dr.Web Security Space (20240220)","ESET Internet Security (20240220)","G DATA INTERNET SECURITY (20240220)","K7 Total Security (20240220)","Kaspersky Internet Security (20240220)","Malwarebytes Premium (20240220)","McAfee Total Protection (20240220)","Norton Security (20240220)","Panda Dome (20240220)","Quick Heal Internet Security (20240220)","Sophos Home Premium (20240220)","SpyHunter5 (20240220)","Total AV Antivirus Pro (20240220)","VirIT eXplorer PRO (20240220)","Webroot SecureAnywhere (20240220)","Windows Defender (20240220)"],"avAllowList":["Bitdefender Internet Security (20240220)","COMODO Antivirus (20240220)","Trend Micro Internet Security (20240220)","VIPRE Advanced Security (20240220)"]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"","landingPage":"https://chrome.freesoftshop.com/","directDownloadingLink":"https://chrome.freesoftshop.com/load/chrom%20Soft%20instal.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://chrome.freesoftshop.com/load/chrom%20Soft%20instal.exe","sourceIndex":"867"}],"sampleFiles":["231011/FreeSoftShopBundler-231009/20.37.5.0/Samples/chrom Soft instal.exe"],"imageFiles":["231011/FreeSoftShopBundler-231009/20.37.5.0/Images/ACR-043/ShortcutstoGamedownload.jpg","231011/FreeSoftShopBundler-231009/20.37.5.0/Images/ACR-055/YandexOffer.jpg","231011/FreeSoftShopBundler-231009/20.37.5.0/Images/ACR-055/360TSOffer.jpg","231011/FreeSoftShopBundler-231009/20.37.5.0/Images/ACR-042/ACR-042.jpg","231011/FreeSoftShopBundler-231009/20.37.5.0/Images/ACR-013/YandexOffer.jpg","231011/FreeSoftShopBundler-231009/20.37.5.0/Images/ACR-013/360TSOffer.jpg","231011/FreeSoftShopBundler-231009/20.37.5.0/Images/ACR-057/360TSOffer.jpg","231011/FreeSoftShopBundler-231009/20.37.5.0/Images/ACR-057/YandexOffer.jpg","231011/FreeSoftShopBundler-231009/20.37.5.0/Images/ACR-059/YandexOffer.jpg","231011/FreeSoftShopBundler-231009/20.37.5.0/Images/ACR-059/360TSOffer.jpg","231011/FreeSoftShopBundler-231009/20.37.5.0/Images/ACR-060/YandexOffer.jpg","231011/FreeSoftShopBundler-231009/20.37.5.0/Images/ACR-060/360TSOffer.jpg","231011/FreeSoftShopBundler-231009/20.37.5.0/Images/ACR-155/YandexOffer.jpg","231011/FreeSoftShopBundler-231009/20.37.5.0/Images/ACR-155/360TSOffer.jpg"],"nonDeceptorImageFiles":[],"guid":"31fcd538-8cde-4b8c-a076-41cad93584bf_20.37.5.0_1","appID":"FreeSoftShopBundler-231009","dateAdded":"231011","deceptorType":"Bundler","name":"Chrome.Freesoftshop","company":"freesoftshop.com","version":"20.37.5.0","lastKnownStatus":"20.37.5.0","lastKnownDate":"231011","type":"Windows Executable","category":"SysTools & Utilities, Bundlers & Downloaders","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"sold in bundle","lastUpdate":"2023-10-12T00:45:44.0837578+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":834},{"violations":{"ACR-042":" App drops unrelated components in hidden folder before user permission through explicit user's action. \n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software.\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software.\n","ACR-118":"After uninstalling the app, it retains executables initially dropped on the device without the consumer's consent.\n","ACR-057":"The app needs to provide a clear way to accept and decline optional offers. \n","ACR-055":"Accept and decline for the optional offers must be obvious. \n","ACR-059":"An offer that is not related to the main app should be clearly marked as \"Optional Offer\".\n","ACR-155":"Offers are designed to look like part of the install workflow. \n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"Launcher.exe","isInstaller":"True","companyName":"IL","fileVersion":"1.0","hashMD5":"da707d7b47847f4f91a65a6b69c08b57","hashSHA1":"39b7371ce6544e856d5ae67be16f78fbce7d9383","hashSHA256":"45aa2db16025fb89b74d1fdfeb265bab88681b6bde74d0df1494413dc426b692","digitalCertThumbprint":"9794687C642743D5E7999640362C335B8DDD9154","digitalCertIssuer":"CN=GlobalSign GCC R45 EV CodeSigning CA 2020, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"E=rudnev22816@gmail.com, CN=LIMITED LIABILITY COMPANY IL CYBER, O=LIMITED LIABILITY COMPANY IL CYBER, L=Kursk, S=Kurskaya oblast, C=RU, OID.1.3.6.1.4.1.311.60.2.1.2=Kurskaya oblast, OID.1.3.6.1.4.1.311.60.2.1.3=RU, SERIALNUMBER=1224600007477, OID.2.5.4.15=Private Organization","sourceIndex":"260","avBlockList":["360 Total Security (20240220)","Avast Premium Security (20240220)","AVG Internet Security (20240220)","Avira Internet Security (20240220)","Dr.Web Security Space (20240220)","ESET Internet Security (20240220)","G DATA INTERNET SECURITY (20240220)","K7 Total Security (20240220)","Kaspersky Internet Security (20240220)","McAfee Total Protection (20240220)","Norton Security (20240220)","Panda Dome (20240220)","Quick Heal Internet Security (20240220)","Sophos Home Premium (20240220)","SpyHunter5 (20240220)","Total AV Antivirus Pro (20240220)","VirIT eXplorer PRO (20240220)","Webroot SecureAnywhere (20240220)","Windows Defender (20240220)"],"avAllowList":["Bitdefender Internet Security (20240220)","COMODO Antivirus (20240220)","Malwarebytes Premium (20240220)","Trend Micro Internet Security (20240220)","VIPRE Advanced Security (20240220)"]},{"isRevoked":"False","fileName":"Skype Installer Soft.exe","isInstaller":"True","companyName":"Microsoft Inc.                                              ","fileVersion":"0.0","hashMD5":"ed457f8e7ae90f806d82c246302a2c44","hashSHA1":"a8f5a6821a9efe441c43c4577a58470ec33fd8e4","hashSHA256":"f1a801f14a96459a75adca044701cf12d6a3ba0deb7930f383b977a7cb86b0ee","digitalCertThumbprint":"9794687C642743D5E7999640362C335B8DDD9154","digitalCertIssuer":"CN=GlobalSign GCC R45 EV CodeSigning CA 2020, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"E=rudnev22816@gmail.com, CN=LIMITED LIABILITY COMPANY IL CYBER, O=LIMITED LIABILITY COMPANY IL CYBER, L=Kursk, S=Kurskaya oblast, C=RU, OID.1.3.6.1.4.1.311.60.2.1.2=Kurskaya oblast, OID.1.3.6.1.4.1.311.60.2.1.3=RU, SERIALNUMBER=1224600007477, OID.2.5.4.15=Private Organization","sourceIndex":"260","avBlockList":["360 Total Security (20240220)","Avast Premium Security (20240220)","AVG Internet Security (20240220)","Avira Internet Security (20240220)","Bitdefender Internet Security (20240220)","COMODO Antivirus (20240220)","Dr.Web Security Space (20240220)","ESET Internet Security (20240220)","G DATA INTERNET SECURITY (20240220)","K7 Total Security (20240220)","Kaspersky Internet Security (20240220)","Malwarebytes Premium (20240220)","McAfee Total Protection (20240220)","Norton Security (20240220)","Panda Dome (20240220)","Quick Heal Internet Security (20240220)","Sophos Home Premium (20240220)","SpyHunter5 (20240220)","Total AV Antivirus Pro (20240220)","Trend Micro Internet Security (20240220)","VIPRE Advanced Security (20240220)","VirIT eXplorer PRO (20240220)","Webroot SecureAnywhere (20240220)","Windows Defender (20240220)"],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"","landingPage":"https://skype.all-softpad.ru","directDownloadingLink":"https://skype.all-softpad.ru/download?dl_twice=true&ads=null","ipv4":"","ipv6":"","landingPageWildChar":"","directDownloadingLinkWildChar":"https://skype.all-softpad.ru/download?dl_twice=true&ads=null","sourceIndex":"260"}],"sampleFiles":["231010/All-SoftpadBundler-231010/1.0.3/Samples/Launcher.exe","231010/All-SoftpadBundler-231010/1.0.3/Samples/Skype Installer Soft.exe"],"imageFiles":["231010/All-SoftpadBundler-231010/1.0.3/Images/ACR-055/YandexOffer.jpg","231010/All-SoftpadBundler-231010/1.0.3/Images/ACR-055/OperaOffer.jpg","231010/All-SoftpadBundler-231010/1.0.3/Images/ACR-055/GamingShortcuts.jpg","231010/All-SoftpadBundler-231010/1.0.3/Images/ACR-042/ACR-042.jpg","231010/All-SoftpadBundler-231010/1.0.3/Images/ACR-013/YandexOffer.jpg","231010/All-SoftpadBundler-231010/1.0.3/Images/ACR-013/OperaOffer.jpg","231010/All-SoftpadBundler-231010/1.0.3/Images/ACR-013/GamingShortcuts.jpg","231010/All-SoftpadBundler-231010/1.0.3/Images/ACR-118/ACR-118.jpg","231010/All-SoftpadBundler-231010/1.0.3/Images/ACR-057/YandexOffer.jpg","231010/All-SoftpadBundler-231010/1.0.3/Images/ACR-057/OperaOffer.jpg","231010/All-SoftpadBundler-231010/1.0.3/Images/ACR-057/GamingShortcuts.jpg","231010/All-SoftpadBundler-231010/1.0.3/Images/ACR-059/YandexOffer.jpg","231010/All-SoftpadBundler-231010/1.0.3/Images/ACR-059/OperaOffer.jpg","231010/All-SoftpadBundler-231010/1.0.3/Images/ACR-059/GamingShortcuts.jpg","231010/All-SoftpadBundler-231010/1.0.3/Images/ACR-060/YandexOffer.jpg","231010/All-SoftpadBundler-231010/1.0.3/Images/ACR-060/OperaOffer.jpg","231010/All-SoftpadBundler-231010/1.0.3/Images/ACR-060/GamingShortcuts.jpg","231010/All-SoftpadBundler-231010/1.0.3/Images/ACR-155/YandexOffer.jpg","231010/All-SoftpadBundler-231010/1.0.3/Images/ACR-155/OperaOffer.jpg","231010/All-SoftpadBundler-231010/1.0.3/Images/ACR-155/GamingShortcuts.jpg"],"nonDeceptorImageFiles":[],"guid":"ad0728de-e441-48d0-b718-e2626e66db17_1.0.3_1","appID":"All-SoftpadBundler-231010","dateAdded":"231010","deceptorType":"App","name":"skype.all-softpad","company":"skype.all-softpad.ru","version":"1.0.3","lastKnownStatus":"1.0.3","lastKnownDate":"241231","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","monetization":"sold in bundle","lastUpdate":"2024-12-31T23:25:49.2275038+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":839},{"violations":{"ACR-042":"App drops unrelated components in hidden folder before user permission through explicit user's action. \n","ACR-043":" The app installs shortcuts without disclosing them to the user or getting user consent. \n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software.\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software. \n","ACR-057":" The app needs to provide a clear way to accept and decline optional offers. \n","ACR-055":"Accept and decline for the optional offers must be obvious. Unchecking a preselected checkbox on the other offer is also not a straightforward option for decline.\n","ACR-059":"An offer that is not related to the main app should be clearly marked as \"Optional Offer\".\n","ACR-155":"Offers are designed to look like part of the install workflow. \n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"Soft whatsapp app.exe","isInstaller":"True","companyName":"Whatsapp                                                    ","fileVersion":"16.12","hashMD5":"f4b514f9d6b74c75524f00fee764da02","hashSHA1":"90efb3e1f8ff3557df65355aa2b9f0ccb938dc64","hashSHA256":"3570ed4f3e8cfdedf63d3fb977b8f19abfbd075b5a2094f486875535943d5bd6","digitalCertThumbprint":"06E3FE86E3984806973D6CC74073374E86CD5DC5","digitalCertIssuer":"CN=SSL.com Code Signing Intermediate CA RSA R1, O=SSL Corp, L=Houston, S=Texas, C=US","digitalCertIssuedTo":"CN=RADOVAS UK LIMITED, O=RADOVAS UK LIMITED, L=Yeovil, C=GB","sourceIndex":"872","avBlockList":["360 Total Security (20240220)","Avast Premium Security (20240220)","AVG Internet Security (20240220)","Avira Internet Security (20240220)","Dr.Web Security Space (20240220)","ESET Internet Security (20240220)","K7 Total Security (20240220)","Kaspersky Internet Security (20240220)","Malwarebytes Premium (20240220)","McAfee Total Protection (20240220)","Norton Security (20240220)","Panda Dome (20240220)","Quick Heal Internet Security (20240220)","Sophos Home Premium (20240220)","SpyHunter5 (20240220)","Total AV Antivirus Pro (20240220)","Trend Micro Internet Security (20240220)","VirIT eXplorer PRO (20240220)","Webroot SecureAnywhere (20240220)"],"avAllowList":["Bitdefender Internet Security (20240220)","COMODO Antivirus (20240220)","G DATA INTERNET SECURITY (20240220)","VIPRE Advanced Security (20240220)","Windows Defender (20240220)"]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"","landingPage":"https://whatsapp.start-setup.com/","directDownloadingLink":"https://whatsapp.start-setup.com/down/Soft%20whatsapp%20app.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://whatsapp.start-setup.com/down/Soft%20whatsapp%20app.exe","sourceIndex":"872"}],"sampleFiles":["231010/Start-SetupBundler-231010/2.9.25/Samples/Soft whatsapp app.exe"],"imageFiles":["231010/Start-SetupBundler-231010/2.9.25/Images/ACR-043/GameShortcuts.jpg","231010/Start-SetupBundler-231010/2.9.25/Images/ACR-055/Yandex.jpg","231010/Start-SetupBundler-231010/2.9.25/Images/ACR-055/360TS.jpg","231010/Start-SetupBundler-231010/2.9.25/Images/ACR-042/ACR-042.jpg","231010/Start-SetupBundler-231010/2.9.25/Images/ACR-013/Yandex.jpg","231010/Start-SetupBundler-231010/2.9.25/Images/ACR-013/360TS.jpg","231010/Start-SetupBundler-231010/2.9.25/Images/ACR-057/Yandex.jpg","231010/Start-SetupBundler-231010/2.9.25/Images/ACR-057/360TS.jpg","231010/Start-SetupBundler-231010/2.9.25/Images/ACR-059/Yandex.jpg","231010/Start-SetupBundler-231010/2.9.25/Images/ACR-059/360TS.jpg","231010/Start-SetupBundler-231010/2.9.25/Images/ACR-060/Yandex.jpg","231010/Start-SetupBundler-231010/2.9.25/Images/ACR-060/360TS.jpg","231010/Start-SetupBundler-231010/2.9.25/Images/ACR-155/Yandex.jpg","231010/Start-SetupBundler-231010/2.9.25/Images/ACR-155/360TS.jpg"],"nonDeceptorImageFiles":[],"guid":"9dea617b-b8a3-47dc-8a34-15bbab938b0b_2.9.25_1","appID":"Start-SetupBundler-231010","dateAdded":"231010","deceptorType":"App","name":"Whatsapp.start-setup","company":"start-setup.com","version":"2.9.25","lastKnownStatus":"2.9.25","lastKnownDate":"231010","type":"Windows Executable","category":"SysTools & Utilities","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"sold in bundle","lastUpdate":"2023-10-10T22:24:37.2528558+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":838},{"violations":{"ACR-109":"The app downloads \"rk_setup.exe\", a RelevantKnowledge file without the consumer's consent.\n","ACR-048":"The \"Decline\" button does not have any control but still drops a RelevantKnowledge file “rk_setup.exe”.\n","ACR-010":"The app bundler distributes deceptor application. The offer in this bundler, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control.\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains the main executable and \"curl-ca-bundle.crt\" file on the device without the consumer's consent or notifying the user.\n","ACR-057":"The app bundles the \"Relevant Knowledge\" offer which does not allow the consumer to decline the offer.\n","ACR-071":"The \"Relevant Knowledge\" offer cannot be declined independently as the installation is unable to proceed when attempting to decline the offer. Thus it forces the user to, only accept the offer and proceed with the installation.\n","ACR-059":"The Offer is not clearly marked as an offer. It is unclear who is recommending the offer.\n","ACR-155":"Offers is designed to look like part of the install workflow.\n"},"nonDeceptorViolations":{"ACR-106":"App offers deceptive application 'Relevant Knowledge market survey'.\n","ACR-092":"The app does not have a digital signature for any executable.\n"},"samples":[{"isRevoked":"False","fileName":"FreeResourceExtractorSetup.exe","isInstaller":"True","companyName":"FreeResourceExtractor Co., Ltd.                             ","fileVersion":"0.0","hashMD5":"b5161e32c365e7d2584da8670d8890b0","hashSHA1":"716a8cfb2bddbdc82368762975a0641f0df95377","hashSHA256":"fa030d37292f912f0750a5fe39b94262a6709330d75ab51ee058b928fb306f40","digitalCertThumbprint":"E323A663BC722856F054FADEE2B07EA215692ED4","digitalCertIssuer":"CN=Sectigo Public Code Signing CA EV R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=\"Beijing QingSoft Creative Information Technology Co., Ltd.\", O=\"Beijing QingSoft Creative Information Technology Co., Ltd.\", L=Beijing, C=CN, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=CN, SERIALNUMBER=911101056717485703","sourceIndex":"873","avBlockList":["360 Total Security (20231017)","Avast Premium Security (20231017)","AVG Internet Security (20231017)","Avira Internet Security (20231017)","Bitdefender Internet Security (20231017)","Dr.Web Security Space (20231017)","ESET Internet Security (20231017)","G DATA INTERNET SECURITY (20231017)","K7 Total Security (20231017)","Kaspersky Internet Security (20231017)","Malwarebytes Premium (20231017)","McAfee Total Protection (20231017)","Norton Security (20231017)","Panda Dome (20231017)","Quick Heal Internet Security (20231017)","Sophos Home Premium (20231017)","SpyHunter5 (20231017)","Total AV Antivirus Pro (20231017)","Trend Micro Internet Security (20231017)","VIPRE Advanced Security (20231017)","VirIT eXplorer PRO (20231017)","Webroot SecureAnywhere (20231017)","Windows Defender (20231017)"],"avAllowList":["COMODO Antivirus (20231017)"]},{"isRevoked":"False","fileName":"FreeResourceExtractor.exe","fileVersion":"0.0","hashMD5":"7b8f8e5a855ae3567c61732b4402f5cd","hashSHA1":"57771946f0fce4db221177ea274ddd39eff153c2","hashSHA256":"2b579b5363856f1df7ebb5bb765b54fb71223b22703f63c5070a7a64c02731f3","sourceIndex":"873","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt on Relevant Knowledge apps","reference":"","landingPage":"https://www.freeresourceextractor.com/","directDownloadingLink":"http://www.freeresourceextractor.com/FreeResourceExtractor.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://www.freeresourceextractor.com/FreeResourceExtractor.exe","sourceIndex":"873"}],"sampleFiles":["231009/FreeResourceExtractor-231009/8.8.2.4/Samples/FreeResourceExtractorSetup.exe"],"imageFiles":["231009/FreeResourceExtractor-231009/8.8.2.4/Images/ACR-109/ACR-109_Install_1.jpeg","231009/FreeResourceExtractor-231009/8.8.2.4/Images/ACR-048/ACR-048_Install_1.jpeg","231009/FreeResourceExtractor-231009/8.8.2.4/Images/ACR-010/ACR-010_Install_1.jpeg","231009/FreeResourceExtractor-231009/8.8.2.4/Images/ACR-013/ACR-013_Install_1.jpeg","231009/FreeResourceExtractor-231009/8.8.2.4/Images/ACR-118/ACR-118_Uninstall_1.jpeg","231009/FreeResourceExtractor-231009/8.8.2.4/Images/ACR-057/ACR-057_Bundler-made offers_1.jpeg","231009/FreeResourceExtractor-231009/8.8.2.4/Images/ACR-059/ACR-059_Bundler-made offers_1.jpeg","231009/FreeResourceExtractor-231009/8.8.2.4/Images/ACR-060/ACR-060_Bundler-made offers_1.jpeg","231009/FreeResourceExtractor-231009/8.8.2.4/Images/ACR-071/ACR-071_Bundler-made offers_1.jpeg","231009/FreeResourceExtractor-231009/8.8.2.4/Images/ACR-155/ACR-155_Bundler-made offers_1.jpeg"],"nonDeceptorImageFiles":["231009/FreeResourceExtractor-231009/8.8.2.4/Images/ACR-106/ACR-106_Software_1.jpeg","231009/FreeResourceExtractor-231009/8.8.2.4/Images/ACR-092/ACR-092_Software_1.png"],"guid":"bdf4b9d3-4541-4328-9e93-58762f3443c5_8.8.2.4_1","appID":"FreeResourceExtractor-231009","dateAdded":"231009","deceptorType":"App","name":"Free Resource Extractor","company":"FreeEXEDLLResourceExtractor, Inc.","version":"8.8.2.4","lastKnownStatus":"8.8.2.4","lastKnownDate":"231009","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"cross-sell other apps","lastUpdate":"2023-10-09T20:48:05.0903134+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":841},{"violations":{"ACR-109":"The app downloads \"rk_setup.exe\", a RelevantKnowledge file before disclosure and without the consumer's consent.\n\n","ACR-043":"Third-party components from \"Online Media Technologies Ltd'\" are installed without disclosure. \n\n","ACR-107":" The app does not obtain any authorization for using third-party components \"Online Media Technologies Ltd.\".\n\n","ACR-048":"The \"Decline\" button does not have any control. Despite declining RelevantKnowledge app, it is still downloaded RelevantKnowledge file “rk_setup.exe” nevertheless.\n\n","ACR-010":"The app distributes deceptor application. The offer in this app, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control. \n\n","ACR-118":"Upon uninstallation, it retains some of its other components along with a \"curl-ca-bundle.crt\" on the device without user's knowledge. \n\n","ACR-057":"The app bundles the \"Relevant Knowledge\" offer which does not allow the consumer to decline the offer. \n\n","ACR-071":"It attempts to force the acceptance of \"Relevant Knowledge\" by graying out the Next button when the user choose to Decline. Thus, forcing the user to only accept the offer and proceed with the installation.\n\n","ACR-059":"Offer not clearly marked as an offer. Instead, it is presented as a component of the carrier.\n\n","ACR-039":"There is no clear indications of the relationship to the installer application. RelevantKnowledge is presented as part of the installer application. Despite declining RelevantKnowledge app, it still downloaded RelevantKnowledge file “rk_setup.exe” regardless. Also, another App named \"CoolRecordEditPro\", was installed without disclosing it to the user and its clear relationship to the main app installed.\n\n\n","ACR-155":"Offers are designed to look like part of the install workflow. \n\n"},"nonDeceptorViolations":{"ACR-106":"App offers deceptive application 'Relevant Knowledge market survey'. \n\n"},"samples":[{"isRevoked":"False","fileName":"FreeSoundRecorder.exe","fileVersion":"0.0","hashMD5":"18a8b045319c9ef3ae335a5c1f3ecacd","hashSHA1":"d387efc0983cf203b70ac9b4fb74d728fe6c8f79","hashSHA256":"957ff3e4c5cfed19a85ac8b7b29a2fe52ca25c95ae364b93c5eca59a35639914","sourceIndex":"874","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"FreeSoundRecorder-setup.exe","isInstaller":"True","companyName":"Copyright© 2005-2019 FreeSoundRecorder Technologies, Inc.   ","fileVersion":"0.0","hashMD5":"63db8ea101ea004f3058fbfd5a811098","hashSHA1":"7d4b26299e6c606a4d73f73a46f6b78c2c2af995","hashSHA256":"64670b372cc4898c9ee419e3ab14aa887ffb04cd98ac72de8c0091228bb879b3","digitalCertThumbprint":"561906D7998D780F5F5E93C36DCD77674F8236A3","digitalCertIssuer":"CN=Sectigo Public Code Signing CA R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=\"Beijing QingSoft Creative Information Technology Co., Ltd.\", O=\"Beijing QingSoft Creative Information Technology Co., Ltd.\", S=Beijing Shi, C=CN","sourceIndex":"874","avBlockList":["360 Total Security (20231012)","Avast Premium Security (20231012)","AVG Internet Security (20231012)","Avira Internet Security (20231012)","Bitdefender Internet Security (20231012)","Dr.Web Security Space (20231012)","ESET Internet Security (20231012)","G DATA INTERNET SECURITY (20231012)","K7 Total Security (20231012)","Kaspersky Internet Security (20231012)","Malwarebytes Premium (20231012)","McAfee Total Protection (20231012)","Norton Security (20231012)","Panda Dome (20231012)","Quick Heal Internet Security (20231012)","Sophos Home Premium (20231012)","SpyHunter5 (20231012)","Total AV Antivirus Pro (20231012)","Trend Micro Internet Security (20231012)","VIPRE Advanced Security (20231012)","VirIT eXplorer PRO (20231012)","Webroot SecureAnywhere (20231012)","Windows Defender (20231012)"],"avAllowList":["COMODO Antivirus (20231012)","Tencent PC Manager (20220811)"]},{"isRevoked":"False","fileName":"FreeSoundRecorderSetup_new.exe","isInstaller":"True","companyName":"Copyright© 2005-2023 FreeSoundRecorder Technologies, Inc.   ","fileVersion":"0.0","hashMD5":"9c1a99f4e200be1976875ceb0924dcb0","hashSHA1":"8061ab9eb41087aa33daa2fb91277aafaf58ce69","hashSHA256":"3758b8a70cefa2b7aded2b769fb5d8b15b8aba8e0e5d2614338be699a0192e79","sourceIndex":"874","avBlockList":["360 Total Security (20230706)","Avast Premium Security (20230706)","AVG Internet Security (20230706)","Avira Internet Security (20230706)","Bitdefender Internet Security (20230706)","ESET Internet Security (20230706)","G DATA INTERNET SECURITY (20230706)","K7 Total Security (20230706)","Kaspersky Internet Security (20230706)","Malwarebytes Premium (20230706)","McAfee Total Protection (20230706)","Norton Security (20230706)","Panda Dome (20230706)","Quick Heal Internet Security (20230706)","Sophos Home Premium (20230706)","SpyHunter5 (20230706)","Total AV Antivirus Pro (20230706)","VIPRE Advanced Security (20230706)","VirIT eXplorer PRO (20230706)","Webroot SecureAnywhere (20230706)"],"avAllowList":["COMODO Antivirus (20230706)","Dr.Web Security Space (20230706)","Trend Micro Internet Security (20230706)","Windows Defender (20230706)"]},{"isRevoked":"False","fileName":"FreeSoundRecorder_231009.exe","isInstaller":"True","companyName":"Copyright© 2005-2022 FreeSoundRecorder Technologies, Inc.   ","fileVersion":"0.0","hashMD5":"cb108bd4257166466d015e364cb6d627","hashSHA1":"0d04d82dd185354049a813b0f855248b182dbf45","hashSHA256":"c65428a9dbd9eab0f6c036ed055fffa992ef2652c7ae3c80390d882f222661aa","digitalCertThumbprint":"561906D7998D780F5F5E93C36DCD77674F8236A3","digitalCertIssuer":"CN=Sectigo Public Code Signing CA R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=\"Beijing QingSoft Creative Information Technology Co., Ltd.\", O=\"Beijing QingSoft Creative Information Technology Co., Ltd.\", S=Beijing Shi, C=CN","sourceIndex":"874","avBlockList":["360 Total Security (20231017)","Avast Premium Security (20231017)","AVG Internet Security (20231017)","Avira Internet Security (20231017)","Bitdefender Internet Security (20231017)","COMODO Antivirus (20231017)","Dr.Web Security Space (20231017)","ESET Internet Security (20231017)","G DATA INTERNET SECURITY (20231017)","K7 Total Security (20231017)","Kaspersky Internet Security (20231017)","Malwarebytes Premium (20231017)","McAfee Total Protection (20231017)","Norton Security (20231017)","Panda Dome (20231017)","Quick Heal Internet Security (20231017)","Sophos Home Premium (20231017)","SpyHunter5 (20231017)","Total AV Antivirus Pro (20231017)","Trend Micro Internet Security (20231017)","VIPRE Advanced Security (20231017)","VirIT eXplorer PRO (20231017)","Webroot SecureAnywhere (20231017)"],"avAllowList":["Windows Defender (20231017)"]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"CoolRecordEditPro","landingPage":"https://coolrecordedit.com/freesoundrecorder/","directDownloadingLink":"http://coolrecordedit.com/FreeSoundRecorder.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://coolrecordedit.com/FreeSoundRecorder.exe","sourceIndex":"874"}],"sampleFiles":["231009/FreeSoundRecorder-220805/10.8.8/Samples/FreeSoundRecorder.exe","231009/FreeSoundRecorder-220805/10.8.8/Samples/FreeSoundRecorder-setup.exe","231009/FreeSoundRecorder-220805/10.8.8/Samples/FreeSoundRecorderSetup_new.exe","231009/FreeSoundRecorder-220805/10.8.8/Samples/FreeSoundRecorder_231009.exe"],"imageFiles":["231009/FreeSoundRecorder-220805/10.8.8/Images/ACR-109/ACR-109_039_048-RK_setup.jpg","231009/FreeSoundRecorder-220805/10.8.8/Images/ACR-039/ACR-109_039_048-RK_setup.jpg","231009/FreeSoundRecorder-220805/10.8.8/Images/ACR-039/ACR-039_AnotherApp.jpg","231009/FreeSoundRecorder-220805/10.8.8/Images/ACR-043/ACR-043_107_NCT_thirdparty.jpg","231009/FreeSoundRecorder-220805/10.8.8/Images/ACR-048/ACR-109_039_048-RK_setup.jpg","231009/FreeSoundRecorder-220805/10.8.8/Images/ACR-010/RK.jpg","231009/FreeSoundRecorder-220805/10.8.8/Images/ACR-107/ACR-043_107_NCT_thirdparty.jpg","231009/FreeSoundRecorder-220805/10.8.8/Images/ACR-118/ACR-118_RetainedComponents.jpg","231009/FreeSoundRecorder-220805/10.8.8/Images/ACR-057/RK.jpg","231009/FreeSoundRecorder-220805/10.8.8/Images/ACR-059/RK.jpg","231009/FreeSoundRecorder-220805/10.8.8/Images/ACR-071/RK.jpg","231009/FreeSoundRecorder-220805/10.8.8/Images/ACR-155/RK.jpg"],"nonDeceptorImageFiles":["231009/FreeSoundRecorder-220805/10.8.8/Images/ACR-106/RK.jpg"],"guid":"ec56d24a-4b5d-41e4-8a2a-e350da542e45_10.8.8_1","appID":"FreeSoundRecorder-220805","dateAdded":"231009","deceptorType":"App","name":"Free Sound Recorder","company":"FreeSoundRecorder Technologies, Inc.","version":"10.8.8","lastKnownStatus":"10.8.8","lastKnownDate":"231009","type":"Windows Executable","category":"SysTools & Utilities, Media editors","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","monetization":"cross-sell other apps","lastUpdate":"2023-10-09T16:03:16.619635+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":840},{"violations":{"ACR-042":"App initiates network communications with 3rd party offer provider before obtaining user consent.\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software.\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software.\n","ACR-075":"After carrier app was cancelled during installation, the offers are still installed without any notification for user.\n\n","ACR-039":"There is no clear indication about the relationship of the monetization components from the third-party monetizer. The \"dotSetup License\" links to 'https://rise-platforms.com/privacy/' -- misleads user that they are for Carrier app.\n"},"nonDeceptorViolations":{"ACR-044":"No attribution is given to the download manager. Missing clear information about significant functions of Download Manager: it may show offers during installation.\n","ACR-035":"The download manager's EULA/Terms of Service and Privacy Policy has no  contact information for the source.\n"},"samples":[{"isRevoked":"False","fileName":"pivot_v5-1.exe","isInstaller":"True","fileVersion":"1.92","hashMD5":"853713e72866f18c6aefe7cc504509db","hashSHA1":"9e77617dda62f12c04421a3f36d54d44c7869038","hashSHA256":"e3db3aaa17473423bff5a4200ae6b763de011d49efa6f3b44a7c25904667570f","digitalCertThumbprint":"510383F7CBF1AF5F6E860B7934315F6A0065981A","digitalCertIssuer":"CN=Domain The Net Technologies Ltd CA for Code Signing R2, O=Domain The Net Technologies Ltd, C=IL","digitalCertIssuedTo":"CN=MOTUS SOFTWARE LTD, O=MOTUS SOFTWARE LTD, L=Lewes, C=GB","sourceIndex":"875","avBlockList":["360 Total Security (20240220)","Avira Internet Security (20240220)","COMODO Antivirus (20240220)","Dr.Web Security Space (20240220)","ESET Internet Security (20240220)","G DATA INTERNET SECURITY (20240220)","K7 Total Security (20240220)","Kaspersky Internet Security (20240220)","Malwarebytes Premium (20240220)","Norton Security (20240220)","Panda Dome (20240220)","Quick Heal Internet Security (20240220)","Sophos Home Premium (20240220)","SpyHunter5 (20240220)","Total AV Antivirus Pro (20240220)","Trend Micro Internet Security (20240220)","VirIT eXplorer PRO (20240220)","Webroot SecureAnywhere (20240220)"],"avAllowList":["Avast Premium Security (20240220)","AVG Internet Security (20240220)","Bitdefender Internet Security (20240220)","McAfee Total Protection (20240220)","VIPRE Advanced Security (20240220)","Windows Defender (20240220)"]}],"additionalFiles":[],"sources":[{"howFound":"dotsetup license","reference":"","landingPage":"https://pivotanimator.net/","directDownloadingLink":"https://dd21m32yacj0k.cloudfront.net/ver/de/v8.15.74.64.659/pivot_v5-1.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://dd21m32yacj0k.cloudfront.net/ver/de/v8.15.74.64.659/pivot_v5-1.exe","sourceIndex":"875"}],"sampleFiles":["231005/PivotAnimatorBundler-180701/5.1.31/Samples/pivot_v5-1.exe"],"imageFiles":["231005/PivotAnimatorBundler-180701/5.1.31/Images/ACR-039/ACR-039.jpg","231005/PivotAnimatorBundler-180701/5.1.31/Images/ACR-042/ACR-042.jpg","231005/PivotAnimatorBundler-180701/5.1.31/Images/ACR-075/ACR-075.jpg","231005/PivotAnimatorBundler-180701/5.1.31/Images/ACR-013/OptionalOffer-1.jpg","231005/PivotAnimatorBundler-180701/5.1.31/Images/ACR-013/OptionalOffer-2.jpg","231005/PivotAnimatorBundler-180701/5.1.31/Images/ACR-060/OptionalOffer-1.jpg","231005/PivotAnimatorBundler-180701/5.1.31/Images/ACR-060/OptionalOffer-2.jpg"],"nonDeceptorImageFiles":["231005/PivotAnimatorBundler-180701/5.1.31/Images/ACR-044/ACR-044.jpg","231005/PivotAnimatorBundler-180701/5.1.31/Images/ACR-035/pivotanimator_Terms.jpeg"],"guid":"2ed5eb5b-a309-4b8b-9d50-393b795593a8_5.1.31_1","appID":"PivotAnimatorBundler-180701","dateAdded":"231005","deceptorType":"Bundler","name":"PivotAnimator Bundler","company":"Motus Software Ltd","version":"5.1.31","lastKnownStatus":"5.1.31","lastKnownDate":"231005","type":"Windows Executable","category":"Bundlers & Downloaders","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"sold in bundle","lastUpdate":"2023-10-05T18:37:03.7537769+00:00","notDistributed":false,"familyName":"core-bundler-ronil","numInFamily":7,"numInAppID":2,"sortOrder":842},{"violations":{"ACR-048":"Bundler remaps \"application close\" functionality to \"minimize\".\n","ACR-059":"Makes offers not clearly marked as offers.\n","ACR-039":"Bundler app names don't match the name of the app that request UAC privileges.\n"},"nonDeceptorViolations":{"ACR-044":"No attribution is given to the download manager. Missing clear information about significant functions of Download Manager: it may show offers during installation.\n","ACR-065":"No links are provided for the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy of the download manager.\n","ACR-035":"The download manager's EULA/Terms of Service and Privacy Policy has no  contact information for the source.