Analysis Overview
SHA256
4e3da75745b7e4887965862b11ba68bc7aadf3ea000636554dfc8f0b8e3261ae
Threat Level: Likely malicious
The file cav_installer.exe was found to be: Likely malicious.
Malicious Activity Summary
Manipulates Digital Signatures
Drops file in Drivers directory
Sets service image path in registry
Reads user/profile data of web browsers
Enumerates connected drives
Checks for any installed AV software in registry
Downloads MZ/PE file
Adds Run key to start application
Checks computer location settings
Drops file in System32 directory
Drops file in Program Files directory
Modifies system executable filetype association
Executes dropped EXE
Loads dropped DLL
Drops file in Windows directory
Checks installed software on the system
Registers COM server for autorun
Enumerates physical storage devices
Suspicious use of SetWindowsHookEx
Suspicious behavior: EnumeratesProcesses
Checks processor information in registry
Modifies registry class
Modifies system certificate store
Modifies data under HKEY_USERS
Uses Volume Shadow Copy service COM API
Suspicious use of FindShellTrayWindow
Suspicious behavior: LoadsDriver
Uses Task Scheduler COM API
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-01 07:08
Signatures
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-01 07:08
Reported
2024-06-01 07:11
Platform
win10-20240404-en
Max time kernel
134s
Max time network
135s
Command Line
Signatures
Reads user/profile data of web browsers
Checks for any installed AV software in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\Data | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\Testing purposes | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\COMODO\CIS\Data | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\Cam | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\Options | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\COMODO\CIS\Options | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\COMODO\CIS\Data | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\Options | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\COMODO\CIS\Data\CmcWindowsVersion = "{\"release_id\":1703,\"build\":15063,\"ubr\":0,\"major\":0}" | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\COMODO\CIS | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\Installer | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\Installer | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\Options\UsageStatHost = "cmc.comodo.com" | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\COMODO\CIS\DbgTrace\cmdinstall | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\Installer | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\Installer\Instance | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\Installer\Instance\{48222F79-874D-414E-9563-03C664764923} = "2508" | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\Options | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\COMODO\CIS\Options\Proxy | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\VolatileData | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\COMODO\CIS\Data | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\Options\UsageStatHost | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\Options\InstallerName = "cavinstallerx64" | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe | N/A |
Downloads MZ/PE file
Enumerates connected drives
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe | N/A |
Enumerates physical storage devices
Modifies system certificate store
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AFE5D244A8D1194230FF479FE2F897BBCD7A8CB4 | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\02FAF3E291435468607857694DF5E45B68851868\Blob = 0400000001000000100000001d3554048578b03f42424dbf20730a3f0f000000010000001400000009b9105c5bba24343ca7f341c624e183f6ee7c1b090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00b00000001000000260000005300650063007400690067006f00200028004100640064005400720075007300740029000000620000000100000020000000687fa451382278fff0c8b11f8d43d576671c6eb2bceab413fb83d965d06d2ff2140000000100000014000000adbd987a34b426f7fac42654ef03bde024cb541a1d000000010000001000000006f9583c00a763c23fb9e065a3366d557e0000000100000008000000000063f58926d70168000000010000000800000000409120d035d90103000000010000001400000002faf3e291435468607857694df5e45b6885186819000000010000001000000045ed9bbc5e43d3b9ecd63c060db78e5c20000000010000003a040000308204363082031ea003020102020101300d06092a864886f70d0101050500306f310b300906035504061302534531143012060355040a130b416464547275737420414231263024060355040b131d41646454727573742045787465726e616c20545450204e6574776f726b312230200603550403131941646454727573742045787465726e616c20434120526f6f74301e170d3030303533303130343833385a170d3230303533303130343833385a306f310b300906035504061302534531143012060355040a130b416464547275737420414231263024060355040b131d41646454727573742045787465726e616c20545450204e6574776f726b312230200603550403131941646454727573742045787465726e616c20434120526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100b7f71a33e6f200042d39e04e5bed1fbc6c0fcdb5fa23b6cede9b113397a4294c7d939fbd4abc93ed031ae38fcfe56d505ad69729945a80b0497adb2e95fdb8cabf37382d1e3e9141ad7056c7f04f3fe8329e74cac89054e9c65f0f789d9a403c0eac61aa5e148f9e87a16a50dcd79a4eaf05b3a671949c71b350600ac7139d38078602a8e9a869261890ab4cb04f23ab3a4f84d8dfce9fe1696fbbd742d76b44e4c7adee6d415f725a710837b37965a459a09437f7002f0dc29272dad03872db14a845c45d2a7db7b4d6c4eeaccd1344b7c92bdd430025fa61b9696a582311b7a7338f567559f5cd29d746b70a2b65b6d3426f15b2b87bfbefe95d53d5345a270203010001a381dc3081d9301d0603551d0e04160414adbd987a34b426f7fac42654ef03bde024cb541a300b0603551d0f040403020106300f0603551d130101ff040530030101ff3081990603551d2304819130818e8014adbd987a34b426f7fac42654ef03bde024cb541aa173a471306f310b300906035504061302534531143012060355040a130b416464547275737420414231263024060355040b131d41646454727573742045787465726e616c20545450204e6574776f726b312230200603550403131941646454727573742045787465726e616c20434120526f6f74820101300d06092a864886f70d01010505000382010100b09be08525c2d623e20f9606929d41989cd9847981d91e5b14072336658fb0d877bbac416c47608351b0f9323de7fcf62613c78016a5bf5afc87cf787989219ae24c070a8635bcf2de51c4d296b7dc7e4eee70fd1c39eb0c0251142d8ebd16e0c1df4675e724adecf442b48593701067ba9d06354a18d32b7acc5142a17a63d1e6bba1c52bc236be130de6bd637e797ba7090d40ab6add8f8ac3f6f68c1a420551d445f59fa76221681520433c99e77cbd24d8a9911773883f561b313818b4710f9acdc80e9e8e2e1be18c9883cb1f31f1444cc604734976600fc7f8bd17806b2ee9cc4c0e5a9a790f200a2ed59e63261e559294d882175a7bd0bcc78f4e8604 | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E\Blob = 0f000000010000003000000066b764a96581128168cf208e374dda479d54e311f32457f4aee0dbd2a6c8d171d531289e1cd22bfdbbd4cfd979625483090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0620000000100000020000000e793c9b02fd8aa13e21c31228accb08119643b749c898964b1746d46c3d4cbd21400000001000000140000005379bf5aaa2b4acf5480e1d89bc09df2b20366cb1d0000000100000010000000885010358d29a38f059b028559c95f900b00000001000000100000005300650063007400690067006f0000000300000001000000140000002b8f1b57330dbba2d07a6c51f70ee90ddab9ad8e2000000001000000e2050000308205de308203c6a003020102021001fd6d30fca3ca51a81bbc640e35032d300d06092a864886f70d01010c0500308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f72697479301e170d3130303230313030303030305a170d3338303131383233353935395a308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010080126517360ec3db08b3d0ac570d76edcd27d34cad508361e2aa204d092d6409dcce899fcc3da9ecf6cfc1dcf1d3b1d67b3728112b47da39c6bc3a19b45fa6bd7d9da36342b676f2a93b2b91f8e26fd0ec162090093ee2e874c918b491d46264db7fa306f188186a90223cbcfe13f087147bf6e41f8ed4e451c61167460851cb8614543fbc33fe7e6c9cff169d18bd518e35a6a766c87267db2166b1d49b7803c0503ae8ccf0dcbc9e4cfeaf0596351f575ab7ffcef93db72cb6f654ddc8e7123a4dae4c8ab75c9ab4b7203dca7f2234ae7e3b68660144e7014e46539b3360f794be5337907343f332c353efdbaafe744e69c76b8c6093dec4c70cdfe132aecc933b517895678bee3d56fe0cd0690f1b0ff325266b336df76e47fa7343e57e0ea566b1297c3284635589c40dc19354301913acd37d37a7eb5d3a6c355cdb41d712daa9490bdfd8808a0993628eb566cf2588cd84b8b13fa4390fd9029eeb124c957cf36b05a95e1683ccb867e2e8139dcc5b82d34cb3ed5bffdee573ac233b2d00bf3555740949d849581a7f9236e651920ef3267d1c4d17bcc9ec4326d0bf415f40a94444f499e757879e501f5754a83efd74632fb1506509e658422e431a4cb4f0254759fa041e93d426464a5081b2debe78b7fc6715e1c957841e0f63d6e962bad65f552eea5cc62808042539b80e2ba9f24c971c073f0d52f5edef2f820f0203010001a3423040301d0603551d0e041604145379bf5aaa2b4acf5480e1d89bc09df2b20366cb300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff300d06092a864886f70d01010c050003820201005cd47c0dcff7017d4199650c73c5529fcbf8cf99067f1bda43159f9e0255579614f1523c27879428ed1f3a0137a276fc5350c0849bc66b4eba8c214fa28e556291f36915d8bc88e3c4aa0bfdefa8e94b552a06206d55782919ee5f305c4b241155ff249a6e5e2a2bee0b4d9f7ff70138941495430709fb60a9ee1cab128ca09a5ea7986a596d8b3f08fbc8d145af18156490120f73282ec5e2244efc58ecf0f445fe22b3eb2f8ed2d9456105c1976fa876728f8b8c36afbf0d05ce718de6a66f1f6ca67162c5d8d083720cf16711890c9c134c7234dfbcd571dfaa71dde1b96c8c3c125d65dabd5712b6436bffe5de4d661151cf99aeec17b6e871918cde49fedd3571a21527941ccf61e326bb6fa36725215de6dd1d0b2e681b3b82afec836785d4985174b1b9998089ff7f78195c794a602e9240ae4c372a2cc9c762c80e5df7365bcae0252501b4dd1a079c77003fd0dcd5ec3dd4fabb3fcc85d66f7fa92ddfb902f7f5979ab535dac367b0874aa9289e238eff5c276be1b04ff307ee002ed45987cb524195eaf447d7ee6441557c8d590295dd629dc2b9ee5a287484a59bb790c70c07dff589367432d628c1b0b00be09c4cc31cd6fce369b54746812fa282abd3634470c48dff2d33baad8f7bb57088ae3e19cf4028d8fcc890bb5d9922f552e658c51f883143ee881dd7c68e3c436a1da718de7d3d16f162f9ca90a8fd | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AFE5D244A8D1194230FF479FE2F897BBCD7A8CB4\Blob = 0f0000000100000030000000761613f4cd8607508c3d520fbefe68773735fc73746f42a9fd6254ba3b72f0047994e5af57677cf6d2c1965984965df1090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00b000000010000003a0000005300650063007400690067006f002000280066006f0072006d00650072006c007900200043006f006d006f0064006f002000430041002900000062000000010000002000000052f0e1c4e58ec629291b60317f074671b85d7ea80d5b07273463534b32b40234140000000100000014000000bbaf7e023dfaa6f13c848eadee3898ecd93232d41d0000000100000010000000cb39c3d4272cdf63774e1db810c5a89e030000000100000014000000afe5d244a8d1194230ff479fe2f897bbcd7a8cb42000000001000000dc050000308205d8308203c0a00302010202104caaf9cadb636fe01ff74ed85b03869d300d06092a864886f70d01010c0500308185310b3009060355040613024742311b30190603550408131247726561746572204d616e636865737465723110300e0603550407130753616c666f7264311a3018060355040a1311434f4d4f444f204341204c696d69746564312b302906035504031322434f4d4f444f205253412043657274696669636174696f6e20417574686f72697479301e170d3130303131393030303030305a170d3338303131383233353935395a308185310b3009060355040613024742311b30190603550408131247726561746572204d616e636865737465723110300e0603550407130753616c666f7264311a3018060355040a1311434f4d4f444f204341204c696d69746564312b302906035504031322434f4d4f444f205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010091e85492d20a56b1ac0d24ddc5cf446774992b37a37d23700071bc53dfc4fa2a128f4b7f1056bd9f7072b7617fc94b0f17a73de3b00461eeff1197c7f4863e0afa3e5cf993e6347ad9146be79cb385a0827a76af7190d7ecfd0dfa9c6cfadfb082f4147ef9bec4a62f4f7f997fb5fc674372bd0c00d689eb6b2cd3ed8f981c14ab7ee5e36efcd8a8e49224da436b62b855fdeac1bc6cb68bf30e8d9ae49b6c6999f878483045d5ade10d3c4560fc32965127bc67c3ca2eb66bea46c7c720a0b11f65de4808baa44ea9f283463784ebe8cc814843674e722a9b5cbd4c1b288a5c227bb4ab98d9eee05183c309464e6d3e99fa9517da7c3357413c8d51ed0bb65caf2c631adf57c83fbce95dc49baf4599e2a35a24b4baa9563dcf6faaff4958bef0a8fff4b8ade937fbbab8f40b3af9e843421e89d884cb13f1d9bbe18960b88c2856ac141d9c0ae771ebcf0edd3da996a148bd3cf7afb50d224cc01181ec563bf6d3a2e25bb7b204225295809369e88e4c65f191032d707402ea8b671529695202bbd7df506a5546bfa0a328617f70d0c3a2aa2c21aa47ce289c064576bf821827b4d5aeb4cb50e66bf44c867130e9a6df1686e0d8ff40ddfbd042887fa3333a2e5c1e41118163ce18716b2beca68ab7315c3a6a47e0c37959d6201aaff26a98aa72bc574ad24b9dbb10fcb04c41e5ed1d3d5e289d9cccbfb351daa747e584530203010001a3423040301d0603551d0e04160414bbaf7e023dfaa6f13c848eadee3898ecd93232d4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff300d06092a864886f70d01010c050003820201000af1d54684b7ae51bb6cb24d411400934c9ccbe5c054cfa0258e02f9fdb0a20df520983c132dac56a2b0d67e1192e92eba9e2e9a72b1bd19446c6135a29ab41612695a8ce1d73ea41ae82f03f4ae611d101b2aa48b7ac5fe05a6e1c0d6c8fe9eae8f2bba3d99f8d8730958466ea69cf4d727d395da3783721cd373e0a2479903385dd5497900291cc7ec9b201c0724695778b239fc3a84a0b59c7c8dbf2e936227b739da1718aebd3c0968ff849b3cd5d60b03e3579e14f7d1eb4fc8bd8723b7b6494379855cbaeb920ba1c6e868a84c16b11a990ae8532c92bba10918750c65a87bcb23b71ac22885c31bffd02b62efa47b099198678c1401cd68066a6321750380888a6e81c685f2a9a42de7f4a524104783cacdf48d7958b1069be71a2ad99d01d7947ded034acaf0dbe8a9013ef55699c91e8e493dbbe509b9e04f49923d168240cccc59c6e63aed122e693c6c95b1fdaa1d7b7f86be1e0e3246fbfb138f757f4c8b4b4663fe00344070c1c3b9a1dda670e204b341bce98091ea649c7ae12203a99c6e6f0e654f6c87875ef36ea0f975a59b40e853b2279d4ab9c077218dff87f2debc8cef17dfb7490bd1f26e300b1a0e4e76ed11fcf5e956b27dbfc76d0a938ca5d0c0b61dbe3a4e94a2d76e6c0bc28a7cfa20f3c4e4e5cd0da8cb9192b17c85ecb51469660e82e7cdcec82da6517f21c1355385064a5d9fadbb1b5f74 | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AFE5D244A8D1194230FF479FE2F897BBCD7A8CB4\Blob = 19000000010000001000000082218ffb91733e64136be5719f57c3a1030000000100000014000000afe5d244a8d1194230ff479fe2f897bbcd7a8cb41d0000000100000010000000cb39c3d4272cdf63774e1db810c5a89e140000000100000014000000bbaf7e023dfaa6f13c848eadee3898ecd93232d462000000010000002000000052f0e1c4e58ec629291b60317f074671b85d7ea80d5b07273463534b32b402340b000000010000003a0000005300650063007400690067006f002000280066006f0072006d00650072006c007900200043006f006d006f0064006f002000430041002900000053000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f0000000100000030000000761613f4cd8607508c3d520fbefe68773735fc73746f42a9fd6254ba3b72f0047994e5af57677cf6d2c1965984965df12000000001000000dc050000308205d8308203c0a00302010202104caaf9cadb636fe01ff74ed85b03869d300d06092a864886f70d01010c0500308185310b3009060355040613024742311b30190603550408131247726561746572204d616e636865737465723110300e0603550407130753616c666f7264311a3018060355040a1311434f4d4f444f204341204c696d69746564312b302906035504031322434f4d4f444f205253412043657274696669636174696f6e20417574686f72697479301e170d3130303131393030303030305a170d3338303131383233353935395a308185310b3009060355040613024742311b30190603550408131247726561746572204d616e636865737465723110300e0603550407130753616c666f7264311a3018060355040a1311434f4d4f444f204341204c696d69746564312b302906035504031322434f4d4f444f205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010091e85492d20a56b1ac0d24ddc5cf446774992b37a37d23700071bc53dfc4fa2a128f4b7f1056bd9f7072b7617fc94b0f17a73de3b00461eeff1197c7f4863e0afa3e5cf993e6347ad9146be79cb385a0827a76af7190d7ecfd0dfa9c6cfadfb082f4147ef9bec4a62f4f7f997fb5fc674372bd0c00d689eb6b2cd3ed8f981c14ab7ee5e36efcd8a8e49224da436b62b855fdeac1bc6cb68bf30e8d9ae49b6c6999f878483045d5ade10d3c4560fc32965127bc67c3ca2eb66bea46c7c720a0b11f65de4808baa44ea9f283463784ebe8cc814843674e722a9b5cbd4c1b288a5c227bb4ab98d9eee05183c309464e6d3e99fa9517da7c3357413c8d51ed0bb65caf2c631adf57c83fbce95dc49baf4599e2a35a24b4baa9563dcf6faaff4958bef0a8fff4b8ade937fbbab8f40b3af9e843421e89d884cb13f1d9bbe18960b88c2856ac141d9c0ae771ebcf0edd3da996a148bd3cf7afb50d224cc01181ec563bf6d3a2e25bb7b204225295809369e88e4c65f191032d707402ea8b671529695202bbd7df506a5546bfa0a328617f70d0c3a2aa2c21aa47ce289c064576bf821827b4d5aeb4cb50e66bf44c867130e9a6df1686e0d8ff40ddfbd042887fa3333a2e5c1e41118163ce18716b2beca68ab7315c3a6a47e0c37959d6201aaff26a98aa72bc574ad24b9dbb10fcb04c41e5ed1d3d5e289d9cccbfb351daa747e584530203010001a3423040301d0603551d0e04160414bbaf7e023dfaa6f13c848eadee3898ecd93232d4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff300d06092a864886f70d01010c050003820201000af1d54684b7ae51bb6cb24d411400934c9ccbe5c054cfa0258e02f9fdb0a20df520983c132dac56a2b0d67e1192e92eba9e2e9a72b1bd19446c6135a29ab41612695a8ce1d73ea41ae82f03f4ae611d101b2aa48b7ac5fe05a6e1c0d6c8fe9eae8f2bba3d99f8d8730958466ea69cf4d727d395da3783721cd373e0a2479903385dd5497900291cc7ec9b201c0724695778b239fc3a84a0b59c7c8dbf2e936227b739da1718aebd3c0968ff849b3cd5d60b03e3579e14f7d1eb4fc8bd8723b7b6494379855cbaeb920ba1c6e868a84c16b11a990ae8532c92bba10918750c65a87bcb23b71ac22885c31bffd02b62efa47b099198678c1401cd68066a6321750380888a6e81c685f2a9a42de7f4a524104783cacdf48d7958b1069be71a2ad99d01d7947ded034acaf0dbe8a9013ef55699c91e8e493dbbe509b9e04f49923d168240cccc59c6e63aed122e693c6c95b1fdaa1d7b7f86be1e0e3246fbfb138f757f4c8b4b4663fe00344070c1c3b9a1dda670e204b341bce98091ea649c7ae12203a99c6e6f0e654f6c87875ef36ea0f975a59b40e853b2279d4ab9c077218dff87f2debc8cef17dfb7490bd1f26e300b1a0e4e76ed11fcf5e956b27dbfc76d0a938ca5d0c0b61dbe3a4e94a2d76e6c0bc28a7cfa20f3c4e4e5cd0da8cb9192b17c85ecb51469660e82e7cdcec82da6517f21c1355385064a5d9fadbb1b5f74 | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E\Blob = 0400000001000000100000001bfe69d191b71933a372a80fe155e5b50f000000010000003000000066b764a96581128168cf208e374dda479d54e311f32457f4aee0dbd2a6c8d171d531289e1cd22bfdbbd4cfd979625483090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0620000000100000020000000e793c9b02fd8aa13e21c31228accb08119643b749c898964b1746d46c3d4cbd21400000001000000140000005379bf5aaa2b4acf5480e1d89bc09df2b20366cb1d0000000100000010000000885010358d29a38f059b028559c95f900b00000001000000100000005300650063007400690067006f0000000300000001000000140000002b8f1b57330dbba2d07a6c51f70ee90ddab9ad8e190000000100000010000000ea6089055218053dd01e37e1d806eedf2000000001000000e2050000308205de308203c6a003020102021001fd6d30fca3ca51a81bbc640e35032d300d06092a864886f70d01010c0500308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f72697479301e170d3130303230313030303030305a170d3338303131383233353935395a308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010080126517360ec3db08b3d0ac570d76edcd27d34cad508361e2aa204d092d6409dcce899fcc3da9ecf6cfc1dcf1d3b1d67b3728112b47da39c6bc3a19b45fa6bd7d9da36342b676f2a93b2b91f8e26fd0ec162090093ee2e874c918b491d46264db7fa306f188186a90223cbcfe13f087147bf6e41f8ed4e451c61167460851cb8614543fbc33fe7e6c9cff169d18bd518e35a6a766c87267db2166b1d49b7803c0503ae8ccf0dcbc9e4cfeaf0596351f575ab7ffcef93db72cb6f654ddc8e7123a4dae4c8ab75c9ab4b7203dca7f2234ae7e3b68660144e7014e46539b3360f794be5337907343f332c353efdbaafe744e69c76b8c6093dec4c70cdfe132aecc933b517895678bee3d56fe0cd0690f1b0ff325266b336df76e47fa7343e57e0ea566b1297c3284635589c40dc19354301913acd37d37a7eb5d3a6c355cdb41d712daa9490bdfd8808a0993628eb566cf2588cd84b8b13fa4390fd9029eeb124c957cf36b05a95e1683ccb867e2e8139dcc5b82d34cb3ed5bffdee573ac233b2d00bf3555740949d849581a7f9236e651920ef3267d1c4d17bcc9ec4326d0bf415f40a94444f499e757879e501f5754a83efd74632fb1506509e658422e431a4cb4f0254759fa041e93d426464a5081b2debe78b7fc6715e1c957841e0f63d6e962bad65f552eea5cc62808042539b80e2ba9f24c971c073f0d52f5edef2f820f0203010001a3423040301d0603551d0e041604145379bf5aaa2b4acf5480e1d89bc09df2b20366cb300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff300d06092a864886f70d01010c050003820201005cd47c0dcff7017d4199650c73c5529fcbf8cf99067f1bda43159f9e0255579614f1523c27879428ed1f3a0137a276fc5350c0849bc66b4eba8c214fa28e556291f36915d8bc88e3c4aa0bfdefa8e94b552a06206d55782919ee5f305c4b241155ff249a6e5e2a2bee0b4d9f7ff70138941495430709fb60a9ee1cab128ca09a5ea7986a596d8b3f08fbc8d145af18156490120f73282ec5e2244efc58ecf0f445fe22b3eb2f8ed2d9456105c1976fa876728f8b8c36afbf0d05ce718de6a66f1f6ca67162c5d8d083720cf16711890c9c134c7234dfbcd571dfaa71dde1b96c8c3c125d65dabd5712b6436bffe5de4d661151cf99aeec17b6e871918cde49fedd3571a21527941ccf61e326bb6fa36725215de6dd1d0b2e681b3b82afec836785d4985174b1b9998089ff7f78195c794a602e9240ae4c372a2cc9c762c80e5df7365bcae0252501b4dd1a079c77003fd0dcd5ec3dd4fabb3fcc85d66f7fa92ddfb902f7f5979ab535dac367b0874aa9289e238eff5c276be1b04ff307ee002ed45987cb524195eaf447d7ee6441557c8d590295dd629dc2b9ee5a287484a59bb790c70c07dff589367432d628c1b0b00be09c4cc31cd6fce369b54746812fa282abd3634470c48dff2d33baad8f7bb57088ae3e19cf4028d8fcc890bb5d9922f552e658c51f883143ee881dd7c68e3c436a1da718de7d3d16f162f9ca90a8fd | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E\Blob = 5c000000010000000400000000100000190000000100000010000000ea6089055218053dd01e37e1d806eedf0300000001000000140000002b8f1b57330dbba2d07a6c51f70ee90ddab9ad8e0b00000001000000100000005300650063007400690067006f0000001d0000000100000010000000885010358d29a38f059b028559c95f901400000001000000140000005379bf5aaa2b4acf5480e1d89bc09df2b20366cb620000000100000020000000e793c9b02fd8aa13e21c31228accb08119643b749c898964b1746d46c3d4cbd253000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f000000010000003000000066b764a96581128168cf208e374dda479d54e311f32457f4aee0dbd2a6c8d171d531289e1cd22bfdbbd4cfd9796254830400000001000000100000001bfe69d191b71933a372a80fe155e5b52000000001000000e2050000308205de308203c6a003020102021001fd6d30fca3ca51a81bbc640e35032d300d06092a864886f70d01010c0500308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f72697479301e170d3130303230313030303030305a170d3338303131383233353935395a308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010080126517360ec3db08b3d0ac570d76edcd27d34cad508361e2aa204d092d6409dcce899fcc3da9ecf6cfc1dcf1d3b1d67b3728112b47da39c6bc3a19b45fa6bd7d9da36342b676f2a93b2b91f8e26fd0ec162090093ee2e874c918b491d46264db7fa306f188186a90223cbcfe13f087147bf6e41f8ed4e451c61167460851cb8614543fbc33fe7e6c9cff169d18bd518e35a6a766c87267db2166b1d49b7803c0503ae8ccf0dcbc9e4cfeaf0596351f575ab7ffcef93db72cb6f654ddc8e7123a4dae4c8ab75c9ab4b7203dca7f2234ae7e3b68660144e7014e46539b3360f794be5337907343f332c353efdbaafe744e69c76b8c6093dec4c70cdfe132aecc933b517895678bee3d56fe0cd0690f1b0ff325266b336df76e47fa7343e57e0ea566b1297c3284635589c40dc19354301913acd37d37a7eb5d3a6c355cdb41d712daa9490bdfd8808a0993628eb566cf2588cd84b8b13fa4390fd9029eeb124c957cf36b05a95e1683ccb867e2e8139dcc5b82d34cb3ed5bffdee573ac233b2d00bf3555740949d849581a7f9236e651920ef3267d1c4d17bcc9ec4326d0bf415f40a94444f499e757879e501f5754a83efd74632fb1506509e658422e431a4cb4f0254759fa041e93d426464a5081b2debe78b7fc6715e1c957841e0f63d6e962bad65f552eea5cc62808042539b80e2ba9f24c971c073f0d52f5edef2f820f0203010001a3423040301d0603551d0e041604145379bf5aaa2b4acf5480e1d89bc09df2b20366cb300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff300d06092a864886f70d01010c050003820201005cd47c0dcff7017d4199650c73c5529fcbf8cf99067f1bda43159f9e0255579614f1523c27879428ed1f3a0137a276fc5350c0849bc66b4eba8c214fa28e556291f36915d8bc88e3c4aa0bfdefa8e94b552a06206d55782919ee5f305c4b241155ff249a6e5e2a2bee0b4d9f7ff70138941495430709fb60a9ee1cab128ca09a5ea7986a596d8b3f08fbc8d145af18156490120f73282ec5e2244efc58ecf0f445fe22b3eb2f8ed2d9456105c1976fa876728f8b8c36afbf0d05ce718de6a66f1f6ca67162c5d8d083720cf16711890c9c134c7234dfbcd571dfaa71dde1b96c8c3c125d65dabd5712b6436bffe5de4d661151cf99aeec17b6e871918cde49fedd3571a21527941ccf61e326bb6fa36725215de6dd1d0b2e681b3b82afec836785d4985174b1b9998089ff7f78195c794a602e9240ae4c372a2cc9c762c80e5df7365bcae0252501b4dd1a079c77003fd0dcd5ec3dd4fabb3fcc85d66f7fa92ddfb902f7f5979ab535dac367b0874aa9289e238eff5c276be1b04ff307ee002ed45987cb524195eaf447d7ee6441557c8d590295dd629dc2b9ee5a287484a59bb790c70c07dff589367432d628c1b0b00be09c4cc31cd6fce369b54746812fa282abd3634470c48dff2d33baad8f7bb57088ae3e19cf4028d8fcc890bb5d9922f552e658c51f883143ee881dd7c68e3c436a1da718de7d3d16f162f9ca90a8fd | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AFE5D244A8D1194230FF479FE2F897BBCD7A8CB4\Blob = 0400000001000000100000001b31b0714036cc143691adc43efdec180f0000000100000030000000761613f4cd8607508c3d520fbefe68773735fc73746f42a9fd6254ba3b72f0047994e5af57677cf6d2c1965984965df1090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00b000000010000003a0000005300650063007400690067006f002000280066006f0072006d00650072006c007900200043006f006d006f0064006f002000430041002900000062000000010000002000000052f0e1c4e58ec629291b60317f074671b85d7ea80d5b07273463534b32b40234140000000100000014000000bbaf7e023dfaa6f13c848eadee3898ecd93232d41d0000000100000010000000cb39c3d4272cdf63774e1db810c5a89e030000000100000014000000afe5d244a8d1194230ff479fe2f897bbcd7a8cb419000000010000001000000082218ffb91733e64136be5719f57c3a12000000001000000dc050000308205d8308203c0a00302010202104caaf9cadb636fe01ff74ed85b03869d300d06092a864886f70d01010c0500308185310b3009060355040613024742311b30190603550408131247726561746572204d616e636865737465723110300e0603550407130753616c666f7264311a3018060355040a1311434f4d4f444f204341204c696d69746564312b302906035504031322434f4d4f444f205253412043657274696669636174696f6e20417574686f72697479301e170d3130303131393030303030305a170d3338303131383233353935395a308185310b3009060355040613024742311b30190603550408131247726561746572204d616e636865737465723110300e0603550407130753616c666f7264311a3018060355040a1311434f4d4f444f204341204c696d69746564312b302906035504031322434f4d4f444f205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010091e85492d20a56b1ac0d24ddc5cf446774992b37a37d23700071bc53dfc4fa2a128f4b7f1056bd9f7072b7617fc94b0f17a73de3b00461eeff1197c7f4863e0afa3e5cf993e6347ad9146be79cb385a0827a76af7190d7ecfd0dfa9c6cfadfb082f4147ef9bec4a62f4f7f997fb5fc674372bd0c00d689eb6b2cd3ed8f981c14ab7ee5e36efcd8a8e49224da436b62b855fdeac1bc6cb68bf30e8d9ae49b6c6999f878483045d5ade10d3c4560fc32965127bc67c3ca2eb66bea46c7c720a0b11f65de4808baa44ea9f283463784ebe8cc814843674e722a9b5cbd4c1b288a5c227bb4ab98d9eee05183c309464e6d3e99fa9517da7c3357413c8d51ed0bb65caf2c631adf57c83fbce95dc49baf4599e2a35a24b4baa9563dcf6faaff4958bef0a8fff4b8ade937fbbab8f40b3af9e843421e89d884cb13f1d9bbe18960b88c2856ac141d9c0ae771ebcf0edd3da996a148bd3cf7afb50d224cc01181ec563bf6d3a2e25bb7b204225295809369e88e4c65f191032d707402ea8b671529695202bbd7df506a5546bfa0a328617f70d0c3a2aa2c21aa47ce289c064576bf821827b4d5aeb4cb50e66bf44c867130e9a6df1686e0d8ff40ddfbd042887fa3333a2e5c1e41118163ce18716b2beca68ab7315c3a6a47e0c37959d6201aaff26a98aa72bc574ad24b9dbb10fcb04c41e5ed1d3d5e289d9cccbfb351daa747e584530203010001a3423040301d0603551d0e04160414bbaf7e023dfaa6f13c848eadee3898ecd93232d4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff300d06092a864886f70d01010c050003820201000af1d54684b7ae51bb6cb24d411400934c9ccbe5c054cfa0258e02f9fdb0a20df520983c132dac56a2b0d67e1192e92eba9e2e9a72b1bd19446c6135a29ab41612695a8ce1d73ea41ae82f03f4ae611d101b2aa48b7ac5fe05a6e1c0d6c8fe9eae8f2bba3d99f8d8730958466ea69cf4d727d395da3783721cd373e0a2479903385dd5497900291cc7ec9b201c0724695778b239fc3a84a0b59c7c8dbf2e936227b739da1718aebd3c0968ff849b3cd5d60b03e3579e14f7d1eb4fc8bd8723b7b6494379855cbaeb920ba1c6e868a84c16b11a990ae8532c92bba10918750c65a87bcb23b71ac22885c31bffd02b62efa47b099198678c1401cd68066a6321750380888a6e81c685f2a9a42de7f4a524104783cacdf48d7958b1069be71a2ad99d01d7947ded034acaf0dbe8a9013ef55699c91e8e493dbbe509b9e04f49923d168240cccc59c6e63aed122e693c6c95b1fdaa1d7b7f86be1e0e3246fbfb138f757f4c8b4b4663fe00344070c1c3b9a1dda670e204b341bce98091ea649c7ae12203a99c6e6f0e654f6c87875ef36ea0f975a59b40e853b2279d4ab9c077218dff87f2debc8cef17dfb7490bd1f26e300b1a0e4e76ed11fcf5e956b27dbfc76d0a938ca5d0c0b61dbe3a4e94a2d76e6c0bc28a7cfa20f3c4e4e5cd0da8cb9192b17c85ecb51469660e82e7cdcec82da6517f21c1355385064a5d9fadbb1b5f74 | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AFE5D244A8D1194230FF479FE2F897BBCD7A8CB4\Blob = 5c00000001000000040000000010000019000000010000001000000082218ffb91733e64136be5719f57c3a1030000000100000014000000afe5d244a8d1194230ff479fe2f897bbcd7a8cb41d0000000100000010000000cb39c3d4272cdf63774e1db810c5a89e140000000100000014000000bbaf7e023dfaa6f13c848eadee3898ecd93232d462000000010000002000000052f0e1c4e58ec629291b60317f074671b85d7ea80d5b07273463534b32b402340b000000010000003a0000005300650063007400690067006f002000280066006f0072006d00650072006c007900200043006f006d006f0064006f002000430041002900000053000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f0000000100000030000000761613f4cd8607508c3d520fbefe68773735fc73746f42a9fd6254ba3b72f0047994e5af57677cf6d2c1965984965df10400000001000000100000001b31b0714036cc143691adc43efdec182000000001000000dc050000308205d8308203c0a00302010202104caaf9cadb636fe01ff74ed85b03869d300d06092a864886f70d01010c0500308185310b3009060355040613024742311b30190603550408131247726561746572204d616e636865737465723110300e0603550407130753616c666f7264311a3018060355040a1311434f4d4f444f204341204c696d69746564312b302906035504031322434f4d4f444f205253412043657274696669636174696f6e20417574686f72697479301e170d3130303131393030303030305a170d3338303131383233353935395a308185310b3009060355040613024742311b30190603550408131247726561746572204d616e636865737465723110300e0603550407130753616c666f7264311a3018060355040a1311434f4d4f444f204341204c696d69746564312b302906035504031322434f4d4f444f205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010091e85492d20a56b1ac0d24ddc5cf446774992b37a37d23700071bc53dfc4fa2a128f4b7f1056bd9f7072b7617fc94b0f17a73de3b00461eeff1197c7f4863e0afa3e5cf993e6347ad9146be79cb385a0827a76af7190d7ecfd0dfa9c6cfadfb082f4147ef9bec4a62f4f7f997fb5fc674372bd0c00d689eb6b2cd3ed8f981c14ab7ee5e36efcd8a8e49224da436b62b855fdeac1bc6cb68bf30e8d9ae49b6c6999f878483045d5ade10d3c4560fc32965127bc67c3ca2eb66bea46c7c720a0b11f65de4808baa44ea9f283463784ebe8cc814843674e722a9b5cbd4c1b288a5c227bb4ab98d9eee05183c309464e6d3e99fa9517da7c3357413c8d51ed0bb65caf2c631adf57c83fbce95dc49baf4599e2a35a24b4baa9563dcf6faaff4958bef0a8fff4b8ade937fbbab8f40b3af9e843421e89d884cb13f1d9bbe18960b88c2856ac141d9c0ae771ebcf0edd3da996a148bd3cf7afb50d224cc01181ec563bf6d3a2e25bb7b204225295809369e88e4c65f191032d707402ea8b671529695202bbd7df506a5546bfa0a328617f70d0c3a2aa2c21aa47ce289c064576bf821827b4d5aeb4cb50e66bf44c867130e9a6df1686e0d8ff40ddfbd042887fa3333a2e5c1e41118163ce18716b2beca68ab7315c3a6a47e0c37959d6201aaff26a98aa72bc574ad24b9dbb10fcb04c41e5ed1d3d5e289d9cccbfb351daa747e584530203010001a3423040301d0603551d0e04160414bbaf7e023dfaa6f13c848eadee3898ecd93232d4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff300d06092a864886f70d01010c050003820201000af1d54684b7ae51bb6cb24d411400934c9ccbe5c054cfa0258e02f9fdb0a20df520983c132dac56a2b0d67e1192e92eba9e2e9a72b1bd19446c6135a29ab41612695a8ce1d73ea41ae82f03f4ae611d101b2aa48b7ac5fe05a6e1c0d6c8fe9eae8f2bba3d99f8d8730958466ea69cf4d727d395da3783721cd373e0a2479903385dd5497900291cc7ec9b201c0724695778b239fc3a84a0b59c7c8dbf2e936227b739da1718aebd3c0968ff849b3cd5d60b03e3579e14f7d1eb4fc8bd8723b7b6494379855cbaeb920ba1c6e868a84c16b11a990ae8532c92bba10918750c65a87bcb23b71ac22885c31bffd02b62efa47b099198678c1401cd68066a6321750380888a6e81c685f2a9a42de7f4a524104783cacdf48d7958b1069be71a2ad99d01d7947ded034acaf0dbe8a9013ef55699c91e8e493dbbe509b9e04f49923d168240cccc59c6e63aed122e693c6c95b1fdaa1d7b7f86be1e0e3246fbfb138f757f4c8b4b4663fe00344070c1c3b9a1dda670e204b341bce98091ea649c7ae12203a99c6e6f0e654f6c87875ef36ea0f975a59b40e853b2279d4ab9c077218dff87f2debc8cef17dfb7490bd1f26e300b1a0e4e76ed11fcf5e956b27dbfc76d0a938ca5d0c0b61dbe3a4e94a2d76e6c0bc28a7cfa20f3c4e4e5cd0da8cb9192b17c85ecb51469660e82e7cdcec82da6517f21c1355385064a5d9fadbb1b5f74 | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\02FAF3E291435468607857694DF5E45B68851868 | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\02FAF3E291435468607857694DF5E45B68851868\Blob = 5c00000001000000040000000008000019000000010000001000000045ed9bbc5e43d3b9ecd63c060db78e5c03000000010000001400000002faf3e291435468607857694df5e45b6885186868000000010000000800000000409120d035d9017e0000000100000008000000000063f58926d7011d000000010000001000000006f9583c00a763c23fb9e065a3366d55140000000100000014000000adbd987a34b426f7fac42654ef03bde024cb541a620000000100000020000000687fa451382278fff0c8b11f8d43d576671c6eb2bceab413fb83d965d06d2ff20b00000001000000260000005300650063007400690067006f0020002800410064006400540072007500730074002900000053000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f000000010000001400000009b9105c5bba24343ca7f341c624e183f6ee7c1b0400000001000000100000001d3554048578b03f42424dbf20730a3f20000000010000003a040000308204363082031ea003020102020101300d06092a864886f70d0101050500306f310b300906035504061302534531143012060355040a130b416464547275737420414231263024060355040b131d41646454727573742045787465726e616c20545450204e6574776f726b312230200603550403131941646454727573742045787465726e616c20434120526f6f74301e170d3030303533303130343833385a170d3230303533303130343833385a306f310b300906035504061302534531143012060355040a130b416464547275737420414231263024060355040b131d41646454727573742045787465726e616c20545450204e6574776f726b312230200603550403131941646454727573742045787465726e616c20434120526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100b7f71a33e6f200042d39e04e5bed1fbc6c0fcdb5fa23b6cede9b113397a4294c7d939fbd4abc93ed031ae38fcfe56d505ad69729945a80b0497adb2e95fdb8cabf37382d1e3e9141ad7056c7f04f3fe8329e74cac89054e9c65f0f789d9a403c0eac61aa5e148f9e87a16a50dcd79a4eaf05b3a671949c71b350600ac7139d38078602a8e9a869261890ab4cb04f23ab3a4f84d8dfce9fe1696fbbd742d76b44e4c7adee6d415f725a710837b37965a459a09437f7002f0dc29272dad03872db14a845c45d2a7db7b4d6c4eeaccd1344b7c92bdd430025fa61b9696a582311b7a7338f567559f5cd29d746b70a2b65b6d3426f15b2b87bfbefe95d53d5345a270203010001a381dc3081d9301d0603551d0e04160414adbd987a34b426f7fac42654ef03bde024cb541a300b0603551d0f040403020106300f0603551d130101ff040530030101ff3081990603551d2304819130818e8014adbd987a34b426f7fac42654ef03bde024cb541aa173a471306f310b300906035504061302534531143012060355040a130b416464547275737420414231263024060355040b131d41646454727573742045787465726e616c20545450204e6574776f726b312230200603550403131941646454727573742045787465726e616c20434120526f6f74820101300d06092a864886f70d01010505000382010100b09be08525c2d623e20f9606929d41989cd9847981d91e5b14072336658fb0d877bbac416c47608351b0f9323de7fcf62613c78016a5bf5afc87cf787989219ae24c070a8635bcf2de51c4d296b7dc7e4eee70fd1c39eb0c0251142d8ebd16e0c1df4675e724adecf442b48593701067ba9d06354a18d32b7acc5142a17a63d1e6bba1c52bc236be130de6bd637e797ba7090d40ab6add8f8ac3f6f68c1a420551d445f59fa76221681520433c99e77cbd24d8a9911773883f561b313818b4710f9acdc80e9e8e2e1be18c9883cb1f31f1444cc604734976600fc7f8bd17806b2ee9cc4c0e5a9a790f200a2ed59e63261e559294d882175a7bd0bcc78f4e8604 | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeTcbPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\cav_installer.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2912 wrote to memory of 2508 | N/A | C:\Users\Admin\AppData\Local\Temp\cav_installer.exe | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe |
| PID 2912 wrote to memory of 2508 | N/A | C:\Users\Admin\AppData\Local\Temp\cav_installer.exe | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe |
| PID 2912 wrote to memory of 2508 | N/A | C:\Users\Admin\AppData\Local\Temp\cav_installer.exe | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe |
Processes
C:\Users\Admin\AppData\Local\Temp\cav_installer.exe
"C:\Users\Admin\AppData\Local\Temp\cav_installer.exe"
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe
"C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe" -log -setupname "cav_installer.exe" -sfx "C:\Users\Admin\AppData\Local\Temp" -theme lycia -type web -mode cavfree
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 25.24.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.149.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | download.comodo.com | udp |
| US | 162.255.25.209:443 | download.comodo.com | tcp |
| US | 8.8.8.8:53 | cdn.download.comodo.com | udp |
| FR | 185.93.2.251:443 | cdn.download.comodo.com | tcp |
| US | 8.8.8.8:53 | 209.25.255.162.in-addr.arpa | udp |
| US | 162.255.25.209:443 | download.comodo.com | tcp |
| US | 8.8.8.8:53 | 251.2.93.185.in-addr.arpa | udp |
| US | 162.255.25.209:443 | download.comodo.com | tcp |
| US | 162.255.25.209:443 | download.comodo.com | tcp |
| FR | 185.93.2.251:443 | cdn.download.comodo.com | tcp |
| US | 8.8.8.8:53 | download.adtrustmedia.com | udp |
| US | 162.255.25.209:443 | download.comodo.com | tcp |
| US | 69.57.168.134:443 | download.adtrustmedia.com | tcp |
| US | 162.255.25.209:443 | download.comodo.com | tcp |
| US | 8.8.8.8:53 | cdn.download.comodo.com | udp |
| FR | 185.93.2.244:443 | cdn.download.comodo.com | tcp |
| US | 162.255.25.209:443 | download.comodo.com | tcp |
| US | 162.255.25.209:443 | download.comodo.com | tcp |
| FR | 185.93.2.244:443 | cdn.download.comodo.com | tcp |
| US | 8.8.8.8:53 | 244.2.93.185.in-addr.arpa | udp |
| US | 162.255.25.209:443 | download.comodo.com | tcp |
| FR | 185.93.2.244:443 | cdn.download.comodo.com | tcp |
| US | 162.255.25.209:443 | download.comodo.com | tcp |
| FR | 185.93.2.244:443 | cdn.download.comodo.com | tcp |
| US | 162.255.25.209:443 | download.comodo.com | tcp |
| FR | 185.93.2.244:443 | cdn.download.comodo.com | tcp |
| US | 162.255.25.209:443 | download.comodo.com | tcp |
| FR | 185.93.2.244:443 | cdn.download.comodo.com | tcp |
| US | 162.255.25.209:443 | download.comodo.com | tcp |
| FR | 185.93.2.244:443 | cdn.download.comodo.com | tcp |
| US | 162.255.25.209:443 | download.comodo.com | tcp |
| FR | 185.93.2.244:443 | cdn.download.comodo.com | tcp |
| US | 69.57.168.134:443 | download.adtrustmedia.com | tcp |
| US | 8.8.8.8:53 | download.comodo.com | udp |
| US | 162.255.25.209:443 | download.comodo.com | tcp |
| US | 162.255.25.209:443 | download.comodo.com | tcp |
| US | 8.8.8.8:53 | cdn.download.comodo.com | udp |
| FR | 185.93.2.251:443 | cdn.download.comodo.com | tcp |
| US | 162.255.25.209:443 | download.comodo.com | tcp |
| FR | 185.93.2.251:443 | cdn.download.comodo.com | tcp |
| US | 162.255.25.209:443 | download.comodo.com | tcp |
| FR | 185.93.2.251:443 | cdn.download.comodo.com | tcp |
| US | 162.255.25.209:443 | download.comodo.com | tcp |
| FR | 185.93.2.251:443 | cdn.download.comodo.com | tcp |
| US | 162.255.25.209:443 | download.comodo.com | tcp |
| FR | 185.93.2.251:443 | cdn.download.comodo.com | tcp |
| US | 8.8.8.8:53 | cmc.comodo.com | udp |
| GB | 178.255.85.135:443 | cmc.comodo.com | tcp |
| US | 8.8.8.8:53 | licensing.security.comodo.com | udp |
| US | 8.8.8.8:53 | licensing.security.comodo.com | udp |
| US | 45.32.1.220:443 | licensing.security.comodo.com | tcp |
| US | 45.32.1.220:443 | licensing.security.comodo.com | tcp |
| US | 45.32.1.220:443 | licensing.security.comodo.com | tcp |
| US | 8.8.8.8:53 | cmc.comodo.com | udp |
| GB | 178.255.85.135:443 | cmc.comodo.com | tcp |
| US | 8.8.8.8:53 | 16.24.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cis.td.security.comodo.com | udp |
| US | 209.127.178.102:443 | cis.td.security.comodo.com | tcp |
| US | 8.8.8.8:53 | 13.227.111.52.in-addr.arpa | udp |
| US | 209.127.178.76:443 | cis.td.security.comodo.com | tcp |
| US | 8.8.8.8:53 | 76.178.127.209.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.16.208.104.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe
| MD5 | 74cf93a3d559a630911fc94568b99e1e |
| SHA1 | a5f164154e164174c715e493f440b1935ec53af8 |
| SHA256 | fe82eb2103b177370e742aee40a2b840805516ff23867f6b9bd3655a401eb50b |
| SHA512 | c000d512e270d7f89058fe52a3ecfac6f60462eed21b134ebb57640cc6425e7ece9b6ce683acc666d8358875c8d621497a8e3eb95b4ad72311efb9d12c03100a |
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\7za.dll
| MD5 | 7baac18fb157c76574ca3d7a2f5eb193 |
| SHA1 | 6460577ce621fa28133096073376f6a88f8acd61 |
| SHA256 | 347144ae998d96c6b8664abf56f3ff8cfa4dcdfd6e13205d7e8ee2f3b77eefc2 |
| SHA512 | 513cc213da81db470f8675c29162f4b724bb92a690edd451025eb68588971eebb937f88cc5a659222f2bbbd99440aa56800bf4167bb8912ea87a0b2648b002ea |
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdhtml.dll
| MD5 | 6d9aa26bb18af69dc74ae8e822eb53dd |
| SHA1 | 6ef20da9b9e70afa742f047f1c6f9d3e58290450 |
| SHA256 | cf140523b8834de1c37efa29b02adcdc88babc0f8ee90ba93dd98c260d7036c3 |
| SHA512 | 3a9e8f15d207e98bb182f8d1838e93dba9750e6cfc79b72aab0706f969866447e50b3ab28bc1768a7cac7e7733cde80085cabcefefae0d287f08374578935c36 |
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\themes\ilycia.set
| MD5 | 7b85f91536c8342ac64d3edece2af7fe |
| SHA1 | 1e28c62364f606f03078e985222a2e3400a483c6 |
| SHA256 | 918e7aad857776a895ecdf850665c355026882bcf1e0eba279ff4f7aa4b6bbae |
| SHA512 | 42cbaca95018eba8b05d3d586dbe8537ec1130af9edd813c4e7affef88c804a4ae65d9a446a95326508cd21da03a7e6a7969f6de5a68e69ce86c827f4308ac5a |
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdres.dll
| MD5 | a4b3e07a9d407bca7a0ed76ea7c4945f |
| SHA1 | af16d87110e2f9e64d5c35a6d522151b69377bbc |
| SHA256 | b115a17e7500dbc34cce1f8e84a59f072a26ad49be5dcde6ac5908e4d2ad3555 |
| SHA512 | 77c6ba298f5bd4c04192660d365d2a45ecb23fa441818735bd01050677037e1976670dcb457b6684343fbccb02a6fcfd98f22ae9f2de263057157917ee28d981 |
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\installer_langdata.bin
| MD5 | b80eda6258e28b537651f8e5ebd997ff |
| SHA1 | 826741e138e8342f4bc3303838e347a44bb93546 |
| SHA256 | 6e960dfed451c2dfb99352d25d3df8dd46fe7d80c9af79805c0cfbd1a99a2709 |
| SHA512 | 9fce1cb5fe8b6a2bc4d13c1ca3ec31c926c6dd33717f145da6952ae33144eb11a6ee9e751e1d3e2d5d6ce7768e9f9602773a917d9f5f8473670e6d631b932b74 |
C:\ProgramData\Comodo Downloader\cis\download\installs\8050\installer_data\binaries\files_info.dat
| MD5 | f42c56a1f750bdf43155a2aee0f1407c |
| SHA1 | 0929dd9594fccffe5e7e43ea33a5eb6467afab0b |
| SHA256 | 86e8a71d1327fe5f26901c8a7d10bac322dce1ff621e1339db9c7b6ab905244c |
| SHA512 | 31dc56d6455391a0075ab59d438335c9d38da43e1ef974bcdf14be059d63d48f8a8f7a1f6cd9eb5e790519a3824f59387abafef48417bbeb74e34b526646b8d9 |
Analysis: behavioral3
Detonation Overview
Submitted
2024-06-01 07:08
Reported
2024-06-01 07:11
Platform
win10v2004-20240508-en
Max time kernel
148s
Max time network
150s
Command Line
Signatures
Reads user/profile data of web browsers
Checks for any installed AV software in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\COMODO\CIS\Options | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\COMODO\CIS\Data | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\Options | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\Options\UsageStatHost = "cmc.comodo.com" | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\COMODO\CIS | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\Data | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\Options | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\Options | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\COMODO\CIS\Data\CmcWindowsVersion = "{\"release_id\":2004,\"build\":19041,\"ubr\":1288,\"major\":0}" | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\COMODO\CIS\DbgTrace\cmdinstall | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\Cam | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\Installer\Instance\{48222F79-874D-414E-9563-03C664764923} = "1264" | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\Options\InstallerName = "cavinstallerx64" | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\Options\UsageStatHost | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\Installer | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\VolatileData | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\COMODO\CIS\Options\Proxy | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\Installer\Instance | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\Installer | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\COMODO\CIS\Data | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\Testing purposes | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\Installer | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\COMODO\CIS\Data | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe | N/A |
Downloads MZ/PE file
Enumerates connected drives
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\cav_installer.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe | N/A |
Enumerates physical storage devices
Modifies system certificate store
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AFE5D244A8D1194230FF479FE2F897BBCD7A8CB4 | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AFE5D244A8D1194230FF479FE2F897BBCD7A8CB4\Blob = 5c00000001000000040000000010000019000000010000001000000082218ffb91733e64136be5719f57c3a1030000000100000014000000afe5d244a8d1194230ff479fe2f897bbcd7a8cb41d0000000100000010000000cb39c3d4272cdf63774e1db810c5a89e140000000100000014000000bbaf7e023dfaa6f13c848eadee3898ecd93232d462000000010000002000000052f0e1c4e58ec629291b60317f074671b85d7ea80d5b07273463534b32b402340b000000010000003a0000005300650063007400690067006f002000280066006f0072006d00650072006c007900200043006f006d006f0064006f002000430041002900000053000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f0000000100000030000000761613f4cd8607508c3d520fbefe68773735fc73746f42a9fd6254ba3b72f0047994e5af57677cf6d2c1965984965df10400000001000000100000001b31b0714036cc143691adc43efdec182000000001000000dc050000308205d8308203c0a00302010202104caaf9cadb636fe01ff74ed85b03869d300d06092a864886f70d01010c0500308185310b3009060355040613024742311b30190603550408131247726561746572204d616e636865737465723110300e0603550407130753616c666f7264311a3018060355040a1311434f4d4f444f204341204c696d69746564312b302906035504031322434f4d4f444f205253412043657274696669636174696f6e20417574686f72697479301e170d3130303131393030303030305a170d3338303131383233353935395a308185310b3009060355040613024742311b30190603550408131247726561746572204d616e636865737465723110300e0603550407130753616c666f7264311a3018060355040a1311434f4d4f444f204341204c696d69746564312b302906035504031322434f4d4f444f205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010091e85492d20a56b1ac0d24ddc5cf446774992b37a37d23700071bc53dfc4fa2a128f4b7f1056bd9f7072b7617fc94b0f17a73de3b00461eeff1197c7f4863e0afa3e5cf993e6347ad9146be79cb385a0827a76af7190d7ecfd0dfa9c6cfadfb082f4147ef9bec4a62f4f7f997fb5fc674372bd0c00d689eb6b2cd3ed8f981c14ab7ee5e36efcd8a8e49224da436b62b855fdeac1bc6cb68bf30e8d9ae49b6c6999f878483045d5ade10d3c4560fc32965127bc67c3ca2eb66bea46c7c720a0b11f65de4808baa44ea9f283463784ebe8cc814843674e722a9b5cbd4c1b288a5c227bb4ab98d9eee05183c309464e6d3e99fa9517da7c3357413c8d51ed0bb65caf2c631adf57c83fbce95dc49baf4599e2a35a24b4baa9563dcf6faaff4958bef0a8fff4b8ade937fbbab8f40b3af9e843421e89d884cb13f1d9bbe18960b88c2856ac141d9c0ae771ebcf0edd3da996a148bd3cf7afb50d224cc01181ec563bf6d3a2e25bb7b204225295809369e88e4c65f191032d707402ea8b671529695202bbd7df506a5546bfa0a328617f70d0c3a2aa2c21aa47ce289c064576bf821827b4d5aeb4cb50e66bf44c867130e9a6df1686e0d8ff40ddfbd042887fa3333a2e5c1e41118163ce18716b2beca68ab7315c3a6a47e0c37959d6201aaff26a98aa72bc574ad24b9dbb10fcb04c41e5ed1d3d5e289d9cccbfb351daa747e584530203010001a3423040301d0603551d0e04160414bbaf7e023dfaa6f13c848eadee3898ecd93232d4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff300d06092a864886f70d01010c050003820201000af1d54684b7ae51bb6cb24d411400934c9ccbe5c054cfa0258e02f9fdb0a20df520983c132dac56a2b0d67e1192e92eba9e2e9a72b1bd19446c6135a29ab41612695a8ce1d73ea41ae82f03f4ae611d101b2aa48b7ac5fe05a6e1c0d6c8fe9eae8f2bba3d99f8d8730958466ea69cf4d727d395da3783721cd373e0a2479903385dd5497900291cc7ec9b201c0724695778b239fc3a84a0b59c7c8dbf2e936227b739da1718aebd3c0968ff849b3cd5d60b03e3579e14f7d1eb4fc8bd8723b7b6494379855cbaeb920ba1c6e868a84c16b11a990ae8532c92bba10918750c65a87bcb23b71ac22885c31bffd02b62efa47b099198678c1401cd68066a6321750380888a6e81c685f2a9a42de7f4a524104783cacdf48d7958b1069be71a2ad99d01d7947ded034acaf0dbe8a9013ef55699c91e8e493dbbe509b9e04f49923d168240cccc59c6e63aed122e693c6c95b1fdaa1d7b7f86be1e0e3246fbfb138f757f4c8b4b4663fe00344070c1c3b9a1dda670e204b341bce98091ea649c7ae12203a99c6e6f0e654f6c87875ef36ea0f975a59b40e853b2279d4ab9c077218dff87f2debc8cef17dfb7490bd1f26e300b1a0e4e76ed11fcf5e956b27dbfc76d0a938ca5d0c0b61dbe3a4e94a2d76e6c0bc28a7cfa20f3c4e4e5cd0da8cb9192b17c85ecb51469660e82e7cdcec82da6517f21c1355385064a5d9fadbb1b5f74 | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\02FAF3E291435468607857694DF5E45B68851868 | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\02FAF3E291435468607857694DF5E45B68851868\Blob = 5c00000001000000040000000008000019000000010000001000000045ed9bbc5e43d3b9ecd63c060db78e5c03000000010000001400000002faf3e291435468607857694df5e45b6885186868000000010000000800000000409120d035d9017e0000000100000008000000000063f58926d7011d000000010000001000000006f9583c00a763c23fb9e065a3366d55140000000100000014000000adbd987a34b426f7fac42654ef03bde024cb541a620000000100000020000000687fa451382278fff0c8b11f8d43d576671c6eb2bceab413fb83d965d06d2ff20b00000001000000260000005300650063007400690067006f0020002800410064006400540072007500730074002900000053000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f000000010000001400000009b9105c5bba24343ca7f341c624e183f6ee7c1b0400000001000000100000001d3554048578b03f42424dbf20730a3f20000000010000003a040000308204363082031ea003020102020101300d06092a864886f70d0101050500306f310b300906035504061302534531143012060355040a130b416464547275737420414231263024060355040b131d41646454727573742045787465726e616c20545450204e6574776f726b312230200603550403131941646454727573742045787465726e616c20434120526f6f74301e170d3030303533303130343833385a170d3230303533303130343833385a306f310b300906035504061302534531143012060355040a130b416464547275737420414231263024060355040b131d41646454727573742045787465726e616c20545450204e6574776f726b312230200603550403131941646454727573742045787465726e616c20434120526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100b7f71a33e6f200042d39e04e5bed1fbc6c0fcdb5fa23b6cede9b113397a4294c7d939fbd4abc93ed031ae38fcfe56d505ad69729945a80b0497adb2e95fdb8cabf37382d1e3e9141ad7056c7f04f3fe8329e74cac89054e9c65f0f789d9a403c0eac61aa5e148f9e87a16a50dcd79a4eaf05b3a671949c71b350600ac7139d38078602a8e9a869261890ab4cb04f23ab3a4f84d8dfce9fe1696fbbd742d76b44e4c7adee6d415f725a710837b37965a459a09437f7002f0dc29272dad03872db14a845c45d2a7db7b4d6c4eeaccd1344b7c92bdd430025fa61b9696a582311b7a7338f567559f5cd29d746b70a2b65b6d3426f15b2b87bfbefe95d53d5345a270203010001a381dc3081d9301d0603551d0e04160414adbd987a34b426f7fac42654ef03bde024cb541a300b0603551d0f040403020106300f0603551d130101ff040530030101ff3081990603551d2304819130818e8014adbd987a34b426f7fac42654ef03bde024cb541aa173a471306f310b300906035504061302534531143012060355040a130b416464547275737420414231263024060355040b131d41646454727573742045787465726e616c20545450204e6574776f726b312230200603550403131941646454727573742045787465726e616c20434120526f6f74820101300d06092a864886f70d01010505000382010100b09be08525c2d623e20f9606929d41989cd9847981d91e5b14072336658fb0d877bbac416c47608351b0f9323de7fcf62613c78016a5bf5afc87cf787989219ae24c070a8635bcf2de51c4d296b7dc7e4eee70fd1c39eb0c0251142d8ebd16e0c1df4675e724adecf442b48593701067ba9d06354a18d32b7acc5142a17a63d1e6bba1c52bc236be130de6bd637e797ba7090d40ab6add8f8ac3f6f68c1a420551d445f59fa76221681520433c99e77cbd24d8a9911773883f561b313818b4710f9acdc80e9e8e2e1be18c9883cb1f31f1444cc604734976600fc7f8bd17806b2ee9cc4c0e5a9a790f200a2ed59e63261e559294d882175a7bd0bcc78f4e8604 | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AFE5D244A8D1194230FF479FE2F897BBCD7A8CB4\Blob = 0f0000000100000030000000761613f4cd8607508c3d520fbefe68773735fc73746f42a9fd6254ba3b72f0047994e5af57677cf6d2c1965984965df1090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00b000000010000003a0000005300650063007400690067006f002000280066006f0072006d00650072006c007900200043006f006d006f0064006f002000430041002900000062000000010000002000000052f0e1c4e58ec629291b60317f074671b85d7ea80d5b07273463534b32b40234140000000100000014000000bbaf7e023dfaa6f13c848eadee3898ecd93232d41d0000000100000010000000cb39c3d4272cdf63774e1db810c5a89e030000000100000014000000afe5d244a8d1194230ff479fe2f897bbcd7a8cb42000000001000000dc050000308205d8308203c0a00302010202104caaf9cadb636fe01ff74ed85b03869d300d06092a864886f70d01010c0500308185310b3009060355040613024742311b30190603550408131247726561746572204d616e636865737465723110300e0603550407130753616c666f7264311a3018060355040a1311434f4d4f444f204341204c696d69746564312b302906035504031322434f4d4f444f205253412043657274696669636174696f6e20417574686f72697479301e170d3130303131393030303030305a170d3338303131383233353935395a308185310b3009060355040613024742311b30190603550408131247726561746572204d616e636865737465723110300e0603550407130753616c666f7264311a3018060355040a1311434f4d4f444f204341204c696d69746564312b302906035504031322434f4d4f444f205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010091e85492d20a56b1ac0d24ddc5cf446774992b37a37d23700071bc53dfc4fa2a128f4b7f1056bd9f7072b7617fc94b0f17a73de3b00461eeff1197c7f4863e0afa3e5cf993e6347ad9146be79cb385a0827a76af7190d7ecfd0dfa9c6cfadfb082f4147ef9bec4a62f4f7f997fb5fc674372bd0c00d689eb6b2cd3ed8f981c14ab7ee5e36efcd8a8e49224da436b62b855fdeac1bc6cb68bf30e8d9ae49b6c6999f878483045d5ade10d3c4560fc32965127bc67c3ca2eb66bea46c7c720a0b11f65de4808baa44ea9f283463784ebe8cc814843674e722a9b5cbd4c1b288a5c227bb4ab98d9eee05183c309464e6d3e99fa9517da7c3357413c8d51ed0bb65caf2c631adf57c83fbce95dc49baf4599e2a35a24b4baa9563dcf6faaff4958bef0a8fff4b8ade937fbbab8f40b3af9e843421e89d884cb13f1d9bbe18960b88c2856ac141d9c0ae771ebcf0edd3da996a148bd3cf7afb50d224cc01181ec563bf6d3a2e25bb7b204225295809369e88e4c65f191032d707402ea8b671529695202bbd7df506a5546bfa0a328617f70d0c3a2aa2c21aa47ce289c064576bf821827b4d5aeb4cb50e66bf44c867130e9a6df1686e0d8ff40ddfbd042887fa3333a2e5c1e41118163ce18716b2beca68ab7315c3a6a47e0c37959d6201aaff26a98aa72bc574ad24b9dbb10fcb04c41e5ed1d3d5e289d9cccbfb351daa747e584530203010001a3423040301d0603551d0e04160414bbaf7e023dfaa6f13c848eadee3898ecd93232d4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff300d06092a864886f70d01010c050003820201000af1d54684b7ae51bb6cb24d411400934c9ccbe5c054cfa0258e02f9fdb0a20df520983c132dac56a2b0d67e1192e92eba9e2e9a72b1bd19446c6135a29ab41612695a8ce1d73ea41ae82f03f4ae611d101b2aa48b7ac5fe05a6e1c0d6c8fe9eae8f2bba3d99f8d8730958466ea69cf4d727d395da3783721cd373e0a2479903385dd5497900291cc7ec9b201c0724695778b239fc3a84a0b59c7c8dbf2e936227b739da1718aebd3c0968ff849b3cd5d60b03e3579e14f7d1eb4fc8bd8723b7b6494379855cbaeb920ba1c6e868a84c16b11a990ae8532c92bba10918750c65a87bcb23b71ac22885c31bffd02b62efa47b099198678c1401cd68066a6321750380888a6e81c685f2a9a42de7f4a524104783cacdf48d7958b1069be71a2ad99d01d7947ded034acaf0dbe8a9013ef55699c91e8e493dbbe509b9e04f49923d168240cccc59c6e63aed122e693c6c95b1fdaa1d7b7f86be1e0e3246fbfb138f757f4c8b4b4663fe00344070c1c3b9a1dda670e204b341bce98091ea649c7ae12203a99c6e6f0e654f6c87875ef36ea0f975a59b40e853b2279d4ab9c077218dff87f2debc8cef17dfb7490bd1f26e300b1a0e4e76ed11fcf5e956b27dbfc76d0a938ca5d0c0b61dbe3a4e94a2d76e6c0bc28a7cfa20f3c4e4e5cd0da8cb9192b17c85ecb51469660e82e7cdcec82da6517f21c1355385064a5d9fadbb1b5f74 | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AFE5D244A8D1194230FF479FE2F897BBCD7A8CB4\Blob = 19000000010000001000000082218ffb91733e64136be5719f57c3a1030000000100000014000000afe5d244a8d1194230ff479fe2f897bbcd7a8cb41d0000000100000010000000cb39c3d4272cdf63774e1db810c5a89e140000000100000014000000bbaf7e023dfaa6f13c848eadee3898ecd93232d462000000010000002000000052f0e1c4e58ec629291b60317f074671b85d7ea80d5b07273463534b32b402340b000000010000003a0000005300650063007400690067006f002000280066006f0072006d00650072006c007900200043006f006d006f0064006f002000430041002900000053000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f0000000100000030000000761613f4cd8607508c3d520fbefe68773735fc73746f42a9fd6254ba3b72f0047994e5af57677cf6d2c1965984965df12000000001000000dc050000308205d8308203c0a00302010202104caaf9cadb636fe01ff74ed85b03869d300d06092a864886f70d01010c0500308185310b3009060355040613024742311b30190603550408131247726561746572204d616e636865737465723110300e0603550407130753616c666f7264311a3018060355040a1311434f4d4f444f204341204c696d69746564312b302906035504031322434f4d4f444f205253412043657274696669636174696f6e20417574686f72697479301e170d3130303131393030303030305a170d3338303131383233353935395a308185310b3009060355040613024742311b30190603550408131247726561746572204d616e636865737465723110300e0603550407130753616c666f7264311a3018060355040a1311434f4d4f444f204341204c696d69746564312b302906035504031322434f4d4f444f205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010091e85492d20a56b1ac0d24ddc5cf446774992b37a37d23700071bc53dfc4fa2a128f4b7f1056bd9f7072b7617fc94b0f17a73de3b00461eeff1197c7f4863e0afa3e5cf993e6347ad9146be79cb385a0827a76af7190d7ecfd0dfa9c6cfadfb082f4147ef9bec4a62f4f7f997fb5fc674372bd0c00d689eb6b2cd3ed8f981c14ab7ee5e36efcd8a8e49224da436b62b855fdeac1bc6cb68bf30e8d9ae49b6c6999f878483045d5ade10d3c4560fc32965127bc67c3ca2eb66bea46c7c720a0b11f65de4808baa44ea9f283463784ebe8cc814843674e722a9b5cbd4c1b288a5c227bb4ab98d9eee05183c309464e6d3e99fa9517da7c3357413c8d51ed0bb65caf2c631adf57c83fbce95dc49baf4599e2a35a24b4baa9563dcf6faaff4958bef0a8fff4b8ade937fbbab8f40b3af9e843421e89d884cb13f1d9bbe18960b88c2856ac141d9c0ae771ebcf0edd3da996a148bd3cf7afb50d224cc01181ec563bf6d3a2e25bb7b204225295809369e88e4c65f191032d707402ea8b671529695202bbd7df506a5546bfa0a328617f70d0c3a2aa2c21aa47ce289c064576bf821827b4d5aeb4cb50e66bf44c867130e9a6df1686e0d8ff40ddfbd042887fa3333a2e5c1e41118163ce18716b2beca68ab7315c3a6a47e0c37959d6201aaff26a98aa72bc574ad24b9dbb10fcb04c41e5ed1d3d5e289d9cccbfb351daa747e584530203010001a3423040301d0603551d0e04160414bbaf7e023dfaa6f13c848eadee3898ecd93232d4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff300d06092a864886f70d01010c050003820201000af1d54684b7ae51bb6cb24d411400934c9ccbe5c054cfa0258e02f9fdb0a20df520983c132dac56a2b0d67e1192e92eba9e2e9a72b1bd19446c6135a29ab41612695a8ce1d73ea41ae82f03f4ae611d101b2aa48b7ac5fe05a6e1c0d6c8fe9eae8f2bba3d99f8d8730958466ea69cf4d727d395da3783721cd373e0a2479903385dd5497900291cc7ec9b201c0724695778b239fc3a84a0b59c7c8dbf2e936227b739da1718aebd3c0968ff849b3cd5d60b03e3579e14f7d1eb4fc8bd8723b7b6494379855cbaeb920ba1c6e868a84c16b11a990ae8532c92bba10918750c65a87bcb23b71ac22885c31bffd02b62efa47b099198678c1401cd68066a6321750380888a6e81c685f2a9a42de7f4a524104783cacdf48d7958b1069be71a2ad99d01d7947ded034acaf0dbe8a9013ef55699c91e8e493dbbe509b9e04f49923d168240cccc59c6e63aed122e693c6c95b1fdaa1d7b7f86be1e0e3246fbfb138f757f4c8b4b4663fe00344070c1c3b9a1dda670e204b341bce98091ea649c7ae12203a99c6e6f0e654f6c87875ef36ea0f975a59b40e853b2279d4ab9c077218dff87f2debc8cef17dfb7490bd1f26e300b1a0e4e76ed11fcf5e956b27dbfc76d0a938ca5d0c0b61dbe3a4e94a2d76e6c0bc28a7cfa20f3c4e4e5cd0da8cb9192b17c85ecb51469660e82e7cdcec82da6517f21c1355385064a5d9fadbb1b5f74 | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E\Blob = 0400000001000000100000001bfe69d191b71933a372a80fe155e5b50f000000010000003000000066b764a96581128168cf208e374dda479d54e311f32457f4aee0dbd2a6c8d171d531289e1cd22bfdbbd4cfd979625483090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0620000000100000020000000e793c9b02fd8aa13e21c31228accb08119643b749c898964b1746d46c3d4cbd21400000001000000140000005379bf5aaa2b4acf5480e1d89bc09df2b20366cb1d0000000100000010000000885010358d29a38f059b028559c95f900b00000001000000100000005300650063007400690067006f0000000300000001000000140000002b8f1b57330dbba2d07a6c51f70ee90ddab9ad8e190000000100000010000000ea6089055218053dd01e37e1d806eedf2000000001000000e2050000308205de308203c6a003020102021001fd6d30fca3ca51a81bbc640e35032d300d06092a864886f70d01010c0500308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f72697479301e170d3130303230313030303030305a170d3338303131383233353935395a308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010080126517360ec3db08b3d0ac570d76edcd27d34cad508361e2aa204d092d6409dcce899fcc3da9ecf6cfc1dcf1d3b1d67b3728112b47da39c6bc3a19b45fa6bd7d9da36342b676f2a93b2b91f8e26fd0ec162090093ee2e874c918b491d46264db7fa306f188186a90223cbcfe13f087147bf6e41f8ed4e451c61167460851cb8614543fbc33fe7e6c9cff169d18bd518e35a6a766c87267db2166b1d49b7803c0503ae8ccf0dcbc9e4cfeaf0596351f575ab7ffcef93db72cb6f654ddc8e7123a4dae4c8ab75c9ab4b7203dca7f2234ae7e3b68660144e7014e46539b3360f794be5337907343f332c353efdbaafe744e69c76b8c6093dec4c70cdfe132aecc933b517895678bee3d56fe0cd0690f1b0ff325266b336df76e47fa7343e57e0ea566b1297c3284635589c40dc19354301913acd37d37a7eb5d3a6c355cdb41d712daa9490bdfd8808a0993628eb566cf2588cd84b8b13fa4390fd9029eeb124c957cf36b05a95e1683ccb867e2e8139dcc5b82d34cb3ed5bffdee573ac233b2d00bf3555740949d849581a7f9236e651920ef3267d1c4d17bcc9ec4326d0bf415f40a94444f499e757879e501f5754a83efd74632fb1506509e658422e431a4cb4f0254759fa041e93d426464a5081b2debe78b7fc6715e1c957841e0f63d6e962bad65f552eea5cc62808042539b80e2ba9f24c971c073f0d52f5edef2f820f0203010001a3423040301d0603551d0e041604145379bf5aaa2b4acf5480e1d89bc09df2b20366cb300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff300d06092a864886f70d01010c050003820201005cd47c0dcff7017d4199650c73c5529fcbf8cf99067f1bda43159f9e0255579614f1523c27879428ed1f3a0137a276fc5350c0849bc66b4eba8c214fa28e556291f36915d8bc88e3c4aa0bfdefa8e94b552a06206d55782919ee5f305c4b241155ff249a6e5e2a2bee0b4d9f7ff70138941495430709fb60a9ee1cab128ca09a5ea7986a596d8b3f08fbc8d145af18156490120f73282ec5e2244efc58ecf0f445fe22b3eb2f8ed2d9456105c1976fa876728f8b8c36afbf0d05ce718de6a66f1f6ca67162c5d8d083720cf16711890c9c134c7234dfbcd571dfaa71dde1b96c8c3c125d65dabd5712b6436bffe5de4d661151cf99aeec17b6e871918cde49fedd3571a21527941ccf61e326bb6fa36725215de6dd1d0b2e681b3b82afec836785d4985174b1b9998089ff7f78195c794a602e9240ae4c372a2cc9c762c80e5df7365bcae0252501b4dd1a079c77003fd0dcd5ec3dd4fabb3fcc85d66f7fa92ddfb902f7f5979ab535dac367b0874aa9289e238eff5c276be1b04ff307ee002ed45987cb524195eaf447d7ee6441557c8d590295dd629dc2b9ee5a287484a59bb790c70c07dff589367432d628c1b0b00be09c4cc31cd6fce369b54746812fa282abd3634470c48dff2d33baad8f7bb57088ae3e19cf4028d8fcc890bb5d9922f552e658c51f883143ee881dd7c68e3c436a1da718de7d3d16f162f9ca90a8fd | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E\Blob = 5c000000010000000400000000100000190000000100000010000000ea6089055218053dd01e37e1d806eedf0300000001000000140000002b8f1b57330dbba2d07a6c51f70ee90ddab9ad8e0b00000001000000100000005300650063007400690067006f0000001d0000000100000010000000885010358d29a38f059b028559c95f901400000001000000140000005379bf5aaa2b4acf5480e1d89bc09df2b20366cb620000000100000020000000e793c9b02fd8aa13e21c31228accb08119643b749c898964b1746d46c3d4cbd253000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f000000010000003000000066b764a96581128168cf208e374dda479d54e311f32457f4aee0dbd2a6c8d171d531289e1cd22bfdbbd4cfd9796254830400000001000000100000001bfe69d191b71933a372a80fe155e5b52000000001000000e2050000308205de308203c6a003020102021001fd6d30fca3ca51a81bbc640e35032d300d06092a864886f70d01010c0500308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f72697479301e170d3130303230313030303030305a170d3338303131383233353935395a308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010080126517360ec3db08b3d0ac570d76edcd27d34cad508361e2aa204d092d6409dcce899fcc3da9ecf6cfc1dcf1d3b1d67b3728112b47da39c6bc3a19b45fa6bd7d9da36342b676f2a93b2b91f8e26fd0ec162090093ee2e874c918b491d46264db7fa306f188186a90223cbcfe13f087147bf6e41f8ed4e451c61167460851cb8614543fbc33fe7e6c9cff169d18bd518e35a6a766c87267db2166b1d49b7803c0503ae8ccf0dcbc9e4cfeaf0596351f575ab7ffcef93db72cb6f654ddc8e7123a4dae4c8ab75c9ab4b7203dca7f2234ae7e3b68660144e7014e46539b3360f794be5337907343f332c353efdbaafe744e69c76b8c6093dec4c70cdfe132aecc933b517895678bee3d56fe0cd0690f1b0ff325266b336df76e47fa7343e57e0ea566b1297c3284635589c40dc19354301913acd37d37a7eb5d3a6c355cdb41d712daa9490bdfd8808a0993628eb566cf2588cd84b8b13fa4390fd9029eeb124c957cf36b05a95e1683ccb867e2e8139dcc5b82d34cb3ed5bffdee573ac233b2d00bf3555740949d849581a7f9236e651920ef3267d1c4d17bcc9ec4326d0bf415f40a94444f499e757879e501f5754a83efd74632fb1506509e658422e431a4cb4f0254759fa041e93d426464a5081b2debe78b7fc6715e1c957841e0f63d6e962bad65f552eea5cc62808042539b80e2ba9f24c971c073f0d52f5edef2f820f0203010001a3423040301d0603551d0e041604145379bf5aaa2b4acf5480e1d89bc09df2b20366cb300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff300d06092a864886f70d01010c050003820201005cd47c0dcff7017d4199650c73c5529fcbf8cf99067f1bda43159f9e0255579614f1523c27879428ed1f3a0137a276fc5350c0849bc66b4eba8c214fa28e556291f36915d8bc88e3c4aa0bfdefa8e94b552a06206d55782919ee5f305c4b241155ff249a6e5e2a2bee0b4d9f7ff70138941495430709fb60a9ee1cab128ca09a5ea7986a596d8b3f08fbc8d145af18156490120f73282ec5e2244efc58ecf0f445fe22b3eb2f8ed2d9456105c1976fa876728f8b8c36afbf0d05ce718de6a66f1f6ca67162c5d8d083720cf16711890c9c134c7234dfbcd571dfaa71dde1b96c8c3c125d65dabd5712b6436bffe5de4d661151cf99aeec17b6e871918cde49fedd3571a21527941ccf61e326bb6fa36725215de6dd1d0b2e681b3b82afec836785d4985174b1b9998089ff7f78195c794a602e9240ae4c372a2cc9c762c80e5df7365bcae0252501b4dd1a079c77003fd0dcd5ec3dd4fabb3fcc85d66f7fa92ddfb902f7f5979ab535dac367b0874aa9289e238eff5c276be1b04ff307ee002ed45987cb524195eaf447d7ee6441557c8d590295dd629dc2b9ee5a287484a59bb790c70c07dff589367432d628c1b0b00be09c4cc31cd6fce369b54746812fa282abd3634470c48dff2d33baad8f7bb57088ae3e19cf4028d8fcc890bb5d9922f552e658c51f883143ee881dd7c68e3c436a1da718de7d3d16f162f9ca90a8fd | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AFE5D244A8D1194230FF479FE2F897BBCD7A8CB4\Blob = 