9b6394b0d1da147c5c718ebf3aba211ce2d4aefc63eb0dc80ed5cfc0db269bcd

Analysis

max time kernel
76s
max time network
99s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
25/01/2024, 21:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

cmd_fw_installer_138430009_eb.exe
Size

5.4MB
MD5

b48216dca6f745a40645248384659fdd
SHA1

3bc265e7282bfb5c63be6cc73a2b7aad9a060904
SHA256

9b6394b0d1da147c5c718ebf3aba211ce2d4aefc63eb0dc80ed5cfc0db269bcd
SHA512

488fbd2b606c4f829b0ec05217b7d9be687cb885b988bc7cdcf7e1d61da2ef06fc422646696e24c2a1c1a63d793bda2293204037bd5a0178a673c00e91b226ec
SSDEEP

98304:n3oeoi7dSeyJ6A89FbeCD25kvriejkx9sZjMK6vx6IF/M8aWzBWcPNkNzt9e:n3oeoYSeyJ6vnKCD25kvmeh6vFF//aFU

Score

7^/10

spyware stealer upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 2 IoCs

Detects file using ACProtect software.

resource	yara_rule
behavioral1/files/0x0005000000019429-1991.dat	acprotect
behavioral1/files/0x000500000001941e-1983.dat	acprotect

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2260-1994-0x0000000072870000-0x000000007287A000-memory.dmp	upx
behavioral1/files/0x0005000000019429-1991.dat	upx
behavioral1/files/0x000500000001941e-1983.dat	upx

Checks for any installed AV software in registry 1 TTPs 25 IoCs

Security Software Discovery

T1518.001

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\COMODO\CIS\Data	cmdinstall.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\Options\UsageStatHost	cmdinstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\Options\UsageStatHost = "cmc.comodo.com"	cmdinstall.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\COMODO\CIS\DbgTrace\cmdinstall	cmdinstall.exe
Key queried	\REGISTRY\MACHINE\SOFTWARE\COMODO\CIS	cmdinstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\Installer	cmdinstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\Options	cmdinstall.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\Testing purposes	cmdinstall.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\VolatileData	cmdinstall.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\COMODO\CIS\Options\Proxy	cmdinstall.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\Cam	cmdinstall.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\Data	cmdinstall.exe
Key queried	\REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\Options	cmdinstall.exe
Key queried	\REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\Installer	cmdinstall.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\COMODO\CIS\Data	cmdinstall.exe
Key queried	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\COMODO\CIS\Data	cmdinstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\COMODO\CIS\Data\CmcWindowsVersion = "{\"release_id\":0,\"build\":0,\"ubr\":0,\"major\":1}"	cmdinstall.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\Installer	cmdinstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\Installer\Instance	cmdinstall.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\Installer\Instance\{48222F79-874D-414E-9563-03C664764923} = "3032"	cmdinstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\COMODO\CIS	cmdinstall.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\Options	cmdinstall.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\COMODO\CIS\Options	cmdinstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\Options\InstallerName = "cfwinstallerx64"	cmdinstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\COMODO\CIS	cmdinstall.exe

Downloads MZ/PE file

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\L:	cmdinstall.exe
File opened (read-only)	\??\V:	cmdinstall.exe
File opened (read-only)	\??\Y:	cmdinstall.exe
File opened (read-only)	\??\B:	cmdinstall.exe
File opened (read-only)	\??\E:	cmdinstall.exe
File opened (read-only)	\??\H:	cmdinstall.exe
File opened (read-only)	\??\I:	cmdinstall.exe
File opened (read-only)	\??\K:	cmdinstall.exe
File opened (read-only)	\??\O:	cmdinstall.exe
File opened (read-only)	\??\P:	cmdinstall.exe
File opened (read-only)	\??\R:	cmdinstall.exe
File opened (read-only)	\??\S:	cmdinstall.exe
File opened (read-only)	\??\U:	cmdinstall.exe
File opened (read-only)	\??\A:	cmdinstall.exe
File opened (read-only)	\??\G:	cmdinstall.exe
File opened (read-only)	\??\J:	cmdinstall.exe
File opened (read-only)	\??\M:	cmdinstall.exe
File opened (read-only)	\??\Q:	cmdinstall.exe
File opened (read-only)	\??\W:	cmdinstall.exe
File opened (read-only)	\??\Z:	cmdinstall.exe
File opened (read-only)	\??\N:	cmdinstall.exe
File opened (read-only)	\??\T:	cmdinstall.exe
File opened (read-only)	\??\X:	cmdinstall.exe

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Control Panel\International\Geo\Nation	cmdinstall.exe

Executes dropped EXE 1 IoCs

pid	Process
3032	cmdinstall.exe

Loads dropped DLL 4 IoCs

pid	Process
2844	cmd_fw_installer_138430009_eb.exe
3032	cmdinstall.exe
3032	cmdinstall.exe
3032	cmdinstall.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000_Classes\Local Settings	cmdinstall.exe

