Malware Analysis Report

2024-10-16 03:31

Sample ID 240903-j1fpes1hjm
Target https://metrology.mahr.com/de/service/download-center/marcom-professional/
Tags
banload discovery downloader dropper trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

Threat Level: Known bad

The file https://metrology.mahr.com/de/service/download-center/marcom-professional/ was found to be: Known bad.

Malicious Activity Summary

banload discovery downloader dropper trojan

Banload

Drops file in Drivers directory

Manipulates Digital Signatures

Checks BIOS information in registry

Loads dropped DLL

Checks computer location settings

Executes dropped EXE

Checks installed software on the system

Drops file in System32 directory

Drops file in Program Files directory

Drops file in Windows directory

Browser Information Discovery

Enumerates physical storage devices

System Location Discovery: System Language Discovery

Suspicious use of SetWindowsHookEx

Suspicious use of SendNotifyMessage

Runs .reg file with regedit

Enumerates system info in registry

NTFS ADS

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of AdjustPrivilegeToken

Checks processor information in registry

Modifies registry class

Modifies data under HKEY_USERS

Suspicious use of WriteProcessMemory

Checks SCSI registry key(s)

Suspicious behavior: EnumeratesProcesses

Suspicious use of FindShellTrayWindow

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-09-03 08:07

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-09-03 08:07

Reported

2024-09-03 08:10

Platform

win10v2004-20240802-en

Max time kernel

152s

Max time network

152s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://metrology.mahr.com/de/service/download-center/marcom-professional/

Signatures

Banload

trojan dropper downloader banload

Drops file in Drivers directory

Description Indicator Process Target
File created C:\Windows\system32\DRIVERS\evserial9.sys C:\Users\Public\Documents\MarCom\NT6X64\vsbsetup.exe N/A
File opened for modification C:\Windows\System32\drivers\SETFBC0.tmp C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\System32\drivers\SETFBC0.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\drivers\evsbc9.sys C:\Windows\system32\DrvInst.exe N/A

Manipulates Digital Signatures

Description Indicator Process Target
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\884D4EB820ABE1D81F01B3637597B49E1AF7C5D1\Blob = 030000000100000014000000884d4eb820abe1d81f01b3637597b49e1af7c5d10400000001000000100000005a25f6e82e5acc54eea54c6b386257030f0000000100000014000000e8660b376f5647c3be7da9766e75eb452401d024140000000100000014000000ad8a933dbbf6ecb9c436074439f405843fc52ab91900000001000000100000000cf3ee5e3f3c98e88810a50791bdcb315c000000010000000400000000080000180000000100000010000000531cad3df47ed4855e0d8862b9d303344b0000000100000044000000340036004400450036003400310033003000320037003100420036003100440031003300410030004600410046004400390034003600350033003700370043005f00000020000000010000004e0500003082054a30820432a003020102020703f2d33c588495300d06092a864886f70d01010505003081ca310b30090603550406130255533110300e060355040813074172697a6f6e61311330110603550407130a53636f74747364616c65311a3018060355040a1311476f44616464792e636f6d2c20496e632e31333031060355040b132a687474703a2f2f6365727469666963617465732e676f64616464792e636f6d2f7265706f7369746f72793130302e06035504031327476f204461646479205365637572652043657274696669636174696f6e20417574686f726974793111300f060355040513083037393639323837301e170d3133303531343034353731345a170d3134303531303036343234375a3075310b30090603550406130246493110300e06035504081307757573696d6161310e300c060355040713054573706f6f3121301f060355040a1318426c75656769676120546563686e6f6c6f67696573204f793121301f06035504031318426c75656769676120546563686e6f6c6f67696573204f7930820122300d06092a864886f70d01010105000382010f003082010a0282010100c447c6a518d5479ad3dfc4fdd6e77727b85cc4ef487f4db293529a6c92c859126abf3a111b5f9ef908a0cb1392361c59ef9ab616b6d9b2061208997fa3065378eff0825e21007ba9c44338f7502886a258bbac06e98d6d2d930337baee2a4ddc808c588347a1ff2b4e0dc8abcdb05095b9c4e55e4f326ccaf074cca1f766c67d1824b7932f98e6c5054d0589417e9f88f0ec9b0af4ddabe28f3dc16980eb5bbf4abaecc26558a45a3b7381163fef66fffae6eff3e11aa248c22b68256c0f814c956561612c5900a73d6f0c7c3d1842122b81bbbce1c6e8f5fdfb6551900279c63104293db741451172522d1b1c93c9faed1b799dbe3d7d684bc84de3128886210203010001a382018730820183300f0603551d130101ff0405300301010030130603551d25040c300a06082b06010505070303300e0603551d0f0101ff04040302078030330603551d1f042c302a3028a026a0248622687474703a2f2f63726c2e676f64616464792e636f6d2f676473352d31362e63726c30530603551d20044c304a3048060b6086480186fd6d010717023039303706082b06010505070201162b687474703a2f2f6365727469666963617465732e676f64616464792e636f6d2f7265706f7369746f72792f30818006082b0601050507010104743072302406082b060105050730018618687474703a2f2f6f6373702e676f64616464792e636f6d2f304a06082b06010505073002863e687474703a2f2f6365727469666963617465732e676f64616464792e636f6d2f7265706f7369746f72792f67645f696e7465726d6564696174652e637274301f0603551d23041830168014fdac6132936c45d6e2ee855f9abae7769968cce7301d0603551d0e04160414ad8a933dbbf6ecb9c436074439f405843fc52ab9300d06092a864886f70d01010505000382010100612882ad3e9ca645af638e92220b39a9148630280f2c4feb320446d9d715828a10d838ca9e219716e6d19eac75e34f14f6144f0cec45cb8a17284c5891b75edb16a3d2cbb9703cfd60032eab25ce34c2f50ba9cb461e24a047fc0b9d78b004020b222467807565a472be90b93559a66b640db88d115c8805b7340f7f085de8d1a631a500a2cf26113bedb3b3f5ad9580904b32df60ad1b6c2d25b63457955379937d33f2a25a4b945a1373773dcbaac68b41c06e3e31b888ea3595f0f71bd6035543f4baee258b2a02effe750823a3d9fabecd6b2b31c6794889cd9bdbab47451ae7e6ac96a7cce0eb1b1013a5bf599e2ce62d933815ea03d4053cefa3d940c0 C:\Windows\system32\DrvInst.exe N/A

Checks BIOS information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate C:\Windows\SysWOW64\regsvr32.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Windows\SysWOW64\regsvr32.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate C:\Windows\SysWOW64\regsvr32.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Windows\SysWOW64\regsvr32.exe N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\is-NMBTN.tmp\VSP Eltima 9.0.tmp N/A
Key value queried \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\is-U4ERR.tmp\SetUp-MarCom.tmp N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A F:\49893b8e0037e4e51d4e\Setup.exe N/A
N/A N/A F:\49893b8e0037e4e51d4e\Setup.exe N/A
N/A N/A C:\Program Files (x86)\MarCom\Driver\BlueDat\blueDAT_win32\vc_redist.x86.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Program Files (x86)\MarCom\MarComProf.exe N/A
N/A N/A C:\Program Files (x86)\MarCom\MarComProf.exe N/A
N/A N/A C:\Program Files (x86)\MarCom\MarComProf.exe N/A
N/A N/A C:\Program Files (x86)\MarCom\MarComProf.exe N/A
N/A N/A C:\Program Files (x86)\MarCom\MarComProf.exe N/A
N/A N/A C:\Program Files (x86)\MarCom\MarComProf.exe N/A
N/A N/A C:\Program Files (x86)\MarCom\MarComProf.exe N/A
N/A N/A C:\Program Files (x86)\MarCom\MarComProf.exe N/A
N/A N/A C:\Program Files (x86)\MarCom\MarComProf.exe N/A
N/A N/A C:\Program Files (x86)\MarCom\MarComProf.exe N/A
N/A N/A C:\Program Files (x86)\MarCom\MarComProf.exe N/A
N/A N/A C:\Program Files (x86)\MarCom\MarComProf.exe N/A
N/A N/A C:\Program Files (x86)\MarCom\MarComProf.exe N/A
N/A N/A C:\Program Files (x86)\MarCom\MarComProf.exe N/A
N/A N/A C:\Program Files (x86)\MarCom\MarComProf.exe N/A
N/A N/A C:\Program Files (x86)\MarCom\MarComProf.exe N/A
N/A N/A C:\Program Files (x86)\MarCom\MarComProf.exe N/A
N/A N/A C:\Program Files (x86)\MarCom\MarComProf.exe N/A
N/A N/A C:\Program Files (x86)\MarCom\MarComProf.exe N/A
N/A N/A C:\Program Files (x86)\MarCom\MarComProf.exe N/A
N/A N/A C:\Program Files (x86)\MarCom\MarComProf.exe N/A
N/A N/A C:\Program Files (x86)\MarCom\MarComProf.exe N/A
N/A N/A C:\Program Files (x86)\MarCom\MarComProf.exe N/A
N/A N/A C:\Program Files (x86)\MarCom\MarComProf.exe N/A
N/A N/A C:\Program Files (x86)\MarCom\MarComProf.exe N/A
N/A N/A C:\Program Files (x86)\MarCom\MarComProf.exe N/A
N/A N/A C:\Program Files (x86)\MarCom\MarComProf.exe N/A

