Analysis Overview
SHA256
af09248cb756488850f9e6f9a7a00149005bf47a9b2087b792ff6bd937297ffb
Threat Level: Likely malicious
The file advbattoexeconverter.exe was found to be: Likely malicious.
Malicious Activity Summary
Drops file in Drivers directory
Manipulates Digital Signatures
Downloads MZ/PE file
Loads dropped DLL
Reads user/profile data of web browsers
Registers COM server for autorun
Executes dropped EXE
Checks computer location settings
Enumerates connected drives
Checks installed software on the system
Checks for any installed AV software in registry
Drops file in System32 directory
Drops file in Windows directory
Drops file in Program Files directory
Enumerates physical storage devices
Unsigned PE
Checks SCSI registry key(s)
Modifies registry class
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: LoadsDriver
Uses Volume Shadow Copy service COM API
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Modifies data under HKEY_USERS
Modifies system certificate store
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-05-15 18:40
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-15 18:40
Reported
2024-05-15 19:03
Platform
win10v2004-20240508-en
Max time kernel
466s
Max time network
529s
Command Line
Signatures
Downloads MZ/PE file
Drops file in Drivers directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\system32\drivers\isedrv.sys | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.001\bin\ise_installer\isestart.exe | N/A |
| File created | C:\Windows\system32\Drivers\cmderd.sys | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\system32\Drivers\cmdGuard.sys | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\system32\Drivers\cmdhlp.sys | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\system32\Drivers\inspect.sys | C:\Windows\system32\msiexec.exe | N/A |
Manipulates Digital Signatures
| Description | Indicator | Process | Target |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\6CD253D636A7B4D0E0981431BC064061A9853ED9\Blob = 0300000001000000140000006cd253d636a7b4d0e0981431bc064061a9853ed920000000010000001b06000030820617308204ffa003020102021032327facb1bd6f1fa93473ccc515fd82300d06092a864886f70d01010b0500308191310b3009060355040613024742311b30190603550408131247726561746572204d616e636865737465723110300e0603550407130753616c666f7264311a3018060355040a1311434f4d4f444f204341204c696d69746564313730350603550403132e434f4d4f444f2052534120457874656e6465642056616c69646174696f6e20436f6465205369676e696e67204341301e170d3138303132343030303030305a170d3231303132333233353935395a308201153110300e060355040513073339313038303531133011060b2b0601040182373c0201031302555331193017060b2b0601040182373c020102130844656c6177617265311d301b060355040f131450726976617465204f7267616e697a6174696f6e310b3009060355040613025553310e300c06035504110c0530373031333113301106035504080c0a4e6577204a65727365793110300e06035504070c07436c6966746f6e311a301806035504090c11313235352042726f61642053747265657431283026060355040a0c1f436f6d6f646f20536563757269747920536f6c7574696f6e732c20496e632e3128302606035504030c1f436f6d6f646f20536563757269747920536f6c7574696f6e732c20496e632e30820122300d06092a864886f70d01010105000382010f003082010a0282010100b7713778a66667b8cd67f828f378f80a5507c4e8aa143cfd5b9b953ab16d04a965dcd386a35efe8378c1e0e5ceaf124f188102958962014e493cd80f11fc2ba339953a8bb71a9f030ebbe8742b4252ab465a2d41a829508a9eef5d34d171fcf0b5be026fe15e1a70288b2ecd4af1332924d53c0eefe5c7033482769cae8b5c5e8d59033fac40e94d714c5cd05e8db6f0edb71bb26565d52a025f35323203e9a7846d00a235f973d1e43f29a81dcd1bfef625d373f94a51cc8d2be8ee69702a73a694da69d9b0fbae7d1dee353683a2037a2019b9260a1b53f6c89d945b384c275670bdfac333301504af00749373356a1e7a422eb9363bdab713f9ad6b5bb1970203010001a38201e2308201de301f0603551d23041830168014df8ff3200ce9caa604d85b58372a3dab46dc8349301d0603551d0e04160414e18081b3e9396b7109e8b2add6c3d20ebf4b4814300e0603551d0f0101ff040403020780300c0603551d130101ff0402300030130603551d25040c300a06082b06010505070303301106096086480186f842010104040302041030460603551d20043f303d303b060c2b06010401b2310102010601302b302906082b06010505070201161d68747470733a2f2f7365637572652e636f6d6f646f2e636f6d2f43505330550603551d1f044e304c304aa048a0468644687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f434f4d4f444f525341457874656e64656456616c69646174696f6e436f64655369676e696e6743412e63726c30818606082b06010505070101047a3078305006082b060105050730028644687474703a2f2f6372742e636f6d6f646f63612e636f6d2f434f4d4f444f525341457874656e64656456616c69646174696f6e436f64655369676e696e6743412e637274302406082b060105050730018618687474703a2f2f6f6373702e636f6d6f646f63612e636f6d302e0603551d1104273025a02306082b06010505070803a01730150c1355532d44454c41574152452d33393130383035300d06092a864886f70d01010b050003820101004bc17929ea82f3c4787f7b29b69edb09e169797a9f4cd233f035412d2b9c586e352d2c0d1cd530a946a91ccd8858453573f0b45a0cdc743d662af4761420489adadbd9a84915b697f96ed1e49786c53000eb12555d3b2957eec18279326020737e2e3e4d621856026169ad6f6cf18ee7b59d5b6a7e6d8c252fa1a15363ec89a6efe5efdf4b260ad35c6a0e1db0250d1eb66ea7b91f15e0f57ecc0541e1ad74a2069f717dec0b1f03101b6812c13f64264f8c40a3614ffb8ccabedb974cda14eb50c061d5cd23dc7735cd0bcfdcef3fd178c1f95594a591031d05c8554cb5fe6fd23cb95931bf847f5b525a269aeac0336313e8f6e81ccb1692d86993724f709e | C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\D70D7D00CA12E1B3E20F3BF7534DEB2C2E7C2404\Blob = 030000000100000014000000d70d7d00ca12e1b3e20f3bf7534deb2c2e7c24042000000001000000530500003082054f30820437a00302010202102f9f0a1d6764b5a6378747247087ba73300d06092a864886f70d01010b0500307d310b3009060355040613024742311b30190603550408131247726561746572204d616e636865737465723110300e0603550407130753616c666f7264311a3018060355040a1311434f4d4f444f204341204c696d69746564312330210603550403131a434f4d4f444f2052534120436f6465205369676e696e67204341301e170d3138313231313030303030305a170d3139313231313233353935395a3081b8310b3009060355040613025553310e300c06035504110c0530373031333113301106035504080c0a4e6577204a65727365793110300e06035504070c07436c6966746f6e3112301006035504090c095375697465203130303116301406035504090c0d313235352042726f616420537431223020060355040a0c19436f6d6f646f20536563757269747920536f6c7574696f6e733122302006035504030c19436f6d6f646f20536563757269747920536f6c7574696f6e7330820122300d06092a864886f70d01010105000382010f003082010a0282010100c1b2eafc6255d7a7780082967ba911a65b8160e697a9c81ae0816002356644b714895808a67b22551d87b879e80d0c1bff7bd847e1486bad3c3caa8c6f3258a7311f8b03c68c9ec5947950e57a1f99f4b47b8faaf46e282f68155ae6e8f13c9c125b5eb83ae4e63ee6081d0e8aae4f090175a538422b38e0600bd94b21b313567934ee959ddd6ab7ef62bce25dada05d7de6a75cefeffdcba6a1fc8e1ef7aa6d3e5ab328732c3d31759a20d7e69cef60ac9d152041dbd85167a78329f3a80fee19ea9edb102448aa9f5774794ecb560de2faa348f278b846a2a5d8238d5e4e4cd2a82f0e37415af2dc63f34f3e179aa1cae7290b411aaf5aa6acf5404ebe98130203010001a382018d30820189301f0603551d23041830168014299160ff8a4dfaebf9a66ab8cff9e64bbd49ce12301d0603551d0e041604146c5f99825f4ba8d4c19bae5169bab32fae7816ca300e0603551d0f0101ff040403020780300c0603551d130101ff0402300030130603551d25040c300a06082b06010505070303301106096086480186f842010104040302041030460603551d20043f303d303b060c2b06010401b2310102010302302b302906082b06010505070201161d68747470733a2f2f7365637572652e636f6d6f646f2e6e65742f43505330430603551d1f043c303a3038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f434f4d4f444f525341436f64655369676e696e6743412e63726c307406082b0601050507010104683066303e06082b060105050730028632687474703a2f2f6372742e636f6d6f646f63612e636f6d2f434f4d4f444f525341436f64655369676e696e6743412e637274302406082b060105050730018618687474703a2f2f6f6373702e636f6d6f646f63612e636f6d300d06092a864886f70d01010b050003820101000f718c2aa40e9c44a95e1eca3844097ddb7fba896b5f5c73a6b9aede1d29f0e432f41c8a45ce38b1f52df73f45e67907a03ac58d407b3077b1cae246a54544ee365bcee4bf0f4cecc47b01e98d0478d8f4c93e2c582aa472577de9c67a0a8c2e37635e626258675e0e6669babee331594abed516679e8f1b14d7a65dc1b76ab33412689b135cf855335748e2d1998759e5b95f68d418d5486d385d0db7a8fa30e58e84f57bb7ec3f45efa549fab71775c822ec846545b6fc0ef1d3c2dad34940657088fc5f773a1cbe24f9228f9dd7e9611d5d682998c6041ba580a789f5571da01d6723784bbcec4fded61d0ba31e37fbc10c3dfe06169df4670c8d454019f7 | C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\31D019FC7AB697D57D9C4AFB340ED7C4D10400DF\Blob = 03000000010000001400000031d019fc7ab697d57d9c4afb340ed7c4d10400df2000000001000000250600003082062130820509a00302010202101b427b060e2866bfb586cc267e1c3eaa300d06092a864886f70d01010b0500308191310b3009060355040613024742311b30190603550408131247726561746572204d616e636865737465723110300e0603550407130753616c666f7264311a3018060355040a1311434f4d4f444f204341204c696d69746564313730350603550403132e434f4d4f444f2052534120457874656e6465642056616c69646174696f6e20436f6465205369676e696e67204341301e170d3138313230343030303030305a170d3231313230333233353935395a308201093110300e060355040513073339313038303531133011060b2b0601040182373c0201031302555331193017060b2b0601040182373c020102130844656c6177617265311d301b060355040f131450726976617465204f7267616e697a6174696f6e310b3009060355040613025553310e300c06035504110c053037303133310b300906035504080c024e4a3110300e06035504070c07436c6966746f6e3116301406035504090c0d313235352042726f616420537431283026060355040a0c1f436f6d6f646f20536563757269747920536f6c7574696f6e732c20496e632e3128302606035504030c1f436f6d6f646f20536563757269747920536f6c7574696f6e732c20496e632e30820122300d06092a864886f70d01010105000382010f003082010a0282010100ad390c8bc919005d5894a91a9585ef887fbd7c2341ff5ebb3efc6f645a66c55e6da11febce740e53ed9416284dfc7d142e4dc21f99753b5f60ae9aadc764b59efd9ffd33b20ae1c54eba629408a1b095a59cf4af0ad9db9bc494250154dcd0edefcec62e4b248d9a793b703aa15255baf3553fa59d4dc558ba4303af630bb626cd6627e0c4a45764ec3b286c38ab2499f9dc13eefdffa7841297ff533b47061b9aa3ff09ee3f04a7b10ba70894e53f3352b1f60eddfc021a66546e3392795bb6ae49a92f189ec2a7cdd9a935fab33a5ce7fc16c4b7e8ca13b4551d38a6a7c0658298a5adf5f6796675f58e1bb4ce410ff704bc5e845bc1ef83c18a0d50e137370203010001a38201f8308201f4301f0603551d23041830168014df8ff3200ce9caa604d85b58372a3dab46dc8349301d0603551d0e041604142d99b81962209042dc650eb36ec07ad996e48c4d300e0603551d0f0101ff040403020780300c0603551d130101ff0402300030130603551d25040c300a06082b06010505070303301106096086480186f842010104040302041030460603551d20043f303d303b060c2b06010401b2310102010601302b302906082b06010505070201161d68747470733a2f2f7365637572652e636f6d6f646f2e636f6d2f43505330550603551d1f044e304c304aa048a0468644687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f434f4d4f444f525341457874656e64656456616c69646174696f6e436f64655369676e696e6743412e63726c30818606082b06010505070101047a3078305006082b060105050730028644687474703a2f2f6372742e636f6d6f646f63612e636f6d2f434f4d4f444f525341457874656e64656456616c69646174696f6e436f64655369676e696e6743412e637274302406082b060105050730018618687474703a2f2f6f6373702e636f6d6f646f63612e636f6d30440603551d11043d303ba02306082b06010505070803a01730150c1355532d44454c41574152452d33393130383035811473636f742e7765697240636f6d6f646f2e636f6d300d06092a864886f70d01010b050003820101007f4d3e6594a3e380fac36b00e97ccacce4786be2ecc13cf37e737aaca0328bb8bfdcd513daff94aba1c7ee00cc8a3bd073157a812f6e31f772781d0bb922a8b86932b296c2312cdf3b239c42bb443b4b1b89b36de34a7fae65ac63eb6ead8812f8d373fa6f1a4e8d9e62eb004caae3639e41e08ed48d640b04725b09b4411dc083587e7fe24b33d90677677960efa6299cc85c4b2bfae4cdfe36581d25e029f6af1a7e77f502882d87597f3cc5bb450a71f9fd57f43b321baa4cbe5213a48a2c5b785a9de4103d5029e4db79403e98784e51379d45a86996b183469e98470731d1a603eaa443a05527aca62f51631722dc0dfe5d74c8298d2aed885d34c9be61 | C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\16232A798863E5950F9F44977A033CF91793D8F1\Blob = 03000000010000001400000016232a798863e5950f9f44977a033cf91793d8f1200000000100000016070000308207123082057aa00302010202101f734d111b4b5c879bbd5a8c49ab2a90300d06092a864886f70d01010b05003057310b300906035504061302474231183016060355040a130f5365637469676f204c696d69746564312e302c060355040313255365637469676f205075626c696320436f6465205369676e696e6720434120455620523336301e170d3231313230373030303030305a170d3234313230363233353935395a3081da311330110603550405130a3034303037353135383831133011060b2b0601040182373c02010313025553311b3019060b2b0601040182373c020102130a4e6577204a6572736579311d301b060355040f131450726976617465204f7267616e697a6174696f6e310b30090603550406130255533113301106035504080c0a4e6577204a657273657931273025060355040a0c1e436f6d6f646f20536563757269747920536f6c7574696f6e732c20496e633127302506035504030c1e436f6d6f646f20536563757269747920536f6c7574696f6e732c20496e6330820222300d06092a864886f70d01010105000382020f003082020a0282020100bf278efbb1f070dd512156b387a02946060750ffadb5b00c8a316c6254ccf52787727318f46a676cc12035adfb89cef7c4c4bbefa84627362f58e1b96b6b281fc01535419a7715dd92995ecf8deb4c8291427657bdcbee99fc260f482b91478a76bcf1c50b114be347a43c8a35091d8371e562b1c16f68370f851e037373ff9c00177845d2d5b6da2aaaf808cf9ff1a3a6eda561286e25fa2c0d7e9ae0c7f0c04e1df0baf6f5b6ac0f01940f2a14e467f77505d14c84f45121d45d5c4552ac5eb24fef6bc520ace00bac3aeab817f8fa995b3111a202397031bf4b25dd89e2ba5cf8b9b6b5a521deee25a4e6529c869873414796bbc28f6d3ed733d339b26dd10a3a0e2d43eb9815e1b33fb6a48f0ad3fe196ecb20207862249a5456601c09f1e344453cad88350bb392a74a899f716e018c40cac5fd3f9b691261e3528f51ae70a28b00271c5a540ec387e778f75a4ceabfd34f9b17d6a76481240727ba17973f3746e175ab4cae3f9b28dfad2a842a220491f66956ae90f8b44c343ccbb8cd6ae46eb19aa6f6ae55687129eb473a3111d1db67d708955afacc070e048b5aab7587a732bc77c9a66c72c604a4ae96ee00d38d492af000d6099cce5bd9b7c42554e74ad2091f79baea8cd4b92d092f89a294ebf5ddb785a39b21c1befd7faecc58a6e99022139f7120753a4cdb4b98e700a08dd850224d67c8aa811cd61d63950203010001a38201d4308201d0301f0603551d23041830168014813292412b28cd46c8c4a2c62a3912ec48a93f14301d0603551d0e041604145d9262d74ec55663e2d856b3702cca554d2809fd300e0603551d0f0101ff040403020780300c0603551d130101ff0402300030130603551d25040c300a06082b06010505070303301106096086480186f842010104040302041030490603551d20044230403035060c2b06010401b23101020106013025302306082b06010505070201161768747470733a2f2f7365637469676f2e636f6d2f4350533007060567810c0103304b0603551d1f044430423040a03ea03c863a687474703a2f2f63726c2e7365637469676f2e636f6d2f5365637469676f5075626c6963436f64655369676e696e67434145565233362e63726c307b06082b06010505070101046f306d304606082b06010505073002863a687474703a2f2f6372742e7365637469676f2e636f6d2f5365637469676f5075626c6963436f64655369676e696e67434145565233362e637274302306082b060105050730018617687474703a2f2f6f6373702e7365637469676f2e636f6d30330603551d11042c302aa02806082b06010505070803a01c301a0c1855532d4e4557204a45525345592d30343030373531353838300d06092a864886f70d01010b0500038201810000b6abcb859749fe5bea2213f31cfe6db00bb221447b7f781d40982487806bdb7b711b08b210fec553172e5492ed62cd4eb3c63f4352c33d87e3aaf9265287438c0cfa8183b68cdf6a52df3094b4fb4fc01a82e39292fc5c2525f30f5da0077e8b37879c9c33a46b34cda70fdd89e87cec6f9b320aa3ec145b2843af9ff9cdf5d7030b3b34b5e1436b06ed64f2358de7e894dc929e7d218a2c362c4b2a78f0852e9bc55fcb805c86b407879bd4d1cc8d24b3a647ad85cdbd19fd29f030e1976a5369e550b780dc853824d4f031f69afd1a4967ec5f3871443f8b55d40c6ce0049d5af7c2d6f3f1df0471e0d47daa19a010cc08489dd330c8aa036c63ec148a37b855e6e2cbe7993d3bc17459ba47251c568c80468c8c8eeef2b561903a64c54472284333302f8e957906f9fa7af48afd60d63886595389b305e9b2cae6547efc2e85a5a382e7abef4d5efcfc3e8a0320a1c7e6bd5b8b68f5a4931b5bdb6e0200e502becdd39258d1df1b7f0ead70b94c06e329ea1d9e52f32104c7c0b3a26d5b | C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\E35E6F46A1A9A4D18A4DAA298BDA4D1E8879236E\Blob = 030000000100000014000000e35e6f46a1a9a4d18a4daa298bda4d1e8879236e20000000010000005f0500003082055b30820443a003020102021100d9218e2757ec45d84ec08b3e6700c85e300d06092a864886f70d0101050500307b310b3009060355040613024742311b30190603550408131247726561746572204d616e636865737465723110300e0603550407130753616c666f7264311a3018060355040a1311434f4d4f444f204341204c696d697465643121301f06035504031318434f4d4f444f20436f6465205369676e696e672043412032301e170d3138313231313030303030305a170d3139303730373233353935395a3081a8310b3009060355040613025553310e300c06035504110c053037303133310b300906035504080c024e4a3110300e06035504070c07436c6966746f6e3116301406035504090c0d313235352042726f616420537431283026060355040a0c1f436f6d6f646f20536563757269747920536f6c7574696f6e732c20496e632e3128302606035504030c1f436f6d6f646f20536563757269747920536f6c7574696f6e732c20496e632e30820122300d06092a864886f70d01010105000382010f003082010a0282010100b73a668ff7984c8d990d7c6e51df5176c7842cc1bf351c27286c6139f4831fc718a35b0fa9145f0887de8bce335e8e3e12fce763cab5deeae08e0bf325cd79a4fbb328d7c7f7d53de51bd3c05c5966b634a9b1fc4362afd0267f927dd90a52b6a5f5f0e29c8e94dfe4199b2cf31142bb480e95ecb92b6ca20ecd71ff210df9655e9e9ac856ad7aab929b843052d4a21c27ea4054a9f4e8c4cd88943b1a4d3a58b3e06eb654c6c09cef472d6fb0d05a841ce229b53a5d36bd08cbfdc552f7c758efaa7824c1d27e30a83d7a9cecaab4bd91b2cbd60d1335fc4ac0f0294dd2eeb3f65139467761f091840246ff644edbfacb9ffd7ef2823fd9eea312dd299a39af0203010001a38201aa308201a6301f0603551d230418301680141ec5b12c7d87da02687c25bc0c07843fb6cfdef1301d0603551d0e041604147c4f2b645af103043ca7675e8c129c16dee7164c300e0603551d0f0101ff040403020780300c0603551d130101ff0402300030130603551d25040c300a06082b06010505070303301106096086480186f842010104040302041030460603551d20043f303d303b060c2b06010401b2310102010302302b302906082b06010505070201161d68747470733a2f2f7365637572652e636f6d6f646f2e6e65742f43505330410603551d1f043a30383036a034a0328630687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f434f4d4f444f436f64655369676e696e674341322e63726c307206082b0601050507010104663064303c06082b060105050730028630687474703a2f2f6372742e636f6d6f646f63612e636f6d2f434f4d4f444f436f64655369676e696e674341322e637274302406082b060105050730018618687474703a2f2f6f6373702e636f6d6f646f63612e636f6d301f0603551d1104183016811473636f742e7765697240636f6d6f646f2e636f6d300d06092a864886f70d01010505000382010100b33c0fee4668b9e86cd777fa94eb47dcaee7fb5b9b897b9458b12e511a194b6ad495ea4b6b820d1c7cd26badf92cfc13aaa9e66157a55545c7ea71460a4fa4e30e46b9ac16a36e94a1fcbc62b2abe402d2a58773344c4b23a0d907a9760029595421e478da67167f80876012443cd22573dc3806cdedbc6c8c4ed255bd926cecc7796ec36fb225d084f31afb5e5a2e86d26149212dda8aed2058ef0d7e7e677b463a7722431a0b5c0b9dc385b7d2e73bd781ee111c8f7e36d76e1db1f6ac98784227ed97cde3762d079741984d146a8ff96e411c1b1e4e711cd00a6150532ffaa13702a81f4514eae48ca0b98d8642a6cfe7711dc67d1b857bfecb4e863bc1f9 | C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation | C:\ProgramData\Comodo\Installer\ise_installer.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\Downloads\cispro_installer.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\cispro_installer.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe | N/A |
| N/A | N/A | C:\ProgramData\Comodo\Installer\ise_installer.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.001\bin\ise_installer\isestart.exe | N/A |
| N/A | N/A | C:\Windows\Installer\MSI1004.tmp | N/A |
| N/A | N/A | C:\Windows\Installer\MSI1004.tmp | N/A |
| N/A | N/A | C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe | N/A |
| N/A | N/A | C:\Program Files\COMODO\COMODO Internet Security\cisbf.exe | N/A |
| N/A | N/A | C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe | N/A |
Loads dropped DLL
Reads user/profile data of web browsers
Registers COM server for autorun
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\Software\Classes\CLSID\{05E5F178-256F-42EE-9BF4-A7E080F7B354}\LocalServer32 | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{FF101135-6584-46E7-8AA1-8FCD1FCA5042}\LocalServer32\ThreadingModel = "Free" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\CLSID\{C288AC5A-D846-4696-8028-2DF6F508D0D9}\LocalServer32 | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C288AC5A-D846-4696-8028-2DF6F508D0D9}\LocalServer32\ThreadingModel = "Free" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{10F58851-4358-4E4B-8494-DF34393F41A5}\LocalServer32\ThreadingModel = "Both" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D7D729A7-3570-4902-944A-470C9919FCCB}\InProcServer32\ = "C:\\Program Files\\COMODO\\COMODO Internet Security\\cisresc.dll" | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C4D33F09-D11A-485D-AB08-8BFF862E7120}\LocalServer32\ = "\"C:\\Program Files\\COMODO\\COMODO Internet Security\\cisbf.exe\"" | C:\Program Files\COMODO\COMODO Internet Security\cisbf.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\CLSID\{1B1E2B7F-DDF5-4722-A450-085CC9EAC96C}\LocalServer32 | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E0E9D49D-65D1-4AB1-8235-DF90B6ED8483}\LocalServer32\ = "\"C:\\Program Files\\COMODO\\COMODO Internet Security\\cavwp.exe\" /ModeAvMonitor" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E8718E3A-1985-473C-9196-9A39AFB0028E}\LocalServer32\ = "\"C:\\Program Files\\COMODO\\COMODO Internet Security\\cavwp.exe\" /ModeAvMerger" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A1850D95-9C38-4D86-AC40-E559BC0E73C9}\LocalServer32\ = "\"C:\\Program Files\\COMODO\\COMODO Internet Security\\cavwp.exe\" /ModeAvDllHost" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{FF101135-6584-46E7-8AA1-8FCD1FCA5042}\LocalServer32\ = "\"C:\\Program Files\\COMODO\\COMODO Internet Security\\cmdagent.exe\"" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C288AC5A-D846-4696-8028-2DF6F508D0D9}\LocalServer32\ = "\"C:\\Program Files\\COMODO\\COMODO Internet Security\\cmdagent.exe\"" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1B1E2B7F-DDF5-4722-A450-085CC9EAC96C}\LocalServer32\ = "\"C:\\Program Files\\COMODO\\COMODO Internet Security\\cmdagent.exe\"" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C4D33F09-D11A-485D-AB08-8BFF862E7120}\LocalServer32\ServerExecutable = "C:\\Program Files\\COMODO\\COMODO Internet Security\\cisbf.exe" | C:\Program Files\COMODO\COMODO Internet Security\cisbf.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D7D729A7-3570-4902-944A-470C9919FCCB}\InProcServer32 | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{67683718-82B8-4557-86A8-E04D169EF883}\InProcServer32\ = "C:\\Program Files\\COMODO\\COMODO Internet Security\\cisbfps.dll" | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{81B0EDF3-1CAB-4B8A-BD36-C4DEFAC1DCF9}\LocalServer32\ = "\"C:\\Program Files\\COMODO\\COMODO Internet Security\\cmdagent.exe\"" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{10F58851-4358-4E4B-8494-DF34393F41A5}\LocalServer32\ = "\"C:\\Program Files\\COMODO\\COMODO Internet Security\\cmdagent.exe\"" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\CLSID\{E8718E3A-1985-473C-9196-9A39AFB0028E}\LocalServer32 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\CLSID\{868A55F7-D79E-4C2E-8091-DEA9042B987F}\LocalServer32 | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1B1E2B7F-DDF5-4722-A450-085CC9EAC96C}\LocalServer32\ThreadingModel = "Free" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{05E5F178-256F-42EE-9BF4-A7E080F7B354}\LocalServer32\ = "\"C:\\Program Files\\COMODO\\COMODO Internet Security\\cavwp.exe\" /ModeAvScanner" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\CLSID\{A1850D95-9C38-4D86-AC40-E559BC0E73C9}\LocalServer32 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{67683718-82B8-4557-86A8-E04D169EF883}\InProcServer32 | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\CLSID\{10F58851-4358-4E4B-8494-DF34393F41A5}\LocalServer32 | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{ED181758-F11B-4C85-AEA2-199B3DC9F7DE}\InprocServer32\ThreadingModel = "Free" | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D7D729A7-3570-4902-944A-470C9919FCCB}\InProcServer32\ThreadingModel = "Both" | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{67683718-82B8-4557-86A8-E04D169EF883}\InProcServer32\ThreadingModel = "Both" | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C4D33F09-D11A-485D-AB08-8BFF862E7120}\LocalServer32 | C:\Program Files\COMODO\COMODO Internet Security\cisbf.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\CLSID\{81B0EDF3-1CAB-4B8A-BD36-C4DEFAC1DCF9}\LocalServer32 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\CLSID\{E0E9D49D-65D1-4AB1-8235-DF90B6ED8483}\LocalServer32 | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B691E6DB-B216-4532-A2F3-1656BAC416FC}\LocalServer32\ = "\"C:\\Program Files\\COMODO\\COMODO Internet Security\\cavwp.exe\" /ModeAvBoostHelper" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{ED181758-F11B-4C85-AEA2-199B3DC9F7DE}\InprocServer32 | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{ED181758-F11B-4C85-AEA2-199B3DC9F7DE}\InprocServer32\ = "C:\\Program Files\\COMODO\\COMODO Internet Security\\cisresc.dll" | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\CLSID\{FF101135-6584-46E7-8AA1-8FCD1FCA5042}\LocalServer32 | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{81B0EDF3-1CAB-4B8A-BD36-C4DEFAC1DCF9}\LocalServer32\ThreadingModel = "Free" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\CLSID\{B691E6DB-B216-4532-A2F3-1656BAC416FC}\LocalServer32 | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{868A55F7-D79E-4C2E-8091-DEA9042B987F}\LocalServer32\ = "\"C:\\Program Files\\COMODO\\COMODO Internet Security\\cavwp.exe\" /ModeAvSigChecker" | C:\Windows\system32\msiexec.exe | N/A |
