Analysis Overview
Threat Level: Likely malicious
The file https://extra-ram.soft112.com/ was found to be: Likely malicious.
Malicious Activity Summary
Identifies VirtualBox via ACPI registry values (likely anti-VM)
Downloads MZ/PE file
Registers new Print Monitor
Executes dropped EXE
Obfuscated with Agile.Net obfuscator
Registers COM server for autorun
Checks computer location settings
Loads dropped DLL
Themida packer
Checks BIOS information in registry
Checks installed software on the system
Enumerates connected drives
Blocklisted process makes network request
Adds Run key to start application
Checks whether UAC is enabled
Drops file in System32 directory
Drops file in Program Files directory
Drops file in Windows directory
Enumerates physical storage devices
Suspicious use of WriteProcessMemory
Uses Volume Shadow Copy service COM API
Suspicious use of FindShellTrayWindow
Modifies Internet Explorer settings
Enumerates system info in registry
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious behavior: EnumeratesProcesses
Suspicious use of SendNotifyMessage
Modifies registry class
Modifies data under HKEY_USERS
Creates scheduled task(s)
Checks SCSI registry key(s)
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-03-08 05:23
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-03-08 05:23
Reported
2024-03-08 05:28
Platform
win10v2004-20240226-en
Max time kernel
300s
Max time network
301s
Command Line
Signatures
Identifies VirtualBox via ACPI registry values (likely anti-VM)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\ProgramData\Package Cache\WindowsDriverRestrictionsPackageId11.9.444\WindowsDriverRestrictions.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Program Files\Softland\novaPDF 11\Server\novapdfs.exe | N/A |
Downloads MZ/PE file
Registers new Print Monitor
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Print\Monitors\Microsoft Shared Fax Monitor | C:\Windows\System32\spoolsv.exe | N/A |
| Key created | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Print\Monitors\Appmon | C:\Windows\System32\spoolsv.exe | N/A |
| Key created | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Print\Monitors\Microsoft Shared Fax Monitor | C:\Windows\System32\spoolsv.exe | N/A |
| Key created | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Print\Monitors\WSD Port\Adapters\IPP | C:\Windows\System32\spoolsv.exe | N/A |
| Key created | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Print\Monitors\WSD Port\Adapters\WSPrint | C:\Windows\System32\spoolsv.exe | N/A |
| Key created | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Print\Monitors\novaPDF 11 Port Monitor\Ports | C:\Windows\System32\spoolsv.exe | N/A |
| Key created | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Print\Monitors\WSD Port\Adapters\WSPrint | C:\Windows\System32\spoolsv.exe | N/A |
| Key created | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Print\Monitors\Standard TCP/IP Port\Ports | C:\Windows\System32\spoolsv.exe | N/A |
| Key created | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Print\Monitors\WSD Port | C:\Windows\System32\spoolsv.exe | N/A |
| Key created | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Print\Monitors\novaPDF 11 Port Monitor | C:\Windows\System32\spoolsv.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Print\Monitors\novaPDF 11 Port Monitor\Driver = "novamn11.dll" | C:\Windows\System32\spoolsv.exe | N/A |
| Key created | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Print\Monitors\WSD Port\Adapters\WSPrint\OfflinePorts | C:\Windows\System32\spoolsv.exe | N/A |
| Key created | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Print\Monitors\novaPDF 11 Port Monitor | C:\Windows\System32\spoolsv.exe | N/A |
| Key created | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Print\Monitors\USB Monitor | C:\Windows\System32\spoolsv.exe | N/A |
| Key created | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Print\Monitors\WSD Port\Ports | C:\Windows\System32\spoolsv.exe | N/A |
| Key created | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Print\Monitors\novaPDF 11 Port Monitor\Ports | C:\Windows\System32\spoolsv.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Print\Monitors\novaPDF 11 Port Monitor\Ports\novaPDF11 | C:\Windows\System32\spoolsv.exe | N/A |
| Key created | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Print\Monitors\Local Port | C:\Windows\System32\spoolsv.exe | N/A |
| Key created | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Print\Monitors\Standard TCP/IP Port | C:\Windows\System32\spoolsv.exe | N/A |
| Key created | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Print\Monitors\Appmon\Ports | C:\Windows\System32\spoolsv.exe | N/A |
| Key created | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Print\Monitors\Local Port | C:\Windows\System32\spoolsv.exe | N/A |
| Key created | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Print\Monitors\USB Monitor | C:\Windows\System32\spoolsv.exe | N/A |
| Key created | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Print\Monitors\Appmon\Ports | C:\Windows\System32\spoolsv.exe | N/A |
| Key created | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Print\Monitors\WSD Port\Ports | C:\Windows\System32\spoolsv.exe | N/A |
| Key created | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Print\Monitors\WSD Port\Adapters\WSPrint\OfflinePorts | C:\Windows\System32\spoolsv.exe | N/A |
| Key created | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Print\Monitors\Standard TCP/IP Port | C:\Windows\System32\spoolsv.exe | N/A |
| Key created | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Print\Monitors\Appmon | C:\Windows\System32\spoolsv.exe | N/A |
| Key created | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Print\Monitors\Standard TCP/IP Port\Ports | C:\Windows\System32\spoolsv.exe | N/A |
| Key created | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Print\Monitors\WSD Port | C:\Windows\System32\spoolsv.exe | N/A |
| Key created | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Print\Monitors\WSD Port\Adapters\IPP | C:\Windows\System32\spoolsv.exe | N/A |
Checks BIOS information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Program Files\Softland\novaPDF 11\Server\novapdfs.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\ProgramData\Package Cache\WindowsDriverRestrictionsPackageId11.9.444\WindowsDriverRestrictions.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\ProgramData\Package Cache\WindowsDriverRestrictionsPackageId11.9.444\WindowsDriverRestrictions.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Program Files\Softland\novaPDF 11\Server\novapdfs.exe | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-557049126-2506969350-2798870634-1000\Control Panel\International\Geo\Nation | C:\Windows\Temp\{45DE6611-DFD3-47FB-A6EA-6C8176793ABC}\.cr\novapdf-full.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\novapdf-full.exe | N/A |
| N/A | N/A | C:\Windows\Temp\{45DE6611-DFD3-47FB-A6EA-6C8176793ABC}\.cr\novapdf-full.exe | N/A |
| N/A | N/A | C:\Windows\Temp\{085214DA-9996-49BB-8334-2B0C895C7D3A}\.be\novapdf.exe | N/A |
| N/A | N/A | C:\ProgramData\Package Cache\WindowsDriverRestrictionsPackageId11.9.444\WindowsDriverRestrictions.exe | N/A |
| N/A | N/A | C:\Program Files\Softland\novaPDF 11\Server\novapdfs.exe | N/A |
| N/A | N/A | C:\Program Files\Softland\novaPDF 11\Driver\sqlite3.exe | N/A |
| N/A | N/A | C:\Program Files\Softland\novaPDF 11\Driver\sqlite3.exe | N/A |
| N/A | N/A | C:\Program Files\Softland\novaPDF 11\Driver\sqlite3.exe | N/A |
| N/A | N/A | C:\Program Files\Softland\novaPDF 11\Driver\sqlite3.exe | N/A |
Loads dropped DLL
Obfuscated with Agile.Net obfuscator
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Registers COM server for autorun
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8E39E094-CD29-467C-8182-F1370C5AAEA1}\InprocServer32 | C:\Windows\System32\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8E39E094-CD29-467C-8182-F1370C5AAEA1}\InprocServer32\ = "C:\\Program Files\\Softland\\Office Add-In 11\\NovaPDFOfficeAddIn64.dll" | C:\Windows\System32\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8E39E094-CD29-467C-8182-F1370C5AAEA1}\InprocServer32\ThreadingModel = "Apartment" | C:\Windows\System32\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{48E59DBA-28F9-43D8-B315-82674615CCA4}\InprocServer32 | C:\Windows\System32\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{48E59DBA-28F9-43D8-B315-82674615CCA4}\InprocServer32\ = "C:\\Program Files\\Softland\\novaPDF 11\\SDK\\Lib\\x64\\novapi11.dll" | C:\Windows\System32\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{48E59DBA-28F9-43D8-B315-82674615CCA4}\InprocServer32\ThreadingModel = "Apartment" | C:\Windows\System32\MsiExec.exe | N/A |
Themida packer
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\{a88d9422-a03b-44c9-b31a-c3a1cb041aa1} = "\"C:\\ProgramData\\Package Cache\\{a88d9422-a03b-44c9-b31a-c3a1cb041aa1}\\novapdf.exe\" /burn.runonce" | C:\Windows\Temp\{085214DA-9996-49BB-8334-2B0C895C7D3A}\.be\novapdf.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\novaPDF 11 nPdf_Softland Tray = "C:\\Program Files\\Softland\\novaPDF 11\\Driver\\Tray.exe /oem=nPdf_Softland" | C:\Windows\system32\msiexec.exe | N/A |
Blocklisted process makes network request
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\msiexec.exe | N/A |
| N/A | N/A | C:\Windows\system32\msiexec.exe | N/A |
Checks installed software on the system
Checks whether UAC is enabled
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Windows\Temp\{45DE6611-DFD3-47FB-A6EA-6C8176793ABC}\.cr\novapdf-full.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\ProgramData\Package Cache\WindowsDriverRestrictionsPackageId11.9.444\WindowsDriverRestrictions.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Program Files\Softland\novaPDF 11\Server\novapdfs.exe | N/A |
Enumerates connected drives
| Description | Indicator | Process | Target |
| File opened (read-only) | \??\G: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\H: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\R: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\I: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\J: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\N: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\U: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\W: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Y: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Z: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\A: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\B: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\E: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\K: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\L: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\O: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\P: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Q: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\S: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\T: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\M: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\V: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\X: | C:\Windows\system32\msiexec.exe | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\System32\DriverStore\Temp\{28e9340e-b300-814e-a8a9-47f62340a87c}\i386\SETE41C.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{28e9340e-b300-814e-a8a9-47f62340a87c}\i386\novaem11.exe | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{0dc11e67-3c5d-f646-9a53-6f45281bf67f}\amd64\SETDAA8.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\{0dc11e67-3c5d-f646-9a53-6f45281bf67f}\amd64\SETDAA8.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{0dc11e67-3c5d-f646-9a53-6f45281bf67f}\amd64\SETDAB9.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{28e9340e-b300-814e-a8a9-47f62340a87c}\nova11X86.cat | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\{28e9340e-b300-814e-a8a9-47f62340a87c}\i386\SETE42C.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{28e9340e-b300-814e-a8a9-47f62340a87c}\i386\novasv11.dll | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\CatRoot2\dberr.txt | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\{0dc11e67-3c5d-f646-9a53-6f45281bf67f}\amd64\SETDAD9.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\FileRepository\nova11.inf_amd64_05761108a7bd5263\amd64\novacl11.exe | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\FileRepository\nova11.inf_x86_05761108a7bd5263\i386\novaem11.exe | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{0dc11e67-3c5d-f646-9a53-6f45281bf67f}\nova11.inf | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{0dc11e67-3c5d-f646-9a53-6f45281bf67f}\amd64\SETDA65.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{28e9340e-b300-814e-a8a9-47f62340a87c}\i386\novaem11.dll | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\{28e9340e-b300-814e-a8a9-47f62340a87c}\i386\SETE42F.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{0dc11e67-3c5d-f646-9a53-6f45281bf67f}\amd64\SETDA76.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\FileRepository\nova11.inf_amd64_05761108a7bd5263\nova11X64.cat | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\FileRepository\nova11.inf_amd64_05761108a7bd5263\nova11.inf | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{28e9340e-b300-814e-a8a9-47f62340a87c}\i386\novaim11.dll | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{0dc11e67-3c5d-f646-9a53-6f45281bf67f}\amd64\novasv11.dll | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\{0dc11e67-3c5d-f646-9a53-6f45281bf67f}\SETDAE9.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{0dc11e67-3c5d-f646-9a53-6f45281bf67f}\amd64 | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\FileRepository\nova11.inf_x86_05761108a7bd5263\i386\novaem11.dll | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{0dc11e67-3c5d-f646-9a53-6f45281bf67f}\amd64\SETDA55.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{0dc11e67-3c5d-f646-9a53-6f45281bf67f}\amd64\novacl11.exe | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\{0dc11e67-3c5d-f646-9a53-6f45281bf67f}\amd64\SETDA97.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{0dc11e67-3c5d-f646-9a53-6f45281bf67f}\SETDAE9.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\System32\DriverStore\drvstore.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{28e9340e-b300-814e-a8a9-47f62340a87c}\i386\SETE42D.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{28e9340e-b300-814e-a8a9-47f62340a87c}\i386 | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\{0dc11e67-3c5d-f646-9a53-6f45281bf67f}\amd64\SETDA76.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{0dc11e67-3c5d-f646-9a53-6f45281bf67f} | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\System32\DriverStore\drvstore.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{0dc11e67-3c5d-f646-9a53-6f45281bf67f}\amd64\SETDA87.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{0dc11e67-3c5d-f646-9a53-6f45281bf67f}\amd64\SETDA97.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{28e9340e-b300-814e-a8a9-47f62340a87c}\i386\novaemex11.dll | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\FileRepository\nova11.inf_x86_05761108a7bd5263\i386\novaui11.dll | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{0dc11e67-3c5d-f646-9a53-6f45281bf67f}\amd64\novapr11.dll | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{0dc11e67-3c5d-f646-9a53-6f45281bf67f}\nova11X64.cat | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\{28e9340e-b300-814e-a8a9-47f62340a87c}\i386\SETE42D.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\FileRepository\nova11.inf_x86_05761108a7bd5263\i386\novapr11.dll | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\FileRepository\nova11.inf_amd64_05761108a7bd5263\amd64\novaem11.dll | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\{28e9340e-b300-814e-a8a9-47f62340a87c}\i386\SETE41B.