Malware Analysis Report

2024-11-15 05:46

Sample ID 240515-xbemqaea7y
Target advbattoexeconverter.exe
SHA256 af09248cb756488850f9e6f9a7a00149005bf47a9b2087b792ff6bd937297ffb
Tags
discovery persistence spyware stealer
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

af09248cb756488850f9e6f9a7a00149005bf47a9b2087b792ff6bd937297ffb

Threat Level: Likely malicious

The file advbattoexeconverter.exe was found to be: Likely malicious.

Malicious Activity Summary

discovery persistence spyware stealer

Drops file in Drivers directory

Manipulates Digital Signatures

Downloads MZ/PE file

Loads dropped DLL

Reads user/profile data of web browsers

Registers COM server for autorun

Executes dropped EXE

Checks computer location settings

Enumerates connected drives

Checks installed software on the system

Checks for any installed AV software in registry

Drops file in System32 directory

Drops file in Windows directory

Drops file in Program Files directory

Enumerates physical storage devices

Unsigned PE

Checks SCSI registry key(s)

Modifies registry class

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Suspicious behavior: LoadsDriver

Uses Volume Shadow Copy service COM API

Suspicious use of WriteProcessMemory

Enumerates system info in registry

Suspicious use of FindShellTrayWindow

Suspicious use of SendNotifyMessage

Suspicious use of SetWindowsHookEx

Modifies data under HKEY_USERS

Modifies system certificate store

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-15 18:40

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-15 18:40

Reported

2024-05-15 19:03

Platform

win10v2004-20240508-en

Max time kernel

466s

Max time network

529s

Command Line

"C:\Users\Admin\AppData\Local\Temp\advbattoexeconverter.exe"

Signatures

Downloads MZ/PE file

Drops file in Drivers directory

Description Indicator Process Target
File created C:\Windows\system32\drivers\isedrv.sys C:\Users\Admin\AppData\Local\Temp\7ZipSfx.001\bin\ise_installer\isestart.exe N/A
File created C:\Windows\system32\Drivers\cmderd.sys C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\system32\Drivers\cmdGuard.sys C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\system32\Drivers\cmdhlp.sys C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\system32\Drivers\inspect.sys C:\Windows\system32\msiexec.exe N/A

Manipulates Digital Signatures

Description Indicator Process Target
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\6CD253D636A7B4D0E0981431BC064061A9853ED9\Blob = 0300000001000000140000006cd253d636a7b4d0e0981431bc064061a9853ed920000000010000001b06000030820617308204ffa003020102021032327facb1bd6f1fa93473ccc515fd82300d06092a864886f70d01010b0500308191310b3009060355040613024742311b30190603550408131247726561746572204d616e636865737465723110300e0603550407130753616c666f7264311a3018060355040a1311434f4d4f444f204341204c696d69746564313730350603550403132e434f4d4f444f2052534120457874656e6465642056616c69646174696f6e20436f6465205369676e696e67204341301e170d3138303132343030303030305a170d3231303132333233353935395a308201153110300e060355040513073339313038303531133011060b2b0601040182373c0201031302555331193017060b2b0601040182373c020102130844656c6177617265311d301b060355040f131450726976617465204f7267616e697a6174696f6e310b3009060355040613025553310e300c06035504110c0530373031333113301106035504080c0a4e6577204a65727365793110300e06035504070c07436c6966746f6e311a301806035504090c11313235352042726f61642053747265657431283026060355040a0c1f436f6d6f646f20536563757269747920536f6c7574696f6e732c20496e632e3128302606035504030c1f436f6d6f646f20536563757269747920536f6c7574696f6e732c20496e632e30820122300d06092a864886f70d01010105000382010f003082010a0282010100b7713778a66667b8cd67f828f378f80a5507c4e8aa143cfd5b9b953ab16d04a965dcd386a35efe8378c1e0e5ceaf124f188102958962014e493cd80f11fc2ba339953a8bb71a9f030ebbe8742b4252ab465a2d41a829508a9eef5d34d171fcf0b5be026fe15e1a70288b2ecd4af1332924d53c0eefe5c7033482769cae8b5c5e8d59033fac40e94d714c5cd05e8db6f0edb71bb26565d52a025f35323203e9a7846d00a235f973d1e43f29a81dcd1bfef625d373f94a51cc8d2be8ee69702a73a694da69d9b0fbae7d1dee353683a2037a2019b9260a1b53f6c89d945b384c275670bdfac333301504af00749373356a1e7a422eb9363bdab713f9ad6b5bb1970203010001a38201e2308201de301f0603551d23041830168014df8ff3200ce9caa604d85b58372a3dab46dc8349301d0603551d0e04160414e18081b3e9396b7109e8b2add6c3d20ebf4b4814300e0603551d0f0101ff040403020780300c0603551d130101ff0402300030130603551d25040c300a06082b06010505070303301106096086480186f842010104040302041030460603551d20043f303d303b060c2b06010401b2310102010601302b302906082b06010505070201161d68747470733a2f2f7365637572652e636f6d6f646f2e636f6d2f43505330550603551d1f044e304c304aa048a0468644687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f434f4d4f444f525341457874656e64656456616c69646174696f6e436f64655369676e696e6743412e63726c30818606082b06010505070101047a3078305006082b060105050730028644687474703a2f2f6372742e636f6d6f646f63612e636f6d2f434f4d4f444f525341457874656e64656456616c69646174696f6e436f64655369676e696e6743412e637274302406082b060105050730018618687474703a2f2f6f6373702e636f6d6f646f63612e636f6d302e0603551d1104273025a02306082b06010505070803a01730150c1355532d44454c41574152452d33393130383035300d06092a864886f70d01010b050003820101004bc17929ea82f3c4787f7b29b69edb09e169797a9f4cd233f035412d2b9c586e352d2c0d1cd530a946a91ccd8858453573f0b45a0cdc743d662af4761420489adadbd9a84915b697f96ed1e49786c53000eb12555d3b2957eec18279326020737e2e3e4d621856026169ad6f6cf18ee7b59d5b6a7e6d8c252fa1a15363ec89a6efe5efdf4b260ad35c6a0e1db0250d1eb66ea7b91f15e0f57ecc0541e1ad74a2069f717dec0b1f03101b6812c13f64264f8c40a3614ffb8ccabedb974cda14eb50c061d5cd23dc7735cd0bcfdcef3fd178c1f95594a591031d05c8554cb5fe6fd23cb95931bf847f5b525a269aeac0336313e8f6e81ccb1692d86993724f709e C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\D70D7D00CA12E1B3E20F3BF7534DEB2C2E7C2404\Blob = 030000000100000014000000d70d7d00ca12e1b3e20f3bf7534deb2c2e7c24042000000001000000530500003082054f30820437a00302010202102f9f0a1d6764b5a6378747247087ba73300d06092a864886f70d01010b0500307d310b3009060355040613024742311b30190603550408131247726561746572204d616e636865737465723110300e0603550407130753616c666f7264311a3018060355040a1311434f4d4f444f204341204c696d69746564312330210603550403131a434f4d4f444f2052534120436f6465205369676e696e67204341301e170d3138313231313030303030305a170d3139313231313233353935395a3081b8310b3009060355040613025553310e300c06035504110c0530373031333113301106035504080c0a4e6577204a65727365793110300e06035504070c07436c6966746f6e3112301006035504090c095375697465203130303116301406035504090c0d313235352042726f616420537431223020060355040a0c19436f6d6f646f20536563757269747920536f6c7574696f6e733122302006035504030c19436f6d6f646f20536563757269747920536f6c7574696f6e7330820122300d06092a864886f70d01010105000382010f003082010a0282010100c1b2eafc6255d7a7780082967ba911a65b8160e697a9c81ae0816002356644b714895808a67b22551d87b879e80d0c1bff7bd847e1486bad3c3caa8c6f3258a7311f8b03c68c9ec5947950e57a1f99f4b47b8faaf46e282f68155ae6e8f13c9c125b5eb83ae4e63ee6081d0e8aae4f090175a538422b38e0600bd94b21b313567934ee959ddd6ab7ef62bce25dada05d7de6a75cefeffdcba6a1fc8e1ef7aa6d3e5ab328732c3d31759a20d7e69cef60ac9d152041dbd85167a78329f3a80fee19ea9edb102448aa9f5774794ecb560de2faa348f278b846a2a5d8238d5e4e4cd2a82f0e37415af2dc63f34f3e179aa1cae7290b411aaf5aa6acf5404ebe98130203010001a382018d30820189301f0603551d23041830168014299160ff8a4dfaebf9a66ab8cff9e64bbd49ce12301d0603551d0e041604146c5f99825f4ba8d4c19bae5169bab32fae7816ca300e0603551d0f0101ff040403020780300c0603551d130101ff0402300030130603551d25040c300a06082b06010505070303301106096086480186f842010104040302041030460603551d20043f303d303b060c2b06010401b2310102010302302b302906082b06010505070201161d68747470733a2f2f7365637572652e636f6d6f646f2e6e65742f43505330430603551d1f043c303a3038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f434f4d4f444f525341436f64655369676e696e6743412e63726c307406082b0601050507010104683066303e06082b060105050730028632687474703a2f2f6372742e636f6d6f646f63612e636f6d2f434f4d4f444f525341436f64655369676e696e6743412e637274302406082b060105050730018618687474703a2f2f6f6373702e636f6d6f646f63612e636f6d300d06092a864886f70d01010b050003820101000f718c2aa40e9c44a95e1eca3844097ddb7fba896b5f5c73a6b9aede1d29f0e432f41c8a45ce38b1f52df73f45e67907a03ac58d407b3077b1cae246a54544ee365bcee4bf0f4cecc47b01e98d0478d8f4c93e2c582aa472577de9c67a0a8c2e37635e626258675e0e6669babee331594abed516679e8f1b14d7a65dc1b76ab33412689b135cf855335748e2d1998759e5b95f68d418d5486d385d0db7a8fa30e58e84f57bb7ec3f45efa549fab71775c822ec846545b6fc0ef1d3c2dad34940657088fc5f773a1cbe24f9228f9dd7e9611d5d682998c6041ba580a789f5571da01d6723784bbcec4fded61d0ba31e37fbc10c3dfe06169df4670c8d454019f7 C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\31D019FC7AB697D57D9C4AFB340ED7C4D10400DF\Blob = 03000000010000001400000031d019fc7ab697d57d9c4afb340ed7c4d10400df2000000001000000250600003082062130820509a00302010202101b427b060e2866bfb586cc267e1c3eaa300d06092a864886f70d01010b0500308191310b3009060355040613024742311b30190603550408131247726561746572204d616e636865737465723110300e0603550407130753616c666f7264311a3018060355040a1311434f4d4f444f204341204c696d69746564313730350603550403132e434f4d4f444f2052534120457874656e6465642056616c69646174696f6e20436f6465205369676e696e67204341301e170d3138313230343030303030305a170d3231313230333233353935395a308201093110300e060355040513073339313038303531133011060b2b0601040182373c0201031302555331193017060b2b0601040182373c020102130844656c6177617265311d301b060355040f131450726976617465204f7267616e697a6174696f6e310b3009060355040613025553310e300c06035504110c053037303133310b300906035504080c024e4a3110300e06035504070c07436c6966746f6e3116301406035504090c0d313235352042726f616420537431283026060355040a0c1f436f6d6f646f20536563757269747920536f6c7574696f6e732c20496e632e3128302606035504030c1f436f6d6f646f20536563757269747920536f6c7574696f6e732c20496e632e30820122300d06092a864886f70d01010105000382010f003082010a0282010100ad390c8bc919005d5894a91a9585ef887fbd7c2341ff5ebb3efc6f645a66c55e6da11febce740e53ed9416284dfc7d142e4dc21f99753b5f60ae9aadc764b59efd9ffd33b20ae1c54eba629408a1b095a59cf4af0ad9db9bc494250154dcd0edefcec62e4b248d9a793b703aa15255baf3553fa59d4dc558ba4303af630bb626cd6627e0c4a45764ec3b286c38ab2499f9dc13eefdffa7841297ff533b47061b9aa3ff09ee3f04a7b10ba70894e53f3352b1f60eddfc021a66546e3392795bb6ae49a92f189ec2a7cdd9a935fab33a5ce7fc16c4b7e8ca13b4551d38a6a7c0658298a5adf5f6796675f58e1bb4ce410ff704bc5e845bc1ef83c18a0d50e137370203010001a38201f8308201f4301f0603551d23041830168014df8ff3200ce9caa604d85b58372a3dab46dc8349301d0603551d0e041604142d99b81962209042dc650eb36ec07ad996e48c4d300e0603551d0f0101ff040403020780300c0603551d130101ff0402300030130603551d25040c300a06082b06010505070303301106096086480186f842010104040302041030460603551d20043f303d303b060c2b06010401b2310102010601302b302906082b06010505070201161d68747470733a2f2f7365637572652e636f6d6f646f2e636f6d2f43505330550603551d1f044e304c304aa048a0468644687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f434f4d4f444f525341457874656e64656456616c69646174696f6e436f64655369676e696e6743412e63726c30818606082b06010505070101047a3078305006082b060105050730028644687474703a2f2f6372742e636f6d6f646f63612e636f6d2f434f4d4f444f525341457874656e64656456616c69646174696f6e436f64655369676e696e6743412e637274302406082b060105050730018618687474703a2f2f6f6373702e636f6d6f646f63612e636f6d30440603551d11043d303ba02306082b06010505070803a01730150c1355532d44454c41574152452d33393130383035811473636f742e7765697240636f6d6f646f2e636f6d300d06092a864886f70d01010b050003820101007f4d3e6594a3e380fac36b00e97ccacce4786be2ecc13cf37e737aaca0328bb8bfdcd513daff94aba1c7ee00cc8a3bd073157a812f6e31f772781d0bb922a8b86932b296c2312cdf3b239c42bb443b4b1b89b36de34a7fae65ac63eb6ead8812f8d373fa6f1a4e8d9e62eb004caae3639e41e08ed48d640b04725b09b4411dc083587e7fe24b33d90677677960efa6299cc85c4b2bfae4cdfe36581d25e029f6af1a7e77f502882d87597f3cc5bb450a71f9fd57f43b321baa4cbe5213a48a2c5b785a9de4103d5029e4db79403e98784e51379d45a86996b183469e98470731d1a603eaa443a05527aca62f51631722dc0dfe5d74c8298d2aed885d34c9be61 C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\16232A798863E5950F9F44977A033CF91793D8F1\Blob = 03000000010000001400000016232a798863e5950f9f44977a033cf91793d8f1200000000100000016070000308207123082057aa00302010202101f734d111b4b5c879bbd5a8c49ab2a90300d06092a864886f70d01010b05003057310b300906035504061302474231183016060355040a130f5365637469676f204c696d69746564312e302c060355040313255365637469676f205075626c696320436f6465205369676e696e6720434120455620523336301e170d3231313230373030303030305a170d3234313230363233353935395a3081da311330110603550405130a3034303037353135383831133011060b2b0601040182373c02010313025553311b3019060b2b0601040182373c020102130a4e6577204a6572736579311d301b060355040f131450726976617465204f7267616e697a6174696f6e310b30090603550406130255533113301106035504080c0a4e6577204a657273657931273025060355040a0c1e436f6d6f646f20536563757269747920536f6c7574696f6e732c20496e633127302506035504030c1e436f6d6f646f20536563757269747920536f6c7574696f6e732c20496e6330820222300d06092a864886f70d01010105000382020f003082020a0282020100bf278efbb1f070dd512156b387a02946060750ffadb5b00c8a316c6254ccf52787727318f46a676cc12035adfb89cef7c4c4bbefa84627362f58e1b96b6b281fc01535419a7715dd92995ecf8deb4c8291427657bdcbee99fc260f482b91478a76bcf1c50b114be347a43c8a35091d8371e562b1c16f68370f851e037373ff9c00177845d2d5b6da2aaaf808cf9ff1a3a6eda561286e25fa2c0d7e9ae0c7f0c04e1df0baf6f5b6ac0f01940f2a14e467f77505d14c84f45121d45d5c4552ac5eb24fef6bc520ace00bac3aeab817f8fa995b3111a202397031bf4b25dd89e2ba5cf8b9b6b5a521deee25a4e6529c869873414796bbc28f6d3ed733d339b26dd10a3a0e2d43eb9815e1b33fb6a48f0ad3fe196ecb20207862249a5456601c09f1e344453cad88350bb392a74a899f716e018c40cac5fd3f9b691261e3528f51ae70a28b00271c5a540ec387e778f75a4ceabfd34f9b17d6a76481240727ba17973f3746e175ab4cae3f9b28dfad2a842a220491f66956ae90f8b44c343ccbb8cd6ae46eb19aa6f6ae55687129eb473a3111d1db67d708955afacc070e048b5aab7587a732bc77c9a66c72c604a4ae96ee00d38d492af000d6099cce5bd9b7c42554e74ad2091f79baea8cd4b92d092f89a294ebf5ddb785a39b21c1befd7faecc58a6e99022139f7120753a4cdb4b98e700a08dd850224d67c8aa811cd61d63950203010001a38201d4308201d0301f0603551d23041830168014813292412b28cd46c8c4a2c62a3912ec48a93f14301d0603551d0e041604145d9262d74ec55663e2d856b3702cca554d2809fd300e0603551d0f0101ff040403020780300c0603551d130101ff0402300030130603551d25040c300a06082b06010505070303301106096086480186f842010104040302041030490603551d20044230403035060c2b06010401b23101020106013025302306082b06010505070201161768747470733a2f2f7365637469676f2e636f6d2f4350533007060567810c0103304b0603551d1f044430423040a03ea03c863a687474703a2f2f63726c2e7365637469676f2e636f6d2f5365637469676f5075626c6963436f64655369676e696e67434145565233362e63726c307b06082b06010505070101046f306d304606082b06010505073002863a687474703a2f2f6372742e7365637469676f2e636f6d2f5365637469676f5075626c6963436f64655369676e696e67434145565233362e637274302306082b060105050730018617687474703a2f2f6f6373702e7365637469676f2e636f6d30330603551d11042c302aa02806082b06010505070803a01c301a0c1855532d4e4557204a45525345592d30343030373531353838300d06092a864886f70d01010b0500038201810000b6abcb859749fe5bea2213f31cfe6db00bb221447b7f781d40982487806bdb7b711b08b210fec553172e5492ed62cd4eb3c63f4352c33d87e3aaf9265287438c0cfa8183b68cdf6a52df3094b4fb4fc01a82e39292fc5c2525f30f5da0077e8b37879c9c33a46b34cda70fdd89e87cec6f9b320aa3ec145b2843af9ff9cdf5d7030b3b34b5e1436b06ed64f2358de7e894dc929e7d218a2c362c4b2a78f0852e9bc55fcb805c86b407879bd4d1cc8d24b3a647ad85cdbd19fd29f030e1976a5369e550b780dc853824d4f031f69afd1a4967ec5f3871443f8b55d40c6ce0049d5af7c2d6f3f1df0471e0d47daa19a010cc08489dd330c8aa036c63ec148a37b855e6e2cbe7993d3bc17459ba47251c568c80468c8c8eeef2b561903a64c54472284333302f8e957906f9fa7af48afd60d63886595389b305e9b2cae6547efc2e85a5a382e7abef4d5efcfc3e8a0320a1c7e6bd5b8b68f5a4931b5bdb6e0200e502becdd39258d1df1b7f0ead70b94c06e329ea1d9e52f32104c7c0b3a26d5b C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\E35E6F46A1A9A4D18A4DAA298BDA4D1E8879236E\Blob = 030000000100000014000000e35e6f46a1a9a4d18a4daa298bda4d1e8879236e20000000010000005f0500003082055b30820443a003020102021100d9218e2757ec45d84ec08b3e6700c85e300d06092a864886f70d0101050500307b310b3009060355040613024742311b30190603550408131247726561746572204d616e636865737465723110300e0603550407130753616c666f7264311a3018060355040a1311434f4d4f444f204341204c696d697465643121301f06035504031318434f4d4f444f20436f6465205369676e696e672043412032301e170d3138313231313030303030305a170d3139303730373233353935395a3081a8310b3009060355040613025553310e300c06035504110c053037303133310b300906035504080c024e4a3110300e06035504070c07436c6966746f6e3116301406035504090c0d313235352042726f616420537431283026060355040a0c1f436f6d6f646f20536563757269747920536f6c7574696f6e732c20496e632e3128302606035504030c1f436f6d6f646f20536563757269747920536f6c7574696f6e732c20496e632e30820122300d06092a864886f70d01010105000382010f003082010a0282010100b73a668ff7984c8d990d7c6e51df5176c7842cc1bf351c27286c6139f4831fc718a35b0fa9145f0887de8bce335e8e3e12fce763cab5deeae08e0bf325cd79a4fbb328d7c7f7d53de51bd3c05c5966b634a9b1fc4362afd0267f927dd90a52b6a5f5f0e29c8e94dfe4199b2cf31142bb480e95ecb92b6ca20ecd71ff210df9655e9e9ac856ad7aab929b843052d4a21c27ea4054a9f4e8c4cd88943b1a4d3a58b3e06eb654c6c09cef472d6fb0d05a841ce229b53a5d36bd08cbfdc552f7c758efaa7824c1d27e30a83d7a9cecaab4bd91b2cbd60d1335fc4ac0f0294dd2eeb3f65139467761f091840246ff644edbfacb9ffd7ef2823fd9eea312dd299a39af0203010001a38201aa308201a6301f0603551d230418301680141ec5b12c7d87da02687c25bc0c07843fb6cfdef1301d0603551d0e041604147c4f2b645af103043ca7675e8c129c16dee7164c300e0603551d0f0101ff040403020780300c0603551d130101ff0402300030130603551d25040c300a06082b06010505070303301106096086480186f842010104040302041030460603551d20043f303d303b060c2b06010401b2310102010302302b302906082b06010505070201161d68747470733a2f2f7365637572652e636f6d6f646f2e6e65742f43505330410603551d1f043a30383036a034a0328630687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f434f4d4f444f436f64655369676e696e674341322e63726c307206082b0601050507010104663064303c06082b060105050730028630687474703a2f2f6372742e636f6d6f646f63612e636f6d2f434f4d4f444f436f64655369676e696e674341322e637274302406082b060105050730018618687474703a2f2f6f6373702e636f6d6f646f63612e636f6d301f0603551d1104183016811473636f742e7765697240636f6d6f646f2e636f6d300d06092a864886f70d01010505000382010100b33c0fee4668b9e86cd777fa94eb47dcaee7fb5b9b897b9458b12e511a194b6ad495ea4b6b820d1c7cd26badf92cfc13aaa9e66157a55545c7ea71460a4fa4e30e46b9ac16a36e94a1fcbc62b2abe402d2a58773344c4b23a0d907a9760029595421e478da67167f80876012443cd22573dc3806cdedbc6c8c4ed255bd926cecc7796ec36fb225d084f31afb5e5a2e86d26149212dda8aed2058ef0d7e7e677b463a7722431a0b5c0b9dc385b7d2e73bd781ee111c8f7e36d76e1db1f6ac98784227ed97cde3762d079741984d146a8ff96e411c1b1e4e711cd00a6150532ffaa13702a81f4514eae48ca0b98d8642a6cfe7711dc67d1b857bfecb4e863bc1f9 C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation C:\ProgramData\Comodo\Installer\ise_installer.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Downloads\cispro_installer.exe N/A

Reads user/profile data of web browsers

spyware stealer

Registers COM server for autorun

persistence
Description Indicator Process Target
Key created \REGISTRY\MACHINE\Software\Classes\CLSID\{05E5F178-256F-42EE-9BF4-A7E080F7B354}\LocalServer32 C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{FF101135-6584-46E7-8AA1-8FCD1FCA5042}\LocalServer32\ThreadingModel = "Free" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\CLSID\{C288AC5A-D846-4696-8028-2DF6F508D0D9}\LocalServer32 C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C288AC5A-D846-4696-8028-2DF6F508D0D9}\LocalServer32\ThreadingModel = "Free" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{10F58851-4358-4E4B-8494-DF34393F41A5}\LocalServer32\ThreadingModel = "Both" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D7D729A7-3570-4902-944A-470C9919FCCB}\InProcServer32\ = "C:\\Program Files\\COMODO\\COMODO Internet Security\\cisresc.dll" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C4D33F09-D11A-485D-AB08-8BFF862E7120}\LocalServer32\ = "\"C:\\Program Files\\COMODO\\COMODO Internet Security\\cisbf.exe\"" C:\Program Files\COMODO\COMODO Internet Security\cisbf.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\CLSID\{1B1E2B7F-DDF5-4722-A450-085CC9EAC96C}\LocalServer32 C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E0E9D49D-65D1-4AB1-8235-DF90B6ED8483}\LocalServer32\ = "\"C:\\Program Files\\COMODO\\COMODO Internet Security\\cavwp.exe\" /ModeAvMonitor" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E8718E3A-1985-473C-9196-9A39AFB0028E}\LocalServer32\ = "\"C:\\Program Files\\COMODO\\COMODO Internet Security\\cavwp.exe\" /ModeAvMerger" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A1850D95-9C38-4D86-AC40-E559BC0E73C9}\LocalServer32\ = "\"C:\\Program Files\\COMODO\\COMODO Internet Security\\cavwp.exe\" /ModeAvDllHost" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{FF101135-6584-46E7-8AA1-8FCD1FCA5042}\LocalServer32\ = "\"C:\\Program Files\\COMODO\\COMODO Internet Security\\cmdagent.exe\"" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C288AC5A-D846-4696-8028-2DF6F508D0D9}\LocalServer32\ = "\"C:\\Program Files\\COMODO\\COMODO Internet Security\\cmdagent.exe\"" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1B1E2B7F-DDF5-4722-A450-085CC9EAC96C}\LocalServer32\ = "\"C:\\Program Files\\COMODO\\COMODO Internet Security\\cmdagent.exe\"" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C4D33F09-D11A-485D-AB08-8BFF862E7120}\LocalServer32\ServerExecutable = "C:\\Program Files\\COMODO\\COMODO Internet Security\\cisbf.exe" C:\Program Files\COMODO\COMODO Internet Security\cisbf.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D7D729A7-3570-4902-944A-470C9919FCCB}\InProcServer32 C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{67683718-82B8-4557-86A8-E04D169EF883}\InProcServer32\ = "C:\\Program Files\\COMODO\\COMODO Internet Security\\cisbfps.dll" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{81B0EDF3-1CAB-4B8A-BD36-C4DEFAC1DCF9}\LocalServer32\ = "\"C:\\Program Files\\COMODO\\COMODO Internet Security\\cmdagent.exe\"" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{10F58851-4358-4E4B-8494-DF34393F41A5}\LocalServer32\ = "\"C:\\Program Files\\COMODO\\COMODO Internet Security\\cmdagent.exe\"" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\CLSID\{E8718E3A-1985-473C-9196-9A39AFB0028E}\LocalServer32 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\CLSID\{868A55F7-D79E-4C2E-8091-DEA9042B987F}\LocalServer32 C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1B1E2B7F-DDF5-4722-A450-085CC9EAC96C}\LocalServer32\ThreadingModel = "Free" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{05E5F178-256F-42EE-9BF4-A7E080F7B354}\LocalServer32\ = "\"C:\\Program Files\\COMODO\\COMODO Internet Security\\cavwp.exe\" /ModeAvScanner" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\CLSID\{A1850D95-9C38-4D86-AC40-E559BC0E73C9}\LocalServer32 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{67683718-82B8-4557-86A8-E04D169EF883}\InProcServer32 C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\CLSID\{10F58851-4358-4E4B-8494-DF34393F41A5}\LocalServer32 C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{ED181758-F11B-4C85-AEA2-199B3DC9F7DE}\InprocServer32\ThreadingModel = "Free" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D7D729A7-3570-4902-944A-470C9919FCCB}\InProcServer32\ThreadingModel = "Both" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{67683718-82B8-4557-86A8-E04D169EF883}\InProcServer32\ThreadingModel = "Both" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C4D33F09-D11A-485D-AB08-8BFF862E7120}\LocalServer32 C:\Program Files\COMODO\COMODO Internet Security\cisbf.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\CLSID\{81B0EDF3-1CAB-4B8A-BD36-C4DEFAC1DCF9}\LocalServer32 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\CLSID\{E0E9D49D-65D1-4AB1-8235-DF90B6ED8483}\LocalServer32 C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B691E6DB-B216-4532-A2F3-1656BAC416FC}\LocalServer32\ = "\"C:\\Program Files\\COMODO\\COMODO Internet Security\\cavwp.exe\" /ModeAvBoostHelper" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{ED181758-F11B-4C85-AEA2-199B3DC9F7DE}\InprocServer32 C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{ED181758-F11B-4C85-AEA2-199B3DC9F7DE}\InprocServer32\ = "C:\\Program Files\\COMODO\\COMODO Internet Security\\cisresc.dll" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\CLSID\{FF101135-6584-46E7-8AA1-8FCD1FCA5042}\LocalServer32 C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{81B0EDF3-1CAB-4B8A-BD36-C4DEFAC1DCF9}\LocalServer32\ThreadingModel = "Free" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\CLSID\{B691E6DB-B216-4532-A2F3-1656BAC416FC}\LocalServer32 C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{868A55F7-D79E-4C2E-8091-DEA9042B987F}\LocalServer32\ = "\"C:\\Program Files\\COMODO\\COMODO Internet Security\\cavwp.exe\" /ModeAvSigChecker" C:\Windows\system32\msiexec.exe N/A