Modifies system certificate store 2 TTPs 13 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\E12DFB4B41D7D9C32B30514BAC1D81D8385E2D46\Blob = 0f0000000100000014000000f45a0858c9cd920e647bad539ab9f1cfc77f24cb090000000100000016000000301406082b0601050507030306082b06010505070308140000000100000014000000daed6474149c143cabdd99a9bd5b284d8b3cc9d80b000000010000001400000055005300450052005400720075007300740000001d0000000100000010000000f919b9ccce1e59c2e785f7dc2ccf6708030000000100000014000000e12dfb4b41d7d9c32b30514bac1d81d8385e2d4620000000010000006a040000308204663082034ea003020102021044be0c8b500024b411d3362de0b35f1b300d06092a864886f70d0101050500308195310b3009060355040613025553310b3009060355040813025554311730150603550407130e53616c74204c616b652043697479311e301c060355040a131554686520555345525452555354204e6574776f726b3121301f060355040b1318687474703a2f2f7777772e7573657274727573742e636f6d311d301b0603550403131455544e2d5553455246697273742d4f626a656374301e170d3939303730393138333132305a170d3139303730393138343033365a308195310b3009060355040613025553310b3009060355040813025554311730150603550407130e53616c74204c616b652043697479311e301c060355040a131554686520555345525452555354204e6574776f726b3121301f060355040b1318687474703a2f2f7777772e7573657274727573742e636f6d311d301b0603550403131455544e2d5553455246697273742d4f626a65637430820122300d06092a864886f70d01010105000382010f003082010a0282010100ceaa813fa3a36178aa31005595119e270f1f1cdf3a9b826830c04a611df12f0efabe79f7a523ef55519684cddbe3b96e3e31d80a2067c7f4d9bf94eb47043e02ce2aa25d870409f6309d188a97b2aa1cfc41d2a136cbfb3d91bae7d97035fae4e790c39ba39bd33cf5129977b1b709e068e61cb8f39463886a6afe0b76c9bef422e467b9ab1a5e77c18507dd0d6cbfee06c7776a419ea70fd7fbee9417b7fc85bea4abc41c31ddd7b6d1e4f0efdf168fb25293d7a1d489a1072ebfe10112421e1ae1d89534db647928ffba2e11c2e5e85b9248fb470bc26cdaad328341f3a5e54170fd65906dfafa51c4f9bd962b19042cd36da7dcf07f6f8365e26aab8786750203010001a381af3081ac300b0603551d0f0404030201c6300f0603551d130101ff040530030101ff301d0603551d0e04160414daed6474149c143cabdd99a9bd5b284d8b3cc9d830420603551d1f043b30393037a035a0338631687474703a2f2f63726c2e7573657274727573742e636f6d2f55544e2d5553455246697273742d4f626a6563742e63726c30290603551d250422302006082b0601050507030306082b06010505070308060a2b0601040182370a0304300d06092a864886f70d01010505000382010100081f52b1374478dbfdceb9da959698aa556480b55a40dd21a5c5c1f35f2c4cc8475a69eae8f03535f4d025f3c8a6a4874abd1bb17308bdd4c3cab635bb59867731cda78014ae13effcb148f96b25252d51b62c6d45c198c88a565d3eee434e3e6b278ed03a4b850b5fd3ed6aa775cbd15a872f3975135a72b002819fbef00f845420626c69d4e14dc60d9943010d12968c789dbf50a2b144aa6acf177acf6f0fd4f824555ff0341649663e5046c96371383162b862b9f353ad6cb52ba212aa194f09da5ee793c68e1408fef0308018a086854dc87dd78b03fe6ed5f79d16ac922ca023e59c91521f94df179473c3b3c1c17105200078bd13521da83ecd001fc8	cmdinstall.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\E12DFB4B41D7D9C32B30514BAC1D81D8385E2D46\Blob = 040000000100000010000000a7f2e41606411150306b9ce3b49cb0c9030000000100000014000000e12dfb4b41d7d9c32b30514bac1d81d8385e2d461d0000000100000010000000f919b9ccce1e59c2e785f7dc2ccf67080b00000001000000140000005500530045005200540072007500730074000000140000000100000014000000daed6474149c143cabdd99a9bd5b284d8b3cc9d8090000000100000016000000301406082b0601050507030306082b060105050703080f0000000100000014000000f45a0858c9cd920e647bad539ab9f1cfc77f24cb20000000010000006a040000308204663082034ea003020102021044be0c8b500024b411d3362de0b35f1b300d06092a864886f70d0101050500308195310b3009060355040613025553310b3009060355040813025554311730150603550407130e53616c74204c616b652043697479311e301c060355040a131554686520555345525452555354204e6574776f726b3121301f060355040b1318687474703a2f2f7777772e7573657274727573742e636f6d311d301b0603550403131455544e2d5553455246697273742d4f626a656374301e170d3939303730393138333132305a170d3139303730393138343033365a308195310b3009060355040613025553310b3009060355040813025554311730150603550407130e53616c74204c616b652043697479311e301c060355040a131554686520555345525452555354204e6574776f726b3121301f060355040b1318687474703a2f2f7777772e7573657274727573742e636f6d311d301b0603550403131455544e2d5553455246697273742d4f626a65637430820122300d06092a864886f70d01010105000382010f003082010a0282010100ceaa813fa3a36178aa31005595119e270f1f1cdf3a9b826830c04a611df12f0efabe79f7a523ef55519684cddbe3b96e3e31d80a2067c7f4d9bf94eb47043e02ce2aa25d870409f6309d188a97b2aa1cfc41d2a136cbfb3d91bae7d97035fae4e790c39ba39bd33cf5129977b1b709e068e61cb8f39463886a6afe0b76c9bef422e467b9ab1a5e77c18507dd0d6cbfee06c7776a419ea70fd7fbee9417b7fc85bea4abc41c31ddd7b6d1e4f0efdf168fb25293d7a1d489a1072ebfe10112421e1ae1d89534db647928ffba2e11c2e5e85b9248fb470bc26cdaad328341f3a5e54170fd65906dfafa51c4f9bd962b19042cd36da7dcf07f6f8365e26aab8786750203010001a381af3081ac300b0603551d0f0404030201c6300f0603551d130101ff040530030101ff301d0603551d0e04160414daed6474149c143cabdd99a9bd5b284d8b3cc9d830420603551d1f043b30393037a035a0338631687474703a2f2f63726c2e7573657274727573742e636f6d2f55544e2d5553455246697273742d4f626a6563742e63726c30290603551d250422302006082b0601050507030306082b06010505070308060a2b0601040182370a0304300d06092a864886f70d01010505000382010100081f52b1374478dbfdceb9da959698aa556480b55a40dd21a5c5c1f35f2c4cc8475a69eae8f03535f4d025f3c8a6a4874abd1bb17308bdd4c3cab635bb59867731cda78014ae13effcb148f96b25252d51b62c6d45c198c88a565d3eee434e3e6b278ed03a4b850b5fd3ed6aa775cbd15a872f3975135a72b002819fbef00f845420626c69d4e14dc60d9943010d12968c789dbf50a2b144aa6acf177acf6f0fd4f824555ff0341649663e5046c96371383162b862b9f353ad6cb52ba212aa194f09da5ee793c68e1408fef0308018a086854dc87dd78b03fe6ed5f79d16ac922ca023e59c91521f94df179473c3b3c1c17105200078bd13521da83ecd001fc8	cmdinstall.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 0f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030853000000010000002600000030243022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c00b00000001000000180000004300b7004f00b7004d00b7004f00b7004400b7004f000000140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b41d00000001000000100000002e0d6875874a44c820912e85e964cfdb030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e349200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e	cmdinstall.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\SystemCertificates\CA\Certificates\8D4C4A23BA9EE84EA7348FA98CC6E65FBB69DE7B\Blob = 0300000001000000140000008d4c4a23ba9ee84ea7348fa98cc6e65fbb69de7b19000000010000001000000082218ffb91733e64136be5719f57c3a1040000000100000010000000ab9b109ce8934f11e7cd22ed550680da0f0000000100000030000000a768343c4aeaced5c72f3571938864983a67ed49031c1da2495863caf65fe507011f7f0e70b6cb40e5631c07721be034140000000100000014000000bbaf7e023dfaa6f13c848eadee3898ecd93232d41800000001000000100000002aa1c05e2ae606f198c2c5e937c97aa22000000001000000820500003082057e30820466a003020102021067def43ef17bdae24ff5940606d2c084300d06092a864886f70d01010c0500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a308185310b3009060355040613024742311b30190603550408131247726561746572204d616e636865737465723110300e0603550407130753616c666f7264311a3018060355040a1311434f4d4f444f204341204c696d69746564312b302906035504031322434f4d4f444f205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010091e85492d20a56b1ac0d24ddc5cf446774992b37a37d23700071bc53dfc4fa2a128f4b7f1056bd9f7072b7617fc94b0f17a73de3b00461eeff1197c7f4863e0afa3e5cf993e6347ad9146be79cb385a0827a76af7190d7ecfd0dfa9c6cfadfb082f4147ef9bec4a62f4f7f997fb5fc674372bd0c00d689eb6b2cd3ed8f981c14ab7ee5e36efcd8a8e49224da436b62b855fdeac1bc6cb68bf30e8d9ae49b6c6999f878483045d5ade10d3c4560fc32965127bc67c3ca2eb66bea46c7c720a0b11f65de4808baa44ea9f283463784ebe8cc814843674e722a9b5cbd4c1b288a5c227bb4ab98d9eee05183c309464e6d3e99fa9517da7c3357413c8d51ed0bb65caf2c631adf57c83fbce95dc49baf4599e2a35a24b4baa9563dcf6faaff4958bef0a8fff4b8ade937fbbab8f40b3af9e843421e89d884cb13f1d9bbe18960b88c2856ac141d9c0ae771ebcf0edd3da996a148bd3cf7afb50d224cc01181ec563bf6d3a2e25bb7b204225295809369e88e4c65f191032d707402ea8b671529695202bbd7df506a5546bfa0a328617f70d0c3a2aa2c21aa47ce289c064576bf821827b4d5aeb4cb50e66bf44c867130e9a6df1686e0d8ff40ddfbd042887fa3333a2e5c1e41118163ce18716b2beca68ab7315c3a6a47e0c37959d6201aaff26a98aa72bc574ad24b9dbb10fcb04c41e5ed1d3d5e289d9cccbfb351daa747e584530203010001a381f23081ef301f0603551d23041830168014a0110a233e96f107ece2af29ef82a57fd030a4b4301d0603551d0e04160414bbaf7e023dfaa6f13c848eadee3898ecd93232d4300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff30110603551d20040a300830060604551d200030430603551d1f043c303a3038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c303406082b0601050507010104283026302406082b060105050730018618687474703a2f2f6f6373702e636f6d6f646f63612e636f6d300d06092a864886f70d01010c050003820101007ff25635b06d954a4e74af3ae26f018b87d33297edf840d2775311d7c7162ec69de64856be80a9f8bc78d2c86317ae8ced1631fa1f18c90ec7ee48799fc7c9b9bccc8815e36861d19f1d4b6181d7560463c2086926f0f0e52fdfc00a2ba905f4025a6a89d7b4844295e3ebf776205e35d9c0cd2508134c71388e87b0338491991e91f1ac9e3fa71d60812c364154a0e246060bac1bc799368c5ea10ba49ed9424624c5c55b81aeada0a0dc9f36b88dc21d15fa88ad8110391f44f02b9fdd10540c0734b136d114fd07023dff7255ab27d62c814171298d41f450571a7e6560afcbc5287698aeb3a853768be621526bea21d0840e494e8853da922ee71d0866d7	cmdinstall.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\SystemCertificates\CA\Certificates\D89E3BD43D5D909B47A18977AA9D5CE36CEE184C	cmdinstall.