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\FileRepository\nova11.inf_x86_05761108a7bd5263\i386\novaemex11.dll | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\{28e9340e-b300-814e-a8a9-47f62340a87c}\SETE419.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\FileRepository\nova11.inf_x86_05761108a7bd5263\nova11.inf | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\{0dc11e67-3c5d-f646-9a53-6f45281bf67f}\amd64\SETDA87.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{0dc11e67-3c5d-f646-9a53-6f45281bf67f}\amd64\novaui11.dll | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{0dc11e67-3c5d-f646-9a53-6f45281bf67f}\amd64\novaemex11.dll | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{0dc11e67-3c5d-f646-9a53-6f45281bf67f}\SETDAFA.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{0dc11e67-3c5d-f646-9a53-6f45281bf67f}\amd64\SETDA44.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\{0dc11e67-3c5d-f646-9a53-6f45281bf67f}\amd64\SETDAB9.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{28e9340e-b300-814e-a8a9-47f62340a87c}\i386\SETE41A.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\FileRepository\nova11.inf_x86_05761108a7bd5263\i386\novasv11.dll | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{28e9340e-b300-814e-a8a9-47f62340a87c}\i386\SETE42E.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\FileRepository\nova11.inf_amd64_05761108a7bd5263\amd64\novaemex11.dll | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{28e9340e-b300-814e-a8a9-47f62340a87c}\i386\novaemex11.exe | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\CatRoot2\dberr.txt | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{28e9340e-b300-814e-a8a9-47f62340a87c}\i386\SETE42C.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\FileRepository\nova11.inf_x86_05761108a7bd5263\i386\novaemex11.exe | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{0dc11e67-3c5d-f646-9a53-6f45281bf67f}\amd64\novaem11.dll | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\{0dc11e67-3c5d-f646-9a53-6f45281bf67f}\amd64\SETDA65.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\FileRepository\nova11.inf_amd64_05761108a7bd5263\amd64\novaem11.exe | C:\Windows\system32\DrvInst.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files\Softland\novaPDF 11\Driver\da\WAFramework.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Softland\Office Add-In 11\NovaPDFUtils.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Softland\novaPDF 11\Tools\es\DeactivationClientLibrary.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Softland\novaPDF 11\Tools\ko\NovaPDFUtils.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Softland\novaPDF 11\Tools\id\WAFramework.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Softland\novaPDF 11\Driver\PrinterManager.exe | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Softland\novaPDF 11\Driver\it\Monitor.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Softland\novaPDF 11\Driver\ko\Monitor.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Softland\novaPDF 11\Tools\zh-CN\DeactivationClientLibrary.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Softland\novaPDF 11\Tools\fi\NovaPDFComponent.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Softland\novaPDF 11\Driver\my\CustomControls.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Softland\novaPDF 11\Driver\ko\DeactivationClientLibrary.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Softland\novaPDF 11\Driver\Hardcodet.Wpf.TaskbarNotification.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Softland\novaPDF 11\Driver\ru\Monitor.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Softland\Office Add-In 11\en\NovaPDFUtils.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Softland\Office Add-In 11\NovaPDFOfficeAddIn86.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Softland\novaPDF 11\Tools\ro\CustomControls.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Softland\novaPDF 11\Driver\bg\ActivationClientLibrary.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Softland\novaPDF 11\Driver\Kit\data\novaLarge.bmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Softland\novaPDF 11\Driver\Announcements.exe | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Softland\novaPDF 11\Driver\pt-BR\Monitor.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Softland\novaPDF 11\Driver\my\PrinterManager.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Softland\novaPDF 11\Driver\bg\CustomControls.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Softland\novaPDF 11\Driver\el\CustomControls.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Softland\novaPDF 11\Driver\tr\PrinterManager.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Softland\novaPDF 11\Driver\bg\Startup.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Softland\novaPDF 11\Tools\SharedResourceDictionary.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Softland\novaPDF 11\Tools\pt-BR\WAFramework.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Softland\novaPDF 11\Driver\Monitor.exe.config | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Softland\novaPDF 11\Driver\ms\Monitor.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Softland\Office Add-In 11\ServiceClient.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Softland\novaPDF 11\Tools\es\ActivationClientLibrary.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Softland\novaPDF 11\Tools\zh-CN\ProfileManager.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Softland\novaPDF 11\Driver\it\DeactivationClientLibrary.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Softland\novaPDF 11\Driver\ko\Tray.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Softland\novaPDF 11\Driver\tr\WAFramework.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Softland\novaPDF 11\Tools\Google.Apis.PlatformServices.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Softland\novaPDF 11\Tools\Microsoft.WindowsAPICodePack.Shell.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Softland\novaPDF 11\Tools\pt-BR\LayoutEditor.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Softland\novaPDF 11\Driver\Kit\amd64\novapr11.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Softland\novaPDF 11\Driver\Kit\i386\novaem11.exe | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Softland\novaPDF 11\Driver\ne\PrinterManager.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Softland\novaPDF 11\Tools\OAuthGmail.exe | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Softland\novaPDF 11\Tools\da\NovaPDFComponent.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Softland\novaPDF 11\Tools\fi\NovaPDFUtils.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Softland\novaPDF 11\Tools\CryptUtil.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Softland\novaPDF 11\Driver\ko\CustomControls.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Softland\novaPDF 11\Driver\Kit\amd64\novasv11.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Softland\novaPDF 11\Driver\Kit\i386\novaemex11.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Softland\novaPDF 11\Driver\tr\StartupDo.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Softland\novaPDF 11\Driver\el\UpdateApplication.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Softland\Office Add-In 11\ServiceClient.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Softland\novaPDF 11\Tools\de\DeactivationClientLibrary.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Softland\novaPDF 11\Tools\Telemetry.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Softland\novaPDF 11\Tools\es\LayoutEditor.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Softland\novaPDF 11\Tools\ms\NovaPDFUtils.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Softland\novaPDF 11\Driver\zh-CN\DeactivationClientLibrary.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Softland\novaPDF 11\Driver\id\Tray.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Softland\novaPDF 11\Tools\my\ActivationClientLibrary.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Softland\novaPDF 11\Tools\fi\CustomControls.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Softland\novaPDF 11\Tools\Microsoft.Windows.Shell.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Softland\novaPDF 11\Tools\NovaPDFComponent.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Softland\novaPDF 11\Tools\fi\WAFramework.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Softland\novaPDF 11\Driver\ne\Tray.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\Installer\SourceHash{3742ACB4-D095-4247-9A19-D1682A510ED2} | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSID816.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\e5a52c3.msi | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\e5a52b9.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI967F.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIAB8E.tmp-\CustomAction.config | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIEC8B.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIA755.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIB1D5.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIE9A4.tmp-\CustomAction.config | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIE9A4.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIF61A.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\e5a52a5.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\ | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\SourceHash{24C3CAC4-4442-429B-A90C-A09AF48291DE} | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI815E.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\{526D78AB-571E-4FCF-B06E-31AA9C98C44F}\DoIcon.A8C9E50A_07B8_40BC_96C6_A0EC04F649A6.ico | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\e5a52be.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIC6F6.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIF61A.tmp-\ScheduledTasks.dll | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File created | C:\Windows\Installer\e5a52b8.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIC8CE.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\{526D78AB-571E-4FCF-B06E-31AA9C98C44F}\NovaIcon.A8C9E50A_07B8_40BC_96C6_A0EC04F649A6.ico | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIAB8E.tmp-\ScheduledTasks.dll | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Windows\INF\setupapi.dev.log | C:\Windows\system32\rundll32.exe | N/A |
| File opened for modification | C:\Windows\INF\setupapi.dev.log | C:\Windows\system32\rundll32.exe | N/A |
| File created | C:\Windows\Installer\{526D78AB-571E-4FCF-B06E-31AA9C98C44F}\DoIcon.A8C9E50A_07B8_40BC_96C6_A0EC04F649A6.ico | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIF61A.tmp-\Microsoft.Deployment.WindowsInstaller.dll | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File created | C:\Windows\Installer\e5a52aa.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIAB8E.tmp-\Microsoft.Deployment.WindowsInstaller.dll | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI4F01.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIECF0.tmp-\ScheduledTasks.dll | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File created | C:\Windows\inf\oem3.inf | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSID0EB.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIECF0.tmp-\CustomAction.config | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIF137.tmp-\ScheduledTasks.dll | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIF7A2.tmp-\CustomAction.config | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File created | C:\Windows\Installer\e5a52bd.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSICA1A.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIF137.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI71AC.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIC8EE.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI59DA.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI6361.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI6DF2.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\SourceHash{0381A4C3-3B90-436E-8E69-15E4CDBDEC2D} | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIF61A.tmp-\CustomAction.config | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File created | C:\Windows\Installer\SourceHash{7CC4C9C8-2CD5-4EDF-94B8-7AFF868585C9} | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\e5a52be.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI967F.tmp-\ScheduledTasks.dll | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Windows\INF\setupapi.dev.log | C:\Windows\system32\svchost.exe | N/A |
| File opened for modification | C:\Windows\Installer\e5a52a5.msi | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\e5a52ae.msi | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\e5a52c7.msi | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\e5a52b3.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIE9A4.tmp-\ScheduledTasks.dll | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI8660.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIC91E.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSICA3A.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\SourceHash{673C8085-8235-42C6-B259-C2E1CF791C46} | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\inf\oem4.inf | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIF7A2.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\e5a52a9.msi | C:\Windows\system32\msiexec.exe | N/A |
Enumerates physical storage devices
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{3b2ce006-5e61-4fde-bab8-9b8aac9b26df}\0002 | C:\Windows\System32\spoolsv.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002 | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009 | C:\Windows\system32\svchost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\ConfigFlags | C:\Windows\system32\svchost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\CompatibleIDs | C:\Windows\system32\DrvInst.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 | C:\Windows\System32\spoolsv.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters | C:\Windows\system32\vssvc.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr\PartitionTableCache = 0000000004000000db5049eb9f24a4820000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000c01200000000ffffffff000000002701010000080000db5049eb0000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d01200000000000020ed3a000000ffffffff000000000700010000680900db5049eb000000000000d012000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f0ff3a0000000000000005000000ffffffff000000000700010000f87f1ddb5049eb000000000000f0ff3a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff000000000000000000000000db5049eb00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 | C:\Windows\system32\vssvc.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\CompatibleIDs | C:\Windows\system32\DrvInst.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{3b2ce006-5e61-4fde-bab8-9b8aac9b26df}\0002 | C:\Windows\System32\spoolsv.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{f01fac5d-e5f6-485f-a8c6-27446425998c}\0002 | C:\Windows\System32\spoolsv.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001 | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009 | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002 | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Phantom | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Phantom | C:\Windows\system32\DrvInst.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001 | C:\Windows\System32\spoolsv.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{3b2ce006-5e61-4fde-bab8-9b8aac9b26df}\0002 | C:\Windows\System32\spoolsv.exe | N/A |