Checks for any installed AV software in registry
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\Options\Tray icon visibility = "1" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\Options\ThemeName = "lycia.set" | C:\Windows\system32\msiexec.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\Installer | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\COMODO\CIS\Data | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\COMODO\CIS\Data\EnforceUseOtlsHttp | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\COMODO\CIS\Cam | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\Installer\Proxy | C:\Windows\System32\MsiExec.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\Options | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\Options\UrlsUpdateHost = "download.comodo.com" | C:\Windows\system32\msiexec.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\Options\Silent diag support | C:\Windows\system32\msiexec.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\Options\Desktop icon visibility | C:\Windows\system32\msiexec.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\Cam | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\Options\ThemeName | C:\Windows\system32\msiexec.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\Installer\Proxy | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\Cam\ProductID = "cis.paid_trial_free" | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\VolatileData | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\Options\UserEmail | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\Installer | C:\Windows\system32\msiexec.exe | N/A |
| Key security queried | \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\Cam | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\Cam\PricingTerm | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\DbgTrace\MsiExec | C:\Windows\System32\MsiExec.exe | N/A |
| Key security queried | \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\Options | C:\Windows\system32\msiexec.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\Options\Tray icon visibility | C:\Windows\system32\msiexec.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\Options\UrlsUpdateHost | C:\Windows\system32\msiexec.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\COMODO\CIS\DbgTrace\cmdinstall | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\COMODO\CIS\Data | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\Options\UsageStatHost | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\Options\UsageStatHost | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\Data\AllowedDowngrade = "1" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\COMODO\CIS\Data\CmcWindowsVersion = "{\"release_id\":2004,\"build\":19041,\"ubr\":1288,\"major\":0}" | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\Installer | C:\Windows\System32\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\Options\UsageStatHost = "cmc.comodo.com" | C:\Windows\system32\msiexec.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\Installer\MsiProductCode | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\Installer\MsiProductCode = "{6D506E2A-AB2C-4D1E-A226-AB27BC469B62}" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\Options\Desktop icon visibility = "1" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\Options\LanguageID = "1033" | C:\Windows\system32\msiexec.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\DbgTrace\cfpconfg | C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\Cam | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\Installer\Instance\{48222F79-874D-414E-9563-03C664764923} = "4928" | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\Cam | C:\Windows\system32\msiexec.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\Installer | C:\Windows\System32\MsiExec.exe | N/A |
| Key security queried | \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\Data | C:\Windows\system32\msiexec.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\DbgTrace\cfpconfg | C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\Installer | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\Options | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\COMODO\CIS | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\Installer\Proxy | C:\Windows\System32\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\Installer\Proxy = "C:\\Program Files\\COMODO\\COMODO Internet Security\\msica.dll" | C:\Windows\system32\msiexec.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\Data | C:\Windows\system32\msiexec.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\DbgTrace\MsiExec | C:\Windows\System32\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\Options | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\Options\LanguageName = "English (United States)" | C:\Windows\system32\msiexec.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\Options\CmcHost | C:\Windows\system32\msiexec.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\Options\UpdateURL | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\Installer\Instance | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\Options | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\Options\UsageStatHost = "cmc.comodo.com" | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\COMODO\CIS\Data | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\Options\InstallerName = "cisproinstallerx64" | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe | N/A |
| Key security queried | \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\Cam | C:\Windows\system32\msiexec.exe | N/A |
| Delete value | \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\Cam\LicenseKeyFree | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe | N/A |
| Delete value | \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\Cam\SubscriptionIdFree | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe | N/A |
Checks installed software on the system
Enumerates connected drives
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\SysWOW64\cmdvrt32.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\system32\cmdvrt64.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\SysWOW64\guard32.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\system32\guard64.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\syswow64\iseguard32.dll | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.001\bin\ise_installer\isestart.exe | N/A |
| File created | C:\Windows\system32\iseguard64.dll | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.001\bin\ise_installer\isestart.exe | N/A |
| File created | C:\Windows\system32\cmdcsr.dll | C:\Windows\system32\msiexec.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files\COMODO\COMODO Internet Security\resources\redirect.html | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\COMODO\COMODO Internet Security\translations\1053.lang | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\COMODO\COMODO Internet Security\translations\virtkiosk.japanese.lang | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\COMODO\COMODO Internet Security\vddata\vduserdata\bin\pfpeapihoiogbcmdmnibeplnikfnhoge.xml | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\COMODO\COMODO Internet Security\drivers\win10\cmdboot.cat | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\COMODO\COMODO Internet Security\translations\1025.lang | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\COMODO\COMODO Internet Security\iseupdate.exe | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\COMODO\COMODO Internet Security\OtlsHttp.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\COMODO\COMODO Internet Security\vddata\vduserdata\images\remove.png | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\COMODO\COMODO Internet Security\virtkiosk.exe | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\COMODO\Internet Security Essentials\Translations\vkise.dutch.xml | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.001\bin\ise_installer\isestart.exe | N/A |
| File created | C:\Program Files\COMODO\COMODO Internet Security\drivers\win10\cmdhlp.sys | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\COMODO\COMODO Internet Security\translations\1040.lang | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\COMODO\COMODO Internet Security\translations\cmdres.greek.lang | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\COMODO\COMODO Internet Security\scanners\dunpack.cav | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\COMODO\COMODO Internet Security\translations\1032.lang | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\COMODO\COMODO Internet Security\translations\virtkiosk.polish.lang | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\COMODO\COMODO Internet Security\translations\virtkiosk.spanish.lang | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\COMODO\COMODO Internet Security\cisevlog.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\COMODO\COMODO Internet Security\translations\cmdres.hungarian.lang | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\COMODO\COMODO Internet Security\scanners\dosmz.cav | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\COMODO\COMODO Internet Security\vddata\vduserdata\images\flip_in.png | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\COMODO\COMODO Internet Security\themes\modern.set | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\COMODO\COMODO Internet Security\translations\cmdres.serbian.lang | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\COMODO\COMODO Internet Security\eula.rtf | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\COMODO\Internet Security Essentials\Translations\vkise.english.xml | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.001\bin\ise_installer\isestart.exe | N/A |
| File created | C:\Program Files\COMODO\COMODO Internet Security\vddata\vduserdata\bin\lneaknkopdijkpnocmklfnjbeapigfbh.xml | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\COMODO\COMODO Internet Security\7za.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\COMODO\COMODO Internet Security\drivers\win10\cmdhlp.cat | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\COMODO\COMODO Internet Security\translations\1041.lang | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\COMODO\COMODO Internet Security\translations\virtkiosk.romanian.lang | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\COMODO\COMODO Internet Security\signmgr.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\COMODO\COMODO Internet Security\drivers\win10\cmderd.sys | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\COMODO\COMODO Internet Security\translations\virtkiosk.hungarian.lang | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\COMODO\COMODO Internet Security\scanners\fixbase.exe | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\COMODO\COMODO Internet Security\translations\cmdres.vietnamese.lang | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\COMODO\COMODO Internet Security\translations\virtkiosk.german.lang | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\COMODO\COMODO Internet Security\vddata\vduserdata\images\flip_press.png | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\COMODO\COMODO Internet Security\translations\1049.lang | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\COMODO\COMODO Internet Security\translations\cmdres.chinese.lang | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\COMODO\COMODO Internet Security\themes\lycia.set | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\COMODO\Internet Security Essentials\iseguard64.dll | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.001\bin\ise_installer\isestart.exe | N/A |
| File created | C:\Program Files (x86)\COMODO\Internet Security Essentials\Translations\vkise.spanish.xml | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.001\bin\ise_installer\isestart.exe | N/A |
| File created | C:\Program Files\COMODO\COMODO Internet Security\vddata\vkhlp.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\COMODO\COMODO Internet Security\translations\1048.lang | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\COMODO\COMODO Internet Security\translations\cmdres.danish.lang | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\COMODO\COMODO Internet Security\translations\cmdres.japanese.lang | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\COMODO\COMODO Internet Security\scanners\pkann.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\COMODO\COMODO Internet Security\translations\cmdres.polish.lang | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\COMODO\Internet Security Essentials\isedrv_xp.sys | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.001\bin\ise_installer\isestart.exe | N/A |
| File created | C:\Program Files\COMODO\COMODO Internet Security\framework.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\COMODO\COMODO Internet Security\translations\cmdres.bulgarian.lang | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\COMODO\COMODO Internet Security\packages.xml | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\COMODO\COMODO Internet Security\database\signers.tvt | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\COMODO\COMODO Internet Security\msica.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\COMODO\Internet Security Essentials\Translations\vkise.turkish.xml | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.001\bin\ise_installer\isestart.exe | N/A |
| File created | C:\Program Files\COMODO\COMODO Internet Security\vddata\vduserdata\images\page_dot.png | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\COMODO\COMODO Internet Security\translations\1036.lang | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\COMODO\COMODO Internet Security\translations\cmdres.brazilian.lang | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\COMODO\COMODO Internet Security\translations\cmdres.english.lang.template | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\COMODO\COMODO Internet Security\translations\virtkiosk.greek.lang | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\COMODO\COMODO Internet Security\scanners\mem.cav | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\COMODO\COMODO Internet Security\translations\1028.lang | C:\Windows\system32\msiexec.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\Installer\e5dfc25.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIFFCF.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI5A5D.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI6D.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI8D.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\SourceHash{6D506E2A-AB2C-4D1E-A226-AB27BC469B62} | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIFE3.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI1004.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI5868.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\inprogressinstallinfo.ipi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI561.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIC96.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIEC9.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\e5dfc25.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI4D.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\ | C:\Windows\system32\msiexec.exe | N/A |
Enumerates physical storage devices
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters | C:\Windows\system32\vssvc.exe | N/A |
| Key created | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr | C:\Windows\system32\vssvc.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr\PartitionTableCache = 00000000040000003f3ccc8c3b3921e10000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000c01200000000ffffffff0000000027010100000800003f3ccc8c0000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d01200000000000020ed3a000000ffffffff0000000007000100006809003f3ccc8c000000000000d012000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f0ff3a0000000000000005000000ffffffff000000000700010000f87f1d3f3ccc8c000000000000f0ff3a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000003f3ccc8c00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 | C:\Windows\system32\vssvc.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr\SnapshotDataCache = 534e41505041525401000000700000008ec7416a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 | C:\Windows\system32\vssvc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters | C:\Windows\system32\vssvc.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133602729570806194" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{F8C8C537-0997-4D12-BD50-9B6C31A4883E}\1.0\ = "CisRescueDiskCreatorLib" | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{39DFE5A6-14E4-4A43-B022-B791EDA973BC}\7.0\FLAGS\ = "0" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\CLSID\{81B0EDF3-1CAB-4B8A-BD36-C4DEFAC1DCF9}\LocalServer32 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{A70211A1-E8DF-47DC-B336-74BF57292D88}\7.0 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\TypeLib\{A70211A1-E8DF-47DC-B336-74BF57292D88}\7.0\FLAGS | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\CavWp.AvScanner\CLSID | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CavWp.AvSigChecker\ = "AvSigChecker Class" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{868A55F7-D79E-4C2E-8091-DEA9042B987F}\TypeLib\ = "{BAFAD68A-E0A2-4EB2-B2BA-1D0DE7CB2910}" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D7D729A7-3570-4902-944A-470C9919FCCB}\InProcServer32 | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CCFF154D-A97B-4138-A1AC-A2B0C3C05696} | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\CLSID\{81B0EDF3-1CAB-4B8A-BD36-C4DEFAC1DCF9}\TypeLib | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\TypeLib\{E37FA5BA-9E34-49AE-8C97-2C9E537A5D24}\7.0 | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\comodo\URL Protocol | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D7D729A7-3570-4902-944A-470C9919FCCB}\NumMethods | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{1F5B557B-0805-423E-B525-5939F5889232}\1.0\HELPDIR\ = "C:\\Program Files\\COMODO\\COMODO Internet Security" | C:\Program Files\COMODO\COMODO Internet Security\cisbf.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\CLSID\{81B0EDF3-1CAB-4B8A-BD36-C4DEFAC1DCF9}\ProgID | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E0E9D49D-65D1-4AB1-8235-DF90B6ED8483} | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E8718E3A-1985-473C-9196-9A39AFB0028E}\TypeLib\ = "{BAFAD68A-E0A2-4EB2-B2BA-1D0DE7CB2910}" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\CavWp.AvDllHost.1\CLSID | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C4D33F09-D11A-485D-AB08-8BFF862E7120}\LocalServer32\ServerExecutable = "C:\\Program Files\\COMODO\\COMODO Internet Security\\cisbf.exe" | C:\Program Files\COMODO\COMODO Internet Security\cisbf.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{1F5B557B-0805-423E-B525-5939F5889232}\1.0 | C:\Program Files\COMODO\COMODO Internet Security\cisbf.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{1F5B557B-0805-423E-B525-5939F5889232}\1.0\0 | C:\Program Files\COMODO\COMODO Internet Security\cisbf.