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\SystemCertificates\CA\Certificates\8D4C4A23BA9EE84EA7348FA98CC6E65FBB69DE7B\Blob = 4b0000000100000044000000420032004600410046003700360039003200460044003900460046004200440036003400450044004500330031003700450034003200330033003400420041005f0000001800000001000000100000002aa1c05e2ae606f198c2c5e937c97aa2140000000100000014000000bbaf7e023dfaa6f13c848eadee3898ecd93232d40f0000000100000030000000a768343c4aeaced5c72f3571938864983a67ed49031c1da2495863caf65fe507011f7f0e70b6cb40e5631c07721be034040000000100000010000000ab9b109ce8934f11e7cd22ed550680da19000000010000001000000082218ffb91733e64136be5719f57c3a10300000001000000140000008d4c4a23ba9ee84ea7348fa98cc6e65fbb69de7b2000000001000000820500003082057e30820466a003020102021067def43ef17bdae24ff5940606d2c084300d06092a864886f70d01010c0500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a308185310b3009060355040613024742311b30190603550408131247726561746572204d616e636865737465723110300e0603550407130753616c666f7264311a3018060355040a1311434f4d4f444f204341204c696d69746564312b302906035504031322434f4d4f444f205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010091e85492d20a56b1ac0d24ddc5cf446774992b37a37d23700071bc53dfc4fa2a128f4b7f1056bd9f7072b7617fc94b0f17a73de3b00461eeff1197c7f4863e0afa3e5cf993e6347ad9146be79cb385a0827a76af7190d7ecfd0dfa9c6cfadfb082f4147ef9bec4a62f4f7f997fb5fc674372bd0c00d689eb6b2cd3ed8f981c14ab7ee5e36efcd8a8e49224da436b62b855fdeac1bc6cb68bf30e8d9ae49b6c6999f878483045d5ade10d3c4560fc32965127bc67c3ca2eb66bea46c7c720a0b11f65de4808baa44ea9f283463784ebe8cc814843674e722a9b5cbd4c1b288a5c227bb4ab98d9eee05183c309464e6d3e99fa9517da7c3357413c8d51ed0bb65caf2c631adf57c83fbce95dc49baf4599e2a35a24b4baa9563dcf6faaff4958bef0a8fff4b8ade937fbbab8f40b3af9e843421e89d884cb13f1d9bbe18960b88c2856ac141d9c0ae771ebcf0edd3da996a148bd3cf7afb50d224cc01181ec563bf6d3a2e25bb7b204225295809369e88e4c65f191032d707402ea8b671529695202bbd7df506a5546bfa0a328617f70d0c3a2aa2c21aa47ce289c064576bf821827b4d5aeb4cb50e66bf44c867130e9a6df1686e0d8ff40ddfbd042887fa3333a2e5c1e41118163ce18716b2beca68ab7315c3a6a47e0c37959d6201aaff26a98aa72bc574ad24b9dbb10fcb04c41e5ed1d3d5e289d9cccbfb351daa747e584530203010001a381f23081ef301f0603551d23041830168014a0110a233e96f107ece2af29ef82a57fd030a4b4301d0603551d0e04160414bbaf7e023dfaa6f13c848eadee3898ecd93232d4300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff30110603551d20040a300830060604551d200030430603551d1f043c303a3038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c303406082b0601050507010104283026302406082b060105050730018618687474703a2f2f6f6373702e636f6d6f646f63612e636f6d300d06092a864886f70d01010c050003820101007ff25635b06d954a4e74af3ae26f018b87d33297edf840d2775311d7c7162ec69de64856be80a9f8bc78d2c86317ae8ced1631fa1f18c90ec7ee48799fc7c9b9bccc8815e36861d19f1d4b6181d7560463c2086926f0f0e52fdfc00a2ba905f4025a6a89d7b4844295e3ebf776205e35d9c0cd2508134c71388e87b0338491991e91f1ac9e3fa71d60812c364154a0e246060bac1bc799368c5ea10ba49ed9424624c5c55b81aeada0a0dc9f36b88dc21d15fa88ad8110391f44f02b9fdd10540c0734b136d114fd07023dff7255ab27d62c814171298d41f450571a7e6560afcbc5287698aeb3a853768be621526bea21d0840e494e8853da922ee71d0866d7	cmdinstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349	cmdinstall.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 1900000001000000100000002aa1c05e2ae606f198c2c5e937c97aa2030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e3491d00000001000000100000002e0d6875874a44c820912e85e964cfdb140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b40b00000001000000180000004300b7004f00b7004d00b7004f00b7004400b7004f00000053000000010000002600000030243022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b060105050703080f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e	cmdinstall.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\SystemCertificates\CA\Certificates\8D4C4A23BA9EE84EA7348FA98CC6E65FBB69DE7B	cmdinstall.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\SystemCertificates\CA\Certificates\D89E3BD43D5D909B47A18977AA9D5CE36CEE184C\Blob = 030000000100000014000000d89e3bd43d5d909b47a18977aa9d5ce36cee184c1400000001000000140000005379bf5aaa2b4acf5480e1d89bc09df2b20366cb040000000100000010000000285ec909c4ab0d2d57f5086b225799aa0f000000010000003000000013baa039635f1c5292a8c2f36aae7e1d25c025202e9092f5b0f53f5f752dfa9c71b3d1b8d9a6358fcee6ec75622fabf9190000000100000010000000ea6089055218053dd01e37e1d806eedf1800000001000000100000002aa1c05e2ae606f198c2c5e937c97aa22000000001000000850500003082058130820469a00302010202103972443af922b751d7d36c10dd313595300d06092a864886f70d01010c0500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3139303331323030303030305a170d3238313233313233353935395a308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010080126517360ec3db08b3d0ac570d76edcd27d34cad508361e2aa204d092d6409dcce899fcc3da9ecf6cfc1dcf1d3b1d67b3728112b47da39c6bc3a19b45fa6bd7d9da36342b676f2a93b2b91f8e26fd0ec162090093ee2e874c918b491d46264db7fa306f188186a90223cbcfe13f087147bf6e41f8ed4e451c61167460851cb8614543fbc33fe7e6c9cff169d18bd518e35a6a766c87267db2166b1d49b7803c0503ae8ccf0dcbc9e4cfeaf0596351f575ab7ffcef93db72cb6f654ddc8e7123a4dae4c8ab75c9ab4b7203dca7f2234ae7e3b68660144e7014e46539b3360f794be5337907343f332c353efdbaafe744e69c76b8c6093dec4c70cdfe132aecc933b517895678bee3d56fe0cd0690f1b0ff325266b336df76e47fa7343e57e0ea566b1297c3284635589c40dc19354301913acd37d37a7eb5d3a6c355cdb41d712daa9490bdfd8808a0993628eb566cf2588cd84b8b13fa4390fd9029eeb124c957cf36b05a95e1683ccb867e2e8139dcc5b82d34cb3ed5bffdee573ac233b2d00bf3555740949d849581a7f9236e651920ef3267d1c4d17bcc9ec4326d0bf415f40a94444f499e757879e501f5754a83efd74632fb1506509e658422e431a4cb4f0254759fa041e93d426464a5081b2debe78b7fc6715e1c957841e0f63d6e962bad65f552eea5cc62808042539b80e2ba9f24c971c073f0d52f5edef2f820f0203010001a381f23081ef301f0603551d23041830168014a0110a233e96f107ece2af29ef82a57fd030a4b4301d0603551d0e041604145379bf5aaa2b4acf5480e1d89bc09df2b20366cb300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff30110603551d20040a300830060604551d200030430603551d1f043c303a3038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c303406082b0601050507010104283026302406082b060105050730018618687474703a2f2f6f6373702e636f6d6f646f63612e636f6d300d06092a864886f70d01010c05000382010100188751dc74213d9c8ae027b733d02eccecf0e6cb5e11de226f9b758e9e72fee4d6feaa1f9c962def034a7eaef48d6f723c433bc03febb8df5caaa9c6aef2fcd8eea37b43f686367c14e0cdf4f73ffedeb8b48af09196fefd43647efdccd201a17d7df81919c9422b13bf588bbaa4a266047688914e0c8914cea24dc932b3bae8141abc71f15bf0410b98000a220310e50cb1f9cd923719ed3bf1e43ab6f945132675afbbaaef3f7b773bd2c402913d1900d3175c39db3f7b180d45cd9385962f5ddf59164f3f51bdd545183fed4a8ee80661742316b50d50732744477f105d892a6b853114c4e8a96a4c80bc6a78cfb87f8e7672990c9dfed7910816a1a35f95	cmdinstall.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\E12DFB4B41D7D9C32B30514BAC1D81D8385E2D46\Blob = 190000000100000010000000e843ac3b52ec8c297fa948c9b1fb28190f0000000100000014000000f45a0858c9cd920e647bad539ab9f1cfc77f24cb090000000100000016000000301406082b0601050507030306082b06010505070308140000000100000014000000daed6474149c143cabdd99a9bd5b284d8b3cc9d80b000000010000001400000055005300450052005400720075007300740000001d0000000100000010000000f919b9ccce1e59c2e785f7dc2ccf6708030000000100000014000000e12dfb4b41d7d9c32b30514bac1d81d8385e2d46040000000100000010000000a7f2e41606411150306b9ce3b49cb0c920000000010000006a040000308204663082034ea003020102021044be0c8b500024b411d3362de0b35f1b300d06092a864886f70d0101050500308195310b3009060355040613025553310b3009060355040813025554311730150603550407130e53616c74204c616b652043697479311e301c060355040a131554686520555345525452555354204e6574776f726b3121301f060355040b1318687474703a2f2f7777772e7573657274727573742e636f6d311d301b0603550403131455544e2d5553455246697273742d4f626a656374301e170d3939303730393138333132305a170d3139303730393138343033365a308195310b3009060355040613025553310b3009060355040813025554311730150603550407130e53616c74204c616b652043697479311e301c060355040a131554686520555345525452555354204e6574776f726b3121301f060355040b1318687474703a2f2f7777772e7573657274727573742e636f6d311d301b0603550403131455544e2d5553455246697273742d4f626a65637430820122300d06092a864886f70d01010105000382010f003082010a0282010100ceaa813fa3a36178aa31005595119e270f1f1cdf3a9b826830c04a611df12f0efabe79f7a523ef55519684cddbe3b96e3e31d80a2067c7f4d9bf94eb47043e02ce2aa25d870409f6309d188a97b2aa1cfc41d2a136cbfb3d91bae7d97035fae4e790c39ba39bd33cf5129977b1b709e068e61cb8f39463886a6afe0b76c9bef422e467b9ab1a5e77c18507dd0d6cbfee06c7776a419ea70fd7fbee9417b7fc85bea4abc41c31ddd7b6d1e4f0efdf168fb25293d7a1d489a1072ebfe10112421e1ae1d89534db647928ffba2e11c2e5e85b9248fb470bc26cdaad328341f3a5e54170fd65906dfafa51c4f9bd962b19042cd36da7dcf07f6f8365e26aab8786750203010001a381af3081ac300b0603551d0f0404030201c6300f0603551d130101ff040530030101ff301d0603551d0e04160414daed6474149c143cabdd99a9bd5b284d8b3cc9d830420603551d1f043b30393037a035a0338631687474703a2f2f63726c2e7573657274727573742e636f6d2f55544e2d5553455246697273742d4f626a6563742e63726c30290603551d250422302006082b0601050507030306082b06010505070308060a2b0601040182370a0304300d06092a864886f70d01010505000382010100081f52b1374478dbfdceb9da959698aa556480b55a40dd21a5c5c1f35f2c4cc8475a69eae8f03535f4d025f3c8a6a4874abd1bb17308bdd4c3cab635bb59867731cda78014ae13effcb148f96b25252d51b62c6d45c198c88a565d3eee434e3e6b278ed03a4b850b5fd3ed6aa775cbd15a872f3975135a72b002819fbef00f845420626c69d4e14dc60d9943010d12968c789dbf50a2b144aa6acf177acf6f0fd4f824555ff0341649663e5046c96371383162b862b9f353ad6cb52ba212aa194f09da5ee793c68e1408fef0308018a086854dc87dd78b03fe6ed5f79d16ac922ca023e59c91521f94df179473c3b3c1c17105200078bd13521da83ecd001fc8	cmdinstall.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 040000000100000010000000497904b0eb8719ac47b0bc11519b74d00f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030853000000010000002600000030243022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c00b00000001000000180000004300b7004f00b7004d00b7004f00b7004400b7004f000000140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b41d00000001000000100000002e0d6875874a44c820912e85e964cfdb030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e3491900000001000000100000002aa1c05e2ae606f198c2c5e937c97aa2200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e	cmdinstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\E12DFB4B41D7D9C32B30514BAC1D81D8385E2D46	cmdinstall.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeTcbPrivilege	3032	cmdinstall.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2844	cmd_fw_installer_138430009_eb.exe