| Key created | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr | C:\Windows\system32\vssvc.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID | C:\Windows\system32\DrvInst.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000 | C:\Windows\system32\DrvInst.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002 | C:\Windows\System32\spoolsv.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\CompatibleIDs | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\CompatibleIDs | C:\Windows\system32\DrvInst.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{3b2ce006-5e61-4fde-bab8-9b8aac9b26df}\0002 | C:\Windows\System32\spoolsv.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 | C:\Windows\System32\spoolsv.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID | C:\Windows\System32\spoolsv.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009 | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000 | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001 | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID | C:\Windows\System32\spoolsv.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_DADY&PROD_DADY_DVD-ROM\4&215468A5&0&010000 | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\HardwareID | C:\Windows\System32\spoolsv.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID | C:\Windows\System32\spoolsv.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009 | C:\Windows\system32\svchost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID | C:\Windows\system32\DrvInst.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002 | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Phantom | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\CompatibleIDs | C:\Windows\system32\DrvInst.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{f01fac5d-e5f6-485f-a8c6-27446425998c}\0002 | C:\Windows\System32\spoolsv.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags | C:\Windows\system32\svchost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\CompatibleIDs | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\HardwareID | C:\Windows\system32\DrvInst.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001 | C:\Windows\System32\spoolsv.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID | C:\Windows\System32\spoolsv.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000 | C:\Windows\System32\spoolsv.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{3b2ce006-5e61-4fde-bab8-9b8aac9b26df}\0002 | C:\Windows\System32\spoolsv.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_DADY&PROD_DADY_DVD-ROM\4&215468A5&0&010000 | C:\Windows\system32\svchost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\HardwareID | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\CompatibleIDs | C:\Windows\system32\DrvInst.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001 | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID | C:\Windows\System32\spoolsv.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID | C:\Windows\system32\DrvInst.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000 | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID | C:\Windows\System32\spoolsv.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\HardwareID | C:\Windows\System32\spoolsv.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{f01fac5d-e5f6-485f-a8c6-27446425998c}\0002 | C:\Windows\System32\spoolsv.exe | N/A |
Creates scheduled task(s)
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\DoSave.exe = "99999" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{98559284-163F-4F03-9698-04024FB46109}\AppName = "novacl11.exe" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{98559284-163F-4F03-9698-04024FB46109}\AppPath = "C:\\Windows\\System32\\spool\\drivers\\x64\\3" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\StartupDo.exe = "99999" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\PrinterManager.exe = "99999" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\ActivationClient.exe = "99999" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\Startup.exe = "99999" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\Monitor.exe = "99999" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{98559284-163F-4F03-9698-04024FB46109} | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{98559284-163F-4F03-9698-04024FB46109}\Policy = "3" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\UpdateApplication.exe = "99999" | C:\Windows\system32\msiexec.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\Publisher\Addins\NovaPDFOfficeAddIn11.NovaPDFOfficeAddIn11\Description = "novaPDF Office AddIn 11" | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs | C:\Program Files\Softland\novaPDF 11\Server\novapdfs.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot | C:\Windows\system32\rundll32.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs | C:\Windows\system32\rundll32.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing | C:\Windows\system32\DrvInst.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Devices\Fax = "winspool,Ne02:" | C:\Windows\System32\spoolsv.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-20\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PrinterPorts\Microsoft XPS Document Writer = "winspool,Ne00:,15,45" | C:\Windows\System32\spoolsv.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Devices\Microsoft Print to PDF = "winspool,Ne01:" | C:\Windows\System32\spoolsv.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates | C:\Windows\system32\rundll32.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates | C:\Windows\system32\rundll32.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27\52C64B7E\@%SystemRoot%\system32\WindowsPowerShell\v1.0\powershell.exe,-124 = "Document Encryption" | C:\Windows\system32\rundll32.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows NT\CurrentVersion\Devices | C:\Windows\System32\spoolsv.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows NT\CurrentVersion\Devices | C:\Windows\System32\spoolsv.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\Excel\Addins\NovaPDFOfficeAddIn11.NovaPDFOfficeAddIn11\CommandLineSafe = "0" | C:\Windows\System32\MsiExec.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\22\52C64B7E | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Visio\Addins\NovaPDFOfficeAddIn11.NovaPDFOfficeAddIn11\LoadBehavior = "3" | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs | C:\Program Files\Softland\novaPDF 11\Server\novapdfs.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs | C:\Windows\system32\rundll32.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\Publisher\Addins\NovaPDFOfficeAddIn11.NovaPDFOfficeAddIn11\CommandLineSafe = "0" | C:\Windows\syswow64\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27\52C64B7E\@%SystemRoot%\System32\ci.dll,-101 = "Enclave" | C:\Windows\system32\rundll32.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\Word\Addins\NovaPDFOfficeAddIn11.NovaPDFOfficeAddIn11 | C:\Windows\System32\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\PowerPoint\Addins\NovaPDFOfficeAddIn11.NovaPDFOfficeAddIn11\FriendlyName = "novaPDF Office AddIn 11" | C:\Windows\System32\MsiExec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-20\Software\Microsoft\Windows NT\CurrentVersion\Devices | C:\Windows\System32\spoolsv.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople | C:\Program Files\Softland\novaPDF 11\Server\novapdfs.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-20\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PrinterPorts\Send To OneNote 2016 = "winspool,nul:,15,45" | C:\Windows\System32\spoolsv.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-20\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Devices\Microsoft XPS Document Writer = "winspool,Ne00:" | C:\Windows\System32\spoolsv.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs | C:\Program Files\Softland\novaPDF 11\Server\novapdfs.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates | C:\Program Files\Softland\novaPDF 11\Server\novapdfs.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\PowerPoint\Addins\NovaPDFOfficeAddIn11.NovaPDFOfficeAddIn11\LoadBehavior = "3" | C:\Windows\System32\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Visio\Addins\NovaPDFOfficeAddIn11.NovaPDFOfficeAddIn11\Description = "novaPDF Office AddIn 11" | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates | C:\Windows\system32\rundll32.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust | C:\Windows\system32\rundll32.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed | C:\Windows\system32\DrvInst.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-20\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Devices\Send To OneNote 2016 = "winspool,nul:" | C:\Windows\System32\spoolsv.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates | C:\Windows\system32\rundll32.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs | C:\Windows\system32\rundll32.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root | C:\Windows\system32\rundll32.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs | C:\Windows\system32\rundll32.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs | C:\Program Files\Softland\novaPDF 11\Server\novapdfs.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows NT\CurrentVersion\PrinterPorts | C:\Windows\System32\spoolsv.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27\52C64B7E\@%SystemRoot%\System32\fveui.dll,-844 = "BitLocker Data Recovery Agent" | C:\Windows\system32\rundll32.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust | C:\Program Files\Softland\novaPDF 11\Server\novapdfs.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed | C:\Windows\system32\rundll32.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs | C:\Windows\system32\rundll32.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates | C:\Program Files\Softland\novaPDF 11\Server\novapdfs.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-20\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Devices\Fax = "winspool,Ne02:" | C:\Windows\System32\spoolsv.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Softland\novaPDF 11 | C:\Windows\system32\PrintIsolationHost.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Printers\ConvertUserDevModesCount\novaPDF 11 = "1" | C:\Windows\System32\spoolsv.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22 | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\Publisher\Addins\NovaPDFOfficeAddIn11.NovaPDFOfficeAddIn11\FriendlyName = "novaPDF Office AddIn 11" | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA | C:\Program Files\Softland\novaPDF 11\Server\novapdfs.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5808C37653286C242B952C1EFC97C164\AuthorizedLUAApp = "0" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{48E59DBA-28F9-43D8-B315-82674615CCA4}\InprocServer32 | C:\Windows\syswow64\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{3FBEF950-5D60-45C0-BB82-F1BB156A6E70}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Windows\System32\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{8E39E094-CD29-467C-8182-F1370C5AAEA1}\InprocServer32 | C:\Windows\syswow64\MsiExec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\4BCA2473590D7424A9911D86A215E02D\InstanceType = "0" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5808C37653286C242B952C1EFC97C164 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{48E59DBA-28F9-43D8-B315-82674615CCA4}\TypeLib | C:\Windows\syswow64\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{48E59DBA-28F9-43D8-B315-82674615CCA4}\ProgID\ = "novapi11.NovaPdfOptions11.1" | C:\Windows\System32\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\3EA8DF2B910443B4494BFB0CD1349DD8\3C4A183009B3E634E896514EDCDBCED2 | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\BA87D625E175FCF40BE613AAC9894CF4\PackageCode = "D2F85EF39BAA02042A5D7A06E0BAADF7" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\NovaPDFOfficeAddIn11.NovaPDFOfficeAddIn11\CurVer | C:\Windows\System32\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{50F12C19-072E-45A7-B3A5-06F2F595FF74}\1.0\0\win64\ = "C:\\Program Files\\Softland\\Office Add-In 11\\NovaPDFOfficeAddIn64.dll" | C:\Windows\System32\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{000C0395-0000-0000-C000-000000000046}\TypeLib\Version = "1.0" | C:\Windows\System32\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\{673C8085-8235-42C6-B259-C2E1CF791C46}\Dependents\{a88d9422-a03b-44c9-b31a-c3a1cb041aa1} | C:\Windows\Temp\{085214DA-9996-49BB-8334-2B0C895C7D3A}\.be\novapdf.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\novapi11.NovaPdfOptions11\CurVer | C:\Windows\syswow64\MsiExec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\4CAC3C422444B9249AC00AA94F2819ED\AuthorizedLUAApp = "0" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{48E59DBA-28F9-43D8-B315-82674615CCA4}\ProgID | C:\Windows\System32\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\3C4A183009B3E634E896514EDCDBCED2\SourceList\Media\1 = ";" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\NovaPDFOfficeAddIn11.NovaPDFOfficeAddIn11.1\CLSID\ = "{8E39E094-CD29-467C-8182-F1370C5AAEA1}" | C:\Windows\System32\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{50F12C19-072E-45A7-B3A5-06F2F595FF74}\1.0\HELPDIR | C:\Windows\System32\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\8C9C4CC75DC2FDE4498BA7FF6858589C\SourceList\Media | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\3C4A183009B3E634E896514EDCDBCED2\SourceList\LastUsedSource = "n;1;C:\\ProgramData\\Package Cache\\DriverPackageIdx64.11.9.444\\" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5808C37653286C242B952C1EFC97C164\Language = "1033" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\EE00795294ECB204C8B078769A9CE2C4\Language = "1033" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\4CAC3C422444B9249AC00AA94F2819ED\DeploymentFlags = "3" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\4CAC3C422444B9249AC00AA94F2819ED\SourceList\Media\1 = ";" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\novapi11.NovaPdfOptions11\ = "NovaPdfOptions11 Class" | C:\Windows\System32\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\BA87D625E175FCF40BE613AAC9894CF4\ProductName = "novaPDF 11" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\EE00795294ECB204C8B078769A9CE2C4\SourceList\Net\1 = "C:\\ProgramData\\Package Cache\\NovaPDFToolsId11.9.444\\" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\novapi11.NovaPdfOptions11\CLSID\ = "{48E59DBA-28F9-43D8-B315-82674615CCA4}" | C:\Windows\syswow64\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\EE00795294ECB204C8B078769A9CE2C4\SourceList\LastUsedSource = "n;1;C:\\ProgramData\\Package Cache\\NovaPDFToolsId11.9.444\\" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\BA87D625E175FCF40BE613AAC9894CF4\SourceList\Media\1 = ";" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\4BCA2473590D7424A9911D86A215E02D\SourceList\LastUsedSource = "n;1;C:\\ProgramData\\Package Cache\\OfficeAddInPackageId6411.9.444\\" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5808C37653286C242B952C1EFC97C164\SourceList\Net\1 = "C:\\ProgramData\\Package Cache\\OfficeAddInPackageId8611.9.444\\" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{47B6DF9F-2D67-4D01-A5B0-A74A4B5B4807} | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Installer\Dependencies\{0381A4C3-3B90-436E-8E69-15E4CDBDEC2D} | C:\Windows\Temp\{085214DA-9996-49BB-8334-2B0C895C7D3A}\.be\novapdf.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\4BCA2473590D7424A9911D86A215E02D\AuthorizedLUAApp = "0" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5808C37653286C242B952C1EFC97C164\SourceList\Media\1 = "Disk1;" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Installer\Dependencies\{259700EE-CE49-402B-8C0B-8767A9C92E4C} | C:\Windows\Temp\{085214DA-9996-49BB-8334-2B0C895C7D3A}\.be\novapdf.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{48E59DBA-28F9-43D8-B315-82674615CCA4}\ProgID | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\4CAC3C422444B9249AC00AA94F2819ED | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Installer\Dependencies\{526D78AB-571E-4FCF-B06E-31AA9C98C44F} | C:\Windows\Temp\{085214DA-9996-49BB-8334-2B0C895C7D3A}\.be\novapdf.