Malware Analysis Report

2024-11-30 07:04

Sample ID 240601-hynftade6y
Target cav_installer.exe
SHA256 4e3da75745b7e4887965862b11ba68bc7aadf3ea000636554dfc8f0b8e3261ae
Tags
spyware stealer discovery persistence
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

4e3da75745b7e4887965862b11ba68bc7aadf3ea000636554dfc8f0b8e3261ae

Threat Level: Likely malicious

The file cav_installer.exe was found to be: Likely malicious.

Malicious Activity Summary

spyware stealer discovery persistence

Manipulates Digital Signatures

Drops file in Drivers directory

Sets service image path in registry

Reads user/profile data of web browsers

Enumerates connected drives

Checks for any installed AV software in registry

Downloads MZ/PE file

Adds Run key to start application

Checks computer location settings

Drops file in System32 directory

Drops file in Program Files directory

Modifies system executable filetype association

Executes dropped EXE

Loads dropped DLL

Drops file in Windows directory

Checks installed software on the system

Registers COM server for autorun

Enumerates physical storage devices

Suspicious use of SetWindowsHookEx

Suspicious behavior: EnumeratesProcesses

Checks processor information in registry

Modifies registry class

Modifies system certificate store

Modifies data under HKEY_USERS

Uses Volume Shadow Copy service COM API

Suspicious use of FindShellTrayWindow

Suspicious behavior: LoadsDriver

Uses Task Scheduler COM API

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-01 07:08

Signatures

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-01 07:08

Reported

2024-06-01 07:11

Platform

win10-20240404-en

Max time kernel

134s

Max time network

135s

Command Line

"C:\Users\Admin\AppData\Local\Temp\cav_installer.exe"

Signatures

Reads user/profile data of web browsers

spyware stealer

Checks for any installed AV software in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\Data C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\Testing purposes C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\COMODO\CIS\Data C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\Cam C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\Options C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\COMODO\CIS\Options C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A
Key queried \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\COMODO\CIS\Data C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\Options C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\COMODO\CIS\Data\CmcWindowsVersion = "{\"release_id\":1703,\"build\":15063,\"ubr\":0,\"major\":0}" C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\COMODO\CIS C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\Installer C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A
Key queried \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\Installer C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\Options\UsageStatHost = "cmc.comodo.com" C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\COMODO\CIS\DbgTrace\cmdinstall C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\Installer C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\Installer\Instance C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A
Key queried \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\Installer\Instance\{48222F79-874D-414E-9563-03C664764923} = "2508" C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A
Key queried \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\Options C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\COMODO\CIS\Options\Proxy C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\VolatileData C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\COMODO\CIS\Data C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\Options\UsageStatHost C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\Options\InstallerName = "cavinstallerx64" C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A

Downloads MZ/PE file

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\T: C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A
File opened (read-only) \??\X: C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A
File opened (read-only) \??\Z: C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A
File opened (read-only) \??\A: C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A
File opened (read-only) \??\E: C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A
File opened (read-only) \??\L: C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A
File opened (read-only) \??\N: C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A
File opened (read-only) \??\O: C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A
File opened (read-only) \??\S: C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A
File opened (read-only) \??\V: C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A
File opened (read-only) \??\Y: C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A
File opened (read-only) \??\B: C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A
File opened (read-only) \??\I: C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A
File opened (read-only) \??\J: C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A
File opened (read-only) \??\K: C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A
File opened (read-only) \??\M: C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A
File opened (read-only) \??\H: C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A
File opened (read-only) \??\U: C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A
File opened (read-only) \??\W: C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A
File opened (read-only) \??\G: C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A
File opened (read-only) \??\P: C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A
File opened (read-only) \??\Q: C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A
File opened (read-only) \??\R: C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A

Enumerates physical storage devices

Modifies system certificate store

evasion spyware trojan
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AFE5D244A8D1194230FF479FE2F897BBCD7A8CB4 C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\02FAF3E291435468607857694DF5E45B68851868\Blob = 0400000001000000100000001d3554048578b03f42424dbf20730a3f0f000000010000001400000009b9105c5bba24343ca7f341c624e183f6ee7c1b090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00b00000001000000260000005300650063007400690067006f00200028004100640064005400720075007300740029000000620000000100000020000000687fa451382278fff0c8b11f8d43d576671c6eb2bceab413fb83d965d06d2ff2140000000100000014000000adbd987a34b426f7fac42654ef03bde024cb541a1d000000010000001000000006f9583c00a763c23fb9e065a3366d557e0000000100000008000000000063f58926d70168000000010000000800000000409120d035d90103000000010000001400000002faf3e291435468607857694df5e45b6885186819000000010000001000000045ed9bbc5e43d3b9ecd63c060db78e5c20000000010000003a040000308204363082031ea003020102020101300d06092a864886f70d0101050500306f310b300906035504061302534531143012060355040a130b416464547275737420414231263024060355040b131d41646454727573742045787465726e616c20545450204e6574776f726b312230200603550403131941646454727573742045787465726e616c20434120526f6f74301e170d3030303533303130343833385a170d3230303533303130343833385a306f310b300906035504061302534531143012060355040a130b416464547275737420414231263024060355040b131d41646454727573742045787465726e616c20545450204e6574776f726b312230200603550403131941646454727573742045787465726e616c20434120526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100b7f71a33e6f200042d39e04e5bed1fbc6c0fcdb5fa23b6cede9b113397a4294c7d939fbd4abc93ed031ae38fcfe56d505ad69729945a80b0497adb2e95fdb8cabf37382d1e3e9141ad7056c7f04f3fe8329e74cac89054e9c65f0f789d9a403c0eac61aa5e148f9e87a16a50dcd79a4eaf05b3a671949c71b350600ac7139d38078602a8e9a869261890ab4cb04f23ab3a4f84d8dfce9fe1696fbbd742d76b44e4c7adee6d415f725a710837b37965a459a09437f7002f0dc29272dad03872db14a845c45d2a7db7b4d6c4eeaccd1344b7c92bdd430025fa61b9696a582311b7a7338f567559f5cd29d746b70a2b65b6d3426f15b2b87bfbefe95d53d5345a270203010001a381dc3081d9301d0603551d0e04160414adbd987a34b426f7fac42654ef03bde024cb541a300b0603551d0f040403020106300f0603551d130101ff040530030101ff3081990603551d2304819130818e8014adbd987a34b426f7fac42654ef03bde024cb541aa173a471306f310b300906035504061302534531143012060355040a130b416464547275737420414231263024060355040b131d41646454727573742045787465726e616c20545450204e6574776f726b312230200603550403131941646454727573742045787465726e616c20434120526f6f74820101300d06092a864886f70d01010505000382010100b09be08525c2d623e20f9606929d41989cd9847981d91e5b14072336658fb0d877bbac416c47608351b0f9323de7fcf62613c78016a5bf5afc87cf787989219ae24c070a8635bcf2de51c4d296b7dc7e4eee70fd1c39eb0c0251142d8ebd16e0c1df4675e724adecf442b48593701067ba9d06354a18d32b7acc5142a17a63d1e6bba1c52bc236be130de6bd637e797ba7090d40ab6add8f8ac3f6f68c1a420551d445f59fa76221681520433c99e77cbd24d8a9911773883f561b313818b4710f9acdc80e9e8e2e1be18c9883cb1f31f1444cc604734976600fc7f8bd17806b2ee9cc4c0e5a9a790f200a2ed59e63261e559294d882175a7bd0bcc78f4e8604 C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E\Blob = 0f000000010000003000000066b764a96581128168cf208e374dda479d54e311f32457f4aee0dbd2a6c8d171d531289e1cd22bfdbbd4cfd979625483090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0620000000100000020000000e793c9b02fd8aa13e21c31228accb08119643b749c898964b1746d46c3d4cbd21400000001000000140000005379bf5aaa2b4acf5480e1d89bc09df2b20366cb1d0000000100000010000000885010358d29a38f059b028559c95f900b00000001000000100000005300650063007400690067006f0000000300000001000000140000002b8f1b57330dbba2d07a6c51f70ee90ddab9ad8e2000000001000000e2050000308205de308203c6a003020102021001fd6d30fca3ca51a81bbc640e35032d300d06092a864886f70d01010c0500308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f72697479301e170d3130303230313030303030305a170d3338303131383233353935395a308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010080126517360ec3db08b3d0ac570d76edcd27d34cad508361e2aa204d092d6409dcce899fcc3da9ecf6cfc1dcf1d3b1d67b3728112b47da39c6bc3a19b45fa6bd7d9da36342b676f2a93b2b91f8e26fd0ec162090093ee2e874c918b491d46264db7fa306f188186a90223cbcfe13f087147bf6e41f8ed4e451c61167460851cb8614543fbc33fe7e6c9cff169d18bd518e35a6a766c87267db2166b1d49b7803c0503ae8ccf0dcbc9e4cfeaf0596351f575ab7ffcef93db72cb6f654ddc8e7123a4dae4c8ab75c9ab4b7203dca7f2234ae7e3b68660144e7014e46539b3360f794be5337907343f332c353efdbaafe744e69c76b8c6093dec4c70cdfe132aecc933b517895678bee3d56fe0cd0690f1b0ff325266b336df76e47fa7343e57e0ea566b1297c3284635589c40dc19354301913acd37d37a7eb5d3a6c355cdb41d712daa9490bdfd8808a0993628eb566cf2588cd84b8b13fa4390fd9029eeb124c957cf36b05a95e1683ccb867e2e8139dcc5b82d34cb3ed5bffdee573ac233b2d00bf3555740949d849581a7f9236e651920ef3267d1c4d17bcc9ec4326d0bf415f40a94444f499e757879e501f5754a83efd74632fb1506509e658422e431a4cb4f0254759fa041e93d426464a5081b2debe78b7fc6715e1c957841e0f63d6e962bad65f552eea5cc62808042539b80e2ba9f24c971c073f0d52f5edef2f820f0203010001a3423040301d0603551d0e041604145379bf5aaa2b4acf5480e1d89bc09df2b20366cb300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff300d06092a864886f70d01010c050003820201005cd47c0dcff7017d4199650c73c5529fcbf8cf99067f1bda43159f9e0255579614f1523c27879428ed1f3a0137a276fc5350c0849bc66b4eba8c214fa28e556291f36915d8bc88e3c4aa0bfdefa8e94b552a06206d55782919ee5f305c4b241155ff249a6e5e2a2bee0b4d9f7ff70138941495430709fb60a9ee1cab128ca09a5ea7986a596d8b3f08fbc8d145af18156490120f73282ec5e2244efc58ecf0f445fe22b3eb2f8ed2d9456105c1976fa876728f8b8c36afbf0d05ce718de6a66f1f6ca67162c5d8d083720cf16711890c9c134c7234dfbcd571dfaa71dde1b96c8c3c125d65dabd5712b6436bffe5de4d661151cf99aeec17b6e871918cde49fedd3571a21527941ccf61e326bb6fa36725215de6dd1d0b2e681b3b82afec836785d4985174b1b9998089ff7f78195c794a602e9240ae4c372a2cc9c762c80e5df7365bcae0252501b4dd1a079c77003fd0dcd5ec3dd4fabb3fcc85d66f7fa92ddfb902f7f5979ab535dac367b0874aa9289e238eff5c276be1b04ff307ee002ed45987cb524195eaf447d7ee6441557c8d590295dd629dc2b9ee5a287484a59bb790c70c07dff589367432d628c1b0b00be09c4cc31cd6fce369b54746812fa282abd3634470c48dff2d33baad8f7bb57088ae3e19cf4028d8fcc890bb5d9922f552e658c51f883143ee881dd7c68e3c436a1da718de7d3d16f162f9ca90a8fd C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AFE5D244A8D1194230FF479FE2F897BBCD7A8CB4\Blob = 0f0000000100000030000000761613f4cd8607508c3d520fbefe68773735fc73746f42a9fd6254ba3b72f0047994e5af57677cf6d2c1965984965df1090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00b000000010000003a0000005300650063007400690067006f002000280066006f0072006d00650072006c007900200043006f006d006f0064006f002000430041002900000062000000010000002000000052f0e1c4e58ec629291b60317f074671b85d7ea80d5b07273463534b32b40234140000000100000014000000bbaf7e023dfaa6f13c848eadee3898ecd93232d41d0000000100000010000000cb39c3d4272cdf63774e1db810c5a89e030000000100000014000000afe5d244a8d1194230ff479fe2f897bbcd7a8cb42000000001000000dc050000308205d8308203c0a00302010202104caaf9cadb636fe01ff74ed85b03869d300d06092a864886f70d01010c0500308185310b3009060355040613024742311b30190603550408131247726561746572204d616e636865737465723110300e0603550407130753616c666f7264311a3018060355040a1311434f4d4f444f204341204c696d69746564312b302906035504031322434f4d4f444f205253412043657274696669636174696f6e20417574686f72697479301e170d3130303131393030303030305a170d3338303131383233353935395a308185310b3009060355040613024742311b30190603550408131247726561746572204d616e636865737465723110300e0603550407130753616c666f7264311a3018060355040a1311434f4d4f444f204341204c696d69746564312b302906035504031322434f4d4f444f205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010091e85492d20a56b1ac0d24ddc5cf446774992b37a37d23700071bc53dfc4fa2a128f4b7f1056bd9f7072b7617fc94b0f17a73de3b00461eeff1197c7f4863e0afa3e5cf993e6347ad9146be79cb385a0827a76af7190d7ecfd0dfa9c6cfadfb082f4147ef9bec4a62f4f7f997fb5fc674372bd0c00d689eb6b2cd3ed8f981c14ab7ee5e36efcd8a8e49224da436b62b855fdeac1bc6cb68bf30e8d9ae49b6c6999f878483045d5ade10d3c4560fc32965127bc67c3ca2eb66bea46c7c720a0b11f65de4808baa44ea9f283463784ebe8cc814843674e722a9b5cbd4c1b288a5c227bb4ab98d9eee05183c309464e6d3e99fa9517da7c3357413c8d51ed0bb65caf2c631adf57c83fbce95dc49baf4599e2a35a24b4baa9563dcf6faaff4958bef0a8fff4b8ade937fbbab8f40b3af9e843421e89d884cb13f1d9bbe18960b88c2856ac141d9c0ae771ebcf0edd3da996a148bd3cf7afb50d224cc01181ec563bf6d3a2e25bb7b204225295809369e88e4c65f191032d707402ea8b671529695202bbd7df506a5546bfa0a328617f70d0c3a2aa2c21aa47ce289c064576bf821827b4d5aeb4cb50e66bf44c867130e9a6df1686e0d8ff40ddfbd042887fa3333a2e5c1e41118163ce18716b2beca68ab7315c3a6a47e0c37959d6201aaff26a98aa72bc574ad24b9dbb10fcb04c41e5ed1d3d5e289d9cccbfb351daa747e584530203010001a3423040301d0603551d0e04160414bbaf7e023dfaa6f13c848eadee3898ecd93232d4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff300d06092a864886f70d01010c050003820201000af1d54684b7ae51bb6cb24d411400934c9ccbe5c054cfa0258e02f9fdb0a20df520983c132dac56a2b0d67e1192e92eba9e2e9a72b1bd19446c6135a29ab41612695a8ce1d73ea41ae82f03f4ae611d101b2aa48b7ac5fe05a6e1c0d6c8fe9eae8f2bba3d99f8d8730958466ea69cf4d727d395da3783721cd373e0a2479903385dd5497900291cc7ec9b201c0724695778b239fc3a84a0b59c7c8dbf2e936227b739da1718aebd3c0968ff849b3cd5d60b03e3579e14f7d1eb4fc8bd8723b7b6494379855cbaeb920ba1c6e868a84c16b11a990ae8532c92bba10918750c65a87bcb23b71ac22885c31bffd02b62efa47b099198678c1401cd68066a6321750380888a6e81c685f2a9a42de7f4a524104783cacdf48d7958b1069be71a2ad99d01d7947ded034acaf0dbe8a9013ef55699c91e8e493dbbe509b9e04f49923d168240cccc59c6e63aed122e693c6c95b1fdaa1d7b7f86be1e0e3246fbfb138f757f4c8b4b4663fe00344070c1c3b9a1dda670e204b341bce98091ea649c7ae12203a99c6e6f0e654f6c87875ef36ea0f975a59b40e853b2279d4ab9c077218dff87f2debc8cef17dfb7490bd1f26e300b1a0e4e76ed11fcf5e956b27dbfc76d0a938ca5d0c0b61dbe3a4e94a2d76e6c0bc28a7cfa20f3c4e4e5cd0da8cb9192b17c85ecb51469660e82e7cdcec82da6517f21c1355385064a5d9fadbb1b5f74 C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AFE5D244A8D1194230FF479FE2F897BBCD7A8CB4\Blob = 19000000010000001000000082218ffb91733e64136be5719f57c3a1030000000100000014000000afe5d244a8d1194230ff479fe2f897bbcd7a8cb41d0000000100000010000000cb39c3d4272cdf63774e1db810c5a89e140000000100000014000000bbaf7e023dfaa6f13c848eadee3898ecd93232d462000000010000002000000052f0e1c4e58ec629291b60317f074671b85d7ea80d5b07273463534b32b402340b000000010000003a0000005300650063007400690067006f002000280066006f0072006d00650072006c007900200043006f006d006f0064006f002000430041002900000053000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f0000000100000030000000761613f4cd8607508c3d520fbefe68773735fc73746f42a9fd6254ba3b72f0047994e5af57677cf6d2c1965984965df12000000001000000dc050000308205d8308203c0a00302010202104caaf9cadb636fe01ff74ed85b03869d300d06092a864886f70d01010c0500308185310b3009060355040613024742311b30190603550408131247726561746572204d616e636865737465723110300e0603550407130753616c666f7264311a3018060355040a1311434f4d4f444f204341204c696d69746564312b302906035504031322434f4d4f444f205253412043657274696669636174696f6e20417574686f72697479301e170d3130303131393030303030305a170d3338303131383233353935395a308185310b3009060355040613024742311b30190603550408131247726561746572204d616e636865737465723110300e0603550407130753616c666f7264311a3018060355040a1311434f4d4f444f204341204c696d69746564312b302906035504031322434f4d4f444f205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010091e85492d20a56b1ac0d24ddc5cf446774992b37a37d23700071bc53dfc4fa2a128f4b7f1056bd9f7072b7617fc94b0f17a73de3b00461eeff1197c7f4863e0afa3e5cf993e6347ad9146be79cb385a0827a76af7190d7ecfd0dfa9c6cfadfb082f4147ef9bec4a62f4f7f997fb5fc674372bd0c00d689eb6b2cd3ed8f981c14ab7ee5e36efcd8a8e49224da436b62b855fdeac1bc6cb68bf30e8d9ae49b6c6999f878483045d5ade10d3c4560fc32965127bc67c3ca2eb66bea46c7c720a0b11f65de4808baa44ea9f283463784ebe8cc814843674e722a9b5cbd4c1b288a5c227bb4ab98d9eee05183c309464e6d3e99fa9517da7c3357413c8d51ed0bb65caf2c631adf57c83fbce95dc49baf4599e2a35a24b4baa9563dcf6faaff4958bef0a8fff4b8ade937fbbab8f40b3af9e843421e89d884cb13f1d9bbe18960b88c2856ac141d9c0ae771ebcf0edd3da996a148bd3cf7afb50d224cc01181ec563bf6d3a2e25bb7b204225295809369e88e4c65f191032d707402ea8b671529695202bbd7df506a5546bfa0a328617f70d0c3a2aa2c21aa47ce289c064576bf821827b4d5aeb4cb50e66bf44c867130e9a6df1686e0d8ff40ddfbd042887fa3333a2e5c1e41118163ce18716b2beca68ab7315c3a6a47e0c37959d6201aaff26a98aa72bc574ad24b9dbb10fcb04c41e5ed1d3d5e289d9cccbfb351daa747e584530203010001a3423040301d0603551d0e04160414bbaf7e023dfaa6f13c848eadee3898ecd93232d4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff300d06092a864886f70d01010c050003820201000af1d54684b7ae51bb6cb24d411400934c9ccbe5c054cfa0258e02f9fdb0a20df520983c132dac56a2b0d67e1192e92eba9e2e9a72b1bd19446c6135a29ab41612695a8ce1d73ea41ae82f03f4ae611d101b2aa48b7ac5fe05a6e1c0d6c8fe9eae8f2bba3d99f8d8730958466ea69cf4d727d395da3783721cd373e0a2479903385dd5497900291cc7ec9b201c0724695778b239fc3a84a0b59c7c8dbf2e936227b739da1718aebd3c0968ff849b3cd5d60b03e3579e14f7d1eb4fc8bd8723b7b6494379855cbaeb920ba1c6e868a84c16b11a990ae8532c92bba10918750c65a87bcb23b71ac22885c31bffd02b62efa47b099198678c1401cd68066a6321750380888a6e81c685f2a9a42de7f4a524104783cacdf48d7958b1069be71a2ad99d01d7947ded034acaf0dbe8a9013ef55699c91e8e493dbbe509b9e04f49923d168240cccc59c6e63aed122e693c6c95b1fdaa1d7b7f86be1e0e3246fbfb138f757f4c8b4b4663fe00344070c1c3b9a1dda670e204b341bce98091ea649c7ae12203a99c6e6f0e654f6c87875ef36ea0f975a59b40e853b2279d4ab9c077218dff87f2debc8cef17dfb7490bd1f26e300b1a0e4e76ed11fcf5e956b27dbfc76d0a938ca5d0c0b61dbe3a4e94a2d76e6c0bc28a7cfa20f3c4e4e5cd0da8cb9192b17c85ecb51469660e82e7cdcec82da6517f21c1355385064a5d9fadbb1b5f74 C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E\Blob = 0400000001000000100000001bfe69d191b71933a372a80fe155e5b50f000000010000003000000066b764a96581128168cf208e374dda479d54e311f32457f4aee0dbd2a6c8d171d531289e1cd22bfdbbd4cfd979625483090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0620000000100000020000000e793c9b02fd8aa13e21c31228accb08119643b749c898964b1746d46c3d4cbd21400000001000000140000005379bf5aaa2b4acf5480e1d89bc09df2b20366cb1d0000000100000010000000885010358d29a38f059b028559c95f900b00000001000000100000005300650063007400690067006f0000000300000001000000140000002b8f1b57330dbba2d07a6c51f70ee90ddab9ad8e190000000100000010000000ea6089055218053dd01e37e1d806eedf2000000001000000e2050000308205de308203c6a003020102021001fd6d30fca3ca51a81bbc640e35032d300d06092a864886f70d01010c0500308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f72697479301e170d3130303230313030303030305a170d3338303131383233353935395a308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010080126517360ec3db08b3d0ac570d76edcd27d34cad508361e2aa204d092d6409dcce899fcc3da9ecf6cfc1dcf1d3b1d67b3728112b47da39c6bc3a19b45fa6bd7d9da36342b676f2a93b2b91f8e26fd0ec162090093ee2e874c918b491d46264db7fa306f188186a90223cbcfe13f087147bf6e41f8ed4e451c61167460851cb8614543fbc33fe7e6c9cff169d18bd518e35a6a766c87267db2166b1d49b7803c0503ae8ccf0dcbc9e4cfeaf0596351f575ab7ffcef93db72cb6f654ddc8e7123a4dae4c8ab75c9ab4b7203dca7f2234ae7e3b68660144e7014e46539b3360f794be5337907343f332c353efdbaafe744e69c76b8c6093dec4c70cdfe132aecc933b517895678bee3d56fe0cd0690f1b0ff325266b336df76e47fa7343e57e0ea566b1297c3284635589c40dc19354301913acd37d37a7eb5d3a6c355cdb41d712daa9490bdfd8808a0993628eb566cf2588cd84b8b13fa4390fd9029eeb124c957cf36b05a95e1683ccb867e2e8139dcc5b82d34cb3ed5bffdee573ac233b2d00bf3555740949d849581a7f9236e651920ef3267d1c4d17bcc9ec4326d0bf415f40a94444f499e757879e501f5754a83efd74632fb1506509e658422e431a4cb4f0254759fa041e93d426464a5081b2debe78b7fc6715e1c957841e0f63d6e962bad65f552eea5cc62808042539b80e2ba9f24c971c073f0d52f5edef2f820f0203010001a3423040301d0603551d0e041604145379bf5aaa2b4acf5480e1d89bc09df2b20366cb300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff300d06092a864886f70d01010c050003820201005cd47c0dcff7017d4199650c73c5529fcbf8cf99067f1bda43159f9e0255579614f1523c27879428ed1f3a0137a276fc5350c0849bc66b4eba8c214fa28e556291f36915d8bc88e3c4aa0bfdefa8e94b552a06206d55782919ee5f305c4b241155ff249a6e5e2a2bee0b4d9f7ff70138941495430709fb60a9ee1cab128ca09a5ea7986a596d8b3f08fbc8d145af18156490120f73282ec5e2244efc58ecf0f445fe22b3eb2f8ed2d9456105c1976fa876728f8b8c36afbf0d05ce718de6a66f1f6ca67162c5d8d083720cf16711890c9c134c7234dfbcd571dfaa71dde1b96c8c3c125d65dabd5712b6436bffe5de4d661151cf99aeec17b6e871918cde49fedd3571a21527941ccf61e326bb6fa36725215de6dd1d0b2e681b3b82afec836785d4985174b1b9998089ff7f78195c794a602e9240ae4c372a2cc9c762c80e5df7365bcae0252501b4dd1a079c77003fd0dcd5ec3dd4fabb3fcc85d66f7fa92ddfb902f7f5979ab535dac367b0874aa9289e238eff5c276be1b04ff307ee002ed45987cb524195eaf447d7ee6441557c8d590295dd629dc2b9ee5a287484a59bb790c70c07dff589367432d628c1b0b00be09c4cc31cd6fce369b54746812fa282abd3634470c48dff2d33baad8f7bb57088ae3e19cf4028d8fcc890bb5d9922f552e658c51f883143ee881dd7c68e3c436a1da718de7d3d16f162f9ca90a8fd C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E\Blob = 5c000000010000000400000000100000190000000100000010000000ea6089055218053dd01e37e1d806eedf0300000001000000140000002b8f1b57330dbba2d07a6c51f70ee90ddab9ad8e0b00000001000000100000005300650063007400690067006f0000001d0000000100000010000000885010358d29a38f059b028559c95f901400000001000000140000005379bf5aaa2b4acf5480e1d89bc09df2b20366cb620000000100000020000000e793c9b02fd8aa13e21c31228accb08119643b749c898964b1746d46c3d4cbd253000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f000000010000003000000066b764a96581128168cf208e374dda479d54e311f32457f4aee0dbd2a6c8d171d531289e1cd22bfdbbd4cfd9796254830400000001000000100000001bfe69d191b71933a372a80fe155e5b52000000001000000e2050000308205de308203c6a003020102021001fd6d30fca3ca51a81bbc640e35032d300d06092a864886f70d01010c0500308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f72697479301e170d3130303230313030303030305a170d3338303131383233353935395a308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010080126517360ec3db08b3d0ac570d76edcd27d34cad508361e2aa204d092d6409dcce899fcc3da9ecf6cfc1dcf1d3b1d67b3728112b47da39c6bc3a19b45fa6bd7d9da36342b676f2a93b2b91f8e26fd0ec162090093ee2e874c918b491d46264db7fa306f188186a90223cbcfe13f087147bf6e41f8ed4e451c61167460851cb8614543fbc33fe7e6c9cff169d18bd518e35a6a766c87267db2166b1d49b7803c0503ae8ccf0dcbc9e4cfeaf0596351f575ab7ffcef93db72cb6f654ddc8e7123a4dae4c8ab75c9ab4b7203dca7f2234ae7e3b68660144e7014e46539b3360f794be5337907343f332c353efdbaafe744e69c76b8c6093dec4c70cdfe132aecc933b517895678bee3d56fe0cd0690f1b0ff325266b336df76e47fa7343e57e0ea566b1297c3284635589c40dc19354301913acd37d37a7eb5d3a6c355cdb41d712daa9490bdfd8808a0993628eb566cf2588cd84b8b13fa4390fd9029eeb124c957cf36b05a95e1683ccb867e2e8139dcc5b82d34cb3ed5bffdee573ac233b2d00bf3555740949d849581a7f9236e651920ef3267d1c4d17bcc9ec4326d0bf415f40a94444f499e757879e501f5754a83efd74632fb1506509e658422e431a4cb4f0254759fa041e93d426464a5081b2debe78b7fc6715e1c957841e0f63d6e962bad65f552eea5cc62808042539b80e2ba9f24c971c073f0d52f5edef2f820f0203010001a3423040301d0603551d0e041604145379bf5aaa2b4acf5480e1d89bc09df2b20366cb300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff300d06092a864886f70d01010c050003820201005cd47c0dcff7017d4199650c73c5529fcbf8cf99067f1bda43159f9e0255579614f1523c27879428ed1f3a0137a276fc5350c0849bc66b4eba8c214fa28e556291f36915d8bc88e3c4aa0bfdefa8e94b552a06206d55782919ee5f305c4b241155ff249a6e5e2a2bee0b4d9f7ff70138941495430709fb60a9ee1cab128ca09a5ea7986a596d8b3f08fbc8d145af18156490120f73282ec5e2244efc58ecf0f445fe22b3eb2f8ed2d9456105c1976fa876728f8b8c36afbf0d05ce718de6a66f1f6ca67162c5d8d083720cf16711890c9c134c7234dfbcd571dfaa71dde1b96c8c3c125d65dabd5712b6436bffe5de4d661151cf99aeec17b6e871918cde49fedd3571a21527941ccf61e326bb6fa36725215de6dd1d0b2e681b3b82afec836785d4985174b1b9998089ff7f78195c794a602e9240ae4c372a2cc9c762c80e5df7365bcae0252501b4dd1a079c77003fd0dcd5ec3dd4fabb3fcc85d66f7fa92ddfb902f7f5979ab535dac367b0874aa9289e238eff5c276be1b04ff307ee002ed45987cb524195eaf447d7ee6441557c8d590295dd629dc2b9ee5a287484a59bb790c70c07dff589367432d628c1b0b00be09c4cc31cd6fce369b54746812fa282abd3634470c48dff2d33baad8f7bb57088ae3e19cf4028d8fcc890bb5d9922f552e658c51f883143ee881dd7c68e3c436a1da718de7d3d16f162f9ca90a8fd C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AFE5D244A8D1194230FF479FE2F897BBCD7A8CB4\Blob = 0400000001000000100000001b31b0714036cc143691adc43efdec180f0000000100000030000000761613f4cd8607508c3d520fbefe68773735fc73746f42a9fd6254ba3b72f0047994e5af57677cf6d2c1965984965df1090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00b000000010000003a0000005300650063007400690067006f002000280066006f0072006d00650072006c007900200043006f006d006f0064006f002000430041002900000062000000010000002000000052f0e1c4e58ec629291b60317f074671b85d7ea80d5b07273463534b32b40234140000000100000014000000bbaf7e023dfaa6f13c848eadee3898ecd93232d41d0000000100000010000000cb39c3d4272cdf63774e1db810c5a89e030000000100000014000000afe5d244a8d1194230ff479fe2f897bbcd7a8cb419000000010000001000000082218ffb91733e64136be5719f57c3a12000000001000000dc050000308205d8308203c0a00302010202104caaf9cadb636fe01ff74ed85b03869d300d06092a864886f70d01010c0500308185310b3009060355040613024742311b30190603550408131247726561746572204d616e636865737465723110300e0603550407130753616c666f7264311a3018060355040a1311434f4d4f444f204341204c696d69746564312b302906035504031322434f4d4f444f205253412043657274696669636174696f6e20417574686f72697479301e170d3130303131393030303030305a170d3338303131383233353935395a308185310b3009060355040613024742311b30190603550408131247726561746572204d616e636865737465723110300e0603550407130753616c666f7264311a3018060355040a1311434f4d4f444f204341204c696d69746564312b302906035504031322434f4d4f444f205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010091e85492d20a56b1ac0d24ddc5cf446774992b37a37d23700071bc53dfc4fa2a128f4b7f1056bd9f7072b7617fc94b0f17a73de3b00461eeff1197c7f4863e0afa3e5cf993e6347ad9146be79cb385a0827a76af7190d7ecfd0dfa9c6cfadfb082f4147ef9bec4a62f4f7f997fb5fc674372bd0c00d689eb6b2cd3ed8f981c14ab7ee5e36efcd8a8e49224da436b62b855fdeac1bc6cb68bf30e8d9ae49b6c6999f878483045d5ade10d3c4560fc32965127bc67c3ca2eb66bea46c7c720a0b11f65de4808baa44ea9f283463784ebe8cc814843674e722a9b5cbd4c1b288a5c227bb4ab98d9eee05183c309464e6d3e99fa9517da7c3357413c8d51ed0bb65caf2c631adf57c83fbce95dc49baf4599e2a35a24b4baa9563dcf6faaff4958bef0a8fff4b8ade937fbbab8f40b3af9e843421e89d884cb13f1d9bbe18960b88c2856ac141d9c0ae771ebcf0edd3da996a148bd3cf7afb50d224cc01181ec563bf6d3a2e25bb7b204225295809369e88e4c65f191032d707402ea8b671529695202bbd7df506a5546bfa0a328617f70d0c3a2aa2c21aa47ce289c064576bf821827b4d5aeb4cb50e66bf44c867130e9a6df1686e0d8ff40ddfbd042887fa3333a2e5c1e41118163ce18716b2beca68ab7315c3a6a47e0c37959d6201aaff26a98aa72bc574ad24b9dbb10fcb04c41e5ed1d3d5e289d9cccbfb351daa747e584530203010001a3423040301d0603551d0e04160414bbaf7e023dfaa6f13c848eadee3898ecd93232d4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff300d06092a864886f70d01010c050003820201000af1d54684b7ae51bb6cb24d411400934c9ccbe5c054cfa0258e02f9fdb0a20df520983c132dac56a2b0d67e1192e92eba9e2e9a72b1bd19446c6135a29ab41612695a8ce1d73ea41ae82f03f4ae611d101b2aa48b7ac5fe05a6e1c0d6c8fe9eae8f2bba3d99f8d8730958466ea69cf4d727d395da3783721cd373e0a2479903385dd5497900291cc7ec9b201c0724695778b239fc3a84a0b59c7c8dbf2e936227b739da1718aebd3c0968ff849b3cd5d60b03e3579e14f7d1eb4fc8bd8723b7b6494379855cbaeb920ba1c6e868a84c16b11a990ae8532c92bba10918750c65a87bcb23b71ac22885c31bffd02b62efa47b099198678c1401cd68066a6321750380888a6e81c685f2a9a42de7f4a524104783cacdf48d7958b1069be71a2ad99d01d7947ded034acaf0dbe8a9013ef55699c91e8e493dbbe509b9e04f49923d168240cccc59c6e63aed122e693c6c95b1fdaa1d7b7f86be1e0e3246fbfb138f757f4c8b4b4663fe00344070c1c3b9a1dda670e204b341bce98091ea649c7ae12203a99c6e6f0e654f6c87875ef36ea0f975a59b40e853b2279d4ab9c077218dff87f2debc8cef17dfb7490bd1f26e300b1a0e4e76ed11fcf5e956b27dbfc76d0a938ca5d0c0b61dbe3a4e94a2d76e6c0bc28a7cfa20f3c4e4e5cd0da8cb9192b17c85ecb51469660e82e7cdcec82da6517f21c1355385064a5d9fadbb1b5f74 C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AFE5D244A8D1194230FF479FE2F897BBCD7A8CB4\Blob = 5c00000001000000040000000010000019000000010000001000000082218ffb91733e64136be5719f57c3a1030000000100000014000000afe5d244a8d1194230ff479fe2f897bbcd7a8cb41d0000000100000010000000cb39c3d4272cdf63774e1db810c5a89e140000000100000014000000bbaf7e023dfaa6f13c848eadee3898ecd93232d462000000010000002000000052f0e1c4e58ec629291b60317f074671b85d7ea80d5b07273463534b32b402340b000000010000003a0000005300650063007400690067006f002000280066006f0072006d00650072006c007900200043006f006d006f0064006f002000430041002900000053000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f0000000100000030000000761613f4cd8607508c3d520fbefe68773735fc73746f42a9fd6254ba3b72f0047994e5af57677cf6d2c1965984965df10400000001000000100000001b31b0714036cc143691adc43efdec182000000001000000dc050000308205d8308203c0a00302010202104caaf9cadb636fe01ff74ed85b03869d300d06092a864886f70d01010c0500308185310b3009060355040613024742311b30190603550408131247726561746572204d616e636865737465723110300e0603550407130753616c666f7264311a3018060355040a1311434f4d4f444f204341204c696d69746564312b302906035504031322434f4d4f444f205253412043657274696669636174696f6e20417574686f72697479301e170d3130303131393030303030305a170d3338303131383233353935395a308185310b3009060355040613024742311b30190603550408131247726561746572204d616e636865737465723110300e0603550407130753616c666f7264311a3018060355040a1311434f4d4f444f204341204c696d69746564312b302906035504031322434f4d4f444f205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010091e85492d20a56b1ac0d24ddc5cf446774992b37a37d23700071bc53dfc4fa2a128f4b7f1056bd9f7072b7617fc94b0f17a73de3b00461eeff1197c7f4863e0afa3e5cf993e6347ad9146be79cb385a0827a76af7190d7ecfd0dfa9c6cfadfb082f4147ef9bec4a62f4f7f997fb5fc674372bd0c00d689eb6b2cd3ed8f981c14ab7ee5e36efcd8a8e49224da436b62b855fdeac1bc6cb68bf30e8d9ae49b6c6999f878483045d5ade10d3c4560fc32965127bc67c3ca2eb66bea46c7c720a0b11f65de4808baa44ea9f283463784ebe8cc814843674e722a9b5cbd4c1b288a5c227bb4ab98d9eee05183c309464e6d3e99fa9517da7c3357413c8d51ed0bb65caf2c631adf57c83fbce95dc49baf4599e2a35a24b4baa9563dcf6faaff4958bef0a8fff4b8ade937fbbab8f40b3af9e843421e89d884cb13f1d9bbe18960b88c2856ac141d9c0ae771ebcf0edd3da996a148bd3cf7afb50d224cc01181ec563bf6d3a2e25bb7b204225295809369e88e4c65f191032d707402ea8b671529695202bbd7df506a5546bfa0a328617f70d0c3a2aa2c21aa47ce289c064576bf821827b4d5aeb4cb50e66bf44c867130e9a6df1686e0d8ff40ddfbd042887fa3333a2e5c1e41118163ce18716b2beca68ab7315c3a6a47e0c37959d6201aaff26a98aa72bc574ad24b9dbb10fcb04c41e5ed1d3d5e289d9cccbfb351daa747e584530203010001a3423040301d0603551d0e04160414bbaf7e023dfaa6f13c848eadee3898ecd93232d4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff300d06092a864886f70d01010c050003820201000af1d54684b7ae51bb6cb24d411400934c9ccbe5c054cfa0258e02f9fdb0a20df520983c132dac56a2b0d67e1192e92eba9e2e9a72b1bd19446c6135a29ab41612695a8ce1d73ea41ae82f03f4ae611d101b2aa48b7ac5fe05a6e1c0d6c8fe9eae8f2bba3d99f8d8730958466ea69cf4d727d395da3783721cd373e0a2479903385dd5497900291cc7ec9b201c0724695778b239fc3a84a0b59c7c8dbf2e936227b739da1718aebd3c0968ff849b3cd5d60b03e3579e14f7d1eb4fc8bd8723b7b6494379855cbaeb920ba1c6e868a84c16b11a990ae8532c92bba10918750c65a87bcb23b71ac22885c31bffd02b62efa47b099198678c1401cd68066a6321750380888a6e81c685f2a9a42de7f4a524104783cacdf48d7958b1069be71a2ad99d01d7947ded034acaf0dbe8a9013ef55699c91e8e493dbbe509b9e04f49923d168240cccc59c6e63aed122e693c6c95b1fdaa1d7b7f86be1e0e3246fbfb138f757f4c8b4b4663fe00344070c1c3b9a1dda670e204b341bce98091ea649c7ae12203a99c6e6f0e654f6c87875ef36ea0f975a59b40e853b2279d4ab9c077218dff87f2debc8cef17dfb7490bd1f26e300b1a0e4e76ed11fcf5e956b27dbfc76d0a938ca5d0c0b61dbe3a4e94a2d76e6c0bc28a7cfa20f3c4e4e5cd0da8cb9192b17c85ecb51469660e82e7cdcec82da6517f21c1355385064a5d9fadbb1b5f74 C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\02FAF3E291435468607857694DF5E45B68851868 C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\02FAF3E291435468607857694DF5E45B68851868\Blob = 5c00000001000000040000000008000019000000010000001000000045ed9bbc5e43d3b9ecd63c060db78e5c03000000010000001400000002faf3e291435468607857694df5e45b6885186868000000010000000800000000409120d035d9017e0000000100000008000000000063f58926d7011d000000010000001000000006f9583c00a763c23fb9e065a3366d55140000000100000014000000adbd987a34b426f7fac42654ef03bde024cb541a620000000100000020000000687fa451382278fff0c8b11f8d43d576671c6eb2bceab413fb83d965d06d2ff20b00000001000000260000005300650063007400690067006f0020002800410064006400540072007500730074002900000053000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f000000010000001400000009b9105c5bba24343ca7f341c624e183f6ee7c1b0400000001000000100000001d3554048578b03f42424dbf20730a3f20000000010000003a040000308204363082031ea003020102020101300d06092a864886f70d0101050500306f310b300906035504061302534531143012060355040a130b416464547275737420414231263024060355040b131d41646454727573742045787465726e616c20545450204e6574776f726b312230200603550403131941646454727573742045787465726e616c20434120526f6f74301e170d3030303533303130343833385a170d3230303533303130343833385a306f310b300906035504061302534531143012060355040a130b416464547275737420414231263024060355040b131d41646454727573742045787465726e616c20545450204e6574776f726b312230200603550403131941646454727573742045787465726e616c20434120526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100b7f71a33e6f200042d39e04e5bed1fbc6c0fcdb5fa23b6cede9b113397a4294c7d939fbd4abc93ed031ae38fcfe56d505ad69729945a80b0497adb2e95fdb8cabf37382d1e3e9141ad7056c7f04f3fe8329e74cac89054e9c65f0f789d9a403c0eac61aa5e148f9e87a16a50dcd79a4eaf05b3a671949c71b350600ac7139d38078602a8e9a869261890ab4cb04f23ab3a4f84d8dfce9fe1696fbbd742d76b44e4c7adee6d415f725a710837b37965a459a09437f7002f0dc29272dad03872db14a845c45d2a7db7b4d6c4eeaccd1344b7c92bdd430025fa61b9696a582311b7a7338f567559f5cd29d746b70a2b65b6d3426f15b2b87bfbefe95d53d5345a270203010001a381dc3081d9301d0603551d0e04160414adbd987a34b426f7fac42654ef03bde024cb541a300b0603551d0f040403020106300f0603551d130101ff040530030101ff3081990603551d2304819130818e8014adbd987a34b426f7fac42654ef03bde024cb541aa173a471306f310b300906035504061302534531143012060355040a130b416464547275737420414231263024060355040b131d41646454727573742045787465726e616c20545450204e6574776f726b312230200603550403131941646454727573742045787465726e616c20434120526f6f74820101300d06092a864886f70d01010505000382010100b09be08525c2d623e20f9606929d41989cd9847981d91e5b14072336658fb0d877bbac416c47608351b0f9323de7fcf62613c78016a5bf5afc87cf787989219ae24c070a8635bcf2de51c4d296b7dc7e4eee70fd1c39eb0c0251142d8ebd16e0c1df4675e724adecf442b48593701067ba9d06354a18d32b7acc5142a17a63d1e6bba1c52bc236be130de6bd637e797ba7090d40ab6add8f8ac3f6f68c1a420551d445f59fa76221681520433c99e77cbd24d8a9911773883f561b313818b4710f9acdc80e9e8e2e1be18c9883cb1f31f1444cc604734976600fc7f8bd17806b2ee9cc4c0e5a9a790f200a2ed59e63261e559294d882175a7bd0bcc78f4e8604 C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeTcbPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\cav_installer.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\cav_installer.exe