Suspicious use of SetWindowsHookEx 8 IoCs

pid	Process
3032	cmdinstall.exe
3032	cmdinstall.exe
3032	cmdinstall.exe
3032	cmdinstall.exe
3032	cmdinstall.exe
3032	cmdinstall.exe
3032	cmdinstall.exe
3032	cmdinstall.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2844 wrote to memory of 3032	2844	cmd_fw_installer_138430009_eb.exe	28
PID 2844 wrote to memory of 3032	2844	cmd_fw_installer_138430009_eb.exe	28
PID 2844 wrote to memory of 3032	2844	cmd_fw_installer_138430009_eb.exe	28
PID 2844 wrote to memory of 3032	2844	cmd_fw_installer_138430009_eb.exe	28
PID 2844 wrote to memory of 3032	2844	cmd_fw_installer_138430009_eb.exe	28
PID 2844 wrote to memory of 3032	2844	cmd_fw_installer_138430009_eb.exe	28
PID 2844 wrote to memory of 3032	2844	cmd_fw_installer_138430009_eb.exe	28

C:\Users\Admin\AppData\Local\Temp\cmd_fw_installer_138430009_eb.exe
"C:\Users\Admin\AppData\Local\Temp\cmd_fw_installer_138430009_eb.exe"
1⤵
- Loads dropped DLL
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:2844
- C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe
  "C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe" -log -setupname "cmd_fw_installer_138430009_eb.exe" -sfx "C:\Users\Admin\AppData\Local\Temp" -theme lycia -type web -mode cfwfree
  2⤵
  - Checks for any installed AV software in registry
  - Enumerates connected drives
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  - Modifies registry class
  - Modifies system certificate store
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of SetWindowsHookEx
  PID:3032
- - C:\ProgramData\Comodo Downloader\cis\download\installs\8050\xml_binaries\dragon\dragonsetup.exe
    "C:\ProgramData\Comodo Downloader\cis\download\installs\8050\xml_binaries\dragon\dragonsetup.exe" --silent --do-not-auto-launch --disable-secure-dns --defer-start-updateservice --cid=138430009 --cv=12.2.2.8012 --nt
    3⤵
    PID:2260
  - - C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe
      "C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe" install -1
      4⤵
      PID:2628
  - - C:\Program Files (x86)\Comodo\Dragon\dragon.exe
      "C:\Program Files (x86)\Comodo\Dragon\dragon.exe" --no-first-run --register-dragon-browser
      4⤵
      PID:1744
- - C:\ProgramData\Comodo\Installer\ise_installer.exe
    "C:\ProgramData\\Comodo\Installer\ise_installer.exe" /quiet /chid=138430009 /aff=138430009
    3⤵
    PID:856
  - - C:\Users\Admin\AppData\Local\Temp\7ZipSfx.001\bin\ise_installer\isestart.exe
      "C:\Users\Admin\AppData\Local\Temp\7ZipSfx.001\bin\ise_installer\isestart.exe" /quiet /chid=138430009 /aff=138430009
      4⤵
      PID:672

C:\Program Files (x86)\Comodo\Dragon\dragon.exe
"C:\Program Files (x86)\Comodo\Dragon\dragon.exe" --type=gpu-process --field-trial-handle=1068,7984185730573293685,9082781477373788505,131072 --gpu-preferences=KAAAAAAAAADgAgAwAQAAAAAAAAAAAGAAAAAAAAAAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --service-request-channel-token=13917793937428363913 --mojo-platform-channel-handle=1076 --ignored=" --type=renderer " /prefetch:2
1⤵
PID:952

C:\Program Files (x86)\Comodo\Dragon\dragon.exe
"C:\Program Files (x86)\Comodo\Dragon\dragon.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Comodo\Dragon\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Comodo\Dragon\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Comodo\Dragon\User Data" --annotation=plat=Win32 --annotation=prod=Dragon --annotation=ver=75.0.3770.100 --initial-client-data=0xa8,0xac,0xb0,0xa4,0xb4,0x723aa250,0x723aa260,0x723aa26c
1⤵
PID:2392

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

Software Discovery

T1518

Security Software Discovery

T1518.001

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Comodo\Dragon\chrome_100_percent.pak

Filesize
123KB

MD5
e018dfc37ef9cf2adcd5f0664379ea70

SHA1
b77971ac4057b48afd61823460bc92f034405b1d

SHA256
b35195d8dbfae00d491d194974e35ac594fbef7079f5f0767aed34927733be0c

SHA512
2a8e3793be90b941c348d46b17a0e77891ac63ce188171d058f7156a506a7f8e3cea9fea8d780c1479e672c51435b037b64f4050275606b7d37ef6e4d4ed2a0c

Download Submit
C:\Program Files (x86)\Comodo\Dragon\chrome_200_percent.pak

Filesize
76KB

MD5
e90f7a20fd0a3a2b671ad2f7864922b2

SHA1
fe2403db47cd5166ecc21a13f0a2cdd830875529

SHA256
fe6ae135a18cb4ef4b96236835b9c6d3057c531cc30fcc11ad85b3e7cb8ba453

SHA512
59acf4d8a7e75c7cfd380ffdd2541577ee86d367d8a10de7083c4638a0cdf999d95be5122db45eb3671143cfb260d3fa0fd307610bbc2c9d6c6b412105b9211c

Download Submit
C:\Program Files (x86)\Comodo\Dragon\chrome_elf.dll

Filesize
46KB

MD5
bb3dee089a62bcc5e9456ae009a7112c

SHA1
cf428980aa15132d63d83b8eb9d31de0a63be301

SHA256
8419af6f4c46f1a68a03edbf5f417ad00a8a014e411da14724505ee79516ec2d

SHA512
0ffa827f0210aba9a9fb4cb8e2a7beead16c2b483fa7fd67e93b8f844ce74c40b91d60d113498dcb067fcd0401be17a2ba054c6d1c08c47b5e7294b20611602e

Download Submit
C:\Program Files (x86)\Comodo\Dragon\dragon.exe

Filesize
175KB

MD5
2ebfb7d8e2329d8dd283dad121060f5d

SHA1
19a526b5b6be72900b56756d1d72164e93605658

SHA256
3555c3b94307d32895c10306ab71011210fcc36bb09d7ecf651664deccee5cbc

SHA512
e53de73a0d514c254a8ce94c22531966f5da6ca918698244daf882141d83e579f7369c18db4b5fc7aa0860a3a14b4363d26e1c00da9f1eeb3add657766db23bc

Download Submit
C:\Program Files (x86)\Comodo\Dragon\dragon.exe

Filesize
45KB

MD5
0b0188a3b847faa940b2bb54a1875f13

SHA1
96b4f5decf775b4fac1a4aafdef5028218caf0d4

SHA256
85978553514e9bb4b843ea34ead2a01c33661baee6927d11568d31cc3b765df0

SHA512
ebbbab6f927d1f5c29f401c5fdc39efc731431950c164fc4a55215336ed4d2f7a2de82a25a0cd298a1e3771512dacd2e020ee71dbeeada85b1a97b0da5a44293

Download Submit
C:\Program Files (x86)\Comodo\Dragon\dragon.exe

Filesize
158KB

MD5
edb1e996b9be06bbbcf5cb225c49eaae

SHA1
aedb38adcebb27a6dd4d206e7e0745dc896ccc99

SHA256
ac1f41575df4632412cfce14e992f8113d3d11c53fa938738e546acedf0cf7b1

SHA512
00725aeb7c2a271d10dac674ec332909616298e7136e6889bc17404cead9691e38414dc1875ec32bfa9df4a873d9ddc8f4d9e70ba3cc931d0e840326b013398e

Download Submit
C:\Program Files (x86)\Comodo\Dragon\dragon.exe

Filesize
99KB

MD5
c778db2c3f826b2c6394853ad287763e

SHA1
4e7de024fde3c35d741ecddddf34f1e6a8832b5b

SHA256
a94c774dbedd6685380d0b21eb587da4be8434b250ba88cbae25ac8f5222d0e7

SHA512
1557b9e39e90d00eeb97a4a07fc3fcc9e5300928d1bc7d4d62f608deb6d14717ff928d958e93562721b7388cd8aec9d280f6e2081da54e8a9708f4b1636d84cc

Download Submit
C:\Program Files (x86)\Comodo\Dragon\dragon_s.dll

Filesize
21KB

MD5
e40e47b12ca3995300eea2161f2bbe1d

SHA1
b4e85eb167e61ea230e3239208e1db6145d4e410

SHA256
c0e998a90edbb6ead6ffb6548a3f4e59cb7e5afa80a858a8b28da5fd6e90bc1a

SHA512
66f847ff06ce7b531855a45e6d27beb9b8ac16e278a8ab819c5a06bde6de6e428c71553bbc00adc65015998ffb70b7dfcfab2d7cf42ab56f77fd5421ee2a9d49

Download Submit
C:\Program Files (x86)\Comodo\Dragon\icudtl.dat

Filesize
102KB

MD5
512bb2d2c0139ab9f12a45e4aadaa544

SHA1
143f9064cc0bc41e08000d9572bcb047c241c1b8

SHA256
15f258d08f2a8da4984f3b26126661f0d072bd57bd932f34998cc60a91466dbf

SHA512
efdb79dba33773a725f3eb05538df14af84d64b2e205b85b0778ecc7f0115d2accecbf01bc0a992eab70844f6025fd451f0f269c8a9aa41dc0b26007547bfb86

Download Submit
C:\Program Files (x86)\Comodo\Dragon\locales\en-US.pak

Filesize
27KB

MD5
fdd571034736e5e51357ff03732279d6

SHA1
a9faf31c67b2fd4f13ab4d34b31430808fed8ac3

SHA256
71f8ddbcd67f66cafa1d078e85b8ff6453a7f04a21e24558172e94f737911d3b

SHA512
89b24f323422b0b2f34f1b88d0d5021100fef473741177640f8a272009d4fd43767c44bd5208ae547d78a7f293e0cdd157e5167074feed78979be5ae0e0f5125

Download Submit
C:\Program Files (x86)\Comodo\Dragon\resources.pak

Filesize
19KB

MD5
cf482018ceb7d94673e2690eea08ba37

SHA1
d605d9f8656666dc1f218331867dba5d48d6829b

SHA256
6c04f00d56fc03e1cc98b004eeb332b3755e2f8e0d101dbb4ba2ef7fdd1f64be

SHA512
0f9bbecadc635d0c0eb0753094cff69ef3c0524968f57d670f2e3f55a065073d79682d6c7338aff19f183df79f72ad6ca3a3b56e36878a6c476c13242a28382a

Download Submit
C:\ProgramData\Comodo Downloader\cis\download\installs\8050\installer_data\binaries\files_info.dat

Filesize
34KB

MD5
f42c56a1f750bdf43155a2aee0f1407c

SHA1
0929dd9594fccffe5e7e43ea33a5eb6467afab0b

SHA256
86e8a71d1327fe5f26901c8a7d10bac322dce1ff621e1339db9c7b6ab905244c

SHA512
31dc56d6455391a0075ab59d438335c9d38da43e1ef974bcdf14be059d63d48f8a8f7a1f6cd9eb5e790519a3824f59387abafef48417bbeb74e34b526646b8d9