Checks for any installed AV software in registry

Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\Options\Tray icon visibility = "1" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\Options\ThemeName = "lycia.set" C:\Windows\system32\msiexec.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\Installer C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\COMODO\CIS\Data C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\COMODO\CIS\Data\EnforceUseOtlsHttp C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\COMODO\CIS\Cam C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\Installer\Proxy C:\Windows\System32\MsiExec.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\Options C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\Options\UrlsUpdateHost = "download.comodo.com" C:\Windows\system32\msiexec.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\Options\Silent diag support C:\Windows\system32\msiexec.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\Options\Desktop icon visibility C:\Windows\system32\msiexec.exe N/A
Key queried \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\Cam C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\Options\ThemeName C:\Windows\system32\msiexec.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\Installer\Proxy C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\Cam\ProductID = "cis.paid_trial_free" C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\VolatileData C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\Options\UserEmail C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\Installer C:\Windows\system32\msiexec.exe N/A
Key security queried \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\Cam C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\Cam\PricingTerm C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\DbgTrace\MsiExec C:\Windows\System32\MsiExec.exe N/A
Key security queried \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\Options C:\Windows\system32\msiexec.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\Options\Tray icon visibility C:\Windows\system32\msiexec.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\Options\UrlsUpdateHost C:\Windows\system32\msiexec.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\COMODO\CIS\DbgTrace\cmdinstall C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A
Key queried \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\COMODO\CIS\Data C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\Options\UsageStatHost C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\Options\UsageStatHost C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\Data\AllowedDowngrade = "1" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\COMODO\CIS\Data\CmcWindowsVersion = "{\"release_id\":2004,\"build\":19041,\"ubr\":1288,\"major\":0}" C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\Installer C:\Windows\System32\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\Options\UsageStatHost = "cmc.comodo.com" C:\Windows\system32\msiexec.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\Installer\MsiProductCode C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\Installer\MsiProductCode = "{6D506E2A-AB2C-4D1E-A226-AB27BC469B62}" C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\Options\Desktop icon visibility = "1" C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\Options\LanguageID = "1033" C:\Windows\system32\msiexec.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\DbgTrace\cfpconfg C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\Cam C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\Installer\Instance\{48222F79-874D-414E-9563-03C664764923} = "4928" C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\Cam C:\Windows\system32\msiexec.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\Installer C:\Windows\System32\MsiExec.exe N/A
Key security queried \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\Data C:\Windows\system32\msiexec.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\DbgTrace\cfpconfg C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe N/A
Key queried \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\Installer C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A
Key queried \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\Options C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\COMODO\CIS C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\Installer\Proxy C:\Windows\System32\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\Installer\Proxy = "C:\\Program Files\\COMODO\\COMODO Internet Security\\msica.dll" C:\Windows\system32\msiexec.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\Data C:\Windows\system32\msiexec.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\DbgTrace\MsiExec C:\Windows\System32\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\Options C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\Options\LanguageName = "English (United States)" C:\Windows\system32\msiexec.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\Options\CmcHost C:\Windows\system32\msiexec.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\Options\UpdateURL C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\Installer\Instance C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\Options C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\Options\UsageStatHost = "cmc.comodo.com" C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\COMODO\CIS\Data C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\Options\InstallerName = "cisproinstallerx64" C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A
Key security queried \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\Cam C:\Windows\system32\msiexec.exe N/A
Delete value \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\Cam\LicenseKeyFree C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A
Delete value \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\Cam\SubscriptionIdFree C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A

Checks installed software on the system

discovery

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\P: C:\Windows\System32\MsiExec.exe N/A
File opened (read-only) \??\W: C:\Windows\System32\MsiExec.exe N/A
File opened (read-only) \??\B: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\T: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\V: C:\Windows\System32\MsiExec.exe N/A
File opened (read-only) \??\L: C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A
File opened (read-only) \??\P: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Z: C:\Windows\System32\MsiExec.exe N/A
File opened (read-only) \??\X: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\X: C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe N/A
File opened (read-only) \??\M: C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe N/A
File opened (read-only) \??\P: C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe N/A
File opened (read-only) \??\P: C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A
File opened (read-only) \??\M: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\H: C:\Windows\System32\MsiExec.exe N/A
File opened (read-only) \??\R: C:\Windows\System32\MsiExec.exe N/A
File opened (read-only) \??\W: C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe N/A
File opened (read-only) \??\H: C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe N/A
File opened (read-only) \??\L: C:\Windows\System32\MsiExec.exe N/A
File opened (read-only) \??\L: C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe N/A
File opened (read-only) \??\J: C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A
File opened (read-only) \??\V: C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A
File opened (read-only) \??\S: C:\Windows\System32\MsiExec.exe N/A
File opened (read-only) \??\Y: C:\Windows\System32\MsiExec.exe N/A
File opened (read-only) \??\V: C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe N/A
File opened (read-only) \??\I: C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe N/A
File opened (read-only) \??\B: C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A
File opened (read-only) \??\H: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\R: C:\Windows\System32\MsiExec.exe N/A
File opened (read-only) \??\Y: C:\Windows\System32\MsiExec.exe N/A
File opened (read-only) \??\N: C:\Windows\System32\MsiExec.exe N/A
File opened (read-only) \??\P: C:\Windows\System32\MsiExec.exe N/A
File opened (read-only) \??\R: C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe N/A
File opened (read-only) \??\T: C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe N/A
File opened (read-only) \??\G: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Q: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\S: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\M: C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe N/A
File opened (read-only) \??\T: C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe N/A
File opened (read-only) \??\S: C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe N/A
File opened (read-only) \??\V: C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe N/A
File opened (read-only) \??\H: C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A
File opened (read-only) \??\S: C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A
File opened (read-only) \??\A: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\O: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\V: C:\Windows\System32\MsiExec.exe N/A
File opened (read-only) \??\J: C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe N/A
File opened (read-only) \??\E: C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A
File opened (read-only) \??\A: C:\Windows\System32\MsiExec.exe N/A
File opened (read-only) \??\E: C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe N/A
File opened (read-only) \??\Q: C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe N/A
File opened (read-only) \??\Y: C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe N/A
File opened (read-only) \??\Y: C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A
File opened (read-only) \??\G: C:\Windows\System32\MsiExec.exe N/A
File opened (read-only) \??\I: C:\Windows\System32\MsiExec.exe N/A
File opened (read-only) \??\K: C:\Windows\System32\MsiExec.exe N/A
File opened (read-only) \??\Q: C:\Windows\System32\MsiExec.exe N/A
File opened (read-only) \??\L: C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe N/A
File opened (read-only) \??\P: C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe N/A
File opened (read-only) \??\J: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\N: C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe N/A
File opened (read-only) \??\R: C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe N/A
File opened (read-only) \??\U: C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe N/A
File opened (read-only) \??\W: C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\cmdvrt32.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\system32\cmdvrt64.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\SysWOW64\guard32.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\system32\guard64.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\syswow64\iseguard32.dll C:\Users\Admin\AppData\Local\Temp\7ZipSfx.001\bin\ise_installer\isestart.exe N/A
File created C:\Windows\system32\iseguard64.dll C:\Users\Admin\AppData\Local\Temp\7ZipSfx.001\bin\ise_installer\isestart.exe N/A
File created C:\Windows\system32\cmdcsr.dll C:\Windows\system32\msiexec.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\COMODO\COMODO Internet Security\resources\redirect.html C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\COMODO\COMODO Internet Security\translations\1053.lang C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\COMODO\COMODO Internet Security\translations\virtkiosk.japanese.lang C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\COMODO\COMODO Internet Security\vddata\vduserdata\bin\pfpeapihoiogbcmdmnibeplnikfnhoge.xml C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\COMODO\COMODO Internet Security\drivers\win10\cmdboot.cat C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\COMODO\COMODO Internet Security\translations\1025.lang C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\COMODO\COMODO Internet Security\iseupdate.exe C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\COMODO\COMODO Internet Security\OtlsHttp.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\COMODO\COMODO Internet Security\vddata\vduserdata\images\remove.png C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\COMODO\COMODO Internet Security\virtkiosk.exe C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\COMODO\Internet Security Essentials\Translations\vkise.dutch.xml C:\Users\Admin\AppData\Local\Temp\7ZipSfx.001\bin\ise_installer\isestart.exe N/A
File created C:\Program Files\COMODO\COMODO Internet Security\drivers\win10\cmdhlp.sys C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\COMODO\COMODO Internet Security\translations\1040.lang C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\COMODO\COMODO Internet Security\translations\cmdres.greek.lang C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\COMODO\COMODO Internet Security\scanners\dunpack.cav C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\COMODO\COMODO Internet Security\translations\1032.lang C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\COMODO\COMODO Internet Security\translations\virtkiosk.polish.lang C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\COMODO\COMODO Internet Security\translations\virtkiosk.spanish.lang C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\COMODO\COMODO Internet Security\cisevlog.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\COMODO\COMODO Internet Security\translations\cmdres.hungarian.lang C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\COMODO\COMODO Internet Security\scanners\dosmz.cav C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\COMODO\COMODO Internet Security\vddata\vduserdata\images\flip_in.png C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\COMODO\COMODO Internet Security\themes\modern.set C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\COMODO\COMODO Internet Security\translations\cmdres.serbian.lang C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\COMODO\COMODO Internet Security\eula.rtf C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\COMODO\Internet Security Essentials\Translations\vkise.english.xml C:\Users\Admin\AppData\Local\Temp\7ZipSfx.001\bin\ise_installer\isestart.exe N/A
File created C:\Program Files\COMODO\COMODO Internet Security\vddata\vduserdata\bin\lneaknkopdijkpnocmklfnjbeapigfbh.xml C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\COMODO\COMODO Internet Security\7za.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\COMODO\COMODO Internet Security\drivers\win10\cmdhlp.cat C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\COMODO\COMODO Internet Security\translations\1041.lang C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\COMODO\COMODO Internet Security\translations\virtkiosk.romanian.lang C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\COMODO\COMODO Internet Security\signmgr.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\COMODO\COMODO Internet Security\drivers\win10\cmderd.sys C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\COMODO\COMODO Internet Security\translations\virtkiosk.hungarian.lang C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\COMODO\COMODO Internet Security\scanners\fixbase.exe C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\COMODO\COMODO Internet Security\translations\cmdres.vietnamese.lang C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\COMODO\COMODO Internet Security\translations\virtkiosk.german.lang C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\COMODO\COMODO Internet Security\vddata\vduserdata\images\flip_press.png C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\COMODO\COMODO Internet Security\translations\1049.lang C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\COMODO\COMODO Internet Security\translations\cmdres.chinese.lang C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\COMODO\COMODO Internet Security\themes\lycia.set C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\COMODO\Internet Security Essentials\iseguard64.dll C:\Users\Admin\AppData\Local\Temp\7ZipSfx.001\bin\ise_installer\isestart.exe N/A
File created C:\Program Files (x86)\COMODO\Internet Security Essentials\Translations\vkise.spanish.xml C:\Users\Admin\AppData\Local\Temp\7ZipSfx.001\bin\ise_installer\isestart.exe N/A
File created C:\Program Files\COMODO\COMODO Internet Security\vddata\vkhlp.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\COMODO\COMODO Internet Security\translations\1048.lang C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\COMODO\COMODO Internet Security\translations\cmdres.danish.lang C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\COMODO\COMODO Internet Security\translations\cmdres.japanese.lang C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\COMODO\COMODO Internet Security\scanners\pkann.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\COMODO\COMODO Internet Security\translations\cmdres.polish.lang C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\COMODO\Internet Security Essentials\isedrv_xp.sys C:\Users\Admin\AppData\Local\Temp\7ZipSfx.001\bin\ise_installer\isestart.exe N/A
File created C:\Program Files\COMODO\COMODO Internet Security\framework.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\COMODO\COMODO Internet Security\translations\cmdres.bulgarian.lang C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\COMODO\COMODO Internet Security\packages.xml C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\COMODO\COMODO Internet Security\database\signers.tvt C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\COMODO\COMODO Internet Security\msica.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\COMODO\Internet Security Essentials\Translations\vkise.turkish.xml C:\Users\Admin\AppData\Local\Temp\7ZipSfx.001\bin\ise_installer\isestart.exe N/A
File created C:\Program Files\COMODO\COMODO Internet Security\vddata\vduserdata\images\page_dot.png C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\COMODO\COMODO Internet Security\translations\1036.lang C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\COMODO\COMODO Internet Security\translations\cmdres.brazilian.lang C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\COMODO\COMODO Internet Security\translations\cmdres.english.lang.template C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\COMODO\COMODO Internet Security\translations\virtkiosk.greek.lang C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\COMODO\COMODO Internet Security\scanners\mem.cav C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\COMODO\COMODO Internet Security\translations\1028.lang C:\Windows\system32\msiexec.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\Installer\e5dfc25.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIFFCF.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI5A5D.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI6D.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI8D.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\SourceHash{6D506E2A-AB2C-4D1E-A226-AB27BC469B62} C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIFE3.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI1004.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI5868.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\inprogressinstallinfo.ipi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI561.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIC96.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIEC9.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\e5dfc25.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI4D.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\ C:\Windows\system32\msiexec.exe N/A

Enumerates physical storage devices

Checks SCSI registry key(s)

Description Indicator Process Target
Key queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters C:\Windows\system32\vssvc.exe N/A
Key created \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr C:\Windows\system32\vssvc.exe N/A
Set value (data) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr\PartitionTableCache = 00000000040000003f3ccc8c3b3921e10000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000c01200000000ffffffff0000000027010100000800003f3ccc8c0000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d01200000000000020ed3a000000ffffffff0000000007000100006809003f3ccc8c000000000000d012000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f0ff3a0000000000000005000000ffffffff000000000700010000f87f1d3f3ccc8c000000000000f0ff3a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000003f3ccc8c00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 C:\Windows\system32\vssvc.exe N/A
Set value (data) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr\SnapshotDataCache = 534e41505041525401000000700000008ec7416a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 C:\Windows\system32\vssvc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters C:\Windows\system32\vssvc.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133602729570806194" C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{F8C8C537-0997-4D12-BD50-9B6C31A4883E}\1.0\ = "CisRescueDiskCreatorLib" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{39DFE5A6-14E4-4A43-B022-B791EDA973BC}\7.0\FLAGS\ = "0" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\CLSID\{81B0EDF3-1CAB-4B8A-BD36-C4DEFAC1DCF9}\LocalServer32 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{A70211A1-E8DF-47DC-B336-74BF57292D88}\7.0 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\TypeLib\{A70211A1-E8DF-47DC-B336-74BF57292D88}\7.0\FLAGS C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\CavWp.AvScanner\CLSID C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CavWp.AvSigChecker\ = "AvSigChecker Class" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{868A55F7-D79E-4C2E-8091-DEA9042B987F}\TypeLib\ = "{BAFAD68A-E0A2-4EB2-B2BA-1D0DE7CB2910}" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D7D729A7-3570-4902-944A-470C9919FCCB}\InProcServer32 C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CCFF154D-A97B-4138-A1AC-A2B0C3C05696} C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\CLSID\{81B0EDF3-1CAB-4B8A-BD36-C4DEFAC1DCF9}\TypeLib C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\TypeLib\{E37FA5BA-9E34-49AE-8C97-2C9E537A5D24}\7.0 C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\comodo\URL Protocol C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D7D729A7-3570-4902-944A-470C9919FCCB}\NumMethods C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{1F5B557B-0805-423E-B525-5939F5889232}\1.0\HELPDIR\ = "C:\\Program Files\\COMODO\\COMODO Internet Security" C:\Program Files\COMODO\COMODO Internet Security\cisbf.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\CLSID\{81B0EDF3-1CAB-4B8A-BD36-C4DEFAC1DCF9}\ProgID C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E0E9D49D-65D1-4AB1-8235-DF90B6ED8483} C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E8718E3A-1985-473C-9196-9A39AFB0028E}\TypeLib\ = "{BAFAD68A-E0A2-4EB2-B2BA-1D0DE7CB2910}" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\CavWp.AvDllHost.1\CLSID C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C4D33F09-D11A-485D-AB08-8BFF862E7120}\LocalServer32\ServerExecutable = "C:\\Program Files\\COMODO\\COMODO Internet Security\\cisbf.exe" C:\Program Files\COMODO\COMODO Internet Security\cisbf.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{1F5B557B-0805-423E-B525-5939F5889232}\1.0 C:\Program Files\COMODO\COMODO Internet Security\cisbf.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{1F5B557B-0805-423E-B525-5939F5889232}\1.0\0 C:\Program Files\COMODO\COMODO Internet Security\cisbf.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\CISSVC.CisGate C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\CIS.CisLpsIntegration C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{05E5F178-256F-42EE-9BF4-A7E080F7B354}\ProgID C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CavWp.AvSigChecker.1\CLSID\ = "{868A55F7-D79E-4C2E-8091-DEA9042B987F}" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{FF101135-6584-46E7-8AA1-8FCD1FCA5042}\LocalServer32\ThreadingModel = "Free" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{81B0EDF3-1CAB-4B8A-BD36-C4DEFAC1DCF9}\ProgID C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\CLSID\{E0E9D49D-65D1-4AB1-8235-DF90B6ED8483}\LocalServer32 C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CavWp.AvDllHost\ = "AvDllHost Class" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D7D729A7-3570-4902-944A-470C9919FCCB}\InProcServer32\ThreadingModel = "Both" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\TypeLib\{39DFE5A6-14E4-4A43-B022-B791EDA973BC}\7.0\FLAGS C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\CavWp.AvMerger.1 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\CLSID\{B691E6DB-B216-4532-A2F3-1656BAC416FC} C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{4EEF9DE1-A3AB-47B0-AD33-9598D96AF543}\ProxyStubClsid32 C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{39DFE5A6-14E4-4A43-B022-B791EDA973BC} C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C288AC5A-D846-4696-8028-2DF6F508D0D9}\LocalServer32\ThreadingModel = "Free" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\CIS.CisLpsIntegration\CLSID C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\CLSID\{1B1E2B7F-DDF5-4722-A450-085CC9EAC96C}\TypeLib C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{868A55F7-D79E-4C2E-8091-DEA9042B987F}\LocalServer32\ = "\"C:\\Program Files\\COMODO\\COMODO Internet Security\\cavwp.exe\" /ModeAvSigChecker" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\CLSID\{1B1E2B7F-DDF5-4722-A450-085CC9EAC96C} C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B691E6DB-B216-4532-A2F3-1656BAC416FC}\ProgID C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\safe\shell\open\command\ = "\"C:\\Program Files\\COMODO\\COMODO Internet Security\\virtkiosk.exe\" -v \"%1\"" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{81B0EDF3-1CAB-4B8A-BD36-C4DEFAC1DCF9}\LocalServer32\ThreadingModel = "Free" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CavWp.AvScanner\CLSID\ = "{05E5F178-256F-42EE-9BF4-A7E080F7B354}" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\CLSID\{05E5F178-256F-42EE-9BF4-A7E080F7B354}\TypeLib C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{F8C8C537-0997-4D12-BD50-9B6C31A4883E}\1.0\FLAGS C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-4124900551-4068476067-3491212533-1000\{DCE417C1-1431-4BD6-81C6-305BC8618E04} C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C288AC5A-D846-4696-8028-2DF6F508D0D9}\ProgID C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\TypeLib\{A70211A1-E8DF-47DC-B336-74BF57292D88}\7.0\0\win64 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E0E9D49D-65D1-4AB1-8235-DF90B6ED8483}\ProgID C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CavWp.AvMerger.1\ = "AvMerger Class" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B691E6DB-B216-4532-A2F3-1656BAC416FC}\ = "AvBoostHelper Class" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A1850D95-9C38-4D86-AC40-E559BC0E73C9}\LocalServer32\ = "\"C:\\Program Files\\COMODO\\COMODO Internet Security\\cavwp.exe\" /ModeAvDllHost" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{10F58851-4358-4E4B-8494-DF34393F41A5}\TypeLib\ = "{59A8627E-99C2-4995-81D3-44A31D62EA3A}" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1B1E2B7F-DDF5-4722-A450-085CC9EAC96C}\LocalServer32\ = "\"C:\\Program Files\\COMODO\\COMODO Internet Security\\cmdagent.exe\"" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CavWp.AvMerger\CLSID\ = "{E8718E3A-1985-473C-9196-9A39AFB0028E}" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{ED181758-F11B-4C85-AEA2-199B3DC9F7DE}\TypeLib C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{67683718-82B8-4557-86A8-E04D169EF883}\ProxyStubClsid32 C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{10F58851-4358-4E4B-8494-DF34393F41A5}\ProgID C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\CLSID\{1B1E2B7F-DDF5-4722-A450-085CC9EAC96C}\ProgID C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1B1E2B7F-DDF5-4722-A450-085CC9EAC96C}\LocalServer32\ThreadingModel = "Free" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{05E5F178-256F-42EE-9BF4-A7E080F7B354}\ = "AvScanner Class" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CavWp.AvMonitor\ = "AvMonitor Class" C:\Windows\system32\msiexec.exe N/A