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\CISSVC.CisGate | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\CIS.CisLpsIntegration | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{05E5F178-256F-42EE-9BF4-A7E080F7B354}\ProgID | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CavWp.AvSigChecker.1\CLSID\ = "{868A55F7-D79E-4C2E-8091-DEA9042B987F}" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{FF101135-6584-46E7-8AA1-8FCD1FCA5042}\LocalServer32\ThreadingModel = "Free" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{81B0EDF3-1CAB-4B8A-BD36-C4DEFAC1DCF9}\ProgID | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\CLSID\{E0E9D49D-65D1-4AB1-8235-DF90B6ED8483}\LocalServer32 | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CavWp.AvDllHost\ = "AvDllHost Class" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D7D729A7-3570-4902-944A-470C9919FCCB}\InProcServer32\ThreadingModel = "Both" | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\TypeLib\{39DFE5A6-14E4-4A43-B022-B791EDA973BC}\7.0\FLAGS | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\CavWp.AvMerger.1 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\CLSID\{B691E6DB-B216-4532-A2F3-1656BAC416FC} | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{4EEF9DE1-A3AB-47B0-AD33-9598D96AF543}\ProxyStubClsid32 | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{39DFE5A6-14E4-4A43-B022-B791EDA973BC} | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C288AC5A-D846-4696-8028-2DF6F508D0D9}\LocalServer32\ThreadingModel = "Free" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\CIS.CisLpsIntegration\CLSID | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\CLSID\{1B1E2B7F-DDF5-4722-A450-085CC9EAC96C}\TypeLib | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{868A55F7-D79E-4C2E-8091-DEA9042B987F}\LocalServer32\ = "\"C:\\Program Files\\COMODO\\COMODO Internet Security\\cavwp.exe\" /ModeAvSigChecker" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\CLSID\{1B1E2B7F-DDF5-4722-A450-085CC9EAC96C} | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B691E6DB-B216-4532-A2F3-1656BAC416FC}\ProgID | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\safe\shell\open\command\ = "\"C:\\Program Files\\COMODO\\COMODO Internet Security\\virtkiosk.exe\" -v \"%1\"" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{81B0EDF3-1CAB-4B8A-BD36-C4DEFAC1DCF9}\LocalServer32\ThreadingModel = "Free" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CavWp.AvScanner\CLSID\ = "{05E5F178-256F-42EE-9BF4-A7E080F7B354}" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\CLSID\{05E5F178-256F-42EE-9BF4-A7E080F7B354}\TypeLib | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{F8C8C537-0997-4D12-BD50-9B6C31A4883E}\1.0\FLAGS | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-4124900551-4068476067-3491212533-1000\{DCE417C1-1431-4BD6-81C6-305BC8618E04} | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C288AC5A-D846-4696-8028-2DF6F508D0D9}\ProgID | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\TypeLib\{A70211A1-E8DF-47DC-B336-74BF57292D88}\7.0\0\win64 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E0E9D49D-65D1-4AB1-8235-DF90B6ED8483}\ProgID | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CavWp.AvMerger.1\ = "AvMerger Class" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B691E6DB-B216-4532-A2F3-1656BAC416FC}\ = "AvBoostHelper Class" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A1850D95-9C38-4D86-AC40-E559BC0E73C9}\LocalServer32\ = "\"C:\\Program Files\\COMODO\\COMODO Internet Security\\cavwp.exe\" /ModeAvDllHost" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{10F58851-4358-4E4B-8494-DF34393F41A5}\TypeLib\ = "{59A8627E-99C2-4995-81D3-44A31D62EA3A}" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1B1E2B7F-DDF5-4722-A450-085CC9EAC96C}\LocalServer32\ = "\"C:\\Program Files\\COMODO\\COMODO Internet Security\\cmdagent.exe\"" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CavWp.AvMerger\CLSID\ = "{E8718E3A-1985-473C-9196-9A39AFB0028E}" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{ED181758-F11B-4C85-AEA2-199B3DC9F7DE}\TypeLib | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{67683718-82B8-4557-86A8-E04D169EF883}\ProxyStubClsid32 | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{10F58851-4358-4E4B-8494-DF34393F41A5}\ProgID | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\CLSID\{1B1E2B7F-DDF5-4722-A450-085CC9EAC96C}\ProgID | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1B1E2B7F-DDF5-4722-A450-085CC9EAC96C}\LocalServer32\ThreadingModel = "Free" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{05E5F178-256F-42EE-9BF4-A7E080F7B354}\ = "AvScanner Class" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CavWp.AvMonitor\ = "AvMonitor Class" | C:\Windows\system32\msiexec.exe | N/A |
Modifies system certificate store
| Description | Indicator | Process | Target |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AFE5D244A8D1194230FF479FE2F897BBCD7A8CB4\Blob = 19000000010000001000000082218ffb91733e64136be5719f57c3a1030000000100000014000000afe5d244a8d1194230ff479fe2f897bbcd7a8cb41d0000000100000010000000cb39c3d4272cdf63774e1db810c5a89e140000000100000014000000bbaf7e023dfaa6f13c848eadee3898ecd93232d462000000010000002000000052f0e1c4e58ec629291b60317f074671b85d7ea80d5b07273463534b32b402340b000000010000003a0000005300650063007400690067006f002000280066006f0072006d00650072006c007900200043006f006d006f0064006f002000430041002900000053000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f0000000100000030000000761613f4cd8607508c3d520fbefe68773735fc73746f42a9fd6254ba3b72f0047994e5af57677cf6d2c1965984965df12000000001000000dc050000308205d8308203c0a00302010202104caaf9cadb636fe01ff74ed85b03869d300d06092a864886f70d01010c0500308185310b3009060355040613024742311b30190603550408131247726561746572204d616e636865737465723110300e0603550407130753616c666f7264311a3018060355040a1311434f4d4f444f204341204c696d69746564312b302906035504031322434f4d4f444f205253412043657274696669636174696f6e20417574686f72697479301e170d3130303131393030303030305a170d3338303131383233353935395a308185310b3009060355040613024742311b30190603550408131247726561746572204d616e636865737465723110300e0603550407130753616c666f7264311a3018060355040a1311434f4d4f444f204341204c696d69746564312b302906035504031322434f4d4f444f205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010091e85492d20a56b1ac0d24ddc5cf446774992b37a37d23700071bc53dfc4fa2a128f4b7f1056bd9f7072b7617fc94b0f17a73de3b00461eeff1197c7f4863e0afa3e5cf993e6347ad9146be79cb385a0827a76af7190d7ecfd0dfa9c6cfadfb082f4147ef9bec4a62f4f7f997fb5fc674372bd0c00d689eb6b2cd3ed8f981c14ab7ee5e36efcd8a8e49224da436b62b855fdeac1bc6cb68bf30e8d9ae49b6c6999f878483045d5ade10d3c4560fc32965127bc67c3ca2eb66bea46c7c720a0b11f65de4808baa44ea9f283463784ebe8cc814843674e722a9b5cbd4c1b288a5c227bb4ab98d9eee05183c309464e6d3e99fa9517da7c3357413c8d51ed0bb65caf2c631adf57c83fbce95dc49baf4599e2a35a24b4baa9563dcf6faaff4958bef0a8fff4b8ade937fbbab8f40b3af9e843421e89d884cb13f1d9bbe18960b88c2856ac141d9c0ae771ebcf0edd3da996a148bd3cf7afb50d224cc01181ec563bf6d3a2e25bb7b204225295809369e88e4c65f191032d707402ea8b671529695202bbd7df506a5546bfa0a328617f70d0c3a2aa2c21aa47ce289c064576bf821827b4d5aeb4cb50e66bf44c867130e9a6df1686e0d8ff40ddfbd042887fa3333a2e5c1e41118163ce18716b2beca68ab7315c3a6a47e0c37959d6201aaff26a98aa72bc574ad24b9dbb10fcb04c41e5ed1d3d5e289d9cccbfb351daa747e584530203010001a3423040301d0603551d0e04160414bbaf7e023dfaa6f13c848eadee3898ecd93232d4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff300d06092a864886f70d01010c050003820201000af1d54684b7ae51bb6cb24d411400934c9ccbe5c054cfa0258e02f9fdb0a20df520983c132dac56a2b0d67e1192e92eba9e2e9a72b1bd19446c6135a29ab41612695a8ce1d73ea41ae82f03f4ae611d101b2aa48b7ac5fe05a6e1c0d6c8fe9eae8f2bba3d99f8d8730958466ea69cf4d727d395da3783721cd373e0a2479903385dd5497900291cc7ec9b201c0724695778b239fc3a84a0b59c7c8dbf2e936227b739da1718aebd3c0968ff849b3cd5d60b03e3579e14f7d1eb4fc8bd8723b7b6494379855cbaeb920ba1c6e868a84c16b11a990ae8532c92bba10918750c65a87bcb23b71ac22885c31bffd02b62efa47b099198678c1401cd68066a6321750380888a6e81c685f2a9a42de7f4a524104783cacdf48d7958b1069be71a2ad99d01d7947ded034acaf0dbe8a9013ef55699c91e8e493dbbe509b9e04f49923d168240cccc59c6e63aed122e693c6c95b1fdaa1d7b7f86be1e0e3246fbfb138f757f4c8b4b4663fe00344070c1c3b9a1dda670e204b341bce98091ea649c7ae12203a99c6e6f0e654f6c87875ef36ea0f975a59b40e853b2279d4ab9c077218dff87f2debc8cef17dfb7490bd1f26e300b1a0e4e76ed11fcf5e956b27dbfc76d0a938ca5d0c0b61dbe3a4e94a2d76e6c0bc28a7cfa20f3c4e4e5cd0da8cb9192b17c85ecb51469660e82e7cdcec82da6517f21c1355385064a5d9fadbb1b5f74 | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\02FAF3E291435468607857694DF5E45B68851868\Blob = 0400000001000000100000001d3554048578b03f42424dbf20730a3f0f000000010000001400000009b9105c5bba24343ca7f341c624e183f6ee7c1b090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00b00000001000000260000005300650063007400690067006f00200028004100640064005400720075007300740029000000620000000100000020000000687fa451382278fff0c8b11f8d43d576671c6eb2bceab413fb83d965d06d2ff2140000000100000014000000adbd987a34b426f7fac42654ef03bde024cb541a1d000000010000001000000006f9583c00a763c23fb9e065a3366d557e0000000100000008000000000063f58926d70168000000010000000800000000409120d035d90103000000010000001400000002faf3e291435468607857694df5e45b6885186819000000010000001000000045ed9bbc5e43d3b9ecd63c060db78e5c20000000010000003a040000308204363082031ea003020102020101300d06092a864886f70d0101050500306f310b300906035504061302534531143012060355040a130b416464547275737420414231263024060355040b131d41646454727573742045787465726e616c20545450204e6574776f726b312230200603550403131941646454727573742045787465726e616c20434120526f6f74301e170d3030303533303130343833385a170d3230303533303130343833385a306f310b300906035504061302534531143012060355040a130b416464547275737420414231263024060355040b131d41646454727573742045787465726e616c20545450204e6574776f726b312230200603550403131941646454727573742045787465726e616c20434120526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100b7f71a33e6f200042d39e04e5bed1fbc6c0fcdb5fa23b6cede9b113397a4294c7d939fbd4abc93ed031ae38fcfe56d505ad69729945a80b0497adb2e95fdb8cabf37382d1e3e9141ad7056c7f04f3fe8329e74cac89054e9c65f0f789d9a403c0eac61aa5e148f9e87a16a50dcd79a4eaf05b3a671949c71b350600ac7139d38078602a8e9a869261890ab4cb04f23ab3a4f84d8dfce9fe1696fbbd742d76b44e4c7adee6d415f725a710837b37965a459a09437f7002f0dc29272dad03872db14a845c45d2a7db7b4d6c4eeaccd1344b7c92bdd430025fa61b9696a582311b7a7338f567559f5cd29d746b70a2b65b6d3426f15b2b87bfbefe95d53d5345a270203010001a381dc3081d9301d0603551d0e04160414adbd987a34b426f7fac42654ef03bde024cb541a300b0603551d0f040403020106300f0603551d130101ff040530030101ff3081990603551d2304819130818e8014adbd987a34b426f7fac42654ef03bde024cb541aa173a471306f310b300906035504061302534531143012060355040a130b416464547275737420414231263024060355040b131d41646454727573742045787465726e616c20545450204e6574776f726b312230200603550403131941646454727573742045787465726e616c20434120526f6f74820101300d06092a864886f70d01010505000382010100b09be08525c2d623e20f9606929d41989cd9847981d91e5b14072336658fb0d877bbac416c47608351b0f9323de7fcf62613c78016a5bf5afc87cf787989219ae24c070a8635bcf2de51c4d296b7dc7e4eee70fd1c39eb0c0251142d8ebd16e0c1df4675e724adecf442b48593701067ba9d06354a18d32b7acc5142a17a63d1e6bba1c52bc236be130de6bd637e797ba7090d40ab6add8f8ac3f6f68c1a420551d445f59fa76221681520433c99e77cbd24d8a9911773883f561b313818b4710f9acdc80e9e8e2e1be18c9883cb1f31f1444cc604734976600fc7f8bd17806b2ee9cc4c0e5a9a790f200a2ed59e63261e559294d882175a7bd0bcc78f4e8604 | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\E12DFB4B41D7D9C32B30514BAC1D81D8385E2D46\Blob = 190000000100000010000000e843ac3b52ec8c297fa948c9b1fb2819030000000100000014000000e12dfb4b41d7d9c32b30514bac1d81d8385e2d4668000000010000000800000000409120d035d9017e0000000100000008000000000063f58926d7011d0000000100000010000000f919b9ccce1e59c2e785f7dc2ccf6708140000000100000014000000daed6474149c143cabdd99a9bd5b284d8b3cc9d86200000001000000200000006fff78e400a70c11011cd85977c459fb5af96a3df0540820d0f4b8607875e58f090000000100000022000000302006082b06010505070303060a2b0601040182370a030406082b060105050703080b000000010000002a0000005300650063007400690067006f0020002800550054004e0020004f0062006a00650063007400290000000f0000000100000014000000f45a0858c9cd920e647bad539ab9f1cfc77f24cb20000000010000006a040000308204663082034ea003020102021044be0c8b500024b411d3362de0b35f1b300d06092a864886f70d0101050500308195310b3009060355040613025553310b3009060355040813025554311730150603550407130e53616c74204c616b652043697479311e301c060355040a131554686520555345525452555354204e6574776f726b3121301f060355040b1318687474703a2f2f7777772e7573657274727573742e636f6d311d301b0603550403131455544e2d5553455246697273742d4f626a656374301e170d3939303730393138333132305a170d3139303730393138343033365a308195310b3009060355040613025553310b3009060355040813025554311730150603550407130e53616c74204c616b652043697479311e301c060355040a131554686520555345525452555354204e6574776f726b3121301f060355040b1318687474703a2f2f7777772e7573657274727573742e636f6d311d301b0603550403131455544e2d5553455246697273742d4f626a65637430820122300d06092a864886f70d01010105000382010f003082010a0282010100ceaa813fa3a36178aa31005595119e270f1f1cdf3a9b826830c04a611df12f0efabe79f7a523ef55519684cddbe3b96e3e31d80a2067c7f4d9bf94eb47043e02ce2aa25d870409f6309d188a97b2aa1cfc41d2a136cbfb3d91bae7d97035fae4e790c39ba39bd33cf5129977b1b709e068e61cb8f39463886a6afe0b76c9bef422e467b9ab1a5e77c18507dd0d6cbfee06c7776a419ea70fd7fbee9417b7fc85bea4abc41c31ddd7b6d1e4f0efdf168fb25293d7a1d489a1072ebfe10112421e1ae1d89534db647928ffba2e11c2e5e85b9248fb470bc26cdaad328341f3a5e54170fd65906dfafa51c4f9bd962b19042cd36da7dcf07f6f8365e26aab8786750203010001a381af3081ac300b0603551d0f0404030201c6300f0603551d130101ff040530030101ff301d0603551d0e04160414daed6474149c143cabdd99a9bd5b284d8b3cc9d830420603551d1f043b30393037a035a0338631687474703a2f2f63726c2e7573657274727573742e636f6d2f55544e2d5553455246697273742d4f626a6563742e63726c30290603551d250422302006082b0601050507030306082b06010505070308060a2b0601040182370a0304300d06092a864886f70d01010505000382010100081f52b1374478dbfdceb9da959698aa556480b55a40dd21a5c5c1f35f2c4cc8475a69eae8f03535f4d025f3c8a6a4874abd1bb17308bdd4c3cab635bb59867731cda78014ae13effcb148f96b25252d51b62c6d45c198c88a565d3eee434e3e6b278ed03a4b850b5fd3ed6aa775cbd15a872f3975135a72b002819fbef00f845420626c69d4e14dc60d9943010d12968c789dbf50a2b144aa6acf177acf6f0fd4f824555ff0341649663e5046c96371383162b862b9f353ad6cb52ba212aa194f09da5ee793c68e1408fef0308018a086854dc87dd78b03fe6ed5f79d16ac922ca023e59c91521f94df179473c3b3c1c17105200078bd13521da83ecd001fc8 | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\16232A798863E5950F9F44977A033CF91793D8F1 | C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AFE5D244A8D1194230FF479FE2F897BBCD7A8CB4\Blob = 0f0000000100000030000000761613f4cd8607508c3d520fbefe68773735fc73746f42a9fd6254ba3b72f0047994e5af57677cf6d2c1965984965df1090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00b000000010000003a0000005300650063007400690067006f002000280066006f0072006d00650072006c007900200043006f006d006f0064006f002000430041002900000062000000010000002000000052f0e1c4e58ec629291b60317f074671b85d7ea80d5b07273463534b32b40234140000000100000014000000bbaf7e023dfaa6f13c848eadee3898ecd93232d41d0000000100000010000000cb39c3d4272cdf63774e1db810c5a89e030000000100000014000000afe5d244a8d1194230ff479fe2f897bbcd7a8cb42000000001000000dc050000308205d8308203c0a00302010202104caaf9cadb636fe01ff74ed85b03869d300d06092a864886f70d01010c0500308185310b3009060355040613024742311b30190603550408131247726561746572204d616e636865737465723110300e0603550407130753616c666f7264311a3018060355040a1311434f4d4f444f204341204c696d69746564312b302906035504031322434f4d4f444f205253412043657274696669636174696f6e20417574686f72697479301e170d3130303131393030303030305a170d3338303131383233353935395a308185310b3009060355040613024742311b30190603550408131247726561746572204d616e636865737465723110300e0603550407130753616c666f7264311a3018060355040a1311434f4d4f444f204341204c696d69746564312b302906035504031322434f4d4f444f205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010091e85492d20a56b1ac0d24ddc5cf446774992b37a37d23700071bc53dfc4fa2a128f4b7f1056bd9f7072b7617fc94b0f17a73de3b00461eeff1197c7f4863e0afa3e5cf993e6347ad9146be79cb385a0827a76af7190d7ecfd0dfa9c6cfadfb082f4147ef9bec4a62f4f7f997fb5fc674372bd0c00d689eb6b2cd3ed8f981c14ab7ee5e36efcd8a8e49224da436b62b855fdeac1bc6cb68bf30e8d9ae49b6c6999f878483045d5ade10d3c4560fc32965127bc67c3ca2eb66bea46c7c720a0b11f65de4808baa44ea9f283463784ebe8cc814843674e722a9b5cbd4c1b288a5c227bb4ab98d9eee05183c309464e6d3e99fa9517da7c3357413c8d51ed0bb65caf2c631adf57c83fbce95dc49baf4599e2a35a24b4baa9563dcf6faaff4958bef0a8fff4b8ade937fbbab8f40b3af9e843421e89d884cb13f1d9bbe18960b88c2856ac141d9c0ae771ebcf0edd3da996a148bd3cf7afb50d224cc01181ec563bf6d3a2e25bb7b204225295809369e88e4c65f191032d707402ea8b671529695202bbd7df506a5546bfa0a328617f70d0c3a2aa2c21aa47ce289c064576bf821827b4d5aeb4cb50e66bf44c867130e9a6df1686e0d8ff40ddfbd042887fa3333a2e5c1e41118163ce18716b2beca68ab7315c3a6a47e0c37959d6201aaff26a98aa72bc574ad24b9dbb10fcb04c41e5ed1d3d5e289d9cccbfb351daa747e584530203010001a3423040301d0603551d0e04160414bbaf7e023dfaa6f13c848eadee3898ecd93232d4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff300d06092a864886f70d01010c050003820201000af1d54684b7ae51bb6cb24d411400934c9ccbe5c054cfa0258e02f9fdb0a20df520983c132dac56a2b0d67e1192e92eba9e2e9a72b1bd19446c6135a29ab41612695a8ce1d73ea41ae82f03f4ae611d101b2aa48b7ac5fe05a6e1c0d6c8fe9eae8f2bba3d99f8d8730958466ea69cf4d727d395da3783721cd373e0a2479903385dd5497900291cc7ec9b201c0724695778b239fc3a84a0b59c7c8dbf2e936227b739da1718aebd3c0968ff849b3cd5d60b03e3579e14f7d1eb4fc8bd8723b7b6494379855cbaeb920ba1c6e868a84c16b11a990ae8532c92bba10918750c65a87bcb23b71ac22885c31bffd02b62efa47b099198678c1401cd68066a6321750380888a6e81c685f2a9a42de7f4a524104783cacdf48d7958b1069be71a2ad99d01d7947ded034acaf0dbe8a9013ef55699c91e8e493dbbe509b9e04f49923d168240cccc59c6e63aed122e693c6c95b1fdaa1d7b7f86be1e0e3246fbfb138f757f4c8b4b4663fe00344070c1c3b9a1dda670e204b341bce98091ea649c7ae12203a99c6e6f0e654f6c87875ef36ea0f975a59b40e853b2279d4ab9c077218dff87f2debc8cef17dfb7490bd1f26e300b1a0e4e76ed11fcf5e956b27dbfc76d0a938ca5d0c0b61dbe3a4e94a2d76e6c0bc28a7cfa20f3c4e4e5cd0da8cb9192b17c85ecb51469660e82e7cdcec82da6517f21c1355385064a5d9fadbb1b5f74 | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\02FAF3E291435468607857694DF5E45B68851868\Blob = 5c00000001000000040000000008000019000000010000001000000045ed9bbc5e43d3b9ecd63c060db78e5c03000000010000001400000002faf3e291435468607857694df5e45b6885186868000000010000000800000000409120d035d9017e0000000100000008000000000063f58926d7011d000000010000001000000006f9583c00a763c23fb9e065a3366d55140000000100000014000000adbd987a34b426f7fac42654ef03bde024cb541a620000000100000020000000687fa451382278fff0c8b11f8d43d576671c6eb2bceab413fb83d965d06d2ff20b00000001000000260000005300650063007400690067006f0020002800410064006400540072007500730074002900000053000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f000000010000001400000009b9105c5bba24343ca7f341c624e183f6ee7c1b0400000001000000100000001d3554048578b03f42424dbf20730a3f20000000010000003a040000308204363082031ea003020102020101300d06092a864886f70d0101050500306f310b300906035504061302534531143012060355040a130b416464547275737420414231263024060355040b131d41646454727573742045787465726e616c20545450204e6574776f726b312230200603550403131941646454727573742045787465726e616c20434120526f6f74301e170d3030303533303130343833385a170d3230303533303130343833385a306f310b300906035504061302534531143012060355040a130b416464547275737420414231263024060355040b131d41646454727573742045787465726e616c20545450204e6574776f726b312230200603550403131941646454727573742045787465726e616c20434120526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100b7f71a33e6f200042d39e04e5bed1fbc6c0fcdb5fa23b6cede9b113397a4294c7d939fbd4abc93ed031ae38fcfe56d505ad69729945a80b0497adb2e95fdb8cabf37382d1e3e9141ad7056c7f04f3fe8329e74cac89054e9c65f0f789d9a403c0eac61aa5e148f9e87a16a50dcd79a4eaf05b3a671949c71b350600ac7139d38078602a8e9a869261890ab4cb04f23ab3a4f84d8dfce9fe1696fbbd742d76b44e4c7adee6d415f725a710837b37965a459a09437f7002f0dc29272dad03872db14a845c45d2a7db7b4d6c4eeaccd1344b7c92bdd430025fa61b9696a582311b7a7338f567559f5cd29d746b70a2b65b6d3426f15b2b87bfbefe95d53d5345a270203010001a381dc3081d9301d0603551d0e04160414adbd987a34b426f7fac42654ef03bde024cb541a300b0603551d0f040403020106300f0603551d130101ff040530030101ff3081990603551d2304819130818e8014adbd987a34b426f7fac42654ef03bde024cb541aa173a471306f310b300906035504061302534531143012060355040a130b416464547275737420414231263024060355040b131d41646454727573742045787465726e616c20545450204e6574776f726b312230200603550403131941646454727573742045787465726e616c20434120526f6f74820101300d06092a864886f70d01010505000382010100b09be08525c2d623e20f9606929d41989cd9847981d91e5b14072336658fb0d877bbac416c47608351b0f9323de7fcf62613c78016a5bf5afc87cf787989219ae24c070a8635bcf2de51c4d296b7dc7e4eee70fd1c39eb0c0251142d8ebd16e0c1df4675e724adecf442b48593701067ba9d06354a18d32b7acc5142a17a63d1e6bba1c52bc236be130de6bd637e797ba7090d40ab6add8f8ac3f6f68c1a420551d445f59fa76221681520433c99e77cbd24d8a9911773883f561b313818b4710f9acdc80e9e8e2e1be18c9883cb1f31f1444cc604734976600fc7f8bd17806b2ee9cc4c0e5a9a790f200a2ed59e63261e559294d882175a7bd0bcc78f4e8604 | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 040000000100000010000000497904b0eb8719ac47b0bc11519b74d00f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0620000000100000020000000d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef40b000000010000001c0000005300650063007400690067006f002000280041004100410029000000140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b41d00000001000000100000002e0d6875874a44c820912e85e964cfdb030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e3491900000001000000100000002aa1c05e2ae606f198c2c5e937c97aa2200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\E12DFB4B41D7D9C32B30514BAC1D81D8385E2D46\Blob = 