0400000001000000100000001b31b0714036cc143691adc43efdec180f0000000100000030000000761613f4cd8607508c3d520fbefe68773735fc73746f42a9fd6254ba3b72f0047994e5af57677cf6d2c1965984965df1090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00b000000010000003a0000005300650063007400690067006f002000280066006f0072006d00650072006c007900200043006f006d006f0064006f002000430041002900000062000000010000002000000052f0e1c4e58ec629291b60317f074671b85d7ea80d5b07273463534b32b40234140000000100000014000000bbaf7e023dfaa6f13c848eadee3898ecd93232d41d0000000100000010000000cb39c3d4272cdf63774e1db810c5a89e030000000100000014000000afe5d244a8d1194230ff479fe2f897bbcd7a8cb419000000010000001000000082218ffb91733e64136be5719f57c3a12000000001000000dc050000308205d8308203c0a00302010202104caaf9cadb636fe01ff74ed85b03869d300d06092a864886f70d01010c0500308185310b3009060355040613024742311b30190603550408131247726561746572204d616e636865737465723110300e0603550407130753616c666f7264311a3018060355040a1311434f4d4f444f204341204c696d69746564312b302906035504031322434f4d4f444f205253412043657274696669636174696f6e20417574686f72697479301e170d3130303131393030303030305a170d3338303131383233353935395a308185310b3009060355040613024742311b30190603550408131247726561746572204d616e636865737465723110300e0603550407130753616c666f7264311a3018060355040a1311434f4d4f444f204341204c696d69746564312b302906035504031322434f4d4f444f205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010091e85492d20a56b1ac0d24ddc5cf446774992b37a37d23700071bc53dfc4fa2a128f4b7f1056bd9f7072b7617fc94b0f17a73de3b00461eeff1197c7f4863e0afa3e5cf993e6347ad9146be79cb385a0827a76af7190d7ecfd0dfa9c6cfadfb082f4147ef9bec4a62f4f7f997fb5fc674372bd0c00d689eb6b2cd3ed8f981c14ab7ee5e36efcd8a8e49224da436b62b855fdeac1bc6cb68bf30e8d9ae49b6c6999f878483045d5ade10d3c4560fc32965127bc67c3ca2eb66bea46c7c720a0b11f65de4808baa44ea9f283463784ebe8cc814843674e722a9b5cbd4c1b288a5c227bb4ab98d9eee05183c309464e6d3e99fa9517da7c3357413c8d51ed0bb65caf2c631adf57c83fbce95dc49baf4599e2a35a24b4baa9563dcf6faaff4958bef0a8fff4b8ade937fbbab8f40b3af9e843421e89d884cb13f1d9bbe18960b88c2856ac141d9c0ae771ebcf0edd3da996a148bd3cf7afb50d224cc01181ec563bf6d3a2e25bb7b204225295809369e88e4c65f191032d707402ea8b671529695202bbd7df506a5546bfa0a328617f70d0c3a2aa2c21aa47ce289c064576bf821827b4d5aeb4cb50e66bf44c867130e9a6df1686e0d8ff40ddfbd042887fa3333a2e5c1e41118163ce18716b2beca68ab7315c3a6a47e0c37959d6201aaff26a98aa72bc574ad24b9dbb10fcb04c41e5ed1d3d5e289d9cccbfb351daa747e584530203010001a3423040301d0603551d0e04160414bbaf7e023dfaa6f13c848eadee3898ecd93232d4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff300d06092a864886f70d01010c050003820201000af1d54684b7ae51bb6cb24d411400934c9ccbe5c054cfa0258e02f9fdb0a20df520983c132dac56a2b0d67e1192e92eba9e2e9a72b1bd19446c6135a29ab41612695a8ce1d73ea41ae82f03f4ae611d101b2aa48b7ac5fe05a6e1c0d6c8fe9eae8f2bba3d99f8d8730958466ea69cf4d727d395da3783721cd373e0a2479903385dd5497900291cc7ec9b201c0724695778b239fc3a84a0b59c7c8dbf2e936227b739da1718aebd3c0968ff849b3cd5d60b03e3579e14f7d1eb4fc8bd8723b7b6494379855cbaeb920ba1c6e868a84c16b11a990ae8532c92bba10918750c65a87bcb23b71ac22885c31bffd02b62efa47b099198678c1401cd68066a6321750380888a6e81c685f2a9a42de7f4a524104783cacdf48d7958b1069be71a2ad99d01d7947ded034acaf0dbe8a9013ef55699c91e8e493dbbe509b9e04f49923d168240cccc59c6e63aed122e693c6c95b1fdaa1d7b7f86be1e0e3246fbfb138f757f4c8b4b4663fe00344070c1c3b9a1dda670e204b341bce98091ea649c7ae12203a99c6e6f0e654f6c87875ef36ea0f975a59b40e853b2279d4ab9c077218dff87f2debc8cef17dfb7490bd1f26e300b1a0e4e76ed11fcf5e956b27dbfc76d0a938ca5d0c0b61dbe3a4e94a2d76e6c0bc28a7cfa20f3c4e4e5cd0da8cb9192b17c85ecb51469660e82e7cdcec82da6517f21c1355385064a5d9fadbb1b5f74 | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\02FAF3E291435468607857694DF5E45B68851868\Blob = 0400000001000000100000001d3554048578b03f42424dbf20730a3f0f000000010000001400000009b9105c5bba24343ca7f341c624e183f6ee7c1b090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00b00000001000000260000005300650063007400690067006f00200028004100640064005400720075007300740029000000620000000100000020000000687fa451382278fff0c8b11f8d43d576671c6eb2bceab413fb83d965d06d2ff2140000000100000014000000adbd987a34b426f7fac42654ef03bde024cb541a1d000000010000001000000006f9583c00a763c23fb9e065a3366d557e0000000100000008000000000063f58926d70168000000010000000800000000409120d035d90103000000010000001400000002faf3e291435468607857694df5e45b6885186819000000010000001000000045ed9bbc5e43d3b9ecd63c060db78e5c20000000010000003a040000308204363082031ea003020102020101300d06092a864886f70d0101050500306f310b300906035504061302534531143012060355040a130b416464547275737420414231263024060355040b131d41646454727573742045787465726e616c20545450204e6574776f726b312230200603550403131941646454727573742045787465726e616c20434120526f6f74301e170d3030303533303130343833385a170d3230303533303130343833385a306f310b300906035504061302534531143012060355040a130b416464547275737420414231263024060355040b131d41646454727573742045787465726e616c20545450204e6574776f726b312230200603550403131941646454727573742045787465726e616c20434120526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100b7f71a33e6f200042d39e04e5bed1fbc6c0fcdb5fa23b6cede9b113397a4294c7d939fbd4abc93ed031ae38fcfe56d505ad69729945a80b0497adb2e95fdb8cabf37382d1e3e9141ad7056c7f04f3fe8329e74cac89054e9c65f0f789d9a403c0eac61aa5e148f9e87a16a50dcd79a4eaf05b3a671949c71b350600ac7139d38078602a8e9a869261890ab4cb04f23ab3a4f84d8dfce9fe1696fbbd742d76b44e4c7adee6d415f725a710837b37965a459a09437f7002f0dc29272dad03872db14a845c45d2a7db7b4d6c4eeaccd1344b7c92bdd430025fa61b9696a582311b7a7338f567559f5cd29d746b70a2b65b6d3426f15b2b87bfbefe95d53d5345a270203010001a381dc3081d9301d0603551d0e04160414adbd987a34b426f7fac42654ef03bde024cb541a300b0603551d0f040403020106300f0603551d130101ff040530030101ff3081990603551d2304819130818e8014adbd987a34b426f7fac42654ef03bde024cb541aa173a471306f310b300906035504061302534531143012060355040a130b416464547275737420414231263024060355040b131d41646454727573742045787465726e616c20545450204e6574776f726b312230200603550403131941646454727573742045787465726e616c20434120526f6f74820101300d06092a864886f70d01010505000382010100b09be08525c2d623e20f9606929d41989cd9847981d91e5b14072336658fb0d877bbac416c47608351b0f9323de7fcf62613c78016a5bf5afc87cf787989219ae24c070a8635bcf2de51c4d296b7dc7e4eee70fd1c39eb0c0251142d8ebd16e0c1df4675e724adecf442b48593701067ba9d06354a18d32b7acc5142a17a63d1e6bba1c52bc236be130de6bd637e797ba7090d40ab6add8f8ac3f6f68c1a420551d445f59fa76221681520433c99e77cbd24d8a9911773883f561b313818b4710f9acdc80e9e8e2e1be18c9883cb1f31f1444cc604734976600fc7f8bd17806b2ee9cc4c0e5a9a790f200a2ed59e63261e559294d882175a7bd0bcc78f4e8604 | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeTcbPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\cav_installer.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 3592 wrote to memory of 1264 | N/A | C:\Users\Admin\AppData\Local\Temp\cav_installer.exe | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe |
| PID 3592 wrote to memory of 1264 | N/A | C:\Users\Admin\AppData\Local\Temp\cav_installer.exe | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe |
| PID 3592 wrote to memory of 1264 | N/A | C:\Users\Admin\AppData\Local\Temp\cav_installer.exe | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe |
Processes
C:\Users\Admin\AppData\Local\Temp\cav_installer.exe
"C:\Users\Admin\AppData\Local\Temp\cav_installer.exe"
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe
"C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe" -log -setupname "cav_installer.exe" -sfx "C:\Users\Admin\AppData\Local\Temp" -theme lycia -type web -mode cavfree
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 16.24.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | download.comodo.com | udp |
| US | 162.255.25.209:443 | download.comodo.com | tcp |
| US | 8.8.8.8:53 | 23.149.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.25.255.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cdn.download.comodo.com | udp |
| FR | 185.93.2.245:443 | cdn.download.comodo.com | tcp |
| US | 8.8.8.8:53 | download.comodo.com | udp |
| US | 162.255.25.209:443 | download.comodo.com | tcp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 245.2.93.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 162.255.25.209:443 | download.comodo.com | tcp |
| US | 162.255.25.209:443 | download.comodo.com | tcp |
| FR | 185.93.2.245:443 | cdn.download.comodo.com | tcp |
| NL | 23.62.61.194:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | download.adtrustmedia.com | udp |
| US | 162.255.25.209:443 | download.comodo.com | tcp |
| US | 69.57.168.134:443 | download.adtrustmedia.com | tcp |
| US | 8.8.8.8:53 | 194.61.62.23.in-addr.arpa | udp |
| US | 162.255.25.209:443 | download.comodo.com | tcp |
| FR | 185.93.2.245:443 | cdn.download.comodo.com | tcp |
| US | 162.255.25.209:443 | download.comodo.com | tcp |
| FR | 185.93.2.245:443 | cdn.download.comodo.com | tcp |
| US | 162.255.25.209:443 | download.comodo.com | tcp |
| FR | 185.93.2.245:443 | cdn.download.comodo.com | tcp |
| US | 162.255.25.209:443 | download.comodo.com | tcp |
| FR | 185.93.2.245:443 | cdn.download.comodo.com | tcp |
| US | 162.255.25.209:443 | download.comodo.com | tcp |
| FR | 185.93.2.245:443 | cdn.download.comodo.com | tcp |
| US | 162.255.25.209:443 | download.comodo.com | tcp |
| FR | 185.93.2.245:443 | cdn.download.comodo.com | tcp |
| US | 162.255.25.209:443 | download.comodo.com | tcp |
| FR | 185.93.2.245:443 | cdn.download.comodo.com | tcp |
| US | 162.255.25.209:443 | download.comodo.com | tcp |
| FR | 185.93.2.245:443 | cdn.download.comodo.com | tcp |
| US | 162.255.25.209:443 | download.comodo.com | tcp |
| US | 69.57.168.134:443 | download.adtrustmedia.com | tcp |
| US | 162.255.25.209:443 | download.comodo.com | tcp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 162.255.25.209:443 | download.comodo.com | tcp |
| US | 8.8.8.8:53 | cdn.download.comodo.com | udp |
| FR | 185.93.2.245:443 | cdn.download.comodo.com | tcp |
| US | 162.255.25.209:443 | download.comodo.com | tcp |
| FR | 185.93.2.245:443 | cdn.download.comodo.com | tcp |
| US | 162.255.25.209:443 | download.comodo.com | tcp |
| FR | 185.93.2.245:443 | cdn.download.comodo.com | tcp |
| US | 162.255.25.209:443 | download.comodo.com | tcp |
| FR | 185.93.2.245:443 | cdn.download.comodo.com | tcp |
| US | 162.255.25.209:443 | download.comodo.com | tcp |
| FR | 185.93.2.245:443 | cdn.download.comodo.com | tcp |
| US | 8.8.8.8:53 | cmc.comodo.com | udp |
| GB | 178.255.85.135:443 | cmc.comodo.com | tcp |
| US | 8.8.8.8:53 | licensing.security.comodo.com | udp |
| US | 8.8.8.8:53 | licensing.security.comodo.com | udp |
| US | 45.32.1.220:443 | licensing.security.comodo.com | tcp |
| US | 45.32.1.220:443 | licensing.security.comodo.com | tcp |
| US | 45.32.1.220:443 | licensing.security.comodo.com | tcp |
| US | 8.8.8.8:53 | cmc.comodo.com | udp |
| GB | 178.255.85.135:443 | cmc.comodo.com | tcp |
| US | 8.8.8.8:53 | 25.24.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 57.169.31.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cis.td.security.comodo.com | udp |
| US | 209.127.178.102:443 | cis.td.security.comodo.com | tcp |
| US | 8.8.8.8:53 | 13.227.111.52.in-addr.arpa | udp |
| US | 209.127.178.76:443 | cis.td.security.comodo.com | tcp |
| US | 8.8.8.8:53 | 76.178.127.209.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 24.173.189.20.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe
| MD5 | 74cf93a3d559a630911fc94568b99e1e |
| SHA1 | a5f164154e164174c715e493f440b1935ec53af8 |
| SHA256 | fe82eb2103b177370e742aee40a2b840805516ff23867f6b9bd3655a401eb50b |
| SHA512 | c000d512e270d7f89058fe52a3ecfac6f60462eed21b134ebb57640cc6425e7ece9b6ce683acc666d8358875c8d621497a8e3eb95b4ad72311efb9d12c03100a |
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\7za.dll
| MD5 | 7baac18fb157c76574ca3d7a2f5eb193 |
| SHA1 | 6460577ce621fa28133096073376f6a88f8acd61 |
| SHA256 | 347144ae998d96c6b8664abf56f3ff8cfa4dcdfd6e13205d7e8ee2f3b77eefc2 |
| SHA512 | 513cc213da81db470f8675c29162f4b724bb92a690edd451025eb68588971eebb937f88cc5a659222f2bbbd99440aa56800bf4167bb8912ea87a0b2648b002ea |
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdhtml.dll
| MD5 | 6d9aa26bb18af69dc74ae8e822eb53dd |
| SHA1 | 6ef20da9b9e70afa742f047f1c6f9d3e58290450 |
| SHA256 | cf140523b8834de1c37efa29b02adcdc88babc0f8ee90ba93dd98c260d7036c3 |
| SHA512 | 3a9e8f15d207e98bb182f8d1838e93dba9750e6cfc79b72aab0706f969866447e50b3ab28bc1768a7cac7e7733cde80085cabcefefae0d287f08374578935c36 |
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\themes\ilycia.set
| MD5 | 7b85f91536c8342ac64d3edece2af7fe |
| SHA1 | 1e28c62364f606f03078e985222a2e3400a483c6 |
| SHA256 | 918e7aad857776a895ecdf850665c355026882bcf1e0eba279ff4f7aa4b6bbae |
| SHA512 | 42cbaca95018eba8b05d3d586dbe8537ec1130af9edd813c4e7affef88c804a4ae65d9a446a95326508cd21da03a7e6a7969f6de5a68e69ce86c827f4308ac5a |
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdres.dll
| MD5 | a4b3e07a9d407bca7a0ed76ea7c4945f |
| SHA1 | af16d87110e2f9e64d5c35a6d522151b69377bbc |
| SHA256 | b115a17e7500dbc34cce1f8e84a59f072a26ad49be5dcde6ac5908e4d2ad3555 |
| SHA512 | 77c6ba298f5bd4c04192660d365d2a45ecb23fa441818735bd01050677037e1976670dcb457b6684343fbccb02a6fcfd98f22ae9f2de263057157917ee28d981 |
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\installer_langdata.bin
| MD5 | b80eda6258e28b537651f8e5ebd997ff |
| SHA1 | 826741e138e8342f4bc3303838e347a44bb93546 |
| SHA256 | 6e960dfed451c2dfb99352d25d3df8dd46fe7d80c9af79805c0cfbd1a99a2709 |
| SHA512 | 9fce1cb5fe8b6a2bc4d13c1ca3ec31c926c6dd33717f145da6952ae33144eb11a6ee9e751e1d3e2d5d6ce7768e9f9602773a917d9f5f8473670e6d631b932b74 |
C:\ProgramData\Comodo Downloader\cis\download\installs\8050\installer_data\binaries\files_info.dat
| MD5 | f42c56a1f750bdf43155a2aee0f1407c |
| SHA1 | 0929dd9594fccffe5e7e43ea33a5eb6467afab0b |
| SHA256 | 86e8a71d1327fe5f26901c8a7d10bac322dce1ff621e1339db9c7b6ab905244c |
| SHA512 | 31dc56d6455391a0075ab59d438335c9d38da43e1ef974bcdf14be059d63d48f8a8f7a1f6cd9eb5e790519a3824f59387abafef48417bbeb74e34b526646b8d9 |
Analysis: behavioral4
Detonation Overview
Submitted
2024-06-01 07:08
Reported
2024-06-01 07:11
Platform
win11-20240426-en
Max time kernel
146s
Max time network
150s
Command Line
Signatures
Reads user/profile data of web browsers
Checks for any installed AV software in registry
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\Options | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\COMODO\CIS\Data | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\Installer\Instance\{48222F79-874D-414E-9563-03C664764923} = "1372" | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\VolatileData | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\COMODO\CIS\Options\Proxy | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\Options | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\COMODO\CIS\Data\CmcWindowsVersion = "{\"release_id\":2009,\"build\":22000,\"ubr\":493,\"major\":0}" | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\Data | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\Installer | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\COMODO\CIS | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\COMODO\CIS\Data | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\Installer\Instance | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\Cam | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\Installer | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\COMODO\CIS\Data | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\Options | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\Testing purposes | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\COMODO\CIS\Options | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\Installer | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\Options\UsageStatHost = "cmc.comodo.com" | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\COMODO\CIS\DbgTrace\cmdinstall | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\Options\InstallerName = "cavinstallerx64" | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\Options\UsageStatHost | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe | N/A |
Enumerates connected drives
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe | N/A |
Enumerates physical storage devices
Modifies system certificate store
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AFE5D244A8D1194230FF479FE2F897BBCD7A8CB4 | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AFE5D244A8D1194230FF479FE2F897BBCD7A8CB4\Blob = 0f0000000100000030000000761613f4cd8607508c3d520fbefe68773735fc73746f42a9fd6254ba3b72f0047994e5af57677cf6d2c1965984965df1090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00b000000010000003a0000005300650063007400690067006f002000280066006f0072006d00650072006c007900200043006f006d006f0064006f002000430041002900000062000000010000002000000052f0e1c4e58ec629291b60317f074671b85d7ea80d5b07273463534b32b40234140000000100000014000000bbaf7e023dfaa6f13c848eadee3898ecd93232d41d0000000100000010000000cb39c3d4272cdf63774e1db810c5a89e030000000100000014000000afe5d244a8d1194230ff479fe2f897bbcd7a8cb42000000001000000dc050000308205d8308203c0a00302010202104caaf9cadb636fe01ff74ed85b03869d300d06092a864886f70d01010c0500308185310b3009060355040613024742311b30190603550408131247726561746572204d616e636865737465723110300e0603550407130753616c666f7264311a3018060355040a1311434f4d4f444f204341204c696d69746564312b302906035504031322434f4d4f444f205253412043657274696669636174696f6e20417574686f72697479301e170d3130303131393030303030305a170d3338303131383233353935395a308185310b3009060355040613024742311b30190603550408131247726561746572204d616e636865737465723110300e0603550407130753616c666f7264311a3018060355040a1311434f4d4f444f204341204c696d69746564312b302906035504031322434f4d4f444f205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010091e85492d20a56b1ac0d24ddc5cf446774992b37a37d23700071bc53dfc4fa2a128f4b7f1056bd9f7072b7617fc94b0f17a73de3b00461eeff1197c7f4863e0afa3e5cf993e6347ad9146be79cb385a0827a76af7190d7ecfd0dfa9c6cfadfb082f4147ef9bec4a62f4f7f997fb5fc674372bd0c00d689eb6b2cd3ed8f981c14ab7ee5e36efcd8a8e49224da436b62b855fdeac1bc6cb68bf30e8d9ae49b6c6999f878483045d5ade10d3c4560fc32965127bc67c3ca2eb66bea46c7c720a0b11f65de4808baa44ea9f283463784ebe8cc814843674e722a9b5cbd4c1b288a5c227bb4ab98d9eee05183c309464e6d3e99fa9517da7c3357413c8d51ed0bb65caf2c631adf57c83fbce95dc49baf4599e2a35a24b4baa9563dcf6faaff4958bef0a8fff4b8ade937fbbab8f40b3af9e843421e89d884cb13f1d9bbe18960b88c2856ac141d9c0ae771ebcf0edd3da996a148bd3cf7afb50d224cc01181ec563bf6d3a2e25bb7b204225295809369e88e4c65f191032d707402ea8b671529695202bbd7df506a5546bfa0a328617f70d0c3a2aa2c21aa47ce289c064576bf821827b4d5aeb4cb50e66bf44c867130e9a6df1686e0d8ff40ddfbd042887fa3333a2e5c1e41118163ce18716b2beca68ab7315c3a6a47e0c37959d6201aaff26a98aa72bc574ad24b9dbb10fcb04c41e5ed1d3d5e289d9cccbfb351daa747e584530203010001a3423040301d0603551d0e04160414bbaf7e023dfaa6f13c848eadee3898ecd93232d4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff300d06092a864886f70d01010c050003820201000af1d54684b7ae51bb6cb24d411400934c9ccbe5c054cfa0258e02f9fdb0a20df520983c132dac56a2b0d67e1192e92eba9e2e9a72b1bd19446c6135a29ab41612695a8ce1d73ea41ae82f03f4ae611d101b2aa48b7ac5fe05a6e1c0d6c8fe9eae8f2bba3d99f8d8730958466ea69cf4d727d395da3783721cd373e0a2479903385dd5497900291cc7ec9b201c0724695778b239fc3a84a0b59c7c8dbf2e936227b739da1718aebd3c0968ff849b3cd5d60b03e3579e14f7d1eb4fc8bd8723b7b6494379855cbaeb920ba1c6e868a84c16b11a990ae8532c92bba10918750c65a87bcb23b71ac22885c31bffd02b62efa47b099198678c1401cd68066a6321750380888a6e81c685f2a9a42de7f4a524104783cacdf48d7958b1069be71a2ad99d01d7947ded034acaf0dbe8a9013ef55699c91e8e493dbbe509b9e04f49923d168240cccc59c6e63aed122e693c6c95b1fdaa1d7b7f86be1e0e3246fbfb138f757f4c8b4b4663fe00344070c1c3b9a1dda670e204b341bce98091ea649c7ae12203a99c6e6f0e654f6c87875ef36ea0f975a59b40e853b2279d4ab9c077218dff87f2debc8cef17dfb7490bd1f26e300b1a0e4e76ed11fcf5e956b27dbfc76d0a938ca5d0c0b61dbe3a4e94a2d76e6c0bc28a7cfa20f3c4e4e5cd0da8cb9192b17c85ecb51469660e82e7cdcec82da6517f21c1355385064a5d9fadbb1b5f74 | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E\Blob = 5c000000010000000400000000100000190000000100000010000000ea6089055218053dd01e37e1d806eedf0300000001000000140000002b8f1b57330dbba2d07a6c51f70ee90ddab9ad8e0b00000001000000100000005300650063007400690067006f0000001d0000000100000010000000885010358d29a38f059b028559c95f901400000001000000140000005379bf5aaa2b4acf5480e1d89bc09df2b20366cb620000000100000020000000e793c9b02fd8aa13e21c31228accb08119643b749c898964b1746d46c3d4cbd253000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f000000010000003000000066b764a96581128168cf208e374dda479d54e311f32457f4aee0dbd2a6c8d171d531289e1cd22bfdbbd4cfd9796254830400000001000000100000001bfe69d191b71933a372a80fe155e5b52000000001000000e2050000308205de308203c6a003020102021001fd6d30fca3ca51a81bbc640e35032d300d06092a864886f70d01010c0500308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f72697479301e170d3130303230313030303030305a170d3338303131383233353935395a308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010080126517360ec3db08b3d0ac570d76edcd27d34cad508361e2aa204d092d6409dcce899fcc3da9ecf6cfc1dcf1d3b1d67b3728112b47da39c6bc3a19b45fa6bd7d9da36342b676f2a93b2b91f8e26fd0ec162090093ee2e874c918b491d46264db7fa306f188186a90223cbcfe13f087147bf6e41f8ed4e451c61167460851cb8614543fbc33fe7e6c9cff169d18bd518e35a6a766c87267db2166b1d49b7803c0503ae8ccf0dcbc9e4cfeaf0596351f575ab7ffcef93db72cb6f654ddc8e7123a4dae4c8ab75c9ab4b7203dca7f2234ae7e3b68660144e7014e46539b3360f794be5337907343f332c353efdbaafe744e69c76b8c6093dec4c70cdfe132aecc933b517895678bee3d56fe0cd0690f1b0ff325266b336df76e47fa7343e57e0ea566b1297c3284635589c40dc19354301913acd37d37a7eb5d3a6c355cdb41d712daa9490bdfd8808a0993628eb566cf2588cd84b8b13fa4390fd9029eeb124c957cf36b05a95e1683ccb867e2e8139dcc5b82d34cb3ed5bffdee573ac233b2d00bf3555740949d849581a7f9236e651920ef3267d1c4d17bcc9ec4326d0bf415f40a94444f499e757879e501f5754a83efd74632fb1506509e658422e431a4cb4f0254759fa041e93d426464a5081b2debe78b7fc6715e1c957841e0f63d6e962bad65f552eea5cc62808042539b80e2ba9f24c971c073f0d52f5edef2f820f0203010001a3423040301d0603551d0e041604145379bf5aaa2b4acf5480e1d89bc09df2b20366cb300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff300d06092a864886f70d01010c050003820201005cd47c0dcff7017d4199650c73c5529fcbf8cf99067f1bda43159f9e0255579614f1523c27879428ed1f3a0137a276fc5350c0849bc66b4eba8c214fa28e556291f36915d8bc88e3c4aa0bfdefa8e94b552a06206d55782919ee5f305c4b241155ff249a6e5e2a2bee0b4d9f7ff70138941495430709fb60a9ee1cab128ca09a5ea7986a596d8b3f08fbc8d145af18156490120f73282ec5e2244efc58ecf0f445fe22b3eb2f8ed2d9456105c1976fa876728f8b8c36afbf0d05ce718de6a66f1f6ca67162c5d8d083720cf16711890c9c134c7234dfbcd571dfaa71dde1b96c8c3c125d65dabd5712b6436bffe5de4d661151cf99aeec17b6e871918cde49fedd3571a21527941ccf61e326bb6fa36725215de6dd1d0b2e681b3b82afec836785d4985174b1b9998089ff7f78195c794a602e9240ae4c372a2cc9c762c80e5df7365bcae0252501b4dd1a079c77003fd0dcd5ec3dd4fabb3fcc85d66f7fa92ddfb902f7f5979ab535dac367b0874aa9289e238eff5c276be1b04ff307ee002ed45987cb524195eaf447d7ee6441557c8d590295dd629dc2b9ee5a287484a59bb790c70c07dff589367432d628c1b0b00be09c4cc31cd6fce369b54746812fa282abd3634470c48dff2d33baad8f7bb57088ae3e19cf4028d8fcc890bb5d9922f552e658c51f883143ee881dd7c68e3c436a1da718de7d3d16f162f9ca90a8fd | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AFE5D244A8D1194230FF479FE2F897BBCD7A8CB4\Blob = 5c00000001000000040000000010000019000000010000001000000082218ffb91733e64136be5719f57c3a1030000000100000014000000afe5d244a8d1194230ff479fe2f897bbcd7a8cb41d0000000100000010000000cb39c3d4272cdf63774e1db810c5a89e140000000100000014000000bbaf7e023dfaa6f13c848eadee3898ecd93232d462000000010000002000000052f0e1c4e58ec629291b60317f074671b85d7ea80d5b07273463534b32b402340b000000010000003a0000005300650063007400690067006f002000280066006f0072006d00650072006c007900200043006f006d006f0064006f002000430041002900000053000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f0000000100000030000000761613f4cd8607508c3d520fbefe68773735fc73746f42a9fd6254ba3b72f0047994e5af57677cf6d2c1965984965df10400000001000000100000001b31b0714036cc143691adc43efdec182000000001000000dc050000308205d8308203c0a00302010202104caaf9cadb636fe01ff74ed85b03869d300d06092a864886f70d01010c0500308185310b3009060355040613024742311b30190603550408131247726561746572204d616e636865737465723110300e0603550407130753616c666f7264311a3018060355040a1311434f4d4f444f204341204c696d69746564312b302906035504031322434f4d4f444f205253412043657274696669636174696f6e20417574686f72697479301e170d3130303131393030303030305a170d3338303131383233353935395a308185310b3009060355040613024742311b30190603550408131247726561746572204d616e636865737465723110300e0603550407130753616c666f7264311a3018060355040a1311434f4d4f444f204341204c696d69746564312b302906035504031322434f4d4f444f205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010091e85492d20a56b1ac0d24ddc5cf446774992b37a37d23700071bc53dfc4fa2a128f4b7f1056bd9f7072b7617fc94b0f17a73de3b00461eeff1197c7f4863e0afa3e5cf993e6347ad9146be79cb385a0827a76af7190d7ecfd0dfa9c6cfadfb082f4147ef9bec4a62f4f7f997fb5fc674372bd0c00d689eb6b2cd3ed8f981c14ab7ee5e36efcd8a8e49224da436b62b855fdeac1bc6cb68bf30e8d9ae49b6c6999f878483045d5ade10d3c4560fc32965127bc67c3ca2eb66bea46c7c720a0b11f65de4808baa44ea9f283463784ebe8cc814843674e722a9b5cbd4c1b288a5c227bb4ab98d9eee05183c309464e6d3e99fa9517da7c3357413c8d51ed0bb65caf2c631adf57c83fbce95dc49baf4599e2a35a24b4baa9563dcf6faaff4958bef0a8fff4b8ade937fbbab8f40b3af9e843421e89d884cb13f1d9bbe18960b88c2856ac141d9c0ae771ebcf0edd3da996a148bd3cf7afb50d224cc01181ec563bf6d3a2e25bb7b204225295809369e88e4c65f191032d707402ea8b671529695202bbd7df506a5546bfa0a328617f70d0c3a2aa2c21aa47ce289c064576bf821827b4d5aeb4cb50e66bf44c867130e9a6df1686e0d8ff40ddfbd042887fa3333a2e5c1e41118163ce18716b2beca68ab7315c3a6a47e0c37959d6201aaff26a98aa72bc574ad24b9dbb10fcb04c41e5ed1d3d5e289d9cccbfb351daa747e584530203010001a3423040301d0603551d0e04160414bbaf7e023dfaa6f13c848eadee3898ecd93232d4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff300d06092a864886f70d01010c050003820201000af1d54684b7ae51bb6cb24d411400934c9ccbe5c054cfa0258e02f9fdb0a20df520983c132dac56a2b0d67e1192e92eba9e2e9a72b1bd19446c6135a29ab41612695a8ce1d73ea41ae82f03f4ae611d101b2aa48b7ac5fe05a6e1c0d6c8fe9eae8f2bba3d99f8d8730958466ea69cf4d727d395da3783721cd373e0a2479903385dd5497900291cc7ec9b201c0724695778b239fc3a84a0b59c7c8dbf2e936227b739da1718aebd3c0968ff849b3cd5d60b03e3579e14f7d1eb4fc8bd8723b7b6494379855cbaeb920ba1c6e868a84c16b11a990ae8532c92bba10918750c65a87bcb23b71ac22885c31bffd02b62efa47b099198678c1401cd68066a6321750380888a6e81c685f2a9a42de7f4a524104783cacdf48d7958b1069be71a2ad99d01d7947ded034acaf0dbe8a9013ef55699c91e8e493dbbe509b9e04f49923d168240cccc59c6e63aed122e693c6c95b1fdaa1d7b7f86be1e0e3246fbfb138f757f4c8b4b4663fe00344070c1c3b9a1dda670e204b341bce98091ea649c7ae12203a99c6e6f0e654f6c87875ef36ea0f975a59b40e853b2279d4ab9c077218dff87f2debc8cef17dfb7490bd1f26e300b1a0e4e76ed11fcf5e956b27dbfc76d0a938ca5d0c0b61dbe3a4e94a2d76e6c0bc28a7cfa20f3c4e4e5cd0da8cb9192b17c85ecb51469660e82e7cdcec82da6517f21c1355385064a5d9fadbb1b5f74 | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\02FAF3E291435468607857694DF5E45B68851868 | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\02FAF3E291435468607857694DF5E45B68851868\Blob = 0400000001000000100000001d3554048578b03f42424dbf20730a3f0f000000010000001400000009b9105c5bba24343ca7f341c624e183f6ee7c1b090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00b00000001000000260000005300650063007400690067006f00200028004100640064005400720075007300740029000000620000000100000020000000687fa451382278fff0c8b11f8d43d576671c6eb2bceab413fb83d965d06d2ff2140000000100000014000000adbd987a34b426f7fac42654ef03bde024cb541a1d000000010000001000000006f9583c00a763c23fb9e065a3366d557e0000000100000008000000000063f58926d70168000000010000000800000000409120d035d90103000000010000001400000002faf3e291435468607857694df5e45b6885186819000000010000001000000045ed9bbc5e43d3b9ecd63c060db78e5c20000000010000003a040000308204363082031ea003020102020101300d06092a864886f70d0101050500306f310b300906035504061302534531143012060355040a130b416464547275737420414231263024060355040b131d41646454727573742045787465726e616c20545450204e6574776f726b312230200603550403131941646454727573742045787465726e616c20434120526f6f74301e170d3030303533303130343833385a170d3230303533303130343833385a306f310b300906035504061302534531143012060355040a130b416464547275737420414231263024060355040b131d41646454727573742045787465726e616c20545450204e6574776f726b312230200603550403131941646454727573742045787465726e616c20434120526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100b7f71a33e6f200042d39e04e5bed1fbc6c0fcdb5fa23b6cede9b113397a4294c7d939fbd4abc93ed031ae38fcfe56d505ad69729945a80b0497adb2e95fdb8cabf37382d1e3e9141ad7056c7f04f3fe8329e74cac89054e9c65f0f789d9a403c0eac61aa5e148f9e87a16a50dcd79a4eaf05b3a671949c71b350600ac7139d38078602a8e9a869261890ab4cb04f23ab3a4f84d8dfce9fe1696fbbd742d76b44e4c7adee6d415f725a710837b37965a459a09437f7002f0dc29272dad03872db14a845c45d2a7db7b4d6c4eeaccd1344b7c92bdd430025fa61b9696a582311b7a7338f567559f5cd29d746b70a2b65b6d3426f15b2b87bfbefe95d53d5345a270203010001a381dc3081d9301d0603551d0e04160414adbd987a34b426f7fac42654ef03bde024cb541a300b0603551d0f040403020106300f0603551d130101ff040530030101ff3081990603551d2304819130818e8014adbd987a34b426f7fac42654ef03bde024cb541aa173a471306f310b300906035504061302534531143012060355040a130b416464547275737420414231263024060355040b131d41646454727573742045787465726e616c20545450204e6574776f726b312230200603550403131941646454727573742045787465726e616c20434120526f6f74820101300d06092a864886f70d01010505000382010100b09be08525c2d623e20f9606929d41989cd9847981d91e5b14072336658fb0d877bbac416c47608351b0f9323de7fcf62613c78016a5bf5afc87cf787989219ae24c070a8635bcf2de51c4d296b7dc7e4eee70fd1c39eb0c0251142d8ebd16e0c1df4675e724adecf442b48593701067ba9d06354a18d32b7acc5142a17a63d1e6bba1c52bc236be130de6bd637e797ba7090d40ab6add8f8ac3f6f68c1a420551d445f59fa76221681520433c99e77cbd24d8a9911773883f561b313818b4710f9acdc80e9e8e2e1be18c9883cb1f31f1444cc604734976600fc7f8bd17806b2ee9cc4c0e5a9a790f200a2ed59e63261e559294d882175a7bd0bcc78f4e8604 | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E\Blob = 0f000000010000003000000066b764a96581128168cf208e374dda479d54e311f32457f4aee0dbd2a6c8d171d531289e1cd22bfdbbd4cfd979625483090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0620000000100000020000000e793c9b02fd8aa13e21c31228accb08119643b749c898964b1746d46c3d4cbd21400000001000000140000005379bf5aaa2b4acf5480e1d89bc09df2b20366cb1d0000000100000010000000885010358d29a38f059b028559c95f900b00000001000000100000005300650063007400690067006f0000000300000001000000140000002b8f1b57330dbba2d07a6c51f70ee90ddab9ad8e2000000001000000e2050000308205de308203c6a003020102021001fd6d30fca3ca51a81bbc640e35032d300d06092a864886f70d01010c0500308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f72697479301e170d3130303230313030303030305a170d3338303131383233353935395a308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010080126517360ec3db08b3d0ac570d76edcd27d34cad508361e2aa204d092d6409dcce899fcc3da9ecf6cfc1dcf1d3b1d67b3728112b47da39c6bc3a19b45fa6bd7d9da36342b676f2a93b2b91f8e26fd0ec162090093ee2e874c918b491d46264db7fa306f188186a90223cbcfe13f087147bf6e41f8ed4e451c61167460851cb8614543fbc33fe7e6c9cff169d18bd518e35a6a766c87267db2166b1d49b7803c0503ae8ccf0dcbc9e4cfeaf0596351f575ab7ffcef93db72cb6f654ddc8e7123a4dae4c8ab75c9ab4b7203dca7f2234ae7e3b68660144e7014e46539b3360f794be5337907343f332c353efdbaafe744e69c76b8c6093dec4c70cdfe132aecc933b517895678bee3d56fe0cd0690f1b0ff325266b336df76e47fa7343e57e0ea566b1297c3284635589c40dc19354301913acd37d37a7eb5d3a6c355cdb41d712daa9490bdfd8808a0993628eb566cf2588cd84b8b13fa4390fd9029eeb124c957cf36b05a95e1683ccb867e2e8139dcc5b82d34cb3ed5bffdee573ac233b2d00bf3555740949d849581a7f9236e651920ef3267d1c4d17bcc9ec4326d0bf415f40a94444f499e757879e501f5754a83efd74632fb1506509e658422e431a4cb4f0254759fa041e93d426464a5081b2debe78b7fc6715e1c957841e0f63d6e962bad65f552eea5cc62808042539b80e2ba9f24c971c073f0d52f5edef2f820f0203010001a3423040301d0603551d0e041604145379bf5aaa2b4acf5480e1d89bc09df2b20366cb300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff300d06092a864886f70d01010c050003820201005cd47c0dcff7017d4199650c73c5529fcbf8cf99067f1bda43159f9e0255579614f1523c27879428ed1f3a0137a276fc5350c0849bc66b4eba8c214fa28e556291f36915d8bc88e3c4aa0bfdefa8e94b552a06206d55782919ee5f305c4b241155ff249a6e5e2a2bee0b4d9f7ff70138941495430709fb60a9ee1cab128ca09a5ea7986a596d8b3f08fbc8d145af18156490120f73282ec5e2244efc58ecf0f445fe22b3eb2f8ed2d9456105c1976fa876728f8b8c36afbf0d05ce718de6a66f1f6ca67162c5d8d083720cf16711890c9c134c7234dfbcd571dfaa71dde1b96c8c3c125d65dabd5712b6436bffe5de4d661151cf99aeec17b6e871918cde49fedd3571a21527941ccf61e326bb6fa36725215de6dd1d0b2e681b3b82afec836785d4985174b1b9998089ff7f78195c794a602e9240ae4c372a2cc9c762c80e5df7365bcae0252501b4dd1a079c77003fd0dcd5ec3dd4fabb3fcc85d66f7fa92ddfb902f7f5979ab535dac367b0874aa9289e238eff5c276be1b04ff307ee002ed45987cb524195eaf447d7ee6441557c8d590295dd629dc2b9ee5a287484a59bb790c70c07dff589367432d628c1b0b00be09c4cc31cd6fce369b54746812fa282abd3634470c48dff2d33baad8f7bb57088ae3e19cf4028d8fcc890bb5d9922f552e658c51f883143ee881dd7c68e3c436a1da718de7d3d16f162f9ca90a8fd | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AFE5D244A8D1194230FF479FE2F897BBCD7A8CB4\Blob = 19000000010000001000000082218ffb91733e64136be5719f57c3a1030000000100000014000000afe5d244a8d1194230ff479fe2f897bbcd7a8cb41d0000000100000010000000cb39c3d4272cdf63774e1db810c5a89e140000000100000014000000bbaf7e023dfaa6f13c848eadee3898ecd93232d462000000010000002000000052f0e1c4e58ec629291b60317f074671b85d7ea80d5b07273463534b32b402340b000000010000003a0000005300650063007400690067006f002000280066006f0072006d00650072006c007900200043006f006d006f0064006f002000430041002900000053000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f0000000100000030000000761613f4cd8607508c3d520fbefe68773735fc73746f42a9fd6254ba3b72f0047994e5af57677cf6d2c1965984965df12000000001000000dc050000308205d8308203c0a00302010202104caaf9cadb636fe01ff74ed85b03869d300d06092a864886f70d01010c0500308185310b3009060355040613024742311b30190603550408131247726561746572204d616e636865737465723110300e0603550407130753616c666f7264311a3018060355040a1311434f4d4f444f204341204c696d69746564312b302906035504031322434f4d4f444f205253412043657274696669636174696f6e20417574686f72697479301e170d3130303131393030303030305a170d3338303131383233353935395a308185310b3009060355040613024742311b30190603550408131247726561746572204d616e636865737465723110300e0603550407130753616c666f7264311a3018060355040a1311434f4d4f444f204341204c696d69746564312b302906035504031322434f4d4f444f205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010091e85492d20a56b1ac0d24ddc5cf446774992b37a37d23700071bc53dfc4fa2a128f4b7f1056bd9f7072b7617fc94b0f17a73de3b00461eeff1197c7f4863e0afa3e5cf993e6347ad9146be79cb385a0827a76af7190d7ecfd0dfa9c6cfadfb082f4147ef9bec4a62f4f7f997fb5fc674372bd0c00d689eb6b2cd3ed8f981c14ab7ee5e36efcd8a8e49224da436b62b855fdeac1bc6cb68bf30e8d9ae49b6c6999f878483045d5ade10d3c4560fc32965127bc67c3ca2eb66bea46c7c720a0b11f65de4808baa44ea9f283463784ebe8cc814843674e722a9b5cbd4c1b288a5c227bb4ab98d9eee05183c309464e6d3e99fa9517da7c3357413c8d51ed0bb65caf2c631adf57c83fbce95dc49baf4599e2a35a24b4baa9563dcf6faaff4958bef0a8fff4b8ade937fbbab8f40b3af9e843421e89d884cb13f1d9bbe18960b88c2856ac141d9c0ae771ebcf0edd3da996a148bd3cf7afb50d224cc01181ec563bf6d3a2e25bb7b204225295809369e88e4c65f191032d707402ea8b671529695202bbd7df506a5546bfa0a328617f70d0c3a2aa2c21aa47ce289c064576bf821827b4d5aeb4cb50e66bf44c867130e9a6df1686e0d8ff40ddfbd042887fa3333a2e5c1e41118163ce18716b2beca68ab7315c3a6a47e0c37959d6201aaff26a98aa72bc574ad24b9dbb10fcb04c41e5ed1d3d5e289d9cccbfb351daa747e584530203010001a3423040301d0603551d0e04160414bbaf7e023dfaa6f13c848eadee3898ecd93232d4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff300d06092a864886f70d01010c050003820201000af1d54684b7ae51bb6cb24d411400934c9ccbe5c054cfa0258e02f9fdb0a20df520983c132dac56a2b0d67e1192e92eba9e2e9a72b1bd19446c6135a29ab41612695a8ce1d73ea41ae82f03f4ae611d101b2aa48b7ac5fe05a6e1c0d6c8fe9eae8f2bba3d99f8d8730958466ea69cf4d727d395da3783721cd373e0a2479903385dd5497900291cc7ec9b201c0724695778b239fc3a84a0b59c7c8dbf2e936227b739da1718aebd3c0968ff849b3cd5d60b03e3579e14f7d1eb4fc8bd8723b7b6494379855cbaeb920ba1c6e868a84c16b11a990ae8532c92bba10918750c65a87bcb23b71ac22885c31bffd02b62efa47b099198678c1401cd68066a6321750380888a6e81c685f2a9a42de7f4a524104783cacdf48d7958b1069be71a2ad99d01d7947ded034acaf0dbe8a9013ef55699c91e8e493dbbe509b9e04f49923d168240cccc59c6e63aed122e693c6c95b1fdaa1d7b7f86be1e0e3246fbfb138f757f4c8b4b4663fe00344070c1c3b9a1dda670e204b341bce98091ea649c7ae12203a99c6e6f0e654f6c87875ef36ea0f975a59b40e853b2279d4ab9c077218dff87f2debc8cef17dfb7490bd1f26e300b1a0e4e76ed11fcf5e956b27dbfc76d0a938ca5d0c0b61dbe3a4e94a2d76e6c0bc28a7cfa20f3c4e4e5cd0da8cb9192b17c85ecb51469660e82e7cdcec82da6517f21c1355385064a5d9fadbb1b5f74 | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E\Blob = 0400000001000000100000001bfe69d191b71933a372a80fe155e5b50f000000010000003000000066b764a96581128168cf208e374dda479d54e311f32457f4aee0dbd2a6c8d171d531289e1cd22bfdbbd4cfd979625483090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0620000000100000020000000e793c9b02fd8aa13e21c31228accb08119643b749c898964b1746d46c3d4cbd21400000001000000140000005379bf5aaa2b4acf5480e1d89bc09df2b20366cb1d0000000100000010000000885010358d29a38f059b028559c95f900b00000001000000100000005300650063007400690067006f0000000300000001000000140000002b8f1b57330dbba2d07a6c51f70ee90ddab9ad8e190000000100000010000000ea6089055218053dd01e37e1d806eedf2000000001000000e2050000308205de308203c6a003020102021001fd6d30fca3ca51a81bbc640e35032d300d06092a864886f70d01010c0500308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f72697479301e170d3130303230313030303030305a170d3338303131383233353935395a308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010080126517360ec3db08b3d0ac570d76edcd27d34cad508361e2aa204d092d6409dcce899fcc3da9ecf6cfc1dcf1d3b1d67b3728112b47da39c6bc3a19b45fa6bd7d9da36342b676f2a93b2b91f8e26fd0ec162090093ee2e874c918b491d46264db7fa306f188186a90223cbcfe13f087147bf6e41f8ed4e451c61167460851cb8614543fbc33fe7e6c9cff169d18bd518e35a6a766c87267db2166b1d49b7803c0503ae8ccf0dcbc9e4cfeaf0596351f575ab7ffcef93db72cb6f654ddc8e7123a4dae4c8ab75c9ab4b7203dca7f2234ae7e3b68660144e7014e46539b3360f794be5337907343f332c353efdbaafe744e69c76b8c6093dec4c70cdfe132aecc933b517895678bee3d56fe0cd0690f1b0ff325266b336df76e47fa7343e57e0ea566b1297c3284635589c40dc19354301913acd37d37a7eb5d3a6c355cdb41d712daa9490bdfd8808a0993628eb566cf2588cd84b8b13fa4390fd9029eeb124c957cf36b05a95e1683ccb867e2e8139dcc5b82d34cb3ed5bffdee573ac233b2d00bf3555740949d849581a7f9236e651920ef3267d1c4d17bcc9ec4326d0bf415f40a94444f499e757879e501f5754a83efd74632fb1506509e658422e431a4cb4f0254759fa041e93d426464a5081b2debe78b7fc6715e1c957841e0f63d6e962bad65f552eea5cc62808042539b80e2ba9f24c971c073f0d52f5edef2f820f0203010001a3423040301d0603551d0e041604145379bf5aaa2b4acf5480e1d89bc09df2b20366cb300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff300d06092a864886f70d01010c050003820201005cd47c0dcff7017d4199650c73c5529fcbf8cf99067f1bda43159f9e0255579614f1523c27879428ed1f3a0137a276fc5350c0849bc66b4eba8c214fa28e556291f36915d8bc88e3c4aa0bfdefa8e94b552a06206d55782919ee5f305c4b241155ff249a6e5e2a2bee0b4d9f7ff70138941495430709fb60a9ee1cab128ca09a5ea7986a596d8b3f08fbc8d145af18156490120f73282ec5e2244efc58ecf0f445fe22b3eb2f8ed2d9456105c1976fa876728f8b8c36afbf0d05ce718de6a66f1f6ca67162c5d8d083720cf16711890c9c134c7234dfbcd571dfaa71dde1b96c8c3c125d65dabd5712b6436bffe5de4d661151cf99aeec17b6e871918cde49fedd3571a21527941ccf61e326bb6fa36725215de6dd1d0b2e681b3b82afec836785d4985174b1b9998089ff7f78195c794a602e9240ae4c372a2cc9c762c80e5df7365bcae0252501b4dd1a079c77003fd0dcd5ec3dd4fabb3fcc85d66f7fa92ddfb902f7f5979ab535dac367b0874aa9289e238eff5c276be1b04ff307ee002ed45987cb524195eaf447d7ee6441557c8d590295dd629dc2b9ee5a287484a59bb790c70c07dff589367432d628c1b0b00be09c4cc31cd6fce369b54746812fa282abd3634470c48dff2d33baad8f7bb57088ae3e19cf4028d8fcc890bb5d9922f552e658c51f883143ee881dd7c68e3c436a1da718de7d3d16f162f9ca90a8fd | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AFE5D244A8D1194230FF479FE2F897BBCD7A8CB4\Blob = 0400000001000000100000001b31b0714036cc143691adc43efdec180f0000000100000030000000761613f4cd8607508c3d520fbefe68773735fc73746f42a9fd6254ba3b72f0047994e5af57677cf6d2c1965984965df1090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00b000000010000003a0000005300650063007400690067006f002000280066006f0072006d00650072006c007900200043006f006d006f0064006f002000430041002900000062000000010000002000000052f0e1c4e58ec629291b60317f074671b85d7ea80d5b07273463534b32b40234140000000100000014000000bbaf7e023dfaa6f13c848eadee3898ecd93232d41d0000000100000010000000cb39c3d4272cdf63774e1db810c5a89e030000000100000014000000afe5d244a8d1194230ff479fe2f897bbcd7a8cb419000000010000001000000082218ffb91733e64136be5719f57c3a12000000001000000dc050000308205d8308203c0a00302010202104caaf9cadb636fe01ff74ed85b03869d300d06092a864886f70d01010c0500308185310b3009060355040613024742311b30190603550408131247726561746572204d616e636865737465723110300e0603550407130753616c666f7264311a3018060355040a1311434f4d4f444f204341204c696d69746564312b302906035504031322434f4d4f444f205253412043657274696669636174696f6e20417574686f72697479301e170d3130303131393030303030305a170d3338303131383233353935395a308185310b3009060355040613024742311b30190603550408131247726561746572204d616e636865737465723110300e0603550407130753616c666f7264311a3018060355040a1311434f4d4f444f204341204c696d69746564312b302906035504031322434f4d4f444f205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010091e85492d20a56b1ac0d24ddc5cf446774992b37a37d23700071bc53dfc4fa2a128f4b7f1056bd9f7072b7617fc94b0f17a73de3b00461eeff1197c7f4863e0afa3e5cf993e6347ad9146be79cb385a0827a76af7190d7ecfd0dfa9c6cfadfb082f4147ef9bec4a62f4f7f997fb5fc674372bd0c00d689eb6b2cd3ed8f981c14ab7ee5e36efcd8a8e49224da436b62b855fdeac1bc6cb68bf30e8d9ae49b6c6999f878483045d5ade10d3c4560fc32965127bc67c3ca2eb66bea46c7c720a0b11f65de4808baa44ea9f283463784ebe8cc814843674e722a9b5cbd4c1b288a5c227bb4ab98d9eee05183c309464e6d3e99fa9517da7c3357413c8d51ed0bb65caf2c631adf57c83fbce95dc49baf4599e2a35a24b4baa9563dcf6faaff4958bef0a8fff4b8ade937fbbab8f40b3af9e843421e89d884cb13f1d9bbe18960b88c2856ac141d9c0ae771ebcf0edd3da996a148bd3cf7afb50d224cc01181ec563bf6d3a2e25bb7b204225295809369e88e4c65f191032d707402ea8b671529695202bbd7df506a5546bfa0a328617f70d0c3a2aa2c21aa47ce289c064576bf821827b4d5aeb4cb50e66bf44c867130e9a6df1686e0d8ff40ddfbd042887fa3333a2e5c1e41118163ce18716b2beca68ab7315c3a6a47e0c37959d6201aaff26a98aa72bc574ad24b9dbb10fcb04c41e5ed1d3d5e289d9cccbfb351daa747e584530203010001a3423040301d0603551d0e04160414bbaf7e023dfaa6f13c848eadee3898ecd93232d4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff300d06092a864886f70d01010c050003820201000af1d54684b7ae51bb6cb24d411400934c9ccbe5c054cfa0258e02f9fdb0a20df520983c132dac56a2b0d67e1192e92eba9e2e9a72b1bd19446c6135a29ab41612695a8ce1d73ea41ae82f03f4ae611d101b2aa48b7ac5fe05a6e1c0d6c8fe9eae8f2bba3d99f8d8730958466ea69cf4d727d395da3783721cd373e0a2479903385dd5497900291cc7ec9b201c0724695778b239fc3a84a0b59c7c8dbf2e936227b739da1718aebd3c0968ff849b3cd5d60b03e3579e14f7d1eb4fc8bd8723b7b6494379855cbaeb920ba1c6e868a84c16b11a990ae8532c92bba10918750c65a87bcb23b71ac22885c31bffd02b62efa47b099198678c1401cd68066a6321750380888a6e81c685f2a9a42de7f4a524104783cacdf48d7958b1069be71a2ad99d01d7947ded034acaf0dbe8a9013ef55699c91e8e493dbbe509b9e04f49923d168240cccc59c6e63aed122e693c6c95b1fdaa1d7b7f86be1e0e3246fbfb138f757f4c8b4b4663fe00344070c1c3b9a1dda670e204b341bce98091ea649c7ae12203a99c6e6f0e654f6c87875ef36ea0f975a59b40e853b2279d4ab9c077218dff87f2debc8cef17dfb7490bd1f26e300b1a0e4e76ed11fcf5e956b27dbfc76d0a938ca5d0c0b61dbe3a4e94a2d76e6c0bc28a7cfa20f3c4e4e5cd0da8cb9192b17c85ecb51469660e82e7cdcec82da6517f21c1355385064a5d9fadbb1b5f74 | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\02FAF3E291435468607857694DF5E45B68851868\Blob = 5c00000001000000040000000008000019000000010000001000000045ed9bbc5e43d3b9ecd63c060db78e5c03000000010000001400000002faf3e291435468607857694df5e45b6885186868000000010000000800000000409120d035d9017e0000000100000008000000000063f58926d7011d000000010000001000000006f9583c00a763c23fb9e065a3366d55140000000100000014000000adbd987a34b426f7fac42654ef03bde024cb541a620000000100000020000000687fa451382278fff0c8b11f8d43d576671c6eb2bceab413fb83d965d06d2ff20b00000001000000260000005300650063007400690067006f0020002800410064006400540072007500730074002900000053000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f000000010000001400000009b9105c5bba24343ca7f341c624e183f6ee7c1b0400000001000000100000001d3554048578b03f42424dbf20730a3f20000000010000003a040000308204363082031ea003020102020101300d06092a864886f70d0101050500306f310b300906035504061302534531143012060355040a130b416464547275737420414231263024060355040b131d41646454727573742045787465726e616c20545450204e6574776f726b312230200603550403131941646454727573742045787465726e616c20434120526f6f74301e170d3030303533303130343833385a170d3230303533303130343833385a306f310b300906035504061302534531143012060355040a130b416464547275737420414231263024060355040b131d41646454727573742045787465726e616c20545450204e6574776f726b312230200603550403131941646454727573742045787465726e616c20434120526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100b7f71a33e6f200042d39e04e5bed1fbc6c0fcdb5fa23b6cede9b113397a4294c7d939fbd4abc93ed031ae38fcfe56d505ad69729945a80b0497adb2e95fdb8cabf37382d1e3e9141ad7056c7f04f3fe8329e74cac89054e9c65f0f789d9a403c0eac61aa5e148f9e87a16a50dcd79a4eaf05b3a671949c71b350600ac7139d38078602a8e9a869261890ab4cb04f23ab3a4f84d8dfce9fe1696fbbd742d76b44e4c7adee6d415f725a710837b37965a459a09437f7002f0dc29272dad03872db14a845c45d2a7db7b4d6c4eeaccd1344b7c92bdd430025fa61b9696a582311b7a7338f567559f5cd29d746b70a2b65b6d3426f15b2b87bfbefe95d53d5345a270203010001a381dc3081d9301d0603551d0e04160414adbd987a34b426f7fac42654ef03bde024cb541a300b0603551d0f040403020106300f0603551d130101ff040530030101ff3081990603551d2304819130818e8014adbd987a34b426f7fac42654ef03bde024cb541aa173a471306f310b300906035504061302534531143012060355040a130b416464547275737420414231263024060355040b131d41646454727573742045787465726e616c20545450204e6574776f726b312230200603550403131941646454727573742045787465726e616c20434120526f6f74820101300d06092a864886f70d01010505000382010100b09be08525c2d623e20f9606929d41989cd9847981d91e5b14072336658fb0d877bbac416c47608351b0f9323de7fcf62613c78016a5bf5afc87cf787989219ae24c070a8635bcf2de51c4d296b7dc7e4eee70fd1c39eb0c0251142d8ebd16e0c1df4675e724adecf442b48593701067ba9d06354a18d32b7acc5142a17a63d1e6bba1c52bc236be130de6bd637e797ba7090d40ab6add8f8ac3f6f68c1a420551d445f59fa76221681520433c99e77cbd24d8a9911773883f561b313818b4710f9acdc80e9e8e2e1be18c9883cb1f31f1444cc604734976600fc7f8bd17806b2ee9cc4c0e5a9a790f200a2ed59e63261e559294d882175a7bd0bcc78f4e8604 | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeTcbPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\cav_installer.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 4836 wrote to memory of 1372 | N/A | C:\Users\Admin\AppData\Local\Temp\cav_installer.exe | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe |
| PID 4836 wrote to memory of 1372 | N/A | C:\Users\Admin\AppData\Local\Temp\cav_installer.exe | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe |
| PID 4836 wrote to memory of 1372 | N/A | C:\Users\Admin\AppData\Local\Temp\cav_installer.exe | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe |
Processes
C:\Users\Admin\AppData\Local\Temp\cav_installer.exe
"C:\Users\Admin\AppData\Local\Temp\cav_installer.exe"
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe
"C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe" -log -setupname "cav_installer.exe" -sfx "C:\Users\Admin\AppData\Local\Temp" -theme lycia -type web -mode cavfree
Network
| Country | Destination | Domain | Proto |
| US | 162.255.25.209:443 | download.comodo.com | tcp |
| US | 8.8.8.8:53 | 233.38.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.149.64.172.in-addr.arpa | udp |
| FR | 185.93.2.251:443 | cdn.download.comodo.com | tcp |
| US | 162.255.25.209:443 | download.comodo.com | tcp |
| US | 162.255.25.209:443 | download.comodo.com | tcp |
| US | 162.255.25.209:443 | download.comodo.com | tcp |
| FR | 185.93.2.251:443 | cdn.download.comodo.com | tcp |
| US | 69.57.168.134:443 | download.adtrustmedia.com | tcp |
| US | 162.255.25.209:443 | download.comodo.com | tcp |
| US | 162.255.25.209:443 | download.comodo.com | tcp |
| FR | 143.244.56.50:443 | cdn.download.comodo.com | tcp |
| US | 162.255.25.209:443 | download.comodo.com | tcp |
| FR | 143.244.56.50:443 | cdn.download.comodo.com | tcp |
| US | 162.255.25.209:443 | download.comodo.com | tcp |
| FR | 143.244.56.50:443 | cdn.download.comodo.com | tcp |
| US | 162.255.25.209:443 | download.comodo.com | tcp |
| FR | 143.244.56.50:443 | cdn.download.comodo.com | tcp |
| US | 162.255.25.209:443 | download.comodo.com | tcp |
| FR | 143.244.56.50:443 | cdn.download.comodo.com | tcp |
| US | 162.255.25.209:443 | download.comodo.com | tcp |
| FR | 143.244.56.50:443 | cdn.download.comodo.com | tcp |
| US | 162.255.25.209:443 | download.comodo.com | tcp |
| FR | 143.244.56.50:443 | cdn.download.comodo.com | tcp |
| US | 162.255.25.209:443 | download.comodo.com | tcp |
| FR | 143.244.56.50:443 | cdn.download.comodo.com | tcp |
| US | 162.255.25.209:443 | download.comodo.com | tcp |
| FR | 143.244.56.50:443 | cdn.download.comodo.com | tcp |
| US | 69.57.168.134:443 | download.adtrustmedia.com | tcp |
| US | 162.255.25.209:443 | download.comodo.com | tcp |
| US | 162.255.25.209:443 | download.comodo.com | tcp |
| FR | 185.93.2.244:443 | cdn.download.comodo.com | tcp |
| US | 162.255.25.209:443 | download.comodo.com | tcp |
| FR | 185.93.2.244:443 | cdn.download.comodo.com | tcp |
| US | 162.255.25.209:443 | download.comodo.com | tcp |
| FR | 185.93.2.244:443 | cdn.download.comodo.com | tcp |
| US | 162.255.25.209:443 | download.comodo.com | tcp |
| FR | 185.93.2.244:443 | cdn.download.comodo.com | tcp |
| US | 162.255.25.209:443 | download.comodo.com | tcp |
| FR | 185.93.2.244:443 | cdn.download.comodo.com | tcp |
| US | 8.8.8.8:53 | licensing.security.comodo.com | udp |
| GB | 178.255.85.135:443 | cmc.comodo.com | tcp |
| US | 45.32.1.220:443 | licensing.security.comodo.com | tcp |
| US | 45.32.1.220:443 | licensing.security.comodo.com | tcp |
| US | 45.32.1.220:443 | licensing.security.comodo.com | tcp |
| GB | 178.255.85.135:443 | cmc.comodo.com | tcp |
| US | 209.127.178.107:443 | cis.td.security.comodo.com | tcp |
| US | 209.127.178.102:443 | cis.td.security.comodo.com | tcp |
| US | 209.127.178.76:443 | cis.td.security.comodo.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe
| MD5 | 74cf93a3d559a630911fc94568b99e1e |
| SHA1 | a5f164154e164174c715e493f440b1935ec53af8 |
| SHA256 | fe82eb2103b177370e742aee40a2b840805516ff23867f6b9bd3655a401eb50b |
| SHA512 | c000d512e270d7f89058fe52a3ecfac6f60462eed21b134ebb57640cc6425e7ece9b6ce683acc666d8358875c8d621497a8e3eb95b4ad72311efb9d12c03100a |
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdhtml.dll
| MD5 | 6d9aa26bb18af69dc74ae8e822eb53dd |
| SHA1 | 6ef20da9b9e70afa742f047f1c6f9d3e58290450 |
| SHA256 | cf140523b8834de1c37efa29b02adcdc88babc0f8ee90ba93dd98c260d7036c3 |
| SHA512 | 3a9e8f15d207e98bb182f8d1838e93dba9750e6cfc79b72aab0706f969866447e50b3ab28bc1768a7cac7e7733cde80085cabcefefae0d287f08374578935c36 |
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\7za.dll
| MD5 | 7baac18fb157c76574ca3d7a2f5eb193 |
| SHA1 | 6460577ce621fa28133096073376f6a88f8acd61 |
| SHA256 | 347144ae998d96c6b8664abf56f3ff8cfa4dcdfd6e13205d7e8ee2f3b77eefc2 |
| SHA512 | 513cc213da81db470f8675c29162f4b724bb92a690edd451025eb68588971eebb937f88cc5a659222f2bbbd99440aa56800bf4167bb8912ea87a0b2648b002ea |
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\themes\ilycia.set
| MD5 | 7b85f91536c8342ac64d3edece2af7fe |
| SHA1 | 1e28c62364f606f03078e985222a2e3400a483c6 |
| SHA256 | 918e7aad857776a895ecdf850665c355026882bcf1e0eba279ff4f7aa4b6bbae |
| SHA512 | 42cbaca95018eba8b05d3d586dbe8537ec1130af9edd813c4e7affef88c804a4ae65d9a446a95326508cd21da03a7e6a7969f6de5a68e69ce86c827f4308ac5a |
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdres.dll
| MD5 | a4b3e07a9d407bca7a0ed76ea7c4945f |
| SHA1 | af16d87110e2f9e64d5c35a6d522151b69377bbc |
| SHA256 | b115a17e7500dbc34cce1f8e84a59f072a26ad49be5dcde6ac5908e4d2ad3555 |
| SHA512 | 77c6ba298f5bd4c04192660d365d2a45ecb23fa441818735bd01050677037e1976670dcb457b6684343fbccb02a6fcfd98f22ae9f2de263057157917ee28d981 |
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\installer_langdata.bin
| MD5 | b80eda6258e28b537651f8e5ebd997ff |
| SHA1 | 826741e138e8342f4bc3303838e347a44bb93546 |
| SHA256 | 6e960dfed451c2dfb99352d25d3df8dd46fe7d80c9af79805c0cfbd1a99a2709 |
| SHA512 | 9fce1cb5fe8b6a2bc4d13c1ca3ec31c926c6dd33717f145da6952ae33144eb11a6ee9e751e1d3e2d5d6ce7768e9f9602773a917d9f5f8473670e6d631b932b74 |
C:\ProgramData\Comodo Downloader\cis\download\installs\8050\installer_data\binaries\files_info.dat
| MD5 | f42c56a1f750bdf43155a2aee0f1407c |
| SHA1 | 0929dd9594fccffe5e7e43ea33a5eb6467afab0b |
| SHA256 | 86e8a71d1327fe5f26901c8a7d10bac322dce1ff621e1339db9c7b6ab905244c |
| SHA512 | 31dc56d6455391a0075ab59d438335c9d38da43e1ef974bcdf14be059d63d48f8a8f7a1f6cd9eb5e790519a3824f59387abafef48417bbeb74e34b526646b8d9 |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-01 07:08
Reported
2024-06-01 07:11
Platform
win7-20231129-en
Max time kernel
149s
Max time network
124s
Command Line
Signatures
Drops file in Drivers directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\system32\DRIVERS\SET6539.tmp | C:\Windows\system32\MsiExec.exe | N/A |
| File created | C:\Windows\system32\DRIVERS\SET6539.tmp | C:\Windows\system32\MsiExec.exe | N/A |
| File opened for modification | C:\Windows\system32\DRIVERS\SET653A.tmp | C:\Windows\system32\MsiExec.exe | N/A |
| File created | C:\Windows\system32\DRIVERS\SET653A.tmp | C:\Windows\system32\MsiExec.exe | N/A |
| File created | C:\Windows\system32\Drivers\cmderd.sys | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\system32\Drivers\cmdGuard.sys | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\system32\Drivers\inspect.sys | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\system32\DRIVERS\cmdguard.sys | C:\Windows\system32\MsiExec.exe | N/A |
| File created | C:\Windows\system32\Drivers\cmdhlp.sys | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\system32\DRIVERS\cmderd.sys | C:\Windows\system32\MsiExec.exe | N/A |
Manipulates Digital Signatures
| Description | Indicator | Process | Target |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\D70D7D00CA12E1B3E20F3BF7534DEB2C2E7C2404\Blob = 030000000100000014000000d70d7d00ca12e1b3e20f3bf7534deb2c2e7c24042000000001000000530500003082054f30820437a00302010202102f9f0a1d6764b5a6378747247087ba73300d06092a864886f70d01010b0500307d310b3009060355040613024742311b30190603550408131247726561746572204d616e636865737465723110300e0603550407130753616c666f7264311a3018060355040a1311434f4d4f444f204341204c696d69746564312330210603550403131a434f4d4f444f2052534120436f6465205369676e696e67204341301e170d3138313231313030303030305a170d3139313231313233353935395a3081b8310b3009060355040613025553310e300c06035504110c0530373031333113301106035504080c0a4e6577204a65727365793110300e06035504070c07436c6966746f6e3112301006035504090c095375697465203130303116301406035504090c0d313235352042726f616420537431223020060355040a0c19436f6d6f646f20536563757269747920536f6c7574696f6e733122302006035504030c19436f6d6f646f20536563757269747920536f6c7574696f6e7330820122300d06092a864886f70d01010105000382010f003082010a0282010100c1b2eafc6255d7a7780082967ba911a65b8160e697a9c81ae0816002356644b714895808a67b22551d87b879e80d0c1bff7bd847e1486bad3c3caa8c6f3258a7311f8b03c68c9ec5947950e57a1f99f4b47b8faaf46e282f68155ae6e8f13c9c125b5eb83ae4e63ee6081d0e8aae4f090175a538422b38e0600bd94b21b313567934ee959ddd6ab7ef62bce25dada05d7de6a75cefeffdcba6a1fc8e1ef7aa6d3e5ab328732c3d31759a20d7e69cef60ac9d152041dbd85167a78329f3a80fee19ea9edb102448aa9f5774794ecb560de2faa348f278b846a2a5d8238d5e4e4cd2a82f0e37415af2dc63f34f3e179aa1cae7290b411aaf5aa6acf5404ebe98130203010001a382018d30820189301f0603551d23041830168014299160ff8a4dfaebf9a66ab8cff9e64bbd49ce12301d0603551d0e041604146c5f99825f4ba8d4c19bae5169bab32fae7816ca300e0603551d0f0101ff040403020780300c0603551d130101ff0402300030130603551d25040c300a06082b06010505070303301106096086480186f842010104040302041030460603551d20043f303d303b060c2b06010401b2310102010302302b302906082b06010505070201161d68747470733a2f2f7365637572652e636f6d6f646f2e6e65742f43505330430603551d1f043c303a3038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f434f4d4f444f525341436f64655369676e696e6743412e63726c307406082b0601050507010104683066303e06082b060105050730028632687474703a2f2f6372742e636f6d6f646f63612e636f6d2f434f4d4f444f525341436f64655369676e696e6743412e637274302406082b060105050730018618687474703a2f2f6f6373702e636f6d6f646f63612e636f6d300d06092a864886f70d01010b050003820101000f718c2aa40e9c44a95e1eca3844097ddb7fba896b5f5c73a6b9aede1d29f0e432f41c8a45ce38b1f52df73f45e67907a03ac58d407b3077b1cae246a54544ee365bcee4bf0f4cecc47b01e98d0478d8f4c93e2c582aa472577de9c67a0a8c2e37635e626258675e0e6669babee331594abed516679e8f1b14d7a65dc1b76ab33412689b135cf855335748e2d1998759e5b95f68d418d5486d385d0db7a8fa30e58e84f57bb7ec3f45efa549fab71775c822ec846545b6fc0ef1d3c2dad34940657088fc5f773a1cbe24f9228f9dd7e9611d5d682998c6041ba580a789f5571da01d6723784bbcec4fded61d0ba31e37fbc10c3dfe06169df4670c8d454019f7 | C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\31D019FC7AB697D57D9C4AFB340ED7C4D10400DF\Blob = 03000000010000001400000031d019fc7ab697d57d9c4afb340ed7c4d10400df2000000001000000250600003082062130820509a00302010202101b427b060e2866bfb586cc267e1c3eaa300d06092a864886f70d01010b0500308191310b3009060355040613024742311b30190603550408131247726561746572204d616e636865737465723110300e0603550407130753616c666f7264311a3018060355040a1311434f4d4f444f204341204c696d69746564313730350603550403132e434f4d4f444f2052534120457874656e6465642056616c69646174696f6e20436f6465205369676e696e67204341301e170d3138313230343030303030305a170d3231313230333233353935395a308201093110300e060355040513073339313038303531133011060b2b0601040182373c0201031302555331193017060b2b0601040182373c020102130844656c6177617265311d301b060355040f131450726976617465204f7267616e697a6174696f6e310b3009060355040613025553310e300c06035504110c053037303133310b300906035504080c024e4a3110300e06035504070c07436c6966746f6e3116301406035504090c0d313235352042726f616420537431283026060355040a0c1f436f6d6f646f20536563757269747920536f6c7574696f6e732c20496e632e3128302606035504030c1f436f6d6f646f20536563757269747920536f6c7574696f6e732c20496e632e30820122300d06092a864886f70d01010105000382010f003082010a0282010100ad390c8bc919005d5894a91a9585ef887fbd7c2341ff5ebb3efc6f645a66c55e6da11febce740e53ed9416284dfc7d142e4dc21f99753b5f60ae9aadc764b59efd9ffd33b20ae1c54eba629408a1b095a59cf4af0ad9db9bc494250154dcd0edefcec62e4b248d9a793b703aa15255baf3553fa59d4dc558ba4303af630bb626cd6627e0c4a45764ec3b286c38ab2499f9dc13eefdffa7841297ff533b47061b9aa3ff09ee3f04a7b10ba70894e53f3352b1f60eddfc021a66546e3392795bb6ae49a92f189ec2a7cdd9a935fab33a5ce7fc16c4b7e8ca13b4551d38a6a7c0658298a5adf5f6796675f58e1bb4ce410ff704bc5e845bc1ef83c18a0d50e137370203010001a38201f8308201f4301f0603551d23041830168014df8ff3200ce9caa604d85b58372a3dab46dc8349301d0603551d0e041604142d99b81962209042dc650eb36ec07ad996e48c4d300e0603551d0f0101ff040403020780300c0603551d130101ff0402300030130603551d25040c300a06082b06010505070303301106096086480186f842010104040302041030460603551d20043f303d303b060c2b06010401b2310102010601302b302906082b06010505070201161d68747470733a2f2f7365637572652e636f6d6f646f2e636f6d2f43505330550603551d1f044e304c304aa048a0468644687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f434f4d4f444f525341457874656e64656456616c69646174696f6e436f64655369676e696e6743412e63726c30818606082b06010505070101047a3078305006082b060105050730028644687474703a2f2f6372742e636f6d6f646f63612e636f6d2f434f4d4f444f525341457874656e64656456616c69646174696f6e436f64655369676e696e6743412e637274302406082b060105050730018618687474703a2f2f6f6373702e636f6d6f646f63612e636f6d30440603551d11043d303ba02306082b06010505070803a01730150c1355532d44454c41574152452d33393130383035811473636f742e7765697240636f6d6f646f2e636f6d300d06092a864886f70d01010b050003820101007f4d3e6594a3e380fac36b00e97ccacce4786be2ecc13cf37e737aaca0328bb8bfdcd513daff94aba1c7ee00cc8a3bd073157a812f6e31f772781d0bb922a8b86932b296c2312cdf3b239c42bb443b4b1b89b36de34a7fae65ac63eb6ead8812f8d373fa6f1a4e8d9e62eb004caae3639e41e08ed48d640b04725b09b4411dc083587e7fe24b33d90677677960efa6299cc85c4b2bfae4cdfe36581d25e029f6af1a7e77f502882d87597f3cc5bb450a71f9fd57f43b321baa4cbe5213a48a2c5b785a9de4103d5029e4db79403e98784e51379d45a86996b183469e98470731d1a603eaa443a05527aca62f51631722dc0dfe5d74c8298d2aed885d34c9be61 | C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\E35E6F46A1A9A4D18A4DAA298BDA4D1E8879236E\Blob = 030000000100000014000000e35e6f46a1a9a4d18a4daa298bda4d1e8879236e20000000010000005f0500003082055b30820443a003020102021100d9218e2757ec45d84ec08b3e6700c85e300d06092a864886f70d0101050500307b310b3009060355040613024742311b30190603550408131247726561746572204d616e636865737465723110300e0603550407130753616c666f7264311a3018060355040a1311434f4d4f444f204341204c696d697465643121301f06035504031318434f4d4f444f20436f6465205369676e696e672043412032301e170d3138313231313030303030305a170d3139303730373233353935395a3081a8310b3009060355040613025553310e300c06035504110c053037303133310b300906035504080c024e4a3110300e06035504070c07436c6966746f6e3116301406035504090c0d313235352042726f616420537431283026060355040a0c1f436f6d6f646f20536563757269747920536f6c7574696f6e732c20496e632e3128302606035504030c1f436f6d6f646f20536563757269747920536f6c7574696f6e732c20496e632e30820122300d06092a864886f70d01010105000382010f003082010a0282010100b73a668ff7984c8d990d7c6e51df5176c7842cc1bf351c27286c6139f4831fc718a35b0fa9145f0887de8bce335e8e3e12fce763cab5deeae08e0bf325cd79a4fbb328d7c7f7d53de51bd3c05c5966b634a9b1fc4362afd0267f927dd90a52b6a5f5f0e29c8e94dfe4199b2cf31142bb480e95ecb92b6ca20ecd71ff210df9655e9e9ac856ad7aab929b843052d4a21c27ea4054a9f4e8c4cd88943b1a4d3a58b3e06eb654c6c09cef472d6fb0d05a841ce229b53a5d36bd08cbfdc552f7c758efaa7824c1d27e30a83d7a9cecaab4bd91b2cbd60d1335fc4ac0f0294dd2eeb3f65139467761f091840246ff644edbfacb9ffd7ef2823fd9eea312dd299a39af0203010001a38201aa308201a6301f0603551d230418301680141ec5b12c7d87da02687c25bc0c07843fb6cfdef1301d0603551d0e041604147c4f2b645af103043ca7675e8c129c16dee7164c300e0603551d0f0101ff040403020780300c0603551d130101ff0402300030130603551d25040c300a06082b06010505070303301106096086480186f842010104040302041030460603551d20043f303d303b060c2b06010401b2310102010302302b302906082b06010505070201161d68747470733a2f2f7365637572652e636f6d6f646f2e6e65742f43505330410603551d1f043a30383036a034a0328630687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f434f4d4f444f436f64655369676e696e674341322e63726c307206082b0601050507010104663064303c06082b060105050730028630687474703a2f2f6372742e636f6d6f646f63612e636f6d2f434f4d4f444f436f64655369676e696e674341322e637274302406082b060105050730018618687474703a2f2f6f6373702e636f6d6f646f63612e636f6d301f0603551d1104183016811473636f742e7765697240636f6d6f646f2e636f6d300d06092a864886f70d01010505000382010100b33c0fee4668b9e86cd777fa94eb47dcaee7fb5b9b897b9458b12e511a194b6ad495ea4b6b820d1c7cd26badf92cfc13aaa9e66157a55545c7ea71460a4fa4e30e46b9ac16a36e94a1fcbc62b2abe402d2a58773344c4b23a0d907a9760029595421e478da67167f80876012443cd22573dc3806cdedbc6c8c4ed255bd926cecc7796ec36fb225d084f31afb5e5a2e86d26149212dda8aed2058ef0d7e7e677b463a7722431a0b5c0b9dc385b7d2e73bd781ee111c8f7e36d76e1db1f6ac98784227ed97cde3762d079741984d146a8ff96e411c1b1e4e711cd00a6150532ffaa13702a81f4514eae48ca0b98d8642a6cfe7711dc67d1b857bfecb4e863bc1f9 | C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\E35E6F46A1A9A4D18A4DAA298BDA4D1E8879236E\Blob = 