Checks installed software on the system

discovery

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\System32\CatRoot2\dberr.txt C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{f0600c6d-a208-4b46-b929-83a8b6bf5ba1}\SETFB16.tmp C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\System32\DriverStore\Temp\{27a75299-33d3-834d-84e0-8faee62a2da2}\amd64\SET8E7F.tmp C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\System32\DriverStore\Temp\{27a75299-33d3-834d-84e0-8faee62a2da2}\amd64\SET8E92.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\CatRoot2\dberr.txt C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\ant_libusb.inf_amd64_54173307afc55815\ant_libusb.PNF C:\Program Files (x86)\MarCom\Driver\AntUSB2\AntPreinstall64.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{a292a022-333b-7542-a62c-656223062618}\SETF385.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\FileRepository\slabvcp.inf_amd64_9063be87f4abb1a5\slabvcp.cat C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\CatRoot2\dberr.txt C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\FileRepository\dfu.inf_amd64_a13b0024242c0fb7\dfu.inf C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{27a75299-33d3-834d-84e0-8faee62a2da2}\amd64\ftbusui.dll C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\System32\DriverStore\Temp\{27a75299-33d3-834d-84e0-8faee62a2da2}\i386\SET8E95.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\FileRepository\ftdibus.inf_amd64_b7c6f1ad9f999c33\ftdibus.cat C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{7a6a7d60-f2e1-4b4c-9d7b-2ef0af174144}\ANT_LibUsb.inf C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{41bfc8de-0401-a34e-ade4-ab944907d3ca}\amd64\SETCE39.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\FileRepository\dfu.inf_amd64_a13b0024242c0fb7\amd64\WinUSBCoInstaller2.dll C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\CatRoot2\dberr.txt C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\CatRoot2\dberr.txt C:\Program Files (x86)\MarCom\Driver\Steute\CP210xVCPInstaller_x64.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{33e2c968-df44-6c47-a4bd-2c10486299be}\evserial9.inf C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\System32\DriverStore\drvstore.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{27a75299-33d3-834d-84e0-8faee62a2da2}\amd64\SET8E91.tmp C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\System32\DriverStore\Temp\{7a6a7d60-f2e1-4b4c-9d7b-2ef0af174144}\amd64\SET91DB.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{7a6a7d60-f2e1-4b4c-9d7b-2ef0af174144} C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{a292a022-333b-7542-a62c-656223062618}\x64\WdfCoinstaller01009.dll C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\FileRepository\ftdibus.inf_amd64_b7c6f1ad9f999c33\ftdibus.inf C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\FileRepository\ant_libusb.inf_amd64_54173307afc55815\amd64\libusb0.sys C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{456bfa6f-e10b-f348-8c33-8b74e62e8e49} C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{a292a022-333b-7542-a62c-656223062618}\x64\SETF373.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{33e2c968-df44-6c47-a4bd-2c10486299be}\evserial9.cat C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\System32\DriverStore\Temp\{41bfc8de-0401-a34e-ade4-ab944907d3ca}\amd64\SETCE38.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{a292a022-333b-7542-a62c-656223062618}\x64\SETF374.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\CatRoot2\dberr.txt C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\System32\DriverStore\Temp\{27a75299-33d3-834d-84e0-8faee62a2da2}\SET8E93.tmp C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\System32\DriverStore\Temp\{a292a022-333b-7542-a62c-656223062618}\x64\SETF374.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{a292a022-333b-7542-a62c-656223062618} C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{f0600c6d-a208-4b46-b929-83a8b6bf5ba1} C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\ftdibus.inf_amd64_b7c6f1ad9f999c33\ftdibus.PNF C:\Program Files (x86)\MarCom\Driver\FTDI\FtdiPreinstall\FtdiPreinstall64.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{7a6a7d60-f2e1-4b4c-9d7b-2ef0af174144}\x86 C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{a292a022-333b-7542-a62c-656223062618}\slabvcp.cat C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\FileRepository\evserial9.inf_amd64_ec709273717cc850\evserial9.cat C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\System32\DriverStore\Temp\{33e2c968-df44-6c47-a4bd-2c10486299be}\SETFA1D.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{27a75299-33d3-834d-84e0-8faee62a2da2}\amd64\FTLang.dll C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{27a75299-33d3-834d-84e0-8faee62a2da2}\ftdibus.inf C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\FileRepository\ftdibus.inf_amd64_b7c6f1ad9f999c33\amd64\ftdibus.sys C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{456bfa6f-e10b-f348-8c33-8b74e62e8e49}\SETEC3F.tmp C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\System32\DriverStore\drvstore.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{33e2c968-df44-6c47-a4bd-2c10486299be}\SETFA1A.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{27a75299-33d3-834d-84e0-8faee62a2da2} C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\System32\DriverStore\Temp\{a292a022-333b-7542-a62c-656223062618}\SETF386.tmp C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\System32\DriverStore\Temp\{f0600c6d-a208-4b46-b929-83a8b6bf5ba1}\SETFB15.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\FileRepository\ftdibus.inf_amd64_b7c6f1ad9f999c33\amd64\FTLang.dll C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\CatRoot2\dberr.txt C:\Program Files (x86)\MarCom\Driver\FTDI\FtdiPreinstall\FtdiPreinstall64.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{7a6a7d60-f2e1-4b4c-9d7b-2ef0af174144}\amd64\SET91EB.tmp C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\ant_libusb.inf_amd64_54173307afc55815\ANT_LibUsb.PNF C:\Program Files (x86)\MarCom\Driver\AntUSB2\AntPreinstall64.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{41bfc8de-0401-a34e-ade4-ab944907d3ca}\amd64\WinUSBCoInstaller2.dll C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\FileRepository\dfu.inf_amd64_a13b0024242c0fb7\amd64\WdfCoInstaller01009.dll C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\FileRepository\slabvcp.inf_amd64_9063be87f4abb1a5\slabvcp.inf C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\slabvcp.inf_amd64_9063be87f4abb1a5\slabvcp.PNF C:\Program Files (x86)\MarCom\Driver\Steute\CP210xVCPInstaller_x64.exe N/A
File opened for modification C:\Windows\System32\DriverStore\FileRepository\evserial9.inf_amd64_ec709273717cc850\evspd9.dll C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\System32\DriverStore\Temp\{27a75299-33d3-834d-84e0-8faee62a2da2}\amd64\SET8E91.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{7a6a7d60-f2e1-4b4c-9d7b-2ef0af174144}\ANT_LibUsb.cat C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{33e2c968-df44-6c47-a4bd-2c10486299be}\SETFA1D.tmp C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\System32\DriverStore\drvstore.tmp C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\System32\DriverStore\Temp\{456bfa6f-e10b-f348-8c33-8b74e62e8e49}\SETEC40.tmp C:\Windows\system32\DrvInst.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\MarCom\Devices\is-K80KK.tmp C:\Users\Admin\AppData\Local\Temp\is-U4ERR.tmp\SetUp-MarCom.tmp N/A
File opened for modification C:\Program Files (x86)\MarCom\ANT_DLL1.Dll C:\Users\Admin\AppData\Local\Temp\is-U4ERR.tmp\SetUp-MarCom.tmp N/A
File created C:\Program Files (x86)\MarCom\Driver\ANTUSB2\ia64\is-6K0QU.tmp C:\Users\Admin\AppData\Local\Temp\is-U4ERR.tmp\SetUp-MarCom.tmp N/A
File created C:\Program Files (x86)\MarCom\Devices\is-ED516.tmp C:\Users\Admin\AppData\Local\Temp\is-U4ERR.tmp\SetUp-MarCom.tmp N/A
File opened for modification C:\Program Files (x86)\MarCom\Driver\ANTUSB2\AntPreinstall64.exe C:\Users\Admin\AppData\Local\Temp\is-U4ERR.tmp\SetUp-MarCom.tmp N/A
File created C:\Program Files (x86)\MarCom\Driver\FTDI\FtdiPreinstall\is-TMQ1T.tmp C:\Users\Admin\AppData\Local\Temp\is-U4ERR.tmp\SetUp-MarCom.tmp N/A
File created C:\Program Files (x86)\MarCom\Devices\Mem1\is-BOGGJ.tmp C:\Users\Admin\AppData\Local\Temp\is-U4ERR.tmp\SetUp-MarCom.tmp N/A
File opened for modification C:\Program Files (x86)\MarCom\Driver\FTDI\D2XX\64-Bit\i386\ftlang.dll C:\Users\Admin\AppData\Local\Temp\is-U4ERR.tmp\SetUp-MarCom.tmp N/A
File created C:\Program Files (x86)\MarCom\Driver\FTDI\FtdiPreinstall\is-GS2BA.tmp C:\Users\Admin\AppData\Local\Temp\is-U4ERR.tmp\SetUp-MarCom.tmp N/A
File created C:\Program Files (x86)\MarCom\unins000.dat C:\Users\Admin\AppData\Local\Temp\is-U4ERR.tmp\SetUp-MarCom.tmp N/A
File created C:\Program Files (x86)\MarCom\is-8QJH4.tmp C:\Users\Admin\AppData\Local\Temp\is-U4ERR.tmp\SetUp-MarCom.tmp N/A
File created C:\Program Files (x86)\MarCom\is-M484K.tmp C:\Users\Admin\AppData\Local\Temp\is-U4ERR.tmp\SetUp-MarCom.tmp N/A
File created C:\Program Files (x86)\MarCom\Driver\FTDI\D2XX\32-Bit\i386\is-L9PLJ.tmp C:\Users\Admin\AppData\Local\Temp\is-U4ERR.tmp\SetUp-MarCom.tmp N/A
File created C:\Program Files (x86)\MarCom\Devices\is-N98BQ.tmp C:\Users\Admin\AppData\Local\Temp\is-U4ERR.tmp\SetUp-MarCom.tmp N/A
File created C:\Program Files (x86)\MarCom\Devices\Mem1\is-1DNCJ.tmp C:\Users\Admin\AppData\Local\Temp\is-U4ERR.tmp\SetUp-MarCom.tmp N/A
File opened for modification C:\Program Files (x86)\MarCom\Driver\BlueDat\blueDAT_dongle_driver\windrv\x86\WdfCoInstaller01009.dll C:\Users\Admin\AppData\Local\Temp\is-U4ERR.tmp\SetUp-MarCom.tmp N/A
File opened for modification C:\Program Files (x86)\MarCom\Driver\BlueDat\blueDAT_dongle_driver\windrv\amd64\winusbcoinstaller2.dll C:\Users\Admin\AppData\Local\Temp\is-U4ERR.tmp\SetUp-MarCom.tmp N/A
File created C:\Program Files (x86)\MarCom\Devices\Mem1\is-CLLMC.tmp C:\Users\Admin\AppData\Local\Temp\is-U4ERR.tmp\SetUp-MarCom.tmp N/A
File created C:\Program Files (x86)\MarCom\Devices\is-CP3A4.tmp C:\Users\Admin\AppData\Local\Temp\is-U4ERR.tmp\SetUp-MarCom.tmp N/A
File created C:\Program Files (x86)\MarCom\Devices\Mem1\is-44819.tmp C:\Users\Admin\AppData\Local\Temp\is-U4ERR.tmp\SetUp-MarCom.tmp N/A
File created C:\Program Files (x86)\MarCom\Devices\Mem1\is-1PJS9.tmp C:\Users\Admin\AppData\Local\Temp\is-U4ERR.tmp\SetUp-MarCom.tmp N/A
File opened for modification C:\Program Files (x86)\MarCom\Help\de\MarCom_DE.chm C:\Users\Admin\AppData\Local\Temp\is-U4ERR.tmp\SetUp-MarCom.tmp N/A
File created C:\Program Files (x86)\MarCom\is-M0US7.tmp C:\Users\Admin\AppData\Local\Temp\is-U4ERR.tmp\SetUp-MarCom.tmp N/A
File created C:\Program Files (x86)\MarCom\Devices\is-GG2OT.tmp C:\Users\Admin\AppData\Local\Temp\is-U4ERR.tmp\SetUp-MarCom.tmp N/A
File created C:\Program Files (x86)\MarCom\Devices\Mem1\is-FMSD2.tmp C:\Users\Admin\AppData\Local\Temp\is-U4ERR.tmp\SetUp-MarCom.tmp N/A
File created C:\Program Files (x86)\MarCom\Devices\is-D5KO4.tmp C:\Users\Admin\AppData\Local\Temp\is-U4ERR.tmp\SetUp-MarCom.tmp N/A
File created C:\Program Files (x86)\MarCom\Driver\ANTUSB2\x86\is-3GVKK.tmp C:\Users\Admin\AppData\Local\Temp\is-U4ERR.tmp\SetUp-MarCom.tmp N/A
File created C:\Program Files (x86)\MarCom\Devices\is-SJVR8.tmp C:\Users\Admin\AppData\Local\Temp\is-U4ERR.tmp\SetUp-MarCom.tmp N/A
File created C:\Program Files (x86)\MarCom\Devices\is-R0UFP.tmp C:\Users\Admin\AppData\Local\Temp\is-U4ERR.tmp\SetUp-MarCom.tmp N/A
File created C:\Program Files (x86)\MarCom\Devices\is-81CFK.tmp C:\Users\Admin\AppData\Local\Temp\is-U4ERR.tmp\SetUp-MarCom.tmp N/A
File created C:\Program Files (x86)\MarCom\Devices\is-5AR18.tmp C:\Users\Admin\AppData\Local\Temp\is-U4ERR.tmp\SetUp-MarCom.tmp N/A
File created C:\Program Files (x86)\MarCom\Devices\Mem1\is-5M92F.tmp C:\Users\Admin\AppData\Local\Temp\is-U4ERR.tmp\SetUp-MarCom.tmp N/A
File created C:\Program Files (x86)\MarCom\Devices\Mem1\is-8QTGT.tmp C:\Users\Admin\AppData\Local\Temp\is-U4ERR.tmp\SetUp-MarCom.tmp N/A
File created C:\Program Files (x86)\MarCom\Devices\Mem1\is-UJD2J.tmp C:\Users\Admin\AppData\Local\Temp\is-U4ERR.tmp\SetUp-MarCom.tmp N/A
File opened for modification C:\Program Files (x86)\MarCom\Driver\FTDI\FtdiPreinstall\FtdiPreinstall64.exe C:\Users\Admin\AppData\Local\Temp\is-U4ERR.tmp\SetUp-MarCom.tmp N/A
File created C:\Program Files (x86)\MarCom\Driver\FTDI\D2XX\32-Bit\i386\is-59VCN.tmp C:\Users\Admin\AppData\Local\Temp\is-U4ERR.tmp\SetUp-MarCom.tmp N/A
File created C:\Program Files (x86)\MarCom\Driver\FTDI\D2XX\32-Bit\amd64\is-DUDPJ.tmp C:\Users\Admin\AppData\Local\Temp\is-U4ERR.tmp\SetUp-MarCom.tmp N/A
File created C:\Program Files (x86)\MarCom\Devices\is-LFRNS.tmp C:\Users\Admin\AppData\Local\Temp\is-U4ERR.tmp\SetUp-MarCom.tmp N/A
File opened for modification C:\Program Files (x86)\MarCom\Driver\FTDI\D2XX\CDM21228_Setup.exe C:\Users\Admin\AppData\Local\Temp\is-U4ERR.tmp\SetUp-MarCom.tmp N/A
File created C:\Program Files (x86)\MarCom\Driver\BlueDat\blueDAT_dongle_driver\windrv\x86\is-J551G.tmp C:\Users\Admin\AppData\Local\Temp\is-U4ERR.tmp\SetUp-MarCom.tmp N/A
File created C:\Program Files (x86)\MarCom\Driver\FTDI\D2XX\32-Bit\amd64\is-OFH0D.tmp C:\Users\Admin\AppData\Local\Temp\is-U4ERR.tmp\SetUp-MarCom.tmp N/A
File created C:\Program Files (x86)\MarCom\Driver\FTDI\D2XX\32-Bit\Static\amd64\is-HOH87.tmp C:\Users\Admin\AppData\Local\Temp\is-U4ERR.tmp\SetUp-MarCom.tmp N/A
File created C:\Program Files (x86)\MarCom\Devices\Mem1\is-47T03.tmp C:\Users\Admin\AppData\Local\Temp\is-U4ERR.tmp\SetUp-MarCom.tmp N/A
File created C:\Program Files (x86)\MarCom\is-HBB38.tmp C:\Users\Admin\AppData\Local\Temp\is-U4ERR.tmp\SetUp-MarCom.tmp N/A
File created C:\Program Files (x86)\MarCom\Driver\BlueDat\blueDAT_dongle_driver\windrv\is-HI8RQ.tmp C:\Users\Admin\AppData\Local\Temp\is-U4ERR.tmp\SetUp-MarCom.tmp N/A
File created C:\Program Files (x86)\MarCom\Devices\is-JEINU.tmp C:\Users\Admin\AppData\Local\Temp\is-U4ERR.tmp\SetUp-MarCom.tmp N/A
File created C:\Program Files (x86)\MarCom\Devices\Mem1\is-4LJ00.tmp C:\Users\Admin\AppData\Local\Temp\is-U4ERR.tmp\SetUp-MarCom.tmp N/A
File opened for modification C:\Program Files (x86)\MarCom\Driver\BlueDat\blueDAT_dongle_driver\windrv\x86\winusbcoinstaller2.dll C:\Users\Admin\AppData\Local\Temp\is-U4ERR.tmp\SetUp-MarCom.tmp N/A
File opened for modification C:\Program Files (x86)\MarCom\Help\Alt1\MarCom_EN.chm C:\Users\Admin\AppData\Local\Temp\is-U4ERR.tmp\SetUp-MarCom.tmp N/A
File created C:\Program Files (x86)\MarCom\Driver\ANTUSB2\is-E8VHT.tmp C:\Users\Admin\AppData\Local\Temp\is-U4ERR.tmp\SetUp-MarCom.tmp N/A
File created C:\Program Files (x86)\MarCom\Driver\FTDI\D2XX\64-Bit\is-5UCHL.tmp C:\Users\Admin\AppData\Local\Temp\is-U4ERR.tmp\SetUp-MarCom.tmp N/A
File created C:\Program Files (x86)\MarCom\Driver\FTDI\D2XX\64-Bit\amd64\is-HGUH8.tmp C:\Users\Admin\AppData\Local\Temp\is-U4ERR.tmp\SetUp-MarCom.tmp N/A
File created C:\Program Files (x86)\MarCom\Driver\FTDI\FtdiPreinstall\is-UPRQR.tmp C:\Users\Admin\AppData\Local\Temp\is-U4ERR.tmp\SetUp-MarCom.tmp N/A
File created C:\Program Files (x86)\MarCom\Devices\is-7JP7I.tmp C:\Users\Admin\AppData\Local\Temp\is-U4ERR.tmp\SetUp-MarCom.tmp N/A
File created C:\Program Files (x86)\MarCom\Devices\is-VK6K8.tmp C:\Users\Admin\AppData\Local\Temp\is-U4ERR.tmp\SetUp-MarCom.tmp N/A
File opened for modification C:\Program Files (x86)\MarCom\Driver\BlueDat\blueDAT_win32\Elias.Mdm.Plugin.BlueDat.dll C:\Users\Admin\AppData\Local\Temp\is-U4ERR.tmp\SetUp-MarCom.tmp N/A
File created C:\Program Files (x86)\MarCom\is-424AC.tmp C:\Users\Admin\AppData\Local\Temp\is-U4ERR.tmp\SetUp-MarCom.tmp N/A
File created C:\Program Files (x86)\MarCom\Devices\Mem1\is-2SLPA.tmp C:\Users\Admin\AppData\Local\Temp\is-U4ERR.tmp\SetUp-MarCom.tmp N/A
File created C:\Program Files (x86)\MarCom\Driver\BlueDat\blueDAT_win32\is-2EJNM.tmp C:\Users\Admin\AppData\Local\Temp\is-U4ERR.tmp\SetUp-MarCom.tmp N/A
File created C:\Program Files (x86)\MarCom\Devices\is-45528.tmp C:\Users\Admin\AppData\Local\Temp\is-U4ERR.tmp\SetUp-MarCom.tmp N/A
File created C:\Program Files (x86)\MarCom\Devices\is-J2DD3.tmp C:\Users\Admin\AppData\Local\Temp\is-U4ERR.tmp\SetUp-MarCom.tmp N/A
File created C:\Program Files (x86)\MarCom\Devices\Mem1\is-KEMDG.tmp C:\Users\Admin\AppData\Local\Temp\is-U4ERR.tmp\SetUp-MarCom.tmp N/A
File opened for modification C:\Program Files (x86)\MarCom\ANT_DLL.dll C:\Users\Admin\AppData\Local\Temp\is-U4ERR.tmp\SetUp-MarCom.tmp N/A
File created C:\Program Files (x86)\MarCom\is-OVVBJ.tmp C:\Users\Admin\AppData\Local\Temp\is-U4ERR.tmp\SetUp-MarCom.tmp N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\INF\setupapi.dev.log C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\inf\oem8.inf C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\INF\setupapi.dev.log C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\INF\setupapi.dev.log C:\Program Files (x86)\MarCom\Driver\AntUSB2\AntPreinstall64.exe N/A
File opened for modification C:\Windows\DPINST.LOG C:\Program Files (x86)\MarCom\Driver\BlueDat\blueDAT_dongle_driver\windrv\dpinst_amd64.exe N/A
File opened for modification C:\Windows\inf\oem7.inf C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\INF\setupapi.dev.log C:\Windows\system32\svchost.exe N/A
File opened for modification C:\Windows\inf\oem5.inf C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\inf\oem6.inf C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\INF\setupapi.dev.log C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\INF\setupapi.dev.log C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\inf\oem4.inf C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\inf\oem5.inf C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\inf\oem9.inf C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\inf\oem9.inf C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\inf\oem3.inf C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\DPINST.LOG C:\Program Files (x86)\MarCom\Driver\Steute\CP210xVCPInstaller_x64.exe N/A
File created C:\Windows\inf\oem6.inf C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\INF\setupapi.dev.log C:\Program Files (x86)\MarCom\Driver\Steute\CP210xVCPInstaller_x64.exe N/A
File created C:\Windows\inf\oem8.inf C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\INF\setupapi.dev.log C:\Program Files (x86)\MarCom\Driver\FTDI\FtdiPreinstall\FtdiPreinstall64.exe N/A
File opened for modification C:\Windows\inf\oem4.inf C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\INF\setupapi.dev.log C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\INF\setupapi.dev.log C:\Users\Public\Documents\MarCom\NT6X64\vsbsetup.exe N/A
File opened for modification C:\Windows\INF\setupapi.dev.log C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\INF\setupapi.dev.log C:\Program Files (x86)\MarCom\Driver\BlueDat\blueDAT_dongle_driver\windrv\dpinst_amd64.exe N/A
File opened for modification C:\Windows\INF\setupapi.dev.log C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\inf\oem7.inf C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\INF\setupapi.dev.log C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\inf\oem3.inf C:\Windows\system32\DrvInst.exe N/A