"C:\Users\Admin\AppData\Local\Temp\cav_installer.exe"

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe

"C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe" -log -setupname "cav_installer.exe" -sfx "C:\Users\Admin\AppData\Local\Temp" -theme lycia -type web -mode cavfree

Network

Country Destination Domain Proto
US 8.8.8.8:53 25.24.18.2.in-addr.arpa udp
US 8.8.8.8:53 23.149.64.172.in-addr.arpa udp
US 8.8.8.8:53 download.comodo.com udp
US 162.255.25.209:443 download.comodo.com tcp
US 8.8.8.8:53 cdn.download.comodo.com udp
FR 185.93.2.251:443 cdn.download.comodo.com tcp
US 8.8.8.8:53 209.25.255.162.in-addr.arpa udp
US 162.255.25.209:443 download.comodo.com tcp
US 8.8.8.8:53 251.2.93.185.in-addr.arpa udp
US 162.255.25.209:443 download.comodo.com tcp
US 162.255.25.209:443 download.comodo.com tcp
FR 185.93.2.251:443 cdn.download.comodo.com tcp
US 8.8.8.8:53 download.adtrustmedia.com udp
US 162.255.25.209:443 download.comodo.com tcp
US 69.57.168.134:443 download.adtrustmedia.com tcp
US 162.255.25.209:443 download.comodo.com tcp
US 8.8.8.8:53 cdn.download.comodo.com udp
FR 185.93.2.244:443 cdn.download.comodo.com tcp
US 162.255.25.209:443 download.comodo.com tcp
US 162.255.25.209:443 download.comodo.com tcp
FR 185.93.2.244:443 cdn.download.comodo.com tcp
US 8.8.8.8:53 244.2.93.185.in-addr.arpa udp
US 162.255.25.209:443 download.comodo.com tcp
FR 185.93.2.244:443 cdn.download.comodo.com tcp
US 162.255.25.209:443 download.comodo.com tcp
FR 185.93.2.244:443 cdn.download.comodo.com tcp
US 162.255.25.209:443 download.comodo.com tcp
FR 185.93.2.244:443 cdn.download.comodo.com tcp
US 162.255.25.209:443 download.comodo.com tcp
FR 185.93.2.244:443 cdn.download.comodo.com tcp
US 162.255.25.209:443 download.comodo.com tcp
FR 185.93.2.244:443 cdn.download.comodo.com tcp
US 162.255.25.209:443 download.comodo.com tcp
FR 185.93.2.244:443 cdn.download.comodo.com tcp
US 69.57.168.134:443 download.adtrustmedia.com tcp
US 8.8.8.8:53 download.comodo.com udp
US 162.255.25.209:443 download.comodo.com tcp
US 162.255.25.209:443 download.comodo.com tcp
US 8.8.8.8:53 cdn.download.comodo.com udp
FR 185.93.2.251:443 cdn.download.comodo.com tcp
US 162.255.25.209:443 download.comodo.com tcp
FR 185.93.2.251:443 cdn.download.comodo.com tcp
US 162.255.25.209:443 download.comodo.com tcp
FR 185.93.2.251:443 cdn.download.comodo.com tcp
US 162.255.25.209:443 download.comodo.com tcp
FR 185.93.2.251:443 cdn.download.comodo.com tcp
US 162.255.25.209:443 download.comodo.com tcp
FR 185.93.2.251:443 cdn.download.comodo.com tcp
US 8.8.8.8:53 cmc.comodo.com udp
GB 178.255.85.135:443 cmc.comodo.com tcp
US 8.8.8.8:53 licensing.security.comodo.com udp
US 8.8.8.8:53 licensing.security.comodo.com udp
US 45.32.1.220:443 licensing.security.comodo.com tcp
US 45.32.1.220:443 licensing.security.comodo.com tcp
US 45.32.1.220:443 licensing.security.comodo.com tcp
US 8.8.8.8:53 cmc.comodo.com udp
GB 178.255.85.135:443 cmc.comodo.com tcp
US 8.8.8.8:53 16.24.18.2.in-addr.arpa udp
US 8.8.8.8:53 cis.td.security.comodo.com udp
US 209.127.178.102:443 cis.td.security.comodo.com tcp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp
US 209.127.178.76:443 cis.td.security.comodo.com tcp
US 8.8.8.8:53 76.178.127.209.in-addr.arpa udp
US 8.8.8.8:53 95.16.208.104.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe

MD5 74cf93a3d559a630911fc94568b99e1e
SHA1 a5f164154e164174c715e493f440b1935ec53af8
SHA256 fe82eb2103b177370e742aee40a2b840805516ff23867f6b9bd3655a401eb50b
SHA512 c000d512e270d7f89058fe52a3ecfac6f60462eed21b134ebb57640cc6425e7ece9b6ce683acc666d8358875c8d621497a8e3eb95b4ad72311efb9d12c03100a

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\7za.dll

MD5 7baac18fb157c76574ca3d7a2f5eb193
SHA1 6460577ce621fa28133096073376f6a88f8acd61
SHA256 347144ae998d96c6b8664abf56f3ff8cfa4dcdfd6e13205d7e8ee2f3b77eefc2
SHA512 513cc213da81db470f8675c29162f4b724bb92a690edd451025eb68588971eebb937f88cc5a659222f2bbbd99440aa56800bf4167bb8912ea87a0b2648b002ea

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdhtml.dll

MD5 6d9aa26bb18af69dc74ae8e822eb53dd
SHA1 6ef20da9b9e70afa742f047f1c6f9d3e58290450
SHA256 cf140523b8834de1c37efa29b02adcdc88babc0f8ee90ba93dd98c260d7036c3
SHA512 3a9e8f15d207e98bb182f8d1838e93dba9750e6cfc79b72aab0706f969866447e50b3ab28bc1768a7cac7e7733cde80085cabcefefae0d287f08374578935c36

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\themes\ilycia.set

MD5 7b85f91536c8342ac64d3edece2af7fe
SHA1 1e28c62364f606f03078e985222a2e3400a483c6
SHA256 918e7aad857776a895ecdf850665c355026882bcf1e0eba279ff4f7aa4b6bbae
SHA512 42cbaca95018eba8b05d3d586dbe8537ec1130af9edd813c4e7affef88c804a4ae65d9a446a95326508cd21da03a7e6a7969f6de5a68e69ce86c827f4308ac5a

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdres.dll

MD5 a4b3e07a9d407bca7a0ed76ea7c4945f
SHA1 af16d87110e2f9e64d5c35a6d522151b69377bbc
SHA256 b115a17e7500dbc34cce1f8e84a59f072a26ad49be5dcde6ac5908e4d2ad3555
SHA512 77c6ba298f5bd4c04192660d365d2a45ecb23fa441818735bd01050677037e1976670dcb457b6684343fbccb02a6fcfd98f22ae9f2de263057157917ee28d981

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\installer_langdata.bin

MD5 b80eda6258e28b537651f8e5ebd997ff
SHA1 826741e138e8342f4bc3303838e347a44bb93546
SHA256 6e960dfed451c2dfb99352d25d3df8dd46fe7d80c9af79805c0cfbd1a99a2709
SHA512 9fce1cb5fe8b6a2bc4d13c1ca3ec31c926c6dd33717f145da6952ae33144eb11a6ee9e751e1d3e2d5d6ce7768e9f9602773a917d9f5f8473670e6d631b932b74

C:\ProgramData\Comodo Downloader\cis\download\installs\8050\installer_data\binaries\files_info.dat

MD5 f42c56a1f750bdf43155a2aee0f1407c
SHA1 0929dd9594fccffe5e7e43ea33a5eb6467afab0b
SHA256 86e8a71d1327fe5f26901c8a7d10bac322dce1ff621e1339db9c7b6ab905244c
SHA512 31dc56d6455391a0075ab59d438335c9d38da43e1ef974bcdf14be059d63d48f8a8f7a1f6cd9eb5e790519a3824f59387abafef48417bbeb74e34b526646b8d9

Analysis: behavioral3

Detonation Overview

Submitted

2024-06-01 07:08

Reported

2024-06-01 07:11

Platform

win10v2004-20240508-en

Max time kernel

148s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\cav_installer.exe"

Signatures

Reads user/profile data of web browsers

spyware stealer

Checks for any installed AV software in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\COMODO\CIS\Options C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\COMODO\CIS\Data C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A
Key queried \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A
Key queried \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\Options C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\Options\UsageStatHost = "cmc.comodo.com" C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\COMODO\CIS C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\Data C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\Options C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\Options C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\COMODO\CIS\Data\CmcWindowsVersion = "{\"release_id\":2004,\"build\":19041,\"ubr\":1288,\"major\":0}" C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\COMODO\CIS\DbgTrace\cmdinstall C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\Cam C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\Installer\Instance\{48222F79-874D-414E-9563-03C664764923} = "1264" C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\Options\InstallerName = "cavinstallerx64" C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\Options\UsageStatHost C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\Installer C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\VolatileData C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\COMODO\CIS\Options\Proxy C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\Installer\Instance C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\Installer C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A
Key queried \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\COMODO\CIS\Data C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\Testing purposes C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A
Key queried \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\Installer C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\COMODO\CIS\Data C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A

Downloads MZ/PE file

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\K: C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A
File opened (read-only) \??\P: C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A
File opened (read-only) \??\T: C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A
File opened (read-only) \??\W: C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A
File opened (read-only) \??\B: C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A
File opened (read-only) \??\G: C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A
File opened (read-only) \??\H: C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A
File opened (read-only) \??\I: C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A
File opened (read-only) \??\Z: C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A
File opened (read-only) \??\L: C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A
File opened (read-only) \??\N: C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A
File opened (read-only) \??\Y: C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A
File opened (read-only) \??\S: C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A
File opened (read-only) \??\U: C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A
File opened (read-only) \??\E: C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A
File opened (read-only) \??\O: C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A
File opened (read-only) \??\Q: C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A
File opened (read-only) \??\R: C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A
File opened (read-only) \??\X: C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A
File opened (read-only) \??\A: C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A
File opened (read-only) \??\J: C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A
File opened (read-only) \??\M: C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A
File opened (read-only) \??\V: C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\cav_installer.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A

Enumerates physical storage devices

Modifies system certificate store

evasion spyware trojan
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AFE5D244A8D1194230FF479FE2F897BBCD7A8CB4 C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AFE5D244A8D1194230FF479FE2F897BBCD7A8CB4\Blob = 5c00000001000000040000000010000019000000010000001000000082218ffb91733e64136be5719f57c3a1030000000100000014000000afe5d244a8d1194230ff479fe2f897bbcd7a8cb41d0000000100000010000000cb39c3d4272cdf63774e1db810c5a89e140000000100000014000000bbaf7e023dfaa6f13c848eadee3898ecd93232d462000000010000002000000052f0e1c4e58ec629291b60317f074671b85d7ea80d5b07273463534b32b402340b000000010000003a0000005300650063007400690067006f002000280066006f0072006d00650072006c007900200043006f006d006f0064006f002000430041002900000053000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f0000000100000030000000761613f4cd8607508c3d520fbefe68773735fc73746f42a9fd6254ba3b72f0047994e5af57677cf6d2c1965984965df10400000001000000100000001b31b0714036cc143691adc43efdec182000000001000000dc050000308205d8308203c0a00302010202104caaf9cadb636fe01ff74ed85b03869d300d06092a864886f70d01010c0500308185310b3009060355040613024742311b30190603550408131247726561746572204d616e636865737465723110300e0603550407130753616c666f7264311a3018060355040a1311434f4d4f444f204341204c696d69746564312b302906035504031322434f4d4f444f205253412043657274696669636174696f6e20417574686f72697479301e170d3130303131393030303030305a170d3338303131383233353935395a308185310b3009060355040613024742311b30190603550408131247726561746572204d616e636865737465723110300e0603550407130753616c666f7264311a3018060355040a1311434f4d4f444f204341204c696d69746564312b302906035504031322434f4d4f444f205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010091e85492d20a56b1ac0d24ddc5cf446774992b37a37d23700071bc53dfc4fa2a128f4b7f1056bd9f7072b7617fc94b0f17a73de3b00461eeff1197c7f4863e0afa3e5cf993e6347ad9146be79cb385a0827a76af7190d7ecfd0dfa9c6cfadfb082f4147ef9bec4a62f4f7f997fb5fc674372bd0c00d689eb6b2cd3ed8f981c14ab7ee5e36efcd8a8e49224da436b62b855fdeac1bc6cb68bf30e8d9ae49b6c6999f878483045d5ade10d3c4560fc32965127bc67c3ca2eb66bea46c7c720a0b11f65de4808baa44ea9f283463784ebe8cc814843674e722a9b5cbd4c1b288a5c227bb4ab98d9eee05183c309464e6d3e99fa9517da7c3357413c8d51ed0bb65caf2c631adf57c83fbce95dc49baf4599e2a35a24b4baa9563dcf6faaff4958bef0a8fff4b8ade937fbbab8f40b3af9e843421e89d884cb13f1d9bbe18960b88c2856ac141d9c0ae771ebcf0edd3da996a148bd3cf7afb50d224cc01181ec563bf6d3a2e25bb7b204225295809369e88e4c65f191032d707402ea8b671529695202bbd7df506a5546bfa0a328617f70d0c3a2aa2c21aa47ce289c064576bf821827b4d5aeb4cb50e66bf44c867130e9a6df1686e0d8ff40ddfbd042887fa3333a2e5c1e41118163ce18716b2beca68ab7315c3a6a47e0c37959d6201aaff26a98aa72bc574ad24b9dbb10fcb04c41e5ed1d3d5e289d9cccbfb351daa747e584530203010001a3423040301d0603551d0e04160414bbaf7e023dfaa6f13c848eadee3898ecd93232d4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff300d06092a864886f70d01010c050003820201000af1d54684b7ae51bb6cb24d411400934c9ccbe5c054cfa0258e02f9fdb0a20df520983c132dac56a2b0d67e1192e92eba9e2e9a72b1bd19446c6135a29ab41612695a8ce1d73ea41ae82f03f4ae611d101b2aa48b7ac5fe05a6e1c0d6c8fe9eae8f2bba3d99f8d8730958466ea69cf4d727d395da3783721cd373e0a2479903385dd5497900291cc7ec9b201c0724695778b239fc3a84a0b59c7c8dbf2e936227b739da1718aebd3c0968ff849b3cd5d60b03e3579e14f7d1eb4fc8bd8723b7b6494379855cbaeb920ba1c6e868a84c16b11a990ae8532c92bba10918750c65a87bcb23b71ac22885c31bffd02b62efa47b099198678c1401cd68066a6321750380888a6e81c685f2a9a42de7f4a524104783cacdf48d7958b1069be71a2ad99d01d7947ded034acaf0dbe8a9013ef55699c91e8e493dbbe509b9e04f49923d168240cccc59c6e63aed122e693c6c95b1fdaa1d7b7f86be1e0e3246fbfb138f757f4c8b4b4663fe00344070c1c3b9a1dda670e204b341bce98091ea649c7ae12203a99c6e6f0e654f6c87875ef36ea0f975a59b40e853b2279d4ab9c077218dff87f2debc8cef17dfb7490bd1f26e300b1a0e4e76ed11fcf5e956b27dbfc76d0a938ca5d0c0b61dbe3a4e94a2d76e6c0bc28a7cfa20f3c4e4e5cd0da8cb9192b17c85ecb51469660e82e7cdcec82da6517f21c1355385064a5d9fadbb1b5f74 C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\02FAF3E291435468607857694DF5E45B68851868 C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\02FAF3E291435468607857694DF5E45B68851868\Blob = 5c00000001000000040000000008000019000000010000001000000045ed9bbc5e43d3b9ecd63c060db78e5c03000000010000001400000002faf3e291435468607857694df5e45b6885186868000000010000000800000000409120d035d9017e0000000100000008000000000063f58926d7011d000000010000001000000006f9583c00a763c23fb9e065a3366d55140000000100000014000000adbd987a34b426f7fac42654ef03bde024cb541a620000000100000020000000687fa451382278fff0c8b11f8d43d576671c6eb2bceab413fb83d965d06d2ff20b00000001000000260000005300650063007400690067006f0020002800410064006400540072007500730074002900000053000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f000000010000001400000009b9105c5bba24343ca7f341c624e183f6ee7c1b0400000001000000100000001d3554048578b03f42424dbf20730a3f20000000010000003a040000308204363082031ea003020102020101300d06092a864886f70d0101050500306f310b300906035504061302534531143012060355040a130b416464547275737420414231263024060355040b131d41646454727573742045787465726e616c20545450204e6574776f726b312230200603550403131941646454727573742045787465726e616c20434120526f6f74301e170d3030303533303130343833385a170d3230303533303130343833385a306f310b300906035504061302534531143012060355040a130b416464547275737420414231263024060355040b131d41646454727573742045787465726e616c20545450204e6574776f726b312230200603550403131941646454727573742045787465726e616c20434120526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100b7f71a33e6f200042d39e04e5bed1fbc6c0fcdb5fa23b6cede9b113397a4294c7d939fbd4abc93ed031ae38fcfe56d505ad69729945a80b0497adb2e95fdb8cabf37382d1e3e9141ad7056c7f04f3fe8329e74cac89054e9c65f0f789d9a403c0eac61aa5e148f9e87a16a50dcd79a4eaf05b3a671949c71b350600ac7139d38078602a8e9a869261890ab4cb04f23ab3a4f84d8dfce9fe1696fbbd742d76b44e4c7adee6d415f725a710837b37965a459a09437f7002f0dc29272dad03872db14a845c45d2a7db7b4d6c4eeaccd1344b7c92bdd430025fa61b9696a582311b7a7338f567559f5cd29d746b70a2b65b6d3426f15b2b87bfbefe95d53d5345a270203010001a381dc3081d9301d0603551d0e04160414adbd987a34b426f7fac42654ef03bde024cb541a300b0603551d0f040403020106300f0603551d130101ff040530030101ff3081990603551d2304819130818e8014adbd987a34b426f7fac42654ef03bde024cb541aa173a471306f310b300906035504061302534531143012060355040a130b416464547275737420414231263024060355040b131d41646454727573742045787465726e616c20545450204e6574776f726b312230200603550403131941646454727573742045787465726e616c20434120526f6f74820101300d06092a864886f70d01010505000382010100b09be08525c2d623e20f9606929d41989cd9847981d91e5b14072336658fb0d877bbac416c47608351b0f9323de7fcf62613c78016a5bf5afc87cf787989219ae24c070a8635bcf2de51c4d296b7dc7e4eee70fd1c39eb0c0251142d8ebd16e0c1df4675e724adecf442b48593701067ba9d06354a18d32b7acc5142a17a63d1e6bba1c52bc236be130de6bd637e797ba7090d40ab6add8f8ac3f6f68c1a420551d445f59fa76221681520433c99e77cbd24d8a9911773883f561b313818b4710f9acdc80e9e8e2e1be18c9883cb1f31f1444cc604734976600fc7f8bd17806b2ee9cc4c0e5a9a790f200a2ed59e63261e559294d882175a7bd0bcc78f4e8604 C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AFE5D244A8D1194230FF479FE2F897BBCD7A8CB4\Blob = 0f0000000100000030000000761613f4cd8607508c3d520fbefe68773735fc73746f42a9fd6254ba3b72f0047994e5af57677cf6d2c1965984965df1090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00b000000010000003a0000005300650063007400690067006f002000280066006f0072006d00650072006c007900200043006f006d006f0064006f002000430041002900000062000000010000002000000052f0e1c4e58ec629291b60317f074671b85d7ea80d5b07273463534b32b40234140000000100000014000000bbaf7e023dfaa6f13c848eadee3898ecd93232d41d0000000100000010000000cb39c3d4272cdf63774e1db810c5a89e030000000100000014000000afe5d244a8d1194230ff479fe2f897bbcd7a8cb42000000001000000dc050000308205d8308203c0a00302010202104caaf9cadb636fe01ff74ed85b03869d300d06092a864886f70d01010c0500308185310b3009060355040613024742311b30190603550408131247726561746572204d616e636865737465723110300e0603550407130753616c666f7264311a3018060355040a1311434f4d4f444f204341204c696d69746564312b302906035504031322434f4d4f444f205253412043657274696669636174696f6e20417574686f72697479301e170d3130303131393030303030305a170d3338303131383233353935395a308185310b3009060355040613024742311b30190603550408131247726561746572204d616e636865737465723110300e0603550407130753616c666f7264311a3018060355040a1311434f4d4f444f204341204c696d69746564312b302906035504031322434f4d4f444f205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010091e85492d20a56b1ac0d24ddc5cf446774992b37a37d23700071bc53dfc4fa2a128f4b7f1056bd9f7072b7617fc94b0f17a73de3b00461eeff1197c7f4863e0afa3e5cf993e6347ad9146be79cb385a0827a76af7190d7ecfd0dfa9c6cfadfb082f4147ef9bec4a62f4f7f997fb5fc674372bd0c00d689eb6b2cd3ed8f981c14ab7ee5e36efcd8a8e49224da436b62b855fdeac1bc6cb68bf30e8d9ae49b6c6999f878483045d5ade10d3c4560fc32965127bc67c3ca2eb66bea46c7c720a0b11f65de4808baa44ea9f283463784ebe8cc814843674e722a9b5cbd4c1b288a5c227bb4ab98d9eee05183c309464e6d3e99fa9517da7c3357413c8d51ed0bb65caf2c631adf57c83fbce95dc49baf4599e2a35a24b4baa9563dcf6faaff4958bef0a8fff4b8ade937fbbab8f40b3af9e843421e89d884cb13f1d9bbe18960b88c2856ac141d9c0ae771ebcf0edd3da996a148bd3cf7afb50d224cc01181ec563bf6d3a2e25bb7b204225295809369e88e4c65f191032d707402ea8b671529695202bbd7df506a5546bfa0a328617f70d0c3a2aa2c21aa47ce289c064576bf821827b4d5aeb4cb50e66bf44c867130e9a6df1686e0d8ff40ddfbd042887fa3333a2e5c1e41118163ce18716b2beca68ab7315c3a6a47e0c37959d6201aaff26a98aa72bc574ad24b9dbb10fcb04c41e5ed1d3d5e289d9cccbfb351daa747e584530203010001a3423040301d0603551d0e04160414bbaf7e023dfaa6f13c848eadee3898ecd93232d4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff300d06092a864886f70d01010c050003820201000af1d54684b7ae51bb6cb24d411400934c9ccbe5c054cfa0258e02f9fdb0a20df520983c132dac56a2b0d67e1192e92eba9e2e9a72b1bd19446c6135a29ab41612695a8ce1d73ea41ae82f03f4ae611d101b2aa48b7ac5fe05a6e1c0d6c8fe9eae8f2bba3d99f8d8730958466ea69cf4d727d395da3783721cd373e0a2479903385dd5497900291cc7ec9b201c0724695778b239fc3a84a0b59c7c8dbf2e936227b739da1718aebd3c0968ff849b3cd5d60b03e3579e14f7d1eb4fc8bd8723b7b6494379855cbaeb920ba1c6e868a84c16b11a990ae8532c92bba10918750c65a87bcb23b71ac22885c31bffd02b62efa47b099198678c1401cd68066a6321750380888a6e81c685f2a9a42de7f4a524104783cacdf48d7958b1069be71a2ad99d01d7947ded034acaf0dbe8a9013ef55699c91e8e493dbbe509b9e04f49923d168240cccc59c6e63aed122e693c6c95b1fdaa1d7b7f86be1e0e3246fbfb138f757f4c8b4b4663fe00344070c1c3b9a1dda670e204b341bce98091ea649c7ae12203a99c6e6f0e654f6c87875ef36ea0f975a59b40e853b2279d4ab9c077218dff87f2debc8cef17dfb7490bd1f26e300b1a0e4e76ed11fcf5e956b27dbfc76d0a938ca5d0c0b61dbe3a4e94a2d76e6c0bc28a7cfa20f3c4e4e5cd0da8cb9192b17c85ecb51469660e82e7cdcec82da6517f21c1355385064a5d9fadbb1b5f74 C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AFE5D244A8D1194230FF479FE2F897BBCD7A8CB4\Blob = 19000000010000001000000082218ffb91733e64136be5719f57c3a1030000000100000014000000afe5d244a8d1194230ff479fe2f897bbcd7a8cb41d0000000100000010000000cb39c3d4272cdf63774e1db810c5a89e140000000100000014000000bbaf7e023dfaa6f13c848eadee3898ecd93232d462000000010000002000000052f0e1c4e58ec629291b60317f074671b85d7ea80d5b07273463534b32b402340b000000010000003a0000005300650063007400690067006f002000280066006f0072006d00650072006c007900200043006f006d006f0064006f002000430041002900000053000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f0000000100000030000000761613f4cd8607508c3d520fbefe68773735fc73746f42a9fd6254ba3b72f0047994e5af57677cf6d2c1965984965df12000000001000000dc050000308205d8308203c0a00302010202104caaf9cadb636fe01ff74ed85b03869d300d06092a864886f70d01010c0500308185310b3009060355040613024742311b30190603550408131247726561746572204d616e636865737465723110300e0603550407130753616c666f7264311a3018060355040a1311434f4d4f444f204341204c696d69746564312b302906035504031322434f4d4f444f205253412043657274696669636174696f6e20417574686f72697479301e170d3130303131393030303030305a170d3338303131383233353935395a308185310b3009060355040613024742311b30190603550408131247726561746572204d616e636865737465723110300e0603550407130753616c666f7264311a3018060355040a1311434f4d4f444f204341204c696d69746564312b302906035504031322434f4d4f444f205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010091e85492d20a56b1ac0d24ddc5cf446774992b37a37d23700071bc53dfc4fa2a128f4b7f1056bd9f7072b7617fc94b0f17a73de3b00461eeff1197c7f4863e0afa3e5cf993e6347ad9146be79cb385a0827a76af7190d7ecfd0dfa9c6cfadfb082f4147ef9bec4a62f4f7f997fb5fc674372bd0c00d689eb6b2cd3ed8f981c14ab7ee5e36efcd8a8e49224da436b62b855fdeac1bc6cb68bf30e8d9ae49b6c6999f878483045d5ade10d3c4560fc32965127bc67c3ca2eb66bea46c7c720a0b11f65de4808baa44ea9f283463784ebe8cc814843674e722a9b5cbd4c1b288a5c227bb4ab98d9eee05183c309464e6d3e99fa9517da7c3357413c8d51ed0bb65caf2c631adf57c83fbce95dc49baf4599e2a35a24b4baa9563dcf6faaff4958bef0a8fff4b8ade937fbbab8f40b3af9e843421e89d884cb13f1d9bbe18960b88c2856ac141d9c0ae771ebcf0edd3da996a148bd3cf7afb50d224cc01181ec563bf6d3a2e25bb7b204225295809369e88e4c65f191032d707402ea8b671529695202bbd7df506a5546bfa0a328617f70d0c3a2aa2c21aa47ce289c064576bf821827b4d5aeb4cb50e66bf44c867130e9a6df1686e0d8ff40ddfbd042887fa3333a2e5c1e41118163ce18716b2beca68ab7315c3a6a47e0c37959d6201aaff26a98aa72bc574ad24b9dbb10fcb04c41e5ed1d3d5e289d9cccbfb351daa747e584530203010001a3423040301d0603551d0e04160414bbaf7e023dfaa6f13c848eadee3898ecd93232d4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff300d06092a864886f70d01010c050003820201000af1d54684b7ae51bb6cb24d411400934c9ccbe5c054cfa0258e02f9fdb0a20df520983c132dac56a2b0d67e1192e92eba9e2e9a72b1bd19446c6135a29ab41612695a8ce1d73ea41ae82f03f4ae611d101b2aa48b7ac5fe05a6e1c0d6c8fe9eae8f2bba3d99f8d8730958466ea69cf4d727d395da3783721cd373e0a2479903385dd5497900291cc7ec9b201c0724695778b239fc3a84a0b59c7c8dbf2e936227b739da1718aebd3c0968ff849b3cd5d60b03e3579e14f7d1eb4fc8bd8723b7b6494379855cbaeb920ba1c6e868a84c16b11a990ae8532c92bba10918750c65a87bcb23b71ac22885c31bffd02b62efa47b099198678c1401cd68066a6321750380888a6e81c685f2a9a42de7f4a524104783cacdf48d7958b1069be71a2ad99d01d7947ded034acaf0dbe8a9013ef55699c91e8e493dbbe509b9e04f49923d168240cccc59c6e63aed122e693c6c95b1fdaa1d7b7f86be1e0e3246fbfb138f757f4c8b4b4663fe00344070c1c3b9a1dda670e204b341bce98091ea649c7ae12203a99c6e6f0e654f6c87875ef36ea0f975a59b40e853b2279d4ab9c077218dff87f2debc8cef17dfb7490bd1f26e300b1a0e4e76ed11fcf5e956b27dbfc76d0a938ca5d0c0b61dbe3a4e94a2d76e6c0bc28a7cfa20f3c4e4e5cd0da8cb9192b17c85ecb51469660e82e7cdcec82da6517f21c1355385064a5d9fadbb1b5f74 C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E\Blob = 0400000001000000100000001bfe69d191b71933a372a80fe155e5b50f000000010000003000000066b764a96581128168cf208e374dda479d54e311f32457f4aee0dbd2a6c8d171d531289e1cd22bfdbbd4cfd979625483090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0620000000100000020000000e793c9b02fd8aa13e21c31228accb08119643b749c898964b1746d46c3d4cbd21400000001000000140000005379bf5aaa2b4acf5480e1d89bc09df2b20366cb1d0000000100000010000000885010358d29a38f059b028559c95f900b00000001000000100000005300650063007400690067006f0000000300000001000000140000002b8f1b57330dbba2d07a6c51f70ee90ddab9ad8e190000000100000010000000ea6089055218053dd01e37e1d806eedf2000000001000000e2050000308205de308203c6a003020102021001fd6d30fca3ca51a81bbc640e35032d300d06092a864886f70d01010c0500308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f72697479301e170d3130303230313030303030305a170d3338303131383233353935395a308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010080126517360ec3db08b3d0ac570d76edcd27d34cad508361e2aa204d092d6409dcce899fcc3da9ecf6cfc1dcf1d3b1d67b3728112b47da39c6bc3a19b45fa6bd7d9da36342b676f2a93b2b91f8e26fd0ec162090093ee2e874c918b491d46264db7fa306f188186a90223cbcfe13f087147bf6e41f8ed4e451c61167460851cb8614543fbc33fe7e6c9cff169d18bd518e35a6a766c87267db2166b1d49b7803c0503ae8ccf0dcbc9e4cfeaf0596351f575ab7ffcef93db72cb6f654ddc8e7123a4dae4c8ab75c9ab4b7203dca7f2234ae7e3b68660144e7014e46539b3360f794be5337907343f332c353efdbaafe744e69c76b8c6093dec4c70cdfe132aecc933b517895678bee3d56fe0cd0690f1b0ff325266b336df76e47fa7343e57e0ea566b1297c3284635589c40dc19354301913acd37d37a7eb5d3a6c355cdb41d712daa9490bdfd8808a0993628eb566cf2588cd84b8b13fa4390fd9029eeb124c957cf36b05a95e1683ccb867e2e8139dcc5b82d34cb3ed5bffdee573ac233b2d00bf3555740949d849581a7f9236e651920ef3267d1c4d17bcc9ec4326d0bf415f40a94444f499e757879e501f5754a83efd74632fb1506509e658422e431a4cb4f0254759fa041e93d426464a5081b2debe78b7fc6715e1c957841e0f63d6e962bad65f552eea5cc62808042539b80e2ba9f24c971c073f0d52f5edef2f820f0203010001a3423040301d0603551d0e041604145379bf5aaa2b4acf5480e1d89bc09df2b20366cb300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff300d06092a864886f70d01010c050003820201005cd47c0dcff7017d4199650c73c5529fcbf8cf99067f1bda43159f9e0255579614f1523c27879428ed1f3a0137a276fc5350c0849bc66b4eba8c214fa28e556291f36915d8bc88e3c4aa0bfdefa8e94b552a06206d55782919ee5f305c4b241155ff249a6e5e2a2bee0b4d9f7ff70138941495430709fb60a9ee1cab128ca09a5ea7986a596d8b3f08fbc8d145af18156490120f73282ec5e2244efc58ecf0f445fe22b3eb2f8ed2d9456105c1976fa876728f8b8c36afbf0d05ce718de6a66f1f6ca67162c5d8d083720cf16711890c9c134c7234dfbcd571dfaa71dde1b96c8c3c125d65dabd5712b6436bffe5de4d661151cf99aeec17b6e871918cde49fedd3571a21527941ccf61e326bb6fa36725215de6dd1d0b2e681b3b82afec836785d4985174b1b9998089ff7f78195c794a602e9240ae4c372a2cc9c762c80e5df7365bcae0252501b4dd1a079c77003fd0dcd5ec3dd4fabb3fcc85d66f7fa92ddfb902f7f5979ab535dac367b0874aa9289e238eff5c276be1b04ff307ee002ed45987cb524195eaf447d7ee6441557c8d590295dd629dc2b9ee5a287484a59bb790c70c07dff589367432d628c1b0b00be09c4cc31cd6fce369b54746812fa282abd3634470c48dff2d33baad8f7bb57088ae3e19cf4028d8fcc890bb5d9922f552e658c51f883143ee881dd7c68e3c436a1da718de7d3d16f162f9ca90a8fd C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E\Blob = 5c000000010000000400000000100000190000000100000010000000ea6089055218053dd01e37e1d806eedf0300000001000000140000002b8f1b57330dbba2d07a6c51f70ee90ddab9ad8e0b00000001000000100000005300650063007400690067006f0000001d0000000100000010000000885010358d29a38f059b028559c95f901400000001000000140000005379bf5aaa2b4acf5480e1d89bc09df2b20366cb620000000100000020000000e793c9b02fd8aa13e21c31228accb08119643b749c898964b1746d46c3d4cbd253000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f000000010000003000000066b764a96581128168cf208e374dda479d54e311f32457f4aee0dbd2a6c8d171d531289e1cd22bfdbbd4cfd9796254830400000001000000100000001bfe69d191b71933a372a80fe155e5b52000000001000000e2050000308205de308203c6a003020102021001fd6d30fca3ca51a81bbc640e35032d300d06092a864886f70d01010c0500308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f72697479301e170d3130303230313030303030305a170d3338303131383233353935395a308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010080126517360ec3db08b3d0ac570d76edcd27d34cad508361e2aa204d092d6409dcce899fcc3da9ecf6cfc1dcf1d3b1d67b3728112b47da39c6bc3a19b45fa6bd7d9da36342b676f2a93b2b91f8e26fd0ec162090093ee2e874c918b491d46264db7fa306f188186a90223cbcfe13f087147bf6e41f8ed4e451c61167460851cb8614543fbc33fe7e6c9cff169d18bd518e35a6a766c87267db2166b1d49b7803c0503ae8ccf0dcbc9e4cfeaf0596351f575ab7ffcef93db72cb6f654ddc8e7123a4dae4c8ab75c9ab4b7203dca7f2234ae7e3b68660144e7014e46539b3360f794be5337907343f332c353efdbaafe744e69c76b8c6093dec4c70cdfe132aecc933b517895678bee3d56fe0cd0690f1b0ff325266b336df76e47fa7343e57e0ea566b1297c3284635589c40dc19354301913acd37d37a7eb5d3a6c355cdb41d712daa9490bdfd8808a0993628eb566cf2588cd84b8b13fa4390fd9029eeb124c957cf36b05a95e1683ccb867e2e8139dcc5b82d34cb3ed5bffdee573ac233b2d00bf3555740949d849581a7f9236e651920ef3267d1c4d17bcc9ec4326d0bf415f40a94444f499e757879e501f5754a83efd74632fb1506509e658422e431a4cb4f0254759fa041e93d426464a5081b2debe78b7fc6715e1c957841e0f63d6e962bad65f552eea5cc62808042539b80e2ba9f24c971c073f0d52f5edef2f820f0203010001a3423040301d0603551d0e041604145379bf5aaa2b4acf5480e1d89bc09df2b20366cb300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff300d06092a864886f70d01010c050003820201005cd47c0dcff7017d4199650c73c5529fcbf8cf99067f1bda43159f9e0255579614f1523c27879428ed1f3a0137a276fc5350c0849bc66b4eba8c214fa28e556291f36915d8bc88e3c4aa0bfdefa8e94b552a06206d55782919ee5f305c4b241155ff249a6e5e2a2bee0b4d9f7ff70138941495430709fb60a9ee1cab128ca09a5ea7986a596d8b3f08fbc8d145af18156490120f73282ec5e2244efc58ecf0f445fe22b3eb2f8ed2d9456105c1976fa876728f8b8c36afbf0d05ce718de6a66f1f6ca67162c5d8d083720cf16711890c9c134c7234dfbcd571dfaa71dde1b96c8c3c125d65dabd5712b6436bffe5de4d661151cf99aeec17b6e871918cde49fedd3571a21527941ccf61e326bb6fa36725215de6dd1d0b2e681b3b82afec836785d4985174b1b9998089ff7f78195c794a602e9240ae4c372a2cc9c762c80e5df7365bcae0252501b4dd1a079c77003fd0dcd5ec3dd4fabb3fcc85d66f7fa92ddfb902f7f5979ab535dac367b0874aa9289e238eff5c276be1b04ff307ee002ed45987cb524195eaf447d7ee6441557c8d590295dd629dc2b9ee5a287484a59bb790c70c07dff589367432d628c1b0b00be09c4cc31cd6fce369b54746812fa282abd3634470c48dff2d33baad8f7bb57088ae3e19cf4028d8fcc890bb5d9922f552e658c51f883143ee881dd7c68e3c436a1da718de7d3d16f162f9ca90a8fd C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AFE5D244A8D1194230FF479FE2F897BBCD7A8CB4\Blob = 0400000001000000100000001b31b0714036cc143691adc43efdec180f0000000100000030000000761613f4cd8607508c3d520fbefe68773735fc73746f42a9fd6254ba3b72f0047994e5af57677cf6d2c1965984965df1090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00b000000010000003a0000005300650063007400690067006f002000280066006f0072006d00650072006c007900200043006f006d006f0064006f002000430041002900000062000000010000002000000052f0e1c4e58ec629291b60317f074671b85d7ea80d5b07273463534b32b40234140000000100000014000000bbaf7e023dfaa6f13c848eadee3898ecd93232d41d0000000100000010000000cb39c3d4272cdf63774e1db810c5a89e030000000100000014000000afe5d244a8d1194230ff479fe2f897bbcd7a8cb419000000010000001000000082218ffb91733e64136be5719f57c3a12000000001000000dc050000308205d8308203c0a00302010202104caaf9cadb636fe01ff74ed85b03869d300d06092a864886f70d01010c0500308185310b3009060355040613024742311b30190603550408131247726561746572204d616e636865737465723110300e0603550407130753616c666f7264311a3018060355040a1311434f4d4f444f204341204c696d69746564312b302906035504031322434f4d4f444f205253412043657274696669636174696f6e20417574686f72697479301e170d3130303131393030303030305a170d3338303131383233353935395a308185310b3009060355040613024742311b30190603550408131247726561746572204d616e636865737465723110300e0603550407130753616c666f7264311a3018060355040a1311434f4d4f444f204341204c696d69746564312b302906035504031322434f4d4f444f205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010091e85492d20a56b1ac0d24ddc5cf446774992b37a37d23700071bc53dfc4fa2a128f4b7f1056bd9f7072b7617fc94b0f17a73de3b00461eeff1197c7f4863e0afa3e5cf993e6347ad9146be79cb385a0827a76af7190d7ecfd0dfa9c6cfadfb082f4147ef9bec4a62f4f7f997fb5fc674372bd0c00d689eb6b2cd3ed8f981c14ab7ee5e36efcd8a8e49224da436b62b855fdeac1bc6cb68bf30e8d9ae49b6c6999f878483045d5ade10d3c4560fc32965127bc67c3ca2eb66bea46c7c720a0b11f65de4808baa44ea9f283463784ebe8cc814843674e722a9b5cbd4c1b288a5c227bb4ab98d9eee05183c309464e6d3e99fa9517da7c3357413c8d51ed0bb65caf2c631adf57c83fbce95dc49baf4599e2a35a24b4baa9563dcf6faaff4958bef0a8fff4b8ade937fbbab8f40b3af9e843421e89d884cb13f1d9bbe18960b88c2856ac141d9c0ae771ebcf0edd3da996a148bd3cf7afb50d224cc01181ec563bf6d3a2e25bb7b204225295809369e88e4c65f191032d707402ea8b671529695202bbd7df506a5546bfa0a328617f70d0c3a2aa2c21aa47ce289c064576bf821827b4d5aeb4cb50e66bf44c867130e9a6df1686e0d8ff40ddfbd042887fa3333a2e5c1e41118163ce18716b2beca68ab7315c3a6a47e0c37959d6201aaff26a98aa72bc574ad24b9dbb10fcb04c41e5ed1d3d5e289d9cccbfb351daa747e584530203010001a3423040301d0603551d0e04160414bbaf7e023dfaa6f13c848eadee3898ecd93232d4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff300d06092a864886f70d01010c050003820201000af1d54684b7ae51bb6cb24d411400934c9ccbe5c054cfa0258e02f9fdb0a20df520983c132dac56a2b0d67e1192e92eba9e2e9a72b1bd19446c6135a29ab41612695a8ce1d73ea41ae82f03f4ae611d101b2aa48b7ac5fe05a6e1c0d6c8fe9eae8f2bba3d99f8d8730958466ea69cf4d727d395da3783721cd373e0a2479903385dd5497900291cc7ec9b201c0724695778b239fc3a84a0b59c7c8dbf2e936227b739da1718aebd3c0968ff849b3cd5d60b03e3579e14f7d1eb4fc8bd8723b7b6494379855cbaeb920ba1c6e868a84c16b11a990ae8532c92bba10918750c65a87bcb23b71ac22885c31bffd02b62efa47b099198678c1401cd68066a6321750380888a6e81c685f2a9a42de7f4a524104783cacdf48d7958b1069be71a2ad99d01d7947ded034acaf0dbe8a9013ef55699c91e8e493dbbe509b9e04f49923d168240cccc59c6e63aed122e693c6c95b1fdaa1d7b7f86be1e0e3246fbfb138f757f4c8b4b4663fe00344070c1c3b9a1dda670e204b341bce98091ea649c7ae12203a99c6e6f0e654f6c87875ef36ea0f975a59b40e853b2279d4ab9c077218dff87f2debc8cef17dfb7490bd1f26e300b1a0e4e76ed11fcf5e956b27dbfc76d0a938ca5d0c0b61dbe3a4e94a2d76e6c0bc28a7cfa20f3c4e4e5cd0da8cb9192b17c85ecb51469660e82e7cdcec82da6517f21c1355385064a5d9fadbb1b5f74 C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\02FAF3E291435468607857694DF5E45B68851868\Blob = 0400000001000000100000001d3554048578b03f42424dbf20730a3f0f000000010000001400000009b9105c5bba24343ca7f341c624e183f6ee7c1b090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00b00000001000000260000005300650063007400690067006f00200028004100640064005400720075007300740029000000620000000100000020000000687fa451382278fff0c8b11f8d43d576671c6eb2bceab413fb83d965d06d2ff2140000000100000014000000adbd987a34b426f7fac42654ef03bde024cb541a1d000000010000001000000006f9583c00a763c23fb9e065a3366d557e0000000100000008000000000063f58926d70168000000010000000800000000409120d035d90103000000010000001400000002faf3e291435468607857694df5e45b6885186819000000010000001000000045ed9bbc5e43d3b9ecd63c060db78e5c20000000010000003a040000308204363082031ea003020102020101300d06092a864886f70d0101050500306f310b300906035504061302534531143012060355040a130b416464547275737420414231263024060355040b131d41646454727573742045787465726e616c20545450204e6574776f726b312230200603550403131941646454727573742045787465726e616c20434120526f6f74301e170d3030303533303130343833385a170d3230303533303130343833385a306f310b300906035504061302534531143012060355040a130b416464547275737420414231263024060355040b131d41646454727573742045787465726e616c20545450204e6574776f726b312230200603550403131941646454727573742045787465726e616c20434120526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100b7f71a33e6f200042d39e04e5bed1fbc6c0fcdb5fa23b6cede9b113397a4294c7d939fbd4abc93ed031ae38fcfe56d505ad69729945a80b0497adb2e95fdb8cabf37382d1e3e9141ad7056c7f04f3fe8329e74cac89054e9c65f0f789d9a403c0eac61aa5e148f9e87a16a50dcd79a4eaf05b3a671949c71b350600ac7139d38078602a8e9a869261890ab4cb04f23ab3a4f84d8dfce9fe1696fbbd742d76b44e4c7adee6d415f725a710837b37965a459a09437f7002f0dc29272dad03872db14a845c45d2a7db7b4d6c4eeaccd1344b7c92bdd430025fa61b9696a582311b7a7338f567559f5cd29d746b70a2b65b6d3426f15b2b87bfbefe95d53d5345a270203010001a381dc3081d9301d0603551d0e04160414adbd987a34b426f7fac42654ef03bde024cb541a300b0603551d0f040403020106300f0603551d130101ff040530030101ff3081990603551d2304819130818e8014adbd987a34b426f7fac42654ef03bde024cb541aa173a471306f310b300906035504061302534531143012060355040a130b416464547275737420414231263024060355040b131d41646454727573742045787465726e616c20545450204e6574776f726b312230200603550403131941646454727573742045787465726e616c20434120526f6f74820101300d06092a864886f70d01010505000382010100b09be08525c2d623e20f9606929d41989cd9847981d91e5b14072336658fb0d877bbac416c47608351b0f9323de7fcf62613c78016a5bf5afc87cf787989219ae24c070a8635bcf2de51c4d296b7dc7e4eee70fd1c39eb0c0251142d8ebd16e0c1df4675e724adecf442b48593701067ba9d06354a18d32b7acc5142a17a63d1e6bba1c52bc236be130de6bd637e797ba7090d40ab6add8f8ac3f6f68c1a420551d445f59fa76221681520433c99e77cbd24d8a9911773883f561b313818b4710f9acdc80e9e8e2e1be18c9883cb1f31f1444cc604734976600fc7f8bd17806b2ee9cc4c0e5a9a790f200a2ed59e63261e559294d882175a7bd0bcc78f4e8604 C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeTcbPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\cav_installer.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\cav_installer.exe