Download Submit
C:\ProgramData\Comodo Downloader\cis\download\installs\8050\xml_binaries\cis\cis_setup_x64.msi

Filesize
1.0MB

MD5
6fd0bf965b661ad361595c779650eede

SHA1
d527563f40936975823a6178ec47d111cf941e4b

SHA256
0d18c777d2a768bf1b9c8a4d1744cb0660eca692f5c64fdd47ca13715cda504e

SHA512
32a36291c51587eb8939b910ec919909706eda47a3b6e5c5d69bc4b20bf99c8676c43c6030e9ced032c1152702c8318b56f778735f7c5387714b85333f855299

Download Submit
C:\ProgramData\Comodo Downloader\cis\download\installs\8050\xml_binaries\dragon\dragonsetup.exe

Filesize
63KB

MD5
ec0448ce1e6ac8ffd35b5bd4e9b7c782

SHA1
223cad81f12d012906e89e0d41746a275b48e412

SHA256
0f8734e748ac0b4a5b4e104fedb3344d374fc881ad16f6cb906950e16bbc988a

SHA512
c912dd81acc7260a26bcd925e77213b1181bc39014b511ae26fbe34ad6aa65a517702cdd247d9627c116250ded59e24281212fc332c24d87b0b9fd165450f650

Download Submit
C:\ProgramData\Comodo Downloader\cis\download\installs\8050\xml_binaries\dragon\dragonsetup.exe

Filesize
232KB

MD5
35378703626582c0d84144dbb9cac225

SHA1
a7574b58d1843f249ce6d03b53052d2a6ff92ec4

SHA256
b617e357a46bb047c067fd3a74febd30e8737ebdb1d244344d88033f68facde3

SHA512
2d63ce5f76da4d11441cd95154a75d515e58cc6880521ac464828dca1bb03aa52fc10738dce82e8b4156b60fd4ecb4cb84173d0440add88878d4d52d0b3b5152

Download Submit
C:\ProgramData\Comodo Downloader\cis\download\installs\8050\xml_binaries\dragon\dragonsetup.exe

Filesize
162KB

MD5
b3cb72d1fbec08947a7195f98a75f35c

SHA1
04bfd3d3434cf19a661e2ae5ad8f053eec2c0202

SHA256
9b42796e204d0226c594eb112ce32388ae18091afa00c8f4b399519dcf5740db

SHA512
cb4653b82f34321804e6c40487260a0388e7684aeb797857b84d528e856e03f1c942e85f636d1cbd70f26ee77199b4a2b95c4a450a20e6fcc6b1019d2edb923c

Download Submit
C:\ProgramData\Comodo Downloader\cis\download\installs\8050\xml_binaries\ise\ise_installer.exe

Filesize
18KB

MD5
13010aa7818b942459a5fa91b58cc72f

SHA1
be4ad73475374af970408d24d8acde60b6ff6264

SHA256
a98b52acb2a0188bedfcc1c6384262e5315215a18a34c7a761d9bd46f42c6b2d

SHA512
30a1f7e0769aeb4c83edc35bd649f022d655765d2bdf0dadf2e19562e7fd60a8d5570827fd91de3d6a3c805722a9462f3b1827cd4637761797f1f15165a69420

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b7e61af0b6797be1a647c891780ff58d

SHA1
62625015420909a6c3198fe0f9bb09aefe8909ba

SHA256
7cbf5047fce8a9bf342a88afdcbaf77fc4fdc4d601dd501e36022114781452e8

SHA512
a5e331d1f97573f8e0b593bd672d0457a4f227f5eb067e93ea7de37efb51aaf3af5befb68490fe4823f0266d0a766d56bb5d1999c995bb15c266b675ffe2114a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e74fe3bd14352a7caa4e84324b1c02b5

SHA1
7dca565c1a2ea5177c2c8b63ce7be28d352f245b

SHA256
0d3f940865b648d42370302290b5af6e2c9e5bd47794e12abc644c18444d7024

SHA512
733b6312d8f1768d45f0e5eda0eba1cb608dcf5929dcaa12c643b0714ae61b448ae06c79b8987b51343466c52af722ffcee51602de0283751bba5abac0b16724

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
d7a1c2ec1d38b4a582c9e1e3c7db00ed

SHA1
70a2991eb31b6c783ef18f871240c71fe4b1b0bc

SHA256
13c1781b19912f7e2de9ee9a2ee090acb90c565e04b54f0dfb8e2c7481cca86e

SHA512
ac96cc633cd9c1a0c5d7a2198174c6a4e184812708074a6eeb21f5cf19d29f2e93370a3e53c556ecca6f44df22bcc867754ff9b194a26620eb50f560283ffbd3

Download Submit
C:\Users\Admin\AppData\Local\Comodo\Dragon\User Data\Crashpad\settings.dat

Filesize
40B

MD5
08dfa26106a236958f618e061310249b

SHA1
afbc58adbc5dd74e5368557aad51afbe7421f5c7

SHA256
d58f5df7a4c32ff77e1e87ecf4290c5fb10f269d9984a1398fe00ff6e1ad8314

SHA512
aec540b35caa8ad4b1a1e290eaf179a3ceebd6f8102b91a6da14b70e4a55e9cbb1d6b884b86c8b35b1f00d7015c7cf632d40b6ffb5277b200ba90da3f5b29fd5

Download Submit
C:\Users\Admin\AppData\Local\Comodo\Dragon\User Data\Local State

Filesize
1KB

MD5
98326e2b6b5ca742138ebb587a314f5a

SHA1
8eb26eeb6bb744392964cd126b6d3597050962d7

SHA256
bdb30772e1e05b7072700c6a37fd7e3af631b52633068379556ff6d3ca4a7f9a

SHA512
99d638ad422a46d01175ea8f09c573c52a723c1eba6228bc2bc9e3f592296e30e8555e1f9fd5a9c99aeaf67b1ac60d8b6f4d49185aa201bbe741e7545999ab8e

Download Submit
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdhtml.dll

Filesize
2.1MB

MD5
1d6fde33ccfcbe838956c24ab5b86c5e

SHA1
9f7ccfd834ba08aa0aa0ef0c21b36e48fb2358d6

SHA256
63040f8f9af621ddc6cb2bf360d2ff41bde53a6abc5f0fa3177a8b6a0d469a8f

SHA512
9d9d78525561c1daddb4c0b9632fb01afc04c998eac6be637eee890c087a5c8340675b7805b12e581f53dfa3a50b13f8e03314201456522bf4a845aad3ffa4b3

Download Submit
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe

Filesize
218KB

MD5
2485083f636f52e1bc96631ac68449e8

SHA1
b0688bf2a066e96e11df76016cdd2f5cac0ebbf2

SHA256
f2ddc9badd87ef2b19ca04890a051b31d57b3a7264cfa8fac692f417e7460000

SHA512
3c0e77667a868f8a1f1a4908d5537f0037d8c39ab8b2868d9501496dc10bef51292a97c9bf698afc6b1e81fbe092c00f8c5e329d36e90d9e36de89d99384f9e3

Download Submit
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe

Filesize
2.4MB

MD5
490c9bddfc89b5052b1c10e67ddf8f28

SHA1
982cafb286f2fd4b85a36f85dd8f94a3f2fab6ea

SHA256
fb9a1e489985af1ecdcddc761fdf461d038451fbdb8809e357a89b70d54301cb

SHA512
f9bd79eadbfe1d6e7ecf10c0bebe3c81ad13c759d75ca1abc1bd57a1b49dbc3a15ded914ebdc60011093f78545d120e272c713fcbd34d2045e5dbd0b42bdd23d

Download Submit
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe

Filesize
2.1MB

MD5
a56742a4b87b02a2a35be8d598a70cb5

SHA1
1a67e73c25dc12e42ca5f0fddaec0cea6484b587

SHA256
97f1b63bbe627ebbabfcb9f5f1e07dfead80738dd3cd4824926e990599ac1ea5

SHA512
872f15f59967ba7e53b4c3f1553ba1c16033e9d0b25b83cfcf0c9d0d7c39266c7273263ef6a03d9f790eee98358d6a363c2b5647ab13af41f470af3d1bb30ab9

Download Submit
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdres.dll

Filesize
367KB

MD5
a4b3e07a9d407bca7a0ed76ea7c4945f

SHA1
af16d87110e2f9e64d5c35a6d522151b69377bbc

SHA256
b115a17e7500dbc34cce1f8e84a59f072a26ad49be5dcde6ac5908e4d2ad3555

SHA512
77c6ba298f5bd4c04192660d365d2a45ecb23fa441818735bd01050677037e1976670dcb457b6684343fbccb02a6fcfd98f22ae9f2de263057157917ee28d981

Download Submit
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\installer_langdata.bin

Filesize
5KB

MD5
b80eda6258e28b537651f8e5ebd997ff

SHA1
826741e138e8342f4bc3303838e347a44bb93546

SHA256
6e960dfed451c2dfb99352d25d3df8dd46fe7d80c9af79805c0cfbd1a99a2709

SHA512
9fce1cb5fe8b6a2bc4d13c1ca3ec31c926c6dd33717f145da6952ae33144eb11a6ee9e751e1d3e2d5d6ce7768e9f9602773a917d9f5f8473670e6d631b932b74

Download Submit
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\themes\ilycia.set

Filesize
560KB

MD5
28a7b34904794fad114a836890144881

SHA1
413306a448c5b854fdc51213076c08e5a077a777

SHA256
df4c83ace0c680d6c30f057d7b55be7269b6365117257c53d4b624f6503bbbab

SHA512
abd727317f57bc53cc40c471433e4bf36ebf4aca41778d9e41b4ba6aec571d4ea71c8282235bf30bbdfaa4e1f65305b511d3566446a502f038a7715b0a450c5d

Download Submit
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.001\bin\ise_installer\isestart.exe