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\NovaPDFOfficeAddIn11.NovaPDFOfficeAddIn11\CLSID\ = "{8E39E094-CD29-467C-8182-F1370C5AAEA1}" | C:\Windows\System32\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3FBEF950-5D60-45C0-BB82-F1BB156A6E70}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Windows\System32\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5808C37653286C242B952C1EFC97C164\SourceList\PackageName = "novaOfficeAddIn(x86).msi" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\novapi11.NovaPdfOptions11 | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{B19F8E54-9F5B-48A1-A07B-D1AD7AF94C1D}\b.0\0\win32 | C:\Windows\syswow64\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\3C4A183009B3E634E896514EDCDBCED2\PackageCode = "315F6A126046F804BABB20DC8674ED75" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\{0381A4C3-3B90-436E-8E69-15E4CDBDEC2D}\Dependents | C:\Windows\Temp\{085214DA-9996-49BB-8334-2B0C895C7D3A}\.be\novapdf.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\{a88d9422-a03b-44c9-b31a-c3a1cb041aa1}\Dependents\{a88d9422-a03b-44c9-b31a-c3a1cb041aa1} | C:\Windows\Temp\{085214DA-9996-49BB-8334-2B0C895C7D3A}\.be\novapdf.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\NovaPDFOfficeAddIn11.NovaPDFOfficeAddIn11\CLSID\ = "{8E39E094-CD29-467C-8182-F1370C5AAEA1}" | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\3C4A183009B3E634E896514EDCDBCED2\SourceList\Media | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\4BCA2473590D7424A9911D86A215E02D | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\EE00795294ECB204C8B078769A9CE2C4\SourceList\PackageName = "novaPDF11Tools.msi" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{000C0395-0000-0000-C000-000000000046}\TypeLib\ = "{50F12C19-072E-45A7-B3A5-06F2F595FF74}" | C:\Windows\System32\MsiExec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\BA87D625E175FCF40BE613AAC9894CF4\Version = "185139644" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{47B6DF9F-2D67-4D01-A5B0-A74A4B5B4807}\TypeLib\ = "{B19F8E54-9F5B-48A1-A07B-D1AD7AF94C1D}" | C:\Windows\syswow64\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\3C4A183009B3E634E896514EDCDBCED2\ProgramFilesFeature = "Complete" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\BA87D625E175FCF40BE613AAC9894CF4\SourceList | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{8E39E094-CD29-467C-8182-F1370C5AAEA1}\VersionIndependentProgID | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{47B6DF9F-2D67-4D01-A5B0-A74A4B5B4807}\ProxyStubClsid32 | C:\Windows\syswow64\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\novapi11.NovaPdfOptions11\ = "NovaPdfOptions11 Class" | C:\Windows\syswow64\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{48E59DBA-28F9-43D8-B315-82674615CCA4}\TypeLib\ = "{B19F8E54-9F5B-48A1-A07B-D1AD7AF94C1D}" | C:\Windows\syswow64\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{B19F8E54-9F5B-48A1-A07B-D1AD7AF94C1D}\b.0\HELPDIR\ = "C:\\Program Files (x86)\\Softland\\novaPDF 11\\SDK\\Lib\\i386" | C:\Windows\syswow64\MsiExec.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Windows\system32\msiexec.exe | N/A |
| N/A | N/A | C:\Windows\system32\msiexec.exe | N/A |
| N/A | N/A | C:\Windows\system32\msiexec.exe | N/A |
| N/A | N/A | C:\Windows\system32\msiexec.exe | N/A |
| N/A | N/A | C:\Windows\system32\msiexec.exe | N/A |
| N/A | N/A | C:\Windows\system32\msiexec.exe | N/A |
| N/A | N/A | C:\Windows\system32\msiexec.exe | N/A |
| N/A | N/A | C:\Windows\system32\msiexec.exe | N/A |
| N/A | N/A | C:\Windows\system32\msiexec.exe | N/A |
| N/A | N/A | C:\Windows\system32\msiexec.exe | N/A |
| N/A | N/A | C:\Windows\system32\msiexec.exe | N/A |
| N/A | N/A | C:\Windows\system32\msiexec.exe | N/A |
| N/A | N/A | C:\Windows\system32\msiexec.exe | N/A |
| N/A | N/A | C:\Windows\system32\msiexec.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Uses Volume Shadow Copy service COM API
Processes
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://extra-ram.soft112.com/
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb2cdb9758,0x7ffb2cdb9768,0x7ffb2cdb9778
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1664 --field-trial-handle=1976,i,6716031494705806081,16133089282622323152,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1852 --field-trial-handle=1976,i,6716031494705806081,16133089282622323152,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2220 --field-trial-handle=1976,i,6716031494705806081,16133089282622323152,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2972 --field-trial-handle=1976,i,6716031494705806081,16133089282622323152,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2988 --field-trial-handle=1976,i,6716031494705806081,16133089282622323152,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4944 --field-trial-handle=1976,i,6716031494705806081,16133089282622323152,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5260 --field-trial-handle=1976,i,6716031494705806081,16133089282622323152,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5452 --field-trial-handle=1976,i,6716031494705806081,16133089282622323152,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3972 --field-trial-handle=1976,i,6716031494705806081,16133089282622323152,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5304 --field-trial-handle=1976,i,6716031494705806081,16133089282622323152,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5740 --field-trial-handle=1976,i,6716031494705806081,16133089282622323152,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=6024 --field-trial-handle=1976,i,6716031494705806081,16133089282622323152,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=6012 --field-trial-handle=1976,i,6716031494705806081,16133089282622323152,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4720 --field-trial-handle=1976,i,6716031494705806081,16133089282622323152,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=3988 --field-trial-handle=1976,i,6716031494705806081,16133089282622323152,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=5528 --field-trial-handle=1976,i,6716031494705806081,16133089282622323152,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=824 --field-trial-handle=1976,i,6716031494705806081,16133089282622323152,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=4860 --field-trial-handle=1976,i,6716031494705806081,16133089282622323152,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=4984 --field-trial-handle=1976,i,6716031494705806081,16133089282622323152,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5404 --field-trial-handle=1976,i,6716031494705806081,16133089282622323152,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5096 --field-trial-handle=1976,i,6716031494705806081,16133089282622323152,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5548 --field-trial-handle=1976,i,6716031494705806081,16133089282622323152,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5436 --field-trial-handle=1976,i,6716031494705806081,16133089282622323152,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5540 --field-trial-handle=1976,i,6716031494705806081,16133089282622323152,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3036 --field-trial-handle=1976,i,6716031494705806081,16133089282622323152,131072 /prefetch:8
C:\Users\Admin\Downloads\novapdf-full.exe
"C:\Users\Admin\Downloads\novapdf-full.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3060 --field-trial-handle=1976,i,6716031494705806081,16133089282622323152,131072 /prefetch:8
C:\Windows\Temp\{45DE6611-DFD3-47FB-A6EA-6C8176793ABC}\.cr\novapdf-full.exe
"C:\Windows\Temp\{45DE6611-DFD3-47FB-A6EA-6C8176793ABC}\.cr\novapdf-full.exe" -burn.clean.room="C:\Users\Admin\Downloads\novapdf-full.exe" -burn.filehandle.attached=568 -burn.filehandle.self=576
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5004 --field-trial-handle=1976,i,6716031494705806081,16133089282622323152,131072 /prefetch:2
C:\Windows\Temp\{085214DA-9996-49BB-8334-2B0C895C7D3A}\.be\novapdf.exe
"C:\Windows\Temp\{085214DA-9996-49BB-8334-2B0C895C7D3A}\.be\novapdf.exe" -q -burn.elevated BurnPipe.{EB245193-3419-4C28-ADE2-6CA510B3831D} {7132F718-1A28-41E8-BC7B-8957A11EB7AA} 912
C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
C:\Windows\system32\srtasks.exe
C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2
C:\ProgramData\Package Cache\WindowsDriverRestrictionsPackageId11.9.444\WindowsDriverRestrictions.exe
"C:\ProgramData\Package Cache\WindowsDriverRestrictionsPackageId11.9.444\WindowsDriverRestrictions.exe" /UILevel=4 /lv=C:\Users\Admin\AppData\Local\Temp\novaPDF_11_20240308052557_000_WindowsDriverRestrictions.log
C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
C:\Windows\System32\MsiExec.exe
C:\Windows\System32\MsiExec.exe -Embedding 337B46B5A167737A94CEC443C3A6FB9C
C:\Windows\System32\MsiExec.exe
"C:\Windows\System32\MsiExec.exe" /Y "C:\Program Files\Softland\Office Add-In 11\NovaPDFOfficeAddIn64.dll"
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding 80D1128E2A6E35EAC98310F28E16BD0D
C:\Windows\syswow64\MsiExec.exe
"C:\Windows\syswow64\MsiExec.exe" /Y "C:\Program Files (x86)\Softland\Office Add-In 11\NovaPDFOfficeAddIn86.dll"
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding 1C16F6D74AB3ED87687622311348BE48
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding 4FF5A0E809256A6C3DFB3D7A3396109F
C:\Windows\syswow64\MsiExec.exe
"C:\Windows\syswow64\MsiExec.exe" /Y "C:\Program Files (x86)\Softland\novaPDF 11\SDK\Lib\i386\novapi11.dll"
C:\Windows\System32\MsiExec.exe
C:\Windows\System32\MsiExec.exe -Embedding 3C269095A9B209541C577DFBA15C674A
C:\Windows\System32\MsiExec.exe
"C:\Windows\System32\MsiExec.exe" /Y "C:\Program Files\Softland\novaPDF 11\SDK\Lib\x64\novapi11.dll"
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding C618F0CDA12FE321B2388C703EB10A8F
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Windows\Installer\MSI967F.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_240818078 12 ScheduledTasks!ScheduledTasks.CustomActions.CheckServiceStatusType
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Windows\Installer\MSIAB8E.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_240823234 20 ScheduledTasks!ScheduledTasks.CustomActions.CheckAccessControl
C:\Windows\System32\MsiExec.exe
C:\Windows\System32\MsiExec.exe -Embedding D94EC77604EBAF18ECF3CA8F234DFC61
C:\Windows\System32\MsiExec.exe
C:\Windows\System32\MsiExec.exe -Embedding EED4A359DEAFB40A55B189F1E2D95E08 E Global\MSI0000
C:\Windows\system32\rundll32.exe
rundll32 printui.dll,PrintUIEntry /ia /m "novaPDF 11" /K /h "x64" /v 3 /f "nova11.inf"
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch -p -s DeviceInstall
C:\Windows\system32\DrvInst.exe
DrvInst.exe "4" "1" "c:\program files\softland\novapdf 11\driver\kit\nova11.inf" "9" "4ff4a86b7" "000000000000014C" "WinSta0\Default" "000000000000015C" "208" "c:\program files\softland\novapdf 11\driver\kit"
C:\Windows\system32\PrintIsolationHost.exe
C:\Windows\system32\PrintIsolationHost.exe -Embedding
C:\Windows\system32\rundll32.exe
rundll32 printui.dll,PrintUIEntry /ia /m "novaPDF 11" /K /h "x86" /v 3 /f "nova11.inf"
C:\Windows\system32\DrvInst.exe
DrvInst.exe "4" "1" "c:\program files\softland\novapdf 11\driver\kit\nova11.inf" "0" "4ff4a86b7" "000000000000015C" "WinSta0\Default" "000000000000010C" "208" "c:\program files\softland\novapdf 11\driver\kit"
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding AE9E4797302091BE4577AB43544558AD E Global\MSI0000
C:\Program Files\Softland\novaPDF 11\Server\novapdfs.exe
"C:\Program Files\Softland\novaPDF 11\Server\novapdfs.exe"
C:\Windows\System32\spoolsv.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\System32\MsiExec.exe
C:\Windows\System32\MsiExec.exe -Embedding DC0C85891512E9C393FB19CAC9247409
C:\Windows\System32\MsiExec.exe
C:\Windows\System32\MsiExec.exe -Embedding E5D37C9F9B9B93E1E781AD01F0281936 E Global\MSI0000
C:\Windows\system32\PrintIsolationHost.exe
C:\Windows\system32\PrintIsolationHost.exe -Embedding
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding 087596ADC5598EA8C58AA96AF6CE2B4A
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Windows\Installer\MSIE9A4.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_240904796 131 ScheduledTasks!ScheduledTasks.CustomActions.CreateTask
C:\Windows\SysWOW64\schtasks.exe
"schtasks.exe" /create /xml C:\Users\Admin\AppData\Local\Temp\task.xml /tn "novaPDF 11 Update"
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Windows\Installer\MSIECF0.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_240905421 136 ScheduledTasks!ScheduledTasks.CustomActions.CreateTask
C:\Windows\SysWOW64\schtasks.exe
"schtasks.exe" /create /xml C:\Users\Admin\AppData\Local\Temp\task.xml /tn "novaPDF 11 Telemetry"
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding 3F4020FEC8CBF71F90A85EDF5CE29476 E Global\MSI0000
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Windows\Installer\MSIF137.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_240906843 141 ScheduledTasks!ScheduledTasks.CustomActions.UpdateInstallDate
C:\Program Files\Softland\novaPDF 11\Driver\sqlite3.exe
"C:\Program Files\Softland\novaPDF 11\Driver\sqlite3.exe" "C:\ProgramData\Softland\novaPDF 11\nPdf_Softland\nPdf_Softland.mon" "insert or replace into Settings(Name, Value) values('InstallDate','08/03/2024 05:28:54');"
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Windows\Installer\MSIF61A.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_240907781 150 ScheduledTasks!ScheduledTasks.CustomActions.TryAddDeleteFlag
C:\Program Files\Softland\novaPDF 11\Driver\sqlite3.exe
"C:\Program Files\Softland\novaPDF 11\Driver\sqlite3.exe" "C:\ProgramData\Softland\novaPDF 11\nPdf_Softland\nPdf_Softland.prf" "ALTER TABLE LicenseInfo ADD Deleted tinyint;"
C:\Program Files\Softland\novaPDF 11\Driver\sqlite3.exe
"C:\Program Files\Softland\novaPDF 11\Driver\sqlite3.exe" "C:\ProgramData\Softland\novaPDF 11\nPdf_Softland\nPdf_Softland.prf" "ALTER TABLE LicenseUserInfo ADD Deleted tinyint;"
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Windows\Installer\MSIF7A2.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_240908156 159 ScheduledTasks!ScheduledTasks.CustomActions.TryAddDefaultOutlookEmail
C:\Program Files\Softland\novaPDF 11\Driver\sqlite3.exe
"C:\Program Files\Softland\novaPDF 11\Driver\sqlite3.exe" "C:\ProgramData\Softland\novaPDF 11\nPdf_Softland\nPdf_Softland.prf" "insert into preset (PKGuid, FKOwner, TypeGuid, IsProfile, IsPrivate, IsTemporary, Data, PresetName, Usage, LastSave, IsDefault, IsVendor, FileTimeLastSave) values ('723593af52a044bebdececb5209d2cae', 'e631aa7dd6bb489c8f25cfdb1b4fd367', 'd5e81884b4de4bf695213810a9b341f5','0','0','0','<?xml version=''1.0'' encoding=''utf-16''?><EmailOutlookPreset xmlns:xsd=''http://www.w3.org/2001/XMLSchema'' xmlns:xsi=''http://www.w3.org/2001/XMLSchema-instance''><IsRoot>false</IsRoot><IsPrivate>false</IsPrivate><IsTemporary>false</IsTemporary><IsDefault>false</IsDefault><Creator>Vendor</Creator><Metadata><Name>*EMAILOUTLOOKN-Save</Name><Description>*EMAILOUTLOOKD-Save</Description><Author>Softland</Author></Metadata><Id>723593af-52a0-44be-bdec-ecb5209d2cae</Id><Component>d5e81884-b4de-4bf6-9521-3810a9b341f5</Component><LastSaved>0001-01-01T00:00:00</LastSaved><Compress>false</Compress><ChangeExtension>false</ChangeExtension><AttachPDF>true</AttachPDF><LookupAddress>true</LookupAddress><AttachOtherFiles>false</AttachOtherFiles><OtherFiles/><Subject/><Body/><ExtensionText>txt</ExtensionText><BCCAddress/><CCAddress/><FromAddress/><ToAddress/><Importance>Normal</Importance><RequestReadReceipt>false</RequestReadReceipt><NoForward>false</NoForward><NoReply>false</NoReply><NoReplyAll>false</NoReplyAll><Action>Save</Action><DeleteAfterSend>false</DeleteAfterSend><Category/><PasswordProtection>false</PasswordProtection><ZipPassword/><SendAsText>true</SendAsText><AddDefaultSignature>true</AddDefaultSignature><RequestDeliveryReceipt>false</RequestDeliveryReceipt><Sensitivity>Normal</Sensitivity><IgnoreMissingFiles>false</IgnoreMissingFiles></EmailOutlookPreset>', '*EMAILOUTLOOKN-Save', '0',datetime('now'),'0','1','133543493357539562')"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 17.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | extra-ram.soft112.com | udp |