"C:\Users\Admin\AppData\Local\Temp\cav_installer.exe"

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe

"C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe" -log -setupname "cav_installer.exe" -sfx "C:\Users\Admin\AppData\Local\Temp" -theme lycia -type web -mode cavfree

Network

Country Destination Domain Proto
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 16.24.18.2.in-addr.arpa udp
US 8.8.8.8:53 download.comodo.com udp
US 162.255.25.209:443 download.comodo.com tcp
US 8.8.8.8:53 23.149.64.172.in-addr.arpa udp
US 8.8.8.8:53 67.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 209.25.255.162.in-addr.arpa udp
US 8.8.8.8:53 cdn.download.comodo.com udp
FR 185.93.2.245:443 cdn.download.comodo.com tcp
US 8.8.8.8:53 download.comodo.com udp
US 162.255.25.209:443 download.comodo.com tcp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
US 8.8.8.8:53 245.2.93.185.in-addr.arpa udp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 162.255.25.209:443 download.comodo.com tcp
US 162.255.25.209:443 download.comodo.com tcp
FR 185.93.2.245:443 cdn.download.comodo.com tcp
NL 23.62.61.194:443 www.bing.com tcp
US 8.8.8.8:53 download.adtrustmedia.com udp
US 162.255.25.209:443 download.comodo.com tcp
US 69.57.168.134:443 download.adtrustmedia.com tcp
US 8.8.8.8:53 194.61.62.23.in-addr.arpa udp
US 162.255.25.209:443 download.comodo.com tcp
FR 185.93.2.245:443 cdn.download.comodo.com tcp
US 162.255.25.209:443 download.comodo.com tcp
FR 185.93.2.245:443 cdn.download.comodo.com tcp
US 162.255.25.209:443 download.comodo.com tcp
FR 185.93.2.245:443 cdn.download.comodo.com tcp
US 162.255.25.209:443 download.comodo.com tcp
FR 185.93.2.245:443 cdn.download.comodo.com tcp
US 162.255.25.209:443 download.comodo.com tcp
FR 185.93.2.245:443 cdn.download.comodo.com tcp
US 162.255.25.209:443 download.comodo.com tcp
FR 185.93.2.245:443 cdn.download.comodo.com tcp
US 162.255.25.209:443 download.comodo.com tcp
FR 185.93.2.245:443 cdn.download.comodo.com tcp
US 162.255.25.209:443 download.comodo.com tcp
FR 185.93.2.245:443 cdn.download.comodo.com tcp
US 162.255.25.209:443 download.comodo.com tcp
US 69.57.168.134:443 download.adtrustmedia.com tcp
US 162.255.25.209:443 download.comodo.com tcp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 162.255.25.209:443 download.comodo.com tcp
US 8.8.8.8:53 cdn.download.comodo.com udp
FR 185.93.2.245:443 cdn.download.comodo.com tcp
US 162.255.25.209:443 download.comodo.com tcp
FR 185.93.2.245:443 cdn.download.comodo.com tcp
US 162.255.25.209:443 download.comodo.com tcp
FR 185.93.2.245:443 cdn.download.comodo.com tcp
US 162.255.25.209:443 download.comodo.com tcp
FR 185.93.2.245:443 cdn.download.comodo.com tcp
US 162.255.25.209:443 download.comodo.com tcp
FR 185.93.2.245:443 cdn.download.comodo.com tcp
US 8.8.8.8:53 cmc.comodo.com udp
GB 178.255.85.135:443 cmc.comodo.com tcp
US 8.8.8.8:53 licensing.security.comodo.com udp
US 8.8.8.8:53 licensing.security.comodo.com udp
US 45.32.1.220:443 licensing.security.comodo.com tcp
US 45.32.1.220:443 licensing.security.comodo.com tcp
US 45.32.1.220:443 licensing.security.comodo.com tcp
US 8.8.8.8:53 cmc.comodo.com udp
GB 178.255.85.135:443 cmc.comodo.com tcp
US 8.8.8.8:53 25.24.18.2.in-addr.arpa udp
US 8.8.8.8:53 57.169.31.20.in-addr.arpa udp
US 8.8.8.8:53 cis.td.security.comodo.com udp
US 209.127.178.102:443 cis.td.security.comodo.com tcp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp
US 209.127.178.76:443 cis.td.security.comodo.com tcp
US 8.8.8.8:53 76.178.127.209.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 24.173.189.20.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe

MD5 74cf93a3d559a630911fc94568b99e1e
SHA1 a5f164154e164174c715e493f440b1935ec53af8
SHA256 fe82eb2103b177370e742aee40a2b840805516ff23867f6b9bd3655a401eb50b
SHA512 c000d512e270d7f89058fe52a3ecfac6f60462eed21b134ebb57640cc6425e7ece9b6ce683acc666d8358875c8d621497a8e3eb95b4ad72311efb9d12c03100a

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\7za.dll

MD5 7baac18fb157c76574ca3d7a2f5eb193
SHA1 6460577ce621fa28133096073376f6a88f8acd61
SHA256 347144ae998d96c6b8664abf56f3ff8cfa4dcdfd6e13205d7e8ee2f3b77eefc2
SHA512 513cc213da81db470f8675c29162f4b724bb92a690edd451025eb68588971eebb937f88cc5a659222f2bbbd99440aa56800bf4167bb8912ea87a0b2648b002ea

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdhtml.dll

MD5 6d9aa26bb18af69dc74ae8e822eb53dd
SHA1 6ef20da9b9e70afa742f047f1c6f9d3e58290450
SHA256 cf140523b8834de1c37efa29b02adcdc88babc0f8ee90ba93dd98c260d7036c3
SHA512 3a9e8f15d207e98bb182f8d1838e93dba9750e6cfc79b72aab0706f969866447e50b3ab28bc1768a7cac7e7733cde80085cabcefefae0d287f08374578935c36

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\themes\ilycia.set

MD5 7b85f91536c8342ac64d3edece2af7fe
SHA1 1e28c62364f606f03078e985222a2e3400a483c6
SHA256 918e7aad857776a895ecdf850665c355026882bcf1e0eba279ff4f7aa4b6bbae
SHA512 42cbaca95018eba8b05d3d586dbe8537ec1130af9edd813c4e7affef88c804a4ae65d9a446a95326508cd21da03a7e6a7969f6de5a68e69ce86c827f4308ac5a

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdres.dll

MD5 a4b3e07a9d407bca7a0ed76ea7c4945f
SHA1 af16d87110e2f9e64d5c35a6d522151b69377bbc
SHA256 b115a17e7500dbc34cce1f8e84a59f072a26ad49be5dcde6ac5908e4d2ad3555
SHA512 77c6ba298f5bd4c04192660d365d2a45ecb23fa441818735bd01050677037e1976670dcb457b6684343fbccb02a6fcfd98f22ae9f2de263057157917ee28d981

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\installer_langdata.bin

MD5 b80eda6258e28b537651f8e5ebd997ff
SHA1 826741e138e8342f4bc3303838e347a44bb93546
SHA256 6e960dfed451c2dfb99352d25d3df8dd46fe7d80c9af79805c0cfbd1a99a2709
SHA512 9fce1cb5fe8b6a2bc4d13c1ca3ec31c926c6dd33717f145da6952ae33144eb11a6ee9e751e1d3e2d5d6ce7768e9f9602773a917d9f5f8473670e6d631b932b74

C:\ProgramData\Comodo Downloader\cis\download\installs\8050\installer_data\binaries\files_info.dat

MD5 f42c56a1f750bdf43155a2aee0f1407c
SHA1 0929dd9594fccffe5e7e43ea33a5eb6467afab0b
SHA256 86e8a71d1327fe5f26901c8a7d10bac322dce1ff621e1339db9c7b6ab905244c
SHA512 31dc56d6455391a0075ab59d438335c9d38da43e1ef974bcdf14be059d63d48f8a8f7a1f6cd9eb5e790519a3824f59387abafef48417bbeb74e34b526646b8d9

Analysis: behavioral4

Detonation Overview

Submitted

2024-06-01 07:08

Reported

2024-06-01 07:11

Platform

win11-20240426-en

Max time kernel

146s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\cav_installer.exe"

Signatures

Reads user/profile data of web browsers

spyware stealer

Checks for any installed AV software in registry

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\Options C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\COMODO\CIS\Data C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A
Key queried \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\Installer\Instance\{48222F79-874D-414E-9563-03C664764923} = "1372" C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\VolatileData C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\COMODO\CIS\Options\Proxy C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A
Key queried \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\Options C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\COMODO\CIS\Data\CmcWindowsVersion = "{\"release_id\":2009,\"build\":22000,\"ubr\":493,\"major\":0}" C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\Data C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A
Key queried \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\Installer C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\COMODO\CIS C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A
Key queried \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\COMODO\CIS\Data C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\Installer\Instance C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\Cam C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\Installer C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\COMODO\CIS\Data C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\Options C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\Testing purposes C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\COMODO\CIS\Options C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\Installer C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\Options\UsageStatHost = "cmc.comodo.com" C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\COMODO\CIS\DbgTrace\cmdinstall C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\Options\InstallerName = "cavinstallerx64" C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\Options\UsageStatHost C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\J: C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A
File opened (read-only) \??\N: C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A
File opened (read-only) \??\O: C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A
File opened (read-only) \??\I: C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A
File opened (read-only) \??\P: C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A
File opened (read-only) \??\S: C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A
File opened (read-only) \??\X: C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A
File opened (read-only) \??\B: C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A
File opened (read-only) \??\E: C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A
File opened (read-only) \??\K: C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A
File opened (read-only) \??\L: C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A
File opened (read-only) \??\M: C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A
File opened (read-only) \??\Q: C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A
File opened (read-only) \??\T: C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A
File opened (read-only) \??\Z: C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A
File opened (read-only) \??\A: C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A
File opened (read-only) \??\G: C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A
File opened (read-only) \??\H: C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A
File opened (read-only) \??\R: C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A
File opened (read-only) \??\U: C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A
File opened (read-only) \??\V: C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A
File opened (read-only) \??\W: C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A
File opened (read-only) \??\Y: C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A