0f0000000100000014000000e3b244cda88b1ab5a7dc09039d0c3142ae6361e7030000000100000014000000e35e6f46a1a9a4d18a4daa298bda4d1e8879236e20000000010000005f0500003082055b30820443a003020102021100d9218e2757ec45d84ec08b3e6700c85e300d06092a864886f70d0101050500307b310b3009060355040613024742311b30190603550408131247726561746572204d616e636865737465723110300e0603550407130753616c666f7264311a3018060355040a1311434f4d4f444f204341204c696d697465643121301f06035504031318434f4d4f444f20436f6465205369676e696e672043412032301e170d3138313231313030303030305a170d3139303730373233353935395a3081a8310b3009060355040613025553310e300c06035504110c053037303133310b300906035504080c024e4a3110300e06035504070c07436c6966746f6e3116301406035504090c0d313235352042726f616420537431283026060355040a0c1f436f6d6f646f20536563757269747920536f6c7574696f6e732c20496e632e3128302606035504030c1f436f6d6f646f20536563757269747920536f6c7574696f6e732c20496e632e30820122300d06092a864886f70d01010105000382010f003082010a0282010100b73a668ff7984c8d990d7c6e51df5176c7842cc1bf351c27286c6139f4831fc718a35b0fa9145f0887de8bce335e8e3e12fce763cab5deeae08e0bf325cd79a4fbb328d7c7f7d53de51bd3c05c5966b634a9b1fc4362afd0267f927dd90a52b6a5f5f0e29c8e94dfe4199b2cf31142bb480e95ecb92b6ca20ecd71ff210df9655e9e9ac856ad7aab929b843052d4a21c27ea4054a9f4e8c4cd88943b1a4d3a58b3e06eb654c6c09cef472d6fb0d05a841ce229b53a5d36bd08cbfdc552f7c758efaa7824c1d27e30a83d7a9cecaab4bd91b2cbd60d1335fc4ac0f0294dd2eeb3f65139467761f091840246ff644edbfacb9ffd7ef2823fd9eea312dd299a39af0203010001a38201aa308201a6301f0603551d230418301680141ec5b12c7d87da02687c25bc0c07843fb6cfdef1301d0603551d0e041604147c4f2b645af103043ca7675e8c129c16dee7164c300e0603551d0f0101ff040403020780300c0603551d130101ff0402300030130603551d25040c300a06082b06010505070303301106096086480186f842010104040302041030460603551d20043f303d303b060c2b06010401b2310102010302302b302906082b06010505070201161d68747470733a2f2f7365637572652e636f6d6f646f2e6e65742f43505330410603551d1f043a30383036a034a0328630687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f434f4d4f444f436f64655369676e696e674341322e63726c307206082b0601050507010104663064303c06082b060105050730028630687474703a2f2f6372742e636f6d6f646f63612e636f6d2f434f4d4f444f436f64655369676e696e674341322e637274302406082b060105050730018618687474703a2f2f6f6373702e636f6d6f646f63612e636f6d301f0603551d1104183016811473636f742e7765697240636f6d6f646f2e636f6d300d06092a864886f70d01010505000382010100b33c0fee4668b9e86cd777fa94eb47dcaee7fb5b9b897b9458b12e511a194b6ad495ea4b6b820d1c7cd26badf92cfc13aaa9e66157a55545c7ea71460a4fa4e30e46b9ac16a36e94a1fcbc62b2abe402d2a58773344c4b23a0d907a9760029595421e478da67167f80876012443cd22573dc3806cdedbc6c8c4ed255bd926cecc7796ec36fb225d084f31afb5e5a2e86d26149212dda8aed2058ef0d7e7e677b463a7722431a0b5c0b9dc385b7d2e73bd781ee111c8f7e36d76e1db1f6ac98784227ed97cde3762d079741984d146a8ff96e411c1b1e4e711cd00a6150532ffaa13702a81f4514eae48ca0b98d8642a6cfe7711dc67d1b857bfecb4e863bc1f9 | C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\D70D7D00CA12E1B3E20F3BF7534DEB2C2E7C2404\Blob = 0f00000001000000200000008f4390d93853f6a1a1b71fdc231e030586f8213a5846c95d90b527f5c6dbd80f030000000100000014000000d70d7d00ca12e1b3e20f3bf7534deb2c2e7c24042000000001000000530500003082054f30820437a00302010202102f9f0a1d6764b5a6378747247087ba73300d06092a864886f70d01010b0500307d310b3009060355040613024742311b30190603550408131247726561746572204d616e636865737465723110300e0603550407130753616c666f7264311a3018060355040a1311434f4d4f444f204341204c696d69746564312330210603550403131a434f4d4f444f2052534120436f6465205369676e696e67204341301e170d3138313231313030303030305a170d3139313231313233353935395a3081b8310b3009060355040613025553310e300c06035504110c0530373031333113301106035504080c0a4e6577204a65727365793110300e06035504070c07436c6966746f6e3112301006035504090c095375697465203130303116301406035504090c0d313235352042726f616420537431223020060355040a0c19436f6d6f646f20536563757269747920536f6c7574696f6e733122302006035504030c19436f6d6f646f20536563757269747920536f6c7574696f6e7330820122300d06092a864886f70d01010105000382010f003082010a0282010100c1b2eafc6255d7a7780082967ba911a65b8160e697a9c81ae0816002356644b714895808a67b22551d87b879e80d0c1bff7bd847e1486bad3c3caa8c6f3258a7311f8b03c68c9ec5947950e57a1f99f4b47b8faaf46e282f68155ae6e8f13c9c125b5eb83ae4e63ee6081d0e8aae4f090175a538422b38e0600bd94b21b313567934ee959ddd6ab7ef62bce25dada05d7de6a75cefeffdcba6a1fc8e1ef7aa6d3e5ab328732c3d31759a20d7e69cef60ac9d152041dbd85167a78329f3a80fee19ea9edb102448aa9f5774794ecb560de2faa348f278b846a2a5d8238d5e4e4cd2a82f0e37415af2dc63f34f3e179aa1cae7290b411aaf5aa6acf5404ebe98130203010001a382018d30820189301f0603551d23041830168014299160ff8a4dfaebf9a66ab8cff9e64bbd49ce12301d0603551d0e041604146c5f99825f4ba8d4c19bae5169bab32fae7816ca300e0603551d0f0101ff040403020780300c0603551d130101ff0402300030130603551d25040c300a06082b06010505070303301106096086480186f842010104040302041030460603551d20043f303d303b060c2b06010401b2310102010302302b302906082b06010505070201161d68747470733a2f2f7365637572652e636f6d6f646f2e6e65742f43505330430603551d1f043c303a3038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f434f4d4f444f525341436f64655369676e696e6743412e63726c307406082b0601050507010104683066303e06082b060105050730028632687474703a2f2f6372742e636f6d6f646f63612e636f6d2f434f4d4f444f525341436f64655369676e696e6743412e637274302406082b060105050730018618687474703a2f2f6f6373702e636f6d6f646f63612e636f6d300d06092a864886f70d01010b050003820101000f718c2aa40e9c44a95e1eca3844097ddb7fba896b5f5c73a6b9aede1d29f0e432f41c8a45ce38b1f52df73f45e67907a03ac58d407b3077b1cae246a54544ee365bcee4bf0f4cecc47b01e98d0478d8f4c93e2c582aa472577de9c67a0a8c2e37635e626258675e0e6669babee331594abed516679e8f1b14d7a65dc1b76ab33412689b135cf855335748e2d1998759e5b95f68d418d5486d385d0db7a8fa30e58e84f57bb7ec3f45efa549fab71775c822ec846545b6fc0ef1d3c2dad34940657088fc5f773a1cbe24f9228f9dd7e9611d5d682998c6041ba580a789f5571da01d6723784bbcec4fded61d0ba31e37fbc10c3dfe06169df4670c8d454019f7 | C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\6CD253D636A7B4D0E0981431BC064061A9853ED9\Blob = 0f00000001000000200000006f962c708f9b1bde348d5d34a63756527055479d67e82040573e57c7f633154d0300000001000000140000006cd253d636a7b4d0e0981431bc064061a9853ed920000000010000001b06000030820617308204ffa003020102021032327facb1bd6f1fa93473ccc515fd82300d06092a864886f70d01010b0500308191310b3009060355040613024742311b30190603550408131247726561746572204d616e636865737465723110300e0603550407130753616c666f7264311a3018060355040a1311434f4d4f444f204341204c696d69746564313730350603550403132e434f4d4f444f2052534120457874656e6465642056616c69646174696f6e20436f6465205369676e696e67204341301e170d3138303132343030303030305a170d3231303132333233353935395a308201153110300e060355040513073339313038303531133011060b2b0601040182373c0201031302555331193017060b2b0601040182373c020102130844656c6177617265311d301b060355040f131450726976617465204f7267616e697a6174696f6e310b3009060355040613025553310e300c06035504110c0530373031333113301106035504080c0a4e6577204a65727365793110300e06035504070c07436c6966746f6e311a301806035504090c11313235352042726f61642053747265657431283026060355040a0c1f436f6d6f646f20536563757269747920536f6c7574696f6e732c20496e632e3128302606035504030c1f436f6d6f646f20536563757269747920536f6c7574696f6e732c20496e632e30820122300d06092a864886f70d01010105000382010f003082010a0282010100b7713778a66667b8cd67f828f378f80a5507c4e8aa143cfd5b9b953ab16d04a965dcd386a35efe8378c1e0e5ceaf124f188102958962014e493cd80f11fc2ba339953a8bb71a9f030ebbe8742b4252ab465a2d41a829508a9eef5d34d171fcf0b5be026fe15e1a70288b2ecd4af1332924d53c0eefe5c7033482769cae8b5c5e8d59033fac40e94d714c5cd05e8db6f0edb71bb26565d52a025f35323203e9a7846d00a235f973d1e43f29a81dcd1bfef625d373f94a51cc8d2be8ee69702a73a694da69d9b0fbae7d1dee353683a2037a2019b9260a1b53f6c89d945b384c275670bdfac333301504af00749373356a1e7a422eb9363bdab713f9ad6b5bb1970203010001a38201e2308201de301f0603551d23041830168014df8ff3200ce9caa604d85b58372a3dab46dc8349301d0603551d0e04160414e18081b3e9396b7109e8b2add6c3d20ebf4b4814300e0603551d0f0101ff040403020780300c0603551d130101ff0402300030130603551d25040c300a06082b06010505070303301106096086480186f842010104040302041030460603551d20043f303d303b060c2b06010401b2310102010601302b302906082b06010505070201161d68747470733a2f2f7365637572652e636f6d6f646f2e636f6d2f43505330550603551d1f044e304c304aa048a0468644687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f434f4d4f444f525341457874656e64656456616c69646174696f6e436f64655369676e696e6743412e63726c30818606082b06010505070101047a3078305006082b060105050730028644687474703a2f2f6372742e636f6d6f646f63612e636f6d2f434f4d4f444f525341457874656e64656456616c69646174696f6e436f64655369676e696e6743412e637274302406082b060105050730018618687474703a2f2f6f6373702e636f6d6f646f63612e636f6d302e0603551d1104273025a02306082b06010505070803a01730150c1355532d44454c41574152452d33393130383035300d06092a864886f70d01010b050003820101004bc17929ea82f3c4787f7b29b69edb09e169797a9f4cd233f035412d2b9c586e352d2c0d1cd530a946a91ccd8858453573f0b45a0cdc743d662af4761420489adadbd9a84915b697f96ed1e49786c53000eb12555d3b2957eec18279326020737e2e3e4d621856026169ad6f6cf18ee7b59d5b6a7e6d8c252fa1a15363ec89a6efe5efdf4b260ad35c6a0e1db0250d1eb66ea7b91f15e0f57ecc0541e1ad74a2069f717dec0b1f03101b6812c13f64264f8c40a3614ffb8ccabedb974cda14eb50c061d5cd23dc7735cd0bcfdcef3fd178c1f95594a591031d05c8554cb5fe6fd23cb95931bf847f5b525a269aeac0336313e8f6e81ccb1692d86993724f709e | C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\31D019FC7AB697D57D9C4AFB340ED7C4D10400DF\Blob = 0f0000000100000020000000c6dcba6192a502eb4e7caebea466be00c8abbf2269740faa6156a5341ba0a2be03000000010000001400000031d019fc7ab697d57d9c4afb340ed7c4d10400df2000000001000000250600003082062130820509a00302010202101b427b060e2866bfb586cc267e1c3eaa300d06092a864886f70d01010b0500308191310b3009060355040613024742311b30190603550408131247726561746572204d616e636865737465723110300e0603550407130753616c666f7264311a3018060355040a1311434f4d4f444f204341204c696d69746564313730350603550403132e434f4d4f444f2052534120457874656e6465642056616c69646174696f6e20436f6465205369676e696e67204341301e170d3138313230343030303030305a170d3231313230333233353935395a308201093110300e060355040513073339313038303531133011060b2b0601040182373c0201031302555331193017060b2b0601040182373c020102130844656c6177617265311d301b060355040f131450726976617465204f7267616e697a6174696f6e310b3009060355040613025553310e300c06035504110c053037303133310b300906035504080c024e4a3110300e06035504070c07436c6966746f6e3116301406035504090c0d313235352042726f616420537431283026060355040a0c1f436f6d6f646f20536563757269747920536f6c7574696f6e732c20496e632e3128302606035504030c1f436f6d6f646f20536563757269747920536f6c7574696f6e732c20496e632e30820122300d06092a864886f70d01010105000382010f003082010a0282010100ad390c8bc919005d5894a91a9585ef887fbd7c2341ff5ebb3efc6f645a66c55e6da11febce740e53ed9416284dfc7d142e4dc21f99753b5f60ae9aadc764b59efd9ffd33b20ae1c54eba629408a1b095a59cf4af0ad9db9bc494250154dcd0edefcec62e4b248d9a793b703aa15255baf3553fa59d4dc558ba4303af630bb626cd6627e0c4a45764ec3b286c38ab2499f9dc13eefdffa7841297ff533b47061b9aa3ff09ee3f04a7b10ba70894e53f3352b1f60eddfc021a66546e3392795bb6ae49a92f189ec2a7cdd9a935fab33a5ce7fc16c4b7e8ca13b4551d38a6a7c0658298a5adf5f6796675f58e1bb4ce410ff704bc5e845bc1ef83c18a0d50e137370203010001a38201f8308201f4301f0603551d23041830168014df8ff3200ce9caa604d85b58372a3dab46dc8349301d0603551d0e041604142d99b81962209042dc650eb36ec07ad996e48c4d300e0603551d0f0101ff040403020780300c0603551d130101ff0402300030130603551d25040c300a06082b06010505070303301106096086480186f842010104040302041030460603551d20043f303d303b060c2b06010401b2310102010601302b302906082b06010505070201161d68747470733a2f2f7365637572652e636f6d6f646f2e636f6d2f43505330550603551d1f044e304c304aa048a0468644687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f434f4d4f444f525341457874656e64656456616c69646174696f6e436f64655369676e696e6743412e63726c30818606082b06010505070101047a3078305006082b060105050730028644687474703a2f2f6372742e636f6d6f646f63612e636f6d2f434f4d4f444f525341457874656e64656456616c69646174696f6e436f64655369676e696e6743412e637274302406082b060105050730018618687474703a2f2f6f6373702e636f6d6f646f63612e636f6d30440603551d11043d303ba02306082b06010505070803a01730150c1355532d44454c41574152452d33393130383035811473636f742e7765697240636f6d6f646f2e636f6d300d06092a864886f70d01010b050003820101007f4d3e6594a3e380fac36b00e97ccacce4786be2ecc13cf37e737aaca0328bb8bfdcd513daff94aba1c7ee00cc8a3bd073157a812f6e31f772781d0bb922a8b86932b296c2312cdf3b239c42bb443b4b1b89b36de34a7fae65ac63eb6ead8812f8d373fa6f1a4e8d9e62eb004caae3639e41e08ed48d640b04725b09b4411dc083587e7fe24b33d90677677960efa6299cc85c4b2bfae4cdfe36581d25e029f6af1a7e77f502882d87597f3cc5bb450a71f9fd57f43b321baa4cbe5213a48a2c5b785a9de4103d5029e4db79403e98784e51379d45a86996b183469e98470731d1a603eaa443a05527aca62f51631722dc0dfe5d74c8298d2aed885d34c9be61 | C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\6CD253D636A7B4D0E0981431BC064061A9853ED9\Blob = 0300000001000000140000006cd253d636a7b4d0e0981431bc064061a9853ed920000000010000001b06000030820617308204ffa003020102021032327facb1bd6f1fa93473ccc515fd82300d06092a864886f70d01010b0500308191310b3009060355040613024742311b30190603550408131247726561746572204d616e636865737465723110300e0603550407130753616c666f7264311a3018060355040a1311434f4d4f444f204341204c696d69746564313730350603550403132e434f4d4f444f2052534120457874656e6465642056616c69646174696f6e20436f6465205369676e696e67204341301e170d3138303132343030303030305a170d3231303132333233353935395a308201153110300e060355040513073339313038303531133011060b2b0601040182373c0201031302555331193017060b2b0601040182373c020102130844656c6177617265311d301b060355040f131450726976617465204f7267616e697a6174696f6e310b3009060355040613025553310e300c06035504110c0530373031333113301106035504080c0a4e6577204a65727365793110300e06035504070c07436c6966746f6e311a301806035504090c11313235352042726f61642053747265657431283026060355040a0c1f436f6d6f646f20536563757269747920536f6c7574696f6e732c20496e632e3128302606035504030c1f436f6d6f646f20536563757269747920536f6c7574696f6e732c20496e632e30820122300d06092a864886f70d01010105000382010f003082010a0282010100b7713778a66667b8cd67f828f378f80a5507c4e8aa143cfd5b9b953ab16d04a965dcd386a35efe8378c1e0e5ceaf124f188102958962014e493cd80f11fc2ba339953a8bb71a9f030ebbe8742b4252ab465a2d41a829508a9eef5d34d171fcf0b5be026fe15e1a70288b2ecd4af1332924d53c0eefe5c7033482769cae8b5c5e8d59033fac40e94d714c5cd05e8db6f0edb71bb26565d52a025f35323203e9a7846d00a235f973d1e43f29a81dcd1bfef625d373f94a51cc8d2be8ee69702a73a694da69d9b0fbae7d1dee353683a2037a2019b9260a1b53f6c89d945b384c275670bdfac333301504af00749373356a1e7a422eb9363bdab713f9ad6b5bb1970203010001a38201e2308201de301f0603551d23041830168014df8ff3200ce9caa604d85b58372a3dab46dc8349301d0603551d0e04160414e18081b3e9396b7109e8b2add6c3d20ebf4b4814300e0603551d0f0101ff040403020780300c0603551d130101ff0402300030130603551d25040c300a06082b06010505070303301106096086480186f842010104040302041030460603551d20043f303d303b060c2b06010401b2310102010601302b302906082b06010505070201161d68747470733a2f2f7365637572652e636f6d6f646f2e636f6d2f43505330550603551d1f044e304c304aa048a0468644687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f434f4d4f444f525341457874656e64656456616c69646174696f6e436f64655369676e696e6743412e63726c30818606082b06010505070101047a3078305006082b060105050730028644687474703a2f2f6372742e636f6d6f646f63612e636f6d2f434f4d4f444f525341457874656e64656456616c69646174696f6e436f64655369676e696e6743412e637274302406082b060105050730018618687474703a2f2f6f6373702e636f6d6f646f63612e636f6d302e0603551d1104273025a02306082b06010505070803a01730150c1355532d44454c41574152452d33393130383035300d06092a864886f70d01010b050003820101004bc17929ea82f3c4787f7b29b69edb09e169797a9f4cd233f035412d2b9c586e352d2c0d1cd530a946a91ccd8858453573f0b45a0cdc743d662af4761420489adadbd9a84915b697f96ed1e49786c53000eb12555d3b2957eec18279326020737e2e3e4d621856026169ad6f6cf18ee7b59d5b6a7e6d8c252fa1a15363ec89a6efe5efdf4b260ad35c6a0e1db0250d1eb66ea7b91f15e0f57ecc0541e1ad74a2069f717dec0b1f03101b6812c13f64264f8c40a3614ffb8ccabedb974cda14eb50c061d5cd23dc7735cd0bcfdcef3fd178c1f95594a591031d05c8554cb5fe6fd23cb95931bf847f5b525a269aeac0336313e8f6e81ccb1692d86993724f709e | C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe | N/A |
Sets service image path in registry
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\CmdAgent\ImagePath = "\"C:\\Program Files\\COMODO\\COMODO Internet Security\\cmdagent.exe\"" | C:\Windows\system32\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\cmderd\ImagePath = "System32\\DRIVERS\\cmderd.sys" | C:\Windows\system32\MsiExec.exe | N/A |
Reads user/profile data of web browsers
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\GrpConv = "grpconv -o" | C:\Windows\system32\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\COMODO Internet Security = "\"C:\\Program Files\\COMODO\\COMODO Internet Security\\cis.exe\" --cistrayUI" | C:\Windows\system32\msiexec.exe | N/A |
Checks for any installed AV software in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\Options | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\Options\Tray icon visibility | C:\Windows\system32\msiexec.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\Options\LanguageName | C:\Windows\system32\msiexec.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\Options\LanguageID | C:\Windows\system32\msiexec.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\DbgTrace\CmdAgent\_Trace_Category_Exclude | C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\Data\AvDbUpdateDate = "0" | C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\VolatileData\PendingRebootAfterInstall = "1" | C:\Windows\system32\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\Options\UserEmail | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS | C:\Windows\system32\MsiExec.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\Data\MofHash = 35c719bca59db3dd0a22bd450940006024aed9e6 | C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\DbgTrace\CavWp\_Trace_Enabled_To_WinLog | C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\Installer | C:\Windows\system32\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\COMODO\CIS\Data\CmcWindowsVersion = "{\"release_id\":0,\"build\":0,\"ubr\":0,\"major\":1}" | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\Options | C:\Windows\system32\msiexec.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\DbgTrace\cmdagent | C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\Data\IsLmdbCorrupted.cmdurl | C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\Data\VcDisableDirectNtfs | C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\Data\Timestamp.{0E9B65E7-29F3-4520-A8EC-2DDEF68A1170} | C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\Options\Silent diag support | C:\Windows\system32\msiexec.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\Options\Langs.cmdres | C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\COMODO\CIS\Cam | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\COMODO\CIS\Cam\ModeEx = "0" | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\Options\UrlsUpdateHost | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\DbgTrace\CIS | C:\Windows\system32\MsiExec.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\Testing purposes\Replace files | C:\Windows\system32\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\VolatileData\SubKey1 | C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\Data\UrlDbVersion | C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\Cam\SubscriptionIdFree = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000007508a4fc4edda84696540e4277d308d204000000020000000000106600000001000020000000d9561391d2d6fe279c9c270423f6230ed85ef6a3a33c2509af65471533d9cb4a000000000e8000000002000020000000feee728446651abedd85f6cda1d651a2810bc5b71a1dad875123c917716149f610000000914e438b5bcbee1cd78cfacf9575d9aa400000002ade71af0fa4bd810ac0f8368cd18d3ab48400931da73886a0e8418e0b9a1228f3a1671280c0a1a378f46a7bfef7682c3eca98a8a9a40f7dd85a5ad89b142c14 | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\Installer\MsiProductCode | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\DbgTrace\CfpConfg | C:\Windows\system32\MsiExec.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\Data | C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\DbgTrace\CfpConfg\_Trace_Enabled_To_WinLog | C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\Options\SaspSkipOnceInService = "0" | C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\VolatileData\PendingRebootAfterInstall = "1" | C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\Options | C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\DbgTrace\CfpConfg\_Trace_Category_Exclude | C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\Data | C:\Windows\system32\MsiExec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\Installer\InstallEndTimestamp = "133616994260350000" | C:\Windows\system32\MsiExec.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\DbgTrace\CavWp\_Trace_Enabled_To_WinLog | C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\Installer | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe | N/A |
| Key security queried | \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\Options | C:\Windows\system32\msiexec.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\Installer\Proxy | C:\Windows\system32\msiexec.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\Cam\Camod | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\Testing purposes | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe | N/A |
| Key security queried | \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\Cam | C:\Windows\system32\msiexec.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\Data\AvDbCheckDate | C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\Data\SwitchOn.{E739B5BC-AD9F-4758-9567-A21B396737F1} | C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\Data\SwitchOn.{3899AA55-4039-4996-AA3B-75F035BE8900} | C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\Installer | C:\Windows\system32\MsiExec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\Options\Tray icon visibility = "1" | C:\Windows\system32\msiexec.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\Data\SwitchOn.{8F5CCB37-64DD-423E-AEE4-3E7B3D162E32} | C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\VolatileData | C:\Windows\system32\msiexec.exe | N/A |
| Key security queried | \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS | C:\Windows\system32\msiexec.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\DbgTrace\CavWp\_Trace_Category_Exclude | C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\Options\ViruscopeProcessLimit | C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\COMODO\CIS\Data | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\COMODO\CIS\Options | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\Cam\PricingTerm = "cis.premium.free" | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\Options\ThemeName | C:\Windows\system32\msiexec.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\DbgTrace\CfpConfg\_Trace_Enabled = "1" | C:\Windows\system32\MsiExec.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\DbgTrace\CavWp\_Trace_Category_Override | C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\Data\OS driver cmdguard = "7" | C:\Windows\system32\MsiExec.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\Options\UpgradeFlags | C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe | N/A |
Downloads MZ/PE file
Enumerates connected drives
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7D11549FC90445E1CE90F96A21958A17_941A5BE5FAF3230B9FC294754AF2A1C3 | C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe | N/A |
| File created | C:\Windows\system32\guard64.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F90F18257CBB4D84216AC1E1F3BB2C76 | C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357 | C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\74FBF93595CFC8459196065CE54AD928 | C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\74FBF93595CFC8459196065CE54AD928 | C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7D11549FC90445E1CE90F96A21958A17_941A5BE5FAF3230B9FC294754AF2A1C3 | C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E0968A1E3A40D2582E7FD463BAEB59CD | C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\5F26A2159BA21EA573A1C5E3DE2CF211_7541962669C96CEAB06421EC12621007 | C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe | N/A |
| File created | C:\Windows\system32\cmdcsr.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\SysWOW64\guard32.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F90F18257CBB4D84216AC1E1F3BB2C76 | C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe | N/A |
| File created | C:\Windows\system32\cmdvrt64.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B8CC409ACDBF2A2FE04C56F2875B1FD6 | C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015 | C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357 | C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E0968A1E3A40D2582E7FD463BAEB59CD | C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\5F26A2159BA21EA573A1C5E3DE2CF211_7541962669C96CEAB06421EC12621007 | C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe | N/A |
| File created | C:\Windows\SysWOW64\cmdvrt32.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B8CC409ACDBF2A2FE04C56F2875B1FD6 | C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015 | C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe | N/A |
Checks installed software on the system
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files\COMODO\COMODO Internet Security\drivers\win10\inspect.sys | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\COMODO\COMODO Internet Security\translations\cmdres.serbian.lang | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\COMODO\COMODO Internet Security\translations\virtkiosk.german.lang | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\COMODO\COMODO Internet Security\cisresc.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\COMODO\COMODO Internet Security\themes\iarcadia.set | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\COMODO\COMODO Internet Security\scanners\dunpack.cav | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\COMODO\COMODO Internet Security\vddata\vduserdata\bin\Add_App.png | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\COMODO\COMODO Internet Security\vddata\vduserdata\bin\pfpeapihoiogbcmdmnibeplnikfnhoge.png | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\COMODO\COMODO Internet Security\drivers\win8\cmdguard.inf | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\COMODO\COMODO Internet Security\translations\virtkiosk.ukrainian.lang | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\COMODO\COMODO Internet Security\COMODO - Internet Security.cfgx | C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe | N/A |
| File created | C:\Program Files\COMODO\COMODO Internet Security\vddata\vduserdata\images\btnShadow.png | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\COMODO\COMODO Internet Security\vddata\vduserdata\bin\lneaknkopdijkpnocmklfnjbeapigfbh.png | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\COMODO\COMODO Internet Security\drivers\win8\cmdhlp.sys | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\COMODO\COMODO Internet Security\cisbf.exe | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\COMODO\COMODO Internet Security\vddata\vduserdata\bin\comodo_dragon.xml | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\COMODO\COMODO Internet Security\cmdcomps.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\COMODO\COMODO Internet Security\database\signers.tvt | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\COMODO\COMODO Internet Security\scanners\unpack.cav | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\COMODO\COMODO Internet Security\vddata\vkhlp.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\COMODO\COMODO Internet Security\drivers\win8\inspect.cat | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\COMODO\COMODO Internet Security\drivers\win7\cmdguard.cat | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\COMODO\COMODO Internet Security\translations\cmdres.vietnamese.lang | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\COMODO\COMODO Internet Security\scanners\heur.cav | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\COMODO\COMODO Internet Security\drivers\win7\inspect.inf | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\COMODO\COMODO Internet Security\translations\cmdres.croatian.lang | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\COMODO\COMODO Internet Security\vkthemes\kioskthemearcadia.theme | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\COMODO\COMODO Internet Security\translations\1038.lang | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\COMODO\COMODO Internet Security\themes\ilycia.set | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\COMODO\COMODO Internet Security\scanners\fileid.cav | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\COMODO\COMODO Internet Security\scanners\white.cav | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\COMODO\COMODO Internet Security\vddata\vduserdata\bin\blpcfgokakmgnkcojhhkbfbldkacnbeo.png | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\COMODO\COMODO Internet Security\drivers\win10\cmdguard.inf | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\COMODO\COMODO Internet Security\translations\cmdres.persian.lang | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\COMODO\COMODO Internet Security\vddata\vduserdata\bin\hbdpomandigafcibbmofojjchbcdagbl.xml | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\COMODO\COMODO Internet Security\vddata\vduserdata\bin\mkojhhiphdgeliplnclnbmdiofhgnimi.xml | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\COMODO\COMODO Internet Security\drivers\win7\cmdhlp.inf | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\COMODO\COMODO Internet Security\scanners\smart.cav | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\COMODO\COMODO Internet Security\drivers\win10\cmdhlp.cat | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\COMODO\COMODO Internet Security\translations\virtkiosk.polish.lang | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\COMODO\COMODO Internet Security\drivers\win10\cmdhlp.inf | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\COMODO\COMODO Internet Security\translations\cmdres.arabic.lang | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\COMODO\COMODO Internet Security\translations\virtkiosk.estonian.lang | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\COMODO\COMODO Internet Security\vkthemes\kioskthememodern.theme | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\COMODO\COMODO Internet Security\scanners\mem.cav | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\COMODO\COMODO Internet Security\vddata\vduserdata\bin\blpcfgokakmgnkcojhhkbfbldkacnbeo.xml | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\COMODO\COMODO Internet Security\drivers\win10\cmdboot.cat | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\COMODO\COMODO Internet Security\themes\default.set | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\COMODO\COMODO Internet Security\vddata\vduserdata\bin\hbdpomandigafcibbmofojjchbcdagbl.png | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\COMODO\COMODO Internet Security\drivers\win7\inspect.sys | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\COMODO\COMODO Internet Security\vddata\vduserdata\images\page_dot.png | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\COMODO\COMODO Internet Security\translations\cmdres.turkish.lang | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Program Files\COMODO\COMODO Internet Security\recognizers\proto_v10\recognizer_v12.2.2.8012.dll | C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe | N/A |
| File created | C:\Program Files\COMODO\COMODO Internet Security\vddata\vduserdata\bin\onlgmecjpnejhfeofkgbfgnmdlipdejb.xml | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\COMODO\COMODO Internet Security\installer_langdata.bin | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\COMODO\COMODO Internet Security\vddata\vduserdata\bin\icppfcnhkcmnfdhfhphakoifcfokfdhg.xml | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\COMODO\COMODO Internet Security\translations\cmdres.dutch.lang | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\COMODO\COMODO Internet Security\translations\virtkiosk.chinesetraditional.lang | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\COMODO\COMODO Internet Security\translations\virtkiosk.turkish.lang | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\COMODO\COMODO Internet Security\translations\virtkiosk.bulgarian.lang | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Program Files\COMODO\COMODO Internet Security\eula.rtf | C:\Windows\system32\MsiExec.exe | N/A |