Filesize
10KB

MD5
1676d37382b090ad8656068fd98ad329

SHA1
1cf389f658ea19de24c65252e7a09015d369b8b3

SHA256
b0b0060fa71c0cc52f7979a1d4cb17959369731ab8e303731fc6127d2facd44b

SHA512
acc523f2e1ab9c3c70de066ca8f6354b78b3fb4f82fecb85ecf1e4431ccd009b178c528e37aafb50a02f9127b9ac8eb34ac8248954c013fc65c83c5724eccc15

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab1670.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar1692.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit
C:\Users\Admin\AppData\Local\Temp\nst4174.tmp\AccessControlW.dll

Filesize
1KB

MD5
5e8079c36e8151aca73e44408a9a86e6

SHA1
18ff1d7e0f78063b0a3b43a59454e0fe9391cfc0

SHA256
28fe1e118b50cbe39d470917baca37a477789d09c0e4f78413986ae5efc75884

SHA512
cdc9df3222909478d19828f16e4a89a18382bb30d3abcb1598c1d0fe672ae61b03fd2f24e9a674ac9575facfaaee49bbb72fe7fb133081e7ee06d1b66d501ac1

Download Submit
C:\Users\Admin\AppData\Local\Temp\nst4174.tmp\InstallHelperPlugin.dll

Filesize
16KB

MD5
304ec0bf2ceb7db1d802a29f649d9ded

SHA1
e416ad10b677df23bb9622dd08a2915fb85cdb10

SHA256
2012f07077c49febf95867e3773ac600e25b4b4ce3a45b70c9e1d11fecdb33d4

SHA512
ef1352edb84465b83b49559eaf35431bbfe124c1390d97fd4805130e866ce6d36e3b698ff4cfb62602cf2316e8c1ff87054aa6b65779647d0be51ece4e012498

Download Submit
C:\Users\Admin\AppData\Local\Temp\nst4174.tmp\SecureDNSPlugin.dll

Filesize
202KB

MD5
60765d8e762f991ef120d76b32942092

SHA1
abdbe7424c54eb91af3214ca29ed1f731f902d22

SHA256
8f5d83056a552b67f10d3e9f3690b34a2be7c3caa99cd41bc0ea045fe280135b

SHA512
0820dfc0d14e32c18dbff6f0f1abf768f562407eb60649cff02b5ff358d01c490c1e502afc8272d54d0b8b02ad66df34bb13b35cc0bdd3227a16b5a49315159f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nst4174.tmp\System.dll

Filesize
5KB

MD5
f6fb00592efb66fd74d839879d8c678d

SHA1
a8a3088ad16169c4fd61ae246d7097304aeca4f5

SHA256
8ef3e6ddfa636a0416b38324983cc7a6236e542fa02c7ae9817b779f29c43429

SHA512
bef0fb720727b7256bbdeb8493118c04e7be9198f466ef1bc1ab2110c919347a7bb484f3f5a65254d3474db9e2a4b07b30bd065289b6f082f3e44acb407aca90

Download Submit
C:\Users\Admin\AppData\Local\Temp\nst4174.tmp\nsisdl.dll

Filesize
2KB

MD5
5dd68eb4b9d9a467b62f72f3fd750fa4

SHA1
86559dbd777dd28b23d98c35cd74949988e4a645

SHA256
da34444abbab8d6f3471d39787a1d5fea51ed37175fefa8034a272dc3ec69f45

SHA512
d6b55eb10e90d4d9f968275612a9d5a82931f4827053d7812cc6c234ee193b4586d8471e761b1beec94f012ddad5d864335ecda2a14e740f16bc99b47b2047fe

Download Submit
C:\Users\Public\Desktop\Comodo Dragon.lnk

Filesize
2KB

MD5
791ca5a60e731879ede1bb0011822c8e

SHA1
49faf4d9e0e8480e46d2d20fe559610e920083cf

SHA256
13a25bf59e67436d289a3d08186bf4dae5e9928970f66bcb83ab958a5c4fa22c

SHA512
4113f0e754df7daf188b09f4446d7c1267e9e7daaf43b71376718f6ae98b1d04dc8d5ad62a081aeeb16bfcc06d58307281244f3753c7482058f9665d00cf9276

Download Submit
C:\Windows\SysWOW64\iseguard32.dll

Filesize
19KB

MD5
aa48fbd6799f90def49580d07acab543

SHA1
e0103173295e813a2c1297dbc279bf46f39e4136

SHA256
1c65068a8b3c03ef9d0490194e1b58554c3ae7d37e51a273c05af46645972b6b

SHA512
368f287977d9813586ead0ad7622a15d768d9451f64acbeb6f2a05fa3be11fdb05cb92886c0419fbb38a18a45ada86664aa301004baf362516625a10d66bf9a8

Download Submit
C:\Windows\System32\drivers\isedrv.sys

Filesize
50KB

MD5
826130ed15a9fd8b7ecb9db6b6077375

SHA1
74412f868b59ddfd67f2c692a9ebd19e6df7e882

SHA256
0b2a94e4baa41542e7be95b0426161d6d4cb5dd230cef0a96862d946ef2337d4

SHA512
b452afd9f7dece5fc5bfdedaedceba25d51ad616e28821ad9d623e6f267c12b8679d261e5b19ec4a846cbc34eb0b207cade1b3976187a2d6415f392134865e51

Download Submit
C:\Windows\System32\iseguard64.dll

Filesize
29KB

MD5
9e0022d6ba13c29e178f6ae2e8f2faf1

SHA1
25558db7493697ff1da5e2c6ef5906af5591cf01

SHA256
b5f9dd65d8e39412f4cdd26ba448db2f914212e9ef9cd075a0d5f3b2fbdb71fa

SHA512
afa0912caa8cce95c5d93ed2521dc3506eea8190de51345d1105f96a48f788f0c300e694c58b2b4354d4029e4e4c78e3ff0caee632e5977b3099ed7c66a605b7

Download Submit
\Program Files (x86)\Comodo\Dragon\chrome_elf.dll

Filesize
146KB

MD5
9995a7f9e1695cfb6e8ea039714af1c5

SHA1
5381b830317805d1e81ed2090be75ebec3bb36b0

SHA256
6bdc0e437439946fe908b65ee7bbcaa13392e38e0ead358b1de03777a9ce2d85

SHA512
08f0983e4c1ae55fabe952a88e60c6a239517506fe90d3443646eabc2da3de194049cfee703c80effcabd31da7576cbda578421e1f8e96c7b15be32d5924824e

Download Submit
\Program Files (x86)\Comodo\Dragon\chrome_elf.dll

Filesize
84KB

MD5
158a22282b1c8547232705d90e00e143

SHA1
48fa48396f32c47c2a33ce304e03166c83c4c038

SHA256
24bfd6708926faf6f0c4542f8ccacec775a004094b64e85af282eb5af813155e

SHA512
e09feb608ab93042ef1c83db22d4b2f96c0fc1ffdaef58900b7b6e6f26166e77e455fe017777b8d0bcc5f075ab9fa4151ee5bbf1001d854e015bee3d35670c22

Download Submit
\Program Files (x86)\Comodo\Dragon\chrome_elf.dll

Filesize
163KB

MD5
ff14b18f51703ce0434c7875eafb50ec

SHA1
50d131b69c45a6fd8524562ea7720b62609c6a03

SHA256
58e09d171d3fe94a21f28f87714fcf3e3791461074b187a5284fc40ceca03e5a

SHA512
89c125e1d64c34116fbb9c46178a028491ec3673ef7599f03f0adc2fab963b35d3585cc814c275d4f8031343d2fcf8ae52ca300b05272ecca6693d74119d9b7f

Download Submit
\Program Files (x86)\Comodo\Dragon\dragon.exe

Filesize
86KB

MD5
4f778590eed76b5824748f1a7cc174bc

SHA1
b4211a2fa4a02b54fba126ffdac2354fbea1a68e

SHA256
98f7ad475ee0a59452e151996be4e86bc625047dff2539a71bcb60278937febb

SHA512
60b9ba263d0dc13e360a8ad25b0cbdb77a8d484f8e41c64f3c28dd78226434c75e57e3425892397a7410116f11cd785ec962d72492d592f47bb4b6a82e3e9d82

Download Submit
\Program Files (x86)\Comodo\Dragon\dragon_s.dll

Filesize
18KB

MD5
83b6204eed4d5319280651f463071a13

SHA1
cb2ff39706d78fd33c3ad81f2d4bb409926f9e53

SHA256
066f9f5027bb48688030ec7c2e17952cfe7292d7326809bec57ca272a8ad1dc8

SHA512
f37aa8f921e469f8b3d6eaae0fcd453bf30813209719f1346f285dcb0f45f90d94db5ffecc833e3025501844e8d38ad1fbb94dca3c0df085628ce43137e4c45a

Download Submit
\ProgramData\Comodo Downloader\cis\download\installs\8050\xml_binaries\dragon\dragonsetup.exe

Filesize
123KB

MD5
8385dfc45fd114d5f7fc265e5038c4fc

SHA1
63c6ede2e31c163d592631de6798bc45520a2db5

SHA256
1c0642549e61a55ea33f527ab4b38e650289e46a4eb26c802f99f784ff4af132

SHA512
e2c351ed436adc0c649a110f9459abc1bc1952bdb86f979f200406423452b9db86d800fc7b943e4e3e9720bf5b3775de387ab68b841ea816c8ccf5ce795d276c

Download Submit
\Users\Admin\AppData\Local\Temp\7ZipSfx.000\7za.dll

Filesize
161KB

MD5
888185b5d1a8438676d8b8977265b3a2

SHA1
70a7a72178bccea389a69aea059e946081a70d89

SHA256
fa1cc202ee6e4bdf0f83c1e5222773cc167e4ff32dcc94d5d882506fdbd30ef6

SHA512
13421c11819b98e8710aecd50228e0dca8a0ad02942f2dc870cf3bb2a4f28a0d8b818393478f2489fc4d497b6396349c3ce662dfbcd15254eeb02fd73cd98a4a