Browser Information Discovery

discovery

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\MarCom\Driver\FTDI\FtdiPreinstall\FtdiPreinstall32.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\MarCom\Driver\BlueDat\blueDAT_win32\vc_redist.x86.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\regsvr32.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\MarCom\MarComProf.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\Temp1_MarConnect--MarCom Professional--4103401--SW--DE-EN--v5.4-01.20240902180158994.20240902180158994.zip\S e t u p-MarCom.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\SetUp-MarCom.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\is-U4ERR.tmp\SetUp-MarCom.tmp N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\MarCom\Driver\AntUSB2\AntPreinstall32.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\MarCom\Driver\BlueDat\blueDAT_win32\vc_redist.x86.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\regsvr32.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\NOTEPAD.EXE N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\MarConnect--MarCom Professional--4103401--SW--DE-EN--v5.4-01.20240902180158994.20240902180158994\S e t u p-MarCom.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language F:\49893b8e0037e4e51d4e\Setup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\MarCom\Driver\VSP Eltima 9.0.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\is-NMBTN.tmp\VSP Eltima 9.0.tmp N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\regedit.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\MarCom\Driver\dotNetFx40_Client_x86_x64.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Public\Documents\MarCom\vspdxp_install.exe N/A

Checks SCSI registry key(s)

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002 C:\Program Files (x86)\MarCom\Driver\BlueDat\blueDAT_dongle_driver\windrv\dpinst_amd64.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom C:\Users\Public\Documents\MarCom\NT6X64\vsbsetup.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Phantom C:\Windows\system32\DrvInst.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 C:\Program Files (x86)\MarCom\Driver\Steute\CP210xVCPInstaller_x64.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\CompatibleIDs C:\Program Files (x86)\MarCom\Driver\Steute\CP210xVCPInstaller_x64.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Phantom C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags C:\Users\Public\Documents\MarCom\NT6X64\vsbsetup.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\CompatibleIDs C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Service C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID C:\Program Files (x86)\MarCom\Driver\AntUSB2\AntPreinstall64.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\CompatibleIDs C:\Program Files (x86)\MarCom\Driver\FTDI\FtdiPreinstall\FtdiPreinstall64.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Phantom C:\Windows\system32\DrvInst.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002 C:\Windows\system32\DrvInst.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\CompatibleIDs C:\Windows\system32\DrvInst.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000 C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom C:\Program Files (x86)\MarCom\Driver\BlueDat\blueDAT_dongle_driver\windrv\dpinst_amd64.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom C:\Program Files (x86)\MarCom\Driver\BlueDat\blueDAT_dongle_driver\windrv\dpinst_amd64.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\CompatibleIDs C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\CompatibleIDs C:\Windows\system32\DrvInst.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 C:\Windows\system32\svchost.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\CompatibleIDs C:\Windows\system32\DrvInst.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002 C:\Program Files (x86)\MarCom\Driver\Steute\CP210xVCPInstaller_x64.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001 C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom C:\Program Files (x86)\MarCom\Driver\FTDI\FtdiPreinstall\FtdiPreinstall64.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags C:\Program Files (x86)\MarCom\Driver\Steute\CP210xVCPInstaller_x64.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\UpperFilters C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags C:\Windows\system32\svchost.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\CompatibleIDs C:\Windows\system32\DrvInst.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001 C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\LowerFilters C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\LowerFilters C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags C:\Program Files (x86)\MarCom\Driver\Steute\CP210xVCPInstaller_x64.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000 C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\UpperFilters C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\CompatibleIDs C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Phantom C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID C:\Program Files (x86)\MarCom\Driver\BlueDat\blueDAT_dongle_driver\windrv\dpinst_amd64.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001 C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Phantom C:\Windows\system32\DrvInst.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002 C:\Program Files (x86)\MarCom\Driver\AntUSB2\AntPreinstall64.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID C:\Program Files (x86)\MarCom\Driver\BlueDat\blueDAT_dongle_driver\windrv\dpinst_amd64.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID C:\Program Files (x86)\MarCom\Driver\FTDI\FtdiPreinstall\FtdiPreinstall64.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags C:\Program Files (x86)\MarCom\Driver\BlueDat\blueDAT_dongle_driver\windrv\dpinst_amd64.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID C:\Windows\system32\DrvInst.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 C:\Windows\system32\DrvInst.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID C:\Windows\system32\DrvInst.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000 C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID C:\Program Files (x86)\MarCom\Driver\BlueDat\blueDAT_dongle_driver\windrv\dpinst_amd64.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 C:\Program Files (x86)\MarCom\Driver\BlueDat\blueDAT_dongle_driver\windrv\dpinst_amd64.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom C:\Windows\system32\DrvInst.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 F:\49893b8e0037e4e51d4e\Setup.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz F:\49893b8e0037e4e51d4e\Setup.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing C:\Windows\system32\DrvInst.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{E0947E75-CDA3-445F-A577-14A3D40EFCAB}\ = "Virtual Serial Port ActiveX Control 8.0" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{E0947E75-CDA3-445F-A577-14A3D40EFCAB}\ToolboxBitmap32\ = "C:\\Users\\Public\\Documents\\MarCom\\VSPort.dll, 102" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\VSPort.VSPortAx\ = "Virtual Serial Port ActiveX Control 8.0" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{63BFB825-3877-46BB-99D3-47084EDCF250}\ = "_IVSPortAxEvents" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{63BFB825-3877-46BB-99D3-47084EDCF250}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{63BFB825-3877-46BB-99D3-47084EDCF250}\TypeLib\Version = "8.0" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\{2F259514-BA31-13D1-B2E4-0060975B8649}\nabhWNiVkG = "{xM{qbseZ_LKjcQzs|FmzCn_fC" C:\Windows\SysWOW64\regsvr32.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{E0947E75-CDA3-445F-A577-14A3D40EFCAB}\VersionIndependentProgID C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\VSPort.VSPortAx.1\CLSID C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{49CD4B3F-7BB6-4952-BA69-158CF9B03EA6}\ = "IVSPortAx" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\VSPort.VSPortAx.1\ = "Virtual Serial Port ActiveX Control 8.0" C:\Windows\SysWOW64\regsvr32.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{E0947E75-CDA3-445F-A577-14A3D40EFCAB}\MiscStatus C:\Windows\SysWOW64\regsvr32.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{E0947E75-CDA3-445F-A577-14A3D40EFCAB} C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{977A8E13-9D3B-4FF1-8B0D-5B528339EE9A} C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{5BFD1F7E-4A0A-4DE1-9BA3-A9E71C22CCD7}\8.0\FLAGS C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\AppID\VSPort.DLL\AppID = "{977A8E13-9D3B-4FF1-8B0D-5B528339EE9A}" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{E0947E75-CDA3-445F-A577-14A3D40EFCAB}\MiscStatus\ = "0" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{E0947E75-CDA3-445F-A577-14A3D40EFCAB}\VersionIndependentProgID C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{E0947E75-CDA3-445F-A577-14A3D40EFCAB}\Control C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{49CD4B3F-7BB6-4952-BA69-158CF9B03EA6} C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1365AD2C-8652-8EBF-E819-8FD113C6C2E9}\jzAjtfw = "JpLWFVHtZIcWM_D~JpK~VvKS[~Dqfg" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\{2F259514-BA31-13D1-B2E4-0060975B8649}\weopnpfjpRx = "TlAZnBdOhjUemHznegP" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{977A8E13-9D3B-4FF1-8B0D-5B528339EE9A}\ = "VSPort" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1365AD2C-8652-8EBF-E819-8FD113C6C2E9}\weopnpfjpRx = "CXSzjYLHNeWR_ZYcijp" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\VSPort.VSPortAx\CurVer\ = "VSPort.VSPortAx.1" C:\Windows\SysWOW64\regsvr32.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{E0947E75-CDA3-445F-A577-14A3D40EFCAB}\ToolboxBitmap32 C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{E0947E75-CDA3-445F-A577-14A3D40EFCAB}\MiscStatus\1 C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\VSPort.VSPortAx\CLSID\ = "{E0947E75-CDA3-445F-A577-14A3D40EFCAB}" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{63BFB825-3877-46BB-99D3-47084EDCF250}\TypeLib C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{63BFB825-3877-46BB-99D3-47084EDCF250}\TypeLib\Version = "8.0" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1365AD2C-8652-8EBF-E819-8FD113C6C2E9}\InProcServer32\ = "%SystemRoot%\\SysWow64\\SettingSync.dll" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{63BFB825-3877-46BB-99D3-47084EDCF250} C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{49CD4B3F-7BB6-4952-BA69-158CF9B03EA6}\TypeLib\Version = "8.0" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\{2F259514-BA31-13D1-B2E4-0060975B8649} C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\{2F259514-BA31-13D1-B2E4-0060975B8649}\jzAjtfw = "OZ[gBnBB^umGCNEGoTqUoLyVpyFoKv" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\{2F259514-BA31-13D1-B2E4-0060975B8649}\lgwsia = "VBams|aiFQAq{FsNlSwAfM}GjZ\\" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{E0947E75-CDA3-445F-A577-14A3D40EFCAB} C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1365AD2C-8652-8EBF-E819-8FD113C6C2E9}\fdImgxgk = "[}oZ~OFlvLduuLZuH[[W\\KE" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1365AD2C-8652-8EBF-E819-8FD113C6C2E9}\saqQ = "Xj|ZDnrVSm~ri_LK\\nMPZOn{ej" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\{2F259514-BA31-13D1-B2E4-0060975B8649}\oyqnmOqOcv = "vaBfpfSFyEyfYDED" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\{2F259514-BA31-13D1-B2E4-0060975B8649}\CDgqepkvguuA = "Qgh]uoz^_ENCG{vc[\x7fRNZSh" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{63BFB825-3877-46BB-99D3-47084EDCF250}\TypeLib\ = "{5BFD1F7E-4A0A-4DE1-9BA3-A9E71C22CCD7}" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\{2F259514-BA31-13D1-B2E4-0060975B8649}\yvuE = "~s~AWZZEFDzRb}\\FWUdmJ@lH[LO" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{49CD4B3F-7BB6-4952-BA69-158CF9B03EA6}\TypeLib\ = "{5BFD1F7E-4A0A-4DE1-9BA3-A9E71C22CCD7}" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\{2F259514-BA31-13D1-B2E4-0060975B8649}\weopnpfjpRx = "TlAZnBdChjUem\x7fDgLpP" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{5BFD1F7E-4A0A-4DE1-9BA3-A9E71C22CCD7}\8.0\FLAGS\ = "0" C:\Windows\SysWOW64\regsvr32.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{E0947E75-CDA3-445F-A577-14A3D40EFCAB}\Programmable C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{E0947E75-CDA3-445F-A577-14A3D40EFCAB}\ProgID C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1365AD2C-8652-8EBF-E819-8FD113C6C2E9}\yvuE = "~}@LrA}}uSYdn{fxGEem[Km\\mVl" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{E0947E75-CDA3-445F-A577-14A3D40EFCAB}\Version\ = "8.0" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{E0947E75-CDA3-445F-A577-14A3D40EFCAB}\ToolboxBitmap32 C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{5BFD1F7E-4A0A-4DE1-9BA3-A9E71C22CCD7}\8.0 C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1365AD2C-8652-8EBF-E819-8FD113C6C2E9}\RtCt = "wlQZE@SvFQowLhkiRT" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\{2F259514-BA31-13D1-B2E4-0060975B8649}\fdImgxgk = "KiuamgjmVe[\x7f]CIuMsVjnVm" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\{2F259514-BA31-13D1-B2E4-0060975B8649}\saqQ = "nAv^RYQEQm_tXFPqF}vVFR_I]~" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{E0947E75-CDA3-445F-A577-14A3D40EFCAB}\AppID = "{977A8E13-9D3B-4FF1-8B0D-5B528339EE9A}" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{E0947E75-CDA3-445F-A577-14A3D40EFCAB}\ProgID\ = "VSPort.VSPortAx.1" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\VSPort.VSPortAx\CLSID C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{E0947E75-CDA3-445F-A577-14A3D40EFCAB}\AppID = "{977A8E13-9D3B-4FF1-8B0D-5B528339EE9A}" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{49CD4B3F-7BB6-4952-BA69-158CF9B03EA6}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{E0947E75-CDA3-445F-A577-14A3D40EFCAB}\MiscStatus C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\VSPort.VSPortAx C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{63BFB825-3877-46BB-99D3-47084EDCF250}\ = "_IVSPortAxEvents" C:\Windows\SysWOW64\regsvr32.exe N/A

NTFS ADS

Description Indicator Process Target
File created C:\ProgramData\TEMP:2F259514 C:\Windows\SysWOW64\regsvr32.exe N/A
File opened for modification C:\ProgramData\TEMP:2F259514 C:\Windows\SysWOW64\regsvr32.exe N/A