Enumerates physical storage devices

Modifies system certificate store

evasion spyware trojan
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AFE5D244A8D1194230FF479FE2F897BBCD7A8CB4 C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AFE5D244A8D1194230FF479FE2F897BBCD7A8CB4\Blob = 0f0000000100000030000000761613f4cd8607508c3d520fbefe68773735fc73746f42a9fd6254ba3b72f0047994e5af57677cf6d2c1965984965df1090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00b000000010000003a0000005300650063007400690067006f002000280066006f0072006d00650072006c007900200043006f006d006f0064006f002000430041002900000062000000010000002000000052f0e1c4e58ec629291b60317f074671b85d7ea80d5b07273463534b32b40234140000000100000014000000bbaf7e023dfaa6f13c848eadee3898ecd93232d41d0000000100000010000000cb39c3d4272cdf63774e1db810c5a89e030000000100000014000000afe5d244a8d1194230ff479fe2f897bbcd7a8cb42000000001000000dc050000308205d8308203c0a00302010202104caaf9cadb636fe01ff74ed85b03869d300d06092a864886f70d01010c0500308185310b3009060355040613024742311b30190603550408131247726561746572204d616e636865737465723110300e0603550407130753616c666f7264311a3018060355040a1311434f4d4f444f204341204c696d69746564312b302906035504031322434f4d4f444f205253412043657274696669636174696f6e20417574686f72697479301e170d3130303131393030303030305a170d3338303131383233353935395a308185310b3009060355040613024742311b30190603550408131247726561746572204d616e636865737465723110300e0603550407130753616c666f7264311a3018060355040a1311434f4d4f444f204341204c696d69746564312b302906035504031322434f4d4f444f205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010091e85492d20a56b1ac0d24ddc5cf446774992b37a37d23700071bc53dfc4fa2a128f4b7f1056bd9f7072b7617fc94b0f17a73de3b00461eeff1197c7f4863e0afa3e5cf993e6347ad9146be79cb385a0827a76af7190d7ecfd0dfa9c6cfadfb082f4147ef9bec4a62f4f7f997fb5fc674372bd0c00d689eb6b2cd3ed8f981c14ab7ee5e36efcd8a8e49224da436b62b855fdeac1bc6cb68bf30e8d9ae49b6c6999f878483045d5ade10d3c4560fc32965127bc67c3ca2eb66bea46c7c720a0b11f65de4808baa44ea9f283463784ebe8cc814843674e722a9b5cbd4c1b288a5c227bb4ab98d9eee05183c309464e6d3e99fa9517da7c3357413c8d51ed0bb65caf2c631adf57c83fbce95dc49baf4599e2a35a24b4baa9563dcf6faaff4958bef0a8fff4b8ade937fbbab8f40b3af9e843421e89d884cb13f1d9bbe18960b88c2856ac141d9c0ae771ebcf0edd3da996a148bd3cf7afb50d224cc01181ec563bf6d3a2e25bb7b204225295809369e88e4c65f191032d707402ea8b671529695202bbd7df506a5546bfa0a328617f70d0c3a2aa2c21aa47ce289c064576bf821827b4d5aeb4cb50e66bf44c867130e9a6df1686e0d8ff40ddfbd042887fa3333a2e5c1e41118163ce18716b2beca68ab7315c3a6a47e0c37959d6201aaff26a98aa72bc574ad24b9dbb10fcb04c41e5ed1d3d5e289d9cccbfb351daa747e584530203010001a3423040301d0603551d0e04160414bbaf7e023dfaa6f13c848eadee3898ecd93232d4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff300d06092a864886f70d01010c050003820201000af1d54684b7ae51bb6cb24d411400934c9ccbe5c054cfa0258e02f9fdb0a20df520983c132dac56a2b0d67e1192e92eba9e2e9a72b1bd19446c6135a29ab41612695a8ce1d73ea41ae82f03f4ae611d101b2aa48b7ac5fe05a6e1c0d6c8fe9eae8f2bba3d99f8d8730958466ea69cf4d727d395da3783721cd373e0a2479903385dd5497900291cc7ec9b201c0724695778b239fc3a84a0b59c7c8dbf2e936227b739da1718aebd3c0968ff849b3cd5d60b03e3579e14f7d1eb4fc8bd8723b7b6494379855cbaeb920ba1c6e868a84c16b11a990ae8532c92bba10918750c65a87bcb23b71ac22885c31bffd02b62efa47b099198678c1401cd68066a6321750380888a6e81c685f2a9a42de7f4a524104783cacdf48d7958b1069be71a2ad99d01d7947ded034acaf0dbe8a9013ef55699c91e8e493dbbe509b9e04f49923d168240cccc59c6e63aed122e693c6c95b1fdaa1d7b7f86be1e0e3246fbfb138f757f4c8b4b4663fe00344070c1c3b9a1dda670e204b341bce98091ea649c7ae12203a99c6e6f0e654f6c87875ef36ea0f975a59b40e853b2279d4ab9c077218dff87f2debc8cef17dfb7490bd1f26e300b1a0e4e76ed11fcf5e956b27dbfc76d0a938ca5d0c0b61dbe3a4e94a2d76e6c0bc28a7cfa20f3c4e4e5cd0da8cb9192b17c85ecb51469660e82e7cdcec82da6517f21c1355385064a5d9fadbb1b5f74 C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E\Blob = 5c000000010000000400000000100000190000000100000010000000ea6089055218053dd01e37e1d806eedf0300000001000000140000002b8f1b57330dbba2d07a6c51f70ee90ddab9ad8e0b00000001000000100000005300650063007400690067006f0000001d0000000100000010000000885010358d29a38f059b028559c95f901400000001000000140000005379bf5aaa2b4acf5480e1d89bc09df2b20366cb620000000100000020000000e793c9b02fd8aa13e21c31228accb08119643b749c898964b1746d46c3d4cbd253000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f000000010000003000000066b764a96581128168cf208e374dda479d54e311f32457f4aee0dbd2a6c8d171d531289e1cd22bfdbbd4cfd9796254830400000001000000100000001bfe69d191b71933a372a80fe155e5b52000000001000000e2050000308205de308203c6a003020102021001fd6d30fca3ca51a81bbc640e35032d300d06092a864886f70d01010c0500308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f72697479301e170d3130303230313030303030305a170d3338303131383233353935395a308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010080126517360ec3db08b3d0ac570d76edcd27d34cad508361e2aa204d092d6409dcce899fcc3da9ecf6cfc1dcf1d3b1d67b3728112b47da39c6bc3a19b45fa6bd7d9da36342b676f2a93b2b91f8e26fd0ec162090093ee2e874c918b491d46264db7fa306f188186a90223cbcfe13f087147bf6e41f8ed4e451c61167460851cb8614543fbc33fe7e6c9cff169d18bd518e35a6a766c87267db2166b1d49b7803c0503ae8ccf0dcbc9e4cfeaf0596351f575ab7ffcef93db72cb6f654ddc8e7123a4dae4c8ab75c9ab4b7203dca7f2234ae7e3b68660144e7014e46539b3360f794be5337907343f332c353efdbaafe744e69c76b8c6093dec4c70cdfe132aecc933b517895678bee3d56fe0cd0690f1b0ff325266b336df76e47fa7343e57e0ea566b1297c3284635589c40dc19354301913acd37d37a7eb5d3a6c355cdb41d712daa9490bdfd8808a0993628eb566cf2588cd84b8b13fa4390fd9029eeb124c957cf36b05a95e1683ccb867e2e8139dcc5b82d34cb3ed5bffdee573ac233b2d00bf3555740949d849581a7f9236e651920ef3267d1c4d17bcc9ec4326d0bf415f40a94444f499e757879e501f5754a83efd74632fb1506509e658422e431a4cb4f0254759fa041e93d426464a5081b2debe78b7fc6715e1c957841e0f63d6e962bad65f552eea5cc62808042539b80e2ba9f24c971c073f0d52f5edef2f820f0203010001a3423040301d0603551d0e041604145379bf5aaa2b4acf5480e1d89bc09df2b20366cb300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff300d06092a864886f70d01010c050003820201005cd47c0dcff7017d4199650c73c5529fcbf8cf99067f1bda43159f9e0255579614f1523c27879428ed1f3a0137a276fc5350c0849bc66b4eba8c214fa28e556291f36915d8bc88e3c4aa0bfdefa8e94b552a06206d55782919ee5f305c4b241155ff249a6e5e2a2bee0b4d9f7ff70138941495430709fb60a9ee1cab128ca09a5ea7986a596d8b3f08fbc8d145af18156490120f73282ec5e2244efc58ecf0f445fe22b3eb2f8ed2d9456105c1976fa876728f8b8c36afbf0d05ce718de6a66f1f6ca67162c5d8d083720cf16711890c9c134c7234dfbcd571dfaa71dde1b96c8c3c125d65dabd5712b6436bffe5de4d661151cf99aeec17b6e871918cde49fedd3571a21527941ccf61e326bb6fa36725215de6dd1d0b2e681b3b82afec836785d4985174b1b9998089ff7f78195c794a602e9240ae4c372a2cc9c762c80e5df7365bcae0252501b4dd1a079c77003fd0dcd5ec3dd4fabb3fcc85d66f7fa92ddfb902f7f5979ab535dac367b0874aa9289e238eff5c276be1b04ff307ee002ed45987cb524195eaf447d7ee6441557c8d590295dd629dc2b9ee5a287484a59bb790c70c07dff589367432d628c1b0b00be09c4cc31cd6fce369b54746812fa282abd3634470c48dff2d33baad8f7bb57088ae3e19cf4028d8fcc890bb5d9922f552e658c51f883143ee881dd7c68e3c436a1da718de7d3d16f162f9ca90a8fd C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AFE5D244A8D1194230FF479FE2F897BBCD7A8CB4\Blob = 5c00000001000000040000000010000019000000010000001000000082218ffb91733e64136be5719f57c3a1030000000100000014000000afe5d244a8d1194230ff479fe2f897bbcd7a8cb41d0000000100000010000000cb39c3d4272cdf63774e1db810c5a89e140000000100000014000000bbaf7e023dfaa6f13c848eadee3898ecd93232d462000000010000002000000052f0e1c4e58ec629291b60317f074671b85d7ea80d5b07273463534b32b402340b000000010000003a0000005300650063007400690067006f002000280066006f0072006d00650072006c007900200043006f006d006f0064006f002000430041002900000053000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f0000000100000030000000761613f4cd8607508c3d520fbefe68773735fc73746f42a9fd6254ba3b72f0047994e5af57677cf6d2c1965984965df10400000001000000100000001b31b0714036cc143691adc43efdec182000000001000000dc050000308205d8308203c0a00302010202104caaf9cadb636fe01ff74ed85b03869d300d06092a864886f70d01010c0500308185310b3009060355040613024742311b30190603550408131247726561746572204d616e636865737465723110300e0603550407130753616c666f7264311a3018060355040a1311434f4d4f444f204341204c696d69746564312b302906035504031322434f4d4f444f205253412043657274696669636174696f6e20417574686f72697479301e170d3130303131393030303030305a170d3338303131383233353935395a308185310b3009060355040613024742311b30190603550408131247726561746572204d616e636865737465723110300e0603550407130753616c666f7264311a3018060355040a1311434f4d4f444f204341204c696d69746564312b302906035504031322434f4d4f444f205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010091e85492d20a56b1ac0d24ddc5cf446774992b37a37d23700071bc53dfc4fa2a128f4b7f1056bd9f7072b7617fc94b0f17a73de3b00461eeff1197c7f4863e0afa3e5cf993e6347ad9146be79cb385a0827a76af7190d7ecfd0dfa9c6cfadfb082f4147ef9bec4a62f4f7f997fb5fc674372bd0c00d689eb6b2cd3ed8f981c14ab7ee5e36efcd8a8e49224da436b62b855fdeac1bc6cb68bf30e8d9ae49b6c6999f878483045d5ade10d3c4560fc32965127bc67c3ca2eb66bea46c7c720a0b11f65de4808baa44ea9f283463784ebe8cc814843674e722a9b5cbd4c1b288a5c227bb4ab98d9eee05183c309464e6d3e99fa9517da7c3357413c8d51ed0bb65caf2c631adf57c83fbce95dc49baf4599e2a35a24b4baa9563dcf6faaff4958bef0a8fff4b8ade937fbbab8f40b3af9e843421e89d884cb13f1d9bbe18960b88c2856ac141d9c0ae771ebcf0edd3da996a148bd3cf7afb50d224cc01181ec563bf6d3a2e25bb7b204225295809369e88e4c65f191032d707402ea8b671529695202bbd7df506a5546bfa0a328617f70d0c3a2aa2c21aa47ce289c064576bf821827b4d5aeb4cb50e66bf44c867130e9a6df1686e0d8ff40ddfbd042887fa3333a2e5c1e41118163ce18716b2beca68ab7315c3a6a47e0c37959d6201aaff26a98aa72bc574ad24b9dbb10fcb04c41e5ed1d3d5e289d9cccbfb351daa747e584530203010001a3423040301d0603551d0e04160414bbaf7e023dfaa6f13c848eadee3898ecd93232d4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff300d06092a864886f70d01010c050003820201000af1d54684b7ae51bb6cb24d411400934c9ccbe5c054cfa0258e02f9fdb0a20df520983c132dac56a2b0d67e1192e92eba9e2e9a72b1bd19446c6135a29ab41612695a8ce1d73ea41ae82f03f4ae611d101b2aa48b7ac5fe05a6e1c0d6c8fe9eae8f2bba3d99f8d8730958466ea69cf4d727d395da3783721cd373e0a2479903385dd5497900291cc7ec9b201c0724695778b239fc3a84a0b59c7c8dbf2e936227b739da1718aebd3c0968ff849b3cd5d60b03e3579e14f7d1eb4fc8bd8723b7b6494379855cbaeb920ba1c6e868a84c16b11a990ae8532c92bba10918750c65a87bcb23b71ac22885c31bffd02b62efa47b099198678c1401cd68066a6321750380888a6e81c685f2a9a42de7f4a524104783cacdf48d7958b1069be71a2ad99d01d7947ded034acaf0dbe8a9013ef55699c91e8e493dbbe509b9e04f49923d168240cccc59c6e63aed122e693c6c95b1fdaa1d7b7f86be1e0e3246fbfb138f757f4c8b4b4663fe00344070c1c3b9a1dda670e204b341bce98091ea649c7ae12203a99c6e6f0e654f6c87875ef36ea0f975a59b40e853b2279d4ab9c077218dff87f2debc8cef17dfb7490bd1f26e300b1a0e4e76ed11fcf5e956b27dbfc76d0a938ca5d0c0b61dbe3a4e94a2d76e6c0bc28a7cfa20f3c4e4e5cd0da8cb9192b17c85ecb51469660e82e7cdcec82da6517f21c1355385064a5d9fadbb1b5f74 C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\02FAF3E291435468607857694DF5E45B68851868 C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\02FAF3E291435468607857694DF5E45B68851868\Blob = 0400000001000000100000001d3554048578b03f42424dbf20730a3f0f000000010000001400000009b9105c5bba24343ca7f341c624e183f6ee7c1b090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00b00000001000000260000005300650063007400690067006f00200028004100640064005400720075007300740029000000620000000100000020000000687fa451382278fff0c8b11f8d43d576671c6eb2bceab413fb83d965d06d2ff2140000000100000014000000adbd987a34b426f7fac42654ef03bde024cb541a1d000000010000001000000006f9583c00a763c23fb9e065a3366d557e0000000100000008000000000063f58926d70168000000010000000800000000409120d035d90103000000010000001400000002faf3e291435468607857694df5e45b6885186819000000010000001000000045ed9bbc5e43d3b9ecd63c060db78e5c20000000010000003a040000308204363082031ea003020102020101300d06092a864886f70d0101050500306f310b300906035504061302534531143012060355040a130b416464547275737420414231263024060355040b131d41646454727573742045787465726e616c20545450204e6574776f726b312230200603550403131941646454727573742045787465726e616c20434120526f6f74301e170d3030303533303130343833385a170d3230303533303130343833385a306f310b300906035504061302534531143012060355040a130b416464547275737420414231263024060355040b131d41646454727573742045787465726e616c20545450204e6574776f726b312230200603550403131941646454727573742045787465726e616c20434120526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100b7f71a33e6f200042d39e04e5bed1fbc6c0fcdb5fa23b6cede9b113397a4294c7d939fbd4abc93ed031ae38fcfe56d505ad69729945a80b0497adb2e95fdb8cabf37382d1e3e9141ad7056c7f04f3fe8329e74cac89054e9c65f0f789d9a403c0eac61aa5e148f9e87a16a50dcd79a4eaf05b3a671949c71b350600ac7139d38078602a8e9a869261890ab4cb04f23ab3a4f84d8dfce9fe1696fbbd742d76b44e4c7adee6d415f725a710837b37965a459a09437f7002f0dc29272dad03872db14a845c45d2a7db7b4d6c4eeaccd1344b7c92bdd430025fa61b9696a582311b7a7338f567559f5cd29d746b70a2b65b6d3426f15b2b87bfbefe95d53d5345a270203010001a381dc3081d9301d0603551d0e04160414adbd987a34b426f7fac42654ef03bde024cb541a300b0603551d0f040403020106300f0603551d130101ff040530030101ff3081990603551d2304819130818e8014adbd987a34b426f7fac42654ef03bde024cb541aa173a471306f310b300906035504061302534531143012060355040a130b416464547275737420414231263024060355040b131d41646454727573742045787465726e616c20545450204e6574776f726b312230200603550403131941646454727573742045787465726e616c20434120526f6f74820101300d06092a864886f70d01010505000382010100b09be08525c2d623e20f9606929d41989cd9847981d91e5b14072336658fb0d877bbac416c47608351b0f9323de7fcf62613c78016a5bf5afc87cf787989219ae24c070a8635bcf2de51c4d296b7dc7e4eee70fd1c39eb0c0251142d8ebd16e0c1df4675e724adecf442b48593701067ba9d06354a18d32b7acc5142a17a63d1e6bba1c52bc236be130de6bd637e797ba7090d40ab6add8f8ac3f6f68c1a420551d445f59fa76221681520433c99e77cbd24d8a9911773883f561b313818b4710f9acdc80e9e8e2e1be18c9883cb1f31f1444cc604734976600fc7f8bd17806b2ee9cc4c0e5a9a790f200a2ed59e63261e559294d882175a7bd0bcc78f4e8604 C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E\Blob = 0f000000010000003000000066b764a96581128168cf208e374dda479d54e311f32457f4aee0dbd2a6c8d171d531289e1cd22bfdbbd4cfd979625483090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0620000000100000020000000e793c9b02fd8aa13e21c31228accb08119643b749c898964b1746d46c3d4cbd21400000001000000140000005379bf5aaa2b4acf5480e1d89bc09df2b20366cb1d0000000100000010000000885010358d29a38f059b028559c95f900b00000001000000100000005300650063007400690067006f0000000300000001000000140000002b8f1b57330dbba2d07a6c51f70ee90ddab9ad8e2000000001000000e2050000308205de308203c6a003020102021001fd6d30fca3ca51a81bbc640e35032d300d06092a864886f70d01010c0500308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f72697479301e170d3130303230313030303030305a170d3338303131383233353935395a308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010080126517360ec3db08b3d0ac570d76edcd27d34cad508361e2aa204d092d6409dcce899fcc3da9ecf6cfc1dcf1d3b1d67b3728112b47da39c6bc3a19b45fa6bd7d9da36342b676f2a93b2b91f8e26fd0ec162090093ee2e874c918b491d46264db7fa306f188186a90223cbcfe13f087147bf6e41f8ed4e451c61167460851cb8614543fbc33fe7e6c9cff169d18bd518e35a6a766c87267db2166b1d49b7803c0503ae8ccf0dcbc9e4cfeaf0596351f575ab7ffcef93db72cb6f654ddc8e7123a4dae4c8ab75c9ab4b7203dca7f2234ae7e3b68660144e7014e46539b3360f794be5337907343f332c353efdbaafe744e69c76b8c6093dec4c70cdfe132aecc933b517895678bee3d56fe0cd0690f1b0ff325266b336df76e47fa7343e57e0ea566b1297c3284635589c40dc19354301913acd37d37a7eb5d3a6c355cdb41d712daa9490bdfd8808a0993628eb566cf2588cd84b8b13fa4390fd9029eeb124c957cf36b05a95e1683ccb867e2e8139dcc5b82d34cb3ed5bffdee573ac233b2d00bf3555740949d849581a7f9236e651920ef3267d1c4d17bcc9ec4326d0bf415f40a94444f499e757879e501f5754a83efd74632fb1506509e658422e431a4cb4f0254759fa041e93d426464a5081b2debe78b7fc6715e1c957841e0f63d6e962bad65f552eea5cc62808042539b80e2ba9f24c971c073f0d52f5edef2f820f0203010001a3423040301d0603551d0e041604145379bf5aaa2b4acf5480e1d89bc09df2b20366cb300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff300d06092a864886f70d01010c050003820201005cd47c0dcff7017d4199650c73c5529fcbf8cf99067f1bda43159f9e0255579614f1523c27879428ed1f3a0137a276fc5350c0849bc66b4eba8c214fa28e556291f36915d8bc88e3c4aa0bfdefa8e94b552a06206d55782919ee5f305c4b241155ff249a6e5e2a2bee0b4d9f7ff70138941495430709fb60a9ee1cab128ca09a5ea7986a596d8b3f08fbc8d145af18156490120f73282ec5e2244efc58ecf0f445fe22b3eb2f8ed2d9456105c1976fa876728f8b8c36afbf0d05ce718de6a66f1f6ca67162c5d8d083720cf16711890c9c134c7234dfbcd571dfaa71dde1b96c8c3c125d65dabd5712b6436bffe5de4d661151cf99aeec17b6e871918cde49fedd3571a21527941ccf61e326bb6fa36725215de6dd1d0b2e681b3b82afec836785d4985174b1b9998089ff7f78195c794a602e9240ae4c372a2cc9c762c80e5df7365bcae0252501b4dd1a079c77003fd0dcd5ec3dd4fabb3fcc85d66f7fa92ddfb902f7f5979ab535dac367b0874aa9289e238eff5c276be1b04ff307ee002ed45987cb524195eaf447d7ee6441557c8d590295dd629dc2b9ee5a287484a59bb790c70c07dff589367432d628c1b0b00be09c4cc31cd6fce369b54746812fa282abd3634470c48dff2d33baad8f7bb57088ae3e19cf4028d8fcc890bb5d9922f552e658c51f883143ee881dd7c68e3c436a1da718de7d3d16f162f9ca90a8fd C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AFE5D244A8D1194230FF479FE2F897BBCD7A8CB4\Blob = 19000000010000001000000082218ffb91733e64136be5719f57c3a1030000000100000014000000afe5d244a8d1194230ff479fe2f897bbcd7a8cb41d0000000100000010000000cb39c3d4272cdf63774e1db810c5a89e140000000100000014000000bbaf7e023dfaa6f13c848eadee3898ecd93232d462000000010000002000000052f0e1c4e58ec629291b60317f074671b85d7ea80d5b07273463534b32b402340b000000010000003a0000005300650063007400690067006f002000280066006f0072006d00650072006c007900200043006f006d006f0064006f002000430041002900000053000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f0000000100000030000000761613f4cd8607508c3d520fbefe68773735fc73746f42a9fd6254ba3b72f0047994e5af57677cf6d2c1965984965df12000000001000000dc050000308205d8308203c0a00302010202104caaf9cadb636fe01ff74ed85b03869d300d06092a864886f70d01010c0500308185310b3009060355040613024742311b30190603550408131247726561746572204d616e636865737465723110300e0603550407130753616c666f7264311a3018060355040a1311434f4d4f444f204341204c696d69746564312b302906035504031322434f4d4f444f205253412043657274696669636174696f6e20417574686f72697479301e170d3130303131393030303030305a170d3338303131383233353935395a308185310b3009060355040613024742311b30190603550408131247726561746572204d616e636865737465723110300e0603550407130753616c666f7264311a3018060355040a1311434f4d4f444f204341204c696d69746564312b302906035504031322434f4d4f444f205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010091e85492d20a56b1ac0d24ddc5cf446774992b37a37d23700071bc53dfc4fa2a128f4b7f1056bd9f7072b7617fc94b0f17a73de3b00461eeff1197c7f4863e0afa3e5cf993e6347ad9146be79cb385a0827a76af7190d7ecfd0dfa9c6cfadfb082f4147ef9bec4a62f4f7f997fb5fc674372bd0c00d689eb6b2cd3ed8f981c14ab7ee5e36efcd8a8e49224da436b62b855fdeac1bc6cb68bf30e8d9ae49b6c6999f878483045d5ade10d3c4560fc32965127bc67c3ca2eb66bea46c7c720a0b11f65de4808baa44ea9f283463784ebe8cc814843674e722a9b5cbd4c1b288a5c227bb4ab98d9eee05183c309464e6d3e99fa9517da7c3357413c8d51ed0bb65caf2c631adf57c83fbce95dc49baf4599e2a35a24b4baa9563dcf6faaff4958bef0a8fff4b8ade937fbbab8f40b3af9e843421e89d884cb13f1d9bbe18960b88c2856ac141d9c0ae771ebcf0edd3da996a148bd3cf7afb50d224cc01181ec563bf6d3a2e25bb7b204225295809369e88e4c65f191032d707402ea8b671529695202bbd7df506a5546bfa0a328617f70d0c3a2aa2c21aa47ce289c064576bf821827b4d5aeb4cb50e66bf44c867130e9a6df1686e0d8ff40ddfbd042887fa3333a2e5c1e41118163ce18716b2beca68ab7315c3a6a47e0c37959d6201aaff26a98aa72bc574ad24b9dbb10fcb04c41e5ed1d3d5e289d9cccbfb351daa747e584530203010001a3423040301d0603551d0e04160414bbaf7e023dfaa6f13c848eadee3898ecd93232d4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff300d06092a864886f70d01010c050003820201000af1d54684b7ae51bb6cb24d411400934c9ccbe5c054cfa0258e02f9fdb0a20df520983c132dac56a2b0d67e1192e92eba9e2e9a72b1bd19446c6135a29ab41612695a8ce1d73ea41ae82f03f4ae611d101b2aa48b7ac5fe05a6e1c0d6c8fe9eae8f2bba3d99f8d8730958466ea69cf4d727d395da3783721cd373e0a2479903385dd5497900291cc7ec9b201c0724695778b239fc3a84a0b59c7c8dbf2e936227b739da1718aebd3c0968ff849b3cd5d60b03e3579e14f7d1eb4fc8bd8723b7b6494379855cbaeb920ba1c6e868a84c16b11a990ae8532c92bba10918750c65a87bcb23b71ac22885c31bffd02b62efa47b099198678c1401cd68066a6321750380888a6e81c685f2a9a42de7f4a524104783cacdf48d7958b1069be71a2ad99d01d7947ded034acaf0dbe8a9013ef55699c91e8e493dbbe509b9e04f49923d168240cccc59c6e63aed122e693c6c95b1fdaa1d7b7f86be1e0e3246fbfb138f757f4c8b4b4663fe00344070c1c3b9a1dda670e204b341bce98091ea649c7ae12203a99c6e6f0e654f6c87875ef36ea0f975a59b40e853b2279d4ab9c077218dff87f2debc8cef17dfb7490bd1f26e300b1a0e4e76ed11fcf5e956b27dbfc76d0a938ca5d0c0b61dbe3a4e94a2d76e6c0bc28a7cfa20f3c4e4e5cd0da8cb9192b17c85ecb51469660e82e7cdcec82da6517f21c1355385064a5d9fadbb1b5f74 C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E\Blob = 0400000001000000100000001bfe69d191b71933a372a80fe155e5b50f000000010000003000000066b764a96581128168cf208e374dda479d54e311f32457f4aee0dbd2a6c8d171d531289e1cd22bfdbbd4cfd979625483090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0620000000100000020000000e793c9b02fd8aa13e21c31228accb08119643b749c898964b1746d46c3d4cbd21400000001000000140000005379bf5aaa2b4acf5480e1d89bc09df2b20366cb1d0000000100000010000000885010358d29a38f059b028559c95f900b00000001000000100000005300650063007400690067006f0000000300000001000000140000002b8f1b57330dbba2d07a6c51f70ee90ddab9ad8e190000000100000010000000ea6089055218053dd01e37e1d806eedf2000000001000000e2050000308205de308203c6a003020102021001fd6d30fca3ca51a81bbc640e35032d300d06092a864886f70d01010c0500308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f72697479301e170d3130303230313030303030305a170d3338303131383233353935395a308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010080126517360ec3db08b3d0ac570d76edcd27d34cad508361e2aa204d092d6409dcce899fcc3da9ecf6cfc1dcf1d3b1d67b3728112b47da39c6bc3a19b45fa6bd7d9da36342b676f2a93b2b91f8e26fd0ec162090093ee2e874c918b491d46264db7fa306f188186a90223cbcfe13f087147bf6e41f8ed4e451c61167460851cb8614543fbc33fe7e6c9cff169d18bd518e35a6a766c87267db2166b1d49b7803c0503ae8ccf0dcbc9e4cfeaf0596351f575ab7ffcef93db72cb6f654ddc8e7123a4dae4c8ab75c9ab4b7203dca7f2234ae7e3b68660144e7014e46539b3360f794be5337907343f332c353efdbaafe744e69c76b8c6093dec4c70cdfe132aecc933b517895678bee3d56fe0cd0690f1b0ff325266b336df76e47fa7343e57e0ea566b1297c3284635589c40dc19354301913acd37d37a7eb5d3a6c355cdb41d712daa9490bdfd8808a0993628eb566cf2588cd84b8b13fa4390fd9029eeb124c957cf36b05a95e1683ccb867e2e8139dcc5b82d34cb3ed5bffdee573ac233b2d00bf3555740949d849581a7f9236e651920ef3267d1c4d17bcc9ec4326d0bf415f40a94444f499e757879e501f5754a83efd74632fb1506509e658422e431a4cb4f0254759fa041e93d426464a5081b2debe78b7fc6715e1c957841e0f63d6e962bad65f552eea5cc62808042539b80e2ba9f24c971c073f0d52f5edef2f820f0203010001a3423040301d0603551d0e041604145379bf5aaa2b4acf5480e1d89bc09df2b20366cb300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff300d06092a864886f70d01010c050003820201005cd47c0dcff7017d4199650c73c5529fcbf8cf99067f1bda43159f9e0255579614f1523c27879428ed1f3a0137a276fc5350c0849bc66b4eba8c214fa28e556291f36915d8bc88e3c4aa0bfdefa8e94b552a06206d55782919ee5f305c4b241155ff249a6e5e2a2bee0b4d9f7ff70138941495430709fb60a9ee1cab128ca09a5ea7986a596d8b3f08fbc8d145af18156490120f73282ec5e2244efc58ecf0f445fe22b3eb2f8ed2d9456105c1976fa876728f8b8c36afbf0d05ce718de6a66f1f6ca67162c5d8d083720cf16711890c9c134c7234dfbcd571dfaa71dde1b96c8c3c125d65dabd5712b6436bffe5de4d661151cf99aeec17b6e871918cde49fedd3571a21527941ccf61e326bb6fa36725215de6dd1d0b2e681b3b82afec836785d4985174b1b9998089ff7f78195c794a602e9240ae4c372a2cc9c762c80e5df7365bcae0252501b4dd1a079c77003fd0dcd5ec3dd4fabb3fcc85d66f7fa92ddfb902f7f5979ab535dac367b0874aa9289e238eff5c276be1b04ff307ee002ed45987cb524195eaf447d7ee6441557c8d590295dd629dc2b9ee5a287484a59bb790c70c07dff589367432d628c1b0b00be09c4cc31cd6fce369b54746812fa282abd3634470c48dff2d33baad8f7bb57088ae3e19cf4028d8fcc890bb5d9922f552e658c51f883143ee881dd7c68e3c436a1da718de7d3d16f162f9ca90a8fd C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AFE5D244A8D1194230FF479FE2F897BBCD7A8CB4\Blob = 0400000001000000100000001b31b0714036cc143691adc43efdec180f0000000100000030000000761613f4cd8607508c3d520fbefe68773735fc73746f42a9fd6254ba3b72f0047994e5af57677cf6d2c1965984965df1090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00b000000010000003a0000005300650063007400690067006f002000280066006f0072006d00650072006c007900200043006f006d006f0064006f002000430041002900000062000000010000002000000052f0e1c4e58ec629291b60317f074671b85d7ea80d5b07273463534b32b40234140000000100000014000000bbaf7e023dfaa6f13c848eadee3898ecd93232d41d0000000100000010000000cb39c3d4272cdf63774e1db810c5a89e030000000100000014000000afe5d244a8d1194230ff479fe2f897bbcd7a8cb419000000010000001000000082218ffb91733e64136be5719f57c3a12000000001000000dc050000308205d8308203c0a00302010202104caaf9cadb636fe01ff74ed85b03869d300d06092a864886f70d01010c0500308185310b3009060355040613024742311b30190603550408131247726561746572204d616e636865737465723110300e0603550407130753616c666f7264311a3018060355040a1311434f4d4f444f204341204c696d69746564312b302906035504031322434f4d4f444f205253412043657274696669636174696f6e20417574686f72697479301e170d3130303131393030303030305a170d3338303131383233353935395a308185310b3009060355040613024742311b30190603550408131247726561746572204d616e636865737465723110300e0603550407130753616c666f7264311a3018060355040a1311434f4d4f444f204341204c696d69746564312b302906035504031322434f4d4f444f205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010091e85492d20a56b1ac0d24ddc5cf446774992b37a37d23700071bc53dfc4fa2a128f4b7f1056bd9f7072b7617fc94b0f17a73de3b00461eeff1197c7f4863e0afa3e5cf993e6347ad9146be79cb385a0827a76af7190d7ecfd0dfa9c6cfadfb082f4147ef9bec4a62f4f7f997fb5fc674372bd0c00d689eb6b2cd3ed8f981c14ab7ee5e36efcd8a8e49224da436b62b855fdeac1bc6cb68bf30e8d9ae49b6c6999f878483045d5ade10d3c4560fc32965127bc67c3ca2eb66bea46c7c720a0b11f65de4808baa44ea9f283463784ebe8cc814843674e722a9b5cbd4c1b288a5c227bb4ab98d9eee05183c309464e6d3e99fa9517da7c3357413c8d51ed0bb65caf2c631adf57c83fbce95dc49baf4599e2a35a24b4baa9563dcf6faaff4958bef0a8fff4b8ade937fbbab8f40b3af9e843421e89d884cb13f1d9bbe18960b88c2856ac141d9c0ae771ebcf0edd3da996a148bd3cf7afb50d224cc01181ec563bf6d3a2e25bb7b204225295809369e88e4c65f191032d707402ea8b671529695202bbd7df506a5546bfa0a328617f70d0c3a2aa2c21aa47ce289c064576bf821827b4d5aeb4cb50e66bf44c867130e9a6df1686e0d8ff40ddfbd042887fa3333a2e5c1e41118163ce18716b2beca68ab7315c3a6a47e0c37959d6201aaff26a98aa72bc574ad24b9dbb10fcb04c41e5ed1d3d5e289d9cccbfb351daa747e584530203010001a3423040301d0603551d0e04160414bbaf7e023dfaa6f13c848eadee3898ecd93232d4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff300d06092a864886f70d01010c050003820201000af1d54684b7ae51bb6cb24d411400934c9ccbe5c054cfa0258e02f9fdb0a20df520983c132dac56a2b0d67e1192e92eba9e2e9a72b1bd19446c6135a29ab41612695a8ce1d73ea41ae82f03f4ae611d101b2aa48b7ac5fe05a6e1c0d6c8fe9eae8f2bba3d99f8d8730958466ea69cf4d727d395da3783721cd373e0a2479903385dd5497900291cc7ec9b201c0724695778b239fc3a84a0b59c7c8dbf2e936227b739da1718aebd3c0968ff849b3cd5d60b03e3579e14f7d1eb4fc8bd8723b7b6494379855cbaeb920ba1c6e868a84c16b11a990ae8532c92bba10918750c65a87bcb23b71ac22885c31bffd02b62efa47b099198678c1401cd68066a6321750380888a6e81c685f2a9a42de7f4a524104783cacdf48d7958b1069be71a2ad99d01d7947ded034acaf0dbe8a9013ef55699c91e8e493dbbe509b9e04f49923d168240cccc59c6e63aed122e693c6c95b1fdaa1d7b7f86be1e0e3246fbfb138f757f4c8b4b4663fe00344070c1c3b9a1dda670e204b341bce98091ea649c7ae12203a99c6e6f0e654f6c87875ef36ea0f975a59b40e853b2279d4ab9c077218dff87f2debc8cef17dfb7490bd1f26e300b1a0e4e76ed11fcf5e956b27dbfc76d0a938ca5d0c0b61dbe3a4e94a2d76e6c0bc28a7cfa20f3c4e4e5cd0da8cb9192b17c85ecb51469660e82e7cdcec82da6517f21c1355385064a5d9fadbb1b5f74 C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\02FAF3E291435468607857694DF5E45B68851868\Blob = 5c00000001000000040000000008000019000000010000001000000045ed9bbc5e43d3b9ecd63c060db78e5c03000000010000001400000002faf3e291435468607857694df5e45b6885186868000000010000000800000000409120d035d9017e0000000100000008000000000063f58926d7011d000000010000001000000006f9583c00a763c23fb9e065a3366d55140000000100000014000000adbd987a34b426f7fac42654ef03bde024cb541a620000000100000020000000687fa451382278fff0c8b11f8d43d576671c6eb2bceab413fb83d965d06d2ff20b00000001000000260000005300650063007400690067006f0020002800410064006400540072007500730074002900000053000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f000000010000001400000009b9105c5bba24343ca7f341c624e183f6ee7c1b0400000001000000100000001d3554048578b03f42424dbf20730a3f20000000010000003a040000308204363082031ea003020102020101300d06092a864886f70d0101050500306f310b300906035504061302534531143012060355040a130b416464547275737420414231263024060355040b131d41646454727573742045787465726e616c20545450204e6574776f726b312230200603550403131941646454727573742045787465726e616c20434120526f6f74301e170d3030303533303130343833385a170d3230303533303130343833385a306f310b300906035504061302534531143012060355040a130b416464547275737420414231263024060355040b131d41646454727573742045787465726e616c20545450204e6574776f726b312230200603550403131941646454727573742045787465726e616c20434120526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100b7f71a33e6f200042d39e04e5bed1fbc6c0fcdb5fa23b6cede9b113397a4294c7d939fbd4abc93ed031ae38fcfe56d505ad69729945a80b0497adb2e95fdb8cabf37382d1e3e9141ad7056c7f04f3fe8329e74cac89054e9c65f0f789d9a403c0eac61aa5e148f9e87a16a50dcd79a4eaf05b3a671949c71b350600ac7139d38078602a8e9a869261890ab4cb04f23ab3a4f84d8dfce9fe1696fbbd742d76b44e4c7adee6d415f725a710837b37965a459a09437f7002f0dc29272dad03872db14a845c45d2a7db7b4d6c4eeaccd1344b7c92bdd430025fa61b9696a582311b7a7338f567559f5cd29d746b70a2b65b6d3426f15b2b87bfbefe95d53d5345a270203010001a381dc3081d9301d0603551d0e04160414adbd987a34b426f7fac42654ef03bde024cb541a300b0603551d0f040403020106300f0603551d130101ff040530030101ff3081990603551d2304819130818e8014adbd987a34b426f7fac42654ef03bde024cb541aa173a471306f310b300906035504061302534531143012060355040a130b416464547275737420414231263024060355040b131d41646454727573742045787465726e616c20545450204e6574776f726b312230200603550403131941646454727573742045787465726e616c20434120526f6f74820101300d06092a864886f70d01010505000382010100b09be08525c2d623e20f9606929d41989cd9847981d91e5b14072336658fb0d877bbac416c47608351b0f9323de7fcf62613c78016a5bf5afc87cf787989219ae24c070a8635bcf2de51c4d296b7dc7e4eee70fd1c39eb0c0251142d8ebd16e0c1df4675e724adecf442b48593701067ba9d06354a18d32b7acc5142a17a63d1e6bba1c52bc236be130de6bd637e797ba7090d40ab6add8f8ac3f6f68c1a420551d445f59fa76221681520433c99e77cbd24d8a9911773883f561b313818b4710f9acdc80e9e8e2e1be18c9883cb1f31f1444cc604734976600fc7f8bd17806b2ee9cc4c0e5a9a790f200a2ed59e63261e559294d882175a7bd0bcc78f4e8604 C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeTcbPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\cav_installer.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\cav_installer.exe

"C:\Users\Admin\AppData\Local\Temp\cav_installer.exe"

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe

"C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe" -log -setupname "cav_installer.exe" -sfx "C:\Users\Admin\AppData\Local\Temp" -theme lycia -type web -mode cavfree

Network

Country Destination Domain Proto
US 162.255.25.209:443 download.comodo.com tcp
US 8.8.8.8:53 233.38.18.104.in-addr.arpa udp
US 8.8.8.8:53 23.149.64.172.in-addr.arpa udp
FR 185.93.2.251:443 cdn.download.comodo.com tcp
US 162.255.25.209:443 download.comodo.com tcp
US 162.255.25.209:443 download.comodo.com tcp
US 162.255.25.209:443 download.comodo.com tcp
FR 185.93.2.251:443 cdn.download.comodo.com tcp
US 69.57.168.134:443 download.adtrustmedia.com tcp
US 162.255.25.209:443 download.comodo.com tcp
US 162.255.25.209:443 download.comodo.com tcp
FR 143.244.56.50:443 cdn.download.comodo.com tcp
US 162.255.25.209:443 download.comodo.com tcp
FR 143.244.56.50:443 cdn.download.comodo.com tcp
US 162.255.25.209:443 download.comodo.com tcp
FR 143.244.56.50:443 cdn.download.comodo.com tcp
US 162.255.25.209:443 download.comodo.com tcp
FR 143.244.56.50:443 cdn.download.comodo.com tcp
US 162.255.25.209:443 download.comodo.com tcp
FR 143.244.56.50:443 cdn.download.comodo.com tcp
US 162.255.25.209:443 download.comodo.com tcp
FR 143.244.56.50:443 cdn.download.comodo.com tcp
US 162.255.25.209:443 download.comodo.com tcp
FR 143.244.56.50:443 cdn.download.comodo.com tcp
US 162.255.25.209:443 download.comodo.com tcp
FR 143.244.56.50:443 cdn.download.comodo.com tcp
US 162.255.25.209:443 download.comodo.com tcp
FR 143.244.56.50:443 cdn.download.comodo.com tcp
US 69.57.168.134:443 download.adtrustmedia.com tcp
US 162.255.25.209:443 download.comodo.com tcp
US 162.255.25.209:443 download.comodo.com tcp
FR 185.93.2.244:443 cdn.download.comodo.com tcp
US 162.255.25.209:443 download.comodo.com tcp
FR 185.93.2.244:443 cdn.download.comodo.com tcp
US 162.255.25.209:443 download.comodo.com tcp
FR 185.93.2.244:443 cdn.download.comodo.com tcp
US 162.255.25.209:443 download.comodo.com tcp
FR 185.93.2.244:443 cdn.download.comodo.com tcp
US 162.255.25.209:443 download.comodo.com tcp
FR 185.93.2.244:443 cdn.download.comodo.com tcp
US 8.8.8.8:53 licensing.security.comodo.com udp
GB 178.255.85.135:443 cmc.comodo.com tcp
US 45.32.1.220:443 licensing.security.comodo.com tcp
US 45.32.1.220:443 licensing.security.comodo.com tcp
US 45.32.1.220:443 licensing.security.comodo.com tcp
GB 178.255.85.135:443 cmc.comodo.com tcp
US 209.127.178.107:443 cis.td.security.comodo.com tcp
US 209.127.178.102:443 cis.td.security.comodo.com tcp
US 209.127.178.76:443 cis.td.security.comodo.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe

MD5 74cf93a3d559a630911fc94568b99e1e
SHA1 a5f164154e164174c715e493f440b1935ec53af8
SHA256 fe82eb2103b177370e742aee40a2b840805516ff23867f6b9bd3655a401eb50b
SHA512 c000d512e270d7f89058fe52a3ecfac6f60462eed21b134ebb57640cc6425e7ece9b6ce683acc666d8358875c8d621497a8e3eb95b4ad72311efb9d12c03100a

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdhtml.dll

MD5 6d9aa26bb18af69dc74ae8e822eb53dd
SHA1 6ef20da9b9e70afa742f047f1c6f9d3e58290450
SHA256 cf140523b8834de1c37efa29b02adcdc88babc0f8ee90ba93dd98c260d7036c3
SHA512 3a9e8f15d207e98bb182f8d1838e93dba9750e6cfc79b72aab0706f969866447e50b3ab28bc1768a7cac7e7733cde80085cabcefefae0d287f08374578935c36

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\7za.dll

MD5 7baac18fb157c76574ca3d7a2f5eb193
SHA1 6460577ce621fa28133096073376f6a88f8acd61
SHA256 347144ae998d96c6b8664abf56f3ff8cfa4dcdfd6e13205d7e8ee2f3b77eefc2
SHA512 513cc213da81db470f8675c29162f4b724bb92a690edd451025eb68588971eebb937f88cc5a659222f2bbbd99440aa56800bf4167bb8912ea87a0b2648b002ea

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\themes\ilycia.set

MD5 7b85f91536c8342ac64d3edece2af7fe
SHA1 1e28c62364f606f03078e985222a2e3400a483c6
SHA256 918e7aad857776a895ecdf850665c355026882bcf1e0eba279ff4f7aa4b6bbae
SHA512 42cbaca95018eba8b05d3d586dbe8537ec1130af9edd813c4e7affef88c804a4ae65d9a446a95326508cd21da03a7e6a7969f6de5a68e69ce86c827f4308ac5a

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdres.dll

MD5 a4b3e07a9d407bca7a0ed76ea7c4945f
SHA1 af16d87110e2f9e64d5c35a6d522151b69377bbc
SHA256 b115a17e7500dbc34cce1f8e84a59f072a26ad49be5dcde6ac5908e4d2ad3555
SHA512 77c6ba298f5bd4c04192660d365d2a45ecb23fa441818735bd01050677037e1976670dcb457b6684343fbccb02a6fcfd98f22ae9f2de263057157917ee28d981

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\installer_langdata.bin

MD5 b80eda6258e28b537651f8e5ebd997ff
SHA1 826741e138e8342f4bc3303838e347a44bb93546
SHA256 6e960dfed451c2dfb99352d25d3df8dd46fe7d80c9af79805c0cfbd1a99a2709
SHA512 9fce1cb5fe8b6a2bc4d13c1ca3ec31c926c6dd33717f145da6952ae33144eb11a6ee9e751e1d3e2d5d6ce7768e9f9602773a917d9f5f8473670e6d631b932b74

C:\ProgramData\Comodo Downloader\cis\download\installs\8050\installer_data\binaries\files_info.dat

MD5 f42c56a1f750bdf43155a2aee0f1407c
SHA1 0929dd9594fccffe5e7e43ea33a5eb6467afab0b
SHA256 86e8a71d1327fe5f26901c8a7d10bac322dce1ff621e1339db9c7b6ab905244c
SHA512 31dc56d6455391a0075ab59d438335c9d38da43e1ef974bcdf14be059d63d48f8a8f7a1f6cd9eb5e790519a3824f59387abafef48417bbeb74e34b526646b8d9

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-01 07:08

Reported

2024-06-01 07:11

Platform

win7-20231129-en

Max time kernel

149s

Max time network

124s

Command Line

"C:\Users\Admin\AppData\Local\Temp\cav_installer.exe"

Signatures

Drops file in Drivers directory

Description Indicator Process Target
File opened for modification C:\Windows\system32\DRIVERS\SET6539.tmp C:\Windows\system32\MsiExec.exe N/A
File created C:\Windows\system32\DRIVERS\SET6539.tmp C:\Windows\system32\MsiExec.exe N/A
File opened for modification C:\Windows\system32\DRIVERS\SET653A.tmp C:\Windows\system32\MsiExec.exe N/A
File created C:\Windows\system32\DRIVERS\SET653A.tmp C:\Windows\system32\MsiExec.exe N/A
File created C:\Windows\system32\Drivers\cmderd.sys C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\system32\Drivers\cmdGuard.sys C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\system32\Drivers\inspect.sys C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\system32\DRIVERS\cmdguard.sys C:\Windows\system32\MsiExec.exe N/A
File created C:\Windows\system32\Drivers\cmdhlp.sys C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\system32\DRIVERS\cmderd.sys C:\Windows\system32\MsiExec.exe N/A