Modifies system certificate store

evasion spyware trojan
Description Indicator Process Target
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AFE5D244A8D1194230FF479FE2F897BBCD7A8CB4\Blob = 19000000010000001000000082218ffb91733e64136be5719f57c3a1030000000100000014000000afe5d244a8d1194230ff479fe2f897bbcd7a8cb41d0000000100000010000000cb39c3d4272cdf63774e1db810c5a89e140000000100000014000000bbaf7e023dfaa6f13c848eadee3898ecd93232d462000000010000002000000052f0e1c4e58ec629291b60317f074671b85d7ea80d5b07273463534b32b402340b000000010000003a0000005300650063007400690067006f002000280066006f0072006d00650072006c007900200043006f006d006f0064006f002000430041002900000053000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f0000000100000030000000761613f4cd8607508c3d520fbefe68773735fc73746f42a9fd6254ba3b72f0047994e5af57677cf6d2c1965984965df12000000001000000dc050000308205d8308203c0a00302010202104caaf9cadb636fe01ff74ed85b03869d300d06092a864886f70d01010c0500308185310b3009060355040613024742311b30190603550408131247726561746572204d616e636865737465723110300e0603550407130753616c666f7264311a3018060355040a1311434f4d4f444f204341204c696d69746564312b302906035504031322434f4d4f444f205253412043657274696669636174696f6e20417574686f72697479301e170d3130303131393030303030305a170d3338303131383233353935395a308185310b3009060355040613024742311b30190603550408131247726561746572204d616e636865737465723110300e0603550407130753616c666f7264311a3018060355040a1311434f4d4f444f204341204c696d69746564312b302906035504031322434f4d4f444f205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010091e85492d20a56b1ac0d24ddc5cf446774992b37a37d23700071bc53dfc4fa2a128f4b7f1056bd9f7072b7617fc94b0f17a73de3b00461eeff1197c7f4863e0afa3e5cf993e6347ad9146be79cb385a0827a76af7190d7ecfd0dfa9c6cfadfb082f4147ef9bec4a62f4f7f997fb5fc674372bd0c00d689eb6b2cd3ed8f981c14ab7ee5e36efcd8a8e49224da436b62b855fdeac1bc6cb68bf30e8d9ae49b6c6999f878483045d5ade10d3c4560fc32965127bc67c3ca2eb66bea46c7c720a0b11f65de4808baa44ea9f283463784ebe8cc814843674e722a9b5cbd4c1b288a5c227bb4ab98d9eee05183c309464e6d3e99fa9517da7c3357413c8d51ed0bb65caf2c631adf57c83fbce95dc49baf4599e2a35a24b4baa9563dcf6faaff4958bef0a8fff4b8ade937fbbab8f40b3af9e843421e89d884cb13f1d9bbe18960b88c2856ac141d9c0ae771ebcf0edd3da996a148bd3cf7afb50d224cc01181ec563bf6d3a2e25bb7b204225295809369e88e4c65f191032d707402ea8b671529695202bbd7df506a5546bfa0a328617f70d0c3a2aa2c21aa47ce289c064576bf821827b4d5aeb4cb50e66bf44c867130e9a6df1686e0d8ff40ddfbd042887fa3333a2e5c1e41118163ce18716b2beca68ab7315c3a6a47e0c37959d6201aaff26a98aa72bc574ad24b9dbb10fcb04c41e5ed1d3d5e289d9cccbfb351daa747e584530203010001a3423040301d0603551d0e04160414bbaf7e023dfaa6f13c848eadee3898ecd93232d4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff300d06092a864886f70d01010c050003820201000af1d54684b7ae51bb6cb24d411400934c9ccbe5c054cfa0258e02f9fdb0a20df520983c132dac56a2b0d67e1192e92eba9e2e9a72b1bd19446c6135a29ab41612695a8ce1d73ea41ae82f03f4ae611d101b2aa48b7ac5fe05a6e1c0d6c8fe9eae8f2bba3d99f8d8730958466ea69cf4d727d395da3783721cd373e0a2479903385dd5497900291cc7ec9b201c0724695778b239fc3a84a0b59c7c8dbf2e936227b739da1718aebd3c0968ff849b3cd5d60b03e3579e14f7d1eb4fc8bd8723b7b6494379855cbaeb920ba1c6e868a84c16b11a990ae8532c92bba10918750c65a87bcb23b71ac22885c31bffd02b62efa47b099198678c1401cd68066a6321750380888a6e81c685f2a9a42de7f4a524104783cacdf48d7958b1069be71a2ad99d01d7947ded034acaf0dbe8a9013ef55699c91e8e493dbbe509b9e04f49923d168240cccc59c6e63aed122e693c6c95b1fdaa1d7b7f86be1e0e3246fbfb138f757f4c8b4b4663fe00344070c1c3b9a1dda670e204b341bce98091ea649c7ae12203a99c6e6f0e654f6c87875ef36ea0f975a59b40e853b2279d4ab9c077218dff87f2debc8cef17dfb7490bd1f26e300b1a0e4e76ed11fcf5e956b27dbfc76d0a938ca5d0c0b61dbe3a4e94a2d76e6c0bc28a7cfa20f3c4e4e5cd0da8cb9192b17c85ecb51469660e82e7cdcec82da6517f21c1355385064a5d9fadbb1b5f74 C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\02FAF3E291435468607857694DF5E45B68851868\Blob = 0400000001000000100000001d3554048578b03f42424dbf20730a3f0f000000010000001400000009b9105c5bba24343ca7f341c624e183f6ee7c1b090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00b00000001000000260000005300650063007400690067006f00200028004100640064005400720075007300740029000000620000000100000020000000687fa451382278fff0c8b11f8d43d576671c6eb2bceab413fb83d965d06d2ff2140000000100000014000000adbd987a34b426f7fac42654ef03bde024cb541a1d000000010000001000000006f9583c00a763c23fb9e065a3366d557e0000000100000008000000000063f58926d70168000000010000000800000000409120d035d90103000000010000001400000002faf3e291435468607857694df5e45b6885186819000000010000001000000045ed9bbc5e43d3b9ecd63c060db78e5c20000000010000003a040000308204363082031ea003020102020101300d06092a864886f70d0101050500306f310b300906035504061302534531143012060355040a130b416464547275737420414231263024060355040b131d41646454727573742045787465726e616c20545450204e6574776f726b312230200603550403131941646454727573742045787465726e616c20434120526f6f74301e170d3030303533303130343833385a170d3230303533303130343833385a306f310b300906035504061302534531143012060355040a130b416464547275737420414231263024060355040b131d41646454727573742045787465726e616c20545450204e6574776f726b312230200603550403131941646454727573742045787465726e616c20434120526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100b7f71a33e6f200042d39e04e5bed1fbc6c0fcdb5fa23b6cede9b113397a4294c7d939fbd4abc93ed031ae38fcfe56d505ad69729945a80b0497adb2e95fdb8cabf37382d1e3e9141ad7056c7f04f3fe8329e74cac89054e9c65f0f789d9a403c0eac61aa5e148f9e87a16a50dcd79a4eaf05b3a671949c71b350600ac7139d38078602a8e9a869261890ab4cb04f23ab3a4f84d8dfce9fe1696fbbd742d76b44e4c7adee6d415f725a710837b37965a459a09437f7002f0dc29272dad03872db14a845c45d2a7db7b4d6c4eeaccd1344b7c92bdd430025fa61b9696a582311b7a7338f567559f5cd29d746b70a2b65b6d3426f15b2b87bfbefe95d53d5345a270203010001a381dc3081d9301d0603551d0e04160414adbd987a34b426f7fac42654ef03bde024cb541a300b0603551d0f040403020106300f0603551d130101ff040530030101ff3081990603551d2304819130818e8014adbd987a34b426f7fac42654ef03bde024cb541aa173a471306f310b300906035504061302534531143012060355040a130b416464547275737420414231263024060355040b131d41646454727573742045787465726e616c20545450204e6574776f726b312230200603550403131941646454727573742045787465726e616c20434120526f6f74820101300d06092a864886f70d01010505000382010100b09be08525c2d623e20f9606929d41989cd9847981d91e5b14072336658fb0d877bbac416c47608351b0f9323de7fcf62613c78016a5bf5afc87cf787989219ae24c070a8635bcf2de51c4d296b7dc7e4eee70fd1c39eb0c0251142d8ebd16e0c1df4675e724adecf442b48593701067ba9d06354a18d32b7acc5142a17a63d1e6bba1c52bc236be130de6bd637e797ba7090d40ab6add8f8ac3f6f68c1a420551d445f59fa76221681520433c99e77cbd24d8a9911773883f561b313818b4710f9acdc80e9e8e2e1be18c9883cb1f31f1444cc604734976600fc7f8bd17806b2ee9cc4c0e5a9a790f200a2ed59e63261e559294d882175a7bd0bcc78f4e8604 C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\E12DFB4B41D7D9C32B30514BAC1D81D8385E2D46\Blob = 190000000100000010000000e843ac3b52ec8c297fa948c9b1fb2819030000000100000014000000e12dfb4b41d7d9c32b30514bac1d81d8385e2d4668000000010000000800000000409120d035d9017e0000000100000008000000000063f58926d7011d0000000100000010000000f919b9ccce1e59c2e785f7dc2ccf6708140000000100000014000000daed6474149c143cabdd99a9bd5b284d8b3cc9d86200000001000000200000006fff78e400a70c11011cd85977c459fb5af96a3df0540820d0f4b8607875e58f090000000100000022000000302006082b06010505070303060a2b0601040182370a030406082b060105050703080b000000010000002a0000005300650063007400690067006f0020002800550054004e0020004f0062006a00650063007400290000000f0000000100000014000000f45a0858c9cd920e647bad539ab9f1cfc77f24cb20000000010000006a040000308204663082034ea003020102021044be0c8b500024b411d3362de0b35f1b300d06092a864886f70d0101050500308195310b3009060355040613025553310b3009060355040813025554311730150603550407130e53616c74204c616b652043697479311e301c060355040a131554686520555345525452555354204e6574776f726b3121301f060355040b1318687474703a2f2f7777772e7573657274727573742e636f6d311d301b0603550403131455544e2d5553455246697273742d4f626a656374301e170d3939303730393138333132305a170d3139303730393138343033365a308195310b3009060355040613025553310b3009060355040813025554311730150603550407130e53616c74204c616b652043697479311e301c060355040a131554686520555345525452555354204e6574776f726b3121301f060355040b1318687474703a2f2f7777772e7573657274727573742e636f6d311d301b0603550403131455544e2d5553455246697273742d4f626a65637430820122300d06092a864886f70d01010105000382010f003082010a0282010100ceaa813fa3a36178aa31005595119e270f1f1cdf3a9b826830c04a611df12f0efabe79f7a523ef55519684cddbe3b96e3e31d80a2067c7f4d9bf94eb47043e02ce2aa25d870409f6309d188a97b2aa1cfc41d2a136cbfb3d91bae7d97035fae4e790c39ba39bd33cf5129977b1b709e068e61cb8f39463886a6afe0b76c9bef422e467b9ab1a5e77c18507dd0d6cbfee06c7776a419ea70fd7fbee9417b7fc85bea4abc41c31ddd7b6d1e4f0efdf168fb25293d7a1d489a1072ebfe10112421e1ae1d89534db647928ffba2e11c2e5e85b9248fb470bc26cdaad328341f3a5e54170fd65906dfafa51c4f9bd962b19042cd36da7dcf07f6f8365e26aab8786750203010001a381af3081ac300b0603551d0f0404030201c6300f0603551d130101ff040530030101ff301d0603551d0e04160414daed6474149c143cabdd99a9bd5b284d8b3cc9d830420603551d1f043b30393037a035a0338631687474703a2f2f63726c2e7573657274727573742e636f6d2f55544e2d5553455246697273742d4f626a6563742e63726c30290603551d250422302006082b0601050507030306082b06010505070308060a2b0601040182370a0304300d06092a864886f70d01010505000382010100081f52b1374478dbfdceb9da959698aa556480b55a40dd21a5c5c1f35f2c4cc8475a69eae8f03535f4d025f3c8a6a4874abd1bb17308bdd4c3cab635bb59867731cda78014ae13effcb148f96b25252d51b62c6d45c198c88a565d3eee434e3e6b278ed03a4b850b5fd3ed6aa775cbd15a872f3975135a72b002819fbef00f845420626c69d4e14dc60d9943010d12968c789dbf50a2b144aa6acf177acf6f0fd4f824555ff0341649663e5046c96371383162b862b9f353ad6cb52ba212aa194f09da5ee793c68e1408fef0308018a086854dc87dd78b03fe6ed5f79d16ac922ca023e59c91521f94df179473c3b3c1c17105200078bd13521da83ecd001fc8 C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\16232A798863E5950F9F44977A033CF91793D8F1 C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AFE5D244A8D1194230FF479FE2F897BBCD7A8CB4\Blob = 0f0000000100000030000000761613f4cd8607508c3d520fbefe68773735fc73746f42a9fd6254ba3b72f0047994e5af57677cf6d2c1965984965df1090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00b000000010000003a0000005300650063007400690067006f002000280066006f0072006d00650072006c007900200043006f006d006f0064006f002000430041002900000062000000010000002000000052f0e1c4e58ec629291b60317f074671b85d7ea80d5b07273463534b32b40234140000000100000014000000bbaf7e023dfaa6f13c848eadee3898ecd93232d41d0000000100000010000000cb39c3d4272cdf63774e1db810c5a89e030000000100000014000000afe5d244a8d1194230ff479fe2f897bbcd7a8cb42000000001000000dc050000308205d8308203c0a00302010202104caaf9cadb636fe01ff74ed85b03869d300d06092a864886f70d01010c0500308185310b3009060355040613024742311b30190603550408131247726561746572204d616e636865737465723110300e0603550407130753616c666f7264311a3018060355040a1311434f4d4f444f204341204c696d69746564312b302906035504031322434f4d4f444f205253412043657274696669636174696f6e20417574686f72697479301e170d3130303131393030303030305a170d3338303131383233353935395a308185310b3009060355040613024742311b30190603550408131247726561746572204d616e636865737465723110300e0603550407130753616c666f7264311a3018060355040a1311434f4d4f444f204341204c696d69746564312b302906035504031322434f4d4f444f205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010091e85492d20a56b1ac0d24ddc5cf446774992b37a37d23700071bc53dfc4fa2a128f4b7f1056bd9f7072b7617fc94b0f17a73de3b00461eeff1197c7f4863e0afa3e5cf993e6347ad9146be79cb385a0827a76af7190d7ecfd0dfa9c6cfadfb082f4147ef9bec4a62f4f7f997fb5fc674372bd0c00d689eb6b2cd3ed8f981c14ab7ee5e36efcd8a8e49224da436b62b855fdeac1bc6cb68bf30e8d9ae49b6c6999f878483045d5ade10d3c4560fc32965127bc67c3ca2eb66bea46c7c720a0b11f65de4808baa44ea9f283463784ebe8cc814843674e722a9b5cbd4c1b288a5c227bb4ab98d9eee05183c309464e6d3e99fa9517da7c3357413c8d51ed0bb65caf2c631adf57c83fbce95dc49baf4599e2a35a24b4baa9563dcf6faaff4958bef0a8fff4b8ade937fbbab8f40b3af9e843421e89d884cb13f1d9bbe18960b88c2856ac141d9c0ae771ebcf0edd3da996a148bd3cf7afb50d224cc01181ec563bf6d3a2e25bb7b204225295809369e88e4c65f191032d707402ea8b671529695202bbd7df506a5546bfa0a328617f70d0c3a2aa2c21aa47ce289c064576bf821827b4d5aeb4cb50e66bf44c867130e9a6df1686e0d8ff40ddfbd042887fa3333a2e5c1e41118163ce18716b2beca68ab7315c3a6a47e0c37959d6201aaff26a98aa72bc574ad24b9dbb10fcb04c41e5ed1d3d5e289d9cccbfb351daa747e584530203010001a3423040301d0603551d0e04160414bbaf7e023dfaa6f13c848eadee3898ecd93232d4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff300d06092a864886f70d01010c050003820201000af1d54684b7ae51bb6cb24d411400934c9ccbe5c054cfa0258e02f9fdb0a20df520983c132dac56a2b0d67e1192e92eba9e2e9a72b1bd19446c6135a29ab41612695a8ce1d73ea41ae82f03f4ae611d101b2aa48b7ac5fe05a6e1c0d6c8fe9eae8f2bba3d99f8d8730958466ea69cf4d727d395da3783721cd373e0a2479903385dd5497900291cc7ec9b201c0724695778b239fc3a84a0b59c7c8dbf2e936227b739da1718aebd3c0968ff849b3cd5d60b03e3579e14f7d1eb4fc8bd8723b7b6494379855cbaeb920ba1c6e868a84c16b11a990ae8532c92bba10918750c65a87bcb23b71ac22885c31bffd02b62efa47b099198678c1401cd68066a6321750380888a6e81c685f2a9a42de7f4a524104783cacdf48d7958b1069be71a2ad99d01d7947ded034acaf0dbe8a9013ef55699c91e8e493dbbe509b9e04f49923d168240cccc59c6e63aed122e693c6c95b1fdaa1d7b7f86be1e0e3246fbfb138f757f4c8b4b4663fe00344070c1c3b9a1dda670e204b341bce98091ea649c7ae12203a99c6e6f0e654f6c87875ef36ea0f975a59b40e853b2279d4ab9c077218dff87f2debc8cef17dfb7490bd1f26e300b1a0e4e76ed11fcf5e956b27dbfc76d0a938ca5d0c0b61dbe3a4e94a2d76e6c0bc28a7cfa20f3c4e4e5cd0da8cb9192b17c85ecb51469660e82e7cdcec82da6517f21c1355385064a5d9fadbb1b5f74 C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\02FAF3E291435468607857694DF5E45B68851868\Blob = 5c00000001000000040000000008000019000000010000001000000045ed9bbc5e43d3b9ecd63c060db78e5c03000000010000001400000002faf3e291435468607857694df5e45b6885186868000000010000000800000000409120d035d9017e0000000100000008000000000063f58926d7011d000000010000001000000006f9583c00a763c23fb9e065a3366d55140000000100000014000000adbd987a34b426f7fac42654ef03bde024cb541a620000000100000020000000687fa451382278fff0c8b11f8d43d576671c6eb2bceab413fb83d965d06d2ff20b00000001000000260000005300650063007400690067006f0020002800410064006400540072007500730074002900000053000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f000000010000001400000009b9105c5bba24343ca7f341c624e183f6ee7c1b0400000001000000100000001d3554048578b03f42424dbf20730a3f20000000010000003a040000308204363082031ea003020102020101300d06092a864886f70d0101050500306f310b300906035504061302534531143012060355040a130b416464547275737420414231263024060355040b131d41646454727573742045787465726e616c20545450204e6574776f726b312230200603550403131941646454727573742045787465726e616c20434120526f6f74301e170d3030303533303130343833385a170d3230303533303130343833385a306f310b300906035504061302534531143012060355040a130b416464547275737420414231263024060355040b131d41646454727573742045787465726e616c20545450204e6574776f726b312230200603550403131941646454727573742045787465726e616c20434120526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100b7f71a33e6f200042d39e04e5bed1fbc6c0fcdb5fa23b6cede9b113397a4294c7d939fbd4abc93ed031ae38fcfe56d505ad69729945a80b0497adb2e95fdb8cabf37382d1e3e9141ad7056c7f04f3fe8329e74cac89054e9c65f0f789d9a403c0eac61aa5e148f9e87a16a50dcd79a4eaf05b3a671949c71b350600ac7139d38078602a8e9a869261890ab4cb04f23ab3a4f84d8dfce9fe1696fbbd742d76b44e4c7adee6d415f725a710837b37965a459a09437f7002f0dc29272dad03872db14a845c45d2a7db7b4d6c4eeaccd1344b7c92bdd430025fa61b9696a582311b7a7338f567559f5cd29d746b70a2b65b6d3426f15b2b87bfbefe95d53d5345a270203010001a381dc3081d9301d0603551d0e04160414adbd987a34b426f7fac42654ef03bde024cb541a300b0603551d0f040403020106300f0603551d130101ff040530030101ff3081990603551d2304819130818e8014adbd987a34b426f7fac42654ef03bde024cb541aa173a471306f310b300906035504061302534531143012060355040a130b416464547275737420414231263024060355040b131d41646454727573742045787465726e616c20545450204e6574776f726b312230200603550403131941646454727573742045787465726e616c20434120526f6f74820101300d06092a864886f70d01010505000382010100b09be08525c2d623e20f9606929d41989cd9847981d91e5b14072336658fb0d877bbac416c47608351b0f9323de7fcf62613c78016a5bf5afc87cf787989219ae24c070a8635bcf2de51c4d296b7dc7e4eee70fd1c39eb0c0251142d8ebd16e0c1df4675e724adecf442b48593701067ba9d06354a18d32b7acc5142a17a63d1e6bba1c52bc236be130de6bd637e797ba7090d40ab6add8f8ac3f6f68c1a420551d445f59fa76221681520433c99e77cbd24d8a9911773883f561b313818b4710f9acdc80e9e8e2e1be18c9883cb1f31f1444cc604734976600fc7f8bd17806b2ee9cc4c0e5a9a790f200a2ed59e63261e559294d882175a7bd0bcc78f4e8604 C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 040000000100000010000000497904b0eb8719ac47b0bc11519b74d00f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0620000000100000020000000d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef40b000000010000001c0000005300650063007400690067006f002000280041004100410029000000140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b41d00000001000000100000002e0d6875874a44c820912e85e964cfdb030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e3491900000001000000100000002aa1c05e2ae606f198c2c5e937c97aa2200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\E12DFB4B41D7D9C32B30514BAC1D81D8385E2D46\Blob = 0f0000000100000014000000f45a0858c9cd920e647bad539ab9f1cfc77f24cb0b000000010000002a0000005300650063007400690067006f0020002800550054004e0020004f0062006a0065006300740029000000090000000100000022000000302006082b06010505070303060a2b0601040182370a030406082b060105050703086200000001000000200000006fff78e400a70c11011cd85977c459fb5af96a3df0540820d0f4b8607875e58f140000000100000014000000daed6474149c143cabdd99a9bd5b284d8b3cc9d81d0000000100000010000000f919b9ccce1e59c2e785f7dc2ccf67087e0000000100000008000000000063f58926d70168000000010000000800000000409120d035d901030000000100000014000000e12dfb4b41d7d9c32b30514bac1d81d8385e2d4620000000010000006a040000308204663082034ea003020102021044be0c8b500024b411d3362de0b35f1b300d06092a864886f70d0101050500308195310b3009060355040613025553310b3009060355040813025554311730150603550407130e53616c74204c616b652043697479311e301c060355040a131554686520555345525452555354204e6574776f726b3121301f060355040b1318687474703a2f2f7777772e7573657274727573742e636f6d311d301b0603550403131455544e2d5553455246697273742d4f626a656374301e170d3939303730393138333132305a170d3139303730393138343033365a308195310b3009060355040613025553310b3009060355040813025554311730150603550407130e53616c74204c616b652043697479311e301c060355040a131554686520555345525452555354204e6574776f726b3121301f060355040b1318687474703a2f2f7777772e7573657274727573742e636f6d311d301b0603550403131455544e2d5553455246697273742d4f626a65637430820122300d06092a864886f70d01010105000382010f003082010a0282010100ceaa813fa3a36178aa31005595119e270f1f1cdf3a9b826830c04a611df12f0efabe79f7a523ef55519684cddbe3b96e3e31d80a2067c7f4d9bf94eb47043e02ce2aa25d870409f6309d188a97b2aa1cfc41d2a136cbfb3d91bae7d97035fae4e790c39ba39bd33cf5129977b1b709e068e61cb8f39463886a6afe0b76c9bef422e467b9ab1a5e77c18507dd0d6cbfee06c7776a419ea70fd7fbee9417b7fc85bea4abc41c31ddd7b6d1e4f0efdf168fb25293d7a1d489a1072ebfe10112421e1ae1d89534db647928ffba2e11c2e5e85b9248fb470bc26cdaad328341f3a5e54170fd65906dfafa51c4f9bd962b19042cd36da7dcf07f6f8365e26aab8786750203010001a381af3081ac300b0603551d0f0404030201c6300f0603551d130101ff040530030101ff301d0603551d0e04160414daed6474149c143cabdd99a9bd5b284d8b3cc9d830420603551d1f043b30393037a035a0338631687474703a2f2f63726c2e7573657274727573742e636f6d2f55544e2d5553455246697273742d4f626a6563742e63726c30290603551d250422302006082b0601050507030306082b06010505070308060a2b0601040182370a0304300d06092a864886f70d01010505000382010100081f52b1374478dbfdceb9da959698aa556480b55a40dd21a5c5c1f35f2c4cc8475a69eae8f03535f4d025f3c8a6a4874abd1bb17308bdd4c3cab635bb59867731cda78014ae13effcb148f96b25252d51b62c6d45c198c88a565d3eee434e3e6b278ed03a4b850b5fd3ed6aa775cbd15a872f3975135a72b002819fbef00f845420626c69d4e14dc60d9943010d12968c789dbf50a2b144aa6acf177acf6f0fd4f824555ff0341649663e5046c96371383162b862b9f353ad6cb52ba212aa194f09da5ee793c68e1408fef0308018a086854dc87dd78b03fe6ed5f79d16ac922ca023e59c91521f94df179473c3b3c1c17105200078bd13521da83ecd001fc8 C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\02FAF3E291435468607857694DF5E45B68851868 C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 1900000001000000100000002aa1c05e2ae606f198c2c5e937c97aa2030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e3491d00000001000000100000002e0d6875874a44c820912e85e964cfdb140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b40b000000010000001c0000005300650063007400690067006f002000280041004100410029000000620000000100000020000000d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef453000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\D70D7D00CA12E1B3E20F3BF7534DEB2C2E7C2404\Blob = 030000000100000014000000d70d7d00ca12e1b3e20f3bf7534deb2c2e7c24042000000001000000530500003082054f30820437a00302010202102f9f0a1d6764b5a6378747247087ba73300d06092a864886f70d01010b0500307d310b3009060355040613024742311b30190603550408131247726561746572204d616e636865737465723110300e0603550407130753616c666f7264311a3018060355040a1311434f4d4f444f204341204c696d69746564312330210603550403131a434f4d4f444f2052534120436f6465205369676e696e67204341301e170d3138313231313030303030305a170d3139313231313233353935395a3081b8310b3009060355040613025553310e300c06035504110c0530373031333113301106035504080c0a4e6577204a65727365793110300e06035504070c07436c6966746f6e3112301006035504090c095375697465203130303116301406035504090c0d313235352042726f616420537431223020060355040a0c19436f6d6f646f20536563757269747920536f6c7574696f6e733122302006035504030c19436f6d6f646f20536563757269747920536f6c7574696f6e7330820122300d06092a864886f70d01010105000382010f003082010a0282010100c1b2eafc6255d7a7780082967ba911a65b8160e697a9c81ae0816002356644b714895808a67b22551d87b879e80d0c1bff7bd847e1486bad3c3caa8c6f3258a7311f8b03c68c9ec5947950e57a1f99f4b47b8faaf46e282f68155ae6e8f13c9c125b5eb83ae4e63ee6081d0e8aae4f090175a538422b38e0600bd94b21b313567934ee959ddd6ab7ef62bce25dada05d7de6a75cefeffdcba6a1fc8e1ef7aa6d3e5ab328732c3d31759a20d7e69cef60ac9d152041dbd85167a78329f3a80fee19ea9edb102448aa9f5774794ecb560de2faa348f278b846a2a5d8238d5e4e4cd2a82f0e37415af2dc63f34f3e179aa1cae7290b411aaf5aa6acf5404ebe98130203010001a382018d30820189301f0603551d23041830168014299160ff8a4dfaebf9a66ab8cff9e64bbd49ce12301d0603551d0e041604146c5f99825f4ba8d4c19bae5169bab32fae7816ca300e0603551d0f0101ff040403020780300c0603551d130101ff0402300030130603551d25040c300a06082b06010505070303301106096086480186f842010104040302041030460603551d20043f303d303b060c2b06010401b2310102010302302b302906082b06010505070201161d68747470733a2f2f7365637572652e636f6d6f646f2e6e65742f43505330430603551d1f043c303a3038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f434f4d4f444f525341436f64655369676e696e6743412e63726c307406082b0601050507010104683066303e06082b060105050730028632687474703a2f2f6372742e636f6d6f646f63612e636f6d2f434f4d4f444f525341436f64655369676e696e6743412e637274302406082b060105050730018618687474703a2f2f6f6373702e636f6d6f646f63612e636f6d300d06092a864886f70d01010b050003820101000f718c2aa40e9c44a95e1eca3844097ddb7fba896b5f5c73a6b9aede1d29f0e432f41c8a45ce38b1f52df73f45e67907a03ac58d407b3077b1cae246a54544ee365bcee4bf0f4cecc47b01e98d0478d8f4c93e2c582aa472577de9c67a0a8c2e37635e626258675e0e6669babee331594abed516679e8f1b14d7a65dc1b76ab33412689b135cf855335748e2d1998759e5b95f68d418d5486d385d0db7a8fa30e58e84f57bb7ec3f45efa549fab71775c822ec846545b6fc0ef1d3c2dad34940657088fc5f773a1cbe24f9228f9dd7e9611d5d682998c6041ba580a789f5571da01d6723784bbcec4fded61d0ba31e37fbc10c3dfe06169df4670c8d454019f7 C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F8DB7E1C16F1FFD4AAAD4AAD8DFF0F2445184AEB\Blob = 030000000100000014000000f8db7e1c16f1ffd4aaad4aad8dff0f2445184aeb20000000010000000906000030820605308203eda0030201020210078f0a9d03df119e434e4fec1bf0235a300d06092a864886f70d01010b0500308194310b3009060355040613025553311330110603550408130a57617368696e67746f6e3110300e060355040713075265646d6f6e64311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e313e303c060355040313354d6963726f736f667420446576656c6f706d656e7420526f6f7420436572746966696361746520417574686f726974792032303134301e170d3134303532383136343334365a170d3339303532383136353134385a308194310b3009060355040613025553311330110603550408130a57617368696e67746f6e3110300e060355040713075265646d6f6e64311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e313e303c060355040313354d6963726f736f667420446576656c6f706d656e7420526f6f7420436572746966696361746520417574686f72697479203230313430820222300d06092a864886f70d01010105000382020f003082020a0282020100c20f7f6d49bb39f04d943fe8fb4dc5eb3be1285ab9892a467ea5c333271d82893feb33a1876aeae882b9dac39d77d135c0cb833672a6571912bc15e2c83c7b83623414d5abb6de368ba15a71a65196a70633b3221d146253c2a5af9a40cabe2c485499e72a9368a769190b99693bc1b2acae94dc5fab7e02cade3ca774a68c10a0e5aeb69c35ef838b10e5972aba916b9a6a4595d9d054718e653fc48a53ca1e38470ae9d04184a5da1e66016504e6505b7735f5b42e29320cc6bf5f61ee3220b77c39f911faff605efec669f46f1e1ded1d06e7651e9a112e6344065f31431733e9a32682d44b83124fd2a126032548e13abd84f58ad5b46e1ae871200e45530167ade31e6be8b2e4abfdf53b8eba67af5984cc5c75d09daa5c72c42636a2ac324c6ab1f8331744d2a77d70eeeb70949abceaba1c104b635b38ddd2254504b2f0b35a7c0b0a8e21406437114d96694533e493839ef9b3b51c2b0571ea6dcce748b6b6de805010ca4938b35905704ebd9e880222586489eb40dab12d2d6a40885d23c33ed0f5d5b7908a28543962a2c5c6b1bf74cd8695f9456bccf207eaac5cd336f7a27ab5b472532a063ec337945858b14a71bb5ccd9cb2af109ad943363e528519e7422891118c8ce7bbdfe6c855087375f3960d86b7d2e506b2c08a54a86177207d6cd1feba68f3454aaf1184eb867d2f04f354ea20ffd5db3d250270870203010001a351304f300b0603551d0f040403020186300f0603551d130101ff040530030101ff301d0603551d0e041604148570009f77591e8cac3c9f77262819cc9ac18f32301006092b06010401823715010403020100300d06092a864886f70d01010b050003820201004f2574bd1f624f5f0ff74222d7d1d65304232ec5d5d7072b6b793b5f6d90ed1355d382f1f5028f3ef996267e0d421876fc6055825a86bd113339690fcee0b02bf15d19dfd8d2fa86a4cccdacf0d0ae9a8b2b248f03c1350d20b3dfc742ea77292e0a12fc0b1a458dd931840d8d02c0acfad212bf1e6a343eea8300a348754e72662da1a5129f37a85d4a7759cfd63afc30c5a609a5bfb108e3fb2c9f76c4fb4e611d6d23f3766985eb49bb0df73dd0aa05bcdd3d6e80445ed99a68ecc989c7e61a18f860a0e78cf6e6516f0ee025b863f9f9c20b8c3c9cb2f042cdbec3f5fe4929559c5e8696fba1ed6d2686e8b8208b5cc6e72d31c5aaca7d4b7da059a41efb5071e9afcfd6aa0d99de8e95269731a5f47f6df46815b8e3f7add8efd13875025ffd6d4efcb6fc2f451ba9cad11e7aff75181536c120e45f483a95eb7be4f5f6f4fec94b21a2a9ea8a9925cbe8444090d539b46b239b52bcc0c17e17666e650bf5741596a866ed856854b224e87588644589853c7a656b96e0f259ea4725660f6a1b0c3fd44ae64b26174709fed4d7b8e0cee72f94ad808b6770ccb77bcf1b2bb9d15bbdb8035cb1f01b412ce6535516e74a0e41089937e2a9d76d0e6a45e5ece388a9fdb69bc32820ceabc2936b516553bfa05e7b9d26349a514c8ca638d5865b3c55ee50ec000bcaacdcca10abdf189bd2ac0c8d084515af8535355ae526bc C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E\Blob = 5c000000010000000400000000100000190000000100000010000000ea6089055218053dd01e37e1d806eedf0300000001000000140000002b8f1b57330dbba2d07a6c51f70ee90ddab9ad8e0b00000001000000100000005300650063007400690067006f0000001d0000000100000010000000885010358d29a38f059b028559c95f901400000001000000140000005379bf5aaa2b4acf5480e1d89bc09df2b20366cb620000000100000020000000e793c9b02fd8aa13e21c31228accb08119643b749c898964b1746d46c3d4cbd253000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f000000010000003000000066b764a96581128168cf208e374dda479d54e311f32457f4aee0dbd2a6c8d171d531289e1cd22bfdbbd4cfd9796254830400000001000000100000001bfe69d191b71933a372a80fe155e5b52000000001000000e2050000308205de308203c6a003020102021001fd6d30fca3ca51a81bbc640e35032d300d06092a864886f70d01010c0500308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f72697479301e170d3130303230313030303030305a170d3338303131383233353935395a308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010080126517360ec3db08b3d0ac570d76edcd27d34cad508361e2aa204d092d6409dcce899fcc3da9ecf6cfc1dcf1d3b1d67b3728112b47da39c6bc3a19b45fa6bd7d9da36342b676f2a93b2b91f8e26fd0ec162090093ee2e874c918b491d46264db7fa306f188186a90223cbcfe13f087147bf6e41f8ed4e451c61167460851cb8614543fbc33fe7e6c9cff169d18bd518e35a6a766c87267db2166b1d49b7803c0503ae8ccf0dcbc9e4cfeaf0596351f575ab7ffcef93db72cb6f654ddc8e7123a4dae4c8ab75c9ab4b7203dca7f2234ae7e3b68660144e7014e46539b3360f794be5337907343f332c353efdbaafe744e69c76b8c6093dec4c70cdfe132aecc933b517895678bee3d56fe0cd0690f1b0ff325266b336df76e47fa7343e57e0ea566b1297c3284635589c40dc19354301913acd37d37a7eb5d3a6c355cdb41d712daa9490bdfd8808a0993628eb566cf2588cd84b8b13fa4390fd9029eeb124c957cf36b05a95e1683ccb867e2e8139dcc5b82d34cb3ed5bffdee573ac233b2d00bf3555740949d849581a7f9236e651920ef3267d1c4d17bcc9ec4326d0bf415f40a94444f499e757879e501f5754a83efd74632fb1506509e658422e431a4cb4f0254759fa041e93d426464a5081b2debe78b7fc6715e1c957841e0f63d6e962bad65f552eea5cc62808042539b80e2ba9f24c971c073f0d52f5edef2f820f0203010001a3423040301d0603551d0e041604145379bf5aaa2b4acf5480e1d89bc09df2b20366cb300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff300d06092a864886f70d01010c050003820201005cd47c0dcff7017d4199650c73c5529fcbf8cf99067f1bda43159f9e0255579614f1523c27879428ed1f3a0137a276fc5350c0849bc66b4eba8c214fa28e556291f36915d8bc88e3c4aa0bfdefa8e94b552a06206d55782919ee5f305c4b241155ff249a6e5e2a2bee0b4d9f7ff70138941495430709fb60a9ee1cab128ca09a5ea7986a596d8b3f08fbc8d145af18156490120f73282ec5e2244efc58ecf0f445fe22b3eb2f8ed2d9456105c1976fa876728f8b8c36afbf0d05ce718de6a66f1f6ca67162c5d8d083720cf16711890c9c134c7234dfbcd571dfaa71dde1b96c8c3c125d65dabd5712b6436bffe5de4d661151cf99aeec17b6e871918cde49fedd3571a21527941ccf61e326bb6fa36725215de6dd1d0b2e681b3b82afec836785d4985174b1b9998089ff7f78195c794a602e9240ae4c372a2cc9c762c80e5df7365bcae0252501b4dd1a079c77003fd0dcd5ec3dd4fabb3fcc85d66f7fa92ddfb902f7f5979ab535dac367b0874aa9289e238eff5c276be1b04ff307ee002ed45987cb524195eaf447d7ee6441557c8d590295dd629dc2b9ee5a287484a59bb790c70c07dff589367432d628c1b0b00be09c4cc31cd6fce369b54746812fa282abd3634470c48dff2d33baad8f7bb57088ae3e19cf4028d8fcc890bb5d9922f552e658c51f883143ee881dd7c68e3c436a1da718de7d3d16f162f9ca90a8fd C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AFE5D244A8D1194230FF479FE2F897BBCD7A8CB4\Blob = 