Runs .reg file with regedit

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\regedit.exe N/A
N/A N/A C:\Windows\regedit.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-U4ERR.tmp\SetUp-MarCom.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-U4ERR.tmp\SetUp-MarCom.tmp N/A
N/A N/A F:\49893b8e0037e4e51d4e\Setup.exe N/A
N/A N/A F:\49893b8e0037e4e51d4e\Setup.exe N/A
N/A N/A F:\49893b8e0037e4e51d4e\Setup.exe N/A
N/A N/A F:\49893b8e0037e4e51d4e\Setup.exe N/A
N/A N/A F:\49893b8e0037e4e51d4e\Setup.exe N/A
N/A N/A F:\49893b8e0037e4e51d4e\Setup.exe N/A
N/A N/A F:\49893b8e0037e4e51d4e\Setup.exe N/A
N/A N/A F:\49893b8e0037e4e51d4e\Setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-NMBTN.tmp\VSP Eltima 9.0.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-NMBTN.tmp\VSP Eltima 9.0.tmp N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeAuditPrivilege N/A C:\Windows\system32\svchost.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\svchost.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Users\Public\Documents\MarCom\NT6X64\vsbsetup.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\DrvInst.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\DrvInst.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\system32\DrvInst.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\system32\DrvInst.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\system32\DrvInst.exe N/A
Token: 33 N/A C:\Windows\SysWOW64\regsvr32.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\SysWOW64\regsvr32.exe N/A
Token: 33 N/A C:\Windows\SysWOW64\regsvr32.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\SysWOW64\regsvr32.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-U4ERR.tmp\SetUp-MarCom.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-NMBTN.tmp\VSP Eltima 9.0.tmp N/A
N/A N/A C:\Windows\SysWOW64\NOTEPAD.EXE N/A
N/A N/A C:\Program Files (x86)\MarCom\MarComProf.exe N/A
N/A N/A C:\Program Files (x86)\MarCom\MarComProf.exe N/A
N/A N/A C:\Program Files (x86)\MarCom\MarComProf.exe N/A
N/A N/A C:\Program Files (x86)\MarCom\MarComProf.exe N/A
N/A N/A C:\Program Files (x86)\MarCom\MarComProf.exe N/A
N/A N/A C:\Program Files (x86)\MarCom\MarComProf.exe N/A
N/A N/A C:\Program Files (x86)\MarCom\MarComProf.exe N/A
N/A N/A C:\Program Files (x86)\MarCom\MarComProf.exe N/A
N/A N/A C:\Program Files (x86)\MarCom\MarComProf.exe N/A
N/A N/A C:\Program Files (x86)\MarCom\MarComProf.exe N/A
N/A N/A C:\Program Files (x86)\MarCom\MarComProf.exe N/A
N/A N/A C:\Program Files (x86)\MarCom\MarComProf.exe N/A
N/A N/A C:\Program Files (x86)\MarCom\MarComProf.exe N/A
N/A N/A C:\Program Files (x86)\MarCom\MarComProf.exe N/A
N/A N/A C:\Program Files (x86)\MarCom\MarComProf.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\MarCom\MarComProf.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4412 wrote to memory of 3632 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4412 wrote to memory of 3632 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4412 wrote to memory of 2148 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4412 wrote to memory of 2148 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4412 wrote to memory of 2148 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4412 wrote to memory of 2148 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4412 wrote to memory of 2148 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4412 wrote to memory of 2148 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4412 wrote to memory of 2148 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4412 wrote to memory of 2148 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4412 wrote to memory of 2148 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4412 wrote to memory of 2148 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4412 wrote to memory of 2148 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4412 wrote to memory of 2148 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4412 wrote to memory of 2148 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4412 wrote to memory of 2148 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4412 wrote to memory of 2148 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4412 wrote to memory of 2148 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4412 wrote to memory of 2148 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4412 wrote to memory of 2148 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4412 wrote to memory of 2148 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4412 wrote to memory of 2148 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4412 wrote to memory of 2148 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4412 wrote to memory of 2148 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4412 wrote to memory of 2148 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4412 wrote to memory of 2148 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4412 wrote to memory of 2148 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4412 wrote to memory of 2148 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4412 wrote to memory of 2148 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4412 wrote to memory of 2148 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4412 wrote to memory of 2148 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4412 wrote to memory of 2148 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4412 wrote to memory of 2148 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4412 wrote to memory of 2148 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4412 wrote to memory of 2148 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4412 wrote to memory of 2148 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4412 wrote to memory of 2148 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4412 wrote to memory of 2148 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4412 wrote to memory of 2148 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4412 wrote to memory of 2148 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4412 wrote to memory of 2148 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4412 wrote to memory of 2148 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4412 wrote to memory of 2904 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4412 wrote to memory of 2904 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4412 wrote to memory of 2140 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4412 wrote to memory of 2140 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4412 wrote to memory of 2140 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4412 wrote to memory of 2140 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4412 wrote to memory of 2140 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4412 wrote to memory of 2140 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4412 wrote to memory of 2140 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4412 wrote to memory of 2140 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4412 wrote to memory of 2140 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4412 wrote to memory of 2140 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4412 wrote to memory of 2140 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4412 wrote to memory of 2140 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4412 wrote to memory of 2140 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4412 wrote to memory of 2140 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4412 wrote to memory of 2140 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4412 wrote to memory of 2140 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4412 wrote to memory of 2140 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4412 wrote to memory of 2140 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4412 wrote to memory of 2140 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4412 wrote to memory of 2140 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://metrology.mahr.com/de/service/download-center/marcom-professional/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe8dff46f8,0x7ffe8dff4708,0x7ffe8dff4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,7258396444338989358,11269128041410401435,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2084 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2072,7258396444338989358,11269128041410401435,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2072,7258396444338989358,11269128041410401435,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2788 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,7258396444338989358,11269128041410401435,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,7258396444338989358,11269128041410401435,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3372 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,7258396444338989358,11269128041410401435,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5488 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,7258396444338989358,11269128041410401435,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4084 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,7258396444338989358,11269128041410401435,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4084 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,7258396444338989358,11269128041410401435,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5400 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,7258396444338989358,11269128041410401435,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4208 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2072,7258396444338989358,11269128041410401435,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5612 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,7258396444338989358,11269128041410401435,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5260 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,7258396444338989358,11269128041410401435,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6328 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,7258396444338989358,11269128041410401435,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6356 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2072,7258396444338989358,11269128041410401435,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6296 /prefetch:8

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Users\Admin\AppData\Local\Temp\Temp1_MarConnect--MarCom Professional--4103401--SW--DE-EN--v5.4-01.20240902180158994.20240902180158994.zip\S e t u p-MarCom.exe

"C:\Users\Admin\AppData\Local\Temp\Temp1_MarConnect--MarCom Professional--4103401--SW--DE-EN--v5.4-01.20240902180158994.20240902180158994.zip\S e t u p-MarCom.exe"

C:\Users\Admin\Downloads\MarConnect--MarCom Professional--4103401--SW--DE-EN--v5.4-01.20240902180158994.20240902180158994\S e t u p-MarCom.exe

"C:\Users\Admin\Downloads\MarConnect--MarCom Professional--4103401--SW--DE-EN--v5.4-01.20240902180158994.20240902180158994\S e t u p-MarCom.exe"

C:\Users\Admin\AppData\Local\Temp\SetUp-MarCom.exe

"C:\Users\Admin\AppData\Local\Temp\SetUp-MarCom.exe"

C:\Users\Admin\AppData\Local\Temp\is-U4ERR.tmp\SetUp-MarCom.tmp

"C:\Users\Admin\AppData\Local\Temp\is-U4ERR.tmp\SetUp-MarCom.tmp" /SL5="$40362,85763104,117248,C:\Users\Admin\AppData\Local\Temp\SetUp-MarCom.exe"

C:\Program Files (x86)\MarCom\Driver\FTDI\FtdiPreinstall\FtdiPreinstall32.exe

"C:\Program Files (x86)\MarCom\Driver\FTDI\FtdiPreinstall\FtdiPreinstall32.exe"

C:\Program Files (x86)\MarCom\Driver\FTDI\FtdiPreinstall\FtdiPreinstall64.exe

"C:\Program Files (x86)\MarCom\Driver\FTDI\FtdiPreinstall\FtdiPreinstall64.exe"

C:\Program Files (x86)\MarCom\Driver\AntUSB2\AntPreinstall32.exe

"C:\Program Files (x86)\MarCom\Driver\AntUSB2\AntPreinstall32.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c regedit /s AntDriverCtrlFlags_QuietInstall.reg

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k DcomLaunch -p -s DeviceInstall

C:\Windows\SysWOW64\regedit.exe

regedit /s AntDriverCtrlFlags_QuietInstall.reg

C:\Windows\system32\DrvInst.exe

DrvInst.exe "4" "28" "C:\Users\Admin\AppData\Local\Temp\{2d094c69-14f6-ac4f-9747-198e3d7675ed}\ftdibus.inf" "9" "44522b27f" "0000000000000148" "WinSta0\Default" "0000000000000158" "208" "C:\Program Files (x86)\MarCom\Driver\FTDI\FtdiPreinstall"

C:\Program Files (x86)\MarCom\Driver\AntUSB2\AntPreinstall64.exe

"C:\Program Files (x86)\MarCom\Driver\AntUSB2\AntPreinstall64.exe"

C:\Program Files (x86)\MarCom\Driver\dotNetFx40_Client_x86_x64.exe

"C:\Program Files (x86)\MarCom\Driver\dotNetFx40_Client_x86_x64.exe" /q

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c regedit /s AntDriverCtrlFlags_QuietInstall.reg

C:\Windows\regedit.exe

regedit /s AntDriverCtrlFlags_QuietInstall.reg

C:\Windows\system32\DrvInst.exe

DrvInst.exe "4" "8" "C:\Users\Admin\AppData\Local\Temp\{f4f10ca9-fca2-ec47-890a-7fe2ae45b715}\ANT_LibUsb.inf" "9" "48f6e236f" "0000000000000160" "WinSta0\Default" "0000000000000170" "208" "C:\Program Files (x86)\MarCom\Driver\AntUSB2"

F:\49893b8e0037e4e51d4e\Setup.exe

F:\49893b8e0037e4e51d4e\\Setup.exe /q /x86 /x64

C:\Program Files (x86)\MarCom\Driver\BlueDat\blueDAT_win32\vc_redist.x86.exe

"C:\Program Files (x86)\MarCom\Driver\BlueDat\blueDAT_win32\vc_redist.x86.exe" /passive /norestart

C:\Program Files (x86)\MarCom\Driver\BlueDat\blueDAT_win32\vc_redist.x86.exe

"C:\Program Files (x86)\MarCom\Driver\BlueDat\blueDAT_win32\vc_redist.x86.exe" /passive /norestart -burn.unelevated BurnPipe.{FC852B7A-8EAF-4551-8501-C5185F9BA35F} {446CBFA5-226B-4D8E-AA77-B09948F08BAE} 4356

C:\Program Files (x86)\MarCom\Driver\BlueDat\blueDAT_dongle_driver\windrv\dpinst_amd64.exe

"C:\Program Files (x86)\MarCom\Driver\BlueDat\blueDAT_dongle_driver\windrv\dpinst_amd64.exe"

C:\Windows\system32\DrvInst.exe

DrvInst.exe "4" "0" "C:\Users\Admin\AppData\Local\Temp\{a8221c0f-66e2-5946-876e-0a952e7bf6e0}\dfu.inf" "9" "448afa067" "0000000000000160" "WinSta0\Default" "0000000000000170" "208" "c:\program files (x86)\marcom\driver\bluedat\bluedat_dongle_driver\windrv"

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Windows\system32\pnpui.dll,InstallSecurityPromptRunDllW 20 Global\{402b6195-f240-2a45-9820-8a3fb82ace60} Global\{828da931-6ccb-b144-977c-fd54761e9dae} C:\Windows\System32\DriverStore\Temp\{41bfc8de-0401-a34e-ade4-ab944907d3ca}\dfu.inf C:\Windows\System32\DriverStore\Temp\{41bfc8de-0401-a34e-ade4-ab944907d3ca}\dfu.cat

C:\Windows\system32\DrvInst.exe

DrvInst.exe "4" "0" "C:\Users\Admin\AppData\Local\Temp\{272c9f1e-41ec-554a-b888-f3654230c2fa}\usbserial.inf" "9" "4241759f3" "0000000000000170" "WinSta0\Default" "0000000000000174" "208" "c:\program files (x86)\marcom\driver\bluedat\bluedat_dongle_driver\windrv"

C:\Program Files (x86)\MarCom\Driver\Steute\CP210xVCPInstaller_x64.exe

"C:\Program Files (x86)\MarCom\Driver\Steute\CP210xVCPInstaller_x64.exe" /SE /S

C:\Windows\system32\DrvInst.exe

DrvInst.exe "4" "8" "C:\Users\Admin\AppData\Local\Temp\{47a895c9-38ef-2c46-9846-c90c8b770c68}\slabvcp.inf" "9" "49fe42bcf" "00000000000000E8" "WinSta0\Default" "0000000000000160" "208" "c:\program files (x86)\marcom\driver\steute"

C:\Program Files (x86)\MarCom\Driver\VSP Eltima 9.0.exe

"C:\Program Files (x86)\MarCom\Driver\VSP Eltima 9.0.exe" /VERYSILENT

C:\Users\Admin\AppData\Local\Temp\is-NMBTN.tmp\VSP Eltima 9.0.tmp

"C:\Users\Admin\AppData\Local\Temp\is-NMBTN.tmp\VSP Eltima 9.0.tmp" /SL5="$4040A,1330796,121344,C:\Program Files (x86)\MarCom\Driver\VSP Eltima 9.0.exe" /VERYSILENT

C:\Users\Public\Documents\MarCom\vspdxp_install.exe

"C:\Users\Public\Documents\MarCom\vspdxp_install.exe"

C:\Windows\SysWOW64\regsvr32.exe

"C:\Windows\system32\regsvr32.exe" VSPort.dll /s /i:"Mahr Esslingen#000GUZ-XT2M4J-BV6PTU-Q8DH20-R6YRZ4-3NTWXA-622F31-3C6EDA-5D8EB0-9BB5CB-62A2E8-756793"

C:\Users\Public\Documents\MarCom\NT6X64\vsbsetup.exe

C:\Users\Public\Documents\MarCom\NT6X64\vsbsetup.exe

C:\Windows\system32\DrvInst.exe

DrvInst.exe "4" "0" "C:\Users\Admin\AppData\Local\Temp\{f9cb1fd6-7db4-6842-9ecb-d1dcb05c52fe}\evserial9.inf" "9" "4ccdef8eb" "0000000000000164" "WinSta0\Default" "000000000000015C" "208" "C:\Users\Public\Documents\MarCom\NT6X64"

C:\Windows\system32\DrvInst.exe

DrvInst.exe "4" "0" "C:\Users\Admin\AppData\Local\Temp\{f4450c71-20d7-9046-b55c-f02b6649a3ab}\evsbc9.inf" "9" "44fb335b7" "0000000000000148" "WinSta0\Default" "000000000000015C" "208" "c:\users\public\documents\marcom\nt6x64"

C:\Windows\system32\DrvInst.exe

DrvInst.exe "2" "211" "ROOT\SYSTEM\0001" "C:\Windows\INF\oem9.inf" "oem9.inf:947a44d0838aed2e:VSBus_Device:9.0.369.0:vsbc9," "44fb335b7" "0000000000000148"

C:\Windows\SysWOW64\regsvr32.exe

"C:\Windows\system32\regsvr32" VSPort.dll /s

C:\Windows\SysWOW64\NOTEPAD.EXE

"C:\Windows\system32\NOTEPAD.EXE" C:\Program Files (x86)\MarCom\Readme.TXT

C:\Program Files (x86)\MarCom\MarComProf.exe

"C:\Program Files (x86)\MarCom\MarComProf.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,7258396444338989358,11269128041410401435,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2748 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 metrology.mahr.com udp
DE 104.248.242.141:443 metrology.mahr.com tcp
US 8.8.8.8:53 consent.cookiefirst.com udp
GB 79.127.237.132:443 consent.cookiefirst.com tcp
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 141.242.248.104.in-addr.arpa udp
US 8.8.8.8:53 72.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
GB 79.127.237.132:443 consent.cookiefirst.com tcp
US 8.8.8.8:53 132.237.127.79.in-addr.arpa udp
US 8.8.8.8:53 edge.cookiefirst.com udp
US 8.8.8.8:53 www.mahr.com udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 mahr.canto.global udp
IE 52.48.16.159:443 mahr.canto.global tcp
IE 52.48.16.159:443 mahr.canto.global tcp
US 8.8.8.8:53 d105emv5h26k8d.cloudfront.net udp
US 8.8.8.8:53 canto.us1app.churnzero.net udp
US 75.2.95.111:443 canto.us1app.churnzero.net tcp
GB 108.156.32.42:443 d105emv5h26k8d.cloudfront.net tcp
GB 108.156.32.42:443 d105emv5h26k8d.cloudfront.net tcp
GB 108.156.32.42:443 d105emv5h26k8d.cloudfront.net tcp
GB 108.156.32.42:443 d105emv5h26k8d.cloudfront.net tcp
US 8.8.8.8:53 159.16.48.52.in-addr.arpa udp
US 8.8.8.8:53 42.32.156.108.in-addr.arpa udp
US 8.8.8.8:53 111.95.2.75.in-addr.arpa udp
US 8.8.8.8:53 6.39.156.108.in-addr.arpa udp
GB 108.156.32.42:443 d105emv5h26k8d.cloudfront.net tcp
US 8.8.8.8:53 js-agent.newrelic.com udp
US 162.247.243.39:443 js-agent.newrelic.com tcp
US 8.8.8.8:53 bam.nr-data.net udp
US 162.247.243.29:443 bam.nr-data.net tcp
US 8.8.8.8:53 d1c96hlcey6qkb.cloudfront.net udp
GB 18.244.183.136:443 d1c96hlcey6qkb.cloudfront.net tcp
US 8.8.8.8:53 39.243.247.162.in-addr.arpa udp
US 8.8.8.8:53 29.243.247.162.in-addr.arpa udp
US 8.8.8.8:53 226.21.18.104.in-addr.arpa udp
US 8.8.8.8:53 136.183.244.18.in-addr.arpa udp
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 c.leadlab.click udp
DE 94.130.188.80:443 c.leadlab.click tcp
US 8.8.8.8:53 t.leadlab.click udp
US 8.8.8.8:53 80.188.130.94.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 57.110.18.2.in-addr.arpa udp
US 8.8.8.8:53 48.229.111.52.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 4dd2754d1bea40445984d65abee82b21
SHA1 4b6a5658bae9a784a370a115fbb4a12e92bd3390
SHA256 183b8e82a0deaa83d04736553671cedb738adc909f483b3c5f822a0e6be7477d
SHA512 92d44ee372ad33f892b921efa6cabc78e91025e89f05a22830763217826fa98d51d55711f85c8970ac58abf9adc6c85cc40878032cd6d2589ab226cd099f99e1