0f0000000100000014000000f45a0858c9cd920e647bad539ab9f1cfc77f24cb0b000000010000002a0000005300650063007400690067006f0020002800550054004e0020004f0062006a0065006300740029000000090000000100000022000000302006082b06010505070303060a2b0601040182370a030406082b060105050703086200000001000000200000006fff78e400a70c11011cd85977c459fb5af96a3df0540820d0f4b8607875e58f140000000100000014000000daed6474149c143cabdd99a9bd5b284d8b3cc9d81d0000000100000010000000f919b9ccce1e59c2e785f7dc2ccf67087e0000000100000008000000000063f58926d70168000000010000000800000000409120d035d901030000000100000014000000e12dfb4b41d7d9c32b30514bac1d81d8385e2d4620000000010000006a040000308204663082034ea003020102021044be0c8b500024b411d3362de0b35f1b300d06092a864886f70d0101050500308195310b3009060355040613025553310b3009060355040813025554311730150603550407130e53616c74204c616b652043697479311e301c060355040a131554686520555345525452555354204e6574776f726b3121301f060355040b1318687474703a2f2f7777772e7573657274727573742e636f6d311d301b0603550403131455544e2d5553455246697273742d4f626a656374301e170d3939303730393138333132305a170d3139303730393138343033365a308195310b3009060355040613025553310b3009060355040813025554311730150603550407130e53616c74204c616b652043697479311e301c060355040a131554686520555345525452555354204e6574776f726b3121301f060355040b1318687474703a2f2f7777772e7573657274727573742e636f6d311d301b0603550403131455544e2d5553455246697273742d4f626a65637430820122300d06092a864886f70d01010105000382010f003082010a0282010100ceaa813fa3a36178aa31005595119e270f1f1cdf3a9b826830c04a611df12f0efabe79f7a523ef55519684cddbe3b96e3e31d80a2067c7f4d9bf94eb47043e02ce2aa25d870409f6309d188a97b2aa1cfc41d2a136cbfb3d91bae7d97035fae4e790c39ba39bd33cf5129977b1b709e068e61cb8f39463886a6afe0b76c9bef422e467b9ab1a5e77c18507dd0d6cbfee06c7776a419ea70fd7fbee9417b7fc85bea4abc41c31ddd7b6d1e4f0efdf168fb25293d7a1d489a1072ebfe10112421e1ae1d89534db647928ffba2e11c2e5e85b9248fb470bc26cdaad328341f3a5e54170fd65906dfafa51c4f9bd962b19042cd36da7dcf07f6f8365e26aab8786750203010001a381af3081ac300b0603551d0f0404030201c6300f0603551d130101ff040530030101ff301d0603551d0e04160414daed6474149c143cabdd99a9bd5b284d8b3cc9d830420603551d1f043b30393037a035a0338631687474703a2f2f63726c2e7573657274727573742e636f6d2f55544e2d5553455246697273742d4f626a6563742e63726c30290603551d250422302006082b0601050507030306082b06010505070308060a2b0601040182370a0304300d06092a864886f70d01010505000382010100081f52b1374478dbfdceb9da959698aa556480b55a40dd21a5c5c1f35f2c4cc8475a69eae8f03535f4d025f3c8a6a4874abd1bb17308bdd4c3cab635bb59867731cda78014ae13effcb148f96b25252d51b62c6d45c198c88a565d3eee434e3e6b278ed03a4b850b5fd3ed6aa775cbd15a872f3975135a72b002819fbef00f845420626c69d4e14dc60d9943010d12968c789dbf50a2b144aa6acf177acf6f0fd4f824555ff0341649663e5046c96371383162b862b9f353ad6cb52ba212aa194f09da5ee793c68e1408fef0308018a086854dc87dd78b03fe6ed5f79d16ac922ca023e59c91521f94df179473c3b3c1c17105200078bd13521da83ecd001fc8 | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\02FAF3E291435468607857694DF5E45B68851868 | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 1900000001000000100000002aa1c05e2ae606f198c2c5e937c97aa2030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e3491d00000001000000100000002e0d6875874a44c820912e85e964cfdb140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b40b000000010000001c0000005300650063007400690067006f002000280041004100410029000000620000000100000020000000d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef453000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\D70D7D00CA12E1B3E20F3BF7534DEB2C2E7C2404\Blob = 030000000100000014000000d70d7d00ca12e1b3e20f3bf7534deb2c2e7c24042000000001000000530500003082054f30820437a00302010202102f9f0a1d6764b5a6378747247087ba73300d06092a864886f70d01010b0500307d310b3009060355040613024742311b30190603550408131247726561746572204d616e636865737465723110300e0603550407130753616c666f7264311a3018060355040a1311434f4d4f444f204341204c696d69746564312330210603550403131a434f4d4f444f2052534120436f6465205369676e696e67204341301e170d3138313231313030303030305a170d3139313231313233353935395a3081b8310b3009060355040613025553310e300c06035504110c0530373031333113301106035504080c0a4e6577204a65727365793110300e06035504070c07436c6966746f6e3112301006035504090c095375697465203130303116301406035504090c0d313235352042726f616420537431223020060355040a0c19436f6d6f646f20536563757269747920536f6c7574696f6e733122302006035504030c19436f6d6f646f20536563757269747920536f6c7574696f6e7330820122300d06092a864886f70d01010105000382010f003082010a0282010100c1b2eafc6255d7a7780082967ba911a65b8160e697a9c81ae0816002356644b714895808a67b22551d87b879e80d0c1bff7bd847e1486bad3c3caa8c6f3258a7311f8b03c68c9ec5947950e57a1f99f4b47b8faaf46e282f68155ae6e8f13c9c125b5eb83ae4e63ee6081d0e8aae4f090175a538422b38e0600bd94b21b313567934ee959ddd6ab7ef62bce25dada05d7de6a75cefeffdcba6a1fc8e1ef7aa6d3e5ab328732c3d31759a20d7e69cef60ac9d152041dbd85167a78329f3a80fee19ea9edb102448aa9f5774794ecb560de2faa348f278b846a2a5d8238d5e4e4cd2a82f0e37415af2dc63f34f3e179aa1cae7290b411aaf5aa6acf5404ebe98130203010001a382018d30820189301f0603551d23041830168014299160ff8a4dfaebf9a66ab8cff9e64bbd49ce12301d0603551d0e041604146c5f99825f4ba8d4c19bae5169bab32fae7816ca300e0603551d0f0101ff040403020780300c0603551d130101ff0402300030130603551d25040c300a06082b06010505070303301106096086480186f842010104040302041030460603551d20043f303d303b060c2b06010401b2310102010302302b302906082b06010505070201161d68747470733a2f2f7365637572652e636f6d6f646f2e6e65742f43505330430603551d1f043c303a3038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f434f4d4f444f525341436f64655369676e696e6743412e63726c307406082b0601050507010104683066303e06082b060105050730028632687474703a2f2f6372742e636f6d6f646f63612e636f6d2f434f4d4f444f525341436f64655369676e696e6743412e637274302406082b060105050730018618687474703a2f2f6f6373702e636f6d6f646f63612e636f6d300d06092a864886f70d01010b050003820101000f718c2aa40e9c44a95e1eca3844097ddb7fba896b5f5c73a6b9aede1d29f0e432f41c8a45ce38b1f52df73f45e67907a03ac58d407b3077b1cae246a54544ee365bcee4bf0f4cecc47b01e98d0478d8f4c93e2c582aa472577de9c67a0a8c2e37635e626258675e0e6669babee331594abed516679e8f1b14d7a65dc1b76ab33412689b135cf855335748e2d1998759e5b95f68d418d5486d385d0db7a8fa30e58e84f57bb7ec3f45efa549fab71775c822ec846545b6fc0ef1d3c2dad34940657088fc5f773a1cbe24f9228f9dd7e9611d5d682998c6041ba580a789f5571da01d6723784bbcec4fded61d0ba31e37fbc10c3dfe06169df4670c8d454019f7 | C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F8DB7E1C16F1FFD4AAAD4AAD8DFF0F2445184AEB\Blob = 030000000100000014000000f8db7e1c16f1ffd4aaad4aad8dff0f2445184aeb20000000010000000906000030820605308203eda0030201020210078f0a9d03df119e434e4fec1bf0235a300d06092a864886f70d01010b0500308194310b3009060355040613025553311330110603550408130a57617368696e67746f6e3110300e060355040713075265646d6f6e64311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e313e303c060355040313354d6963726f736f667420446576656c6f706d656e7420526f6f7420436572746966696361746520417574686f726974792032303134301e170d3134303532383136343334365a170d3339303532383136353134385a308194310b3009060355040613025553311330110603550408130a57617368696e67746f6e3110300e060355040713075265646d6f6e64311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e313e303c060355040313354d6963726f736f667420446576656c6f706d656e7420526f6f7420436572746966696361746520417574686f72697479203230313430820222300d06092a864886f70d01010105000382020f003082020a0282020100c20f7f6d49bb39f04d943fe8fb4dc5eb3be1285ab9892a467ea5c333271d82893feb33a1876aeae882b9dac39d77d135c0cb833672a6571912bc15e2c83c7b83623414d5abb6de368ba15a71a65196a70633b3221d146253c2a5af9a40cabe2c485499e72a9368a769190b99693bc1b2acae94dc5fab7e02cade3ca774a68c10a0e5aeb69c35ef838b10e5972aba916b9a6a4595d9d054718e653fc48a53ca1e38470ae9d04184a5da1e66016504e6505b7735f5b42e29320cc6bf5f61ee3220b77c39f911faff605efec669f46f1e1ded1d06e7651e9a112e6344065f31431733e9a32682d44b83124fd2a126032548e13abd84f58ad5b46e1ae871200e45530167ade31e6be8b2e4abfdf53b8eba67af5984cc5c75d09daa5c72c42636a2ac324c6ab1f8331744d2a77d70eeeb70949abceaba1c104b635b38ddd2254504b2f0b35a7c0b0a8e21406437114d96694533e493839ef9b3b51c2b0571ea6dcce748b6b6de805010ca4938b35905704ebd9e880222586489eb40dab12d2d6a40885d23c33ed0f5d5b7908a28543962a2c5c6b1bf74cd8695f9456bccf207eaac5cd336f7a27ab5b472532a063ec337945858b14a71bb5ccd9cb2af109ad943363e528519e7422891118c8ce7bbdfe6c855087375f3960d86b7d2e506b2c08a54a86177207d6cd1feba68f3454aaf1184eb867d2f04f354ea20ffd5db3d250270870203010001a351304f300b0603551d0f040403020186300f0603551d130101ff040530030101ff301d0603551d0e041604148570009f77591e8cac3c9f77262819cc9ac18f32301006092b06010401823715010403020100300d06092a864886f70d01010b050003820201004f2574bd1f624f5f0ff74222d7d1d65304232ec5d5d7072b6b793b5f6d90ed1355d382f1f5028f3ef996267e0d421876fc6055825a86bd113339690fcee0b02bf15d19dfd8d2fa86a4cccdacf0d0ae9a8b2b248f03c1350d20b3dfc742ea77292e0a12fc0b1a458dd931840d8d02c0acfad212bf1e6a343eea8300a348754e72662da1a5129f37a85d4a7759cfd63afc30c5a609a5bfb108e3fb2c9f76c4fb4e611d6d23f3766985eb49bb0df73dd0aa05bcdd3d6e80445ed99a68ecc989c7e61a18f860a0e78cf6e6516f0ee025b863f9f9c20b8c3c9cb2f042cdbec3f5fe4929559c5e8696fba1ed6d2686e8b8208b5cc6e72d31c5aaca7d4b7da059a41efb5071e9afcfd6aa0d99de8e95269731a5f47f6df46815b8e3f7add8efd13875025ffd6d4efcb6fc2f451ba9cad11e7aff75181536c120e45f483a95eb7be4f5f6f4fec94b21a2a9ea8a9925cbe8444090d539b46b239b52bcc0c17e17666e650bf5741596a866ed856854b224e87588644589853c7a656b96e0f259ea4725660f6a1b0c3fd44ae64b26174709fed4d7b8e0cee72f94ad808b6770ccb77bcf1b2bb9d15bbdb8035cb1f01b412ce6535516e74a0e41089937e2a9d76d0e6a45e5ece388a9fdb69bc32820ceabc2936b516553bfa05e7b9d26349a514c8ca638d5865b3c55ee50ec000bcaacdcca10abdf189bd2ac0c8d084515af8535355ae526bc | C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E\Blob = 5c000000010000000400000000100000190000000100000010000000ea6089055218053dd01e37e1d806eedf0300000001000000140000002b8f1b57330dbba2d07a6c51f70ee90ddab9ad8e0b00000001000000100000005300650063007400690067006f0000001d0000000100000010000000885010358d29a38f059b028559c95f901400000001000000140000005379bf5aaa2b4acf5480e1d89bc09df2b20366cb620000000100000020000000e793c9b02fd8aa13e21c31228accb08119643b749c898964b1746d46c3d4cbd253000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f000000010000003000000066b764a96581128168cf208e374dda479d54e311f32457f4aee0dbd2a6c8d171d531289e1cd22bfdbbd4cfd9796254830400000001000000100000001bfe69d191b71933a372a80fe155e5b52000000001000000e2050000308205de308203c6a003020102021001fd6d30fca3ca51a81bbc640e35032d300d06092a864886f70d01010c0500308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f72697479301e170d3130303230313030303030305a170d3338303131383233353935395a308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010080126517360ec3db08b3d0ac570d76edcd27d34cad508361e2aa204d092d6409dcce899fcc3da9ecf6cfc1dcf1d3b1d67b3728112b47da39c6bc3a19b45fa6bd7d9da36342b676f2a93b2b91f8e26fd0ec162090093ee2e874c918b491d46264db7fa306f188186a90223cbcfe13f087147bf6e41f8ed4e451c61167460851cb8614543fbc33fe7e6c9cff169d18bd518e35a6a766c87267db2166b1d49b7803c0503ae8ccf0dcbc9e4cfeaf0596351f575ab7ffcef93db72cb6f654ddc8e7123a4dae4c8ab75c9ab4b7203dca7f2234ae7e3b68660144e7014e46539b3360f794be5337907343f332c353efdbaafe744e69c76b8c6093dec4c70cdfe132aecc933b517895678bee3d56fe0cd0690f1b0ff325266b336df76e47fa7343e57e0ea566b1297c3284635589c40dc19354301913acd37d37a7eb5d3a6c355cdb41d712daa9490bdfd8808a0993628eb566cf2588cd84b8b13fa4390fd9029eeb124c957cf36b05a95e1683ccb867e2e8139dcc5b82d34cb3ed5bffdee573ac233b2d00bf3555740949d849581a7f9236e651920ef3267d1c4d17bcc9ec4326d0bf415f40a94444f499e757879e501f5754a83efd74632fb1506509e658422e431a4cb4f0254759fa041e93d426464a5081b2debe78b7fc6715e1c957841e0f63d6e962bad65f552eea5cc62808042539b80e2ba9f24c971c073f0d52f5edef2f820f0203010001a3423040301d0603551d0e041604145379bf5aaa2b4acf5480e1d89bc09df2b20366cb300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff300d06092a864886f70d01010c050003820201005cd47c0dcff7017d4199650c73c5529fcbf8cf99067f1bda43159f9e0255579614f1523c27879428ed1f3a0137a276fc5350c0849bc66b4eba8c214fa28e556291f36915d8bc88e3c4aa0bfdefa8e94b552a06206d55782919ee5f305c4b241155ff249a6e5e2a2bee0b4d9f7ff70138941495430709fb60a9ee1cab128ca09a5ea7986a596d8b3f08fbc8d145af18156490120f73282ec5e2244efc58ecf0f445fe22b3eb2f8ed2d9456105c1976fa876728f8b8c36afbf0d05ce718de6a66f1f6ca67162c5d8d083720cf16711890c9c134c7234dfbcd571dfaa71dde1b96c8c3c125d65dabd5712b6436bffe5de4d661151cf99aeec17b6e871918cde49fedd3571a21527941ccf61e326bb6fa36725215de6dd1d0b2e681b3b82afec836785d4985174b1b9998089ff7f78195c794a602e9240ae4c372a2cc9c762c80e5df7365bcae0252501b4dd1a079c77003fd0dcd5ec3dd4fabb3fcc85d66f7fa92ddfb902f7f5979ab535dac367b0874aa9289e238eff5c276be1b04ff307ee002ed45987cb524195eaf447d7ee6441557c8d590295dd629dc2b9ee5a287484a59bb790c70c07dff589367432d628c1b0b00be09c4cc31cd6fce369b54746812fa282abd3634470c48dff2d33baad8f7bb57088ae3e19cf4028d8fcc890bb5d9922f552e658c51f883143ee881dd7c68e3c436a1da718de7d3d16f162f9ca90a8fd | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AFE5D244A8D1194230FF479FE2F897BBCD7A8CB4\Blob = 5c00000001000000040000000010000019000000010000001000000082218ffb91733e64136be5719f57c3a1030000000100000014000000afe5d244a8d1194230ff479fe2f897bbcd7a8cb41d0000000100000010000000cb39c3d4272cdf63774e1db810c5a89e140000000100000014000000bbaf7e023dfaa6f13c848eadee3898ecd93232d462000000010000002000000052f0e1c4e58ec629291b60317f074671b85d7ea80d5b07273463534b32b402340b000000010000003a0000005300650063007400690067006f002000280066006f0072006d00650072006c007900200043006f006d006f0064006f002000430041002900000053000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f0000000100000030000000761613f4cd8607508c3d520fbefe68773735fc73746f42a9fd6254ba3b72f0047994e5af57677cf6d2c1965984965df10400000001000000100000001b31b0714036cc143691adc43efdec182000000001000000dc050000308205d8308203c0a00302010202104caaf9cadb636fe01ff74ed85b03869d300d06092a864886f70d01010c0500308185310b3009060355040613024742311b30190603550408131247726561746572204d616e636865737465723110300e0603550407130753616c666f7264311a3018060355040a1311434f4d4f444f204341204c696d69746564312b302906035504031322434f4d4f444f205253412043657274696669636174696f6e20417574686f72697479301e170d3130303131393030303030305a170d3338303131383233353935395a308185310b3009060355040613024742311b30190603550408131247726561746572204d616e636865737465723110300e0603550407130753616c666f7264311a3018060355040a1311434f4d4f444f204341204c696d69746564312b302906035504031322434f4d4f444f205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010091e85492d20a56b1ac0d24ddc5cf446774992b37a37d23700071bc53dfc4fa2a128f4b7f1056bd9f7072b7617fc94b0f17a73de3b00461eeff1197c7f4863e0afa3e5cf993e6347ad9146be79cb385a0827a76af7190d7ecfd0dfa9c6cfadfb082f4147ef9bec4a62f4f7f997fb5fc674372bd0c00d689eb6b2cd3ed8f981c14ab7ee5e36efcd8a8e49224da436b62b855fdeac1bc6cb68bf30e8d9ae49b6c6999f878483045d5ade10d3c4560fc32965127bc67c3ca2eb66bea46c7c720a0b11f65de4808baa44ea9f283463784ebe8cc814843674e722a9b5cbd4c1b288a5c227bb4ab98d9eee05183c309464e6d3e99fa9517da7c3357413c8d51ed0bb65caf2c631adf57c83fbce95dc49baf4599e2a35a24b4baa9563dcf6faaff4958bef0a8fff4b8ade937fbbab8f40b3af9e843421e89d884cb13f1d9bbe18960b88c2856ac141d9c0ae771ebcf0edd3da996a148bd3cf7afb50d224cc01181ec563bf6d3a2e25bb7b204225295809369e88e4c65f191032d707402ea8b671529695202bbd7df506a5546bfa0a328617f70d0c3a2aa2c21aa47ce289c064576bf821827b4d5aeb4cb50e66bf44c867130e9a6df1686e0d8ff40ddfbd042887fa3333a2e5c1e41118163ce18716b2beca68ab7315c3a6a47e0c37959d6201aaff26a98aa72bc574ad24b9dbb10fcb04c41e5ed1d3d5e289d9cccbfb351daa747e584530203010001a3423040301d0603551d0e04160414bbaf7e023dfaa6f13c848eadee3898ecd93232d4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff300d06092a864886f70d01010c050003820201000af1d54684b7ae51bb6cb24d411400934c9ccbe5c054cfa0258e02f9fdb0a20df520983c132dac56a2b0d67e1192e92eba9e2e9a72b1bd19446c6135a29ab41612695a8ce1d73ea41ae82f03f4ae611d101b2aa48b7ac5fe05a6e1c0d6c8fe9eae8f2bba3d99f8d8730958466ea69cf4d727d395da3783721cd373e0a2479903385dd5497900291cc7ec9b201c0724695778b239fc3a84a0b59c7c8dbf2e936227b739da1718aebd3c0968ff849b3cd5d60b03e3579e14f7d1eb4fc8bd8723b7b6494379855cbaeb920ba1c6e868a84c16b11a990ae8532c92bba10918750c65a87bcb23b71ac22885c31bffd02b62efa47b099198678c1401cd68066a6321750380888a6e81c685f2a9a42de7f4a524104783cacdf48d7958b1069be71a2ad99d01d7947ded034acaf0dbe8a9013ef55699c91e8e493dbbe509b9e04f49923d168240cccc59c6e63aed122e693c6c95b1fdaa1d7b7f86be1e0e3246fbfb138f757f4c8b4b4663fe00344070c1c3b9a1dda670e204b341bce98091ea649c7ae12203a99c6e6f0e654f6c87875ef36ea0f975a59b40e853b2279d4ab9c077218dff87f2debc8cef17dfb7490bd1f26e300b1a0e4e76ed11fcf5e956b27dbfc76d0a938ca5d0c0b61dbe3a4e94a2d76e6c0bc28a7cfa20f3c4e4e5cd0da8cb9192b17c85ecb51469660e82e7cdcec82da6517f21c1355385064a5d9fadbb1b5f74 | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\6CD253D636A7B4D0E0981431BC064061A9853ED9\Blob = 0300000001000000140000006cd253d636a7b4d0e0981431bc064061a9853ed920000000010000001b06000030820617308204ffa003020102021032327facb1bd6f1fa93473ccc515fd82300d06092a864886f70d01010b0500308191310b3009060355040613024742311b30190603550408131247726561746572204d616e636865737465723110300e0603550407130753616c666f7264311a3018060355040a1311434f4d4f444f204341204c696d69746564313730350603550403132e434f4d4f444f2052534120457874656e6465642056616c69646174696f6e20436f6465205369676e696e67204341301e170d3138303132343030303030305a170d3231303132333233353935395a308201153110300e060355040513073339313038303531133011060b2b0601040182373c0201031302555331193017060b2b0601040182373c020102130844656c6177617265311d301b060355040f131450726976617465204f7267616e697a6174696f6e310b3009060355040613025553310e300c06035504110c0530373031333113301106035504080c0a4e6577204a65727365793110300e06035504070c07436c6966746f6e311a301806035504090c11313235352042726f61642053747265657431283026060355040a0c1f436f6d6f646f20536563757269747920536f6c7574696f6e732c20496e632e3128302606035504030c1f436f6d6f646f20536563757269747920536f6c7574696f6e732c20496e632e30820122300d06092a864886f70d01010105000382010f003082010a0282010100b7713778a66667b8cd67f828f378f80a5507c4e8aa143cfd5b9b953ab16d04a965dcd386a35efe8378c1e0e5ceaf124f188102958962014e493cd80f11fc2ba339953a8bb71a9f030ebbe8742b4252ab465a2d41a829508a9eef5d34d171fcf0b5be026fe15e1a70288b2ecd4af1332924d53c0eefe5c7033482769cae8b5c5e8d59033fac40e94d714c5cd05e8db6f0edb71bb26565d52a025f35323203e9a7846d00a235f973d1e43f29a81dcd1bfef625d373f94a51cc8d2be8ee69702a73a694da69d9b0fbae7d1dee353683a2037a2019b9260a1b53f6c89d945b384c275670bdfac333301504af00749373356a1e7a422eb9363bdab713f9ad6b5bb1970203010001a38201e2308201de301f0603551d23041830168014df8ff3200ce9caa604d85b58372a3dab46dc8349301d0603551d0e04160414e18081b3e9396b7109e8b2add6c3d20ebf4b4814300e0603551d0f0101ff040403020780300c0603551d130101ff0402300030130603551d25040c300a06082b06010505070303301106096086480186f842010104040302041030460603551d20043f303d303b060c2b06010401b2310102010601302b302906082b06010505070201161d68747470733a2f2f7365637572652e636f6d6f646f2e636f6d2f43505330550603551d1f044e304c304aa048a0468644687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f434f4d4f444f525341457874656e64656456616c69646174696f6e436f64655369676e696e6743412e63726c30818606082b06010505070101047a3078305006082b060105050730028644687474703a2f2f6372742e636f6d6f646f63612e636f6d2f434f4d4f444f525341457874656e64656456616c69646174696f6e436f64655369676e696e6743412e637274302406082b060105050730018618687474703a2f2f6f6373702e636f6d6f646f63612e636f6d302e0603551d1104273025a02306082b06010505070803a01730150c1355532d44454c41574152452d33393130383035300d06092a864886f70d01010b050003820101004bc17929ea82f3c4787f7b29b69edb09e169797a9f4cd233f035412d2b9c586e352d2c0d1cd530a946a91ccd8858453573f0b45a0cdc743d662af4761420489adadbd9a84915b697f96ed1e49786c53000eb12555d3b2957eec18279326020737e2e3e4d621856026169ad6f6cf18ee7b59d5b6a7e6d8c252fa1a15363ec89a6efe5efdf4b260ad35c6a0e1db0250d1eb66ea7b91f15e0f57ecc0541e1ad74a2069f717dec0b1f03101b6812c13f64264f8c40a3614ffb8ccabedb974cda14eb50c061d5cd23dc7735cd0bcfdcef3fd178c1f95594a591031d05c8554cb5fe6fd23cb95931bf847f5b525a269aeac0336313e8f6e81ccb1692d86993724f709e | C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\D70D7D00CA12E1B3E20F3BF7534DEB2C2E7C2404 | C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\E35E6F46A1A9A4D18A4DAA298BDA4D1E8879236E\Blob = 030000000100000014000000e35e6f46a1a9a4d18a4daa298bda4d1e8879236e20000000010000005f0500003082055b30820443a003020102021100d9218e2757ec45d84ec08b3e6700c85e300d06092a864886f70d0101050500307b310b3009060355040613024742311b30190603550408131247726561746572204d616e636865737465723110300e0603550407130753616c666f7264311a3018060355040a1311434f4d4f444f204341204c696d697465643121301f06035504031318434f4d4f444f20436f6465205369676e696e672043412032301e170d3138313231313030303030305a170d3139303730373233353935395a3081a8310b3009060355040613025553310e300c06035504110c053037303133310b300906035504080c024e4a3110300e06035504070c07436c6966746f6e3116301406035504090c0d313235352042726f616420537431283026060355040a0c1f436f6d6f646f20536563757269747920536f6c7574696f6e732c20496e632e3128302606035504030c1f436f6d6f646f20536563757269747920536f6c7574696f6e732c20496e632e30820122300d06092a864886f70d01010105000382010f003082010a0282010100b73a668ff7984c8d990d7c6e51df5176c7842cc1bf351c27286c6139f4831fc718a35b0fa9145f0887de8bce335e8e3e12fce763cab5deeae08e0bf325cd79a4fbb328d7c7f7d53de51bd3c05c5966b634a9b1fc4362afd0267f927dd90a52b6a5f5f0e29c8e94dfe4199b2cf31142bb480e95ecb92b6ca20ecd71ff210df9655e9e9ac856ad7aab929b843052d4a21c27ea4054a9f4e8c4cd88943b1a4d3a58b3e06eb654c6c09cef472d6fb0d05a841ce229b53a5d36bd08cbfdc552f7c758efaa7824c1d27e30a83d7a9cecaab4bd91b2cbd60d1335fc4ac0f0294dd2eeb3f65139467761f091840246ff644edbfacb9ffd7ef2823fd9eea312dd299a39af0203010001a38201aa308201a6301f0603551d230418301680141ec5b12c7d87da02687c25bc0c07843fb6cfdef1301d0603551d0e041604147c4f2b645af103043ca7675e8c129c16dee7164c300e0603551d0f0101ff040403020780300c0603551d130101ff0402300030130603551d25040c300a06082b06010505070303301106096086480186f842010104040302041030460603551d20043f303d303b060c2b06010401b2310102010302302b302906082b06010505070201161d68747470733a2f2f7365637572652e636f6d6f646f2e6e65742f43505330410603551d1f043a30383036a034a0328630687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f434f4d4f444f436f64655369676e696e674341322e63726c307206082b0601050507010104663064303c06082b060105050730028630687474703a2f2f6372742e636f6d6f646f63612e636f6d2f434f4d4f444f436f64655369676e696e674341322e637274302406082b060105050730018618687474703a2f2f6f6373702e636f6d6f646f63612e636f6d301f0603551d1104183016811473636f742e7765697240636f6d6f646f2e636f6d300d06092a864886f70d01010505000382010100b33c0fee4668b9e86cd777fa94eb47dcaee7fb5b9b897b9458b12e511a194b6ad495ea4b6b820d1c7cd26badf92cfc13aaa9e66157a55545c7ea71460a4fa4e30e46b9ac16a36e94a1fcbc62b2abe402d2a58773344c4b23a0d907a9760029595421e478da67167f80876012443cd22573dc3806cdedbc6c8c4ed255bd926cecc7796ec36fb225d084f31afb5e5a2e86d26149212dda8aed2058ef0d7e7e677b463a7722431a0b5c0b9dc385b7d2e73bd781ee111c8f7e36d76e1db1f6ac98784227ed97cde3762d079741984d146a8ff96e411c1b1e4e711cd00a6150532ffaa13702a81f4514eae48ca0b98d8642a6cfe7711dc67d1b857bfecb4e863bc1f9 | C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E\Blob = 0400000001000000100000001bfe69d191b71933a372a80fe155e5b50f000000010000003000000066b764a96581128168cf208e374dda479d54e311f32457f4aee0dbd2a6c8d171d531289e1cd22bfdbbd4cfd979625483090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0620000000100000020000000e793c9b02fd8aa13e21c31228accb08119643b749c898964b1746d46c3d4cbd21400000001000000140000005379bf5aaa2b4acf5480e1d89bc09df2b20366cb1d0000000100000010000000885010358d29a38f059b028559c95f900b00000001000000100000005300650063007400690067006f0000000300000001000000140000002b8f1b57330dbba2d07a6c51f70ee90ddab9ad8e190000000100000010000000ea6089055218053dd01e37e1d806eedf2000000001000000e2050000308205de308203c6a003020102021001fd6d30fca3ca51a81bbc640e35032d300d06092a864886f70d01010c0500308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f72697479301e170d3130303230313030303030305a170d3338303131383233353935395a308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010080126517360ec3db08b3d0ac570d76edcd27d34cad508361e2aa204d092d6409dcce899fcc3da9ecf6cfc1dcf1d3b1d67b3728112b47da39c6bc3a19b45fa6bd7d9da36342b676f2a93b2b91f8e26fd0ec162090093ee2e874c918b491d46264db7fa306f188186a90223cbcfe13f087147bf6e41f8ed4e451c61167460851cb8614543fbc33fe7e6c9cff169d18bd518e35a6a766c87267db2166b1d49b7803c0503ae8ccf0dcbc9e4cfeaf0596351f575ab7ffcef93db72cb6f654ddc8e7123a4dae4c8ab75c9ab4b7203dca7f2234ae7e3b68660144e7014e46539b3360f794be5337907343f332c353efdbaafe744e69c76b8c6093dec4c70cdfe132aecc933b517895678bee3d56fe0cd0690f1b0ff325266b336df76e47fa7343e57e0ea566b1297c3284635589c40dc19354301913acd37d37a7eb5d3a6c355cdb41d712daa9490bdfd8808a0993628eb566cf2588cd84b8b13fa4390fd9029eeb124c957cf36b05a95e1683ccb867e2e8139dcc5b82d34cb3ed5bffdee573ac233b2d00bf3555740949d849581a7f9236e651920ef3267d1c4d17bcc9ec4326d0bf415f40a94444f499e757879e501f5754a83efd74632fb1506509e658422e431a4cb4f0254759fa041e93d426464a5081b2debe78b7fc6715e1c957841e0f63d6e962bad65f552eea5cc62808042539b80e2ba9f24c971c073f0d52f5edef2f820f0203010001a3423040301d0603551d0e041604145379bf5aaa2b4acf5480e1d89bc09df2b20366cb300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff300d06092a864886f70d01010c050003820201005cd47c0dcff7017d4199650c73c5529fcbf8cf99067f1bda43159f9e0255579614f1523c27879428ed1f3a0137a276fc5350c0849bc66b4eba8c214fa28e556291f36915d8bc88e3c4aa0bfdefa8e94b552a06206d55782919ee5f305c4b241155ff249a6e5e2a2bee0b4d9f7ff70138941495430709fb60a9ee1cab128ca09a5ea7986a596d8b3f08fbc8d145af18156490120f73282ec5e2244efc58ecf0f445fe22b3eb2f8ed2d9456105c1976fa876728f8b8c36afbf0d05ce718de6a66f1f6ca67162c5d8d083720cf16711890c9c134c7234dfbcd571dfaa71dde1b96c8c3c125d65dabd5712b6436bffe5de4d661151cf99aeec17b6e871918cde49fedd3571a21527941ccf61e326bb6fa36725215de6dd1d0b2e681b3b82afec836785d4985174b1b9998089ff7f78195c794a602e9240ae4c372a2cc9c762c80e5df7365bcae0252501b4dd1a079c77003fd0dcd5ec3dd4fabb3fcc85d66f7fa92ddfb902f7f5979ab535dac367b0874aa9289e238eff5c276be1b04ff307ee002ed45987cb524195eaf447d7ee6441557c8d590295dd629dc2b9ee5a287484a59bb790c70c07dff589367432d628c1b0b00be09c4cc31cd6fce369b54746812fa282abd3634470c48dff2d33baad8f7bb57088ae3e19cf4028d8fcc890bb5d9922f552e658c51f883143ee881dd7c68e3c436a1da718de7d3d16f162f9ca90a8fd | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AFE5D244A8D1194230FF479FE2F897BBCD7A8CB4\Blob = 0400000001000000100000001b31b0714036cc143691adc43efdec180f0000000100000030000000761613f4cd8607508c3d520fbefe68773735fc73746f42a9fd6254ba3b72f0047994e5af57677cf6d2c1965984965df1090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00b000000010000003a0000005300650063007400690067006f002000280066006f0072006d00650072006c007900200043006f006d006f0064006f002000430041002900000062000000010000002000000052f0e1c4e58ec629291b60317f074671b85d7ea80d5b07273463534b32b40234140000000100000014000000bbaf7e023dfaa6f13c848eadee3898ecd93232d41d0000000100000010000000cb39c3d4272cdf63774e1db810c5a89e030000000100000014000000afe5d244a8d1194230ff479fe2f897bbcd7a8cb419000000010000001000000082218ffb91733e64136be5719f57c3a12000000001000000dc050000308205d8308203c0a00302010202104caaf9cadb636fe01ff74ed85b03869d300d06092a864886f70d01010c0500308185310b3009060355040613024742311b30190603550408131247726561746572204d616e636865737465723110300e0603550407130753616c666f7264311a3018060355040a1311434f4d4f444f204341204c696d69746564312b302906035504031322434f4d4f444f205253412043657274696669636174696f6e20417574686f72697479301e170d3130303131393030303030305a170d3338303131383233353935395a308185310b3009060355040613024742311b30190603550408131247726561746572204d616e636865737465723110300e0603550407130753616c666f7264311a3018060355040a1311434f4d4f444f204341204c696d69746564312b302906035504031322434f4d4f444f205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010091e85492d20a56b1ac0d24ddc5cf446774992b37a37d23700071bc53dfc4fa2a128f4b7f1056bd9f7072b7617fc94b0f17a73de3b00461eeff1197c7f4863e0afa3e5cf993e6347ad9146be79cb385a0827a76af7190d7ecfd0dfa9c6cfadfb082f4147ef9bec4a62f4f7f997fb5fc674372bd0c00d689eb6b2cd3ed8f981c14ab7ee5e36efcd8a8e49224da436b62b855fdeac1bc6cb68bf30e8d9ae49b6c6999f878483045d5ade10d3c4560fc32965127bc67c3ca2eb66bea46c7c720a0b11f65de4808baa44ea9f283463784ebe8cc814843674e722a9b5cbd4c1b288a5c227bb4ab98d9eee05183c309464e6d3e99fa9517da7c3357413c8d51ed0bb65caf2c631adf57c83fbce95dc49baf4599e2a35a24b4baa9563dcf6faaff4958bef0a8fff4b8ade937fbbab8f40b3af9e843421e89d884cb13f1d9bbe18960b88c2856ac141d9c0ae771ebcf0edd3da996a148bd3cf7afb50d224cc01181ec563bf6d3a2e25bb7b204225295809369e88e4c65f191032d707402ea8b671529695202bbd7df506a5546bfa0a328617f70d0c3a2aa2c21aa47ce289c064576bf821827b4d5aeb4cb50e66bf44c867130e9a6df1686e0d8ff40ddfbd042887fa3333a2e5c1e41118163ce18716b2beca68ab7315c3a6a47e0c37959d6201aaff26a98aa72bc574ad24b9dbb10fcb04c41e5ed1d3d5e289d9cccbfb351daa747e584530203010001a3423040301d0603551d0e04160414bbaf7e023dfaa6f13c848eadee3898ecd93232d4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff300d06092a864886f70d01010c050003820201000af1d54684b7ae51bb6cb24d411400934c9ccbe5c054cfa0258e02f9fdb0a20df520983c132dac56a2b0d67e1192e92eba9e2e9a72b1bd19446c6135a29ab41612695a8ce1d73ea41ae82f03f4ae611d101b2aa48b7ac5fe05a6e1c0d6c8fe9eae8f2bba3d99f8d8730958466ea69cf4d727d395da3783721cd373e0a2479903385dd5497900291cc7ec9b201c0724695778b239fc3a84a0b59c7c8dbf2e936227b739da1718aebd3c0968ff849b3cd5d60b03e3579e14f7d1eb4fc8bd8723b7b6494379855cbaeb920ba1c6e868a84c16b11a990ae8532c92bba10918750c65a87bcb23b71ac22885c31bffd02b62efa47b099198678c1401cd68066a6321750380888a6e81c685f2a9a42de7f4a524104783cacdf48d7958b1069be71a2ad99d01d7947ded034acaf0dbe8a9013ef55699c91e8e493dbbe509b9e04f49923d168240cccc59c6e63aed122e693c6c95b1fdaa1d7b7f86be1e0e3246fbfb138f757f4c8b4b4663fe00344070c1c3b9a1dda670e204b341bce98091ea649c7ae12203a99c6e6f0e654f6c87875ef36ea0f975a59b40e853b2279d4ab9c077218dff87f2debc8cef17dfb7490bd1f26e300b1a0e4e76ed11fcf5e956b27dbfc76d0a938ca5d0c0b61dbe3a4e94a2d76e6c0bc28a7cfa20f3c4e4e5cd0da8cb9192b17c85ecb51469660e82e7cdcec82da6517f21c1355385064a5d9fadbb1b5f74 | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349 | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 0f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0620000000100000020000000d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef40b000000010000001c0000005300650063007400690067006f002000280041004100410029000000140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b41d00000001000000100000002e0d6875874a44c820912e85e964cfdb030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e349200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\E12DFB4B41D7D9C32B30514BAC1D81D8385E2D46\Blob = 040000000100000010000000a7f2e41606411150306b9ce3b49cb0c90f0000000100000014000000f45a0858c9cd920e647bad539ab9f1cfc77f24cb0b000000010000002a0000005300650063007400690067006f0020002800550054004e0020004f0062006a0065006300740029000000090000000100000022000000302006082b06010505070303060a2b0601040182370a030406082b060105050703086200000001000000200000006fff78e400a70c11011cd85977c459fb5af96a3df0540820d0f4b8607875e58f140000000100000014000000daed6474149c143cabdd99a9bd5b284d8b3cc9d81d0000000100000010000000f919b9ccce1e59c2e785f7dc2ccf67087e0000000100000008000000000063f58926d70168000000010000000800000000409120d035d901030000000100000014000000e12dfb4b41d7d9c32b30514bac1d81d8385e2d46190000000100000010000000e843ac3b52ec8c297fa948c9b1fb281920000000010000006a040000308204663082034ea003020102021044be0c8b500024b411d3362de0b35f1b300d06092a864886f70d0101050500308195310b3009060355040613025553310b3009060355040813025554311730150603550407130e53616c74204c616b652043697479311e301c060355040a131554686520555345525452555354204e6574776f726b3121301f060355040b1318687474703a2f2f7777772e7573657274727573742e636f6d311d301b0603550403131455544e2d5553455246697273742d4f626a656374301e170d3939303730393138333132305a170d3139303730393138343033365a308195310b3009060355040613025553310b3009060355040813025554311730150603550407130e53616c74204c616b652043697479311e301c060355040a131554686520555345525452555354204e6574776f726b3121301f060355040b1318687474703a2f2f7777772e7573657274727573742e636f6d311d301b0603550403131455544e2d5553455246697273742d4f626a65637430820122300d06092a864886f70d01010105000382010f003082010a0282010100ceaa813fa3a36178aa31005595119e270f1f1cdf3a9b826830c04a611df12f0efabe79f7a523ef55519684cddbe3b96e3e31d80a2067c7f4d9bf94eb47043e02ce2aa25d870409f6309d188a97b2aa1cfc41d2a136cbfb3d91bae7d97035fae4e790c39ba39bd33cf5129977b1b709e068e61cb8f39463886a6afe0b76c9bef422e467b9ab1a5e77c18507dd0d6cbfee06c7776a419ea70fd7fbee9417b7fc85bea4abc41c31ddd7b6d1e4f0efdf168fb25293d7a1d489a1072ebfe10112421e1ae1d89534db647928ffba2e11c2e5e85b9248fb470bc26cdaad328341f3a5e54170fd65906dfafa51c4f9bd962b19042cd36da7dcf07f6f8365e26aab8786750203010001a381af3081ac300b0603551d0f0404030201c6300f0603551d130101ff040530030101ff301d0603551d0e04160414daed6474149c143cabdd99a9bd5b284d8b3cc9d830420603551d1f043b30393037a035a0338631687474703a2f2f63726c2e7573657274727573742e636f6d2f55544e2d5553455246697273742d4f626a6563742e63726c30290603551d250422302006082b0601050507030306082b06010505070308060a2b0601040182370a0304300d06092a864886f70d01010505000382010100081f52b1374478dbfdceb9da959698aa556480b55a40dd21a5c5c1f35f2c4cc8475a69eae8f03535f4d025f3c8a6a4874abd1bb17308bdd4c3cab635bb59867731cda78014ae13effcb148f96b25252d51b62c6d45c198c88a565d3eee434e3e6b278ed03a4b850b5fd3ed6aa775cbd15a872f3975135a72b002819fbef00f845420626c69d4e14dc60d9943010d12968c789dbf50a2b144aa6acf177acf6f0fd4f824555ff0341649663e5046c96371383162b862b9f353ad6cb52ba212aa194f09da5ee793c68e1408fef0308018a086854dc87dd78b03fe6ed5f79d16ac922ca023e59c91521f94df179473c3b3c1c17105200078bd13521da83ecd001fc8 | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\E12DFB4B41D7D9C32B30514BAC1D81D8385E2D46\Blob = 5c000000010000000400000000080000190000000100000010000000e843ac3b52ec8c297fa948c9b1fb2819030000000100000014000000e12dfb4b41d7d9c32b30514bac1d81d8385e2d4668000000010000000800000000409120d035d9017e0000000100000008000000000063f58926d7011d0000000100000010000000f919b9ccce1e59c2e785f7dc2ccf6708140000000100000014000000daed6474149c143cabdd99a9bd5b284d8b3cc9d86200000001000000200000006fff78e400a70c11011cd85977c459fb5af96a3df0540820d0f4b8607875e58f090000000100000022000000302006082b06010505070303060a2b0601040182370a030406082b060105050703080b000000010000002a0000005300650063007400690067006f0020002800550054004e0020004f0062006a00650063007400290000000f0000000100000014000000f45a0858c9cd920e647bad539ab9f1cfc77f24cb040000000100000010000000a7f2e41606411150306b9ce3b49cb0c920000000010000006a040000308204663082034ea003020102021044be0c8b500024b411d3362de0b35f1b300d06092a864886f70d0101050500308195310b3009060355040613025553310b3009060355040813025554311730150603550407130e53616c74204c616b652043697479311e301c060355040a131554686520555345525452555354204e6574776f726b3121301f060355040b1318687474703a2f2f7777772e7573657274727573742e636f6d311d301b0603550403131455544e2d5553455246697273742d4f626a656374301e170d3939303730393138333132305a170d3139303730393138343033365a308195310b3009060355040613025553310b3009060355040813025554311730150603550407130e53616c74204c616b652043697479311e301c060355040a131554686520555345525452555354204e6574776f726b3121301f060355040b1318687474703a2f2f7777772e7573657274727573742e636f6d311d301b0603550403131455544e2d5553455246697273742d4f626a65637430820122300d06092a864886f70d01010105000382010f003082010a0282010100ceaa813fa3a36178aa31005595119e270f1f1cdf3a9b826830c04a611df12f0efabe79f7a523ef55519684cddbe3b96e3e31d80a2067c7f4d9bf94eb47043e02ce2aa25d870409f6309d188a97b2aa1cfc41d2a136cbfb3d91bae7d97035fae4e790c39ba39bd33cf5129977b1b709e068e61cb8f39463886a6afe0b76c9bef422e467b9ab1a5e77c18507dd0d6cbfee06c7776a419ea70fd7fbee9417b7fc85bea4abc41c31ddd7b6d1e4f0efdf168fb25293d7a1d489a1072ebfe10112421e1ae1d89534db647928ffba2e11c2e5e85b9248fb470bc26cdaad328341f3a5e54170fd65906dfafa51c4f9bd962b19042cd36da7dcf07f6f8365e26aab8786750203010001a381af3081ac300b0603551d0f0404030201c6300f0603551d130101ff040530030101ff301d0603551d0e04160414daed6474149c143cabdd99a9bd5b284d8b3cc9d830420603551d1f043b30393037a035a0338631687474703a2f2f63726c2e7573657274727573742e636f6d2f55544e2d5553455246697273742d4f626a6563742e63726c30290603551d250422302006082b0601050507030306082b06010505070308060a2b0601040182370a0304300d06092a864886f70d01010505000382010100081f52b1374478dbfdceb9da959698aa556480b55a40dd21a5c5c1f35f2c4cc8475a69eae8f03535f4d025f3c8a6a4874abd1bb17308bdd4c3cab635bb59867731cda78014ae13effcb148f96b25252d51b62c6d45c198c88a565d3eee434e3e6b278ed03a4b850b5fd3ed6aa775cbd15a872f3975135a72b002819fbef00f845420626c69d4e14dc60d9943010d12968c789dbf50a2b144aa6acf177acf6f0fd4f824555ff0341649663e5046c96371383162b862b9f353ad6cb52ba212aa194f09da5ee793c68e1408fef0308018a086854dc87dd78b03fe6ed5f79d16ac922ca023e59c91521f94df179473c3b3c1c17105200078bd13521da83ecd001fc8 | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\E35E6F46A1A9A4D18A4DAA298BDA4D1E8879236E | C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AFE5D244A8D1194230FF479FE2F897BBCD7A8CB4 | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\31D019FC7AB697D57D9C4AFB340ED7C4D10400DF\Blob = 03000000010000001400000031d019fc7ab697d57d9c4afb340ed7c4d10400df2000000001000000250600003082062130820509a00302010202101b427b060e2866bfb586cc267e1c3eaa300d06092a864886f70d01010b0500308191310b3009060355040613024742311b30190603550408131247726561746572204d616e636865737465723110300e0603550407130753616c666f7264311a3018060355040a1311434f4d4f444f204341204c696d69746564313730350603550403132e434f4d4f444f2052534120457874656e6465642056616c69646174696f6e20436f6465205369676e696e67204341301e170d3138313230343030303030305a170d3231313230333233353935395a308201093110300e060355040513073339313038303531133011060b2b0601040182373c0201031302555331193017060b2b0601040182373c020102130844656c6177617265311d301b060355040f131450726976617465204f7267616e697a6174696f6e310b3009060355040613025553310e300c06035504110c053037303133310b300906035504080c024e4a3110300e06035504070c07436c6966746f6e3116301406035504090c0d313235352042726f616420537431283026060355040a0c1f436f6d6f646f20536563757269747920536f6c7574696f6e732c20496e632e3128302606035504030c1f436f6d6f646f20536563757269747920536f6c7574696f6e732c20496e632e30820122300d06092a864886f70d01010105000382010f003082010a0282010100ad390c8bc919005d5894a91a9585ef887fbd7c2341ff5ebb3efc6f645a66c55e6da11febce740e53ed9416284dfc7d142e4dc21f99753b5f60ae9aadc764b59efd9ffd33b20ae1c54eba629408a1b095a59cf4af0ad9db9bc494250154dcd0edefcec62e4b248d9a793b703aa15255baf3553fa59d4dc558ba4303af630bb626cd6627e0c4a45764ec3b286c38ab2499f9dc13eefdffa7841297ff533b47061b9aa3ff09ee3f04a7b10ba70894e53f3352b1f60eddfc021a66546e3392795bb6ae49a92f189ec2a7cdd9a935fab33a5ce7fc16c4b7e8ca13b4551d38a6a7c0658298a5adf5f6796675f58e1bb4ce410ff704bc5e845bc1ef83c18a0d50e137370203010001a38201f8308201f4301f0603551d23041830168014df8ff3200ce9caa604d85b58372a3dab46dc8349301d0603551d0e041604142d99b81962209042dc650eb36ec07ad996e48c4d300e0603551d0f0101ff040403020780300c0603551d130101ff0402300030130603551d25040c300a06082b06010505070303301106096086480186f842010104040302041030460603551d20043f303d303b060c2b06010401b2310102010601302b302906082b06010505070201161d68747470733a2f2f7365637572652e636f6d6f646f2e636f6d2f43505330550603551d1f044e304c304aa048a0468644687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f434f4d4f444f525341457874656e64656456616c69646174696f6e436f64655369676e696e6743412e63726c30818606082b06010505070101047a3078305006082b060105050730028644687474703a2f2f6372742e636f6d6f646f63612e636f6d2f434f4d4f444f525341457874656e64656456616c69646174696f6e436f64655369676e696e6743412e637274302406082b060105050730018618687474703a2f2f6f6373702e636f6d6f646f63612e636f6d30440603551d11043d303ba02306082b06010505070803a01730150c1355532d44454c41574152452d33393130383035811473636f742e7765697240636f6d6f646f2e636f6d300d06092a864886f70d01010b050003820101007f4d3e6594a3e380fac36b00e97ccacce4786be2ecc13cf37e737aaca0328bb8bfdcd513daff94aba1c7ee00cc8a3bd073157a812f6e31f772781d0bb922a8b86932b296c2312cdf3b239c42bb443b4b1b89b36de34a7fae65ac63eb6ead8812f8d373fa6f1a4e8d9e62eb004caae3639e41e08ed48d640b04725b09b4411dc083587e7fe24b33d90677677960efa6299cc85c4b2bfae4cdfe36581d25e029f6af1a7e77f502882d87597f3cc5bb450a71f9fd57f43b321baa4cbe5213a48a2c5b785a9de4103d5029e4db79403e98784e51379d45a86996b183469e98470731d1a603eaa443a05527aca62f51631722dc0dfe5d74c8298d2aed885d34c9be61 | C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F8DB7E1C16F1FFD4AAAD4AAD8DFF0F2445184AEB | C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 5c0000000100000004000000000800001900000001000000100000002aa1c05e2ae606f198c2c5e937c97aa2030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e3491d00000001000000100000002e0d6875874a44c820912e85e964cfdb140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b40b000000010000001c0000005300650063007400690067006f002000280041004100410029000000620000000100000020000000d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef453000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286040000000100000010000000497904b0eb8719ac47b0bc11519b74d0200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\E12DFB4B41D7D9C32B30514BAC1D81D8385E2D46 | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\6CD253D636A7B4D0E0981431BC064061A9853ED9 | C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\31D019FC7AB697D57D9C4AFB340ED7C4D10400DF | C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\16232A798863E5950F9F44977A033CF91793D8F1\Blob = 03000000010000001400000016232a798863e5950f9f44977a033cf91793d8f1200000000100000016070000308207123082057aa00302010202101f734d111b4b5c879bbd5a8c49ab2a90300d06092a864886f70d01010b05003057310b300906035504061302474231183016060355040a130f5365637469676f204c696d69746564312e302c060355040313255365637469676f205075626c696320436f6465205369676e696e6720434120455620523336301e170d3231313230373030303030305a170d3234313230363233353935395a3081da311330110603550405130a3034303037353135383831133011060b2b0601040182373c02010313025553311b3019060b2b0601040182373c020102130a4e6577204a6572736579311d301b060355040f131450726976617465204f7267616e697a6174696f6e310b30090603550406130255533113301106035504080c0a4e6577204a657273657931273025060355040a0c1e436f6d6f646f20536563757269747920536f6c7574696f6e732c20496e633127302506035504030c1e436f6d6f646f20536563757269747920536f6c7574696f6e732c20496e6330820222300d06092a864886f70d01010105000382020f003082020a0282020100bf278efbb1f070dd512156b387a02946060750ffadb5b00c8a316c6254ccf52787727318f46a676cc12035adfb89cef7c4c4bbefa84627362f58e1b96b6b281fc01535419a7715dd92995ecf8deb4c8291427657bdcbee99fc260f482b91478a76bcf1c50b114be347a43c8a35091d8371e562b1c16f68370f851e037373ff9c00177845d2d5b6da2aaaf808cf9ff1a3a6eda561286e25fa2c0d7e9ae0c7f0c04e1df0baf6f5b6ac0f01940f2a14e467f77505d14c84f45121d45d5c4552ac5eb24fef6bc520ace00bac3aeab817f8fa995b3111a202397031bf4b25dd89e2ba5cf8b9b6b5a521deee25a4e6529c869873414796bbc28f6d3ed733d339b26dd10a3a0e2d43eb9815e1b33fb6a48f0ad3fe196ecb20207862249a5456601c09f1e344453cad88350bb392a74a899f716e018c40cac5fd3f9b691261e3528f51ae70a28b00271c5a540ec387e778f75a4ceabfd34f9b17d6a76481240727ba17973f3746e175ab4cae3f9b28dfad2a842a220491f66956ae90f8b44c343ccbb8cd6ae46eb19aa6f6ae55687129eb473a3111d1db67d708955afacc070e048b5aab7587a732bc77c9a66c72c604a4ae96ee00d38d492af000d6099cce5bd9b7c42554e74ad2091f79baea8cd4b92d092f89a294ebf5ddb785a39b21c1befd7faecc58a6e99022139f7120753a4cdb4b98e700a08dd850224d67c8aa811cd61d63950203010001a38201d4308201d0301f0603551d23041830168014813292412b28cd46c8c4a2c62a3912ec48a93f14301d0603551d0e041604145d9262d74ec55663e2d856b3702cca554d2809fd300e0603551d0f0101ff040403020780300c0603551d130101ff0402300030130603551d25040c300a06082b06010505070303301106096086480186f842010104040302041030490603551d20044230403035060c2b06010401b23101020106013025302306082b06010505070201161768747470733a2f2f7365637469676f2e636f6d2f4350533007060567810c0103304b0603551d1f044430423040a03ea03c863a687474703a2f2f63726c2e7365637469676f2e636f6d2f5365637469676f5075626c6963436f64655369676e696e67434145565233362e63726c307b06082b06010505070101046f306d304606082b06010505073002863a687474703a2f2f6372742e7365637469676f2e636f6d2f5365637469676f5075626c6963436f64655369676e696e67434145565233362e637274302306082b060105050730018617687474703a2f2f6f6373702e7365637469676f2e636f6d30330603551d11042c302aa02806082b06010505070803a01c301a0c1855532d4e4557204a45525345592d30343030373531353838300d06092a864886f70d01010b0500038201810000b6abcb859749fe5bea2213f31cfe6db00bb221447b7f781d40982487806bdb7b711b08b210fec553172e5492ed62cd4eb3c63f4352c33d87e3aaf9265287438c0cfa8183b68cdf6a52df3094b4fb4fc01a82e39292fc5c2525f30f5da0077e8b37879c9c33a46b34cda70fdd89e87cec6f9b320aa3ec145b2843af9ff9cdf5d7030b3b34b5e1436b06ed64f2358de7e894dc929e7d218a2c362c4b2a78f0852e9bc55fcb805c86b407879bd4d1cc8d24b3a647ad85cdbd19fd29f030e1976a5369e550b780dc853824d4f031f69afd1a4967ec5f3871443f8b55d40c6ce0049d5af7c2d6f3f1df0471e0d47daa19a010cc08489dd330c8aa036c63ec148a37b855e6e2cbe7993d3bc17459ba47251c568c80468c8c8eeef2b561903a64c54472284333302f8e957906f9fa7af48afd60d63886595389b305e9b2cae6547efc2e85a5a382e7abef4d5efcfc3e8a0320a1c7e6bd5b8b68f5a4931b5bdb6e0200e502becdd39258d1df1b7f0ead70b94c06e329ea1d9e52f32104c7c0b3a26d5b | C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: LoadsDriver