5c00000001000000040000000010000019000000010000001000000082218ffb91733e64136be5719f57c3a1030000000100000014000000afe5d244a8d1194230ff479fe2f897bbcd7a8cb41d0000000100000010000000cb39c3d4272cdf63774e1db810c5a89e140000000100000014000000bbaf7e023dfaa6f13c848eadee3898ecd93232d462000000010000002000000052f0e1c4e58ec629291b60317f074671b85d7ea80d5b07273463534b32b402340b000000010000003a0000005300650063007400690067006f002000280066006f0072006d00650072006c007900200043006f006d006f0064006f002000430041002900000053000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f0000000100000030000000761613f4cd8607508c3d520fbefe68773735fc73746f42a9fd6254ba3b72f0047994e5af57677cf6d2c1965984965df10400000001000000100000001b31b0714036cc143691adc43efdec182000000001000000dc050000308205d8308203c0a00302010202104caaf9cadb636fe01ff74ed85b03869d300d06092a864886f70d01010c0500308185310b3009060355040613024742311b30190603550408131247726561746572204d616e636865737465723110300e0603550407130753616c666f7264311a3018060355040a1311434f4d4f444f204341204c696d69746564312b302906035504031322434f4d4f444f205253412043657274696669636174696f6e20417574686f72697479301e170d3130303131393030303030305a170d3338303131383233353935395a308185310b3009060355040613024742311b30190603550408131247726561746572204d616e636865737465723110300e0603550407130753616c666f7264311a3018060355040a1311434f4d4f444f204341204c696d69746564312b302906035504031322434f4d4f444f205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010091e85492d20a56b1ac0d24ddc5cf446774992b37a37d23700071bc53dfc4fa2a128f4b7f1056bd9f7072b7617fc94b0f17a73de3b00461eeff1197c7f4863e0afa3e5cf993e6347ad9146be79cb385a0827a76af7190d7ecfd0dfa9c6cfadfb082f4147ef9bec4a62f4f7f997fb5fc674372bd0c00d689eb6b2cd3ed8f981c14ab7ee5e36efcd8a8e49224da436b62b855fdeac1bc6cb68bf30e8d9ae49b6c6999f878483045d5ade10d3c4560fc32965127bc67c3ca2eb66bea46c7c720a0b11f65de4808baa44ea9f283463784ebe8cc814843674e722a9b5cbd4c1b288a5c227bb4ab98d9eee05183c309464e6d3e99fa9517da7c3357413c8d51ed0bb65caf2c631adf57c83fbce95dc49baf4599e2a35a24b4baa9563dcf6faaff4958bef0a8fff4b8ade937fbbab8f40b3af9e843421e89d884cb13f1d9bbe18960b88c2856ac141d9c0ae771ebcf0edd3da996a148bd3cf7afb50d224cc01181ec563bf6d3a2e25bb7b204225295809369e88e4c65f191032d707402ea8b671529695202bbd7df506a5546bfa0a328617f70d0c3a2aa2c21aa47ce289c064576bf821827b4d5aeb4cb50e66bf44c867130e9a6df1686e0d8ff40ddfbd042887fa3333a2e5c1e41118163ce18716b2beca68ab7315c3a6a47e0c37959d6201aaff26a98aa72bc574ad24b9dbb10fcb04c41e5ed1d3d5e289d9cccbfb351daa747e584530203010001a3423040301d0603551d0e04160414bbaf7e023dfaa6f13c848eadee3898ecd93232d4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff300d06092a864886f70d01010c050003820201000af1d54684b7ae51bb6cb24d411400934c9ccbe5c054cfa0258e02f9fdb0a20df520983c132dac56a2b0d67e1192e92eba9e2e9a72b1bd19446c6135a29ab41612695a8ce1d73ea41ae82f03f4ae611d101b2aa48b7ac5fe05a6e1c0d6c8fe9eae8f2bba3d99f8d8730958466ea69cf4d727d395da3783721cd373e0a2479903385dd5497900291cc7ec9b201c0724695778b239fc3a84a0b59c7c8dbf2e936227b739da1718aebd3c0968ff849b3cd5d60b03e3579e14f7d1eb4fc8bd8723b7b6494379855cbaeb920ba1c6e868a84c16b11a990ae8532c92bba10918750c65a87bcb23b71ac22885c31bffd02b62efa47b099198678c1401cd68066a6321750380888a6e81c685f2a9a42de7f4a524104783cacdf48d7958b1069be71a2ad99d01d7947ded034acaf0dbe8a9013ef55699c91e8e493dbbe509b9e04f49923d168240cccc59c6e63aed122e693c6c95b1fdaa1d7b7f86be1e0e3246fbfb138f757f4c8b4b4663fe00344070c1c3b9a1dda670e204b341bce98091ea649c7ae12203a99c6e6f0e654f6c87875ef36ea0f975a59b40e853b2279d4ab9c077218dff87f2debc8cef17dfb7490bd1f26e300b1a0e4e76ed11fcf5e956b27dbfc76d0a938ca5d0c0b61dbe3a4e94a2d76e6c0bc28a7cfa20f3c4e4e5cd0da8cb9192b17c85ecb51469660e82e7cdcec82da6517f21c1355385064a5d9fadbb1b5f74 C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\6CD253D636A7B4D0E0981431BC064061A9853ED9\Blob = 0300000001000000140000006cd253d636a7b4d0e0981431bc064061a9853ed920000000010000001b06000030820617308204ffa003020102021032327facb1bd6f1fa93473ccc515fd82300d06092a864886f70d01010b0500308191310b3009060355040613024742311b30190603550408131247726561746572204d616e636865737465723110300e0603550407130753616c666f7264311a3018060355040a1311434f4d4f444f204341204c696d69746564313730350603550403132e434f4d4f444f2052534120457874656e6465642056616c69646174696f6e20436f6465205369676e696e67204341301e170d3138303132343030303030305a170d3231303132333233353935395a308201153110300e060355040513073339313038303531133011060b2b0601040182373c0201031302555331193017060b2b0601040182373c020102130844656c6177617265311d301b060355040f131450726976617465204f7267616e697a6174696f6e310b3009060355040613025553310e300c06035504110c0530373031333113301106035504080c0a4e6577204a65727365793110300e06035504070c07436c6966746f6e311a301806035504090c11313235352042726f61642053747265657431283026060355040a0c1f436f6d6f646f20536563757269747920536f6c7574696f6e732c20496e632e3128302606035504030c1f436f6d6f646f20536563757269747920536f6c7574696f6e732c20496e632e30820122300d06092a864886f70d01010105000382010f003082010a0282010100b7713778a66667b8cd67f828f378f80a5507c4e8aa143cfd5b9b953ab16d04a965dcd386a35efe8378c1e0e5ceaf124f188102958962014e493cd80f11fc2ba339953a8bb71a9f030ebbe8742b4252ab465a2d41a829508a9eef5d34d171fcf0b5be026fe15e1a70288b2ecd4af1332924d53c0eefe5c7033482769cae8b5c5e8d59033fac40e94d714c5cd05e8db6f0edb71bb26565d52a025f35323203e9a7846d00a235f973d1e43f29a81dcd1bfef625d373f94a51cc8d2be8ee69702a73a694da69d9b0fbae7d1dee353683a2037a2019b9260a1b53f6c89d945b384c275670bdfac333301504af00749373356a1e7a422eb9363bdab713f9ad6b5bb1970203010001a38201e2308201de301f0603551d23041830168014df8ff3200ce9caa604d85b58372a3dab46dc8349301d0603551d0e04160414e18081b3e9396b7109e8b2add6c3d20ebf4b4814300e0603551d0f0101ff040403020780300c0603551d130101ff0402300030130603551d25040c300a06082b06010505070303301106096086480186f842010104040302041030460603551d20043f303d303b060c2b06010401b2310102010601302b302906082b06010505070201161d68747470733a2f2f7365637572652e636f6d6f646f2e636f6d2f43505330550603551d1f044e304c304aa048a0468644687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f434f4d4f444f525341457874656e64656456616c69646174696f6e436f64655369676e696e6743412e63726c30818606082b06010505070101047a3078305006082b060105050730028644687474703a2f2f6372742e636f6d6f646f63612e636f6d2f434f4d4f444f525341457874656e64656456616c69646174696f6e436f64655369676e696e6743412e637274302406082b060105050730018618687474703a2f2f6f6373702e636f6d6f646f63612e636f6d302e0603551d1104273025a02306082b06010505070803a01730150c1355532d44454c41574152452d33393130383035300d06092a864886f70d01010b050003820101004bc17929ea82f3c4787f7b29b69edb09e169797a9f4cd233f035412d2b9c586e352d2c0d1cd530a946a91ccd8858453573f0b45a0cdc743d662af4761420489adadbd9a84915b697f96ed1e49786c53000eb12555d3b2957eec18279326020737e2e3e4d621856026169ad6f6cf18ee7b59d5b6a7e6d8c252fa1a15363ec89a6efe5efdf4b260ad35c6a0e1db0250d1eb66ea7b91f15e0f57ecc0541e1ad74a2069f717dec0b1f03101b6812c13f64264f8c40a3614ffb8ccabedb974cda14eb50c061d5cd23dc7735cd0bcfdcef3fd178c1f95594a591031d05c8554cb5fe6fd23cb95931bf847f5b525a269aeac0336313e8f6e81ccb1692d86993724f709e C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\D70D7D00CA12E1B3E20F3BF7534DEB2C2E7C2404 C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\E35E6F46A1A9A4D18A4DAA298BDA4D1E8879236E\Blob = 030000000100000014000000e35e6f46a1a9a4d18a4daa298bda4d1e8879236e20000000010000005f0500003082055b30820443a003020102021100d9218e2757ec45d84ec08b3e6700c85e300d06092a864886f70d0101050500307b310b3009060355040613024742311b30190603550408131247726561746572204d616e636865737465723110300e0603550407130753616c666f7264311a3018060355040a1311434f4d4f444f204341204c696d697465643121301f06035504031318434f4d4f444f20436f6465205369676e696e672043412032301e170d3138313231313030303030305a170d3139303730373233353935395a3081a8310b3009060355040613025553310e300c06035504110c053037303133310b300906035504080c024e4a3110300e06035504070c07436c6966746f6e3116301406035504090c0d313235352042726f616420537431283026060355040a0c1f436f6d6f646f20536563757269747920536f6c7574696f6e732c20496e632e3128302606035504030c1f436f6d6f646f20536563757269747920536f6c7574696f6e732c20496e632e30820122300d06092a864886f70d01010105000382010f003082010a0282010100b73a668ff7984c8d990d7c6e51df5176c7842cc1bf351c27286c6139f4831fc718a35b0fa9145f0887de8bce335e8e3e12fce763cab5deeae08e0bf325cd79a4fbb328d7c7f7d53de51bd3c05c5966b634a9b1fc4362afd0267f927dd90a52b6a5f5f0e29c8e94dfe4199b2cf31142bb480e95ecb92b6ca20ecd71ff210df9655e9e9ac856ad7aab929b843052d4a21c27ea4054a9f4e8c4cd88943b1a4d3a58b3e06eb654c6c09cef472d6fb0d05a841ce229b53a5d36bd08cbfdc552f7c758efaa7824c1d27e30a83d7a9cecaab4bd91b2cbd60d1335fc4ac0f0294dd2eeb3f65139467761f091840246ff644edbfacb9ffd7ef2823fd9eea312dd299a39af0203010001a38201aa308201a6301f0603551d230418301680141ec5b12c7d87da02687c25bc0c07843fb6cfdef1301d0603551d0e041604147c4f2b645af103043ca7675e8c129c16dee7164c300e0603551d0f0101ff040403020780300c0603551d130101ff0402300030130603551d25040c300a06082b06010505070303301106096086480186f842010104040302041030460603551d20043f303d303b060c2b06010401b2310102010302302b302906082b06010505070201161d68747470733a2f2f7365637572652e636f6d6f646f2e6e65742f43505330410603551d1f043a30383036a034a0328630687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f434f4d4f444f436f64655369676e696e674341322e63726c307206082b0601050507010104663064303c06082b060105050730028630687474703a2f2f6372742e636f6d6f646f63612e636f6d2f434f4d4f444f436f64655369676e696e674341322e637274302406082b060105050730018618687474703a2f2f6f6373702e636f6d6f646f63612e636f6d301f0603551d1104183016811473636f742e7765697240636f6d6f646f2e636f6d300d06092a864886f70d01010505000382010100b33c0fee4668b9e86cd777fa94eb47dcaee7fb5b9b897b9458b12e511a194b6ad495ea4b6b820d1c7cd26badf92cfc13aaa9e66157a55545c7ea71460a4fa4e30e46b9ac16a36e94a1fcbc62b2abe402d2a58773344c4b23a0d907a9760029595421e478da67167f80876012443cd22573dc3806cdedbc6c8c4ed255bd926cecc7796ec36fb225d084f31afb5e5a2e86d26149212dda8aed2058ef0d7e7e677b463a7722431a0b5c0b9dc385b7d2e73bd781ee111c8f7e36d76e1db1f6ac98784227ed97cde3762d079741984d146a8ff96e411c1b1e4e711cd00a6150532ffaa13702a81f4514eae48ca0b98d8642a6cfe7711dc67d1b857bfecb4e863bc1f9 C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E\Blob = 0400000001000000100000001bfe69d191b71933a372a80fe155e5b50f000000010000003000000066b764a96581128168cf208e374dda479d54e311f32457f4aee0dbd2a6c8d171d531289e1cd22bfdbbd4cfd979625483090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0620000000100000020000000e793c9b02fd8aa13e21c31228accb08119643b749c898964b1746d46c3d4cbd21400000001000000140000005379bf5aaa2b4acf5480e1d89bc09df2b20366cb1d0000000100000010000000885010358d29a38f059b028559c95f900b00000001000000100000005300650063007400690067006f0000000300000001000000140000002b8f1b57330dbba2d07a6c51f70ee90ddab9ad8e190000000100000010000000ea6089055218053dd01e37e1d806eedf2000000001000000e2050000308205de308203c6a003020102021001fd6d30fca3ca51a81bbc640e35032d300d06092a864886f70d01010c0500308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f72697479301e170d3130303230313030303030305a170d3338303131383233353935395a308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010080126517360ec3db08b3d0ac570d76edcd27d34cad508361e2aa204d092d6409dcce899fcc3da9ecf6cfc1dcf1d3b1d67b3728112b47da39c6bc3a19b45fa6bd7d9da36342b676f2a93b2b91f8e26fd0ec162090093ee2e874c918b491d46264db7fa306f188186a90223cbcfe13f087147bf6e41f8ed4e451c61167460851cb8614543fbc33fe7e6c9cff169d18bd518e35a6a766c87267db2166b1d49b7803c0503ae8ccf0dcbc9e4cfeaf0596351f575ab7ffcef93db72cb6f654ddc8e7123a4dae4c8ab75c9ab4b7203dca7f2234ae7e3b68660144e7014e46539b3360f794be5337907343f332c353efdbaafe744e69c76b8c6093dec4c70cdfe132aecc933b517895678bee3d56fe0cd0690f1b0ff325266b336df76e47fa7343e57e0ea566b1297c3284635589c40dc19354301913acd37d37a7eb5d3a6c355cdb41d712daa9490bdfd8808a0993628eb566cf2588cd84b8b13fa4390fd9029eeb124c957cf36b05a95e1683ccb867e2e8139dcc5b82d34cb3ed5bffdee573ac233b2d00bf3555740949d849581a7f9236e651920ef3267d1c4d17bcc9ec4326d0bf415f40a94444f499e757879e501f5754a83efd74632fb1506509e658422e431a4cb4f0254759fa041e93d426464a5081b2debe78b7fc6715e1c957841e0f63d6e962bad65f552eea5cc62808042539b80e2ba9f24c971c073f0d52f5edef2f820f0203010001a3423040301d0603551d0e041604145379bf5aaa2b4acf5480e1d89bc09df2b20366cb300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff300d06092a864886f70d01010c050003820201005cd47c0dcff7017d4199650c73c5529fcbf8cf99067f1bda43159f9e0255579614f1523c27879428ed1f3a0137a276fc5350c0849bc66b4eba8c214fa28e556291f36915d8bc88e3c4aa0bfdefa8e94b552a06206d55782919ee5f305c4b241155ff249a6e5e2a2bee0b4d9f7ff70138941495430709fb60a9ee1cab128ca09a5ea7986a596d8b3f08fbc8d145af18156490120f73282ec5e2244efc58ecf0f445fe22b3eb2f8ed2d9456105c1976fa876728f8b8c36afbf0d05ce718de6a66f1f6ca67162c5d8d083720cf16711890c9c134c7234dfbcd571dfaa71dde1b96c8c3c125d65dabd5712b6436bffe5de4d661151cf99aeec17b6e871918cde49fedd3571a21527941ccf61e326bb6fa36725215de6dd1d0b2e681b3b82afec836785d4985174b1b9998089ff7f78195c794a602e9240ae4c372a2cc9c762c80e5df7365bcae0252501b4dd1a079c77003fd0dcd5ec3dd4fabb3fcc85d66f7fa92ddfb902f7f5979ab535dac367b0874aa9289e238eff5c276be1b04ff307ee002ed45987cb524195eaf447d7ee6441557c8d590295dd629dc2b9ee5a287484a59bb790c70c07dff589367432d628c1b0b00be09c4cc31cd6fce369b54746812fa282abd3634470c48dff2d33baad8f7bb57088ae3e19cf4028d8fcc890bb5d9922f552e658c51f883143ee881dd7c68e3c436a1da718de7d3d16f162f9ca90a8fd C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AFE5D244A8D1194230FF479FE2F897BBCD7A8CB4\Blob = 0400000001000000100000001b31b0714036cc143691adc43efdec180f0000000100000030000000761613f4cd8607508c3d520fbefe68773735fc73746f42a9fd6254ba3b72f0047994e5af57677cf6d2c1965984965df1090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00b000000010000003a0000005300650063007400690067006f002000280066006f0072006d00650072006c007900200043006f006d006f0064006f002000430041002900000062000000010000002000000052f0e1c4e58ec629291b60317f074671b85d7ea80d5b07273463534b32b40234140000000100000014000000bbaf7e023dfaa6f13c848eadee3898ecd93232d41d0000000100000010000000cb39c3d4272cdf63774e1db810c5a89e030000000100000014000000afe5d244a8d1194230ff479fe2f897bbcd7a8cb419000000010000001000000082218ffb91733e64136be5719f57c3a12000000001000000dc050000308205d8308203c0a00302010202104caaf9cadb636fe01ff74ed85b03869d300d06092a864886f70d01010c0500308185310b3009060355040613024742311b30190603550408131247726561746572204d616e636865737465723110300e0603550407130753616c666f7264311a3018060355040a1311434f4d4f444f204341204c696d69746564312b302906035504031322434f4d4f444f205253412043657274696669636174696f6e20417574686f72697479301e170d3130303131393030303030305a170d3338303131383233353935395a308185310b3009060355040613024742311b30190603550408131247726561746572204d616e636865737465723110300e0603550407130753616c666f7264311a3018060355040a1311434f4d4f444f204341204c696d69746564312b302906035504031322434f4d4f444f205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010091e85492d20a56b1ac0d24ddc5cf446774992b37a37d23700071bc53dfc4fa2a128f4b7f1056bd9f7072b7617fc94b0f17a73de3b00461eeff1197c7f4863e0afa3e5cf993e6347ad9146be79cb385a0827a76af7190d7ecfd0dfa9c6cfadfb082f4147ef9bec4a62f4f7f997fb5fc674372bd0c00d689eb6b2cd3ed8f981c14ab7ee5e36efcd8a8e49224da436b62b855fdeac1bc6cb68bf30e8d9ae49b6c6999f878483045d5ade10d3c4560fc32965127bc67c3ca2eb66bea46c7c720a0b11f65de4808baa44ea9f283463784ebe8cc814843674e722a9b5cbd4c1b288a5c227bb4ab98d9eee05183c309464e6d3e99fa9517da7c3357413c8d51ed0bb65caf2c631adf57c83fbce95dc49baf4599e2a35a24b4baa9563dcf6faaff4958bef0a8fff4b8ade937fbbab8f40b3af9e843421e89d884cb13f1d9bbe18960b88c2856ac141d9c0ae771ebcf0edd3da996a148bd3cf7afb50d224cc01181ec563bf6d3a2e25bb7b204225295809369e88e4c65f191032d707402ea8b671529695202bbd7df506a5546bfa0a328617f70d0c3a2aa2c21aa47ce289c064576bf821827b4d5aeb4cb50e66bf44c867130e9a6df1686e0d8ff40ddfbd042887fa3333a2e5c1e41118163ce18716b2beca68ab7315c3a6a47e0c37959d6201aaff26a98aa72bc574ad24b9dbb10fcb04c41e5ed1d3d5e289d9cccbfb351daa747e584530203010001a3423040301d0603551d0e04160414bbaf7e023dfaa6f13c848eadee3898ecd93232d4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff300d06092a864886f70d01010c050003820201000af1d54684b7ae51bb6cb24d411400934c9ccbe5c054cfa0258e02f9fdb0a20df520983c132dac56a2b0d67e1192e92eba9e2e9a72b1bd19446c6135a29ab41612695a8ce1d73ea41ae82f03f4ae611d101b2aa48b7ac5fe05a6e1c0d6c8fe9eae8f2bba3d99f8d8730958466ea69cf4d727d395da3783721cd373e0a2479903385dd5497900291cc7ec9b201c0724695778b239fc3a84a0b59c7c8dbf2e936227b739da1718aebd3c0968ff849b3cd5d60b03e3579e14f7d1eb4fc8bd8723b7b6494379855cbaeb920ba1c6e868a84c16b11a990ae8532c92bba10918750c65a87bcb23b71ac22885c31bffd02b62efa47b099198678c1401cd68066a6321750380888a6e81c685f2a9a42de7f4a524104783cacdf48d7958b1069be71a2ad99d01d7947ded034acaf0dbe8a9013ef55699c91e8e493dbbe509b9e04f49923d168240cccc59c6e63aed122e693c6c95b1fdaa1d7b7f86be1e0e3246fbfb138f757f4c8b4b4663fe00344070c1c3b9a1dda670e204b341bce98091ea649c7ae12203a99c6e6f0e654f6c87875ef36ea0f975a59b40e853b2279d4ab9c077218dff87f2debc8cef17dfb7490bd1f26e300b1a0e4e76ed11fcf5e956b27dbfc76d0a938ca5d0c0b61dbe3a4e94a2d76e6c0bc28a7cfa20f3c4e4e5cd0da8cb9192b17c85ecb51469660e82e7cdcec82da6517f21c1355385064a5d9fadbb1b5f74 C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349 C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 0f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0620000000100000020000000d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef40b000000010000001c0000005300650063007400690067006f002000280041004100410029000000140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b41d00000001000000100000002e0d6875874a44c820912e85e964cfdb030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e349200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\E12DFB4B41D7D9C32B30514BAC1D81D8385E2D46\Blob = 040000000100000010000000a7f2e41606411150306b9ce3b49cb0c90f0000000100000014000000f45a0858c9cd920e647bad539ab9f1cfc77f24cb0b000000010000002a0000005300650063007400690067006f0020002800550054004e0020004f0062006a0065006300740029000000090000000100000022000000302006082b06010505070303060a2b0601040182370a030406082b060105050703086200000001000000200000006fff78e400a70c11011cd85977c459fb5af96a3df0540820d0f4b8607875e58f140000000100000014000000daed6474149c143cabdd99a9bd5b284d8b3cc9d81d0000000100000010000000f919b9ccce1e59c2e785f7dc2ccf67087e0000000100000008000000000063f58926d70168000000010000000800000000409120d035d901030000000100000014000000e12dfb4b41d7d9c32b30514bac1d81d8385e2d46190000000100000010000000e843ac3b52ec8c297fa948c9b1fb281920000000010000006a040000308204663082034ea003020102021044be0c8b500024b411d3362de0b35f1b300d06092a864886f70d0101050500308195310b3009060355040613025553310b3009060355040813025554311730150603550407130e53616c74204c616b652043697479311e301c060355040a131554686520555345525452555354204e6574776f726b3121301f060355040b1318687474703a2f2f7777772e7573657274727573742e636f6d311d301b0603550403131455544e2d5553455246697273742d4f626a656374301e170d3939303730393138333132305a170d3139303730393138343033365a308195310b3009060355040613025553310b3009060355040813025554311730150603550407130e53616c74204c616b652043697479311e301c060355040a131554686520555345525452555354204e6574776f726b3121301f060355040b1318687474703a2f2f7777772e7573657274727573742e636f6d311d301b0603550403131455544e2d5553455246697273742d4f626a65637430820122300d06092a864886f70d01010105000382010f003082010a0282010100ceaa813fa3a36178aa31005595119e270f1f1cdf3a9b826830c04a611df12f0efabe79f7a523ef55519684cddbe3b96e3e31d80a2067c7f4d9bf94eb47043e02ce2aa25d870409f6309d188a97b2aa1cfc41d2a136cbfb3d91bae7d97035fae4e790c39ba39bd33cf5129977b1b709e068e61cb8f39463886a6afe0b76c9bef422e467b9ab1a5e77c18507dd0d6cbfee06c7776a419ea70fd7fbee9417b7fc85bea4abc41c31ddd7b6d1e4f0efdf168fb25293d7a1d489a1072ebfe10112421e1ae1d89534db647928ffba2e11c2e5e85b9248fb470bc26cdaad328341f3a5e54170fd65906dfafa51c4f9bd962b19042cd36da7dcf07f6f8365e26aab8786750203010001a381af3081ac300b0603551d0f0404030201c6300f0603551d130101ff040530030101ff301d0603551d0e04160414daed6474149c143cabdd99a9bd5b284d8b3cc9d830420603551d1f043b30393037a035a0338631687474703a2f2f63726c2e7573657274727573742e636f6d2f55544e2d5553455246697273742d4f626a6563742e63726c30290603551d250422302006082b0601050507030306082b06010505070308060a2b0601040182370a0304300d06092a864886f70d01010505000382010100081f52b1374478dbfdceb9da959698aa556480b55a40dd21a5c5c1f35f2c4cc8475a69eae8f03535f4d025f3c8a6a4874abd1bb17308bdd4c3cab635bb59867731cda78014ae13effcb148f96b25252d51b62c6d45c198c88a565d3eee434e3e6b278ed03a4b850b5fd3ed6aa775cbd15a872f3975135a72b002819fbef00f845420626c69d4e14dc60d9943010d12968c789dbf50a2b144aa6acf177acf6f0fd4f824555ff0341649663e5046c96371383162b862b9f353ad6cb52ba212aa194f09da5ee793c68e1408fef0308018a086854dc87dd78b03fe6ed5f79d16ac922ca023e59c91521f94df179473c3b3c1c17105200078bd13521da83ecd001fc8 C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\E12DFB4B41D7D9C32B30514BAC1D81D8385E2D46\Blob = 5c000000010000000400000000080000190000000100000010000000e843ac3b52ec8c297fa948c9b1fb2819030000000100000014000000e12dfb4b41d7d9c32b30514bac1d81d8385e2d4668000000010000000800000000409120d035d9017e0000000100000008000000000063f58926d7011d0000000100000010000000f919b9ccce1e59c2e785f7dc2ccf6708140000000100000014000000daed6474149c143cabdd99a9bd5b284d8b3cc9d86200000001000000200000006fff78e400a70c11011cd85977c459fb5af96a3df0540820d0f4b8607875e58f090000000100000022000000302006082b06010505070303060a2b0601040182370a030406082b060105050703080b000000010000002a0000005300650063007400690067006f0020002800550054004e0020004f0062006a00650063007400290000000f0000000100000014000000f45a0858c9cd920e647bad539ab9f1cfc77f24cb040000000100000010000000a7f2e41606411150306b9ce3b49cb0c920000000010000006a040000308204663082034ea003020102021044be0c8b500024b411d3362de0b35f1b300d06092a864886f70d0101050500308195310b3009060355040613025553310b3009060355040813025554311730150603550407130e53616c74204c616b652043697479311e301c060355040a131554686520555345525452555354204e6574776f726b3121301f060355040b1318687474703a2f2f7777772e7573657274727573742e636f6d311d301b0603550403131455544e2d5553455246697273742d4f626a656374301e170d3939303730393138333132305a170d3139303730393138343033365a308195310b3009060355040613025553310b3009060355040813025554311730150603550407130e53616c74204c616b652043697479311e301c060355040a131554686520555345525452555354204e6574776f726b3121301f060355040b1318687474703a2f2f7777772e7573657274727573742e636f6d311d301b0603550403131455544e2d5553455246697273742d4f626a65637430820122300d06092a864886f70d01010105000382010f003082010a0282010100ceaa813fa3a36178aa31005595119e270f1f1cdf3a9b826830c04a611df12f0efabe79f7a523ef55519684cddbe3b96e3e31d80a2067c7f4d9bf94eb47043e02ce2aa25d870409f6309d188a97b2aa1cfc41d2a136cbfb3d91bae7d97035fae4e790c39ba39bd33cf5129977b1b709e068e61cb8f39463886a6afe0b76c9bef422e467b9ab1a5e77c18507dd0d6cbfee06c7776a419ea70fd7fbee9417b7fc85bea4abc41c31ddd7b6d1e4f0efdf168fb25293d7a1d489a1072ebfe10112421e1ae1d89534db647928ffba2e11c2e5e85b9248fb470bc26cdaad328341f3a5e54170fd65906dfafa51c4f9bd962b19042cd36da7dcf07f6f8365e26aab8786750203010001a381af3081ac300b0603551d0f0404030201c6300f0603551d130101ff040530030101ff301d0603551d0e04160414daed6474149c143cabdd99a9bd5b284d8b3cc9d830420603551d1f043b30393037a035a0338631687474703a2f2f63726c2e7573657274727573742e636f6d2f55544e2d5553455246697273742d4f626a6563742e63726c30290603551d250422302006082b0601050507030306082b06010505070308060a2b0601040182370a0304300d06092a864886f70d01010505000382010100081f52b1374478dbfdceb9da959698aa556480b55a40dd21a5c5c1f35f2c4cc8475a69eae8f03535f4d025f3c8a6a4874abd1bb17308bdd4c3cab635bb59867731cda78014ae13effcb148f96b25252d51b62c6d45c198c88a565d3eee434e3e6b278ed03a4b850b5fd3ed6aa775cbd15a872f3975135a72b002819fbef00f845420626c69d4e14dc60d9943010d12968c789dbf50a2b144aa6acf177acf6f0fd4f824555ff0341649663e5046c96371383162b862b9f353ad6cb52ba212aa194f09da5ee793c68e1408fef0308018a086854dc87dd78b03fe6ed5f79d16ac922ca023e59c91521f94df179473c3b3c1c17105200078bd13521da83ecd001fc8 C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\E35E6F46A1A9A4D18A4DAA298BDA4D1E8879236E C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AFE5D244A8D1194230FF479FE2F897BBCD7A8CB4 C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\31D019FC7AB697D57D9C4AFB340ED7C4D10400DF\Blob = 03000000010000001400000031d019fc7ab697d57d9c4afb340ed7c4d10400df2000000001000000250600003082062130820509a00302010202101b427b060e2866bfb586cc267e1c3eaa300d06092a864886f70d01010b0500308191310b3009060355040613024742311b30190603550408131247726561746572204d616e636865737465723110300e0603550407130753616c666f7264311a3018060355040a1311434f4d4f444f204341204c696d69746564313730350603550403132e434f4d4f444f2052534120457874656e6465642056616c69646174696f6e20436f6465205369676e696e67204341301e170d3138313230343030303030305a170d3231313230333233353935395a308201093110300e060355040513073339313038303531133011060b2b0601040182373c0201031302555331193017060b2b0601040182373c020102130844656c6177617265311d301b060355040f131450726976617465204f7267616e697a6174696f6e310b3009060355040613025553310e300c06035504110c053037303133310b300906035504080c024e4a3110300e06035504070c07436c6966746f6e3116301406035504090c0d313235352042726f616420537431283026060355040a0c1f436f6d6f646f20536563757269747920536f6c7574696f6e732c20496e632e3128302606035504030c1f436f6d6f646f20536563757269747920536f6c7574696f6e732c20496e632e30820122300d06092a864886f70d01010105000382010f003082010a0282010100ad390c8bc919005d5894a91a9585ef887fbd7c2341ff5ebb3efc6f645a66c55e6da11febce740e53ed9416284dfc7d142e4dc21f99753b5f60ae9aadc764b59efd9ffd33b20ae1c54eba629408a1b095a59cf4af0ad9db9bc494250154dcd0edefcec62e4b248d9a793b703aa15255baf3553fa59d4dc558ba4303af630bb626cd6627e0c4a45764ec3b286c38ab2499f9dc13eefdffa7841297ff533b47061b9aa3ff09ee3f04a7b10ba70894e53f3352b1f60eddfc021a66546e3392795bb6ae49a92f189ec2a7cdd9a935fab33a5ce7fc16c4b7e8ca13b4551d38a6a7c0658298a5adf5f6796675f58e1bb4ce410ff704bc5e845bc1ef83c18a0d50e137370203010001a38201f8308201f4301f0603551d23041830168014df8ff3200ce9caa604d85b58372a3dab46dc8349301d0603551d0e041604142d99b81962209042dc650eb36ec07ad996e48c4d300e0603551d0f0101ff040403020780300c0603551d130101ff0402300030130603551d25040c300a06082b06010505070303301106096086480186f842010104040302041030460603551d20043f303d303b060c2b06010401b2310102010601302b302906082b06010505070201161d68747470733a2f2f7365637572652e636f6d6f646f2e636f6d2f43505330550603551d1f044e304c304aa048a0468644687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f434f4d4f444f525341457874656e64656456616c69646174696f6e436f64655369676e696e6743412e63726c30818606082b06010505070101047a3078305006082b060105050730028644687474703a2f2f6372742e636f6d6f646f63612e636f6d2f434f4d4f444f525341457874656e64656456616c69646174696f6e436f64655369676e696e6743412e637274302406082b060105050730018618687474703a2f2f6f6373702e636f6d6f646f63612e636f6d30440603551d11043d303ba02306082b06010505070803a01730150c1355532d44454c41574152452d33393130383035811473636f742e7765697240636f6d6f646f2e636f6d300d06092a864886f70d01010b050003820101007f4d3e6594a3e380fac36b00e97ccacce4786be2ecc13cf37e737aaca0328bb8bfdcd513daff94aba1c7ee00cc8a3bd073157a812f6e31f772781d0bb922a8b86932b296c2312cdf3b239c42bb443b4b1b89b36de34a7fae65ac63eb6ead8812f8d373fa6f1a4e8d9e62eb004caae3639e41e08ed48d640b04725b09b4411dc083587e7fe24b33d90677677960efa6299cc85c4b2bfae4cdfe36581d25e029f6af1a7e77f502882d87597f3cc5bb450a71f9fd57f43b321baa4cbe5213a48a2c5b785a9de4103d5029e4db79403e98784e51379d45a86996b183469e98470731d1a603eaa443a05527aca62f51631722dc0dfe5d74c8298d2aed885d34c9be61 C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F8DB7E1C16F1FFD4AAAD4AAD8DFF0F2445184AEB C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 5c0000000100000004000000000800001900000001000000100000002aa1c05e2ae606f198c2c5e937c97aa2030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e3491d00000001000000100000002e0d6875874a44c820912e85e964cfdb140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b40b000000010000001c0000005300650063007400690067006f002000280041004100410029000000620000000100000020000000d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef453000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286040000000100000010000000497904b0eb8719ac47b0bc11519b74d0200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\E12DFB4B41D7D9C32B30514BAC1D81D8385E2D46 C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\6CD253D636A7B4D0E0981431BC064061A9853ED9 C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\31D019FC7AB697D57D9C4AFB340ED7C4D10400DF C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\16232A798863E5950F9F44977A033CF91793D8F1\Blob = 03000000010000001400000016232a798863e5950f9f44977a033cf91793d8f1200000000100000016070000308207123082057aa00302010202101f734d111b4b5c879bbd5a8c49ab2a90300d06092a864886f70d01010b05003057310b300906035504061302474231183016060355040a130f5365637469676f204c696d69746564312e302c060355040313255365637469676f205075626c696320436f6465205369676e696e6720434120455620523336301e170d3231313230373030303030305a170d3234313230363233353935395a3081da311330110603550405130a3034303037353135383831133011060b2b0601040182373c02010313025553311b3019060b2b0601040182373c020102130a4e6577204a6572736579311d301b060355040f131450726976617465204f7267616e697a6174696f6e310b30090603550406130255533113301106035504080c0a4e6577204a657273657931273025060355040a0c1e436f6d6f646f20536563757269747920536f6c7574696f6e732c20496e633127302506035504030c1e436f6d6f646f20536563757269747920536f6c7574696f6e732c20496e6330820222300d06092a864886f70d01010105000382020f003082020a0282020100bf278efbb1f070dd512156b387a02946060750ffadb5b00c8a316c6254ccf52787727318f46a676cc12035adfb89cef7c4c4bbefa84627362f58e1b96b6b281fc01535419a7715dd92995ecf8deb4c8291427657bdcbee99fc260f482b91478a76bcf1c50b114be347a43c8a35091d8371e562b1c16f68370f851e037373ff9c00177845d2d5b6da2aaaf808cf9ff1a3a6eda561286e25fa2c0d7e9ae0c7f0c04e1df0baf6f5b6ac0f01940f2a14e467f77505d14c84f45121d45d5c4552ac5eb24fef6bc520ace00bac3aeab817f8fa995b3111a202397031bf4b25dd89e2ba5cf8b9b6b5a521deee25a4e6529c869873414796bbc28f6d3ed733d339b26dd10a3a0e2d43eb9815e1b33fb6a48f0ad3fe196ecb20207862249a5456601c09f1e344453cad88350bb392a74a899f716e018c40cac5fd3f9b691261e3528f51ae70a28b00271c5a540ec387e778f75a4ceabfd34f9b17d6a76481240727ba17973f3746e175ab4cae3f9b28dfad2a842a220491f66956ae90f8b44c343ccbb8cd6ae46eb19aa6f6ae55687129eb473a3111d1db67d708955afacc070e048b5aab7587a732bc77c9a66c72c604a4ae96ee00d38d492af000d6099cce5bd9b7c42554e74ad2091f79baea8cd4b92d092f89a294ebf5ddb785a39b21c1befd7faecc58a6e99022139f7120753a4cdb4b98e700a08dd850224d67c8aa811cd61d63950203010001a38201d4308201d0301f0603551d23041830168014813292412b28cd46c8c4a2c62a3912ec48a93f14301d0603551d0e041604145d9262d74ec55663e2d856b3702cca554d2809fd300e0603551d0f0101ff040403020780300c0603551d130101ff0402300030130603551d25040c300a06082b06010505070303301106096086480186f842010104040302041030490603551d20044230403035060c2b06010401b23101020106013025302306082b06010505070201161768747470733a2f2f7365637469676f2e636f6d2f4350533007060567810c0103304b0603551d1f044430423040a03ea03c863a687474703a2f2f63726c2e7365637469676f2e636f6d2f5365637469676f5075626c6963436f64655369676e696e67434145565233362e63726c307b06082b06010505070101046f306d304606082b06010505073002863a687474703a2f2f6372742e7365637469676f2e636f6d2f5365637469676f5075626c6963436f64655369676e696e67434145565233362e637274302306082b060105050730018617687474703a2f2f6f6373702e7365637469676f2e636f6d30330603551d11042c302aa02806082b06010505070803a01c301a0c1855532d4e4557204a45525345592d30343030373531353838300d06092a864886f70d01010b0500038201810000b6abcb859749fe5bea2213f31cfe6db00bb221447b7f781d40982487806bdb7b711b08b210fec553172e5492ed62cd4eb3c63f4352c33d87e3aaf9265287438c0cfa8183b68cdf6a52df3094b4fb4fc01a82e39292fc5c2525f30f5da0077e8b37879c9c33a46b34cda70fdd89e87cec6f9b320aa3ec145b2843af9ff9cdf5d7030b3b34b5e1436b06ed64f2358de7e894dc929e7d218a2c362c4b2a78f0852e9bc55fcb805c86b407879bd4d1cc8d24b3a647ad85cdbd19fd29f030e1976a5369e550b780dc853824d4f031f69afd1a4967ec5f3871443f8b55d40c6ce0049d5af7c2d6f3f1df0471e0d47daa19a010cc08489dd330c8aa036c63ec148a37b855e6e2cbe7993d3bc17459ba47251c568c80468c8c8eeef2b561903a64c54472284333302f8e957906f9fa7af48afd60d63886595389b305e9b2cae6547efc2e85a5a382e7abef4d5efcfc3e8a0320a1c7e6bd5b8b68f5a4931b5bdb6e0200e502becdd39258d1df1b7f0ead70b94c06e329ea1d9e52f32104c7c0b3a26d5b C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe N/A