\n","ACR-152":"The user is unable to cancel the offer while in the download process. when the user tries to close the download manager it is just minimized instead.\n"},"samples":[{"isRevoked":"False","fileName":"pivot_v4-2 (1).exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"0ac8343daa9fad99fe4cb69bc370fdc6","hashSHA1":"bc868f1e994b039506dac85dc5ceb9001d4e048c","hashSHA256":"c124d36d5ebdc8be32a910b78239f9e1b8656d08705268a3c9da46e463eb41a0","digitalCertThumbprint":"33A721AA15B240CA731036C3249305D46A39E509","digitalCertIssuer":"CN=thawte SHA256 Code Signing CA, O=\"thawte, Inc.\", C=US","digitalCertIssuedTo":"CN=Motus Software Ltd, OU=IT, O=Motus Software Ltd, L=Lewes, C=GB","sourceIndex":"3453","avBlockList":["360 Total Security (20231017)","Avast Premium Security (20231017)","AVG Internet Security (20231017)","Avira Internet Security (20231017)","Bitdefender Internet Security (20231017)","COMODO Antivirus (20231017)","Dr.Web Security Space (20231017)","ESET Internet Security (20231017)","G DATA INTERNET SECURITY (20231017)","Kaspersky Internet Security (20231017)","Malwarebytes Premium (20231017)","McAfee Total Protection (20231017)","Norton Security (20231017)","Panda Dome (20231017)","Quick Heal Internet Security (20231017)","Sophos Home Premium (20231017)","SpyHunter5 (20231017)","Total AV Antivirus Pro (20231017)","Trend Micro Internet Security (20231017)","VIPRE Advanced Security (20231017)","VirIT eXplorer PRO (20231017)","Webroot SecureAnywhere (20231017)","Windows Defender (20231017)"],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Community","reference":"christopher installing and got driver restore, web discover, new search page automatically","landingPage":"pivotanimator.net","directDownloadingLink":"http://www.sewesidsanut.com/ix59e_hmTrR8Nvno_nO+FwBEM12BVfoPrwXiNfsMIUD+6Q3VJKyFsQ_cYv0h1sZuY5k4TCq6yh00SgJuYFzl39XNGOuFngHZw7cvXVJ9vMMLNZ8WPirIKS_Ri7rEi6LBRWhkvk+dZ02Q9nMiRx8ep07XBa+aqO+56NDwq88pYBR6j_rNNFTb1Z6N_tnia8HnHtf7zeDypMcvJX9q0pveLCI1+K7B1yH49VOaelAAymGlx8nEah1hB3I1XL_2GuLZy0jMvvzPH9_jCQY+BcnayJf2vsvTatEHSfOsxzsdqbhMXFSgs4B0oLdxtiSXhjixxKfbuHAaW6wL6WtFqhUugZBzpTDZjQ==-GzEAAMRtbD7ndXtUogKHHDj9kDYPKNgYO88jRTfW+NVn7xCaiU7r8UwHtQA=","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://www.sewesidsanut.com/ix59e_hmTrR8Nvno_nO+FwBEM12BVfoPrwXiNfsMIUD+6Q3VJKyFsQ_cYv0h1sZuY5k4TCq6yh00SgJuYFzl39XNGOuFngHZw7cvXVJ9vMMLNZ8WPirIKS_Ri7rEi6LBRWhkvk+dZ02Q9nMiRx8ep07XBa+aqO+56NDwq88pYBR6j_rNNFTb1Z6N_tnia8HnHtf7zeDypMcvJX9q0pveLCI1+K7B1yH49VOaelAAymGlx8nEah1hB3I1XL_2GuLZy0jMvvzPH9_jCQY+BcnayJf2vsvTatEHSfOsxzsdqbhMXFSgs4B0oLdxtiSXhjixxKfbuHAaW6wL6WtFqhUugZBzpTDZjQ==-GzEAAMRtbD7ndXtUogKHHDj9kDYPKNgYO88jRTfW+NVn7xCaiU7r8UwHtQA=","sourceIndex":"3453"}],"sampleFiles":["180710/PivotAnimatorBundler-180701/PivotAnimator/Samples/pivot_v4-2 (1).exe"],"imageFiles":["180710/PivotAnimatorBundler-180701/PivotAnimator/Images/ACR-039/ACR-039_install.mp4","180710/PivotAnimatorBundler-180701/PivotAnimator/Images/ACR-048/ACR-048_install.mp4","180710/PivotAnimatorBundler-180701/PivotAnimator/Images/ACR-059/ACR-059_bundleroffers.JPG","180710/PivotAnimatorBundler-180701/PivotAnimator/Images/ACR-059/ACR-059_bundleroffers1.JPG"],"nonDeceptorImageFiles":["180710/PivotAnimatorBundler-180701/PivotAnimator/Images/ACR-044/ACR-044_install.JPG","180710/PivotAnimatorBundler-180701/PivotAnimator/Images/ACR-044/ACR-044_install1.JPG","180710/PivotAnimatorBundler-180701/PivotAnimator/Images/ACR-065/ACR-065_install.JPG","180710/PivotAnimatorBundler-180701/PivotAnimator/Images/ACR-035/ACR-035_docs.JPG","180710/PivotAnimatorBundler-180701/PivotAnimator/Images/ACR-152/ACR-152_bundleroffers.mp4"],"guid":"2ed5eb5b-a309-4b8b-9d50-393b795593a8_PivotAnimator_1","appID":"PivotAnimatorBundler-180701","dateAdded":"231005","deceptorType":"Bundler","name":"PivotAnimator Bundler","company":"Motus Software Ltd","version":"PivotAnimator","sigName":"Deceptor:Win32/PivotAnimatorBundler!039048050059","lastKnownStatus":"5.1.31","lastKnownDate":"231005","type":"Windows Executable","category":"Bundlers & Downloaders","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"sold in bundle","lastUpdate":"2023-10-05T00:00:00+00:00","notDistributed":false,"familyName":"core-bundler-ronil","numInFamily":7,"numInAppID":2,"sortOrder":843},{"violations":{"ACR-046":"Options to disable run windows startup and setting as default client for certain file types made to look hidden at installation. \n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software.\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software.\n","ACR-155":"Offers are inserted to look like part of the install workflow.\n"},"nonDeceptorViolations":{"ACR-072":"The bundler offered the \"Yandex\" app twice.\n"},"samples":[{"isRevoked":"False","fileName":"Light_Alloy-1424169.exe","isInstaller":"True","companyName":"uFiler.pro","fileVersion":"1.0","hashMD5":"9595e49300c884ea972200f03d7551aa","hashSHA1":"32266d5316e4a71037304a73b71970e422d0c4c7","hashSHA256":"a4c8b95638e736bfd4cabdf43121ebb65229c3754a2bb35ffe9a81a8091c2d16","digitalCertThumbprint":"81C8BD7ED10A85B4679A9AFA9EBBBA1188BC133C","digitalCertIssuer":"CN=GlobalSign GCC R45 CodeSigning CA 2020, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"E=fundoragames@yandex.ru, CN=IP Iaroslavskii Anton Andreyevich, O=IP Iaroslavskii Anton Andreyevich, L=Petrozavodsk, S=Republic of Karelia, C=RU","sourceIndex":"881","avBlockList":["Avast Premium Security (20240222)","AVG Internet Security (20240222)","Avira Internet Security (20240222)","Bitdefender Internet Security (20240222)","COMODO Antivirus (20240222)","Dr.Web Security Space (20240222)","ESET Internet Security (20240222)","G DATA INTERNET SECURITY (20240222)","K7 Total Security (20240222)","Kaspersky Internet Security (20240222)","Malwarebytes Premium (20240222)","McAfee Total Protection (20240222)","Norton Security (20240222)","Panda Dome (20240222)","Quick Heal Internet Security (20240222)","Sophos Home Premium (20240222)","SpyHunter5 (20240222)","Total AV Antivirus Pro (20240222)","Trend Micro Internet Security (20240222)","VIPRE Advanced Security (20240222)","VirIT eXplorer PRO (20240222)","Webroot SecureAnywhere (20240222)"],"avAllowList":["360 Total Security (20240222)","Windows Defender (20240222)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"https://atmosoft.ru/","landingPage":"https://ufiler-pro.ru/","directDownloadingLink":"https://ufiler-pro2.ru/download/d/2262/?i=dGl0bGU9VEdsbmFIUWdRV3hzYjNrPSZkZXNjcmlwdGlvbj0wS0hRdXRDdzBZZlFzTkM1MFlMUXRTRFFzdEM0MExUUXRkQytJTkMvMFlEUXZ0QzQwTFBSZ05HTDBMTFFzTkdDMExYUXU5R01JRXhwWjJoMElFRnNiRzk1SU5DOTBMQWcwWUhRc3RDKzBMa2cwTHJRdnRDODBML1JqTkdPMFlMUXRkR0FMaURRbE5DNzBZOGcwTGZRc05DejBZRFJnOUMzMExyUXVDRFF0TkMrMFlIUmd0R0QwTC9RdmRDd0lOQy8wTDdSZ2RDNzBMWFF0TkM5MFkvUmp5RFFzdEMxMFlEUmdkQzQwWThnMEwvUmdOQzQwTHZRdnRDMjBMWFF2ZEM0MFk4ZzBMM1FzQ0RSZ05HRDBZSFJnZEM2MEw3UXZDNHVMZz09JnBvc3Rlcj1hSFIwY0hNNkx5OWhkRzF2YzI5bWRDNXlkUzltZFd4c0wyeGhMbkJ1Wnc9PSZzaXplPSZjYXRlZ29yeT0wSkxRdU5DMDBMWFF2dEMvMFlEUXZ0QzQwTFBSZ05HTDBMTFFzTkdDMExYUXU5QzQmdGhlbWU9JmZpbGU9YUhSMGNITTZMeTloZEcxdmMyOW1kQzV5ZFM4ek1qRXRaMlYwTFd4cFoyaDBMV0ZzYkc5NUxtaDBiV3c9","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://ufiler-pro2.ru/download/d/2262/?i=dGl0bGU9VEdsbmFIUWdRV3hzYjNrPSZkZXNjcmlwdGlvbj0wS0hRdXRDdzBZZlFzTkM1MFlMUXRTRFFzdEM0MExUUXRkQytJTkMvMFlEUXZ0QzQwTFBSZ05HTDBMTFFzTkdDMExYUXU5R01JRXhwWjJoMElFRnNiRzk1SU5DOTBMQWcwWUhRc3RDKzBMa2cwTHJRdnRDODBML1JqTkdPMFlMUXRkR0FMaURRbE5DNzBZOGcwTGZRc05DejBZRFJnOUMzMExyUXVDRFF0TkMrMFlIUmd0R0QwTC9RdmRDd0lOQy8wTDdSZ2RDNzBMWFF0TkM5MFkvUmp5RFFzdEMxMFlEUmdkQzQwWThnMEwvUmdOQzQwTHZRdnRDMjBMWFF2ZEM0MFk4ZzBMM1FzQ0RSZ05HRDBZSFJnZEM2MEw3UXZDNHVMZz09JnBvc3Rlcj1hSFIwY0hNNkx5OWhkRzF2YzI5bWRDNXlkUzltZFd4c0wyeGhMbkJ1Wnc9PSZzaXplPSZjYXRlZ29yeT0wSkxRdU5DMDBMWFF2dEMvMFlEUXZ0QzQwTFBSZ05HTDBMTFFzTkdDMExYUXU5QzQmdGhlbWU9JmZpbGU9YUhSMGNITTZMeTloZEcxdmMyOW1kQzV5ZFM4ek1qRXRaMlYwTFd4cFoyaDBMV0ZzYkc5NUxtaDBiV3c9","sourceIndex":"881"}],"sampleFiles":["231002/uFiler-200626/2022.2.0.0/Samples/Light_Alloy-1424169.exe"],"imageFiles":["231002/uFiler-200626/2022.2.0.0/Images/ACR-046/uFile_Startup.mp4","231002/uFiler-200626/2022.2.0.0/Images/ACR-155/YandexOffer-1.jpg","231002/uFiler-200626/2022.2.0.0/Images/ACR-155/YandexOffer-2.jpg","231002/uFiler-200626/2022.2.0.0/Images/ACR-013/YandexOffer-1.jpg","231002/uFiler-200626/2022.2.0.0/Images/ACR-013/YandexOffer-2.jpg","231002/uFiler-200626/2022.2.0.0/Images/ACR-060/YandexOffer-1.jpg","231002/uFiler-200626/2022.2.0.0/Images/ACR-060/YandexOffer-2.jpg"],"nonDeceptorImageFiles":["231002/uFiler-200626/2022.2.0.0/Images/ACR-072/YandexOffer-1.jpg","231002/uFiler-200626/2022.2.0.0/Images/ACR-072/YandexOffer-2.jpg"],"guid":"fbb3e38d-0235-403b-bfad-fdff4c237de2_2022.2.0.0_1","appID":"uFiler-200626","dateAdded":"231002","deceptorType":"App","name":"uFiler","company":"uFIler.pro","version":"2022.2.0.0","lastKnownStatus":"1.0.0;2022.2.0.0","lastKnownDate":"231002","type":"Windows Executable","category":"SysTools & Utilities, Bundlers & Downloaders","targetOS":"Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"sold in bundle","lastUpdate":"2023-10-02T20:56:14.5874905+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":849},{"violations":{"ACR-057":"The way to reject the offer is not straightforward for the user, because the checkbox that is used to accept or decline the offer is not placed in the right context and it comes pre-checked.\n","ACR-053":"Bundler had three offers with no skip offers option.\n","ACR-055":"The option to decline the installation of the offer is different for the first offer and the second offer. The first offer requires the user to uncheck a pre-checked checkbox, and the second offer provides a clearly labeled \"reject\" button.\n","ACR-155":"Offers are inserted into the install workflow with a pre-checked checkbox to trick the consumer into installing the offer.\n"},"nonDeceptorViolations":{"ACR-054":"The checkbox to accept the bundler offer is pre-checked and placed next to checkmarks that show the functionalities of the bundler app. \n","ACR-072":"The bundler offered the \"Yandex\" app twice.\n"},"samples":[{"isRevoked":"False","fileName":"Get_uFiler-174892.exe","isInstaller":"True","companyName":"uFiler.pro","fileVersion":"1.0","hashMD5":"3acca0401a8a0c7688248bbd4a29f02e","hashSHA1":"67bbf1fedd7d6ae8b24d7d6f6a498c2abf7af8c7","hashSHA256":"43284d1cb8fea4a034b7c9ac5ab2cf06893ba2ff05284fb6e1e62f3e4fc5ee9d","digitalCertThumbprint":"608CC3EF91449D9B457D56A91B11EFC4F19A04BB","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=IP Iaroslavskii Anton Andreevich, O=IP Iaroslavskii Anton Andreevich, STREET=\"Lenina str, 35-24,\", L=Petrozavodsk, S=Karelia, PostalCode=185000, C=RU","sourceIndex":"2399","avBlockList":["Avast Premium Security (20201008)","AVG Internet Security (20201008)","Avira Internet Security (20201008)","Bitdefender Internet Security (20201008)","COMODO Antivirus (20201008)","Dr.Web Security Space (20201008)","ESET Internet Security (20201008)","G DATA INTERNET SECURITY (20201008)","K7 Total Security (20201008)","Kaspersky Internet Security (20201008)","Malwarebytes Premium (20201008)","McAfee Total Protection (20201008)","Norton Security (20201008)","Panda Dome (20201008)","Quick Heal Internet Security (20201008)","Sophos Home Premium (20201008)","SpyHunter5 (20201008)","Total AV Antivirus Pro (20201008)","Trend Micro Internet Security (20201008)","VIPRE Advanced Security (20201008)","VirIT eXplorer PRO (20201008)","Webroot SecureAnywhere (20201008)","Windows Defender (20201008)"],"avAllowList":["360 Total Security (20201008)","Tencent PC Manager (20201008)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"","landingPage":"https://ufiler-pro.ru/l/14/72113514/download/1044/?i=dGl0bGU9JmRlc2NyaXB0aW9uPSZwb3N0ZXI9JnNpemU9JmNhdGVnb3J5PSZ0aGVtZT0mZmlsZT0=&sw=VUZJTEVS","directDownloadingLink":"https://ufiler-pro.ru/download/d/1044/?i=dGl0bGU9JmRlc2NyaXB0aW9uPSZwb3N0ZXI9JnNpemU9JmNhdGVnb3J5PSZ0aGVtZT0mZmlsZT0=","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://ufiler-pro.ru/download/d/1044/?i=dGl0bGU9JmRlc2NyaXB0aW9uPSZwb3N0ZXI9JnNpemU9JmNhdGVnb3J5PSZ0aGVtZT0mZmlsZT0=","sourceIndex":"2399"}],"sampleFiles":["200630/uFiler-200626/1.0.0/Samples/Get_uFiler-174892.exe"],"imageFiles":["200630/uFiler-200626/1.0.0/Images/ACR-053/Screen Shot 2020-06-26 at 1.35.13 PM.png","200630/uFiler-200626/1.0.0/Images/ACR-053/Screen Shot 2020-06-26 at 1.52.12 PM.png","200630/uFiler-200626/1.0.0/Images/ACR-053/Screen Shot 2020-06-26 at 1.57.27 PM.png","200630/uFiler-200626/1.0.0/Images/ACR-055/Screen Shot 2020-06-26 at 1.52.12 PM.png","200630/uFiler-200626/1.0.0/Images/ACR-055/Screen Shot 2020-06-26 at 1.57.27 PM.png","200630/uFiler-200626/1.0.0/Images/ACR-057/Screen Shot 2020-06-26 at 1.52.12 PM.png","200630/uFiler-200626/1.0.0/Images/ACR-155/Screen Shot 2020-06-26 at 1.52.12 PM.png"],"nonDeceptorImageFiles":["200630/uFiler-200626/1.0.0/Images/ACR-054/Screen Shot 2020-06-26 at 1.52.12 PM.png","200630/uFiler-200626/1.0.0/Images/ACR-072/Screen Shot 2020-06-26 at 1.35.13 PM.png","200630/uFiler-200626/1.0.0/Images/ACR-072/Screen Shot 2020-06-26 at 1.52.12 PM.png"],"guid":"fbb3e38d-0235-403b-bfad-fdff4c237de2_1.0.0_1","appID":"uFiler-200626","dateAdded":"231002","deceptorType":"App","name":"uFiler","company":"uFIler.pro","version":"1.0.0","sigName":"Deceptor:Win32/uFiler!053055057155","lastKnownStatus":"1.0.0;2022.2.0.0","lastKnownDate":"231002","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"none","lastUpdate":"2023-10-02T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":850},{"violations":{"ACR-109":"The app downloads \"rk_setup.exe\", a RelevantKnowledge file without the consumer's consent.\n\n","ACR-048":"The \"Decline\" button does not have any control but still drops a RelevantKnowledge file “rk_setup.exe”.\n\n","ACR-010":"The app bundler distributes deceptor application. The offer in this bundler, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control.\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains the main executable and \"curl-ca-bundle.crt\" file on the device without the consumer's consent or notifying the user.\n","ACR-057":"The app bundles the \"Relevant Knowledge\" offer which does not allow the consumer to decline the offer.\n\n","ACR-071":"The \"Relevant Knowledge\" offer cannot be declined independently as the installation is unable to proceed when attempting to decline the offer. Thus it forces the user to, only accept the offer and proceed with the installation.\n","ACR-059":"The Offer is not clearly marked as an offer. It is unclear who is recommending the offer.\n\n","ACR-155":"Offers is designed to look like part of the install workflow.\n\n"},"nonDeceptorViolations":{"ACR-106":"App offers deceptive application 'Relevant Knowledge market survey'.\n\n","ACR-092":"The app does not have a digital signature for any executable.\n"},"samples":[{"isRevoked":"False","fileName":"FreeWiFiHotspot_Setup.exe","isInstaller":"True","companyName":"FreeWiFiHotspot Co. Ltd.                                   ","productName":"Free WiFi Hotspot                                           ","productVersion":"                                                  ","fileVersion":"                    ","hashMD5":"ddcd3fc71a422569270dcfb2c4a70921","hashSHA1":"18f0c6dc220ced77fbe5a671f427fc758e6c9515","hashSHA256":"713f2e149b2ea056413410c4cd59ae8508228ccf4c0bc92e225557b34c7e961f","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"880","avBlockList":["360 Total Security (20240321)","Avast Premium Security (20240321)","AVG Internet Security (20240321)","Avira Internet Security (20240321)","Bitdefender Internet Security (20240321)","COMODO Antivirus (20240321)","Dr.Web Security Space (20240321)","ESET Internet Security (20240321)","G DATA INTERNET SECURITY (20240321)","K7 Total Security (20240321)","Kaspersky Internet Security (20240321)","Malwarebytes Premium (20240321)","McAfee Total Protection (20240321)","Norton Security (20240321)","Panda Dome (20240321)","Quick Heal Internet Security (20240321)","Sophos Home Premium (20240321)","SpyHunter5 (20240321)","Total AV Antivirus Pro (20240321)","VIPRE Advanced Security (20240321)","VirIT eXplorer PRO (20240321)","Webroot SecureAnywhere (20240321)"],"avAllowList":["Trend Micro Internet Security (20240321)","Windows Defender (20240321)"]}],"additionalFiles":[],"sources":[{"howFound":" searched related to Bundlers","reference":"","landingPage":"https://www.free-wifi-hotspot.com/","directDownloadingLink":"https://www.free-wifi-hotspot.com/FreeWiFiHotspot.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.free-wifi-hotspot.com/FreeWiFiHotspot.exe","sourceIndex":"880"}],"sampleFiles":["231002/FreeWiFiHotspot-220621/4.4.0/Samples/FreeWiFiHotspot_Setup.exe"],"imageFiles":["231002/FreeWiFiHotspot-220621/4.4.0/Images/ACR-109/ACR-109.JPG","231002/FreeWiFiHotspot-220621/4.4.0/Images/ACR-048/ACR-048.JPG","231002/FreeWiFiHotspot-220621/4.4.0/Images/ACR-010/ACR-010.JPG","231002/FreeWiFiHotspot-220621/4.4.0/Images/ACR-118/ACR-118.JPG","231002/FreeWiFiHotspot-220621/4.4.0/Images/ACR-057/ACR-057.JPG","231002/FreeWiFiHotspot-220621/4.4.0/Images/ACR-059/ACR-059.JPG","231002/FreeWiFiHotspot-220621/4.4.0/Images/ACR-071/ACR-071.JPG","231002/FreeWiFiHotspot-220621/4.4.0/Images/ACR-155/ACR-155.JPG","231002/FreeWiFiHotspot-220621/4.4.0/Images/ACR-013/ACR-013.JPG","231002/FreeWiFiHotspot-220621/4.4.0/Images/ACR-060/ACR-060.JPG"],"nonDeceptorImageFiles":["231002/FreeWiFiHotspot-220621/4.4.0/Images/ACR-106/ACR-106_Software_1.jpeg","231002/FreeWiFiHotspot-220621/4.4.0/Images/ACR-092/ACR-092_Software_1.jpeg"],"guid":"ef4eb7fe-8fff-411a-8911-123ef049d9ea_4.4.0_1","appID":"FreeWiFiHotspot-220621","dateAdded":"231002","deceptorType":"App","name":"Free WiFi Hotspot","company":"FreeWiFiHotspot Co., Ltd.","version":"4.4.0","lastKnownStatus":"4.2.0;4.4.0","lastKnownDate":"231002","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"cross-sell other apps","lastUpdate":"2023-10-02T20:58:44.2763738+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":851},{"violations":{"ACR-109":"The app downloads \"rk_setup.exe\", a RelevantKnowledge file before disclosure and without the consumer's consent.\n\n","ACR-048":"The \"Decline\" button does not have any control. Despite declining RelevantKnowledge app, it is still downloaded RelevantKnowledge file “rk_setup.exe” nevertheless.\n\n","ACR-010":"The app distributes deceptor application. The offer in this app, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control. \n\n","ACR-057":"The app bundles the \"Relevant Knowledge\" offer which does not allow the consumer to decline the offer. \n\n","ACR-071":"It attempts to force the acceptance of \"Relevant Knowledge\" by graying out the Next button when the user choose to Decline. Thus, forcing the user to only accept the offer and proceed with the installation.\n\n","ACR-059":"Offer not clearly marked as an offer. Instead, it is presented as a component of the carrier.\n\n","ACR-039":"There is no clear indications of the relationship to the installer application. RelevantKnowledge is presented as part of the installer application. Despite declining RelevantKnowledge app, it still downloaded RelevantKnowledge file “rk_setup.exe” regardless.\n\n","ACR-155":"The Relevant Knowledge Offer is designed to look like part of the install workflow. \n\n"},"nonDeceptorViolations":{"ACR-002":"The App's version is inconsistent.\nThe App's version is inconsistent.\n","ACR-106":"App offers deceptive application 'Relevant Knowledge market survey'. \n\n"},"samples":[{"isRevoked":"False","fileName":"FreeWiFiHotspot.exe","companyName":"","productName":"Free WiFi Hotspot","fileVersion":"3.0.0.0","hashMD5":"566a0416da8cd85838f663197c80a3a8","hashSHA1":"9e5f4c3be41f6083f87f4ebc15d2ba06bf860f6a","hashSHA256":"17a49afeb71feaf25a91958015f6dfa952fa7559a799fc0717331381498bdd27","sourceIndex":"1551","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"FreeWiFiHotspot-setup.exe","isInstaller":"True","companyName":"FreeWiFiHotspot Co., Ltd.                                   ","productName":"Free WiFi Hotspot       ","fileVersion":"0.0","hashMD5":"0bf4cfb955f19b65d09bd8924d699f33","hashSHA1":"b3ec9459f5c789d6e42eb14b03298782d7509244","hashSHA256":"4521826853d4a1e01192eb6082ef4b201d779f7bc6e41414d63eb3a8c2d91a03","digitalCertThumbprint":"561906D7998D780F5F5E93C36DCD77674F8236A3","digitalCertIssuer":"CN=Sectigo Public Code Signing CA R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=\"Beijing QingSoft Creative Information Technology Co., Ltd.\", O=\"Beijing QingSoft Creative Information Technology Co., Ltd.\", S=Beijing Shi, C=CN","sourceIndex":"1551","avBlockList":["360 Total Security (20231005)","Avast Premium Security (20231005)","AVG Internet Security (20231005)","Avira Internet Security (20231005)","Bitdefender Internet Security (20231005)","COMODO Antivirus (20231005)","Dr.Web Security Space (20231005)","ESET Internet Security (20231005)","G DATA INTERNET SECURITY (20231005)","K7 Total Security (20231005)","Kaspersky Internet Security (20231005)","Malwarebytes Premium (20231005)","McAfee Total Protection (20231005)","Norton Security (20231005)","Panda Dome (20231005)","Quick Heal Internet Security (20231005)","Sophos Home Premium (20231005)","SpyHunter5 (20231005)","Total AV Antivirus Pro (20231005)","Trend Micro Internet Security (20231005)","VIPRE Advanced Security (20231005)","VirIT eXplorer PRO (20231005)","Webroot SecureAnywhere (20231005)","Windows Defender (20231005)"],"avAllowList":["Tencent PC Manager (20220721)"]}],"additionalFiles":[],"sources":[{"howFound":" searched related to PCMate Free SystemCare","reference":"","landingPage":"https://www.free-wifi-hotspot.com/","directDownloadingLink":"https://www.free-wifi-hotspot.com/FreeWiFiHotspot.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.free-wifi-hotspot.com/FreeWiFiHotspot.exe","sourceIndex":"1551"}],"sampleFiles":["220621/FreeWiFiHotspot-220621/4.2.0/Samples/FreeWiFiHotspot.exe","220621/FreeWiFiHotspot-220621/4.2.0/Samples/FreeWiFiHotspot-setup.exe"],"imageFiles":["220621/FreeWiFiHotspot-220621/4.2.0/Images/ACR-109/ACR-109_039_048_RKSetup.jpg","220621/FreeWiFiHotspot-220621/4.2.0/Images/ACR-039/ACR-109_039_048_RKSetup.jpg","220621/FreeWiFiHotspot-220621/4.2.0/Images/ACR-048/ACR-109_039_048_RKSetup.jpg","220621/FreeWiFiHotspot-220621/4.2.0/Images/ACR-010/RelevantKnowledge.jpg","220621/FreeWiFiHotspot-220621/4.2.0/Images/ACR-057/RelevantKnowledge.jpg","220621/FreeWiFiHotspot-220621/4.2.0/Images/ACR-059/RelevantKnowledge.jpg","220621/FreeWiFiHotspot-220621/4.2.0/Images/ACR-071/RelevantKnowledge.jpg","220621/FreeWiFiHotspot-220621/4.2.0/Images/ACR-155/RelevantKnowledge.jpg"],"nonDeceptorImageFiles":["220621/FreeWiFiHotspot-220621/4.2.0/Images/ACR-002/ACR-002_FileProperties.jpg","220621/FreeWiFiHotspot-220621/4.2.0/Images/ACR-002/ACR-002_Installer.jpg","220621/FreeWiFiHotspot-220621/4.2.0/Images/ACR-002/ACR-002_Software.jpg","220621/FreeWiFiHotspot-220621/4.2.0/Images/ACR-106/RelevantKnowledge.jpg","220621/FreeWiFiHotspot-220621/4.2.0/Images/ACR-002/ACR-002_FileProperties.jpg","220621/FreeWiFiHotspot-220621/4.2.0/Images/ACR-002/ACR-002_Installer.jpg","220621/FreeWiFiHotspot-220621/4.2.0/Images/ACR-002/ACR-002_Software.jpg"],"guid":"ef4eb7fe-8fff-411a-8911-123ef049d9ea_4.2.0_1","appID":"FreeWiFiHotspot-220621","dateAdded":"231002","deceptorType":"App","name":"Free WiFi Hotspot","company":"FreeWiFiHotspot Co., Ltd.","version":"4.2.0","lastKnownStatus":"4.2.0;4.4.0","lastKnownDate":"231002","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"cross-sell other apps","lastUpdate":"2023-10-02T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":852},{"violations":{"ACR-109":"Download Manager secretly writes the QBittorrent files (some are set to hide the protected operating system-only files) to the consumer system under a hidden folder (C:\\Users\\User\\AppData\\Local\\Temp) without the user agreeing to install them.\n","ACR-042":"1. The Download manager drops a third-party downloader \"QBittorrent\" to install the actual app \"Parappa The Rapper\" without providing appropriate consent and secretly writes the files (some are set to hide the protected operating system-only files) under a hidden folder (C:\\Users\\User\\AppData\\Local\\Temp) without the user agreeing to install them.\n2. App initiates network communications with 3rd party offer provider before obtaining user consent. \n","ACR-043":"Download manager drops a third-party downloader \"QBittorrent\" to install the actual app \"Parappa The Rapper\" without providing appropriate consent and secretly writes the files (some are set to hide the protected operating system-only files) under a hidden folder (C:\\Users\\User\\AppData\\Local\\Temp) without the user agreeing to install them.\n","ACR-107":"The Download manager drops a third-party downloader \"QBittorrent\" without providing any proper authorization to the user\n","ACR-048":"The app does not provide any control to view/execute/remove the QBittorrent file.\n","ACR-007":"The app reduces consumer security posture by secretly writing the QBittorrent file under which it is set to hide the protected operating system files without allowing the user to view/execute/remove the file.\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software.\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software.\n","ACR-084":"The app attempts to disguise the presence of the QBittorrent file as it is set to hide the protected operating system files without letting know to the user about the existence of the file.\n","ACR-097":"The app attempts to secretly write the QBittorrent file under which it is set to hide the protected operating system files without allowing the user to view/execute/remove the file.\n","ACR-116":"The app enables the consumer to hide the downloader 'QBittorrent' from the targeted consumer, which prevents them from uninstalling it using platform-standard features. \n","ACR-117":"The app attempts to conceal the executable of the  \"QBittorrent\" downloader by setting it to hide the protected operating system files.\n","ACR-118":"The app retains all its components on the user's device as there is no uninstall option to dump the files.\n","ACR-075":"After the carrier app was canceled during installation, the offers were still installed without any notification for the user.\n","ACR-039":"Download Manager secretly writes the QBittorrent files (some are set to hide the protected operating system-only files) to the consumer system under a hidden folder (C:\\Users\\User\\AppData\\Local\\Temp) without the user agreeing to install them.\n"},"nonDeceptorViolations":{"ACR-044":"1. The download manager doesn't disclose its bundling function when the user chooses to install the carrier app.\n2. No explicit attribution for the 3rd party Offer provider is shown at installation. Missing clear information about significant functions that it may show offers during installation. \n","ACR-040":"Download Manager secretly writes the QBittorrent files (some are set to hide the protected operating system-only files) to the consumer system under a hidden folder (C:\\Users\\User\\AppData\\Local\\Temp) without the user agreeing to install them.\n","ACR-093":"The app attempts to secretly write the QBittorrent file under which it is set to hide the protected operating system files without allowing the user to view/execute/remove the file. \n","ACR-123":"The app does not provide options to uninstall the \"QBittorrent\" downloader, thereby leaving the system unreverted and setting changes to the state of the user's system prior to the original app installation.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Users\\User\\AppData\\Local\\Temp\\is-UBH3S.tmp\\qbittorrent.exe","companyName":"The qBittorrent Project","productName":"qBittorrent","productVersion":"v4.4.2","fileVersion":"v4.4.2","hashMD5":"22a34900ada67ead7e634eb693bd3095","hashSHA1":"2913c78bcaaa6f4ee22b0977be72333d2077191d","hashSHA256":"3cec1e40e8116a35aac6df3da0356864e5d14bc7687c502c7936ee9b7c1b9c58","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"878","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"Parappa The Rapper_buF-cz1.exe","isInstaller":"True","companyName":"                                                            ","productName":"AKSIUM AUDIT OOO                                           ","productVersion":"3.334.90                                          ","fileVersion":"3.334.90            ","hashMD5":"98f37b09dadc616079b92a6c5afdd066","hashSHA1":"b55932b9c10046cfccde0210d5da29f3e5b2afb9","hashSHA256":"1f4f7b787ee329059e4de4487ba5c17c7c6ca3be95b72c9873fc9380632fa1f9","digitalCertThumbprint":"E90AFBDA12D6B40BED9A1B68443BD5098672B9B4","digitalCertIssuer":"Domain The Net Technologies Ltd CA for Code Signing R2","digitalCertIssuedTo":"Axium Audit","storeId":"","sourceIndex":"878","avBlockList":["360 Total Security (20231012)","Avira Internet Security (20231012)","COMODO Antivirus (20231012)","Dr.Web Security Space (20231012)","ESET Internet Security (20231012)","G DATA INTERNET SECURITY (20231012)","K7 Total Security (20231012)","Kaspersky Internet Security (20231012)","Malwarebytes Premium (20231012)","McAfee Total Protection (20231012)","Norton Security (20231012)","Panda Dome (20231012)","Quick Heal Internet Security (20231012)","Sophos Home Premium (20231012)","SpyHunter5 (20231012)","Total AV Antivirus Pro (20231012)","VirIT eXplorer PRO (20231012)","Webroot SecureAnywhere (20231012)"],"avAllowList":["Avast Premium Security (20231012)","AVG Internet Security (20231012)","Bitdefender Internet Security (20231012)","Trend Micro Internet Security (20231012)","VIPRE Advanced Security (20231012)","Windows Defender (20231012)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt on bundlers","reference":"","landingPage":"https://gamefabrique.com/games/parappa-the-rapper/","directDownloadingLink":"https://d21wo3xv2sta2f.cloudfront.net/installer/4162152/29319718575490","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://d21wo3xv2sta2f.cloudfront.net/installer/4162152/29319718575490","sourceIndex":"878"}],"sampleFiles":["231002/AksiumAuditOOODownloadManager-230927/3.334.90/Samples/Parappa The Rapper_buF-cz1.exe"],"imageFiles":["231002/AksiumAuditOOODownloadManager-230927/3.334.90/Images/ACR-109/ACR-109.JPG","231002/AksiumAuditOOODownloadManager-230927/3.334.90/Images/ACR-109/ACR-109 (1).JPG","231002/AksiumAuditOOODownloadManager-230927/3.334.90/Images/ACR-109/ACR-109 (2).JPG","231002/AksiumAuditOOODownloadManager-230927/3.334.90/Images/ACR-039/ACR-039.JPG","231002/AksiumAuditOOODownloadManager-230927/3.334.90/Images/ACR-039/ACR-039 (1).JPG","231002/AksiumAuditOOODownloadManager-230927/3.334.90/Images/ACR-039/ACR-039 (2).JPG","231002/AksiumAuditOOODownloadManager-230927/3.334.90/Images/ACR-043/ACR-043.JPG","231002/AksiumAuditOOODownloadManager-230927/3.334.90/Images/ACR-043/ACR-043 (1).JPG","231002/AksiumAuditOOODownloadManager-230927/3.334.90/Images/ACR-043/ACR-043 (2).JPG","231002/AksiumAuditOOODownloadManager-230927/3.334.90/Images/ACR-107/ACR-107.JPG","231002/AksiumAuditOOODownloadManager-230927/3.334.90/Images/ACR-042/ACR-042.JPG","231002/AksiumAuditOOODownloadManager-230927/3.334.90/Images/ACR-042/ACR-042_1.JPG","231002/AksiumAuditOOODownloadManager-230927/3.334.90/Images/ACR-042/ACR-042 (3).JPG","231002/AksiumAuditOOODownloadManager-230927/3.334.90/Images/ACR-042/ACR-042 (4).JPG","231002/AksiumAuditOOODownloadManager-230927/3.334.90/Images/ACR-013/ACR-013 (1).JPG","231002/AksiumAuditOOODownloadManager-230927/3.334.90/Images/ACR-013/ACR-013 (2).JPG","231002/AksiumAuditOOODownloadManager-230927/3.334.90/Images/ACR-013/ACR-013 (3).JPG","231002/AksiumAuditOOODownloadManager-230927/3.334.90/Images/ACR-084/ACR-084.JPG","231002/AksiumAuditOOODownloadManager-230927/3.334.90/Images/ACR-097/ACR-097 (2).JPG","231002/AksiumAuditOOODownloadManager-230927/3.334.90/Images/ACR-097/ACR-097_1.JPG","231002/AksiumAuditOOODownloadManager-230927/3.334.90/Images/ACR-048/ACR-048.JPG","231002/AksiumAuditOOODownloadManager-230927/3.334.90/Images/ACR-048/ACR-048_1.JPG","231002/AksiumAuditOOODownloadManager-230927/3.334.90/Images/ACR-007/ACR-007.JPG","231002/AksiumAuditOOODownloadManager-230927/3.334.90/Images/ACR-007/ACR-007 (2).JPG","231002/AksiumAuditOOODownloadManager-230927/3.334.90/Images/ACR-116/ACR-116 (1).JPG","231002/AksiumAuditOOODownloadManager-230927/3.334.90/Images/ACR-116/ACR-116 (2).JPG","231002/AksiumAuditOOODownloadManager-230927/3.334.90/Images/ACR-117/ACR-117.JPG","231002/AksiumAuditOOODownloadManager-230927/3.334.90/Images/ACR-118/ACR-118.JPG","231002/AksiumAuditOOODownloadManager-230927/3.334.90/Images/ACR-075/ACR-075_Bundler-made offers_1.png","231002/AksiumAuditOOODownloadManager-230927/3.334.90/Images/ACR-060/ACR-060 (1).JPG","231002/AksiumAuditOOODownloadManager-230927/3.334.90/Images/ACR-060/ACR-060 (2).JPG","231002/AksiumAuditOOODownloadManager-230927/3.334.90/Images/ACR-060/ACR-060 (3).JPG"],"nonDeceptorImageFiles":["231002/AksiumAuditOOODownloadManager-230927/3.334.90/Images/ACR-044/ACR-044.JPG","231002/AksiumAuditOOODownloadManager-230927/3.334.90/Images/ACR-044/ACR-044 (1).JPG","231002/AksiumAuditOOODownloadManager-230927/3.334.90/Images/ACR-044/ACR-044 (2).JPG","231002/AksiumAuditOOODownloadManager-230927/3.334.90/Images/ACR-044/ACR-044 (3).JPG","231002/AksiumAuditOOODownloadManager-230927/3.334.90/Images/ACR-044/ACR-044 (4).JPG","231002/AksiumAuditOOODownloadManager-230927/3.334.90/Images/ACR-044/ACR-044 (5).JPG","231002/AksiumAuditOOODownloadManager-230927/3.334.90/Images/ACR-040/ACR-040.JPG","231002/AksiumAuditOOODownloadManager-230927/3.334.90/Images/ACR-093/ACR_093.JPG","231002/AksiumAuditOOODownloadManager-230927/3.334.90/Images/ACR-093/ACR-093 (2).JPG","231002/AksiumAuditOOODownloadManager-230927/3.334.90/Images/ACR-123/ACR-123.JPG","231002/AksiumAuditOOODownloadManager-230927/3.334.90/Images/ACR-123/ACR-123_1.JPG"],"guid":"be209f6a-0904-4649-a8fa-9ad4873f4a8c_3.334.90_1","appID":"AksiumAuditOOODownloadManager-230927","dateAdded":"231002","deceptorType":"Bundler","name":"AKSIUM AUDIT, OOO Download Manager","company":"GameFabrique","version":"3.334.90","lastKnownStatus":"3.334.90","lastKnownDate":"231002","type":"Windows Executable","category":"Bundlers & Downloaders, Games","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"cross-sell other apps","lastUpdate":"2023-10-02T21:26:18.0928025+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":853},{"violations":{"ACR-048":"The app does not provide control the cancel the installation process.