\??\pipe\LOCAL\crashpad_4412_CIHETXXSIIOFTLXG

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 ecf7ca53c80b5245e35839009d12f866
SHA1 a7af77cf31d410708ebd35a232a80bddfb0615bb
SHA256 882a513b71b26210ff251769b82b2c5d59a932f96d9ce606ca2fab6530a13687
SHA512 706722bd22ce27d854036b1b16e6a3cdb36284b66edc76238a79c2e11cee7d1307b121c898ad832eb1af73e4f08d991d64dc0bff529896ffb4ebe9b3dc381696

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 eae50e88c12946b9487467b589c37189
SHA1 91517be6cdc2ee130173ea3811c4ad00d27242b8
SHA256 cf29661da5c665b13d5991a4f241ab1a725bc03a01ca7f4b165910f86350ae3f
SHA512 2e710a92fb09b5a229189e27398b6069b77399cef4076bc98f1580638753f96235663908d328d605b87e3ee75599ae10cc2a56db2d10aaeda27564eac0e827dd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 b6df6b17802aa69a5d5ef08d647c88fa
SHA1 527977614c833b6f601946e7cf15ee9c1eea4b9a
SHA256 d166d79e9b7922651be101d589b07cf15bb6fcd45314973439445a2b4368d46e
SHA512 248dc4e72dda05687c4d8e75595d2033e5904375db4afb8fb1f2ab8d99fd61645ef92d6bfc8d8dbd4c6316f3d928fc340b7d14cc962f4cb0b24d863d4aeb3c8f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 73871fc6dcd9e36b963bc9108b5269f4
SHA1 dc5145ad41405c5914fe800dc83f203d4fd35aaa
SHA256 dc86389c7eb1cd366f38c8ac6f7e893ec4670ef88f9d4cbadabb38eba27e814c
SHA512 191991fc69023d62ce88fac63621e252bb94f45d0953d9f1710c1d65f7991e2f604591cd3ef97e6dc16aced05e48b33b03c69c0c2a281a39fce6ae8910c49baa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 6f7ff655313bc2c2d5833f9e8b8a7a19
SHA1 5edcc414208d71f20be501d755f74bfdbdd9f72f
SHA256 58dd8dbb32d10cd48c9f2b89159635ee5b60a5f8d82a8cbcc7b0d2b64b6ff8b9
SHA512 bb426fe0566454bbd75a412249537f09cafdefef66b824bedbbc059afe2671958b50b7a2768c52cc9a5456d1a2b06945d1bf6473e62a7a43a7029b2dd7148955

memory/5720-486-0x0000000000400000-0x0000000000AD9000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 893ae727145248ebc46a0dd251dc5a9f
SHA1 34991774b1e0397a8309a4ac2e2e8160b2f4baa3
SHA256 c5efaabf4dcfef17d2f4c2eb9fabb4fee8f7b305d1cf3fac60430f072ace3a6f
SHA512 c5e00a117c27c4560532787b1c9cfc12264c33706012e33a7a607c920dcdaf00d84f0e54faf6b75fa84bc4a60c848469133e61a9518fac29e85dd01b0a98a582

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 ab6377e7e9903ff3104017f6f6569811
SHA1 e4ed40935cec7bed8bbcc279d04847cd8e452852
SHA256 782151243114bb53e1fb0182968bee2a64087e9f4bdd95c7bb47f849f894c655
SHA512 e1c97fadc9c0fc00356ee0440d07a6e27e35b2ae6f13232e6609c21649d4fb6dc98c894d4aedf4b13bded3ebd493bf15cc2090a797e9ac3e0048e7a5fcf4b07b

memory/6100-517-0x0000000000400000-0x0000000000427000-memory.dmp

memory/6020-516-0x0000000000400000-0x0000000000AD9000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 2fdc1e208f5cac6a633ef8f05bd76ef7
SHA1 7a49de3def1540bdae9a74a640ca0d6549e19d0a
SHA256 f560d1d425ade663e32bc967c07764aad4eab869b16e01d19e98e45178a17914
SHA512 3c2529d950efae991be50dec9b11e85641bb9170e460b93b5d9edf296cda13064915d632239f86c604fb337609f58667208cb299bdc35cfe795e5fbce334bc8a

C:\Users\Admin\AppData\Local\Temp\is-U4ERR.tmp\SetUp-MarCom.tmp

MD5 302e11ab876edb6c8ab42ad4e9310732
SHA1 17b395ee4346ab45368ea61dc0d61cededbdb60d
SHA256 59d945d06976e149dcf12101110d263c6707b2a9528c0ba4966d4a722103f872
SHA512 8dd4695cdcc9de105c54884f3599384a45ac78e6d168ef737851176cdbfb1790e69932a1102d13a331529914b5a79606def4eeb2cb89dc8557bcde8ef571faa7

C:\Program Files (x86)\MarCom\is-OVVBJ.tmp

MD5 291fe0ed7880c51cf4a8c78d04e8b701
SHA1 d5d22e60981c2b10ae37ec562b88f3c7e21ef91b
SHA256 324dfb28d4c6bf475ab4c68032dcb111f2c2d356a27504c7cfcb4c3e4833b74c
SHA512 48248b5a33e32f8e8dcd6ba73f5bd7738b89bfba0aac34371dbb5efd12d7c238ff6bccbd920bded1447b8210710a0b0d01ba85a47865b5328fa6e362bb6445ce

C:\Program Files (x86)\MarCom\MarComVersion.txt

MD5 11e32422a438f17911a6909abb348cbe
SHA1 af7b75007f9d17641f3f94b15fadd3da54d8df15
SHA256 40b241e149832fc4728245f0adbccc65effed34122a63afaa80f7000cb048d98
SHA512 ee480f64a7b1a735eb0dd523df233546dc5206cc3aebf0759dfc387a36fc2f0b4ab84b990901dce458489b2c69c78de5b47ef34b01a23a6db1cda90c10274186

memory/6100-688-0x0000000000400000-0x0000000000427000-memory.dmp

memory/4944-689-0x0000000000400000-0x000000000052C000-memory.dmp

C:\Program Files (x86)\MarCom\Driver\ANTUSB2\README.txt

MD5 66e200bd27a76764394183c869bd0122
SHA1 d38c6687bc5329ca47d2f4c847df2d15b0af468b
SHA256 8b45a1870d87afc36fb263ec3304d6f1ded5397e44c7e79a8548f7d964817f5b
SHA512 57c36bfba3e24c137df11fc2a40a50727df415b19ae48b3d718e09fb67d8b81867ef12d9848edd6f930a5d4f3ef0f4e03624e848cb3d8695515e6978adab1b05

C:\Program Files (x86)\MarCom\Driver\BlueDat\blueDAT_dongle_driver\version.txt

MD5 673554a0aa7100beda88477b0edd6b40
SHA1 44975c34a024a0d54213c2f288fdcfcbaf880138
SHA256 099fc1c72b6d3297dd85d684ea6034689230943fd8b9eac70a2f72e0694527f6
SHA512 104eb669a3d27a683fe6e06749d7736a8a920d4cb03e921d506ef6093d8a5fb7448fe03df6acbb51bd1f51cfc91281d1fdd5400817135533dbab1d11ce8f8100

C:\Program Files (x86)\MarCom\Driver\FTDI\FtdiPreinstall\is-U43FI.tmp

MD5 ddf5dda0d9c77aa541f9a971d8e2d8bc
SHA1 ced8fe607d6f958724acac4f0d6cd1da815c1194
SHA256 9176282ce22e20b6d0e384987bc2e060f66a8fb76545de49341026134cce2e7e
SHA512 456d464838f66c43e652c5fa630039a7d610fb2fe4073a3fee11e23ad66938af65617aefc5ec5f8783cbd4b53cf9d9ceadbf1cb0b0584a07c5bd2289232726c4

C:\Program Files (x86)\MarCom\Driver\FTDI\FtdiPreinstall\is-9IOVI.tmp

MD5 5ca8640e6171a81f3203db577c674493
SHA1 393d217a384fca9fa355a3389273055b6988059e
SHA256 c60f69484dfb97d81b5814f5b25844b892d5f0f20d7fe71c11fb9b3dd6bd8bfb
SHA512 496039b9271a29831a56481b8aff1034b217d64af15c7943a2fd6a84252d22188c6823a7aa6ca205582ce0897dfe181d19cd58bb3e372b7152be8845ad31dedc

C:\Program Files (x86)\MarCom\Driver\FTDI\FtdiPreinstall\is-4UUUM.tmp

MD5 577772f78ebfd15e2eef029284520725
SHA1 4c8545eeb6143b6ad3858b5d1e0aee76040b1435
SHA256 fe9a14ca08865506207d1458d9948801d88720dd1a4e8d02e65ec92d12e890fb
SHA512 30ba7c15e42abeeaaafe20ec6443c2d07af4f9beda511b0357341918e00939d6d826eab72a48bdd4c4b11bc4f39ccde85936e800acf9205f27d55f0827a19fa2

C:\Program Files (x86)\MarCom\Driver\FTDI\FtdiPreinstall\is-M196I.tmp

MD5 29a416e493dd79825c742a3e668b847f
SHA1 0efdbcb5e96f0c2519e4bab3acff9710d0110630
SHA256 036e53ac494a2d8e6c69b510f96e9446e910c96f64bbbe8eb60b6a226ef03838
SHA512 63b033e9c1b28af2f09ed2c2ca4785efa5d8fd3a4ad98bfa18fb765c7ae8bfbfe15fea5ddcd16a85f3266f0092b9cfb229cbd33ba154d12f547305fa2c2027be

C:\Program Files (x86)\MarCom\Driver\FTDI\FtdiPreinstall\is-GS2BA.tmp

MD5 c9e7b18f155d639f8ec1dee75b776adf
SHA1 6849f67bacd4da5a5b9d46803e6850d0be8b3826
SHA256 dd6d037222813e2fc878ce9b3d7197a864201072c01622d9cbf5b8463cd6a05e
SHA512 4bd44df659888f4fd96c5a06ef90e2018f60201b7a37eeb2d605872280c1a862a41de7312491740ebdb45fe94885ca5ed4a5eb376e0cef2491f60bd8500aea19

C:\Program Files (x86)\MarCom\Driver\FTDI\FtdiPreinstall\amd64\is-TQVTB.tmp

MD5 f7a0aaed16041897f88e4c438a57e78c
SHA1 36cd8e64c9535d743a451d223d3addf638334005
SHA256 72777139f330a2e7653c0b5d427b57172275edd4535c5f743bb0ade50037a0f5
SHA512 4246cfe369253b99152c4c6c4d9e296119817a30779afd2bbfb35fb677f70cb4c98ce1a4ac65c13ddee713f2f4b841aacad724178c1f02cb9222181f83480f9f

C:\Program Files (x86)\MarCom\Driver\FTDI\FtdiPreinstall\amd64\is-9IQB4.tmp

MD5 c2885ac796b11af0b3eb4f6d305c205e
SHA1 74076ea76a2543d523bfc1e97695f7f9f70de1bf
SHA256 94c3b96bdc73610cd926353c97b0918ec9515f7da64f57f15240d3966a5c2d38
SHA512 11b8438457d3c3cea226a02b1ceb83eefb90459e538921b0f3b855783bbdafbed20efeb1f62164f2b866c181d58825c6cecf71707258e2031c4b7475cff4ae86

C:\Program Files (x86)\MarCom\Driver\FTDI\FtdiPreinstall\amd64\is-I1TQ9.tmp

MD5 6dc95e9a3b69764abb0279977987cd94
SHA1 ed5dc14b19638d3eb1496fd8316875fcc77c3211
SHA256 63a8e3782eba06f4a86691a101b64ed7a8d4e9415ca5eb3c0e669fe3db877928
SHA512 b0f9275a8634d0ea248fdbc1e1682642c9ff3b8832c1f63f37f8f59673f43ab604f8bd890477e9e5172380a42a40417b9139c9affdb7ef2bf492337deb46fb06

C:\Program Files (x86)\MarCom\Driver\FTDI\FtdiPreinstall\amd64\is-ENJPC.tmp

MD5 bb854269ed4fcdd96ddac2fd7938c5b3
SHA1 c9f89e6d15aab0a348611eed941e2a145830eb7d
SHA256 0a776a6191c81d3682bb8d6784b45faea858a3dbfbe4e1345386068e02fb7d60
SHA512 0cec61b713315977363dffa95a29caa2a96e40892e14f1bce24500a13ae62ec0ad8fcf1ac621ac578ae7cc5db1222bb2a33de5dc464610925a5afc274afb79c8

C:\Program Files (x86)\MarCom\Driver\FTDI\FtdiPreinstall\amd64\is-5I0L2.tmp

MD5 35fd2bb5131714e657b7ab3a78642854
SHA1 69b32abcda0973721b6a1ad8d06bcb4bf63f8cc4
SHA256 c24ac6d4e0e76b39625fc9051e092439642c3a10122f712c11a562860703f27a
SHA512 351c7a6d41573175dccfc4923db7c3dee1d752bf003f454ca3268320903e307664409ea08f72b2d1e8be067ca4b2deca96966a6692eef570e9c17f98166bdbf1

C:\Program Files (x86)\MarCom\Driver\FTDI\FtdiPreinstall\amd64\is-0440N.tmp

MD5 5085bdd7167c74464f21e463fb0b7c0a
SHA1 00f0255300336e8a57d27c0d6260656fd3d57829
SHA256 1d0f04c67da0c6e62c236d90123cbb2e89709f1e960f24ed0ba07fa691f47f99
SHA512 c6898282371533fdf80cf95b431541169b551715dc2122c5318557efbbe593d21195f6d26c7617a3ee4da8e144fa755d95f128e886285874379eecdff1c0ef08

C:\Program Files (x86)\MarCom\Driver\FTDI\FtdiPreinstall\amd64\is-7EC17.tmp

MD5 196c9bddbef9b6d0973f398bef5b2eee
SHA1 c68ad88223ad70e6a7ee69da6142d9a6aa4eccee
SHA256 d4f9c5ced1e33446b45bd2affa6e716b4332af8716477a80437220ac20c6dfe0
SHA512 0e7b871a66fa43621e27568188cecc8895bba4a417f624b5a65816b48565f71f3dea6a9c90a393d87a9fc945965b9b92578e01fbc3b8e938159dd1907d78b634

C:\Program Files (x86)\MarCom\Driver\FTDI\FtdiPreinstall\amd64\is-PUG33.tmp

MD5 036a6ed7a51e73ae2c0acc6bd814e326
SHA1 32ce8f5df256cc01f79fbccf88f43b7c5fe5a058
SHA256 278c9a9a7b0167507f750d67d278ac77d98fe06873e250bede9ae4177c69e8b8
SHA512 e2be4eaf2ed591d18a938ef37115afd13c430337603cb332d67cf72f81717708372dc53db579f678970172bf95fbe04190b1fbf3a5b833ebfd7e3ea1c1bbedba

C:\Program Files (x86)\MarCom\Driver\FTDI\FtdiPreinstall\i386\is-B6O8L.tmp

MD5 b1aec925ccddd3f6825c8b3874fdb896
SHA1 38624538523780953193bdf6a507ffdf4e2c3b1a
SHA256 61032f868403855527e2fc91d176da07213ed190f93a9f99ee9f0cfb783e59fc
SHA512 164e9946c89ff11c2deadd7378a32a34ddc521b0b82304b69a1ef06cba17d5462789b91f60f795a51bfce9c55a4cebbd96675950c519266193a445a5a7c40690

C:\Program Files (x86)\MarCom\Driver\FTDI\FtdiPreinstall\i386\is-TACHO.tmp

MD5 fef14208203edfac97135a75218d3722
SHA1 a4a7c36b25c6ddf58e2b25f21402671371e9b978
SHA256 9fabdabc53b8174bf19d53f08cd838db9ab6cb124360ec22c66473d1bb1c4577
SHA512 4a4bbcb5ba5b60d3d879b3ae50408c0d7b3fead8e1f84bcd20d2bb8118f16346b3363f1918d92121f16880d264d0dc044e2c70206be3a1d248cf2c402042e251