Suspicious behavior: LoadsDriver

Description Indicator Process Target
N/A N/A N/A N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\Downloads\cispro_installer.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4680 wrote to memory of 4424 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4680 wrote to memory of 4424 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4680 wrote to memory of 3160 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4680 wrote to memory of 3160 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4680 wrote to memory of 3160 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4680 wrote to memory of 3160 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4680 wrote to memory of 3160 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4680 wrote to memory of 3160 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4680 wrote to memory of 3160 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4680 wrote to memory of 3160 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4680 wrote to memory of 3160 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4680 wrote to memory of 3160 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4680 wrote to memory of 3160 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4680 wrote to memory of 3160 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4680 wrote to memory of 3160 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4680 wrote to memory of 3160 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4680 wrote to memory of 3160 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4680 wrote to memory of 3160 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4680 wrote to memory of 3160 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4680 wrote to memory of 3160 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4680 wrote to memory of 3160 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4680 wrote to memory of 3160 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4680 wrote to memory of 3160 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4680 wrote to memory of 3160 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4680 wrote to memory of 3160 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4680 wrote to memory of 3160 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4680 wrote to memory of 3160 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4680 wrote to memory of 3160 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4680 wrote to memory of 3160 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4680 wrote to memory of 3160 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4680 wrote to memory of 3160 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4680 wrote to memory of 3160 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4680 wrote to memory of 3160 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4680 wrote to memory of 1196 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4680 wrote to memory of 1196 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4680 wrote to memory of 4856 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4680 wrote to memory of 4856 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4680 wrote to memory of 4856 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4680 wrote to memory of 4856 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4680 wrote to memory of 4856 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4680 wrote to memory of 4856 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4680 wrote to memory of 4856 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4680 wrote to memory of 4856 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4680 wrote to memory of 4856 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4680 wrote to memory of 4856 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4680 wrote to memory of 4856 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4680 wrote to memory of 4856 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4680 wrote to memory of 4856 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4680 wrote to memory of 4856 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4680 wrote to memory of 4856 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4680 wrote to memory of 4856 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4680 wrote to memory of 4856 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4680 wrote to memory of 4856 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4680 wrote to memory of 4856 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4680 wrote to memory of 4856 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4680 wrote to memory of 4856 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4680 wrote to memory of 4856 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4680 wrote to memory of 4856 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4680 wrote to memory of 4856 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4680 wrote to memory of 4856 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4680 wrote to memory of 4856 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4680 wrote to memory of 4856 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4680 wrote to memory of 4856 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4680 wrote to memory of 4856 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Uses Volume Shadow Copy service COM API

ransomware

Processes

C:\Users\Admin\AppData\Local\Temp\advbattoexeconverter.exe

"C:\Users\Admin\AppData\Local\Temp\advbattoexeconverter.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffed3c0ab58,0x7ffed3c0ab68,0x7ffed3c0ab78

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1740 --field-trial-handle=1952,i,14048443348409948006,16024198263447216804,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 --field-trial-handle=1952,i,14048443348409948006,16024198263447216804,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2272 --field-trial-handle=1952,i,14048443348409948006,16024198263447216804,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2988 --field-trial-handle=1952,i,14048443348409948006,16024198263447216804,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2996 --field-trial-handle=1952,i,14048443348409948006,16024198263447216804,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4396 --field-trial-handle=1952,i,14048443348409948006,16024198263447216804,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4556 --field-trial-handle=1952,i,14048443348409948006,16024198263447216804,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4680 --field-trial-handle=1952,i,14048443348409948006,16024198263447216804,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4588 --field-trial-handle=1952,i,14048443348409948006,16024198263447216804,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4336 --field-trial-handle=1952,i,14048443348409948006,16024198263447216804,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4860 --field-trial-handle=1952,i,14048443348409948006,16024198263447216804,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe

"C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe" --reenable-autoupdates --system-level

C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe

"C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x254,0x258,0x25c,0x230,0x260,0x7ff69d9cae48,0x7ff69d9cae58,0x7ff69d9cae68

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4632 --field-trial-handle=1952,i,14048443348409948006,16024198263447216804,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3456 --field-trial-handle=1952,i,14048443348409948006,16024198263447216804,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4916 --field-trial-handle=1952,i,14048443348409948006,16024198263447216804,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4260 --field-trial-handle=1952,i,14048443348409948006,16024198263447216804,131072 /prefetch:8

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x4b0 0x2f8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5368 --field-trial-handle=1952,i,14048443348409948006,16024198263447216804,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5408 --field-trial-handle=1952,i,14048443348409948006,16024198263447216804,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5360 --field-trial-handle=1952,i,14048443348409948006,16024198263447216804,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2448 --field-trial-handle=1952,i,14048443348409948006,16024198263447216804,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5244 --field-trial-handle=1952,i,14048443348409948006,16024198263447216804,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5124 --field-trial-handle=1952,i,14048443348409948006,16024198263447216804,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5408 --field-trial-handle=1952,i,14048443348409948006,16024198263447216804,131072 /prefetch:8