\nThe app does not provide any control to close the app completely within the app's settings.\n","ACR-013":"During installation, the user is interrupted by non-consented offer to silently install unrelated software.\n","ACR-017":"The 3rd party endorsement (https://www.pdf-suite.com/join/) is not verifiable. \n","ACR-084":"On closing the app, the application doesn't exit completely. It runs silently in the background without providing any notification to the user that it is active. \n","ACR-155":"Offer is inserted into the install workflow with a pre-checked checkbox to trick the consumer into installing the offer.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"PDFSuite2021Installer.exe","isInstaller":"True","companyName":"Interactive Brands Malta Limited","productName":"PDF Suite 2021 Installer","productVersion":"19.0.31.1888","fileVersion":"19.0.31.1888","hashMD5":"c8bcb696ac71c39f572012a3da86ca44","hashSHA1":"80b5a731e701cced2f591dec0af969086db3170b","hashSHA256":"0084bee54da2ee69cd6e066c734246b0c3c16ff43c151676a0257905b7217f22","digitalCertThumbprint":"10DFEDFA14DCA57EB58DF3A3DF6E2F3CEDCB6CCB","digitalCertIssuer":"Entrust Extended Validation Code Signing CA - EVCS2","digitalCertIssuedTo":"Avanquest Software (7270356 Canada Inc)","storeId":"","sourceIndex":"885","avBlockList":["360 Total Security (20230907)","Avira Internet Security (20230907)","Dr.Web Security Space (20230907)","ESET Internet Security (20230907)","K7 Total Security (20230907)","Malwarebytes Premium (20230907)","Norton Security (20230907)","Panda Dome (20230907)","Sophos Home Premium (20230907)","SpyHunter5 (20230907)","Total AV Antivirus Pro (20230907)","VirIT eXplorer PRO (20230907)"],"avAllowList":["Avast Premium Security (20230907)","AVG Internet Security (20230907)","Bitdefender Internet Security (20230907)","COMODO Antivirus (20230907)","G DATA INTERNET SECURITY (20230907)","Kaspersky Internet Security (20230907)","McAfee Total Protection (20230907)","Quick Heal Internet Security (20230907)","Trend Micro Internet Security (20230907)","VIPRE Advanced Security (20230907)","Webroot SecureAnywhere (20230907)","Windows Defender (20230907)"]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on Bundlers","reference":"","landingPage":"https://www.pdf-suite.com/","directDownloadingLink":"https://www.pdf-suite.com/download/suite20/?mkey1=pdf-suite.com","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.pdf-suite.com/download/suite20/?mkey1=pdf-suite.com","sourceIndex":"885"}],"sampleFiles":["230928/PDFSuite-230808/19.0.31.1888/Samples/PDFSuite2021Installer.exe"],"imageFiles":["230928/PDFSuite-230808/19.0.31.1888/Images/ACR-048/ACR-048(1).JPG","230928/PDFSuite-230808/19.0.31.1888/Images/ACR-013/ACR-013.JPG","230928/PDFSuite-230808/19.0.31.1888/Images/ACR-084/ACR-084_1.JPG","230928/PDFSuite-230808/19.0.31.1888/Images/ACR-048/ACR-048.JPG","230928/PDFSuite-230808/19.0.31.1888/Images/ACR-048/ACR-048_1.JPG","230928/PDFSuite-230808/19.0.31.1888/Images/ACR-155/ACR-155.JPG","230928/PDFSuite-230808/19.0.31.1888/Images/ACR-017/ACR-017_Internal offers_1.png"],"nonDeceptorImageFiles":[],"guid":"43d0fc90-a475-403e-9106-1e095d097268_19.0.31.1888_1","appID":"PDFSuite-230808","dateAdded":"230928","deceptorType":"Bundler","name":"PDF Suite","company":"Interactive Brands Malta Limited","version":"19.0.31.1888","firstVendorContactDate":"230901","firstAppEsteemReplyDate":"230901","firstResolvedDate":"230928","firstResolvedVersion":"20.0.10.21497","resolved":"TRUE","lastKnownStatus":"19.0.31.1888","lastKnownDate":"230928","type":"Windows Executable","category":"SysTools & Utilities, Bundlers & Downloaders","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2023-09-28T19:09:45.7997633+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":854},{"violations":{"ACR-048":"The app does not provide an option to cancel the installation and there is no way to exit the warning pop-up message that claims malware detection in the system.\n","ACR-003":"The App uses alarming colors and the word \"Error\" to make exaggerated claims about the system's health. The reports are not substantiated and urges the user to call the support number in order to fix the issue.\n","ACR-004":"The App uses the alarming colors and the word \"Error\" making exaggerated claims about the system's health without substantiating the scan results. It compels user to call the support number in order to complete the fix for the issues found in the system.\n","ACR-006":"The monetization should be clearly attributed. The call center name and website should be disclosed next to phone number.\n","ACR-168":"The app displays a support call center phone number, but does not disclose that additional offers may be made on the one-on-one interaction with the consumer.\n\n","ACR-014":"The App misleads consumer into thinking that they have a system issue by displaying exaggerated number of \"errors\" and by using alarming colors without substantiating the scan results. It also urges the user to contact the support number in order to complete the fix for the issues found.\n \n"},"nonDeceptorViolations":{"ACR-160":"The app needs to use certified call center \n","ACR-168":"The Landing Page displays a support call center phone number, but does not disclose that additional offers may be made on the one-on-one interaction with the consumer. The support number does not matched what is displayed in the app.\n\n"},"samples":[{"isRevoked":"False","fileName":"Global PC Cleaner Pro.exe","fileVersion":"1.0","hashMD5":"9c7d2501548dda06b19e6ddacc2f2322","hashSHA1":"e0be1c985829141235a0a241599e473a9e7c5e91","hashSHA256":"f9e889a1aa1ec425de3d0247f938ce86a72bbf17a6de565654e321a1d3bfa42c","sourceIndex":"261","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"Global-PC-Cleaner-Pro-2.exe","isInstaller":"True","companyName":"Global ManySoft LTD","fileVersion":"1.0","hashMD5":"36be4f2cc3797a7ed17f0e3a2d3428dd","hashSHA1":"fe2732d1d4f5bed840f07afce9a40ba7194b6fa3","hashSHA256":"26bc674d0ea7798b9066b84e8bebe4a10a9077d3fc1ecad0f59d0722e4776668","sourceIndex":"261","avBlockList":["360 Total Security (20230420)","Avast Premium Security (20230420)","AVG Internet Security (20230420)","Avira Internet Security (20230420)","Bitdefender Internet Security (20230420)","COMODO Antivirus (20230420)","ESET Internet Security (20230420)","G DATA INTERNET SECURITY (20230420)","K7 Total Security (20230420)","Kaspersky Internet Security (20230420)","Malwarebytes Premium (20230420)","McAfee Total Protection (20230420)","Norton Security (20230420)","Panda Dome (20230420)","Quick Heal Internet Security (20230420)","Sophos Home Premium (20230420)","SpyHunter5 (20230420)","Total AV Antivirus Pro (20230420)","VIPRE Advanced Security (20230420)","VirIT eXplorer PRO (20230420)","Webroot SecureAnywhere (20230420)","Windows Defender (20230420)"],"avAllowList":["Dr.Web Security Space (20230420)","Trend Micro Internet Security (20230420)"]},{"isRevoked":"False","fileName":"Global-PC-Cleaner-Silentsent.exe","isInstaller":"True","companyName":"Global ManySoft LTD","fileVersion":"1.0","hashMD5":"dac21331094d3402ecac03975c666acc","hashSHA1":"207ae19140ecb8448b05afb629b209b06ac7d540","hashSHA256":"152e046e93132f29204032fd79017cb4327b90e74ff742c17fe6e753dc4f3108","sourceIndex":"261","avBlockList":["360 Total Security (20231005)","Avast Premium Security (20231005)","AVG Internet Security (20231005)","Avira Internet Security (20231005)","ESET Internet Security (20231005)","Kaspersky Internet Security (20231005)","Malwarebytes Premium (20231005)","McAfee Total Protection (20231005)","Norton Security (20231005)","Panda Dome (20231005)","Quick Heal Internet Security (20231005)","Sophos Home Premium (20231005)","SpyHunter5 (20231005)","Total AV Antivirus Pro (20231005)","VirIT eXplorer PRO (20231005)","Webroot SecureAnywhere (20231005)"],"avAllowList":["Bitdefender Internet Security (20231005)","COMODO Antivirus (20231005)","Dr.Web Security Space (20231005)","G DATA INTERNET SECURITY (20231005)","K7 Total Security (20231005)","Trend Micro Internet Security (20231005)","VIPRE Advanced Security (20231005)","Windows Defender (20231005)"]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"","landingPage":"https://globalmanysoft.com/","directDownloadingLink":"http://globalmanysoft.com/wp-content/uploads/2023/03/Global-PC-Cleaner-Pro-2.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://globalmanysoft.com/wp-content/uploads/2023/03/Global-PC-Cleaner-Pro-2.exe","sourceIndex":"261"}],"sampleFiles":["230927/GlobalPCCleanerPro-230413/1.0.0.0/Samples/Global PC Cleaner Pro.exe","230927/GlobalPCCleanerPro-230413/1.0.0.0/Samples/Global-PC-Cleaner-Pro-2.exe","230927/GlobalPCCleanerPro-230413/1.0.0.0/Samples/Global-PC-Cleaner-Silentsent.exe"],"imageFiles":["230927/GlobalPCCleanerPro-230413/1.0.0.0/Images/ACR-048/Cannot_Cancel_Installation.jpg","230927/GlobalPCCleanerPro-230413/1.0.0.0/Images/ACR-048/Warning_malware_detection.jpg","230927/GlobalPCCleanerPro-230413/1.0.0.0/Images/ACR-004/Alarming_ScanResults.jpg","230927/GlobalPCCleanerPro-230413/1.0.0.0/Images/ACR-004/Alarming_ScanResults_.jpg","230927/GlobalPCCleanerPro-230413/1.0.0.0/Images/ACR-004/Warning_malware_detection.jpg","230927/GlobalPCCleanerPro-230413/1.0.0.0/Images/ACR-168/Support.jpg","230927/GlobalPCCleanerPro-230413/1.0.0.0/Images/ACR-168/Alarming_ScanResults_.jpg","230927/GlobalPCCleanerPro-230413/1.0.0.0/Images/ACR-003/Alarming_ScanResults.jpg","230927/GlobalPCCleanerPro-230413/1.0.0.0/Images/ACR-003/Alarming_ScanResults_.jpg","230927/GlobalPCCleanerPro-230413/1.0.0.0/Images/ACR-003/Warning_malware_detection.jpg","230927/GlobalPCCleanerPro-230413/1.0.0.0/Images/ACR-006/Support.jpg","230927/GlobalPCCleanerPro-230413/1.0.0.0/Images/ACR-014/Alarming_ScanResults.jpg","230927/GlobalPCCleanerPro-230413/1.0.0.0/Images/ACR-014/Alarming_ScanResults_.jpg","230927/GlobalPCCleanerPro-230413/1.0.0.0/Images/ACR-014/Warning_malware_detection.jpg"],"nonDeceptorImageFiles":["230927/GlobalPCCleanerPro-230413/1.0.0.0/Images/ACR-168/CallCenter.jpg","230927/GlobalPCCleanerPro-230413/1.0.0.0/Images/ACR-006/GlobalPCCleaner_LP.png"],"guid":"0ae54986-510a-4e6b-825f-900fdea179f7_1.0.0.0_1","appID":"GlobalPCCleanerPro-230413","dateAdded":"230927","deceptorType":"App","name":"Global PC Cleaner Pro","company":"Global ManySoft LTD","version":"1.0.0.0","lastKnownStatus":"Deceptor:1.0.0.0","lastKnownDate":"241231","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2024-12-31T23:22:36.8615971+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":855},{"violations":{"ACR-046":"The Yandex Offer is preselected in the installation and requires user action in order to decline the offer. \n\n","ACR-003":"The application exaggerates cache, junk files and registry entries as being problems, thereby misleading or scaring user to take action. \n","ACR-004":"The app requires the user to upgrade to provide complete fix for non-permanent issues identified during free scan.\n\n","ACR-055":"Accept and decline for the optional offer must be obvious.\n","ACR-155":"Offer is inserted into the install workflow with a pre-selected option to trick the consumer to install the offer. \n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"ARNMNGR.EXE","companyName":"AMS Software","productName":"Ускоритель компьютера - Менеджер отложенного запуска","productVersion":"1.0","fileVersion":"1.0.0.304","hashMD5":"ee11f8a5da89f386e01d1d1c755f17f4","hashSHA1":"537390d76cedbb75f62eab625aca96bdd921b710","hashSHA256":"81b6f3e11c995092871afc548f339eb9676cd834f44c6bb7ea9849d5a1b6fb1f","digitalCertThumbprint":"EA92364DD9408FF347BDD7063C2824E7C4ED6139","digitalCertIssuer":"CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US","digitalCertIssuedTo":"CN=AMS Software LLC, O=AMS Software LLC, L=Yaroslavl, S=Yaroslavskaya oblast, C=RU","sourceIndex":"1329","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"FastComputerOT.exe","isInstaller":"True","companyName":"AMS Software                                                ","fileVersion":"0.0","hashMD5":"aed48168d055fd42beb4c36a7f52c424","hashSHA1":"e21d8e59818b5e7fac2952a1d50ee2b34c4ff28c","hashSHA256":"d8b3765851ae983c2d3233730f3c5059b01021d20e1515b94fd48c9feb21bd1c","digitalCertThumbprint":"EA92364DD9408FF347BDD7063C2824E7C4ED6139","digitalCertIssuer":"CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US","digitalCertIssuedTo":"CN=AMS Software LLC, O=AMS Software LLC, L=Yaroslavl, S=Yaroslavskaya oblast, C=RU","sourceIndex":"1329","avBlockList":["Avast Premium Security (20231003)","AVG Internet Security (20231003)","Avira Internet Security (20231003)","Dr.Web Security Space (20231003)","ESET Internet Security (20231003)","K7 Total Security (20231003)","Kaspersky Internet Security (20231003)","Malwarebytes Premium (20231003)","McAfee Total Protection (20231003)","Norton Security (20231003)","Panda Dome (20231003)","Quick Heal Internet Security (20231003)","Sophos Home Premium (20231003)","SpyHunter5 (20231003)","Total AV Antivirus Pro (20231003)","VirIT eXplorer PRO (20231003)","Webroot SecureAnywhere (20231003)","Windows Defender (20231003)"],"avAllowList":["360 Total Security (20231003)","Bitdefender Internet Security (20231003)","COMODO Antivirus (20231003)","G DATA INTERNET SECURITY (20231003)","Trend Micro Internet Security (20231003)","VIPRE Advanced Security (20231003)"]},{"isRevoked":"False","fileName":"OPTIM.EXE","companyName":"AMS Software","productName":"Ускоритель компьютера","productVersion":"4.0","fileVersion":"4.0.0.806","hashMD5":"6611035a18ced728d8096918cf2b7b5c","hashSHA1":"795b0bcb215180582c960c271f0189488771c3d2","hashSHA256":"49d57851ec6ce86ca761829e327c21fb696d2b6816b7f1585200998e54384427","digitalCertThumbprint":"EA92364DD9408FF347BDD7063C2824E7C4ED6139","digitalCertIssuer":"CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US","digitalCertIssuedTo":"CN=AMS Software LLC, O=AMS Software LLC, L=Yaroslavl, S=Yaroslavskaya oblast, C=RU","sourceIndex":"1329","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"OptimAdmin.exe","companyName":"AMS Software","productName":"Ускоритель компьютера","productVersion":"4.0","fileVersion":"4.0.0.806","hashMD5":"999fd306374f133020540c04b5b34069","hashSHA1":"494dfd811a5c3b51999c11c079db03a18e3bc6ec","hashSHA256":"d79834e01508f481465bcd9edbd2a778f92199b3e57fda4e2469e7eedfdecc5d","digitalCertThumbprint":"EA92364DD9408FF347BDD7063C2824E7C4ED6139","digitalCertIssuer":"CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US","digitalCertIssuedTo":"CN=AMS Software LLC, O=AMS Software LLC, L=Yaroslavl, S=Yaroslavskaya oblast, C=RU","sourceIndex":"1329","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"appforwin software downloads","reference":"","landingPage":"https://fast-computer.su/","directDownloadingLink":"https://fast-computer.su/out_pages.php?out=FastComputerOT.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://fast-computer.su/out_pages.php?out=FastComputerOT.exe","sourceIndex":"1329"}],"sampleFiles":["221111/FastComputer-221104/4.0.0.304/Samples/ArnMngr.exe","221111/FastComputer-221104/4.0.0.304/Samples/FastComputerOT.exe","221111/FastComputer-221104/4.0.0.304/Samples/Optim.exe","221111/FastComputer-221104/4.0.0.304/Samples/OptimAdmin.exe"],"imageFiles":["221111/FastComputer-221104/4.0.0.304/Images/ACR-046/ACR-155_046_055_048_Yandex.jpg","221111/FastComputer-221104/4.0.0.304/Images/ACR-055/ACR-155_046_055_048_Yandex.jpg","221111/FastComputer-221104/4.0.0.304/Images/ACR-004/ACR-004_IncompleteFix_non_permanent_items.jpg","221111/FastComputer-221104/4.0.0.304/Images/ACR-003/ACR-003_Problems_Errors.jpg","221111/FastComputer-221104/4.0.0.304/Images/ACR-003/ACR-003_Fix_Problems.jpg","221111/FastComputer-221104/4.0.0.304/Images/ACR-003/ACR-003_Problems_Errors_Registries.jpg","221111/FastComputer-221104/4.0.0.304/Images/ACR-155/ACR-155_046_055_048_Yandex.jpg"],"nonDeceptorImageFiles":[],"guid":"34a26a53-87a1-4349-ab5a-c18253a18140_4.0.0.304_1","appID":"FastComputer-221104","dateAdded":"230927","deceptorType":"App","name":"Fast Computer","company":"AMS Software","version":"4.0.0.304","lastKnownStatus":"Deceptor:4.0.0.304;4.0.0.806","lastKnownDate":"230927","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,paid,sold in bundle","lastUpdate":"2023-09-27T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":857},{"violations":{"ACR-046":"The Yandex Offer is preselected in the installation and requires user action in order to decline the offer. \n\n","ACR-003":"The application exaggerates cache, junk files and registry entries as \"Errors\", misleading or scaring user to take action. \n","ACR-004":"The app requires the user to upgrade in order to provide complete fix for non-permanent issues identified during free scan.\n\n","ACR-055":"Accept and decline for the optional offer must be obvious.\n","ACR-155":"Offer is inserted into the install workflow with a pre-selected option to trick the consumer to install the offer. \n"},"nonDeceptorViolations":{"ACR-035":"The app does not provide EULA/Terms of Service, Returns and Cancellation Policy, and Privacy Policy in the software and landing page.\n","ACR-037":"The app does not provide Privacy Policy in the software and landing page.\n"},"samples":[{"isRevoked":"False","fileName":"FastComputerPS1.exe","isInstaller":"True","companyName":"AMS Software                                                ","fileVersion":"0.0","hashMD5":"aed48168d055fd42beb4c36a7f52c424","hashSHA1":"e21d8e59818b5e7fac2952a1d50ee2b34c4ff28c","hashSHA256":"d8b3765851ae983c2d3233730f3c5059b01021d20e1515b94fd48c9feb21bd1c","digitalCertThumbprint":"EA92364DD9408FF347BDD7063C2824E7C4ED6139","digitalCertIssuer":"CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US","digitalCertIssuedTo":"CN=AMS Software LLC, O=AMS Software LLC, L=Yaroslavl, S=Yaroslavskaya oblast, C=RU","sourceIndex":"887","avBlockList":["Avast Premium Security (20231003)","AVG Internet Security (20231003)","Avira Internet Security (20231003)","Dr.Web Security Space (20231003)","ESET Internet Security (20231003)","K7 Total Security (20231003)","Kaspersky Internet Security (20231003)","Malwarebytes Premium (20231003)","McAfee Total Protection (20231003)","Norton Security (20231003)","Panda Dome (20231003)","Quick Heal Internet Security (20231003)","Sophos Home Premium (20231003)","SpyHunter5 (20231003)","Total AV Antivirus Pro (20231003)","VirIT eXplorer PRO (20231003)","Webroot SecureAnywhere (20231003)","Windows Defender (20231003)"],"avAllowList":["360 Total Security (20231003)","Bitdefender Internet Security (20231003)","COMODO Antivirus (20231003)","G DATA INTERNET SECURITY (20231003)","Trend Micro Internet Security (20231003)","VIPRE Advanced Security (20231003)"]},{"isRevoked":"False","fileName":"OPTIM.EXE","companyName":"AMS Software","productName":"Ускоритель компьютера","productVersion":"","fileVersion":"4.0.0.806","hashMD5":"6611035a18ced728d8096918cf2b7b5c","hashSHA1":"795b0bcb215180582c960c271f0189488771c3d2","hashSHA256":"49d57851ec6ce86ca761829e327c21fb696d2b6816b7f1585200998e54384427","digitalCertThumbprint":"EA92364DD9408FF347BDD7063C2824E7C4ED6139","digitalCertIssuer":"CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US","digitalCertIssuedTo":"CN=AMS Software LLC, O=AMS Software LLC, L=Yaroslavl, S=Yaroslavskaya oblast, C=RU","sourceIndex":"887","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"OptimAdmin.exe","companyName":"AMS Software","productName":"Ускоритель компьютера","fileVersion":"4.0.0.806","hashMD5":"999fd306374f133020540c04b5b34069","hashSHA1":"494dfd811a5c3b51999c11c079db03a18e3bc6ec","hashSHA256":"d79834e01508f481465bcd9edbd2a778f92199b3e57fda4e2469e7eedfdecc5d","digitalCertThumbprint":"EA92364DD9408FF347BDD7063C2824E7C4ED6139","digitalCertIssuer":"CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US","digitalCertIssuedTo":"CN=AMS Software LLC, O=AMS Software LLC, L=Yaroslavl, S=Yaroslavskaya oblast, C=RU","sourceIndex":"887","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"FastComputerOT.exe","isInstaller":"True","companyName":"AMS Software                                                ","fileVersion":"0.0","hashMD5":"092cb29cae53fb5c7cfa4f7110876638","hashSHA1":"5a4150bac1d72c9a23922210d48a3a794f2b377e","hashSHA256":"30e3858c7f596f8be3de21298d79f42e1f1fefdf932e65b4b8806476c68f4e9e","digitalCertThumbprint":"063091C0E731D1A159BE1FF07512C88469065948","digitalCertIssuer":"CN=GlobalSign GCC R45 CodeSigning CA 2020, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"E=hr@ams-soft.ru, CN=AMS SOFTWARE LLC, O=AMS SOFTWARE LLC, L=Yaroslavl, S=Yaroslavl Oblast, C=RU","sourceIndex":"887","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"appforwin software downloads","reference":"","landingPage":"https://fast-computer.su/","directDownloadingLink":"https://fast-computer.su/out_pages.php?out=FastComputerOT.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://fast-computer.su/out_pages.php?out=FastComputerOT.exe","sourceIndex":"887"},{"howFound":"similar site for fast-computer.su","reference":"","landingPage":"http://ideal-pc.ru/","directDownloadingLink":"http://fast-computer.su/out_pages.php?out=FastComputerPS1.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://fast-computer.su/out_pages.php?out=FastComputerPS1.exe","sourceIndex":"888"}],"sampleFiles":["230927/FastComputer-221104/4.0.0.806/Samples/FastComputerPS1.exe","230927/FastComputer-221104/4.0.0.806/Samples/Optim.exe","230927/FastComputer-221104/4.0.0.806/Samples/OptimAdmin.exe","230927/FastComputer-221104/4.0.0.806/Samples/FastComputerOT.exe"],"imageFiles":["230927/FastComputer-221104/4.0.0.806/Images/ACR-046/ACR-046_YandexOffer.jpg","230927/FastComputer-221104/4.0.0.806/Images/ACR-055/YandexOffer.jpg","230927/FastComputer-221104/4.0.0.806/Images/ACR-004/ACR-004_ScanResult.jpg","230927/FastComputer-221104/4.0.0.806/Images/ACR-004/ACR-004_RegistryItems.jpg","230927/FastComputer-221104/4.0.0.806/Images/ACR-004/ACR-004_IncompleteFix.jpg","230927/FastComputer-221104/4.0.0.806/Images/ACR-003/ACR-004_ScanResult.jpg","230927/FastComputer-221104/4.0.0.806/Images/ACR-003/ExaggeratedScanResult-1.jpg","230927/FastComputer-221104/4.0.0.806/Images/ACR-003/RegistryAsErrors.jpg","230927/FastComputer-221104/4.0.0.806/Images/ACR-155/YandexOffer.jpg"],"nonDeceptorImageFiles":["230927/FastComputer-221104/4.0.0.806/Images/ACR-035/Install.jpg","230927/FastComputer-221104/4.0.0.806/Images/ACR-035/LandingPage_fastcomputer.su.jpeg","230927/FastComputer-221104/4.0.0.806/Images/ACR-035/LandingPage_ideal-pc.ru.jpeg","230927/FastComputer-221104/4.0.0.806/Images/ACR-037/About.jpg","230927/FastComputer-221104/4.0.0.806/Images/ACR-037/NoPP.jpg","230927/FastComputer-221104/4.0.0.806/Images/ACR-037/LandingPage_fastcomputer.su.jpeg","230927/FastComputer-221104/4.0.0.806/Images/ACR-037/LandingPage_ideal-pc.ru.jpeg"],"guid":"34a26a53-87a1-4349-ab5a-c18253a18140_4.0.0.806_1","appID":"FastComputer-221104","dateAdded":"230927","deceptorType":"App","name":"Fast Computer","company":"AMS Software","version":"4.0.0.806","lastKnownStatus":"Deceptor:4.0.0.304;4.0.0.806","lastKnownDate":"230927","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,paid,sold in bundle","lastUpdate":"2023-09-27T16:40:06.9991311+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":856},{"violations":{"ACR-055":"Accept and Decline options are not made obvious for the Offer that is not directly related to the main app.\n","ACR-059":"Inline Offer for VideoProc is not marked as an \"Offer\" or \"Optional Offer\".\nOffers that are not related to the main app are not marked as \"Optional Offer\" instead of identifying the offer as \"Recommended Software\" to install. \n","ACR-155":"The optional offer is designed to look like part of the install workflow.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"5KPlayer.exe","companyName":"DearMob","fileVersion":"6.9","hashMD5":"d6fb8e23d5f41f506e1097debf88bfe4","hashSHA1":"0fe971fe7b7a8d28b6155e6759dbb413f7389d39","hashSHA256":"f2ec97f8435d1ceadd54a786fca4a73623950db9c099d5ddd7b28cf7ed1468ee","digitalCertThumbprint":"E122C1337C0DCAE9D48B776CCFD12A70C33F9CE8","digitalCertIssuer":"CN=DigiCert SHA2 Assured ID Code Signing CA, OU=www.digicert.com, O=DigiCert Inc, C=US","digitalCertIssuedTo":"CN=\"Digiarty Software, Inc.\", O=\"Digiarty Software, Inc.\", L=Chengdu, S=Sichuan, C=CN","sourceIndex":"587","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"5kplayer-setup.exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"2b29e20fd511ce3b49dcea30617b74f2","hashSHA1":"88b4b0e07ad870d1ad3adeaef9686f2f4cf4b0d0","hashSHA256":"331cd19561aa85c86bfcdc1397cdf3e194a63b86ec98c62cc3da73f739607be5","digitalCertThumbprint":"DE4B180FD88760E7686847B6A8A5B1D33C2A0DB4","digitalCertIssuer":"CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US","digitalCertIssuedTo":"CN=\"Digiarty Software, Inc.\", OU=Software, O=\"Digiarty Software, Inc.\", L=Chengdu, S=Sichuan, C=CN","sourceIndex":"587","avBlockList":["Avast Premium Security (20240919)","AVG Internet Security (20240919)","Avira Internet Security (20240919)","Malwarebytes Premium (20240919)","McAfee Total Protection (20240919)","Norton Security (20240919)","Panda Dome (20240919)","Quick Heal Internet Security (20240919)","Sophos Home Premium (20240919)","SpyHunter5 (20240919)","Total AV Antivirus Pro (20240919)","VirIT eXplorer PRO (20240919)","Webroot SecureAnywhere (20240919)","Windows Defender (20240919)","FortectPremium (20240919)"],"avAllowList":["360 Total Security (20240919)","Bitdefender Internet Security (20240919)","COMODO Antivirus (20240919)","Dr.Web Security Space (20240919)","ESET Internet Security (20240919)","G DATA INTERNET SECURITY (20240919)","K7 Total Security (20240919)","Kaspersky Internet Security (20230221)","Trend Micro Internet Security (20240919)","VIPRE Advanced Security (20240919)","KasperskyPremium (20240919)"]},{"isRevoked":"False","fileName":"5kplayer-setup-230926.exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"a792461b4b7b7348efc344300726b36e","hashSHA1":"608dd0c501b71776012234f8a8b1a6e053ef2e32","hashSHA256":"3118cd222de1a4f971a1b915f44f4a379b950aaa4075ada47f6c0a566f080da0","digitalCertThumbprint":"E122C1337C0DCAE9D48B776CCFD12A70C33F9CE8","digitalCertIssuer":"CN=DigiCert SHA2 Assured ID Code Signing CA, OU=www.digicert.com, O=DigiCert Inc, C=US","digitalCertIssuedTo":"CN=\"Digiarty Software, Inc.\", O=\"Digiarty Software, Inc.\", L=Chengdu, S=Sichuan, C=CN","sourceIndex":"587","avBlockList":["Avast Premium Security (20240905)","AVG Internet Security (20240905)","Avira Internet Security (20240905)","Norton Security (20240905)","Panda Dome (20240905)","Sophos Home Premium (20240905)","SpyHunter5 (20240905)","Total AV Antivirus Pro (20240905)","VirIT eXplorer PRO (20240905)","Webroot SecureAnywhere (20240905)","FortectPremium (20240905)"],"avAllowList":["360 Total Security (20240905)","Bitdefender Internet Security (20240905)","COMODO Antivirus (20240905)","Dr.Web Security Space (20240905)","ESET Internet Security (20240905)","G DATA INTERNET SECURITY (20240905)","K7 Total Security (20240905)","Kaspersky Internet Security (20231005)","Malwarebytes Premium (20240905)","McAfee Total Protection (20240905)","Quick Heal Internet Security (20240905)","Trend Micro Internet Security (20240905)","VIPRE Advanced Security (20240905)","Windows Defender (20240905)","KasperskyPremium (20240905)"]},{"isRevoked":"False","fileName":"5kplayer-setup_240723.exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"0cb8a509b925197bd4b94b4c835c8db9","hashSHA1":"b741c00855307aa3a8a3c52c651c2c8d969a4f78","hashSHA256":"02b4b6cd3a3a78cc764cb0ad573a9bce3ab0f1681d5e6926c9501e0ebcd7bbbb","digitalCertThumbprint":"E122C1337C0DCAE9D48B776CCFD12A70C33F9CE8","digitalCertIssuer":"CN=DigiCert SHA2 Assured ID Code Signing CA, OU=www.digicert.com, O=DigiCert Inc, C=US","digitalCertIssuedTo":"CN=\"Digiarty Software, Inc.\", O=\"Digiarty Software, Inc.\", L=Chengdu, S=Sichuan, C=CN","sourceIndex":"587","avBlockList":["Avast Premium Security (20241001)","AVG Internet Security (20241001)","Avira Internet Security (20241001)","FortectPremium (20241001)","Norton Security (20241001)","Panda Dome (20241001)","Sophos Home Premium (20241001)","SpyHunter5 (20241001)","Total AV Antivirus Pro (20241001)","VirIT eXplorer PRO (20241001)","Webroot SecureAnywhere (20241001)"],"avAllowList":["360 Total Security (20241001)","Bitdefender Internet Security (20241001)","COMODO Antivirus (20241001)","Dr.Web Security Space (20241001)","ESET Internet Security (20241001)","G DATA INTERNET SECURITY (20241001)","K7 Total Security (20241001)","Malwarebytes Premium (20241001)","McAfee Total Protection (20241001)","Quick Heal Internet Security (20241001)","Trend Micro Internet Security (20241001)","VIPRE Advanced Security (20241001)","Windows Defender (20241001)","KasperskyPremium (20241001)"]}],"additionalFiles":[],"sources":[{"howFound":"hunt search: player downloader for windows","reference":"","landingPage":"https://www.5kplayer.com","directDownloadingLink":"https://www.5kplayer.com/download/5kplayer-setup.exe","ipv4":"","ipv6":"","landingPageWildChar":"","directDownloadingLinkWildChar":"https://www.5kplayer.com/download/5kplayer-setup.exe","sourceIndex":"587"}],"sampleFiles":["230926/5KPlayer-230202/6.9.0.0/Samples/5KPlayer.exe","230926/5KPlayer-230202/6.9.0.0/Samples/5kplayer-setup.exe","230926/5KPlayer-230202/6.9.0.0/Samples/5kplayer-setup-230926.exe","230926/5KPlayer-230202/6.9.0.0/Samples/5kplayer-setup_240723.exe"],"imageFiles":["230926/5KPlayer-230202/6.9.0.0/Images/ACR-055/OptionalOffer1.jpg","230926/5KPlayer-230202/6.9.0.0/Images/ACR-055/OptionalOffer2.jpg","230926/5KPlayer-230202/6.9.0.0/Images/ACR-055/OptionalOffer3.jpg","230926/5KPlayer-230202/6.9.0.0/Images/ACR-059/InlineOffer.jpg","230926/5KPlayer-230202/6.9.0.0/Images/ACR-059/OptionalOffer1.jpg","230926/5KPlayer-230202/6.9.0.0/Images/ACR-059/OptionalOffer2.jpg","230926/5KPlayer-230202/6.9.0.0/Images/ACR-059/OptionalOffer3.jpg","230926/5KPlayer-230202/6.9.0.0/Images/ACR-155/OptionalOffer1.jpg","230926/5KPlayer-230202/6.9.0.0/Images/ACR-155/OptionalOffer2.jpg","230926/5KPlayer-230202/6.9.0.0/Images/ACR-155/OptionalOffer3.jpg"],"nonDeceptorImageFiles":[],"guid":"47ddd092-8dd8-4a35-8c1d-4fb952b061d0_6.9.0.0_1","appID":"5KPlayer-230202","dateAdded":"230926","deceptorType":"App","name":"5KPlayer","company":"DearMob, Inc.","version":"6.9.0.0","lastKnownStatus":"6.9.0.0","lastKnownDate":"240723","type":"Windows Executable","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","lastUpdate":"2024-07-23T17:45:37.6738002+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":858},{"violations":{"ACR-006":"The user is not informed of the offer providers' monetization approach.