| US | 104.243.35.223:443 | extra-ram.soft112.com | tcp |
| US | 104.243.35.223:443 | extra-ram.soft112.com | tcp |
| US | 8.8.8.8:53 | 241.154.82.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 42.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 223.35.243.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.soft112.com | udp |
| US | 8.8.8.8:53 | fundingchoicesmessages.google.com | udp |
| GB | 172.217.16.238:443 | fundingchoicesmessages.google.com | tcp |
| US | 209.222.98.21:443 | www.soft112.com | tcp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| GB | 216.58.204.66:443 | googleads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| US | 8.8.8.8:53 | 226.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.179.250.142.in-addr.arpa | udp |
| GB | 142.250.200.10:443 | content-autofill.googleapis.com | tcp |
| GB | 216.58.204.66:443 | googleads.g.doubleclick.net | tcp |
| GB | 172.217.16.238:443 | fundingchoicesmessages.google.com | udp |
| US | 8.8.8.8:53 | www.clarity.ms | udp |
| US | 13.107.246.64:443 | www.clarity.ms | tcp |
| US | 8.8.8.8:53 | lh3.googleusercontent.com | udp |
| GB | 216.58.201.97:443 | lh3.googleusercontent.com | udp |
| US | 8.8.8.8:53 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| GB | 172.217.16.238:443 | fundingchoicesmessages.google.com | udp |
| US | 8.8.8.8:53 | www.google.co.uk | udp |
| BE | 108.177.15.156:443 | stats.g.doubleclick.net | tcp |
| US | 216.239.32.36:443 | region1.analytics.google.com | tcp |
| GB | 216.58.204.67:443 | www.google.co.uk | tcp |
| BE | 108.177.15.156:443 | stats.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | 21.98.222.209.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 66.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 41.110.16.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.246.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 156.15.177.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.32.239.216.in-addr.arpa | udp |
| GB | 216.58.204.67:443 | www.google.co.uk | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.178.4:443 | www.google.com | udp |
| GB | 142.250.178.4:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | r.clarity.ms | udp |
| US | 20.119.174.243:443 | r.clarity.ms | tcp |
| US | 8.8.8.8:53 | 4.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | c.clarity.ms | udp |
| IE | 68.219.88.97:443 | c.clarity.ms | tcp |
| US | 8.8.8.8:53 | c.bing.com | udp |
| US | 204.79.197.200:443 | c.bing.com | tcp |
| US | 8.8.8.8:53 | 243.174.119.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.88.219.68.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
| GB | 216.58.204.66:443 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| GB | 216.58.212.193:443 | tpc.googlesyndication.com | tcp |
| GB | 216.58.212.193:443 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | 193.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.178.250.142.in-addr.arpa | udp |
| GB | 216.58.204.66:443 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | 114.110.16.96.in-addr.arpa | udp |
| US | 216.239.32.36:443 | region1.analytics.google.com | udp |
| US | 216.239.32.36:443 | region1.analytics.google.com | udp |
| GB | 172.217.16.238:443 | fundingchoicesmessages.google.com | udp |
| GB | 172.217.16.238:443 | fundingchoicesmessages.google.com | udp |
| US | 216.239.32.36:443 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | csi.gstatic.com | udp |
| BR | 142.251.132.3:443 | csi.gstatic.com | tcp |
| BR | 142.251.132.3:443 | csi.gstatic.com | tcp |
| US | 8.8.8.8:53 | 3.132.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.extra-ram.com | udp |
| NL | 37.48.65.144:80 | www.extra-ram.com | tcp |
| NL | 37.48.65.144:80 | www.extra-ram.com | tcp |
| NL | 37.48.65.144:80 | www.extra-ram.com | tcp |
| US | 8.8.8.8:53 | ww1.extra-ram.com | udp |
| US | 199.59.243.225:80 | ww1.extra-ram.com | tcp |
| GB | 142.250.178.4:443 | www.google.com | udp |
| US | 8.8.8.8:53 | parking.bodiscdn.com | udp |
| US | 104.22.41.120:443 | parking.bodiscdn.com | tcp |
| US | 8.8.8.8:53 | 144.65.48.37.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 225.243.59.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | us-central1-adzapier-us.cloudfunctions.net | udp |
| US | 216.239.36.54:443 | us-central1-adzapier-us.cloudfunctions.net | tcp |
| US | 8.8.8.8:53 | cdn.primeconsent.com | udp |
| US | 104.18.12.192:443 | cdn.primeconsent.com | tcp |
| US | 8.8.8.8:53 | www.ads.com | udp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| GB | 96.17.179.205:80 | apps.identrust.com | tcp |
| US | 8.8.8.8:53 | 120.41.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 54.36.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 192.12.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 205.179.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ads.soft112.com | udp |
| US | 206.221.176.5:443 | ads.soft112.com | tcp |
| US | 8.8.8.8:53 | api.privacypillar.com | udp |
| US | 159.203.145.149:443 | api.privacypillar.com | tcp |
| US | 8.8.8.8:53 | www.adsensecustomsearchads.com | udp |
| GB | 172.217.16.238:443 | www.adsensecustomsearchads.com | tcp |
| US | 8.8.8.8:53 | partner.googleadservices.com | udp |
| US | 8.8.8.8:53 | soft112.com | udp |
| US | 206.221.176.5:443 | ads.soft112.com | tcp |
| US | 206.221.176.5:443 | ads.soft112.com | tcp |
| US | 8.8.8.8:53 | 5.176.221.206.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 149.145.203.159.in-addr.arpa | udp |
| GB | 142.250.200.10:443 | content-autofill.googleapis.com | udp |
| US | 20.119.174.243:443 | r.clarity.ms | tcp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| US | 192.178.49.3:443 | beacons.gcp.gvt2.com | tcp |
| US | 192.178.49.3:443 | beacons.gcp.gvt2.com | tcp |
| US | 8.8.8.8:53 | e2cs24.gcp.gvt2.com | udp |
| US | 34.138.204.1:443 | e2cs24.gcp.gvt2.com | tcp |
| US | 8.8.8.8:53 | 3.49.178.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.204.138.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | beacons.gvt2.com | udp |
| US | 192.178.49.3:443 | beacons.gcp.gvt2.com | udp |
| US | 192.178.49.163:443 | beacons.gvt2.com | tcp |
| GB | 216.58.204.67:443 | www.google.co.uk | udp |
| US | 8.8.8.8:53 | 163.49.178.192.in-addr.arpa | udp |
| US | 206.221.176.5:443 | ads.soft112.com | tcp |
| US | 206.221.176.5:443 | ads.soft112.com | tcp |
| US | 8.8.8.8:53 | www.novapdf.com | udp |
| US | 172.67.138.75:443 | www.novapdf.com | tcp |
| US | 172.67.138.75:443 | www.novapdf.com | udp |
| US | 8.8.8.8:53 | 75.138.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | google.com | udp |
| GB | 216.58.201.110:443 | google.com | tcp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| BE | 108.177.15.156:443 | stats.g.doubleclick.net | udp |
| US | 199.59.243.225:80 | ww1.extra-ram.com | tcp |
| US | 199.59.243.225:80 | ww1.extra-ram.com | tcp |
| US | 8.8.8.8:53 | 110.201.58.216.in-addr.arpa | udp |
| GB | 142.250.178.4:443 | www.google.com | udp |
| GB | 142.250.178.4:443 | www.google.com | udp |
| US | 216.239.36.54:443 | us-central1-adzapier-us.cloudfunctions.net | udp |
| US | 8.8.8.8:53 | r.clarity.ms | udp |
| US | 20.119.174.243:443 | r.clarity.ms | tcp |
| GB | 172.217.16.238:443 | www.adsensecustomsearchads.com | udp |
| US | 8.8.8.8:53 | 19.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | download.novapdf.com | udp |
| US | 20.119.174.243:443 | r.clarity.ms | tcp |
| US | 20.119.174.243:443 | r.clarity.ms | tcp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | beacons2.gvt2.com | udp |
| US | 216.239.36.117:443 | beacons2.gvt2.com | tcp |
| US | 216.239.36.117:443 | beacons2.gvt2.com | udp |
| US | 8.8.8.8:53 | 117.36.239.216.in-addr.arpa | udp |
| US | 192.178.49.3:443 | beacons.gcp.gvt2.com | udp |
| US | 20.119.174.243:443 | r.clarity.ms | tcp |
| US | 8.8.8.8:53 | www.novapdf.com | udp |
| US | 172.67.138.75:443 | www.novapdf.com | tcp |
| US | 8.8.8.8:53 | r.clarity.ms | udp |
| US | 20.119.174.243:443 | r.clarity.ms | tcp |
| US | 8.8.8.8:53 | google.com | udp |
| GB | 216.58.201.110:443 | google.com | udp |
| US | 20.119.174.243:443 | r.clarity.ms | tcp |
| US | 8.8.8.8:53 | 79.121.231.20.in-addr.arpa | udp |
| US | 172.67.138.75:443 | www.novapdf.com | tcp |
| US | 8.8.8.8:53 | 23.149.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | r.clarity.ms | udp |
| US | 20.119.174.243:443 | r.clarity.ms | tcp |
| US | 192.178.49.3:443 | beacons.gcp.gvt2.com | udp |
| US | 20.119.174.243:443 | r.clarity.ms | tcp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| GB | 142.250.200.14:443 | clients2.google.com | udp |
| GB | 142.250.200.14:443 | clients2.google.com | tcp |
| US | 8.8.8.8:53 | 14.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | r.clarity.ms | udp |
| US | 20.119.174.243:443 | r.clarity.ms | tcp |
| US | 20.119.174.243:443 | r.clarity.ms | tcp |
| US | 192.178.49.3:443 | beacons.gcp.gvt2.com | udp |
| US | 20.119.174.243:443 | r.clarity.ms | tcp |
| US | 20.119.174.243:443 | r.clarity.ms | tcp |
Files
\??\pipe\crashpad_4860_BBTWVHBBOCIBFDQY
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
| MD5 | 99914b932bd37a50b983c5e7c90ae93b |
| SHA1 | bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f |
| SHA256 | 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a |
| SHA512 | 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 7864911fc71740469ba22c8e2cdb2e78 |
| SHA1 | a63495d50a847055e49b57cac8c026d1950a02f0 |
| SHA256 | d6a5f09724fc7262691a17b1bf4580b8a47efde8cbfed9a83cd95d19c92d23fd |
| SHA512 | 8ab9aa617acab1aa439e9bf57e4c74657a79a4401dcfb8c633e51a23a7e007c008bf78d0acbaff1d38c2243f6c02a7176d6f36681f8e7954115169b775f9eff0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 6c489389c8bfff4d52b60b160f49a729 |
| SHA1 | e7f0082579583a4b9621b95f176a5934c9e46ae5 |
| SHA256 | 18cb1574c934af400205d5d90c2c10ed7fc355806fa35738b7e25d0350c2d426 |
| SHA512 | 2a6060a3d3a47868c9c905341d891d99cf966cae0ac9e4c4ec7d635196a344e59f32a3971bf139d658c66a890e3a172cc5bf9e33ab42ead415208adfd6f4facc |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 878429cff95cb07d20001da8acb8d6d2 |
| SHA1 | e0a386bcf39274c94b50864902a6aa18b33601f5 |
| SHA256 | 85c5a22acd48c78230ec013b2259893bbd3468e7638b000ab4e3a230c7cf4388 |
| SHA512 | 94b5fadd35d71b1c8b5f6e7eae513e11850816a2f8c56b1057d7c779e03739aa460ccc68f910d649f829f7fcffcd1f186b00e475ded070ab46091dcd434d20ed |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000002
| MD5 | 086122a4bfb7a51510e3f0f0358446c2 |
| SHA1 | 409d7940193c0a6201fb28376f9ca1ec4e09d979 |
| SHA256 | 3c982a4b7283f4a728760190c40feaef16cceafab2f04f372c7848ff1b65c270 |
| SHA512 | 1db1eb3cc8fa2fea162297b95d6f9d5fff99d2ddecb2e5a70eee014585f6c51550816dff2b295aa268e7040c5414c89c6c7d45f0c924a612dd98ff4e7974c309 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005
| MD5 | 79da890b16155133aebd559bd329ab09 |
| SHA1 | 03c31d430e0557199491f81fe809fa2a1f5dd4a3 |
| SHA256 | 6db28bb1adbbfb8023b68c4f6ad5cb68ca7dbaf710087a00cc5502fe735f5295 |
| SHA512 | d868d661e9f48444e750b5856fa7818faa021a1cb0fd4408961e4ec9f4bb9be08a95eb15360926aaf6e1c4beabc3c2b9a2c9398538089a062d7a0432521694a1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000010
| MD5 | daa01cc5a9b8b3a7730d8c940015554c |
| SHA1 | 6d3091870737fffb408000a4664c8a6f088b5cf7 |
| SHA256 | 60dfc7c4f1adc5282ff9d3a0bd9445b59874ce5e123226d3d6f5339d1b998a6d |
| SHA512 | 7de57bc1ef544432cd0cf5e27b87fd19af248d2adde11b9b0b7f1cd5e762fe8ab08954344027b7fe32a62c142ba8411e3db42df87ed47a009437aaa511d6246e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000014
| MD5 | 015c126a3520c9a8f6a27979d0266e96 |
| SHA1 | 2acf956561d44434a6d84204670cf849d3215d5f |
| SHA256 | 3c4d6a1421c7ddb7e404521fe8c4cd5be5af446d7689cd880be26612eaad3cfa |
| SHA512 | 02a20f2788bb1c3b2c7d3142c664cdec306b6ba5366e57e33c008edb3eb78638b98dc03cdf932a9dc440ded7827956f99117e7a3a4d55acadd29b006032d9c5c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006
| MD5 | 66b2820a0633ecf70ecb35f0df26085f |
| SHA1 | 51def1f3e3fd4f1ecb1bb7adbce5a18cb3f681e6 |
| SHA256 | e061590fa57214a84604623bbc2b683406fec4839287463c6848de78232aa859 |
| SHA512 | c18a9a58af4c3de6e21071f0ba33d5ee7d0d25587c7cfc916d0d54c1ab53c1c73f4d9eeba981fea2f2fb759c8eb5dfce68ff9a3439c2a0d4bdce0af84cf3ba61 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 71d5addb653904512b4464c10a8b18ea |
| SHA1 | fd2932283265078b18881380d4faa5ebeec0a684 |
| SHA256 | 9ad695de944a2acad33749270e682e0ff255568f175081e95fb4ff29720a3ada |
| SHA512 | 558fe597b45dc61d1defad647f7a1890c233645398f33d477cb5cf1d013c8fb46091c00541ca91f144664e915670ffd098bdc5cda9fcdd18c01ec0818910ba1f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 15a5bd7bee8eecff47592e7de2499d74 |
| SHA1 | 0c99c8da737ce1ceb136bf62b1191841df715392 |
| SHA256 | dc4aef66aeb2bcb339f85540396267e85dbea4ed49d4aa91926b40b21dc6886a |
| SHA512 | 6c406db48d45c00f49c7a371a332a62446c26a7b0624c5ba92d6e3d990b3b3b5e3a175b71435be6c992739cb17e8e915386adbbee67d5a21c38a7664d1367bb4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000a
| MD5 | 47fdf1bb95948fd41b80cd64238b8b6d |
| SHA1 | f2593f86fd3a34a946b6fe02bab3634d09dea134 |
| SHA256 | dc64e5b6a9108677f495c20ea8e0ccd18c26d7c116db8b412a5ef9c8aefc9200 |
| SHA512 | 7d5ba16b7908e4be488f7310322409f96f164ed2973a8d314e68925b79456776ff5527ba9f0b511e90987f0186880a816f5747a16fe4c659c4f0993b8c3cdf5a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000b
| MD5 | 87e8230a9ca3f0c5ccfa56f70276e2f2 |
| SHA1 | eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7 |
| SHA256 | e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9 |
| SHA512 | 37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000d
| MD5 | 442daed8f57c9c35bbf64b9628ab7805 |
| SHA1 | 4af3266116dad0b89333da389b150991b5352d32 |
| SHA256 | 231164c1b36c368fd82d91c2dfd9ad6f79662e74b233a98c5ac82f62b53359e7 |
| SHA512 | d2d286d41a653caf3580684d1e420d362b0c809239fe1e5f01faf515a681c5c6bb155ed7d9c915e01c9e242c889414e6bc8b98a2bf284133725e66f55da036de |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000022
| MD5 | f5b4137b040ec6bd884feee514f7c176 |
| SHA1 | 7897677377a9ced759be35a66fdee34b391ab0ff |
| SHA256 | 845aa24ba38524f33f097b0d9bae7d9112b01fa35c443be5ec1f7b0da23513e6 |
| SHA512 | 813b764a5650e4e3d1574172dd5d6a26f72c0ba5c8af7b0d676c62bc1b245e4563952bf33663bffc02089127b76a67f9977b0a8f18eaef22d9b4aa3abaaa7c40 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 45ef9bb8dea6f2a8c752e72f803bc4bf |
| SHA1 | 0d389ac0722e7d1ffd0bb70bfa5fdc8694a5b3a9 |
| SHA256 | b99d53d0d0163de1e453645fee6a370c3de3831f975f887dd2aacc2c32fd1c96 |
| SHA512 | 965f34ff95f04a1bc089110c215a377cf6fda0117788acb90a6098d8c0ef3f607f3154baa9007a55707b7457a83e08b3ca6eb42e191dfee32bbd041d392d28e2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | c51f630232c3a755b4559981f669377c |
| SHA1 | b8c9f9bbe9f37d8a7f0a9997d0eafb4038dc7a1e |
| SHA256 | a2666dfe125506112d9116d0a3134cd328d85e944e5f7da9e25973f7fbe8c814 |
| SHA512 | aa14e9c4a6f954db60baec6cacc43174313df655a820500a185ffaaf00a5993c4357e09ec4d6b886db1148868a8428f47bf2a2f7838ce69d5f135b3b8e61edd1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\0bc6684d-9de7-4bb3-9bf2-8cc208280ab4.tmp
| MD5 | 0aa8622efd33365b9efcfed033e8804c |
| SHA1 | 746edbce9544edaf9ed61c2831babd27df0a1b86 |
| SHA256 | 660595b313aec75cf3393a2b14b4c852f49ba76cf3ee82371b357a648bf95359 |
| SHA512 | 5653124ce3e0bac2ad4fd6de354618aec8b8da6b3456189907cfac8b9a7fadb1dc8fd3d8f55fd2d0f96ebce920fe83521c78e3771dda23b6c5ededb00954137f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 03e2895ef12ed43198179f1893f42d5e |
| SHA1 | 39b7f03e516fcef30cb91390a5cf123f4a2e6632 |