C:\Program Files (x86)\MarCom\Driver\FTDI\FtdiPreinstall\i386\is-FLJ1E.tmp

MD5 ec44c778a64dcd18bc98a7316e4664f0
SHA1 0baf26d07ac076901f474ab50142f4812e986d66
SHA256 751258bb040197c7c10683a74b38a1b1aef9c68ca9a58ce2168c8a62cb913371
SHA512 0e9fc117d9915d3a213fb06fe901c484849c63c683b29cbf7002b36fbac24ccc6e56ed0f7f7188347146e2f030d24e8a8be20fdd28c3c8bf6c2b0fd0276639ff

C:\Program Files (x86)\MarCom\Driver\FTDI\FtdiPreinstall\i386\is-9L0R5.tmp

MD5 a794957c0b8f0f45bd8354ea2ec24cfc
SHA1 a32b31b30dfc9e10f59f5594ff48d20759130169
SHA256 61d081d7afc5f699460a4d34b0cd9ee1e81afaa0b03d9d47e0f38737724a29a2
SHA512 29f156351ecec2fa04e985fb8976dfd5ad7b926190e7032f6b14b2101d127c5a1de4e3a79d6591576551b045d49b1cadb333e1a6eb282bcbe67b733d63e03e78

C:\Program Files (x86)\MarCom\Driver\FTDI\FtdiPreinstall\i386\is-FAGJT.tmp

MD5 d6e3667f5e2bc6afc50308b480de2999
SHA1 c66fd9da6755def80e1ee421b0ecbb8106723b90
SHA256 82eaaa4105fa1df8fe516bec815a7634db6aabcd176726e63761ad315f2c43ef
SHA512 e1db819ed14196a48ca22bb879c649d1ff14f06919bdb0c04795355adefe9be295f61e335388e29fb5a8d3f8206b3711651397d08947bc605110912ca18121b9

C:\Program Files (x86)\MarCom\Driver\FTDI\FtdiPreinstall\i386\is-5FT90.tmp

MD5 cdeac2611e103a0f935189829cfc99a8
SHA1 7c72ec6cd0c724d5b1526fb19bcd6c2020877a35
SHA256 c8d561a0f6e11970d1d70c790cfe78fa098788b12e57f54b715b110c615f806b
SHA512 c58d3af33f51da982f78358411174e97a2292cbd2f86325a3c82ab65d85ef4fe1dc76e92c2e68f4b988d328c5afb48e332ac57b6aab71ec778b5e812e48bd36a

C:\Program Files (x86)\MarCom\Driver\FTDI\FtdiPreinstall\i386\is-0DPGL.tmp

MD5 e4cf4c1f9e3d57a66850f484c08e9ecf
SHA1 baba8b919ed196029c4facd4d3b6452a35275e91
SHA256 48f1e8d28c060eeb8e8c61d07b15df62d2f172fa34f2bae834c5c76f2a30f1c4
SHA512 d863dd046cc5486972b3e355e092ceeaa0362a5e445b8c673255ffab3d989e1d8350e40dce4a77ef2adf3938b70246b76a05837b2ee4bff53bead6273c9f45ba

C:\Program Files (x86)\MarCom\Driver\FTDI\FtdiPreinstall\i386\is-2NVE9.tmp

MD5 346e8968e2563f2fc9bb9b0a01e5f9df
SHA1 4b86f7b460094c68ce72a57518b4ffc9f33e65e6
SHA256 2fa6bab36be094e225d3cf814a84cfb643819f4af82b11a55f65b60abb429bec
SHA512 7a66da623fcf8c53b33e18d4010c807481ffa56be0eb18672783ad09fc21c74f098f6127a1fa732bd8dfd0903ea1852e2795d10ea3a4c64d49c46597a50a3c83

C:\Program Files (x86)\MarCom\Driver\FTDI\FtdiPreinstall\Static\amd64\is-SI0MI.tmp

MD5 ad8b4a2a1808c0d366164c4ef69aee3b
SHA1 6ccf27160591d0ac0005c36aca31c74c2ffc986a
SHA256 2142fe5fe33a1b15c92310aa358d8751ec99c48ccab309af3b37fdead4becc75
SHA512 5a05a251e6b2f9deda580f5c29da9b18c9600b04a3a0be5d61b103c13e348aa1a1425d6b265955ccbf2a1f2fabf8c15cf5b0cf8c76e329ecbe109985f5b86136

C:\Program Files (x86)\MarCom\Driver\FTDI\FtdiPreinstall\Static\i386\is-0K156.tmp

MD5 eb69bd10286a66fe2bd9946967848c03
SHA1 03786b15d0d35735b6804b5686d9fb222d3b0380
SHA256 7dece164634351a6f47588aa27109ca48454c782254122ecce7360dff559eea7
SHA512 06bdf33f82e27f7ce656f5de9549ceeda5d5649e94dfdebfe209e66b17816ab0b915c00da605812651b88521630c119cb74cc5c42f5b798ac8c4568dfb48a297

C:\Program Files (x86)\MarCom\Driver\Steute\SLAB_License_Agreement_VCP_Windows.txt

MD5 3e6dac7821d07f919a38df90b86e3c78
SHA1 b9aa87b6f55f0f27b09d40436a52c4d5b081d2aa
SHA256 22fecb982248292fb7d4347252106274f036dc100e388343910bf671e93ac009
SHA512 c2bf9b1215e3210295fd8db0e34f5f765e68bc9dcaf4b3b9597fe3433b4c90c507a3ede819c80ea51e6ec54a36efdb9c09fb71b29ac4e4c97ae3069f45e4c870

C:\Program Files (x86)\MarCom\Devices\is-EDP11.tmp

MD5 10c8be10875b94d86bad7781fb27f492
SHA1 21a427a23f8c3203def3eb9e9b8247fd5ae869d7
SHA256 f395355f6a98fd99a77750d0226f519a697f5b5b85ba0c2eb825a02f2b02968a
SHA512 aeec1efaaf9a136fbafe4f43b26324aabff7ea564eb65060866bfa2f594f1814415c53b2e2236857c8248d96444b429e2de48d73bc313dc5211c553696879dd7

C:\Program Files (x86)\MarCom\Devices\is-O4F09.tmp

MD5 d6d1916e8583328d3b529f3fd0f9cb94
SHA1 49a04fbc52984280514a2bfa7ec6d29ca7637388
SHA256 7000223f6e96129f258ffd4c3b5572c7ef9dcf03f4a290daeaa2d7613e62c9ae
SHA512 27673e7237a0f129029e00d6b6e9c8c8dc7f1a4df5197e371b9da4e4c059421d9b8ca3a34442a77e59fc3ea7ae682b195d5f2731b7ad713c7330af8863e1cf33

C:\Program Files (x86)\MarCom\Devices\is-R0UFP.tmp

MD5 2253f6547340cc53a9c2102cf6aa4de4
SHA1 3075909999353c842b15005c7f0e27f3dd3ee780
SHA256 6d227b3134453e5e537bfe056ef7035159d736223cf92e0864c17bc876d6de01
SHA512 b7bbe9e895b7e42ef58a65d8ec5e272d1923d3ad29e0582c840f78fc50d1ddd2f6d75aed59189a41fd8cf6e99d626363d99413faf70d45a8bb26323246ca0578

C:\Program Files (x86)\MarCom\Devices\is-P41MF.tmp

MD5 b28369325db1a9a2768e64070b68efd8
SHA1 6d2147b9af4ff586a633c27d2c4191b2e70160ad
SHA256 8856f0fec8474f86e8a5e7a97aae188e8a268c950295f72fbbad64f3c77f87e1
SHA512 162e0a088ed2e6697458e6cf3918f6f2f4ad0e3aa0eeed5a42f0140d5fb569428b8fa6b10e8d38ee697f362d017b19c4d1cdf1bd539c4053f1115c89f19fb79c

C:\Program Files (x86)\MarCom\Devices\is-7GCPT.tmp

MD5 dbdd2b0c1429a93fe22e1469417077c3
SHA1 5df7ef03baa0a6875ea3779749f43577f5c16d65
SHA256 50f7719e43c13c0467cbc09c35858d0b5197dc9c76a7ce5ef6acf4d353f67cad
SHA512 2009b78a08d35977d7f82d99c0cad1d762066d0b35e18512dcce574a4d237cd0fa16f6313d7ac8a2e2233c679e3bf94a7941addad5f4e7cfc7503fda241ba103

C:\Program Files (x86)\MarCom\Devices\is-N8IUO.tmp

MD5 d10220eea6f1fb1e38e8f91116b4945a
SHA1 a75ff42afc657962f3412223d960be41a089bbe1
SHA256 a7c0098fe1a621374da6ddbfa2d5d947d5a759abcc3242606c21472dc31b40b9
SHA512 3eacb4d82d58ce05aa1383d1bd46c32ee812e07f2b45d474e1af66df659198f9e9b1f8b7b106a645e75a7a868792974c6b452eb3e6c29b176c4bb48d9841d35f

C:\Program Files (x86)\MarCom\Devices\Mem1\is-RQ9OG.tmp

MD5 e5328e3beda06d130da52aa8ff34ec6d
SHA1 f7e843e47d7209e978c3f33db66e7281fce309cf
SHA256 9090c81de6b5336153381a140bf6f815f8171bdbe7258e395a3d7db80f9eccc7
SHA512 2e6e5b266baf136c7bc32b45bee0b3b28dc6831f16fb8b34675290c7e1c8a7594f520e895e76482bd7a882faebef3727accac4cde9211baabe0dda8c641acf62

C:\Program Files (x86)\MarCom\Devices\Mem1\is-PSGS3.tmp

MD5 d30a13815fe39704fdf07bcb470f20e0
SHA1 871db068af3ca581ca9fc51475b6cce09c9e33ca
SHA256 444ddc305821e9ead066c3c35b9c2fa4884a0a3cbc075ebb2c6f7440f68fb269
SHA512 44aea28ee874644465610b5002d2cd9d758fda281c540a82ab72eb12597f40502d5555b1d2575d70bfbbb5f97e311fc3d46ab35fa83a10eb3222fac3cb0d2758

C:\Program Files (x86)\MarCom\Devices\Mem1\is-D5UR7.tmp

MD5 25a962cac4b3ed393f261469d393c33a
SHA1 448f6fa6cfc1fccdccea5441983b9e2f684f003b
SHA256 ed1162497290dea52b4998edd05b94a62744c4d0be7ed2d777bee913c6041f82
SHA512 8fee5cccbcf2ce7e1ca08664b91e8e3c9b23ec915092e7454fdf46a4f946e829b0db8fa68b45d0358a696507f9e6d581ad5e6924f3346df07570230597c7d481

C:\Program Files (x86)\MarCom\Devices\Mem1\is-76EM1.tmp

MD5 7da80c35880d9f836870f146fb7d6e4f
SHA1 d6a0c3e7ebaae52d8be688973afe67c1da14036d
SHA256 14383f9e6f62fc217a0b30bacb0f535541dbe5a6770dd7b84a51006c088a8f54
SHA512 144af73dc0646d31e7819647314c7162884453e7879f7ac3140a014e5a578feed65d201d2d195fed686ea4dace1cdd765210ae0b91a265b129e18c6209c50919

C:\Program Files (x86)\MarCom\Devices\Mem1\is-9TBN1.tmp

MD5 f3eb3154881d718e773288c91f809b22
SHA1 b44164f31f511fb11fe8213180540e2e37f5f140
SHA256 458ec643d73c25188d73db3bf6767f9453908c92ad336ac6083d6a51c9c636c7
SHA512 e1348bd6f577a68c78b047e2564cc3a2007d38bd8e63037ac7a836a07e43704f3e3341a4681b402daa83eb2ef247629920650cf56748febb31a41b20383a2196

C:\Program Files (x86)\MarCom\Devices\Mem1\is-UHHHJ.tmp

MD5 09877e74bf4061ed0224b64537471bbc
SHA1 73624b6b47e5ec93e086b98c4d5427d1e81eb8d2
SHA256 a96fbdc0ce64d2cda0c2cbab9d65a031ef9fb4e68220a8492fb5d687574199ea
SHA512 bb5cc81713455e20d1cd7a1419e6ee4dcc6f25e3d2363ef952d04daddafa5729fa1de514fccd9d748c8bf1a05bb9aab7e017ae08ca7f53f023f3635fc72c4b56

C:\Program Files (x86)\MarCom\Devices\Mem1\is-HOED5.tmp

MD5 0b81696970b891b6cd0e511aaa6ee653
SHA1 b146350db889f363f1311f022e51350178b3ef35
SHA256 46532b337a8872a3a960f60329199f5aeb7705a77d3e25f0b6d244f547ac80b7
SHA512 ee9035c1efa73015afe34a84c6eaae6d96a537fc143e0ed3792ef9d4e141897e43bcbc5696bfefe8fd62f4b5820b89bc592346f9dac5ec1ae2a9382e01b0edc8

C:\Program Files (x86)\MarCom\Devices\Mem1\is-D6KC2.tmp

MD5 fdba803c0e7750334e3548639b3c7bd6
SHA1 7089c4bd225fabdd71ba25d43b0933ef5fe15935
SHA256 7fcc84ddf61b8dc629c97e187e8543e26bf21b5ee164a3f65bf71bc215f7750e
SHA512 da85a25f03ec41485d13bab8c09789f07f4def8fa7fae6bfe2af4dae1dded56dc4a99d5a8e42600a5e7afd8ce1e7dee9326f866eb23aa2c0caf4eee480ba2115

C:\Program Files (x86)\MarCom\Devices\Mem1\is-HCR7Q.tmp

MD5 529ba830b89231afc431210db67274e3
SHA1 1332b2d0c68a36dfc852b35433afe5a9ac805ad4
SHA256 a164472ebd3b181619064584f58e9277d53ae88afe15ae237c8a77f9176991ad
SHA512 d56a6f447a5a7fecb1976b849162a16a04a3b2f020b5cf07bd85abb36a46a6c57a1ac096da8577b47bc6b6818b8e1f994696b8884248821cf26f04cd15529de9

C:\Program Files (x86)\MarCom\Devices\Mem1\is-75L73.tmp

MD5 8ab0a4c79560158629f2adf2919c1e05
SHA1 3a92654be8b9f5a8b35c5b145d026ff15b58c926
SHA256 ceacf74a3cc14207f8b26d5055c22dad519a23715221b5ebd4c7aa10786dd0a1
SHA512 045adee476690a8012423868dafa61c287ed78d0b6e601f5e357c5663c7018f1b9398316424eb5d00bf9d3e5a5c9973ec658b33ee9b4afedb55bd9ae33d98531

C:\Program Files (x86)\MarCom\Devices\Mem1\is-OKD0N.tmp

MD5 fd8621730814ba0c8552a057dbabc2e6
SHA1 90057ffab3c8367988ffcafc051ecfac13816aa4
SHA256 4d50cd88c5f26ab1d71c419a30d07667a8abc28b8bbe0f8bdc43e4f2aab9a929
SHA512 4143f26716f527c2395909c7c30c9813f561b2a7f27fcf2823b4ff1de7c9aca52eef7bd26b84d5c100ee248441ae031c901c283682986235115656de50a91ed8

C:\Program Files (x86)\MarCom\Devices\Mem1\is-I0MR0.tmp

MD5 12e29096bd05a79c9f13e21ae1627b8a
SHA1 b3b2a31206503c11cbeac587ad77dfbe7fe501aa
SHA256 8d0d3c0420c2f970ab7ba96d7223b63ad71205c97cc87a53ac247a0e829756d4
SHA512 c72a4b8ce79689249319c21a98cd71d183a719f7f93acd3b2510579acb9add101f47c63252cf7ad26d7e32ab4f53cbfbfed70d21bc0fe15570b388b5407210fb