C:\Users\Admin\Downloads\cispro_installer.exe

"C:\Users\Admin\Downloads\cispro_installer.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=5088 --field-trial-handle=1952,i,14048443348409948006,16024198263447216804,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=5436 --field-trial-handle=1952,i,14048443348409948006,16024198263447216804,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5704 --field-trial-handle=1952,i,14048443348409948006,16024198263447216804,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5932 --field-trial-handle=1952,i,14048443348409948006,16024198263447216804,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=5108 --field-trial-handle=1952,i,14048443348409948006,16024198263447216804,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=5456 --field-trial-handle=1952,i,14048443348409948006,16024198263447216804,131072 /prefetch:1

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe

"C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe" -log -setupname "cispro_installer.exe" -sfx "C:\Users\Admin\Downloads" -theme lycia -type alone -mode cispro -partner 18137

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=6332 --field-trial-handle=1952,i,14048443348409948006,16024198263447216804,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6268 --field-trial-handle=1952,i,14048443348409948006,16024198263447216804,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5520 --field-trial-handle=1952,i,14048443348409948006,16024198263447216804,131072 /prefetch:8

C:\ProgramData\Comodo\Installer\ise_installer.exe

"C:\ProgramData\\Comodo\Installer\ise_installer.exe" /quiet /chid=18137 /aff=18137

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.001\bin\ise_installer\isestart.exe

"C:\Users\Admin\AppData\Local\Temp\7ZipSfx.001\bin\ise_installer\isestart.exe" /quiet /chid=18137 /aff=18137

C:\Windows\system32\msiexec.exe

C:\Windows\system32\msiexec.exe /V

C:\Windows\System32\MsiExec.exe

C:\Windows\System32\MsiExec.exe -Embedding C1F2E6D720A0BE98109EC7397DB72286

C:\Windows\System32\MsiExec.exe

C:\Windows\System32\MsiExec.exe -Embedding F663E821FC44473AE4E09C81E39D14E0 E Global\MSI0000

C:\Windows\Installer\MSI1004.tmp

"C:\Windows\Installer\MSI1004.tmp" -rptype 0 -descr "Installing COMODO Internet Security Pro" -logfile "C:\Users\Admin\AppData\Local\Temp\COMODO Internet Security dbgout.log"

C:\Windows\Installer\MSI1004.tmp

"C:\Windows\Installer\MSI1004.tmp" -rptype 0 -descr "Installing COMODO Internet Security Pro" -logfile "C:\Users\Admin\AppData\Local\Temp\COMODO Internet Security dbgout.log" -working

C:\Windows\system32\vssvc.exe

C:\Windows\system32\vssvc.exe

C:\Windows\system32\srtasks.exe

C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=244 --field-trial-handle=1952,i,14048443348409948006,16024198263447216804,131072 /prefetch:2

C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe

"C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe" --installCertificates

C:\Windows\system32\regsvr32.exe

"regsvr32.exe" /s "C:\Program Files\COMODO\COMODO Internet Security\cisresc.dll"

C:\Windows\system32\regsvr32.exe

"regsvr32.exe" /s "C:\Program Files\COMODO\COMODO Internet Security\cisbfps.dll"

C:\Program Files\COMODO\COMODO Internet Security\cisbf.exe

"C:\Program Files\COMODO\COMODO Internet Security\cisbf.exe" /RegServer

C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe

"C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe" --updateHtml

C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe

"C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe" --langID 1033 --createConfig "active=avfw;dplus=opt;esm=0;av=1;fw=1;cesfw=1;cesav=1;cessandbox=1;free=0;noalerts=1;cloud=1;sendstats=1;configfile=;fwstate=0;dfstate=0;avstate=0;bbstate=0;avservers=0;standalone=1;useblob=1;trustnewnets=0;"

C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe

"C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe" --upgradeBackuped=""

C:\Windows\system32\runonce.exe

"C:\Windows\system32\runonce.exe" -r

C:\Windows\System32\grpconv.exe

"C:\Windows\System32\grpconv.exe" -o

C:\Windows\system32\runonce.exe

"C:\Windows\system32\runonce.exe" -r

C:\Windows\System32\grpconv.exe

"C:\Windows\System32\grpconv.exe" -o

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k DcomLaunch -p -s DeviceInstall

C:\Windows\system32\DrvInst.exe

DrvInst.exe "4" "1" "C:\Program Files\COMODO\COMODO Internet Security\drivers\win10\inspect.inf" "9" "471514ecf" "0000000000000148" "WinSta0\Default" "0000000000000158" "208" "C:\Program Files\COMODO\COMODO Internet Security\drivers\win10"

Network

Country Destination Domain Proto
US 8.8.8.8:53 140.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 79.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 56.126.166.20.in-addr.arpa udp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 253.15.104.51.in-addr.arpa udp
US 8.8.8.8:53 71.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 227.75.250.142.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
FR 142.250.178.132:443 www.google.com udp
FR 142.250.178.132:443 www.google.com tcp
US 8.8.8.8:53 170.20.217.172.in-addr.arpa udp
US 8.8.8.8:53 132.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 play.google.com udp
FR 142.250.179.78:443 play.google.com udp
FR 142.250.179.78:443 play.google.com tcp
US 8.8.8.8:53 78.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 clients2.google.com udp
FR 142.250.178.142:443 clients2.google.com udp
FR 142.250.178.142:443 clients2.google.com tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 142.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 163.20.217.172.in-addr.arpa udp
US 8.8.8.8:53 67.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 consent.google.com udp
FR 142.250.178.142:443 consent.google.com tcp
US 8.8.8.8:53 encrypted-tbn0.gstatic.com udp
FR 172.217.18.206:443 encrypted-tbn0.gstatic.com tcp
FR 172.217.18.206:443 encrypted-tbn0.gstatic.com tcp
FR 172.217.18.206:443 encrypted-tbn0.gstatic.com tcp
US 8.8.8.8:53 206.18.217.172.in-addr.arpa udp
US 8.8.8.8:53 id.google.com udp
HK 172.217.24.227:443 id.google.com tcp
HK 172.217.24.227:443 id.google.com tcp
US 8.8.8.8:53 227.24.217.172.in-addr.arpa udp
US 8.8.8.8:53 www.comodo.com udp
US 207.246.124.187:443 www.comodo.com tcp
US 207.246.124.187:443 www.comodo.com tcp
US 8.8.8.8:53 scripts.iconnode.com udp
GB 3.162.20.36:443 scripts.iconnode.com tcp
US 8.8.8.8:53 194.18.217.172.in-addr.arpa udp
US 8.8.8.8:53 187.124.246.207.in-addr.arpa udp
US 8.8.8.8:53 36.20.162.3.in-addr.arpa udp
US 8.8.8.8:53 secure.nurd.com udp
US 162.255.25.161:443 secure.nurd.com tcp
US 8.8.8.8:53 js.hs-scripts.com udp
US 8.8.8.8:53 js-na1.hs-scripts.com udp
US 104.16.137.209:443 js-na1.hs-scripts.com tcp
US 104.16.137.209:443 js-na1.hs-scripts.com tcp
US 8.8.8.8:53 161.25.255.162.in-addr.arpa udp
US 8.8.8.8:53 secure.trust-provider.com udp
GB 91.199.212.148:443 secure.trust-provider.com tcp
US 8.8.8.8:53 snap.licdn.com udp
US 8.8.8.8:53 beta.phonewagon.com udp
US 2.17.251.40:443 snap.licdn.com tcp
US 8.8.8.8:53 js.hscollectedforms.net udp
US 8.8.8.8:53 js.hsadspixel.net udp
US 8.8.8.8:53 js.hs-banner.com udp
US 8.8.8.8:53 js.hs-analytics.net udp
US 8.8.8.8:53 js.hsleadflows.net udp
US 104.16.108.254:443 js.hscollectedforms.net tcp
US 104.17.128.172:443 js.hsadspixel.net tcp
US 104.18.139.17:443 js.hsleadflows.net tcp
US 104.17.175.201:443 js.hs-analytics.net tcp
US 172.64.153.27:443 js.hs-banner.com tcp
US 8.8.8.8:53 region1.analytics.google.com udp
US 8.8.8.8:53 stats.g.doubleclick.net udp
US 8.8.8.8:53 www.google.co.uk udp
US 8.8.8.8:53 px.ads.linkedin.com udp
US 216.239.34.36:443 region1.analytics.google.com tcp
BE 64.233.167.154:443 stats.g.doubleclick.net tcp
US 13.107.42.14:443 px.ads.linkedin.com tcp
US 8.8.8.8:53 forms.hscollectedforms.net udp
US 172.64.153.27:443 js.hs-banner.com tcp
US 8.8.8.8:53 209.137.16.104.in-addr.arpa udp
US 8.8.8.8:53 168.20.217.172.in-addr.arpa udp
US 8.8.8.8:53 148.212.199.91.in-addr.arpa udp
US 8.8.8.8:53 138.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 40.251.17.2.in-addr.arpa udp
US 8.8.8.8:53 254.108.16.104.in-addr.arpa udp
US 8.8.8.8:53 172.128.17.104.in-addr.arpa udp
US 8.8.8.8:53 17.139.18.104.in-addr.arpa udp
US 8.8.8.8:53 201.175.17.104.in-addr.arpa udp
US 8.8.8.8:53 27.153.64.172.in-addr.arpa udp
US 8.8.8.8:53 36.34.239.216.in-addr.arpa udp
US 8.8.8.8:53 154.167.233.64.in-addr.arpa udp
US 8.8.8.8:53 14.42.107.13.in-addr.arpa udp
US 8.8.8.8:53 www.linkedin.com udp
US 8.8.8.8:53 geekbuddy.freshchat.com udp
US 8.8.8.8:53 track.hubspot.com udp
US 76.223.64.65:443 geekbuddy.freshchat.com tcp
US 104.16.117.116:443 track.hubspot.com tcp
US 8.8.8.8:53 assetscdn-wchat.freshchat.com udp
GB 18.165.160.31:443 assetscdn-wchat.freshchat.com tcp
GB 18.165.160.31:443 assetscdn-wchat.freshchat.com tcp
GB 18.165.160.31:443 assetscdn-wchat.freshchat.com tcp
US 8.8.8.8:53 65.64.223.76.in-addr.arpa udp
US 8.8.8.8:53 116.117.16.104.in-addr.arpa udp
US 8.8.8.8:53 31.160.165.18.in-addr.arpa udp
US 8.8.8.8:53 rts-static-prod.freshworksapi.com udp
GB 18.172.89.121:443 rts-static-prod.freshworksapi.com tcp
US 8.8.8.8:53 732142690628692.webpush.freshchat.com udp
GB 3.162.20.21:443 732142690628692.webpush.freshchat.com tcp
US 8.8.8.8:53 fc-use1-00-pics-bkt-00.s3.amazonaws.com udp
US 3.5.25.242:443 fc-use1-00-pics-bkt-00.s3.amazonaws.com tcp
US 8.8.8.8:53 21.20.162.3.in-addr.arpa udp
US 8.8.8.8:53 121.89.172.18.in-addr.arpa udp
US 8.8.8.8:53 242.25.5.3.in-addr.arpa udp
US 8.8.8.8:53 api.hubapi.com udp
US 104.18.240.108:443 api.hubapi.com tcp
US 8.8.8.8:53 forms.hubspot.com udp
US 104.16.118.116:443 forms.hubspot.com tcp
US 8.8.8.8:53 116.118.16.104.in-addr.arpa udp
US 8.8.8.8:53 108.240.18.104.in-addr.arpa udp
US 8.8.8.8:53 static.hotjar.com udp
US 8.8.8.8:53 ws.zoominfo.com udp
US 104.16.117.43:443 ws.zoominfo.com tcp
GB 18.165.160.12:443 static.hotjar.com tcp
US 8.8.8.8:53 script.hotjar.com udp
GB 3.162.20.60:443 script.hotjar.com tcp
US 8.8.8.8:53 antivirus.comodo.com udp
US 104.37.183.1:443 antivirus.comodo.com tcp
US 104.37.183.1:443 antivirus.comodo.com tcp
US 8.8.8.8:53 12.160.165.18.in-addr.arpa udp
US 216.239.34.36:443 region1.analytics.google.com udp
US 8.8.8.8:53 content-autofill.googleapis.com udp
FR 142.250.179.74:443 content-autofill.googleapis.com tcp
US 8.8.8.8:53 60.20.162.3.in-addr.arpa udp
US 8.8.8.8:53 1.183.37.104.in-addr.arpa udp
US 8.8.8.8:53 74.179.250.142.in-addr.arpa udp
FR 142.250.179.74:443 content-autofill.googleapis.com udp
US 8.8.8.8:53 download.comodo.com udp
US 162.255.25.209:443 download.comodo.com tcp
US 162.255.25.209:443 download.comodo.com tcp
US 8.8.8.8:53 cdn.download.comodo.com udp
FR 185.93.2.244:443 cdn.download.comodo.com tcp
US 8.8.8.8:53 209.25.255.162.in-addr.arpa udp
US 8.8.8.8:53 244.2.93.185.in-addr.arpa udp
US 8.8.8.8:53 206.20.217.172.in-addr.arpa udp
BE 64.233.167.154:443 stats.g.doubleclick.net udp
US 8.8.8.8:53 vc.hotjar.io udp
GB 3.162.20.77:443 vc.hotjar.io tcp
US 8.8.8.8:53 77.20.162.3.in-addr.arpa udp
FR 142.250.179.78:443 play.google.com udp
HK 172.217.24.227:443 id.google.com udp
US 8.8.8.8:53 i.ytimg.com udp
FR 216.58.214.182:443 i.ytimg.com tcp
FR 216.58.214.182:443 i.ytimg.com tcp
US 8.8.8.8:53 182.214.58.216.in-addr.arpa udp
US 8.8.8.8:53 www.youtube.com udp
FR 216.58.214.182:443 i.ytimg.com udp
FR 142.250.179.78:443 www.youtube.com udp
FR 142.250.178.132:443 www.google.com udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 static.doubleclick.net udp
FR 172.217.20.198:443 static.doubleclick.net tcp
FR 172.217.20.194:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
FR 172.217.20.194:443 googleads.g.doubleclick.net udp
FR 142.250.179.74:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 198.20.217.172.in-addr.arpa udp
US 8.8.8.8:53 194.20.217.172.in-addr.arpa udp
US 8.8.8.8:53 23.149.64.172.in-addr.arpa udp
US 8.8.8.8:53 accounts.google.com udp
NL 173.194.69.84:443 accounts.google.com udp
US 8.8.8.8:53 cmc.comodo.com udp
GB 178.255.85.135:443 cmc.comodo.com tcp
US 8.8.8.8:53 licensing.security.comodo.com udp
US 8.8.8.8:53 licensing.security.comodo.com udp
US 45.32.1.220:443 licensing.security.comodo.com tcp
US 8.8.8.8:53 84.69.194.173.in-addr.arpa udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
FR 142.250.201.163:443 beacons.gcp.gvt2.com tcp
US 8.8.8.8:53 163.201.250.142.in-addr.arpa udp
US 45.32.1.220:443 licensing.security.comodo.com tcp
US 8.8.8.8:53 play.google.com udp
FR 142.250.179.78:443 play.google.com udp
FR 142.250.179.78:443 play.google.com tcp
US 8.8.8.8:53 youtube.com udp
FR 216.58.214.174:443 youtube.com tcp
FR 216.58.214.174:443 youtube.com tcp
US 8.8.8.8:53 crl.comodoca.com udp
US 104.18.38.233:80 crl.comodoca.com tcp
US 8.8.8.8:53 174.214.58.216.in-addr.arpa udp
US 8.8.8.8:53 233.38.18.104.in-addr.arpa udp
US 45.32.1.220:443 licensing.security.comodo.com tcp
US 8.8.8.8:53 cmc.comodo.com udp
GB 178.255.85.135:443 cmc.comodo.com tcp
US 8.8.8.8:53 consent.youtube.com udp
FR 216.58.215.46:443 consent.youtube.com tcp
FR 142.250.201.163:443 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 e2c23.gcp.gvt2.com udp
US 35.184.229.211:443 e2c23.gcp.gvt2.com tcp
US 35.184.229.211:443 e2c23.gcp.gvt2.com tcp
US 8.8.8.8:53 46.215.58.216.in-addr.arpa udp
US 8.8.8.8:53 rr5---sn-aigl6n6s.googlevideo.com udp
GB 173.194.3.74:443 rr5---sn-aigl6n6s.googlevideo.com tcp
GB 173.194.3.74:443 rr5---sn-aigl6n6s.googlevideo.com tcp
US 8.8.8.8:53 beacons.gvt2.com udp
US 8.8.8.8:53 211.229.184.35.in-addr.arpa udp
FR 216.58.215.35:443 beacons.gvt2.com tcp
GB 173.194.3.74:443 rr5---sn-aigl6n6s.googlevideo.com tcp
FR 172.217.20.198:443 static.doubleclick.net udp
GB 178.255.85.135:443 cmc.comodo.com tcp
US 8.8.8.8:53 35.215.58.216.in-addr.arpa udp
US 8.8.8.8:53 74.3.194.173.in-addr.arpa udp
GB 173.194.3.74:443 rr5---sn-aigl6n6s.googlevideo.com tcp
GB 173.194.3.74:443 rr5---sn-aigl6n6s.googlevideo.com tcp
GB 173.194.3.74:443 rr5---sn-aigl6n6s.googlevideo.com tcp
GB 173.194.3.74:443 rr5---sn-aigl6n6s.googlevideo.com tcp
US 8.8.8.8:53 suggestqueries-clients6.youtube.com udp
FR 142.250.179.78:443 play.google.com udp
FR 142.250.74.238:443 suggestqueries-clients6.youtube.com tcp
FR 142.250.74.238:443 suggestqueries-clients6.youtube.com tcp
FR 142.250.74.238:443 suggestqueries-clients6.youtube.com tcp
FR 142.250.74.238:443 suggestqueries-clients6.youtube.com udp
US 8.8.8.8:53 238.74.250.142.in-addr.arpa udp
FR 142.250.74.238:443 suggestqueries-clients6.youtube.com udp
FR 142.250.74.238:443 suggestqueries-clients6.youtube.com udp
US 45.32.1.220:443 licensing.security.comodo.com tcp
GB 178.255.85.135:443 cmc.comodo.com tcp
FR 216.58.214.174:443 youtube.com udp
US 45.32.1.220:443 licensing.security.comodo.com tcp
US 8.8.8.8:53 yt3.ggpht.com udp
FR 142.250.179.97:443 yt3.ggpht.com tcp
FR 142.250.179.97:443 yt3.ggpht.com tcp
US 8.8.8.8:53 97.179.250.142.in-addr.arpa udp
FR 142.250.179.97:443 yt3.ggpht.com udp
US 8.8.8.8:53 rr5---sn-5hne6nzs.googlevideo.com udp
NL 74.125.8.106:443 rr5---sn-5hne6nzs.googlevideo.com tcp
US 8.8.8.8:53 106.8.125.74.in-addr.arpa udp
US 8.8.8.8:53 lh5.googleusercontent.com udp
FR 142.250.74.225:443 lh5.googleusercontent.com udp
US 8.8.8.8:53 rr2---sn-5hne6nsr.googlevideo.com udp
FR 142.250.74.225:443 lh5.googleusercontent.com tcp
US 8.8.8.8:53 225.74.250.142.in-addr.arpa udp
US 8.8.8.8:53 rr1---sn-5hne6nsr.googlevideo.com udp
US 8.8.8.8:53 rr3---sn-5hne6ns6.googlevideo.com udp
NL 209.85.226.104:443 rr3---sn-5hne6ns6.googlevideo.com udp
NL 172.217.132.71:443 rr2---sn-5hne6nsr.googlevideo.com udp
US 8.8.8.8:53 230.75.250.142.in-addr.arpa udp
US 8.8.8.8:53 104.226.85.209.in-addr.arpa udp
US 8.8.8.8:53 71.132.217.172.in-addr.arpa udp
US 8.8.8.8:53 lh4.googleusercontent.com udp
NL 172.217.132.70:443 rr1---sn-5hne6nsr.googlevideo.com udp
US 8.8.8.8:53 rr1---sn-5hne6n6l.googlevideo.com udp
NL 74.125.8.166:443 rr1---sn-5hne6n6l.googlevideo.com udp
US 8.8.8.8:53 70.132.217.172.in-addr.arpa udp
US 8.8.8.8:53 166.8.125.74.in-addr.arpa udp
US 8.8.8.8:53 rr4---sn-5hne6nzy.googlevideo.com udp
NL 172.217.132.169:443 rr4---sn-5hne6nzy.googlevideo.com udp
US 8.8.8.8:53 169.132.217.172.in-addr.arpa udp
US 8.8.8.8:53 rr4---sn-5hne6nzs.googlevideo.com udp
NL 74.125.8.105:443 rr4---sn-5hne6nzs.googlevideo.com udp
US 8.8.8.8:53 105.8.125.74.in-addr.arpa udp
NL 74.125.8.106:443 rr5---sn-5hne6nzs.googlevideo.com udp
US 8.8.8.8:53 cis.td.security.comodo.com udp
US 209.127.178.76:443 cis.td.security.comodo.com tcp
US 8.8.8.8:53 76.178.127.209.in-addr.arpa udp
US 8.8.8.8:53 clients2.google.com udp
FR 142.250.178.142:443 clients2.google.com udp
FR 142.250.178.142:443 clients2.google.com tcp
US 8.8.8.8:53 rr1---sn-5hne6n6e.googlevideo.com udp
NL 172.217.132.230:443 rr1---sn-5hne6n6e.googlevideo.com udp
US 8.8.8.8:53 230.132.217.172.in-addr.arpa udp
US 8.8.8.8:53 rr5---sn-5hne6nzd.googlevideo.com udp
NL 74.125.100.234:443 rr5---sn-5hne6nzd.googlevideo.com udp
US 8.8.8.8:53 lh3.googleusercontent.com udp
US 8.8.8.8:53 234.100.125.74.in-addr.arpa udp
US 8.8.8.8:53 rr2---sn-5hne6nzy.googlevideo.com udp
NL 172.217.132.167:443 rr2---sn-5hne6nzy.googlevideo.com udp
US 8.8.8.8:53 167.132.217.172.in-addr.arpa udp
US 8.8.8.8:53 239.249.30.184.in-addr.arpa udp
US 8.8.8.8:53 178.223.142.52.in-addr.arpa udp
US 8.8.8.8:53 rr1---sn-5hneknee.googlevideo.com udp
NL 74.125.8.70:443 rr1---sn-5hneknee.googlevideo.com udp
US 8.8.8.8:53 70.8.125.74.in-addr.arpa udp
US 8.8.8.8:53 rr3---sn-5hne6nsy.googlevideo.com udp
NL 172.217.132.104:443 rr3---sn-5hne6nsy.googlevideo.com udp
US 8.8.8.8:53 104.132.217.172.in-addr.arpa udp
US 8.8.8.8:53 rr1---sn-5hne6nsd.googlevideo.com udp
NL 172.217.132.6:443 rr1---sn-5hne6nsd.googlevideo.com udp
US 8.8.8.8:53 6.132.217.172.in-addr.arpa udp
US 8.8.8.8:53 rr2---sn-5hne6nzs.googlevideo.com udp
NL 74.125.8.103:443 rr2---sn-5hne6nzs.googlevideo.com udp
US 8.8.8.8:53 103.8.125.74.in-addr.arpa udp
US 8.8.8.8:53 rr5---sn-5hne6nsd.googlevideo.com udp
NL 172.217.132.10:443 rr5---sn-5hne6nsd.googlevideo.com udp
FR 142.250.201.163:443 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 10.132.217.172.in-addr.arpa udp
US 8.8.8.8:53 accounts.google.com udp
NL 173.194.69.84:443 accounts.google.com udp
NL 173.194.69.84:443 accounts.google.com tcp
FR 142.250.74.238:443 suggestqueries-clients6.youtube.com udp
FR 142.250.74.238:443 suggestqueries-clients6.youtube.com udp
US 8.8.8.8:53 rr1---sn-5hneknek.googlevideo.com udp
NL 74.125.8.134:443 rr1---sn-5hneknek.googlevideo.com udp
US 8.8.8.8:53 134.8.125.74.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Temp\gentee00\gentee.dll

MD5 30439e079a3d603c461d2c2f4f8cb064
SHA1 aaf470f6bd8deadedbc31adf17035041176c6134
SHA256 d6d0535175fb2302e5b5a498119823c37f6bddff4ab24f551aa7e038c343077a
SHA512 607a81be02bde679aff45770e2fd5c2471d64439fdb23c3e494aed98970131e5d677e1eba3b7b36fca5b8d5b99580856bb8cf1806139c9f73693afb512126b9e

C:\Users\Admin\AppData\Local\Temp\gentee00\guig.dll

MD5 f78ee6369ada1fb02b776498146cc903
SHA1 d5ba66acdab6a48327c76796d28be1e02643a129
SHA256 f1073319d4868d38e0ae983ad42a00cdc53be93b31275b4b55af676976c1aa3f
SHA512 88cff3e58cf66c3f2b5b3a65b8b9f9e8ac011e1bd6025cadadb0f765f062cb3d608c23c2d3832f89ada0b7681170dce1ee4a0b8b873e84135756d14ba8c69fa9

\??\pipe\crashpad_4680_WVQHURNGAJTUCKCO

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 4ea5f60a039c746fd1a9715145a729ca
SHA1 627ec1f4a072e4a9d1ade5ac4bbdcc3b8c4e1817
SHA256 7231607ccec3ebfe280e571c81482863ba6a9f6f7d1d4c6e6d82be962804f8e3
SHA512 c9ede24c9493711f6c8ad08d4874cc49296111745adfa991eeddac88eeaf5e24159369a6d27a7432e5c05145b7822b942b2086cd1c34e3daf4963ca165cca9a3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 39e700d9ec7a4e85045791f436154aad
SHA1 eb0c946874e4e08c9ea43d7e17da9dd0eb8b72e0
SHA256 37b14ae0d985af38e22c2a6b7546f3e24362b054d3ec559d68a1c824f1842c18
SHA512 15a6fd1e70ebdf075af7e4c4e66092c664c98f1037d8e95fe1a82535760219a22405fa7204e1a96a4a3f187b13a7c0036aea276a72aba4dab9b1b49cfdb9290f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 c0f9c021b61053030a71f50d0d1eb73a
SHA1 05c97d68aaba53ebca390a23b3c0371ca3f5335c
SHA256 6dca2e861a7166424f8184213f871013f9f7370060c71ad6d9a46fbacbb41771
SHA512 b43f52d7d96254fa5a850b00fb3d5afad2a1042e41bfe3d0d1a2532060369b3dc0b388812806aa07c0d6fd3f4dbceddd1829230f7a3facba9514835b6a23ede0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