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.001\bin\ise_installer\isestart.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.001\bin\ise_installer\isestart.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Volume Shadow Copy service COM API
Processes
C:\Users\Admin\AppData\Local\Temp\advbattoexeconverter.exe
"C:\Users\Admin\AppData\Local\Temp\advbattoexeconverter.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffed3c0ab58,0x7ffed3c0ab68,0x7ffed3c0ab78
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1740 --field-trial-handle=1952,i,14048443348409948006,16024198263447216804,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 --field-trial-handle=1952,i,14048443348409948006,16024198263447216804,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2272 --field-trial-handle=1952,i,14048443348409948006,16024198263447216804,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2988 --field-trial-handle=1952,i,14048443348409948006,16024198263447216804,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2996 --field-trial-handle=1952,i,14048443348409948006,16024198263447216804,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4396 --field-trial-handle=1952,i,14048443348409948006,16024198263447216804,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4556 --field-trial-handle=1952,i,14048443348409948006,16024198263447216804,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4680 --field-trial-handle=1952,i,14048443348409948006,16024198263447216804,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4588 --field-trial-handle=1952,i,14048443348409948006,16024198263447216804,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4336 --field-trial-handle=1952,i,14048443348409948006,16024198263447216804,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4860 --field-trial-handle=1952,i,14048443348409948006,16024198263447216804,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe" --reenable-autoupdates --system-level
C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x254,0x258,0x25c,0x230,0x260,0x7ff69d9cae48,0x7ff69d9cae58,0x7ff69d9cae68
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4632 --field-trial-handle=1952,i,14048443348409948006,16024198263447216804,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3456 --field-trial-handle=1952,i,14048443348409948006,16024198263447216804,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4916 --field-trial-handle=1952,i,14048443348409948006,16024198263447216804,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4260 --field-trial-handle=1952,i,14048443348409948006,16024198263447216804,131072 /prefetch:8
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4b0 0x2f8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5368 --field-trial-handle=1952,i,14048443348409948006,16024198263447216804,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5408 --field-trial-handle=1952,i,14048443348409948006,16024198263447216804,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5360 --field-trial-handle=1952,i,14048443348409948006,16024198263447216804,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2448 --field-trial-handle=1952,i,14048443348409948006,16024198263447216804,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5244 --field-trial-handle=1952,i,14048443348409948006,16024198263447216804,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5124 --field-trial-handle=1952,i,14048443348409948006,16024198263447216804,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5408 --field-trial-handle=1952,i,14048443348409948006,16024198263447216804,131072 /prefetch:8
C:\Users\Admin\Downloads\cispro_installer.exe
"C:\Users\Admin\Downloads\cispro_installer.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=5088 --field-trial-handle=1952,i,14048443348409948006,16024198263447216804,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=5436 --field-trial-handle=1952,i,14048443348409948006,16024198263447216804,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5704 --field-trial-handle=1952,i,14048443348409948006,16024198263447216804,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5932 --field-trial-handle=1952,i,14048443348409948006,16024198263447216804,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=5108 --field-trial-handle=1952,i,14048443348409948006,16024198263447216804,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=5456 --field-trial-handle=1952,i,14048443348409948006,16024198263447216804,131072 /prefetch:1
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe
"C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe" -log -setupname "cispro_installer.exe" -sfx "C:\Users\Admin\Downloads" -theme lycia -type alone -mode cispro -partner 18137
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=6332 --field-trial-handle=1952,i,14048443348409948006,16024198263447216804,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6268 --field-trial-handle=1952,i,14048443348409948006,16024198263447216804,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5520 --field-trial-handle=1952,i,14048443348409948006,16024198263447216804,131072 /prefetch:8
C:\ProgramData\Comodo\Installer\ise_installer.exe
"C:\ProgramData\\Comodo\Installer\ise_installer.exe" /quiet /chid=18137 /aff=18137
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.001\bin\ise_installer\isestart.exe
"C:\Users\Admin\AppData\Local\Temp\7ZipSfx.001\bin\ise_installer\isestart.exe" /quiet /chid=18137 /aff=18137
C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
C:\Windows\System32\MsiExec.exe
C:\Windows\System32\MsiExec.exe -Embedding C1F2E6D720A0BE98109EC7397DB72286
C:\Windows\System32\MsiExec.exe
C:\Windows\System32\MsiExec.exe -Embedding F663E821FC44473AE4E09C81E39D14E0 E Global\MSI0000
C:\Windows\Installer\MSI1004.tmp
"C:\Windows\Installer\MSI1004.tmp" -rptype 0 -descr "Installing COMODO Internet Security Pro" -logfile "C:\Users\Admin\AppData\Local\Temp\COMODO Internet Security dbgout.log"
C:\Windows\Installer\MSI1004.tmp
"C:\Windows\Installer\MSI1004.tmp" -rptype 0 -descr "Installing COMODO Internet Security Pro" -logfile "C:\Users\Admin\AppData\Local\Temp\COMODO Internet Security dbgout.log" -working
C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
C:\Windows\system32\srtasks.exe
C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=244 --field-trial-handle=1952,i,14048443348409948006,16024198263447216804,131072 /prefetch:2
C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe
"C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe" --installCertificates
C:\Windows\system32\regsvr32.exe
"regsvr32.exe" /s "C:\Program Files\COMODO\COMODO Internet Security\cisresc.dll"
C:\Windows\system32\regsvr32.exe
"regsvr32.exe" /s "C:\Program Files\COMODO\COMODO Internet Security\cisbfps.dll"
C:\Program Files\COMODO\COMODO Internet Security\cisbf.exe
"C:\Program Files\COMODO\COMODO Internet Security\cisbf.exe" /RegServer
C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe
"C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe" --updateHtml
C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe
"C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe" --langID 1033 --createConfig "active=avfw;dplus=opt;esm=0;av=1;fw=1;cesfw=1;cesav=1;cessandbox=1;free=0;noalerts=1;cloud=1;sendstats=1;configfile=;fwstate=0;dfstate=0;avstate=0;bbstate=0;avservers=0;standalone=1;useblob=1;trustnewnets=0;"
C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe
"C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe" --upgradeBackuped=""
C:\Windows\system32\runonce.exe
"C:\Windows\system32\runonce.exe" -r
C:\Windows\System32\grpconv.exe
"C:\Windows\System32\grpconv.exe" -o
C:\Windows\system32\runonce.exe
"C:\Windows\system32\runonce.exe" -r
C:\Windows\System32\grpconv.exe
"C:\Windows\System32\grpconv.exe" -o
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch -p -s DeviceInstall
C:\Windows\system32\DrvInst.exe
DrvInst.exe "4" "1" "C:\Program Files\COMODO\COMODO Internet Security\drivers\win10\inspect.inf" "9" "471514ecf" "0000000000000148" "WinSta0\Default" "0000000000000158" "208" "C:\Program Files\COMODO\COMODO Internet Security\drivers\win10"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 140.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 79.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.126.166.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 253.15.104.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 227.75.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| FR | 142.250.178.132:443 | www.google.com | udp |
| FR | 142.250.178.132:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | 170.20.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 132.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| FR | 142.250.179.78:443 | play.google.com | udp |
| FR | 142.250.179.78:443 | play.google.com | tcp |
| US | 8.8.8.8:53 | 78.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| FR | 142.250.178.142:443 | clients2.google.com | udp |
| FR | 142.250.178.142:443 | clients2.google.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 142.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 163.20.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | consent.google.com | udp |
| FR | 142.250.178.142:443 | consent.google.com | tcp |
| US | 8.8.8.8:53 | encrypted-tbn0.gstatic.com | udp |
| FR | 172.217.18.206:443 | encrypted-tbn0.gstatic.com | tcp |
| FR | 172.217.18.206:443 | encrypted-tbn0.gstatic.com | tcp |
| FR | 172.217.18.206:443 | encrypted-tbn0.gstatic.com | tcp |
| US | 8.8.8.8:53 | 206.18.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | id.google.com | udp |
| HK | 172.217.24.227:443 | id.google.com | tcp |
| HK | 172.217.24.227:443 | id.google.com | tcp |
| US | 8.8.8.8:53 | 227.24.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.comodo.com | udp |
| US | 207.246.124.187:443 | www.comodo.com | tcp |
| US | 207.246.124.187:443 | www.comodo.com | tcp |
| US | 8.8.8.8:53 | scripts.iconnode.com | udp |
| GB | 3.162.20.36:443 | scripts.iconnode.com | tcp |
| US | 8.8.8.8:53 | 194.18.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 187.124.246.207.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.20.162.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | secure.nurd.com | udp |
| US | 162.255.25.161:443 | secure.nurd.com | tcp |
| US | 8.8.8.8:53 | js.hs-scripts.com | udp |
| US | 8.8.8.8:53 | js-na1.hs-scripts.com | udp |
| US | 104.16.137.209:443 | js-na1.hs-scripts.com | tcp |
| US | 104.16.137.209:443 | js-na1.hs-scripts.com | tcp |
| US | 8.8.8.8:53 | 161.25.255.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | secure.trust-provider.com | udp |
| GB | 91.199.212.148:443 | secure.trust-provider.com | tcp |
| US | 8.8.8.8:53 | snap.licdn.com | udp |
| US | 8.8.8.8:53 | beta.phonewagon.com | udp |
| US | 2.17.251.40:443 | snap.licdn.com | tcp |
| US | 8.8.8.8:53 | js.hscollectedforms.net | udp |
| US | 8.8.8.8:53 | js.hsadspixel.net | udp |
| US | 8.8.8.8:53 | js.hs-banner.com | udp |
| US | 8.8.8.8:53 | js.hs-analytics.net | udp |
| US | 8.8.8.8:53 | js.hsleadflows.net | udp |
| US | 104.16.108.254:443 | js.hscollectedforms.net | tcp |
| US | 104.17.128.172:443 | js.hsadspixel.net | tcp |
| US | 104.18.139.17:443 | js.hsleadflows.net | tcp |
| US | 104.17.175.201:443 | js.hs-analytics.net | tcp |
| US | 172.64.153.27:443 | js.hs-banner.com | tcp |
| US | 8.8.8.8:53 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | www.google.co.uk | udp |
| US | 8.8.8.8:53 | px.ads.linkedin.com | udp |
| US | 216.239.34.36:443 | region1.analytics.google.com | tcp |
| BE | 64.233.167.154:443 | stats.g.doubleclick.net | tcp |
| US | 13.107.42.14:443 | px.ads.linkedin.com | tcp |
| US | 8.8.8.8:53 | forms.hscollectedforms.net | udp |
| US | 172.64.153.27:443 | js.hs-banner.com | tcp |
| US | 8.8.8.8:53 | 209.137.16.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 168.20.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 148.212.199.91.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 138.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 40.251.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 254.108.16.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.128.17.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 17.139.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 201.175.17.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 27.153.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.34.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.167.233.64.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.42.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.linkedin.com | udp |
| US | 8.8.8.8:53 | geekbuddy.freshchat.com | udp |
| US | 8.8.8.8:53 | track.hubspot.com | udp |
| US | 76.223.64.65:443 | geekbuddy.freshchat.com | tcp |
| US | 104.16.117.116:443 | track.hubspot.com | tcp |
| US | 8.8.8.8:53 | assetscdn-wchat.freshchat.com | udp |
| GB | 18.165.160.31:443 | assetscdn-wchat.freshchat.com | tcp |
| GB | 18.165.160.31:443 | assetscdn-wchat.freshchat.com | tcp |
| GB | 18.165.160.31:443 | assetscdn-wchat.freshchat.com | tcp |
| US | 8.8.8.8:53 | 65.64.223.76.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 116.117.16.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 31.160.165.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | rts-static-prod.freshworksapi.com | udp |
| GB | 18.172.89.121:443 | rts-static-prod.freshworksapi.com | tcp |
| US | 8.8.8.8:53 | 732142690628692.webpush.freshchat.com | udp |
| GB | 3.162.20.21:443 | 732142690628692.webpush.freshchat.com | tcp |
| US | 8.8.8.8:53 | fc-use1-00-pics-bkt-00.s3.amazonaws.com | udp |
| US | 3.5.25.242:443 | fc-use1-00-pics-bkt-00.s3.amazonaws.com | tcp |
| US | 8.8.8.8:53 | 21.20.162.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 121.89.172.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 242.25.5.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api.hubapi.com | udp |
| US | 104.18.240.108:443 | api.hubapi.com | tcp |
| US | 8.8.8.8:53 | forms.hubspot.com | udp |
| US | 104.16.118.116:443 | forms.hubspot.com | tcp |
| US | 8.8.8.8:53 | 116.118.16.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 108.240.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | static.hotjar.com | udp |
| US | 8.8.8.8:53 | ws.zoominfo.com | udp |
| US | 104.16.117.43:443 | ws.zoominfo.com | tcp |
| GB | 18.165.160.12:443 | static.hotjar.com | tcp |
| US | 8.8.8.8:53 | script.hotjar.com | udp |
| GB | 3.162.20.60:443 | script.hotjar.com | tcp |
| US | 8.8.8.8:53 | antivirus.comodo.com | udp |
| US | 104.37.183.1:443 | antivirus.comodo.com | tcp |
| US | 104.37.183.1:443 | antivirus.comodo.com | tcp |
| US | 8.8.8.8:53 | 12.160.165.18.in-addr.arpa | udp |
| US | 216.239.34.36:443 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| FR | 142.250.179.74:443 | content-autofill.googleapis.com | tcp |
| US | 8.8.8.8:53 | 60.20.162.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.183.37.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.179.250.142.in-addr.arpa | udp |
| FR | 142.250.179.74:443 | content-autofill.googleapis.com | udp |
| US | 8.8.8.8:53 | download.comodo.com | udp |
| US | 162.255.25.209:443 | download.comodo.com | tcp |
| US | 162.255.25.209:443 | download.comodo.com | tcp |
| US | 8.8.8.8:53 | cdn.download.comodo.com | udp |
| FR | 185.93.2.244:443 | cdn.download.comodo.com | tcp |
| US | 8.8.8.8:53 | 209.25.255.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 244.2.93.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.20.217.172.in-addr.arpa | udp |
| BE | 64.233.167.154:443 | stats.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | vc.hotjar.io | udp |
| GB | 3.162.20.77:443 | vc.hotjar.io | tcp |
| US | 8.8.8.8:53 | 77.20.162.3.in-addr.arpa | udp |
| FR | 142.250.179.78:443 | play.google.com | udp |
| HK | 172.217.24.227:443 | id.google.com | udp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| FR | 216.58.214.182:443 | i.ytimg.com | tcp |
| FR | 216.58.214.182:443 | i.ytimg.com | tcp |
| US | 8.8.8.8:53 | 182.214.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| FR | 216.58.214.182:443 | i.ytimg.com | udp |
| FR | 142.250.179.78:443 | www.youtube.com | udp |
| FR | 142.250.178.132:443 | www.google.com | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | static.doubleclick.net | udp |
| FR | 172.217.20.198:443 | static.doubleclick.net | tcp |
| FR | 172.217.20.194:443 | googleads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | jnn-pa.googleapis.com | udp |
| FR | 172.217.20.194:443 | googleads.g.doubleclick.net | udp |
| FR | 142.250.179.74:443 | jnn-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | 198.20.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.20.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.149.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| NL | 173.194.69.84:443 | accounts.google.com | udp |
| US | 8.8.8.8:53 | cmc.comodo.com | udp |
| GB | 178.255.85.135:443 | cmc.comodo.com | tcp |
| US | 8.8.8.8:53 | licensing.security.comodo.com | udp |
| US | 8.8.8.8:53 | licensing.security.comodo.com | udp |
| US | 45.32.1.220:443 | licensing.security.comodo.com | tcp |
| US | 8.8.8.8:53 | 84.69.194.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| FR | 142.250.201.163:443 | beacons.gcp.gvt2.com | tcp |
| US | 8.8.8.8:53 | 163.201.250.142.in-addr.arpa | udp |
| US | 45.32.1.220:443 | licensing.security.comodo.com | tcp |
| US | 8.8.8.8:53 | play.google.com | udp |
| FR | 142.250.179.78:443 | play.google.com | udp |
| FR | 142.250.179.78:443 | play.google.com | tcp |
| US | 8.8.8.8:53 | youtube.com | udp |
| FR | 216.58.214.174:443 | youtube.com | tcp |
| FR | 216.58.214.174:443 | youtube.com | tcp |
| US | 8.8.8.8:53 | crl.comodoca.com | udp |
| US | 104.18.38.233:80 | crl.comodoca.com | tcp |
| US | 8.8.8.8:53 | 174.214.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 233.38.18.104.in-addr.arpa | udp |
| US | 45.32.1.220:443 | licensing.security.comodo.com | tcp |
| US | 8.8.8.8:53 | cmc.comodo.com | udp |
| GB | 178.255.85.135:443 | cmc.comodo.com | tcp |
| US | 8.8.8.8:53 | consent.youtube.com | udp |
| FR | 216.58.215.46:443 | consent.youtube.com | tcp |
| FR | 142.250.201.163:443 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | e2c23.gcp.gvt2.com | udp |
| US | 35.184.229.211:443 | e2c23.gcp.gvt2.com | tcp |
| US | 35.184.229.211:443 | e2c23.gcp.gvt2.com | tcp |
| US | 8.8.8.8:53 | 46.215.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | rr5---sn-aigl6n6s.googlevideo.com | udp |
| GB | 173.194.3.74:443 | rr5---sn-aigl6n6s.googlevideo.com | tcp |
| GB | 173.194.3.74:443 | rr5---sn-aigl6n6s.googlevideo.com | tcp |
| US | 8.8.8.8:53 | beacons.gvt2.com | udp |
| US | 8.8.8.8:53 | 211.229.184.35.in-addr.arpa | udp |
| FR | 216.58.215.35:443 | beacons.gvt2.com | tcp |
| GB | 173.194.3.74:443 | rr5---sn-aigl6n6s.googlevideo.com | tcp |
| FR | 172.217.20.198:443 | static.doubleclick.net | udp |
| GB | 178.255.85.135:443 | cmc.comodo.com | tcp |
| US | 8.8.8.8:53 | 35.215.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.3.194.173.in-addr.arpa | udp |
| GB | 173.194.3.74:443 | rr5---sn-aigl6n6s.googlevideo.com | tcp |
| GB | 173.194.3.74:443 | rr5---sn-aigl6n6s.googlevideo.com | tcp |
| GB | 173.194.3.74:443 | rr5---sn-aigl6n6s.googlevideo.com | tcp |
| GB | 173.194.3.74:443 | rr5---sn-aigl6n6s.googlevideo.com | tcp |
| US | 8.8.8.8:53 | suggestqueries-clients6.youtube.com | udp |
| FR | 142.250.179.78:443 | play.google.com | udp |
| FR | 142.250.74.238:443 | suggestqueries-clients6.youtube.com | tcp |
| FR | 142.250.74.238:443 | suggestqueries-clients6.youtube.com | tcp |
| FR | 142.250.74.238:443 | suggestqueries-clients6.youtube.com | tcp |
| FR | 142.250.74.238:443 | suggestqueries-clients6.youtube.com | udp |
| US | 8.8.8.8:53 | 238.74.250.142.in-addr.arpa | udp |
| FR | 142.250.74.238:443 | suggestqueries-clients6.youtube.com | udp |
| FR | 142.250.74.238:443 | suggestqueries-clients6.youtube.com | udp |
| US | 45.32.1.220:443 | licensing.security.comodo.com | tcp |
| GB | 178.255.85.135:443 | cmc.comodo.com | tcp |
| FR | 216.58.214.174:443 | youtube.com | udp |
| US | 45.32.1.220:443 | licensing.security.comodo.com | tcp |
| US | 8.8.8.8:53 | yt3.ggpht.com | udp |
| FR | 142.250.179.97:443 | yt3.ggpht.com | tcp |
| FR | 142.250.179.97:443 | yt3.ggpht.com | tcp |
| US | 8.8.8.8:53 | 97.179.250.142.in-addr.arpa | udp |
| FR | 142.250.179.97:443 | yt3.ggpht.com | udp |
| US | 8.8.8.8:53 | rr5---sn-5hne6nzs.googlevideo.com | udp |
| NL | 74.125.8.106:443 | rr5---sn-5hne6nzs.googlevideo.com | tcp |
| US | 8.8.8.8:53 | 106.8.125.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | lh5.googleusercontent.com | udp |
| FR | 142.250.74.225:443 | lh5.googleusercontent.com | udp |
| US | 8.8.8.8:53 | rr2---sn-5hne6nsr.googlevideo.com | udp |
| FR | 142.250.74.225:443 | lh5.googleusercontent.com | tcp |
| US | 8.8.8.8:53 | 225.74.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | rr1---sn-5hne6nsr.googlevideo.com | udp |
| US | 8.8.8.8:53 | rr3---sn-5hne6ns6.googlevideo.com | udp |
| NL | 209.85.226.104:443 | rr3---sn-5hne6ns6.googlevideo.com | udp |
| NL | 172.217.132.71:443 | rr2---sn-5hne6nsr.googlevideo.com | udp |
| US | 8.8.8.8:53 | 230.75.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.226.85.209.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.132.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | lh4.googleusercontent.com | udp |
| NL | 172.217.132.70:443 | rr1---sn-5hne6nsr.googlevideo.com | udp |
| US | 8.8.8.8:53 | rr1---sn-5hne6n6l.googlevideo.com | udp |
| NL | 74.125.8.166:443 | rr1---sn-5hne6n6l.googlevideo.com | udp |
| US | 8.8.8.8:53 | 70.132.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 166.8.125.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | rr4---sn-5hne6nzy.googlevideo.com | udp |
| NL | 172.217.132.169:443 | rr4---sn-5hne6nzy.googlevideo.com | udp |
| US | 8.8.8.8:53 | 169.132.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | rr4---sn-5hne6nzs.googlevideo.com | udp |
| NL | 74.125.8.105:443 | rr4---sn-5hne6nzs.googlevideo.com | udp |
| US | 8.8.8.8:53 | 105.8.125.74.in-addr.arpa | udp |
| NL | 74.125.8.106:443 | rr5---sn-5hne6nzs.googlevideo.com | udp |