| File created | C:\Program Files\COMODO\COMODO Internet Security\vddata\vduserdata\images\flip_out.png | C:\Windows\system32\msiexec.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\Installer\MSI32C9.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\INF\setupapi.ev1 | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\Installer\f772c7d.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI3094.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI319E.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI3421.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI3686.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI35F9.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\INF\setupapi.ev3 | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI6DD5.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\f772c7d.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\ | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI349F.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI5DAA.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\f772c80.ipi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\security\logs\scecomp.log | C:\Windows\system32\MsiExec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI6E81.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\{529CC629-B436-4886-B322-4BE75B97783D}\cis.ico | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\{529CC629-B436-4886-B322-4BE75B97783D}\cis.ico | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI355C.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI5712.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI5E27.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\INF\setupapi.app.log | C:\Windows\system32\MsiExec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI7325.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI321C.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\INF\setupapi.dev.log | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI583B.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI5C51.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI6654.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI6CDA.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI7297.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\f772c80.ipi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI5EA5.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\f772c82.msi | C:\Windows\system32\msiexec.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe | N/A |
| N/A | N/A | C:\Windows\Installer\MSI3686.tmp | N/A |
| N/A | N/A | C:\Windows\Installer\MSI3686.tmp | N/A |
| N/A | N/A | C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe | N/A |
| N/A | N/A | C:\Program Files\COMODO\COMODO Internet Security\cisbf.exe | N/A |
| N/A | N/A | C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe | N/A |
| N/A | N/A | C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe | N/A |
| N/A | N/A | C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe | N/A |
| N/A | N/A | C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe | N/A |
| N/A | N/A | C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe | N/A |
| N/A | N/A | C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe | N/A |
| N/A | N/A | C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe | N/A |
| N/A | N/A | C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe | N/A |
Loads dropped DLL
Modifies system executable filetype association
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\Comodo Antivirus | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\Comodo Antivirus\ = "{4255A182-CAD9-4214-A19B-7BA7FB633BBD}" | C:\Windows\system32\regsvr32.exe | N/A |
Registers COM server for autorun
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D7D729A7-3570-4902-944A-470C9919FCCB}\InProcServer32\ThreadingModel = "Both" | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BBB01528-20FE-4bc2-9D26-C70E3ABB9CD1}\LocalServer32 | C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1B1E2B7F-DDF5-4722-A450-085CC9EAC96C}\LocalServer32\ = "\"C:\\Program Files\\COMODO\\COMODO Internet Security\\cmdagent.exe\"" | C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BE4DEE24-6CFC-48DF-89C4-29BD4954B895}\InProcServer32 | C:\Windows\system32\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D7D729A7-3570-4902-944A-470C9919FCCB}\InProcServer32 | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{10F58851-4358-4E4B-8494-DF34393F41A5}\LocalServer32\ = "\"C:\\Program Files\\COMODO\\COMODO Internet Security\\cmdagent.exe\"" | C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9F2D4924-C5F4-43B6-A4AB-C4161C4C2879}\InProcServer32 | C:\Windows\system32\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{10F58851-4358-4E4B-8494-DF34393F41A5}\LocalServer32\ = "\"C:\\Program Files\\COMODO\\COMODO Internet Security\\cmdagent.exe\"" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\CLSID\{E0E9D49D-65D1-4AB1-8235-DF90B6ED8483}\LocalServer32 | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E8718E3A-1985-473C-9196-9A39AFB0028E}\LocalServer32\ = "\"C:\\Program Files\\COMODO\\COMODO Internet Security\\cavwp.exe\" /ModeAvMerger" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{ED181758-F11B-4C85-AEA2-199B3DC9F7DE}\InprocServer32\ = "C:\\Program Files\\COMODO\\COMODO Internet Security\\cisresc.dll" | C:\Windows\system32\regsvr32.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C288AC5A-D846-4696-8028-2DF6F508D0D9}\LOCALSERVER32 | C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C288AC5A-D846-4696-8028-2DF6F508D0D9}\LocalServer32\ = "\"C:\\Program Files\\COMODO\\COMODO Internet Security\\cmdagent.exe\"" | C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BBB01528-20FE-4bc2-9D26-C70E3ABB9CD1}\LocalServer32\ = "\"C:\\Program Files\\COMODO\\COMODO Internet Security\\cmdagent.exe\"" | C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BE4DEE24-6CFC-48DF-89C4-29BD4954B895}\InProcServer32\ThreadingModel = "Both" | C:\Windows\system32\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\CLSID\{C288AC5A-D846-4696-8028-2DF6F508D0D9}\LocalServer32 | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{FF101135-6584-46e7-8AA1-8FCD1FCA5042}\LocalServer32\ = "\"C:\\Program Files\\COMODO\\COMODO Internet Security\\cmdagent.exe\"" | C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{81B0EDF3-1CAB-4B8A-BD36-C4DEFAC1DCF9}\LocalServer32 | C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{67683718-82B8-4557-86A8-E04D169EF883}\InProcServer32\ = "C:\\Program Files\\COMODO\\COMODO Internet Security\\cisbfps.dll" | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E0E9D49D-65D1-4AB1-8235-DF90B6ED8483}\LocalServer32\ = "\"C:\\Program Files\\COMODO\\COMODO Internet Security\\cavwp.exe\" /ModeAvMonitor" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D7D729A7-3570-4902-944A-470C9919FCCB}\InProcServer32\ = "C:\\Program Files\\COMODO\\COMODO Internet Security\\cisresc.dll" | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\CLSID\{1B1E2B7F-DDF5-4722-A450-085CC9EAC96C}\LocalServer32 | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4255A182-CAD9-4214-A19B-7BA7FB633BBD}\InprocServer32\ThreadingModel = "Apartment" | C:\Windows\system32\regsvr32.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4255A182-CAD9-4214-A19B-7BA7FB633BBD}\InprocServer32 | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9F2D4924-C5F4-43B6-A4AB-C4161C4C2879}\InProcServer32\ThreadingModel = "Both" | C:\Windows\system32\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{67683718-82B8-4557-86A8-E04D169EF883}\InProcServer32\ThreadingModel = "Both" | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1B1E2B7F-DDF5-4722-A450-085CC9EAC96C}\LocalServer32\ = "\"C:\\Program Files\\COMODO\\COMODO Internet Security\\cmdagent.exe\"" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{FF101135-6584-46E7-8AA1-8FCD1FCA5042}\LocalServer32\ThreadingModel = "Free" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A1850D95-9C38-4D86-AC40-E559BC0E73C9}\LocalServer32\ = "\"C:\\Program Files\\COMODO\\COMODO Internet Security\\cavwp.exe\" /ModeAvDllHost" | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1B1E2B7F-DDF5-4722-A450-085CC9EAC96C}\LOCALSERVER32 | C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{868A55F7-D79E-4C2E-8091-DEA9042B987F}\LocalServer32\ = "\"C:\\Program Files\\COMODO\\COMODO Internet Security\\cavwp.exe\" /ModeAvSigChecker" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C4D33F09-D11A-485D-AB08-8BFF862E7120}\LocalServer32\ = "\"C:\\Program Files\\COMODO\\COMODO Internet Security\\cisbf.exe\"" | C:\Program Files\COMODO\COMODO Internet Security\cisbf.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\CLSID\{FF101135-6584-46E7-8AA1-8FCD1FCA5042}\LocalServer32 | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{81B0EDF3-1CAB-4B8A-BD36-C4DEFAC1DCF9}\LocalServer32\ThreadingModel = "Free" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C288AC5A-D846-4696-8028-2DF6F508D0D9}\LocalServer32\ThreadingModel = "Free" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\CLSID\{868A55F7-D79E-4C2E-8091-DEA9042B987F}\LocalServer32 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\CLSID\{A1850D95-9C38-4D86-AC40-E559BC0E73C9}\LocalServer32 | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{ED181758-F11B-4C85-AEA2-199B3DC9F7DE}\InprocServer32\ThreadingModel = "Free" | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{67683718-82B8-4557-86A8-E04D169EF883}\InProcServer32 | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C4D33F09-D11A-485D-AB08-8BFF862E7120}\LocalServer32 | C:\Program Files\COMODO\COMODO Internet Security\cisbf.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\CLSID\{81B0EDF3-1CAB-4B8A-BD36-C4DEFAC1DCF9}\LocalServer32 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1B1E2B7F-DDF5-4722-A450-085CC9EAC96C}\LocalServer32 | C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4255A182-CAD9-4214-A19B-7BA7FB633BBD}\InprocServer32 | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9F2D4924-C5F4-43B6-A4AB-C4161C4C2879}\InProcServer32\ = "C:\\Program Files\\COMODO\\COMODO Internet Security\\cmdcomps.dll" | C:\Windows\system32\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C288AC5A-D846-4696-8028-2DF6F508D0D9}\LocalServer32 | C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{FF101135-6584-46e7-8AA1-8FCD1FCA5042}\LocalServer32 | C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BE4DEE24-6CFC-48DF-89C4-29BD4954B895}\InProcServer32\ = "C:\\Program Files\\COMODO\\COMODO Internet Security\\cavwpps.dll" | C:\Windows\system32\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{FF101135-6584-46E7-8AA1-8FCD1FCA5042}\LocalServer32\ = "\"C:\\Program Files\\COMODO\\COMODO Internet Security\\cmdagent.exe\"" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\CLSID\{B691E6DB-B216-4532-A2F3-1656BAC416FC}\LocalServer32 | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1B1E2B7F-DDF5-4722-A450-085CC9EAC96C}\LocalServer32\ThreadingModel = "Free" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{05E5F178-256F-42EE-9BF4-A7E080F7B354}\LocalServer32\ = "\"C:\\Program Files\\COMODO\\COMODO Internet Security\\cavwp.exe\" /ModeAvScanner" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{ED181758-F11B-4C85-AEA2-199B3DC9F7DE}\InprocServer32 | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C4D33F09-D11A-485D-AB08-8BFF862E7120}\LocalServer32\ServerExecutable = "C:\\Program Files\\COMODO\\COMODO Internet Security\\cisbf.exe" | C:\Program Files\COMODO\COMODO Internet Security\cisbf.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{FF101135-6584-46E7-8AA1-8FCD1FCA5042}\LOCALSERVER32 | C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{81B0EDF3-1CAB-4B8A-BD36-C4DEFAC1DCF9}\LOCALSERVER32 | C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{81B0EDF3-1CAB-4B8A-BD36-C4DEFAC1DCF9}\LocalServer32\ = "\"C:\\Program Files\\COMODO\\COMODO Internet Security\\cmdagent.exe\"" | C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{81B0EDF3-1CAB-4B8A-BD36-C4DEFAC1DCF9}\LocalServer32\ = "\"C:\\Program Files\\COMODO\\COMODO Internet Security\\cmdagent.exe\"" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{10F58851-4358-4E4B-8494-DF34393F41A5}\LocalServer32 | C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\CLSID\{10F58851-4358-4E4B-8494-DF34393F41A5}\LocalServer32 | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C288AC5A-D846-4696-8028-2DF6F508D0D9}\LocalServer32\ = "\"C:\\Program Files\\COMODO\\COMODO Internet Security\\cmdagent.exe\"" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B691E6DB-B216-4532-A2F3-1656BAC416FC}\LocalServer32\ = "\"C:\\Program Files\\COMODO\\COMODO Internet Security\\cavwp.exe\" /ModeAvBoostHelper" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\CLSID\{05E5F178-256F-42EE-9BF4-A7E080F7B354}\LocalServer32 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\CLSID\{E8718E3A-1985-473C-9196-9A39AFB0028E}\LocalServer32 | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{10F58851-4358-4E4B-8494-DF34393F41A5}\LOCALSERVER32 | C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe | N/A |
Enumerates physical storage devices
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Windows\system32\runonce.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Windows\system32\runonce.exe | N/A |
| Key opened | \Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Windows\system32\runonce.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Windows\system32\runonce.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Root\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\CTLs | C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\CTLs | C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2E\52C64B7E\@%SystemRoot%\System32\fveui.dll,-843 = "BitLocker Drive Encryption" | C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\Certificates | C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed | C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Root\CRLs | C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\CTLs | C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Root\CTLs | C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\GrpConv | C:\Windows\System32\grpconv.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs | C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\trust\Certificates | C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\trust\CTLs | C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPublisher\CTLs | C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates | C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\CA\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\trust\CRLs | C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\Certificates | C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs | C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\My | C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\GrpConv | C:\Windows\System32\grpconv.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot | C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\trust\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2e\52C64B7E | C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA | C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ | C:\Windows\system32\runonce.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA | C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates | C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust | C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\CRLs | C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust | C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\CRLs | C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\CRLs | C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot | C:\Windows\system32\DrvInst.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2E\52C64B7E\@%SystemRoot%\system32\dnsapi.dll,-103 = "Domain Name System (DNS) Server Trust" | C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople | C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\CA\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\CTLs | C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople | C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2E\52C64B7E\@%SystemRoot%\system32\qagentrt.dll,-10 = "System Health Authentication" | C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached | C:\Windows\system32\runonce.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed | C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root | C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\CTLs | C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\trust\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{F2B830DA-DF8E-4CBF-946F-DED196916210}\ProxyStubClsid32\ = "{9F2D4924-C5F4-43B6-A4AB-C4161C4C2879}" | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{9A2862A6-DCC2-4C52-A579-7A2246C107C1}\ProxyStubClsid32 | C:\Windows\syswow64\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E47859D8-9597-47FE-BFE4-4427113739A9}\ProxyStubClsid32\ = "{9F2D4924-C5F4-43B6-A4AB-C4161C4C2879}" | C:\Windows\syswow64\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{17FC23A6-8D66-448B-B286-C7B0030A0889}\ = "ICceProcActivity" | C:\Windows\system32\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{EA98EDA9-5AD9-48E0-BEDD-AA308DF3FF73}\ProxyStubClsid32 | C:\Windows\system32\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BE4DEE24-6CFC-48DF-89C4-29BD4954B895}\InProcServer32\ThreadingModel = "Both" | C:\Windows\system32\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\CLSID\{05E5F178-256F-42EE-9BF4-A7E080F7B354}\LocalServer32 | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{D2FCAA56-082E-4CB5-AC35-8EA86764D274}\NumMethods\ = "24" | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{B7FC0F91-20A6-485A-BD25-78A6C429F31D}\ProxyStubClsid32 | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{AF738DD5-62A4-4A19-A149-006F41F053BB} | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{AC07AE87-D195-4101-BAAC-33A74C731E83}\NumMethods | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{88E8C754-D5D7-442B-B090-39569EB258DD} | C:\Windows\system32\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\CLSID\{C288AC5A-D846-4696-8028-2DF6F508D0D9}\LocalServer32 | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E8718E3A-1985-473C-9196-9A39AFB0028E}\LocalServer32\ = "\"C:\\Program Files\\COMODO\\COMODO Internet Security\\cavwp.exe\" /ModeAvMerger" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{BBE300CA-7532-4515-AEBD-392BBBEAE404}\ = "ICisAlertCheckPassword" | C:\Windows\syswow64\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C80170AF-0521-45FD-8296-43AA420C40A2}\ = "IViruscopeActivityDnsQuery" | C:\Windows\system32\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\TypeLib\{59A8627E-99C2-4995-81D3-44A31D62EA3A}\7.0 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E43FB77E-657A-4E59-94AC-EE6CAEE332EF} | C:\Windows\syswow64\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E9B1A6B4-EF47-4BB6-9EFA-B3F33CFD548E}\NumMethods\ = "14" | C:\Windows\syswow64\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{8DD1CBA7-A94F-42E0-B896-4C8346B8046A}\ = "IViruscopeActivityCreateFile" | C:\Windows\system32\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6686FBD5-734B-44FA-9B3E-02C522299E59}\ = "ICisFile" | C:\Windows\system32\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CISSVC.CisGate.1\CLSID\ = "{C288AC5A-D846-4696-8028-2DF6F508D0D9}" | C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1FE70F59-DA7B-445D-9970-5E6AEEACCE7D}\ = "ICisRmControl18" | C:\Windows\syswow64\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{0D11E551-B3C7-4E88-97D7-F76E9F716AD6}\NumMethods\ = "70" | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1FE70F59-DA7B-445D-9970-5E6AEEACCE7D}\ProxyStubClsid32 | C:\Windows\system32\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{5B63A392-A673-422A-B8E8-5F79897CD0E4}\NumMethods | C:\Windows\system32\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{632E9EEE-F431-4C89-A18B-9959BCFF676B}\NumMethods | C:\Windows\system32\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{59A8627E-99C2-4995-81D3-44A31D62EA3A}\7.0\ = "CIS 7.0 WMI Type Library" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\kiosk\shell | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{814CD053-EC73-450E-B695-68359C119228}\NumMethods | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3A354768-9032-4BE3-888B-BC5E8D07F118} | C:\Windows\system32\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AF738DD5-62A4-4A19-A149-006F41F053BB}\ProxyStubClsid32 | C:\Windows\system32\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CavWp.AvSigChecker.1\ = "AvSigChecker Class" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{C23BD847-4CA4-45E9-BF35-458D8F2B488F}\NumMethods\ = "11" | C:\Windows\syswow64\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{D5E9B851-51DA-4E75-B7FF-F58371D2450D}\NumMethods\ = "13" | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{3539C559-2626-40CC-97BF-CD9715CB84B4} | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{4AB8A7C8-306E-4E41-A1D5-C711818EC2BF} | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7BDBBCBE-8A78-4A7A-9A3B-D8265CCFBA27} | C:\Windows\system32\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F9190C9B-8F67-4969-B30C-ABED8B40D87D}\ProxyStubClsid32\ = "{9F2D4924-C5F4-43B6-A4AB-C4161C4C2879}" | C:\Windows\system32\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\PropertySheetHandlers\Comodo Antivirus\ = "{4255A182-CAD9-4214-A19B-7BA7FB633BBD}" | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{A8F46273-16B9-4009-AF0F-2EFA988DD75D}\ProxyStubClsid32\ = "{9F2D4924-C5F4-43B6-A4AB-C4161C4C2879}" | C:\Windows\syswow64\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2AA289E5-94A3-4358-B478-1E3E777C712F}\ = "ICisAlertAllowSbFullyVirtualize" | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9F2D4924-C5F4-43B6-A4AB-C4161C4C2879}\InProcServer32 | C:\Windows\system32\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3A354768-9032-4BE3-888B-BC5E8D07F118}\NumMethods\ = "11" | C:\Windows\system32\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{EFC7BEE6-AEFC-49CC-80FF-0BA189884F5F}\NumMethods\ = "23" | C:\Windows\system32\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{17FC23A6-8D66-448B-B286-C7B0030A0889}\ProxyStubClsid32\ = "{9F2D4924-C5F4-43B6-A4AB-C4161C4C2879}" | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{EE60D0A4-6690-4EF2-B811-6E1CC3271D65}\NumMethods | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{BA5CCBBA-DC09-42C1-81CC-41DCCC7D0EE3} | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{C23BD847-4CA4-45E9-BF35-458D8F2B488F}\NumMethods | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{80C6DED0-60A1-4B9A-A3D3-9713908EE07D} | C:\Windows\system32\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{ABB4804E-9F91-4C7D-A90B-486B83460EBE} | C:\Windows\system32\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DF800BB8-B4FA-47D6-8A70-736C1C0A5E90}\NumMethods | C:\Windows\system32\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E0E9D49D-65D1-4AB1-8235-DF90B6ED8483} | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A1850D95-9C38-4D86-AC40-E559BC0E73C9}\ = "AvDllHost Class" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{63A82605-4789-40DC-9FDC-8041CC8540F5}\ = "IEnumViruscopeActivities" | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E981C6A7-C5CD-4F19-9657-41DBB6C39614}\NumMethods | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{379DE05C-2339-463A-9BC1-BDC1F92C0CCA} | C:\Windows\system32\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1220A5C3-9B6C-4A8A-ABE4-7CE6118384A9} | C:\Windows\syswow64\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E58853A5-06B5-4458-B7DD-69AFB65556CD}\ = "ICisRmControl13" | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{37EFB434-D269-4B6B-AE61-60E4E8F2CCCA} | C:\Windows\system32\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{B9404811-42B6-41B1-AF40-B885ED9D818A}\NumMethods | C:\Windows\syswow64\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{08E55C52-1F4D-4D91-A6FA-E7444A59D528}\NumMethods\ = "7" | C:\Windows\syswow64\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CIS.CisLpsIntegration\ = "CisLpsIntegration Class" | C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe | N/A |
Modifies system certificate store
| Description | Indicator | Process | Target |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\SystemCertificates\CA\Certificates\8D4C4A23BA9EE84EA7348FA98CC6E65FBB69DE7B\Blob = 4b0000000100000044000000420032004600410046003700360039003200460044003900460046004200440036003400450044004500330031003700450034003200330033003400420041005f0000001800000001000000100000002aa1c05e2ae606f198c2c5e937c97aa2140000000100000014000000bbaf7e023dfaa6f13c848eadee3898ecd93232d40f0000000100000030000000a768343c4aeaced5c72f3571938864983a67ed49031c1da2495863caf65fe507011f7f0e70b6cb40e5631c07721be034040000000100000010000000ab9b109ce8934f11e7cd22ed550680da19000000010000001000000082218ffb91733e64136be5719f57c3a10300000001000000140000008d4c4a23ba9ee84ea7348fa98cc6e65fbb69de7b2000000001000000820500003082057e30820466a003020102021067def43ef17bdae24ff5940606d2c084300d06092a864886f70d01010c0500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a308185310b3009060355040613024742311b30190603550408131247726561746572204d616e636865737465723110300e0603550407130753616c666f7264311a3018060355040a1311434f4d4f444f204341204c696d69746564312b302906035504031322434f4d4f444f205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010091e85492d20a56b1ac0d24ddc5cf446774992b37a37d23700071bc53dfc4fa2a128f4b7f1056bd9f7072b7617fc94b0f17a73de3b00461eeff1197c7f4863e0afa3e5cf993e6347ad9146be79cb385a0827a76af7190d7ecfd0dfa9c6cfadfb082f4147ef9bec4a62f4f7f997fb5fc674372bd0c00d689eb6b2cd3ed8f981c14ab7ee5e36efcd8a8e49224da436b62b855fdeac1bc6cb68bf30e8d9ae49b6c6999f878483045d5ade10d3c4560fc32965127bc67c3ca2eb66bea46c7c720a0b11f65de4808baa44ea9f283463784ebe8cc814843674e722a9b5cbd4c1b288a5c227bb4ab98d9eee05183c309464e6d3e99fa9517da7c3357413c8d51ed0bb65caf2c631adf57c83fbce95dc49baf4599e2a35a24b4baa9563dcf6faaff4958bef0a8fff4b8ade937fbbab8f40b3af9e843421e89d884cb13f1d9bbe18960b88c2856ac141d9c0ae771ebcf0edd3da996a148bd3cf7afb50d224cc01181ec563bf6d3a2e25bb7b204225295809369e88e4c65f191032d707402ea8b671529695202bbd7df506a5546bfa0a328617f70d0c3a2aa2c21aa47ce289c064576bf821827b4d5aeb4cb50e66bf44c867130e9a6df1686e0d8ff40ddfbd042887fa3333a2e5c1e41118163ce18716b2beca68ab7315c3a6a47e0c37959d6201aaff26a98aa72bc574ad24b9dbb10fcb04c41e5ed1d3d5e289d9cccbfb351daa747e584530203010001a381f23081ef301f0603551d23041830168014a0110a233e96f107ece2af29ef82a57fd030a4b4301d0603551d0e04160414bbaf7e023dfaa6f13c848eadee3898ecd93232d4300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff30110603551d20040a300830060604551d200030430603551d1f043c303a3038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c303406082b0601050507010104283026302406082b060105050730018618687474703a2f2f6f6373702e636f6d6f646f63612e636f6d300d06092a864886f70d01010c050003820101007ff25635b06d954a4e74af3ae26f018b87d33297edf840d2775311d7c7162ec69de64856be80a9f8bc78d2c86317ae8ced1631fa1f18c90ec7ee48799fc7c9b9bccc8815e36861d19f1d4b6181d7560463c2086926f0f0e52fdfc00a2ba905f4025a6a89d7b4844295e3ebf776205e35d9c0cd2508134c71388e87b0338491991e91f1ac9e3fa71d60812c364154a0e246060bac1bc799368c5ea10ba49ed9424624c5c55b81aeada0a0dc9f36b88dc21d15fa88ad8110391f44f02b9fdd10540c0734b136d114fd07023dff7255ab27d62c814171298d41f450571a7e6560afcbc5287698aeb3a853768be621526bea21d0840e494e8853da922ee71d0866d7 | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F8DB7E1C16F1FFD4AAAD4AAD8DFF0F2445184AEB\Blob = 030000000100000014000000f8db7e1c16f1ffd4aaad4aad8dff0f2445184aeb20000000010000000906000030820605308203eda0030201020210078f0a9d03df119e434e4fec1bf0235a300d06092a864886f70d01010b0500308194310b3009060355040613025553311330110603550408130a57617368696e67746f6e3110300e060355040713075265646d6f6e64311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e313e303c060355040313354d6963726f736f667420446576656c6f706d656e7420526f6f7420436572746966696361746520417574686f726974792032303134301e170d3134303532383136343334365a170d3339303532383136353134385a308194310b3009060355040613025553311330110603550408130a57617368696e67746f6e3110300e060355040713075265646d6f6e64311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e313e303c060355040313354d6963726f736f667420446576656c6f706d656e7420526f6f7420436572746966696361746520417574686f72697479203230313430820222300d06092a864886f70d01010105000382020f003082020a0282020100c20f7f6d49bb39f04d943fe8fb4dc5eb3be1285ab9892a467ea5c333271d82893feb33a1876aeae882b9dac39d77d135c0cb833672a6571912bc15e2c83c7b83623414d5abb6de368ba15a71a65196a70633b3221d146253c2a5af9a40cabe2c485499e72a9368a769190b99693bc1b2acae94dc5fab7e02cade3ca774a68c10a0e5aeb69c35ef838b10e5972aba916b9a6a4595d9d054718e653fc48a53ca1e38470ae9d04184a5da1e66016504e6505b7735f5b42e29320cc6bf5f61ee3220b77c39f911faff605efec669f46f1e1ded1d06e7651e9a112e6344065f31431733e9a32682d44b83124fd2a126032548e13abd84f58ad5b46e1ae871200e45530167ade31e6be8b2e4abfdf53b8eba67af5984cc5c75d09daa5c72c42636a2ac324c6ab1f8331744d2a77d70eeeb70949abceaba1c104b635b38ddd2254504b2f0b35a7c0b0a8e21406437114d96694533e493839ef9b3b51c2b0571ea6dcce748b6b6de805010ca4938b35905704ebd9e880222586489eb40dab12d2d6a40885d23c33ed0f5d5b7908a28543962a2c5c6b1bf74cd8695f9456bccf207eaac5cd336f7a27ab5b472532a063ec337945858b14a71bb5ccd9cb2af109ad943363e528519e7422891118c8ce7bbdfe6c855087375f3960d86b7d2e506b2c08a54a86177207d6cd1feba68f3454aaf1184eb867d2f04f354ea20ffd5db3d250270870203010001a351304f300b0603551d0f040403020186300f0603551d130101ff040530030101ff301d0603551d0e041604148570009f77591e8cac3c9f77262819cc9ac18f32301006092b06010401823715010403020100300d06092a864886f70d01010b050003820201004f2574bd1f624f5f0ff74222d7d1d65304232ec5d5d7072b6b793b5f6d90ed1355d382f1f5028f3ef996267e0d421876fc6055825a86bd113339690fcee0b02bf15d19dfd8d2fa86a4cccdacf0d0ae9a8b2b248f03c1350d20b3dfc742ea77292e0a12fc0b1a458dd931840d8d02c0acfad212bf1e6a343eea8300a348754e72662da1a5129f37a85d4a7759cfd63afc30c5a609a5bfb108e3fb2c9f76c4fb4e611d6d23f3766985eb49bb0df73dd0aa05bcdd3d6e80445ed99a68ecc989c7e61a18f860a0e78cf6e6516f0ee025b863f9f9c20b8c3c9cb2f042cdbec3f5fe4929559c5e8696fba1ed6d2686e8b8208b5cc6e72d31c5aaca7d4b7da059a41efb5071e9afcfd6aa0d99de8e95269731a5f47f6df46815b8e3f7add8efd13875025ffd6d4efcb6fc2f451ba9cad11e7aff75181536c120e45f483a95eb7be4f5f6f4fec94b21a2a9ea8a9925cbe8444090d539b46b239b52bcc0c17e17666e650bf5741596a866ed856854b224e87588644589853c7a656b96e0f259ea4725660f6a1b0c3fd44ae64b26174709fed4d7b8e0cee72f94ad808b6770ccb77bcf1b2bb9d15bbdb8035cb1f01b412ce6535516e74a0e41089937e2a9d76d0e6a45e5ece388a9fdb69bc32820ceabc2936b516553bfa05e7b9d26349a514c8ca638d5865b3c55ee50ec000bcaacdcca10abdf189bd2ac0c8d084515af8535355ae526bc | C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F8DB7E1C16F1FFD4AAAD4AAD8DFF0F2445184AEB\Blob = 190000000100000010000000fdf830131f605511d717ae8f24143eea0f0000000100000020000000ed55f82e1444f79ca9dce826846fdc4e0ea3859e3d26efef412d2fff0c7c8e6c030000000100000014000000f8db7e1c16f1ffd4aaad4aad8dff0f2445184aeb1400000001000000140000008570009f77591e8cac3c9f77262819cc9ac18f3220000000010000000906000030820605308203eda0030201020210078f0a9d03df119e434e4fec1bf0235a300d06092a864886f70d01010b0500308194310b3009060355040613025553311330110603550408130a57617368696e67746f6e3110300e060355040713075265646d6f6e64311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e313e303c060355040313354d6963726f736f667420446576656c6f706d656e7420526f6f7420436572746966696361746520417574686f726974792032303134301e170d3134303532383136343334365a170d3339303532383136353134385a308194310b3009060355040613025553311330110603550408130a57617368696e67746f6e3110300e060355040713075265646d6f6e64311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e313e303c060355040313354d6963726f736f667420446576656c6f706d656e7420526f6f7420436572746966696361746520417574686f72697479203230313430820222300d06092a864886f70d01010105000382020f003082020a0282020100c20f7f6d49bb39f04d943fe8fb4dc5eb3be1285ab9892a467ea5c333271d82893feb33a1876aeae882b9dac39d77d135c0cb833672a6571912bc15e2c83c7b83623414d5abb6de368ba15a71a65196a70633b3221d146253c2a5af9a40cabe2c485499e72a9368a769190b99693bc1b2acae94dc5fab7e02cade3ca774a68c10a0e5aeb69c35ef838b10e5972aba916b9a6a4595d9d054718e653fc48a53ca1e38470ae9d04184a5da1e66016504e6505b7735f5b42e29320cc6bf5f61ee3220b77c39f911faff605efec669f46f1e1ded1d06e7651e9a112e6344065f31431733e9a32682d44b83124fd2a126032548e13abd84f58ad5b46e1ae871200e45530167ade31e6be8b2e4abfdf53b8eba67af5984cc5c75d09daa5c72c42636a2ac324c6ab1f8331744d2a77d70eeeb70949abceaba1c104b635b38ddd2254504b2f0b35a7c0b0a8e21406437114d96694533e493839ef9b3b51c2b0571ea6dcce748b6b6de805010ca4938b35905704ebd9e880222586489eb40dab12d2d6a40885d23c33ed0f5d5b7908a28543962a2c5c6b1bf74cd8695f9456bccf207eaac5cd336f7a27ab5b472532a063ec337945858b14a71bb5ccd9cb2af109ad943363e528519e7422891118c8ce7bbdfe6c855087375f3960d86b7d2e506b2c08a54a86177207d6cd1feba68f3454aaf1184eb867d2f04f354ea20ffd5db3d250270870203010001a351304f300b0603551d0f040403020186300f0603551d130101ff040530030101ff301d0603551d0e041604148570009f77591e8cac3c9f77262819cc9ac18f32301006092b06010401823715010403020100300d06092a864886f70d01010b050003820201004f2574bd1f624f5f0ff74222d7d1d65304232ec5d5d7072b6b793b5f6d90ed1355d382f1f5028f3ef996267e0d421876fc6055825a86bd113339690fcee0b02bf15d19dfd8d2fa86a4cccdacf0d0ae9a8b2b248f03c1350d20b3dfc742ea77292e0a12fc0b1a458dd931840d8d02c0acfad212bf1e6a343eea8300a348754e72662da1a5129f37a85d4a7759cfd63afc30c5a609a5bfb108e3fb2c9f76c4fb4e611d6d23f3766985eb49bb0df73dd0aa05bcdd3d6e80445ed99a68ecc989c7e61a18f860a0e78cf6e6516f0ee025b863f9f9c20b8c3c9cb2f042cdbec3f5fe4929559c5e8696fba1ed6d2686e8b8208b5cc6e72d31c5aaca7d4b7da059a41efb5071e9afcfd6aa0d99de8e95269731a5f47f6df46815b8e3f7add8efd13875025ffd6d4efcb6fc2f451ba9cad11e7aff75181536c120e45f483a95eb7be4f5f6f4fec94b21a2a9ea8a9925cbe8444090d539b46b239b52bcc0c17e17666e650bf5741596a866ed856854b224e87588644589853c7a656b96e0f259ea4725660f6a1b0c3fd44ae64b26174709fed4d7b8e0cee72f94ad808b6770ccb77bcf1b2bb9d15bbdb8035cb1f01b412ce6535516e74a0e41089937e2a9d76d0e6a45e5ece388a9fdb69bc32820ceabc2936b516553bfa05e7b9d26349a514c8ca638d5865b3c55ee50ec000bcaacdcca10abdf189bd2ac0c8d084515af8535355ae526bc | C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\31D019FC7AB697D57D9C4AFB340ED7C4D10400DF | C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 0f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030853000000010000002600000030243022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c00b00000001000000180000004300b7004f00b7004d00b7004f00b7004400b7004f000000140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b41d00000001000000100000002e0d6875874a44c820912e85e964cfdb030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e349200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\D70D7D00CA12E1B3E20F3BF7534DEB2C2E7C2404\Blob = 030000000100000014000000d70d7d00ca12e1b3e20f3bf7534deb2c2e7c24042000000001000000530500003082054f30820437a00302010202102f9f0a1d6764b5a6378747247087ba73300d06092a864886f70d01010b0500307d310b3009060355040613024742311b30190603550408131247726561746572204d616e636865737465723110300e0603550407130753616c666f7264311a3018060355040a1311434f4d4f444f204341204c696d69746564312330210603550403131a434f4d4f444f2052534120436f6465205369676e696e67204341301e170d3138313231313030303030305a170d3139313231313233353935395a3081b8310b3009060355040613025553310e300c06035504110c0530373031333113301106035504080c0a4e6577204a65727365793110300e06035504070c07436c6966746f6e3112301006035504090c095375697465203130303116301406035504090c0d313235352042726f616420537431223020060355040a0c19436f6d6f646f20536563757269747920536f6c7574696f6e733122302006035504030c19436f6d6f646f20536563757269747920536f6c7574696f6e7330820122300d06092a864886f70d01010105000382010f003082010a0282010100c1b2eafc6255d7a7780082967ba911a65b8160e697a9c81ae0816002356644b714895808a67b22551d87b879e80d0c1bff7bd847e1486bad3c3caa8c6f3258a7311f8b03c68c9ec5947950e57a1f99f4b47b8faaf46e282f68155ae6e8f13c9c125b5eb83ae4e63ee6081d0e8aae4f090175a538422b38e0600bd94b21b313567934ee959ddd6ab7ef62bce25dada05d7de6a75cefeffdcba6a1fc8e1ef7aa6d3e5ab328732c3d31759a20d7e69cef60ac9d152041dbd85167a78329f3a80fee19ea9edb102448aa9f5774794ecb560de2faa348f278b846a2a5d8238d5e4e4cd2a82f0e37415af2dc63f34f3e179aa1cae7290b411aaf5aa6acf5404ebe98130203010001a382018d30820189301f0603551d23041830168014299160ff8a4dfaebf9a66ab8cff9e64bbd49ce12301d0603551d0e041604146c5f99825f4ba8d4c19bae5169bab32fae7816ca300e0603551d0f0101ff040403020780300c0603551d130101ff0402300030130603551d25040c300a06082b06010505070303301106096086480186f842010104040302041030460603551d20043f303d303b060c2b06010401b2310102010302302b302906082b06010505070201161d68747470733a2f2f7365637572652e636f6d6f646f2e6e65742f43505330430603551d1f043c303a3038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f434f4d4f444f525341436f64655369676e696e6743412e63726c307406082b0601050507010104683066303e06082b060105050730028632687474703a2f2f6372742e636f6d6f646f63612e636f6d2f434f4d4f444f525341436f64655369676e696e6743412e637274302406082b060105050730018618687474703a2f2f6f6373702e636f6d6f646f63612e636f6d300d06092a864886f70d01010b050003820101000f718c2aa40e9c44a95e1eca3844097ddb7fba896b5f5c73a6b9aede1d29f0e432f41c8a45ce38b1f52df73f45e67907a03ac58d407b3077b1cae246a54544ee365bcee4bf0f4cecc47b01e98d0478d8f4c93e2c582aa472577de9c67a0a8c2e37635e626258675e0e6669babee331594abed516679e8f1b14d7a65dc1b76ab33412689b135cf855335748e2d1998759e5b95f68d418d5486d385d0db7a8fa30e58e84f57bb7ec3f45efa549fab71775c822ec846545b6fc0ef1d3c2dad34940657088fc5f773a1cbe24f9228f9dd7e9611d5d682998c6041ba580a789f5571da01d6723784bbcec4fded61d0ba31e37fbc10c3dfe06169df4670c8d454019f7 | C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F8DB7E1C16F1FFD4AAAD4AAD8DFF0F2445184AEB\Blob = 0f0000000100000020000000ed55f82e1444f79ca9dce826846fdc4e0ea3859e3d26efef412d2fff0c7c8e6c030000000100000014000000f8db7e1c16f1ffd4aaad4aad8dff0f2445184aeb20000000010000000906000030820605308203eda0030201020210078f0a9d03df119e434e4fec1bf0235a300d06092a864886f70d01010b0500308194310b3009060355040613025553311330110603550408130a57617368696e67746f6e3110300e060355040713075265646d6f6e64311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e313e303c060355040313354d6963726f736f667420446576656c6f706d656e7420526f6f7420436572746966696361746520417574686f726974792032303134301e170d3134303532383136343334365a170d3339303532383136353134385a308194310b3009060355040613025553311330110603550408130a57617368696e67746f6e3110300e060355040713075265646d6f6e64311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e313e303c060355040313354d6963726f736f667420446576656c6f706d656e7420526f6f7420436572746966696361746520417574686f72697479203230313430820222300d06092a864886f70d01010105000382020f003082020a0282020100c20f7f6d49bb39f04d943fe8fb4dc5eb3be1285ab9892a467ea5c333271d82893feb33a1876aeae882b9dac39d77d135c0cb833672a6571912bc15e2c83c7b83623414d5abb6de368ba15a71a65196a70633b3221d146253c2a5af9a40cabe2c485499e72a9368a769190b99693bc1b2acae94dc5fab7e02cade3ca774a68c10a0e5aeb69c35ef838b10e5972aba916b9a6a4595d9d054718e653fc48a53ca1e38470ae9d04184a5da1e66016504e6505b7735f5b42e29320cc6bf5f61ee3220b77c39f911faff605efec669f46f1e1ded1d06e7651e9a112e6344065f31431733e9a32682d44b83124fd2a126032548e13abd84f58ad5b46e1ae871200e45530167ade31e6be8b2e4abfdf53b8eba67af5984cc5c75d09daa5c72c42636a2ac324c6ab1f8331744d2a77d70eeeb70949abceaba1c104b635b38ddd2254504b2f0b35a7c0b0a8e21406437114d96694533e493839ef9b3b51c2b0571ea6dcce748b6b6de805010ca4938b35905704ebd9e880222586489eb40dab12d2d6a40885d23c33ed0f5d5b7908a28543962a2c5c6b1bf74cd8695f9456bccf207eaac5cd336f7a27ab5b472532a063ec337945858b14a71bb5ccd9cb2af109ad943363e528519e7422891118c8ce7bbdfe6c855087375f3960d86b7d2e506b2c08a54a86177207d6cd1feba68f3454aaf1184eb867d2f04f354ea20ffd5db3d250270870203010001a351304f300b0603551d0f040403020186300f0603551d130101ff040530030101ff301d0603551d0e041604148570009f77591e8cac3c9f77262819cc9ac18f32301006092b06010401823715010403020100300d06092a864886f70d01010b050003820201004f2574bd1f624f5f0ff74222d7d1d65304232ec5d5d7072b6b793b5f6d90ed1355d382f1f5028f3ef996267e0d421876fc6055825a86bd113339690fcee0b02bf15d19dfd8d2fa86a4cccdacf0d0ae9a8b2b248f03c1350d20b3dfc742ea77292e0a12fc0b1a458dd931840d8d02c0acfad212bf1e6a343eea8300a348754e72662da1a5129f37a85d4a7759cfd63afc30c5a609a5bfb108e3fb2c9f76c4fb4e611d6d23f3766985eb49bb0df73dd0aa05bcdd3d6e80445ed99a68ecc989c7e61a18f860a0e78cf6e6516f0ee025b863f9f9c20b8c3c9cb2f042cdbec3f5fe4929559c5e8696fba1ed6d2686e8b8208b5cc6e72d31c5aaca7d4b7da059a41efb5071e9afcfd6aa0d99de8e95269731a5f47f6df46815b8e3f7add8efd13875025ffd6d4efcb6fc2f451ba9cad11e7aff75181536c120e45f483a95eb7be4f5f6f4fec94b21a2a9ea8a9925cbe8444090d539b46b239b52bcc0c17e17666e650bf5741596a866ed856854b224e87588644589853c7a656b96e0f259ea4725660f6a1b0c3fd44ae64b26174709fed4d7b8e0cee72f94ad808b6770ccb77bcf1b2bb9d15bbdb8035cb1f01b412ce6535516e74a0e41089937e2a9d76d0e6a45e5ece388a9fdb69bc32820ceabc2936b516553bfa05e7b9d26349a514c8ca638d5865b3c55ee50ec000bcaacdcca10abdf189bd2ac0c8d084515af8535355ae526bc | C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\D70D7D00CA12E1B3E20F3BF7534DEB2C2E7C2404 | C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\31D019FC7AB697D57D9C4AFB340ED7C4D10400DF\Blob = 0f0000000100000020000000c6dcba6192a502eb4e7caebea466be00c8abbf2269740faa6156a5341ba0a2be03000000010000001400000031d019fc7ab697d57d9c4afb340ed7c4d10400df2000000001000000250600003082062130820509a00302010202101b427b060e2866bfb586cc267e1c3eaa300d06092a864886f70d01010b0500308191310b3009060355040613024742311b30190603550408131247726561746572204d616e636865737465723110300e0603550407130753616c666f7264311a3018060355040a1311434f4d4f444f204341204c696d69746564313730350603550403132e434f4d4f444f2052534120457874656e6465642056616c69646174696f6e20436f6465205369676e696e67204341301e170d3138313230343030303030305a170d3231313230333233353935395a308201093110300e060355040513073339313038303531133011060b2b0601040182373c0201031302555331193017060b2b0601040182373c020102130844656c6177617265311d301b060355040f131450726976617465204f7267616e697a6174696f6e310b3009060355040613025553310e300c06035504110c053037303133310b300906035504080c024e4a3110300e06035504070c07436c6966746f6e3116301406035504090c0d313235352042726f616420537431283026060355040a0c1f436f6d6f646f20536563757269747920536f6c7574696f6e732c20496e632e3128302606035504030c1f436f6d6f646f20536563757269747920536f6c7574696f6e732c20496e632e30820122300d06092a864886f70d01010105000382010f003082010a0282010100ad390c8bc919005d5894a91a9585ef887fbd7c2341ff5ebb3efc6f645a66c55e6da11febce740e53ed9416284dfc7d142e4dc21f99753b5f60ae9aadc764b59efd9ffd33b20ae1c54eba629408a1b095a59cf4af0ad9db9bc494250154dcd0edefcec62e4b248d9a793b703aa15255baf3553fa59d4dc558ba4303af630bb626cd6627e0c4a45764ec3b286c38ab2499f9dc13eefdffa7841297ff533b47061b9aa3ff09ee3f04a7b10ba70894e53f3352b1f60eddfc021a66546e3392795bb6ae49a92f189ec2a7cdd9a935fab33a5ce7fc16c4b7e8ca13b4551d38a6a7c0658298a5adf5f6796675f58e1bb4ce410ff704bc5e845bc1ef83c18a0d50e137370203010001a38201f8308201f4301f0603551d23041830168014df8ff3200ce9caa604d85b58372a3dab46dc8349301d0603551d0e041604142d99b81962209042dc650eb36ec07ad996e48c4d300e0603551d0f0101ff040403020780300c0603551d130101ff0402300030130603551d25040c300a06082b06010505070303301106096086480186f842010104040302041030460603551d20043f303d303b060c2b06010401b2310102010601302b302906082b06010505070201161d68747470733a2f2f7365637572652e636f6d6f646f2e636f6d2f43505330550603551d1f044e304c304aa048a0468644687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f434f4d4f444f525341457874656e64656456616c69646174696f6e436f64655369676e696e6743412e63726c30818606082b06010505070101047a3078305006082b060105050730028644687474703a2f2f6372742e636f6d6f646f63612e636f6d2f434f4d4f444f525341457874656e64656456616c69646174696f6e436f64655369676e696e6743412e637274302406082b060105050730018618687474703a2f2f6f6373702e636f6d6f646f63612e636f6d30440603551d11043d303ba02306082b06010505070803a01730150c1355532d44454c41574152452d33393130383035811473636f742e7765697240636f6d6f646f2e636f6d300d06092a864886f70d01010b050003820101007f4d3e6594a3e380fac36b00e97ccacce4786be2ecc13cf37e737aaca0328bb8bfdcd513daff94aba1c7ee00cc8a3bd073157a812f6e31f772781d0bb922a8b86932b296c2312cdf3b239c42bb443b4b1b89b36de34a7fae65ac63eb6ead8812f8d373fa6f1a4e8d9e62eb004caae3639e41e08ed48d640b04725b09b4411dc083587e7fe24b33d90677677960efa6299cc85c4b2bfae4cdfe36581d25e029f6af1a7e77f502882d87597f3cc5bb450a71f9fd57f43b321baa4cbe5213a48a2c5b785a9de4103d5029e4db79403e98784e51379d45a86996b183469e98470731d1a603eaa443a05527aca62f51631722dc0dfe5d74c8298d2aed885d34c9be61 | C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 1900000001000000100000002aa1c05e2ae606f198c2c5e937c97aa2030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e3491d00000001000000100000002e0d6875874a44c820912e85e964cfdb140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b40b00000001000000180000004300b7004f00b7004d00b7004f00b7004400b7004f00000053000000010000002600000030243022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b060105050703080f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\D70D7D00CA12E1B3E20F3BF7534DEB2C2E7C2404 | C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\6CD253D636A7B4D0E0981431BC064061A9853ED9\Blob = 0f00000001000000200000006f962c708f9b1bde348d5d34a63756527055479d67e82040573e57c7f633154d0300000001000000140000006cd253d636a7b4d0e0981431bc064061a9853ed920000000010000001b06000030820617308204ffa003020102021032327facb1bd6f1fa93473ccc515fd82300d06092a864886f70d01010b0500308191310b3009060355040613024742311b30190603550408131247726561746572204d616e636865737465723110300e0603550407130753616c666f7264311a3018060355040a1311434f4d4f444f204341204c696d69746564313730350603550403132e434f4d4f444f2052534120457874656e6465642056616c69646174696f6e20436f6465205369676e696e67204341301e170d3138303132343030303030305a170d3231303132333233353935395a308201153110300e060355040513073339313038303531133011060b2b0601040182373c0201031302555331193017060b2b0601040182373c020102130844656c6177617265311d301b060355040f131450726976617465204f7267616e697a6174696f6e310b3009060355040613025553310e300c06035504110c0530373031333113301106035504080c0a4e6577204a65727365793110300e06035504070c07436c6966746f6e311a301806035504090c11313235352042726f61642053747265657431283026060355040a0c1f436f6d6f646f20536563757269747920536f6c7574696f6e732c20496e632e3128302606035504030c1f436f6d6f646f20536563757269747920536f6c7574696f6e732c20496e632e30820122300d06092a864886f70d01010105000382010f003082010a0282010100b7713778a66667b8cd67f828f378f80a5507c4e8aa143cfd5b9b953ab16d04a965dcd386a35efe8378c1e0e5ceaf124f188102958962014e493cd80f11fc2ba339953a8bb71a9f030ebbe8742b4252ab465a2d41a829508a9eef5d34d171fcf0b5be026fe15e1a70288b2ecd4af1332924d53c0eefe5c7033482769cae8b5c5e8d59033fac40e94d714c5cd05e8db6f0edb71bb26565d52a025f35323203e9a7846d00a235f973d1e43f29a81dcd1bfef625d373f94a51cc8d2be8ee69702a73a694da69d9b0fbae7d1dee353683a2037a2019b9260a1b53f6c89d945b384c275670bdfac333301504af00749373356a1e7a422eb9363bdab713f9ad6b5bb1970203010001a38201e2308201de301f0603551d23041830168014df8ff3200ce9caa604d85b58372a3dab46dc8349301d0603551d0e04160414e18081b3e9396b7109e8b2add6c3d20ebf4b4814300e0603551d0f0101ff040403020780300c0603551d130101ff0402300030130603551d25040c300a06082b06010505070303301106096086480186f842010104040302041030460603551d20043f303d303b060c2b06010401b2310102010601302b302906082b06010505070201161d68747470733a2f2f7365637572652e636f6d6f646f2e636f6d2f43505330550603551d1f044e304c304aa048a0468644687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f434f4d4f444f525341457874656e64656456616c69646174696f6e436f64655369676e696e6743412e63726c30818606082b06010505070101047a3078305006082b060105050730028644687474703a2f2f6372742e636f6d6f646f63612e636f6d2f434f4d4f444f525341457874656e64656456616c69646174696f6e436f64655369676e696e6743412e637274302406082b060105050730018618687474703a2f2f6f6373702e636f6d6f646f63612e636f6d302e0603551d1104273025a02306082b06010505070803a01730150c1355532d44454c41574152452d33393130383035300d06092a864886f70d01010b050003820101004bc17929ea82f3c4787f7b29b69edb09e169797a9f4cd233f035412d2b9c586e352d2c0d1cd530a946a91ccd8858453573f0b45a0cdc743d662af4761420489adadbd9a84915b697f96ed1e49786c53000eb12555d3b2957eec18279326020737e2e3e4d621856026169ad6f6cf18ee7b59d5b6a7e6d8c252fa1a15363ec89a6efe5efdf4b260ad35c6a0e1db0250d1eb66ea7b91f15e0f57ecc0541e1ad74a2069f717dec0b1f03101b6812c13f64264f8c40a3614ffb8ccabedb974cda14eb50c061d5cd23dc7735cd0bcfdcef3fd178c1f95594a591031d05c8554cb5fe6fd23cb95931bf847f5b525a269aeac0336313e8f6e81ccb1692d86993724f709e | C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\D70D7D00CA12E1B3E20F3BF7534DEB2C2E7C2404\Blob = 0f00000001000000200000008f4390d93853f6a1a1b71fdc231e030586f8213a5846c95d90b527f5c6dbd80f030000000100000014000000d70d7d00ca12e1b3e20f3bf7534deb2c2e7c24042000000001000000530500003082054f30820437a00302010202102f9f0a1d6764b5a6378747247087ba73300d06092a864886f70d01010b0500307d310b3009060355040613024742311b30190603550408131247726561746572204d616e636865737465723110300e0603550407130753616c666f7264311a3018060355040a1311434f4d4f444f204341204c696d69746564312330210603550403131a434f4d4f444f2052534120436f6465205369676e696e67204341301e170d3138313231313030303030305a170d3139313231313233353935395a3081b8310b3009060355040613025553310e300c06035504110c0530373031333113301106035504080c0a4e6577204a65727365793110300e06035504070c07436c6966746f6e3112301006035504090c095375697465203130303116301406035504090c0d313235352042726f616420537431223020060355040a0c19436f6d6f646f20536563757269747920536f6c7574696f6e733122302006035504030c19436f6d6f646f20536563757269747920536f6c7574696f6e7330820122300d06092a864886f70d01010105000382010f003082010a0282010100c1b2eafc6255d7a7780082967ba911a65b8160e697a9c81ae0816002356644b714895808a67b22551d87b879e80d0c1bff7bd847e1486bad3c3caa8c6f3258a7311f8b03c68c9ec5947950e57a1f99f4b47b8faaf46e282f68155ae6e8f13c9c125b5eb83ae4e63ee6081d0e8aae4f090175a538422b38e0600bd94b21b313567934ee959ddd6ab7ef62bce25dada05d7de6a75cefeffdcba6a1fc8e1ef7aa6d3e5ab328732c3d31759a20d7e69cef60ac9d152041dbd85167a78329f3a80fee19ea9edb102448aa9f5774794ecb560de2faa348f278b846a2a5d8238d5e4e4cd2a82f0e37415af2dc63f34f3e179aa1cae7290b411aaf5aa6acf5404ebe98130203010001a382018d30820189301f0603551d23041830168014299160ff8a4dfaebf9a66ab8cff9e64bbd49ce12301d0603551d0e041604146c5f99825f4ba8d4c19bae5169bab32fae7816ca300e0603551d0f0101ff040403020780300c0603551d130101ff0402300030130603551d25040c300a06082b06010505070303301106096086480186f842010104040302041030460603551d20043f303d303b060c2b06010401b2310102010302302b302906082b06010505070201161d68747470733a2f2f7365637572652e636f6d6f646f2e6e65742f43505330430603551d1f043c303a3038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f434f4d4f444f525341436f64655369676e696e6743412e63726c307406082b0601050507010104683066303e06082b060105050730028632687474703a2f2f6372742e636f6d6f646f63612e636f6d2f434f4d4f444f525341436f64655369676e696e6743412e637274302406082b060105050730018618687474703a2f2f6f6373702e636f6d6f646f63612e636f6d300d06092a864886f70d01010b050003820101000f718c2aa40e9c44a95e1eca3844097ddb7fba896b5f5c73a6b9aede1d29f0e432f41c8a45ce38b1f52df73f45e67907a03ac58d407b3077b1cae246a54544ee365bcee4bf0f4cecc47b01e98d0478d8f4c93e2c582aa472577de9c67a0a8c2e37635e626258675e0e6669babee331594abed516679e8f1b14d7a65dc1b76ab33412689b135cf855335748e2d1998759e5b95f68d418d5486d385d0db7a8fa30e58e84f57bb7ec3f45efa549fab71775c822ec846545b6fc0ef1d3c2dad34940657088fc5f773a1cbe24f9228f9dd7e9611d5d682998c6041ba580a789f5571da01d6723784bbcec4fded61d0ba31e37fbc10c3dfe06169df4670c8d454019f7 | C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 040000000100000010000000497904b0eb8719ac47b0bc11519b74d00f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030853000000010000002600000030243022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c00b00000001000000180000004300b7004f00b7004d00b7004f00b7004400b7004f000000140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b41d00000001000000100000002e0d6875874a44c820912e85e964cfdb030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e3491900000001000000100000002aa1c05e2ae606f198c2c5e937c97aa2200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\SystemCertificates\CA\Certificates\8D4C4A23BA9EE84EA7348FA98CC6E65FBB69DE7B | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\SystemCertificates\CA\Certificates\D89E3BD43D5D909B47A18977AA9D5CE36CEE184C\Blob = 030000000100000014000000d89e3bd43d5d909b47a18977aa9d5ce36cee184c1400000001000000140000005379bf5aaa2b4acf5480e1d89bc09df2b20366cb040000000100000010000000285ec909c4ab0d2d57f5086b225799aa0f000000010000003000000013baa039635f1c5292a8c2f36aae7e1d25c025202e9092f5b0f53f5f752dfa9c71b3d1b8d9a6358fcee6ec75622fabf9190000000100000010000000ea6089055218053dd01e37e1d806eedf1800000001000000100000002aa1c05e2ae606f198c2c5e937c97aa22000000001000000850500003082058130820469a00302010202103972443af922b751d7d36c10dd313595300d06092a864886f70d01010c0500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3139303331323030303030305a170d3238313233313233353935395a308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010080126517360ec3db08b3d0ac570d76edcd27d34cad508361e2aa204d092d6409dcce899fcc3da9ecf6cfc1dcf1d3b1d67b3728112b47da39c6bc3a19b45fa6bd7d9da36342b676f2a93b2b91f8e26fd0ec162090093ee2e874c918b491d46264db7fa306f188186a90223cbcfe13f087147bf6e41f8ed4e451c61167460851cb8614543fbc33fe7e6c9cff169d18bd518e35a6a766c87267db2166b1d49b7803c0503ae8ccf0dcbc9e4cfeaf0596351f575ab7ffcef93db72cb6f654ddc8e7123a4dae4c8ab75c9ab4b7203dca7f2234ae7e3b68660144e7014e46539b3360f794be5337907343f332c353efdbaafe744e69c76b8c6093dec4c70cdfe132aecc933b517895678bee3d56fe0cd0690f1b0ff325266b336df76e47fa7343e57e0ea566b1297c3284635589c40dc19354301913acd37d37a7eb5d3a6c355cdb41d712daa9490bdfd8808a0993628eb566cf2588cd84b8b13fa4390fd9029eeb124c957cf36b05a95e1683ccb867e2e8139dcc5b82d34cb3ed5bffdee573ac233b2d00bf3555740949d849581a7f9236e651920ef3267d1c4d17bcc9ec4326d0bf415f40a94444f499e757879e501f5754a83efd74632fb1506509e658422e431a4cb4f0254759fa041e93d426464a5081b2debe78b7fc6715e1c957841e0f63d6e962bad65f552eea5cc62808042539b80e2ba9f24c971c073f0d52f5edef2f820f0203010001a381f23081ef301f0603551d23041830168014a0110a233e96f107ece2af29ef82a57fd030a4b4301d0603551d0e041604145379bf5aaa2b4acf5480e1d89bc09df2b20366cb300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff30110603551d20040a300830060604551d200030430603551d1f043c303a3038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c303406082b0601050507010104283026302406082b060105050730018618687474703a2f2f6f6373702e636f6d6f646f63612e636f6d300d06092a864886f70d01010c05000382010100188751dc74213d9c8ae027b733d02eccecf0e6cb5e11de226f9b758e9e72fee4d6feaa1f9c962def034a7eaef48d6f723c433bc03febb8df5caaa9c6aef2fcd8eea37b43f686367c14e0cdf4f73ffedeb8b48af09196fefd43647efdccd201a17d7df81919c9422b13bf588bbaa4a266047688914e0c8914cea24dc932b3bae8141abc71f15bf0410b98000a220310e50cb1f9cd923719ed3bf1e43ab6f945132675afbbaaef3f7b773bd2c402913d1900d3175c39db3f7b180d45cd9385962f5ddf59164f3f51bdd545183fed4a8ee80661742316b50d50732744477f105d892a6b853114c4e8a96a4c80bc6a78cfb87f8e7672990c9dfed7910816a1a35f95 | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\E35E6F46A1A9A4D18A4DAA298BDA4D1E8879236E\Blob = 030000000100000014000000e35e6f46a1a9a4d18a4daa298bda4d1e8879236e20000000010000005f0500003082055b30820443a003020102021100d9218e2757ec45d84ec08b3e6700c85e300d06092a864886f70d0101050500307b310b3009060355040613024742311b30190603550408131247726561746572204d616e636865737465723110300e0603550407130753616c666f7264311a3018060355040a1311434f4d4f444f204341204c696d697465643121301f06035504031318434f4d4f444f20436f6465205369676e696e672043412032301e170d3138313231313030303030305a170d3139303730373233353935395a3081a8310b3009060355040613025553310e300c06035504110c053037303133310b300906035504080c024e4a3110300e06035504070c07436c6966746f6e3116301406035504090c0d313235352042726f616420537431283026060355040a0c1f436f6d6f646f20536563757269747920536f6c7574696f6e732c20496e632e3128302606035504030c1f436f6d6f646f20536563757269747920536f6c7574696f6e732c20496e632e30820122300d06092a864886f70d01010105000382010f003082010a0282010100b73a668ff7984c8d990d7c6e51df5176c7842cc1bf351c27286c6139f4831fc718a35b0fa9145f0887de8bce335e8e3e12fce763cab5deeae08e0bf325cd79a4fbb328d7c7f7d53de51bd3c05c5966b634a9b1fc4362afd0267f927dd90a52b6a5f5f0e29c8e94dfe4199b2cf31142bb480e95ecb92b6ca20ecd71ff210df9655e9e9ac856ad7aab929b843052d4a21c27ea4054a9f4e8c4cd88943b1a4d3a58b3e06eb654c6c09cef472d6fb0d05a841ce229b53a5d36bd08cbfdc552f7c758efaa7824c1d27e30a83d7a9cecaab4bd91b2cbd60d1335fc4ac0f0294dd2eeb3f65139467761f091840246ff644edbfacb9ffd7ef2823fd9eea312dd299a39af0203010001a38201aa308201a6301f0603551d230418301680141ec5b12c7d87da02687c25bc0c07843fb6cfdef1301d0603551d0e041604147c4f2b645af103043ca7675e8c129c16dee7164c300e0603551d0f0101ff040403020780300c0603551d130101ff0402300030130603551d25040c300a06082b06010505070303301106096086480186f842010104040302041030460603551d20043f303d303b060c2b06010401b2310102010302302b302906082b06010505070201161d68747470733a2f2f7365637572652e636f6d6f646f2e6e65742f43505330410603551d1f043a30383036a034a0328630687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f434f4d4f444f436f64655369676e696e674341322e63726c307206082b0601050507010104663064303c06082b060105050730028630687474703a2f2f6372742e636f6d6f646f63612e636f6d2f434f4d4f444f436f64655369676e696e674341322e637274302406082b060105050730018618687474703a2f2f6f6373702e636f6d6f646f63612e636f6d301f0603551d1104183016811473636f742e7765697240636f6d6f646f2e636f6d300d06092a864886f70d01010505000382010100b33c0fee4668b9e86cd777fa94eb47dcaee7fb5b9b897b9458b12e511a194b6ad495ea4b6b820d1c7cd26badf92cfc13aaa9e66157a55545c7ea71460a4fa4e30e46b9ac16a36e94a1fcbc62b2abe402d2a58773344c4b23a0d907a9760029595421e478da67167f80876012443cd22573dc3806cdedbc6c8c4ed255bd926cecc7796ec36fb225d084f31afb5e5a2e86d26149212dda8aed2058ef0d7e7e677b463a7722431a0b5c0b9dc385b7d2e73bd781ee111c8f7e36d76e1db1f6ac98784227ed97cde3762d079741984d146a8ff96e411c1b1e4e711cd00a6150532ffaa13702a81f4514eae48ca0b98d8642a6cfe7711dc67d1b857bfecb4e863bc1f9 | C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F8DB7E1C16F1FFD4AAAD4AAD8DFF0F2445184AEB | C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349 | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\6CD253D636A7B4D0E0981431BC064061A9853ED9\Blob = 0300000001000000140000006cd253d636a7b4d0e0981431bc064061a9853ed920000000010000001b06000030820617308204ffa003020102021032327facb1bd6f1fa93473ccc515fd82300d06092a864886f70d01010b0500308191310b3009060355040613024742311b30190603550408131247726561746572204d616e636865737465723110300e0603550407130753616c666f7264311a3018060355040a1311434f4d4f444f204341204c696d69746564313730350603550403132e434f4d4f444f2052534120457874656e6465642056616c69646174696f6e20436f6465205369676e696e67204341301e170d3138303132343030303030305a170d3231303132333233353935395a308201153110300e060355040513073339313038303531133011060b2b0601040182373c0201031302555331193017060b2b0601040182373c020102130844656c6177617265311d301b060355040f131450726976617465204f7267616e697a6174696f6e310b3009060355040613025553310e300c06035504110c0530373031333113301106035504080c0a4e6577204a65727365793110300e06035504070c07436c6966746f6e311a301806035504090c11313235352042726f61642053747265657431283026060355040a0c1f436f6d6f646f20536563757269747920536f6c7574696f6e732c20496e632e3128302606035504030c1f436f6d6f646f20536563757269747920536f6c7574696f6e732c20496e632e30820122300d06092a864886f70d01010105000382010f003082010a0282010100b7713778a66667b8cd67f828f378f80a5507c4e8aa143cfd5b9b953ab16d04a965dcd386a35efe8378c1e0e5ceaf124f188102958962014e493cd80f11fc2ba339953a8bb71a9f030ebbe8742b4252ab465a2d41a829508a9eef5d34d171fcf0b5be026fe15e1a70288b2ecd4af1332924d53c0eefe5c7033482769cae8b5c5e8d59033fac40e94d714c5cd05e8db6f0edb71bb26565d52a025f35323203e9a7846d00a235f973d1e43f29a81dcd1bfef625d373f94a51cc8d2be8ee69702a73a694da69d9b0fbae7d1dee353683a2037a2019b9260a1b53f6c89d945b384c275670bdfac333301504af00749373356a1e7a422eb9363bdab713f9ad6b5bb1970203010001a38201e2308201de301f0603551d23041830168014df8ff3200ce9caa604d85b58372a3dab46dc8349301d0603551d0e04160414e18081b3e9396b7109e8b2add6c3d20ebf4b4814300e0603551d0f0101ff040403020780300c0603551d130101ff0402300030130603551d25040c300a06082b06010505070303301106096086480186f842010104040302041030460603551d20043f303d303b060c2b06010401b2310102010601302b302906082b06010505070201161d68747470733a2f2f7365637572652e636f6d6f646f2e636f6d2f43505330550603551d1f044e304c304aa048a0468644687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f434f4d4f444f525341457874656e64656456616c69646174696f6e436f64655369676e696e6743412e63726c30818606082b06010505070101047a3078305006082b060105050730028644687474703a2f2f6372742e636f6d6f646f63612e636f6d2f434f4d4f444f525341457874656e64656456616c69646174696f6e436f64655369676e696e6743412e637274302406082b060105050730018618687474703a2f2f6f6373702e636f6d6f646f63612e636f6d302e0603551d1104273025a02306082b06010505070803a01730150c1355532d44454c41574152452d33393130383035300d06092a864886f70d01010b050003820101004bc17929ea82f3c4787f7b29b69edb09e169797a9f4cd233f035412d2b9c586e352d2c0d1cd530a946a91ccd8858453573f0b45a0cdc743d662af4761420489adadbd9a84915b697f96ed1e49786c53000eb12555d3b2957eec18279326020737e2e3e4d621856026169ad6f6cf18ee7b59d5b6a7e6d8c252fa1a15363ec89a6efe5efdf4b260ad35c6a0e1db0250d1eb66ea7b91f15e0f57ecc0541e1ad74a2069f717dec0b1f03101b6812c13f64264f8c40a3614ffb8ccabedb974cda14eb50c061d5cd23dc7735cd0bcfdcef3fd178c1f95594a591031d05c8554cb5fe6fd23cb95931bf847f5b525a269aeac0336313e8f6e81ccb1692d86993724f709e | C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F8DB7E1C16F1FFD4AAAD4AAD8DFF0F2445184AEB | C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F8DB7E1C16F1FFD4AAAD4AAD8DFF0F2445184AEB\Blob = 1400000001000000140000008570009f77591e8cac3c9f77262819cc9ac18f32030000000100000014000000f8db7e1c16f1ffd4aaad4aad8dff0f2445184aeb0f0000000100000020000000ed55f82e1444f79ca9dce826846fdc4e0ea3859e3d26efef412d2fff0c7c8e6c20000000010000000906000030820605308203eda0030201020210078f0a9d03df119e434e4fec1bf0235a300d06092a864886f70d01010b0500308194310b3009060355040613025553311330110603550408130a57617368696e67746f6e3110300e060355040713075265646d6f6e64311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e313e303c060355040313354d6963726f736f667420446576656c6f706d656e7420526f6f7420436572746966696361746520417574686f726974792032303134301e170d3134303532383136343334365a170d3339303532383136353134385a308194310b3009060355040613025553311330110603550408130a57617368696e67746f6e3110300e060355040713075265646d6f6e64311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e313e303c060355040313354d6963726f736f667420446576656c6f706d656e7420526f6f7420436572746966696361746520417574686f72697479203230313430820222300d06092a864886f70d01010105000382020f003082020a0282020100c20f7f6d49bb39f04d943fe8fb4dc5eb3be1285ab9892a467ea5c333271d82893feb33a1876aeae882b9dac39d77d135c0cb833672a6571912bc15e2c83c7b83623414d5abb6de368ba15a71a65196a70633b3221d146253c2a5af9a40cabe2c485499e72a9368a769190b99693bc1b2acae94dc5fab7e02cade3ca774a68c10a0e5aeb69c35ef838b10e5972aba916b9a6a4595d9d054718e653fc48a53ca1e38470ae9d04184a5da1e66016504e6505b7735f5b42e29320cc6bf5f61ee3220b77c39f911faff605efec669f46f1e1ded1d06e7651e9a112e6344065f31431733e9a32682d44b83124fd2a126032548e13abd84f58ad5b46e1ae871200e45530167ade31e6be8b2e4abfdf53b8eba67af5984cc5c75d09daa5c72c42636a2ac324c6ab1f8331744d2a77d70eeeb70949abceaba1c104b635b38ddd2254504b2f0b35a7c0b0a8e21406437114d96694533e493839ef9b3b51c2b0571ea6dcce748b6b6de805010ca4938b35905704ebd9e880222586489eb40dab12d2d6a40885d23c33ed0f5d5b7908a28543962a2c5c6b1bf74cd8695f9456bccf207eaac5cd336f7a27ab5b472532a063ec337945858b14a71bb5ccd9cb2af109ad943363e528519e7422891118c8ce7bbdfe6c855087375f3960d86b7d2e506b2c08a54a86177207d6cd1feba68f3454aaf1184eb867d2f04f354ea20ffd5db3d250270870203010001a351304f300b0603551d0f040403020186300f0603551d130101ff040530030101ff301d0603551d0e041604148570009f77591e8cac3c9f77262819cc9ac18f32301006092b06010401823715010403020100300d06092a864886f70d01010b050003820201004f2574bd1f624f5f0ff74222d7d1d65304232ec5d5d7072b6b793b5f6d90ed1355d382f1f5028f3ef996267e0d421876fc6055825a86bd113339690fcee0b02bf15d19dfd8d2fa86a4cccdacf0d0ae9a8b2b248f03c1350d20b3dfc742ea77292e0a12fc0b1a458dd931840d8d02c0acfad212bf1e6a343eea8300a348754e72662da1a5129f37a85d4a7759cfd63afc30c5a609a5bfb108e3fb2c9f76c4fb4e611d6d23f3766985eb49bb0df73dd0aa05bcdd3d6e80445ed99a68ecc989c7e61a18f860a0e78cf6e6516f0ee025b863f9f9c20b8c3c9cb2f042cdbec3f5fe4929559c5e8696fba1ed6d2686e8b8208b5cc6e72d31c5aaca7d4b7da059a41efb5071e9afcfd6aa0d99de8e95269731a5f47f6df46815b8e3f7add8efd13875025ffd6d4efcb6fc2f451ba9cad11e7aff75181536c120e45f483a95eb7be4f5f6f4fec94b21a2a9ea8a9925cbe8444090d539b46b239b52bcc0c17e17666e650bf5741596a866ed856854b224e87588644589853c7a656b96e0f259ea4725660f6a1b0c3fd44ae64b26174709fed4d7b8e0cee72f94ad808b6770ccb77bcf1b2bb9d15bbdb8035cb1f01b412ce6535516e74a0e41089937e2a9d76d0e6a45e5ece388a9fdb69bc32820ceabc2936b516553bfa05e7b9d26349a514c8ca638d5865b3c55ee50ec000bcaacdcca10abdf189bd2ac0c8d084515af8535355ae526bc | C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\E35E6F46A1A9A4D18A4DAA298BDA4D1E8879236E | C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\SystemCertificates\CA\Certificates\8D4C4A23BA9EE84EA7348FA98CC6E65FBB69DE7B\Blob = 