MD5 ccc3433476cd616637d0394542cee527
SHA1 b15ada55464cb35ad7d6d4f7ed823225aa7d57d3
SHA256 a5832b07f0bdc6b50e6a1be2c6bc123ed10e11bad3c85f165305f19bed258768
SHA512 313020665db931e0e76472f8863023e104da01f74f9f2f1ab85475aab4104f82be9b78c963beba8bcf25d79a2f306544cd478043bef87fd64e30742b5afe9711

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 4d41c8e7a9717ab47d331ed3309ca56f
SHA1 af2f8c425eb7a0a533a33fdf5763a9f0d2706ef9
SHA256 b62e1402cc3e455920c5da5ae25e4f9f8081fcb120c7568268154af6db9aa006
SHA512 ac0e331c6c207140cc292e3a457049fa82e99bebb0c559813a0d8f9e2318854a150e4936abeec1237af96773821906225bafbc4581830c857c1d8a9b2ea72eeb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 4a80de0ebda42a572558d18599fd7629
SHA1 314cb52bfb551aad901a1675e5e1ea2b631b1dc8
SHA256 836eb57e1fa4ec1c7899fda431ff71c8bee2006a30f7a9a07b9f8190351cf119
SHA512 615715ae4ad958eef173e587fd367ec0aa7dc42394f4226364f9b13cf8de61aef928c9d840243d7f2f968bdce4d0d406d275a3fe6971efa6fc33f2851be60e36

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003b

MD5 add520996e437bff5d081315da187fbf
SHA1 2e489fe16f3712bf36df00b03a8a5af8fa8d4b42
SHA256 922b951591d52d44aa7015ebc95cab08192aa435b64f9016673ac5da1124a8b4
SHA512 2220fa232537d339784d7cd999b1f617100acdea7184073e6a64ea4e55db629f85bfa70ffda1dc2fd32bdc254f5856eeeb87d969476a2e36b5973d2f0eb86497

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 af05f38238d6db5e2a3578bc1522b931
SHA1 0e89d5179249b2f4e94a0aa57282751b1e90003c
SHA256 09e32791bcf3941c978009b559557dcd6403f31dc7cf341f8c29f4d4afbbc03d
SHA512 e0b06b543a63198d75e1828d242d4f0e1ef000c36445ccef9d7077fac79186936458e5143ffd4407a3e35148343befc3601913d2318eea226699a6d6cde94f72

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 84376ffc758b4ca265d3a6f5c7adb258
SHA1 6f282e57f806b8bfcde38d9ecbd60242e68c894c
SHA256 bf38d43a6b020dcb84aec238af703a80d7d5a2132366e22c8b70c349bb837de6
SHA512 49e36b9edc48115607171c44ba61ba30831b12fb8f3f5f57c471517efe8d16679be421a8fc6e64d15452337e83cc35b3da2bd49aaeb2dcbe2275eceb45174273

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 35a754f1554148a0d2853fee04dd6f25
SHA1 359ec83d3c60cee4aacab803767651431c499c4b
SHA256 b6ebc9cd06dbf7379747e5fd6c046a9c90cbcde7369684089bea334b532233d0
SHA512 e3a9bfdefa2b0135574894dceae66c86b9a779cd3aeba296e8f8b4d13e4411733e417d8f684cb66f1ad92767eb8f7f876844e148ad489c2d37fbe8d3e282a183

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5d2f7f.TMP

MD5 2da4b4fef940a4c976306c0ad7014bd8
SHA1 4f3ac34413f456b331a11496f60e20e83d76e6df
SHA256 1c71cd0e0280719e39cb96115f217cb9301e18d5e82ba5fdfb3d53bef8e8d427
SHA512 128bcb55584c9ecda758ee4108c4cd855e3b28916a3020cbf79ce831ff21e66e4e614b06b57d7a69682a42fbf45a53c0cf64339ace47fb033cdf666414bce0ec

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 5a9a7a9cd144845ea6475309646ca734
SHA1 725b071448ca0d5092546734141fec13177b497b
SHA256 d76e6ce4e46e4c0cc3a8bf27cc0ca1c15a285f55f335b065191b715253f109fb
SHA512 693bc14901bb6a1af9b184820efa6564f8a7902747bdde991e572cb70de3ddf683f35f14c4421865b85ebb7f2a68f8a73dc6cf0e549fb354f21a48fe7b120c8b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5d3b08.TMP

MD5 a73aa4ec14a4f467004ec02359c1f117
SHA1 b5a992f45437ec5ddfdcf5bbdd15db161ba99119
SHA256 c7b1655919bced27249ef4457aa948096c9736a9035460e2eba300682a36a0fb
SHA512 98809ad4b18efa276108a9246502f070db368a1a879470a1322838e436958f1c451885c0e6e03f20b96ebbfd2c5d58b4e308305facee7f6db635211f84429704

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cis\download\installs\installer_data\eula\eula_cavplus.html

MD5 b655d81127550b07fbe2ac849e6e1e42
SHA1 61fa51e4c9f01d5c7302a8a9ac6c43bbc665c45d
SHA256 32ac5b1265a7cae273baab2be295ee71a9033ff4233bf92630872523770cc241
SHA512 4a8d05f7488e6bc91aa545618e1d6dedb7508bcf7d635777e2f67c82fcc40e29116924598ed563c7778c32e6a837a5f6467d8d4c01ae282a84b89783fbde9571

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cis\download\installs\xml_binaries\acronis_bc\abc_1028.html

MD5 69f5bb74c296ae50fd1a0333bd067f1b
SHA1 8f3f9e0f8a5c6d9c6f6504602224f707f972c639
SHA256 058fa934bda4323bd47df539aa007a78fd913aa4a0aa2f0ddb45f9c2aecfd2f9
SHA512 613ef1c981cc84baac45422773d876a21d0e7487280a19070d90785d10442417ffc34e9d31e37fb9438990272d5621e0e8ed48ac8eaa51c2af236acf6fd8477c

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cis\download\installs\xml_binaries\cis\cis_sb_1028.html

MD5 bb1b54488485c8fe327f50a965135177
SHA1 ba4ea706c1a1c38e9cf07772de0ae18b5f5c78ff
SHA256 fbd19cda945dbb992302e248420bb61f6c86547a85a01a8f6527f1c647065c63
SHA512 a95f2c1a5c23b3d12ce8f4e13dcaf1fc9f97472b3ca9546235060fc3240270224f8ad6edf78b228c42ebfbe9cc79195e638bb876a18a79e86f6c4eb40f1bb66d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 a05544f39898e3de8ee18cb7c43e0e93
SHA1 fdf60dd911d9ab0af0a2f54b9943533798c42f1b
SHA256 fdec586fede927e572e08faf34c88b5f02720ed65bf592f2a906a9b05e09f6f5
SHA512 caa1f0e320bf8cb92515c1a6a10606b5346a1826b7d17989b17f3d98619c1d1a4efe617a730a3f5a1825948e3b3fc5d681a924a2b7c585a051f225c934c6b62e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 da3ceeb9728ef6de617fd3adc8ae0afa
SHA1 9858362bf1980ae3b675ae28fcc27bbba24f44b6
SHA256 5c853f31a1cebf969502dbf71fad2fad65dfd7de8ef8061245ca62b3cc0376fc
SHA512 49033e562e278cd69d9e25cdae23b7c09819d16d3e8116a277d76742e777bb4af03e598fca2e90916cc3b522bf9aa6ccde272d27519b0f4b53a5f36f4e338451

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cis\download\installs\xml_binaries\cob\cob_1036.html

MD5 8de94911a17183a37dad85112e1a8b51
SHA1 ac9bc89c248a557fc985bacc270040027976f2f4
SHA256 9798fc6d02cb550b29b46b8c380c83eb6cfa8943930bac43e01d523581c8f646
SHA512 3e88534157e95ebe2ff3b499adc524fbb88510357af6e971fde23463ee706b3cafe08f48b15cd563bea3937f19546b1402dd6b0d4226f2708055ce04a7e2df62

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cis\download\installs\xml_binaries\css\css_1028.html

MD5 0a58f1da6063fc693912f34e343157de
SHA1 a82f8626594b14c51f1331ddebf56dc6ae5a4092
SHA256 bcd439be5efb0ff3dbd5bb067b1eb89f9e9987779723f074c750e2d81f3cd0fb
SHA512 5a2bc78642dd084cadc1d78d56693e509e7ca33d02b3cdfdf7241c207bac0b782828ac37638bba9c96fe9179fabe3337249a070e66b437e0472b912164cbec01

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000008

MD5 1aca9c8ab59e04077226bd0725f3fcaf
SHA1 64797498f2ec2270a489aff3ea9de0f461640aa0
SHA256 d79727a3a88e8ec88df6c42d9bb621a9c3780639c71b28297957ada492949971
SHA512 d63ebb8d19e6cbe9714603688bc29eda4e347e1bf0bb9b0b7816225220263781b84966413a946feb4ae27750371de01e03092dacc4051116073c518d6217fe65

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cis\download\installs\xml_binaries\privdog\privdog_3098.html

MD5 b3c803fb406a8e98f6415af7e02b1633
SHA1 8b9444d5c29cb5dc70cfc739138add302ca87d67
SHA256 99ebaf55ca8e00f0dea0ec87999aba8b080dcf9da873eab8cfd48917ed07bbc4
SHA512 7eca6215d4ef121847917f212ac69bf2450749f125346f7d7898f69cab36d1ed381b3e72f87db3770f4f5c2329f1cced3d9a2254eab664bd0d69d44efc7228b3

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe

MD5 9289f5cc71dccb72fb256714e95cb71b
SHA1 737ec1e7152217d0a189d498a9c8023184a22079
SHA256 dc57c8ca3d06f14bb636f27a909055920fdf47af0f809c89e19e9b91c245ff5b
SHA512 55c97db0d2a6b40b730c88d5c390fc3ca56f86b48b100dad74cb03d39d95a2ad3f09f5aa62ea36bd512ff36b005a4359c48543842dc76cdd0b3803f48d9b5fe5

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\7za.dll

MD5 a41c803a25544c6caa57d878d76c4b3d
SHA1 55f90b038689cf66f1ad41f1bd5b628ec8748ffa
SHA256 d3202e24272d2a2b6b37f55b3f4ac68d7bf9eb829d4a5d9955d5416cd831e402
SHA512 d25ed1dddb5741fc95c40160c893b4f92b6ed55702318f9193f6d6a9b608a26803bac9816d7b6513b086e6006a48e858712a2f95baede186be75ce173dacf35c

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdhtml.dll

MD5 7d78f995c24df9c5d85d4ac0387409ce
SHA1 3289207b501b1ec696e105232443ac1e86da0d34
SHA256 da52259cceb4dd37d49aa0a00fa7f40fb49de1f3b000242123d32665ab0f2d43
SHA512 22b2fb580659ab69e653bc567a183e8df6a980863f1a8d7a8ea51c4add05ed23a1ff03d787efc61d9d5addf554a5ce062d65c09fa9a0dc9d27cddaeaa78dc3ae

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\MANIFEST-000001

MD5 3fd11ff447c1ee23538dc4d9724427a3
SHA1 1335e6f71cc4e3cf7025233523b4760f8893e9c9
SHA256 720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed
SHA512 10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe5d81a6.TMP

MD5 19459e0b376921e6897f451151ffeb13
SHA1 c5b2750b9a71bf5ae86e6d1d47e1fbf175ccaf34
SHA256 a5aa37b780a4c3af33914e1663176375f3202c29d0c7b6e3704b72004a884f89
SHA512 525274e2a87bc946705327c43c103daf50c13e040b263294ebc45289c09edf7b03fe26df967013073bf3cb4f9a549c481a033d128ce6d33b60f31566375eaf09

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt.tmp

MD5 b6f48def1ad0dc727f479ce8ffec8a6b
SHA1 488a3d7c23f20d7c90d9cd3010d31836d67b4028
SHA256 88b9c140ca5cdbc682401e0cd009ef606ef17510c596d69c12b629f720543aec
SHA512 ff657c31fa12c36894ac6002bbc33c3263739b9727aa255687ff9299087d47b2a6b390cd0bb6ce588b992c245e497f5e9178de97bec3c72a2d696160dd9f3a9a

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\themes\ilycia.set

MD5 c3fa6759687fa162f7a1fad670a1ba7e
SHA1 e857d0f942a2b8fed04f8c4700eaef5bd928dffe
SHA256 45d77131e9500ef23c5914a8db7e2c6056cf336c8654ca8c06c536f557fa33ad
SHA512 a929e2e47c639b7fad74cd0b5f599f385beaad519f55ff7cdc37a12e967a6728f7ea6a6b34a729e9c2195d3eea8d76ac81ca2cc27bae35ff679007e9b70700cc

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdres.dll

MD5 da6c37c7efafb11cc58f593a11403457
SHA1 abb0b34a5c4348ba035ab3b16c2c844e1282c8b4
SHA256 11dd8e1b0a249978fc01deebd6e5b7f71b3b6dd75e29ba82c9f6c4bdb61d34c6
SHA512 c8a264021f24c8ad5f86be66b35c0fe5216b3df8afc1782fe0e5b123d720948fbafb415087317185f67724946af1ddcd532e4ee05b5176318ce36f208f4fc68e

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cis\download\installs\xml_binaries\ise\ise_installer.exe

MD5 bc5be4070c49a53b67f38e6620c47b99
SHA1 3979c599941b75ac693b4fe8ebe8bedde2a809e9
SHA256 ec3e0dbb7d9c14bad85c80367d1ffe777ceaa19dd8ef9e75d6c12c4c3902ec83
SHA512 92573222ec9502036c55f672cacd4a133b896cc38d9b3d6dfab03233241cc5ead5b25880ba5cbd196eefd31a597df2ea2595df323f000a7ac858ee718225b9f9

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cis\download\installs\xml_binaries\geekbuddy\lps-gb-vt-x64.msi

MD5 527d4d4972633ae6fe95147d66e3329a
SHA1 60b3bd88aa5a2719359746bf779b3de94cc7909f
SHA256 02f41a06d3af939daa30893315c582e62eae59507e12582b7ed52a89681bb56a
SHA512 7d48bbd4bea8e5b9f3719e795136189643609df4e6fe5c5753cac2a8f24a9a0bd0ad03c954665416e699d759a4690364e1cc083722430ccae061fcf48bbcb86f

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cis\download\installs\installer_data\installer_init.xml

MD5 47489ef3b4ded9d16c3397a9dd59bcec
SHA1 d4e75dd52c44f1719367ec71dd95687b584f2de6
SHA256 daed5a1bb75b78ba1affb43371a2e63fa73a2b7fd3f5f0332db452c2764e864c
SHA512 8259dd938a3e4748088dca878a77d1f9cddb51654949f73851a84f8263b28296c6e40c89b413ff2ed30ddc041dcb5ed2195a182fa5ae1ca6a410bdc8d4d699bc

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\installer_langdata.bin

MD5 b80eda6258e28b537651f8e5ebd997ff
SHA1 826741e138e8342f4bc3303838e347a44bb93546
SHA256 6e960dfed451c2dfb99352d25d3df8dd46fe7d80c9af79805c0cfbd1a99a2709
SHA512 9fce1cb5fe8b6a2bc4d13c1ca3ec31c926c6dd33717f145da6952ae33144eb11a6ee9e751e1d3e2d5d6ce7768e9f9602773a917d9f5f8473670e6d631b932b74

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 c4a08892abebb02d5d2bad80c95b3b6e
SHA1 386cb1eff81a80d20b399bad6ce02d40437e1430
SHA256 d4cff26b745304da75a836bcc92a37aa7d66d12767c5c0f14d5ae53c9dcc684c
SHA512 5ed29cbc487e7ff7b679d9922a4926e5755f9b4fe5af851d0fa38dfe66538320a6cd0d97f771ae4ec55a8beb21a9d1312c739ddc3b0dece972b47f7cf36dbc46

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 531c137bedcec60edfb274685fd57a19
SHA1 9f663e496500c525fe615a738954340d0bba344d
SHA256 f06de325c966ad89564db16a919ab79ea8775cce837f7a1d8a8bd5f795787bee
SHA512 0fb68268068f7faf6fb06303c98aa89e77380d4bbbcdc4ce8b232b5503fadd75039b9b6f25a30c9358d762134a0143a71802ff7662b2052bbf997a3a1c0b1292

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 9dfb2888008f20b72a54f94a355f7218
SHA1 804a55e06a2270b056091707b3e5448c0c6e00f4
SHA256 073dd0ef7584f7c138207bccc86477482811727232d1181dadf1ab0b4912bb4f
SHA512 50f73115dcb6af447dd13faf5c3c860c0c267e0d24b6216bba5b044da67346939e0aea0840300d6df84c3cb9cf3ba2d7e4d30da97e70f451abed76b10f90d334

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 b5e544330c4d2002b11887714a3b27d0
SHA1 f7941263f33710ddc95fb05eed5869615907d110
SHA256 d17fe730f7e155f5503fdac87643e377a876aa16f21f1254bbfec1f02c0b903a
SHA512 1221dd304b393fcae7e19305cb2ea58fae68fa5864eb49b9ed2be4e624c3aa81aefaf3b7065847b174d47532c424029a1157732293c69290e0b59e0dda77d35e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 19c13d4955a746b16c5b62349ce71f0e
SHA1 0998b4735052f07aff2a0e8f54510ed9ca675239
SHA256 9ba18a02b83c03e666529be43d58b63c5ca97340dc0ebbe38a23eab931fac445
SHA512 8ae42688ab9b9b9012c6f511b0fa35787e0671be5baa2ac12c77f28aa73b3d1cff26f5fe838301f8318d7828a06cd2d345517f14af8a4e145d60e6f86b0a7eab

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 08654cee90952df1b4129a53435d7c1a
SHA1 10d5968b82e54e67267d78f5cdb6fca6b76de5a8
SHA256 633cbc3cce27fde04586e70ab20e6c3fdece427c164e40d6c1448cafe1f796b5
SHA512 827e17f19e91af26519911eeae8337f031a40edcdff5c2d60cd1a8d9c1522915e973c704448895a79504bb39695e9fe7eb78e748a90e67ae66deda4ae4ba8653

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 47c3b89cf3c48c4f53f6eb43aefc4be2
SHA1 85edc951f842e2923b095035cc45fff6ec7a7a15
SHA256 e26f676e7ce6990cc3f7bc30783acbc5fae85ad2344979b05efe9ca39dd0b92b
SHA512 976cfb93de4c8aba5861d31c67c9f44db2a7f25a38d80b3aa4f94ac447678a9910c2970543f06ae6fc5199f4db5b055b5d8230d30e78363b1b01d39deaff9e11

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 de9b3d71918ee207448510dd15013a84
SHA1 69a009982976bb96fb16df4535e801aa8d4114c1
SHA256 b77f49c64a448f0715382a22ea6895c76d6c1d944c26b6b9516cb2cbb85decd7
SHA512 e7c117c3f879fee9175d02f88142e666504949b2a56b32681c6e4dcb1fa880063ac71c1a65f8b8cdbb4484d2ed5e0819eedf6a6560994c72edb17d4983754dd3

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.001\bin\ise_installer\isestart.exe

MD5 ae9a7049b38b22598e09b9b64b850d1a
SHA1 049d9e0d1dc4c3223c2a2e7725d05aadc030ccf7
SHA256 63bb102753c6208306d86e5f6eac009d0b9a60c9882b5265d0c7fd3b44614f0d
SHA512 61a2d549cbd39d05d7d94b89c3d90054c3126fb91195921d0a87856faf121dfc46eb60f20510cf915bf58dc849c15837d3d4202f6df8ad75b0959188d0973a58

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.001\bin\ise_installer\translations2\isestart.dutch.xml

MD5 c26f33790b6f16086348a781f346bfe9
SHA1 a58c092b483905821b0272fd283c0074f133cb29
SHA256 c70b9d0a88cdb7cedbf97b1efd00b33f1675f8c76661f20f5c0de79c5c607978
SHA512 7181a16b60d9c45ef3cb9a72ed1ba5d9b56b3b98c48443f67fff884789177cdd4c1bbac8f05e1f1ba44e167cc5fca38d20b5a45e34672db869b2ebd80f1244e9

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.001\bin\ise_installer\translations2\isestart.japanese.xml

MD5 59df44e6d5b365ed1be7d9bdf3f3db97
SHA1 ce0698d99f001a830660b98f37796ce64cf97c01
SHA256 d7d7fd32ae5e2975329e9c2465e26e1381d6b2cba9d718a923d1695e751902e8
SHA512 8634ac43c19c70c59a028d673f85a3c54c259f0500b6afde343925008ee111d3abe8d08b79ad8310d7078794528d910973d57a749f806c1119299d1069e79b19

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.001\bin\ise_installer\translations2\isestart.russian.xml

MD5 a311f7c539bfa7513d502861036268e5
SHA1 9cf9e9381ec8282490dcd40e934e3d0beae68b17
SHA256 821fbf65e0ef3dcfb1905f16ad5e5356a58c7deeb7c6b2b02b33a50390b3a078
SHA512 7b1e7d91e38be6bc8ddfacbcd6a8026972bc10d3418f6dfd82bfe14eb8c469705706a096b6ad48996e2d9aa96b080a59f06f2a0497347c7032c69274c4424bcd

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.001\bin\ise_installer\translations2\isestart.romanian.xml

MD5 21f5b45f4ce00475c14ca71742b401d7
SHA1 175ae3d0d7d87ad00e3a775418bed34a3c2b56ee
SHA256 d733d51447da0a9e26b731b4594778270302c2d5b8929e2f985491ecf3e89e1e
SHA512 640bf3edd7aa3215582e750cbedb8acbdb13aedecee41493bff8f271a4aa3ebd79ec15d5065ce3df06867bbdf2c70b8d070d5fbd342d1d2f5442f79c76b6c9ba

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.001\bin\ise_installer\translations2\isestart.hungarian.xml

MD5 d81e6ca0bcb49a920af6124095e0b331
SHA1 2e36b2a371c6bfd3fcbd4da649b79984cdfbd0bf
SHA256 b30b351b164b08289670e6f91db31932b87465931d0953a89cdf1834e5f412db
SHA512 37e5846439e3bd28075f16e8ad96815a2073839ad3be47e6b919142edb8c9f88c64688b62fb52bd4160c9fc5b10438c9fd1b352e8cd68351eb3134a65090d576

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.001\bin\ise_installer\translations2\isestart.german.xml

MD5 f0de20af4870865fda4e91e47f0b0806
SHA1 af94fa596c86ab80cf5614faeb159c6f147ef022
SHA256 5e2bdeb6a27c61224ef942f448ad55a9fa0ebe664c70b24c397e9b9d86115d4e
SHA512 37e40145f0de7ec6410fe13d95bc56eb75627522b3bad9a4ad6fa2a33b76cd5f241419d8add68f07641c36f1e216afd6aa56536d48db3d6feb8f7c42afcf62f8

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.001\bin\ise_installer\translations2\isestart.french.xml

MD5 8b68540e82d174aaf5bd826fe8d0b173
SHA1 2da4383d66888872b066a8fb2ebdb09dd1322d1e
SHA256 1d7ad12a24e4b0909ab3a02595a7995c883b97f3879c751506872a4736d60c16
SHA512 e7fe3f5b2c54dc593332562366e515cdad318e6ccb8e95a7f99525065dd2df8b4c050de95d6e4eec02a414328acaf0f71c8219c6cf777c8246cedeabbc03fb89

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.001\bin\ise_installer\translations2\isestart.english.xml

MD5 0a59b4fc12bb1878b160759e3d3c6ac8
SHA1 8c6be79331faaeceb30200017cab4df0a16f01df
SHA256 e207a348a5bf99a60efd46d4a4185c3b04ada732279b0990859d138c1108291b
SHA512 d8b3491baffe342ffd3c8da7a39ea49ff30d3a465fc90041c8814b97aa1f44b7046c986ca91fd369164b6db5de052e0f48e05c30393e1e48926b49a62696a19d

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.001\bin\ise_installer\translations2\isestart.chinese.xml

MD5 29fba847ecd3deae2301d91387f8ec02
SHA1 1245f0a8f70fd21b46114cc33e126e520de001e4
SHA256 b66b3ced2b8c33854ecb240998c4af2034bbf63da7411e88e4344181032c4666
SHA512 eaed80616e36ceada19b1807fa64dc997675e8a3f7a0fe582697524f6649afb3b9614d7ca77a81dfa5f1d89f6a747976bd22deead7ce8b90c76b9da1d59f432a

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.001\bin\ise_installer\translations2\isestart.bulgarian.xml

MD5 bb5c27f60e7cad11c261c2b9daf24bad
SHA1 dcb3f51ec8b79bc348aa62d5555709e30f89bcb1
SHA256 0cc3de2651c6df918b17c70652447fb9047cf86add2773a6a748d809d63ee143
SHA512 6c6fb75c3339e45b88d8793ddbd2667a3a546bb0c93a3de8d11b0f2c9c09c7289d17295c36fbf960c2de5aa9930e8cc1a478a5437ab7e9a9c1d315452680790b

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.001\bin\ise_installer\translations2\isestart.arabic.xml

MD5 c66e82a065f08b1122945c5546dd7de5
SHA1 2f98c0dd5a00e48617693ac52904fbf005061a29
SHA256 7056946efc8b06e608d211a592e9de303455d51a7b5f3daefef2f12eedf61a03
SHA512 91178c655b35b6192289b1f998e845a006b3a65ff0111db226ba145415258cf99ad87e6a9909974ca412b6b9b0642df6e1b452a4493638e11fb20242290aab8b

C:\Windows\SysWOW64\iseguard32.dll

MD5 38d09762bb34b740f231eb8ef92a9c59
SHA1 13f4fc057a77ca9a39e15cd706dee793139c3f5a
SHA256 5b85665cc8235f51e28ad01652a38a79825d4984508035fc7b783e62e47d66e9
SHA512 d08503836bee3e9116b1e3d6f813b8eeb7e45b5f5b6d0a25f61524e3ed08569697e23d28d50b454f13649d2d32c904852cdc3eaca146001ee7fc8d518c4a4ac6

C:\Windows\System32\drivers\isedrv.sys

MD5 0beb78ac69a1e8b77fe407cf5be9db1e
SHA1 932eade3d7ee1b2bcc808b5456f7f82703fa023a
SHA256 f755651b14b063cb26fd7f85562b7ed7799bd124a835cd9e6939ff8970fdb908
SHA512 2b9c1cb72d3d94acfcd7020b62daa01ab2bd2093d2b423eb70712fc83e5d76363045188dec64554d73d51e73f602c564547e6860dfc2ea8ec259272ca676cbe4