Manipulates Digital Signatures

Description Indicator Process Target
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\D70D7D00CA12E1B3E20F3BF7534DEB2C2E7C2404\Blob = 030000000100000014000000d70d7d00ca12e1b3e20f3bf7534deb2c2e7c24042000000001000000530500003082054f30820437a00302010202102f9f0a1d6764b5a6378747247087ba73300d06092a864886f70d01010b0500307d310b3009060355040613024742311b30190603550408131247726561746572204d616e636865737465723110300e0603550407130753616c666f7264311a3018060355040a1311434f4d4f444f204341204c696d69746564312330210603550403131a434f4d4f444f2052534120436f6465205369676e696e67204341301e170d3138313231313030303030305a170d3139313231313233353935395a3081b8310b3009060355040613025553310e300c06035504110c0530373031333113301106035504080c0a4e6577204a65727365793110300e06035504070c07436c6966746f6e3112301006035504090c095375697465203130303116301406035504090c0d313235352042726f616420537431223020060355040a0c19436f6d6f646f20536563757269747920536f6c7574696f6e733122302006035504030c19436f6d6f646f20536563757269747920536f6c7574696f6e7330820122300d06092a864886f70d01010105000382010f003082010a0282010100c1b2eafc6255d7a7780082967ba911a65b8160e697a9c81ae0816002356644b714895808a67b22551d87b879e80d0c1bff7bd847e1486bad3c3caa8c6f3258a7311f8b03c68c9ec5947950e57a1f99f4b47b8faaf46e282f68155ae6e8f13c9c125b5eb83ae4e63ee6081d0e8aae4f090175a538422b38e0600bd94b21b313567934ee959ddd6ab7ef62bce25dada05d7de6a75cefeffdcba6a1fc8e1ef7aa6d3e5ab328732c3d31759a20d7e69cef60ac9d152041dbd85167a78329f3a80fee19ea9edb102448aa9f5774794ecb560de2faa348f278b846a2a5d8238d5e4e4cd2a82f0e37415af2dc63f34f3e179aa1cae7290b411aaf5aa6acf5404ebe98130203010001a382018d30820189301f0603551d23041830168014299160ff8a4dfaebf9a66ab8cff9e64bbd49ce12301d0603551d0e041604146c5f99825f4ba8d4c19bae5169bab32fae7816ca300e0603551d0f0101ff040403020780300c0603551d130101ff0402300030130603551d25040c300a06082b06010505070303301106096086480186f842010104040302041030460603551d20043f303d303b060c2b06010401b2310102010302302b302906082b06010505070201161d68747470733a2f2f7365637572652e636f6d6f646f2e6e65742f43505330430603551d1f043c303a3038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f434f4d4f444f525341436f64655369676e696e6743412e63726c307406082b0601050507010104683066303e06082b060105050730028632687474703a2f2f6372742e636f6d6f646f63612e636f6d2f434f4d4f444f525341436f64655369676e696e6743412e637274302406082b060105050730018618687474703a2f2f6f6373702e636f6d6f646f63612e636f6d300d06092a864886f70d01010b050003820101000f718c2aa40e9c44a95e1eca3844097ddb7fba896b5f5c73a6b9aede1d29f0e432f41c8a45ce38b1f52df73f45e67907a03ac58d407b3077b1cae246a54544ee365bcee4bf0f4cecc47b01e98d0478d8f4c93e2c582aa472577de9c67a0a8c2e37635e626258675e0e6669babee331594abed516679e8f1b14d7a65dc1b76ab33412689b135cf855335748e2d1998759e5b95f68d418d5486d385d0db7a8fa30e58e84f57bb7ec3f45efa549fab71775c822ec846545b6fc0ef1d3c2dad34940657088fc5f773a1cbe24f9228f9dd7e9611d5d682998c6041ba580a789f5571da01d6723784bbcec4fded61d0ba31e37fbc10c3dfe06169df4670c8d454019f7 C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\31D019FC7AB697D57D9C4AFB340ED7C4D10400DF\Blob = 03000000010000001400000031d019fc7ab697d57d9c4afb340ed7c4d10400df2000000001000000250600003082062130820509a00302010202101b427b060e2866bfb586cc267e1c3eaa300d06092a864886f70d01010b0500308191310b3009060355040613024742311b30190603550408131247726561746572204d616e636865737465723110300e0603550407130753616c666f7264311a3018060355040a1311434f4d4f444f204341204c696d69746564313730350603550403132e434f4d4f444f2052534120457874656e6465642056616c69646174696f6e20436f6465205369676e696e67204341301e170d3138313230343030303030305a170d3231313230333233353935395a308201093110300e060355040513073339313038303531133011060b2b0601040182373c0201031302555331193017060b2b0601040182373c020102130844656c6177617265311d301b060355040f131450726976617465204f7267616e697a6174696f6e310b3009060355040613025553310e300c06035504110c053037303133310b300906035504080c024e4a3110300e06035504070c07436c6966746f6e3116301406035504090c0d313235352042726f616420537431283026060355040a0c1f436f6d6f646f20536563757269747920536f6c7574696f6e732c20496e632e3128302606035504030c1f436f6d6f646f20536563757269747920536f6c7574696f6e732c20496e632e30820122300d06092a864886f70d01010105000382010f003082010a0282010100ad390c8bc919005d5894a91a9585ef887fbd7c2341ff5ebb3efc6f645a66c55e6da11febce740e53ed9416284dfc7d142e4dc21f99753b5f60ae9aadc764b59efd9ffd33b20ae1c54eba629408a1b095a59cf4af0ad9db9bc494250154dcd0edefcec62e4b248d9a793b703aa15255baf3553fa59d4dc558ba4303af630bb626cd6627e0c4a45764ec3b286c38ab2499f9dc13eefdffa7841297ff533b47061b9aa3ff09ee3f04a7b10ba70894e53f3352b1f60eddfc021a66546e3392795bb6ae49a92f189ec2a7cdd9a935fab33a5ce7fc16c4b7e8ca13b4551d38a6a7c0658298a5adf5f6796675f58e1bb4ce410ff704bc5e845bc1ef83c18a0d50e137370203010001a38201f8308201f4301f0603551d23041830168014df8ff3200ce9caa604d85b58372a3dab46dc8349301d0603551d0e041604142d99b81962209042dc650eb36ec07ad996e48c4d300e0603551d0f0101ff040403020780300c0603551d130101ff0402300030130603551d25040c300a06082b06010505070303301106096086480186f842010104040302041030460603551d20043f303d303b060c2b06010401b2310102010601302b302906082b06010505070201161d68747470733a2f2f7365637572652e636f6d6f646f2e636f6d2f43505330550603551d1f044e304c304aa048a0468644687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f434f4d4f444f525341457874656e64656456616c69646174696f6e436f64655369676e696e6743412e63726c30818606082b06010505070101047a3078305006082b060105050730028644687474703a2f2f6372742e636f6d6f646f63612e636f6d2f434f4d4f444f525341457874656e64656456616c69646174696f6e436f64655369676e696e6743412e637274302406082b060105050730018618687474703a2f2f6f6373702e636f6d6f646f63612e636f6d30440603551d11043d303ba02306082b06010505070803a01730150c1355532d44454c41574152452d33393130383035811473636f742e7765697240636f6d6f646f2e636f6d300d06092a864886f70d01010b050003820101007f4d3e6594a3e380fac36b00e97ccacce4786be2ecc13cf37e737aaca0328bb8bfdcd513daff94aba1c7ee00cc8a3bd073157a812f6e31f772781d0bb922a8b86932b296c2312cdf3b239c42bb443b4b1b89b36de34a7fae65ac63eb6ead8812f8d373fa6f1a4e8d9e62eb004caae3639e41e08ed48d640b04725b09b4411dc083587e7fe24b33d90677677960efa6299cc85c4b2bfae4cdfe36581d25e029f6af1a7e77f502882d87597f3cc5bb450a71f9fd57f43b321baa4cbe5213a48a2c5b785a9de4103d5029e4db79403e98784e51379d45a86996b183469e98470731d1a603eaa443a05527aca62f51631722dc0dfe5d74c8298d2aed885d34c9be61 C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\E35E6F46A1A9A4D18A4DAA298BDA4D1E8879236E\Blob = 030000000100000014000000e35e6f46a1a9a4d18a4daa298bda4d1e8879236e20000000010000005f0500003082055b30820443a003020102021100d9218e2757ec45d84ec08b3e6700c85e300d06092a864886f70d0101050500307b310b3009060355040613024742311b30190603550408131247726561746572204d616e636865737465723110300e0603550407130753616c666f7264311a3018060355040a1311434f4d4f444f204341204c696d697465643121301f06035504031318434f4d4f444f20436f6465205369676e696e672043412032301e170d3138313231313030303030305a170d3139303730373233353935395a3081a8310b3009060355040613025553310e300c06035504110c053037303133310b300906035504080c024e4a3110300e06035504070c07436c6966746f6e3116301406035504090c0d313235352042726f616420537431283026060355040a0c1f436f6d6f646f20536563757269747920536f6c7574696f6e732c20496e632e3128302606035504030c1f436f6d6f646f20536563757269747920536f6c7574696f6e732c20496e632e30820122300d06092a864886f70d01010105000382010f003082010a0282010100b73a668ff7984c8d990d7c6e51df5176c7842cc1bf351c27286c6139f4831fc718a35b0fa9145f0887de8bce335e8e3e12fce763cab5deeae08e0bf325cd79a4fbb328d7c7f7d53de51bd3c05c5966b634a9b1fc4362afd0267f927dd90a52b6a5f5f0e29c8e94dfe4199b2cf31142bb480e95ecb92b6ca20ecd71ff210df9655e9e9ac856ad7aab929b843052d4a21c27ea4054a9f4e8c4cd88943b1a4d3a58b3e06eb654c6c09cef472d6fb0d05a841ce229b53a5d36bd08cbfdc552f7c758efaa7824c1d27e30a83d7a9cecaab4bd91b2cbd60d1335fc4ac0f0294dd2eeb3f65139467761f091840246ff644edbfacb9ffd7ef2823fd9eea312dd299a39af0203010001a38201aa308201a6301f0603551d230418301680141ec5b12c7d87da02687c25bc0c07843fb6cfdef1301d0603551d0e041604147c4f2b645af103043ca7675e8c129c16dee7164c300e0603551d0f0101ff040403020780300c0603551d130101ff0402300030130603551d25040c300a06082b06010505070303301106096086480186f842010104040302041030460603551d20043f303d303b060c2b06010401b2310102010302302b302906082b06010505070201161d68747470733a2f2f7365637572652e636f6d6f646f2e6e65742f43505330410603551d1f043a30383036a034a0328630687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f434f4d4f444f436f64655369676e696e674341322e63726c307206082b0601050507010104663064303c06082b060105050730028630687474703a2f2f6372742e636f6d6f646f63612e636f6d2f434f4d4f444f436f64655369676e696e674341322e637274302406082b060105050730018618687474703a2f2f6f6373702e636f6d6f646f63612e636f6d301f0603551d1104183016811473636f742e7765697240636f6d6f646f2e636f6d300d06092a864886f70d01010505000382010100b33c0fee4668b9e86cd777fa94eb47dcaee7fb5b9b897b9458b12e511a194b6ad495ea4b6b820d1c7cd26badf92cfc13aaa9e66157a55545c7ea71460a4fa4e30e46b9ac16a36e94a1fcbc62b2abe402d2a58773344c4b23a0d907a9760029595421e478da67167f80876012443cd22573dc3806cdedbc6c8c4ed255bd926cecc7796ec36fb225d084f31afb5e5a2e86d26149212dda8aed2058ef0d7e7e677b463a7722431a0b5c0b9dc385b7d2e73bd781ee111c8f7e36d76e1db1f6ac98784227ed97cde3762d079741984d146a8ff96e411c1b1e4e711cd00a6150532ffaa13702a81f4514eae48ca0b98d8642a6cfe7711dc67d1b857bfecb4e863bc1f9 C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\E35E6F46A1A9A4D18A4DAA298BDA4D1E8879236E\Blob = 0f0000000100000014000000e3b244cda88b1ab5a7dc09039d0c3142ae6361e7030000000100000014000000e35e6f46a1a9a4d18a4daa298bda4d1e8879236e20000000010000005f0500003082055b30820443a003020102021100d9218e2757ec45d84ec08b3e6700c85e300d06092a864886f70d0101050500307b310b3009060355040613024742311b30190603550408131247726561746572204d616e636865737465723110300e0603550407130753616c666f7264311a3018060355040a1311434f4d4f444f204341204c696d697465643121301f06035504031318434f4d4f444f20436f6465205369676e696e672043412032301e170d3138313231313030303030305a170d3139303730373233353935395a3081a8310b3009060355040613025553310e300c06035504110c053037303133310b300906035504080c024e4a3110300e06035504070c07436c6966746f6e3116301406035504090c0d313235352042726f616420537431283026060355040a0c1f436f6d6f646f20536563757269747920536f6c7574696f6e732c20496e632e3128302606035504030c1f436f6d6f646f20536563757269747920536f6c7574696f6e732c20496e632e30820122300d06092a864886f70d01010105000382010f003082010a0282010100b73a668ff7984c8d990d7c6e51df5176c7842cc1bf351c27286c6139f4831fc718a35b0fa9145f0887de8bce335e8e3e12fce763cab5deeae08e0bf325cd79a4fbb328d7c7f7d53de51bd3c05c5966b634a9b1fc4362afd0267f927dd90a52b6a5f5f0e29c8e94dfe4199b2cf31142bb480e95ecb92b6ca20ecd71ff210df9655e9e9ac856ad7aab929b843052d4a21c27ea4054a9f4e8c4cd88943b1a4d3a58b3e06eb654c6c09cef472d6fb0d05a841ce229b53a5d36bd08cbfdc552f7c758efaa7824c1d27e30a83d7a9cecaab4bd91b2cbd60d1335fc4ac0f0294dd2eeb3f65139467761f091840246ff644edbfacb9ffd7ef2823fd9eea312dd299a39af0203010001a38201aa308201a6301f0603551d230418301680141ec5b12c7d87da02687c25bc0c07843fb6cfdef1301d0603551d0e041604147c4f2b645af103043ca7675e8c129c16dee7164c300e0603551d0f0101ff040403020780300c0603551d130101ff0402300030130603551d25040c300a06082b06010505070303301106096086480186f842010104040302041030460603551d20043f303d303b060c2b06010401b2310102010302302b302906082b06010505070201161d68747470733a2f2f7365637572652e636f6d6f646f2e6e65742f43505330410603551d1f043a30383036a034a0328630687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f434f4d4f444f436f64655369676e696e674341322e63726c307206082b0601050507010104663064303c06082b060105050730028630687474703a2f2f6372742e636f6d6f646f63612e636f6d2f434f4d4f444f436f64655369676e696e674341322e637274302406082b060105050730018618687474703a2f2f6f6373702e636f6d6f646f63612e636f6d301f0603551d1104183016811473636f742e7765697240636f6d6f646f2e636f6d300d06092a864886f70d01010505000382010100b33c0fee4668b9e86cd777fa94eb47dcaee7fb5b9b897b9458b12e511a194b6ad495ea4b6b820d1c7cd26badf92cfc13aaa9e66157a55545c7ea71460a4fa4e30e46b9ac16a36e94a1fcbc62b2abe402d2a58773344c4b23a0d907a9760029595421e478da67167f80876012443cd22573dc3806cdedbc6c8c4ed255bd926cecc7796ec36fb225d084f31afb5e5a2e86d26149212dda8aed2058ef0d7e7e677b463a7722431a0b5c0b9dc385b7d2e73bd781ee111c8f7e36d76e1db1f6ac98784227ed97cde3762d079741984d146a8ff96e411c1b1e4e711cd00a6150532ffaa13702a81f4514eae48ca0b98d8642a6cfe7711dc67d1b857bfecb4e863bc1f9 C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\D70D7D00CA12E1B3E20F3BF7534DEB2C2E7C2404\Blob = 0f00000001000000200000008f4390d93853f6a1a1b71fdc231e030586f8213a5846c95d90b527f5c6dbd80f030000000100000014000000d70d7d00ca12e1b3e20f3bf7534deb2c2e7c24042000000001000000530500003082054f30820437a00302010202102f9f0a1d6764b5a6378747247087ba73300d06092a864886f70d01010b0500307d310b3009060355040613024742311b30190603550408131247726561746572204d616e636865737465723110300e0603550407130753616c666f7264311a3018060355040a1311434f4d4f444f204341204c696d69746564312330210603550403131a434f4d4f444f2052534120436f6465205369676e696e67204341301e170d3138313231313030303030305a170d3139313231313233353935395a3081b8310b3009060355040613025553310e300c06035504110c0530373031333113301106035504080c0a4e6577204a65727365793110300e06035504070c07436c6966746f6e3112301006035504090c095375697465203130303116301406035504090c0d313235352042726f616420537431223020060355040a0c19436f6d6f646f20536563757269747920536f6c7574696f6e733122302006035504030c19436f6d6f646f20536563757269747920536f6c7574696f6e7330820122300d06092a864886f70d01010105000382010f003082010a0282010100c1b2eafc6255d7a7780082967ba911a65b8160e697a9c81ae0816002356644b714895808a67b22551d87b879e80d0c1bff7bd847e1486bad3c3caa8c6f3258a7311f8b03c68c9ec5947950e57a1f99f4b47b8faaf46e282f68155ae6e8f13c9c125b5eb83ae4e63ee6081d0e8aae4f090175a538422b38e0600bd94b21b313567934ee959ddd6ab7ef62bce25dada05d7de6a75cefeffdcba6a1fc8e1ef7aa6d3e5ab328732c3d31759a20d7e69cef60ac9d152041dbd85167a78329f3a80fee19ea9edb102448aa9f5774794ecb560de2faa348f278b846a2a5d8238d5e4e4cd2a82f0e37415af2dc63f34f3e179aa1cae7290b411aaf5aa6acf5404ebe98130203010001a382018d30820189301f0603551d23041830168014299160ff8a4dfaebf9a66ab8cff9e64bbd49ce12301d0603551d0e041604146c5f99825f4ba8d4c19bae5169bab32fae7816ca300e0603551d0f0101ff040403020780300c0603551d130101ff0402300030130603551d25040c300a06082b06010505070303301106096086480186f842010104040302041030460603551d20043f303d303b060c2b06010401b2310102010302302b302906082b06010505070201161d68747470733a2f2f7365637572652e636f6d6f646f2e6e65742f43505330430603551d1f043c303a3038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f434f4d4f444f525341436f64655369676e696e6743412e63726c307406082b0601050507010104683066303e06082b060105050730028632687474703a2f2f6372742e636f6d6f646f63612e636f6d2f434f4d4f444f525341436f64655369676e696e6743412e637274302406082b060105050730018618687474703a2f2f6f6373702e636f6d6f646f63612e636f6d300d06092a864886f70d01010b050003820101000f718c2aa40e9c44a95e1eca3844097ddb7fba896b5f5c73a6b9aede1d29f0e432f41c8a45ce38b1f52df73f45e67907a03ac58d407b3077b1cae246a54544ee365bcee4bf0f4cecc47b01e98d0478d8f4c93e2c582aa472577de9c67a0a8c2e37635e626258675e0e6669babee331594abed516679e8f1b14d7a65dc1b76ab33412689b135cf855335748e2d1998759e5b95f68d418d5486d385d0db7a8fa30e58e84f57bb7ec3f45efa549fab71775c822ec846545b6fc0ef1d3c2dad34940657088fc5f773a1cbe24f9228f9dd7e9611d5d682998c6041ba580a789f5571da01d6723784bbcec4fded61d0ba31e37fbc10c3dfe06169df4670c8d454019f7 C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\6CD253D636A7B4D0E0981431BC064061A9853ED9\Blob = 0f00000001000000200000006f962c708f9b1bde348d5d34a63756527055479d67e82040573e57c7f633154d0300000001000000140000006cd253d636a7b4d0e0981431bc064061a9853ed920000000010000001b06000030820617308204ffa003020102021032327facb1bd6f1fa93473ccc515fd82300d06092a864886f70d01010b0500308191310b3009060355040613024742311b30190603550408131247726561746572204d616e636865737465723110300e0603550407130753616c666f7264311a3018060355040a1311434f4d4f444f204341204c696d69746564313730350603550403132e434f4d4f444f2052534120457874656e6465642056616c69646174696f6e20436f6465205369676e696e67204341301e170d3138303132343030303030305a170d3231303132333233353935395a308201153110300e060355040513073339313038303531133011060b2b0601040182373c0201031302555331193017060b2b0601040182373c020102130844656c6177617265311d301b060355040f131450726976617465204f7267616e697a6174696f6e310b3009060355040613025553310e300c06035504110c0530373031333113301106035504080c0a4e6577204a65727365793110300e06035504070c07436c6966746f6e311a301806035504090c11313235352042726f61642053747265657431283026060355040a0c1f436f6d6f646f20536563757269747920536f6c7574696f6e732c20496e632e3128302606035504030c1f436f6d6f646f20536563757269747920536f6c7574696f6e732c20496e632e30820122300d06092a864886f70d01010105000382010f003082010a0282010100b7713778a66667b8cd67f828f378f80a5507c4e8aa143cfd5b9b953ab16d04a965dcd386a35efe8378c1e0e5ceaf124f188102958962014e493cd80f11fc2ba339953a8bb71a9f030ebbe8742b4252ab465a2d41a829508a9eef5d34d171fcf0b5be026fe15e1a70288b2ecd4af1332924d53c0eefe5c7033482769cae8b5c5e8d59033fac40e94d714c5cd05e8db6f0edb71bb26565d52a025f35323203e9a7846d00a235f973d1e43f29a81dcd1bfef625d373f94a51cc8d2be8ee69702a73a694da69d9b0fbae7d1dee353683a2037a2019b9260a1b53f6c89d945b384c275670bdfac333301504af00749373356a1e7a422eb9363bdab713f9ad6b5bb1970203010001a38201e2308201de301f0603551d23041830168014df8ff3200ce9caa604d85b58372a3dab46dc8349301d0603551d0e04160414e18081b3e9396b7109e8b2add6c3d20ebf4b4814300e0603551d0f0101ff040403020780300c0603551d130101ff0402300030130603551d25040c300a06082b06010505070303301106096086480186f842010104040302041030460603551d20043f303d303b060c2b06010401b2310102010601302b302906082b06010505070201161d68747470733a2f2f7365637572652e636f6d6f646f2e636f6d2f43505330550603551d1f044e304c304aa048a0468644687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f434f4d4f444f525341457874656e64656456616c69646174696f6e436f64655369676e696e6743412e63726c30818606082b06010505070101047a3078305006082b060105050730028644687474703a2f2f6372742e636f6d6f646f63612e636f6d2f434f4d4f444f525341457874656e64656456616c69646174696f6e436f64655369676e696e6743412e637274302406082b060105050730018618687474703a2f2f6f6373702e636f6d6f646f63612e636f6d302e0603551d1104273025a02306082b06010505070803a01730150c1355532d44454c41574152452d33393130383035300d06092a864886f70d01010b050003820101004bc17929ea82f3c4787f7b29b69edb09e169797a9f4cd233f035412d2b9c586e352d2c0d1cd530a946a91ccd8858453573f0b45a0cdc743d662af4761420489adadbd9a84915b697f96ed1e49786c53000eb12555d3b2957eec18279326020737e2e3e4d621856026169ad6f6cf18ee7b59d5b6a7e6d8c252fa1a15363ec89a6efe5efdf4b260ad35c6a0e1db0250d1eb66ea7b91f15e0f57ecc0541e1ad74a2069f717dec0b1f03101b6812c13f64264f8c40a3614ffb8ccabedb974cda14eb50c061d5cd23dc7735cd0bcfdcef3fd178c1f95594a591031d05c8554cb5fe6fd23cb95931bf847f5b525a269aeac0336313e8f6e81ccb1692d86993724f709e C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\31D019FC7AB697D57D9C4AFB340ED7C4D10400DF\Blob = 0f0000000100000020000000c6dcba6192a502eb4e7caebea466be00c8abbf2269740faa6156a5341ba0a2be03000000010000001400000031d019fc7ab697d57d9c4afb340ed7c4d10400df2000000001000000250600003082062130820509a00302010202101b427b060e2866bfb586cc267e1c3eaa300d06092a864886f70d01010b0500308191310b3009060355040613024742311b30190603550408131247726561746572204d616e636865737465723110300e0603550407130753616c666f7264311a3018060355040a1311434f4d4f444f204341204c696d69746564313730350603550403132e434f4d4f444f2052534120457874656e6465642056616c69646174696f6e20436f6465205369676e696e67204341301e170d3138313230343030303030305a170d3231313230333233353935395a308201093110300e060355040513073339313038303531133011060b2b0601040182373c0201031302555331193017060b2b0601040182373c020102130844656c6177617265311d301b060355040f131450726976617465204f7267616e697a6174696f6e310b3009060355040613025553310e300c06035504110c053037303133310b300906035504080c024e4a3110300e06035504070c07436c6966746f6e3116301406035504090c0d313235352042726f616420537431283026060355040a0c1f436f6d6f646f20536563757269747920536f6c7574696f6e732c20496e632e3128302606035504030c1f436f6d6f646f20536563757269747920536f6c7574696f6e732c20496e632e30820122300d06092a864886f70d01010105000382010f003082010a0282010100ad390c8bc919005d5894a91a9585ef887fbd7c2341ff5ebb3efc6f645a66c55e6da11febce740e53ed9416284dfc7d142e4dc21f99753b5f60ae9aadc764b59efd9ffd33b20ae1c54eba629408a1b095a59cf4af0ad9db9bc494250154dcd0edefcec62e4b248d9a793b703aa15255baf3553fa59d4dc558ba4303af630bb626cd6627e0c4a45764ec3b286c38ab2499f9dc13eefdffa7841297ff533b47061b9aa3ff09ee3f04a7b10ba70894e53f3352b1f60eddfc021a66546e3392795bb6ae49a92f189ec2a7cdd9a935fab33a5ce7fc16c4b7e8ca13b4551d38a6a7c0658298a5adf5f6796675f58e1bb4ce410ff704bc5e845bc1ef83c18a0d50e137370203010001a38201f8308201f4301f0603551d23041830168014df8ff3200ce9caa604d85b58372a3dab46dc8349301d0603551d0e041604142d99b81962209042dc650eb36ec07ad996e48c4d300e0603551d0f0101ff040403020780300c0603551d130101ff0402300030130603551d25040c300a06082b06010505070303301106096086480186f842010104040302041030460603551d20043f303d303b060c2b06010401b2310102010601302b302906082b06010505070201161d68747470733a2f2f7365637572652e636f6d6f646f2e636f6d2f43505330550603551d1f044e304c304aa048a0468644687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f434f4d4f444f525341457874656e64656456616c69646174696f6e436f64655369676e696e6743412e63726c30818606082b06010505070101047a3078305006082b060105050730028644687474703a2f2f6372742e636f6d6f646f63612e636f6d2f434f4d4f444f525341457874656e64656456616c69646174696f6e436f64655369676e696e6743412e637274302406082b060105050730018618687474703a2f2f6f6373702e636f6d6f646f63612e636f6d30440603551d11043d303ba02306082b06010505070803a01730150c1355532d44454c41574152452d33393130383035811473636f742e7765697240636f6d6f646f2e636f6d300d06092a864886f70d01010b050003820101007f4d3e6594a3e380fac36b00e97ccacce4786be2ecc13cf37e737aaca0328bb8bfdcd513daff94aba1c7ee00cc8a3bd073157a812f6e31f772781d0bb922a8b86932b296c2312cdf3b239c42bb443b4b1b89b36de34a7fae65ac63eb6ead8812f8d373fa6f1a4e8d9e62eb004caae3639e41e08ed48d640b04725b09b4411dc083587e7fe24b33d90677677960efa6299cc85c4b2bfae4cdfe36581d25e029f6af1a7e77f502882d87597f3cc5bb450a71f9fd57f43b321baa4cbe5213a48a2c5b785a9de4103d5029e4db79403e98784e51379d45a86996b183469e98470731d1a603eaa443a05527aca62f51631722dc0dfe5d74c8298d2aed885d34c9be61 C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\6CD253D636A7B4D0E0981431BC064061A9853ED9\Blob = 0300000001000000140000006cd253d636a7b4d0e0981431bc064061a9853ed920000000010000001b06000030820617308204ffa003020102021032327facb1bd6f1fa93473ccc515fd82300d06092a864886f70d01010b0500308191310b3009060355040613024742311b30190603550408131247726561746572204d616e636865737465723110300e0603550407130753616c666f7264311a3018060355040a1311434f4d4f444f204341204c696d69746564313730350603550403132e434f4d4f444f2052534120457874656e6465642056616c69646174696f6e20436f6465205369676e696e67204341301e170d3138303132343030303030305a170d3231303132333233353935395a308201153110300e060355040513073339313038303531133011060b2b0601040182373c0201031302555331193017060b2b0601040182373c020102130844656c6177617265311d301b060355040f131450726976617465204f7267616e697a6174696f6e310b3009060355040613025553310e300c06035504110c0530373031333113301106035504080c0a4e6577204a65727365793110300e06035504070c07436c6966746f6e311a301806035504090c11313235352042726f61642053747265657431283026060355040a0c1f436f6d6f646f20536563757269747920536f6c7574696f6e732c20496e632e3128302606035504030c1f436f6d6f646f20536563757269747920536f6c7574696f6e732c20496e632e30820122300d06092a864886f70d01010105000382010f003082010a0282010100b7713778a66667b8cd67f828f378f80a5507c4e8aa143cfd5b9b953ab16d04a965dcd386a35efe8378c1e0e5ceaf124f188102958962014e493cd80f11fc2ba339953a8bb71a9f030ebbe8742b4252ab465a2d41a829508a9eef5d34d171fcf0b5be026fe15e1a70288b2ecd4af1332924d53c0eefe5c7033482769cae8b5c5e8d59033fac40e94d714c5cd05e8db6f0edb71bb26565d52a025f35323203e9a7846d00a235f973d1e43f29a81dcd1bfef625d373f94a51cc8d2be8ee69702a73a694da69d9b0fbae7d1dee353683a2037a2019b9260a1b53f6c89d945b384c275670bdfac333301504af00749373356a1e7a422eb9363bdab713f9ad6b5bb1970203010001a38201e2308201de301f0603551d23041830168014df8ff3200ce9caa604d85b58372a3dab46dc8349301d0603551d0e04160414e18081b3e9396b7109e8b2add6c3d20ebf4b4814300e0603551d0f0101ff040403020780300c0603551d130101ff0402300030130603551d25040c300a06082b06010505070303301106096086480186f842010104040302041030460603551d20043f303d303b060c2b06010401b2310102010601302b302906082b06010505070201161d68747470733a2f2f7365637572652e636f6d6f646f2e636f6d2f43505330550603551d1f044e304c304aa048a0468644687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f434f4d4f444f525341457874656e64656456616c69646174696f6e436f64655369676e696e6743412e63726c30818606082b06010505070101047a3078305006082b060105050730028644687474703a2f2f6372742e636f6d6f646f63612e636f6d2f434f4d4f444f525341457874656e64656456616c69646174696f6e436f64655369676e696e6743412e637274302406082b060105050730018618687474703a2f2f6f6373702e636f6d6f646f63612e636f6d302e0603551d1104273025a02306082b06010505070803a01730150c1355532d44454c41574152452d33393130383035300d06092a864886f70d01010b050003820101004bc17929ea82f3c4787f7b29b69edb09e169797a9f4cd233f035412d2b9c586e352d2c0d1cd530a946a91ccd8858453573f0b45a0cdc743d662af4761420489adadbd9a84915b697f96ed1e49786c53000eb12555d3b2957eec18279326020737e2e3e4d621856026169ad6f6cf18ee7b59d5b6a7e6d8c252fa1a15363ec89a6efe5efdf4b260ad35c6a0e1db0250d1eb66ea7b91f15e0f57ecc0541e1ad74a2069f717dec0b1f03101b6812c13f64264f8c40a3614ffb8ccabedb974cda14eb50c061d5cd23dc7735cd0bcfdcef3fd178c1f95594a591031d05c8554cb5fe6fd23cb95931bf847f5b525a269aeac0336313e8f6e81ccb1692d86993724f709e C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe N/A

Sets service image path in registry

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\CmdAgent\ImagePath = "\"C:\\Program Files\\COMODO\\COMODO Internet Security\\cmdagent.exe\"" C:\Windows\system32\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\cmderd\ImagePath = "System32\\DRIVERS\\cmderd.sys" C:\Windows\system32\MsiExec.exe N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\GrpConv = "grpconv -o" C:\Windows\system32\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\COMODO Internet Security = "\"C:\\Program Files\\COMODO\\COMODO Internet Security\\cis.exe\" --cistrayUI" C:\Windows\system32\msiexec.exe N/A

Checks for any installed AV software in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\Options C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\Options\Tray icon visibility C:\Windows\system32\msiexec.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\Options\LanguageName C:\Windows\system32\msiexec.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\Options\LanguageID C:\Windows\system32\msiexec.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\DbgTrace\CmdAgent\_Trace_Category_Exclude C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\Data\AvDbUpdateDate = "0" C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\VolatileData\PendingRebootAfterInstall = "1" C:\Windows\system32\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\Options\UserEmail C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS C:\Windows\system32\MsiExec.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\Data\MofHash = 35c719bca59db3dd0a22bd450940006024aed9e6 C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\DbgTrace\CavWp\_Trace_Enabled_To_WinLog C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\Installer C:\Windows\system32\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\COMODO\CIS\Data\CmcWindowsVersion = "{\"release_id\":0,\"build\":0,\"ubr\":0,\"major\":1}" C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\Options C:\Windows\system32\msiexec.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\DbgTrace\cmdagent C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\Data\IsLmdbCorrupted.cmdurl C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\Data\VcDisableDirectNtfs C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\Data\Timestamp.{0E9B65E7-29F3-4520-A8EC-2DDEF68A1170} C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\Options\Silent diag support C:\Windows\system32\msiexec.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\Options\Langs.cmdres C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\COMODO\CIS\Cam C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\COMODO\CIS\Cam\ModeEx = "0" C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\Options\UrlsUpdateHost C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\DbgTrace\CIS C:\Windows\system32\MsiExec.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\Testing purposes\Replace files C:\Windows\system32\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\VolatileData\SubKey1 C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\Data\UrlDbVersion C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\Cam\SubscriptionIdFree = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000007508a4fc4edda84696540e4277d308d204000000020000000000106600000001000020000000d9561391d2d6fe279c9c270423f6230ed85ef6a3a33c2509af65471533d9cb4a000000000e8000000002000020000000feee728446651abedd85f6cda1d651a2810bc5b71a1dad875123c917716149f610000000914e438b5bcbee1cd78cfacf9575d9aa400000002ade71af0fa4bd810ac0f8368cd18d3ab48400931da73886a0e8418e0b9a1228f3a1671280c0a1a378f46a7bfef7682c3eca98a8a9a40f7dd85a5ad89b142c14 C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\Installer\MsiProductCode C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\DbgTrace\CfpConfg C:\Windows\system32\MsiExec.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\Data C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\DbgTrace\CfpConfg\_Trace_Enabled_To_WinLog C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\Options\SaspSkipOnceInService = "0" C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\VolatileData\PendingRebootAfterInstall = "1" C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe N/A
Key queried \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\Options C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\DbgTrace\CfpConfg\_Trace_Category_Exclude C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\Data C:\Windows\system32\MsiExec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\Installer\InstallEndTimestamp = "133616994260350000" C:\Windows\system32\MsiExec.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\DbgTrace\CavWp\_Trace_Enabled_To_WinLog C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\Installer C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A
Key security queried \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\Options C:\Windows\system32\msiexec.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\Installer\Proxy C:\Windows\system32\msiexec.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\Cam\Camod C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\Testing purposes C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A
Key security queried \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\Cam C:\Windows\system32\msiexec.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\Data\AvDbCheckDate C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\Data\SwitchOn.{E739B5BC-AD9F-4758-9567-A21B396737F1} C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\Data\SwitchOn.{3899AA55-4039-4996-AA3B-75F035BE8900} C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\Installer C:\Windows\system32\MsiExec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\Options\Tray icon visibility = "1" C:\Windows\system32\msiexec.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\Data\SwitchOn.{8F5CCB37-64DD-423E-AEE4-3E7B3D162E32} C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\VolatileData C:\Windows\system32\msiexec.exe N/A
Key security queried \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS C:\Windows\system32\msiexec.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\DbgTrace\CavWp\_Trace_Category_Exclude C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\Options\ViruscopeProcessLimit C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\COMODO\CIS\Data C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\COMODO\CIS\Options C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\Cam\PricingTerm = "cis.premium.free" C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\Options\ThemeName C:\Windows\system32\msiexec.exe N/A
Key queried \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\DbgTrace\CfpConfg\_Trace_Enabled = "1" C:\Windows\system32\MsiExec.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\DbgTrace\CavWp\_Trace_Category_Override C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\Data\OS driver cmdguard = "7" C:\Windows\system32\MsiExec.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\Options\UpgradeFlags C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe N/A

Downloads MZ/PE file

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\Z: C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A
File opened (read-only) \??\T: C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe N/A
File opened (read-only) \??\J: C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe N/A
File opened (read-only) \??\W: C:\Windows\system32\regsvr32.exe N/A
File opened (read-only) \??\I: C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe N/A
File opened (read-only) \??\S: C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe N/A
File opened (read-only) \??\J: C:\Windows\system32\MsiExec.exe N/A
File opened (read-only) \??\Q: C:\Windows\system32\MsiExec.exe N/A
File opened (read-only) \??\T: C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe N/A
File opened (read-only) \??\U: C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe N/A
File opened (read-only) \??\U: C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe N/A
File opened (read-only) \??\T: C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe N/A
File opened (read-only) \??\M: C:\Windows\system32\MsiExec.exe N/A
File opened (read-only) \??\V: C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe N/A
File opened (read-only) \??\J: C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe N/A
File opened (read-only) \??\S: C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe N/A
File opened (read-only) \??\N: C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe N/A
File opened (read-only) \??\Q: C:\Windows\system32\regsvr32.exe N/A
File opened (read-only) \??\V: C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe N/A
File opened (read-only) \??\W: C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A
File opened (read-only) \??\T: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Y: C:\Windows\system32\MsiExec.exe N/A
File opened (read-only) \??\H: C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe N/A
File opened (read-only) \??\K: C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A
File opened (read-only) \??\N: C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe N/A
File opened (read-only) \??\I: C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe N/A
File opened (read-only) \??\Z: C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe N/A
File opened (read-only) \??\R: C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe N/A
File opened (read-only) \??\V: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\N: C:\Windows\system32\MsiExec.exe N/A
File opened (read-only) \??\I: C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe N/A
File opened (read-only) \??\G: C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe N/A
File opened (read-only) \??\J: C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe N/A
File opened (read-only) \??\G: C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe N/A
File opened (read-only) \??\O: C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A
File opened (read-only) \??\U: C:\Windows\system32\MsiExec.exe N/A
File opened (read-only) \??\X: C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe N/A
File opened (read-only) \??\Q: C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe N/A
File opened (read-only) \??\X: C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe N/A
File opened (read-only) \??\U: C:\Windows\system32\regsvr32.exe N/A
File opened (read-only) \??\M: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\L: C:\Windows\system32\MsiExec.exe N/A
File opened (read-only) \??\X: C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe N/A
File opened (read-only) \??\I: C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe N/A
File opened (read-only) \??\E: C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe N/A
File opened (read-only) \??\L: C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe N/A
File opened (read-only) \??\X: C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe N/A
File opened (read-only) \??\E: C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe N/A
File opened (read-only) \??\O: C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe N/A
File opened (read-only) \??\E: C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A
File opened (read-only) \??\U: C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A
File opened (read-only) \??\Z: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\K: C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe N/A
File opened (read-only) \??\S: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\T: C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe N/A
File opened (read-only) \??\W: C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe N/A
File opened (read-only) \??\A: C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe N/A
File opened (read-only) \??\T: C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe N/A
File opened (read-only) \??\E: C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe N/A
File opened (read-only) \??\L: C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe N/A
File opened (read-only) \??\E: C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe N/A
File opened (read-only) \??\I: C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A
File opened (read-only) \??\R: C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A
File opened (read-only) \??\Y: C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7D11549FC90445E1CE90F96A21958A17_941A5BE5FAF3230B9FC294754AF2A1C3 C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe N/A
File created C:\Windows\system32\guard64.dll C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F90F18257CBB4D84216AC1E1F3BB2C76 C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357 C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\74FBF93595CFC8459196065CE54AD928 C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\74FBF93595CFC8459196065CE54AD928 C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7D11549FC90445E1CE90F96A21958A17_941A5BE5FAF3230B9FC294754AF2A1C3 C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E0968A1E3A40D2582E7FD463BAEB59CD C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\5F26A2159BA21EA573A1C5E3DE2CF211_7541962669C96CEAB06421EC12621007 C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe N/A
File created C:\Windows\system32\cmdcsr.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\SysWOW64\guard32.dll C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F90F18257CBB4D84216AC1E1F3BB2C76 C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe N/A
File created C:\Windows\system32\cmdvrt64.dll C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B8CC409ACDBF2A2FE04C56F2875B1FD6 C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015 C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357 C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E0968A1E3A40D2582E7FD463BAEB59CD C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\5F26A2159BA21EA573A1C5E3DE2CF211_7541962669C96CEAB06421EC12621007 C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe N/A
File created C:\Windows\SysWOW64\cmdvrt32.dll C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B8CC409ACDBF2A2FE04C56F2875B1FD6 C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015 C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe N/A

Checks installed software on the system

discovery

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\COMODO\COMODO Internet Security\drivers\win10\inspect.sys C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\COMODO\COMODO Internet Security\translations\cmdres.serbian.lang C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\COMODO\COMODO Internet Security\translations\virtkiosk.german.lang C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\COMODO\COMODO Internet Security\cisresc.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\COMODO\COMODO Internet Security\themes\iarcadia.set C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\COMODO\COMODO Internet Security\scanners\dunpack.cav C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\COMODO\COMODO Internet Security\vddata\vduserdata\bin\Add_App.png C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\COMODO\COMODO Internet Security\vddata\vduserdata\bin\pfpeapihoiogbcmdmnibeplnikfnhoge.png C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\COMODO\COMODO Internet Security\drivers\win8\cmdguard.inf C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\COMODO\COMODO Internet Security\translations\virtkiosk.ukrainian.lang C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\COMODO\COMODO Internet Security\COMODO - Internet Security.cfgx C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe N/A
File created C:\Program Files\COMODO\COMODO Internet Security\vddata\vduserdata\images\btnShadow.png C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\COMODO\COMODO Internet Security\vddata\vduserdata\bin\lneaknkopdijkpnocmklfnjbeapigfbh.png C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\COMODO\COMODO Internet Security\drivers\win8\cmdhlp.sys C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\COMODO\COMODO Internet Security\cisbf.exe C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\COMODO\COMODO Internet Security\vddata\vduserdata\bin\comodo_dragon.xml C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\COMODO\COMODO Internet Security\cmdcomps.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\COMODO\COMODO Internet Security\database\signers.tvt C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\COMODO\COMODO Internet Security\scanners\unpack.cav C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\COMODO\COMODO Internet Security\vddata\vkhlp.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\COMODO\COMODO Internet Security\drivers\win8\inspect.cat C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\COMODO\COMODO Internet Security\drivers\win7\cmdguard.cat C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\COMODO\COMODO Internet Security\translations\cmdres.vietnamese.lang C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\COMODO\COMODO Internet Security\scanners\heur.cav C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\COMODO\COMODO Internet Security\drivers\win7\inspect.inf C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\COMODO\COMODO Internet Security\translations\cmdres.croatian.lang C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\COMODO\COMODO Internet Security\vkthemes\kioskthemearcadia.theme C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\COMODO\COMODO Internet Security\translations\1038.lang C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\COMODO\COMODO Internet Security\themes\ilycia.set C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\COMODO\COMODO Internet Security\scanners\fileid.cav C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\COMODO\COMODO Internet Security\scanners\white.cav C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\COMODO\COMODO Internet Security\vddata\vduserdata\bin\blpcfgokakmgnkcojhhkbfbldkacnbeo.png C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\COMODO\COMODO Internet Security\drivers\win10\cmdguard.inf C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\COMODO\COMODO Internet Security\translations\cmdres.persian.lang C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\COMODO\COMODO Internet Security\vddata\vduserdata\bin\hbdpomandigafcibbmofojjchbcdagbl.xml C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\COMODO\COMODO Internet Security\vddata\vduserdata\bin\mkojhhiphdgeliplnclnbmdiofhgnimi.xml C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\COMODO\COMODO Internet Security\drivers\win7\cmdhlp.inf C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\COMODO\COMODO Internet Security\scanners\smart.cav C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\COMODO\COMODO Internet Security\drivers\win10\cmdhlp.cat C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\COMODO\COMODO Internet Security\translations\virtkiosk.polish.lang C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\COMODO\COMODO Internet Security\drivers\win10\cmdhlp.inf C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\COMODO\COMODO Internet Security\translations\cmdres.arabic.lang C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\COMODO\COMODO Internet Security\translations\virtkiosk.estonian.lang C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\COMODO\COMODO Internet Security\vkthemes\kioskthememodern.theme C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\COMODO\COMODO Internet Security\scanners\mem.cav C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\COMODO\COMODO Internet Security\vddata\vduserdata\bin\blpcfgokakmgnkcojhhkbfbldkacnbeo.xml C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\COMODO\COMODO Internet Security\drivers\win10\cmdboot.cat C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\COMODO\COMODO Internet Security\themes\default.set C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\COMODO\COMODO Internet Security\vddata\vduserdata\bin\hbdpomandigafcibbmofojjchbcdagbl.png C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\COMODO\COMODO Internet Security\drivers\win7\inspect.sys C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\COMODO\COMODO Internet Security\vddata\vduserdata\images\page_dot.png C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\COMODO\COMODO Internet Security\translations\cmdres.turkish.lang C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Program Files\COMODO\COMODO Internet Security\recognizers\proto_v10\recognizer_v12.2.2.8012.dll C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe N/A
File created C:\Program Files\COMODO\COMODO Internet Security\vddata\vduserdata\bin\onlgmecjpnejhfeofkgbfgnmdlipdejb.xml C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\COMODO\COMODO Internet Security\installer_langdata.bin C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\COMODO\COMODO Internet Security\vddata\vduserdata\bin\icppfcnhkcmnfdhfhphakoifcfokfdhg.xml C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\COMODO\COMODO Internet Security\translations\cmdres.dutch.lang C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\COMODO\COMODO Internet Security\translations\virtkiosk.chinesetraditional.lang C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\COMODO\COMODO Internet Security\translations\virtkiosk.turkish.lang C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\COMODO\COMODO Internet Security\translations\virtkiosk.bulgarian.lang C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Program Files\COMODO\COMODO Internet Security\eula.rtf C:\Windows\system32\MsiExec.exe N/A
File created C:\Program Files\COMODO\COMODO Internet Security\vddata\vduserdata\images\flip_out.png C:\Windows\system32\msiexec.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\Installer\MSI32C9.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\INF\setupapi.ev1 C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\Installer\f772c7d.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI3094.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI319E.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI3421.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI3686.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI35F9.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\INF\setupapi.ev3 C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\Installer\MSI6DD5.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\f772c7d.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\ C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI349F.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI5DAA.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\f772c80.ipi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\security\logs\scecomp.log C:\Windows\system32\MsiExec.exe N/A
File opened for modification C:\Windows\Installer\MSI6E81.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\{529CC629-B436-4886-B322-4BE75B97783D}\cis.ico C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\{529CC629-B436-4886-B322-4BE75B97783D}\cis.ico C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI355C.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI5712.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI5E27.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\INF\setupapi.app.log C:\Windows\system32\MsiExec.exe N/A
File opened for modification C:\Windows\Installer\MSI7325.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI321C.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\INF\setupapi.dev.log C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\Installer\MSI583B.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI5C51.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI6654.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI6CDA.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI7297.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\f772c80.ipi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI5EA5.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\f772c82.msi C:\Windows\system32\msiexec.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\cav_installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A
N/A N/A C:\Windows\system32\MsiExec.exe N/A
N/A N/A C:\Windows\system32\MsiExec.exe N/A
N/A N/A C:\Windows\system32\MsiExec.exe N/A
N/A N/A C:\Windows\system32\MsiExec.exe N/A
N/A N/A C:\Windows\system32\MsiExec.exe N/A
N/A N/A C:\Windows\system32\MsiExec.exe N/A
N/A N/A C:\Windows\system32\MsiExec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\MsiExec.exe N/A
N/A N/A C:\Windows\system32\MsiExec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe N/A
N/A N/A C:\Windows\system32\regsvr32.exe N/A
N/A N/A C:\Windows\system32\regsvr32.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe N/A
N/A N/A C:\Windows\system32\MsiExec.exe N/A
N/A N/A C:\Windows\system32\MsiExec.exe N/A
N/A N/A C:\Windows\system32\MsiExec.exe N/A
N/A N/A C:\Windows\system32\MsiExec.exe N/A
N/A N/A C:\Windows\system32\MsiExec.exe N/A
N/A N/A C:\Windows\system32\MsiExec.exe N/A
N/A N/A C:\Windows\system32\MsiExec.exe N/A
N/A N/A C:\Windows\system32\MsiExec.exe N/A
N/A N/A C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe N/A
N/A N/A C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe N/A
N/A N/A C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe N/A
N/A N/A C:\Windows\system32\MsiExec.exe N/A
N/A N/A C:\Windows\system32\MsiExec.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe N/A
N/A N/A C:\Windows\system32\MsiExec.exe N/A
N/A N/A C:\Windows\system32\MsiExec.exe N/A
N/A N/A C:\Windows\system32\regsvr32.exe N/A
N/A N/A C:\Windows\system32\regsvr32.exe N/A
N/A N/A C:\Windows\system32\MsiExec.exe N/A
N/A N/A C:\Windows\system32\MsiExec.exe N/A
N/A N/A C:\Windows\system32\MsiExec.exe N/A
N/A N/A C:\Windows\system32\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe N/A
N/A N/A C:\Windows\system32\MsiExec.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\system32\MsiExec.exe N/A
N/A N/A C:\Windows\system32\MsiExec.exe N/A
N/A N/A C:\Windows\system32\MsiExec.exe N/A
N/A N/A C:\Windows\system32\MsiExec.exe N/A
N/A N/A C:\Windows\system32\MsiExec.exe N/A
N/A N/A C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe N/A
N/A N/A C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe N/A
N/A N/A C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe N/A
N/A N/A C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe N/A
N/A N/A C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe N/A
N/A N/A C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe N/A

Modifies system executable filetype association

persistence
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\Comodo Antivirus C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\Comodo Antivirus\ = "{4255A182-CAD9-4214-A19B-7BA7FB633BBD}" C:\Windows\system32\regsvr32.exe N/A