| SHA256 | 115f185d92f1719236236c93608d944d4439019031cbeba861afa97adb4ba6dd |
| SHA512 | 53b5bb314fd0e221d79038cc6a60dba8051c29e5dc2390f9a493a015e033a088ab10e8e60f0a41decba86f927bdf3b2dc7f7ceecb9ef27f7c5a27a8a0d38bbf1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | d7eaeb0428ba3065e34e7c6b0f8ce071 |
| SHA1 | 4b4876835cb39d55a6d13ac61e3ffc26460a0e44 |
| SHA256 | 61ea5a48512f399738ca9e86c484b8876a35becbf05a3b893b8fbae93d52e304 |
| SHA512 | 452a204c9d833e1fa7750edb79f8d4ab1191c0340aca524c0906db37a4629c74d3b6f5f371d3d37d61196bbc344a2c31105eb6555757968c7ea7624885725ae4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | c1f700bd1911363e50466f8da0f139eb |
| SHA1 | 6824adbee67ea725b1d73a24c7b4bdda68b54a7d |
| SHA256 | 61ffe3c48ad93c8ce30a9c5089918fbc55057f3386757b5b05738961319afbaa |
| SHA512 | 6fc5fbb5c08dc8174a448d04654df8e829d1a2d893be11d262a6111c67c3087b7963d303546b518a33988a5d20e985b46ec27f6cd9b72a441f6b0636ed3f9cf3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000023
| MD5 | b82ca47ee5d42100e589bdd94e57936e |
| SHA1 | 0dad0cd7d0472248b9b409b02122d13bab513b4c |
| SHA256 | d3c59060e591b3839ec59cad150c0a38a2a2a6ba4cc4dc5530f68be54f14ef1d |
| SHA512 | 58840a773a3a6cb0913e6a542934daecaef9c0eeab626446a29a70cd6d063fdb012229ff2ccfa283e3c05bc2a91a7cac331293965264715bdb9020f162dc7383 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | abcf231704dca4d05b6a380edc405c17 |
| SHA1 | d8d568a1f14b16d033113295f8459d293049aa59 |
| SHA256 | a5c8f83f55a14ab0cf2bb1dfacbcf4d8e5ee7091ae47ba9ac7e288cd94842d1a |
| SHA512 | bb93a33dc091d6fb4624a31925a30a2cde21da1eec227a03a973170b66ef56ecffe468e4199fe28920235eaf6485c0acd23d2e8d56936db8cd192411fc3cf151 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | a6111022430b4bc1952e8ad6b8804c0a |
| SHA1 | fd551e49eba03b7c5ccba2cab62014ff27865472 |
| SHA256 | b7cb01c5fbdf38e7677880234f3ec6de8d3dfe0839342960ef9b71dbc4bbac5d |
| SHA512 | e5e19439bf030d8b4d1cd2051b65362e2f72bc12797bd276ef86f6a5aea04998212f4b3a677bddace4fac0c7b7842756a3bc24428a41de48630d467c256bd342 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | a79f8b3a093f4c70d1f3f742a8d5537e |
| SHA1 | ab20f92f568a83eaf45606d2033e189fe0c7aab2 |
| SHA256 | 7bf8c7e829986788ef7a571c168d0d93c9c014c898d9fdb3e1c79869e7e15ab1 |
| SHA512 | e66d750246b121b95eb57eeca531113af0bef8560b8c7db7ff92e13454e032ff357f3dccd5d07feb774f6ba16e1f8ca8f3cbc0472b1bfeecd5e6ee265d13a34f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 215e5e44bfb53c096b88663110ac21c0 |
| SHA1 | c25daff88d7938d365e35ba3c586973b6b21db9d |
| SHA256 | 9ff7aa428320bde11827f8a45b8d9e0afbf9e84fdf3a672654de16565a378798 |
| SHA512 | 4b6f61c803b42988a0c33b4f148d12c05d0292b2e210d407552eee7f4f0fbc94d2fad08499f92cb1dde84e5307bb848eaee9f952d006e432e655245b1556a5e0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 229d521ee36a3b3427eca325fd519025 |
| SHA1 | c501aaf4be89d80cc42935fd306b0ec0015bc726 |
| SHA256 | 11587562c57a5745d63726a7c7d7b49a927c46bc38ebfa3936c1f9b88b8dabec |
| SHA512 | 66854d2bb84a42852e5886ba3e1e11bc549556e34763c8dbe4a4412d56eca1734b080191c527d90daf797aad74d4360c7d094c7baac60e61e2eac166143339b6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | 4e9c703a8575454c6430246ba1f164d0 |
| SHA1 | a4028e3ab03b3531c8e54fb96922b406a7945ac8 |
| SHA256 | d41802fa467ed1d7046588c83167f7bdeb69465192c7277bbee6f25db7a9311b |
| SHA512 | d018b2a87a849509d1dc9de7161f828bbe52d5614df7dd6e51725eaa0ad114e9767b9951abb312fe9c04b104a5edfc08ef092c4bef79e01cde43a8fe4dbc7097 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe590110.TMP
| MD5 | 0f79b2f257d46a20b01354bb3be19dea |
| SHA1 | 400db194973cef422bb0498a7672e50ce1816a37 |
| SHA256 | f180fc630d0a3b6d044bf495504462f6e53776ad5c1d0d6d12cb4fdcad82d80a |
| SHA512 | 58790c37a17938b13050bf553a68924bcf4e1ab0b06d8fc61dacbd351dbe70053aaec29464263fe24dc9c6151768df2a9647ab27130a994b1592e9575ce4cac2 |
C:\Users\Admin\Downloads\novapdf-full.exe
| MD5 | b41f866d035ef3c5e58d5722989ed64b |
| SHA1 | 1c89d578a265bb2c0bcd6722d69c6fd20da498f7 |
| SHA256 | 1c8f32940a5a6108e19516a055fecf3a683718580c24f2f9172310c40521f9f5 |
| SHA512 | 776b786ffde2c6614aa674f192f22e1e9a3deb13b1640df1f857a69f5e9d88a41cb832b21d6d9a272d0ddee88dabaef9e6d3767f5e269065cc0ff544e032409a |
C:\Users\Admin\Downloads\novapdf-full.exe
| MD5 | 16ab7d2653f8427681f4da3c3d65a276 |
| SHA1 | 6b823834d80d3b7f02198dea7dc74a8b962d6440 |
| SHA256 | e618b86877a38dc23612e490dd29352bdd68ea716caefc8a6cebfdec53cdced2 |
| SHA512 | 055414936c3f02de16f9c3a7ee2253d78d0dfc903368893d666abe4f3dcea94daf889853fc739e859d56252f5534a27f0be729db57b0d8071cce13374adfa4f1 |
C:\Users\Admin\Downloads\novapdf-full.exe
| MD5 | c2fd603f18250aa0d0daf793fcc2fe37 |
| SHA1 | 0a82f0e5b567092cf6db71e930812cb9ce5f8f13 |
| SHA256 | 79e901f1b97097d70e8cdae46714cdf178fc8c1d719ba486e7ab1538751adfcd |
| SHA512 | 3bdf981df5e3a86f23b4ca56b627739c3b34cf5627934c0b8eb4fb2b07f82c3eadd625a781319d3949011035234911dbdedc0a25a3519339cdfc2f4440ad0d62 |
C:\Windows\Temp\{45DE6611-DFD3-47FB-A6EA-6C8176793ABC}\.cr\novapdf-full.exe
| MD5 | bd289b2dafe47ec65d5f2de8ebf86fc0 |
| SHA1 | f8f6b8b6dbc28789d05dfbaf160e6425188fec0f |
| SHA256 | 1a480178cc81daaa1b1e5e1133b39e285375745b189be09be94a38ba2d8555c8 |
| SHA512 | 96632425f2add08448ad15c57190797eec7e67ffe72d0a43f6653f4caa2b3fe24cf7a6be11e440bf87423874bf73b0c0ff322b6f8ac6a878448efd644ddfd2fd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | e4dac570470a09a51632e54d4447c582 |
| SHA1 | b4ecdd15928066e3f3621cca716d8dce09fb2116 |
| SHA256 | 726b3b6972bc96aa7139d7a8ebac5086c932e2c62a4f6a01c2c06e72c772d532 |
| SHA512 | b7fa9d5046ce86e1b8d4f63f9851e8ea647a4ccb4a7e5ef9315db97aafadea4355de4638a47e6955ef00f2e5c73b1322fa4b743734f435c529a57f93b172c33f |
C:\Windows\Temp\{085214DA-9996-49BB-8334-2B0C895C7D3A}\.ba\mbahost.dll
| MD5 | c59832217903ce88793a6c40888e3cae |
| SHA1 | 6d9facabf41dcf53281897764d467696780623b8 |
| SHA256 | 9dfa1bc5d2ab4c652304976978749141b8c312784b05cb577f338a0aa91330db |
| SHA512 | 1b1f4cb2e3fa57cb481e28a967b19a6fefa74f3c77a3f3214a6b09e11ceb20ae428d036929f000710b4eb24a2c57d5d7dfe39661d5a1f48ee69a02d83381d1a9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | c474229c7717302a9f7bca607aacfdfd |
| SHA1 | 996d2a3ca0f5dd3f880d56f40489fba7c182a9a1 |
| SHA256 | fa7465f6da22c7f651629b0047a853589709693cdd3c82e208df812022bba3f4 |
| SHA512 | 9508a6043eb21edf0d44fd5018469ad1d046bf51a1a38d347ef86c4d5f1eecdce33468c17002ca81487ed0384652aa4dd4c9dfb5287397a1d12c39c278ae17be |
C:\Windows\Temp\{085214DA-9996-49BB-8334-2B0C895C7D3A}\.ba\BootstrapperCore.dll
| MD5 | b0d10a2a622a322788780e7a3cbb85f3 |
| SHA1 | 04d90b16fa7b47a545c1133d5c0ca9e490f54633 |
| SHA256 | f2c2b3ce2df70a3206f3111391ffc7b791b32505fa97aef22c0c2dbf6f3b0426 |
| SHA512 | 62b0aa09234067e67969c5f785736d92cd7907f1f680a07f6b44a1caf43bfeb2df96f29034016f3345c4580c6c9bc1b04bea932d06e53621da4fcf7b8c0a489f |
memory/912-709-0x00000000733D0000-0x0000000073B80000-memory.dmp
memory/912-710-0x0000000006300000-0x0000000006310000-memory.dmp
memory/912-708-0x0000000006240000-0x0000000006258000-memory.dmp
C:\Windows\Temp\{085214DA-9996-49BB-8334-2B0C895C7D3A}\.ba\BootstrapperCore.config
| MD5 | 18063277f9fe3308d5dafe891db9492a |
| SHA1 | d34edca06b0af8f36bc7c3acf6a1af01ce364b08 |
| SHA256 | 23b540a71e5aa48845af1503efe110acd4e9ce6b6280f5552750e1d3cc866719 |
| SHA512 | fd2d7cae9e7daa9e869fc4cd0788274a84441a5e0c4db2df21d0e24c9d70c316a3ec6605bc1bee5ad9aef810800929547a840b88485bd00e732711be4292b086 |
memory/912-717-0x0000000006780000-0x00000000067A8000-memory.dmp
C:\Windows\Temp\{085214DA-9996-49BB-8334-2B0C895C7D3A}\.ba\SetupBootstrapper.dll
| MD5 | e2d4e5b67b88a371ccfc2f6e2727c58b |
| SHA1 | e15d2f1ef9b7e4d4877a2cf53af2298fd2a83429 |
| SHA256 | 537a55bd8ab81470e5eb06de96e8daaaa5ee697a6dedde2b98ec35f55943ac5d |
| SHA512 | dd2191d491b769b27f2c4efde4c1fe77e8d8de937174410b4ff0d9015cc263e87806bd8f753b98f4b49e36677f62084e359ed990e48b86c88887bf2dcb5792ef |
memory/912-718-0x0000000006960000-0x00000000069C6000-memory.dmp
memory/912-719-0x0000000006F80000-0x0000000007524000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | c40b226edc1f2e7b5a03d75840e12981 |
| SHA1 | 9ceae0932e052730bfb30ce30d38e0626f134965 |
| SHA256 | e93272b1c49df2278c06439ead5c44544a384efb9babf9bc57e84333f963d951 |
| SHA512 | c0912ce9e512680ff4847734a6b1c757ab9dfb983df9b864f30bd0e8d7f09ef24c3d78b7f40d09a1d786d712325e6321265e529518e33f6cfb4854e58b077975 |
memory/912-741-0x000000007FA20000-0x000000007FA30000-memory.dmp
memory/912-744-0x0000000006300000-0x0000000006310000-memory.dmp
memory/912-745-0x0000000007E80000-0x0000000008006000-memory.dmp
memory/912-747-0x0000000007DA0000-0x0000000007E32000-memory.dmp
memory/912-748-0x0000000007D40000-0x0000000007D48000-memory.dmp
memory/912-749-0x0000000007E40000-0x0000000007E78000-memory.dmp
memory/912-750-0x0000000007D60000-0x0000000007D6E000-memory.dmp
memory/912-751-0x0000000006300000-0x0000000006310000-memory.dmp
memory/912-763-0x00000000733D0000-0x0000000073B80000-memory.dmp
memory/912-764-0x0000000006300000-0x0000000006310000-memory.dmp
memory/912-765-0x0000000006300000-0x0000000006310000-memory.dmp
memory/912-766-0x000000007FA20000-0x000000007FA30000-memory.dmp
memory/912-767-0x0000000006300000-0x0000000006310000-memory.dmp
memory/912-768-0x0000000006300000-0x0000000006310000-memory.dmp
C:\Windows\Temp\{085214DA-9996-49BB-8334-2B0C895C7D3A}\WindowsDriverRestrictions
| MD5 | 7d24abc0c91542ff27e02fdc24fb03cd |
| SHA1 | 97f3528dd8485765408bc5ac723f1e1a6c03331a |
| SHA256 | 75723766a2528791763222ef3c8b0e21e1d0424d99457d628a1522adcb49d43c |
| SHA512 | ae6bbbeafb080152ed2be04e00527d585360c75a188db83f2517571b9fc130f861a00edc1ee27e2855ab02e79ab7ed1fa99277255a73bb0dda24b2123151f5e6 |
C:\Windows\Temp\{085214DA-9996-49BB-8334-2B0C895C7D3A}\pay6536CE0A3580BD096BECB3AB2016762D
| MD5 | 50a7426fb2bcf496732952c8bb99a736 |
| SHA1 | 9d1b12850a93c2b7630ba96ce94c8eaa631c083c |
| SHA256 | 565a8593eecbd17d3c0bf5c7320096f963ef3b31379fee9c729dd2cbbbf399f4 |
| SHA512 | 6b6b5ab912b4c37cf951ef53668c66f715a75c86ea48ad6f09d6966a39aae1aaf9f57a0ddc7babd4e1663cfbac511d49776970f332f747d5f1df84d357712b47 |
C:\Windows\Temp\{085214DA-9996-49BB-8334-2B0C895C7D3A}\pay851EBEC0CAC25AE360C6F232A9F5FD52
| MD5 | bc4663843d59081b41772d1bcfefe730 |
| SHA1 | 2c94ea21417c9fa41c8bf58cf9dfffdaf69c61e8 |
| SHA256 | 4c35f85d0ae2af8b72c407787723aa11d6dbc57b739ac77ba6c74ad93cf831ba |
| SHA512 | 6a1ea1e4b64434e6a7ac04c00abab24f30bca1cd5fb95ae91019ddd00cb22bb566df9e45e175d5b9f998f2793d23810acc02b965a17735a713f07d2b7f555958 |
C:\Windows\Temp\{085214DA-9996-49BB-8334-2B0C895C7D3A}\OfficeAddInPackage6411.9.444
| MD5 | 3f2ef18feb9fd14b7bfb7cfcd30b2f90 |
| SHA1 | f4fc272d6b7cbb1c347bfcd82baa6563c48742c4 |
| SHA256 | 9384033ec5b9508c0fdd1128fae9f0a35b01df9e5e3e93a0aded4cf1b9e9eefa |
| SHA512 | 193df637c74b39dac34c51effe06063ddd04d91e52c18b63e1ab8b67e7308b890f854507f47413614cecf859dc219d01762ffbeba5c74b80dbfe5c450b26db36 |
C:\Windows\Temp\{085214DA-9996-49BB-8334-2B0C895C7D3A}\payD0195AB860B82F6F6A65AD7F0B4B9585
| MD5 | b3065e8fed2f7f8fe9cd177e532de2c0 |
| SHA1 | 881a72b35c494a32b5dbd270542cac6244f5b719 |
| SHA256 | c098f3e9c20ab8a35f1046ef96dba6d7f47190423a88b9e3bfa8fef5f4569775 |
| SHA512 | 5c809d0ba49ac95fc6b48010c31f94ed9bab1cfe817d87dfe643d5caefcb54fa0e5fb8943185bf64c0fa1f46160e8df42a33f24271a88cd7a31f027d4536ef4a |
C:\Windows\Temp\{085214DA-9996-49BB-8334-2B0C895C7D3A}\OfficeAddInPackage8611.9.444
| MD5 | d3577845b1e7a91921de3fadfd3368ff |
| SHA1 | 5f7eb89e888af762d4e7130bbef403b13af81150 |
| SHA256 | 71627f411e09bc107723cfdc1a0540397d67b5d318295a2adce8a1ef02a4d939 |
| SHA512 | 244550686b15a6e4986ffe9edb751a4e5718c48633285c5ab3e429acb3b280ce3709c81394df2246e1ac21f6cd8dc7dd535c5a551c10a77bbc0edc6c8f7234dd |
C:\Windows\Temp\{085214DA-9996-49BB-8334-2B0C895C7D3A}\NovaPDFTools11.9.444
| MD5 | 54e788726d98ba2eb3f2b74faea9e6b1 |
| SHA1 | 3f609b5a6f39c9713fdb742edf0077c136b6b416 |
| SHA256 | 8be909768121ed3d4e32f1c2f5bcdae9745fc700fd14fa214a99d3a384d47f93 |
| SHA512 | a17a7539bf43dc0b37f551d0610b00cb7cfea264ebf35affad384d001c68f61c5b549630b45f7b55022f658c59137709d578df43f109806e7066ad0a78f272e6 |
C:\Windows\Temp\{085214DA-9996-49BB-8334-2B0C895C7D3A}\COMx8611.9.444
| MD5 | 9421b41cdcf9f3bee7f78d530bb5ce78 |
| SHA1 | 5b20863851eaccbb11153bdea179b0119283b172 |
| SHA256 | 1a1f6bc8af98095eac3d1a6cc5f601024aab9e1ab11141a60876d23ff13ca2db |
| SHA512 | bb6e7deecbdab1057fb339f08922a4c02fdf5f1fe6c16f31b353ec950b9fc1ef995d71b09c56cabe2d7899418f3c0891de110666e130deaa9e646e8defdd2032 |
C:\Windows\Temp\{085214DA-9996-49BB-8334-2B0C895C7D3A}\COMx6411.9.444
| MD5 | 63f742c0b4be3a7680ba2f329c395b59 |
| SHA1 | 689e63d00e2bf94e89787bc08ab4a6f94dc860d1 |
| SHA256 | c0507ae562c06e2ff69d36ca7fcadb804d9910cb51c634208ec15ecdbdeb395f |
| SHA512 | 42891e645232dac33f4afed866db3efc380721eff2077f6cc76b3d50be8925f0ab4636f0a3e0570e41ed7e88de7f0df5cfb3600ed2ed65d6954e1fb71f14334b |
C:\Windows\Temp\{085214DA-9996-49BB-8334-2B0C895C7D3A}\DriverPackagex64.11.9.444
| MD5 | 6f95337d798b7243fedd82d82295e8f9 |
| SHA1 | ee9f084369044e607594cc4e3c0c93476aebe5f4 |
| SHA256 | 13de36591c324294fe0be5f5005c09d0f4884e0e425ee926862f47b5efeb9202 |
| SHA512 | 6edd82b543a9d00fd575dcc656a112c4174c6cfab21441eeb1ec2ca93b38ba7dbd1098eab6cc73872affe3981ff75be8d41a8d337db3d20c503347d7e560c6ad |
C:\Windows\Temp\{085214DA-9996-49BB-8334-2B0C895C7D3A}\OemPackagex64.11.9.444
| MD5 | 6c5de3eff86d14f9729f3ac21b1994ef |
| SHA1 | 224d0ad0746062fb18b6cb538123ad2b739f3de8 |
| SHA256 | 4c2a648ce2094a8d1b0a65fe8eefd68f2d993682479880ac3bff12c46ac150d6 |
| SHA512 | 04d7b6d11fa645087680b350bd8fe2728c7ed07c52505e0a9ecb69b258d8d69f10883ed26b1466cf959b8233a39b685764b4b72f6d2666f4346c20c6c498acb0 |
memory/6140-796-0x0000000000320000-0x000000000032E000-memory.dmp
memory/6140-797-0x00000000733D0000-0x0000000073B80000-memory.dmp
memory/6140-798-0x0000000004C20000-0x0000000004C30000-memory.dmp
C:\ProgramData\Package Cache\WindowsDriverRestrictionsPackageId11.9.444\AgileDotNetRT.dll
| MD5 | 35c1905fb5581259f8453221f2ae5911 |
| SHA1 | 3fcc48803fd5e9c9dfd124e187ec648f90ae8546 |
| SHA256 | ced1e546436911f7a0b98a8a7a0c206cac69600b7ce84cfdae3bc35c8c19843e |
| SHA512 | e1638b8a4fcadc4c1cdd2940f3d055b50fe7ec1206dfb0cce96d20f5d48b2153f9d84901bed8c3f2955046a7329ba4dacf53899a20ba2408ed29ed129a759454 |
memory/6140-800-0x000000006A680000-0x000000006AC5E000-memory.dmp
memory/6140-801-0x000000006A680000-0x000000006AC5E000-memory.dmp
memory/6140-802-0x000000006A680000-0x000000006AC5E000-memory.dmp
memory/6140-804-0x000000006A680000-0x000000006AC5E000-memory.dmp
memory/6140-805-0x00000000733D0000-0x0000000073B80000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\novaPDF_11_20240308052557_001_OfficeAddInPackage6411.9.444.log
| MD5 | 30471a6c68bcbfd83d94145b02dccb3e |
| SHA1 | 52d30da1f7758542d80a3ed7438e233fc31b7cb4 |
| SHA256 | b64f97e859c026068d2e965240fdde4548424e9a8192be443f2f630b61061e3c |
| SHA512 | 146f5d954194708febc431cba8e8954aeb8ba65997ac79b187ae17ec28971d7a66985dcf23eeac1a11e4df1eea1839ce503d34d4a2f352a2956e2f53b24a94e8 |
C:\Windows\Installer\MSI5749.tmp
| MD5 | f66bad66825d635e7a4bc86153a54331 |
| SHA1 | 8a85921f7f530aca76afcc5e0c32e159122b6be3 |
| SHA256 | 4cb2212e5c9d1cd81b7e8d7f81f7f75c73f8bd9088c473d33e6d76210ed43b6b |
| SHA512 | 10b1bec0f6f5eb4a5b7e899b0592f11a44a89f5edba430ef213a188623abc19e99112a33e811eead6b7f4c9b771ea8f78cdb315d156ea063019081cd4a7792b9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | dd82f8c1b1291d88a0f2d2da87b0c904 |
| SHA1 | e61f3df9c25198c1611b5634c66c04324382f6d3 |
| SHA256 | b94bd1c0febb69621556b98608808772d0913a949f1718c333691a5409903f2e |
| SHA512 | 5e36bfa9dfb5f049d0bc8973d4b2dca24ef492def17dd45f27548f6a002028d1c5271ce704b99719a4fefd8572f10cd78c507bf892fa5dba1959724c2847e28c |
C:\Program Files\Softland\Office Add-In 11\NovaPDFOfficeAddIn64.dll
| MD5 | 8d2949b2a7982a1badba934c88b0628d |
| SHA1 | 0b5ab4a450b2bfb07184f7b78d3c2ee980b75606 |
| SHA256 | 0407e067d7c87ae1b3a1bf30c7d649e570630f82f3cbbf7155b94cfc8270c7bb |
| SHA512 | 0abe12244ff017304766326ef8bd96f830d3cab414922e4e944dafe27fa3dc78335394ec3d77a0f0480c26eb40f841e4b63ba250c318eca8afa668547b198d29 |
C:\Windows\Installer\e5a52a5.msi