C:\Windows\System32\iseguard64.dll

MD5 809642a2a3b54e3026aaba7a65bcea1e
SHA1 4a631c9316e89cda4ecedfc046d3d8d02ee0ce75
SHA256 524581b6a48d8b40b13da7057623896dd8b4d099ab3553f395db4d91a3d282ae
SHA512 bcaeb67260b44ef2d4fc04d43a8eefa2da5bf1868c54781da2221cddb2520afedde6b7695874ec0a2deb74b22ca441b79cdf8d933e7474327d35d5dea947d9db

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 39fe8c7315d3cf0b28ec4a3501fbfac9
SHA1 0ecf3bad84913942cb4f9f96f9d80d7166aba0c2
SHA256 8ca3d07b0108ff352c9400291d75b813eb12820cd14ac11707c7277e96914802
SHA512 d1d7ce0c6b66962ba98738483a60ae575749487e6eb75f26da4e2cc61ec9079451a9a732772d3ead6174efa19575c5fb17e093ad55a082c56fef48fbc144b1e5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\5701c4c8-0a73-4a07-aeb3-3718601a1224\index-dir\the-real-index

MD5 7171bac8200138aa93fcd1899ecc08f6
SHA1 a47d2820292a93dad4e9b48721637a0143a276e4
SHA256 98a687a53f60c48c2fd4902ed689c7172e71f4aad517e1ca6c362c52ad18cd3f
SHA512 7cdc6f5767df666a92e8e7bfe3ed25781fbcc453eebb5264ad2232833993530d2524c3d1082c468961267fb2331dc3d4875b44dc2a364953362db08ba5487fc6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\5701c4c8-0a73-4a07-aeb3-3718601a1224\index-dir\the-real-index~RFe5dc3df.TMP

MD5 377519bc814caae17d8cc93feae9b67d
SHA1 f8c1737ca580ec197da9e70bbd964db4c93f5175
SHA256 68d0bea13c06053f59a1141e3d4494d5336c55b45b1b0f8487cf9e7b8f8ec132
SHA512 5f9bde008d0effc236f49a7b0e934b635a154d25b0791d014cd195b26d134e1fe4334e0d2ad9b6695569f2d89755f2e3822d064df0dd1fef100249efdd9e51a0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\5701c4c8-0a73-4a07-aeb3-3718601a1224\index

MD5 54cb446f628b2ea4a5bce5769910512e
SHA1 c27ca848427fe87f5cf4d0e0e3cd57151b0d820d
SHA256 fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d
SHA512 8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 6a97387fa1ffa350c2fdeae873c92746
SHA1 bf07e1635f245430f4b87fc75424208689404fc8
SHA256 ef4295f88cddb145af63d426d5ed8d0720a983db4ce27e5ca518876de21e676e
SHA512 0b3848a85ca94f521445fda2ac5642a7e13a26b17ef4ed0955e84bda8a451c697891d1894d741899b77ee43f5eed225c7628d62082919c0f396fd9aa308ffddd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 748b7ddec216d03793af67c9d8cf8046
SHA1 1e1cc84fc6decd6cac5f8241b1611dcae42f01d4
SHA256 81c4802676bc3ba22f344fd80b1ca4e7f13455b7aa2e80a7d915e33403b9f2f2
SHA512 d59a1be3f58a1b6c8f4120bcd642eac32d2a4741c1ba900ada6859b9f23815927036fda5760e33a1cd65579214988ba3955a7e430c36db2153238509cc1780ba

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 47b173be06b8045fa870e2a40cfcbc71
SHA1 52509116846353319349b03f972b4df37af3a16a
SHA256 bb98d55ecf6d7b94d61045f9abb9d1f1c811555ab4f2bf2c1e53a3e64eed406b
SHA512 99bbba617135da03f225f2407419061ec426ad70e895979f8517aa0db2914afdac351c71edaf24de79d48303c3e25157bb793cc7c61e8c06c5385dd4a5c44273

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000058

MD5 97f199034162b1283dbbbfb994def15a
SHA1 539f1d9814baa54fd3425ec0139f3cfa932301ab
SHA256 3cc79470f85abf02f16c22e1ab349ea126a5d6d1a2da8d302155e0dbc26f0d7e
SHA512 ba709e9f101f44349e356d0d2c126a7eb07b6400d4c2ed5710caa4dbeb5fb33788b162f3b96d6ec2e1957d14229ff17af3be8606740998bc4ab82f153bfadf2b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00005a

MD5 37ed6c63b88c0f83abb8aa80965ce359
SHA1 5b93ff23eb6a84b39b9d49277426e5ac14c9242b
SHA256 82f352691818b5873d6f3096920978cc0a41b6cc008285c944ec755c6a3b203d
SHA512 4bbcd6b9e2eb871669d3c3ddc791dae2a7c7ac0ec0e75b7c0eacbee471ce23ee234faafb972e5420a73ddf6c3f4854ced4582f077fb0b443c86dbd739417191b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 23e8fb74c1759a6681b2ba0f3b0eea8d
SHA1 5a0b911af96ae6932c6b52046bfd85a958b910ed
SHA256 8b6f304d3f90f6bc93d00efe02d2b057c3968c8c66646fff2ade70ea1aaa3579
SHA512 2a2ba622b68de49a269c8bf47b410d8ada90a6337c79353fdb329c5edfe4c2181a6cac81a472747011ef4fced7083d4842d0670ca5eacfc28c690813b415a1a0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000059

MD5 f0d81b309d4441d6dc22bdcb9e9e7d01
SHA1 77e7510fd01735991f8eb242a8a20acf5c7326d6
SHA256 90b890766ed0dfc173b119f625e4bde7785d509a76d27354148bf0a80a09889c
SHA512 79d3758017eb11ff478e0c258405aeb66eeef77b6041689708667948c85c1ff27688491eb8fd7efba3e5d392e299c055b3ae54fd212a0f5caaca3d91c425829e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000054

MD5 c758a89dcfa620f9bc138930fe891ca9
SHA1 f68be6d49724806db8f0fe1305e6d573d21b47ef
SHA256 c7807a5a766842371b12966dda2640923bfce3e17b06e553c4057dd5ac7364b4
SHA512 1d0f2b06adaeedc53d8519a88d354af6f3918119ce03edc9133eb037a03beaac2f3970dae333b64abe46936a89bc66bec0ec3fe764029982f43698fdca311490

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00005c

MD5 f69ec88aaf8e4e6c8757a523eca2a6bd
SHA1 23c42b75e088886466fca7dc0295d0e3ff20568c
SHA256 a8ac8c6c9cae5af31953ff6be9933f5317856ed2305a921928ce21f87958f43e
SHA512 2b08955a87cd41a5cb97673eb086bad6049d388131813494f551d97ee95d5899a4dc4f9f3820f9a56c759cccf442ceda2c14eb10be440015aebb59cde48d5aa2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 6318e9a088acdf943e726fbded5f0650
SHA1 214ea66fd42672e7d9b2f20c34ce4bdaabdf5585
SHA256 43be0f72d707bbb7f509ea0d1e393957afd5e506a9d0525b53691459c5276e6a
SHA512 6003be4e9764d4173cd895f8df0a4bdec7f2c09602b5fd6d289225bc9e94e9888beb375d6bbf69a9ee7323a069bfe01c8fa14fd4672f388804b7c4e36aaede51

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00005b

MD5 b5b483d38f560264bde7c9bad48e6463
SHA1 29d83f6105125b84ec9fbefcfc3fee2bea63ad7c
SHA256 35d47d81c0c908c38beec80690b9a405dd4803c2c50b686a243a70faac4ebef5
SHA512 cbabdaaadc46a472d5bfe83da7d0c2c7a9a77d4bf3fa57e91314434b59a84d587a26fb44d1d2d57944bd39619c099af7ebd77d42e0899d282780d3d951b13f63

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 940896053f285ee47cb639b609c5478f
SHA1 df14df52246aaf2999b041cb9d167d40708a7225
SHA256 2e064f267642b825adddc928b15334d21ef011d7c4909f7590cbd3335450b7f1
SHA512 47b546f7b0022c40aff73837a1c6e1a4fd50980a8a3d2c8e30b8b2b6fb12b63040e52379ed7d9a9149e53fbb0280730ec06f40263dc41a09b0f88da7a639a3ec

C:\Program Files (x86)\COMODO\Internet Security Essentials\Translations\vkise.arabic.xml

MD5 facd46953c26cd626fa3f6cb29d60742
SHA1 a3672c62e1135d32315d35f5590802ee9258fe64
SHA256 41f937e4ebbe896af36bef092ae4ca73ef00ea11000aeff7929ce97124bbc315
SHA512 dde68640cd8623aaed04f4b62219f350dea271cf09bf3ebfa7ad10531a05fd2a9d0f14a3a4766916456f9db50c5c8e72ae42093bbff4c5f3683278a3624724f8

C:\Program Files (x86)\COMODO\Internet Security Essentials\Translations\vkise.bulgarian.xml

MD5 0894672edc430d9d8834bcd33c5ab8e7
SHA1 6e6b93db3d2f7cd248dcb9ca27b19b762339de02
SHA256 7d9fd95b3fda7a9b69becb293426568df783e2fc6ac8b8d84467980b11ac4763
SHA512 c8211c18ae431c61e49ab8621175eab75270ed0c8af9cbcbd611ab8c89363bc8cded0ee07744f921b5deb661593c0b42e77379b7d0caf7f75a7dd54c76473fb2

C:\Program Files (x86)\COMODO\Internet Security Essentials\Translations\vkise.chinese.xml

MD5 0e4c8c2570a02b28dd75298c02d3c580
SHA1 92f340d353318f3723ff3cdeff6821e3b9464fea
SHA256 44bee669b086b0c933584c0b09f849e9250fd819bb5d63f467962fda37bfd65b
SHA512 7684166ea42a63798b3f8e24a1a14a9c0364c60e49a004991b95963da38cb0032ea73473be22ff98c8f4410bf5523a455dca022b443a54274c4b48a90fbb7487

C:\Program Files (x86)\COMODO\Internet Security Essentials\Translations\vkise.dutch.xml

MD5 0ead33065c4f043ef3d1d37823ab8838
SHA1 0d937760c7662543a3a80f9f6f9d293845fc7ff9
SHA256 109345931feff40c783e54e5d59c3615274e42c6b3cadfa0197bfae3ea3471bf
SHA512 d07af8b3c2e848a5c83c14553185aff224fc4bbe3155afa0db2e143be770a9d04282eb31ca7a8a5f91929edee518db4f26aaf763ba8b1cbb0c39f031b448a6aa

C:\Program Files (x86)\COMODO\Internet Security Essentials\Translations\vkise.english.xml

MD5 b1cac70cb032f9a02e1c67ee071c2661
SHA1 49ca56ae953e12854a8d06a3020fca3c6bec2abf
SHA256 0e37da1951fdf219548bc23db3b7e6b4df5c032b062084e3245df90a261aea73
SHA512 756dabf14719cb3b385bafd4a65f29122c51415542e72ead072e342190cefe0c8a6a4f0a86ab8e81263ddd78ae1962502cd4c05e3c06befdf11c83194a20e560

C:\Program Files (x86)\COMODO\Internet Security Essentials\Translations\vkise.french.xml

MD5 a2c74563ff6181a6c1092ee2f2fe1d21
SHA1 36935fefdf6a2c6c991890ee5be3b7f680b5a393
SHA256 84171087e7055e3f1a801a6a81cc6e7671e13522a6f9d7d6463251081ce0fdd2
SHA512 b1f89f2bb15f71b10992895168e059c2d8c4ba48903ff081d06e2490a8ac98a13d82c4b921f2b39d56b10cb640887df3f089f16ad1fa0a775e4956a221fa7758

C:\Program Files (x86)\COMODO\Internet Security Essentials\Translations\vkise.german.xml

MD5 e22f930a1fd304fd51bf9b6713bfd76c
SHA1 04424433fd046e3594aee159ee4d777c4de3ed06
SHA256 5b125c0f1c6e1980e6befb5713f337715b72ccecf366edf6e9b7ba0d10b9b04f
SHA512 b2fbda95c542de99dde2f9d03fe793ecf677ab76fd13ff9677cbb509c6086c817c05d5465069f24279ef8dd74ecdd2f439b6b2dde766b609b61f3cff316c192b

C:\Program Files (x86)\COMODO\Internet Security Essentials\Translations\vkise.hungarian.xml

MD5 791994c34e987f6ed90de9233b899d19
SHA1 aeb724f10ec1d157317512db5e05e23d8be63950
SHA256 a93fe19d0fa9931efec4716c56be6d0958fdb5593c0fab7a4aba59ba0e01ab7d
SHA512 5f2397dc62bd1550e76af8f8bf451036f0f337525b0926b5eb0fcd3f1fa3f9ca660daac556223d1655fdcb7a053a1b2b3840ab872b152c74b48bc820b37c9885

C:\Program Files (x86)\COMODO\Internet Security Essentials\Translations\vkise.japanese.xml

MD5 398911eee0c4e38497fcd62a582ec392
SHA1 5c89bcb4cdca6e169c07a78c3407a4c5f99d8721
SHA256 4e25fb1f9e854eea3e0b4924eb9fb7b211f1ed0f99abfb73dc1147370a70904e
SHA512 d0eec39769f95a4478e584234d7718041c3b74be79f8cdd1c0e74dad6e933e975986c35e4467b1e06359c2ccb761af23b4982363a65f82e9acff75a58c0d46d3

C:\Program Files (x86)\COMODO\Internet Security Essentials\Translations\vkise.romanian.xml

MD5 e55e481ea2bd5e34fcee496aa45ee004
SHA1 8a0dbadb2bd032cd4ba322e85ca7dae45ed86973
SHA256 9cb79a35e93453fb8aa852def622ad132873705a0e52b5d9347e5e6ac6edb26a
SHA512 d7e89295214b4368423ec1fab23528122b27f1a6cb31298464eeb934cfbbcf64bcf1d9abceaa05378c335065326e694c532b586070ead8af43a4d5cdebbe191d

C:\Program Files (x86)\COMODO\Internet Security Essentials\Translations\vkise.russian.xml

MD5 0a057a5ab279eab124c060aac78cae28
SHA1 8a691c058c097a0f507be8148b3364f941bdad91
SHA256 65ef2010d9a453b2a698d52bb7d078ae3ddb469d5006d3199f23b75f2b5e8a7b
SHA512 7157a2c10462b272336bad8ecf23770e04beffebe7842e105050c59771f13232c7a26d4ad879fbfa0a68fd1ccf0f2167ca0c786e8d9eefe4133119f951bae262

C:\Program Files (x86)\COMODO\Internet Security Essentials\Translations\vkise.spanish.xml

MD5 addf389664acba7b252dde919e3da80b
SHA1 5d5ae70a083df903f5daf19bf6d384553a9b58b7
SHA256 010d0dc67d53002477b53597a2bd03ee136d1f41bd5b1fd84b78f0388f195c63
SHA512 8f49c50fe3e42550b7960ab315a5abf760ccb7115fa4836ee88b389da80da2186c53272ea1e9f1a7e5a51b73527ddf83f35d0ada9e7754852c7175025dd8c981

C:\Program Files (x86)\COMODO\Internet Security Essentials\Translations\vkise.turkish.xml

MD5 0324e960a6433ef5fca1e6326a5d1cc2
SHA1 21dc7b7bc2f7396ae613ae6cb2676ad8c7c4a3d1
SHA256 6f9e9523a414425c39f0d4b87c632803e6feb7f0e6b3784fba0c8a5823bf8b7f
SHA512 bfa224c194bc320aade189e1594449dddaab8f2477271b758f6d3cf6a8eb28c85fa463ee7ff98a08edc1606f224782237363ba74ee91ecdc92fc6631b92395f9

C:\Program Files (x86)\COMODO\Internet Security Essentials\Translations\vkise.ukrainian.xml

MD5 8e6b03ec680ae4ae559b5dac0003d694
SHA1 db4195a601cac1ad09ab82ae84e3023bbf5b2fce
SHA256 d5e0962626bbaaef67b1349476e5a4575d71a61aad3c687eb8b7b1dcaa453cbd
SHA512 c4775a09c5680d18821819d471404daa0f0df1093b1ad26d6652e882f762695fbbedb26526828364256283fb46ce2b8a8d48f2416c6dc248b04ed3e4ee604e59

C:\Program Files (x86)\COMODO\Internet Security Essentials\Translations\vkise.vietnamese.xml

MD5 6170ce0de810d31d22546bca729681cf
SHA1 eec4c4224ff5965f09858beefc5b3994ed2b8310
SHA256 59892e59d6fdf97b01ce7c67c5071754c495af822005b5cb6c2256434c558d3f
SHA512 f069a0ca94a4aec4bb8edaf2e12e3523130afc240eb3db67b29cce1285a4673d8c727dd30f52f3cef135d17df66f50d7ceedc209e1867c9261beb7779b59715a

C:\ProgramData\Comodo\ISE\authroot.stl

MD5 ce1f7f1ec218784c28fb288752e06cb6
SHA1 6379efd953b3e080d66fdcd3b85a9702c7b166b8
SHA256 dccfc0f8e3af2bcb462da2d9273e024ac49cb71d348b9ac797827b24e7b143c6
SHA512 82b72ebe4d35f22f7d9506e6c98d55a2728d41372244dd269aff6f2611ae2cc55c678d5852beff28328423d1754173bc032770ecccadc140cba546e44ce48146

C:\Windows\Installer\MSI6D.tmp

MD5 1fc9d970f49eac6620265011ff82ee12
SHA1 69a986c594954723fff43efe4769c4acc883d05f
SHA256 5e3554a0264bb3a29c566f6eec571951b2d7aaf1fa64a96faf7074dde4ae06e9
SHA512 a7027431efcdf86db97d7c3486baac7105b0f8a9bfc790ec459b19c28746854521040ac9727aa5e8bb7369243b969d882225f1dc0c3a8fa58b6f483b28e619df

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 df4e73df2b32c045bb4d1c2fb5a4a4ad
SHA1 2efd8aa5a5076d5af0a480a430679342347f1d9f
SHA256 5068d7924f311e2cea9e73e796f492b5e21afb631b1a5f1255bcffe7712d18ab
SHA512 ae418134ba14ccd46845737ce88f7a1fb4de2cf19ddb4af3c7746141838cb529a0ee1bab421c66c3e9b486941aac572906bc1c2af1ab39c1e5fc588213f02ba9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 86034c7d3330953c6ab7cad9e53147c8
SHA1 99b8b167bc61507dba21f454a74570f7e0663dbe
SHA256 19f50714be77eb7ff16c70e0f63fd34115fb404710ed56faa8daaebb95473bc2
SHA512 09599249c5e3aad1c1eddee6f6c893128f1d5d3ea8ebe5a0553b3a121e2cfbf2330881b0978d670a2add764a3103418bf9e9daa2da12ddb5c25698ca561be5b8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 a45b66afc0d2416e0f990c70b7827ced
SHA1 63779e68093e584cc1d30bcc10fbe0153fadc5e9
SHA256 c391d9d11ffa49d55b2973ab1e421c2c42a10beab0694daacf56b27987605deb
SHA512 46badc47cd14f109226ac12d638819291afc661a64fc7f27e68ae86d364c72724adc68706d94e34804e80ca186120c2864dcce620644b331c07afee3c729a8fb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\b62f9bda-b2d0-4a25-ac44-f449dfdb05b5\index-dir\the-real-index

MD5 9f4b8ac1964b8b6632c0ab8192a421a3
SHA1 2508903ee31b510c35de97a8cd1613a0a81a8db1
SHA256 ce13ffb10d7d86dfb7a0d9dd687c5a4bf61a8a904ce3734b01901bfa7f0dfb7e
SHA512 a4c1072504e15a47cfc7bdf2b3f2ff248c96cc2dc3c117995d7f5841e38188c1833d1db774628c5313ee4bd98bf2fdbd25b8b412e6935f6a66dc35cd8eea797b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\b62f9bda-b2d0-4a25-ac44-f449dfdb05b5\index-dir\the-real-index~RFe5e2122.TMP

MD5 8cc58d64b775f5b62d9ce75d141de220
SHA1 8340641be73c1e4bdc1281347750cad12b907aa2
SHA256 ea331c3cf024b0b9b2b78411045dcfa648072e80f4ff852e784bdc6179481014
SHA512 773d684bf97749b35ed0418a0b27aaf158b33eb531ada0095f434432f1f57cf252e4a383b24eeaae4c645ab0b7e563545f5ad5f00577e580528c9309efa5b600

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\5beb8b7b-631d-4e03-8569-1d8df4ef5c3c\index-dir\the-real-index

MD5 ce2c83d373da46ceed2eddb9100aaca2
SHA1 5a737b3c19e3aef2fe60922a5538f6442b419a49
SHA256 d45bcad8a06e601422a3efdb055fc6e3dd17daf8f376c6492413d6a30dca468c
SHA512 7f3bd5fb198c5d9ff99792222ec9567bb09482bcdd92e27bf7ba4b635eff0209e06ed3de253fac7e01c95b33b086468b8596cfcf2b5212deef002eba3bb7d7c3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\5beb8b7b-631d-4e03-8569-1d8df4ef5c3c\index-dir\the-real-index~RFe5e67ff.TMP

MD5 0257268c8e7dd361fa9bc23477235171
SHA1 d4195727411d95e0fb6befa3226cefefa873a1a9
SHA256 23a88606087aca64682edefb552b9ed531af5d1981d3f5359acd28f92e5b9cbc
SHA512 001153ac2ce997d008a9931c29db46466c889bb7dbf8809c23cb1be0bfbbdde635edb4850240bca6fb8635079779659cbe06adf24de0087701e870835cc50209

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 c73671682e7aa8bf07f71608ce3d471f
SHA1 030f66502dff7ac03d9bca30bd48c7d01736fdd9
SHA256 61b61220cd950b31ad37e3a4707d747dfb05a3bcb438538adc0e48c9b001f069
SHA512 aeedc47b5909abf8f2168f2fbbfbf8d5e22725f4e1192bb80dc46ac0a96f35e7d4888001865a3faaeedb0375ed6810332b17bb6bc6260c12a280369b5240fed5

C:\Users\Admin\AppData\Local\Temp\COMODO Internet Security dbgout.log

MD5 57284fc5f77b5b41e984bc26a4ff571e
SHA1 869f780bd9300880a612f243c2fe3fdf79a6b9ef
SHA256 7affba6f7539d0b0ebfc2fcea4f9ceaed79f7456fda9314c021fd12508a55853
SHA512 5a9d0e69332039a1f7205c6158e91fccf4ed61de6114dc2522dabdb28530ed8a5f44c2b2dd50b992656dbde196f63208f02d2718dc0dff6d779f29cec27b44a7

C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe

MD5 64e54f0e5d49ac782f1eb173a188e9e3
SHA1 19d692f28554c834cee060b90d5b389f2bda1b9e
SHA256 c2f34e60d79130f1d7a795ede2cc636fe671ef0e0bc75ca0ef89148570ed8d12
SHA512 656d2c9644bf9d3ae96485dcd948beffc5aa333f03b370afb501ce82347255da5c94769af5f141813163f859a09cacdd10fb5e48f7b41ab0c161854b9243863e

C:\Windows\System32\drivers\SET76B4.tmp

MD5 d3d25a9b82ce6ba3078ee519394579e3
SHA1 756e832100613d083de579204c6cbe77be508e0d
SHA256 67aa0540e2893d7cdbd04d4ed264e8c7b517530b2c9d12370f65c2473965bf70
SHA512 8a1a6c48a8db3614b0cb47fc04f0d964f2097123ac0eca01270823e408ef670334f16a401324dea5e7fd8c40e8204de81c92f318f74dd56f5ce8edcf1ed0bd17

C:\Windows\System32\drivers\SET76D5.tmp

MD5 188a4a7112d216741adeacab8495e400
SHA1 467b7539aa977db3f4a0a460f8788f55b3699cd1
SHA256 fd92e07aefa0739cacbac2c2e99fb74413279c4930b9d4f274d580ba52020903
SHA512 b776181d6a040f7ee3468e155e0de2417113a2565d7629dad5a37e4a2f744fa1d1ee52e06523f07474e500defb9ed508fb69cb2792986d31704214b75e138a6a

C:\Windows\System32\drivers\SET7BE7.tmp

MD5 6cee7521136e5b1eab4f723c44b8a850
SHA1 87fd9dab6304d19d6c9fefa44ebe5085c60a52a0
SHA256 0edd7f07bd14770a40b6895649f0715d234db0137f6456fa7b639e26f768ba38
SHA512 18e23156cc5a1b05e9a4a304442555786569ba99034f33c8b514e47e67609e7504e625680bef9926f8f5aeed3b8a60cb756c857295620f6dd5bc16c93bce862d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 0012f9a5e41c0f5c602ea33a1735177e
SHA1 a50d91ecd5c8306fcebbd74b75ee8898d40f7058
SHA256 fa1d2c95f49c37452274995bfdc8092a9986595d0c174b36aa3cb778640b8cf4
SHA512 c0ddea4099c8122f6e30a474dd6e0eb173d0ae2a3d14810de91e2fc2180a188776f111813c357ceafb347c5ece6b46b33127019b5ed88927e7ddd4d5a018bde1

C:\Windows\System32\DriverStore\Temp\{18faaa3f-36b8-974a-9466-e61c96e55459}\inspect.inf

MD5 df44c02cbfa857c9bf77a35594391d04
SHA1 e018b8c2b3213d4e7ac05d90d0b958e88a8e5953
SHA256 5357482e9f2f5dad518e4fc80b2a36c2de2e356cf3bed5ea453afa5a0e748da7
SHA512 486a33465bedfd84d66c91ef2fa86810aeaba9e592b6cd759c28a0365d92ca2194494d198f954487744073bb069f03bf9bffbf31ad4c0f1dbded87070859f440

C:\Windows\System32\DriverStore\Temp\{18faaa3f-36b8-974a-9466-e61c96e55459}\inspect.cat

MD5 7c977268ee60fd92ef58849e19431483
SHA1 f371323947552968ae0f4439c819d071520c3794
SHA256 ea0aa16e6d3ed58fa312fd6b25e252806afa095e6dc121b9ba0e1dc1b089fffc
SHA512 f29b97906999133da7eb59b6f92bde043d889bd624a8c692fced43a329a70a3b2725b6cc52d638c64a6896842b7c31efc3b4bbe55d23be7b15358377949d89bd

C:\Windows\System32\DriverStore\Temp\{18faaa3f-36b8-974a-9466-e61c96e55459}\inspect.sys

MD5 4e2fa027252a2b9fcf213152d098b352
SHA1 a3f07b79417454c0ab0f34ace7d2d309ab941178
SHA256 803b69cc009d92c4b7685f718a5cf55cb80a8cc9f648376e9d8d2eef05490274
SHA512 3b302f4580e5ff330dc210bf80c52e5e69c93aa1114664d10ee9f64a5d775749587fbb267ceb6b443f02439ef0df8635dd8c3d0eba7b44ba641db9a10a809e3a