C:\Program Files (x86)\MarCom\Devices\Mem1\is-N2BTQ.tmp

MD5 a0d8116feba7f633a88c9ed53c0dccb5
SHA1 fa9e67dbf039e449c31d5ce9c528e2846e4bf808
SHA256 ee4781de467fe8769517fdf548bc6199068d29a7b84b59d465cb75bc134f1f7d
SHA512 734c84b30bd7341f4d54d6f26d7baef2daf02b138a8145cea2c5bff1a31df1733c78b9d96f9a0b3d34cc6a23af062ef26639cfd9f3cdb208f4361e66a0e656b7

C:\Program Files (x86)\MarCom\Devices\Mem1\is-JUJRH.tmp

MD5 ae7057a92a800337762709de388eb9a6
SHA1 f53a2d52366a4274eb485f7fa799e8b263d786cc
SHA256 83e1a47d2b893f26674a57c157e47da5eca6b41781c32b9947d8c713e2b4745e
SHA512 03e28cfa0a72a9ff4278fc14ec95187f1af524d93b33a95eb9833ba021c9008a0f01634dccea07cc0d60261dd17ebbd6ba2ff2146e3684e7d5e92706fbf22d32

C:\Program Files (x86)\MarCom\MarComProf.exe

MD5 77038ee63b375abf661ca4e897c6f676
SHA1 552f8a344b39c56db1b875a3fc2ba236d0165a3a
SHA256 5453cb9bad014374650989cae8e55f11bb60eb7db6587d44e50fc93af3244f59
SHA512 8575d8aba9cd0a27481eed0f3e49781f98a298ddf74866c987f98f10a69c31daa3e872d29d60093c540f3fb97e8a8fcafc79809a739fc78fd8a90531106f5d2f

memory/1152-1798-0x0000000000F50000-0x00000000010C7000-memory.dmp

C:\Program Files (x86)\MarCom\Driver\FTDI\FtdiPreinstall\FtdiPreinstall32.exe

MD5 9943923b51214161cf16643a5b6c0c1e
SHA1 fb9f5577b42e4b28381af899bd95282e9054ecef
SHA256 54e2c53e5898748d11a1f0cbd9f3c94123af04b000155ce00512d58dece467ed
SHA512 3da1ef138f912e1892f01e6d022e089fa68f51c54354cbd99461435b7f1f145344d1d24dbf5ef46c3533052dbe238ab2d4b77d491bb443a4feeeb1f93ea61287

memory/1152-1802-0x0000000000F50000-0x00000000010C7000-memory.dmp

C:\Program Files (x86)\MarCom\Driver\FTDI\FtdiPreinstall\FtdiPreinstall64.exe

MD5 e5a0d810d8f2fb6760dd252f15999c47
SHA1 0e7eecf2fefb367aa09bc6510291ed9e4b8973c4
SHA256 657b271ea1cbd7ccbe33a28afd5f6c850666e80b336a063479901375b47fbcab
SHA512 5c2309686af4bee4dd609b5025342c7eee96e0258b4ae7e2498a4e3bb9f54342ab55d7f26aa9288d672b39f10866eb15cba965fb158e317f9938579677698ebe

C:\Program Files (x86)\MarCom\Driver\ANTUSB2\AntPreinstall32.exe

MD5 1b6473ee30779891aa7c678f3267e239
SHA1 b5f3137bb9ece21bc620d9769aba6d35ac93bd9c
SHA256 c8b65bfb6ddf43cc11ada2a0d8e2a0fe0efe380a0bdbb18fedebd0d0fda40b6f
SHA512 8951b0aa6df03908432bdcf21bd5224cc78580105ae8b1153713d4c0aa5d751695e96b96fa5fe106acb1744e9b408dad9483dc7bf75a2b1cf9f07b4d85588aa4

memory/900-1805-0x0000000000BB0000-0x0000000000D2C000-memory.dmp

C:\Program Files (x86)\MarCom\Driver\AntUSB2\AntDriverCtrlFlags_QuietInstall.reg

MD5 0e6da61112d7d146a08daadd919a5a77
SHA1 9d907aea20b35c3d67ce7e63d354f1c8d0d1e102
SHA256 b020ab6df3cd469ac6988c769d58e22a6a9aa287ac517c99c90e3dc6fe8d290c
SHA512 bc87114c379b4a312b6a3421585aeb8efff81a292414752a000faf2ed932552abe98aca029f2813064ec2430bdb9c8a4c366635e5c6fce7b1409126871e4b0e8

C:\Program Files (x86)\MarCom\Driver\ANTUSB2\AntPreinstall64.exe

MD5 b9635aeb6c67ca61d3f1854f2db2bc30
SHA1 558cc639effbc5cee1332b013032224e093ee7f0
SHA256 18ef5ce817d5d0e1970af7464a73fdc69306765dbc39d01775aad97453b19f52
SHA512 9bdfb553ef24e7ece4eb9f109d1119cd2ea6f976ab80efee0ed210dbc39648ea1fb85dfaaccf5527dccb170d86c1d10a5434a6dc0703fa01afa12f72f174f7bb

memory/900-1917-0x0000000000BB0000-0x0000000000D2C000-memory.dmp

C:\Windows\System32\CatRoot2\dberr.txt

MD5 c49996dd72a7b177cd684ff3ee5505f0
SHA1 996546bdefa93a80a1ec42697df919294d9fcd60
SHA256 294634d1aae03a7aa5f1391eaacb8ad5fad26f263cade3a92f2b2bd1b8bbdd07
SHA512 b1e7af6c586d0f1cfd02f6412518bd9e8ea7efbbbe74e98e24827b495ccaa9a264a3f6bb0925f781b88227121eab96dbe68a4e8cc0f1c0a19b5154b25f7768f5

C:\PROGRA~2\MarCom\Driver\AntUSB2\amd64\AntUsbCoInstall_x64.dll

MD5 ba029f618770b6ddbb5eceb161df78a8
SHA1 48913d7e093b3f3c40579e11bba5375669ebe384
SHA256 55880aba57e6f35960b7e810dcd6fd4f65ff4c1e49d96ec2172bfb1800f7197f
SHA512 9e1b89714986fe56b619adcc4d7a9c78fed3bb044067e7bf24c82bb2da6266b40cf6f60e7a6bf19a9830879e48748d2d045a6df0384113d3c8483e66aecc0eb3

C:\Users\Admin\AppData\Local\Temp\{f4f10ca9-fca2-ec47-890a-7fe2ae45b715}\ANT_LibUsb.inf

MD5 73ff3e765738fdbd7947d26f63a86440
SHA1 f9d2a789f9cff8cec36b544f53877c80f1f73c46
SHA256 b37e1136892b1336bec201f6026bbf7336fd9824f172270d8c4606767c822e7a
SHA512 7a86044df1d2e81b8d6643a1ea6e3fb27462fdf59ef063aeda6103668747945ef4472127a7e95218c65d70eca73e12a2f8cc53d95b9b794cb3005240dd058cda

C:\Users\Admin\AppData\Local\Temp\{f4f10ca9-fca2-ec47-890a-7fe2ae45b715}\ANT_LibUsb.cat

MD5 2d359581c77a5d9cc21f2e696fccf76b
SHA1 d5ac2645cb1432d3c447dc07c8cc56d9691ef2fb
SHA256 0ee4ca9ca94127f953e569fa6be9596d12b123c0cefa0927e68ad8f8287dae74
SHA512 3278d5b5ec9d5a29a3dd8f0a18ff39d9a2a23e15037192a737e25b8bda184c245b24636baadb83e642b79de4fcfb6b82b0f31cc2b4da0620c2d3652377cf8025

C:\Users\Admin\AppData\Local\Temp\{f4f10ca9-fca2-ec47-890a-7fe2ae45b715}\x86\libusb0_x86.dll

MD5 32dbf187ba54c67b889f45202cca8111
SHA1 1d748e0329cd455e902d25c1d58bd2b724bca569
SHA256 5d675c21d0eb0a4bb98f21c13e369ec72163ae3ab1aed7bfe92caeef38eca5d6
SHA512 514e90b37ddde1116291f3e684103592edd4495395d05b290fac7cbd0803d1e64a59ed2ca0f52f386cdd0556f7cdbd6c301b24d2e9a29c668da94b844b022a48

C:\Users\Admin\AppData\Local\Temp\{f4f10ca9-fca2-ec47-890a-7fe2ae45b715}\amd64\libusb0.sys

MD5 02538e602280c07438c94489dcbe77d5
SHA1 e1c9295a8980486fec38b4af2186a577a591ce46
SHA256 2e2b60e5fb7a274f4945444d5edb058e62cac268c5336ff8f4b9e82245095211
SHA512 c3d824051fe3d0609a9b7915885e699f9571245c824b938464b4e2ff6138ec299245a45a1189dbcb68218a2ef198e6ed6fd7ff48227f82ae1f5fd59d40077f67

C:\Users\Admin\AppData\Local\Temp\{f4f10ca9-fca2-ec47-890a-7fe2ae45b715}\amd64\libusb0.dll

MD5 9cdc3af86784c278e613584ef8b4d572
SHA1 5bb79d1d2b82ab9d9d6dd66f7e9ed28b76c26aa1
SHA256 6b34b5fc18d2985c4e0909dd4a07b1058d351cd53f2a82565128c41d25c2685e
SHA512 d635ccb47687da5865cd2d252b7809bb1a4022f3eca649b7825e0240791945fa2199d42ed1673c199766aad44902117d1c288f09e8216f847776fd35edfb4c68

C:\Program Files (x86)\MarCom\Driver\dotNetFx40_Client_x86_x64.exe

MD5 1cf262f35322d6c9c7a27fca513fc269
SHA1 4cd67f609f89d617d2b206341b8c211e1b88b287
SHA256 ddb54d46135dc4dd36216eed713f3500b72fc89863a745c3382a0ed493e4b5da
SHA512 663123cbc508c6bc483b7a2630a055c160c56a1c067f2a417a4e91c1bb55b8be5b041a2a76216b594b1adfa47345c8da6f2c80e4a2b3fe0b32f380cf28ebb093

C:\Windows\System32\CatRoot2\dberr.txt

MD5 a0b413f004c67fab43c1e3d15bc16a47
SHA1 cef0ea51abf6364cf09b4cc03d809d381f9b6d84
SHA256 87f470c6a81bbf6238ea97684767fbead35f3fcec765fd784c8fa72d543edd2a
SHA512 d9bb48b13818f545ff467e9ee50f065f9fee9bbf59e65045d0463e43d457a38b548a22d2dbbd2cbb6026ac9ebd99c07861135ac5a9dbcde04aacf38afbc222cb

C:\Windows\System32\CatRoot2\dberr.txt

MD5 904ff98d7a0258c72d1884e21eb7dc49
SHA1 b5ce01e24658631e4b88dca8d0b7f06d8901e264
SHA256 846d8278ae2e5523f2ef645ed0233e7b23ad128f4262a5435c266f16fba8c2a5
SHA512 221e8f0d6f1d14ef63c386f61e1b2116adde555ef4a13989ac6f7383a19fde6ade2522773d8b2dc587316d9d074194b97da75c4d50c9b4644eaec26179280253

memory/4944-2058-0x0000000000400000-0x000000000052C000-memory.dmp

F:\49893b8e0037e4e51d4e\Setup.exe

MD5 006f8a615020a4a17f5e63801485df46
SHA1 78c82a80ebf9c8bf0c996dd8bc26087679f77fea
SHA256 d273460aa4d42f0b5764383e2ab852ab9af6fecb3ed866f1783869f2f155d8be
SHA512 c603ed6f3611eb7049a43a190ed223445a9f7bd5651100a825917198b50c70011e950fa968d3019439afa0a416752517b1c181ee9445e02da3904f4e4b73ce76

F:\49893b8e0037e4e51d4e\SetupEngine.dll

MD5 84c1daf5f30ff99895ecab3a55354bcf
SHA1 7e25ba36bcc7deed89f3c9568016ddb3156c9c5a
SHA256 7a0d281fa802d615ea1207bd2e9ebb98f3b74f9833bba3cb964ba7c7e0fb67fd
SHA512 e4fb7e4d39f094463fdcdc4895ab2ea500eb51a32b6909cec80a526bbf34d5c0eb98f47ee256c0f0865bf3169374937f047bf5c4d6762779c8ca3332b4103be3

C:\Users\Admin\AppData\Local\Temp\HFIAF66.tmp.html

MD5 d9f56e16fa1f3e85cf472b778a76b5a3
SHA1 c00a8d99fb7c55a877ee5a2a8bc71785d0ed7d86
SHA256 0d7ddf8e214ea516cf2284469dc70583d3d3d118a95a8447f7406eb325f37e99
SHA512 f31ef9aaa1a052ddce9e4c273c1ea743160f1676564ac192ca159b6738fe18fd03e2c5fbd7bc850699e3c2ce2d357cceeb2b389fc64302b5a35005a32b5244eb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 d65b8a65d800625b3ad54ff1a152246a
SHA1 9e00f2ff5ac1ae5e7a029f8e3f5be54d61716360
SHA256 2e17e1f4c76b6ae3900d8618099c8697af53ca1ae51f413ccbb5a8b5c27bd572
SHA512 327db59b0e476bfa5cd7a8a728ea8756d5226bc7721136f28d3a07d54f9810e94725e2bd31cf293e4ca84245af550bf909e7bff2b6f26ea2f0a6f5c13a55079a

C:\Users\Admin\AppData\Local\Temp\{74d0e5db-b326-4dae-a6b2-445b9de1836e}\.ba1\logo.png

MD5 d6bd210f227442b3362493d046cea233
SHA1 ff286ac8370fc655aea0ef35e9cf0bfcb6d698de
SHA256 335a256d4779ec5dcf283d007fb56fd8211bbcaf47dcd70fe60ded6a112744ef
SHA512 464aaab9e08de610ad34b97d4076e92dc04c2cdc6669f60bfc50f0f9ce5d71c31b8943bd84cee1a04fb9ab5bbed3442bd41d9cb21a0dd170ea97c463e1ce2b5b

C:\Users\Admin\AppData\Local\Temp\{a8221c0f-66e2-5946-876e-0a952e7bf6e0}\amd64\WdfCoInstaller01009.dll

MD5 4da5da193e0e4f86f6f8fd43ef25329a
SHA1 68a44d37ff535a2c454f2440e1429833a1c6d810
SHA256 18487b4ff94edccc98ed59d9fca662d4a1331c5f1e14df8db3093256dd9f1c3e
SHA512 b3d73ed5e45d6f2908b2f3086390dd28c1631e298756cee9bdf26b185f0b77d1b8c03ad55e0495dba982c5bed4a03337b130c76f7112f3e19821127d2cf36853

C:\Users\Admin\AppData\Local\Temp\{a8221c0f-66e2-5946-876e-0a952e7bf6e0}\amd64\WinUSBCoInstaller2.dll

MD5 246900ce6474718730ecd4f873234cf5
SHA1 0c84b56c82e4624824154d27926ded1c45f4b331
SHA256 981a17effddbc20377512ddaec9f22c2b7067e17a3e2a8ccf82bb7bb7b2420b6
SHA512 6a9e305bfbfb57d8f8fd16edabef9291a8a97e4b9c2ae90622f6c056e518a0a731fbb3e33a2591d87c8e4293d0f983ec515e6a241792962257b82401a8811d5c

C:\Users\Admin\AppData\Local\Temp\{a8221c0f-66e2-5946-876e-0a952e7bf6e0}\dfu.inf

MD5 a4e5771776c01456b52c9c7dd9e7c9b0
SHA1 f84194c1262177d1dcd692f453b7181fab9a1edd
SHA256 6d8504de691d3be4d41cad4f7c76092e0c964fe6aa28b1b76814390fa29a6aab
SHA512 b6ab181e064131998a74da9963290679a909aa8327b6bc87e131f66ff0b08a198f6e27e64265e0e39f50e34a539a51bd251fe781d7c251e3253aa3a4628deb36

C:\Users\Admin\AppData\Local\Temp\{a8221c0f-66e2-5946-876e-0a952e7bf6e0}\dfu.cat

MD5 ef5966172939de9ddabdbc1a81fe0958
SHA1 372b764fa423397eddae25984a0664e60ed78f55
SHA256 2e57f1f85366fc5c48f60f4f388ac76fd7b291f679613414f3c791de2d625764
SHA512 8fe578ebe8dec68f80182db44850457aa8949f84b7cea372bbb9209375425fb88d565edab7400734bde204fe76766302e9d4431c9c816f17ea628a013644fc69

memory/4944-2542-0x0000000000400000-0x000000000052C000-memory.dmp

C:\Windows\System32\catroot2\dberr.txt

MD5 d5842220c5a44811b6c19c12edaf5eb9
SHA1 f9db49f513c4aaea9717abd69f4c3af011c66ce4
SHA256 756aea6963164de7569df96e2fee7ce93b09095718703dec3cb93a3718dcf7ce
SHA512 b79e64e856d2d44dfa4df8112f8c3a2b7acf1dd6feff37b153a27939e4a3f113d6951794c02ee9446f323a8161d72b59512dae0059e29f3bc8ea335e109310eb

C:\Users\Admin\AppData\Local\Temp\{272c9f1e-41ec-554a-b888-f3654230c2fa}\usbserial.cat

MD5 01b29a0a4b8046e41c1072fc2d9ce74e
SHA1 09eb956ca1d483157321725653063c7e4f7aceab
SHA256 e5ecdceb203a4bd669610157ca723768c11dd97930d60bd4a7ffbc14cf5ac224
SHA512 afccc9fd31810da5da788aef9cd1c147b5eb7d67eeb64d2108854077015da0dd16c9bef68721050a0f4ce8574a3da9c78ece212aaaa9208da41aa6f46f0e3302

C:\Users\Admin\AppData\Local\Temp\{272c9f1e-41ec-554a-b888-f3654230c2fa}\usbserial.inf

MD5 37bab992be62b5b3583cc62c7e8e8362
SHA1 878a67092cb9ff045b99d0bd3cfc307141c554a9
SHA256 9f995c41c0a69d3a073ff8a11c79d202506b42c71a212ff1b80a33587f9b165a
SHA512 cea3d9a8959d425f6ceefc0b99182309d6d47202607a73e4caa797dff52dc495bbc22d61948d97291f6b73e5c85c532fc3284107b5fe6a03aa61711ac9028f18

C:\Users\Admin\AppData\Local\Temp\{47a895c9-38ef-2c46-9846-c90c8b770c68}\x64\silabser.sys

MD5 74343fe7d336d4d82afccd17504e93bc
SHA1 603f53b11618692562422838be39d4b505391f7a
SHA256 1d48f035f271593792e6bf15ee480fbb9013fb95deb37860f7f933b5c0e08203
SHA512 66e751205813581909bc5a31a8abcb9a8fb74c8624b6abab3d515680a2fafe8c11575b6f835e5a8be3fb711ea63ab13318fb47ffbcda93af9a21d2c7a85f30bb

C:\Users\Admin\AppData\Local\Temp\{47a895c9-38ef-2c46-9846-c90c8b770c68}\slabvcp.inf

MD5 c0894c7be655b1fd56abd55b1797670a
SHA1 9e2c239d42290b984a9e2b350a67af8bc8bd11b9
SHA256 de3a1425168424b610f9ba974a7552dc55cf0bec4d043e0c8f911cc81ec789b1
SHA512 2852fa18dbe2dd39e98803ae4fd10a2a04da076b89079a726cbd4af56ed157ce3dd69181427c1422a5ea42b54035ce2d8f08be3bdaa330cdb94dded4ac749803

C:\Users\Admin\AppData\Local\Temp\{47a895c9-38ef-2c46-9846-c90c8b770c68}\slabvcp.cat

MD5 77977f089483dad377d88a456195d949
SHA1 3f35bc97d43c760d8ead5335d61baf3e490f85ab
SHA256 51c7367db0d17235c08bdb87a268b5b7bd72ee5214abde49de1bcb7a9268c04d
SHA512 ac16fbd765948db4f24e73ae7dac5b22d614a6b16a1b48029cb7b0a571f904591c99085107d419fa8faffde7035bf52f1ae7470c84fa88fd0ae6b368a40fa499

C:\Users\Admin\AppData\Local\Temp\{47a895c9-38ef-2c46-9846-c90c8b770c68}\x64\WdfCoinstaller01009.dll

MD5 fc7f3d13a29978107e13dd182448f9df
SHA1 96f93240098ae84815ebae8be78d5e31596d4565
SHA256 712d16542a881275041dcb788b279a6992caa22b286e0f6a2ce45513ec8241f0
SHA512 d374bf1bcf0b568f8c581258b5d3ddaf31b180fa2b231e17bf2f2c3f8cede8de3574e29bddfc0dc1112c3a8338897a586a4bcdba3c5a9686facd91927baff318

memory/3544-2681-0x0000000000400000-0x0000000000428000-memory.dmp

C:\Users\Public\Documents\MarCom\NT6\is-069DF.tmp

MD5 4efc5d41d325f04b8feeb474870c9ec6
SHA1 e2a7faab6dc2a55f1674fa50a558b8aa09b65d07
SHA256 1e5424a8211e1431c7c4e91d027c803e808b4bf866271a0aa2af5cbda687fafb
SHA512 c8313340e49b4f2387214ae312aaaaa48dcd03a46b6ba54fadcc93f0e7ff51b213b2b76ca4c73d162f427f88e881bc54bbb847eab5671f9ec6ea39bfcf1301b3

C:\Users\Public\Documents\MarCom\NT6\is-0KO38.tmp

MD5 30bf3a196f6503c0d4565acb3cae19a1
SHA1 063ecd317a58094023815cf4cb6c60690051baa6
SHA256 4014cd4e1b4a096a3cfb841ebd5502ad3acf456404fa56fd3e763c479d9f7a99
SHA512 f2911b1405dd0bf72505eb956dc88ac8662d14ffdd0e4ea908cfee214608979bb88b2302d7c8b6ec28e7a5dc1f71ef1ce177bdf204d3ea3495b77ba17780c928

C:\Users\Public\Documents\MarCom\NT6\is-30JSM.tmp

MD5 5a84982cc1d33bd4788f0963418119f8
SHA1 1fc4e704b47a454a667e82aba642166e7b505099
SHA256 6868cf0ce9ba8e6467081b30b0124c60d02e0c76c9d7c55ac011925f2454a493
SHA512 70d90fb1ee8c3e8a46620af1632beb2c676abc19e1fabf9ee23f92df3afe8ba6af36265cd40d121c8db55e2a7f387743d754b1f534ff852a650fd4296e1fe559

C:\Users\Public\Documents\MarCom\vspdxp_install.exe

MD5 15e9c3091a887c4d4c68a31a3d42f22c
SHA1 75fef1ebb008df5b5288efd39bedbaca07fa6f33
SHA256 8707b054fb38dba7c6022567f7158e413ed3a584569e1b1d9940d60c907fe2e3
SHA512 ba4673ca762d71b788b1eb12f45a95a9a480bee02115d69e3b71bc63b872923e141753af997f4ab1b7dcb1d7550d8204992f0efd573fb9dbd55722a3c2a43616

memory/1760-2810-0x0000000002AF0000-0x0000000002C53000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\{f9cb1fd6-7db4-6842-9ecb-d1dcb05c52fe}\SETF9DD.tmp

MD5 6dcecef04672e7658f9447f428c85a27
SHA1 e7f00c36d33e28506a21eb048097426b245fe16f
SHA256 caf802d5bb6274fe9aeba3479b30eaa7150d73a6109d2d5f3262fff18567aca2
SHA512 1445be7eb22d8c75f147539273b172c189a8af86d75a93870669bf46d47393f88149d45198b656c524ea50e9e66a5eacace786e07cfe9afa45cad87a03a92b14

C:\Users\Admin\AppData\Local\Temp\{f9cb1fd6-7db4-6842-9ecb-d1dcb05c52fe}\evserial9.cat

MD5 84a9a6df2f3347c1bbec1f447546f340
SHA1 d22ace0c21b1d7aab1c38b6e44162b5d8fa57814
SHA256 9f2a4b403ffe038e29ea40dff16a326351e92a0f5650ffd079f3c61b1cf129cf
SHA512 12d4e4d50283719e616df1b6ddf96d7396a821e93bd6979b95c38a8e8bad9850d308792bfa1248033318a0ec6f8cf170452797a873c65fa3fd52477b0fb9c377

C:\Users\Admin\AppData\Local\Temp\{f9cb1fd6-7db4-6842-9ecb-d1dcb05c52fe}\evserial9.sys

MD5 5e711396e34c2fc752d3082c0220f5e1
SHA1 588b14ef04a78057c78e5631f712ca3a9d010dda
SHA256 7a2c1b360e6f7234919ce1ff6c9d908fdc0ad2c558899d8658ea9cd7776573c2
SHA512 aa396a00dbc83840f5244f6359d292bffdcffb3743a6356931304014e8872b565a7ff73372fdec949d4c2101293727a00f9b9e9a7ac690789fa7e1b53d1240f5

C:\Users\Admin\AppData\Local\Temp\{f9cb1fd6-7db4-6842-9ecb-d1dcb05c52fe}\evspd9.dll

MD5 3894034121e9b1653722d73927e41c0c
SHA1 1e289beef33d2ef8d7671abe7fba3ae938e16904
SHA256 3ef2e811df0521171b9cacd2c9f900358d64423f035293b912cd71cec4e72e24
SHA512 b8b6545b4e690ec191a93994b50563ac699e12531440420625f00c587ee8dc1bbfe99c3b7d4dd9054a49517eedd8968a6215ef1843de2a9ae7f9ec757f4f204a

C:\Users\Admin\AppData\Local\Temp\{f4450c71-20d7-9046-b55c-f02b6649a3ab}\evsbc9.sys

MD5 f1831467d68d64adb65cb3e80870c984
SHA1 125dbd712356435ecd29896f8bafdb43b8bbc4fd
SHA256 10b174cb3c968ab5d9c37e084ea9b31b01cd2d9bfe55da56d4782272e4619eb7
SHA512 1c81297c97d36348281e9c033683b051e56fcf0bcc235b558c339faa3a7381667697de19ebe7cf45a719f90072d0212dbb8afa096665e4a5b11c1de99dbaab1b

C:\Users\Admin\AppData\Local\Temp\{f4450c71-20d7-9046-b55c-f02b6649a3ab}\evsbc9.cat

MD5 eae532655318d50e3135f1e77a312256
SHA1 5f96df56a0eeefe8679eeb9e8f3b7b1c7ad80174
SHA256 673f8adbf3fd815908ca492e12901779cf4c0513334dca039627717d01422fc5
SHA512 1186656ac1c25a5da865f0d32201bc261fac0dd762bb04361a80f4cef55a2da0d1aa96f07cb19783a5bf9904f5223bde280452af5bbcb1c57a74bdbfe330d528

memory/1760-2948-0x0000000020000000-0x0000000020311000-memory.dmp

memory/1760-2947-0x0000000020000000-0x0000000020311000-memory.dmp

memory/1760-2957-0x0000000020000000-0x0000000020311000-memory.dmp

memory/5808-2958-0x0000000002DE0000-0x0000000002F43000-memory.dmp

memory/5808-2966-0x0000000020000000-0x0000000020311000-memory.dmp

memory/5808-2967-0x0000000020000000-0x0000000020311000-memory.dmp

memory/5808-2970-0x0000000020000000-0x0000000020311000-memory.dmp

memory/2536-2972-0x0000000000400000-0x000000000052D000-memory.dmp

memory/3544-2973-0x0000000000400000-0x0000000000428000-memory.dmp

memory/4944-2978-0x0000000000400000-0x000000000052C000-memory.dmp

memory/6100-2979-0x0000000000400000-0x0000000000427000-memory.dmp

memory/4460-3002-0x0000000000400000-0x000000000088A000-memory.dmp

memory/4460-3004-0x0000000005520000-0x0000000005541000-memory.dmp

memory/4460-3005-0x00000000743B0000-0x00000000743D1000-memory.dmp

memory/4460-3006-0x0000000005550000-0x000000000555A000-memory.dmp

memory/4460-3007-0x00000000077A0000-0x00000000077B8000-memory.dmp

memory/4460-3008-0x00000000077C0000-0x00000000077D6000-memory.dmp

memory/4460-3009-0x0000000005560000-0x000000000556A000-memory.dmp

memory/4460-3010-0x0000000007850000-0x00000000078BC000-memory.dmp

memory/4460-3012-0x00000000078C0000-0x0000000007E64000-memory.dmp

memory/4460-3013-0x0000000007F70000-0x0000000008588000-memory.dmp

memory/4460-3014-0x0000000008600000-0x0000000008954000-memory.dmp

memory/4460-3015-0x00000000089B0000-0x0000000008A42000-memory.dmp

memory/4460-3019-0x0000000009040000-0x000000000905C000-memory.dmp

memory/4460-3020-0x00000000091A0000-0x00000000091AE000-memory.dmp

memory/4460-3021-0x00000000091C0000-0x00000000091CC000-memory.dmp

memory/4460-3022-0x0000000009310000-0x0000000009341000-memory.dmp

memory/4460-3024-0x00000000094A0000-0x00000000094B6000-memory.dmp

C:\Users\Admin\Documents\MarComProf\DAT\DEFAULT.MCC

MD5 f3b25701fe362ec84616a93a45ce9998
SHA1 d62636d8caec13f04e28442a0a6fa1afeb024bbb
SHA256 b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209
SHA512 98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

memory/4460-3032-0x0000000009630000-0x0000000009646000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 232c64d5f6b211549a2f51d716cb365e
SHA1 d8a927e8d9066f8315559710f0fe240ed3c16926
SHA256 6adb1de89f22f148a82ba41863f8c623e7a35ea17b16dbd254342059de078298
SHA512 29f9ddfe17935d1d841969e270fbb012e2f62d856eff980d18e2c7701938fa21c83a390e27deb7635bf92cfb9b68796718e1c4172fa4b006152c0c8d646ff12d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 fdb365e38b61c604afebf2f06cfe7cb5
SHA1 69d8bc7c6d05d4357fc87b8d89da10b8fe8491bb
SHA256 035d1eac4b048a2029b9415dbc197d8dd6ed19978c9d673009457ec1b44da733
SHA512 09d773922b448444476ea5553d6acef5fabc60968735a4530a54624b6fa707c4858aa9ef21f97a56dd36e8d16251af80a1eb3c3d3a06d22463158af600e6b956

memory/4460-3053-0x0000000009310000-0x0000000009341000-memory.dmp

memory/4460-3052-0x0000000000400000-0x000000000088A000-memory.dmp

memory/4460-3059-0x0000000000400000-0x000000000088A000-memory.dmp

memory/4460-3065-0x0000000000400000-0x000000000088A000-memory.dmp

C:\Users\Admin\Documents\MarComProf\MarComProf.INI

MD5 32ad4d8ffe37495535ed804e87c3133a
SHA1 c414f9787bb728e98c667e52b716ff1434d986aa
SHA256 4b0d88bf9f9658124ad24eea7a344151860b9295788a678c6cbf6158f4e5dc49
SHA512 57a99f429686e47b857f5af76cf6a6efd2cd65a97e77161302bd8cfa8de2e69e0ba99872c359f6e7c5207e8b422813e6ab3ef045c82f4e75a70f69a6a93da0a1

memory/4460-3103-0x0000000000400000-0x000000000088A000-memory.dmp

C:\Users\Admin\Documents\MarComProf\MCC.TMP

MD5 4f398c9bc6454729ffc48b1a40468fec
SHA1 fe66adc5afa180e1b19c7f488828a7fec833ede7
SHA256 6a784a34ed999b4e26702577ffd4554d287f6b9d66d79d56df81a8239e4efba5
SHA512 cfa3bc3d6fe300493ffc22079305023a014c2b9f5f48d192748985d8c538cde6666fce3c549dff83d223bdd7884484208a8f0f4c81a6f4fe3fa0c34730f865c7

memory/4460-3125-0x0000000000400000-0x000000000088A000-memory.dmp