| MD5 | 5d919a9e9e737674c1f2c78a1f048670 |
| SHA1 | a319c6ac345317e7c35bcef50ccc7d63843b3e4f |
| SHA256 | 9115c453eedab8ce0817170d92a6b786415888f1e3abf27a5c6d4db2e7d6c132 |
| SHA512 | 556557b9cb67204161e671131c21081aff27f85d48ffc521bd1de8f039729efe2dc75fbc6efe517518751678d5b84f78f4347552229d0160254fc5efb3baab9b |
C:\Config.Msi\e5a52a8.rbs
| MD5 | 82f5f6def657b7b23fe361bc655ecc56 |
| SHA1 | d53c59fb3e5bc04f42bf5609de30b5ddc5072754 |
| SHA256 | 6ed5aa6e369462dfc918aedab2962566b39b39f75baf1e63fc762c8cfe54a09e |
| SHA512 | a608cbcb0edf34a779878eeb458bebb5c3c7c7cdbfec30f57c6cd1c87b9648cbbe22f92395eebe9f2eac12bf435981f6a3ace372701ae7b3164719d483f47123 |
C:\Users\Admin\AppData\Local\Temp\novaPDF_11_20240308052557_002_OfficeAddInPackage8611.9.444.log
| MD5 | 4aaa7eb63c91bbdde6772f1e8acc4ce7 |
| SHA1 | 29e592b1f47ce5889e137a74b7f26523d15be076 |
| SHA256 | aea2dbee005dcc51d06812a0f1cfbcab97a6062e3d729b9ab013d1432fa42840 |
| SHA512 | 5df91a3682dfc9c2421e1b5be12a4d9750e6eb97275dda2dcef1c48f5ac78ab20ab70539eb5f51ac306f0c49db8a56ace81e34302428c1ae268e7f7ef29859d7 |
C:\Users\Admin\AppData\Local\Temp\novaPDF_11_20240308052712_CustomActions.log
| MD5 | ac7b759e20edc5e306ea75cd4f154762 |
| SHA1 | 2525e791866cc829995658b04151acc632353547 |
| SHA256 | 8afc4187228b1a60b5915ba7d6228eee99a6295a372a234a6c563a9e3c321d97 |
| SHA512 | 2facecaea7be19247b782734a2e3fd7285f9472dc2f0a08e859a050909cb6b6203e6ac6ff0eeb4d0d1022759383d411db7f4c30b36766b3e505e65ff1ec207f5 |
C:\Windows\Installer\MSI6361.tmp
| MD5 | 79c1bbdc06d3fa494416e2cda2deb907 |
| SHA1 | a18f083c5745c0805893f90873b63f0ee1123774 |
| SHA256 | 632500353e0f1631b314a0f7bd2ef9b8885253be46b522a480efe3eeb437cf98 |
| SHA512 | 4d93720d165db0f84789c1ce3169bcd560ceb2a0fad46c45360ad234cd78a1ba246ebde07c1b6b34e4cf618e5deb1684c38e37ea09e9b5565886982a1a9c66fd |
C:\Program Files (x86)\Softland\Office Add-In 11\NovaPDFOfficeAddIn86.dll
| MD5 | a9500f3fbaa18e82c86ea925197c7cd7 |
| SHA1 | 908bda228d47ece39b5c385aad46ee3a5cbe6bcb |
| SHA256 | 78a579daa3b36b92518fe029312ea2b5a6780210c10278d705a815e85283a24b |
| SHA512 | a48fb46e32aaa9103a400b89d0b235062988d5c16c7f87a8f541f19d7383a34b04d1d4d16c2a1da4feda42c2fe9591b6f5e17964d6f4bddf273bf4882c23edf3 |
C:\Config.Msi\e5a52ad.rbs
| MD5 | 79f93bbf6d87c0637bc5a48ea3ddbaee |
| SHA1 | b75ba2715b520addcb5e85437eb1f57c13a2e98f |
| SHA256 | ed126ff9eb4b740d5247769fbaed520b869b3a8106580579604362ee93d0a4dc |
| SHA512 | e7ba28236d3a2007402a3b5cf08bd88148ebcd633b836dc131d2fce1f47b42407be1c39334c189b3e4ad84fb3b9b0f57ea4fdeff525788a3268511447ff9fb8f |
C:\Users\Admin\AppData\Local\Temp\novaPDF_11_20240308052557_003_NovaPDFTools11.9.444.log
| MD5 | ad8d04050bcfba0b5b2f626f73a03633 |
| SHA1 | b233cfc38f614b0c1483ec2bf5faa2c3b5c2fbe6 |
| SHA256 | c63be4a2ac80fc77be5e299b116993f01e35f931d355e54325ed0cb228d80499 |
| SHA512 | 34d2dd07787a49c28bef2f3c19404c9859cb3081c2404f3aae956a46bbce16920a026b8d8cd44b3929a2740c2328adce4418e90273835b2a4406491024843575 |
C:\Users\Admin\AppData\Local\Temp\novaPDF_11_20240308052714_CustomActions.log
| MD5 | c674fbed0e749fa68eb93470854d4f50 |
| SHA1 | a624fd1df2acade9f61c1b69ebece425cbdd34c8 |
| SHA256 | cd0f7631701fa6bb38ca5ac92a4c13dfb380f232388f7e802c707c9191e110e8 |
| SHA512 | 5a90679843e0bd977950f2bae31b2bd5c8711961706d42c659cc016bb77030e517968dc674785e83e874b2aebd5c4087631b8f243c82bd5f9850ac853238ae29 |
C:\Windows\Installer\e5a52b3.msi
| MD5 | 949dd641a4db3a689f4be8a1c007cca3 |
| SHA1 | ceef28838a2e107dd073da999b0528827d432621 |
| SHA256 | cfa78837071f85ecc739bab6c8e145ee30d56b294de58d101b0531b16a57c09b |
| SHA512 | 59fa75676559432b48cf10b4077f2a13d5b6e35bbb2f910a3f1638f296ade4883807c1450c794cca53f306867e0092cc08b963eb5550c6f54b604ee941ec322d |
C:\Config.Msi\e5a52b2.rbs
| MD5 | 111891c2e09f00ce3f76530c5eda7717 |
| SHA1 | 6360c04aa69bda5365f24741ac04384b32b3c1db |
| SHA256 | 712d10f54aca13af5c3f0e8122bdc274a3be3778faed7bcd4dc7e63fc89139b0 |
| SHA512 | aeacab1ddd436f73f92c18171130b968e039a4e9009868d186beb3173876864ce62731631b9614ea289ceaa5cd23a310c8be2ad08cabf3acffcc981aa6ca13a9 |
C:\Users\Admin\AppData\Local\Temp\novaPDF_11_20240308052719_CustomActions.log
| MD5 | 307922bb21f7d6e7aa54115f2fe94a81 |
| SHA1 | 7c6a7ec4610e88b15e9dd39b050000a85743182f |
| SHA256 | f49c767d3ddade911dd036af2f3025e401216735baf13c532a0df2870cf27a0e |
| SHA512 | 9865a66f3d10cd85243c261518eb269cf5b18cdd827c1cdd83eabd01dc002ce31f5070a3fe7229b09324f4d820859b438f6de433535741b319dca0e200dc3cdd |
C:\Config.Msi\e5a52b7.rbs
| MD5 | 3f9f819a4d8a7e3097b6f162265da5d1 |
| SHA1 | f224311fb21e0c9a955ae3a89caedf0c8746e372 |
| SHA256 | 233a56a24d275e78f7234aabb2e65a2637aaf8fb2618e12b604b6d6f7d39d131 |
| SHA512 | 8a1ce0efa535104c018b18686ff4579bcaa0918cd028c6b3840629684e6aa91bf5ee74ffd024f0fa91741af0010dc3d1251bcdb7569eadae5c3aa11ae00b1033 |
C:\Config.Msi\e5a52bc.rbs
| MD5 | 92394feb7af5bcd225d6859777bbbdba |
| SHA1 | 0058a8241179b83b16d74c43eb0c0deb0704d0d5 |
| SHA256 | 8523ad3a8c2361d4e2e3239a4c3ef85661dc90910ea45d1265887c60d817ec03 |
| SHA512 | dfb94e278ef2a71551dd81180ec0b2451403f3f9619b4660bf8615fb829937101763a3e32aa04bb7bb47c1a84bcb4f21d6033fbc609e2d40b3053e8195329503 |
memory/5788-1294-0x00000000733D0000-0x0000000073B80000-memory.dmp
memory/5788-1293-0x0000000005230000-0x000000000525E000-memory.dmp
memory/5788-1295-0x0000000005290000-0x00000000052A0000-memory.dmp
memory/5788-1298-0x0000000005290000-0x00000000052A0000-memory.dmp
memory/5788-1297-0x0000000005270000-0x000000000527E000-memory.dmp
memory/5788-1299-0x0000000005290000-0x00000000052A0000-memory.dmp
memory/5788-1300-0x0000000005290000-0x00000000052A0000-memory.dmp
memory/5788-1309-0x00000000733D0000-0x0000000073B80000-memory.dmp
C:\Windows\Installer\MSIAB8E.tmp-\CustomAction.config
| MD5 | 8c22d283225f3bdb8e36522c359796f9 |
| SHA1 | cec5168b62bc7d39930e0843a0a285c3d89ed23e |
| SHA256 | 5d6fd5049f33ac6b16ec0431787fa61c66630ba1916bb4c70f3f6b5844b74ecb |
| SHA512 | 826550987a6140b870894c02c20f1c890e187c5919fc60f5fe3fe962fc87bfcc3879ee1de6141d679aa85f6cf52f8be88a9b23a8d43b8561b6b70baf138ada3e |
memory/4884-1320-0x00000000733D0000-0x0000000073B80000-memory.dmp
C:\Windows\Installer\MSIAB8E.tmp-\ScheduledTasks.dll
| MD5 | dd5f7ed946b30cac2d7755da3634a04b |
| SHA1 | b976bcc060e91d061b8f918beff2938685bea187 |
| SHA256 | 500c1329753dc83864c963cbe1ef4539cc97c8e0d8aaf4a2f3830b31c320c983 |
| SHA512 | dfc858bfc337bb8034fd46bda4b019b6e061f0a9755caa1df838202b28e7401df015d18795ee7cce004f2361928a46d7754a970cc8f06d590854309b284b3d78 |
C:\Windows\Installer\MSIAB8E.tmp-\Microsoft.Deployment.WindowsInstaller.dll
| MD5 | 1a5caea6734fdd07caa514c3f3fb75da |
| SHA1 | f070ac0d91bd337d7952abd1ddf19a737b94510c |
| SHA256 | cf06d4ed4a8baf88c82d6c9ae0efc81c469de6da8788ab35f373b350a4b4cdca |
| SHA512 | a22dd3b7cf1c2edcf5b540f3daa482268d8038d468b8f00ca623d1c254affbbc1446e5bd42adc3d8e274be3ba776b0034e179faccd9ac8612ccd75186d1e3bf1 |
memory/4884-1321-0x00000000026C0000-0x00000000026D0000-memory.dmp
memory/4884-1322-0x00000000026C0000-0x00000000026D0000-memory.dmp
memory/4884-1323-0x00000000026C0000-0x00000000026D0000-memory.dmp
memory/4884-1330-0x00000000733D0000-0x0000000073B80000-memory.dmp
C:\Program Files\Softland\novaPDF 11\Server\AgileDotNetRT64.dll
| MD5 | d42e32b0adf0baf6536920dafd8b13bc |
| SHA1 | 2241261f7b30f6de155632a1af16e95781c5b705 |
| SHA256 | 42a95d297d6526ad2e21125631f59da5bd1424686a081edca3665ab197820ddb |
| SHA512 | bb0f4c260abeb2d015b4f138ca16a186e9fc4bbd0a441796abe6e7cea2bb00485d8e48fe43d2c883d551a2cb290ce792df6e73b6380e5cdeb7344abba503acb2 |
C:\Program Files\Softland\novaPDF 11\Driver\BouncyCastle.dll
| MD5 | dc85435365bca32b99fc4e681c8c09f1 |
| SHA1 | 61e77d3437f53b09117042e5e7f96b9a7d54ba22 |
| SHA256 | 61060f1cba20f37f2ad50d71f2fd8db0d382a77aa2014e88b9a41cbde478f0d5 |
| SHA512 | de816f2b72d43efe50f1e8eb6cfac8d8fc80ccb6aadc8e80a75efcf57d288626f8df5e8bbe338332ed7cd2ffa8b808d1677f61b692e93b6be6d734bc7f4d5b2a |
C:\Program Files\Softland\novaPDF 11\Server\ServiceClient.dll
| MD5 | 926b86c561d18515897004d215210d07 |
| SHA1 | 5bcfa1ff586f3c6122a223001948574917e90228 |
| SHA256 | 1a77a7faa537031109afc5f36cb4fa3b7dc1bccb801ba03055de035d0155a230 |
| SHA512 | 2a714186d3d3d0d5fef164091d7b99f6995495f99929d4b69d87187352388771d4974c7aba4482d848e847795b050a285c494b1d16a2e7b5854d3b0a75fd67ca |
C:\Program Files\Softland\novaPDF 11\Server\CryptUtil.dll
| MD5 | 79eb306c590d009aeb2b48dc47dfbcde |
| SHA1 | f00811fe04831aac6ac8f381da1a4c92ae6852fd |
| SHA256 | 74f1adca683560323eca0202724d90cbcb9c99e412b3271f93c71c215355a048 |
| SHA512 | 4285c9c9fbd22ebe5fc56598f6bcd6c369ae2decdf1ffffd12f90dea472f73d3b7265822dc7493b8163005507ba11bcc4fb910b7f8e1bdc4be6ec1e9bb0fa918 |
C:\Program Files\Softland\novaPDF 11\Server\CryptUtil.dll.config
| MD5 | 6f4f07264a08c8ffe2c1e30a278eec3d |
| SHA1 | fb158cfe9f2c4f4667ee9e10a1f7b04f2f55796c |
| SHA256 | 31f25b058e47ffc9868badc437669874277e72eab9b97cd84f648af23ed11cd8 |
| SHA512 | d44ebbea750428b9715910b93a483485a08c001d886bac71302aa3229be5fc55a181d8230a0230e4d17a4bed548017c45118ce983e417c1161d0691d40dbeef9 |
C:\Windows\System32\DriverStore\Temp\{0dc11e67-3c5d-f646-9a53-6f45281bf67f}\nova11X64.cat
| MD5 | a5f6eecad8e7b7ada0671b9b92a8085d |
| SHA1 | 087b36dd09c42619c0b5c1fcfd2b67641f6e83f0 |
| SHA256 | 8050ab7319e858b3713b8edddf020353462e9400461c16fb4e1c839431cad77a |
| SHA512 | 5ceda6f3730481bd8f89935d115cd036e17b33dc9f90d5aaf50aec3edca1ae0ced8d3a360fe3f2067cf623aa32455a930d7c36db4b23b90af278cbd304c1dc5d |
C:\Windows\System32\DriverStore\Temp\{0dc11e67-3c5d-f646-9a53-6f45281bf67f}\nova11.inf
| MD5 | 91fe190b49af65b4e0d2fb8439e648f3 |
| SHA1 | 0e875c273fe786df8f254907f3ca4538a99113d8 |
| SHA256 | cbe2876c8591ae35da597810ad7a150fda2af0aa91b00fd41b8bd9b17940be89 |
| SHA512 | 7b3bb892894d52bc0d717327dfc9c63303c86537d107def4563a1db2868e2f106fec9a110fd34f0decaf85fbb6567a094de38dc9ca3a94ef9aa7dd12393ed834 |
C:\Windows\System32\DriverStore\Temp\{0dc11e67-3c5d-f646-9a53-6f45281bf67f}\amd64\novaem11.dll
| MD5 | 8ccbd01b8be985402d33a85f0b7685cf |
| SHA1 | b3995a77567f7bd3603869e5c6a5d7f98d7d6a69 |
| SHA256 | 185c823b983836d3d6b1e24695a3c6cdbcb496c9e63912f393533856773941b5 |
| SHA512 | 086e08ace5fb93dff4bf5825818cd1881e336784244471ab0b3aec61dec1a130c8f610bf4aae6d9af25ae34acdb00d83ef3ac6d47398c768259a7c6153ea0820 |
C:\Windows\System32\DriverStore\Temp\{0dc11e67-3c5d-f646-9a53-6f45281bf67f}\amd64\novacl11.exe
| MD5 | 14686055195ae66da87b6ae2fa13d04a |
| SHA1 | e32ae99c2eacd3201e76b1634c75b62c2218a6da |
| SHA256 | aa8652bda42197e98675512d112afde2cd211c83a48274cd24473949d784fea4 |
| SHA512 | 8933f01d2db7ff5b545552cd7ed6578edae92f7c1b569e2cc0accb794c2119b917175defdcc5309156330c61b7c7264217443daba16f36aff5848c7bd87cce16 |
C:\Windows\System32\DriverStore\Temp\{0dc11e67-3c5d-f646-9a53-6f45281bf67f}\amd64\novaui11.dll
| MD5 | 4d6b653279884ef11ee4924dbeaff608 |
| SHA1 | 10b3d0c6dd17afc0935873aa0505fb4ccc1585ea |
| SHA256 | b3eff6eef3343f7e9495fda53e02dfec5488f4d9b97c2a61b2cac460c69e11d1 |
| SHA512 | e674cf18b81a513a4ca251e24cf1b1988f476c471fcef6a5f05f378cc6d541ecabab8abd18935e07224230716a8d1edc4b8c735a22e800793a21fea5f5cd7c51 |
C:\Windows\System32\DriverStore\Temp\{0dc11e67-3c5d-f646-9a53-6f45281bf67f}\amd64\novaem11.exe
| MD5 | 23e2e514e7fd294ad859909fb917eec9 |
| SHA1 | 2b848a21e892840d04f85e6753b4b24a81188fe9 |
| SHA256 | 6997e65d81e0b1c0e9b9847db7768d7445f1fec495b889cd9dcfac95ad04223f |
| SHA512 | 0c2422c2940680b988dd7cc6b2c382e5700e25909e27f77f3a453b8170d153c82852c49f32ca26a7336b201f9c56bd5ae001bb97dadcf554f6e0b2789678c394 |
C:\Windows\System32\DriverStore\Temp\{0dc11e67-3c5d-f646-9a53-6f45281bf67f}\amd64\novaim11.dll
| MD5 | 1bdecff0b7e06c3893a0cf39e9f50f47 |
| SHA1 | 33252bb6ea615baae299a89984f374f30d17255f |
| SHA256 | 3b9fed8e1d8b50f19465a69b627ba2e39405452cd5c4b0732fb876ed64f3fab6 |
| SHA512 | f6302fe5b5781c68b609b1c0d14f7132440690e0d054f016574467cba0c734b924a1b6b5f4ca31325a01cdbf320ff825c76f2af488b7ff486b5bdaed4b7f3de2 |
C:\Windows\System32\DriverStore\Temp\{0dc11e67-3c5d-f646-9a53-6f45281bf67f}\amd64\novaemex11.exe
| MD5 | 42d52b013833bd609aa989d7146b06fa |
| SHA1 | 696ccd23fa2fb15aab2b2eeebee3b36d1cda00f2 |
| SHA256 | c5b76f7148fa99b3651bb32ba7e86e73907e424d0b7caf6c747717e5a54beaf8 |
| SHA512 | 8fba65a23bf97cf91653a2564ee4405625b640dc72b9a4abc4d5677e242645ab414e5f7d76d2386f42c172acbd550242e2d26ecf6810abab2a67aed7e8155d03 |
C:\Windows\System32\DriverStore\Temp\{0dc11e67-3c5d-f646-9a53-6f45281bf67f}\amd64\novaemex11.dll
| MD5 | 96442ede092a7c3d6dbb23d43b24f3b0 |
| SHA1 | 3b2560e76ca2fbd0f1c61ec755f907d097f14d6d |
| SHA256 | ab8df9eef9ed07d03299ee8ab005031521c95872f52d6a384a467cb28f3f6e48 |
| SHA512 | 85898b44b85e37b673ca172dd0b8fd9abcfb542f5de10ee3b189d033ba87d22e87b27827163c12da3c8e0a7078492a96a42870bbdbac7365fcb0b3e957bb1cfe |
C:\Windows\System32\DriverStore\Temp\{0dc11e67-3c5d-f646-9a53-6f45281bf67f}\amd64\novasv11.dll
| MD5 | 41da65d0da9abe229593ed21cb44e5b7 |
| SHA1 | c91cdd29c5101d83cada16b96d03c0a272e60e85 |
| SHA256 | a18cb763053e5f6e6003a0fc3fc3d428de10de1941e8bff8115bcb24e240914a |
| SHA512 | 8410b1262499e27fa115174576f43ee0525efbcd9194e3321b07d8a1b559bd5b9272853166cd15cfbf65ee4dbadeb998e576fbfece8c1a918d516d32b7ed88cb |
C:\Windows\System32\DriverStore\Temp\{0dc11e67-3c5d-f646-9a53-6f45281bf67f}\amd64\novapr11.dll
| MD5 | fb348264ca767844f595a957888dadb9 |
| SHA1 | fe70fe1d8d07ad672b691daca63d3b8c650208dd |
| SHA256 | 7a6ef493193243c0fd61909b61d2745c9759026dfd4d74a429245ef362229a4e |
| SHA512 | 42f0c86ce869d0b05f067b3d37983b41c065e0f4cd6a31df4379b7d4d71baa86bc00a249aee4927ba765cda33b41e0ef76ddbd80bdbf80cc79e9e1f83c43757a |
C:\Windows\System32\DriverStore\Temp\{28e9340e-b300-814e-a8a9-47f62340a87c}\nova11X86.cat
| MD5 | 6de8dd490d9fc1d9715033c80759cc99 |
| SHA1 | 4bb7709660fff1aaf8445fe7e48f814fa2294225 |
| SHA256 | 1cdae11c364ace04f9524fc5978fd3850f03348884aeb2734740c2cb73c25fd3 |
| SHA512 | 6f6d80685188b80fe61883e305c8acb3f006a50ac0f2dd9f622d01266cad3a7590f05b0d22a57556d8b2d17bf30e01538fdcaba5cc1b5f59f0cd853f3b5e4a68 |
C:\Windows\System32\DriverStore\Temp\{28e9340e-b300-814e-a8a9-47f62340a87c}\i386\novaemex11.dll
| MD5 | 7f300c451428982bf8479a3f3c677afe |
| SHA1 | 8f5ddafd6370f6ed7bc5b35ec4e864a144276825 |
| SHA256 | 3341b2a86032a9304c0d13cc46d7ed331f2ac15820263461e2b2d51372b962ff |
| SHA512 | bc944844f65cdffaaa87dd2e718fa7c94cee7463ec31e0c7d3824cacec2636fd728848f262eee4d5f67a78ff8ad04a254ace24d7b52dce971528374912fc9300 |
C:\Windows\System32\DriverStore\Temp\{28e9340e-b300-814e-a8a9-47f62340a87c}\i386\novaemex11.exe
| MD5 | e18a352b75666835a556629a66c57a1d |
| SHA1 | 91a0ff49d45b69ea8eb04b080597c41051c24754 |
| SHA256 | a50ff813c85b8eddd0ae07efd2cee184b3b9d2af06f70bbae2e26481f94900a7 |
| SHA512 | edcdeec850b2625a79de5ef9b4968781c8f715034ab43998ad7ace71659c9accf658470db439d8fc027f5e7b487a0f8d87f221fd020f98c96b9910a2e825ca76 |
C:\Windows\System32\DriverStore\Temp\{28e9340e-b300-814e-a8a9-47f62340a87c}\i386\novaim11.dll
| MD5 | f67b251ab18f01d4ef5275fdcd994000 |
| SHA1 | 5882d8a0fcb66117c9919fdbcd67d2e51fb6f8b2 |
| SHA256 | 6093a95970ed1e951aa95a877c38e149ba204ea2b8ec5515e1e7e640eb57d3bd |
| SHA512 | f833fc7eabae459dde3f1cf17baf3cd263313ea549e20dbedba50331defdfb97af9db12af0085c85c0dc57be6789fb39b36b519c5d790b6a29107bbe8b1aeb82 |
C:\Windows\System32\DriverStore\Temp\{28e9340e-b300-814e-a8a9-47f62340a87c}\i386\novaem11.exe
| MD5 | feda75a36a9002529914d5ffc2168eb2 |
| SHA1 | 272e987bf685bc1fead0146bf3eb648474ca873c |
| SHA256 | 52dd4601caa5625f054cc1c6c62abcf9235f661e1fae75028153aa81dbefa68c |
| SHA512 | 416feabb4a3edc7862b53c9cdd7eddad5a32a2c17e417697f97985506bd0dacb45eb6689659f317696a558ab67f377735d5ff548d6ec991a80f62486f394f90a |
C:\Windows\System32\DriverStore\Temp\{28e9340e-b300-814e-a8a9-47f62340a87c}\i386\novasv11.dll
| MD5 | cd2423e7df0c8d97bed62671be2f67f6 |
| SHA1 | 8b2049d3eb28b69d2eaee8d624c945f500fd4d5e |
| SHA256 | 8a5fac5b90ed7452d2be2cf7ef9f3e71c12b2b88e9168153b71ffd64d945ecd8 |
| SHA512 | 3cbc6a1b3efa71b615579f8c9a9794002d7c16567e51be2beb435f997d9304d4f4fe9cf485e00931b10c3920529fb40ced9c7aeedb8873fe2ba1033deb304203 |
C:\Windows\System32\DriverStore\Temp\{28e9340e-b300-814e-a8a9-47f62340a87c}\i386\novapr11.dll
| MD5 | faa54cb7611e70471f4efec5bd9ab6df |