Registers COM server for autorun

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D7D729A7-3570-4902-944A-470C9919FCCB}\InProcServer32\ThreadingModel = "Both" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BBB01528-20FE-4bc2-9D26-C70E3ABB9CD1}\LocalServer32 C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1B1E2B7F-DDF5-4722-A450-085CC9EAC96C}\LocalServer32\ = "\"C:\\Program Files\\COMODO\\COMODO Internet Security\\cmdagent.exe\"" C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BE4DEE24-6CFC-48DF-89C4-29BD4954B895}\InProcServer32 C:\Windows\system32\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D7D729A7-3570-4902-944A-470C9919FCCB}\InProcServer32 C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{10F58851-4358-4E4B-8494-DF34393F41A5}\LocalServer32\ = "\"C:\\Program Files\\COMODO\\COMODO Internet Security\\cmdagent.exe\"" C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9F2D4924-C5F4-43B6-A4AB-C4161C4C2879}\InProcServer32 C:\Windows\system32\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{10F58851-4358-4E4B-8494-DF34393F41A5}\LocalServer32\ = "\"C:\\Program Files\\COMODO\\COMODO Internet Security\\cmdagent.exe\"" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\CLSID\{E0E9D49D-65D1-4AB1-8235-DF90B6ED8483}\LocalServer32 C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E8718E3A-1985-473C-9196-9A39AFB0028E}\LocalServer32\ = "\"C:\\Program Files\\COMODO\\COMODO Internet Security\\cavwp.exe\" /ModeAvMerger" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{ED181758-F11B-4C85-AEA2-199B3DC9F7DE}\InprocServer32\ = "C:\\Program Files\\COMODO\\COMODO Internet Security\\cisresc.dll" C:\Windows\system32\regsvr32.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C288AC5A-D846-4696-8028-2DF6F508D0D9}\LOCALSERVER32 C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C288AC5A-D846-4696-8028-2DF6F508D0D9}\LocalServer32\ = "\"C:\\Program Files\\COMODO\\COMODO Internet Security\\cmdagent.exe\"" C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BBB01528-20FE-4bc2-9D26-C70E3ABB9CD1}\LocalServer32\ = "\"C:\\Program Files\\COMODO\\COMODO Internet Security\\cmdagent.exe\"" C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BE4DEE24-6CFC-48DF-89C4-29BD4954B895}\InProcServer32\ThreadingModel = "Both" C:\Windows\system32\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\CLSID\{C288AC5A-D846-4696-8028-2DF6F508D0D9}\LocalServer32 C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{FF101135-6584-46e7-8AA1-8FCD1FCA5042}\LocalServer32\ = "\"C:\\Program Files\\COMODO\\COMODO Internet Security\\cmdagent.exe\"" C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{81B0EDF3-1CAB-4B8A-BD36-C4DEFAC1DCF9}\LocalServer32 C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{67683718-82B8-4557-86A8-E04D169EF883}\InProcServer32\ = "C:\\Program Files\\COMODO\\COMODO Internet Security\\cisbfps.dll" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E0E9D49D-65D1-4AB1-8235-DF90B6ED8483}\LocalServer32\ = "\"C:\\Program Files\\COMODO\\COMODO Internet Security\\cavwp.exe\" /ModeAvMonitor" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D7D729A7-3570-4902-944A-470C9919FCCB}\InProcServer32\ = "C:\\Program Files\\COMODO\\COMODO Internet Security\\cisresc.dll" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\CLSID\{1B1E2B7F-DDF5-4722-A450-085CC9EAC96C}\LocalServer32 C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4255A182-CAD9-4214-A19B-7BA7FB633BBD}\InprocServer32\ThreadingModel = "Apartment" C:\Windows\system32\regsvr32.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4255A182-CAD9-4214-A19B-7BA7FB633BBD}\InprocServer32 C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9F2D4924-C5F4-43B6-A4AB-C4161C4C2879}\InProcServer32\ThreadingModel = "Both" C:\Windows\system32\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{67683718-82B8-4557-86A8-E04D169EF883}\InProcServer32\ThreadingModel = "Both" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1B1E2B7F-DDF5-4722-A450-085CC9EAC96C}\LocalServer32\ = "\"C:\\Program Files\\COMODO\\COMODO Internet Security\\cmdagent.exe\"" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{FF101135-6584-46E7-8AA1-8FCD1FCA5042}\LocalServer32\ThreadingModel = "Free" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A1850D95-9C38-4D86-AC40-E559BC0E73C9}\LocalServer32\ = "\"C:\\Program Files\\COMODO\\COMODO Internet Security\\cavwp.exe\" /ModeAvDllHost" C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1B1E2B7F-DDF5-4722-A450-085CC9EAC96C}\LOCALSERVER32 C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{868A55F7-D79E-4C2E-8091-DEA9042B987F}\LocalServer32\ = "\"C:\\Program Files\\COMODO\\COMODO Internet Security\\cavwp.exe\" /ModeAvSigChecker" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C4D33F09-D11A-485D-AB08-8BFF862E7120}\LocalServer32\ = "\"C:\\Program Files\\COMODO\\COMODO Internet Security\\cisbf.exe\"" C:\Program Files\COMODO\COMODO Internet Security\cisbf.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\CLSID\{FF101135-6584-46E7-8AA1-8FCD1FCA5042}\LocalServer32 C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{81B0EDF3-1CAB-4B8A-BD36-C4DEFAC1DCF9}\LocalServer32\ThreadingModel = "Free" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C288AC5A-D846-4696-8028-2DF6F508D0D9}\LocalServer32\ThreadingModel = "Free" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\CLSID\{868A55F7-D79E-4C2E-8091-DEA9042B987F}\LocalServer32 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\CLSID\{A1850D95-9C38-4D86-AC40-E559BC0E73C9}\LocalServer32 C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{ED181758-F11B-4C85-AEA2-199B3DC9F7DE}\InprocServer32\ThreadingModel = "Free" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{67683718-82B8-4557-86A8-E04D169EF883}\InProcServer32 C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C4D33F09-D11A-485D-AB08-8BFF862E7120}\LocalServer32 C:\Program Files\COMODO\COMODO Internet Security\cisbf.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\CLSID\{81B0EDF3-1CAB-4B8A-BD36-C4DEFAC1DCF9}\LocalServer32 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1B1E2B7F-DDF5-4722-A450-085CC9EAC96C}\LocalServer32 C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4255A182-CAD9-4214-A19B-7BA7FB633BBD}\InprocServer32 C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9F2D4924-C5F4-43B6-A4AB-C4161C4C2879}\InProcServer32\ = "C:\\Program Files\\COMODO\\COMODO Internet Security\\cmdcomps.dll" C:\Windows\system32\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C288AC5A-D846-4696-8028-2DF6F508D0D9}\LocalServer32 C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{FF101135-6584-46e7-8AA1-8FCD1FCA5042}\LocalServer32 C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BE4DEE24-6CFC-48DF-89C4-29BD4954B895}\InProcServer32\ = "C:\\Program Files\\COMODO\\COMODO Internet Security\\cavwpps.dll" C:\Windows\system32\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{FF101135-6584-46E7-8AA1-8FCD1FCA5042}\LocalServer32\ = "\"C:\\Program Files\\COMODO\\COMODO Internet Security\\cmdagent.exe\"" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\CLSID\{B691E6DB-B216-4532-A2F3-1656BAC416FC}\LocalServer32 C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1B1E2B7F-DDF5-4722-A450-085CC9EAC96C}\LocalServer32\ThreadingModel = "Free" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{05E5F178-256F-42EE-9BF4-A7E080F7B354}\LocalServer32\ = "\"C:\\Program Files\\COMODO\\COMODO Internet Security\\cavwp.exe\" /ModeAvScanner" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{ED181758-F11B-4C85-AEA2-199B3DC9F7DE}\InprocServer32 C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C4D33F09-D11A-485D-AB08-8BFF862E7120}\LocalServer32\ServerExecutable = "C:\\Program Files\\COMODO\\COMODO Internet Security\\cisbf.exe" C:\Program Files\COMODO\COMODO Internet Security\cisbf.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{FF101135-6584-46E7-8AA1-8FCD1FCA5042}\LOCALSERVER32 C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{81B0EDF3-1CAB-4B8A-BD36-C4DEFAC1DCF9}\LOCALSERVER32 C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{81B0EDF3-1CAB-4B8A-BD36-C4DEFAC1DCF9}\LocalServer32\ = "\"C:\\Program Files\\COMODO\\COMODO Internet Security\\cmdagent.exe\"" C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{81B0EDF3-1CAB-4B8A-BD36-C4DEFAC1DCF9}\LocalServer32\ = "\"C:\\Program Files\\COMODO\\COMODO Internet Security\\cmdagent.exe\"" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{10F58851-4358-4E4B-8494-DF34393F41A5}\LocalServer32 C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\CLSID\{10F58851-4358-4E4B-8494-DF34393F41A5}\LocalServer32 C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C288AC5A-D846-4696-8028-2DF6F508D0D9}\LocalServer32\ = "\"C:\\Program Files\\COMODO\\COMODO Internet Security\\cmdagent.exe\"" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B691E6DB-B216-4532-A2F3-1656BAC416FC}\LocalServer32\ = "\"C:\\Program Files\\COMODO\\COMODO Internet Security\\cavwp.exe\" /ModeAvBoostHelper" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\CLSID\{05E5F178-256F-42EE-9BF4-A7E080F7B354}\LocalServer32 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\CLSID\{E8718E3A-1985-473C-9196-9A39AFB0028E}\LocalServer32 C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{10F58851-4358-4E4B-8494-DF34393F41A5}\LOCALSERVER32 C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key opened \Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Windows\system32\runonce.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Windows\system32\runonce.exe N/A
Key opened \Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Windows\system32\runonce.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Windows\system32\runonce.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Root\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\CTLs C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\CTLs C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\CTLs C:\Windows\system32\DrvInst.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2E\52C64B7E\@%SystemRoot%\System32\fveui.dll,-843 = "BitLocker Drive Encryption" C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\Certificates C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Root\CRLs C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\CTLs C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Root\CTLs C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\GrpConv C:\Windows\System32\grpconv.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\trust\Certificates C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\trust\CTLs C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPublisher\CTLs C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\CA\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\trust\CRLs C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\My C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\GrpConv C:\Windows\System32\grpconv.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\trust\CRLs C:\Windows\system32\DrvInst.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2e\52C64B7E C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ C:\Windows\system32\runonce.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\CRLs C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\CRLs C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot C:\Windows\system32\DrvInst.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2E\52C64B7E\@%SystemRoot%\system32\dnsapi.dll,-103 = "Domain Name System (DNS) Server Trust" C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\CA\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\CTLs C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2E\52C64B7E\@%SystemRoot%\system32\qagentrt.dll,-10 = "System Health Authentication" C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached C:\Windows\system32\runonce.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\CTLs C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\trust\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\CTLs C:\Windows\system32\DrvInst.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{F2B830DA-DF8E-4CBF-946F-DED196916210}\ProxyStubClsid32\ = "{9F2D4924-C5F4-43B6-A4AB-C4161C4C2879}" C:\Windows\syswow64\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{9A2862A6-DCC2-4C52-A579-7A2246C107C1}\ProxyStubClsid32 C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E47859D8-9597-47FE-BFE4-4427113739A9}\ProxyStubClsid32\ = "{9F2D4924-C5F4-43B6-A4AB-C4161C4C2879}" C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{17FC23A6-8D66-448B-B286-C7B0030A0889}\ = "ICceProcActivity" C:\Windows\system32\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{EA98EDA9-5AD9-48E0-BEDD-AA308DF3FF73}\ProxyStubClsid32 C:\Windows\system32\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BE4DEE24-6CFC-48DF-89C4-29BD4954B895}\InProcServer32\ThreadingModel = "Both" C:\Windows\system32\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\CLSID\{05E5F178-256F-42EE-9BF4-A7E080F7B354}\LocalServer32 C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{D2FCAA56-082E-4CB5-AC35-8EA86764D274}\NumMethods\ = "24" C:\Windows\syswow64\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{B7FC0F91-20A6-485A-BD25-78A6C429F31D}\ProxyStubClsid32 C:\Windows\syswow64\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{AF738DD5-62A4-4A19-A149-006F41F053BB} C:\Windows\syswow64\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{AC07AE87-D195-4101-BAAC-33A74C731E83}\NumMethods C:\Windows\syswow64\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{88E8C754-D5D7-442B-B090-39569EB258DD} C:\Windows\system32\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\CLSID\{C288AC5A-D846-4696-8028-2DF6F508D0D9}\LocalServer32 C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E8718E3A-1985-473C-9196-9A39AFB0028E}\LocalServer32\ = "\"C:\\Program Files\\COMODO\\COMODO Internet Security\\cavwp.exe\" /ModeAvMerger" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{BBE300CA-7532-4515-AEBD-392BBBEAE404}\ = "ICisAlertCheckPassword" C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C80170AF-0521-45FD-8296-43AA420C40A2}\ = "IViruscopeActivityDnsQuery" C:\Windows\system32\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\TypeLib\{59A8627E-99C2-4995-81D3-44A31D62EA3A}\7.0 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E43FB77E-657A-4E59-94AC-EE6CAEE332EF} C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E9B1A6B4-EF47-4BB6-9EFA-B3F33CFD548E}\NumMethods\ = "14" C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{8DD1CBA7-A94F-42E0-B896-4C8346B8046A}\ = "IViruscopeActivityCreateFile" C:\Windows\system32\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6686FBD5-734B-44FA-9B3E-02C522299E59}\ = "ICisFile" C:\Windows\system32\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CISSVC.CisGate.1\CLSID\ = "{C288AC5A-D846-4696-8028-2DF6F508D0D9}" C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1FE70F59-DA7B-445D-9970-5E6AEEACCE7D}\ = "ICisRmControl18" C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{0D11E551-B3C7-4E88-97D7-F76E9F716AD6}\NumMethods\ = "70" C:\Windows\syswow64\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1FE70F59-DA7B-445D-9970-5E6AEEACCE7D}\ProxyStubClsid32 C:\Windows\system32\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{5B63A392-A673-422A-B8E8-5F79897CD0E4}\NumMethods C:\Windows\system32\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{632E9EEE-F431-4C89-A18B-9959BCFF676B}\NumMethods C:\Windows\system32\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{59A8627E-99C2-4995-81D3-44A31D62EA3A}\7.0\ = "CIS 7.0 WMI Type Library" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\kiosk\shell C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{814CD053-EC73-450E-B695-68359C119228}\NumMethods C:\Windows\syswow64\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3A354768-9032-4BE3-888B-BC5E8D07F118} C:\Windows\system32\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AF738DD5-62A4-4A19-A149-006F41F053BB}\ProxyStubClsid32 C:\Windows\system32\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CavWp.AvSigChecker.1\ = "AvSigChecker Class" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{C23BD847-4CA4-45E9-BF35-458D8F2B488F}\NumMethods\ = "11" C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{D5E9B851-51DA-4E75-B7FF-F58371D2450D}\NumMethods\ = "13" C:\Windows\syswow64\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{3539C559-2626-40CC-97BF-CD9715CB84B4} C:\Windows\syswow64\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{4AB8A7C8-306E-4E41-A1D5-C711818EC2BF} C:\Windows\syswow64\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7BDBBCBE-8A78-4A7A-9A3B-D8265CCFBA27} C:\Windows\system32\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F9190C9B-8F67-4969-B30C-ABED8B40D87D}\ProxyStubClsid32\ = "{9F2D4924-C5F4-43B6-A4AB-C4161C4C2879}" C:\Windows\system32\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\PropertySheetHandlers\Comodo Antivirus\ = "{4255A182-CAD9-4214-A19B-7BA7FB633BBD}" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{A8F46273-16B9-4009-AF0F-2EFA988DD75D}\ProxyStubClsid32\ = "{9F2D4924-C5F4-43B6-A4AB-C4161C4C2879}" C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2AA289E5-94A3-4358-B478-1E3E777C712F}\ = "ICisAlertAllowSbFullyVirtualize" C:\Windows\syswow64\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9F2D4924-C5F4-43B6-A4AB-C4161C4C2879}\InProcServer32 C:\Windows\system32\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3A354768-9032-4BE3-888B-BC5E8D07F118}\NumMethods\ = "11" C:\Windows\system32\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{EFC7BEE6-AEFC-49CC-80FF-0BA189884F5F}\NumMethods\ = "23" C:\Windows\system32\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{17FC23A6-8D66-448B-B286-C7B0030A0889}\ProxyStubClsid32\ = "{9F2D4924-C5F4-43B6-A4AB-C4161C4C2879}" C:\Windows\syswow64\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{EE60D0A4-6690-4EF2-B811-6E1CC3271D65}\NumMethods C:\Windows\syswow64\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{BA5CCBBA-DC09-42C1-81CC-41DCCC7D0EE3} C:\Windows\syswow64\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{C23BD847-4CA4-45E9-BF35-458D8F2B488F}\NumMethods C:\Windows\syswow64\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{80C6DED0-60A1-4B9A-A3D3-9713908EE07D} C:\Windows\system32\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{ABB4804E-9F91-4C7D-A90B-486B83460EBE} C:\Windows\system32\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DF800BB8-B4FA-47D6-8A70-736C1C0A5E90}\NumMethods C:\Windows\system32\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E0E9D49D-65D1-4AB1-8235-DF90B6ED8483} C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A1850D95-9C38-4D86-AC40-E559BC0E73C9}\ = "AvDllHost Class" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{63A82605-4789-40DC-9FDC-8041CC8540F5}\ = "IEnumViruscopeActivities" C:\Windows\syswow64\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E981C6A7-C5CD-4F19-9657-41DBB6C39614}\NumMethods C:\Windows\syswow64\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{379DE05C-2339-463A-9BC1-BDC1F92C0CCA} C:\Windows\system32\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1220A5C3-9B6C-4A8A-ABE4-7CE6118384A9} C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E58853A5-06B5-4458-B7DD-69AFB65556CD}\ = "ICisRmControl13" C:\Windows\syswow64\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{37EFB434-D269-4B6B-AE61-60E4E8F2CCCA} C:\Windows\system32\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{B9404811-42B6-41B1-AF40-B885ED9D818A}\NumMethods C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{08E55C52-1F4D-4D91-A6FA-E7444A59D528}\NumMethods\ = "7" C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CIS.CisLpsIntegration\ = "CisLpsIntegration Class" C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe N/A