| US | 8.8.8.8:53 | cis.td.security.comodo.com | udp |
| US | 209.127.178.76:443 | cis.td.security.comodo.com | tcp |
| US | 8.8.8.8:53 | 76.178.127.209.in-addr.arpa | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| FR | 142.250.178.142:443 | clients2.google.com | udp |
| FR | 142.250.178.142:443 | clients2.google.com | tcp |
| US | 8.8.8.8:53 | rr1---sn-5hne6n6e.googlevideo.com | udp |
| NL | 172.217.132.230:443 | rr1---sn-5hne6n6e.googlevideo.com | udp |
| US | 8.8.8.8:53 | 230.132.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | rr5---sn-5hne6nzd.googlevideo.com | udp |
| NL | 74.125.100.234:443 | rr5---sn-5hne6nzd.googlevideo.com | udp |
| US | 8.8.8.8:53 | lh3.googleusercontent.com | udp |
| US | 8.8.8.8:53 | 234.100.125.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | rr2---sn-5hne6nzy.googlevideo.com | udp |
| NL | 172.217.132.167:443 | rr2---sn-5hne6nzy.googlevideo.com | udp |
| US | 8.8.8.8:53 | 167.132.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 239.249.30.184.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 178.223.142.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | rr1---sn-5hneknee.googlevideo.com | udp |
| NL | 74.125.8.70:443 | rr1---sn-5hneknee.googlevideo.com | udp |
| US | 8.8.8.8:53 | 70.8.125.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | rr3---sn-5hne6nsy.googlevideo.com | udp |
| NL | 172.217.132.104:443 | rr3---sn-5hne6nsy.googlevideo.com | udp |
| US | 8.8.8.8:53 | 104.132.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | rr1---sn-5hne6nsd.googlevideo.com | udp |
| NL | 172.217.132.6:443 | rr1---sn-5hne6nsd.googlevideo.com | udp |
| US | 8.8.8.8:53 | 6.132.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | rr2---sn-5hne6nzs.googlevideo.com | udp |
| NL | 74.125.8.103:443 | rr2---sn-5hne6nzs.googlevideo.com | udp |
| US | 8.8.8.8:53 | 103.8.125.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | rr5---sn-5hne6nsd.googlevideo.com | udp |
| NL | 172.217.132.10:443 | rr5---sn-5hne6nsd.googlevideo.com | udp |
| FR | 142.250.201.163:443 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | 10.132.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| NL | 173.194.69.84:443 | accounts.google.com | udp |
| NL | 173.194.69.84:443 | accounts.google.com | tcp |
| FR | 142.250.74.238:443 | suggestqueries-clients6.youtube.com | udp |
| FR | 142.250.74.238:443 | suggestqueries-clients6.youtube.com | udp |
| US | 8.8.8.8:53 | rr1---sn-5hneknek.googlevideo.com | udp |
| NL | 74.125.8.134:443 | rr1---sn-5hneknek.googlevideo.com | udp |
| US | 8.8.8.8:53 | 134.8.125.74.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Temp\gentee00\gentee.dll
| MD5 | 30439e079a3d603c461d2c2f4f8cb064 |
| SHA1 | aaf470f6bd8deadedbc31adf17035041176c6134 |
| SHA256 | d6d0535175fb2302e5b5a498119823c37f6bddff4ab24f551aa7e038c343077a |
| SHA512 | 607a81be02bde679aff45770e2fd5c2471d64439fdb23c3e494aed98970131e5d677e1eba3b7b36fca5b8d5b99580856bb8cf1806139c9f73693afb512126b9e |
C:\Users\Admin\AppData\Local\Temp\gentee00\guig.dll
| MD5 | f78ee6369ada1fb02b776498146cc903 |
| SHA1 | d5ba66acdab6a48327c76796d28be1e02643a129 |
| SHA256 | f1073319d4868d38e0ae983ad42a00cdc53be93b31275b4b55af676976c1aa3f |
| SHA512 | 88cff3e58cf66c3f2b5b3a65b8b9f9e8ac011e1bd6025cadadb0f765f062cb3d608c23c2d3832f89ada0b7681170dce1ee4a0b8b873e84135756d14ba8c69fa9 |
\??\pipe\crashpad_4680_WVQHURNGAJTUCKCO
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 4ea5f60a039c746fd1a9715145a729ca |
| SHA1 | 627ec1f4a072e4a9d1ade5ac4bbdcc3b8c4e1817 |
| SHA256 | 7231607ccec3ebfe280e571c81482863ba6a9f6f7d1d4c6e6d82be962804f8e3 |
| SHA512 | c9ede24c9493711f6c8ad08d4874cc49296111745adfa991eeddac88eeaf5e24159369a6d27a7432e5c05145b7822b942b2086cd1c34e3daf4963ca165cca9a3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 39e700d9ec7a4e85045791f436154aad |
| SHA1 | eb0c946874e4e08c9ea43d7e17da9dd0eb8b72e0 |
| SHA256 | 37b14ae0d985af38e22c2a6b7546f3e24362b054d3ec559d68a1c824f1842c18 |
| SHA512 | 15a6fd1e70ebdf075af7e4c4e66092c664c98f1037d8e95fe1a82535760219a22405fa7204e1a96a4a3f187b13a7c0036aea276a72aba4dab9b1b49cfdb9290f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | c0f9c021b61053030a71f50d0d1eb73a |
| SHA1 | 05c97d68aaba53ebca390a23b3c0371ca3f5335c |
| SHA256 | 6dca2e861a7166424f8184213f871013f9f7370060c71ad6d9a46fbacbb41771 |
| SHA512 | b43f52d7d96254fa5a850b00fb3d5afad2a1042e41bfe3d0d1a2532060369b3dc0b388812806aa07c0d6fd3f4dbceddd1829230f7a3facba9514835b6a23ede0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
| MD5 | ccc3433476cd616637d0394542cee527 |
| SHA1 | b15ada55464cb35ad7d6d4f7ed823225aa7d57d3 |
| SHA256 | a5832b07f0bdc6b50e6a1be2c6bc123ed10e11bad3c85f165305f19bed258768 |
| SHA512 | 313020665db931e0e76472f8863023e104da01f74f9f2f1ab85475aab4104f82be9b78c963beba8bcf25d79a2f306544cd478043bef87fd64e30742b5afe9711 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 4d41c8e7a9717ab47d331ed3309ca56f |
| SHA1 | af2f8c425eb7a0a533a33fdf5763a9f0d2706ef9 |
| SHA256 | b62e1402cc3e455920c5da5ae25e4f9f8081fcb120c7568268154af6db9aa006 |
| SHA512 | ac0e331c6c207140cc292e3a457049fa82e99bebb0c559813a0d8f9e2318854a150e4936abeec1237af96773821906225bafbc4581830c857c1d8a9b2ea72eeb |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 4a80de0ebda42a572558d18599fd7629 |
| SHA1 | 314cb52bfb551aad901a1675e5e1ea2b631b1dc8 |
| SHA256 | 836eb57e1fa4ec1c7899fda431ff71c8bee2006a30f7a9a07b9f8190351cf119 |
| SHA512 | 615715ae4ad958eef173e587fd367ec0aa7dc42394f4226364f9b13cf8de61aef928c9d840243d7f2f968bdce4d0d406d275a3fe6971efa6fc33f2851be60e36 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003b
| MD5 | add520996e437bff5d081315da187fbf |
| SHA1 | 2e489fe16f3712bf36df00b03a8a5af8fa8d4b42 |
| SHA256 | 922b951591d52d44aa7015ebc95cab08192aa435b64f9016673ac5da1124a8b4 |
| SHA512 | 2220fa232537d339784d7cd999b1f617100acdea7184073e6a64ea4e55db629f85bfa70ffda1dc2fd32bdc254f5856eeeb87d969476a2e36b5973d2f0eb86497 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | af05f38238d6db5e2a3578bc1522b931 |
| SHA1 | 0e89d5179249b2f4e94a0aa57282751b1e90003c |
| SHA256 | 09e32791bcf3941c978009b559557dcd6403f31dc7cf341f8c29f4d4afbbc03d |
| SHA512 | e0b06b543a63198d75e1828d242d4f0e1ef000c36445ccef9d7077fac79186936458e5143ffd4407a3e35148343befc3601913d2318eea226699a6d6cde94f72 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 84376ffc758b4ca265d3a6f5c7adb258 |
| SHA1 | 6f282e57f806b8bfcde38d9ecbd60242e68c894c |
| SHA256 | bf38d43a6b020dcb84aec238af703a80d7d5a2132366e22c8b70c349bb837de6 |
| SHA512 | 49e36b9edc48115607171c44ba61ba30831b12fb8f3f5f57c471517efe8d16679be421a8fc6e64d15452337e83cc35b3da2bd49aaeb2dcbe2275eceb45174273 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
| MD5 | 35a754f1554148a0d2853fee04dd6f25 |
| SHA1 | 359ec83d3c60cee4aacab803767651431c499c4b |
| SHA256 | b6ebc9cd06dbf7379747e5fd6c046a9c90cbcde7369684089bea334b532233d0 |
| SHA512 | e3a9bfdefa2b0135574894dceae66c86b9a779cd3aeba296e8f8b4d13e4411733e417d8f684cb66f1ad92767eb8f7f876844e148ad489c2d37fbe8d3e282a183 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5d2f7f.TMP
| MD5 | 2da4b4fef940a4c976306c0ad7014bd8 |
| SHA1 | 4f3ac34413f456b331a11496f60e20e83d76e6df |
| SHA256 | 1c71cd0e0280719e39cb96115f217cb9301e18d5e82ba5fdfb3d53bef8e8d427 |
| SHA512 | 128bcb55584c9ecda758ee4108c4cd855e3b28916a3020cbf79ce831ff21e66e4e614b06b57d7a69682a42fbf45a53c0cf64339ace47fb033cdf666414bce0ec |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | 5a9a7a9cd144845ea6475309646ca734 |
| SHA1 | 725b071448ca0d5092546734141fec13177b497b |
| SHA256 | d76e6ce4e46e4c0cc3a8bf27cc0ca1c15a285f55f335b065191b715253f109fb |
| SHA512 | 693bc14901bb6a1af9b184820efa6564f8a7902747bdde991e572cb70de3ddf683f35f14c4421865b85ebb7f2a68f8a73dc6cf0e549fb354f21a48fe7b120c8b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5d3b08.TMP
| MD5 | a73aa4ec14a4f467004ec02359c1f117 |
| SHA1 | b5a992f45437ec5ddfdcf5bbdd15db161ba99119 |
| SHA256 | c7b1655919bced27249ef4457aa948096c9736a9035460e2eba300682a36a0fb |
| SHA512 | 98809ad4b18efa276108a9246502f070db368a1a879470a1322838e436958f1c451885c0e6e03f20b96ebbfd2c5d58b4e308305facee7f6db635211f84429704 |
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cis\download\installs\installer_data\eula\eula_cavplus.html
| MD5 | b655d81127550b07fbe2ac849e6e1e42 |
| SHA1 | 61fa51e4c9f01d5c7302a8a9ac6c43bbc665c45d |
| SHA256 | 32ac5b1265a7cae273baab2be295ee71a9033ff4233bf92630872523770cc241 |
| SHA512 | 4a8d05f7488e6bc91aa545618e1d6dedb7508bcf7d635777e2f67c82fcc40e29116924598ed563c7778c32e6a837a5f6467d8d4c01ae282a84b89783fbde9571 |
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cis\download\installs\xml_binaries\acronis_bc\abc_1028.html
| MD5 | 69f5bb74c296ae50fd1a0333bd067f1b |
| SHA1 | 8f3f9e0f8a5c6d9c6f6504602224f707f972c639 |
| SHA256 | 058fa934bda4323bd47df539aa007a78fd913aa4a0aa2f0ddb45f9c2aecfd2f9 |
| SHA512 | 613ef1c981cc84baac45422773d876a21d0e7487280a19070d90785d10442417ffc34e9d31e37fb9438990272d5621e0e8ed48ac8eaa51c2af236acf6fd8477c |
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cis\download\installs\xml_binaries\cis\cis_sb_1028.html
| MD5 | bb1b54488485c8fe327f50a965135177 |
| SHA1 | ba4ea706c1a1c38e9cf07772de0ae18b5f5c78ff |
| SHA256 | fbd19cda945dbb992302e248420bb61f6c86547a85a01a8f6527f1c647065c63 |
| SHA512 | a95f2c1a5c23b3d12ce8f4e13dcaf1fc9f97472b3ca9546235060fc3240270224f8ad6edf78b228c42ebfbe9cc79195e638bb876a18a79e86f6c4eb40f1bb66d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | a05544f39898e3de8ee18cb7c43e0e93 |
| SHA1 | fdf60dd911d9ab0af0a2f54b9943533798c42f1b |
| SHA256 | fdec586fede927e572e08faf34c88b5f02720ed65bf592f2a906a9b05e09f6f5 |
| SHA512 | caa1f0e320bf8cb92515c1a6a10606b5346a1826b7d17989b17f3d98619c1d1a4efe617a730a3f5a1825948e3b3fc5d681a924a2b7c585a051f225c934c6b62e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | da3ceeb9728ef6de617fd3adc8ae0afa |
| SHA1 | 9858362bf1980ae3b675ae28fcc27bbba24f44b6 |
| SHA256 | 5c853f31a1cebf969502dbf71fad2fad65dfd7de8ef8061245ca62b3cc0376fc |
| SHA512 | 49033e562e278cd69d9e25cdae23b7c09819d16d3e8116a277d76742e777bb4af03e598fca2e90916cc3b522bf9aa6ccde272d27519b0f4b53a5f36f4e338451 |
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cis\download\installs\xml_binaries\cob\cob_1036.html
| MD5 | 8de94911a17183a37dad85112e1a8b51 |
| SHA1 | ac9bc89c248a557fc985bacc270040027976f2f4 |
| SHA256 | 9798fc6d02cb550b29b46b8c380c83eb6cfa8943930bac43e01d523581c8f646 |
| SHA512 | 3e88534157e95ebe2ff3b499adc524fbb88510357af6e971fde23463ee706b3cafe08f48b15cd563bea3937f19546b1402dd6b0d4226f2708055ce04a7e2df62 |
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cis\download\installs\xml_binaries\css\css_1028.html
| MD5 | 0a58f1da6063fc693912f34e343157de |
| SHA1 | a82f8626594b14c51f1331ddebf56dc6ae5a4092 |
| SHA256 | bcd439be5efb0ff3dbd5bb067b1eb89f9e9987779723f074c750e2d81f3cd0fb |
| SHA512 | 5a2bc78642dd084cadc1d78d56693e509e7ca33d02b3cdfdf7241c207bac0b782828ac37638bba9c96fe9179fabe3337249a070e66b437e0472b912164cbec01 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000008
| MD5 | 1aca9c8ab59e04077226bd0725f3fcaf |
| SHA1 | 64797498f2ec2270a489aff3ea9de0f461640aa0 |
| SHA256 | d79727a3a88e8ec88df6c42d9bb621a9c3780639c71b28297957ada492949971 |
| SHA512 | d63ebb8d19e6cbe9714603688bc29eda4e347e1bf0bb9b0b7816225220263781b84966413a946feb4ae27750371de01e03092dacc4051116073c518d6217fe65 |
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cis\download\installs\xml_binaries\privdog\privdog_3098.html
| MD5 | b3c803fb406a8e98f6415af7e02b1633 |
| SHA1 | 8b9444d5c29cb5dc70cfc739138add302ca87d67 |
| SHA256 | 99ebaf55ca8e00f0dea0ec87999aba8b080dcf9da873eab8cfd48917ed07bbc4 |
| SHA512 | 7eca6215d4ef121847917f212ac69bf2450749f125346f7d7898f69cab36d1ed381b3e72f87db3770f4f5c2329f1cced3d9a2254eab664bd0d69d44efc7228b3 |
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe
| MD5 | 9289f5cc71dccb72fb256714e95cb71b |
| SHA1 | 737ec1e7152217d0a189d498a9c8023184a22079 |
| SHA256 | dc57c8ca3d06f14bb636f27a909055920fdf47af0f809c89e19e9b91c245ff5b |
| SHA512 | 55c97db0d2a6b40b730c88d5c390fc3ca56f86b48b100dad74cb03d39d95a2ad3f09f5aa62ea36bd512ff36b005a4359c48543842dc76cdd0b3803f48d9b5fe5 |
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\7za.dll
| MD5 | a41c803a25544c6caa57d878d76c4b3d |
| SHA1 | 55f90b038689cf66f1ad41f1bd5b628ec8748ffa |
| SHA256 | d3202e24272d2a2b6b37f55b3f4ac68d7bf9eb829d4a5d9955d5416cd831e402 |
| SHA512 | d25ed1dddb5741fc95c40160c893b4f92b6ed55702318f9193f6d6a9b608a26803bac9816d7b6513b086e6006a48e858712a2f95baede186be75ce173dacf35c |
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdhtml.dll
| MD5 | 7d78f995c24df9c5d85d4ac0387409ce |
| SHA1 | 3289207b501b1ec696e105232443ac1e86da0d34 |
| SHA256 | da52259cceb4dd37d49aa0a00fa7f40fb49de1f3b000242123d32665ab0f2d43 |
| SHA512 | 22b2fb580659ab69e653bc567a183e8df6a980863f1a8d7a8ea51c4add05ed23a1ff03d787efc61d9d5addf554a5ce062d65c09fa9a0dc9d27cddaeaa78dc3ae |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\MANIFEST-000001
| MD5 | 3fd11ff447c1ee23538dc4d9724427a3 |
| SHA1 | 1335e6f71cc4e3cf7025233523b4760f8893e9c9 |
| SHA256 | 720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed |
| SHA512 | 10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe5d81a6.TMP
| MD5 | 19459e0b376921e6897f451151ffeb13 |
| SHA1 | c5b2750b9a71bf5ae86e6d1d47e1fbf175ccaf34 |
| SHA256 | a5aa37b780a4c3af33914e1663176375f3202c29d0c7b6e3704b72004a884f89 |
| SHA512 | 525274e2a87bc946705327c43c103daf50c13e040b263294ebc45289c09edf7b03fe26df967013073bf3cb4f9a549c481a033d128ce6d33b60f31566375eaf09 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt.tmp
| MD5 | b6f48def1ad0dc727f479ce8ffec8a6b |
| SHA1 | 488a3d7c23f20d7c90d9cd3010d31836d67b4028 |
| SHA256 | 88b9c140ca5cdbc682401e0cd009ef606ef17510c596d69c12b629f720543aec |
| SHA512 | ff657c31fa12c36894ac6002bbc33c3263739b9727aa255687ff9299087d47b2a6b390cd0bb6ce588b992c245e497f5e9178de97bec3c72a2d696160dd9f3a9a |
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\themes\ilycia.set
| MD5 | c3fa6759687fa162f7a1fad670a1ba7e |
| SHA1 | e857d0f942a2b8fed04f8c4700eaef5bd928dffe |
| SHA256 | 45d77131e9500ef23c5914a8db7e2c6056cf336c8654ca8c06c536f557fa33ad |
| SHA512 | a929e2e47c639b7fad74cd0b5f599f385beaad519f55ff7cdc37a12e967a6728f7ea6a6b34a729e9c2195d3eea8d76ac81ca2cc27bae35ff679007e9b70700cc |
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdres.dll
| MD5 | da6c37c7efafb11cc58f593a11403457 |
| SHA1 | abb0b34a5c4348ba035ab3b16c2c844e1282c8b4 |
| SHA256 | 11dd8e1b0a249978fc01deebd6e5b7f71b3b6dd75e29ba82c9f6c4bdb61d34c6 |
| SHA512 | c8a264021f24c8ad5f86be66b35c0fe5216b3df8afc1782fe0e5b123d720948fbafb415087317185f67724946af1ddcd532e4ee05b5176318ce36f208f4fc68e |
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cis\download\installs\xml_binaries\ise\ise_installer.exe
| MD5 | bc5be4070c49a53b67f38e6620c47b99 |
| SHA1 | 3979c599941b75ac693b4fe8ebe8bedde2a809e9 |
| SHA256 | ec3e0dbb7d9c14bad85c80367d1ffe777ceaa19dd8ef9e75d6c12c4c3902ec83 |
| SHA512 | 92573222ec9502036c55f672cacd4a133b896cc38d9b3d6dfab03233241cc5ead5b25880ba5cbd196eefd31a597df2ea2595df323f000a7ac858ee718225b9f9 |
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cis\download\installs\xml_binaries\geekbuddy\lps-gb-vt-x64.msi
| MD5 | 527d4d4972633ae6fe95147d66e3329a |
| SHA1 | 60b3bd88aa5a2719359746bf779b3de94cc7909f |
| SHA256 | 02f41a06d3af939daa30893315c582e62eae59507e12582b7ed52a89681bb56a |
| SHA512 | 7d48bbd4bea8e5b9f3719e795136189643609df4e6fe5c5753cac2a8f24a9a0bd0ad03c954665416e699d759a4690364e1cc083722430ccae061fcf48bbcb86f |
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cis\download\installs\installer_data\installer_init.xml
| MD5 | 47489ef3b4ded9d16c3397a9dd59bcec |
| SHA1 | d4e75dd52c44f1719367ec71dd95687b584f2de6 |
| SHA256 | daed5a1bb75b78ba1affb43371a2e63fa73a2b7fd3f5f0332db452c2764e864c |
| SHA512 | 8259dd938a3e4748088dca878a77d1f9cddb51654949f73851a84f8263b28296c6e40c89b413ff2ed30ddc041dcb5ed2195a182fa5ae1ca6a410bdc8d4d699bc |
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\installer_langdata.bin
| MD5 | b80eda6258e28b537651f8e5ebd997ff |
| SHA1 | 826741e138e8342f4bc3303838e347a44bb93546 |
| SHA256 | 6e960dfed451c2dfb99352d25d3df8dd46fe7d80c9af79805c0cfbd1a99a2709 |
| SHA512 | 9fce1cb5fe8b6a2bc4d13c1ca3ec31c926c6dd33717f145da6952ae33144eb11a6ee9e751e1d3e2d5d6ce7768e9f9602773a917d9f5f8473670e6d631b932b74 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | c4a08892abebb02d5d2bad80c95b3b6e |
| SHA1 | 386cb1eff81a80d20b399bad6ce02d40437e1430 |
| SHA256 | d4cff26b745304da75a836bcc92a37aa7d66d12767c5c0f14d5ae53c9dcc684c |
| SHA512 | 5ed29cbc487e7ff7b679d9922a4926e5755f9b4fe5af851d0fa38dfe66538320a6cd0d97f771ae4ec55a8beb21a9d1312c739ddc3b0dece972b47f7cf36dbc46 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | 531c137bedcec60edfb274685fd57a19 |
| SHA1 | 9f663e496500c525fe615a738954340d0bba344d |
| SHA256 | f06de325c966ad89564db16a919ab79ea8775cce837f7a1d8a8bd5f795787bee |
| SHA512 | 0fb68268068f7faf6fb06303c98aa89e77380d4bbbcdc4ce8b232b5503fadd75039b9b6f25a30c9358d762134a0143a71802ff7662b2052bbf997a3a1c0b1292 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | 9dfb2888008f20b72a54f94a355f7218 |
| SHA1 | 804a55e06a2270b056091707b3e5448c0c6e00f4 |
| SHA256 | 073dd0ef7584f7c138207bccc86477482811727232d1181dadf1ab0b4912bb4f |
| SHA512 | 50f73115dcb6af447dd13faf5c3c860c0c267e0d24b6216bba5b044da67346939e0aea0840300d6df84c3cb9cf3ba2d7e4d30da97e70f451abed76b10f90d334 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | b5e544330c4d2002b11887714a3b27d0 |
| SHA1 | f7941263f33710ddc95fb05eed5869615907d110 |
| SHA256 | d17fe730f7e155f5503fdac87643e377a876aa16f21f1254bbfec1f02c0b903a |
| SHA512 | 1221dd304b393fcae7e19305cb2ea58fae68fa5864eb49b9ed2be4e624c3aa81aefaf3b7065847b174d47532c424029a1157732293c69290e0b59e0dda77d35e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 19c13d4955a746b16c5b62349ce71f0e |
| SHA1 | 0998b4735052f07aff2a0e8f54510ed9ca675239 |
| SHA256 | 9ba18a02b83c03e666529be43d58b63c5ca97340dc0ebbe38a23eab931fac445 |
| SHA512 | 8ae42688ab9b9b9012c6f511b0fa35787e0671be5baa2ac12c77f28aa73b3d1cff26f5fe838301f8318d7828a06cd2d345517f14af8a4e145d60e6f86b0a7eab |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 08654cee90952df1b4129a53435d7c1a |
| SHA1 | 10d5968b82e54e67267d78f5cdb6fca6b76de5a8 |
| SHA256 | 633cbc3cce27fde04586e70ab20e6c3fdece427c164e40d6c1448cafe1f796b5 |
| SHA512 | 827e17f19e91af26519911eeae8337f031a40edcdff5c2d60cd1a8d9c1522915e973c704448895a79504bb39695e9fe7eb78e748a90e67ae66deda4ae4ba8653 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 47c3b89cf3c48c4f53f6eb43aefc4be2 |
| SHA1 | 85edc951f842e2923b095035cc45fff6ec7a7a15 |
| SHA256 | e26f676e7ce6990cc3f7bc30783acbc5fae85ad2344979b05efe9ca39dd0b92b |
| SHA512 | 976cfb93de4c8aba5861d31c67c9f44db2a7f25a38d80b3aa4f94ac447678a9910c2970543f06ae6fc5199f4db5b055b5d8230d30e78363b1b01d39deaff9e11 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | de9b3d71918ee207448510dd15013a84 |
| SHA1 | 69a009982976bb96fb16df4535e801aa8d4114c1 |
| SHA256 | b77f49c64a448f0715382a22ea6895c76d6c1d944c26b6b9516cb2cbb85decd7 |
| SHA512 | e7c117c3f879fee9175d02f88142e666504949b2a56b32681c6e4dcb1fa880063ac71c1a65f8b8cdbb4484d2ed5e0819eedf6a6560994c72edb17d4983754dd3 |
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.001\bin\ise_installer\isestart.exe
| MD5 | ae9a7049b38b22598e09b9b64b850d1a |
| SHA1 | 049d9e0d1dc4c3223c2a2e7725d05aadc030ccf7 |
| SHA256 | 63bb102753c6208306d86e5f6eac009d0b9a60c9882b5265d0c7fd3b44614f0d |
| SHA512 | 61a2d549cbd39d05d7d94b89c3d90054c3126fb91195921d0a87856faf121dfc46eb60f20510cf915bf58dc849c15837d3d4202f6df8ad75b0959188d0973a58 |
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.001\bin\ise_installer\translations2\isestart.dutch.xml
| MD5 | c26f33790b6f16086348a781f346bfe9 |
| SHA1 | a58c092b483905821b0272fd283c0074f133cb29 |
| SHA256 | c70b9d0a88cdb7cedbf97b1efd00b33f1675f8c76661f20f5c0de79c5c607978 |
| SHA512 | 7181a16b60d9c45ef3cb9a72ed1ba5d9b56b3b98c48443f67fff884789177cdd4c1bbac8f05e1f1ba44e167cc5fca38d20b5a45e34672db869b2ebd80f1244e9 |
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.001\bin\ise_installer\translations2\isestart.japanese.xml
| MD5 | 59df44e6d5b365ed1be7d9bdf3f3db97 |
| SHA1 | ce0698d99f001a830660b98f37796ce64cf97c01 |
| SHA256 | d7d7fd32ae5e2975329e9c2465e26e1381d6b2cba9d718a923d1695e751902e8 |
| SHA512 | 8634ac43c19c70c59a028d673f85a3c54c259f0500b6afde343925008ee111d3abe8d08b79ad8310d7078794528d910973d57a749f806c1119299d1069e79b19 |
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.001\bin\ise_installer\translations2\isestart.russian.xml
| MD5 | a311f7c539bfa7513d502861036268e5 |
| SHA1 | 9cf9e9381ec8282490dcd40e934e3d0beae68b17 |
| SHA256 | 821fbf65e0ef3dcfb1905f16ad5e5356a58c7deeb7c6b2b02b33a50390b3a078 |
| SHA512 | 7b1e7d91e38be6bc8ddfacbcd6a8026972bc10d3418f6dfd82bfe14eb8c469705706a096b6ad48996e2d9aa96b080a59f06f2a0497347c7032c69274c4424bcd |
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.001\bin\ise_installer\translations2\isestart.romanian.xml
| MD5 | 21f5b45f4ce00475c14ca71742b401d7 |
| SHA1 | 175ae3d0d7d87ad00e3a775418bed34a3c2b56ee |
| SHA256 | d733d51447da0a9e26b731b4594778270302c2d5b8929e2f985491ecf3e89e1e |
| SHA512 | 640bf3edd7aa3215582e750cbedb8acbdb13aedecee41493bff8f271a4aa3ebd79ec15d5065ce3df06867bbdf2c70b8d070d5fbd342d1d2f5442f79c76b6c9ba |
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.001\bin\ise_installer\translations2\isestart.hungarian.xml
| MD5 | d81e6ca0bcb49a920af6124095e0b331 |
| SHA1 | 2e36b2a371c6bfd3fcbd4da649b79984cdfbd0bf |
| SHA256 | b30b351b164b08289670e6f91db31932b87465931d0953a89cdf1834e5f412db |
| SHA512 | 37e5846439e3bd28075f16e8ad96815a2073839ad3be47e6b919142edb8c9f88c64688b62fb52bd4160c9fc5b10438c9fd1b352e8cd68351eb3134a65090d576 |
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.001\bin\ise_installer\translations2\isestart.german.xml
| MD5 | f0de20af4870865fda4e91e47f0b0806 |
| SHA1 | af94fa596c86ab80cf5614faeb159c6f147ef022 |
| SHA256 | 5e2bdeb6a27c61224ef942f448ad55a9fa0ebe664c70b24c397e9b9d86115d4e |
| SHA512 | 37e40145f0de7ec6410fe13d95bc56eb75627522b3bad9a4ad6fa2a33b76cd5f241419d8add68f07641c36f1e216afd6aa56536d48db3d6feb8f7c42afcf62f8 |
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.001\bin\ise_installer\translations2\isestart.french.xml