| SHA1 | f5d5c231dad1dc5dfba834a41de742d3118a4812 |
| SHA256 | b68d23d72f441afdd954c2a0952e0d145f97725b9f820166626f0d7207d6c4c4 |
| SHA512 | 39fb6831b326915392184bb24861af5357ab3d0bcb202c0472cf28cc71e63dd5a34420e2e22ece1e15f0b0e737aa0a2df2169dd580f1165d95e10135f6de6142 |
C:\Windows\System32\DriverStore\Temp\{28e9340e-b300-814e-a8a9-47f62340a87c}\i386\novaui11.dll
| MD5 | b7d9ec478bb5eb1cc37c3c64b7ad41a9 |
| SHA1 | 5417ff9b6ac444ef0dfd6159593fc6767aeae8e6 |
| SHA256 | ba9e7c9cfb567e7c8632d48d7d2a72d2911f2761f03c0241ffa369d80dae8188 |
| SHA512 | 1a3a83518e8bd52d88513074c3d2faf7ec81bbe8d078a04ca35ffbe087d963e02671a302099ed99d239369e8cdef6d0f04baed28fe0746405b00d52c851de376 |
C:\Windows\System32\DriverStore\Temp\{28e9340e-b300-814e-a8a9-47f62340a87c}\i386\novacl11.exe
| MD5 | bd37b8a3e631fa00c8669a4f843356f5 |
| SHA1 | 358f92e2c3e8a072c5e030d93dfe423e1135f08c |
| SHA256 | 3d2d183857a62eeaacc992f9cca0c4fa02cb73bc0eea4c91fe708d3b24ffcd58 |
| SHA512 | dd02ada855b6b51cfe062355b836c6f941feda6b210cda6d78e201ec487074c3030a3bf051ffd2b0f11603cda5874c15b53379c310a006f477243529a903c971 |
C:\Windows\System32\DriverStore\Temp\{28e9340e-b300-814e-a8a9-47f62340a87c}\i386\novaem11.dll
| MD5 | c237a6dd328624dcc34c5e7b24da2152 |
| SHA1 | c96faf4d9e703926abf1c210afd69e1e2c835072 |
| SHA256 | ef87855852b486baab730731d0e2602d1d8f830872e9ffc8ad7deaae5d3f2896 |
| SHA512 | 070de9111c179fb8e7b4ce259e275504b3a391eaf2a4bd7eb0f44199cc6703720aa0abf28f2442fcd0a633de7e0276580a09132310472ce9d0888a4373a57512 |
C:\Windows\Installer\MSIE8A1.tmp
| MD5 | 93394d2866590fb66759f5f0263453f2 |
| SHA1 | 2f0903d4b21a0231add1b4cd02e25c7c4974da84 |
| SHA256 | 5c29b8255ace0cd94c066c528c8ad04f0f45eba12fcf94da7b9ca1b64ad4288b |
| SHA512 | f2033997b7622bd7cd6f30fca676ab02ecf6c732bd44e43358e4857b2cf5b227a5aa6bbbf2828c69dd902cbcc6ff983306787a46104ca000187f0cba3743c622 |
C:\Windows\Installer\MSIEC8B.tmp
| MD5 | b2e2c24ebce4f188cf28b9e1470227f5 |
| SHA1 | 9de61721326d8e88636f9633aa37fcb885a4babe |
| SHA256 | 233f5e43325615710ca1aa580250530e06339def861811073912e8a16b058c69 |
| SHA512 | 343ea590c7f6b682b3b3e27fd4ab10ffeded788c08000c6dd1e796203f07bf9f8c65d64e9d4b17ce0da8eb17aaf1bd09c002359a89a7e5ab09cf2cb2960e7354 |
memory/4140-1987-0x000001F92C800000-0x000001F92C810000-memory.dmp
memory/4140-1988-0x00007FFB19950000-0x00007FFB1A411000-memory.dmp
memory/4140-1989-0x00007FFB14AB0000-0x00007FFB15263000-memory.dmp
memory/4140-1990-0x00007FFB14AB0000-0x00007FFB15263000-memory.dmp
memory/4140-1991-0x00007FFB1B630000-0x00007FFB1B77E000-memory.dmp
memory/4140-1992-0x000001F945B30000-0x000001F945B7E000-memory.dmp
memory/4140-1993-0x000001F945BF0000-0x000001F945C58000-memory.dmp
memory/4140-1994-0x000001F92D0A0000-0x000001F92D0B0000-memory.dmp
memory/4140-1995-0x000001F92D0B0000-0x000001F92D0BC000-memory.dmp
memory/4140-1996-0x000001F945BD0000-0x000001F945BE2000-memory.dmp
memory/4140-1997-0x000001F946520000-0x000001F94655C000-memory.dmp
memory/4140-1998-0x000001F9465B0000-0x000001F9465F6000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\novaPDF_11_20240308052752_ManagePortMonitor.log
| MD5 | 77354652d1683687fd51026e1d8b1656 |
| SHA1 | 1ada1191e1bf533374c65a7507000f01686b4bbf |
| SHA256 | 7b2eab4a49ef9be1032c253eaf12067153d605a2fe8aafff3a7726df28ae4007 |
| SHA512 | ee29b3ec133bb14b7db08885138257f81c3a6fc9031fec5c0b1ddacf402d897baf3f4be745103f7d3326e428cfd061ffc8f19ab5311f869016996caa50d9a1c3 |
memory/4140-2009-0x00007FFB14AB0000-0x00007FFB15263000-memory.dmp
memory/4140-2011-0x00007FFB14AB0000-0x00007FFB15263000-memory.dmp
memory/4140-2012-0x00007FFB19950000-0x00007FFB1A411000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\novaPDF_11_20240308052812_ManagePortMonitor.log
| MD5 | 0913109ae7ea64521c13bcdb1a2db25d |
| SHA1 | 4ceba6b77d13d67964fa945e8500e33a22ab58fa |
| SHA256 | d6e2640d193749ec6136d71b4dfbd277194e750b52f77d176ef7e6b1ed2125d5 |
| SHA512 | ea9322253d391f602994503b68fbf24d7e63dc37ddd4b21d71c0855163419d95f3c92156546552865e66be90288286aeb0c36450dd0729f1f1eb3dd3b765ddd2 |
C:\Windows\Installer\MSI5328.tmp
| MD5 | 956bfe0a399d724c29a29104d5b3429a |
| SHA1 | 2590ca6819fb7036cec6a9c492031f917bbf0e1c |
| SHA256 | 07c7db69ff3e39330d818ad1765ebf644a945fedf9467234da28f585b55b7ab2 |
| SHA512 | c00ac44c3b34fdcff3bff8d47ee85ae85c629010fd0dadfc1b25fb8764df23abd143c65a60e08f05b388cbc5c1849935d608e4156604732e2987615304210f16 |
memory/4140-2035-0x000001F945B20000-0x000001F945B30000-memory.dmp
memory/4140-2036-0x00007FFB14AB0000-0x00007FFB15263000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\novaPDF_11_20240308052814_ManagePortMonitor.log
| MD5 | 307afa3ce8d001b21e3e530cb95e8adb |
| SHA1 | ed759d5cc4064ec0b7d5342ec9fcea39e315acdf |
| SHA256 | 1e2cd1b09a42597a490ba4a1f1eb14732ad89fb0d302c3b9fc4a912a622a5154 |
| SHA512 | a9d3f80486dc21ebfb1983cb6535f50a80f5965916b1aed067d1203d303b453a67b8d4bdd1089d4c9d35bae48bc4ad1145d80803918ceba3cc109b58aa3ace0f |
memory/4140-2049-0x00007FFB14AB0000-0x00007FFB15263000-memory.dmp
C:\Windows\Installer\e5a52c2.msi
| MD5 | 626d77475cc29cdbed79003704e3fd1d |
| SHA1 | ab65f26475c2866e7022149625acce945bc082b4 |
| SHA256 | c0d21283964616b59b44505dd3a10877b3ad2ad12a45e2eae7ffd3c994179662 |
| SHA512 | 8286ccb0def3bb6180b263d223437afad2a44afe27098ebfeb7e67c3092a5424297fd8952402fab4aea2e162bcd9f9caa331b142612de297f2ccba4e4bce1abe |
C:\Config.Msi\e5a52c1.rbs
| MD5 | 32dd1f80845a1ca624a5b9cb8d99d0eb |
| SHA1 | e626dde24c88877e5f6e06b6d8e9e06ed586ff2b |
| SHA256 | 01fb518f91747147c53a2bab2a35e32e5c1043471e889c722044d76b5410a13a |
| SHA512 | c05ade4d048af7afff9dda8f9759d964fc6687199083f9d0e60513a1c1ce9599dc1d449bcd361f8d87654e994b1b4f648b5dd34d8180e585595d0bda05010b2c |
C:\Windows\Installer\MSIB1D5.tmp
| MD5 | a3ae5d86ecf38db9427359ea37a5f646 |
| SHA1 | eb4cb5ff520717038adadcc5e1ef8f7c24b27a90 |
| SHA256 | c8d190d5be1efd2d52f72a72ae9dfa3940ab3faceb626405959349654fe18b74 |
| SHA512 | 96ecb3bc00848eeb2836e289ef7b7b2607d30790ffd1ae0e0acfc2e14f26a991c6e728b8dc67280426e478c70231f9e13f514e52c8ce7d956c1fad0e322d98e0 |
C:\Users\Admin\AppData\Local\Temp\novaPDF_11_20240308052839_CustomActions.log
| MD5 | e7f3fbb6c3431319bdd98377da910ec4 |
| SHA1 | 4455dadf72528c907c4ce4a3f31d7fc5306401a3 |
| SHA256 | 3b1cef0f3f7482ba41596562d8b03e15428ea2abc34725d19041cb0d5f559986 |
| SHA512 | 32d7473b267cc98cb4c75e508a38d7bdf6c0f4ae98526134b0bff6950d50d7b59b2ece11f22b9db36a68b0f68226eb9d48e80035ba4a7b8e28243faf3c03b3d3 |
C:\Users\Admin\AppData\Local\Temp\novaPDF_11_20240308052844_CustomActions.log
| MD5 | 95cfe8fe72220c32bc5e50c26eb12546 |
| SHA1 | d8fbdea5bacf54034bb2ae859669cdad4925e22a |
| SHA256 | eff2caadf68340c1f73f6d667638ffaf99480e7385986d894ed8c7c5264e4a7f |
| SHA512 | f460c89d6273a747edc2b6c11a0da7da08c3a5b6d97e623cc21c1e0d99b4a9c7af17b0a1de00b355d1c3b995cb9cfc0c6e1f7f0cf6f09e3b0654fd76e4a422fd |
C:\Windows\Installer\e5a52c7.msi
| MD5 | bc43a6bafd37ed27d84a0498b3a4fe93 |
| SHA1 | 79934402f282e4f57a6f1552b91c220593c8055d |
| SHA256 | 7003644b51f7862ace42be93dfb3d289f7c7e6e54b72030114f8c636cd6b0047 |
| SHA512 | a0cb630f1b43ca6e3cc82690fcdab40e8e9113f0aa6380c3925991685a81fd2360811bc2e1328a5d37618186a64b71158f562dfd8247631af3f02edf6fc07ccc |
C:\Users\Admin\AppData\Local\Temp\novaPDF_11_20240308052845_ManagePortMonitor.log
| MD5 | 576035728b33596a52a4779221d313f1 |
| SHA1 | 42cebfa7fc021dc570bc6d93a04c97b3240e886f |
| SHA256 | eb99221522e0f659ea96f6fabc461033d8b157b2ed75ff5499457b31ae0f3e92 |
| SHA512 | d7ff1ceaf464c36176c0859474a78d511c024b8a7091adff24f7ebf8cb08424639963d26d85faa387c4b8e1e806e8303447ea078e27b04bff8106e8bee2b1ca0 |
C:\Users\Admin\AppData\Local\Temp\novaPDF_11_20240308052845_ManagePortMonitor.log
| MD5 | a5c6436b04d2c0de9810df6a7a8adf9b |
| SHA1 | 20dfb90ec7e4a6305d653aee7322ade3762cd6bb |
| SHA256 | 959910fb0f52faa11d16fd2feb133dd4738cd04300eeabd4947989ff18489c33 |
| SHA512 | 6807899423524cbb820e8c19a7fce7ebadbae9a51bfef694b61117ea919d7c83ef059a355745f6df4fd7a0170d1138c0f45f419bfe2a170e967bf3dfed2103de |
C:\Windows\Installer\MSIE9A4.tmp
| MD5 | 32fadfa508e7c769f951cc9ce3e42a97 |
| SHA1 | ae911ba3f76217202d1f0a4dc1f9f5f1ced3b3e3 |
| SHA256 | aa30bc1a87dd1514a3b7f781f40fc465dbf215f55733cca48f8666aca2364ebe |
| SHA512 | 768f171a53388995c4ad5e2280f0f5b6f01bba04db91fb53f068cd63e69c510618852eb36ccf57238d6d3b8a15ab5ad0a35094f479822792ee763901076fa748 |
memory/992-2236-0x00000000733D0000-0x0000000073B80000-memory.dmp
memory/992-2238-0x0000000002250000-0x0000000002260000-memory.dmp
memory/992-2239-0x0000000002250000-0x0000000002260000-memory.dmp
memory/992-2240-0x0000000002250000-0x0000000002260000-memory.dmp
memory/992-2241-0x0000000002250000-0x0000000002260000-memory.dmp
memory/992-2248-0x00000000733D0000-0x0000000073B80000-memory.dmp
memory/2776-2260-0x00000000733D0000-0x0000000073B80000-memory.dmp
memory/2776-2261-0x00000000047E0000-0x00000000047F0000-memory.dmp
memory/2776-2263-0x00000000047E0000-0x00000000047F0000-memory.dmp
memory/2776-2264-0x00000000047E0000-0x00000000047F0000-memory.dmp
memory/2776-2265-0x00000000047E0000-0x00000000047F0000-memory.dmp
memory/2776-2262-0x00000000047E0000-0x00000000047F0000-memory.dmp
memory/2776-2272-0x00000000733D0000-0x0000000073B80000-memory.dmp
memory/3976-2290-0x0000000000400000-0x000000000047D000-memory.dmp
memory/1580-2308-0x0000000000400000-0x000000000047D000-memory.dmp
memory/640-2314-0x0000000000400000-0x000000000047D000-memory.dmp
memory/2184-2336-0x0000000000400000-0x000000000047D000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-03-08 05:23
Reported
2024-03-08 05:28
Platform
win11-20240221-en
Max time kernel
300s
Max time network
264s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133543490379514445" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://extra-ram.soft112.com/
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x104,0x108,0x10c,0x100,0x110,0x7fff6c619758,0x7fff6c619768,0x7fff6c619778
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1672 --field-trial-handle=1840,i,9251596975918166242,1396278197369055692,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2100 --field-trial-handle=1840,i,9251596975918166242,1396278197369055692,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2168 --field-trial-handle=1840,i,9251596975918166242,1396278197369055692,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3084 --field-trial-handle=1840,i,9251596975918166242,1396278197369055692,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3092 --field-trial-handle=1840,i,9251596975918166242,1396278197369055692,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4928 --field-trial-handle=1840,i,9251596975918166242,1396278197369055692,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5144 --field-trial-handle=1840,i,9251596975918166242,1396278197369055692,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5272 --field-trial-handle=1840,i,9251596975918166242,1396278197369055692,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3704 --field-trial-handle=1840,i,9251596975918166242,1396278197369055692,131072 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | extra-ram.soft112.com | udp |
| US | 209.222.98.21:443 | www.soft112.com | tcp |
| US | 209.222.98.21:443 | www.soft112.com | tcp |
| US | 8.8.8.8:53 | 21.98.222.209.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 173.178.17.96.in-addr.arpa | udp |
| US | 209.222.98.21:443 | www.soft112.com | tcp |
| GB | 172.217.16.238:443 | fundingchoicesmessages.google.com | tcp |
| US | 209.222.98.21:443 | www.soft112.com | tcp |
| US | 209.222.98.21:443 | www.soft112.com | tcp |
| GB | 216.58.201.106:443 | content-autofill.googleapis.com | tcp |
| GB | 216.58.204.66:443 | googleads.g.doubleclick.net | tcp |
| GB | 216.58.204.66:443 | googleads.g.doubleclick.net | tcp |
| US | 13.107.246.64:443 | www.clarity.ms | tcp |
| GB | 172.217.16.238:443 | fundingchoicesmessages.google.com | udp |
| GB | 216.58.201.97:443 | lh3.googleusercontent.com | udp |
| GB | 172.217.16.238:443 | fundingchoicesmessages.google.com | udp |
| BE | 108.177.15.154:443 | stats.g.doubleclick.net | tcp |
| BE | 108.177.15.154:443 | stats.g.doubleclick.net | tcp |
| US | 216.239.32.36:443 | region1.analytics.google.com | tcp |
| GB | 216.58.204.67:443 | www.google.co.uk | tcp |
| GB | 216.58.204.67:443 | www.google.co.uk | udp |
| GB | 142.250.178.4:443 | www.google.com | udp |
| GB | 142.250.178.4:443 | www.google.com | tcp |
| US | 20.119.174.243:443 | r.clarity.ms | tcp |
| IE | 68.219.88.97:443 | c.clarity.ms | tcp |
| US | 8.8.8.8:53 | 10.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.15.177.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.32.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | c.bing.com | udp |
| US | 204.79.197.200:443 | c.bing.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 20.119.174.243:443 | r.clarity.ms | tcp |
| GB | 216.58.204.67:443 | www.google.co.uk | udp |
| US | 192.178.49.3:443 | beacons.gcp.gvt2.com | tcp |
| GB | 216.58.204.67:443 | www.google.co.uk | tcp |
| US | 20.119.174.243:443 | r.clarity.ms | tcp |
| US | 192.178.49.3:443 | beacons.gcp.gvt2.com | udp |
| GB | 216.58.204.67:443 | www.google.co.uk | udp |
| US | 192.178.49.3:443 | beacons.gcp.gvt2.com | udp |
| US | 20.119.174.243:443 | r.clarity.ms | tcp |
| US | 20.119.174.243:443 | r.clarity.ms | tcp |
Files
\??\pipe\crashpad_1376_UHGJYZNDDWCJKYMA
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
| MD5 | 99914b932bd37a50b983c5e7c90ae93b |
| SHA1 | bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f |
| SHA256 | 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a |
| SHA512 | 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 8564b856d9e05bffbee6fde285e7644b |
| SHA1 | 057808b90ea03815cb2c0260f989f157eb04d702 |
| SHA256 | 48bf3dd4070c98ff56171cc33eba8296a3d84dfb7d583285154a5bcc250826ed |
| SHA512 | fca7f58ae0be2d6221fe587c3f55555b74ba91853632c817d14af8419ad802162d08a4e09a643a0ee282eddd4811aaf638317aba91dd50994fe7ff693caed4e9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 20d6c2902b52d1a61e253d2eea98bcd4 |
| SHA1 | 6d5be65488a5af05e7055a9036e7e359e9d43662 |
| SHA256 | bde227061cc77ffac04a083570f2d7433109c449cd47e2b27953d5d293f47b30 |
| SHA512 | 02073f3cc5aafc8e4f6f54d23727fad081ee44ffd862d1d5eb23f0b165cb801d6a8d35fd26cc62c70e7ed5edff9f6476ce1751b4c8f2d371f50598787227e838 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 491c5c1f6c1a36c507861a8ac893a1bc |
| SHA1 | ccb441769c9e286778cfd0bfe25154037a1f06f8 |
| SHA256 | dbebdc8e9273e274fc248d3c5be68d629aa19486443c44672b47dd212f8bab2b |
| SHA512 | fe9bf32cdc025dcee13652ae6e73b0d185d31f278ebc0e651f793aa7a0f7c9c7f7200325a814b144764b41516aba486aceaecf067c03ef9e5e7cf11da02d0138 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | d9d567206d5bbde485c71ae12c7b11f0 |
| SHA1 | 0d6def29daab459239a0a05db07566dfbe543531 |
| SHA256 | 1bf4b27b829cc790f41e1b4fa0da7ea56c44c545c9133d195e64378676b5b662 |
| SHA512 | 4dc1e58518479ea9badbd0fc0d2ac866d690839c876bb8c507507a3441336b3a2091e657e0834eb374c0ca949ba4509e12c6ff179422678bc18a08b03b406117 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | f99921233d0215c84710a79f0e25f4de |
| SHA1 | 0da5015ca5e2c3f870224a5bdfec451f02db85fe |
| SHA256 | 179d6fca661aca68334a1938562acfeadd6767d7774bd44df4d77296db21e411 |
| SHA512 | 35bd721dff64ce555d1ae3fa2b095059f20e7532516a08033192dbbf6af48aff70f2a9d159c06507f3b2dfe2f8f810580544aa8a16826fbcc8b0d4246422e17a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 99ae28a9c58643c56de9b6e3a09b1339 |
| SHA1 | 604308191c67cac297dd12d7d534aeaf81c17d96 |
| SHA256 | caacc247ed461492d7d5f9cabf4ce4b5392882a9047afa320741bb840722b9d8 |
| SHA512 | 1069736a4f903ab86c2fa787580eea693e9bec8982b8fb49ad9016a0cde886d3c85843549d713b00526b745856b1e9e761ca16e670dcece78280e640c25f8932 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 9e1107726d4d4ec01e1b8cec6e45795f |
| SHA1 | 0ea4d0797b3a6746517f2639da74ad2f47f3735a |
| SHA256 | 73acc1854fa9fb0dc5b6e6cd3bbbe6252c7408c7714e05fa17a3aee08c0c4985 |
| SHA512 | 4b352a99f0bf6c10b80b5f3af006387d96c581efc3e008303ddd46d8236478ff0033c911307e398c7b961193746133abe8adecb67a40f093f626ceaf08137d3b |