Modifies system certificate store

evasion spyware trojan
Description Indicator Process Target
Set value (data) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\SystemCertificates\CA\Certificates\8D4C4A23BA9EE84EA7348FA98CC6E65FBB69DE7B\Blob = 4b0000000100000044000000420032004600410046003700360039003200460044003900460046004200440036003400450044004500330031003700450034003200330033003400420041005f0000001800000001000000100000002aa1c05e2ae606f198c2c5e937c97aa2140000000100000014000000bbaf7e023dfaa6f13c848eadee3898ecd93232d40f0000000100000030000000a768343c4aeaced5c72f3571938864983a67ed49031c1da2495863caf65fe507011f7f0e70b6cb40e5631c07721be034040000000100000010000000ab9b109ce8934f11e7cd22ed550680da19000000010000001000000082218ffb91733e64136be5719f57c3a10300000001000000140000008d4c4a23ba9ee84ea7348fa98cc6e65fbb69de7b2000000001000000820500003082057e30820466a003020102021067def43ef17bdae24ff5940606d2c084300d06092a864886f70d01010c0500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a308185310b3009060355040613024742311b30190603550408131247726561746572204d616e636865737465723110300e0603550407130753616c666f7264311a3018060355040a1311434f4d4f444f204341204c696d69746564312b302906035504031322434f4d4f444f205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010091e85492d20a56b1ac0d24ddc5cf446774992b37a37d23700071bc53dfc4fa2a128f4b7f1056bd9f7072b7617fc94b0f17a73de3b00461eeff1197c7f4863e0afa3e5cf993e6347ad9146be79cb385a0827a76af7190d7ecfd0dfa9c6cfadfb082f4147ef9bec4a62f4f7f997fb5fc674372bd0c00d689eb6b2cd3ed8f981c14ab7ee5e36efcd8a8e49224da436b62b855fdeac1bc6cb68bf30e8d9ae49b6c6999f878483045d5ade10d3c4560fc32965127bc67c3ca2eb66bea46c7c720a0b11f65de4808baa44ea9f283463784ebe8cc814843674e722a9b5cbd4c1b288a5c227bb4ab98d9eee05183c309464e6d3e99fa9517da7c3357413c8d51ed0bb65caf2c631adf57c83fbce95dc49baf4599e2a35a24b4baa9563dcf6faaff4958bef0a8fff4b8ade937fbbab8f40b3af9e843421e89d884cb13f1d9bbe18960b88c2856ac141d9c0ae771ebcf0edd3da996a148bd3cf7afb50d224cc01181ec563bf6d3a2e25bb7b204225295809369e88e4c65f191032d707402ea8b671529695202bbd7df506a5546bfa0a328617f70d0c3a2aa2c21aa47ce289c064576bf821827b4d5aeb4cb50e66bf44c867130e9a6df1686e0d8ff40ddfbd042887fa3333a2e5c1e41118163ce18716b2beca68ab7315c3a6a47e0c37959d6201aaff26a98aa72bc574ad24b9dbb10fcb04c41e5ed1d3d5e289d9cccbfb351daa747e584530203010001a381f23081ef301f0603551d23041830168014a0110a233e96f107ece2af29ef82a57fd030a4b4301d0603551d0e04160414bbaf7e023dfaa6f13c848eadee3898ecd93232d4300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff30110603551d20040a300830060604551d200030430603551d1f043c303a3038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c303406082b0601050507010104283026302406082b060105050730018618687474703a2f2f6f6373702e636f6d6f646f63612e636f6d300d06092a864886f70d01010c050003820101007ff25635b06d954a4e74af3ae26f018b87d33297edf840d2775311d7c7162ec69de64856be80a9f8bc78d2c86317ae8ced1631fa1f18c90ec7ee48799fc7c9b9bccc8815e36861d19f1d4b6181d7560463c2086926f0f0e52fdfc00a2ba905f4025a6a89d7b4844295e3ebf776205e35d9c0cd2508134c71388e87b0338491991e91f1ac9e3fa71d60812c364154a0e246060bac1bc799368c5ea10ba49ed9424624c5c55b81aeada0a0dc9f36b88dc21d15fa88ad8110391f44f02b9fdd10540c0734b136d114fd07023dff7255ab27d62c814171298d41f450571a7e6560afcbc5287698aeb3a853768be621526bea21d0840e494e8853da922ee71d0866d7 C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F8DB7E1C16F1FFD4AAAD4AAD8DFF0F2445184AEB\Blob = 030000000100000014000000f8db7e1c16f1ffd4aaad4aad8dff0f2445184aeb20000000010000000906000030820605308203eda0030201020210078f0a9d03df119e434e4fec1bf0235a300d06092a864886f70d01010b0500308194310b3009060355040613025553311330110603550408130a57617368696e67746f6e3110300e060355040713075265646d6f6e64311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e313e303c060355040313354d6963726f736f667420446576656c6f706d656e7420526f6f7420436572746966696361746520417574686f726974792032303134301e170d3134303532383136343334365a170d3339303532383136353134385a308194310b3009060355040613025553311330110603550408130a57617368696e67746f6e3110300e060355040713075265646d6f6e64311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e313e303c060355040313354d6963726f736f667420446576656c6f706d656e7420526f6f7420436572746966696361746520417574686f72697479203230313430820222300d06092a864886f70d01010105000382020f003082020a0282020100c20f7f6d49bb39f04d943fe8fb4dc5eb3be1285ab9892a467ea5c333271d82893feb33a1876aeae882b9dac39d77d135c0cb833672a6571912bc15e2c83c7b83623414d5abb6de368ba15a71a65196a70633b3221d146253c2a5af9a40cabe2c485499e72a9368a769190b99693bc1b2acae94dc5fab7e02cade3ca774a68c10a0e5aeb69c35ef838b10e5972aba916b9a6a4595d9d054718e653fc48a53ca1e38470ae9d04184a5da1e66016504e6505b7735f5b42e29320cc6bf5f61ee3220b77c39f911faff605efec669f46f1e1ded1d06e7651e9a112e6344065f31431733e9a32682d44b83124fd2a126032548e13abd84f58ad5b46e1ae871200e45530167ade31e6be8b2e4abfdf53b8eba67af5984cc5c75d09daa5c72c42636a2ac324c6ab1f8331744d2a77d70eeeb70949abceaba1c104b635b38ddd2254504b2f0b35a7c0b0a8e21406437114d96694533e493839ef9b3b51c2b0571ea6dcce748b6b6de805010ca4938b35905704ebd9e880222586489eb40dab12d2d6a40885d23c33ed0f5d5b7908a28543962a2c5c6b1bf74cd8695f9456bccf207eaac5cd336f7a27ab5b472532a063ec337945858b14a71bb5ccd9cb2af109ad943363e528519e7422891118c8ce7bbdfe6c855087375f3960d86b7d2e506b2c08a54a86177207d6cd1feba68f3454aaf1184eb867d2f04f354ea20ffd5db3d250270870203010001a351304f300b0603551d0f040403020186300f0603551d130101ff040530030101ff301d0603551d0e041604148570009f77591e8cac3c9f77262819cc9ac18f32301006092b06010401823715010403020100300d06092a864886f70d01010b050003820201004f2574bd1f624f5f0ff74222d7d1d65304232ec5d5d7072b6b793b5f6d90ed1355d382f1f5028f3ef996267e0d421876fc6055825a86bd113339690fcee0b02bf15d19dfd8d2fa86a4cccdacf0d0ae9a8b2b248f03c1350d20b3dfc742ea77292e0a12fc0b1a458dd931840d8d02c0acfad212bf1e6a343eea8300a348754e72662da1a5129f37a85d4a7759cfd63afc30c5a609a5bfb108e3fb2c9f76c4fb4e611d6d23f3766985eb49bb0df73dd0aa05bcdd3d6e80445ed99a68ecc989c7e61a18f860a0e78cf6e6516f0ee025b863f9f9c20b8c3c9cb2f042cdbec3f5fe4929559c5e8696fba1ed6d2686e8b8208b5cc6e72d31c5aaca7d4b7da059a41efb5071e9afcfd6aa0d99de8e95269731a5f47f6df46815b8e3f7add8efd13875025ffd6d4efcb6fc2f451ba9cad11e7aff75181536c120e45f483a95eb7be4f5f6f4fec94b21a2a9ea8a9925cbe8444090d539b46b239b52bcc0c17e17666e650bf5741596a866ed856854b224e87588644589853c7a656b96e0f259ea4725660f6a1b0c3fd44ae64b26174709fed4d7b8e0cee72f94ad808b6770ccb77bcf1b2bb9d15bbdb8035cb1f01b412ce6535516e74a0e41089937e2a9d76d0e6a45e5ece388a9fdb69bc32820ceabc2936b516553bfa05e7b9d26349a514c8ca638d5865b3c55ee50ec000bcaacdcca10abdf189bd2ac0c8d084515af8535355ae526bc C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F8DB7E1C16F1FFD4AAAD4AAD8DFF0F2445184AEB\Blob = 190000000100000010000000fdf830131f605511d717ae8f24143eea0f0000000100000020000000ed55f82e1444f79ca9dce826846fdc4e0ea3859e3d26efef412d2fff0c7c8e6c030000000100000014000000f8db7e1c16f1ffd4aaad4aad8dff0f2445184aeb1400000001000000140000008570009f77591e8cac3c9f77262819cc9ac18f3220000000010000000906000030820605308203eda0030201020210078f0a9d03df119e434e4fec1bf0235a300d06092a864886f70d01010b0500308194310b3009060355040613025553311330110603550408130a57617368696e67746f6e3110300e060355040713075265646d6f6e64311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e313e303c060355040313354d6963726f736f667420446576656c6f706d656e7420526f6f7420436572746966696361746520417574686f726974792032303134301e170d3134303532383136343334365a170d3339303532383136353134385a308194310b3009060355040613025553311330110603550408130a57617368696e67746f6e3110300e060355040713075265646d6f6e64311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e313e303c060355040313354d6963726f736f667420446576656c6f706d656e7420526f6f7420436572746966696361746520417574686f72697479203230313430820222300d06092a864886f70d01010105000382020f003082020a0282020100c20f7f6d49bb39f04d943fe8fb4dc5eb3be1285ab9892a467ea5c333271d82893feb33a1876aeae882b9dac39d77d135c0cb833672a6571912bc15e2c83c7b83623414d5abb6de368ba15a71a65196a70633b3221d146253c2a5af9a40cabe2c485499e72a9368a769190b99693bc1b2acae94dc5fab7e02cade3ca774a68c10a0e5aeb69c35ef838b10e5972aba916b9a6a4595d9d054718e653fc48a53ca1e38470ae9d04184a5da1e66016504e6505b7735f5b42e29320cc6bf5f61ee3220b77c39f911faff605efec669f46f1e1ded1d06e7651e9a112e6344065f31431733e9a32682d44b83124fd2a126032548e13abd84f58ad5b46e1ae871200e45530167ade31e6be8b2e4abfdf53b8eba67af5984cc5c75d09daa5c72c42636a2ac324c6ab1f8331744d2a77d70eeeb70949abceaba1c104b635b38ddd2254504b2f0b35a7c0b0a8e21406437114d96694533e493839ef9b3b51c2b0571ea6dcce748b6b6de805010ca4938b35905704ebd9e880222586489eb40dab12d2d6a40885d23c33ed0f5d5b7908a28543962a2c5c6b1bf74cd8695f9456bccf207eaac5cd336f7a27ab5b472532a063ec337945858b14a71bb5ccd9cb2af109ad943363e528519e7422891118c8ce7bbdfe6c855087375f3960d86b7d2e506b2c08a54a86177207d6cd1feba68f3454aaf1184eb867d2f04f354ea20ffd5db3d250270870203010001a351304f300b0603551d0f040403020186300f0603551d130101ff040530030101ff301d0603551d0e041604148570009f77591e8cac3c9f77262819cc9ac18f32301006092b06010401823715010403020100300d06092a864886f70d01010b050003820201004f2574bd1f624f5f0ff74222d7d1d65304232ec5d5d7072b6b793b5f6d90ed1355d382f1f5028f3ef996267e0d421876fc6055825a86bd113339690fcee0b02bf15d19dfd8d2fa86a4cccdacf0d0ae9a8b2b248f03c1350d20b3dfc742ea77292e0a12fc0b1a458dd931840d8d02c0acfad212bf1e6a343eea8300a348754e72662da1a5129f37a85d4a7759cfd63afc30c5a609a5bfb108e3fb2c9f76c4fb4e611d6d23f3766985eb49bb0df73dd0aa05bcdd3d6e80445ed99a68ecc989c7e61a18f860a0e78cf6e6516f0ee025b863f9f9c20b8c3c9cb2f042cdbec3f5fe4929559c5e8696fba1ed6d2686e8b8208b5cc6e72d31c5aaca7d4b7da059a41efb5071e9afcfd6aa0d99de8e95269731a5f47f6df46815b8e3f7add8efd13875025ffd6d4efcb6fc2f451ba9cad11e7aff75181536c120e45f483a95eb7be4f5f6f4fec94b21a2a9ea8a9925cbe8444090d539b46b239b52bcc0c17e17666e650bf5741596a866ed856854b224e87588644589853c7a656b96e0f259ea4725660f6a1b0c3fd44ae64b26174709fed4d7b8e0cee72f94ad808b6770ccb77bcf1b2bb9d15bbdb8035cb1f01b412ce6535516e74a0e41089937e2a9d76d0e6a45e5ece388a9fdb69bc32820ceabc2936b516553bfa05e7b9d26349a514c8ca638d5865b3c55ee50ec000bcaacdcca10abdf189bd2ac0c8d084515af8535355ae526bc C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\31D019FC7AB697D57D9C4AFB340ED7C4D10400DF C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 0f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030853000000010000002600000030243022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c00b00000001000000180000004300b7004f00b7004d00b7004f00b7004400b7004f000000140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b41d00000001000000100000002e0d6875874a44c820912e85e964cfdb030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e349200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\D70D7D00CA12E1B3E20F3BF7534DEB2C2E7C2404\Blob = 030000000100000014000000d70d7d00ca12e1b3e20f3bf7534deb2c2e7c24042000000001000000530500003082054f30820437a00302010202102f9f0a1d6764b5a6378747247087ba73300d06092a864886f70d01010b0500307d310b3009060355040613024742311b30190603550408131247726561746572204d616e636865737465723110300e0603550407130753616c666f7264311a3018060355040a1311434f4d4f444f204341204c696d69746564312330210603550403131a434f4d4f444f2052534120436f6465205369676e696e67204341301e170d3138313231313030303030305a170d3139313231313233353935395a3081b8310b3009060355040613025553310e300c06035504110c0530373031333113301106035504080c0a4e6577204a65727365793110300e06035504070c07436c6966746f6e3112301006035504090c095375697465203130303116301406035504090c0d313235352042726f616420537431223020060355040a0c19436f6d6f646f20536563757269747920536f6c7574696f6e733122302006035504030c19436f6d6f646f20536563757269747920536f6c7574696f6e7330820122300d06092a864886f70d01010105000382010f003082010a0282010100c1b2eafc6255d7a7780082967ba911a65b8160e697a9c81ae0816002356644b714895808a67b22551d87b879e80d0c1bff7bd847e1486bad3c3caa8c6f3258a7311f8b03c68c9ec5947950e57a1f99f4b47b8faaf46e282f68155ae6e8f13c9c125b5eb83ae4e63ee6081d0e8aae4f090175a538422b38e0600bd94b21b313567934ee959ddd6ab7ef62bce25dada05d7de6a75cefeffdcba6a1fc8e1ef7aa6d3e5ab328732c3d31759a20d7e69cef60ac9d152041dbd85167a78329f3a80fee19ea9edb102448aa9f5774794ecb560de2faa348f278b846a2a5d8238d5e4e4cd2a82f0e37415af2dc63f34f3e179aa1cae7290b411aaf5aa6acf5404ebe98130203010001a382018d30820189301f0603551d23041830168014299160ff8a4dfaebf9a66ab8cff9e64bbd49ce12301d0603551d0e041604146c5f99825f4ba8d4c19bae5169bab32fae7816ca300e0603551d0f0101ff040403020780300c0603551d130101ff0402300030130603551d25040c300a06082b06010505070303301106096086480186f842010104040302041030460603551d20043f303d303b060c2b06010401b2310102010302302b302906082b06010505070201161d68747470733a2f2f7365637572652e636f6d6f646f2e6e65742f43505330430603551d1f043c303a3038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f434f4d4f444f525341436f64655369676e696e6743412e63726c307406082b0601050507010104683066303e06082b060105050730028632687474703a2f2f6372742e636f6d6f646f63612e636f6d2f434f4d4f444f525341436f64655369676e696e6743412e637274302406082b060105050730018618687474703a2f2f6f6373702e636f6d6f646f63612e636f6d300d06092a864886f70d01010b050003820101000f718c2aa40e9c44a95e1eca3844097ddb7fba896b5f5c73a6b9aede1d29f0e432f41c8a45ce38b1f52df73f45e67907a03ac58d407b3077b1cae246a54544ee365bcee4bf0f4cecc47b01e98d0478d8f4c93e2c582aa472577de9c67a0a8c2e37635e626258675e0e6669babee331594abed516679e8f1b14d7a65dc1b76ab33412689b135cf855335748e2d1998759e5b95f68d418d5486d385d0db7a8fa30e58e84f57bb7ec3f45efa549fab71775c822ec846545b6fc0ef1d3c2dad34940657088fc5f773a1cbe24f9228f9dd7e9611d5d682998c6041ba580a789f5571da01d6723784bbcec4fded61d0ba31e37fbc10c3dfe06169df4670c8d454019f7 C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F8DB7E1C16F1FFD4AAAD4AAD8DFF0F2445184AEB\Blob = 0f0000000100000020000000ed55f82e1444f79ca9dce826846fdc4e0ea3859e3d26efef412d2fff0c7c8e6c030000000100000014000000f8db7e1c16f1ffd4aaad4aad8dff0f2445184aeb20000000010000000906000030820605308203eda0030201020210078f0a9d03df119e434e4fec1bf0235a300d06092a864886f70d01010b0500308194310b3009060355040613025553311330110603550408130a57617368696e67746f6e3110300e060355040713075265646d6f6e64311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e313e303c060355040313354d6963726f736f667420446576656c6f706d656e7420526f6f7420436572746966696361746520417574686f726974792032303134301e170d3134303532383136343334365a170d3339303532383136353134385a308194310b3009060355040613025553311330110603550408130a57617368696e67746f6e3110300e060355040713075265646d6f6e64311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e313e303c060355040313354d6963726f736f667420446576656c6f706d656e7420526f6f7420436572746966696361746520417574686f72697479203230313430820222300d06092a864886f70d01010105000382020f003082020a0282020100c20f7f6d49bb39f04d943fe8fb4dc5eb3be1285ab9892a467ea5c333271d82893feb33a1876aeae882b9dac39d77d135c0cb833672a6571912bc15e2c83c7b83623414d5abb6de368ba15a71a65196a70633b3221d146253c2a5af9a40cabe2c485499e72a9368a769190b99693bc1b2acae94dc5fab7e02cade3ca774a68c10a0e5aeb69c35ef838b10e5972aba916b9a6a4595d9d054718e653fc48a53ca1e38470ae9d04184a5da1e66016504e6505b7735f5b42e29320cc6bf5f61ee3220b77c39f911faff605efec669f46f1e1ded1d06e7651e9a112e6344065f31431733e9a32682d44b83124fd2a126032548e13abd84f58ad5b46e1ae871200e45530167ade31e6be8b2e4abfdf53b8eba67af5984cc5c75d09daa5c72c42636a2ac324c6ab1f8331744d2a77d70eeeb70949abceaba1c104b635b38ddd2254504b2f0b35a7c0b0a8e21406437114d96694533e493839ef9b3b51c2b0571ea6dcce748b6b6de805010ca4938b35905704ebd9e880222586489eb40dab12d2d6a40885d23c33ed0f5d5b7908a28543962a2c5c6b1bf74cd8695f9456bccf207eaac5cd336f7a27ab5b472532a063ec337945858b14a71bb5ccd9cb2af109ad943363e528519e7422891118c8ce7bbdfe6c855087375f3960d86b7d2e506b2c08a54a86177207d6cd1feba68f3454aaf1184eb867d2f04f354ea20ffd5db3d250270870203010001a351304f300b0603551d0f040403020186300f0603551d130101ff040530030101ff301d0603551d0e041604148570009f77591e8cac3c9f77262819cc9ac18f32301006092b06010401823715010403020100300d06092a864886f70d01010b050003820201004f2574bd1f624f5f0ff74222d7d1d65304232ec5d5d7072b6b793b5f6d90ed1355d382f1f5028f3ef996267e0d421876fc6055825a86bd113339690fcee0b02bf15d19dfd8d2fa86a4cccdacf0d0ae9a8b2b248f03c1350d20b3dfc742ea77292e0a12fc0b1a458dd931840d8d02c0acfad212bf1e6a343eea8300a348754e72662da1a5129f37a85d4a7759cfd63afc30c5a609a5bfb108e3fb2c9f76c4fb4e611d6d23f3766985eb49bb0df73dd0aa05bcdd3d6e80445ed99a68ecc989c7e61a18f860a0e78cf6e6516f0ee025b863f9f9c20b8c3c9cb2f042cdbec3f5fe4929559c5e8696fba1ed6d2686e8b8208b5cc6e72d31c5aaca7d4b7da059a41efb5071e9afcfd6aa0d99de8e95269731a5f47f6df46815b8e3f7add8efd13875025ffd6d4efcb6fc2f451ba9cad11e7aff75181536c120e45f483a95eb7be4f5f6f4fec94b21a2a9ea8a9925cbe8444090d539b46b239b52bcc0c17e17666e650bf5741596a866ed856854b224e87588644589853c7a656b96e0f259ea4725660f6a1b0c3fd44ae64b26174709fed4d7b8e0cee72f94ad808b6770ccb77bcf1b2bb9d15bbdb8035cb1f01b412ce6535516e74a0e41089937e2a9d76d0e6a45e5ece388a9fdb69bc32820ceabc2936b516553bfa05e7b9d26349a514c8ca638d5865b3c55ee50ec000bcaacdcca10abdf189bd2ac0c8d084515af8535355ae526bc C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\D70D7D00CA12E1B3E20F3BF7534DEB2C2E7C2404 C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\31D019FC7AB697D57D9C4AFB340ED7C4D10400DF\Blob = 0f0000000100000020000000c6dcba6192a502eb4e7caebea466be00c8abbf2269740faa6156a5341ba0a2be03000000010000001400000031d019fc7ab697d57d9c4afb340ed7c4d10400df2000000001000000250600003082062130820509a00302010202101b427b060e2866bfb586cc267e1c3eaa300d06092a864886f70d01010b0500308191310b3009060355040613024742311b30190603550408131247726561746572204d616e636865737465723110300e0603550407130753616c666f7264311a3018060355040a1311434f4d4f444f204341204c696d69746564313730350603550403132e434f4d4f444f2052534120457874656e6465642056616c69646174696f6e20436f6465205369676e696e67204341301e170d3138313230343030303030305a170d3231313230333233353935395a308201093110300e060355040513073339313038303531133011060b2b0601040182373c0201031302555331193017060b2b0601040182373c020102130844656c6177617265311d301b060355040f131450726976617465204f7267616e697a6174696f6e310b3009060355040613025553310e300c06035504110c053037303133310b300906035504080c024e4a3110300e06035504070c07436c6966746f6e3116301406035504090c0d313235352042726f616420537431283026060355040a0c1f436f6d6f646f20536563757269747920536f6c7574696f6e732c20496e632e3128302606035504030c1f436f6d6f646f20536563757269747920536f6c7574696f6e732c20496e632e30820122300d06092a864886f70d01010105000382010f003082010a0282010100ad390c8bc919005d5894a91a9585ef887fbd7c2341ff5ebb3efc6f645a66c55e6da11febce740e53ed9416284dfc7d142e4dc21f99753b5f60ae9aadc764b59efd9ffd33b20ae1c54eba629408a1b095a59cf4af0ad9db9bc494250154dcd0edefcec62e4b248d9a793b703aa15255baf3553fa59d4dc558ba4303af630bb626cd6627e0c4a45764ec3b286c38ab2499f9dc13eefdffa7841297ff533b47061b9aa3ff09ee3f04a7b10ba70894e53f3352b1f60eddfc021a66546e3392795bb6ae49a92f189ec2a7cdd9a935fab33a5ce7fc16c4b7e8ca13b4551d38a6a7c0658298a5adf5f6796675f58e1bb4ce410ff704bc5e845bc1ef83c18a0d50e137370203010001a38201f8308201f4301f0603551d23041830168014df8ff3200ce9caa604d85b58372a3dab46dc8349301d0603551d0e041604142d99b81962209042dc650eb36ec07ad996e48c4d300e0603551d0f0101ff040403020780300c0603551d130101ff0402300030130603551d25040c300a06082b06010505070303301106096086480186f842010104040302041030460603551d20043f303d303b060c2b06010401b2310102010601302b302906082b06010505070201161d68747470733a2f2f7365637572652e636f6d6f646f2e636f6d2f43505330550603551d1f044e304c304aa048a0468644687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f434f4d4f444f525341457874656e64656456616c69646174696f6e436f64655369676e696e6743412e63726c30818606082b06010505070101047a3078305006082b060105050730028644687474703a2f2f6372742e636f6d6f646f63612e636f6d2f434f4d4f444f525341457874656e64656456616c69646174696f6e436f64655369676e696e6743412e637274302406082b060105050730018618687474703a2f2f6f6373702e636f6d6f646f63612e636f6d30440603551d11043d303ba02306082b06010505070803a01730150c1355532d44454c41574152452d33393130383035811473636f742e7765697240636f6d6f646f2e636f6d300d06092a864886f70d01010b050003820101007f4d3e6594a3e380fac36b00e97ccacce4786be2ecc13cf37e737aaca0328bb8bfdcd513daff94aba1c7ee00cc8a3bd073157a812f6e31f772781d0bb922a8b86932b296c2312cdf3b239c42bb443b4b1b89b36de34a7fae65ac63eb6ead8812f8d373fa6f1a4e8d9e62eb004caae3639e41e08ed48d640b04725b09b4411dc083587e7fe24b33d90677677960efa6299cc85c4b2bfae4cdfe36581d25e029f6af1a7e77f502882d87597f3cc5bb450a71f9fd57f43b321baa4cbe5213a48a2c5b785a9de4103d5029e4db79403e98784e51379d45a86996b183469e98470731d1a603eaa443a05527aca62f51631722dc0dfe5d74c8298d2aed885d34c9be61 C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 1900000001000000100000002aa1c05e2ae606f198c2c5e937c97aa2030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e3491d00000001000000100000002e0d6875874a44c820912e85e964cfdb140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b40b00000001000000180000004300b7004f00b7004d00b7004f00b7004400b7004f00000053000000010000002600000030243022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b060105050703080f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\D70D7D00CA12E1B3E20F3BF7534DEB2C2E7C2404 C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\6CD253D636A7B4D0E0981431BC064061A9853ED9\Blob = 0f00000001000000200000006f962c708f9b1bde348d5d34a63756527055479d67e82040573e57c7f633154d0300000001000000140000006cd253d636a7b4d0e0981431bc064061a9853ed920000000010000001b06000030820617308204ffa003020102021032327facb1bd6f1fa93473ccc515fd82300d06092a864886f70d01010b0500308191310b3009060355040613024742311b30190603550408131247726561746572204d616e636865737465723110300e0603550407130753616c666f7264311a3018060355040a1311434f4d4f444f204341204c696d69746564313730350603550403132e434f4d4f444f2052534120457874656e6465642056616c69646174696f6e20436f6465205369676e696e67204341301e170d3138303132343030303030305a170d3231303132333233353935395a308201153110300e060355040513073339313038303531133011060b2b0601040182373c0201031302555331193017060b2b0601040182373c020102130844656c6177617265311d301b060355040f131450726976617465204f7267616e697a6174696f6e310b3009060355040613025553310e300c06035504110c0530373031333113301106035504080c0a4e6577204a65727365793110300e06035504070c07436c6966746f6e311a301806035504090c11313235352042726f61642053747265657431283026060355040a0c1f436f6d6f646f20536563757269747920536f6c7574696f6e732c20496e632e3128302606035504030c1f436f6d6f646f20536563757269747920536f6c7574696f6e732c20496e632e30820122300d06092a864886f70d01010105000382010f003082010a0282010100b7713778a66667b8cd67f828f378f80a5507c4e8aa143cfd5b9b953ab16d04a965dcd386a35efe8378c1e0e5ceaf124f188102958962014e493cd80f11fc2ba339953a8bb71a9f030ebbe8742b4252ab465a2d41a829508a9eef5d34d171fcf0b5be026fe15e1a70288b2ecd4af1332924d53c0eefe5c7033482769cae8b5c5e8d59033fac40e94d714c5cd05e8db6f0edb71bb26565d52a025f35323203e9a7846d00a235f973d1e43f29a81dcd1bfef625d373f94a51cc8d2be8ee69702a73a694da69d9b0fbae7d1dee353683a2037a2019b9260a1b53f6c89d945b384c275670bdfac333301504af00749373356a1e7a422eb9363bdab713f9ad6b5bb1970203010001a38201e2308201de301f0603551d23041830168014df8ff3200ce9caa604d85b58372a3dab46dc8349301d0603551d0e04160414e18081b3e9396b7109e8b2add6c3d20ebf4b4814300e0603551d0f0101ff040403020780300c0603551d130101ff0402300030130603551d25040c300a06082b06010505070303301106096086480186f842010104040302041030460603551d20043f303d303b060c2b06010401b2310102010601302b302906082b06010505070201161d68747470733a2f2f7365637572652e636f6d6f646f2e636f6d2f43505330550603551d1f044e304c304aa048a0468644687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f434f4d4f444f525341457874656e64656456616c69646174696f6e436f64655369676e696e6743412e63726c30818606082b06010505070101047a3078305006082b060105050730028644687474703a2f2f6372742e636f6d6f646f63612e636f6d2f434f4d4f444f525341457874656e64656456616c69646174696f6e436f64655369676e696e6743412e637274302406082b060105050730018618687474703a2f2f6f6373702e636f6d6f646f63612e636f6d302e0603551d1104273025a02306082b06010505070803a01730150c1355532d44454c41574152452d33393130383035300d06092a864886f70d01010b050003820101004bc17929ea82f3c4787f7b29b69edb09e169797a9f4cd233f035412d2b9c586e352d2c0d1cd530a946a91ccd8858453573f0b45a0cdc743d662af4761420489adadbd9a84915b697f96ed1e49786c53000eb12555d3b2957eec18279326020737e2e3e4d621856026169ad6f6cf18ee7b59d5b6a7e6d8c252fa1a15363ec89a6efe5efdf4b260ad35c6a0e1db0250d1eb66ea7b91f15e0f57ecc0541e1ad74a2069f717dec0b1f03101b6812c13f64264f8c40a3614ffb8ccabedb974cda14eb50c061d5cd23dc7735cd0bcfdcef3fd178c1f95594a591031d05c8554cb5fe6fd23cb95931bf847f5b525a269aeac0336313e8f6e81ccb1692d86993724f709e C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\D70D7D00CA12E1B3E20F3BF7534DEB2C2E7C2404\Blob = 0f00000001000000200000008f4390d93853f6a1a1b71fdc231e030586f8213a5846c95d90b527f5c6dbd80f030000000100000014000000d70d7d00ca12e1b3e20f3bf7534deb2c2e7c24042000000001000000530500003082054f30820437a00302010202102f9f0a1d6764b5a6378747247087ba73300d06092a864886f70d01010b0500307d310b3009060355040613024742311b30190603550408131247726561746572204d616e636865737465723110300e0603550407130753616c666f7264311a3018060355040a1311434f4d4f444f204341204c696d69746564312330210603550403131a434f4d4f444f2052534120436f6465205369676e696e67204341301e170d3138313231313030303030305a170d3139313231313233353935395a3081b8310b3009060355040613025553310e300c06035504110c0530373031333113301106035504080c0a4e6577204a65727365793110300e06035504070c07436c6966746f6e3112301006035504090c095375697465203130303116301406035504090c0d313235352042726f616420537431223020060355040a0c19436f6d6f646f20536563757269747920536f6c7574696f6e733122302006035504030c19436f6d6f646f20536563757269747920536f6c7574696f6e7330820122300d06092a864886f70d01010105000382010f003082010a0282010100c1b2eafc6255d7a7780082967ba911a65b8160e697a9c81ae0816002356644b714895808a67b22551d87b879e80d0c1bff7bd847e1486bad3c3caa8c6f3258a7311f8b03c68c9ec5947950e57a1f99f4b47b8faaf46e282f68155ae6e8f13c9c125b5eb83ae4e63ee6081d0e8aae4f090175a538422b38e0600bd94b21b313567934ee959ddd6ab7ef62bce25dada05d7de6a75cefeffdcba6a1fc8e1ef7aa6d3e5ab328732c3d31759a20d7e69cef60ac9d152041dbd85167a78329f3a80fee19ea9edb102448aa9f5774794ecb560de2faa348f278b846a2a5d8238d5e4e4cd2a82f0e37415af2dc63f34f3e179aa1cae7290b411aaf5aa6acf5404ebe98130203010001a382018d30820189301f0603551d23041830168014299160ff8a4dfaebf9a66ab8cff9e64bbd49ce12301d0603551d0e041604146c5f99825f4ba8d4c19bae5169bab32fae7816ca300e0603551d0f0101ff040403020780300c0603551d130101ff0402300030130603551d25040c300a06082b06010505070303301106096086480186f842010104040302041030460603551d20043f303d303b060c2b06010401b2310102010302302b302906082b06010505070201161d68747470733a2f2f7365637572652e636f6d6f646f2e6e65742f43505330430603551d1f043c303a3038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f434f4d4f444f525341436f64655369676e696e6743412e63726c307406082b0601050507010104683066303e06082b060105050730028632687474703a2f2f6372742e636f6d6f646f63612e636f6d2f434f4d4f444f525341436f64655369676e696e6743412e637274302406082b060105050730018618687474703a2f2f6f6373702e636f6d6f646f63612e636f6d300d06092a864886f70d01010b050003820101000f718c2aa40e9c44a95e1eca3844097ddb7fba896b5f5c73a6b9aede1d29f0e432f41c8a45ce38b1f52df73f45e67907a03ac58d407b3077b1cae246a54544ee365bcee4bf0f4cecc47b01e98d0478d8f4c93e2c582aa472577de9c67a0a8c2e37635e626258675e0e6669babee331594abed516679e8f1b14d7a65dc1b76ab33412689b135cf855335748e2d1998759e5b95f68d418d5486d385d0db7a8fa30e58e84f57bb7ec3f45efa549fab71775c822ec846545b6fc0ef1d3c2dad34940657088fc5f773a1cbe24f9228f9dd7e9611d5d682998c6041ba580a789f5571da01d6723784bbcec4fded61d0ba31e37fbc10c3dfe06169df4670c8d454019f7 C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 040000000100000010000000497904b0eb8719ac47b0bc11519b74d00f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030853000000010000002600000030243022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c00b00000001000000180000004300b7004f00b7004d00b7004f00b7004400b7004f000000140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b41d00000001000000100000002e0d6875874a44c820912e85e964cfdb030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e3491900000001000000100000002aa1c05e2ae606f198c2c5e937c97aa2200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\SystemCertificates\CA\Certificates\8D4C4A23BA9EE84EA7348FA98CC6E65FBB69DE7B C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\SystemCertificates\CA\Certificates\D89E3BD43D5D909B47A18977AA9D5CE36CEE184C\Blob = 030000000100000014000000d89e3bd43d5d909b47a18977aa9d5ce36cee184c1400000001000000140000005379bf5aaa2b4acf5480e1d89bc09df2b20366cb040000000100000010000000285ec909c4ab0d2d57f5086b225799aa0f000000010000003000000013baa039635f1c5292a8c2f36aae7e1d25c025202e9092f5b0f53f5f752dfa9c71b3d1b8d9a6358fcee6ec75622fabf9190000000100000010000000ea6089055218053dd01e37e1d806eedf1800000001000000100000002aa1c05e2ae606f198c2c5e937c97aa22000000001000000850500003082058130820469a00302010202103972443af922b751d7d36c10dd313595300d06092a864886f70d01010c0500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3139303331323030303030305a170d3238313233313233353935395a308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010080126517360ec3db08b3d0ac570d76edcd27d34cad508361e2aa204d092d6409dcce899fcc3da9ecf6cfc1dcf1d3b1d67b3728112b47da39c6bc3a19b45fa6bd7d9da36342b676f2a93b2b91f8e26fd0ec162090093ee2e874c918b491d46264db7fa306f188186a90223cbcfe13f087147bf6e41f8ed4e451c61167460851cb8614543fbc33fe7e6c9cff169d18bd518e35a6a766c87267db2166b1d49b7803c0503ae8ccf0dcbc9e4cfeaf0596351f575ab7ffcef93db72cb6f654ddc8e7123a4dae4c8ab75c9ab4b7203dca7f2234ae7e3b68660144e7014e46539b3360f794be5337907343f332c353efdbaafe744e69c76b8c6093dec4c70cdfe132aecc933b517895678bee3d56fe0cd0690f1b0ff325266b336df76e47fa7343e57e0ea566b1297c3284635589c40dc19354301913acd37d37a7eb5d3a6c355cdb41d712daa9490bdfd8808a0993628eb566cf2588cd84b8b13fa4390fd9029eeb124c957cf36b05a95e1683ccb867e2e8139dcc5b82d34cb3ed5bffdee573ac233b2d00bf3555740949d849581a7f9236e651920ef3267d1c4d17bcc9ec4326d0bf415f40a94444f499e757879e501f5754a83efd74632fb1506509e658422e431a4cb4f0254759fa041e93d426464a5081b2debe78b7fc6715e1c957841e0f63d6e962bad65f552eea5cc62808042539b80e2ba9f24c971c073f0d52f5edef2f820f0203010001a381f23081ef301f0603551d23041830168014a0110a233e96f107ece2af29ef82a57fd030a4b4301d0603551d0e041604145379bf5aaa2b4acf5480e1d89bc09df2b20366cb300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff30110603551d20040a300830060604551d200030430603551d1f043c303a3038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c303406082b0601050507010104283026302406082b060105050730018618687474703a2f2f6f6373702e636f6d6f646f63612e636f6d300d06092a864886f70d01010c05000382010100188751dc74213d9c8ae027b733d02eccecf0e6cb5e11de226f9b758e9e72fee4d6feaa1f9c962def034a7eaef48d6f723c433bc03febb8df5caaa9c6aef2fcd8eea37b43f686367c14e0cdf4f73ffedeb8b48af09196fefd43647efdccd201a17d7df81919c9422b13bf588bbaa4a266047688914e0c8914cea24dc932b3bae8141abc71f15bf0410b98000a220310e50cb1f9cd923719ed3bf1e43ab6f945132675afbbaaef3f7b773bd2c402913d1900d3175c39db3f7b180d45cd9385962f5ddf59164f3f51bdd545183fed4a8ee80661742316b50d50732744477f105d892a6b853114c4e8a96a4c80bc6a78cfb87f8e7672990c9dfed7910816a1a35f95 C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\E35E6F46A1A9A4D18A4DAA298BDA4D1E8879236E\Blob = 030000000100000014000000e35e6f46a1a9a4d18a4daa298bda4d1e8879236e20000000010000005f0500003082055b30820443a003020102021100d9218e2757ec45d84ec08b3e6700c85e300d06092a864886f70d0101050500307b310b3009060355040613024742311b30190603550408131247726561746572204d616e636865737465723110300e0603550407130753616c666f7264311a3018060355040a1311434f4d4f444f204341204c696d697465643121301f06035504031318434f4d4f444f20436f6465205369676e696e672043412032301e170d3138313231313030303030305a170d3139303730373233353935395a3081a8310b3009060355040613025553310e300c06035504110c053037303133310b300906035504080c024e4a3110300e06035504070c07436c6966746f6e3116301406035504090c0d313235352042726f616420537431283026060355040a0c1f436f6d6f646f20536563757269747920536f6c7574696f6e732c20496e632e3128302606035504030c1f436f6d6f646f20536563757269747920536f6c7574696f6e732c20496e632e30820122300d06092a864886f70d01010105000382010f003082010a0282010100b73a668ff7984c8d990d7c6e51df5176c7842cc1bf351c27286c6139f4831fc718a35b0fa9145f0887de8bce335e8e3e12fce763cab5deeae08e0bf325cd79a4fbb328d7c7f7d53de51bd3c05c5966b634a9b1fc4362afd0267f927dd90a52b6a5f5f0e29c8e94dfe4199b2cf31142bb480e95ecb92b6ca20ecd71ff210df9655e9e9ac856ad7aab929b843052d4a21c27ea4054a9f4e8c4cd88943b1a4d3a58b3e06eb654c6c09cef472d6fb0d05a841ce229b53a5d36bd08cbfdc552f7c758efaa7824c1d27e30a83d7a9cecaab4bd91b2cbd60d1335fc4ac0f0294dd2eeb3f65139467761f091840246ff644edbfacb9ffd7ef2823fd9eea312dd299a39af0203010001a38201aa308201a6301f0603551d230418301680141ec5b12c7d87da02687c25bc0c07843fb6cfdef1301d0603551d0e041604147c4f2b645af103043ca7675e8c129c16dee7164c300e0603551d0f0101ff040403020780300c0603551d130101ff0402300030130603551d25040c300a06082b06010505070303301106096086480186f842010104040302041030460603551d20043f303d303b060c2b06010401b2310102010302302b302906082b06010505070201161d68747470733a2f2f7365637572652e636f6d6f646f2e6e65742f43505330410603551d1f043a30383036a034a0328630687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f434f4d4f444f436f64655369676e696e674341322e63726c307206082b0601050507010104663064303c06082b060105050730028630687474703a2f2f6372742e636f6d6f646f63612e636f6d2f434f4d4f444f436f64655369676e696e674341322e637274302406082b060105050730018618687474703a2f2f6f6373702e636f6d6f646f63612e636f6d301f0603551d1104183016811473636f742e7765697240636f6d6f646f2e636f6d300d06092a864886f70d01010505000382010100b33c0fee4668b9e86cd777fa94eb47dcaee7fb5b9b897b9458b12e511a194b6ad495ea4b6b820d1c7cd26badf92cfc13aaa9e66157a55545c7ea71460a4fa4e30e46b9ac16a36e94a1fcbc62b2abe402d2a58773344c4b23a0d907a9760029595421e478da67167f80876012443cd22573dc3806cdedbc6c8c4ed255bd926cecc7796ec36fb225d084f31afb5e5a2e86d26149212dda8aed2058ef0d7e7e677b463a7722431a0b5c0b9dc385b7d2e73bd781ee111c8f7e36d76e1db1f6ac98784227ed97cde3762d079741984d146a8ff96e411c1b1e4e711cd00a6150532ffaa13702a81f4514eae48ca0b98d8642a6cfe7711dc67d1b857bfecb4e863bc1f9 C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F8DB7E1C16F1FFD4AAAD4AAD8DFF0F2445184AEB C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349 C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\6CD253D636A7B4D0E0981431BC064061A9853ED9\Blob = 0300000001000000140000006cd253d636a7b4d0e0981431bc064061a9853ed920000000010000001b06000030820617308204ffa003020102021032327facb1bd6f1fa93473ccc515fd82300d06092a864886f70d01010b0500308191310b3009060355040613024742311b30190603550408131247726561746572204d616e636865737465723110300e0603550407130753616c666f7264311a3018060355040a1311434f4d4f444f204341204c696d69746564313730350603550403132e434f4d4f444f2052534120457874656e6465642056616c69646174696f6e20436f6465205369676e696e67204341301e170d3138303132343030303030305a170d3231303132333233353935395a308201153110300e060355040513073339313038303531133011060b2b0601040182373c0201031302555331193017060b2b0601040182373c020102130844656c6177617265311d301b060355040f131450726976617465204f7267616e697a6174696f6e310b3009060355040613025553310e300c06035504110c0530373031333113301106035504080c0a4e6577204a65727365793110300e06035504070c07436c6966746f6e311a301806035504090c11313235352042726f61642053747265657431283026060355040a0c1f436f6d6f646f20536563757269747920536f6c7574696f6e732c20496e632e3128302606035504030c1f436f6d6f646f20536563757269747920536f6c7574696f6e732c20496e632e30820122300d06092a864886f70d01010105000382010f003082010a0282010100b7713778a66667b8cd67f828f378f80a5507c4e8aa143cfd5b9b953ab16d04a965dcd386a35efe8378c1e0e5ceaf124f188102958962014e493cd80f11fc2ba339953a8bb71a9f030ebbe8742b4252ab465a2d41a829508a9eef5d34d171fcf0b5be026fe15e1a70288b2ecd4af1332924d53c0eefe5c7033482769cae8b5c5e8d59033fac40e94d714c5cd05e8db6f0edb71bb26565d52a025f35323203e9a7846d00a235f973d1e43f29a81dcd1bfef625d373f94a51cc8d2be8ee69702a73a694da69d9b0fbae7d1dee353683a2037a2019b9260a1b53f6c89d945b384c275670bdfac333301504af00749373356a1e7a422eb9363bdab713f9ad6b5bb1970203010001a38201e2308201de301f0603551d23041830168014df8ff3200ce9caa604d85b58372a3dab46dc8349301d0603551d0e04160414e18081b3e9396b7109e8b2add6c3d20ebf4b4814300e0603551d0f0101ff040403020780300c0603551d130101ff0402300030130603551d25040c300a06082b06010505070303301106096086480186f842010104040302041030460603551d20043f303d303b060c2b06010401b2310102010601302b302906082b06010505070201161d68747470733a2f2f7365637572652e636f6d6f646f2e636f6d2f43505330550603551d1f044e304c304aa048a0468644687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f434f4d4f444f525341457874656e64656456616c69646174696f6e436f64655369676e696e6743412e63726c30818606082b06010505070101047a3078305006082b060105050730028644687474703a2f2f6372742e636f6d6f646f63612e636f6d2f434f4d4f444f525341457874656e64656456616c69646174696f6e436f64655369676e696e6743412e637274302406082b060105050730018618687474703a2f2f6f6373702e636f6d6f646f63612e636f6d302e0603551d1104273025a02306082b06010505070803a01730150c1355532d44454c41574152452d33393130383035300d06092a864886f70d01010b050003820101004bc17929ea82f3c4787f7b29b69edb09e169797a9f4cd233f035412d2b9c586e352d2c0d1cd530a946a91ccd8858453573f0b45a0cdc743d662af4761420489adadbd9a84915b697f96ed1e49786c53000eb12555d3b2957eec18279326020737e2e3e4d621856026169ad6f6cf18ee7b59d5b6a7e6d8c252fa1a15363ec89a6efe5efdf4b260ad35c6a0e1db0250d1eb66ea7b91f15e0f57ecc0541e1ad74a2069f717dec0b1f03101b6812c13f64264f8c40a3614ffb8ccabedb974cda14eb50c061d5cd23dc7735cd0bcfdcef3fd178c1f95594a591031d05c8554cb5fe6fd23cb95931bf847f5b525a269aeac0336313e8f6e81ccb1692d86993724f709e C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F8DB7E1C16F1FFD4AAAD4AAD8DFF0F2445184AEB C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F8DB7E1C16F1FFD4AAAD4AAD8DFF0F2445184AEB\Blob = 1400000001000000140000008570009f77591e8cac3c9f77262819cc9ac18f32030000000100000014000000f8db7e1c16f1ffd4aaad4aad8dff0f2445184aeb0f0000000100000020000000ed55f82e1444f79ca9dce826846fdc4e0ea3859e3d26efef412d2fff0c7c8e6c20000000010000000906000030820605308203eda0030201020210078f0a9d03df119e434e4fec1bf0235a300d06092a864886f70d01010b0500308194310b3009060355040613025553311330110603550408130a57617368696e67746f6e3110300e060355040713075265646d6f6e64311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e313e303c060355040313354d6963726f736f667420446576656c6f706d656e7420526f6f7420436572746966696361746520417574686f726974792032303134301e170d3134303532383136343334365a170d3339303532383136353134385a308194310b3009060355040613025553311330110603550408130a57617368696e67746f6e3110300e060355040713075265646d6f6e64311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e313e303c060355040313354d6963726f736f667420446576656c6f706d656e7420526f6f7420436572746966696361746520417574686f72697479203230313430820222300d06092a864886f70d01010105000382020f003082020a0282020100c20f7f6d49bb39f04d943fe8fb4dc5eb3be1285ab9892a467ea5c333271d82893feb33a1876aeae882b9dac39d77d135c0cb833672a6571912bc15e2c83c7b83623414d5abb6de368ba15a71a65196a70633b3221d146253c2a5af9a40cabe2c485499e72a9368a769190b99693bc1b2acae94dc5fab7e02cade3ca774a68c10a0e5aeb69c35ef838b10e5972aba916b9a6a4595d9d054718e653fc48a53ca1e38470ae9d04184a5da1e66016504e6505b7735f5b42e29320cc6bf5f61ee3220b77c39f911faff605efec669f46f1e1ded1d06e7651e9a112e6344065f31431733e9a32682d44b83124fd2a126032548e13abd84f58ad5b46e1ae871200e45530167ade31e6be8b2e4abfdf53b8eba67af5984cc5c75d09daa5c72c42636a2ac324c6ab1f8331744d2a77d70eeeb70949abceaba1c104b635b38ddd2254504b2f0b35a7c0b0a8e21406437114d96694533e493839ef9b3b51c2b0571ea6dcce748b6b6de805010ca4938b35905704ebd9e880222586489eb40dab12d2d6a40885d23c33ed0f5d5b7908a28543962a2c5c6b1bf74cd8695f9456bccf207eaac5cd336f7a27ab5b472532a063ec337945858b14a71bb5ccd9cb2af109ad943363e528519e7422891118c8ce7bbdfe6c855087375f3960d86b7d2e506b2c08a54a86177207d6cd1feba68f3454aaf1184eb867d2f04f354ea20ffd5db3d250270870203010001a351304f300b0603551d0f040403020186300f0603551d130101ff040530030101ff301d0603551d0e041604148570009f77591e8cac3c9f77262819cc9ac18f32301006092b06010401823715010403020100300d06092a864886f70d01010b050003820201004f2574bd1f624f5f0ff74222d7d1d65304232ec5d5d7072b6b793b5f6d90ed1355d382f1f5028f3ef996267e0d421876fc6055825a86bd113339690fcee0b02bf15d19dfd8d2fa86a4cccdacf0d0ae9a8b2b248f03c1350d20b3dfc742ea77292e0a12fc0b1a458dd931840d8d02c0acfad212bf1e6a343eea8300a348754e72662da1a5129f37a85d4a7759cfd63afc30c5a609a5bfb108e3fb2c9f76c4fb4e611d6d23f3766985eb49bb0df73dd0aa05bcdd3d6e80445ed99a68ecc989c7e61a18f860a0e78cf6e6516f0ee025b863f9f9c20b8c3c9cb2f042cdbec3f5fe4929559c5e8696fba1ed6d2686e8b8208b5cc6e72d31c5aaca7d4b7da059a41efb5071e9afcfd6aa0d99de8e95269731a5f47f6df46815b8e3f7add8efd13875025ffd6d4efcb6fc2f451ba9cad11e7aff75181536c120e45f483a95eb7be4f5f6f4fec94b21a2a9ea8a9925cbe8444090d539b46b239b52bcc0c17e17666e650bf5741596a866ed856854b224e87588644589853c7a656b96e0f259ea4725660f6a1b0c3fd44ae64b26174709fed4d7b8e0cee72f94ad808b6770ccb77bcf1b2bb9d15bbdb8035cb1f01b412ce6535516e74a0e41089937e2a9d76d0e6a45e5ece388a9fdb69bc32820ceabc2936b516553bfa05e7b9d26349a514c8ca638d5865b3c55ee50ec000bcaacdcca10abdf189bd2ac0c8d084515af8535355ae526bc C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\E35E6F46A1A9A4D18A4DAA298BDA4D1E8879236E C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\SystemCertificates\CA\Certificates\8D4C4A23BA9EE84EA7348FA98CC6E65FBB69DE7B\Blob = 0300000001000000140000008d4c4a23ba9ee84ea7348fa98cc6e65fbb69de7b19000000010000001000000082218ffb91733e64136be5719f57c3a1040000000100000010000000ab9b109ce8934f11e7cd22ed550680da0f0000000100000030000000a768343c4aeaced5c72f3571938864983a67ed49031c1da2495863caf65fe507011f7f0e70b6cb40e5631c07721be034140000000100000014000000bbaf7e023dfaa6f13c848eadee3898ecd93232d41800000001000000100000002aa1c05e2ae606f198c2c5e937c97aa22000000001000000820500003082057e30820466a003020102021067def43ef17bdae24ff5940606d2c084300d06092a864886f70d01010c0500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a308185310b3009060355040613024742311b30190603550408131247726561746572204d616e636865737465723110300e0603550407130753616c666f7264311a3018060355040a1311434f4d4f444f204341204c696d69746564312b302906035504031322434f4d4f444f205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010091e85492d20a56b1ac0d24ddc5cf446774992b37a37d23700071bc53dfc4fa2a128f4b7f1056bd9f7072b7617fc94b0f17a73de3b00461eeff1197c7f4863e0afa3e5cf993e6347ad9146be79cb385a0827a76af7190d7ecfd0dfa9c6cfadfb082f4147ef9bec4a62f4f7f997fb5fc674372bd0c00d689eb6b2cd3ed8f981c14ab7ee5e36efcd8a8e49224da436b62b855fdeac1bc6cb68bf30e8d9ae49b6c6999f878483045d5ade10d3c4560fc32965127bc67c3ca2eb66bea46c7c720a0b11f65de4808baa44ea9f283463784ebe8cc814843674e722a9b5cbd4c1b288a5c227bb4ab98d9eee05183c309464e6d3e99fa9517da7c3357413c8d51ed0bb65caf2c631adf57c83fbce95dc49baf4599e2a35a24b4baa9563dcf6faaff4958bef0a8fff4b8ade937fbbab8f40b3af9e843421e89d884cb13f1d9bbe18960b88c2856ac141d9c0ae771ebcf0edd3da996a148bd3cf7afb50d224cc01181ec563bf6d3a2e25bb7b204225295809369e88e4c65f191032d707402ea8b671529695202bbd7df506a5546bfa0a328617f70d0c3a2aa2c21aa47ce289c064576bf821827b4d5aeb4cb50e66bf44c867130e9a6df1686e0d8ff40ddfbd042887fa3333a2e5c1e41118163ce18716b2beca68ab7315c3a6a47e0c37959d6201aaff26a98aa72bc574ad24b9dbb10fcb04c41e5ed1d3d5e289d9cccbfb351daa747e584530203010001a381f23081ef301f0603551d23041830168014a0110a233e96f107ece2af29ef82a57fd030a4b4301d0603551d0e04160414bbaf7e023dfaa6f13c848eadee3898ecd93232d4300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff30110603551d20040a300830060604551d200030430603551d1f043c303a3038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c303406082b0601050507010104283026302406082b060105050730018618687474703a2f2f6f6373702e636f6d6f646f63612e636f6d300d06092a864886f70d01010c050003820101007ff25635b06d954a4e74af3ae26f018b87d33297edf840d2775311d7c7162ec69de64856be80a9f8bc78d2c86317ae8ced1631fa1f18c90ec7ee48799fc7c9b9bccc8815e36861d19f1d4b6181d7560463c2086926f0f0e52fdfc00a2ba905f4025a6a89d7b4844295e3ebf776205e35d9c0cd2508134c71388e87b0338491991e91f1ac9e3fa71d60812c364154a0e246060bac1bc799368c5ea10ba49ed9424624c5c55b81aeada0a0dc9f36b88dc21d15fa88ad8110391f44f02b9fdd10540c0734b136d114fd07023dff7255ab27d62c814171298d41f450571a7e6560afcbc5287698aeb3a853768be621526bea21d0840e494e8853da922ee71d0866d7 C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\SystemCertificates\CA\Certificates\D89E3BD43D5D909B47A18977AA9D5CE36CEE184C C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\E35E6F46A1A9A4D18A4DAA298BDA4D1E8879236E C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\6CD253D636A7B4D0E0981431BC064061A9853ED9 C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\31D019FC7AB697D57D9C4AFB340ED7C4D10400DF C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\31D019FC7AB697D57D9C4AFB340ED7C4D10400DF\Blob = 03000000010000001400000031d019fc7ab697d57d9c4afb340ed7c4d10400df2000000001000000250600003082062130820509a00302010202101b427b060e2866bfb586cc267e1c3eaa300d06092a864886f70d01010b0500308191310b3009060355040613024742311b30190603550408131247726561746572204d616e636865737465723110300e0603550407130753616c666f7264311a3018060355040a1311434f4d4f444f204341204c696d69746564313730350603550403132e434f4d4f444f2052534120457874656e6465642056616c69646174696f6e20436f6465205369676e696e67204341301e170d3138313230343030303030305a170d3231313230333233353935395a308201093110300e060355040513073339313038303531133011060b2b0601040182373c0201031302555331193017060b2b0601040182373c020102130844656c6177617265311d301b060355040f131450726976617465204f7267616e697a6174696f6e310b3009060355040613025553310e300c06035504110c053037303133310b300906035504080c024e4a3110300e06035504070c07436c6966746f6e3116301406035504090c0d313235352042726f616420537431283026060355040a0c1f436f6d6f646f20536563757269747920536f6c7574696f6e732c20496e632e3128302606035504030c1f436f6d6f646f20536563757269747920536f6c7574696f6e732c20496e632e30820122300d06092a864886f70d01010105000382010f003082010a0282010100ad390c8bc919005d5894a91a9585ef887fbd7c2341ff5ebb3efc6f645a66c55e6da11febce740e53ed9416284dfc7d142e4dc21f99753b5f60ae9aadc764b59efd9ffd33b20ae1c54eba629408a1b095a59cf4af0ad9db9bc494250154dcd0edefcec62e4b248d9a793b703aa15255baf3553fa59d4dc558ba4303af630bb626cd6627e0c4a45764ec3b286c38ab2499f9dc13eefdffa7841297ff533b47061b9aa3ff09ee3f04a7b10ba70894e53f3352b1f60eddfc021a66546e3392795bb6ae49a92f189ec2a7cdd9a935fab33a5ce7fc16c4b7e8ca13b4551d38a6a7c0658298a5adf5f6796675f58e1bb4ce410ff704bc5e845bc1ef83c18a0d50e137370203010001a38201f8308201f4301f0603551d23041830168014df8ff3200ce9caa604d85b58372a3dab46dc8349301d0603551d0e041604142d99b81962209042dc650eb36ec07ad996e48c4d300e0603551d0f0101ff040403020780300c0603551d130101ff0402300030130603551d25040c300a06082b06010505070303301106096086480186f842010104040302041030460603551d20043f303d303b060c2b06010401b2310102010601302b302906082b06010505070201161d68747470733a2f2f7365637572652e636f6d6f646f2e636f6d2f43505330550603551d1f044e304c304aa048a0468644687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f434f4d4f444f525341457874656e64656456616c69646174696f6e436f64655369676e696e6743412e63726c30818606082b06010505070101047a3078305006082b060105050730028644687474703a2f2f6372742e636f6d6f646f63612e636f6d2f434f4d4f444f525341457874656e64656456616c69646174696f6e436f64655369676e696e6743412e637274302406082b060105050730018618687474703a2f2f6f6373702e636f6d6f646f63612e636f6d30440603551d11043d303ba02306082b06010505070803a01730150c1355532d44454c41574152452d33393130383035811473636f742e7765697240636f6d6f646f2e636f6d300d06092a864886f70d01010b050003820101007f4d3e6594a3e380fac36b00e97ccacce4786be2ecc13cf37e737aaca0328bb8bfdcd513daff94aba1c7ee00cc8a3bd073157a812f6e31f772781d0bb922a8b86932b296c2312cdf3b239c42bb443b4b1b89b36de34a7fae65ac63eb6ead8812f8d373fa6f1a4e8d9e62eb004caae3639e41e08ed48d640b04725b09b4411dc083587e7fe24b33d90677677960efa6299cc85c4b2bfae4cdfe36581d25e029f6af1a7e77f502882d87597f3cc5bb450a71f9fd57f43b321baa4cbe5213a48a2c5b785a9de4103d5029e4db79403e98784e51379d45a86996b183469e98470731d1a603eaa443a05527aca62f51631722dc0dfe5d74c8298d2aed885d34c9be61 C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\E35E6F46A1A9A4D18A4DAA298BDA4D1E8879236E\Blob = 0f0000000100000014000000e3b244cda88b1ab5a7dc09039d0c3142ae6361e7030000000100000014000000e35e6f46a1a9a4d18a4daa298bda4d1e8879236e20000000010000005f0500003082055b30820443a003020102021100d9218e2757ec45d84ec08b3e6700c85e300d06092a864886f70d0101050500307b310b3009060355040613024742311b30190603550408131247726561746572204d616e636865737465723110300e0603550407130753616c666f7264311a3018060355040a1311434f4d4f444f204341204c696d697465643121301f06035504031318434f4d4f444f20436f6465205369676e696e672043412032301e170d3138313231313030303030305a170d3139303730373233353935395a3081a8310b3009060355040613025553310e300c06035504110c053037303133310b300906035504080c024e4a3110300e06035504070c07436c6966746f6e3116301406035504090c0d313235352042726f616420537431283026060355040a0c1f436f6d6f646f20536563757269747920536f6c7574696f6e732c20496e632e3128302606035504030c1f436f6d6f646f20536563757269747920536f6c7574696f6e732c20496e632e30820122300d06092a864886f70d01010105000382010f003082010a0282010100b73a668ff7984c8d990d7c6e51df5176c7842cc1bf351c27286c6139f4831fc718a35b0fa9145f0887de8bce335e8e3e12fce763cab5deeae08e0bf325cd79a4fbb328d7c7f7d53de51bd3c05c5966b634a9b1fc4362afd0267f927dd90a52b6a5f5f0e29c8e94dfe4199b2cf31142bb480e95ecb92b6ca20ecd71ff210df9655e9e9ac856ad7aab929b843052d4a21c27ea4054a9f4e8c4cd88943b1a4d3a58b3e06eb654c6c09cef472d6fb0d05a841ce229b53a5d36bd08cbfdc552f7c758efaa7824c1d27e30a83d7a9cecaab4bd91b2cbd60d1335fc4ac0f0294dd2eeb3f65139467761f091840246ff644edbfacb9ffd7ef2823fd9eea312dd299a39af0203010001a38201aa308201a6301f0603551d230418301680141ec5b12c7d87da02687c25bc0c07843fb6cfdef1301d0603551d0e041604147c4f2b645af103043ca7675e8c129c16dee7164c300e0603551d0f0101ff040403020780300c0603551d130101ff0402300030130603551d25040c300a06082b06010505070303301106096086480186f842010104040302041030460603551d20043f303d303b060c2b06010401b2310102010302302b302906082b06010505070201161d68747470733a2f2f7365637572652e636f6d6f646f2e6e65742f43505330410603551d1f043a30383036a034a0328630687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f434f4d4f444f436f64655369676e696e674341322e63726c307206082b0601050507010104663064303c06082b060105050730028630687474703a2f2f6372742e636f6d6f646f63612e636f6d2f434f4d4f444f436f64655369676e696e674341322e637274302406082b060105050730018618687474703a2f2f6f6373702e636f6d6f646f63612e636f6d301f0603551d1104183016811473636f742e7765697240636f6d6f646f2e636f6d300d06092a864886f70d01010505000382010100b33c0fee4668b9e86cd777fa94eb47dcaee7fb5b9b897b9458b12e511a194b6ad495ea4b6b820d1c7cd26badf92cfc13aaa9e66157a55545c7ea71460a4fa4e30e46b9ac16a36e94a1fcbc62b2abe402d2a58773344c4b23a0d907a9760029595421e478da67167f80876012443cd22573dc3806cdedbc6c8c4ed255bd926cecc7796ec36fb225d084f31afb5e5a2e86d26149212dda8aed2058ef0d7e7e677b463a7722431a0b5c0b9dc385b7d2e73bd781ee111c8f7e36d76e1db1f6ac98784227ed97cde3762d079741984d146a8ff96e411c1b1e4e711cd00a6150532ffaa13702a81f4514eae48ca0b98d8642a6cfe7711dc67d1b857bfecb4e863bc1f9 C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\6CD253D636A7B4D0E0981431BC064061A9853ED9 C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe N/A