Download Submit
\Users\Admin\AppData\Local\Temp\7ZipSfx.000\7za.dll

Filesize
277KB

MD5
7baac18fb157c76574ca3d7a2f5eb193

SHA1
6460577ce621fa28133096073376f6a88f8acd61

SHA256
347144ae998d96c6b8664abf56f3ff8cfa4dcdfd6e13205d7e8ee2f3b77eefc2

SHA512
513cc213da81db470f8675c29162f4b724bb92a690edd451025eb68588971eebb937f88cc5a659222f2bbbd99440aa56800bf4167bb8912ea87a0b2648b002ea

Download Submit
\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdhtml.dll

Filesize
4.2MB

MD5
6d9aa26bb18af69dc74ae8e822eb53dd

SHA1
6ef20da9b9e70afa742f047f1c6f9d3e58290450

SHA256
cf140523b8834de1c37efa29b02adcdc88babc0f8ee90ba93dd98c260d7036c3

SHA512
3a9e8f15d207e98bb182f8d1838e93dba9750e6cfc79b72aab0706f969866447e50b3ab28bc1768a7cac7e7733cde80085cabcefefae0d287f08374578935c36

Download Submit
\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe

Filesize
2.6MB

MD5
06864b37eec9cb845cad1c6b18922525

SHA1
2532e4f38c0ae5106ca456d210864949997e80af

SHA256
019dabfdcd6f9bb300dda17acd085fa3dbbdbc2c4434b8237d29e92760899049

SHA512
6d1fc31790033e246ab4741d05a7c25b515de42890340e6cb957e31f0ee535d933f4131eea4127145fa6aa3b4f75f1138ec80983ceb2f20ff0c004c54b32830a

Download Submit
\Users\Admin\AppData\Local\Temp\nst4174.tmp\AccessControlW.dll

Filesize
12KB

MD5
e378224790dc97b0b3045a5c5326f203

SHA1
60ab41d4b32b7778481c8f8e1dfc570dccd9098e

SHA256
ed4054fa42caf43da96c6284103c457a0ebfeb58b68a7849d03bc5bae70fedd9

SHA512
e08a18d3da16ffc30d9912a64d5fc8c004644a8ab4d96f2d51b2111de2f046ff7d158c678460fb911a363b873476b2c7b725e4f74fbe3927514f64400856bb78

Download Submit
\Users\Admin\AppData\Local\Temp\nst4174.tmp\InstallHelperPlugin.dll

Filesize
135KB

MD5
095938c9b6535ecd2629563963479145

SHA1
62f9ba9c3c195b456d768a572a59f1b945a13470

SHA256
726247470fe91a21676a50bcc3acd671f6855c10faace9ab1063d123abcca973

SHA512
5137a4b288ba7ff816a5185171383f4509b499864d2ffa7e800335ae80ec1a8471d7437f515ca9420a1b0e145e0ef7635c25339e291c6301ecc04f4a8b351014

Download Submit
\Users\Admin\AppData\Local\Temp\nst4174.tmp\InstallHelperPlugin.dll

Filesize
4KB

MD5
b57c82ef4cc10e4af556c376d715d24d

SHA1
e0cda5b4f916dcf1fdd11c6a910c814a3bab69b2

SHA256
6a2dc6db4a58d5c5cd631ba733c947ce2f138299b9c1a2b3f324c15076caba04

SHA512
c8590f3ee9597c33e7c386da808d1919acbf72e67826896a4fb7e7cbc083efe006b6bb0326fb5a20f433b579f1279b00853418702fd20335568e8a66096efe52

Download Submit
\Users\Admin\AppData\Local\Temp\nst4174.tmp\InstallHelperPlugin.dll

Filesize
291KB

MD5
0701747617b166cb3c915e14d973495f

SHA1
5581b657fc37c56c3d69754c97f9136de022cd76

SHA256
f452abfc2c774fffae64cc946aa03ce25a3aa97612ad08046991812edcef0ce0

SHA512
ade35545531a6104c74561ee920079460c367142057ced1af6747a48709c1f8546959e4babaa866c8bf94bd4c36bcc515434b18ce5dfbdbc262292bda6c53f06

Download Submit
\Users\Admin\AppData\Local\Temp\nst4174.tmp\InstallHelperPlugin.dll

Filesize
158KB

MD5
2ecf49ff52acbf7bc4bf83f7d8252af8

SHA1
50bd6dd789a99e0d8d8a9e4eb3c7957d75877fa6

SHA256
7ac009d4217f7b7a446a3459223cd0bea15aa8787f437881e187f5f245e7924b

SHA512
a522563a85b366132f60067f5b1c4f6e8de99ecc74d867ddbe6f20d56cd3e2010735c815fbbfd011bf10aa5656ea9c1cd9fe7ab8bbac18585380bcce2cbd5bc9

Download Submit
\Users\Admin\AppData\Local\Temp\nst4174.tmp\InstallHelperPlugin.dll

Filesize
276KB

MD5
5813e38d5a4343d6b91903121a287e59

SHA1
bc477277a7273bd408bceb88af1c2bb1bd4b882d

SHA256
7892574b7d039fa0f6dd153f49cd3028a67f983ef10e6365ae0c695a215c649f

SHA512
63281f87209bd97fe13eccde7a8a854f3d4ba65778a27f134f3073144f309dd2dc768714a7508781080c9fbfe9782d1773717bd86edf02af502b4f90aa68bc6d

Download Submit
\Users\Admin\AppData\Local\Temp\nst4174.tmp\InstallHelperPlugin.dll

Filesize
83KB

MD5
3f784cfedfc504a7c232f04563d3a975

SHA1
b52b5fb597cc8a0552d25fbb16ebb1d2bc146e55

SHA256
151947a3caaa56a95d5d8f13e90b3c092cbed2998a53bdf69cb638d86d265117

SHA512
4062879560f8d03030ff79a9b03ef2897b691c176b0b120d3dec544bb827337c3033ab972ffb82b1fd72107733602a64a291ce1a4329be76d8a85d2a2f68e0ae

Download Submit
\Users\Admin\AppData\Local\Temp\nst4174.tmp\InstallHelperPlugin.dll

Filesize
200KB

MD5
84c379378d1dfd782009c0702c9fae6a

SHA1
2ca5d34831306206fb9b80839db3ded0c066c695

SHA256
87ec7b754235d5ce027fae16d5bb3e58e6e62eb6262a12fcad0ea8979b39fbee

SHA512
f065284dca55fe61804d531e71c802f300c3fcdea02baa8f20e40a82eae49b062c79e44db72d8dae8a4102999b7e7ea21dde3045dd59c2c392818051f7352bdc

Download Submit
\Users\Admin\AppData\Local\Temp\nst4174.tmp\InstallHelperPlugin.dll

Filesize
221KB

MD5
2c200209c65d98ab1ea44d1d56cee0d9

SHA1
46b6e7efc83b2685267e9ab75dd60891afd2b68d

SHA256
1242cdd596c9f574211259c61a1beccc7af228363f6e5e221a46a903b7b4989f

SHA512
778a64858013ce5978bc09370b2e1876b5e8e8af5f9d13bccf81bf90534584e884949467ed022357d1dac5e1f3d74ac3607b1eee222bde2a54baba8b533fb046

Download Submit
\Users\Admin\AppData\Local\Temp\nst4174.tmp\InstallHelperPlugin.dll

Filesize
205KB

MD5
c68998e86f7cd464cac49581e1c2276e

SHA1
44468eb6b11c86f8c88db6149104202a49454c7f

SHA256
8bb39c9a93441ea33a3d77aee91d1182c597d2d0882c54d304789bac7f9afded

SHA512
7cb0df294c4dbf22053794281702134987cb644f27aa5d62ca9d269abf0372110d3254516a59a0202c38bf35055c9f4704484b5f49d7bea9b0fc10abedbe863d

Download Submit
\Users\Admin\AppData\Local\Temp\nst4174.tmp\InstallHelperPlugin.dll

Filesize
205KB

MD5
d6b5a5d1a8846b8dba97887331c8c194

SHA1
671a0d64b57ab2c3026138cf94027d69ad176616

SHA256
125eb38d6a4d550ec5aad8c74c2575a1a503e39714b434588e02c32197af80fe

SHA512
5b79ea301e43e6e257f0cd51c30aafa48144bb33c9946c29f5ddeeb1ba129d45da8ab3173edbdd8eb9f25cd85f6f72e313dfecf2079f5ef7a89eda45986e8a70

Download Submit
\Users\Admin\AppData\Local\Temp\nst4174.tmp\InstallHelperPlugin.dll

Filesize
20KB

MD5
72dab05110d9b95822ad7bd8c7518f61

SHA1
4dd6fec2f0cd1bb6f880fd39fd45afcf7f954487

SHA256
7dc3a40625344c55e25311d162ff4c14fbf3557b082d2986d11ee5089e4d190e

SHA512
64e516c21795e5e98bf767c259532692e0f4b9a112894145cc9ea0283ec62d1023e971f9062f878096673625e1cb637c04f7a80832e83085b789f59c0a3bf249

Download Submit
\Users\Admin\AppData\Local\Temp\nst4174.tmp\InstallHelperPlugin.dll

Filesize
1KB

MD5
7f005ee1a405370622c2275fbf4b956a

SHA1
46b011aef07b801c6963674bbce2db098ccbc9ee

SHA256
63a850e07ad1335d32fb5c961f901220a74a681b134d0d2c3e6565ca1b6688d6

SHA512
fede3000f0e6a72c6417f25344887446421f0c0cd349b2fdcd529b5f25457720d0861669cd89b396b49cec287552cacea02d9919701c7f326ef8d9ca1096824e

Download Submit
\Users\Admin\AppData\Local\Temp\nst4174.tmp\InstallHelperPlugin.dll

Filesize
35KB

MD5
97577400860de03956b6f727b68c1a5d

SHA1
45b87fd1b31947dc3be11f44fd8a186e41ffc5b0

SHA256
230cc3d05f749ed4fc1c73019b0b55a11ecd9d07a22a2b3494a683f2b50d690a

SHA512
2329383db10f0c7f5912d983f818619b1977d8f26780965484f0c923cf497d0ba4555357f7fb7e09be7eca8d8f69491b78bf1414c2f663c9325c37886db594e2

Download Submit
\Users\Admin\AppData\Local\Temp\nst4174.tmp\InstallHelperPlugin.dll