\n","ACR-010":"The app distributes deceptor applications. The offered app \"Carambis Cleaner\" interrupts the installation by showing non-consented offers.\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software.\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\Driver Updater\\dupdater.exe","companyName":"ROSTPAY LTD","productName":"Carambis Driver Updater","productVersion":"2.7.0.1436","fileVersion":"2.7.0.1436","hashMD5":"5c0bb39822aa92e5c78720c19646b6d7","hashSHA1":"8cf6a32e564b535c1f6e392225375f0579ac3b26","hashSHA256":"584b5b8041aa0d58008be765841ea4e46cfd29c15391da009256c49925a837cc","digitalCertThumbprint":"316294AA6980C66B0F6EC1E6F7E7FE66E383BEC6","digitalCertIssuer":"GlobalSign GCC R45 EV CodeSigning CA 2020","digitalCertIssuedTo":"ROSTPAY LTD","storeId":"","sourceIndex":"901","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"InstallerDU.exe","isInstaller":"True","companyName":"ROSTPAY LTD.","productName":"Driver Updater","productVersion":"3.0.12","fileVersion":"3.0.12","hashMD5":"f900be3c848f2d595f512f03d996a004","hashSHA1":"43690c4df9ab60fa897d27bd627f946c46755023","hashSHA256":"6e40cdf3fcd3b3f554e8fb9d0f4a3f748c3b6a408fc0d5b0c23f6c8012de3466","digitalCertThumbprint":"316294AA6980C66B0F6EC1E6F7E7FE66E383BEC6","digitalCertIssuer":"GlobalSign GCC R45 EV CodeSigning CA 2020","digitalCertIssuedTo":"ROSTPAY LTD","storeId":"","sourceIndex":"901","avBlockList":["Avira Internet Security (20230420)","Bitdefender Internet Security (20230420)","ESET Internet Security (20230420)","K7 Total Security (20230420)","Kaspersky Internet Security (20230420)","Malwarebytes Premium (20230420)","McAfee Total Protection (20230420)","Norton Security (20230420)","Panda Dome (20230420)","Quick Heal Internet Security (20230420)","Sophos Home Premium (20230420)","SpyHunter5 (20230420)","Total AV Antivirus Pro (20230420)","VIPRE Advanced Security (20230420)","VirIT eXplorer PRO (20230420)","Webroot SecureAnywhere (20230420)","Windows Defender (20230420)"],"avAllowList":["360 Total Security (20230420)","Avast Premium Security (20230420)","AVG Internet Security (20230420)","COMODO Antivirus (20230420)","Dr.Web Security Space (20230420)","G DATA INTERNET SECURITY (20230420)","Trend Micro Internet Security (20230420)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"google.com (best driver update software)","landingPage":"https://www.carambis.com/programs/driver_updater.html","directDownloadingLink":"https://www.carambis.com/programs/driver_updater/download.html","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.carambis.com/programs/driver_updater/download.html","sourceIndex":"901"}],"sampleFiles":["230911/CarambisDriverUpdater-180222/2.7.0.1436/Samples/InstallerDU.exe"],"imageFiles":["230911/CarambisDriverUpdater-180222/2.7.0.1436/Images/ACR-010/ACR-010.JPG","230911/CarambisDriverUpdater-180222/2.7.0.1436/Images/ACR-006/ACR-006.JPG","230911/CarambisDriverUpdater-180222/2.7.0.1436/Images/ACR-006/ACR-006_1.JPG","230911/CarambisDriverUpdater-180222/2.7.0.1436/Images/ACR-006/ACR-006_2.JPG","230911/CarambisDriverUpdater-180222/2.7.0.1436/Images/ACR-060/ACR-060.JPG","230911/CarambisDriverUpdater-180222/2.7.0.1436/Images/ACR-060/ACR-060_1.JPG","230911/CarambisDriverUpdater-180222/2.7.0.1436/Images/ACR-060/ACR-060_2.JPG","230911/CarambisDriverUpdater-180222/2.7.0.1436/Images/ACR-013/ACR-013.JPG","230911/CarambisDriverUpdater-180222/2.7.0.1436/Images/ACR-013/ACR-013_1.JPG","230911/CarambisDriverUpdater-180222/2.7.0.1436/Images/ACR-013/ACR-013_2.JPG"],"nonDeceptorImageFiles":[],"guid":"96fbeab9-3ad1-4029-b232-07c323bde569_2.7.0.1436_1","appID":"CarambisDriverUpdater-180222","dateAdded":"230911","deceptorType":"App","name":"Carambis Driver Updater","company":"Carambis (ROSTPAY LTD.)","version":"2.7.0.1436","firstVendorContactDate":"230901","firstAppEsteemReplyDate":"230901","firstResolvedDate":"230911","firstResolvedVersion":"3.2.0","resolved":"TRUE","lastKnownStatus":"Deceptor:2.4.3.1734,2.6.1328;2.7.0.1436","lastKnownDate":"230911","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows Vista,Windows XP,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,paid","lastUpdate":"2023-09-11T19:59:35.6244185+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":3,"sortOrder":859},{"violations":{"ACR-004":"It says  that the app can update 1 driver but in the end, will ask  for  registration/ payment.\n","ACR-053":"Bundler had four offers no with ability to skip them.\n","ACR-165":"Recurring payment is not disclosed clearly about the time bound discount. \n"},"nonDeceptorViolations":{"ACR-099":"The application has no link to a webpage that shows how to uninstall the app.\n"},"samples":[{"isRevoked":"False","fileName":"InstallerDU.exe","isInstaller":"True","fileVersion":"2.0","hashMD5":"c488c762d55f8beae5758348edeadecf","hashSHA1":"17edc884566de20ea1c1b0684284d7d47b3d646d","hashSHA256":"3b9e2b28ab325dfd46dc9061da46cb0312077efd987518994c4c75590b37a154","digitalCertThumbprint":"9195816A6BE82514AEA696D3F013C37216094385","digitalCertIssuer":"CN=thawte SHA256 Code Signing CA, O=\"thawte, Inc.\", C=US","digitalCertIssuedTo":"L=Rostov-on-Don, CN=ROSTPAY LTD, O=ROSTPAY LTD, S=Rostovskaya obl., C=RU","sourceIndex":"2428","avBlockList":["360 Total Security (20200528)","Avast Premium Security (20200528)","AVG Internet Security (20200528)","Avira Internet Security (20200528)","Bitdefender Internet Security (20200528)","COMODO Antivirus (20200528)","Dr.Web Security Space (20200528)","ESET Internet Security (20200528)","G DATA INTERNET SECURITY (20200528)","K7 Total Security (20200528)","Malwarebytes Premium (20200528)","McAfee Total Protection (20200528)","Norton Security (20200528)","Panda Dome (20200528)","Quick Heal Internet Security (20200528)","Sophos Home Premium (20200528)","SpyHunter5 (20200528)","Tencent PC Manager (20200528)","Total AV Antivirus Pro (20200528)","Trend Micro Internet Security (20200528)","VIPRE Advanced Security (20200528)","VirIT eXplorer PRO (20200528)","Webroot SecureAnywhere (20200528)","Windows Defender (20200528)"],"avAllowList":["Kaspersky Internet Security (20200528)"]},{"isRevoked":"False","fileName":"dupdater.exe","companyName":"ROSTPAY LTD","fileVersion":"2.6","hashMD5":"023babd3324ed606d53c6575a8aba8cb","hashSHA1":"004ed8449fdeee5ed0ca32ccafd1550859ee5a4e","hashSHA256":"d96163446f5edad6143a65750401bb4764135fb7206417fc1a2e64b595f4fe98","digitalCertThumbprint":"9195816A6BE82514AEA696D3F013C37216094385","digitalCertIssuer":"CN=thawte SHA256 Code Signing CA, O=\"thawte, Inc.\", C=US","digitalCertIssuedTo":"L=Rostov-on-Don, CN=ROSTPAY LTD, O=ROSTPAY LTD, S=Rostovskaya obl., C=RU","sourceIndex":"2428","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"google.com (best driver update software)","landingPage":"https://www.carambis.com/programs/driver_updater.html","directDownloadingLink":"http://du7.carambis.com/InstallerDU-2.6.0.1328.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://du7.carambis.com/InstallerDU-2.6.0.1328.exe","sourceIndex":"2428"}],"sampleFiles":["200427/CarambisDriverUpdater-180222/2.6.0.1328/Samples/InstallerDU.exe","200427/CarambisDriverUpdater-180222/2.6.0.1328/Samples/dupdater.exe"],"imageFiles":["200427/CarambisDriverUpdater-180222/2.6.0.1328/Images/ACR-053/CarambisDriverUpdater_Offers [1].png","200427/CarambisDriverUpdater-180222/2.6.0.1328/Images/ACR-053/CarambisDriverUpdater_Offers [2].png","200427/CarambisDriverUpdater-180222/2.6.0.1328/Images/ACR-053/CarambisDriverUpdater_Offers [3].png","200427/CarambisDriverUpdater-180222/2.6.0.1328/Images/ACR-053/CarambisDriverUpdater_Offers [4].png","200427/CarambisDriverUpdater-180222/2.6.0.1328/Images/ACR-165/CarambisDriverUpdater_Scan [6] Offer.png","200427/CarambisDriverUpdater-180222/2.6.0.1328/Images/ACR-004/CarambisDriverUpdater_Scan [3].png","200427/CarambisDriverUpdater-180222/2.6.0.1328/Images/ACR-004/CarambisDriverUpdater_Scan [4].png","200427/CarambisDriverUpdater-180222/2.6.0.1328/Images/ACR-004/CarambisDriverUpdater_Scan [5].png","200427/CarambisDriverUpdater-180222/2.6.0.1328/Images/ACR-004/CarambisDriverUpdater_Scan [6] Offer.png"],"nonDeceptorImageFiles":["200427/CarambisDriverUpdater-180222/2.6.0.1328/Images/ACR-099/CarambisDriverUpdater_About[1].png"],"guid":"96fbeab9-3ad1-4029-b232-07c323bde569_2.6.0.1328_1","appID":"CarambisDriverUpdater-180222","dateAdded":"230911","deceptorType":"App","name":"Carambis Driver Updater","company":"Carambis (ROSTPAY LTD.)","version":"2.6.0.1328","sigName":"Deceptor:Win32/CarambisDriverUpdater!004053165","firstVendorContactDate":"230901","firstAppEsteemReplyDate":"230901","firstResolvedDate":"230911","firstResolvedVersion":"3.2.0","resolved":"TRUE","lastKnownStatus":"Deceptor:2.4.3.1734,2.6.1328;2.7.0.1436","lastKnownDate":"230911","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows Vista,Windows XP,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,paid","lastUpdate":"2023-09-11T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":3,"sortOrder":860},{"violations":{"ACR-050":"The app uses the task scheduler to bypass User Account Controls (UAC) at application launch. App did not disclose this information to the user in the EULA or during installation.\n","ACR-017":"Internal offer shows AVG Logo as a sign of trust, but the link leads to a 404 error\n","ACR-059":"Not clear this is an offer\n"},"nonDeceptorViolations":{"ACR-099":"The application has no link to a webpage that shows how to uninstall the app.\n"},"samples":[{"isRevoked":"False","fileName":"InstallerDU-2.4.3.1734.exe","isInstaller":"True","companyName":"Carambis (ROSTPAY LTD.)","productName":"Carambis Installer","productVersion":"1.0.0.2","fileVersion":"1.0.0.2","hashMD5":"41a5522d43159204f905c03e90d95332","hashSHA1":"f142c9e95e1a75b5accb57ea078d6f9cb94c1e82","hashSHA256":"c940a9082a4f5faf595b0a1c9c815a1d3ff3377a5d97ec9882ecbaaeb17a46ee","digitalCertThumbprint":"D6CD80FD24D4F7D9C54304A51E018D6F02EEA235","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=ROSTPEI LTD, O=ROSTPEI LTD, STREET=\"str. Dolomanovsky, 70D, office 1001\", L=Rostov-on-Don, S=Rostov region, PostalCode=344011, C=RU","sourceIndex":"2584","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"dupdater.exe","companyName":"ROSTPAY LTD","productName":"Carambis Driver Updater","productVersion":"2.4.3.1734","fileVersion":"2.4.3.1734","hashMD5":"28eb3716d4d8f2b382f6dfe8381f40b5","hashSHA1":"5ac1f889711a028d3ec0e4376bef4fd7366d9e36","hashSHA256":"6c9ea7e151c52db014fb4dad20297539a8b816f49b95eff7fa5a2f3088bd0ed9","digitalCertThumbprint":"D6CD80FD24D4F7D9C54304A51E018D6F02EEA235","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=ROSTPEI LTD, O=ROSTPEI LTD, STREET=\"str. Dolomanovsky, 70D, office 1001\", L=Rostov-on-Don, S=Rostov region, PostalCode=344011, C=RU","sourceIndex":"2584","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"google.com (best driver update software)","landingPage":"https://www.carambis.com/programs/driver_updater.html","directDownloadingLink":"http://du2.carambis.com/InstallerDU-2.4.3.1734.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://du2.carambis.com/InstallerDU-2.4.3.1734.exe","sourceIndex":"2584"}],"sampleFiles":["180223/CarambisDriverUpdater-180222/2.4.3.1734/Samples/InstallerDU-2.4.3.1734.exe","180223/CarambisDriverUpdater-180222/2.4.3.1734/Samples/dupdater.exe"],"imageFiles":["180223/CarambisDriverUpdater-180222/2.4.3.1734/Images/ACR-050/ACR_084_SOFTWARE.PNG","180223/CarambisDriverUpdater-180222/2.4.3.1734/Images/ACR-017/ACR_099_INTERNAL_OFFERS.PNG","180223/CarambisDriverUpdater-180222/2.4.3.1734/Images/ACR-059/ACR-059 not clear an offer.png"],"nonDeceptorImageFiles":["180223/CarambisDriverUpdater-180222/2.4.3.1734/Images/ACR-099/ACR_099_SOFTWARE.PNG"],"guid":"96fbeab9-3ad1-4029-b232-07c323bde569_2.4.3.1734_1","appID":"CarambisDriverUpdater-180222","dateAdded":"230911","deceptorType":"App","name":"Carambis Driver Updater","company":"Carambis (ROSTPAY LTD.)","version":"2.4.3.1734","sigName":"Deceptor:Win32/CarambisDriverUpdater!017050059","firstVendorContactDate":"230901","firstAppEsteemReplyDate":"230901","firstResolvedDate":"230911","firstResolvedVersion":"3.2.0","resolved":"TRUE","lastKnownStatus":"Deceptor:2.4.3.1734,2.6.1328;2.7.0.1436","lastKnownDate":"230911","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows Vista,Windows XP,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,paid","lastUpdate":"2023-09-11T00:00:00+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":3,"sortOrder":861},{"violations":{"ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software.\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"CarambisCleaner_Setup.exe","isInstaller":"True","companyName":"ROSTPAY LTD.","productName":"Cleaner","productVersion":"3.0.12","fileVersion":"3.0.12","hashMD5":"670df27658fd35ce0845b60a9e652394","hashSHA1":"513e61ee80031f5e5acf7b69b53da467d9aff22a","hashSHA256":"7d14f2b885a0353f00e5a08e83f7ed701b3f4875765790eec05ba5aaed5e54f7","digitalCertThumbprint":"316294AA6980C66B0F6EC1E6F7E7FE66E383BEC6","digitalCertIssuer":"GlobalSign GCC R45 EV CodeSigning CA 2020","digitalCertIssuedTo":"ROSTPAY LTD","storeId":"","sourceIndex":"900","avBlockList":["360 Total Security (20230413)","Avira Internet Security (20230413)","Bitdefender Internet Security (20230413)","ESET Internet Security (20230413)","K7 Total Security (20230413)","Kaspersky Internet Security (20230413)","Norton Security (20230413)","Panda Dome (20230413)","Quick Heal Internet Security (20230413)","Sophos Home Premium (20230413)","SpyHunter5 (20230413)","Total AV Antivirus Pro (20230413)","VIPRE Advanced Security (20230413)","VirIT eXplorer PRO (20230413)","Webroot SecureAnywhere (20230413)"],"avAllowList":["Avast Premium Security (20230413)","AVG Internet Security (20230413)","COMODO Antivirus (20230413)","Dr.Web Security Space (20230413)","G DATA INTERNET SECURITY (20230413)","Malwarebytes Premium (20230413)","McAfee Total Protection (20230413)","Trend Micro Internet Security (20230413)","Windows Defender (20230413)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"","landingPage":"https://www.carambis.com/programs/cleaner.html","directDownloadingLink":"http://du2.carambis.com/InstallerCC-1.3.3.5315.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://du2.carambis.com/InstallerCC-1.3.3.5315.exe","sourceIndex":"900"}],"sampleFiles":["230911/CarambisCleaner-171208/1.5.0.1240/Samples/CarambisCleaner_Setup.exe"],"imageFiles":["230911/CarambisCleaner-171208/1.5.0.1240/Images/ACR-060/ACR-060.JPG","230911/CarambisCleaner-171208/1.5.0.1240/Images/ACR-060/ACR-060_1.JPG","230911/CarambisCleaner-171208/1.5.0.1240/Images/ACR-013/ACR-013.JPG","230911/CarambisCleaner-171208/1.5.0.1240/Images/ACR-013/ACR-013_1.JPG"],"nonDeceptorImageFiles":[],"guid":"559a92d4-fcb9-45b3-afaa-7d8369bc89c4_1.5.0.1240_1","appID":"CarambisCleaner-171208","dateAdded":"230911","deceptorType":"App","name":"Carambis Cleaner","company":"ROSTPEI LTD","version":"1.5.0.1240","firstVendorContactDate":"230901","firstAppEsteemReplyDate":"230901","firstResolvedDate":"230911","firstResolvedVersion":"3.2.0","resolved":"TRUE","lastKnownStatus":"Deceptor:1.0.0.2;1.6.0.0;1.5.0.1240","lastKnownDate":"230911","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows 10,Windows 8,Windows 7,Windows Vista","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2023-09-11T20:00:18.7042784+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":3,"sortOrder":862},{"violations":{"ACR-004":"App up sells service using free scan results but does not provide a fully function free trial. It asks for a subscription service payment to fix the items reported during free scan. \n","ACR-155":"Bundler-made offers are disguised as part of the install process and are pre-selected, prompting the consumer to click \"next\" and install the offers.\n"},"nonDeceptorViolations":{"ACR-065":"The bundler-made offers pages do not show links to the offers' EULA, and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\n","ACR-099":"The internal offer page has no link to a webpage that shows how to uninstall the app.\n\n","ACR-064":"Bundler-made offers pre-checked and are downloaded when the consumer clicks \"next\", possibly unaware of the offer.\n"},"samples":[{"isRevoked":"False","fileName":"InstallerCC-1.3.4.5326.exe","isInstaller":"True","companyName":"ROSTPAY LTD.","fileVersion":"1.6","hashMD5":"aeb1aaaae697968d8ac0b7176f6fd064","hashSHA1":"0bb98d8520e0aa3cf10ecfc310fdc0274b5b0def","hashSHA256":"1bb594b17ef9516cf5f395f84a9218456587669ee8ec5b6df8c72896f344038a","digitalCertThumbprint":"9195816A6BE82514AEA696D3F013C37216094385","digitalCertIssuer":"CN=thawte SHA256 Code Signing CA, O=\"thawte, Inc.\", C=US","digitalCertIssuedTo":"L=Rostov-on-Don, CN=ROSTPAY LTD, O=ROSTPAY LTD, S=Rostovskaya obl., C=RU","sourceIndex":"2588","avBlockList":["Avast Internet Security (20191209)","AVG Internet Security (20191209)","Avira Internet Security (20191209)","Bitdefender Internet Security (20191209)","COMODO Antivirus (20191209)","Dr.Web Security Space (20191209)","ESET Internet Security (20191209)","G DATA INTERNET SECURITY (20191209)","K7 Total Security (20191209)","Kaspersky Internet Security (20191209)","Malwarebytes Premium (20191209)","McAfee Total Protection (20191209)","Norton Security (20191209)","Panda Dome (20191209)","Quick Heal Internet Security (20191209)","Sophos Home Premium (20191209)","Tencent PC Manager (20191209)","Trend Micro Internet Security (20191209)","VIPRE Advanced Security (20191209)","VirIT eXplorer PRO (20191209)","Webroot SecureAnywhere (20191209)","Windows Defender (20191209)"],"avAllowList":["360 Total Security (20191209)"]},{"isRevoked":"False","fileName":"cleaner.exe","fileVersion":"0.0","hashMD5":"fdf015792467f824589df3055ea08138","hashSHA1":"edd4bcf105ae92ac2990c9ab7bf688fc90467c3c","hashSHA256":"b36cd60c6593518d8108d4eb4d005a0ed3257c8f4dc6048b068702d380373875","digitalCertThumbprint":"9195816A6BE82514AEA696D3F013C37216094385","digitalCertIssuer":"CN=thawte SHA256 Code Signing CA, O=\"thawte, Inc.\", C=US","digitalCertIssuedTo":"L=Rostov-on-Don, CN=ROSTPAY LTD, O=ROSTPAY LTD, S=Rostovskaya obl., C=RU","sourceIndex":"2588","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"","landingPage":"https://www.carambis.com/programs/cleaner.html","directDownloadingLink":"https://www.carambis.com/programs/cleaner/download.html","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.carambis.com/programs/cleaner/download.html","sourceIndex":"2588"}],"sampleFiles":["190915/CarambisCleaner-171208/1.6.0.0/Samples/InstallerCC-1.3.4.5326.exe","190915/CarambisCleaner-171208/1.6.0.0/Samples/cleaner.exe"],"imageFiles":["190915/CarambisCleaner-171208/1.6.0.0/Images/ACR-004/Carambis_acr_004.gif","190915/CarambisCleaner-171208/1.6.0.0/Images/ACR-155/Carambis_bundler_offers.gif"],"nonDeceptorImageFiles":["190915/CarambisCleaner-171208/1.6.0.0/Images/ACR-099/Screen Shot 2019-09-13 at 4.21.23 PM.png","190915/CarambisCleaner-171208/1.6.0.0/Images/ACR-065/Carambis_bundler_offers.gif","190915/CarambisCleaner-171208/1.6.0.0/Images/ACR-064/Carambis_bundler_offers.gif"],"guid":"559a92d4-fcb9-45b3-afaa-7d8369bc89c4_1.6.0.0_1","appID":"CarambisCleaner-171208","dateAdded":"230911","deceptorType":"App","name":"Carambis Cleaner","company":"ROSTPEI LTD","version":"1.6.0.0","sigName":"Deceptor:Win32/CarambisCleaner!0040155","firstVendorContactDate":"230901","firstAppEsteemReplyDate":"230901","firstResolvedDate":"230911","firstResolvedVersion":"3.2.0","resolved":"TRUE","lastKnownStatus":"Deceptor:1.0.0.2;1.6.0.0;1.5.0.1240","lastKnownDate":"230911","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows 10,Windows 8,Windows 7,Windows Vista","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2023-09-11T00:00:00+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":3,"sortOrder":863},{"violations":{"ACR-004":"App up sells service uses free scan result without providing full function free trial. It asks for subscription service payment to fix the items reported during free scan. \n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"Carambis Cleaner.exe","isInstaller":"True","companyName":"ROSTPEI LTD","productName":"Carambis Cleaner","productVersion":"1.0.0.2","fileVersion":"1.0.0.2","hashMD5":"b3adc2f2fdcfb81d1625a08e9d9aed5b","hashSHA1":"fb776de0e43fe66a0e584ac4f7d882b2ebdbd9fc","hashSHA256":"059ee98dd3411dee7db7737360099723681df4803bd169d870d3a959656daad1","digitalCertThumbprint":"D6CD80FD24D4F7D9C54304A51E018D6F02EEA235","digitalCertIssuer":"COMODO RSA Code Signing CA","digitalCertIssuedTo":"ROSTPEI LTD","sourceIndex":"2791","avBlockList":["Avast Internet Security (20190826)","AVG Internet Security (20190826)","Avira Internet Security (20190826)","Bitdefender Internet Security (20190826)","COMODO Antivirus (20190826)","Dr.Web Security Space (20190826)","ESET Internet Security (20190826)","G DATA INTERNET SECURITY (20190826)","K7 Total Security (20190826)","Kaspersky Internet Security (20190826)","Malwarebytes Premium (20190826)","McAfee Total Protection (20190826)","Norton Security (20190826)","Sophos Home Premium (20190826)","Tencent PC Manager (20190826)","Trend Micro Internet Security (20190826)","VIPRE Advanced Security (20190826)","VirIT eXplorer PRO (20190826)","Webroot SecureAnywhere (20190826)","Windows Defender (20190826)"],"avAllowList":["360 Total Security (20190826)","Panda Dome (20190729)","Quick Heal Internet Security (20190826)"]},{"isRevoked":"False","fileName":"InstallerCC-1.3.4.5326.exe","isInstaller":"True","companyName":"Carambis (ROSTPAY LTD.)","productName":"Carambis Cleaner","productVersion":"1.0.0.2","fileVersion":"1.0.0.2","hashMD5":"1c9a4eec5ca6878f0554f2c08399307c","hashSHA1":"36e802867eee31d23238b9eee4c6b0d63813e81c","hashSHA256":"e9743388c32e73df0861f6f125264689b0761bfacb2020f2ba0a2d52bb79d844","digitalCertThumbprint":"9195816A6BE82514AEA696D3F013C37216094385","digitalCertIssuer":"CN=thawte SHA256 Code Signing CA, O=\"thawte, Inc.\", C=US","digitalCertIssuedTo":"L=Rostov-on-Don, CN=ROSTPAY LTD, O=ROSTPAY LTD, S=Rostovskaya obl., C=RU","sourceIndex":"2791","avBlockList":["360 Total Security (20190826)","Avast Internet Security (20190826)","AVG Internet Security (20190826)","Avira Internet Security (20190826)","Bitdefender Internet Security (20190826)","COMODO Antivirus (20190826)","Dr.Web Security Space (20190826)","ESET Internet Security (20190826)","G DATA INTERNET SECURITY (20190826)","K7 Total Security (20190826)","Malwarebytes Premium (20190826)","McAfee Total Protection (20190826)","Norton Security (20190826)","Panda Dome (20190826)","Quick Heal Internet Security (20190826)","Sophos Home Premium (20190826)","Tencent PC Manager (20190826)","Trend Micro Internet Security (20190826)","VIPRE Advanced Security (20190826)","VirIT eXplorer PRO (20190826)","Windows Defender (20190826)"],"avAllowList":["Kaspersky Internet Security (20190826)","Webroot SecureAnywhere (20190826)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"","landingPage":"https://www.carambis.com/programs/cleaner.html","directDownloadingLink":"http://du2.carambis.com/InstallerCC-1.3.3.5315.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://du2.carambis.com/InstallerCC-1.3.3.5315.exe","sourceIndex":"2791"}],"sampleFiles":["190915/CarambisCleaner-171208/1.0.0.2/Samples/InstallerCC-1.3.3.5315.exe","190915/CarambisCleaner-171208/1.0.0.2/Samples/InstallerCC-1.3.4.5326.exe"],"imageFiles":["190915/CarambisCleaner-171208/1.0.0.2/Images/ACR-004/ACR-004.PNG"],"nonDeceptorImageFiles":[],"guid":"559a92d4-fcb9-45b3-afaa-7d8369bc89c4_1.0.0.2_1","appID":"CarambisCleaner-171208","dateAdded":"230911","deceptorType":"App","name":"Carambis Cleaner","company":"ROSTPEI LTD","version":"1.0.0.2","sigName":"Deceptor:Win32/CarambisCleaner!004","firstVendorContactDate":"230901","firstAppEsteemReplyDate":"230901","firstResolvedDate":"230911","firstResolvedVersion":"3.2.0","resolved":"TRUE","lastKnownStatus":"Deceptor:1.0.0.2;1.6.0.0;1.5.0.1240","lastKnownDate":"230911","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows 10,Windows 8,Windows 7,Windows Vista","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2023-09-11T00:00:00+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":3,"sortOrder":864},{"violations":{"ACR-042":"The app installs a self signed Trusted Root Certificate without obtaining the consumer's permission through explicit user action.\n","ACR-043":"The app does not provide information regarding the self-signed Trusted Root Certificate that is installed.\n","ACR-048":"The app is unable to control (enable/disable) the scheduled task, startup entry, and the background process within the app's settings.\n","ACR-007":"The app does not obtain user consent to reduce the consumer's security posture caused by installing the self signed root certificate.\n","ACR-084":"The app attempts to run in the system tray after installation and also upon closing the app, thereby hiding the fact that it is active from the consumer without clearly notifying the user. It creates an undisclosed scheduled task and startup item to perform actions without the user's knowledge and consent. \n","ACR-103":"The app's primary function of blocking ads cannot be verified.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components and the root certificate on the device without the consumer's consent. \n","ACR-119":"The app retains its monetization components after uninstall.\n"},"nonDeceptorViolations":{"ACR-045":"The app does not describe clearly and straightforwardly what effect is caused to the user's system due to the installation of its self-signed Trusted Root Certificate.\n","ACR-123":"The app does not remove its root certificate even after uninstall.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\EasyAdBlocker\\cur\\weab.exe","companyName":"","productName":"Easy Ad Blocker","productVersion":"2.3.4.6","fileVersion":"2.3.4.6","hashMD5":"8fb1ff7748158755ad104cfc003070fc","hashSHA1":"41d2a997778ae6bc52fe73ca0d8a2229254cdc06","hashSHA256":"dc6716973bdf04c5a4fee6e408462b37a9cb43f6150f28c6ed2542eb34a4c9a4","digitalCertThumbprint":"FB79B7E4926CBB5D00C57C5A9E3F70785BFE6CED","digitalCertIssuer":"Sectigo Public Code Signing CA EV R36","digitalCertIssuedTo":"INNOVA MEDIA internetne storitve d.o.o.","storeId":"","sourceIndex":"908","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"EasyAdBlocker.exe","isInstaller":"True","companyName":"","productName":"installer","productVersion":"1.10.1.6","fileVersion":"1.10.1.6","hashMD5":"d1aa5fe81edb300e6ceefd29510932ec","hashSHA1":"db3ea2185ed19a4c466e01655abe0f3677acd43f","hashSHA256":"e927cb27f0c3a907232a809ed76e9bd8eadd6c2d02eab140782cbf4643d6317c","digitalCertThumbprint":"FB79B7E4926CBB5D00C57C5A9E3F70785BFE6CED","digitalCertIssuer":"Sectigo Public Code Signing CA EV R36","digitalCertIssuedTo":"INNOVA MEDIA internetne storitve d.o.o.","storeId":"","sourceIndex":"908","avBlockList":["360 Total Security (20240222)","Avast Premium Security (20240222)","AVG Internet Security (20240222)","Avira Internet Security (20240222)","COMODO Antivirus (20240222)","G DATA INTERNET SECURITY (20240222)","K7 Total Security (20240222)","Malwarebytes Premium (20240222)","McAfee Total Protection (20240222)","Norton Security (20240222)","Panda Dome (20240222)","Quick Heal Internet Security (20240222)","Sophos Home Premium (20240222)","SpyHunter5 (20240222)","Total AV Antivirus Pro (20240222)","VirIT eXplorer PRO (20240222)","Webroot SecureAnywhere (20240222)"],"avAllowList":["Bitdefender Internet Security (20240222)","Dr.Web Security Space (20240222)","ESET Internet Security (20240222)","Kaspersky Internet Security (20240222)","Trend Micro Internet Security (20240222)","VIPRE Advanced Security (20240222)","Windows Defender (20240222)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.search: adblocker","reference":"","landingPage":"https://www.easyadblocker.com/windows/","directDownloadingLink":"https://www.easyadblocker.com/_release/EasyAdBlocker.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.easyadblocker.com/_release/EasyAdBlocker.exe","sourceIndex":"908"}],"sampleFiles":["230906/EasyAdBlocker-230628/2.3.4.6/Samples/EasyAdBlocker.exe"],"imageFiles":["230906/EasyAdBlocker-230628/2.3.4.6/Images/ACR-043/ACR-043 (1).JPG","230906/EasyAdBlocker-230628/2.3.4.6/Images/ACR-043/ACR-043 (2).JPG","230906/EasyAdBlocker-230628/2.3.4.6/Images/ACR-043/ACR-043.JPG","230906/EasyAdBlocker-230628/2.3.4.6/Images/ACR-007/ACR-007 (1).JPG","230906/EasyAdBlocker-230628/2.3.4.6/Images/ACR-007/ACR-007 (2).JPG","230906/EasyAdBlocker-230628/2.3.4.6/Images/ACR-007/ACR-007.JPG","230906/EasyAdBlocker-230628/2.3.4.6/Images/ACR-084/ACR-084.JPG","230906/EasyAdBlocker-230628/2.3.4.6/Images/ACR-084/ACR-084_1.JPG","230906/EasyAdBlocker-230628/2.3.4.6/Images/ACR-084/ACR-084_2.JPG","230906/EasyAdBlocker-230628/2.3.4.6/Images/ACR-103/ACR-103.JPG","230906/EasyAdBlocker-230628/2.3.4.6/Images/ACR-042/ACR-042 (1).JPG","230906/EasyAdBlocker-230628/2.3.4.6/Images/ACR-042/ACR-042 (2).JPG","230906/EasyAdBlocker-230628/2.3.4.6/Images/ACR-042/ACR-042.JPG","230906/EasyAdBlocker-230628/2.3.4.6/Images/ACR-048/ACR-048 (1).JPG","230906/EasyAdBlocker-230628/2.3.4.6/Images/ACR-048/ACR-048 (2).JPG","230906/EasyAdBlocker-230628/2.3.4.6/Images/ACR-048/ACR-048 (3).JPG","230906/EasyAdBlocker-230628/2.3.4.6/Images/ACR-118/ACR-118.JPG","230906/EasyAdBlocker-230628/2.3.4.6/Images/ACR-118/ACR-118_1.JPG","230906/EasyAdBlocker-230628/2.3.4.6/Images/ACR-119/ACR-119.JPG"],"nonDeceptorImageFiles":["230906/EasyAdBlocker-230628/2.3.4.6/Images/ACR-045/ACR-045 (1).JPG","230906/EasyAdBlocker-230628/2.3.4.6/Images/ACR-045/ACR-045 (2).JPG","230906/EasyAdBlocker-230628/2.3.4.6/Images/ACR-045/ACR-045.JPG","230906/EasyAdBlocker-230628/2.3.4.6/Images/ACR-123/ACR-123.JPG"],"guid":"2affeb59-1f0b-4bfc-8b76-ec6d6724438a_2.3.4.6_1","appID":"EasyAdBlocker-230628","dateAdded":"230906","deceptorType":"App","name":"Easy Ad Blocker","company":"Innova Media","version":"2.3.4.6","lastKnownStatus":"2.3.4.3;2.3.4.6","lastKnownDate":"230906","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"mining","lastUpdate":"2023-09-06T16:45:07.1551152+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":865},{"violations":{"ACR-042":"The app installs a self signed Trusted Root Certificate without obtaining the consumer's permission through explicit user action.\n","ACR-043":"The app does not provide information regarding the self-signed Trusted Root Certificate that is installed.\n","ACR-048":"The app is unable to control (enable/disable) the scheduled tasks and startup entry within the app's settings.\n","ACR-007":"The app does not obtain user consent to reduce the consumer's security posture caused by installing the self signed root certificate.\n","ACR-084":"The app attempts to run in the system tray after installation, thereby hiding the fact that it is active from the consumer without clearly notifying the user. It creates an undisclosed scheduled task to perform an action without the user's knowledge and consent. \n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"EasyAdBlocker.exe","isInstaller":"True","fileVersion":"1.9","hashMD5":"fd62a3510ff7da8ee3c376b4685b84aa","hashSHA1":"eb45d25ea3d8d18f7b26fa161864961819b9fed7","hashSHA256":"652102461417e05862d95b3fde78dd4fcebda3b3c9c19c25e8f089ada71404d1","digitalCertThumbprint":"FB79B7E4926CBB5D00C57C5A9E3F70785BFE6CED","digitalCertIssuer":"CN=Sectigo Public Code Signing CA EV R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=INNOVA MEDIA internetne storitve d.o.o., O=INNOVA MEDIA internetne storitve d.o.o., S=Šempeter-Vrtojba, C=SI, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=SI, SERIALNUMBER=6466885000","sourceIndex":"1016","avBlockList":["360 Total Security (20230914)","Avast Premium Security (20230914)","AVG Internet Security (20230914)","Avira Internet Security (20230914)","G DATA INTERNET SECURITY (20230914)","K7 Total Security (20230914)","McAfee Total Protection (20230914)","Norton Security (20230914)","Panda Dome (20230914)","Quick Heal Internet Security (20230914)","Sophos Home Premium (20230914)","SpyHunter5 (20230914)","Total AV Antivirus Pro (20230914)","VirIT eXplorer PRO (20230914)"],"avAllowList":["Bitdefender Internet Security (20230914)","COMODO Antivirus (20230914)","Dr.Web Security Space (20230914)","ESET Internet Security (20230914)","Kaspersky Internet Security (20230914)","Malwarebytes Premium (20230914)","Trend Micro Internet Security (20230914)","VIPRE Advanced Security (20230914)","Webroot SecureAnywhere (20230914)","Windows Defender (20230914)"]},{"isRevoked":"False","fileName":"weab.exe","fileVersion":"2.3","hashMD5":"00a18c0af41a20dc452c3c68ad9c5dd2","hashSHA1":"82ed0bd7e1f557152050f06e4cc1d4fa501e88c7","hashSHA256":"eef6d75463f0cf3cf66b21c6b512cd854e4047efd512fc142087110dca0e65e8","digitalCertThumbprint":"FB79B7E4926CBB5D00C57C5A9E3F70785BFE6CED","digitalCertIssuer":"CN=Sectigo Public Code Signing CA EV R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=INNOVA MEDIA internetne storitve d.o.o., O=INNOVA MEDIA internetne storitve d.o.o., S=Šempeter-Vrtojba, C=SI, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=SI, SERIALNUMBER=6466885000","sourceIndex":"1016","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.search: adblocker","reference":"","landingPage":"https://www.easyadblocker.com/","directDownloadingLink":"https://www.easyadblocker.com/_release/EasyAdBlocker.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.easyadblocker.com/_release/EasyAdBlocker.exe","sourceIndex":"1016"}],"sampleFiles":["230705/EasyAdBlocker-230628/2.3.4.3/Samples/EasyAdBlocker.exe","230705/EasyAdBlocker-230628/2.3.4.3/Samples/weab.exe"],"imageFiles":["230705/EasyAdBlocker-230628/2.3.4.3/Images/ACR-043/TRC.png","230705/EasyAdBlocker-230628/2.3.4.3/Images/ACR-043/TRC-1.png","230705/EasyAdBlocker-230628/2.3.4.3/Images/ACR-007/TRC.png","230705/EasyAdBlocker-230628/2.3.4.3/Images/ACR-007/TRC-1.png","230705/EasyAdBlocker-230628/2.3.4.3/Images/ACR-084/TaskScheduler.png","230705/EasyAdBlocker-230628/2.3.4.3/Images/ACR-042/TRC.png","230705/EasyAdBlocker-230628/2.3.4.3/Images/ACR-042/TRC-1.png","230705/EasyAdBlocker-230628/2.3.4.3/Images/ACR-048/Startup.png","230705/EasyAdBlocker-230628/2.3.4.3/Images/ACR-048/TaskScheduler.png"],"nonDeceptorImageFiles":[],"guid":"2affeb59-1f0b-4bfc-8b76-ec6d6724438a_2.3.4.3_1","appID":"EasyAdBlocker-230628","dateAdded":"230906","deceptorType":"App","name":"Easy Ad Blocker","company":"Innova Media","version":"2.3.4.3","lastKnownStatus":"2.3.4.3;2.3.4.6","lastKnownDate":"230906","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"mining","lastUpdate":"2023-09-06T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":866},{"violations":{"ACR-042":"The app initiates network communications with 3rd party offer provider \"https://www.az-partners.net/\" before obtaining user consent. (Please verify from your end)\n","ACR-048":"The app does not provide any control to remove its background process completely within the app's settings.\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software.\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software.\n","ACR-084":"The app attempts to run in the system tray after installation, thereby hiding the fact that it is active from the consumer without notifying the user.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"screenshooter-install__337.exe","isInstaller":"True","companyName":"ROSTPAY LTD.","productName":"ScreenShooter","productVersion":"3.0.13","fileVersion":"3.0.13","hashMD5":"09f57101d0cef507a7c3314b15fe958e","hashSHA1":"5b73fec5ce36dc0560b5d7bdf38cdcac1ad9e1ae","hashSHA256":"aa490525699ff6156e1a0c62744295e82be8c85493419a72422854540f1e7bfc","digitalCertThumbprint":"316294AA6980C66B0F6EC1E6F7E7FE66E383BEC6","digitalCertIssuer":"GlobalSign GCC R45 EV CodeSigning CA 2020","digitalCertIssuedTo":"ROSTPAY LTD","storeId":"","sourceIndex":"1102","avBlockList":["360 Total Security (20230523)","Avira Internet Security (20230523)","Bitdefender Internet Security (20230523)","COMODO Antivirus (20230523)","Dr.Web Security Space (20230523)","ESET Internet Security (20230523)","G DATA INTERNET SECURITY (20230523)","K7 Total Security (20230523)","Kaspersky Internet Security (20230523)","Malwarebytes Premium (20230523)","McAfee Total Protection (20230523)","Norton Security (20230523)","Panda Dome (20230523)","Quick Heal Internet Security (20230523)","Sophos Home Premium (20230523)","SpyHunter5 (20230523)","Total AV Antivirus Pro (20230523)","VIPRE Advanced Security (20230523)","VirIT eXplorer PRO (20230523)","Webroot SecureAnywhere (20230523)"],"avAllowList":["Avast Premium Security (20230523)","AVG Internet Security (20230523)","Trend Micro Internet Security (20230523)","Windows Defender (20230523)"]}],"additionalFiles":[],"sources":[{"howFound":"ROSTPAY LTD apps","reference":"","landingPage":"https://www.screen-shooter.com/","directDownloadingLink":"https://www.screen-shooter.com/app/download/init","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.screen-shooter.com/app/download/init","sourceIndex":"1102"}],"sampleFiles":["230517/Screenshooter-230508/3.0.13/Samples/screenshooter-install__337.exe"],"imageFiles":["230517/Screenshooter-230508/3.0.13/Images/ACR-042/ACR-042.JPG","230517/Screenshooter-230508/3.0.13/Images/ACR-013/ACR-013.JPG","230517/Screenshooter-230508/3.0.13/Images/ACR-013/ACR-013_1.JPG","230517/Screenshooter-230508/3.0.13/Images/ACR-084/ACR-084.JPG","230517/Screenshooter-230508/3.0.13/Images/ACR-048/ACR-048.JPG","230517/Screenshooter-230508/3.0.13/Images/ACR-048/ACR-048_1.JPG","230517/Screenshooter-230508/3.0.13/Images/ACR-048/ACR-048_2.JPG","230517/Screenshooter-230508/3.0.13/Images/ACR-060/ACR-060.JPG","230517/Screenshooter-230508/3.0.13/Images/ACR-060/ACR-060_1.JPG"],"nonDeceptorImageFiles":[],"guid":"2a195759-f669-41cf-b6fa-a22e4b3b205b_3.0.13_1","appID":"Screenshooter-230508","dateAdded":"230905","deceptorType":"App","name":"Screen Shooter","company":"ROSTPAY LTD","version":"3.0.13","firstVendorContactDate":"230901","firstAppEsteemReplyDate":"230901","firstResolvedDate":"230905","firstResolvedVersion":"3.2.0","resolved":"TRUE","lastKnownStatus":"3.0.13;2.2.2.1746","lastKnownDate":"230905","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"none","lastUpdate":"2023-09-05T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":868},{"violations":{"ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software\n","ACR-057":"Different ways to accept or decline the offers. The first offer has reject and accept buttons. The second offer requires the user to uncheck a checkbox in order to decline the offer.\n","ACR-155":"Offer is inserted into the install workflow with a pre-checked checkbox to trick the consumer into installing the offer.\n"},"nonDeceptorViolations":{"ACR-054":"The option to accept the offer is pre-checked and requires the user to uncheck it if they don't want the offer.\n"},"samples":[{"isRevoked":"False","fileName":"multi_setup_4_0_1_cAV6m.exe","isInstaller":"True","companyName":"NBZ, OOO","fileVersion":"4.0","hashMD5":"d056067f00291d93b6b59841fa35a9eb","hashSHA1":"9619feef8e86e58a79ca7732cf7a8accfea0b271","hashSHA256":"b96d0506655d21ccd7b995ac1e83f5ac3d4dd2391139c7c533551a0c5d02e33a","digitalCertThumbprint":"75669216ABB0AB45CAEC1736B22B65FB20C4EC63","digitalCertIssuer":"CN=GlobalSign GCC R45 CodeSigning CA 2020, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"CN=NBZ OOO, O=NBZ OOO, L=Saint Petersburg, S=Saint Petersburg, C=RU","sourceIndex":"911","avBlockList":["360 Total Security (20231003)","Avira Internet Security (20231003)","Bitdefender Internet Security (20231003)","Dr.Web Security Space (20231003)","ESET Internet Security (20231003)","G DATA INTERNET SECURITY (20231003)","K7 Total Security (20231003)","Kaspersky Internet Security (20231003)","Malwarebytes Premium (20231003)","McAfee Total Protection (20231003)","Norton Security (20231003)","Panda Dome (20231003)","Quick Heal Internet Security (20231003)","Sophos Home Premium (20231003)","SpyHunter5 (20231003)","Total AV Antivirus Pro (20231003)","VIPRE Advanced Security (20231003)","VirIT eXplorer PRO (20231003)","Webroot SecureAnywhere (20231003)"],"avAllowList":["Avast Premium Security (20231003)","AVG Internet Security (20231003)","COMODO Antivirus (20231003)","Trend Micro Internet Security (20231003)","Windows Defender (20231003)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"","landingPage":"https://soft.mydiv.net/win/files-SopCast.html","directDownloadingLink":"https://msetup.pro/api/getbundle/?partner_apikey=e8da53a20eb8a50791232131098070d8&program_slug=sopcast","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://msetup.pro/api/getbundle/?partner_apikey=e8da53a20eb8a50791232131098070d8&program_slug=sopcast","sourceIndex":"911"},{"howFound":"","reference":"","landingPage":"","directDownloadingLink":"https://download-msetup.net/nanosetup/multi_setup_4_0_1_cAV6m.exe","ipv4":"","ipv6":"","sourceIndex":"912"}],"sampleFiles":["230905/MyDivBundler-200706/4.0.1/Samples/multi_setup_4_0_1_cAV6m.exe"],"imageFiles":["230905/MyDivBundler-200706/4.0.1/Images/ACR-057/Multi_013_3.JPG","230905/MyDivBundler-200706/4.0.1/Images/ACR-057/Multi_013_2.JPG","230905/MyDivBundler-200706/4.0.1/Images/ACR-057/Multi_013_1.JPG","230905/MyDivBundler-200706/4.0.1/Images/ACR-155/Multi_013_3.JPG","230905/MyDivBundler-200706/4.0.1/Images/ACR-155/Multi_013_2.JPG","230905/MyDivBundler-200706/4.0.1/Images/ACR-155/Multi_013_1.JPG","230905/MyDivBundler-200706/4.0.1/Images/ACR-013/Multi_013_3.JPG","230905/MyDivBundler-200706/4.0.1/Images/ACR-013/Multi_013_2.JPG","230905/MyDivBundler-200706/4.0.1/Images/ACR-013/Multi_013_1.JPG","230905/MyDivBundler-200706/4.0.1/Images/ACR-060/Multi_013_3.JPG","230905/MyDivBundler-200706/4.0.1/Images/ACR-060/Multi_013_2.JPG","230905/MyDivBundler-200706/4.0.1/Images/ACR-060/Multi_013_1.JPG"],"nonDeceptorImageFiles":["230905/MyDivBundler-200706/4.0.1/Images/ACR-054/Multi_013_3.JPG","230905/MyDivBundler-200706/4.0.1/Images/ACR-054/Multi_013_2.JPG","230905/MyDivBundler-200706/4.0.1/Images/ACR-054/Multi_013_1.JPG"],"guid":"28733d57-3e74-40c8-8cb6-ec6e57c2e954_4.0.1_1","appID":"MyDivBundler-200706","dateAdded":"230905","deceptorType":"Bundler","name":"My Div Bundler","company":"NBZ OOO","version":"4.0.1","lastKnownStatus":"3.8.21;4.0.1","lastKnownDate":"230905","type":"Windows Executable","category":"Bundlers & Downloaders","targetOS":"Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"sold in bundle","lastUpdate":"2023-09-05T19:11:15.7584199+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":3,"sortOrder":869},{"violations":{"ACR-047":"rejected offer is presented again during installation.\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software\n","ACR-057":"Different ways to accept or decline the offers. The first offer has reject and accept buttons. The second offer requires the user to uncheck a checkbox in order to decline the offer.\n","ACR-155":"Offer is inserted into the install workflow with a pre-checked checkbox to trick the consumer into installing the offer.\n"},"nonDeceptorViolations":{"ACR-054":"The option to accept the offer is pre-checked and requires the user to uncheck it if they don't want the offer.\n"},"samples":[{"isRevoked":"False","fileName":"multi_setup_3_8_20_cAV6m.exe","isInstaller":"True","companyName":"NBZ, OOO","fileVersion":"3.8","hashMD5":"500e970ece28c2392d3e59c69a8080b8","hashSHA1":"445cb08822781af7f0092daebf7861823ef6429c","hashSHA256":"d3fe70d9512009c7a9de90cecb9b9e7f5f64c86d90d4a59cf2b41f92d89508b2","digitalCertThumbprint":"75669216ABB0AB45CAEC1736B22B65FB20C4EC63","digitalCertIssuer":"CN=GlobalSign GCC R45 CodeSigning CA 2020, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"CN=NBZ OOO, O=NBZ OOO, L=Saint Petersburg, S=Saint Petersburg, C=RU","sourceIndex":"928","avBlockList":["Avira Internet Security (20230921)","Bitdefender Internet Security (20230921)","Dr.Web Security Space (20230921)","ESET Internet Security (20230921)","G DATA INTERNET SECURITY (20230921)","K7 Total Security (20230921)","Kaspersky Internet Security (20230921)","Malwarebytes Premium (20230921)","McAfee Total Protection (20230921)","Norton Security (20230921)","Panda Dome (20230921)","Quick Heal Internet Security (20230921)","Sophos Home Premium (20230921)","SpyHunter5 (20230921)","Total AV Antivirus Pro (20230921)","Trend Micro Internet Security (20230921)","VIPRE Advanced Security (20230921)","VirIT eXplorer PRO (20230921)","Webroot SecureAnywhere (20230921)","Windows Defender (20230921)"],"avAllowList":["360 Total Security (20230921)","Avast Premium Security (20230921)","AVG Internet Security (20230921)","COMODO Antivirus (20230921)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"","landingPage":"","directDownloadingLink":"https://download-msetup.net/nanosetup/multi_setup_3_8_20_cAV6m.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://download-msetup.net/nanosetup/multi_setup_3_8_20_cAV6m.exe","sourceIndex":"928"}],"sampleFiles":["230807/MyDivBundler-200706/3.8.21/Samples/multi_setup_3_8_20_cAV6m.exe"],"imageFiles":["230807/MyDivBundler-200706/3.8.21/Images/ACR-047/Offer1_again.jpg","230807/MyDivBundler-200706/3.8.21/Images/ACR-047/Offer1.jpg","230807/MyDivBundler-200706/3.8.21/Images/ACR-057/Offer1_again.jpg","230807/MyDivBundler-200706/3.8.21/Images/ACR-057/Offer2.JPG","230807/MyDivBundler-200706/3.8.21/Images/ACR-057/Offer1.jpg","230807/MyDivBundler-200706/3.8.21/Images/ACR-155/Offer1_again.jpg","230807/MyDivBundler-200706/3.8.21/Images/ACR-155/Offer1.jpg","230807/MyDivBundler-200706/3.8.21/Images/ACR-013/Offer1_again.jpg","230807/MyDivBundler-200706/3.8.21/Images/ACR-013/Offer2.JPG","230807/MyDivBundler-200706/3.8.21/Images/ACR-013/Offer1.jpg","230807/MyDivBundler-200706/3.8.21/Images/ACR-060/Offer1_again.jpg","230807/MyDivBundler-200706/3.8.21/Images/ACR-060/Offer2.JPG","230807/MyDivBundler-200706/3.8.21/Images/ACR-060/Offer1.jpg"],"nonDeceptorImageFiles":["230807/MyDivBundler-200706/3.8.21/Images/ACR-054/Offer1.jpg","230807/MyDivBundler-200706/3.8.21/Images/ACR-054/Offer1_again.jpg"],"guid":"28733d57-3e74-40c8-8cb6-ec6e57c2e954_3.8.21_1","appID":"MyDivBundler-200706","dateAdded":"230905","deceptorType":"Bundler","name":"My Div Bundler","company":"NBZ OOO","version":"3.8.21","lastKnownStatus":"3.8.21;4.0.1","lastKnownDate":"230905","type":"Windows Executable","category":"Bundlers & Downloaders","targetOS":"Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"sold in bundle","lastUpdate":"2023-09-05T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":3,"sortOrder":870},{"violations":{"ACR-042":"The app initiates network communications with 3rd party offer provider \"https://www.az-partners.net/\" before obtaining user consent. (Please verify from your end)\n","ACR-048":"The app does not provide any control to quit the app and remove its background process completely within the app's settings.\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software.\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software.\n","ACR-084":"The app attempts to run in the system tray after installation, thereby hiding the fact that it is active from the consumer without clearly notifying the user.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\ScreenShooter\\ScreenShooter.exe","companyName":"","productName":"ScreenShooter","productVersion":"2.2.2.1746","fileVersion":"2.2.2.1746","hashMD5":"61c8908fb0f9f76951b99a017a809e75","hashSHA1":"18f27fd5a19c180ffec9fb4e58ba06ccdeadfb5d","hashSHA256":"9817c15b5ff652992a0f5ebb369814f34fa37afd1536eedac27031aa334c6255","digitalCertThumbprint":"316294AA6980C66B0F6EC1E6F7E7FE66E383BEC6","digitalCertIssuer":"GlobalSign GCC R45 EV CodeSigning CA 2020","digitalCertIssuedTo":"ROSTPAY LTD","storeId":"","sourceIndex":"910","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"screenshooter-install__337.exe","isInstaller":"True","companyName":"ROSTPAY LTD.","productName":"ScreenShooter","productVersion":"3.1.0","fileVersion":"3.1.0","hashMD5":"6a9e344c2dc4f0ef4bbe68fd3916a322","hashSHA1":"d6a96a4d7d9cddbf60ad7266b438012945c6673d","hashSHA256":"8e76790b357f2a1ec52b91324861a16e72405c78b851cb50565ea1663baedcfb","digitalCertThumbprint":"316294AA6980C66B0F6EC1E6F7E7FE66E383BEC6","digitalCertIssuer":"GlobalSign GCC R45 EV CodeSigning CA 2020","digitalCertIssuedTo":"ROSTPAY LTD","storeId":"","sourceIndex":"910","avBlockList":["360 Total Security (20230704)","Avira Internet Security (20230704)","Bitdefender Internet Security (20230704)","COMODO Antivirus (20230704)","Dr.Web Security Space (20230704)","ESET Internet Security (20230704)","G DATA INTERNET SECURITY (20230704)","K7 Total Security (20230704)","Malwarebytes Premium (20230704)","Norton Security (20230704)","Panda Dome (20230704)","Quick Heal Internet Security (20230704)","Sophos Home Premium (20230704)","SpyHunter5 (20230704)","Total AV Antivirus Pro (20230704)","VIPRE Advanced Security (20230704)","VirIT eXplorer PRO (20230704)"],"avAllowList":["Avast Premium Security (20230704)","AVG Internet Security (20230704)","Kaspersky Internet Security (20230704)","McAfee Total Protection (20230704)","Trend Micro Internet Security (20230704)","Webroot SecureAnywhere (20230704)","Windows Defender (20230704)"]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on windows app","reference":"","landingPage":"https://www.screen-shooter.com/","directDownloadingLink":"https://www.screen-shooter.com/app/download/init","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.screen-shooter.com/app/download/init","sourceIndex":"910"}],"sampleFiles":["230905/Screenshooter-230508/2.2.2.1746/Samples/screenshooter-install__337.exe"],"imageFiles":["230905/Screenshooter-230508/2.2.2.1746/Images/ACR-042/ACR-042.JPG","230905/Screenshooter-230508/2.2.2.1746/Images/ACR-013/ACR-013.JPG","230905/Screenshooter-230508/2.2.2.1746/Images/ACR-013/ACR-013_1.JPG","230905/Screenshooter-230508/2.2.2.1746/Images/ACR-084/ACR-084.JPG","230905/Screenshooter-230508/2.2.2.1746/Images/ACR-048/ACR-048.JPG","230905/Screenshooter-230508/2.2.2.1746/Images/ACR-048/ACR-048_1.JPG","230905/Screenshooter-230508/2.2.2.1746/Images/ACR-060/ACR-060.JPG","230905/Screenshooter-230508/2.2.2.1746/Images/ACR-060/ACR-060_1.JPG"],"nonDeceptorImageFiles":[],"guid":"2a195759-f669-41cf-b6fa-a22e4b3b205b_2.2.2.1746_1","appID":"Screenshooter-230508","dateAdded":"230905","deceptorType":"App","name":"Screen Shooter","company":"ROSTPAY LTD","version":"2.2.2.1746","firstVendorContactDate":"230901","firstAppEsteemReplyDate":"230901","firstResolvedDate":"230905","firstResolvedVersion":"3.2.0","resolved":"TRUE","lastKnownStatus":"3.0.13;2.2.2.1746","lastKnownDate":"230905","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"none","lastUpdate":"2023-09-06T04:33:09.7959409+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":867},{"violations":{"ACR-042":"The app initiates network communications with 3rd party offer provider \"https://www.az-partners.net/\" before obtaining user consent.\n\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software.\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software. \n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"FileInfoApp.exe","companyName":"ROSTPAY LTD","fileVersion":"1.2","hashMD5":"750fec169c75863547399cf3f9460ab8","hashSHA1":"4cb74d981744e2d67e45dc88d8550d141bc7ab29","hashSHA256":"276a882c9fdfc2fa115486b406b4906da66c6fc36e5164844095d3fc2c70ecf0","digitalCertThumbprint":"B469AF63BEF0427875E65C3FE4FB50405597C70E","digitalCertIssuer":"CN=thawte SHA256 Code Signing CA, O=\"thawte, Inc.\", C=US","digitalCertIssuedTo":"L=Rostov-on-Don, CN=ROSTPAY LTD, O=ROSTPAY LTD, C=RU","sourceIndex":"909","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"file-info-install__13.exe","isInstaller":"True","companyName":"ROSTPAY LTD.","fileVersion":"3.1","hashMD5":"7b970849c42df8d21fc48c900d93fd8c","hashSHA1":"11fa16094fa636b538213351fdc9db697c2f062d","hashSHA256":"8128f5b016565caec5576a6e38bee01fed2c6b4c6538d6d051c5543bd453aa93","digitalCertThumbprint":"316294AA6980C66B0F6EC1E6F7E7FE66E383BEC6","digitalCertIssuer":"CN=GlobalSign GCC R45 EV CodeSigning CA 2020, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"E=support@rostpay.ru, CN=ROSTPAY LTD, O=ROSTPAY LTD, STREET=\"Dolomanovsky lane, 70D 1(10th floor)\", L=Rostov-on-Don, S=Rostov Oblast, C=RU, OID.1.3.6.1.4.1.311.60.2.1.2=Rostov Oblast, OID.1.3.6.1.4.1.311.60.2.1.3=RU, SERIALNUMBER=1086168004669, OID.2.5.4.15=Private Organization","sourceIndex":"909","avBlockList":["360 Total Security (20230620)","Avira Internet Security (20230620)","Bitdefender Internet Security (20230620)","Dr.Web Security Space (20230620)","ESET Internet Security (20230620)","G DATA INTERNET SECURITY (20230620)","K7 Total Security (20230620)","Malwarebytes Premium (20230620)","Norton Security (20230620)","Panda Dome (20230620)","Quick Heal Internet Security (20230620)","Sophos Home Premium (20230620)","SpyHunter5 (20230620)","Total AV Antivirus Pro (20230620)","VirIT eXplorer PRO (20230620)","Webroot SecureAnywhere (20230620)","Windows Defender (20230620)"],"avAllowList":["Avast Premium Security (20230620)","AVG Internet Security (20230620)","COMODO Antivirus (20230620)","Kaspersky Internet Security (20230620)","McAfee Total Protection (20230620)","Trend Micro Internet Security (20230620)","VIPRE Advanced Security (20230620)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.search: Rostpay related apps","reference":"","landingPage":"https://www.softportal.com/software-45480-fileinfo.html","directDownloadingLink":"https://www.softportal.com/getsoft-45480-fileinfo-100.html","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.softportal.com/getsoft-45480-fileinfo-100.html","sourceIndex":"909"}],"sampleFiles":["230905/FileInfo-230608/1.2.0.2474/Samples/FileInfoApp.exe","230905/FileInfo-230608/1.2.0.2474/Samples/file-info-install__13.exe"],"imageFiles":["230905/FileInfo-230608/1.2.0.2474/Images/ACR-042/ACR-042.png","230905/FileInfo-230608/1.2.0.2474/Images/ACR-013/OptionalOffer1.png","230905/FileInfo-230608/1.2.0.2474/Images/ACR-013/OptionalOffer2.png","230905/FileInfo-230608/1.2.0.2474/Images/ACR-060/OptionalOffer1.png","230905/FileInfo-230608/1.2.0.2474/Images/ACR-060/OptionalOffer2.png"],"nonDeceptorImageFiles":[],"guid":"398f1e07-8233-4f94-9ed5-7acfabfc503d_1.2.0.2474_1","appID":"FileInfo-230608","dateAdded":"230905","deceptorType":"App","name":"FileInfo","company":"ROSTPAY LTD.","version":"1.2.0.2474","firstVendorContactDate":"230901","firstAppEsteemReplyDate":"230901","firstResolvedDate":"230905","firstResolvedVersion":"3.2.0","resolved":"TRUE","lastKnownStatus":"1.2.0.2474","lastKnownDate":"230905","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"none","lastUpdate":"2023-09-06T04:37:24.939031+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":872},{"violations":{"ACR-057":"Different ways to accept or decline the offers. The first offer has reject and accept buttons. The second offer requires the user to uncheck a checkbox in order to decline the offer.\n","ACR-155":"Offer is inserted into the install workflow with a pre-checked checkbox to trick the consumer into installing the offer.\n"},"nonDeceptorViolations":{"ACR-054":"The option to accept the offer is pre-checked and requires the user to uncheck it if they don't want the offer.\n"},"samples":[{"isRevoked":"False","fileName":"sopcast_msetup_[40689705].exe","isInstaller":"True","companyName":"NBZ LTD.","fileVersion":"1.4","hashMD5":"6dad8eb9460cd9794caab68d76cae9ec","hashSHA1":"82520cdaf8e6fb03d6b81756be08ce55b06d405b","hashSHA256":"0abf2303dc37fa9951601c226ab0a02184937888d3958ab8afdfa30ebd26993d","digitalCertThumbprint":"CA123839588E886D64D8994708E14CA480411DBD","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=NBZ LTD., O=NBZ LTD., STREET=\"d. 17 korp. 2 litera A ofis 606-2, ul. Beloostrovskaya\", L=Saint-Petersburg, S=Saint-Petersburg, PostalCode=197342, C=RU","sourceIndex":"2385","avBlockList":["Avira Internet Security (20230919)","Bitdefender Internet Security (20230919)","COMODO Antivirus (20230919)","Dr.Web Security Space (20230919)","ESET Internet Security (20230919)","G DATA INTERNET SECURITY (20230919)","K7 Total Security (20230919)","Kaspersky Internet Security (20230919)","Malwarebytes Premium (20230919)","McAfee Total Protection (20230919)","Norton Security (20230919)","Panda Dome (20230919)","Quick Heal Internet Security (20230919)","Sophos Home Premium (20230919)","SpyHunter5 (20230919)","Total AV Antivirus Pro (20230919)","Trend Micro Internet Security (20230919)","VIPRE Advanced Security (20230919)","VirIT eXplorer PRO (20230919)","Webroot SecureAnywhere (20230919)"],"avAllowList":["360 Total Security (20230919)","Avast Premium Security (20230919)","AVG Internet Security (20230919)","Tencent PC Manager (20200930)","Windows Defender (20230919)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"","landingPage":"https://soft.mydiv.net/win/files-SopCast.html","directDownloadingLink":"https://msetup.pro/api/getbundle/?partner_apikey=e8da53a20eb8a50791232131098070d8&program_slug=sopcast","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://msetup.pro/api/getbundle/?partner_apikey=e8da53a20eb8a50791232131098070d8&program_slug=sopcast","sourceIndex":"2385"}],"sampleFiles":["200713/MyDivBundler-200706/1.4.6.0/Samples/sopcast_msetup_[40689705].exe"],"imageFiles":["200713/MyDivBundler-200706/1.4.6.0/Images/ACR-057/Screen Shot 2020-07-01 at 2.03.05 PM.png","200713/MyDivBundler-200706/1.4.6.0/Images/ACR-057/Screen Shot 2020-07-01 at 2.04.06 PM.png","200713/MyDivBundler-200706/1.4.6.0/Images/ACR-155/Screen Shot 2020-07-01 at 2.04.06 PM.png"],"nonDeceptorImageFiles":["200713/MyDivBundler-200706/1.4.6.0/Images/ACR-054/Screen Shot 2020-07-01 at 2.04.06 PM.png"],"guid":"28733d57-3e74-40c8-8cb6-ec6e57c2e954_1.4.6.0_1","appID":"MyDivBundler-200706","dateAdded":"230905","deceptorType":"Bundler","name":"My Div Bundler","company":"NBZ OOO","version":"1.4.6.0","sigName":"Deceptor:Win32/MyDivBundler!057155","lastKnownStatus":"3.8.21;4.0.1","lastKnownDate":"230905","type":"Windows Executable","category":"Bundlers & Downloaders","targetOS":"Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"sold in bundle","lastUpdate":"2023-09-05T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":3,"sortOrder":871},{"violations":{"ACR-109":"The app drops all its components in the temp folder without the consumer's consent immediately after executing the installer. Also, the app silently installs \"PDFArchitect\" without disclosing its relationship to the app during installation or getting user consent.\n","ACR-042":"1. The \"PdfCreator\" components get dropped inmediately after executing the installer and silently installs \"PdfArchitect\" without asking the user's permission and disclosing it to the user.\n2. During install, the app communicate to sodapdf and playanext offer providers without disclosing in EULA\n","ACR-043":"The \"Pdf Creator\" components get dropped immediately after executing the installer and silently installs \"PdfArchitect\" without asking the user's permission and disclosing its relationship to the user\n","ACR-048":"The app does not provide an option to cancel installation\nThe app does not provide any control to close the app completely\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software. \n","ACR-060":"The offer network does not disclose itself in its offer to silently install unrelated software\n","ACR-084":"The app's process runs silently in the background without user's knowledge and consent\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains \"PdfArchitect\" components on the device without the consumer's consent. \n","ACR-119":"The app retains the monetization components of \"PdfArchitect\" app on the device without the consumer's consent. \n","ACR-039":"The app silently installs \"PdfArchitect\" without disclosing its relationship to the app during installation.\n","ACR-155":"Offer is inserted into the install workflow to trick the consumer into installing the offer\n","ACR-165":"The app doesn't provide the following information in the shopping cart: 1. How to cancel the auto-renewal easily via an online approach. 2. When the user will receive the auto-renewal payment notification if auto-renew payment is selected.\n"},"nonDeceptorViolations":{"ACR-123":"The app retains all the \"PdfArchitect\" components and its scheduled tasks on the device even after uninstallation and reboot. \n","ACR-054":"The app does not provide an equal prominence between accept and decline options.\n"},"samples":[{"isRevoked":"False","fileName":"PDFCreator-5_1_2-Setup.exe","isInstaller":"True","companyName":"Avanquest pdfforge GmbH","productName":"PDFCreator","productVersion":"5.1.2","fileVersion":"5.1.2","hashMD5":"01c283988c93d390d4c81c38bf00abee","hashSHA1":"4315c9c1d1abd1d6bfc1ace76cb507bd1f0e6b5e","hashSHA256":"055f227facd235f2d552027ddb73cedac92ed76104b6f1411f2192a2cb507907","digitalCertThumbprint":"29D039D392F51A3242BD3029E70AC108A0712DC2","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"pdfforge GmbH","storeId":"","sourceIndex":"914","avBlockList":["COMODO Antivirus (20230919)","ESET Internet Security (20230919)","McAfee Total Protection (20230919)","Norton Security (20230919)","Panda Dome (20230919)","SpyHunter5 (20230919)","VirIT eXplorer PRO (20230919)"],"avAllowList":["360 Total Security (20230919)","Avast Premium Security (20230919)","AVG Internet Security (20230919)","Avira Internet Security (20230919)","Bitdefender Internet Security (20230919)","Dr.Web Security Space (20230919)","G DATA INTERNET SECURITY (20230919)","K7 Total Security (20230919)","Kaspersky Internet Security (20230919)","Malwarebytes Premium (20230919)","Quick Heal Internet Security (20230919)","Sophos Home Premium (20230919)","Total AV Antivirus Pro (20230919)","Trend Micro Internet Security (20230919)","VIPRE Advanced Security (20230919)","Webroot SecureAnywhere (20230919)","Windows Defender (20230919)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunted on Offer provider","reference":"","landingPage":"https://www.pdfforge.org/pdfcreator","directDownloadingLink":"https://download.pdfforge.org/download/pdfcreator/PDFCreator-stable","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://download.pdfforge.org/download/pdfcreator/PDFCreator-stable","sourceIndex":"914"}],"sampleFiles":["230831/PDFCreator-230817/5.1.2.55291/Samples/PDFCreator-5_1_2-Setup.exe"],"imageFiles":["230831/PDFCreator-230817/5.1.2.55291/Images/ACR-109/ACR-109_Install_1.png","230831/PDFCreator-230817/5.1.2.55291/Images/ACR-109/ACR-109_Install_2.png","230831/PDFCreator-230817/5.1.2.55291/Images/ACR-039/ACR-039_Install_1.png","230831/PDFCreator-230817/5.1.2.55291/Images/ACR-043/ACR-043_Install_1.png","230831/PDFCreator-230817/5.1.2.55291/Images/ACR-043/ACR-043_Install_2.png","230831/PDFCreator-230817/5.1.2.55291/Images/ACR-042/ACR-042_Install_4.png","230831/PDFCreator-230817/5.1.2.55291/Images/ACR-042/ACR-042_Install_1.png","230831/PDFCreator-230817/5.1.2.55291/Images/ACR-042/ACR-042_Install_2.png","230831/PDFCreator-230817/5.1.2.55291/Images/ACR-048/ACR-048_Install_1.png","230831/PDFCreator-230817/5.1.2.55291/Images/ACR-013/ACR-013_Install_1.png","230831/PDFCreator-230817/5.1.2.55291/Images/ACR-084/ACR-084_Software_1.png","230831/PDFCreator-230817/5.1.2.55291/Images/ACR-048/ACR-048_Software_1.png","230831/PDFCreator-230817/5.1.2.55291/Images/ACR-118/ACR-118_Uninstall_1.png","230831/PDFCreator-230817/5.1.2.55291/Images/ACR-119/ACR-119_Uninstall_1.png","230831/PDFCreator-230817/5.1.2.55291/Images/ACR-060/ACR-060_Bundler-made offers_1.png","230831/PDFCreator-230817/5.1.2.55291/Images/ACR-155/ACR-155_Bundler-made offers_1.png","230831/PDFCreator-230817/5.1.2.55291/Images/ACR-165/ACR-165_Internal offers_1.png"],"nonDeceptorImageFiles":["230831/PDFCreator-230817/5.1.2.55291/Images/ACR-123/ACR-123_Uninstall_1.png","230831/PDFCreator-230817/5.1.2.55291/Images/ACR-054/ACR-054_Bundler-made offers_1.png"],"guid":"dc44c3ba-6be8-4129-925d-fd74e3ae5252_5.1.2.55291_1","appID":"PDFCreator-230817","dateAdded":"230831","deceptorType":"App","name":"PDFCreator","company":"pdfforge GmbH","version":"5.1.2.55291","lastKnownStatus":"5.1.1.52491;5.1.2.55291","lastKnownDate":"230831","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"cross-sell other apps,sold in bundle","lastUpdate":"2023-08-31T22:48:51.227507+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":873},{"violations":{"ACR-109":"The app drops all its components in the temp folder without the consumer's consent immediately after executing the installer. Also, the app silently installs \"PDFArchitect\" without disclosing its relationship to the app during installation or getting user consent.\n","ACR-042":"1. The \"PdfCreator\" components get dropped inmediately after executing the installer and silently installs \"PdfArchitect\" without asking the user's permission and disclosing it to the user.\n2. During install, the app communicate to sodapdf and playanext offer providers without disclosing in EULA\n","ACR-043":"The \"Pdf Creator\" components get dropped immediately after executing the installer and silently installs \"PdfArchitect\" without asking the user's permission and disclosing its relationship to the user\n","ACR-048":"The app does not provide an option to cancel installation\nThe app does not provide any control to close the app completely\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software. \n","ACR-060":"The offer network does not disclose itself in its offer to silently install unrelated software\n","ACR-084":"The app's process runs silently in the background without user's knowledge and consent\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains \"PdfArchitect\" components on the device without the consumer's consent. \n","ACR-119":"The app retains the monetization components of \"PdfArchitect\" app on the device without the consumer's consent. \n","ACR-039":"The app silently installs \"PdfArchitect\" without disclosing its relationship to the app during installation.\n","ACR-155":"Offer is inserted into the install workflow to trick the consumer into installing the offer\n","ACR-165":"The app doesn't provide the following information in the shopping cart: 1. How to cancel the auto-renewal easily via an online approach. 2. When the user will receive the auto-renewal payment notification if auto-renew payment is selected.\n"},"nonDeceptorViolations":{"ACR-123":"The app retains all the \"PdfArchitect\" components and its scheduled tasks on the device even after uninstallation and reboot. \n","ACR-054":"The app does not provide an equal prominence between accept and decline options.\n"},"samples":[{"isRevoked":"False","fileName":"PDFCreator-5_1_1-Setup.exe","isInstaller":"True","companyName":"Avanquest pdfforge GmbH","productName":"PDFCreator","productVersion":"5.1.1","fileVersion":"5.1.1","hashMD5":"0fb8c933f54e56df20807888c0439ad2","hashSHA1":"37e38e5ae9c10f4e4b7be09257b5cac52ab93c47","hashSHA256":"c874e2d65f84cc206c008760c50ccfac6ee6b5916fc9af251a3a6a3f34329f76","digitalCertThumbprint":"29D039D392F51A3242BD3029E70AC108A0712DC2","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"pdfforge GmbH","storeId":"","sourceIndex":"923","avBlockList":["ESET Internet Security (20230831)","Norton Security (20230831)","SpyHunter5 (20230831)","VirIT eXplorer PRO (20230831)","Webroot SecureAnywhere (20230831)"],"avAllowList":["360 Total Security (20230831)","Avast Premium Security (20230831)","AVG Internet Security (20230831)","Avira Internet Security (20230831)","Bitdefender Internet Security (20230831)","COMODO Antivirus (20230831)","Dr.Web Security Space (20230831)","G DATA INTERNET SECURITY (20230831)","K7 Total Security (20230831)","Kaspersky Internet Security (20230831)","Malwarebytes Premium (20230831)","McAfee Total Protection (20230831)","Panda Dome (20230831)","Quick Heal Internet Security (20230831)","Sophos Home Premium (20230831)","Total AV Antivirus Pro (20230831)","Trend Micro Internet Security (20230831)","VIPRE Advanced Security (20230831)","Windows Defender (20230831)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunted on Offer provider","reference":"","landingPage":"https://www.pdfforge.org/pdfcreator","directDownloadingLink":"https://download.pdfforge.org/download/pdfcreator/PDFCreator-stable","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://download.pdfforge.org/download/pdfcreator/PDFCreator-stable","sourceIndex":"923"}],"sampleFiles":["230817/PDFCreator-230817/5.1.1.52491/Samples/PDFCreator-5_1_1-Setup.exe"],"imageFiles":["230817/PDFCreator-230817/5.1.1.52491/Images/ACR-109/ACR-109_Install_1.png","230817/PDFCreator-230817/5.1.1.52491/Images/ACR-109/ACR-109_Install_2.png","230817/PDFCreator-230817/5.1.1.52491/Images/ACR-039/ACR-039_Install_1.png","230817/PDFCreator-230817/5.1.1.52491/Images/ACR-043/ACR-043_Install_1.png","230817/PDFCreator-230817/5.1.1.52491/Images/ACR-043/ACR-043_Install_2.png","230817/PDFCreator-230817/5.1.1.52491/Images/ACR-042/ACR-042_Install_1.png","230817/PDFCreator-230817/5.1.1.52491/Images/ACR-042/ACR-042_Install_3.png","230817/PDFCreator-230817/5.1.1.52491/Images/ACR-042/ACR-042_Install_2.png","230817/PDFCreator-230817/5.1.1.52491/Images/ACR-048/ACR-048_Install_1.png","230817/PDFCreator-230817/5.1.1.52491/Images/ACR-013/ACR-013_Install_1.png","230817/PDFCreator-230817/5.1.1.52491/Images/ACR-084/ACR-084_Software_1.png","230817/PDFCreator-230817/5.1.1.52491/Images/ACR-048/ACR-048_Software_1.png","230817/PDFCreator-230817/5.1.1.52491/Images/ACR-118/ACR-118_Uninstall_1.png","230817/PDFCreator-230817/5.1.1.52491/Images/ACR-119/ACR-119_Uninstall_1.png","230817/PDFCreator-230817/5.1.1.52491/Images/ACR-060/ACR-060_Bundler-made offers_1.png","230817/PDFCreator-230817/5.1.1.52491/Images/ACR-155/ACR-155_Bundler-made offers_1.png","230817/PDFCreator-230817/5.1.1.52491/Images/ACR-165/ACR-165_Internal offers_1.png"],"nonDeceptorImageFiles":["230817/PDFCreator-230817/5.1.1.52491/Images/ACR-123/ACR-123_Uninstall_1.png","230817/PDFCreator-230817/5.1.1.52491/Images/ACR-054/ACR-054_Bundler-made offers_1.png"],"guid":"dc44c3ba-6be8-4129-925d-fd74e3ae5252_5.1.1.52491_1","appID":"PDFCreator-230817","dateAdded":"230831","deceptorType":"App","name":"PDFCreator","company":"pdfforge GmbH","version":"5.1.1.52491","lastKnownStatus":"5.1.1.52491;5.1.2.55291","lastKnownDate":"230831","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"cross-sell other apps,sold in bundle","lastUpdate":"2023-08-31T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":874},{"violations":{"ACR-042":"The app and its components get dropped in one click without obtaining user's permission and disclosing the installation path and allowing the user to change it.\n","ACR-006":"The browser performs connections to several links that is not clearly disclosed at installation before it redirects to a legitimate search engine making it appear like the search uses the legit one.\n","ACR-007":"The app's attribution on the main page is not clear. It redirects user searches to another search engine. The browser misleads consumers into thinking that it is a normal Chrome Browser by its similar appearance.\n","ACR-124":"Chromnius Browser cannot be uninstalled/removed from Control Panel.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"chromnius.exe","companyName":"Dragon Boss Solutions LLC","fileVersion":"118.0","hashMD5":"491d97b76786efae9bbaae63cd87326f","hashSHA1":"db3bcde21b9571f7ed93a47d8570f360e8cc2d5c","hashSHA256":"39553899cce552e5c3114bbe6ae45f71cbc6aa00142fd15997f7e5b134733027","sourceIndex":"917","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"Setup.exe","isInstaller":"True","companyName":"Chromnius Browser","fileVersion":"1.0","hashMD5":"a9e5c110940c6eea187fc326b6ec43c1","hashSHA1":"d614e568c6f0d3daafbebb25b7686bd0352b5c36","hashSHA256":"2ac198d58a53db4de1a59e3d001cfe8868d014460259ba1ca31e9afdfcfddbd9","digitalCertThumbprint":"925DE27A297B9C416C251935EFE64219F41EC0F5","digitalCertIssuer":"CN=GlobalSign GCC R45 CodeSigning CA 2020, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"E=admin@dragonboss.com, CN=Dragon Boss Solutions LLC, O=Dragon Boss Solutions LLC, L=Sharjah, S=Sharjah, C=AE","sourceIndex":"917","avBlockList":["360 Total Security (20230919)","Avast Premium Security (20230919)","AVG Internet Security (20230919)","Avira Internet Security (20230919)","Bitdefender Internet Security (20230919)","COMODO Antivirus (20230919)","Dr.Web Security Space (20230919)","ESET Internet Security (20230919)","G DATA INTERNET SECURITY (20230919)","K7 Total Security (20230919)","Kaspersky Internet Security (20230919)","Malwarebytes Premium (20230919)","McAfee Total Protection (20230919)","Norton Security (20230919)","Panda Dome (20230919)","Quick Heal Internet Security (20230919)","Sophos Home Premium (20230919)","SpyHunter5 (20230919)","Total AV Antivirus Pro (20230919)","VirIT eXplorer PRO (20230919)"],"avAllowList":["Trend Micro Internet Security (20230919)","VIPRE Advanced Security (20230919)","Webroot SecureAnywhere (20230919)","Windows Defender (20230919)"]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"","landingPage":"https://www.chromnius.com/","directDownloadingLink":"https://www.chromnius.com/download1/browser.php","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.chromnius.com/download1/browser.php","sourceIndex":"917"}],"sampleFiles":["230830/Chromnius-230829/118.0.5951.0/Samples/chromnius.exe","230830/Chromnius-230829/118.0.5951.0/Samples/Setup.exe"],"imageFiles":["230830/Chromnius-230829/118.0.5951.0/Images/ACR-042/ACR-042.gif","230830/Chromnius-230829/118.0.5951.0/Images/ACR-042/Installation.jpg","230830/Chromnius-230829/118.0.5951.0/Images/ACR-006/Bing_redirection.mp4","230830/Chromnius-230829/118.0.5951.0/Images/ACR-006/Yahoo_redirection.mp4","230830/Chromnius-230829/118.0.5951.0/Images/ACR-006/Search.jpg","230830/Chromnius-230829/118.0.5951.0/Images/ACR-006/SearchSettings.jpg","230830/Chromnius-230829/118.0.5951.0/Images/ACR-007/Chromnius_browser.jpg","230830/Chromnius-230829/118.0.5951.0/Images/ACR-007/Bing_redirection.mp4","230830/Chromnius-230829/118.0.5951.0/Images/ACR-124/ACR124.jpg","230830/Chromnius-230829/118.0.5951.0/Images/ACR-124/ACR124-2.jpg"],"nonDeceptorImageFiles":[],"guid":"ffdff030-4fb2-48d6-8211-239c33ee1c5e_118.0.5951.0_1","appID":"Chromnius-230829","dateAdded":"230830","deceptorType":"App","name":"Chromnius","company":"Dragon Boss Solutions LLC","version":"118.0.5951.0","lastKnownStatus":"118.0.5951.0","lastKnownDate":"230830","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"search","lastUpdate":"2023-08-30T23:19:30.7985153+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":875},{"violations":{"ACR-042":"1. On executing the installer, it directly installs the app and its components without asking any user's permission. \n2. The components related to \"Bright data\" are dropped even before obtaining the consumer's consent and permission \n","ACR-043":"1. The app drops components of \"Bright data\" even before the user agrees and consents.\n2. Before obtaining the user's consent, the app drops all the files inside the C:\\Users\\User\\AppData\\Roaming folder and launches the application immediately after executing the installer.\n3. The app drops \"FFmpeg\" components without any disclosure or user consent.\n","ACR-047":"The prompt regarding the \"Bright data\" appears whenever the app is launched even though it was declined earlier.\n","ACR-107":"The app drops the \"FFmpeg\" component without any disclosure and user's consent.\n","ACR-048":"The app does not provide control to remove the process or quit the app completely within the app's settings.\n","ACR-007":"App does not obtain user consent to reduce the consumer's security posture caused by sharing ip/network connection. \n","ACR-084":"1. On closing the app, the application doesn't exit completely. Several processes run in the background, hiding the fact that it is active from the consumer without any notification.\n2. When the app is launched manually, the system tray contains both \"8K Video Downloader\" and the bright data logo but the bright data logo seems to be greyed out and hidden  (Random behavior).\n","ACR-103":"The value propositions claimed in landing page don't exist in software as the software does not download any videos.\n","ACR-165":"The app doesn't provide the following information in the shopping cart (https://www.8kvideodownloader.com/pro): 1. How to cancel the auto-renewal easily via an online approach. 2. What's the price will be in the auto-renewal payment given the first payment is a discounted price. 3. When the user will receive the auto-renewal payment notification if auto-renew payment is selected.\n"},"nonDeceptorViolations":{"ACR-040":"The app installs itself in a hidden location \"C:\\Users\\User\\AppData\\Roaming\" without any disclosure.\n","ACR-092":"The app does not provide a digital signature for the installer (8k-video-downloader.exe) and the main executable (Youtube Downloader.exe).\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Users\\User\\AppData\\Roaming\\8K Video Downloader\\Youtube Downloader.exe","companyName":"","productName":"8K Video Downloader","productVersion":"14.0","fileVersion":"14.0","hashMD5":"95847fb3129ade18e2745dfa713bafe2","hashSHA1":"9ae7cf84645db9413b05926109e69601965ada79","hashSHA256":"e04b9f27ddf290038b360ce37752ec2fb8cb137cd14e396c65445127cc32e5a5","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1634","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"8kvideodownloaderSetup.exe","isInstaller":"True","companyName":"8K Video Downloader","productName":"8K Video Downloader","productVersion":"14.0","fileVersion":"14.0","hashMD5":"dd2906bd3819d2e05985467f12047354","hashSHA1":"16f86326851128d9ab24cd20d35dd88967ba47e1","hashSHA256":"7f5a90b6ea65f0acfe5c0f73d7af0cdd284ae8fd8af3b050730404a493e6e493","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1634","avBlockList":["360 Total Security (20230907)","Avast Premium Security (20230907)","AVG Internet Security (20230907)","Avira Internet Security (20230907)","COMODO Antivirus (20230907)","ESET Internet Security (20230907)","G DATA INTERNET SECURITY (20230907)","K7 Total Security (20230907)","Kaspersky Internet Security (20230907)","Malwarebytes Premium (20230907)","McAfee Total Protection (20230907)","Norton Security (20230907)","Panda Dome (20230907)","Quick Heal Internet Security (20230907)","Sophos Home Premium (20230907)","SpyHunter5 (20230907)","Total AV Antivirus Pro (20230907)","Trend Micro Internet Security (20230907)","VirIT eXplorer PRO (20230907)","Webroot SecureAnywhere (20230907)","Windows Defender (20230907)"],"avAllowList":["Bitdefender Internet Security (20230907)","Dr.Web Security Space (20230907)","Tencent PC Manager (20220503)","VIPRE Advanced Security (20230907)"]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on windows app","reference":"","landingPage":"https://www.8kvideodownloader.com/","directDownloadingLink":"https://www.8kvideodownloader.com/setups/8k-video-downloader.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.8kvideodownloader.com/setups/8k-video-downloader.exe","sourceIndex":"1634"}],"sampleFiles":["220428/8Kvideodownloader-220428/14.0/Samples/8kvideodownloaderSetup.exe"],"imageFiles":["220428/8Kvideodownloader-220428/14.0/Images/ACR-043/ACR-043_Install.JPG","220428/8Kvideodownloader-220428/14.0/Images/ACR-043/ACR-043_Install_1.JPG","220428/8Kvideodownloader-220428/14.0/Images/ACR-043/ACR-043_Install_2.JPG","220428/8Kvideodownloader-220428/14.0/Images/ACR-107/ACR-107_Install.JPG","220428/8Kvideodownloader-220428/14.0/Images/ACR-042/ACR-042_Install.JPG","220428/8Kvideodownloader-220428/14.0/Images/ACR-042/ACR-042_Install_1.JPG","220428/8Kvideodownloader-220428/14.0/Images/ACR-007/ACR-007_Install.JPG","220428/8Kvideodownloader-220428/14.0/Images/ACR-084/ACR-084_Software.JPG","220428/8Kvideodownloader-220428/14.0/Images/ACR-084/ACR-084_Software_1.JPG","220428/8Kvideodownloader-220428/14.0/Images/ACR-103/ACR-103_Software.JPG","220428/8Kvideodownloader-220428/14.0/Images/ACR-048/ACR-048_Software_1.JPG","220428/8Kvideodownloader-220428/14.0/Images/ACR-048/ACR-048_Software_No_Control.JPG","220428/8Kvideodownloader-220428/14.0/Images/ACR-047/ACR-047_InbundleOffers.JPG","220428/8Kvideodownloader-220428/14.0/Images/ACR-165/ACR-165_InternalOffers.JPG"],"nonDeceptorImageFiles":["220428/8Kvideodownloader-220428/14.0/Images/ACR-040/ACR-040_Install.JPG","220428/8Kvideodownloader-220428/14.0/Images/ACR-092/ACR-092_Software.JPG","220428/8Kvideodownloader-220428/14.0/Images/ACR-092/ACR-092_Software_1.JPG"],"guid":"56110df6-6e88-4571-82e5-058b3f7b37fe_14.0_1","appID":"8Kvideodownloader-220428","dateAdded":"230817","deceptorType":"App","name":"8K Video Downloader","company":"8K Video Downloader","version":"14.0","lastKnownStatus":"14.0;15.0","lastKnownDate":"230817","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2023-08-17T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":878},{"violations":{"ACR-004":"The app uses an alarming red color and traffic light bar to display damage status for scan results to raise sense of urgency to the user. The application only cleans 500MB off of the scan list, then it requires the user to subscribe to clean other items found during scan.\n"},"nonDeceptorViolations":{"ACR-161":"Internal Offer shows endorsements that don't have links back to the original source and therefore cannot be verified. \n"},"samples":[{"isRevoked":"False","fileName":"DiskCleaner.exe","companyName":"Simnet Ltd.                                                 ","fileVersion":"0.0","hashMD5":"67bf0e063fa2205ddfbc5c2bddbd7c32","hashSHA1":"d7ef49a24bbe6cb61633af476e05daa5663acdf0","hashSHA256":"f09d7044bf3d41713cb2c4071a17eeebae1b073f54cacb2df1075b70e0db7128","digitalCertThumbprint":"4C6F54803A0F2ACAF1972FE7AB16177DF5F30756","digitalCertIssuer":"CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O=\"VeriSign, Inc.\", C=US","digitalCertIssuedTo":"CN=Simnet Bilgisayar Yazilim Hiz. San. ve Tic. Ltd. Sti., OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Simnet Bilgisayar Yazilim Hiz. San. ve Tic. Ltd. Sti., L=Istanbul, S=Istanbul, C=TR","sourceIndex":"921","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"Launcher.exe","companyName":"Simnet Ltd.                                                 ","fileVersion":"0.0","hashMD5":"8676ea31b9c3d758dae322d032c6b4c4","hashSHA1":"0f2214a760ad23e6f4bb3a794581411d9fa401b9","hashSHA256":"b7d31c393121b11949a581af77a5455638b0358860ea0819cd7acca4b8b1cf94","digitalCertThumbprint":"4C6F54803A0F2ACAF1972FE7AB16177DF5F30756","digitalCertIssuer":"CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O=\"VeriSign, Inc.\", C=US","digitalCertIssuedTo":"CN=Simnet Bilgisayar Yazilim Hiz. San. ve Tic. Ltd. Sti., OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Simnet Bilgisayar Yazilim Hiz. San. ve Tic. Ltd. Sti., L=Istanbul, S=Istanbul, C=TR","sourceIndex":"921","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"SimnetDiskCleaner2011.exe","isInstaller":"True","companyName":"Simnet Ltd.                                                 ","fileVersion":"0.0","hashMD5":"917fc8fdc0b0ac2ce384f0bbe9f659fa","hashSHA1":"a36ea1a5c285a693df22b67cb184ffff5b29ba6e","hashSHA256":"5ef7183be26f0e011a151f051a9046cdb3ce10da9017b9c0465c6b0e11c4b8e3","digitalCertThumbprint":"4C6F54803A0F2ACAF1972FE7AB16177DF5F30756","digitalCertIssuer":"CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O=\"VeriSign, Inc.\", C=US","digitalCertIssuedTo":"CN=Simnet Bilgisayar Yazilim Hiz. San. ve Tic. Ltd. Sti., OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Simnet Bilgisayar Yazilim Hiz. San. ve Tic. Ltd. Sti., L=Istanbul, S=Istanbul, C=TR","sourceIndex":"921","avBlockList":["Avast Premium Security (20230907)","AVG Internet Security (20230907)","Avira Internet Security (20230907)","Dr.Web Security Space (20230907)","ESET Internet Security (20230907)","K7 Total Security (20230907)","Malwarebytes Premium (20230907)","Norton Security (20230907)","Panda Dome (20230907)","Sophos Home Premium (20230907)","SpyHunter5 (20230907)","Total AV Antivirus Pro (20230907)","VirIT eXplorer PRO (20230907)","Webroot SecureAnywhere (20230907)"],"avAllowList":["360 Total Security (20230907)","Bitdefender Internet Security (20230907)","COMODO Antivirus (20230907)","G DATA INTERNET SECURITY (20230907)","Kaspersky Internet Security (20230907)","McAfee Total Protection (20230907)","Quick Heal Internet Security (20230907)","Trend Micro Internet Security (20230907)","VIPRE Advanced Security (20230907)","Windows Defender (20230907)"]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"","landingPage":"http://simnetsoftware.com/products/simnet-disk-cleaner.html","directDownloadingLink":"https://download.cnet.com/Simnet-Disk-Cleaner-2011/3001-2086_4-75220727.html","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://download.cnet.com/Simnet-Disk-Cleaner-2011/3001-2086_4-75220727.html","sourceIndex":"921"}],"sampleFiles":["230817/SimnetDiskCleaner-230816/3.1.1.4/Samples/DiskCleaner.exe","230817/SimnetDiskCleaner-230816/3.1.1.4/Samples/Launcher.exe","230817/SimnetDiskCleaner-230816/3.1.1.4/Samples/SimnetDiskCleaner2011.exe"],"imageFiles":["230817/SimnetDiskCleaner-230816/3.1.1.4/Images/ACR-004/ACR-004_ScanResult.jpg","230817/SimnetDiskCleaner-230816/3.1.1.4/Images/ACR-004/ACR-004_Clean.jpg","230817/SimnetDiskCleaner-230816/3.1.1.4/Images/ACR-004/ACR-AfterClean.jpg"],"nonDeceptorImageFiles":["230817/SimnetDiskCleaner-230816/3.1.1.4/Images/ACR-161/SimnetDiskCleaner_InternalOffer.jpeg"],"guid":"078cd47f-0c5b-4cc7-8cef-9653986ddb2b_3.1.1.4_1","appID":"SimnetDiskCleaner-230816","dateAdded":"230817","deceptorType":"App","name":"Simnet Disk Cleaner","company":"Simnet Ltd.","version":"3.1.1.4","lastKnownStatus":"3.1.1.4","lastKnownDate":"230817","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2023-08-17T21:31:18.2052385+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":876},{"violations":{"ACR-042":"1. On executing the installer, it directly installs the app and its components without asking any user's permission. \n2. The components related to \"Bright data\" are dropped even before obtaining the consumer's consent and permission \n","ACR-043":"1. The app drops components of \"Bright data\" even before the user agrees and consents.\n2. Before obtaining the user's consent, the app drops all the files inside the C:\\Users\\User\\AppData\\Roaming folder and launches the application immediately after executing the installer.\n3. The app drops \"FFmpeg\" components without any disclosure or user consent.\n","ACR-047":"The prompt regarding the \"Bright data\" appears whenever the app is launched even though it was declined earlier.\n","ACR-107":"The app drops the \"FFmpeg\" component without any disclosure and user's consent.\n","ACR-048":"The app does not provide control to remove the process or quit the app completely within the app's settings.\n","ACR-084":"1. On closing the app, the application doesn't exit completely. Several processes run in the background, hiding the fact that it is active from the consumer without any notification.\n2. When the app is launched manually, the system tray contains both \"8K Video Downloader\" and the bright data logo but the bright data logo seems to be greyed out and hidden.\n","ACR-103":"The value propositions claimed in landing page don't exist in software as the software does not download any videos.\n","ACR-165":"The app doesn't provide the following information in the shopping cart (https://www.8kvideodownloader.com/pro): 1. How to cancel the auto-renewal easily via an online approach. 2. What's the price will be in the auto-renewal payment given the first payment is a discounted price. 3. When the user will receive the auto-renewal payment notification if auto-renew payment is selected.\n"},"nonDeceptorViolations":{"ACR-040":"The app installs itself in a hidden location \"C:\\Users\\User\\AppData\\Roaming\" without any disclosure.\n","ACR-092":"The app does not provide a digital signature for the installer (8k-video-downloader.exe) and the main executable (Youtube Downloader.exe).\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Users\\User\\AppData\\Roaming\\8K Video Downloader\\Youtube Downloader.exe","companyName":"","productName":"8K Video Downloader","productVersion":"15.0","fileVersion":"15.0","hashMD5":"c0e0ecbc8f9bc6dd5a7b89c6480b5e5b","hashSHA1":"4aa2c13a5e4cd22cb696d4ebf5c49783a253d4f9","hashSHA256":"aa197108f96ae4cc88a0d2ba8759b4713dbc07810948e77c418369a0719f3ee3","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"924","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"8k-video-downloader.exe","isInstaller":"True","companyName":"8K Video Downloader","productName":"8K Video Downloader","productVersion":"15.0","fileVersion":"15.0","hashMD5":"f9ef94db90fe348617759a1369327601","hashSHA1":"418982cf57b6e82ec9a757791c6d122479e8d49a","hashSHA256":"ebb8222a4eab7df4f915dd6d7c5eb4eef523cc3a13ddfd3d2b535f1e53ea38cb","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"924","avBlockList":["360 Total Security (20230831)","Avast Premium Security (20230831)","AVG Internet Security (20230831)","Avira Internet Security (20230831)","Bitdefender Internet Security (20230831)","COMODO Antivirus (20230831)","ESET Internet Security (20230831)","G DATA INTERNET SECURITY (20230831)","K7 Total Security (20230831)","Kaspersky Internet Security (20230831)","Malwarebytes Premium (20230831)","McAfee Total Protection (20230831)","Norton Security (20230831)","Panda Dome (20230831)","Quick Heal Internet Security (20230831)","Sophos Home Premium (20230831)","SpyHunter5 (20230831)","Total AV Antivirus Pro (20230831)","Trend Micro Internet Security (20230831)","VIPRE Advanced Security (20230831)","VirIT eXplorer PRO (20230831)","Webroot SecureAnywhere (20230831)","Windows Defender (20230831)"],"avAllowList":["Dr.Web Security Space (20230831)","Tencent PC Manager (20220519)"]},{"isRevoked":"False","fileName":"8k-video-downloader_230814.exe","isInstaller":"True","companyName":"8K Video Downloader","fileVersion":"15.0","hashMD5":"bf78237204cb5434de085dae8a5d3d41","hashSHA1":"95f4c1c23f74affa43821dc2002b9cbd5e63a770","hashSHA256":"8ede662c636aef00de5fb6140d2eff92b44a83b02d84c30021151f23f0cb1450","sourceIndex":"924","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"8k-video-downloader_230814_1.exe","isInstaller":"True","companyName":"8K Video Downloader","fileVersion":"15.0","hashMD5":"f1028c6f89771851d66ce87fc87362d3","hashSHA1":"8f3323ea9bde56f48930170a7810c46d28a9d15d","hashSHA256":"d7d3fe5e5377c1c754914318ac468ce9eb176abf46470fc9b72fe4826c7aff9d","sourceIndex":"924","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"hd-youtube-downloader-free.exe","isInstaller":"True","companyName":"8K Video Downloader","fileVersion":"15.0","hashMD5":"68b3a89b8c8beb998ad4186f3614070f","hashSHA1":"7287b6e3e6ae5c756f55788647d4502f1602975f","hashSHA256":"d6ddeb6086deb82667e072c370966f406a13d3f8ea4106f30dbd0e9b76be2a90","sourceIndex":"924","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"ytd-downloader.exe","isInstaller":"True","companyName":"8K Video Downloader","fileVersion":"15.0","hashMD5":"5063476f26ac96a432bc18d35154dfdf","hashSHA1":"fbeece891896999f25fdcb9f6bd28e298a17dc54","hashSHA256":"2373e98a83fc12b3ce609de5d366f1e26860e73e4ad0e66ff29ea7ad93e51532","sourceIndex":"924","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on windows app","reference":"","landingPage":"https://www.8kvideodownloader.com/","directDownloadingLink":"https://www.8kvideodownloader.com/setups/8k-video-downloader.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.8kvideodownloader.com/setups/8k-video-downloader.exe","sourceIndex":"924"}],"sampleFiles":["230817/8Kvideodownloader-220428/15.0/Samples/8k-video-downloader.exe","230817/8Kvideodownloader-220428/15.0/Samples/8k-video-downloader_230814.exe","230817/8Kvideodownloader-220428/15.0/Samples/8k-video-downloader_230814_1.exe","230817/8Kvideodownloader-220428/15.0/Samples/hd-youtube-downloader-free.exe","230817/8Kvideodownloader-220428/15.0/Samples/ytd-downloader.exe"],"imageFiles":["230817/8Kvideodownloader-220428/15.0/Images/ACR-043/ACR-043_Install.JPG","230817/8Kvideodownloader-220428/15.0/Images/ACR-043/ACR-043_Install_1.JPG","230817/8Kvideodownloader-220428/15.0/Images/ACR-043/ACR-043_Install_2.JPG","230817/8Kvideodownloader-220428/15.0/Images/ACR-107/ACR-107_Install.JPG","230817/8Kvideodownloader-220428/15.0/Images/ACR-042/ACR-042_Install.JPG","230817/8Kvideodownloader-220428/15.0/Images/ACR-042/ACR-042_Install_1.JPG","230817/8Kvideodownloader-220428/15.0/Images/ACR-084/ACR-084_Software.JPG","230817/8Kvideodownloader-220428/15.0/Images/ACR-084/ACR-084_Software_1.JPG","230817/8Kvideodownloader-220428/15.0/Images/ACR-103/ACR-103_Software.JPG","230817/8Kvideodownloader-220428/15.0/Images/ACR-048/ACR-048_Software_No_Control.JPG","230817/8Kvideodownloader-220428/15.0/Images/ACR-048/ACR-048_Software_No_Control_1.JPG","230817/8Kvideodownloader-220428/15.0/Images/ACR-047/ACR-047_In-bundle offers.JPG","230817/8Kvideodownloader-220428/15.0/Images/ACR-165/ACR-165_InternalOffers.jpg"],"nonDeceptorImageFiles":["230817/8Kvideodownloader-220428/15.0/Images/ACR-040/ACR-040_Install.JPG","230817/8Kvideodownloader-220428/15.0/Images/ACR-092/ACR-092_Software.JPG","230817/8Kvideodownloader-220428/15.0/Images/ACR-092/ACR-092_Software_1.JPG"],"guid":"56110df6-6e88-4571-82e5-058b3f7b37fe_15.0_1","appID":"8Kvideodownloader-220428","dateAdded":"230817","deceptorType":"App","name":"8K Video Downloader","company":"8K Video Downloader","version":"15.0","lastKnownStatus":"14.0;15.0","lastKnownDate":"230817","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2023-08-17T12:19:47.897255+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":877},{"violations":{"ACR-043":"lum_sdk.dll is dropped without disclosing during installation process and its EULA \"You will be able to view the component details in full before you accept this offer, as well as being able to turn Bright Data on and off directly from the 'App Settings'. Read more about Bright Data's EULA here <https://brightdata.com/legal/sdk-eula>\"\n","ACR-046":"The user interface of the app seems to have a \"High Contrast Theme\" which makes it difficult for the consumer to find required disclosures and options.\n","ACR-048":"The app does not provide any control to disable the startup it created.\n","ACR-010":"Application propagate fake likes/views for the video clips.\n","ACR-084":"1. The app creates a startup item without the user's knowledge and consent. \n2.  There is no icon on the system tray to indicate Bright Data function is running in the background when Bright Data services are enabled.\n"},"nonDeceptorViolations":{"ACR-092":"The app does not provide a digital signature for its executables.\n"},"samples":[{"isRevoked":"False","fileName":"AIO SMM Bot.msi","isInstaller":"True","fileVersion":"0.","hashMD5":"99ee5bb2ec8d06db7375455dcec870d7","hashSHA1":"f2d15080b996f32fe24a631613301504e8f6b274","hashSHA256":"2198c3f76bae1924dae222e616bcc866cee30bc9231ab6226b42e438558e0e61","digitalCertThumbprint":"NA","sourceIndex":"262","avBlockList":["360 Total Security (20230919)","Avast Premium Security (20230919)","AVG Internet Security (20230919)","Avira Internet Security (20230919)","ESET Internet Security (20230919)","K7 Total Security (20230919)","Kaspersky Internet Security (20230919)","Norton Security (20230919)","Panda Dome (20230919)","Sophos Home Premium (20230919)","SpyHunter5 (20230919)","Total AV Antivirus Pro (20230919)","VirIT eXplorer PRO (20230919)"],"avAllowList":["Bitdefender Internet Security (20230919)","COMODO Antivirus (20230919)","Dr.Web Security Space (20230919)","G DATA INTERNET SECURITY (20230919)","Malwarebytes Premium (20230919)","McAfee Total Protection (20230919)","Quick Heal Internet Security (20230919)","Trend Micro Internet Security (20230919)","VIPRE Advanced Security (20230919)","Webroot SecureAnywhere (20230919)","Windows Defender (20230919)"]},{"isRevoked":"False","fileName":"AIO SMM Tool.exe","productName":"cs_winform_anycpu","productVersion":"1.0.0.0","fileVersion":"1.0.0.0","hashMD5":"abddc3b81b5e99c7fbfd453c3a4693cf","hashSHA1":"a0201048b01765906e74ad75ce58164b8a7c0cae","hashSHA256":"453b813c71486919b1dc8f14b091ea2a390f030298c08115a2286633aafd1fa7","digitalCertThumbprint":"NA","sourceIndex":"262","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"VT search by certified appname","reference":"","landingPage":"https://hqtools.xyz/index.html","directDownloadingLink":"https://api.rypr.io/files/download?id=ff3a6312-83c5-47af-881e-64ae35f6f8f4","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://api.rypr.io/files/download?id=ff3a6312-83c5-47af-881e-64ae35f6f8f4","sourceIndex":"262"}],"sampleFiles":["230803/AIOSMMBot-230802/0.0.2/Samples/AIO SMM Bot.msi"],"imageFiles":["230803/AIOSMMBot-230802/0.0.2/Images/ACR-043/ACR-043_Install_1.png","230803/AIOSMMBot-230802/0.0.2/Images/ACR-046/ACR-046.JPG","230803/AIOSMMBot-230802/0.0.2/Images/ACR-084/ACR-084.JPG","230803/AIOSMMBot-230802/0.0.2/Images/ACR-084/ACR-084_1.JPG","230803/AIOSMMBot-230802/0.0.2/Images/ACR-084/ACR-084_2.JPG","230803/AIOSMMBot-230802/0.0.2/Images/ACR-048/ACR-048_1.JPG","230803/AIOSMMBot-230802/0.0.2/Images/ACR-010/ACR-010_Software_1.png"],"nonDeceptorImageFiles":["230803/AIOSMMBot-230802/0.0.2/Images/ACR-092/ACR-092.JPG"],"guid":"15c0e822-f6e8-4fb8-a13b-41e68b2e9a8e_0.0.2_1","appID":"AIOSMMBot-230802","dateAdded":"230803","deceptorType":"App","name":"AIO SMM Bot","company":"HQTools.xyz","version":"0.0.2","lastKnownStatus":"0.0.2","lastKnownDate":"241231","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2024-12-31T23:19:59.1247981+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":879},{"violations":{"ACR-042":"The app installs a self signed Trusted Root Certificate without obtaining the consumer's permission through explicit user action.