Suspicious behavior: LoadsDriver

Description Indicator Process Target
N/A N/A N/A N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeTcbPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeCreateTokenPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A
Token: SeAssignPrimaryTokenPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A
Token: SeMachineAccountPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A
Token: SeTcbPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A
Token: SeSystemtimePrivilege N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A
Token: SeCreatePermanentPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A
Token: SeRestorePrivilege N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A
Token: SeAuditPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A
Token: SeChangeNotifyPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A
Token: SeUndockPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A
Token: SeSyncAgentPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A
Token: SeEnableDelegationPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A
Token: SeManageVolumePrivilege N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A
Token: SeImpersonatePrivilege N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTcbPrivilege N/A C:\Windows\system32\MsiExec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTcbPrivilege N/A C:\Windows\system32\MsiExec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTcbPrivilege N/A C:\Windows\system32\MsiExec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTcbPrivilege N/A C:\Windows\system32\MsiExec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTcbPrivilege N/A C:\Windows\system32\MsiExec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTcbPrivilege N/A C:\Windows\system32\MsiExec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTcbPrivilege N/A C:\Windows\system32\MsiExec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\cav_installer.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2512 wrote to memory of 768 N/A C:\Users\Admin\AppData\Local\Temp\cav_installer.exe C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe
PID 2512 wrote to memory of 768 N/A C:\Users\Admin\AppData\Local\Temp\cav_installer.exe C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe
PID 2512 wrote to memory of 768 N/A C:\Users\Admin\AppData\Local\Temp\cav_installer.exe C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe
PID 2512 wrote to memory of 768 N/A C:\Users\Admin\AppData\Local\Temp\cav_installer.exe C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe
PID 2512 wrote to memory of 768 N/A C:\Users\Admin\AppData\Local\Temp\cav_installer.exe C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe
PID 2512 wrote to memory of 768 N/A C:\Users\Admin\AppData\Local\Temp\cav_installer.exe C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe
PID 2512 wrote to memory of 768 N/A C:\Users\Admin\AppData\Local\Temp\cav_installer.exe C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe
PID 3560 wrote to memory of 3308 N/A C:\Windows\system32\msiexec.exe C:\Windows\system32\MsiExec.exe
PID 3560 wrote to memory of 3308 N/A C:\Windows\system32\msiexec.exe C:\Windows\system32\MsiExec.exe
PID 3560 wrote to memory of 3308 N/A C:\Windows\system32\msiexec.exe C:\Windows\system32\MsiExec.exe
PID 3560 wrote to memory of 3308 N/A C:\Windows\system32\msiexec.exe C:\Windows\system32\MsiExec.exe
PID 3560 wrote to memory of 3308 N/A C:\Windows\system32\msiexec.exe C:\Windows\system32\MsiExec.exe
PID 3560 wrote to memory of 3140 N/A C:\Windows\system32\msiexec.exe C:\Windows\system32\MsiExec.exe
PID 3560 wrote to memory of 3140 N/A C:\Windows\system32\msiexec.exe C:\Windows\system32\MsiExec.exe
PID 3560 wrote to memory of 3140 N/A C:\Windows\system32\msiexec.exe C:\Windows\system32\MsiExec.exe
PID 3560 wrote to memory of 3140 N/A C:\Windows\system32\msiexec.exe C:\Windows\system32\MsiExec.exe
PID 3560 wrote to memory of 3140 N/A C:\Windows\system32\msiexec.exe C:\Windows\system32\MsiExec.exe
PID 3560 wrote to memory of 2384 N/A C:\Windows\system32\msiexec.exe C:\Windows\Installer\MSI3686.tmp
PID 3560 wrote to memory of 2384 N/A C:\Windows\system32\msiexec.exe C:\Windows\Installer\MSI3686.tmp
PID 3560 wrote to memory of 2384 N/A C:\Windows\system32\msiexec.exe C:\Windows\Installer\MSI3686.tmp
PID 2384 wrote to memory of 2392 N/A C:\Windows\Installer\MSI3686.tmp C:\Windows\Installer\MSI3686.tmp
PID 2384 wrote to memory of 2392 N/A C:\Windows\Installer\MSI3686.tmp C:\Windows\Installer\MSI3686.tmp
PID 2384 wrote to memory of 2392 N/A C:\Windows\Installer\MSI3686.tmp C:\Windows\Installer\MSI3686.tmp
PID 3560 wrote to memory of 3684 N/A C:\Windows\system32\msiexec.exe C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe
PID 3560 wrote to memory of 3684 N/A C:\Windows\system32\msiexec.exe C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe
PID 3560 wrote to memory of 3684 N/A C:\Windows\system32\msiexec.exe C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe
PID 3560 wrote to memory of 3800 N/A C:\Windows\system32\msiexec.exe C:\Windows\system32\regsvr32.exe
PID 3560 wrote to memory of 3800 N/A C:\Windows\system32\msiexec.exe C:\Windows\system32\regsvr32.exe
PID 3560 wrote to memory of 3800 N/A C:\Windows\system32\msiexec.exe C:\Windows\system32\regsvr32.exe
PID 3560 wrote to memory of 3800 N/A C:\Windows\system32\msiexec.exe C:\Windows\system32\regsvr32.exe
PID 3560 wrote to memory of 3800 N/A C:\Windows\system32\msiexec.exe C:\Windows\system32\regsvr32.exe
PID 3560 wrote to memory of 3820 N/A C:\Windows\system32\msiexec.exe C:\Windows\system32\regsvr32.exe
PID 3560 wrote to memory of 3820 N/A C:\Windows\system32\msiexec.exe C:\Windows\system32\regsvr32.exe
PID 3560 wrote to memory of 3820 N/A C:\Windows\system32\msiexec.exe C:\Windows\system32\regsvr32.exe
PID 3560 wrote to memory of 3820 N/A C:\Windows\system32\msiexec.exe C:\Windows\system32\regsvr32.exe
PID 3560 wrote to memory of 3820 N/A C:\Windows\system32\msiexec.exe C:\Windows\system32\regsvr32.exe
PID 3560 wrote to memory of 3832 N/A C:\Windows\system32\msiexec.exe C:\Program Files\COMODO\COMODO Internet Security\cisbf.exe
PID 3560 wrote to memory of 3832 N/A C:\Windows\system32\msiexec.exe C:\Program Files\COMODO\COMODO Internet Security\cisbf.exe
PID 3560 wrote to memory of 3832 N/A C:\Windows\system32\msiexec.exe C:\Program Files\COMODO\COMODO Internet Security\cisbf.exe
PID 3560 wrote to memory of 1080 N/A C:\Windows\system32\msiexec.exe C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe
PID 3560 wrote to memory of 1080 N/A C:\Windows\system32\msiexec.exe C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe
PID 3560 wrote to memory of 1080 N/A C:\Windows\system32\msiexec.exe C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe
PID 3140 wrote to memory of 3968 N/A C:\Windows\system32\MsiExec.exe C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe
PID 3140 wrote to memory of 3968 N/A C:\Windows\system32\MsiExec.exe C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe
PID 3140 wrote to memory of 3968 N/A C:\Windows\system32\MsiExec.exe C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe
PID 3140 wrote to memory of 3996 N/A C:\Windows\system32\MsiExec.exe C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe
PID 3140 wrote to memory of 3996 N/A C:\Windows\system32\MsiExec.exe C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe
PID 3140 wrote to memory of 3996 N/A C:\Windows\system32\MsiExec.exe C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe
PID 3140 wrote to memory of 4012 N/A C:\Windows\system32\MsiExec.exe C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe
PID 3140 wrote to memory of 4012 N/A C:\Windows\system32\MsiExec.exe C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe
PID 3140 wrote to memory of 4012 N/A C:\Windows\system32\MsiExec.exe C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe
PID 3140 wrote to memory of 4072 N/A C:\Windows\system32\MsiExec.exe C:\Windows\system32\runonce.exe
PID 3140 wrote to memory of 4072 N/A C:\Windows\system32\MsiExec.exe C:\Windows\system32\runonce.exe
PID 3140 wrote to memory of 4072 N/A C:\Windows\system32\MsiExec.exe C:\Windows\system32\runonce.exe
PID 4072 wrote to memory of 2912 N/A C:\Windows\system32\runonce.exe C:\Windows\System32\grpconv.exe
PID 4072 wrote to memory of 2912 N/A C:\Windows\system32\runonce.exe C:\Windows\System32\grpconv.exe
PID 4072 wrote to memory of 2912 N/A C:\Windows\system32\runonce.exe C:\Windows\System32\grpconv.exe
PID 3140 wrote to memory of 3572 N/A C:\Windows\system32\MsiExec.exe C:\Windows\system32\runonce.exe
PID 3140 wrote to memory of 3572 N/A C:\Windows\system32\MsiExec.exe C:\Windows\system32\runonce.exe
PID 3140 wrote to memory of 3572 N/A C:\Windows\system32\MsiExec.exe C:\Windows\system32\runonce.exe
PID 3572 wrote to memory of 3488 N/A C:\Windows\system32\runonce.exe C:\Windows\System32\grpconv.exe
PID 3572 wrote to memory of 3488 N/A C:\Windows\system32\runonce.exe C:\Windows\System32\grpconv.exe
PID 3572 wrote to memory of 3488 N/A C:\Windows\system32\runonce.exe C:\Windows\System32\grpconv.exe
PID 3560 wrote to memory of 1584 N/A C:\Windows\system32\msiexec.exe C:\Windows\system32\regsvr32.exe

Uses Task Scheduler COM API

persistence

Uses Volume Shadow Copy service COM API

ransomware

Processes

C:\Users\Admin\AppData\Local\Temp\cav_installer.exe

"C:\Users\Admin\AppData\Local\Temp\cav_installer.exe"

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe

"C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe" -log -setupname "cav_installer.exe" -sfx "C:\Users\Admin\AppData\Local\Temp" -theme lycia -type web -mode cavfree

C:\Windows\system32\msiexec.exe

C:\Windows\system32\msiexec.exe /V

C:\Windows\system32\MsiExec.exe

C:\Windows\system32\MsiExec.exe -Embedding 31A7BBB65796A18132D9DED029B2ADDD

C:\Windows\system32\MsiExec.exe

C:\Windows\system32\MsiExec.exe -Embedding 2EC7DCA72789D90E718C86BA178186FC M Global\MSI0000

C:\Windows\Installer\MSI3686.tmp

"C:\Windows\Installer\MSI3686.tmp" -rptype 0 -descr "Installing COMODO Antivirus" -logfile "C:\Users\Admin\AppData\Local\Temp\COMODO Internet Security dbgout.log"

C:\Windows\Installer\MSI3686.tmp

"C:\Windows\Installer\MSI3686.tmp" -rptype 0 -descr "Installing COMODO Antivirus" -logfile "C:\Users\Admin\AppData\Local\Temp\COMODO Internet Security dbgout.log" -working

C:\Windows\system32\vssvc.exe

C:\Windows\system32\vssvc.exe

C:\Windows\system32\DrvInst.exe

DrvInst.exe "1" "200" "STORAGE\VolumeSnapshot\HarddiskVolumeSnapshot19" "" "" "61530dda3" "0000000000000000" "00000000000005A8" "00000000000005B0"

C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe

"C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe" --installCertificates

C:\Windows\system32\regsvr32.exe

"regsvr32.exe" /s "C:\Program Files\COMODO\COMODO Internet Security\cisresc.dll"

C:\Windows\system32\regsvr32.exe

"regsvr32.exe" /s "C:\Program Files\COMODO\COMODO Internet Security\cisbfps.dll"

C:\Program Files\COMODO\COMODO Internet Security\cisbf.exe

"C:\Program Files\COMODO\COMODO Internet Security\cisbf.exe" /RegServer

C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe

"C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe" --updateHtml

C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe

"C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe" --langID 1033 --createConfig "active=avfw;dplus=opt;esm=0;av=1;fw=0;cesfw=0;cesav=1;cessandbox=1;free=1;noalerts=1;cloud=1;sendstats=1;configfile=;fwstate=0;dfstate=0;avstate=0;bbstate=0;avservers=0;standalone=1;useblob=1;trustnewnets=0;"

C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe

"C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe" --upgradeBackuped=""

C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe

"C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe" --windowsDefence df-

C:\Windows\system32\runonce.exe

"C:\Windows\system32\runonce.exe" -r

C:\Windows\System32\grpconv.exe

"C:\Windows\System32\grpconv.exe" -o

C:\Windows\system32\runonce.exe

"C:\Windows\system32\runonce.exe" -r

C:\Windows\System32\grpconv.exe

"C:\Windows\System32\grpconv.exe" -o

C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe

"C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe"

C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe

"C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe" /ModeAvMonitor -Embedding

C:\Windows\system32\regsvr32.exe

"regsvr32.exe" /s "C:\Program Files\COMODO\COMODO Internet Security\cavshell.dll"

C:\Windows\syswow64\MsiExec.exe

"C:\Windows\syswow64\MsiExec.exe" /Y "C:\Program Files\COMODO\COMODO Internet Security\cmdcom32.dll"

C:\Windows\system32\MsiExec.exe

"C:\Windows\system32\MsiExec.exe" /Y "C:\Program Files\COMODO\COMODO Internet Security\cmdcomps.dll"

C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe

"C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe" /ModeAvMonitor -Embedding

C:\Windows\system32\MsiExec.exe

"C:\Windows\system32\MsiExec.exe" /Y "C:\Program Files\COMODO\COMODO Internet Security\cavwpps.dll"

C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe

"C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe" /ModeAvMonitor -Embedding

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 download.comodo.com udp
US 162.255.25.209:443 download.comodo.com tcp
US 8.8.8.8:53 cdn.download.comodo.com udp
FR 185.93.2.251:443 cdn.download.comodo.com tcp
US 162.255.25.209:443 download.comodo.com tcp
US 162.255.25.209:443 download.comodo.com tcp
US 162.255.25.209:443 download.comodo.com tcp
FR 185.93.2.251:443 cdn.download.comodo.com tcp
US 8.8.8.8:53 download.adtrustmedia.com udp
US 162.255.25.209:443 download.comodo.com tcp
US 69.57.168.134:443 download.adtrustmedia.com tcp
US 162.255.25.209:443 download.comodo.com tcp
US 8.8.8.8:53 cdn.download.comodo.com udp
FR 143.244.56.50:443 cdn.download.comodo.com tcp
US 162.255.25.209:443 download.comodo.com tcp
FR 143.244.56.50:443 cdn.download.comodo.com tcp
US 162.255.25.209:443 download.comodo.com tcp
FR 143.244.56.50:443 cdn.download.comodo.com tcp
US 162.255.25.209:443 download.comodo.com tcp
FR 143.244.56.50:443 cdn.download.comodo.com tcp
US 162.255.25.209:443 download.comodo.com tcp
FR 143.244.56.50:443 cdn.download.comodo.com tcp
US 162.255.25.209:443 download.comodo.com tcp
FR 143.244.56.50:443 cdn.download.comodo.com tcp
US 162.255.25.209:443 download.comodo.com tcp
FR 143.244.56.50:443 cdn.download.comodo.com tcp
US 162.255.25.209:443 download.comodo.com tcp
FR 143.244.56.50:443 cdn.download.comodo.com tcp
US 162.255.25.209:443 download.comodo.com tcp
FR 143.244.56.50:443 cdn.download.comodo.com tcp
US 69.57.168.134:443 download.adtrustmedia.com tcp
US 8.8.8.8:53 download.comodo.com udp
US 162.255.25.209:443 download.comodo.com tcp
US 162.255.25.209:443 download.comodo.com tcp
US 8.8.8.8:53 cdn.download.comodo.com udp
FR 185.93.2.244:443 cdn.download.comodo.com tcp
US 162.255.25.209:443 download.comodo.com tcp
US 162.255.25.209:443 download.comodo.com tcp
FR 185.93.2.244:443 cdn.download.comodo.com tcp
US 162.255.25.209:443 download.comodo.com tcp
FR 185.93.2.244:443 cdn.download.comodo.com tcp
US 162.255.25.209:443 download.comodo.com tcp
FR 185.93.2.244:443 cdn.download.comodo.com tcp
US 8.8.8.8:53 cmc.comodo.com udp
US 8.8.8.8:53 licensing.security.comodo.com udp
US 8.8.8.8:53 licensing.security.comodo.com udp
GB 178.255.85.135:443 cmc.comodo.com tcp
US 45.32.1.220:443 licensing.security.comodo.com tcp
US 45.32.1.220:443 licensing.security.comodo.com tcp
US 45.32.1.220:443 licensing.security.comodo.com tcp
US 8.8.8.8:53 download.comodo.com udp
US 8.8.8.8:53 download.comodo.com udp
US 8.8.8.8:53 download.comodo.com udp
US 8.8.8.8:53 download.comodo.com udp
US 162.255.25.209:443 download.comodo.com tcp
US 162.255.25.209:443 download.comodo.com tcp
US 162.255.25.209:443 download.comodo.com tcp
US 162.255.25.209:443 download.comodo.com tcp
US 162.255.25.209:443 download.comodo.com tcp
US 162.255.25.209:443 download.comodo.com tcp
US 8.8.8.8:53 cdn.download.comodo.com udp
US 8.8.8.8:53 cdn.download.comodo.com udp
US 8.8.8.8:53 cdn.download.comodo.com udp
US 8.8.8.8:53 cdn.download.comodo.com udp
US 8.8.8.8:53 cdn.download.comodo.com udp
US 8.8.8.8:53 cdn.download.comodo.com udp
FR 185.93.2.251:443 cdn.download.comodo.com tcp
FR 185.93.2.244:443 cdn.download.comodo.com tcp
FR 185.93.2.246:443 cdn.download.comodo.com tcp
FR 185.93.2.244:443 cdn.download.comodo.com tcp
FR 185.93.2.251:443 cdn.download.comodo.com tcp
FR 143.244.56.50:443 cdn.download.comodo.com tcp
GB 178.255.85.135:443 cmc.comodo.com tcp
US 8.8.8.8:53 accounts.comodo.com udp
US 137.184.246.236:443 accounts.comodo.com tcp
US 162.255.25.209:443 download.comodo.com tcp
US 162.255.25.209:443 download.comodo.com tcp
US 8.8.8.8:53 cis.td.security.comodo.com udp
US 209.127.178.107:443 cis.td.security.comodo.com tcp
US 8.8.8.8:53 crl.microsoft.com udp
NL 23.63.101.152:80 crl.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
GB 178.255.85.135:443 cmc.comodo.com tcp
US 209.127.178.102:443 cis.td.security.comodo.com tcp
US 209.127.178.76:443 cis.td.security.comodo.com tcp

Files

\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe

MD5 74cf93a3d559a630911fc94568b99e1e
SHA1 a5f164154e164174c715e493f440b1935ec53af8
SHA256 fe82eb2103b177370e742aee40a2b840805516ff23867f6b9bd3655a401eb50b
SHA512 c000d512e270d7f89058fe52a3ecfac6f60462eed21b134ebb57640cc6425e7ece9b6ce683acc666d8358875c8d621497a8e3eb95b4ad72311efb9d12c03100a

\Users\Admin\AppData\Local\Temp\7ZipSfx.000\7za.dll

MD5 7baac18fb157c76574ca3d7a2f5eb193
SHA1 6460577ce621fa28133096073376f6a88f8acd61
SHA256 347144ae998d96c6b8664abf56f3ff8cfa4dcdfd6e13205d7e8ee2f3b77eefc2
SHA512 513cc213da81db470f8675c29162f4b724bb92a690edd451025eb68588971eebb937f88cc5a659222f2bbbd99440aa56800bf4167bb8912ea87a0b2648b002ea

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdhtml.dll

MD5 6d9aa26bb18af69dc74ae8e822eb53dd
SHA1 6ef20da9b9e70afa742f047f1c6f9d3e58290450
SHA256 cf140523b8834de1c37efa29b02adcdc88babc0f8ee90ba93dd98c260d7036c3
SHA512 3a9e8f15d207e98bb182f8d1838e93dba9750e6cfc79b72aab0706f969866447e50b3ab28bc1768a7cac7e7733cde80085cabcefefae0d287f08374578935c36

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\Tar1F49.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 82ffbbef07e0472b33221b56af8b6754
SHA1 a4ca28924de7b080f59df263bd5632aca982b702
SHA256 3faecf7e472d8e4ec3187348a7fd8d83784d3f59f61a31122326bb4274873ee2
SHA512 fa316d438d66bad343024d4bf60d0b80a55625444ef2a40a7526798d93fdb7493b270deb313f6a360fa50f66b4df2c5621c3b82551340978229fe6479e586815

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6027698aa2d929b1945bb2bf1993bf93
SHA1 65226d64af8693715488661669590764e51c2402
SHA256 94689b61b99f2c0ad2a30ac056bd4ce8607ba3e504e0038a2f718a2ba93b5db9
SHA512 8e306c5c0d7b75ab4edec88eed0d6f1705d0f4a96b70c9ea25b4a253d21e8a0926b049c4c6a65a90aea9f473406b91278852239fbcd244b761d0d47510f8de6f

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\themes\ilycia.set

MD5 7b85f91536c8342ac64d3edece2af7fe
SHA1 1e28c62364f606f03078e985222a2e3400a483c6
SHA256 918e7aad857776a895ecdf850665c355026882bcf1e0eba279ff4f7aa4b6bbae
SHA512 42cbaca95018eba8b05d3d586dbe8537ec1130af9edd813c4e7affef88c804a4ae65d9a446a95326508cd21da03a7e6a7969f6de5a68e69ce86c827f4308ac5a

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdres.dll

MD5 a4b3e07a9d407bca7a0ed76ea7c4945f
SHA1 af16d87110e2f9e64d5c35a6d522151b69377bbc
SHA256 b115a17e7500dbc34cce1f8e84a59f072a26ad49be5dcde6ac5908e4d2ad3555
SHA512 77c6ba298f5bd4c04192660d365d2a45ecb23fa441818735bd01050677037e1976670dcb457b6684343fbccb02a6fcfd98f22ae9f2de263057157917ee28d981

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\installer_langdata.bin

MD5 b80eda6258e28b537651f8e5ebd997ff
SHA1 826741e138e8342f4bc3303838e347a44bb93546
SHA256 6e960dfed451c2dfb99352d25d3df8dd46fe7d80c9af79805c0cfbd1a99a2709
SHA512 9fce1cb5fe8b6a2bc4d13c1ca3ec31c926c6dd33717f145da6952ae33144eb11a6ee9e751e1d3e2d5d6ce7768e9f9602773a917d9f5f8473670e6d631b932b74

C:\ProgramData\Comodo Downloader\cis\download\installs\8050\installer_data\binaries\files_info.dat

MD5 f42c56a1f750bdf43155a2aee0f1407c
SHA1 0929dd9594fccffe5e7e43ea33a5eb6467afab0b
SHA256 86e8a71d1327fe5f26901c8a7d10bac322dce1ff621e1339db9c7b6ab905244c
SHA512 31dc56d6455391a0075ab59d438335c9d38da43e1ef974bcdf14be059d63d48f8a8f7a1f6cd9eb5e790519a3824f59387abafef48417bbeb74e34b526646b8d9

C:\Users\Admin\AppData\Local\Temp\COMODO Antivirus_24-06-01 07.10.07.log

MD5 7b6e2764cd8186079d67fbce9642fe33
SHA1 76e5bcf793b50a6f6b898d81e9b00518bdabcedb
SHA256 2267d759de9a423832367ead87c8e8ed418ad3bd6a9be1ea666fd799cff89657
SHA512 62c450a888084a813a6e71601dc12ae06c337dee39156bb910c69549b26fa04a0036c81c1cf533ab180c1f5e5dea6a26ecd5899ab03ca4e1eaffbc8d3a282db5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\5080DC7A65DB6A5960ECD874088F3328_79CFD3DF2894C4BFDA2ADFD6675FA18B

MD5 ca717d4ff2cc3464e706594d739f9196
SHA1 cc574d9890e8037ae0cd44b2674f6cd814610f87
SHA256 66ed6457bedab37ba78c62303ef4cab5998e7852c6b8e42e2c2c7ae0aa7417ed
SHA512 a20680759913f19e54a988bb418382a690ee53824be69d9a913a622217100d1ebbbea723f209748fa0c4122ff2ee359c85be1d7127653a6c8246f7b492bc4716

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\5080DC7A65DB6A5960ECD874088F3328_79CFD3DF2894C4BFDA2ADFD6675FA18B

MD5 d58e8fe7f69017cc5df020f11653f9d1
SHA1 9360c6357881294ac27ed86e52275cfc3d0ac5c4
SHA256 b20cf79ba01c7354abf82aa3e361c5c951d47296b5f707aa1c3726f3b0173881
SHA512 4b51a7f1c318b0e75e39d3355e6adbbb41f9dfeebe4d1304f024aca882c24f6be037efbf7af3653b83d9dead10518e11ac5bd7b181ebcd07ab50c1e9d66c438b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7D11549FC90445E1CE90F96A21958A17_941A5BE5FAF3230B9FC294754AF2A1C3

MD5 43432c50e7dcd48ddef7104a3adfc790
SHA1 24864aa145bd1c14335353abf81d7444da8377ef
SHA256 c919278f34b9b472b8be47abd92f4ec04e2c6d34a67edd39b80a9a50747016f1
SHA512 798c92b89412e9d119fbd0d6aa87a39a957816b3df9f468d5f020b3537d1626f21d22e8fe887d52e60c8cbb72a5e3fbde1e7f0061abe5bfc1cb9ebedf49137d1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7D11549FC90445E1CE90F96A21958A17_941A5BE5FAF3230B9FC294754AF2A1C3

MD5 6745f9dc413026cfe4241f2c26e4545f
SHA1 e5ae27681d0753170070b1f78feba38250835aac
SHA256 722bf0705ff9a401e346fa338bee3395aafc06b06a3e76bb766d8b26b5b365f8
SHA512 263524ed6a5594af18001fedf87f4997bff7ab6f87d4f94ea7ce489e8dbb6a4c54db1341ad122223ba17b6f5bc9e2ff6232981d3d0d8fd0c78ddbba0930e64a5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B2FAF7692FD9FFBD64EDE317E42334BA_2DBE917624E9880FE0C7C5570D56E691

MD5 8ba657489fa4c27e599af2594f82a47f
SHA1 38cacec6ddab083174de581cec4f6d3a2556fded
SHA256 c65292440779c0727c5715518ab878d2bf325c54881b60edf911f45eeedd8038
SHA512 bfc78ae5ffd808d78413f16204f984f636ada625113083e68634730a04e4798dd04506a7b488d13068c0a966b74bb4e635c935d522a7c36c4dc33f215443c1fe

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B2FAF7692FD9FFBD64EDE317E42334BA_2DBE917624E9880FE0C7C5570D56E691

MD5 14a5b17fc1f7eb4db7605b139c07cf19
SHA1 ea2ddaa1971cdc63402d0a74a50e7c671badb145
SHA256 b5170a5df4bbb2825f5ac549b9b4d10f97832084b0d311a871a69f7dfa696195
SHA512 975f1d3775d83f3ef02cb05c7029f432aeb33e7db353e3651a4c570fcf510309576dbc5049638858790dbc5c6f484a94b1e75481b5375863f9d21486067e0a6f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d69d4cf2f02b8784adc04d9b966614e3
SHA1 e943ef510c64b41c2b99344bd5d6405d1f7cfbd0
SHA256 99c28602f5e456d746510d75c5265d76da4aa7a91b617bd7cbf92c91c5df6b87
SHA512 ceb30da96d7d9871914c26223b71d19a705828fe0eb7da44f0c3b9b9978e1ea8159ada47cce98e56bda708ec1d8a80cd6a99cde90a2d19e6362884d0a932d6ab

C:\Windows\Installer\MSI3094.tmp

MD5 0d1b3d26a9d0c59e8da1d3df6f5235a9
SHA1 d4f7c0253c0d8fd02a3cee0462d3912db759b962
SHA256 355fd71a76f85e8dc7fa18a007809c4381c2afe887d7a25ce9e1e95070f26b33
SHA512 ef0ce0879a1cda3822f7281373e31dd196dfee76ada9645e89332473ba416b691ca3ab710ad4e86dc37de143dd6cadc1b3955f13a318a1c49fd2890660844c56

C:\Users\Admin\AppData\Local\Temp\COMODO Internet Security dbgout.log

MD5 df2e1e7d43c66692a20bab6ddda933c2
SHA1 ff83a0e2a630d2c5b6bddc9069b9d231b90f3217
SHA256 1d9e1a7b6049639493cb4d5323c774cabbc0c2e45460d730ce47d5cd3a519453
SHA512 e9c35efde413af95beefdf6482bea22ee75d9e15196ef6e71dd870ad15f7041fde3198244556cad6c4e01fa5e2798bdfe265261be201661de4c659742c52f007

C:\Windows\Installer\MSI3686.tmp

MD5 c435f554a0823a156c21d8ebe6487fb0
SHA1 a078ca18d0532f33d10a8e898970e3f0ed2c1985
SHA256 d8a42eda60051799d97883dcc0f27b2f87f39d39d5a46047590c403d57e29d25
SHA512 d4e405fe17079e2e3943d0e625f2d8c530398467cbd6a575828c84b46df2c1aeb66c16f7d54973f280c5319366767cbc3fe741aa2f2f00ebda590c0ee85c745a

C:\Users\Admin\AppData\Local\Temp\COMODO Internet Security dbgout.log

MD5 83c2af34cc3f2e782cf902e55b04cc0c
SHA1 c038b3311a3704f42b895f2d8a67b257f1b7779b
SHA256 cada64634101eea36de887b62b6d6e67528d82c74d922b4e5642bfabff3dd4d0
SHA512 a4184940138ebdc0848b32d3b781398f9679bba20525e6d6b5399689ce236ddc23645cd0ebda17b3dd90348a9878faac115ed9989bc2e3e5e63462d1acc5fe75

\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe

MD5 50a9b8ada65d917c4470c35a24e5321f
SHA1 cf7b45814560418fdef69aaad2f0bc348f95aa78
SHA256 604e6a806d37c436b5858d9521d52f18bb779caa23f7b79d534de19d141a2d8e
SHA512 b69049aef1f1f80e6a4494d265ea65e01a979b3e9521966a5f608ace6c4fa05e7cf3d4f44260d2f38d7f7ebd723221867ccdd8e31d7f728de18151fa2d8e367d

C:\Program Files\COMODO\COMODO Internet Security\cmdres.DLL

MD5 6d7caec45f44db9a57307fdca673531c
SHA1 6c03ea2c84837edb1ff28d883db361fe8b530ba4
SHA256 973b7eef70905bde2716eb07626f9a7df9736190e02922eefff2b47619d81ebc
SHA512 9f5f204cabeee610b09321d1fdeb416e92d0ce1137f18f1544cca5496e48937ba381d2ed916cd8fb6a53834f20e566caa576b7a5792c5b7aba2c4a7000a9715e

C:\Program Files\COMODO\COMODO Internet Security\cfpver.dat

MD5 0889f8a78fdb667192b0a3617c51db9f
SHA1 32e9fe7b4f309e1605ff3a55ea1e613167f463f3
SHA256 6cc8b0fb91f5e5d31e6b58ecd11f33ef2c8e2d65a20639374fe0789deda57056
SHA512 a357766bef664ad1ae093f04c470078c5f2288d9ef6deb876b5e2b97ab6211c9cfb87c40c545ff3c5288cb04bac89c862fb21eefef784ab574bc8e3a5f6c1f47

C:\Program Files\COMODO\COMODO Internet Security\cisresc.dll

MD5 b54ba5c6737c7c84b5ef7117eadc0664
SHA1 4a879b436e5c60f40aabaf9da97396cb3631acb1
SHA256 92e3b22a5652fce895eeee118dabf070eae0a9e7575324970cc0e43723c37e55
SHA512 382969362f55513fcbff571f23058f6031d4cd96e05ae1808b348df67e032cf2f667812b90718abf3eb79aa24dd5c4061b34c09ad06a044d13828c5f21fbccf2

\Program Files\COMODO\COMODO Internet Security\cisbfps.dll

MD5 728a97b5b669c3b6dee064b5b3dc636d
SHA1 cb3d70083d65aea7dd18ee4da3844138a0d0ceef
SHA256 1306e31bdfb5c9e30b0b261125a83c5c544b3aee0e450b547e4055d533451169
SHA512 7ddcfc99ee9d4c351ad4b0622af24d27e5a6f64123fa0ae542918efc86ba832cf76b0bb36e9943be3bd6ba0d78be926310fe997045ae5babbf1f90f411b97930

\Program Files\COMODO\COMODO Internet Security\cisbf.exe

MD5 0ac6f2e6487b82ccb89033ee84b615e1
SHA1 db55e4017c4c7f442b8565cc80492d4261f1a539
SHA256 7c3393696d205b935add38ea8a8ada9f7fe18d896cff97111b08f59a5b04e475
SHA512 a67c0d4675f325b479539c57c63944ce32632b4e1dfaf5507ed00bc2f8128dfd2c179138afeb35a7acdd8c932124c550a748db389a42082f3e03a19d9868db55

C:\Users\Admin\AppData\Local\Temp\COMODO Internet Security dbgout.log

MD5 7aa56aa8db3acc908d86828b7c5686cc
SHA1 fa8290bb5697b35e5c0d1ed8fd040680b2764576
SHA256 5af2cb347d8a4bf5e406d2cddb1cd07d75b87b0bed12d308f06cbc0b5aca9a70
SHA512 9a3140cabf791bd0a3c915be18b5824dc832fad26f9793ab3295c2f8a771cf023fd8971bdecb53aa3cf3c0339f9b0e73d366e330c942f9886b7f71e1d22d0c0c

C:\Windows\System32\drivers\SET6539.tmp

MD5 bd355711c7c960c0bd1ac44e1f7052a6
SHA1 0f42054de62da794526fefb08d4bf73e12016681
SHA256 00ed372159987455a77418ed8c315c42d523f850423587aefc666af79a53f2ae
SHA512 165c1344b84bac56f4aa11b298134741ca78c90f71163a718880870cde98e06210f2a7b4e35ac0db9be006b89715536ad54167580292bbf36b68491a837881dc

C:\Windows\System32\drivers\SET653A.tmp

MD5 235a8a617a3e4aaa121debeb2883d47e
SHA1 998b02236a6a13a14f09b32a2e8387f0a6488d35
SHA256 3f4f034d8dcad822ed462f1363f1a52c958fc3870cc15f506d2842d7f990960f
SHA512 c87fe51403dccf47e3b6d00f823f8493aec321defef6ddd731f4d607dbc45e6249b44abf15785913be7d55a74f90b833157a7e4202fa62d4c7e06be76c6ceaea

memory/3360-2205-0x000000006FFF0000-0x0000000070000000-memory.dmp

memory/3360-2204-0x000000006FFF0000-0x0000000070000000-memory.dmp

memory/3196-2208-0x000000006FFF0000-0x0000000070000000-memory.dmp

memory/3196-2209-0x000000006FFF0000-0x0000000070000000-memory.dmp

memory/3196-2211-0x0000000077B90000-0x0000000077D39000-memory.dmp

memory/1132-2228-0x000000006FFF0000-0x0000000070000000-memory.dmp

memory/1132-2227-0x000000006FFF0000-0x0000000070000000-memory.dmp

C:\Config.Msi\f772c81.rbs

MD5 b931cfcd2635345c3295bfa106393ded
SHA1 803a0d65e29a3f749451e6ff6ac4189a40536444
SHA256 62a01f4ec51adb7adbd36f37e3daff3f05d4af3c145d6b4e6ebf80cd0ca0003c
SHA512 c9d373911b6925a7e6f2c9dcd681facc7465befa5d08d17208fb7a78a39b55a5042458680fff7826287f9045b55c5ea04f517856a18f9ad1175bb44df62c74e8

memory/1132-2248-0x0000000077B90000-0x0000000077D39000-memory.dmp

memory/2816-2266-0x000000006FFF0000-0x0000000070000000-memory.dmp

memory/2816-2265-0x000000006FFF0000-0x0000000070000000-memory.dmp

memory/2816-2267-0x0000000000A40000-0x0000000000A41000-memory.dmp

C:\PROGRA~3\Comodo\Cis\QUARAN~1\Temp\Cab823C.tmp

MD5 d59a6b36c5a94916241a3ead50222b6f
SHA1 e274e9486d318c383bc4b9812844ba56f0cff3c6
SHA256 a38d01d3f024e626d579cf052ac3bd4260bb00c34bc6085977a5f4135ab09b53
SHA512 17012307955fef045e7c13bf0613bd40df27c29778ba6572640b76c18d379e02dc478e855c9276737363d0ad09b9a94f2adaa85da9c77ebb3c2d427aa68e2489

C:\ProgramData\Comodo\Cis\Quarantine\Temp\Tar824F.tmp

MD5 b13f51572f55a2d31ed9f266d581e9ea
SHA1 7eef3111b878e159e520f34410ad87adecf0ca92
SHA256 725980edc240c928bec5a5f743fdabeee1692144da7091cf836dc7d0997cef15
SHA512 f437202723b2817f2fef64b53d4eb67f782bdc61884c0c1890b46deca7ca63313ee2ad093428481f94edfcecd9c77da6e72b604998f7d551af959dbd6915809c

C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 8dc1462bdd04264b22295ee3675d92d5
SHA1 299b0bfc82ad57280d8004099a80c2bf2212b0d1
SHA256 dfd91f255bd641874ae27b41d55b875a6227dbf6772898d69e67c458e4df86bf
SHA512 2ce3357e2270887ffe616ddf5957f5729f9cc71d1ba4111764212ca12604e05b8303af6b76a8d6289dbcbd8e373f7bd7e440623422f5d2a52af2ead2fbbc561e

memory/3360-2580-0x0000000077B90000-0x0000000077D39000-memory.dmp

memory/2816-2594-0x0000000077B90000-0x0000000077D39000-memory.dmp

memory/3360-2605-0x0000000077B90000-0x0000000077D39000-memory.dmp

memory/3360-2607-0x0000000077B90000-0x0000000077D39000-memory.dmp

memory/2816-2613-0x0000000077B90000-0x0000000077D39000-memory.dmp

memory/3360-2615-0x0000000077B90000-0x0000000077D39000-memory.dmp

memory/3360-2624-0x0000000077B90000-0x0000000077D39000-memory.dmp

memory/3360-2626-0x0000000077B90000-0x0000000077D39000-memory.dmp