0300000001000000140000008d4c4a23ba9ee84ea7348fa98cc6e65fbb69de7b19000000010000001000000082218ffb91733e64136be5719f57c3a1040000000100000010000000ab9b109ce8934f11e7cd22ed550680da0f0000000100000030000000a768343c4aeaced5c72f3571938864983a67ed49031c1da2495863caf65fe507011f7f0e70b6cb40e5631c07721be034140000000100000014000000bbaf7e023dfaa6f13c848eadee3898ecd93232d41800000001000000100000002aa1c05e2ae606f198c2c5e937c97aa22000000001000000820500003082057e30820466a003020102021067def43ef17bdae24ff5940606d2c084300d06092a864886f70d01010c0500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a308185310b3009060355040613024742311b30190603550408131247726561746572204d616e636865737465723110300e0603550407130753616c666f7264311a3018060355040a1311434f4d4f444f204341204c696d69746564312b302906035504031322434f4d4f444f205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010091e85492d20a56b1ac0d24ddc5cf446774992b37a37d23700071bc53dfc4fa2a128f4b7f1056bd9f7072b7617fc94b0f17a73de3b00461eeff1197c7f4863e0afa3e5cf993e6347ad9146be79cb385a0827a76af7190d7ecfd0dfa9c6cfadfb082f4147ef9bec4a62f4f7f997fb5fc674372bd0c00d689eb6b2cd3ed8f981c14ab7ee5e36efcd8a8e49224da436b62b855fdeac1bc6cb68bf30e8d9ae49b6c6999f878483045d5ade10d3c4560fc32965127bc67c3ca2eb66bea46c7c720a0b11f65de4808baa44ea9f283463784ebe8cc814843674e722a9b5cbd4c1b288a5c227bb4ab98d9eee05183c309464e6d3e99fa9517da7c3357413c8d51ed0bb65caf2c631adf57c83fbce95dc49baf4599e2a35a24b4baa9563dcf6faaff4958bef0a8fff4b8ade937fbbab8f40b3af9e843421e89d884cb13f1d9bbe18960b88c2856ac141d9c0ae771ebcf0edd3da996a148bd3cf7afb50d224cc01181ec563bf6d3a2e25bb7b204225295809369e88e4c65f191032d707402ea8b671529695202bbd7df506a5546bfa0a328617f70d0c3a2aa2c21aa47ce289c064576bf821827b4d5aeb4cb50e66bf44c867130e9a6df1686e0d8ff40ddfbd042887fa3333a2e5c1e41118163ce18716b2beca68ab7315c3a6a47e0c37959d6201aaff26a98aa72bc574ad24b9dbb10fcb04c41e5ed1d3d5e289d9cccbfb351daa747e584530203010001a381f23081ef301f0603551d23041830168014a0110a233e96f107ece2af29ef82a57fd030a4b4301d0603551d0e04160414bbaf7e023dfaa6f13c848eadee3898ecd93232d4300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff30110603551d20040a300830060604551d200030430603551d1f043c303a3038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c303406082b0601050507010104283026302406082b060105050730018618687474703a2f2f6f6373702e636f6d6f646f63612e636f6d300d06092a864886f70d01010c050003820101007ff25635b06d954a4e74af3ae26f018b87d33297edf840d2775311d7c7162ec69de64856be80a9f8bc78d2c86317ae8ced1631fa1f18c90ec7ee48799fc7c9b9bccc8815e36861d19f1d4b6181d7560463c2086926f0f0e52fdfc00a2ba905f4025a6a89d7b4844295e3ebf776205e35d9c0cd2508134c71388e87b0338491991e91f1ac9e3fa71d60812c364154a0e246060bac1bc799368c5ea10ba49ed9424624c5c55b81aeada0a0dc9f36b88dc21d15fa88ad8110391f44f02b9fdd10540c0734b136d114fd07023dff7255ab27d62c814171298d41f450571a7e6560afcbc5287698aeb3a853768be621526bea21d0840e494e8853da922ee71d0866d7 | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\SystemCertificates\CA\Certificates\D89E3BD43D5D909B47A18977AA9D5CE36CEE184C | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\E35E6F46A1A9A4D18A4DAA298BDA4D1E8879236E | C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\6CD253D636A7B4D0E0981431BC064061A9853ED9 | C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\31D019FC7AB697D57D9C4AFB340ED7C4D10400DF | C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\31D019FC7AB697D57D9C4AFB340ED7C4D10400DF\Blob = 03000000010000001400000031d019fc7ab697d57d9c4afb340ed7c4d10400df2000000001000000250600003082062130820509a00302010202101b427b060e2866bfb586cc267e1c3eaa300d06092a864886f70d01010b0500308191310b3009060355040613024742311b30190603550408131247726561746572204d616e636865737465723110300e0603550407130753616c666f7264311a3018060355040a1311434f4d4f444f204341204c696d69746564313730350603550403132e434f4d4f444f2052534120457874656e6465642056616c69646174696f6e20436f6465205369676e696e67204341301e170d3138313230343030303030305a170d3231313230333233353935395a308201093110300e060355040513073339313038303531133011060b2b0601040182373c0201031302555331193017060b2b0601040182373c020102130844656c6177617265311d301b060355040f131450726976617465204f7267616e697a6174696f6e310b3009060355040613025553310e300c06035504110c053037303133310b300906035504080c024e4a3110300e06035504070c07436c6966746f6e3116301406035504090c0d313235352042726f616420537431283026060355040a0c1f436f6d6f646f20536563757269747920536f6c7574696f6e732c20496e632e3128302606035504030c1f436f6d6f646f20536563757269747920536f6c7574696f6e732c20496e632e30820122300d06092a864886f70d01010105000382010f003082010a0282010100ad390c8bc919005d5894a91a9585ef887fbd7c2341ff5ebb3efc6f645a66c55e6da11febce740e53ed9416284dfc7d142e4dc21f99753b5f60ae9aadc764b59efd9ffd33b20ae1c54eba629408a1b095a59cf4af0ad9db9bc494250154dcd0edefcec62e4b248d9a793b703aa15255baf3553fa59d4dc558ba4303af630bb626cd6627e0c4a45764ec3b286c38ab2499f9dc13eefdffa7841297ff533b47061b9aa3ff09ee3f04a7b10ba70894e53f3352b1f60eddfc021a66546e3392795bb6ae49a92f189ec2a7cdd9a935fab33a5ce7fc16c4b7e8ca13b4551d38a6a7c0658298a5adf5f6796675f58e1bb4ce410ff704bc5e845bc1ef83c18a0d50e137370203010001a38201f8308201f4301f0603551d23041830168014df8ff3200ce9caa604d85b58372a3dab46dc8349301d0603551d0e041604142d99b81962209042dc650eb36ec07ad996e48c4d300e0603551d0f0101ff040403020780300c0603551d130101ff0402300030130603551d25040c300a06082b06010505070303301106096086480186f842010104040302041030460603551d20043f303d303b060c2b06010401b2310102010601302b302906082b06010505070201161d68747470733a2f2f7365637572652e636f6d6f646f2e636f6d2f43505330550603551d1f044e304c304aa048a0468644687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f434f4d4f444f525341457874656e64656456616c69646174696f6e436f64655369676e696e6743412e63726c30818606082b06010505070101047a3078305006082b060105050730028644687474703a2f2f6372742e636f6d6f646f63612e636f6d2f434f4d4f444f525341457874656e64656456616c69646174696f6e436f64655369676e696e6743412e637274302406082b060105050730018618687474703a2f2f6f6373702e636f6d6f646f63612e636f6d30440603551d11043d303ba02306082b06010505070803a01730150c1355532d44454c41574152452d33393130383035811473636f742e7765697240636f6d6f646f2e636f6d300d06092a864886f70d01010b050003820101007f4d3e6594a3e380fac36b00e97ccacce4786be2ecc13cf37e737aaca0328bb8bfdcd513daff94aba1c7ee00cc8a3bd073157a812f6e31f772781d0bb922a8b86932b296c2312cdf3b239c42bb443b4b1b89b36de34a7fae65ac63eb6ead8812f8d373fa6f1a4e8d9e62eb004caae3639e41e08ed48d640b04725b09b4411dc083587e7fe24b33d90677677960efa6299cc85c4b2bfae4cdfe36581d25e029f6af1a7e77f502882d87597f3cc5bb450a71f9fd57f43b321baa4cbe5213a48a2c5b785a9de4103d5029e4db79403e98784e51379d45a86996b183469e98470731d1a603eaa443a05527aca62f51631722dc0dfe5d74c8298d2aed885d34c9be61 | C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\E35E6F46A1A9A4D18A4DAA298BDA4D1E8879236E\Blob = 0f0000000100000014000000e3b244cda88b1ab5a7dc09039d0c3142ae6361e7030000000100000014000000e35e6f46a1a9a4d18a4daa298bda4d1e8879236e20000000010000005f0500003082055b30820443a003020102021100d9218e2757ec45d84ec08b3e6700c85e300d06092a864886f70d0101050500307b310b3009060355040613024742311b30190603550408131247726561746572204d616e636865737465723110300e0603550407130753616c666f7264311a3018060355040a1311434f4d4f444f204341204c696d697465643121301f06035504031318434f4d4f444f20436f6465205369676e696e672043412032301e170d3138313231313030303030305a170d3139303730373233353935395a3081a8310b3009060355040613025553310e300c06035504110c053037303133310b300906035504080c024e4a3110300e06035504070c07436c6966746f6e3116301406035504090c0d313235352042726f616420537431283026060355040a0c1f436f6d6f646f20536563757269747920536f6c7574696f6e732c20496e632e3128302606035504030c1f436f6d6f646f20536563757269747920536f6c7574696f6e732c20496e632e30820122300d06092a864886f70d01010105000382010f003082010a0282010100b73a668ff7984c8d990d7c6e51df5176c7842cc1bf351c27286c6139f4831fc718a35b0fa9145f0887de8bce335e8e3e12fce763cab5deeae08e0bf325cd79a4fbb328d7c7f7d53de51bd3c05c5966b634a9b1fc4362afd0267f927dd90a52b6a5f5f0e29c8e94dfe4199b2cf31142bb480e95ecb92b6ca20ecd71ff210df9655e9e9ac856ad7aab929b843052d4a21c27ea4054a9f4e8c4cd88943b1a4d3a58b3e06eb654c6c09cef472d6fb0d05a841ce229b53a5d36bd08cbfdc552f7c758efaa7824c1d27e30a83d7a9cecaab4bd91b2cbd60d1335fc4ac0f0294dd2eeb3f65139467761f091840246ff644edbfacb9ffd7ef2823fd9eea312dd299a39af0203010001a38201aa308201a6301f0603551d230418301680141ec5b12c7d87da02687c25bc0c07843fb6cfdef1301d0603551d0e041604147c4f2b645af103043ca7675e8c129c16dee7164c300e0603551d0f0101ff040403020780300c0603551d130101ff0402300030130603551d25040c300a06082b06010505070303301106096086480186f842010104040302041030460603551d20043f303d303b060c2b06010401b2310102010302302b302906082b06010505070201161d68747470733a2f2f7365637572652e636f6d6f646f2e6e65742f43505330410603551d1f043a30383036a034a0328630687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f434f4d4f444f436f64655369676e696e674341322e63726c307206082b0601050507010104663064303c06082b060105050730028630687474703a2f2f6372742e636f6d6f646f63612e636f6d2f434f4d4f444f436f64655369676e696e674341322e637274302406082b060105050730018618687474703a2f2f6f6373702e636f6d6f646f63612e636f6d301f0603551d1104183016811473636f742e7765697240636f6d6f646f2e636f6d300d06092a864886f70d01010505000382010100b33c0fee4668b9e86cd777fa94eb47dcaee7fb5b9b897b9458b12e511a194b6ad495ea4b6b820d1c7cd26badf92cfc13aaa9e66157a55545c7ea71460a4fa4e30e46b9ac16a36e94a1fcbc62b2abe402d2a58773344c4b23a0d907a9760029595421e478da67167f80876012443cd22573dc3806cdedbc6c8c4ed255bd926cecc7796ec36fb225d084f31afb5e5a2e86d26149212dda8aed2058ef0d7e7e677b463a7722431a0b5c0b9dc385b7d2e73bd781ee111c8f7e36d76e1db1f6ac98784227ed97cde3762d079741984d146a8ff96e411c1b1e4e711cd00a6150532ffaa13702a81f4514eae48ca0b98d8642a6cfe7711dc67d1b857bfecb4e863bc1f9 | C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\6CD253D636A7B4D0E0981431BC064061A9853ED9 | C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\msiexec.exe | N/A |
| N/A | N/A | C:\Windows\system32\msiexec.exe | N/A |
| N/A | N/A | C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe | N/A |
Suspicious behavior: LoadsDriver
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\cav_installer.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Uses Volume Shadow Copy service COM API
Processes
C:\Users\Admin\AppData\Local\Temp\cav_installer.exe
"C:\Users\Admin\AppData\Local\Temp\cav_installer.exe"
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe
"C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe" -log -setupname "cav_installer.exe" -sfx "C:\Users\Admin\AppData\Local\Temp" -theme lycia -type web -mode cavfree
C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
C:\Windows\system32\MsiExec.exe
C:\Windows\system32\MsiExec.exe -Embedding 31A7BBB65796A18132D9DED029B2ADDD
C:\Windows\system32\MsiExec.exe
C:\Windows\system32\MsiExec.exe -Embedding 2EC7DCA72789D90E718C86BA178186FC M Global\MSI0000
C:\Windows\Installer\MSI3686.tmp
"C:\Windows\Installer\MSI3686.tmp" -rptype 0 -descr "Installing COMODO Antivirus" -logfile "C:\Users\Admin\AppData\Local\Temp\COMODO Internet Security dbgout.log"
C:\Windows\Installer\MSI3686.tmp
"C:\Windows\Installer\MSI3686.tmp" -rptype 0 -descr "Installing COMODO Antivirus" -logfile "C:\Users\Admin\AppData\Local\Temp\COMODO Internet Security dbgout.log" -working
C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
C:\Windows\system32\DrvInst.exe
DrvInst.exe "1" "200" "STORAGE\VolumeSnapshot\HarddiskVolumeSnapshot19" "" "" "61530dda3" "0000000000000000" "00000000000005A8" "00000000000005B0"
C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe
"C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe" --installCertificates
C:\Windows\system32\regsvr32.exe
"regsvr32.exe" /s "C:\Program Files\COMODO\COMODO Internet Security\cisresc.dll"
C:\Windows\system32\regsvr32.exe
"regsvr32.exe" /s "C:\Program Files\COMODO\COMODO Internet Security\cisbfps.dll"
C:\Program Files\COMODO\COMODO Internet Security\cisbf.exe
"C:\Program Files\COMODO\COMODO Internet Security\cisbf.exe" /RegServer
C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe
"C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe" --updateHtml
C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe
"C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe" --langID 1033 --createConfig "active=avfw;dplus=opt;esm=0;av=1;fw=0;cesfw=0;cesav=1;cessandbox=1;free=1;noalerts=1;cloud=1;sendstats=1;configfile=;fwstate=0;dfstate=0;avstate=0;bbstate=0;avservers=0;standalone=1;useblob=1;trustnewnets=0;"
C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe
"C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe" --upgradeBackuped=""
C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe
"C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe" --windowsDefence df-
C:\Windows\system32\runonce.exe
"C:\Windows\system32\runonce.exe" -r
C:\Windows\System32\grpconv.exe
"C:\Windows\System32\grpconv.exe" -o
C:\Windows\system32\runonce.exe
"C:\Windows\system32\runonce.exe" -r
C:\Windows\System32\grpconv.exe
"C:\Windows\System32\grpconv.exe" -o
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
"C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe"
C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
"C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe" /ModeAvMonitor -Embedding
C:\Windows\system32\regsvr32.exe
"regsvr32.exe" /s "C:\Program Files\COMODO\COMODO Internet Security\cavshell.dll"
C:\Windows\syswow64\MsiExec.exe
"C:\Windows\syswow64\MsiExec.exe" /Y "C:\Program Files\COMODO\COMODO Internet Security\cmdcom32.dll"
C:\Windows\system32\MsiExec.exe
"C:\Windows\system32\MsiExec.exe" /Y "C:\Program Files\COMODO\COMODO Internet Security\cmdcomps.dll"
C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
"C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe" /ModeAvMonitor -Embedding
C:\Windows\system32\MsiExec.exe
"C:\Windows\system32\MsiExec.exe" /Y "C:\Program Files\COMODO\COMODO Internet Security\cavwpps.dll"
C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
"C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe" /ModeAvMonitor -Embedding
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | download.comodo.com | udp |
| US | 162.255.25.209:443 | download.comodo.com | tcp |
| US | 8.8.8.8:53 | cdn.download.comodo.com | udp |
| FR | 185.93.2.251:443 | cdn.download.comodo.com | tcp |
| US | 162.255.25.209:443 | download.comodo.com | tcp |
| US | 162.255.25.209:443 | download.comodo.com | tcp |
| US | 162.255.25.209:443 | download.comodo.com | tcp |
| FR | 185.93.2.251:443 | cdn.download.comodo.com | tcp |
| US | 8.8.8.8:53 | download.adtrustmedia.com | udp |
| US | 162.255.25.209:443 | download.comodo.com | tcp |
| US | 69.57.168.134:443 | download.adtrustmedia.com | tcp |
| US | 162.255.25.209:443 | download.comodo.com | tcp |
| US | 8.8.8.8:53 | cdn.download.comodo.com | udp |
| FR | 143.244.56.50:443 | cdn.download.comodo.com | tcp |
| US | 162.255.25.209:443 | download.comodo.com | tcp |
| FR | 143.244.56.50:443 | cdn.download.comodo.com | tcp |
| US | 162.255.25.209:443 | download.comodo.com | tcp |
| FR | 143.244.56.50:443 | cdn.download.comodo.com | tcp |
| US | 162.255.25.209:443 | download.comodo.com | tcp |
| FR | 143.244.56.50:443 | cdn.download.comodo.com | tcp |
| US | 162.255.25.209:443 | download.comodo.com | tcp |
| FR | 143.244.56.50:443 | cdn.download.comodo.com | tcp |
| US | 162.255.25.209:443 | download.comodo.com | tcp |
| FR | 143.244.56.50:443 | cdn.download.comodo.com | tcp |
| US | 162.255.25.209:443 | download.comodo.com | tcp |
| FR | 143.244.56.50:443 | cdn.download.comodo.com | tcp |
| US | 162.255.25.209:443 | download.comodo.com | tcp |
| FR | 143.244.56.50:443 | cdn.download.comodo.com | tcp |
| US | 162.255.25.209:443 | download.comodo.com | tcp |
| FR | 143.244.56.50:443 | cdn.download.comodo.com | tcp |
| US | 69.57.168.134:443 | download.adtrustmedia.com | tcp |
| US | 8.8.8.8:53 | download.comodo.com | udp |
| US | 162.255.25.209:443 | download.comodo.com | tcp |
| US | 162.255.25.209:443 | download.comodo.com | tcp |
| US | 8.8.8.8:53 | cdn.download.comodo.com | udp |
| FR | 185.93.2.244:443 | cdn.download.comodo.com | tcp |
| US | 162.255.25.209:443 | download.comodo.com | tcp |
| US | 162.255.25.209:443 | download.comodo.com | tcp |
| FR | 185.93.2.244:443 | cdn.download.comodo.com | tcp |
| US | 162.255.25.209:443 | download.comodo.com | tcp |
| FR | 185.93.2.244:443 | cdn.download.comodo.com | tcp |
| US | 162.255.25.209:443 | download.comodo.com | tcp |
| FR | 185.93.2.244:443 | cdn.download.comodo.com | tcp |
| US | 8.8.8.8:53 | cmc.comodo.com | udp |
| US | 8.8.8.8:53 | licensing.security.comodo.com | udp |
| US | 8.8.8.8:53 | licensing.security.comodo.com | udp |
| GB | 178.255.85.135:443 | cmc.comodo.com | tcp |
| US | 45.32.1.220:443 | licensing.security.comodo.com | tcp |
| US | 45.32.1.220:443 | licensing.security.comodo.com | tcp |
| US | 45.32.1.220:443 | licensing.security.comodo.com | tcp |
| US | 8.8.8.8:53 | download.comodo.com | udp |
| US | 8.8.8.8:53 | download.comodo.com | udp |
| US | 8.8.8.8:53 | download.comodo.com | udp |
| US | 8.8.8.8:53 | download.comodo.com | udp |
| US | 162.255.25.209:443 | download.comodo.com | tcp |
| US | 162.255.25.209:443 | download.comodo.com | tcp |
| US | 162.255.25.209:443 | download.comodo.com | tcp |
| US | 162.255.25.209:443 | download.comodo.com | tcp |
| US | 162.255.25.209:443 | download.comodo.com | tcp |
| US | 162.255.25.209:443 | download.comodo.com | tcp |
| US | 8.8.8.8:53 | cdn.download.comodo.com | udp |
| US | 8.8.8.8:53 | cdn.download.comodo.com | udp |
| US | 8.8.8.8:53 | cdn.download.comodo.com | udp |
| US | 8.8.8.8:53 | cdn.download.comodo.com | udp |
| US | 8.8.8.8:53 | cdn.download.comodo.com | udp |
| US | 8.8.8.8:53 | cdn.download.comodo.com | udp |
| FR | 185.93.2.251:443 | cdn.download.comodo.com | tcp |
| FR | 185.93.2.244:443 | cdn.download.comodo.com | tcp |
| FR | 185.93.2.246:443 | cdn.download.comodo.com | tcp |
| FR | 185.93.2.244:443 | cdn.download.comodo.com | tcp |
| FR | 185.93.2.251:443 | cdn.download.comodo.com | tcp |
| FR | 143.244.56.50:443 | cdn.download.comodo.com | tcp |
| GB | 178.255.85.135:443 | cmc.comodo.com | tcp |
| US | 8.8.8.8:53 | accounts.comodo.com | udp |
| US | 137.184.246.236:443 | accounts.comodo.com | tcp |
| US | 162.255.25.209:443 | download.comodo.com | tcp |
| US | 162.255.25.209:443 | download.comodo.com | tcp |
| US | 8.8.8.8:53 | cis.td.security.comodo.com | udp |
| US | 209.127.178.107:443 | cis.td.security.comodo.com | tcp |
| US | 8.8.8.8:53 | crl.microsoft.com | udp |
| NL | 23.63.101.152:80 | crl.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| GB | 178.255.85.135:443 | cmc.comodo.com | tcp |
| US | 209.127.178.102:443 | cis.td.security.comodo.com | tcp |
| US | 209.127.178.76:443 | cis.td.security.comodo.com | tcp |
Files
\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe
| MD5 | 74cf93a3d559a630911fc94568b99e1e |
| SHA1 | a5f164154e164174c715e493f440b1935ec53af8 |
| SHA256 | fe82eb2103b177370e742aee40a2b840805516ff23867f6b9bd3655a401eb50b |
| SHA512 | c000d512e270d7f89058fe52a3ecfac6f60462eed21b134ebb57640cc6425e7ece9b6ce683acc666d8358875c8d621497a8e3eb95b4ad72311efb9d12c03100a |
\Users\Admin\AppData\Local\Temp\7ZipSfx.000\7za.dll
| MD5 | 7baac18fb157c76574ca3d7a2f5eb193 |
| SHA1 | 6460577ce621fa28133096073376f6a88f8acd61 |
| SHA256 | 347144ae998d96c6b8664abf56f3ff8cfa4dcdfd6e13205d7e8ee2f3b77eefc2 |
| SHA512 | 513cc213da81db470f8675c29162f4b724bb92a690edd451025eb68588971eebb937f88cc5a659222f2bbbd99440aa56800bf4167bb8912ea87a0b2648b002ea |
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdhtml.dll
| MD5 | 6d9aa26bb18af69dc74ae8e822eb53dd |
| SHA1 | 6ef20da9b9e70afa742f047f1c6f9d3e58290450 |
| SHA256 | cf140523b8834de1c37efa29b02adcdc88babc0f8ee90ba93dd98c260d7036c3 |
| SHA512 | 3a9e8f15d207e98bb182f8d1838e93dba9750e6cfc79b72aab0706f969866447e50b3ab28bc1768a7cac7e7733cde80085cabcefefae0d287f08374578935c36 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar1F49.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | 82ffbbef07e0472b33221b56af8b6754 |
| SHA1 | a4ca28924de7b080f59df263bd5632aca982b702 |
| SHA256 | 3faecf7e472d8e4ec3187348a7fd8d83784d3f59f61a31122326bb4274873ee2 |
| SHA512 | fa316d438d66bad343024d4bf60d0b80a55625444ef2a40a7526798d93fdb7493b270deb313f6a360fa50f66b4df2c5621c3b82551340978229fe6479e586815 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6027698aa2d929b1945bb2bf1993bf93 |
| SHA1 | 65226d64af8693715488661669590764e51c2402 |
| SHA256 | 94689b61b99f2c0ad2a30ac056bd4ce8607ba3e504e0038a2f718a2ba93b5db9 |
| SHA512 | 8e306c5c0d7b75ab4edec88eed0d6f1705d0f4a96b70c9ea25b4a253d21e8a0926b049c4c6a65a90aea9f473406b91278852239fbcd244b761d0d47510f8de6f |
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\themes\ilycia.set
| MD5 | 7b85f91536c8342ac64d3edece2af7fe |
| SHA1 | 1e28c62364f606f03078e985222a2e3400a483c6 |
| SHA256 | 918e7aad857776a895ecdf850665c355026882bcf1e0eba279ff4f7aa4b6bbae |
| SHA512 | 42cbaca95018eba8b05d3d586dbe8537ec1130af9edd813c4e7affef88c804a4ae65d9a446a95326508cd21da03a7e6a7969f6de5a68e69ce86c827f4308ac5a |
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdres.dll
| MD5 | a4b3e07a9d407bca7a0ed76ea7c4945f |
| SHA1 | af16d87110e2f9e64d5c35a6d522151b69377bbc |
| SHA256 | b115a17e7500dbc34cce1f8e84a59f072a26ad49be5dcde6ac5908e4d2ad3555 |
| SHA512 | 77c6ba298f5bd4c04192660d365d2a45ecb23fa441818735bd01050677037e1976670dcb457b6684343fbccb02a6fcfd98f22ae9f2de263057157917ee28d981 |
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\installer_langdata.bin
| MD5 | b80eda6258e28b537651f8e5ebd997ff |
| SHA1 | 826741e138e8342f4bc3303838e347a44bb93546 |
| SHA256 | 6e960dfed451c2dfb99352d25d3df8dd46fe7d80c9af79805c0cfbd1a99a2709 |
| SHA512 | 9fce1cb5fe8b6a2bc4d13c1ca3ec31c926c6dd33717f145da6952ae33144eb11a6ee9e751e1d3e2d5d6ce7768e9f9602773a917d9f5f8473670e6d631b932b74 |
C:\ProgramData\Comodo Downloader\cis\download\installs\8050\installer_data\binaries\files_info.dat
| MD5 | f42c56a1f750bdf43155a2aee0f1407c |
| SHA1 | 0929dd9594fccffe5e7e43ea33a5eb6467afab0b |
| SHA256 | 86e8a71d1327fe5f26901c8a7d10bac322dce1ff621e1339db9c7b6ab905244c |
| SHA512 | 31dc56d6455391a0075ab59d438335c9d38da43e1ef974bcdf14be059d63d48f8a8f7a1f6cd9eb5e790519a3824f59387abafef48417bbeb74e34b526646b8d9 |
C:\Users\Admin\AppData\Local\Temp\COMODO Antivirus_24-06-01 07.10.07.log
| MD5 | 7b6e2764cd8186079d67fbce9642fe33 |
| SHA1 | 76e5bcf793b50a6f6b898d81e9b00518bdabcedb |
| SHA256 | 2267d759de9a423832367ead87c8e8ed418ad3bd6a9be1ea666fd799cff89657 |
| SHA512 | 62c450a888084a813a6e71601dc12ae06c337dee39156bb910c69549b26fa04a0036c81c1cf533ab180c1f5e5dea6a26ecd5899ab03ca4e1eaffbc8d3a282db5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\5080DC7A65DB6A5960ECD874088F3328_79CFD3DF2894C4BFDA2ADFD6675FA18B
| MD5 | ca717d4ff2cc3464e706594d739f9196 |
| SHA1 | cc574d9890e8037ae0cd44b2674f6cd814610f87 |
| SHA256 | 66ed6457bedab37ba78c62303ef4cab5998e7852c6b8e42e2c2c7ae0aa7417ed |
| SHA512 | a20680759913f19e54a988bb418382a690ee53824be69d9a913a622217100d1ebbbea723f209748fa0c4122ff2ee359c85be1d7127653a6c8246f7b492bc4716 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\5080DC7A65DB6A5960ECD874088F3328_79CFD3DF2894C4BFDA2ADFD6675FA18B
| MD5 | d58e8fe7f69017cc5df020f11653f9d1 |
| SHA1 | 9360c6357881294ac27ed86e52275cfc3d0ac5c4 |
| SHA256 | b20cf79ba01c7354abf82aa3e361c5c951d47296b5f707aa1c3726f3b0173881 |
| SHA512 | 4b51a7f1c318b0e75e39d3355e6adbbb41f9dfeebe4d1304f024aca882c24f6be037efbf7af3653b83d9dead10518e11ac5bd7b181ebcd07ab50c1e9d66c438b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7D11549FC90445E1CE90F96A21958A17_941A5BE5FAF3230B9FC294754AF2A1C3
| MD5 | 43432c50e7dcd48ddef7104a3adfc790 |
| SHA1 | 24864aa145bd1c14335353abf81d7444da8377ef |
| SHA256 | c919278f34b9b472b8be47abd92f4ec04e2c6d34a67edd39b80a9a50747016f1 |
| SHA512 | 798c92b89412e9d119fbd0d6aa87a39a957816b3df9f468d5f020b3537d1626f21d22e8fe887d52e60c8cbb72a5e3fbde1e7f0061abe5bfc1cb9ebedf49137d1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7D11549FC90445E1CE90F96A21958A17_941A5BE5FAF3230B9FC294754AF2A1C3
| MD5 | 6745f9dc413026cfe4241f2c26e4545f |
| SHA1 | e5ae27681d0753170070b1f78feba38250835aac |
| SHA256 | 722bf0705ff9a401e346fa338bee3395aafc06b06a3e76bb766d8b26b5b365f8 |
| SHA512 | 263524ed6a5594af18001fedf87f4997bff7ab6f87d4f94ea7ce489e8dbb6a4c54db1341ad122223ba17b6f5bc9e2ff6232981d3d0d8fd0c78ddbba0930e64a5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B2FAF7692FD9FFBD64EDE317E42334BA_2DBE917624E9880FE0C7C5570D56E691
| MD5 | 8ba657489fa4c27e599af2594f82a47f |
| SHA1 | 38cacec6ddab083174de581cec4f6d3a2556fded |
| SHA256 | c65292440779c0727c5715518ab878d2bf325c54881b60edf911f45eeedd8038 |
| SHA512 | bfc78ae5ffd808d78413f16204f984f636ada625113083e68634730a04e4798dd04506a7b488d13068c0a966b74bb4e635c935d522a7c36c4dc33f215443c1fe |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B2FAF7692FD9FFBD64EDE317E42334BA_2DBE917624E9880FE0C7C5570D56E691
| MD5 | 14a5b17fc1f7eb4db7605b139c07cf19 |
| SHA1 | ea2ddaa1971cdc63402d0a74a50e7c671badb145 |
| SHA256 | b5170a5df4bbb2825f5ac549b9b4d10f97832084b0d311a871a69f7dfa696195 |
| SHA512 | 975f1d3775d83f3ef02cb05c7029f432aeb33e7db353e3651a4c570fcf510309576dbc5049638858790dbc5c6f484a94b1e75481b5375863f9d21486067e0a6f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d69d4cf2f02b8784adc04d9b966614e3 |
| SHA1 | e943ef510c64b41c2b99344bd5d6405d1f7cfbd0 |
| SHA256 | 99c28602f5e456d746510d75c5265d76da4aa7a91b617bd7cbf92c91c5df6b87 |
| SHA512 | ceb30da96d7d9871914c26223b71d19a705828fe0eb7da44f0c3b9b9978e1ea8159ada47cce98e56bda708ec1d8a80cd6a99cde90a2d19e6362884d0a932d6ab |
C:\Windows\Installer\MSI3094.tmp
| MD5 | 0d1b3d26a9d0c59e8da1d3df6f5235a9 |
| SHA1 | d4f7c0253c0d8fd02a3cee0462d3912db759b962 |
| SHA256 | 355fd71a76f85e8dc7fa18a007809c4381c2afe887d7a25ce9e1e95070f26b33 |
| SHA512 | ef0ce0879a1cda3822f7281373e31dd196dfee76ada9645e89332473ba416b691ca3ab710ad4e86dc37de143dd6cadc1b3955f13a318a1c49fd2890660844c56 |
C:\Users\Admin\AppData\Local\Temp\COMODO Internet Security dbgout.log
| MD5 | df2e1e7d43c66692a20bab6ddda933c2 |
| SHA1 | ff83a0e2a630d2c5b6bddc9069b9d231b90f3217 |
| SHA256 | 1d9e1a7b6049639493cb4d5323c774cabbc0c2e45460d730ce47d5cd3a519453 |
| SHA512 | e9c35efde413af95beefdf6482bea22ee75d9e15196ef6e71dd870ad15f7041fde3198244556cad6c4e01fa5e2798bdfe265261be201661de4c659742c52f007 |
C:\Windows\Installer\MSI3686.tmp
| MD5 | c435f554a0823a156c21d8ebe6487fb0 |
| SHA1 | a078ca18d0532f33d10a8e898970e3f0ed2c1985 |
| SHA256 | d8a42eda60051799d97883dcc0f27b2f87f39d39d5a46047590c403d57e29d25 |
| SHA512 | d4e405fe17079e2e3943d0e625f2d8c530398467cbd6a575828c84b46df2c1aeb66c16f7d54973f280c5319366767cbc3fe741aa2f2f00ebda590c0ee85c745a |
C:\Users\Admin\AppData\Local\Temp\COMODO Internet Security dbgout.log
| MD5 | 83c2af34cc3f2e782cf902e55b04cc0c |
| SHA1 | c038b3311a3704f42b895f2d8a67b257f1b7779b |
| SHA256 | cada64634101eea36de887b62b6d6e67528d82c74d922b4e5642bfabff3dd4d0 |
| SHA512 | a4184940138ebdc0848b32d3b781398f9679bba20525e6d6b5399689ce236ddc23645cd0ebda17b3dd90348a9878faac115ed9989bc2e3e5e63462d1acc5fe75 |
\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe
| MD5 | 50a9b8ada65d917c4470c35a24e5321f |
| SHA1 | cf7b45814560418fdef69aaad2f0bc348f95aa78 |
| SHA256 | 604e6a806d37c436b5858d9521d52f18bb779caa23f7b79d534de19d141a2d8e |
| SHA512 | b69049aef1f1f80e6a4494d265ea65e01a979b3e9521966a5f608ace6c4fa05e7cf3d4f44260d2f38d7f7ebd723221867ccdd8e31d7f728de18151fa2d8e367d |
C:\Program Files\COMODO\COMODO Internet Security\cmdres.DLL
| MD5 | 6d7caec45f44db9a57307fdca673531c |
| SHA1 | 6c03ea2c84837edb1ff28d883db361fe8b530ba4 |
| SHA256 | 973b7eef70905bde2716eb07626f9a7df9736190e02922eefff2b47619d81ebc |
| SHA512 | 9f5f204cabeee610b09321d1fdeb416e92d0ce1137f18f1544cca5496e48937ba381d2ed916cd8fb6a53834f20e566caa576b7a5792c5b7aba2c4a7000a9715e |
C:\Program Files\COMODO\COMODO Internet Security\cfpver.dat
| MD5 | 0889f8a78fdb667192b0a3617c51db9f |
| SHA1 | 32e9fe7b4f309e1605ff3a55ea1e613167f463f3 |
| SHA256 | 6cc8b0fb91f5e5d31e6b58ecd11f33ef2c8e2d65a20639374fe0789deda57056 |
| SHA512 | a357766bef664ad1ae093f04c470078c5f2288d9ef6deb876b5e2b97ab6211c9cfb87c40c545ff3c5288cb04bac89c862fb21eefef784ab574bc8e3a5f6c1f47 |
C:\Program Files\COMODO\COMODO Internet Security\cisresc.dll
| MD5 | b54ba5c6737c7c84b5ef7117eadc0664 |
| SHA1 | 4a879b436e5c60f40aabaf9da97396cb3631acb1 |
| SHA256 | 92e3b22a5652fce895eeee118dabf070eae0a9e7575324970cc0e43723c37e55 |
| SHA512 | 382969362f55513fcbff571f23058f6031d4cd96e05ae1808b348df67e032cf2f667812b90718abf3eb79aa24dd5c4061b34c09ad06a044d13828c5f21fbccf2 |
\Program Files\COMODO\COMODO Internet Security\cisbfps.dll
| MD5 | 728a97b5b669c3b6dee064b5b3dc636d |
| SHA1 | cb3d70083d65aea7dd18ee4da3844138a0d0ceef |
| SHA256 | 1306e31bdfb5c9e30b0b261125a83c5c544b3aee0e450b547e4055d533451169 |
| SHA512 | 7ddcfc99ee9d4c351ad4b0622af24d27e5a6f64123fa0ae542918efc86ba832cf76b0bb36e9943be3bd6ba0d78be926310fe997045ae5babbf1f90f411b97930 |
\Program Files\COMODO\COMODO Internet Security\cisbf.exe
| MD5 | 0ac6f2e6487b82ccb89033ee84b615e1 |
| SHA1 | db55e4017c4c7f442b8565cc80492d4261f1a539 |
| SHA256 | 7c3393696d205b935add38ea8a8ada9f7fe18d896cff97111b08f59a5b04e475 |
| SHA512 | a67c0d4675f325b479539c57c63944ce32632b4e1dfaf5507ed00bc2f8128dfd2c179138afeb35a7acdd8c932124c550a748db389a42082f3e03a19d9868db55 |
C:\Users\Admin\AppData\Local\Temp\COMODO Internet Security dbgout.log
| MD5 | 7aa56aa8db3acc908d86828b7c5686cc |
| SHA1 | fa8290bb5697b35e5c0d1ed8fd040680b2764576 |
| SHA256 | 5af2cb347d8a4bf5e406d2cddb1cd07d75b87b0bed12d308f06cbc0b5aca9a70 |
| SHA512 | 9a3140cabf791bd0a3c915be18b5824dc832fad26f9793ab3295c2f8a771cf023fd8971bdecb53aa3cf3c0339f9b0e73d366e330c942f9886b7f71e1d22d0c0c |
C:\Windows\System32\drivers\SET6539.tmp
| MD5 | bd355711c7c960c0bd1ac44e1f7052a6 |
| SHA1 | 0f42054de62da794526fefb08d4bf73e12016681 |
| SHA256 | 00ed372159987455a77418ed8c315c42d523f850423587aefc666af79a53f2ae |
| SHA512 | 165c1344b84bac56f4aa11b298134741ca78c90f71163a718880870cde98e06210f2a7b4e35ac0db9be006b89715536ad54167580292bbf36b68491a837881dc |
C:\Windows\System32\drivers\SET653A.tmp
| MD5 | 235a8a617a3e4aaa121debeb2883d47e |
| SHA1 | 998b02236a6a13a14f09b32a2e8387f0a6488d35 |
| SHA256 | 3f4f034d8dcad822ed462f1363f1a52c958fc3870cc15f506d2842d7f990960f |
| SHA512 | c87fe51403dccf47e3b6d00f823f8493aec321defef6ddd731f4d607dbc45e6249b44abf15785913be7d55a74f90b833157a7e4202fa62d4c7e06be76c6ceaea |
memory/3360-2205-0x000000006FFF0000-0x0000000070000000-memory.dmp
memory/3360-2204-0x000000006FFF0000-0x0000000070000000-memory.dmp
memory/3196-2208-0x000000006FFF0000-0x0000000070000000-memory.dmp
memory/3196-2209-0x000000006FFF0000-0x0000000070000000-memory.dmp
memory/3196-2211-0x0000000077B90000-0x0000000077D39000-memory.dmp
memory/1132-2228-0x000000006FFF0000-0x0000000070000000-memory.dmp
memory/1132-2227-0x000000006FFF0000-0x0000000070000000-memory.dmp
C:\Config.Msi\f772c81.rbs
| MD5 | b931cfcd2635345c3295bfa106393ded |
| SHA1 | 803a0d65e29a3f749451e6ff6ac4189a40536444 |
| SHA256 | 62a01f4ec51adb7adbd36f37e3daff3f05d4af3c145d6b4e6ebf80cd0ca0003c |
| SHA512 | c9d373911b6925a7e6f2c9dcd681facc7465befa5d08d17208fb7a78a39b55a5042458680fff7826287f9045b55c5ea04f517856a18f9ad1175bb44df62c74e8 |
memory/1132-2248-0x0000000077B90000-0x0000000077D39000-memory.dmp
memory/2816-2266-0x000000006FFF0000-0x0000000070000000-memory.dmp
memory/2816-2265-0x000000006FFF0000-0x0000000070000000-memory.dmp
memory/2816-2267-0x0000000000A40000-0x0000000000A41000-memory.dmp
C:\PROGRA~3\Comodo\Cis\QUARAN~1\Temp\Cab823C.tmp
| MD5 | d59a6b36c5a94916241a3ead50222b6f |
| SHA1 | e274e9486d318c383bc4b9812844ba56f0cff3c6 |
| SHA256 | a38d01d3f024e626d579cf052ac3bd4260bb00c34bc6085977a5f4135ab09b53 |
| SHA512 | 17012307955fef045e7c13bf0613bd40df27c29778ba6572640b76c18d379e02dc478e855c9276737363d0ad09b9a94f2adaa85da9c77ebb3c2d427aa68e2489 |
C:\ProgramData\Comodo\Cis\Quarantine\Temp\Tar824F.tmp
| MD5 | b13f51572f55a2d31ed9f266d581e9ea |
| SHA1 | 7eef3111b878e159e520f34410ad87adecf0ca92 |
| SHA256 | 725980edc240c928bec5a5f743fdabeee1692144da7091cf836dc7d0997cef15 |
| SHA512 | f437202723b2817f2fef64b53d4eb67f782bdc61884c0c1890b46deca7ca63313ee2ad093428481f94edfcecd9c77da6e72b604998f7d551af959dbd6915809c |
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | 8dc1462bdd04264b22295ee3675d92d5 |
| SHA1 | 299b0bfc82ad57280d8004099a80c2bf2212b0d1 |
| SHA256 | dfd91f255bd641874ae27b41d55b875a6227dbf6772898d69e67c458e4df86bf |
| SHA512 | 2ce3357e2270887ffe616ddf5957f5729f9cc71d1ba4111764212ca12604e05b8303af6b76a8d6289dbcbd8e373f7bd7e440623422f5d2a52af2ead2fbbc561e |
memory/3360-2580-0x0000000077B90000-0x0000000077D39000-memory.dmp
memory/2816-2594-0x0000000077B90000-0x0000000077D39000-memory.dmp
memory/3360-2605-0x0000000077B90000-0x0000000077D39000-memory.dmp
memory/3360-2607-0x0000000077B90000-0x0000000077D39000-memory.dmp
memory/2816-2613-0x0000000077B90000-0x0000000077D39000-memory.dmp
memory/3360-2615-0x0000000077B90000-0x0000000077D39000-memory.dmp
memory/3360-2624-0x0000000077B90000-0x0000000077D39000-memory.dmp
memory/3360-2626-0x0000000077B90000-0x0000000077D39000-memory.dmp