\n","ACR-043":"The app does not provide information regarding a self signed Trusted Root Certificate that is installed.\n","ACR-048":"The app does not provide any control to close the app completely within the app's settings. When the app is minimized or closed it hides itself in the system tray.\n","ACR-007":"App does not obtain user consent to reduce the consumer's security posture caused by installing the self signed trusted root certificate.\n","ACR-017":"Norton Secured Logo on the cart page returns error message \"Hmm...Can't reach this page\" https://store.payproglobal.com/checkout?products[1][id]=57067&language=en&alwaysgoogle=TRUE&&x-referral=undefined&adlcinfo=585b32102494eb8b0ec71d55453bc1b680d3d55e&adllid=MNlP6yvCy5&prch=1&coupon-code-to-add=mult_5y_off_70\n","ACR-084":"On closing the app, the application doesn't exit completely. It runs silently in the background without notification to user that it is active.\n"},"nonDeceptorViolations":{"ACR-040":"The app drops certain files in a hidden folder (C:\\ProgramData) without the user's knowledge.\n","ACR-045":"The app does not describe clearly and straightforwardly what effect is caused to the user's system due to the installation of its self signed Trusted Root Certificate.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files\\AdLock\\AdLock.exe","companyName":"Hankuper s.r.o.","productName":"AdLock for Windows","productVersion":"2.1.4.4","fileVersion":"2.1.4.4","hashMD5":"6cf4bc23e3b57a189b10947e07b18b57","hashSHA1":"9ace052ff950692d12c62fb9c98f26ff8f5e4581","hashSHA256":"b4bc1db72e1c49a5246106e6f0b4d00586c0136a12514f7d523572d332e02a4d","digitalCertThumbprint":"AB33B55E06D73933AD7F0F780540B11E8FA4B2FB","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Hankuper s.r.o.","storeId":"","sourceIndex":"933","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"Adlock_Installer.exe","isInstaller":"True","companyName":"Hankuper s.r.o.                                             ","productName":"AdLock                                                      ","productVersion":"2.1.4.4                                           ","fileVersion":"2.1.4.4             ","hashMD5":"707a575f977b4b7f0aa2986533610832","hashSHA1":"06709f6de863487c3b236618560009e6d5760838","hashSHA256":"e08578ec7c7f4e029e3f9e117588288bdab2fcc42aba7d04afdc0c60b2daab0a","digitalCertThumbprint":"AB33B55E06D73933AD7F0F780540B11E8FA4B2FB","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Hankuper s.r.o.","storeId":"","sourceIndex":"933","avBlockList":["360 Total Security (20230921)","Avira Internet Security (20230921)","Bitdefender Internet Security (20230921)","ESET Internet Security (20230921)","K7 Total Security (20230921)","Malwarebytes Premium (20230921)","McAfee Total Protection (20230921)","Norton Security (20230921)","Panda Dome (20230921)","Quick Heal Internet Security (20230921)","Sophos Home Premium (20230921)","SpyHunter5 (20230921)","Total AV Antivirus Pro (20230921)","Trend Micro Internet Security (20230921)","VIPRE Advanced Security (20230921)","VirIT eXplorer PRO (20230921)","Webroot SecureAnywhere (20230921)","Windows Defender (20230921)"],"avAllowList":["Avast Premium Security (20230921)","AVG Internet Security (20230921)","COMODO Antivirus (20230921)","Dr.Web Security Space (20230921)","G DATA INTERNET SECURITY (20230921)","Kaspersky Internet Security (20230921)"]}],"additionalFiles":[],"sources":[{"howFound":"Ad blocker program","reference":"change DNS, add cert","landingPage":"https://adlock.com/","directDownloadingLink":"https://adlock.com/exe/","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://adlock.com/exe/","sourceIndex":"933"}],"sampleFiles":["230802/AdLock-220817/2.1.4.4/Samples/Adlock_Installer.exe"],"imageFiles":["230802/AdLock-220817/2.1.4.4/Images/ACR-043/ACR-043_Install_1.png","230802/AdLock-220817/2.1.4.4/Images/ACR-042/ACR-042_Install_1.png","230802/AdLock-220817/2.1.4.4/Images/ACR-007/ACR-007_Install_1.png","230802/AdLock-220817/2.1.4.4/Images/ACR-084/ACR-084_Software_1.png","230802/AdLock-220817/2.1.4.4/Images/ACR-048/ACR-048_Software_1.png","230802/AdLock-220817/2.1.4.4/Images/ACR-017/ACR-017_Internal offers_1.png"],"nonDeceptorImageFiles":["230802/AdLock-220817/2.1.4.4/Images/ACR-040/ACR-040_Install_1.png","230802/AdLock-220817/2.1.4.4/Images/ACR-045/ACR-045_Install_1.png"],"guid":"2ae0496b-35dc-4595-b7cc-f4130894f708_2.1.4.4_1","appID":"AdLock-220817","dateAdded":"230802","deceptorType":"App","name":"AdLock","company":"AdLock","version":"2.1.4.4","lastKnownStatus":"Deceptor:2.1.2.3;2.1.3.4;2.1.4.4","lastKnownDate":"230802","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"paid","lastUpdate":"2023-08-02T20:52:24.3059171+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":3,"sortOrder":880},{"violations":{"ACR-042":"The app installs a self signed Trusted Root Certificate without obtaining the consumer's permission through explicit user action.\n","ACR-043":"The app does not provide information regarding a self signed Trusted Root Certificate that is installed.\n","ACR-048":"The app does not provide any control to close the app completely within the app's settings. When the app is minimized or closed it hides itself in the system tray.\n","ACR-007":"App does not obtain user consent to reduce the consumer's security posture caused by installing the self signed trusted root certificate.\n","ACR-084":"On closing the app, the application doesn't exit completely. It runs silently in the background without notification to user that it is active.\n","ACR-118":"When the consumer attempts to completely uninstall the app, the Trusted Root certificate was retained on the device without the consumer's consent or notifying the user. (Couldn't replicate, please check)\n","ACR-165":"The app does not provide detailed information about when users receive notification for renewal and the price amount after the time-bound discount expires on the shopping cart (https://adlock.com/purchase/)\n"},"nonDeceptorViolations":{"ACR-040":"The app drops certain files in a hidden folder (C:\\ProgramData) without the user's knowledge.\n","ACR-045":"The app does not describe clearly and straightforwardly what effect is caused to the user's system due to the installation of its self signed Trusted Root Certificate.\n","ACR-123":"The app does not remove the Trusted Root certificate and its own startup entry even after uninstalling. (Couldn't replicate it, please check)\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files\\AdLock\\AdLock.exe","companyName":"Hankuper s.r.o.","productName":"AdLock for Windows","productVersion":"2.1.3.4","fileVersion":"2.1.3.4","hashMD5":"59940e2b13105aa7540f9bbaa090f985","hashSHA1":"db06eb72bd2d7d66503dbf01eff50fe947782d87","hashSHA256":"6a8bba0989f100b3460b84b9042eb415d1f1fe123526cd2f53bf1c43f0d142b4","digitalCertThumbprint":"8256116CB283B4356862EF237162DF8DAB42D5B3","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA256 2021 CA1","digitalCertIssuedTo":"Hankuper s.r.o.","storeId":"","sourceIndex":"1164","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Program Files\\AdLock\\AdlockService.exe","companyName":"Hankuper s.r.o.","productName":"AdLock Service for Windows","productVersion":"2.1.3.4","fileVersion":"2.1.3.4","hashMD5":"925418076052a5746426e6dde55dc16f","hashSHA1":"98f5b2b76480342da8f5c28824219ed1998aa615","hashSHA256":"ff4d87a2de255ab02d03641360f248d6349437be9db882bd83580f5bbe10ec2d","digitalCertThumbprint":"8256116CB283B4356862EF237162DF8DAB42D5B3","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA256 2021 CA1","digitalCertIssuedTo":"Hankuper s.r.o.","storeId":"","sourceIndex":"1164","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"Adlock_Installer.exe","isInstaller":"True","companyName":"Hankuper s.r.o.                                             ","productName":"AdLock                                                      ","productVersion":"2.1.3.4                                           ","fileVersion":"2.1.3.4             ","hashMD5":"64449d74a7e7e59adf9a22ef543bb895","hashSHA1":"cf326590cedd8e892ace5dde235edbe4820e54cb","hashSHA256":"4afdd882e03031512be016c5dab8ad0fb3d5a897de99b51ccf58a42368f132c0","digitalCertThumbprint":"8256116CB283B4356862EF237162DF8DAB42D5B3","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA256 2021 CA1","digitalCertIssuedTo":"Hankuper s.r.o.","storeId":"","sourceIndex":"1164","avBlockList":["360 Total Security (20230926)","Avira Internet Security (20230926)","Bitdefender Internet Security (20230926)","ESET Internet Security (20230926)","K7 Total Security (20230926)","Malwarebytes Premium (20230926)","McAfee Total Protection (20230926)","Norton Security (20230926)","Panda Dome (20230926)","Quick Heal Internet Security (20230926)","Sophos Home Premium (20230926)","SpyHunter5 (20230926)","Total AV Antivirus Pro (20230926)","VIPRE Advanced Security (20230926)","VirIT eXplorer PRO (20230926)","Webroot SecureAnywhere (20230926)"],"avAllowList":["Avast Premium Security (20230926)","AVG Internet Security (20230926)","COMODO Antivirus (20230926)","Dr.Web Security Space (20230926)","G DATA INTERNET SECURITY (20230926)","Kaspersky Internet Security (20230926)","Trend Micro Internet Security (20230926)","Windows Defender (20230926)"]}],"additionalFiles":[],"sources":[{"howFound":"Ad blocker program-Updated Version","reference":"change DNS, add cert","landingPage":"https://adlock.com/","directDownloadingLink":"https://adlock.com/exe/","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://adlock.com/exe/","sourceIndex":"1164"}],"sampleFiles":["230412/AdLock-220817/2.1.3.4/Samples/Adlock_Installer.exe"],"imageFiles":["230412/AdLock-220817/2.1.3.4/Images/ACR-043/ACR-043_1.JPG","230412/AdLock-220817/2.1.3.4/Images/ACR-043/ACR-043_2.JPG","230412/AdLock-220817/2.1.3.4/Images/ACR-043/ACR-043_3.JPG","230412/AdLock-220817/2.1.3.4/Images/ACR-042/ACR-042 (1).JPG","230412/AdLock-220817/2.1.3.4/Images/ACR-042/ACR-042 (2).JPG","230412/AdLock-220817/2.1.3.4/Images/ACR-042/ACR-042 (3).JPG","230412/AdLock-220817/2.1.3.4/Images/ACR-007/ACR-007 (1).JPG","230412/AdLock-220817/2.1.3.4/Images/ACR-007/ACR-007 (2).JPG","230412/AdLock-220817/2.1.3.4/Images/ACR-007/ACR-007 (3).JPG","230412/AdLock-220817/2.1.3.4/Images/ACR-084/ACR-084.JPG","230412/AdLock-220817/2.1.3.4/Images/ACR-048/ACR-048.JPG","230412/AdLock-220817/2.1.3.4/Images/ACR-048/ACR-048_1.JPG","230412/AdLock-220817/2.1.3.4/Images/ACR-165/ACR-165.JPG"],"nonDeceptorImageFiles":["230412/AdLock-220817/2.1.3.4/Images/ACR-040/ACR-040.JPG","230412/AdLock-220817/2.1.3.4/Images/ACR-045/ACR-045 (1).JPG","230412/AdLock-220817/2.1.3.4/Images/ACR-045/ACR-045 (2).JPG","230412/AdLock-220817/2.1.3.4/Images/ACR-045/ACR-045 (3).JPG"],"guid":"2ae0496b-35dc-4595-b7cc-f4130894f708_2.1.3.4_1","appID":"AdLock-220817","dateAdded":"230802","deceptorType":"App","name":"AdLock","company":"AdLock","version":"2.1.3.4","lastKnownStatus":"Deceptor:2.1.2.3;2.1.3.4;2.1.4.4","lastKnownDate":"230802","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"paid","lastUpdate":"2023-08-02T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":3,"sortOrder":881},{"violations":{"ACR-042":"The app installs a self signed Trusted Root Certificate without obtaining the consumer's permission through explicit user action.\n","ACR-043":"The app does not provide information regarding a self signed Trusted Root Certificate that is installed.\n","ACR-048":"The app does not provide any control to close the app completely within the app's settings. When the app is minimized or closed it hides itself in the system tray.\n","ACR-007":"App does not obtain user consent to reduce the consumer's security posture caused by installing the self signed trusted root certificate.\n","ACR-084":"On closing the app, the application doesn't exit completely. It runs silently in the background without notification to user that it is active.\n","ACR-118":"When the consumer attempts to completely uninstall the app, the Trusted Root certificate was retained on the device without the consumer's consent or notifying the user.\n"},"nonDeceptorViolations":{"ACR-040":"The app drops certain files in a hidden folder (C:\\ProgramData) without the user's knowledge.\n","ACR-045":"The app does not describe clearly and straightforwardly what effect is caused to the user's system due to the installation of its self signed Trusted Root Certificate.\n","ACR-123":"The app does not remove the Trusted Root certificate and its own startup entry even after uninstall.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files\\AdLock\\Adlock.exe","companyName":"Hankuper s.r.o.","productName":"AdLock UI for Windows","productVersion":"2.1.1.9","fileVersion":"2.1.1.9","hashMD5":"c2fb25d360e4356a856af82395dc7518","hashSHA1":"4b920f3dec9bdb96bfd18f7be430c6bd9a199ab3","hashSHA256":"c02b6df81d64da5bf0a532cc662b7b651ee14ff32f2f9e257570565b56cc6528","digitalCertThumbprint":"31F5D9E8B084FF6C6155D555776F38A73FF54CD8","digitalCertIssuer":"DigiCert Global G3 Code Signing ECC SHA384 2021 CA1","digitalCertIssuedTo":"Hankuper s.r.o.","storeId":"","sourceIndex":"1437","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Program Files\\AdLock\\AdlockService.exe","companyName":"Hankuper s.r.o.","productName":"AdLock Service for Windows","productVersion":"2.1.1.9","fileVersion":"2.1.1.9","hashMD5":"62bd75553de9712974b2e2e8a4eaf3fe","hashSHA1":"b2e16b12b19d8b30b7f56ccc871d2ba48b8393db","hashSHA256":"be954acaf610ea0f9dba8a0cae1b415d44345f0392140ded4a4497b51819b2a7","digitalCertThumbprint":"31F5D9E8B084FF6C6155D555776F38A73FF54CD8","digitalCertIssuer":"DigiCert Global G3 Code Signing ECC SHA384 2021 CA1","digitalCertIssuedTo":"Hankuper s.r.o.","storeId":"","sourceIndex":"1437","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"Adlock_Installer.exe","isInstaller":"True","companyName":"Hankuper s.r.o.                                             ","productName":"AdLock                                                      ","productVersion":"2.1.1.9                                           ","fileVersion":"2.1.1.9             ","hashMD5":"7e5de6e71a2e4e59a72f4058d117a710","hashSHA1":"01b2971aff74fc8d3a805fe032d11ec46f44e534","hashSHA256":"82e5aa11c802ee31323d72d31a545ec9fafd005aca102ed9a8cad6c8a358bd27","digitalCertThumbprint":"31F5D9E8B084FF6C6155D555776F38A73FF54CD8","digitalCertIssuer":"DigiCert Global G3 Code Signing ECC SHA384 2021 CA1","digitalCertIssuedTo":"Hankuper s.r.o.","storeId":"","sourceIndex":"1437","avBlockList":["360 Total Security (20220920)","Avast Premium Security (20220920)","AVG Internet Security (20220920)","Avira Internet Security (20220920)","K7 Total Security (20220920)","McAfee Total Protection (20220920)","Norton Security (20220920)","Panda Dome (20220920)","Quick Heal Internet Security (20220920)","Sophos Home Premium (20220920)","SpyHunter5 (20220920)","Total AV Antivirus Pro (20220920)","VirIT eXplorer PRO (20220920)","Webroot SecureAnywhere (20220920)"],"avAllowList":["Bitdefender Internet Security (20220920)","COMODO Antivirus (20220920)","Dr.Web Security Space (20220920)","ESET Internet Security (20220920)","G DATA INTERNET SECURITY (20220920)","Kaspersky Internet Security (20220920)","Malwarebytes Premium (20220920)","Trend Micro Internet Security (20220920)","VIPRE Advanced Security (20220920)","Windows Defender (20220920)"]},{"isRevoked":"False","fileName":"Adlock_Installer_2123.exe","isInstaller":"True","companyName":"Hankuper s.r.o.                                             ","productName":"AdLock   ","productVersion":"2.1.2.3","fileVersion":"2.1.2.3","hashMD5":"33f3ce45964ba084d3401548d26a79ab","hashSHA1":"6034ebaa8b8f612efb59e31d72539593db85f443","hashSHA256":"3314641d496617ca07736d7ec4746ead65543b4146b0f343e4714336b77c65ad","digitalCertThumbprint":"8256116CB283B4356862EF237162DF8DAB42D5B3","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA256 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Hankuper s.r.o., O=Hankuper s.r.o., L=Bratislava, C=SK, SERIALNUMBER=50451618, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=SK","sourceIndex":"1437","avBlockList":["360 Total Security (20220920)","Avast Premium Security (20220920)","AVG Internet Security (20220920)","Avira Internet Security (20220920)","K7 Total Security (20220920)","McAfee Total Protection (20220920)","Norton Security (20220920)","Panda Dome (20220920)","Quick Heal Internet Security (20220920)","Sophos Home Premium (20220920)","SpyHunter5 (20220920)","Total AV Antivirus Pro (20220920)","VirIT eXplorer PRO (20220920)","Webroot SecureAnywhere (20220920)"],"avAllowList":["Bitdefender Internet Security (20220920)","COMODO Antivirus (20220920)","Dr.Web Security Space (20220920)","ESET Internet Security (20220920)","G DATA INTERNET SECURITY (20220920)","Kaspersky Internet Security (20220920)","Malwarebytes Premium (20220920)","Trend Micro Internet Security (20220920)","VIPRE Advanced Security (20220920)","Windows Defender (20220920)"]},{"isRevoked":"False","fileName":"Adlock_2123.exe","companyName":"Hankuper s.r.o.","productName":"AdLock UI for Windows","productVersion":"2.1.2.3","fileVersion":"2.1.2.3","hashMD5":"73c78413e27895ff95891a53311458c4","hashSHA1":"c1d16753832920968be972e54979cc2145e55877","hashSHA256":"27c1998d8b30a40d750948e9079057221d10efe940b6bfb4d03e0dfd8d892456","digitalCertThumbprint":"8256116CB283B4356862EF237162DF8DAB42D5B3","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA256 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Hankuper s.r.o., O=Hankuper s.r.o., L=Bratislava, C=SK, SERIALNUMBER=50451618, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=SK","sourceIndex":"1437","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"AdlockService_2123.exe","companyName":"Hankuper s.r.o.","productName":"AdLock Service for Windows","productVersion":"2.1.2.3","fileVersion":"2.1.2.3","hashMD5":"30c41a5c3c1bd934698ded102c5fd05c","hashSHA1":"85f5afe5883e985e520b41de163fa979f057f03d","hashSHA256":"d6f2db0ef2bebb55e967254bb0738603d16ed84c86956eac162194a070596295","digitalCertThumbprint":"8256116CB283B4356862EF237162DF8DAB42D5B3","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA256 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Hankuper s.r.o., O=Hankuper s.r.o., L=Bratislava, C=SK, SERIALNUMBER=50451618, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=SK","sourceIndex":"1437","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Ad blocker program","reference":"change DNS, add cert","landingPage":"https://adlock.com/","directDownloadingLink":"https://adlock.com/exe/","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://adlock.com/exe/","sourceIndex":"1437"}],"sampleFiles":["220908/AdLock-220817/2.1.2.3/Samples/Adlock_Installer.exe","220908/AdLock-220817/2.1.2.3/Samples/Adlock_Installer_2123.exe","220908/AdLock-220817/2.1.2.3/Samples/Adlock_2123.exe","220908/AdLock-220817/2.1.2.3/Samples/AdlockService_2123.exe"],"imageFiles":["220908/AdLock-220817/2.1.2.3/Images/ACR-043/ACR-043 (1).JPG","220908/AdLock-220817/2.1.2.3/Images/ACR-043/ACR-043 (2).JPG","220908/AdLock-220817/2.1.2.3/Images/ACR-043/ACR-043 (3).JPG","220908/AdLock-220817/2.1.2.3/Images/ACR-042/ACR-042 (1).JPG","220908/AdLock-220817/2.1.2.3/Images/ACR-042/ACR-042 (2).JPG","220908/AdLock-220817/2.1.2.3/Images/ACR-042/ACR-042 (3).JPG","220908/AdLock-220817/2.1.2.3/Images/ACR-007/ACR-007 (1).JPG","220908/AdLock-220817/2.1.2.3/Images/ACR-007/ACR-007 (2).JPG","220908/AdLock-220817/2.1.2.3/Images/ACR-007/ACR-007 (3).JPG","220908/AdLock-220817/2.1.2.3/Images/ACR-084/ACR-084_1.JPG","220908/AdLock-220817/2.1.2.3/Images/ACR-048/ACR-048_1.JPG","220908/AdLock-220817/2.1.2.3/Images/ACR-048/ACR-048_2.JPG","220908/AdLock-220817/2.1.2.3/Images/ACR-118/ACR-118 (1).JPG","220908/AdLock-220817/2.1.2.3/Images/ACR-118/ACR-118 (2).JPG","220908/AdLock-220817/2.1.2.3/Images/ACR-118/ACR-118 (3).JPG"],"nonDeceptorImageFiles":["220908/AdLock-220817/2.1.2.3/Images/ACR-040/ACR-040.jpg","220908/AdLock-220817/2.1.2.3/Images/ACR-045/ACR-045 (1).JPG","220908/AdLock-220817/2.1.2.3/Images/ACR-045/ACR-045 (2).JPG","220908/AdLock-220817/2.1.2.3/Images/ACR-045/ACR-045 (3).JPG","220908/AdLock-220817/2.1.2.3/Images/ACR-123/ACR-123 (1).JPG","220908/AdLock-220817/2.1.2.3/Images/ACR-123/ACR-123 (2).JPG","220908/AdLock-220817/2.1.2.3/Images/ACR-123/ACR-123 (3).JPG","220908/AdLock-220817/2.1.2.3/Images/ACR-123/ACR-123 (4).JPG"],"guid":"2ae0496b-35dc-4595-b7cc-f4130894f708_2.1.2.3_1","appID":"AdLock-220817","dateAdded":"230802","deceptorType":"App","name":"AdLock","company":"AdLock","version":"2.1.2.3","sigName":"Deceptor:Win32/AdLock!043042007084048118","lastKnownStatus":"Deceptor:2.1.2.3;2.1.3.4;2.1.4.4","lastKnownDate":"230802","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"paid","lastUpdate":"2023-08-02T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":3,"sortOrder":882},{"violations":{"ACR-043":"Third party components get dropped in one click without asking user's permission and disclosing the installation path.\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software.\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software.\n"},"nonDeceptorViolations":{"ACR-044":"Missing clear information about significant functions of Download Manager: it may show offers during installation. \n"},"samples":[{"isRevoked":"False","fileName":"ShindolifeScript - Linkvertise Downloader_7MbX6-1.exe","isInstaller":"True","fileVersion":"4.2","hashMD5":"fc30f38c629fbafcfd1f4a4895814c46","hashSHA1":"e6b298591f7034463f603ede1573c8a198938b7f","hashSHA256":"40e1b53fb04746ac4a0561f5ab781291069b90232215afc36320263308a28ec9","digitalCertThumbprint":"4F9DDD28D8C037868405E41E56E68BD251B36EF9","digitalCertIssuer":"CN=Domain The Net Technologies Ltd CA for Code Signing R2, O=Domain The Net Technologies Ltd, C=IL","digitalCertIssuedTo":"CN=Linkvertise GmbH & Co. KG, O=Linkvertise GmbH & Co. KG, L=Itzehoe, S=Schleswig-Holstein, C=DE","sourceIndex":"992","avBlockList":["360 Total Security (20230921)","Avast Premium Security (20230921)","AVG Internet Security (20230921)","Avira Internet Security (20230921)","COMODO Antivirus (20230921)","Dr.Web Security Space (20230921)","ESET Internet Security (20230921)","G DATA INTERNET SECURITY (20230921)","K7 Total Security (20230921)","Kaspersky Internet Security (20230921)","Malwarebytes Premium (20230921)","McAfee Total Protection (20230921)","Norton Security (20230921)","Panda Dome (20230921)","Quick Heal Internet Security (20230921)","Sophos Home Premium (20230921)","SpyHunter5 (20230921)","Total AV Antivirus Pro (20230921)","VirIT eXplorer PRO (20230921)","Webroot SecureAnywhere (20230921)"],"avAllowList":["Bitdefender Internet Security (20230921)","Trend Micro Internet Security (20230921)","VIPRE Advanced Security (20230921)","Windows Defender (20230921)"]}],"additionalFiles":[],"sources":[{"howFound":"through BIBR","reference":"","landingPage":"https://linkvertise.com/","directDownloadingLink":"https://linkvertise.download/download/458037/shindo-life-script/TYZ4vL4R8E7xQ4ZzBprIN3I6k7BmZE8u","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://linkvertise.download/download/458037/shindo-life-script/TYZ4vL4R8E7xQ4ZzBprIN3I6k7BmZE8u","sourceIndex":"992"},{"howFound":"","reference":"","landingPage":"","directDownloadingLink":"https://linkvertise.download/download/519920/activador-office-y-window/D1buvodLJDysMYNYwjHbH89CjRY1UZFF","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://linkvertise.download/download/519920/activador-office-y-window/D1buvodLJDysMYNYwjHbH89CjRY1UZFF","sourceIndex":"993"},{"howFound":"","reference":"","landingPage":"","directDownloadingLink":"https://linkvertise.download/download/629088/aRf356475521401/UaoSV4uOA1OikMeQ6CKy3TtfYYVcQ9Ws","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://linkvertise.download/download/629088/aRf356475521401/UaoSV4uOA1OikMeQ6CKy3TtfYYVcQ9Ws","sourceIndex":"994"},{"howFound":"","reference":"","landingPage":"","directDownloadingLink":"https://linkvertise.download/download/629283/op-pastebin-2023/0lZIybwQTXra5fUMfUNUFFNhwYAWiWzJ","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://linkvertise.download/download/629283/op-pastebin-2023/0lZIybwQTXra5fUMfUNUFFNhwYAWiWzJ","sourceIndex":"995"},{"howFound":"","reference":"","landingPage":"https://linkvertise.com/410322/script-on-roblox-shindo/1","directDownloadingLink":"https://d2ofeexg01g7uy.cloudfront.net/2---p+/70bB/4e+6---/Script%20On%20Roblox%20shindo%20-%20Linkvertise%20Downloader.zip","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://d2ofeexg01g7uy.cloudfront.net/2---p+/70bB/4e+6---/Script%20On%20Roblox%20shindo%20-%20Linkvertise%20Downloader.zip","sourceIndex":"996"},{"howFound":"DE site","reference":"","landingPage":"","directDownloadingLink":"https://linkvertise.download/download/458037/shindo-life-script/TYZ4vL4R8E7xQ4ZzBprIN3I6k7BmZE8u","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://linkvertise.download/download/458037/shindo-life-script/TYZ4vL4R8E7xQ4ZzBprIN3I6k7BmZE8u","sourceIndex":"997"},{"howFound":"PH site","reference":"","landingPage":"","directDownloadingLink":"https://d1jxz57jyupuat.cloudfront.net/rupax2zko.exe","ipv4":"","ipv6":"","landingPageWildChar":"https://d1jxz57jyupuat.cloudfront.net/*","sourceIndex":"998"}],"sampleFiles":["230712/LinkvertiseDownloadManager-230323/4.2.442.12/Samples/ShindolifeScript - Linkvertise Downloader_7MbX6-1.exe"],"imageFiles":["230712/LinkvertiseDownloadManager-230323/4.2.442.12/Images/ACR-043/Screen Shot 2023-07-12 at 11.16.59 AM.png","230712/LinkvertiseDownloadManager-230323/4.2.442.12/Images/ACR-013/Screen Shot 2023-07-12 at 11.17.39 AM.png","230712/LinkvertiseDownloadManager-230323/4.2.442.12/Images/ACR-060/Screen Shot 2023-07-12 at 11.17.39 AM.png"],"nonDeceptorImageFiles":["230712/LinkvertiseDownloadManager-230323/4.2.442.12/Images/ACR-044/Screen Shot 2023-07-12 at 11.12.36 AM.png"],"guid":"2bb5d43f-ef1a-4f12-9642-26dcd7eb23ba_4.2.442.12_1","appID":"LinkvertiseDownloadManager-230323","dateAdded":"230801","deceptorType":"Bundler","name":"Linkvertise DownloadManager","company":"Linkvertise.com","version":"4.2.442.12","lastKnownStatus":"3.7.3321;4.2.442.12","lastKnownDate":"230801","type":"Windows Executable","category":"Bundlers & Downloaders","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","ageAppropriate":"12+ appropriate","monetization":"sold in bundle","lastUpdate":"2023-08-01T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":884},{"violations":{"ACR-042":"App initiates network communications with 3rd party offer provider before obtaining user consent.\n","ACR-043":"Third party components get dropped in one click without asking user's permission and disclosing the installation path.\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software.\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software.\n","ACR-075":"After carrier app was cancelled during installation, the offer is still installed without any notification for user.\n"},"nonDeceptorViolations":{"ACR-044":"Missing clear information about significant functions of Download Manager: it may show offers during installation. \n"},"samples":[{"isRevoked":"False","fileName":"Shindo Life Script - Linkvertise Downloader_hAC7-g1.exe","isInstaller":"True","fileVersion":"2.0.0.13","hashMD5":"da4b966b79a6504d25545a469905e9b4","hashSHA1":"640d3788d9ee4e2481c480a710df6c4c680d81b7","hashSHA256":"f819a9d5ed55ad5404dc7af43464d39331bfd3ead917e737f2ad115f2b69c30d","digitalCertThumbprint":"4806CE00ECA9F4A9D9D96B1DA2E4BC3DF28CE6EE","digitalCertIssuer":"CN=Domain The Net Technologies Ltd CA for Code Signing R2, O=Domain The Net Technologies Ltd, C=IL","digitalCertIssuedTo":"CN=Linkvertise GmbH & Co. KG, O=Linkvertise GmbH & Co. KG, L=Itzehoe, S=Schleswig-Holstein, C=DE","sourceIndex":"935","avBlockList":["360 Total Security (20230926)","Avast Premium Security (20230926)","AVG Internet Security (20230926)","Avira Internet Security (20230926)","Bitdefender Internet Security (20230926)","COMODO Antivirus (20230926)","Dr.Web Security Space (20230926)","ESET Internet Security (20230926)","G DATA INTERNET SECURITY (20230926)","K7 Total Security (20230926)","Kaspersky Internet Security (20230926)","Malwarebytes Premium (20230926)","McAfee Total Protection (20230926)","Norton Security (20230926)","Panda Dome (20230926)","Quick Heal Internet Security (20230926)","Sophos Home Premium (20230926)","SpyHunter5 (20230926)","Total AV Antivirus Pro (20230926)","Trend Micro Internet Security (20230926)","VIPRE Advanced Security (20230926)","VirIT eXplorer PRO (20230926)","Webroot SecureAnywhere (20230926)"],"avAllowList":["Windows Defender (20230926)"]},{"isRevoked":"False","fileName":"Shindo Life Script - Linkvertise Downloader_DM9X9-1.exe","isInstaller":"True","fileVersion":"2.0.0.13","hashMD5":"231e2ae5252445de209fb8eb25b9564b","hashSHA1":"43b91f2de82b16c6d579062847c590d196bf8e6b","hashSHA256":"2313d3af17c2648d3a1261787c258043b9eef9455b390926c450be4a11aba0c4","digitalCertThumbprint":"4806CE00ECA9F4A9D9D96B1DA2E4BC3DF28CE6EE","digitalCertIssuer":"CN=Domain The Net Technologies Ltd CA for Code Signing R2, O=Domain The Net Technologies Ltd, C=IL","digitalCertIssuedTo":"CN=Linkvertise GmbH & Co. KG, O=Linkvertise GmbH & Co. KG, L=Itzehoe, S=Schleswig-Holstein, C=DE","sourceIndex":"935","avBlockList":["360 Total Security (20230502)","Avast Premium Security (20230502)","AVG Internet Security (20230502)","Avira Internet Security (20230502)","Bitdefender Internet Security (20230502)","COMODO Antivirus (20230502)","Dr.Web Security Space (20230502)","ESET Internet Security (20230502)","G DATA INTERNET SECURITY (20230502)","K7 Total Security (20230502)","Kaspersky Internet Security (20230502)","Malwarebytes Premium (20230502)","McAfee Total Protection (20230502)","Norton Security (20230502)","Panda Dome (20230502)","Quick Heal Internet Security (20230502)","Sophos Home Premium (20230502)","SpyHunter5 (20230502)","Total AV Antivirus Pro (20230502)","VIPRE Advanced Security (20230502)","VirIT eXplorer PRO (20230502)","Webroot SecureAnywhere (20230502)"],"avAllowList":["Trend Micro Internet Security (20230502)","Windows Defender (20230502)"]},{"isRevoked":"False","fileName":"ACTIVADOR OFFICE Y WINDOW - Linkvertise Downloader_2T-LDO1.exe","isInstaller":"True","fileVersion":"2.0.0.13","hashMD5":"7851628cc12531884467a004c285e7d9","hashSHA1":"6cab005b51df16cdefe64432f7d4cef3398610dc","hashSHA256":"35dfe400287c3c716ad407ab4dce367e80c218cf56d9eb9bfc6e4d669baf7314","digitalCertThumbprint":"4806CE00ECA9F4A9D9D96B1DA2E4BC3DF28CE6EE","digitalCertIssuer":"CN=Domain The Net Technologies Ltd CA for Code Signing R2, O=Domain The Net Technologies Ltd, C=IL","digitalCertIssuedTo":"CN=Linkvertise GmbH & Co. KG, O=Linkvertise GmbH & Co. KG, L=Itzehoe, S=Schleswig-Holstein, C=DE","sourceIndex":"935","avBlockList":["360 Total Security (20230502)","Avast Premium Security (20230502)","AVG Internet Security (20230502)","Avira Internet Security (20230502)","Bitdefender Internet Security (20230502)","COMODO Antivirus (20230502)","Dr.Web Security Space (20230502)","ESET Internet Security (20230502)","G DATA INTERNET SECURITY (20230502)","K7 Total Security (20230502)","Kaspersky Internet Security (20230502)","Malwarebytes Premium (20230502)","McAfee Total Protection (20230502)","Norton Security (20230502)","Panda Dome (20230502)","Quick Heal Internet Security (20230502)","Sophos Home Premium (20230502)","SpyHunter5 (20230502)","Total AV Antivirus Pro (20230502)","VIPRE Advanced Security (20230502)","VirIT eXplorer PRO (20230502)","Webroot SecureAnywhere (20230502)"],"avAllowList":["Trend Micro Internet Security (20230502)","Windows Defender (20230502)"]},{"isRevoked":"False","fileName":"Op pastebin 2023 - Linkvertise Downloader_r-2wD31.exe","isInstaller":"True","fileVersion":"3.7.332.1","hashMD5":"9ef88d8681a8606d5572078acfef47d5","hashSHA1":"7d78745444359b634c1fd8f0c4f5bcc11a601daf","hashSHA256":"7d0f7d4dd28130bf130a16fc125a37e7fa4f56900fad7f02fadcf609788d1948","digitalCertThumbprint":"0D192D5D08F96BDF929936AE6065695F6A5B994D","digitalCertIssuer":"CN=Domain The Net Technologies Ltd CA for Code Signing R2, O=Domain The Net Technologies Ltd, C=IL","digitalCertIssuedTo":"CN=Linkvertise GmbH & Co. KG, O=Linkvertise GmbH & Co. KG, L=Itzehoe, S=Schleswig-Holstein, C=DE","sourceIndex":"935","avBlockList":["360 Total Security (20230502)","Avira Internet Security (20230502)","Bitdefender Internet Security (20230502)","COMODO Antivirus (20230502)","Dr.Web Security Space (20230502)","ESET Internet Security (20230502)","G DATA INTERNET SECURITY (20230502)","K7 Total Security (20230502)","Kaspersky Internet Security (20230502)","Malwarebytes Premium (20230502)","McAfee Total Protection (20230502)","Norton Security (20230502)","Panda Dome (20230502)","Quick Heal Internet Security (20230502)","Sophos Home Premium (20230502)","SpyHunter5 (20230502)","Total AV Antivirus Pro (20230502)","Trend Micro Internet Security (20230502)","VIPRE Advanced Security (20230502)","VirIT eXplorer PRO (20230502)","Webroot SecureAnywhere (20230502)"],"avAllowList":["Avast Premium Security (20230502)","AVG Internet Security (20230502)","Windows Defender (20230502)"]},{"isRevoked":"False","fileName":"Script On Roblox shindo - Linkvertise Downloader_QjCZ5-1.exe","isInstaller":"True","fileVersion":"2.0","hashMD5":"68a218fdb10a6a1cc0d6019d0076e122","hashSHA1":"1aefe7eb6d99dc69937b014ba4158da5706d007b","hashSHA256":"c6296b833353b0a24fbe41b288d33b738ff47aefead5c80cc9bde4ec7fa563a0","digitalCertThumbprint":"4806CE00ECA9F4A9D9D96B1DA2E4BC3DF28CE6EE","digitalCertIssuer":"CN=Domain The Net Technologies Ltd CA for Code Signing R2, O=Domain The Net Technologies Ltd, C=IL","digitalCertIssuedTo":"CN=Linkvertise GmbH & Co. KG, O=Linkvertise GmbH & Co. KG, L=Itzehoe, S=Schleswig-Holstein, C=DE","sourceIndex":"935","avBlockList":["360 Total Security (20230518)","Avast Premium Security (20230518)","AVG Internet Security (20230518)","Avira Internet Security (20230518)","Bitdefender Internet Security (20230518)","COMODO Antivirus (20230518)","Dr.Web Security Space (20230518)","ESET Internet Security (20230518)","G DATA INTERNET SECURITY (20230518)","K7 Total Security (20230518)","Kaspersky Internet Security (20230518)","Malwarebytes Premium (20230518)","McAfee Total Protection (20230518)","Norton Security (20230518)","Panda Dome (20230518)","Quick Heal Internet Security (20230518)","Sophos Home Premium (20230518)","SpyHunter5 (20230518)","Total AV Antivirus Pro (20230518)","VIPRE Advanced Security (20230518)","VirIT eXplorer PRO (20230518)","Webroot SecureAnywhere (20230518)"],"avAllowList":["Trend Micro Internet Security (20230518)","Windows Defender (20230518)"]},{"isRevoked":"False","fileName":"Shindo Life Script - Linkvertise Downloader_cfOs-81.exe","isInstaller":"True","fileVersion":"2.0.0.13","hashMD5":"4fae4bffe8215a7d95cc015e4ac48e26","hashSHA1":"b47518679314b2905079d42677146bc21ae37489","hashSHA256":"1cac35dc0f986a7386367786c49bdcf98ca03099e2a352f063b32b9f42c50ee6","digitalCertThumbprint":"4806CE00ECA9F4A9D9D96B1DA2E4BC3DF28CE6EE","digitalCertIssuer":"CN=Domain The Net Technologies Ltd CA for Code Signing R2, O=Domain The Net Technologies Ltd, C=IL","digitalCertIssuedTo":"CN=Linkvertise GmbH & Co. KG, O=Linkvertise GmbH & Co. KG, L=Itzehoe, S=Schleswig-Holstein, C=DE","sourceIndex":"935","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"Shindo Life Script - Linkvertise Downloader_r2i-DI1.exe","isInstaller":"True","fileVersion":"2.0.0.13","hashMD5":"0c9aa1c8b90eb10046cab978796146bd","hashSHA1":"55a379e22c80c0082883c080647e04a23c7f1a66","hashSHA256":"683d26c6769ba84ae943e41777baabf4175d0eea3b52ce9110f242171d31bf9c","digitalCertThumbprint":"4806CE00ECA9F4A9D9D96B1DA2E4BC3DF28CE6EE","digitalCertIssuer":"CN=Domain The Net Technologies Ltd CA for Code Signing R2, O=Domain The Net Technologies Ltd, C=IL","digitalCertIssuedTo":"CN=Linkvertise GmbH & Co. KG, O=Linkvertise GmbH & Co. KG, L=Itzehoe, S=Schleswig-Holstein, C=DE","sourceIndex":"935","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"Shindo Life Script - Linkvertise Downloader_vSNDU-1.exe","isInstaller":"True","fileVersion":"4.2","hashMD5":"fc30f38c629fbafcfd1f4a4895814c46","hashSHA1":"e6b298591f7034463f603ede1573c8a198938b7f","hashSHA256":"40e1b53fb04746ac4a0561f5ab781291069b90232215afc36320263308a28ec9","digitalCertThumbprint":"4F9DDD28D8C037868405E41E56E68BD251B36EF9","digitalCertIssuer":"CN=Domain The Net Technologies Ltd CA for Code Signing R2, O=Domain The Net Technologies Ltd, C=IL","digitalCertIssuedTo":"CN=Linkvertise GmbH & Co. KG, O=Linkvertise GmbH & Co. KG, L=Itzehoe, S=Schleswig-Holstein, C=DE","sourceIndex":"935","avBlockList":["360 Total Security (20230921)","Avast Premium Security (20230921)","AVG Internet Security (20230921)","Avira Internet Security (20230921)","COMODO Antivirus (20230921)","Dr.Web Security Space (20230921)","ESET Internet Security (20230921)","G DATA INTERNET SECURITY (20230921)","K7 Total Security (20230921)","Kaspersky Internet Security (20230921)","Malwarebytes Premium (20230921)","McAfee Total Protection (20230921)","Norton Security (20230921)","Panda Dome (20230921)","Quick Heal Internet Security (20230921)","Sophos Home Premium (20230921)","SpyHunter5 (20230921)","Total AV Antivirus Pro (20230921)","VirIT eXplorer PRO (20230921)","Webroot SecureAnywhere (20230921)"],"avAllowList":["Bitdefender Internet Security (20230921)","Trend Micro Internet Security (20230921)","VIPRE Advanced Security (20230921)","Windows Defender (20230921)"]},{"isRevoked":"False","fileName":"Script On Roblox shindo - Linkvertise Downloader_vUkMS-1.exe","isInstaller":"True","fileVersion":"3.7","hashMD5":"00a608d8bc12329921bb69d8876b177f","hashSHA1":"ed4dc23e55e01324680d36b86f2c3321b6c4a383","hashSHA256":"155a99baf6b021da125dbbe4a3380e151cdb3053072abe2e9d926aa430880881","digitalCertThumbprint":"4F9DDD28D8C037868405E41E56E68BD251B36EF9","digitalCertIssuer":"CN=Domain The Net Technologies Ltd CA for Code Signing R2, O=Domain The Net Technologies Ltd, C=IL","digitalCertIssuedTo":"CN=Linkvertise GmbH & Co. KG, O=Linkvertise GmbH & Co. KG, L=Itzehoe, S=Schleswig-Holstein, C=DE","sourceIndex":"935","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"through BIBR","reference":"","landingPage":"https://linkvertise.com/","directDownloadingLink":"https://linkvertise.download/download/458037/shindo-life-script/TYZ4vL4R8E7xQ4ZzBprIN3I6k7BmZE8u","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://linkvertise.download/download/458037/shindo-life-script/TYZ4vL4R8E7xQ4ZzBprIN3I6k7BmZE8u","sourceIndex":"935"},{"howFound":"","reference":"","landingPage":"","directDownloadingLink":"https://linkvertise.download/download/519920/activador-office-y-window/D1buvodLJDysMYNYwjHbH89CjRY1UZFF","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://linkvertise.download/download/519920/activador-office-y-window/D1buvodLJDysMYNYwjHbH89CjRY1UZFF","sourceIndex":"936"},{"howFound":"","reference":"","landingPage":"","directDownloadingLink":"https://linkvertise.download/download/629088/aRf356475521401/UaoSV4uOA1OikMeQ6CKy3TtfYYVcQ9Ws","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://linkvertise.download/download/629088/aRf356475521401/UaoSV4uOA1OikMeQ6CKy3TtfYYVcQ9Ws","sourceIndex":"937"},{"howFound":"","reference":"","landingPage":"","directDownloadingLink":"https://linkvertise.download/download/629283/op-pastebin-2023/0lZIybwQTXra5fUMfUNUFFNhwYAWiWzJ","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://linkvertise.download/download/629283/op-pastebin-2023/0lZIybwQTXra5fUMfUNUFFNhwYAWiWzJ","sourceIndex":"938"},{"howFound":"","reference":"","landingPage":"https://linkvertise.com/410322/script-on-roblox-shindo/1","directDownloadingLink":"https://d2ofeexg01g7uy.cloudfront.net/2---p+/70bB/4e+6---/Script%20On%20Roblox%20shindo%20-%20Linkvertise%20Downloader.zip","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://d2ofeexg01g7uy.cloudfront.net/2---p+/70bB/4e+6---/Script%20On%20Roblox%20shindo%20-%20Linkvertise%20Downloader.zip","sourceIndex":"939"},{"howFound":"DE site","reference":"","landingPage":"","directDownloadingLink":"https://linkvertise.download/download/458037/shindo-life-script/TYZ4vL4R8E7xQ4ZzBprIN3I6k7BmZE8u","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://linkvertise.download/download/458037/shindo-life-script/TYZ4vL4R8E7xQ4ZzBprIN3I6k7BmZE8u","sourceIndex":"940"},{"howFound":"PH site","reference":"","landingPage":"","directDownloadingLink":"https://d2opycs3rbbqkr.cloudfront.net/lg01pr8EK.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://d2opycs3rbbqkr.cloudfront.net/*","sourceIndex":"941"},{"howFound":"PH site","reference":"","landingPage":"","directDownloadingLink":"https://d2opycs3rbbqkr.cloudfront.net/wd3Yz9GRy.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://d2opycs3rbbqkr.cloudfront.net/*","sourceIndex":"942"}],"sampleFiles":["230801/LinkvertiseDownloadManager-230323/3.7.3321/Samples/Shindo Life Script - Linkvertise Downloader_hAC7-g1.exe","230801/LinkvertiseDownloadManager-230323/3.7.3321/Samples/Shindo Life Script - Linkvertise Downloader_DM9X9-1.exe","230801/LinkvertiseDownloadManager-230323/3.7.3321/Samples/ACTIVADOR OFFICE Y WINDOW - Linkvertise Downloader_2T-LDO1.exe","230801/LinkvertiseDownloadManager-230323/3.7.3321/Samples/Op pastebin 2023 - Linkvertise Downloader_r-2wD31.exe","230801/LinkvertiseDownloadManager-230323/3.7.3321/Samples/Script On Roblox shindo - Linkvertise Downloader_QjCZ5-1.exe","230801/LinkvertiseDownloadManager-230323/3.7.3321/Samples/Shindo Life Script - Linkvertise Downloader_cfOs-81.exe","230801/LinkvertiseDownloadManager-230323/3.7.3321/Samples/Shindo Life Script - Linkvertise Downloader_r2i-DI1.exe","230801/LinkvertiseDownloadManager-230323/3.7.3321/Samples/Shindo Life Script - Linkvertise Downloader_vSNDU-1.exe","230801/LinkvertiseDownloadManager-230323/3.7.3321/Samples/Script On Roblox shindo - Linkvertise Downloader_vUkMS-1.exe"],"imageFiles":["230801/LinkvertiseDownloadManager-230323/3.7.3321/Images/ACR-043/ACR-043.jpg","230801/LinkvertiseDownloadManager-230323/3.7.3321/Images/ACR-042/ACR-042.jpg","230801/LinkvertiseDownloadManager-230323/3.7.3321/Images/ACR-013/OptionalOffer_1.jpg","230801/LinkvertiseDownloadManager-230323/3.7.3321/Images/ACR-013/OptionalOffer_2.jpg","230801/LinkvertiseDownloadManager-230323/3.7.3321/Images/ACR-060/OptionalOffer_1.jpg","230801/LinkvertiseDownloadManager-230323/3.7.3321/Images/ACR-060/OptionalOffer_2.jpg","230801/LinkvertiseDownloadManager-230323/3.7.3321/Images/ACR-075/ACR-075.jpg"],"nonDeceptorImageFiles":["230801/LinkvertiseDownloadManager-230323/3.7.3321/Images/ACR-044/Linkvertise_Main_1.jpg"],"guid":"2bb5d43f-ef1a-4f12-9642-26dcd7eb23ba_3.7.3321_1","appID":"LinkvertiseDownloadManager-230323","dateAdded":"230801","deceptorType":"Bundler","name":"Linkvertise DownloadManager","company":"Linkvertise.com","version":"3.7.3321","lastKnownStatus":"3.7.3321;4.2.442.12","lastKnownDate":"230801","type":"Windows Executable","category":"Bundlers & Downloaders","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","ageAppropriate":"12+ appropriate","monetization":"sold in bundle","lastUpdate":"2023-08-02T05:19:43.2432086+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":883},{"violations":{"ACR-046":"Disclosures for the optional offers are not visible. The Opera Browser Offer, Nox app player and PlayGames.pro are preselected in the installation and requires the user to uncheck a checkbox in order to decline the offer.\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software.\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software\n","ACR-059":"The Offer is not clearly marked as an optional offer.\n","ACR-155":"Offers are designed to look like part of the install workflow\n"},"nonDeceptorViolations":{},"samples":[],"additionalFiles":[],"sources":[{"howFound":"","reference":"","landingPage":"https://multisetup.ru/","directDownloadingLink":"https://download-msetup.net/nanosetup/multi_setup_3_8_20_cAV6m.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://download-msetup.net/nanosetup/multi_setup_3_8_20_cAV6m.exe","sourceIndex":"345"},{"howFound":"","reference":"","landingPage":"https://download-windows.org/","directDownloadingLink":"https://download-msetup.org/api/getbundle/?partner_apikey=f477c6ac2b35f5a21d0f43e25aed36b1&r=111fc9c288f215905c2a7ae94f3c389f&bl=0&b=1&program_slug=dwo&utm_term=dwo&utm_campaign=&utm_source=&utm_medium=&utm_content=&utm_clickid=&sourceURL=https%3A%2F%2Fdw-files-63.top%2Fload%2FTe48ybglK%2Fnox_setup_v6.0.1.0_full_intl.exe&sourceName=Nox%20App%20Player&sourceIntro=&sourceNote=&rfr=https%3A%2F%2Fnox-app-player.download-windows.org%2F","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://download-msetup.org/api/getbundle/?partner_apikey=f477c6ac2b35f5a21d0f43e25aed36b1&r=111fc9c288f215905c2a7ae94f3c389f&bl=0&b=1&program_slug=dwo&utm_term=dwo&utm_campaign=&utm_source=&utm_medium=&utm_content=&utm_clickid=&sourceURL=https%3A%2F%2Fdw-files-63.top%2Fload%2FTe48ybglK%2Fnox_setup_v6.0.1.0_full_intl.exe&sourceName=Nox%20App%20Player&sourceIntro=&sourceNote=&rfr=https%3A%2F%2Fnox-app-player.download-windows.org%2F","sourceIndex":"346"}],"sampleFiles":[],"imageFiles":["230731/MultiSetup-230731/3.8.52/Images/ACR-046/ACR-046_Install_1.png","230731/MultiSetup-230731/3.8.52/Images/ACR-046/ACR-046_Install_2.png","230731/MultiSetup-230731/3.8.52/Images/ACR-046/ACR-046_Install_3.png","230731/MultiSetup-230731/3.8.52/Images/ACR-046/ACR-046_Install_1.jpeg","230731/MultiSetup-230731/3.8.52/Images/ACR-013/ACR-013_Install_1.png","230731/MultiSetup-230731/3.8.52/Images/ACR-013/ACR-013_Install_1.jpeg","230731/MultiSetup-230731/3.8.52/Images/ACR-013/ACR-013_Install_2.jpeg","230731/MultiSetup-230731/3.8.52/Images/ACR-059/ACR-059_Bundler-made offers_1.png","230731/MultiSetup-230731/3.8.52/Images/ACR-059/ACR-059_Bundler-made offers_2.png","230731/MultiSetup-230731/3.8.52/Images/ACR-059/ACR-059_Bundler-made offers_3.png","230731/MultiSetup-230731/3.8.52/Images/ACR-059/ACR-059_Bundler-made offers_4.png","230731/MultiSetup-230731/3.8.52/Images/ACR-059/ACR-059_Bundler-made offers_1.jpeg","230731/MultiSetup-230731/3.8.52/Images/ACR-060/ACR-060_Bundler-made offers_1.png","230731/MultiSetup-230731/3.8.52/Images/ACR-060/ACR-060_Bundler-made offers_1.jpeg","230731/MultiSetup-230731/3.8.52/Images/ACR-155/ACR-155_Bundler-made offers_1.png","230731/MultiSetup-230731/3.8.52/Images/ACR-155/ACR-155_Bundler-made offers_2.png","230731/MultiSetup-230731/3.8.52/Images/ACR-155/ACR-155_Bundler-made offers_3.png","230731/MultiSetup-230731/3.8.52/Images/ACR-155/ACR-155_Bundler-made offers_4.png","230731/MultiSetup-230731/3.8.52/Images/ACR-155/ACR-155_Bundler-made offers_1.jpeg"],"nonDeceptorImageFiles":[],"guid":"8c09f25b-bb18-436c-9d41-3ee6b568dc77_3.8.52_1","appID":"MultiSetup-230731","dateAdded":"230731","deceptorType":"App","name":"MultiSetup","company":"NBZ, OOO","version":"3.8.52","firstVendorContactDate":"241121","firstAppEsteemReplyDate":"241121","firstResolvedDate":"241122","firstResolvedVersion":"4.0.0","resolved":"TRUE","lastKnownStatus":"3.8.21","lastKnownDate":"230731","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"sold in bundle","lastUpdate":"2024-11-23T01:04:14.7649509+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":885},{"violations":{"ACR-046":"Disclosures for the optional offer are not visible. The Opera Browser Offer and PlayGames.pro is preselected in the installation and requires the user to uncheck a checkbox in order to decline the offer.\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software.\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software\n","ACR-059":"The Offer is not clearly marked as an optional offer.\n","ACR-155":"Offers are designed to look like part of the install workflow\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"multi_setup_3_8_20_cAV6m.exe","isInstaller":"True","companyName":"NBZ, OOO","fileVersion":"3.8","hashMD5":"500e970ece28c2392d3e59c69a8080b8","hashSHA1":"445cb08822781af7f0092daebf7861823ef6429c","hashSHA256":"d3fe70d9512009c7a9de90cecb9b9e7f5f64c86d90d4a59cf2b41f92d89508b2","digitalCertThumbprint":"75669216ABB0AB45CAEC1736B22B65FB20C4EC63","digitalCertIssuer":"CN=GlobalSign GCC R45 CodeSigning CA 2020, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"CN=NBZ OOO, O=NBZ OOO, L=Saint Petersburg, S=Saint Petersburg, C=RU","sourceIndex":"949","avBlockList":["Avira Internet Security (20230921)","Bitdefender Internet Security (20230921)","Dr.Web Security Space (20230921)","ESET Internet Security (20230921)","G DATA INTERNET SECURITY (20230921)","K7 Total Security (20230921)","Kaspersky Internet Security (20230921)","Malwarebytes Premium (20230921)","McAfee Total Protection (20230921)","Norton Security (20230921)","Panda Dome (20230921)","Quick Heal Internet Security (20230921)","Sophos Home Premium (20230921)","SpyHunter5 (20230921)","Total AV Antivirus Pro (20230921)","Trend Micro Internet Security (20230921)","VIPRE Advanced Security (20230921)","VirIT eXplorer PRO (20230921)","Webroot SecureAnywhere (20230921)","Windows Defender (20230921)"],"avAllowList":["360 Total Security (20230921)","Avast Premium Security (20230921)","AVG Internet Security (20230921)","COMODO Antivirus (20230921)"]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"","landingPage":"https://multisetup.ru/","directDownloadingLink":"https://download-msetup.net/nanosetup/multi_setup_3_8_20_cAV6m.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://download-msetup.net/nanosetup/multi_setup_3_8_20_cAV6m.exe","sourceIndex":"949"}],"sampleFiles":["230731/MultiSetup-230731/3.8.21/Samples/multi_setup_3_8_20_cAV6m.exe"],"imageFiles":["230731/MultiSetup-230731/3.8.21/Images/ACR-046/Multisetup_Offer.jpg","230731/MultiSetup-230731/3.8.21/Images/ACR-046/OperaBrowser.jpg","230731/MultiSetup-230731/3.8.21/Images/ACR-046/Multisetup_optionaloffers.jpg","230731/MultiSetup-230731/3.8.21/Images/ACR-013/OptionalOffer1.jpg","230731/MultiSetup-230731/3.8.21/Images/ACR-059/Multisetup_Offer.jpg","230731/MultiSetup-230731/3.8.21/Images/ACR-059/Multisetup_optionaloffers.jpg","230731/MultiSetup-230731/3.8.21/Images/ACR-059/OperaBrowser.jpg","230731/MultiSetup-230731/3.8.21/Images/ACR-060/OptionalOffer1.jpg","230731/MultiSetup-230731/3.8.21/Images/ACR-155/Multisetup_Offer.jpg","230731/MultiSetup-230731/3.8.21/Images/ACR-155/Multisetup_optionaloffers.jpg","230731/MultiSetup-230731/3.8.21/Images/ACR-155/OperaBrowser.jpg","230731/MultiSetup-230731/3.8.21/Images/ACR-155/OptionalOffer1.jpg"],"nonDeceptorImageFiles":[],"guid":"8c09f25b-bb18-436c-9d41-3ee6b568dc77_3.8.21_1","appID":"MultiSetup-230731","dateAdded":"230731","deceptorType":"App","name":"MultiSetup","company":"NBZ, OOO","version":"3.8.21","firstVendorContactDate":"241121","firstAppEsteemReplyDate":"241121","firstResolvedDate":"241122","firstResolvedVersion":"4.0.0","resolved":"TRUE","lastKnownStatus":"3.8.21","lastKnownDate":"230731","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"sold in bundle","lastUpdate":"2024-11-22T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":886},{"violations":{"ACR-010":"The button \"Enable Now\" leads to a rogue website which when clicked sends the user unwanted ads/pop-ups directly to the system.\n","ACR-014":"The button \"Enable Now\" redirects to a rogue website which when clicked sends the user unwanted ads/pop-ups directly to the system.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"dnmultiplayer.exe","fileVersion":"9.0","hashMD5":"e55d601bbdb90b93f9409b6e2c610679","hashSHA1":"63eb7f3c8adc2d553a70ac9aa4f71f6dd63fd29b","hashSHA256":"76cdeb178662e11be7b559986408635ae69ca3b4327de2c2b17005a0902340a4","digitalCertThumbprint":"C9CF5A70494E07F75A894435C96CB25F0A1E0C7B","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=\"Shanghai Chang Zhi Network Technology Co,. Ltd.\", O=\"Shanghai Chang Zhi Network Technology Co,. Ltd.\", S=上海市, C=CN, SERIALNUMBER=91310114MA1GT9FP6N, OID.1.3.6.1.4.1.311.60.2.1.1=嘉定区, OID.1.3.6.1.4.1.311.60.2.1.2=上海市, OID.1.3.6.1.4.1.311.60.2.1.3=CN, OID.2.5.4.15=Private Organization","sourceIndex":"918","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"dnplayer.exe","fileVersion":"9.0","hashMD5":"40540f82e02ca3de5e5e86423f4a987f","hashSHA1":"f44edc1f5096ff521e6f17558f79344afb05334e","hashSHA256":"43d2f584c648481aa0babdd3066a30465f9d701093f6df794b3fde9ead809707","digitalCertThumbprint":"C9CF5A70494E07F75A894435C96CB25F0A1E0C7B","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=\"Shanghai Chang Zhi Network Technology Co,. Ltd.\", O=\"Shanghai Chang Zhi Network Technology Co,. Ltd.\", S=上海市, C=CN, SERIALNUMBER=91310114MA1GT9FP6N, OID.1.3.6.1.4.1.311.60.2.1.1=嘉定区, OID.1.3.6.1.4.1.311.60.2.1.2=上海市, OID.1.3.6.1.4.1.311.60.2.1.3=CN, OID.2.5.4.15=Private Organization","sourceIndex":"918","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"LDPlayer9_de_1103_ld.exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"83c2a7913043419ef1e31973e69d00d1","hashSHA1":"55c1d6abbe4c7e2b5921a9d4ab82d3b7a4ee23e3","hashSHA256":"a2d0d1739b392a98fc66ad4fa82ab3102ddf117bf0b5771ca3a5f8d3295e2184","digitalCertThumbprint":"C9CF5A70494E07F75A894435C96CB25F0A1E0C7B","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=\"Shanghai Chang Zhi Network Technology Co,. Ltd.\", O=\"Shanghai Chang Zhi Network Technology Co,. Ltd.\", S=上海市, C=CN, SERIALNUMBER=91310114MA1GT9FP6N, OID.1.3.6.1.4.1.311.60.2.1.1=嘉定区, OID.1.3.6.1.4.1.311.60.2.1.2=上海市, OID.1.3.6.1.4.1.311.60.2.1.3=CN, OID.2.5.4.15=Private Organization","sourceIndex":"918","avBlockList":["360 Total Security (20230815)","Avira Internet Security (20230815)","ESET Internet Security (20230815)","G DATA INTERNET SECURITY (20230815)","Malwarebytes Premium (20230815)","Norton Security (20230815)","Panda Dome (20230815)","Sophos Home Premium (20230815)","SpyHunter5 (20230815)","Total AV Antivirus Pro (20230815)","VirIT eXplorer PRO (20230815)","Webroot SecureAnywhere (20230815)","Windows Defender (20230815)"],"avAllowList":["Avast Premium Security (20230815)","AVG Internet Security (20230815)","Bitdefender Internet Security (20230815)","COMODO Antivirus (20230815)","Dr.Web Security Space (20230815)","K7 Total Security (20230815)","Kaspersky Internet Security (20230815)","McAfee Total Protection (20230815)","Quick Heal Internet Security (20230815)","Trend Micro Internet Security (20230815)","VIPRE Advanced Security (20230815)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.search: Top Android Emulator for Windows PC","reference":"MEmu Play through BIBR","landingPage":"https://de.ldplayer.net/ldy/de2231_9.0.html?gclid=EAIaIQobChMI9PeS9L7v_QIVAuHmCh1zsgo5EAAYASAAEgJCvfD_BwE","directDownloadingLink":"https://ldcdn.ldmnq.com/download/ldad/LDPlayer9.exe?n=LDPlayer9_de_2231_EAIaIQobChMIsvvg9b7v_QIVVOdRCh3slQA_EAAYASAAEgIhA_D_BwE_ld.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://ldcdn.ldmnq.com/download/ldad/LDPlayer9.exe?n=LDPlayer9_de_2231_EAIaIQobChMIsvvg9b7v_QIVVOdRCh3slQA_EAAYASAAEgIhA_D_BwE_ld.exe","sourceIndex":"918"}],"sampleFiles":["230724/LDPlayer-230322/9.0.53/Samples/dnmultiplayer.exe","230724/LDPlayer-230322/9.0.53/Samples/dnplayer.exe","230724/LDPlayer-230322/9.0.53/Samples/LDPlayer9_de_1103_ld.exe"],"imageFiles":["230724/LDPlayer-230322/9.0.53/Images/ACR-010/Clickbait_SpamNotif.jpg","230724/LDPlayer-230322/9.0.53/Images/ACR-014/Clickbait_SpamNotif.jpg"],"nonDeceptorImageFiles":[],"guid":"793930cc-b67a-41f0-982e-0d0b420fd572_9.0.53_1","appID":"LDPlayer-230322","dateAdded":"230724","deceptorType":"App","name":"LDPlayer","company":"XUANZHI INTERNATIONAL CO., LIMITED","version":"9.0.53","firstResolvedVersion":"9.0.57","resolved":"TRUE","lastKnownStatus":"9.0.40;9.0.45;9.0.46;9.0.47;9.0.48;9.0.51;9.0.53","lastKnownDate":"230724","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Adults only","monetization":"none","lastUpdate":"2023-08-24T21:20:57.2374093+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":7,"sortOrder":887},{"violations":{"ACR-010":"The button \"Enable Now\" leads to a rogue website which when clicked sends the user unwanted ads/pop-ups directly to the system.\n","ACR-014":"The button \"Enable Now\" redirects to a rogue website which when clicked sends the user unwanted ads/pop-ups directly to the system.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"dnmultiplayerex.exe","fileVersion":"0.0","hashMD5":"d54bb1d20126dee837c01fc14e3b0b58","hashSHA1":"fac912c005e6676c380d119a96dd4762213fd80e","hashSHA256":"1d605d5deb86ad92fd562c45dced4f3bcb83b960ebf148559e6c176b8b056e33","digitalCertThumbprint":"C9CF5A70494E07F75A894435C96CB25F0A1E0C7B","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=\"Shanghai Chang Zhi Network Technology Co,. Ltd.\", O=\"Shanghai Chang Zhi Network Technology Co,. Ltd.\", S=上海市, C=CN, SERIALNUMBER=91310114MA1GT9FP6N, OID.1.3.6.1.4.1.311.60.2.1.1=嘉定区, OID.1.3.6.1.4.1.311.60.2.1.2=上海市, OID.1.3.6.1.4.1.311.60.2.1.3=CN, OID.2.5.4.15=Private Organization","sourceIndex":"999","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"dnplayer.exe","fileVersion":"9.0","hashMD5":"f2a8fc93dc0b38164bd0250bc1b80f42","hashSHA1":"bdb8e78db1935897ae0a84724a1fdb1babfe0bdf","hashSHA256":"4b4b610297038ac579214f1b199dc2b4b8e6855259d0d9c129272c3086b04af5","digitalCertThumbprint":"C9CF5A70494E07F75A894435C96CB25F0A1E0C7B","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=\"Shanghai Chang Zhi Network Technology Co,. Ltd.\", O=\"Shanghai Chang Zhi Network Technology Co,. Ltd.\", S=上海市, C=CN, SERIALNUMBER=91310114MA1GT9FP6N, OID.1.3.6.1.4.1.311.60.2.1.1=嘉定区, OID.1.3.6.1.4.1.311.60.2.1.2=上海市, OID.1.3.6.1.4.1.311.60.2.1.3=CN, OID.2.5.4.15=Private Organization","sourceIndex":"999","avBlockList":["Avira Internet Security (20230810)","ESET Internet Security (20230810)","G DATA INTERNET SECURITY (20230810)","K7 Total Security (20230810)","Malwarebytes Premium (20230810)","Norton Security (20230810)","Panda Dome (20230810)","Quick Heal Internet Security (20230810)","Sophos Home Premium (20230810)","SpyHunter5 (20230810)","Total AV Antivirus Pro (20230810)","VirIT eXplorer PRO (20230810)","Webroot SecureAnywhere (20230810)"],"avAllowList":["360 Total Security (20230810)","Avast Premium Security (20230810)","AVG Internet Security (20230810)","Bitdefender Internet Security (20230810)","COMODO Antivirus (20230810)","Dr.Web Security Space (20230810)","Kaspersky Internet Security (20230810)","McAfee Total Protection (20230810)","Trend Micro Internet Security (20230810)","VIPRE Advanced Security (20230810)","Windows Defender (20230810)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.search: Top Android Emulator for Windows PC","reference":"MEmu Play through BIBR","landingPage":"https://de.ldplayer.net/ldy/de2231_9.0.html?gclid=EAIaIQobChMI9PeS9L7v_QIVAuHmCh1zsgo5EAAYASAAEgJCvfD_BwE","directDownloadingLink":"https://ldcdn.ldmnq.com/download/ldad/LDPlayer9.exe?n=LDPlayer9_de_2231_EAIaIQobChMIsvvg9b7v_QIVVOdRCh3slQA_EAAYASAAEgIhA_D_BwE_ld.exe","ipv4":"","ipv6":"","landingPageWildChar":"","directDownloadingLinkWildChar":"https://ldcdn.ldmnq.com/download/ldad/LDPlayer9.exe?n=LDPlayer9_de_2231_EAIaIQobChMIsvvg9b7v_QIVVOdRCh3slQA_EAAYASAAEgIhA_D_BwE_ld.exe","sourceIndex":"999"},{"howFound":"","reference":"","landingPage":"","directDownloadingLink":"https://ldcdn.ldmnq.com/download/LDPlayer9.exe?n=LDPlayer9_de_1103_ld.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://ldcdn.ldmnq.com/download/LDPlayer9.exe?n=LDPlayer9_de_1103_ld.exe","sourceIndex":"1000"}],"sampleFiles":["230724/LDPlayer-230322/9.0.51/Samples/dnmultiplayerex.exe","230724/LDPlayer-230322/9.0.51/Samples/dnplayer.exe"],"imageFiles":["230724/LDPlayer-230322/9.0.51/Images/ACR-010/Clickbait_Spamnotif.jpg","230724/LDPlayer-230322/9.0.51/Images/ACR-014/Clickbait_Spamnotif.jpg"],"nonDeceptorImageFiles":[],"guid":"793930cc-b67a-41f0-982e-0d0b420fd572_9.0.51_1","appID":"LDPlayer-230322","dateAdded":"230724","deceptorType":"App","name":"LDPlayer","company":"XUANZHI INTERNATIONAL CO., LIMITED","version":"9.0.51","firstResolvedVersion":"9.0.57","resolved":"TRUE","lastKnownStatus":"9.0.40;9.0.45;9.0.46;9.0.47;9.0.48;9.0.51;9.0.53","lastKnownDate":"230724","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Adults only","monetization":"none","lastUpdate":"2023-07-24T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":7,"sortOrder":888},{"violations":{"ACR-010":"The button \"Enable Now\" leads to a rogue website which when click sends the user unwanted ads/pop-ups directly to the system.\n","ACR-014":"The button \"Enable Now\" does not open the guide page, instead it leads to a rogue website which when click sends the user unwanted ads/pop-ups directly to the system.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"LDPlayer9_de_1103_ld.exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"85f02fe1b12d6c59fdca07e824f97a4a","hashSHA1":"b1b50e59e14b851fa7e419881846a5cf05993a24","hashSHA256":"30aab8d4f0deb28c9d95a6c5eaa20ae80c4c5a2e17f0070326f9996c71a4916a","digitalCertThumbprint":"C9CF5A70494E07F75A894435C96CB25F0A1E0C7B","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=\"Shanghai Chang Zhi Network Technology Co,. Ltd.\", O=\"Shanghai Chang Zhi Network Technology Co,. Ltd.\", S=上海市, C=CN, SERIALNUMBER=91310114MA1GT9FP6N, OID.1.3.6.1.4.1.311.60.2.1.1=嘉定区, OID.1.3.6.1.4.1.311.60.2.1.2=上海市, OID.1.3.6.1.4.1.311.60.2.1.3=CN, OID.2.5.4.15=Private Organization","sourceIndex":"1021","avBlockList":["Avira Internet Security (20230720)","ESET Internet Security (20230720)","K7 Total Security (20230720)","Malwarebytes Premium (20230720)","Norton Security (20230720)","Panda Dome (20230720)","Quick Heal Internet Security (20230720)","Sophos Home Premium (20230720)","SpyHunter5 (20230720)","Total AV Antivirus Pro (20230720)","VirIT eXplorer PRO (20230720)","Webroot SecureAnywhere (20230720)","Windows Defender (20230720)"],"avAllowList":["360 Total Security (20230720)","Avast Premium Security (20230720)","AVG Internet Security (20230720)","Bitdefender Internet Security (20230720)","COMODO Antivirus (20230720)","Dr.Web Security Space (20230720)","G DATA INTERNET SECURITY (20230720)","Kaspersky Internet Security (20230720)","McAfee Total Protection (20230720)","Trend Micro Internet Security (20230720)","VIPRE Advanced Security (20230720)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.search: Top Android Emulator for Windows PC","reference":"MEmu Play through BIBR","landingPage":"https://de.ldplayer.net/ldy/de2231_9.0.html?gclid=EAIaIQobChMI9PeS9L7v_QIVAuHmCh1zsgo5EAAYASAAEgJCvfD_BwE","directDownloadingLink":"https://ldcdn.ldmnq.com/download/ldad/LDPlayer9.exe?n=LDPlayer9_de_2231_EAIaIQobChMIsvvg9b7v_QIVVOdRCh3slQA_EAAYASAAEgIhA_D_BwE_ld.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://ldcdn.ldmnq.com/download/ldad/LDPlayer9.exe?n=LDPlayer9_de_2231_EAIaIQobChMIsvvg9b7v_QIVVOdRCh3slQA_EAAYASAAEgIhA_D_BwE_ld.exe","sourceIndex":"1021"}],"sampleFiles":["230705/LDPlayer-230322/9.0.48/Samples/LDPlayer9_de_1103_ld.exe"],"imageFiles":["230705/LDPlayer-230322/9.0.48/Images/ACR-010/LDplayer_clickbait.png","230705/LDPlayer-230322/9.0.48/Images/ACR-010/LDplayer_spamnotif.png","230705/LDPlayer-230322/9.0.48/Images/ACR-010/LDplayer_spamnotif2.png","230705/LDPlayer-230322/9.0.48/Images/ACR-014/LDplayer_clickbait.png","230705/LDPlayer-230322/9.0.48/Images/ACR-014/LDplayer_spamnotif.png","230705/LDPlayer-230322/9.0.48/Images/ACR-014/LDplayer_spamnotif2.png"],"nonDeceptorImageFiles":[],"guid":"793930cc-b67a-41f0-982e-0d0b420fd572_9.0.48_1","appID":"LDPlayer-230322","dateAdded":"230724","deceptorType":"App","name":"LDPlayer","company":"XUANZHI INTERNATIONAL CO., LIMITED","version":"9.0.48","firstResolvedVersion":"9.0.57","resolved":"TRUE","lastKnownStatus":"9.0.40;9.0.45;9.0.46;9.0.47;9.0.48;9.0.51;9.0.53","lastKnownDate":"230724","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Adults only","monetization":"none","lastUpdate":"2023-07-24T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":7,"sortOrder":889},{"violations":{"ACR-010":"The button \"Enable Now\" opens the guide page and eventually redirects to a rogue website which when click sends the user unwanted ads/pop-ups directly to the system.\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software.\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"LDPlayer9_de_1103_ld.exe","isInstaller":"True","companyName":"XUANZHI CHINA","fileVersion":"1.0","hashMD5":"d534ec979305cb79edd861760de997d