| MD5 | 8b68540e82d174aaf5bd826fe8d0b173 |
| SHA1 | 2da4383d66888872b066a8fb2ebdb09dd1322d1e |
| SHA256 | 1d7ad12a24e4b0909ab3a02595a7995c883b97f3879c751506872a4736d60c16 |
| SHA512 | e7fe3f5b2c54dc593332562366e515cdad318e6ccb8e95a7f99525065dd2df8b4c050de95d6e4eec02a414328acaf0f71c8219c6cf777c8246cedeabbc03fb89 |
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.001\bin\ise_installer\translations2\isestart.english.xml
| MD5 | 0a59b4fc12bb1878b160759e3d3c6ac8 |
| SHA1 | 8c6be79331faaeceb30200017cab4df0a16f01df |
| SHA256 | e207a348a5bf99a60efd46d4a4185c3b04ada732279b0990859d138c1108291b |
| SHA512 | d8b3491baffe342ffd3c8da7a39ea49ff30d3a465fc90041c8814b97aa1f44b7046c986ca91fd369164b6db5de052e0f48e05c30393e1e48926b49a62696a19d |
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.001\bin\ise_installer\translations2\isestart.chinese.xml
| MD5 | 29fba847ecd3deae2301d91387f8ec02 |
| SHA1 | 1245f0a8f70fd21b46114cc33e126e520de001e4 |
| SHA256 | b66b3ced2b8c33854ecb240998c4af2034bbf63da7411e88e4344181032c4666 |
| SHA512 | eaed80616e36ceada19b1807fa64dc997675e8a3f7a0fe582697524f6649afb3b9614d7ca77a81dfa5f1d89f6a747976bd22deead7ce8b90c76b9da1d59f432a |
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.001\bin\ise_installer\translations2\isestart.bulgarian.xml
| MD5 | bb5c27f60e7cad11c261c2b9daf24bad |
| SHA1 | dcb3f51ec8b79bc348aa62d5555709e30f89bcb1 |
| SHA256 | 0cc3de2651c6df918b17c70652447fb9047cf86add2773a6a748d809d63ee143 |
| SHA512 | 6c6fb75c3339e45b88d8793ddbd2667a3a546bb0c93a3de8d11b0f2c9c09c7289d17295c36fbf960c2de5aa9930e8cc1a478a5437ab7e9a9c1d315452680790b |
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.001\bin\ise_installer\translations2\isestart.arabic.xml
| MD5 | c66e82a065f08b1122945c5546dd7de5 |
| SHA1 | 2f98c0dd5a00e48617693ac52904fbf005061a29 |
| SHA256 | 7056946efc8b06e608d211a592e9de303455d51a7b5f3daefef2f12eedf61a03 |
| SHA512 | 91178c655b35b6192289b1f998e845a006b3a65ff0111db226ba145415258cf99ad87e6a9909974ca412b6b9b0642df6e1b452a4493638e11fb20242290aab8b |
C:\Windows\SysWOW64\iseguard32.dll
| MD5 | 38d09762bb34b740f231eb8ef92a9c59 |
| SHA1 | 13f4fc057a77ca9a39e15cd706dee793139c3f5a |
| SHA256 | 5b85665cc8235f51e28ad01652a38a79825d4984508035fc7b783e62e47d66e9 |
| SHA512 | d08503836bee3e9116b1e3d6f813b8eeb7e45b5f5b6d0a25f61524e3ed08569697e23d28d50b454f13649d2d32c904852cdc3eaca146001ee7fc8d518c4a4ac6 |
C:\Windows\System32\drivers\isedrv.sys
| MD5 | 0beb78ac69a1e8b77fe407cf5be9db1e |
| SHA1 | 932eade3d7ee1b2bcc808b5456f7f82703fa023a |
| SHA256 | f755651b14b063cb26fd7f85562b7ed7799bd124a835cd9e6939ff8970fdb908 |
| SHA512 | 2b9c1cb72d3d94acfcd7020b62daa01ab2bd2093d2b423eb70712fc83e5d76363045188dec64554d73d51e73f602c564547e6860dfc2ea8ec259272ca676cbe4 |
C:\Windows\System32\iseguard64.dll
| MD5 | 809642a2a3b54e3026aaba7a65bcea1e |
| SHA1 | 4a631c9316e89cda4ecedfc046d3d8d02ee0ce75 |
| SHA256 | 524581b6a48d8b40b13da7057623896dd8b4d099ab3553f395db4d91a3d282ae |
| SHA512 | bcaeb67260b44ef2d4fc04d43a8eefa2da5bf1868c54781da2221cddb2520afedde6b7695874ec0a2deb74b22ca441b79cdf8d933e7474327d35d5dea947d9db |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 39fe8c7315d3cf0b28ec4a3501fbfac9 |
| SHA1 | 0ecf3bad84913942cb4f9f96f9d80d7166aba0c2 |
| SHA256 | 8ca3d07b0108ff352c9400291d75b813eb12820cd14ac11707c7277e96914802 |
| SHA512 | d1d7ce0c6b66962ba98738483a60ae575749487e6eb75f26da4e2cc61ec9079451a9a732772d3ead6174efa19575c5fb17e093ad55a082c56fef48fbc144b1e5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\5701c4c8-0a73-4a07-aeb3-3718601a1224\index-dir\the-real-index
| MD5 | 7171bac8200138aa93fcd1899ecc08f6 |
| SHA1 | a47d2820292a93dad4e9b48721637a0143a276e4 |
| SHA256 | 98a687a53f60c48c2fd4902ed689c7172e71f4aad517e1ca6c362c52ad18cd3f |
| SHA512 | 7cdc6f5767df666a92e8e7bfe3ed25781fbcc453eebb5264ad2232833993530d2524c3d1082c468961267fb2331dc3d4875b44dc2a364953362db08ba5487fc6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\5701c4c8-0a73-4a07-aeb3-3718601a1224\index-dir\the-real-index~RFe5dc3df.TMP
| MD5 | 377519bc814caae17d8cc93feae9b67d |
| SHA1 | f8c1737ca580ec197da9e70bbd964db4c93f5175 |
| SHA256 | 68d0bea13c06053f59a1141e3d4494d5336c55b45b1b0f8487cf9e7b8f8ec132 |
| SHA512 | 5f9bde008d0effc236f49a7b0e934b635a154d25b0791d014cd195b26d134e1fe4334e0d2ad9b6695569f2d89755f2e3822d064df0dd1fef100249efdd9e51a0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\5701c4c8-0a73-4a07-aeb3-3718601a1224\index
| MD5 | 54cb446f628b2ea4a5bce5769910512e |
| SHA1 | c27ca848427fe87f5cf4d0e0e3cd57151b0d820d |
| SHA256 | fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d |
| SHA512 | 8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | 6a97387fa1ffa350c2fdeae873c92746 |
| SHA1 | bf07e1635f245430f4b87fc75424208689404fc8 |
| SHA256 | ef4295f88cddb145af63d426d5ed8d0720a983db4ce27e5ca518876de21e676e |
| SHA512 | 0b3848a85ca94f521445fda2ac5642a7e13a26b17ef4ed0955e84bda8a451c697891d1894d741899b77ee43f5eed225c7628d62082919c0f396fd9aa308ffddd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | 748b7ddec216d03793af67c9d8cf8046 |
| SHA1 | 1e1cc84fc6decd6cac5f8241b1611dcae42f01d4 |
| SHA256 | 81c4802676bc3ba22f344fd80b1ca4e7f13455b7aa2e80a7d915e33403b9f2f2 |
| SHA512 | d59a1be3f58a1b6c8f4120bcd642eac32d2a4741c1ba900ada6859b9f23815927036fda5760e33a1cd65579214988ba3955a7e430c36db2153238509cc1780ba |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | 47b173be06b8045fa870e2a40cfcbc71 |
| SHA1 | 52509116846353319349b03f972b4df37af3a16a |
| SHA256 | bb98d55ecf6d7b94d61045f9abb9d1f1c811555ab4f2bf2c1e53a3e64eed406b |
| SHA512 | 99bbba617135da03f225f2407419061ec426ad70e895979f8517aa0db2914afdac351c71edaf24de79d48303c3e25157bb793cc7c61e8c06c5385dd4a5c44273 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000058
| MD5 | 97f199034162b1283dbbbfb994def15a |
| SHA1 | 539f1d9814baa54fd3425ec0139f3cfa932301ab |
| SHA256 | 3cc79470f85abf02f16c22e1ab349ea126a5d6d1a2da8d302155e0dbc26f0d7e |
| SHA512 | ba709e9f101f44349e356d0d2c126a7eb07b6400d4c2ed5710caa4dbeb5fb33788b162f3b96d6ec2e1957d14229ff17af3be8606740998bc4ab82f153bfadf2b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00005a
| MD5 | 37ed6c63b88c0f83abb8aa80965ce359 |
| SHA1 | 5b93ff23eb6a84b39b9d49277426e5ac14c9242b |
| SHA256 | 82f352691818b5873d6f3096920978cc0a41b6cc008285c944ec755c6a3b203d |
| SHA512 | 4bbcd6b9e2eb871669d3c3ddc791dae2a7c7ac0ec0e75b7c0eacbee471ce23ee234faafb972e5420a73ddf6c3f4854ced4582f077fb0b443c86dbd739417191b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | 23e8fb74c1759a6681b2ba0f3b0eea8d |
| SHA1 | 5a0b911af96ae6932c6b52046bfd85a958b910ed |
| SHA256 | 8b6f304d3f90f6bc93d00efe02d2b057c3968c8c66646fff2ade70ea1aaa3579 |
| SHA512 | 2a2ba622b68de49a269c8bf47b410d8ada90a6337c79353fdb329c5edfe4c2181a6cac81a472747011ef4fced7083d4842d0670ca5eacfc28c690813b415a1a0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000059
| MD5 | f0d81b309d4441d6dc22bdcb9e9e7d01 |
| SHA1 | 77e7510fd01735991f8eb242a8a20acf5c7326d6 |
| SHA256 | 90b890766ed0dfc173b119f625e4bde7785d509a76d27354148bf0a80a09889c |
| SHA512 | 79d3758017eb11ff478e0c258405aeb66eeef77b6041689708667948c85c1ff27688491eb8fd7efba3e5d392e299c055b3ae54fd212a0f5caaca3d91c425829e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000054
| MD5 | c758a89dcfa620f9bc138930fe891ca9 |
| SHA1 | f68be6d49724806db8f0fe1305e6d573d21b47ef |
| SHA256 | c7807a5a766842371b12966dda2640923bfce3e17b06e553c4057dd5ac7364b4 |
| SHA512 | 1d0f2b06adaeedc53d8519a88d354af6f3918119ce03edc9133eb037a03beaac2f3970dae333b64abe46936a89bc66bec0ec3fe764029982f43698fdca311490 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00005c
| MD5 | f69ec88aaf8e4e6c8757a523eca2a6bd |
| SHA1 | 23c42b75e088886466fca7dc0295d0e3ff20568c |
| SHA256 | a8ac8c6c9cae5af31953ff6be9933f5317856ed2305a921928ce21f87958f43e |
| SHA512 | 2b08955a87cd41a5cb97673eb086bad6049d388131813494f551d97ee95d5899a4dc4f9f3820f9a56c759cccf442ceda2c14eb10be440015aebb59cde48d5aa2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 6318e9a088acdf943e726fbded5f0650 |
| SHA1 | 214ea66fd42672e7d9b2f20c34ce4bdaabdf5585 |
| SHA256 | 43be0f72d707bbb7f509ea0d1e393957afd5e506a9d0525b53691459c5276e6a |
| SHA512 | 6003be4e9764d4173cd895f8df0a4bdec7f2c09602b5fd6d289225bc9e94e9888beb375d6bbf69a9ee7323a069bfe01c8fa14fd4672f388804b7c4e36aaede51 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00005b
| MD5 | b5b483d38f560264bde7c9bad48e6463 |
| SHA1 | 29d83f6105125b84ec9fbefcfc3fee2bea63ad7c |
| SHA256 | 35d47d81c0c908c38beec80690b9a405dd4803c2c50b686a243a70faac4ebef5 |
| SHA512 | cbabdaaadc46a472d5bfe83da7d0c2c7a9a77d4bf3fa57e91314434b59a84d587a26fb44d1d2d57944bd39619c099af7ebd77d42e0899d282780d3d951b13f63 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 940896053f285ee47cb639b609c5478f |
| SHA1 | df14df52246aaf2999b041cb9d167d40708a7225 |
| SHA256 | 2e064f267642b825adddc928b15334d21ef011d7c4909f7590cbd3335450b7f1 |
| SHA512 | 47b546f7b0022c40aff73837a1c6e1a4fd50980a8a3d2c8e30b8b2b6fb12b63040e52379ed7d9a9149e53fbb0280730ec06f40263dc41a09b0f88da7a639a3ec |
C:\Program Files (x86)\COMODO\Internet Security Essentials\Translations\vkise.arabic.xml
| MD5 | facd46953c26cd626fa3f6cb29d60742 |
| SHA1 | a3672c62e1135d32315d35f5590802ee9258fe64 |
| SHA256 | 41f937e4ebbe896af36bef092ae4ca73ef00ea11000aeff7929ce97124bbc315 |
| SHA512 | dde68640cd8623aaed04f4b62219f350dea271cf09bf3ebfa7ad10531a05fd2a9d0f14a3a4766916456f9db50c5c8e72ae42093bbff4c5f3683278a3624724f8 |
C:\Program Files (x86)\COMODO\Internet Security Essentials\Translations\vkise.bulgarian.xml
| MD5 | 0894672edc430d9d8834bcd33c5ab8e7 |
| SHA1 | 6e6b93db3d2f7cd248dcb9ca27b19b762339de02 |
| SHA256 | 7d9fd95b3fda7a9b69becb293426568df783e2fc6ac8b8d84467980b11ac4763 |
| SHA512 | c8211c18ae431c61e49ab8621175eab75270ed0c8af9cbcbd611ab8c89363bc8cded0ee07744f921b5deb661593c0b42e77379b7d0caf7f75a7dd54c76473fb2 |
C:\Program Files (x86)\COMODO\Internet Security Essentials\Translations\vkise.chinese.xml
| MD5 | 0e4c8c2570a02b28dd75298c02d3c580 |
| SHA1 | 92f340d353318f3723ff3cdeff6821e3b9464fea |
| SHA256 | 44bee669b086b0c933584c0b09f849e9250fd819bb5d63f467962fda37bfd65b |
| SHA512 | 7684166ea42a63798b3f8e24a1a14a9c0364c60e49a004991b95963da38cb0032ea73473be22ff98c8f4410bf5523a455dca022b443a54274c4b48a90fbb7487 |
C:\Program Files (x86)\COMODO\Internet Security Essentials\Translations\vkise.dutch.xml
| MD5 | 0ead33065c4f043ef3d1d37823ab8838 |
| SHA1 | 0d937760c7662543a3a80f9f6f9d293845fc7ff9 |
| SHA256 | 109345931feff40c783e54e5d59c3615274e42c6b3cadfa0197bfae3ea3471bf |
| SHA512 | d07af8b3c2e848a5c83c14553185aff224fc4bbe3155afa0db2e143be770a9d04282eb31ca7a8a5f91929edee518db4f26aaf763ba8b1cbb0c39f031b448a6aa |
C:\Program Files (x86)\COMODO\Internet Security Essentials\Translations\vkise.english.xml
| MD5 | b1cac70cb032f9a02e1c67ee071c2661 |
| SHA1 | 49ca56ae953e12854a8d06a3020fca3c6bec2abf |
| SHA256 | 0e37da1951fdf219548bc23db3b7e6b4df5c032b062084e3245df90a261aea73 |
| SHA512 | 756dabf14719cb3b385bafd4a65f29122c51415542e72ead072e342190cefe0c8a6a4f0a86ab8e81263ddd78ae1962502cd4c05e3c06befdf11c83194a20e560 |
C:\Program Files (x86)\COMODO\Internet Security Essentials\Translations\vkise.french.xml
| MD5 | a2c74563ff6181a6c1092ee2f2fe1d21 |
| SHA1 | 36935fefdf6a2c6c991890ee5be3b7f680b5a393 |
| SHA256 | 84171087e7055e3f1a801a6a81cc6e7671e13522a6f9d7d6463251081ce0fdd2 |
| SHA512 | b1f89f2bb15f71b10992895168e059c2d8c4ba48903ff081d06e2490a8ac98a13d82c4b921f2b39d56b10cb640887df3f089f16ad1fa0a775e4956a221fa7758 |
C:\Program Files (x86)\COMODO\Internet Security Essentials\Translations\vkise.german.xml
| MD5 | e22f930a1fd304fd51bf9b6713bfd76c |
| SHA1 | 04424433fd046e3594aee159ee4d777c4de3ed06 |
| SHA256 | 5b125c0f1c6e1980e6befb5713f337715b72ccecf366edf6e9b7ba0d10b9b04f |
| SHA512 | b2fbda95c542de99dde2f9d03fe793ecf677ab76fd13ff9677cbb509c6086c817c05d5465069f24279ef8dd74ecdd2f439b6b2dde766b609b61f3cff316c192b |
C:\Program Files (x86)\COMODO\Internet Security Essentials\Translations\vkise.hungarian.xml
| MD5 | 791994c34e987f6ed90de9233b899d19 |
| SHA1 | aeb724f10ec1d157317512db5e05e23d8be63950 |
| SHA256 | a93fe19d0fa9931efec4716c56be6d0958fdb5593c0fab7a4aba59ba0e01ab7d |
| SHA512 | 5f2397dc62bd1550e76af8f8bf451036f0f337525b0926b5eb0fcd3f1fa3f9ca660daac556223d1655fdcb7a053a1b2b3840ab872b152c74b48bc820b37c9885 |
C:\Program Files (x86)\COMODO\Internet Security Essentials\Translations\vkise.japanese.xml
| MD5 | 398911eee0c4e38497fcd62a582ec392 |
| SHA1 | 5c89bcb4cdca6e169c07a78c3407a4c5f99d8721 |
| SHA256 | 4e25fb1f9e854eea3e0b4924eb9fb7b211f1ed0f99abfb73dc1147370a70904e |
| SHA512 | d0eec39769f95a4478e584234d7718041c3b74be79f8cdd1c0e74dad6e933e975986c35e4467b1e06359c2ccb761af23b4982363a65f82e9acff75a58c0d46d3 |
C:\Program Files (x86)\COMODO\Internet Security Essentials\Translations\vkise.romanian.xml
| MD5 | e55e481ea2bd5e34fcee496aa45ee004 |
| SHA1 | 8a0dbadb2bd032cd4ba322e85ca7dae45ed86973 |
| SHA256 | 9cb79a35e93453fb8aa852def622ad132873705a0e52b5d9347e5e6ac6edb26a |
| SHA512 | d7e89295214b4368423ec1fab23528122b27f1a6cb31298464eeb934cfbbcf64bcf1d9abceaa05378c335065326e694c532b586070ead8af43a4d5cdebbe191d |
C:\Program Files (x86)\COMODO\Internet Security Essentials\Translations\vkise.russian.xml
| MD5 | 0a057a5ab279eab124c060aac78cae28 |
| SHA1 | 8a691c058c097a0f507be8148b3364f941bdad91 |
| SHA256 | 65ef2010d9a453b2a698d52bb7d078ae3ddb469d5006d3199f23b75f2b5e8a7b |
| SHA512 | 7157a2c10462b272336bad8ecf23770e04beffebe7842e105050c59771f13232c7a26d4ad879fbfa0a68fd1ccf0f2167ca0c786e8d9eefe4133119f951bae262 |
C:\Program Files (x86)\COMODO\Internet Security Essentials\Translations\vkise.spanish.xml
| MD5 | addf389664acba7b252dde919e3da80b |
| SHA1 | 5d5ae70a083df903f5daf19bf6d384553a9b58b7 |
| SHA256 | 010d0dc67d53002477b53597a2bd03ee136d1f41bd5b1fd84b78f0388f195c63 |
| SHA512 | 8f49c50fe3e42550b7960ab315a5abf760ccb7115fa4836ee88b389da80da2186c53272ea1e9f1a7e5a51b73527ddf83f35d0ada9e7754852c7175025dd8c981 |
C:\Program Files (x86)\COMODO\Internet Security Essentials\Translations\vkise.turkish.xml
| MD5 | 0324e960a6433ef5fca1e6326a5d1cc2 |
| SHA1 | 21dc7b7bc2f7396ae613ae6cb2676ad8c7c4a3d1 |
| SHA256 | 6f9e9523a414425c39f0d4b87c632803e6feb7f0e6b3784fba0c8a5823bf8b7f |
| SHA512 | bfa224c194bc320aade189e1594449dddaab8f2477271b758f6d3cf6a8eb28c85fa463ee7ff98a08edc1606f224782237363ba74ee91ecdc92fc6631b92395f9 |
C:\Program Files (x86)\COMODO\Internet Security Essentials\Translations\vkise.ukrainian.xml
| MD5 | 8e6b03ec680ae4ae559b5dac0003d694 |
| SHA1 | db4195a601cac1ad09ab82ae84e3023bbf5b2fce |
| SHA256 | d5e0962626bbaaef67b1349476e5a4575d71a61aad3c687eb8b7b1dcaa453cbd |
| SHA512 | c4775a09c5680d18821819d471404daa0f0df1093b1ad26d6652e882f762695fbbedb26526828364256283fb46ce2b8a8d48f2416c6dc248b04ed3e4ee604e59 |
C:\Program Files (x86)\COMODO\Internet Security Essentials\Translations\vkise.vietnamese.xml
| MD5 | 6170ce0de810d31d22546bca729681cf |
| SHA1 | eec4c4224ff5965f09858beefc5b3994ed2b8310 |
| SHA256 | 59892e59d6fdf97b01ce7c67c5071754c495af822005b5cb6c2256434c558d3f |
| SHA512 | f069a0ca94a4aec4bb8edaf2e12e3523130afc240eb3db67b29cce1285a4673d8c727dd30f52f3cef135d17df66f50d7ceedc209e1867c9261beb7779b59715a |
C:\ProgramData\Comodo\ISE\authroot.stl
| MD5 | ce1f7f1ec218784c28fb288752e06cb6 |
| SHA1 | 6379efd953b3e080d66fdcd3b85a9702c7b166b8 |
| SHA256 | dccfc0f8e3af2bcb462da2d9273e024ac49cb71d348b9ac797827b24e7b143c6 |
| SHA512 | 82b72ebe4d35f22f7d9506e6c98d55a2728d41372244dd269aff6f2611ae2cc55c678d5852beff28328423d1754173bc032770ecccadc140cba546e44ce48146 |
C:\Windows\Installer\MSI6D.tmp
| MD5 | 1fc9d970f49eac6620265011ff82ee12 |
| SHA1 | 69a986c594954723fff43efe4769c4acc883d05f |
| SHA256 | 5e3554a0264bb3a29c566f6eec571951b2d7aaf1fa64a96faf7074dde4ae06e9 |
| SHA512 | a7027431efcdf86db97d7c3486baac7105b0f8a9bfc790ec459b19c28746854521040ac9727aa5e8bb7369243b969d882225f1dc0c3a8fa58b6f483b28e619df |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
| MD5 | df4e73df2b32c045bb4d1c2fb5a4a4ad |
| SHA1 | 2efd8aa5a5076d5af0a480a430679342347f1d9f |
| SHA256 | 5068d7924f311e2cea9e73e796f492b5e21afb631b1a5f1255bcffe7712d18ab |
| SHA512 | ae418134ba14ccd46845737ce88f7a1fb4de2cf19ddb4af3c7746141838cb529a0ee1bab421c66c3e9b486941aac572906bc1c2af1ab39c1e5fc588213f02ba9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 86034c7d3330953c6ab7cad9e53147c8 |
| SHA1 | 99b8b167bc61507dba21f454a74570f7e0663dbe |
| SHA256 | 19f50714be77eb7ff16c70e0f63fd34115fb404710ed56faa8daaebb95473bc2 |
| SHA512 | 09599249c5e3aad1c1eddee6f6c893128f1d5d3ea8ebe5a0553b3a121e2cfbf2330881b0978d670a2add764a3103418bf9e9daa2da12ddb5c25698ca561be5b8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | a45b66afc0d2416e0f990c70b7827ced |
| SHA1 | 63779e68093e584cc1d30bcc10fbe0153fadc5e9 |
| SHA256 | c391d9d11ffa49d55b2973ab1e421c2c42a10beab0694daacf56b27987605deb |
| SHA512 | 46badc47cd14f109226ac12d638819291afc661a64fc7f27e68ae86d364c72724adc68706d94e34804e80ca186120c2864dcce620644b331c07afee3c729a8fb |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\b62f9bda-b2d0-4a25-ac44-f449dfdb05b5\index-dir\the-real-index
| MD5 | 9f4b8ac1964b8b6632c0ab8192a421a3 |
| SHA1 | 2508903ee31b510c35de97a8cd1613a0a81a8db1 |
| SHA256 | ce13ffb10d7d86dfb7a0d9dd687c5a4bf61a8a904ce3734b01901bfa7f0dfb7e |
| SHA512 | a4c1072504e15a47cfc7bdf2b3f2ff248c96cc2dc3c117995d7f5841e38188c1833d1db774628c5313ee4bd98bf2fdbd25b8b412e6935f6a66dc35cd8eea797b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\b62f9bda-b2d0-4a25-ac44-f449dfdb05b5\index-dir\the-real-index~RFe5e2122.TMP
| MD5 | 8cc58d64b775f5b62d9ce75d141de220 |
| SHA1 | 8340641be73c1e4bdc1281347750cad12b907aa2 |
| SHA256 | ea331c3cf024b0b9b2b78411045dcfa648072e80f4ff852e784bdc6179481014 |
| SHA512 | 773d684bf97749b35ed0418a0b27aaf158b33eb531ada0095f434432f1f57cf252e4a383b24eeaae4c645ab0b7e563545f5ad5f00577e580528c9309efa5b600 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\5beb8b7b-631d-4e03-8569-1d8df4ef5c3c\index-dir\the-real-index
| MD5 | ce2c83d373da46ceed2eddb9100aaca2 |
| SHA1 | 5a737b3c19e3aef2fe60922a5538f6442b419a49 |
| SHA256 | d45bcad8a06e601422a3efdb055fc6e3dd17daf8f376c6492413d6a30dca468c |
| SHA512 | 7f3bd5fb198c5d9ff99792222ec9567bb09482bcdd92e27bf7ba4b635eff0209e06ed3de253fac7e01c95b33b086468b8596cfcf2b5212deef002eba3bb7d7c3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\5beb8b7b-631d-4e03-8569-1d8df4ef5c3c\index-dir\the-real-index~RFe5e67ff.TMP
| MD5 | 0257268c8e7dd361fa9bc23477235171 |
| SHA1 | d4195727411d95e0fb6befa3226cefefa873a1a9 |
| SHA256 | 23a88606087aca64682edefb552b9ed531af5d1981d3f5359acd28f92e5b9cbc |
| SHA512 | 001153ac2ce997d008a9931c29db46466c889bb7dbf8809c23cb1be0bfbbdde635edb4850240bca6fb8635079779659cbe06adf24de0087701e870835cc50209 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | c73671682e7aa8bf07f71608ce3d471f |
| SHA1 | 030f66502dff7ac03d9bca30bd48c7d01736fdd9 |
| SHA256 | 61b61220cd950b31ad37e3a4707d747dfb05a3bcb438538adc0e48c9b001f069 |
| SHA512 | aeedc47b5909abf8f2168f2fbbfbf8d5e22725f4e1192bb80dc46ac0a96f35e7d4888001865a3faaeedb0375ed6810332b17bb6bc6260c12a280369b5240fed5 |
C:\Users\Admin\AppData\Local\Temp\COMODO Internet Security dbgout.log
| MD5 | 57284fc5f77b5b41e984bc26a4ff571e |
| SHA1 | 869f780bd9300880a612f243c2fe3fdf79a6b9ef |
| SHA256 | 7affba6f7539d0b0ebfc2fcea4f9ceaed79f7456fda9314c021fd12508a55853 |
| SHA512 | 5a9d0e69332039a1f7205c6158e91fccf4ed61de6114dc2522dabdb28530ed8a5f44c2b2dd50b992656dbde196f63208f02d2718dc0dff6d779f29cec27b44a7 |
C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe
| MD5 | 64e54f0e5d49ac782f1eb173a188e9e3 |
| SHA1 | 19d692f28554c834cee060b90d5b389f2bda1b9e |
| SHA256 | c2f34e60d79130f1d7a795ede2cc636fe671ef0e0bc75ca0ef89148570ed8d12 |
| SHA512 | 656d2c9644bf9d3ae96485dcd948beffc5aa333f03b370afb501ce82347255da5c94769af5f141813163f859a09cacdd10fb5e48f7b41ab0c161854b9243863e |
C:\Windows\System32\drivers\SET76B4.tmp
| MD5 | d3d25a9b82ce6ba3078ee519394579e3 |
| SHA1 | 756e832100613d083de579204c6cbe77be508e0d |
| SHA256 | 67aa0540e2893d7cdbd04d4ed264e8c7b517530b2c9d12370f65c2473965bf70 |
| SHA512 | 8a1a6c48a8db3614b0cb47fc04f0d964f2097123ac0eca01270823e408ef670334f16a401324dea5e7fd8c40e8204de81c92f318f74dd56f5ce8edcf1ed0bd17 |
C:\Windows\System32\drivers\SET76D5.tmp
| MD5 | 188a4a7112d216741adeacab8495e400 |
| SHA1 | 467b7539aa977db3f4a0a460f8788f55b3699cd1 |
| SHA256 | fd92e07aefa0739cacbac2c2e99fb74413279c4930b9d4f274d580ba52020903 |
| SHA512 | b776181d6a040f7ee3468e155e0de2417113a2565d7629dad5a37e4a2f744fa1d1ee52e06523f07474e500defb9ed508fb69cb2792986d31704214b75e138a6a |
C:\Windows\System32\drivers\SET7BE7.tmp
| MD5 | 6cee7521136e5b1eab4f723c44b8a850 |
| SHA1 | 87fd9dab6304d19d6c9fefa44ebe5085c60a52a0 |
| SHA256 | 0edd7f07bd14770a40b6895649f0715d234db0137f6456fa7b639e26f768ba38 |
| SHA512 | 18e23156cc5a1b05e9a4a304442555786569ba99034f33c8b514e47e67609e7504e625680bef9926f8f5aeed3b8a60cb756c857295620f6dd5bc16c93bce862d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 0012f9a5e41c0f5c602ea33a1735177e |
| SHA1 | a50d91ecd5c8306fcebbd74b75ee8898d40f7058 |
| SHA256 | fa1d2c95f49c37452274995bfdc8092a9986595d0c174b36aa3cb778640b8cf4 |
| SHA512 | c0ddea4099c8122f6e30a474dd6e0eb173d0ae2a3d14810de91e2fc2180a188776f111813c357ceafb347c5ece6b46b33127019b5ed88927e7ddd4d5a018bde1 |
C:\Windows\System32\DriverStore\Temp\{18faaa3f-36b8-974a-9466-e61c96e55459}\inspect.inf
| MD5 | df44c02cbfa857c9bf77a35594391d04 |
| SHA1 | e018b8c2b3213d4e7ac05d90d0b958e88a8e5953 |
| SHA256 | 5357482e9f2f5dad518e4fc80b2a36c2de2e356cf3bed5ea453afa5a0e748da7 |
| SHA512 | 486a33465bedfd84d66c91ef2fa86810aeaba9e592b6cd759c28a0365d92ca2194494d198f954487744073bb069f03bf9bffbf31ad4c0f1dbded87070859f440 |
C:\Windows\System32\DriverStore\Temp\{18faaa3f-36b8-974a-9466-e61c96e55459}\inspect.cat
| MD5 | 7c977268ee60fd92ef58849e19431483 |
| SHA1 | f371323947552968ae0f4439c819d071520c3794 |
| SHA256 | ea0aa16e6d3ed58fa312fd6b25e252806afa095e6dc121b9ba0e1dc1b089fffc |
| SHA512 | f29b97906999133da7eb59b6f92bde043d889bd624a8c692fced43a329a70a3b2725b6cc52d638c64a6896842b7c31efc3b4bbe55d23be7b15358377949d89bd |
C:\Windows\System32\DriverStore\Temp\{18faaa3f-36b8-974a-9466-e61c96e55459}\inspect.sys
| MD5 | 4e2fa027252a2b9fcf213152d098b352 |
| SHA1 | a3f07b79417454c0ab0f34ace7d2d309ab941178 |
| SHA256 | 803b69cc009d92c4b7685f718a5cf55cb80a8cc9f648376e9d8d2eef05490274 |
| SHA512 | 3b302f4580e5ff330dc210bf80c52e5e69c93aa1114664d10ee9f64a5d775749587fbb267ceb6b443f02439ef0df8635dd8c3d0eba7b44ba641db9a10a809e3a |