Filesize
32KB

MD5
bc8aac636b679a59fccaeb2b061a2381

SHA1
1426d22fc762225b0d7c5f7cf9cb55d662092717

SHA256
105fa1e64255e173659f58e3aa8b81805bf443bf6eee434492f3a561c973f6f7

SHA512
186257eee6ae675e2c893661e8c8a7600a63e347abc39c62761f2671c4077060232d6100c0ae7b2b6aa98c1d8c5d8c06ff6cc9674c1f026b1530db99dbde65ff

Download Submit
\Users\Admin\AppData\Local\Temp\nst4174.tmp\InstallHelperPlugin.dll

Filesize
58KB

MD5
1e20a5e779c6b367e167771e991b61ca

SHA1
0bbc67424cd45cab8ced1410b7b6b7c4b907ada9

SHA256
157727c0cd12382b4b7c2206987fa802ff64fb13fa549a31e5a37e307fdb1aba

SHA512
e1c61379875a301efebc448cbc723f51234bb2b5589ba25d8afe8dd42df323e126d88f42d6f6507043eccc4a1379c23864e830ee9aadbb1729d78283d6b0db50

Download Submit
\Users\Admin\AppData\Local\Temp\nst4174.tmp\InstallHelperPlugin.dll

Filesize
61KB

MD5
7ac425435dfbf9cb43e4d95f5f532d2b

SHA1
6b849ebdafbe5a8149ed71b4a4be25dffdd62bd6

SHA256
165eae8c1a62425159921c342a8d53be5c4dff5d6d2c2908fe89614b77b2b7f6

SHA512
6aa31f2af5b7cd272c2451ff80dbb3142063a9ac1556171707265ac5a80cd4881cdf62ed849eb1109047a94dddf5a88fad7d719e914281c03467d5693d49856e

Download Submit
\Users\Admin\AppData\Local\Temp\nst4174.tmp\InstallHelperPlugin.dll

Filesize
45KB

MD5
0794a4c5ada22c177deabd675abc1b08

SHA1
a845d1ac7659c7f00e3c210423f5dd7204478259

SHA256
cb94886a4ea0ed143509901c9f2d4107376209582cc213aeb6974bf979a28902

SHA512
31469126d5587108cfc2dda927794e50aab09828a7ec142b762280ba92bed77fc8fabd3f98187dc53dcb73f5e9851ec065af7d44fa8f29630a740a4a58de8cc1

Download Submit
\Users\Admin\AppData\Local\Temp\nst4174.tmp\InstallHelperPlugin.dll

Filesize
75KB

MD5
5b0698466514d4a8f4579cf339f511ed

SHA1
fe3bd57fb3b5aa48626f6143155d696022635bb3

SHA256
da2bb99bcc3ed9369392b0323a11716a4486b24ea09eed444299c95ce01167cb

SHA512
5105a66de98b547b4b31dbc14592d8b8f1893eedaf1464fab2c566bca71f1f06de5c2a79dbc85695c41c60bf3437678314e5fe634b211a9f3e292222e2aaed8f

Download Submit
\Users\Admin\AppData\Local\Temp\nst4174.tmp\InstallHelperPlugin.dll

Filesize
102KB

MD5
36880c6b55d8412ad8520bedf257c335

SHA1
7bcef3fd37d3ce2710fba62437860951cfc973be

SHA256
0bc0ed56379b5954f824ccc1e1ea6a35d9224cd3b116c7aa3e88fd7b712cef15

SHA512
54186c4898ec2eb1d8b0aa56da4ba2733081218316aa1f4140e633c670ce715c4798d58043394ba92c105b34b9c0e24ab20a8c7e90cf3a3f36bb6d666e6bbe30

Download Submit
\Users\Admin\AppData\Local\Temp\nst4174.tmp\InstallHelperPlugin.dll

Filesize
158KB

MD5
8acbc3a4f97ee24026502111d33c58cb

SHA1
1a5f278d7e67e72eedc033f17ead15a8aa0af2e4

SHA256
2806e21a35a7949990b072596965ea0af1ef677e8a732f6096447071eea0e4d1

SHA512
c62dfaae2e1f874857749facfe1a68cc4a13e3d01081b2f735d758a9259d14bcabe1d65963bc6fc0ca1b94714564208c71786f01267d31af12330168c003c6c9

Download Submit
\Users\Admin\AppData\Local\Temp\nst4174.tmp\InstallHelperPlugin.dll

Filesize
112KB

MD5
5488cb7e6fef08c63847450f591903ca

SHA1
2578f6985eb7fa5185154e8d663cc00985a6e9da

SHA256
ede1eb8b2047ad181c89453edcaedb2b269fb5145d93323ba7b0ecbbe30e6389

SHA512
b7f7590da7713de3c729ba79a25191de56d78a33d7f9b057d63987d796bcc4ce721db445dc763901ac4b248281bfe8d32715c892cfa5a6e4a3ace66ce9ffccec

Download Submit
\Users\Admin\AppData\Local\Temp\nst4174.tmp\InstallHelperPlugin.dll

Filesize
100KB

MD5
f986e8c4df2bd33f4b2f4f35ab2f60da

SHA1
a301a4fa8c2b7f5050b00e6980cfbcbd80dbbea0

SHA256
c32c5affedf18fcd7733f2981b0288002a43202e1874f832a6b9ac39e67f94c2

SHA512
693f2cbb9f438726161df3a6a18bbc792a323b60adc09b07c65e8aeb540731ffe99ef66f796328f674a6d0619f5757408bdc313ee5b53fa207817b97f4b1bf83

Download Submit
\Users\Admin\AppData\Local\Temp\nst4174.tmp\SecureDNSPlugin.dll

Filesize
195KB

MD5
821571816e070ec7a98d1a2b7519e08f

SHA1
627c763affbe5f3a33459df8379fc65f41957f3f

SHA256
f779ef63d1ec8b908d6dbde5b531cbd2963704136879425f5f50e8a605d184e3

SHA512
b68d02e66853a5a87485f1609ffc3c9a9539d740ba9af9abdb4f0f14f86487e3e88c6ab566fad7825084cf1919cfa1cf655baae709bb8b07f1f26712272a626d

Download Submit
\Users\Admin\AppData\Local\Temp\nst4174.tmp\SecureDNSPlugin.dll

Filesize
1KB

MD5
44eb04256790c814368fe376789c0d0d

SHA1
8b68b9264e558d6e2ebe57b4cdd442998bed3661

SHA256
e3817dd3e87e83e61bccc5b2a96979c53fae09f8cdfe1e3efaf850d1316790c6

SHA512
1d6eeca13b8aca97c321c6c35ae12c37d933def260285a9eac06e6b0704607be04770211c5b924f5f6976a401a935f5c636ee656a5bb7b52eb6bb409b6d739bd

Download Submit
\Users\Admin\AppData\Local\Temp\nst4174.tmp\SecureDNSPlugin.dll

Filesize
205KB

MD5
0b3c0952af9b72c495897b7e45715ecb

SHA1
c47bdf320b88f5245cf00058458adf7844fb08f8

SHA256
8bcf3edb4e2b53078ea1eac6cf5e4d19946d07beaa467f066988ff6398bf4bb1

SHA512
4121edf701f361acea78148a5ab0b6400cbad1dc2653af948c55ae487bef021e002840d04995502c54c27d0f6267b66c19047d7d8223fa9c20f39d1db7c9fb01

Download Submit
\Users\Admin\AppData\Local\Temp\nst4174.tmp\System.dll

Filesize
9KB

MD5
89595a6374029ff7febdcd2f5d16b4ad

SHA1
b0873d0a1a561a8724872ce81ed977969a74bc3b

SHA256
a0219871c369f175ee302a83f6b62133518caa7650e7fb7d551b72b46d22dc70

SHA512
9afbbf95a940b6bd4f016640ef42599eef7d55f08ea243de891b6fd5a9878635f526e21afe3abe5b3dd1a0fd18953ca42b3bcd5c64f6af5366b655594cac7969

Download Submit
\Users\Admin\AppData\Local\Temp\nst4174.tmp\nsJSON.dll

Filesize
7KB

MD5
78b913fcd04259634a5e901c616e6074

SHA1
ad5e1c651851a1125bcad79b01ccdcfa45df4799

SHA256
e3ce60666bb88c2412615ef9f432ec24e219532dee5cc1c7aebc65ed9ec94d59

SHA512
cbe07179dd93011f3d9a8f83541961ff34fb83d96658ac82a433ef0aa3399b183eaec3e6a49ec1c1e478d1eada2d3ebc78ffb1ae0574984ae66a7a9cab5d59e5

Download Submit
\Users\Admin\AppData\Local\Temp\nst4174.tmp\version.dll

Filesize
22KB

MD5
fbe588b15eb1bd86defade69f796b56f

SHA1
2f63cf44039addddb22c2c0497673b49e6b3ad7a

SHA256
31144e8b156fe87317073c48a09abcb033fda8dbdd96986c4abea8c00c00355f

SHA512
e1a9e29e4c62e77a2ec2c539344f0b5a8cd67ca3fd8dfefb0b0666a992eb2fabadb0034d439c4adbbdffd9c9439f23ee5757fac0ed669d3c9db48f50c677143d

Download Submit
memory/952-2205-0x0000000000080000-0x0000000000081000-memory.dmp

Filesize
4KB

Download
memory/2260-1988-0x0000000001E70000-0x0000000001E82000-memory.dmp

Filesize
72KB

Download
memory/2260-2406-0x0000000072870000-0x0000000072879000-memory.dmp

Filesize
36KB

Download
memory/2260-1990-0x0000000001E70000-0x0000000001E82000-memory.dmp

Filesize
72KB

Download
memory/2260-1989-0x0000000001E70000-0x0000000001E82000-memory.dmp

Filesize
72KB

Download
memory/2260-1994-0x0000000072870000-0x000000007287A000-memory.dmp

Filesize
40KB

Download
memory/2260-1993-0x0000000001E70000-0x0000000001E82000-memory.dmp

Filesize
72KB

Download
memory/2260-2299-0x0000000001EB0000-0x0000000001EC2000-memory.dmp

Filesize
72KB

Download
memory/3032-413-0x0000000002200000-0x0000000002201000-memory.dmp

Filesize
4KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads