deee2ea8dbf5abd5e3ed3bf22b9a06a0a1e3b127e24f0c7cf7177bf160e45a7e

Resubmissions

14-10-2024 01:14

241014-blws4ayfmq 8

14-10-2024 01:08

14-10-2024 01:05

14-10-2024 00:48

14-10-2024 00:45

Analysis

max time kernel
299s
max time network
300s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
14-10-2024 01:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

main.go
Size

5KB
MD5

3cc0d416c4ce3235ce06580ddcddcd22
SHA1

6f63166d2fb6855149aa7bf16706ed9c6580b28a
SHA256

deee2ea8dbf5abd5e3ed3bf22b9a06a0a1e3b127e24f0c7cf7177bf160e45a7e
SHA512

0d1819acf9ad338db114930d99c69506a01388b5c2bed25217307671e45224427458f96b40d940f0fc91e62694e00201ac2f8e6f6d90d0ca6ba92dc81e98fe23
SSDEEP

96:C58jbrWRqQk5f5ihdMhMO015lgVY/Wa8pgYWWp/Q:sSDihXDM8WO

Score

8^/10

defense_evasion discovery persistence

Malware Config

Signatures

Boot or Logon Autostart Execution: Active Setup 2 TTPs 2 IoCs

Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

persistence

Active Setup

T1547.014

Modify Registry

T1112

Processes:

MSAGENT.EXEtv_enua.exe

description	ioc	Process
Key created	\REGISTRY\MACHINE\software\WOW6432Node\microsoft\Active Setup\Installed Components	MSAGENT.EXE
Key created	\REGISTRY\MACHINE\software\WOW6432Node\microsoft\Active Setup\Installed Components	tv_enua.exe

Downloads MZ/PE file

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

PCHelpSoftDriverUpdater.exePCHelpSoftDriverUpdater.exe

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000\Control Panel\International\Geo\Nation	PCHelpSoftDriverUpdater.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000\Control Panel\International\Geo\Nation	PCHelpSoftDriverUpdater.exe

Executes dropped EXE 10 IoCs

Processes:

Driver_Updater_setup.exeDriver_Updater_setup.tmpPCHelpSoftDriverUpdater.exePCHelpSoftDriverUpdater.exeDriverPro.exePCHelpSoftDriverUpdater.exePCHelpSoftDriverUpdater.exeMSAGENT.EXEtv_enua.exeAgentSvr.exe

pid	Process
3312	Driver_Updater_setup.exe
2960	Driver_Updater_setup.tmp
3544	PCHelpSoftDriverUpdater.exe
1292	PCHelpSoftDriverUpdater.exe
3380	DriverPro.exe
4428	PCHelpSoftDriverUpdater.exe
3788	PCHelpSoftDriverUpdater.exe
1156	MSAGENT.EXE
368	tv_enua.exe
1208	AgentSvr.exe

Loads dropped DLL 31 IoCs

Processes:

PCHelpSoftDriverUpdater.exePCHelpSoftDriverUpdater.exeDriverPro.exePCHelpSoftDriverUpdater.exePCHelpSoftDriverUpdater.exeBonziBuddy432.exeMSAGENT.EXEregsvr32.exeregsvr32.exeregsvr32.exeregsvr32.exeregsvr32.exeregsvr32.exeregsvr32.exetv_enua.exeregsvr32.exeregsvr32.exe

pid	Process
3544	PCHelpSoftDriverUpdater.exe
1292	PCHelpSoftDriverUpdater.exe
3380	DriverPro.exe
1292	PCHelpSoftDriverUpdater.exe
4428	PCHelpSoftDriverUpdater.exe
1292	PCHelpSoftDriverUpdater.exe
1292	PCHelpSoftDriverUpdater.exe
3788	PCHelpSoftDriverUpdater.exe
3156	BonziBuddy432.exe
3156	BonziBuddy432.exe
3156	BonziBuddy432.exe
3156	BonziBuddy432.exe
3156	BonziBuddy432.exe
3156	BonziBuddy432.exe
3156	BonziBuddy432.exe
3156	BonziBuddy432.exe
3156	BonziBuddy432.exe
3156	BonziBuddy432.exe
3156	BonziBuddy432.exe
1156	MSAGENT.EXE
4284	regsvr32.exe
1476	regsvr32.exe
4868	regsvr32.exe
920	regsvr32.exe
2984	regsvr32.exe
712	regsvr32.exe
3676	regsvr32.exe
368	tv_enua.exe
1180	regsvr32.exe
1180	regsvr32.exe
2404	regsvr32.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Processes:

tv_enua.exe

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\tv_enua = "RunDll32 advpack.dll,LaunchINFSection C:\\Windows\\INF\\tv_enua.inf, RemoveCabinet"	tv_enua.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Checks system information in the registry 2 TTPs 2 IoCs

System information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

PCHelpSoftDriverUpdater.exe

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	PCHelpSoftDriverUpdater.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	PCHelpSoftDriverUpdater.exe

Drops file in System32 directory 5 IoCs

Processes:

PCHelpSoftDriverUpdater.exetv_enua.exe

description	ioc	Process
File created	C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_amd64_84ea762c0a90c362\mshdc.PNF	PCHelpSoftDriverUpdater.exe
File created	C:\Windows\System32\DriverStore\FileRepository\machine.inf_amd64_726cea1f0f349cf7\machine.PNF	PCHelpSoftDriverUpdater.exe
File opened for modification	C:\Windows\SysWOW64\SETEB7B.tmp	tv_enua.exe
File created	C:\Windows\SysWOW64\SETEB7B.tmp	tv_enua.exe
File opened for modification	C:\Windows\SysWOW64\msvcp50.dll	tv_enua.exe

Drops file in Program Files directory 64 IoCs

Processes:

BonziBuddy432.exeDriver_Updater_setup.tmpDriverPro.exe

description	ioc	Process
File opened for modification	C:\Program Files (x86)\BonziBuddy432\favicon.ico	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\MSCOMCTL.OCX	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\page5.jpg	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Alpha-net\page9.jpg	BonziBuddy432.exe
File created	C:\Program Files (x86)\PC HelpSoft Driver Updater\Extra\is-898AA.tmp	Driver_Updater_setup.tmp
File opened for modification	C:\Program Files (x86)\BonziBuddy432\J001.nbd-SR	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\page12.jpg	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Polizoof\page9.jpg	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Internet\page12.jpg	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\PC HelpSoft Driver Updater\PlayaSDK.dll	Driver_Updater_setup.tmp
File created	C:\Program Files (x86)\PC HelpSoft Driver Updater\is-87VCI.tmp	Driver_Updater_setup.tmp
File created	C:\Program Files (x86)\PC HelpSoft Driver Updater\is-UJLNP.tmp	Driver_Updater_setup.tmp
File opened for modification	C:\Program Files (x86)\BonziBuddy432\p001.nbd	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\page6.jpg	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Internet\page2.jpg	BonziBuddy432.exe
File created	C:\Program Files (x86)\PC HelpSoft Driver Updater\Extra\is-M52P9.tmp	Driver_Updater_setup.tmp
File created	C:\Program Files (x86)\PC HelpSoft Driver Updater\Extra\is-IPTJJ.tmp	Driver_Updater_setup.tmp
File opened for modification	C:\Program Files (x86)\PC HelpSoft Driver Updater\Extra\Italian.ini	DriverPro.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Regicon.ocx	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Polizoof\book	BonziBuddy432.exe
File created	C:\Program Files (x86)\PC HelpSoft Driver Updater\unins000.dat	Driver_Updater_setup.tmp
File created	C:\Program Files (x86)\PC HelpSoft Driver Updater\is-OGV0S.tmp	Driver_Updater_setup.tmp
File opened for modification	C:\Program Files (x86)\BonziBuddy432\j3.nbd-SR	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\BBReader.EXE	BonziBuddy432.exe
File created	C:\Program Files (x86)\PC HelpSoft Driver Updater\Extra\is-L1F3Q.tmp	Driver_Updater_setup.tmp
File created	C:\Program Files (x86)\PC HelpSoft Driver Updater\is-O51AQ.tmp	Driver_Updater_setup.tmp
File opened for modification	C:\Program Files (x86)\PC HelpSoft Driver Updater\Extra\Swedish.ini	DriverPro.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\MSAGENTS\Bonzi.acs	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\page2.jpg	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Uninstall.exe	BonziBuddy432.exe
File created	C:\Program Files (x86)\PC HelpSoft Driver Updater\Extra\is-FBKIU.tmp	Driver_Updater_setup.tmp
File created	C:\Program Files (x86)\PC HelpSoft Driver Updater\Extra\is-UETEK.tmp	Driver_Updater_setup.tmp
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Options\test.vbs	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Apps.nbd	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\ssa3d30.ocx	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\PC HelpSoft Driver Updater\Extra\HDMSchedule.exe	Driver_Updater_setup.tmp
File created	C:\Program Files (x86)\PC HelpSoft Driver Updater\Extra\is-B02B8.tmp	Driver_Updater_setup.tmp
File created	C:\Program Files (x86)\PC HelpSoft Driver Updater\is-3HRKK.tmp	Driver_Updater_setup.tmp
File opened for modification	C:\Program Files (x86)\BonziBuddy432\MSAGENTS\Peedy.acs	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Polizoof\page16.jpg	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Alpha-net\page13.jpg	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Internet\page0.jpg	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\PC HelpSoft Driver Updater\7z.dll	Driver_Updater_setup.tmp
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Runtimes\actcnc.exe	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Runtimes\Readme.txt	BonziBuddy432.exe
File created	C:\Program Files (x86)\PC HelpSoft Driver Updater\Extra\is-TU5AD.tmp	Driver_Updater_setup.tmp
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Polizoof\Thumbs.db	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\cb015.gif	BonziBuddy432.exe
File created	C:\Program Files (x86)\PC HelpSoft Driver Updater\is-2MV7U.tmp	Driver_Updater_setup.tmp
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Internet\page16.jpg	BonziBuddy432.exe
File created	C:\Program Files (x86)\PC HelpSoft Driver Updater\is-PIJ2K.tmp	Driver_Updater_setup.tmp
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Options\AutoShortcutsMaker.vbs	BonziBuddy432.exe
File created	C:\Program Files (x86)\BonziBuddy432\Uninstall.ini	BonziBuddy432.exe
File created	C:\Program Files (x86)\PC HelpSoft Driver Updater\Extra\is-G16II.tmp	Driver_Updater_setup.tmp
File opened for modification	C:\Program Files (x86)\PC HelpSoft Driver Updater\Extra\Portuguese.ini	DriverPro.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Alpha-net\page11.jpg	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\page16.jpg	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Alpha-net\sp004.gif	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Alpha-net\sp005.gif	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Internet\page10.jpg	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Internet\page14.jpg	BonziBuddy432.exe
File created	C:\Program Files (x86)\PC HelpSoft Driver Updater\is-H0V7N.tmp	Driver_Updater_setup.tmp
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Options\ManualDirPatcher.bat	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\cb012.gif	BonziBuddy432.exe

Drops file in Windows directory 63 IoCs

Processes:

MSAGENT.EXEtv_enua.exeBonziBuddy432.exePCHelpSoftDriverUpdater.exechrome.exe

description	ioc	Process
File created	C:\Windows\msagent\SETC142.tmp	MSAGENT.EXE
File created	C:\Windows\msagent\intl\SETC144.tmp	MSAGENT.EXE
File created	C:\Windows\msagent\SETC10E.tmp	MSAGENT.EXE
File created	C:\Windows\msagent\SETC10F.tmp	MSAGENT.EXE
File opened for modification	C:\Windows\INF\SETC122.tmp	MSAGENT.EXE
File opened for modification	C:\Windows\INF\SETEB7A.tmp	tv_enua.exe
File created	C:\Windows\INF\SETEB7A.tmp	tv_enua.exe
File created	C:\Windows\msagent\SETC10C.tmp	MSAGENT.EXE
File opened for modification	C:\Windows\msagent\SETC121.tmp	MSAGENT.EXE
File opened for modification	C:\Windows\msagent\chars\Bonzi.acs	BonziBuddy432.exe
File created	C:\Windows\fonts\SETEB79.tmp	tv_enua.exe
File opened for modification	C:\Windows\msagent\AgentAnm.dll	MSAGENT.EXE
File created	C:\Windows\msagent\SETC120.tmp	MSAGENT.EXE
File created	C:\Windows\lhsp\tv\SETEB77.tmp	tv_enua.exe
File created	C:\Windows\lhsp\help\SETEB78.tmp	tv_enua.exe
File opened for modification	C:\Windows\msagent\mslwvtts.dll	MSAGENT.EXE
File created	C:\Windows\lhsp\tv\SETEB76.tmp	tv_enua.exe
File opened for modification	C:\Windows\msagent\SETC10A.tmp	MSAGENT.EXE
File opened for modification	C:\Windows\msagent\SETC10C.tmp	MSAGENT.EXE
File opened for modification	C:\Windows\msagent\AgentSvr.exe	MSAGENT.EXE
File opened for modification	C:\Windows\msagent\AgentMPx.dll	MSAGENT.EXE
File opened for modification	C:\Windows\msagent\AgentPsh.dll	MSAGENT.EXE
File opened for modification	C:\Windows\INF\agtinst.inf	MSAGENT.EXE
File opened for modification	C:\Windows\msagent\AgtCtl15.tlb	MSAGENT.EXE
File created	C:\Windows\INF\c_volume.PNF	PCHelpSoftDriverUpdater.exe
File created	C:\Windows\INF\c_diskdrive.PNF	PCHelpSoftDriverUpdater.exe
File opened for modification	C:\Windows\lhsp\tv\tvenuax.dll	tv_enua.exe
File opened for modification	C:\Windows\lhsp\help\SETEB78.tmp	tv_enua.exe
File opened for modification	C:\Windows\msagent\SETC10D.tmp	MSAGENT.EXE
File opened for modification	C:\Windows\msagent\SETC10E.tmp	MSAGENT.EXE
File opened for modification	C:\Windows\help\Agt0409.hlp	MSAGENT.EXE
File opened for modification	C:\Windows\msagent\SETC145.tmp	MSAGENT.EXE
File created	C:\Windows\INF\c_processor.PNF	PCHelpSoftDriverUpdater.exe
File opened for modification	C:\Windows\msagent\chars\Peedy.acs	BonziBuddy432.exe
File created	C:\Windows\msagent\SETC121.tmp	MSAGENT.EXE
File created	C:\Windows\INF\c_monitor.PNF	PCHelpSoftDriverUpdater.exe
File opened for modification	C:\Windows\msagent\AgentCtl.dll	MSAGENT.EXE
File opened for modification	C:\Windows\msagent\SETC10F.tmp	MSAGENT.EXE
File created	C:\Windows\help\SETC143.tmp	MSAGENT.EXE
File opened for modification	C:\Windows\lhsp\tv\SETEB76.tmp	tv_enua.exe
File created	C:\Windows\INF\c_media.PNF	PCHelpSoftDriverUpdater.exe
File created	C:\Windows\INF\c_display.PNF	PCHelpSoftDriverUpdater.exe
File opened for modification	C:\Windows\msagent\SETC142.tmp	MSAGENT.EXE
File opened for modification	C:\Windows\fonts\andmoipa.ttf	tv_enua.exe
File opened for modification	C:\Windows\INF\tv_enua.inf	tv_enua.exe
File created	C:\Windows\msagent\SETC10B.tmp	MSAGENT.EXE
File opened for modification	C:\Windows\msagent\AgentDPv.dll	MSAGENT.EXE
File created	C:\Windows\msagent\SETC10D.tmp	MSAGENT.EXE
File opened for modification	C:\Windows\msagent\SETC120.tmp	MSAGENT.EXE
File opened for modification	C:\Windows\msagent\AgentSR.dll	MSAGENT.EXE
File opened for modification	C:\Windows\help\SETC143.tmp	MSAGENT.EXE
File opened for modification	C:\Windows\msagent\intl\Agt0409.dll	MSAGENT.EXE
File created	C:\Windows\msagent\SETC145.tmp	MSAGENT.EXE
File opened for modification	C:\Windows\SystemTemp	chrome.exe
File opened for modification	C:\Windows\msagent\SETC10B.tmp	MSAGENT.EXE
File opened for modification	C:\Windows\msagent\intl\SETC144.tmp	MSAGENT.EXE
File opened for modification	C:\Windows\lhsp\help\tv_enua.hlp	tv_enua.exe
File opened for modification	C:\Windows\msagent\AgentDp2.dll	MSAGENT.EXE
File created	C:\Windows\INF\SETC122.tmp	MSAGENT.EXE
File opened for modification	C:\Windows\lhsp\tv\SETEB77.tmp	tv_enua.exe
File opened for modification	C:\Windows\fonts\SETEB79.tmp	tv_enua.exe
File created	C:\Windows\msagent\SETC10A.tmp	MSAGENT.EXE
File opened for modification	C:\Windows\lhsp\tv\tv_enua.dll	tv_enua.exe

Subvert Trust Controls: Mark-of-the-Web Bypass 1 TTPs 1 IoCs

When files are downloaded from the Internet, they are tagged with a hidden NTFS Alternate Data Stream (ADS) named Zone.Identifier with a specific value known as the MOTW.

defense_evasion

SIP and Trust Provider Hijacking

T1553.003

Processes:

chrome.exe

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Driver_Updater_setup.exe:Zone.Identifier	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 25 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

Processes:

BonziBuddy432.execmd.exeMSAGENT.EXEDriver_Updater_setup.exeDriver_Updater_setup.tmpPCHelpSoftDriverUpdater.exeDriverPro.exePCHelpSoftDriverUpdater.exeregsvr32.exeregsvr32.exeAgentSvr.exegrpconv.exetv_enua.exeregsvr32.exeregsvr32.exegrpconv.exePCHelpSoftDriverUpdater.exeschtasks.exeregsvr32.exeregsvr32.exeregsvr32.exeschtasks.exePCHelpSoftDriverUpdater.exeregsvr32.exeregsvr32.exe

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BonziBuddy432.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MSAGENT.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Driver_Updater_setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Driver_Updater_setup.tmp
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	PCHelpSoftDriverUpdater.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	DriverPro.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	PCHelpSoftDriverUpdater.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	regsvr32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	regsvr32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AgentSvr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	grpconv.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	tv_enua.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	regsvr32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	regsvr32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	grpconv.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	PCHelpSoftDriverUpdater.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	schtasks.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	regsvr32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	regsvr32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	regsvr32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	schtasks.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	PCHelpSoftDriverUpdater.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	regsvr32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	regsvr32.exe

Checks SCSI registry key(s) 3 TTPs 64 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

PCHelpSoftDriverUpdater.exe

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Capabilities	PCHelpSoftDriverUpdater.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Driver	PCHelpSoftDriverUpdater.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0004\	PCHelpSoftDriverUpdater.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0065	PCHelpSoftDriverUpdater.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\UINumberDescFormat	PCHelpSoftDriverUpdater.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\000E	PCHelpSoftDriverUpdater.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\DeviceCharacteristics	PCHelpSoftDriverUpdater.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\000E	PCHelpSoftDriverUpdater.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0065\	PCHelpSoftDriverUpdater.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\FriendlyName	PCHelpSoftDriverUpdater.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Driver	PCHelpSoftDriverUpdater.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0064\	PCHelpSoftDriverUpdater.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000	PCHelpSoftDriverUpdater.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0004	PCHelpSoftDriverUpdater.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0004\	PCHelpSoftDriverUpdater.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0065\	PCHelpSoftDriverUpdater.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0002	PCHelpSoftDriverUpdater.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	PCHelpSoftDriverUpdater.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0003	PCHelpSoftDriverUpdater.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\000E\	PCHelpSoftDriverUpdater.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Mfg	PCHelpSoftDriverUpdater.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom	PCHelpSoftDriverUpdater.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Capabilities	PCHelpSoftDriverUpdater.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0002\	PCHelpSoftDriverUpdater.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0003	PCHelpSoftDriverUpdater.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0008\	PCHelpSoftDriverUpdater.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0003	PCHelpSoftDriverUpdater.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ParentIdPrefix	PCHelpSoftDriverUpdater.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\CompatibleIDs	PCHelpSoftDriverUpdater.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\000E\	PCHelpSoftDriverUpdater.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	PCHelpSoftDriverUpdater.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001	PCHelpSoftDriverUpdater.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0004	PCHelpSoftDriverUpdater.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0002	PCHelpSoftDriverUpdater.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\LocationInformation	PCHelpSoftDriverUpdater.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0003	PCHelpSoftDriverUpdater.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Service	PCHelpSoftDriverUpdater.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0009\	PCHelpSoftDriverUpdater.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\DeviceDesc	PCHelpSoftDriverUpdater.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0004	PCHelpSoftDriverUpdater.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0004\	PCHelpSoftDriverUpdater.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0004	PCHelpSoftDriverUpdater.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID	PCHelpSoftDriverUpdater.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0002\	PCHelpSoftDriverUpdater.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002	PCHelpSoftDriverUpdater.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\DeviceDesc	PCHelpSoftDriverUpdater.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0009	PCHelpSoftDriverUpdater.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0004	PCHelpSoftDriverUpdater.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	PCHelpSoftDriverUpdater.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000	PCHelpSoftDriverUpdater.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName	PCHelpSoftDriverUpdater.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags	PCHelpSoftDriverUpdater.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\DeviceCharacteristics	PCHelpSoftDriverUpdater.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0004\	PCHelpSoftDriverUpdater.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0064	PCHelpSoftDriverUpdater.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0064	PCHelpSoftDriverUpdater.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ParentIdPrefix	PCHelpSoftDriverUpdater.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\LocationInformation	PCHelpSoftDriverUpdater.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0002	PCHelpSoftDriverUpdater.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0003\	PCHelpSoftDriverUpdater.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Mfg	PCHelpSoftDriverUpdater.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	PCHelpSoftDriverUpdater.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0008	PCHelpSoftDriverUpdater.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\UINumberDescFormat	PCHelpSoftDriverUpdater.exe

Enumerates system info in registry 2 TTPs 8 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

PCHelpSoftDriverUpdater.exechrome.exe

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BaseBoardManufacturer	PCHelpSoftDriverUpdater.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BaseBoardProduct	PCHelpSoftDriverUpdater.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	PCHelpSoftDriverUpdater.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	PCHelpSoftDriverUpdater.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	PCHelpSoftDriverUpdater.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133733421634730541"	chrome.exe

Modifies registry class 64 IoCs

Processes:

BonziBuddy432.exeAgentSvr.exeregsvr32.exeregsvr32.exe

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{DCE47F78-8A6C-4C6D-A6F7-8BE4427127C4}\TypeLib\ = "{972DE6B5-8B09-11D2-B652-A1FD6CC34260}"	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F08DF953-8592-11D1-B16A-00C0F0283628}\TypeLib\ = "{831FDD16-0C5C-11D2-A9FC-0000F8754DA1}"	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{37DEB788-2D9B-11D3-9DD0-C423E6542E10}\TypeLib\Version = "1.0"	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{248DD890-BB45-11CF-9ABC-0080C7E7B78D}\1.0\0	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{065E6FE6-1BF9-11D2-BAE8-00104B9E0792}\ProgID\ = "Threed.SSRibbon.3"	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{F08DF954-8592-11D1-B16A-00C0F0283628}\InprocServer32\ThreadingModel = "Apartment"	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{065E6FE9-1BF9-11D2-BAE8-00104B9E0792}\InprocServer32\ThreadingModel = "Apartment"	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0A45DB4F-BD0D-11D2-8D14-00104B9E072A}\Implemented Categories\{0DE86A54-2BAA-11CF-A229-00AA003D7352}	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A7B93C91-7B81-11D0-AC5F-00C04FD97575}\ProxyStubClsid32	AgentSvr.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{53FA8D4C-2CDD-11D3-9DD0-D3CD4078982A}\TypeLib\Version = "1.0"	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}\TypeLib\ = "{48E59290-9880-11CF-9754-00AA00C00908}"	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F5BE8BDD-7DE6-11D0-91FE-00C04FD701A5}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\LWVFile\DefaultIcon\ = "C:\\Windows\\msagent\\mslwvtts.dll,-133"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{98BBE491-2EED-11D1-ACAC-00C04FD97575}\TypeLib\Version = "2.0"	AgentSvr.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A7B93C8B-7B81-11D0-AC5F-00C04FD97575}\TypeLib\ = "{A7B93C73-7B81-11D0-AC5F-00C04FD97575}"	AgentSvr.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{972DE6B5-8B09-11D2-B652-A1FD6CC34260}\1.0	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{4F7AE600-0142-11D3-9DCF-89BE4EFB591E}	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{C27CCE32-8596-11D1-B16A-00C0F0283628}\InprocServer32	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2C247F22-8591-11D1-B16A-00C0F0283628}\ProxyStubClsid32	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{F5BE8BC2-7DE6-11D0-91FE-00C04FD701A5}\2.0	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F5BE8BF0-7DE6-11D0-91FE-00C04FD701A5}\TypeLib\ = "{F5BE8BC2-7DE6-11D0-91FE-00C04FD701A5}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\ActiveSkin.ComMoveSize\CLSID\ = "{83C2D7A1-0DE6-11D3-9DCF-9423F1B2561C}"	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{322982E1-0855-11D3-9DCF-DDFB3AB09E18}\TypeLib\ = "{972DE6B5-8B09-11D2-B652-A1FD6CC34260}"	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{66833FED-8583-11D1-B16A-00C0F0283628}\TypeLib\Version = "2.0"	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{BDD1F053-858B-11D1-B16A-00C0F0283628}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{065E6FE9-1BF9-11D2-BAE8-00104B9E0792}\TypeLib	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{972DE6C2-8B09-11D2-B652-A1FD6CC34260}\MiscStatus	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\ActiveSkin.ComMorph\CLSID\ = "{322982E1-0855-11D3-9DCF-DDFB3AB09E18}"	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{66833FE6-8583-11D1-B16A-00C0F0283628}\VersionIndependentProgID	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{CDA1CA04-8B5D-11D0-9BC0-0000C0F04C96}\ = "ISSReturnBoolean"	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{BF1B5D50-3C5C-48CE-B991-0E86D26F6F5E}\ProgID\ = "ActiveSkin.ComProcTextures.1"	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{BDD1F04A-858B-11D1-B16A-00C0F0283628}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}"	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6D0ECB23-9968-11D0-AC6E-00C04FD97575}\TypeLib	AgentSvr.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{6B1BE804-567F-11D1-B652-0060976C699F}	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{065E6FE5-1BF9-11D2-BAE8-00104B9E0792}\ = "DSSRibbonEvents"	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{0A45DB4D-BD0D-11D2-8D14-00104B9E072A}\TypeLib	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F5BE8BD3-7DE6-11D0-91FE-00C04FD701A5}\TypeLib\ = "{F5BE8BC2-7DE6-11D0-91FE-00C04FD701A5}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\ActiveSkin.SkinStorage.1\ = "ActiveSkin.SkinStorage Class"	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6CFC9BA3-FE87-11D2-9DCF-ED29FAFE371D}\TypeLib\ = "{972DE6B5-8B09-11D2-B652-A1FD6CC34260}"	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{EB52CF7B-3917-11CE-80FB-0000C0C14E92}\ = "SSDateCombo Control"	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0A45DB4F-BD0D-11D2-8D14-00104B9E072A}\Implemented Categories\{0DE86A57-2BAA-11CF-A229-00AA003D7352}	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{08C75162-3C9C-11D1-91FE-00C04FD701A5}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	AgentSvr.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{8E3867A3-8586-11D1-B16A-00C0F0283628}\VersionIndependentProgID	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{368C5B10-6A0F-11CE-9425-0000C0C14E92}\InprocServer32\ = "C:\\PROGRA~2\\BONZIB~1\\SSCALA32.OCX"	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{E8671A88-E5DD-11CD-836C-0000C0C14E92}\InprocServer32	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{CDA1CA00-8B5D-11D0-9BC0-0000C0F04C96}\ProxyStubClsid32	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3C6D21D6-7470-4555-A8FB-6C2292B39C46}\ProgID	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{53FA8D4C-2CDD-11D3-9DD0-D3CD4078982A}\TypeLib\ = "{972DE6B5-8B09-11D2-B652-A1FD6CC34260}"	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1EFB6596-857C-11D1-B16A-00C0F0283628}\Implemented Categories\{0DE86A57-2BAA-11CF-A229-00AA003D7352}	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{C27CCE39-8596-11D1-B16A-00C0F0283628}\ = "StatusBar General Property Page Object"	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6BA90C01-3910-11D1-ACB3-00C04FD97575}\ProxyStubClsid32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6CFC9BA1-FE87-11D2-9DCF-ED29FAFE371D}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{065E6FE3-1BF9-11D2-BAE8-00104B9E0792}\TypeLib	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{B0913412-3B44-11D1-ACBA-00C04FD97575}\TypeLib	AgentSvr.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A7B93C85-7B81-11D0-AC5F-00C04FD97575}	AgentSvr.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\ActiveSkin.SkinScrollBar	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{35053A22-8589-11D1-B16A-00C0F0283628}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4}	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{66833FEB-8583-11D1-B16A-00C0F0283628}	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F08DF952-8592-11D1-B16A-00C0F0283628}\TypeLib	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{065E6FE1-1BF9-11D2-BAE8-00104B9E0792}\TypeLib\ = "{065E6FD1-1BF9-11D2-BAE8-00104B9E0792}"	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{322982E0-0855-11D3-9DCF-DDFB3AB09E18}\TypeLib\ = "{972DE6B5-8B09-11D2-B652-A1FD6CC34260}"	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{53FA8D42-2CDD-11D3-9DD0-D3CD4078982A}\TypeLib\ = "{972DE6B5-8B09-11D2-B652-A1FD6CC34260}"	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{66833FE5-8583-11D1-B16A-00C0F0283628}\ProxyStubClsid32	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{66833FE9-8583-11D1-B16A-00C0F0283628}\ProxyStubClsid32	BonziBuddy432.exe

NTFS ADS 2 IoCs

Processes:

chrome.exechrome.exe

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Driver_Updater_setup.exe:Zone.Identifier	chrome.exe
File opened for modification	C:\Users\Admin\Downloads\Bon.zip:Zone.Identifier	chrome.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

Processes:

chrome.exeDriver_Updater_setup.tmpPCHelpSoftDriverUpdater.exePCHelpSoftDriverUpdater.exeDriverPro.exePCHelpSoftDriverUpdater.exechrome.exePCHelpSoftDriverUpdater.exe

pid	Process
440	chrome.exe
440	chrome.exe
2960	Driver_Updater_setup.tmp
2960	Driver_Updater_setup.tmp
3544	PCHelpSoftDriverUpdater.exe
3544	PCHelpSoftDriverUpdater.exe
3544	PCHelpSoftDriverUpdater.exe
3544	PCHelpSoftDriverUpdater.exe
3544	PCHelpSoftDriverUpdater.exe
3544	PCHelpSoftDriverUpdater.exe
3544	PCHelpSoftDriverUpdater.exe
3544	PCHelpSoftDriverUpdater.exe
3544	PCHelpSoftDriverUpdater.exe
3544	PCHelpSoftDriverUpdater.exe
3544	PCHelpSoftDriverUpdater.exe
3544	PCHelpSoftDriverUpdater.exe
3544	PCHelpSoftDriverUpdater.exe
3544	PCHelpSoftDriverUpdater.exe
3544	PCHelpSoftDriverUpdater.exe
3544	PCHelpSoftDriverUpdater.exe
3544	PCHelpSoftDriverUpdater.exe
3544	PCHelpSoftDriverUpdater.exe
3544	PCHelpSoftDriverUpdater.exe
3544	PCHelpSoftDriverUpdater.exe
3544	PCHelpSoftDriverUpdater.exe
3544	PCHelpSoftDriverUpdater.exe
1292	PCHelpSoftDriverUpdater.exe
1292	PCHelpSoftDriverUpdater.exe
3380	DriverPro.exe
3380	DriverPro.exe
1292	PCHelpSoftDriverUpdater.exe
1292	PCHelpSoftDriverUpdater.exe
1292	PCHelpSoftDriverUpdater.exe
1292	PCHelpSoftDriverUpdater.exe
1292	PCHelpSoftDriverUpdater.exe
1292	PCHelpSoftDriverUpdater.exe
1292	PCHelpSoftDriverUpdater.exe
1292	PCHelpSoftDriverUpdater.exe
1292	PCHelpSoftDriverUpdater.exe
1292	PCHelpSoftDriverUpdater.exe
1292	PCHelpSoftDriverUpdater.exe
1292	PCHelpSoftDriverUpdater.exe
1292	PCHelpSoftDriverUpdater.exe
1292	PCHelpSoftDriverUpdater.exe
1292	PCHelpSoftDriverUpdater.exe
1292	PCHelpSoftDriverUpdater.exe
1292	PCHelpSoftDriverUpdater.exe
1292	PCHelpSoftDriverUpdater.exe
1292	PCHelpSoftDriverUpdater.exe
1292	PCHelpSoftDriverUpdater.exe
4428	PCHelpSoftDriverUpdater.exe
4428	PCHelpSoftDriverUpdater.exe
2984	chrome.exe
2984	chrome.exe
2984	chrome.exe
2984	chrome.exe
3788	PCHelpSoftDriverUpdater.exe
3788	PCHelpSoftDriverUpdater.exe
3788	PCHelpSoftDriverUpdater.exe
3788	PCHelpSoftDriverUpdater.exe
3788	PCHelpSoftDriverUpdater.exe
3788	PCHelpSoftDriverUpdater.exe
3788	PCHelpSoftDriverUpdater.exe
3788	PCHelpSoftDriverUpdater.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 25 IoCs

Processes:

chrome.exe

pid	Process
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	Process
Token: SeShutdownPrivilege	440	chrome.exe
Token: SeCreatePagefilePrivilege	440	chrome.exe
Token: SeShutdownPrivilege	440	chrome.exe
Token: SeCreatePagefilePrivilege	440	chrome.exe
Token: SeShutdownPrivilege	440	chrome.exe
Token: SeCreatePagefilePrivilege	440	chrome.exe
Token: SeShutdownPrivilege	440	chrome.exe
Token: SeCreatePagefilePrivilege	440	chrome.exe
Token: SeShutdownPrivilege	440	chrome.exe
Token: SeCreatePagefilePrivilege	440	chrome.exe
Token: SeShutdownPrivilege	440	chrome.exe
Token: SeCreatePagefilePrivilege	440	chrome.exe
Token: SeShutdownPrivilege	440	chrome.exe
Token: SeCreatePagefilePrivilege	440	chrome.exe
Token: SeShutdownPrivilege	440	chrome.exe
Token: SeCreatePagefilePrivilege	440	chrome.exe
Token: SeShutdownPrivilege	440	chrome.exe
Token: SeCreatePagefilePrivilege	440	chrome.exe
Token: SeShutdownPrivilege	440	chrome.exe
Token: SeCreatePagefilePrivilege	440	chrome.exe
Token: SeShutdownPrivilege	440	chrome.exe
Token: SeCreatePagefilePrivilege	440	chrome.exe
Token: SeShutdownPrivilege	440	chrome.exe
Token: SeCreatePagefilePrivilege	440	chrome.exe
Token: SeShutdownPrivilege	440	chrome.exe
Token: SeCreatePagefilePrivilege	440	chrome.exe
Token: SeShutdownPrivilege	440	chrome.exe
Token: SeCreatePagefilePrivilege	440	chrome.exe
Token: SeShutdownPrivilege	440	chrome.exe
Token: SeCreatePagefilePrivilege	440	chrome.exe
Token: SeShutdownPrivilege	440	chrome.exe
Token: SeCreatePagefilePrivilege	440	chrome.exe
Token: SeShutdownPrivilege	440	chrome.exe
Token: SeCreatePagefilePrivilege	440	chrome.exe
Token: SeShutdownPrivilege	440	chrome.exe
Token: SeCreatePagefilePrivilege	440	chrome.exe
Token: SeShutdownPrivilege	440	chrome.exe
Token: SeCreatePagefilePrivilege	440	chrome.exe
Token: SeShutdownPrivilege	440	chrome.exe
Token: SeCreatePagefilePrivilege	440	chrome.exe
Token: SeShutdownPrivilege	440	chrome.exe
Token: SeCreatePagefilePrivilege	440	chrome.exe
Token: SeShutdownPrivilege	440	chrome.exe
Token: SeCreatePagefilePrivilege	440	chrome.exe
Token: SeShutdownPrivilege	440	chrome.exe
Token: SeCreatePagefilePrivilege	440	chrome.exe
Token: SeShutdownPrivilege	440	chrome.exe
Token: SeCreatePagefilePrivilege	440	chrome.exe
Token: SeShutdownPrivilege	440	chrome.exe
Token: SeCreatePagefilePrivilege	440	chrome.exe
Token: SeShutdownPrivilege	440	chrome.exe
Token: SeCreatePagefilePrivilege	440	chrome.exe
Token: SeShutdownPrivilege	440	chrome.exe
Token: SeCreatePagefilePrivilege	440	chrome.exe
Token: SeShutdownPrivilege	440	chrome.exe
Token: SeCreatePagefilePrivilege	440	chrome.exe
Token: SeShutdownPrivilege	440	chrome.exe
Token: SeCreatePagefilePrivilege	440	chrome.exe
Token: SeShutdownPrivilege	440	chrome.exe
Token: SeCreatePagefilePrivilege	440	chrome.exe
Token: SeShutdownPrivilege	440	chrome.exe
Token: SeCreatePagefilePrivilege	440	chrome.exe
Token: SeShutdownPrivilege	440	chrome.exe
Token: SeCreatePagefilePrivilege	440	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

chrome.exeDriver_Updater_setup.tmpPCHelpSoftDriverUpdater.exe

pid	Process
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
2960	Driver_Updater_setup.tmp
4428	PCHelpSoftDriverUpdater.exe
4428	PCHelpSoftDriverUpdater.exe
4428	PCHelpSoftDriverUpdater.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe

Suspicious use of SendNotifyMessage 15 IoCs

Processes:

chrome.exePCHelpSoftDriverUpdater.exe

pid	Process
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
4428	PCHelpSoftDriverUpdater.exe
4428	PCHelpSoftDriverUpdater.exe
4428	PCHelpSoftDriverUpdater.exe

Suspicious use of SetWindowsHookEx 8 IoCs

Processes:

OpenWith.exechrome.exeBonziBuddy432.exeMSAGENT.EXEtv_enua.exeAgentSvr.exeMiniSearchHost.exe

pid	Process
1696	OpenWith.exe
440	chrome.exe
440	chrome.exe
3156	BonziBuddy432.exe
1156	MSAGENT.EXE
368	tv_enua.exe
1208	AgentSvr.exe
3580	MiniSearchHost.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	Process	procid_target
PID 440 wrote to memory of 3964	440	chrome.exe	86
PID 440 wrote to memory of 3964	440	chrome.exe	86
PID 440 wrote to memory of 3952	440	chrome.exe	87
PID 440 wrote to memory of 3952	440	chrome.exe	87
PID 440 wrote to memory of 3952	440	chrome.exe	87
PID 440 wrote to memory of 3952	440	chrome.exe	87
PID 440 wrote to memory of 3952	440	chrome.exe	87
PID 440 wrote to memory of 3952	440	chrome.exe	87
PID 440 wrote to memory of 3952	440	chrome.exe	87
PID 440 wrote to memory of 3952	440	chrome.exe	87
PID 440 wrote to memory of 3952	440	chrome.exe	87
PID 440 wrote to memory of 3952	440	chrome.exe	87
PID 440 wrote to memory of 3952	440	chrome.exe	87
PID 440 wrote to memory of 3952	440	chrome.exe	87
PID 440 wrote to memory of 3952	440	chrome.exe	87
PID 440 wrote to memory of 3952	440	chrome.exe	87
PID 440 wrote to memory of 3952	440	chrome.exe	87
PID 440 wrote to memory of 3952	440	chrome.exe	87
PID 440 wrote to memory of 3952	440	chrome.exe	87
PID 440 wrote to memory of 3952	440	chrome.exe	87
PID 440 wrote to memory of 3952	440	chrome.exe	87
PID 440 wrote to memory of 3952	440	chrome.exe	87
PID 440 wrote to memory of 3952	440	chrome.exe	87
PID 440 wrote to memory of 3952	440	chrome.exe	87
PID 440 wrote to memory of 3952	440	chrome.exe	87
PID 440 wrote to memory of 3952	440	chrome.exe	87
PID 440 wrote to memory of 3952	440	chrome.exe	87
PID 440 wrote to memory of 3952	440	chrome.exe	87
PID 440 wrote to memory of 3952	440	chrome.exe	87
PID 440 wrote to memory of 3952	440	chrome.exe	87
PID 440 wrote to memory of 3952	440	chrome.exe	87
PID 440 wrote to memory of 3952	440	chrome.exe	87
PID 440 wrote to memory of 4036	440	chrome.exe	88
PID 440 wrote to memory of 4036	440	chrome.exe	88
PID 440 wrote to memory of 752	440	chrome.exe	89
PID 440 wrote to memory of 752	440	chrome.exe	89
PID 440 wrote to memory of 752	440	chrome.exe	89
PID 440 wrote to memory of 752	440	chrome.exe	89
PID 440 wrote to memory of 752	440	chrome.exe	89
PID 440 wrote to memory of 752	440	chrome.exe	89
PID 440 wrote to memory of 752	440	chrome.exe	89
PID 440 wrote to memory of 752	440	chrome.exe	89
PID 440 wrote to memory of 752	440	chrome.exe	89
PID 440 wrote to memory of 752	440	chrome.exe	89
PID 440 wrote to memory of 752	440	chrome.exe	89
PID 440 wrote to memory of 752	440	chrome.exe	89
PID 440 wrote to memory of 752	440	chrome.exe	89
PID 440 wrote to memory of 752	440	chrome.exe	89
PID 440 wrote to memory of 752	440	chrome.exe	89
PID 440 wrote to memory of 752	440	chrome.exe	89
PID 440 wrote to memory of 752	440	chrome.exe	89
PID 440 wrote to memory of 752	440	chrome.exe	89
PID 440 wrote to memory of 752	440	chrome.exe	89
PID 440 wrote to memory of 752	440	chrome.exe	89
PID 440 wrote to memory of 752	440	chrome.exe	89
PID 440 wrote to memory of 752	440	chrome.exe	89
PID 440 wrote to memory of 752	440	chrome.exe	89
PID 440 wrote to memory of 752	440	chrome.exe	89
PID 440 wrote to memory of 752	440	chrome.exe	89
PID 440 wrote to memory of 752	440	chrome.exe	89
PID 440 wrote to memory of 752	440	chrome.exe	89
PID 440 wrote to memory of 752	440	chrome.exe	89
PID 440 wrote to memory of 752	440	chrome.exe	89
PID 440 wrote to memory of 752	440	chrome.exe	89

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\main.go
1⤵
PID:1764

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:1696

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:440
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff8ec0fcc40,0x7ff8ec0fcc4c,0x7ff8ec0fcc58
  2⤵
  PID:3964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1828,i,736307454345737085,17074239584193065386,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1824 /prefetch:2
  2⤵
  PID:3952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2052,i,736307454345737085,17074239584193065386,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2128 /prefetch:3
  2⤵
  PID:4036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2208,i,736307454345737085,17074239584193065386,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2172 /prefetch:8
  2⤵
  PID:752
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3128,i,736307454345737085,17074239584193065386,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3136 /prefetch:1
  2⤵
  PID:2412
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3144,i,736307454345737085,17074239584193065386,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3184 /prefetch:1
  2⤵
  PID:4860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4420,i,736307454345737085,17074239584193065386,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3588 /prefetch:1
  2⤵
  PID:2272
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4676,i,736307454345737085,17074239584193065386,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4456 /prefetch:8
  2⤵
  PID:3896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3576,i,736307454345737085,17074239584193065386,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4748 /prefetch:8
  2⤵
  PID:3152
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4412,i,736307454345737085,17074239584193065386,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4700 /prefetch:8
  2⤵
  PID:660
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4640,i,736307454345737085,17074239584193065386,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4700 /prefetch:8
  2⤵
  PID:4980
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=4336,i,736307454345737085,17074239584193065386,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3736 /prefetch:1
  2⤵
  PID:680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=3476,i,736307454345737085,17074239584193065386,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3448 /prefetch:1
  2⤵
  PID:3896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=3256,i,736307454345737085,17074239584193065386,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4976 /prefetch:1
  2⤵
  PID:3452
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=3468,i,736307454345737085,17074239584193065386,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4400 /prefetch:1
  2⤵
  PID:1408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=3304,i,736307454345737085,17074239584193065386,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5332 /prefetch:1
  2⤵
  PID:2076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=5220,i,736307454345737085,17074239584193065386,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3492 /prefetch:1
  2⤵
  PID:5004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=3176,i,736307454345737085,17074239584193065386,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5436 /prefetch:1
  2⤵
  PID:4636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=3224,i,736307454345737085,17074239584193065386,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5696 /prefetch:1
  2⤵
  PID:236
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=3272,i,736307454345737085,17074239584193065386,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5536 /prefetch:1
  2⤵
  PID:1988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=4408,i,736307454345737085,17074239584193065386,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5072 /prefetch:1
  2⤵
  PID:4216
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --field-trial-handle=3780,i,736307454345737085,17074239584193065386,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5144 /prefetch:1
  2⤵
  PID:3000
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --field-trial-handle=3440,i,736307454345737085,17074239584193065386,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3528 /prefetch:1
  2⤵
  PID:4660
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --field-trial-handle=5384,i,736307454345737085,17074239584193065386,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5516 /prefetch:1
  2⤵
  PID:2656
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=6020,i,736307454345737085,17074239584193065386,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6040 /prefetch:8
  2⤵
  PID:4836
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=6024,i,736307454345737085,17074239584193065386,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6188 /prefetch:8
  2⤵
  PID:2076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5988,i,736307454345737085,17074239584193065386,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6032 /prefetch:8
  2⤵
  - Subvert Trust Controls: Mark-of-the-Web Bypass
  - NTFS ADS
  PID:4468
- C:\Users\Admin\Downloads\Driver_Updater_setup.exe
  "C:\Users\Admin\Downloads\Driver_Updater_setup.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:3312
- - C:\Users\Admin\AppData\Local\Temp\is-H35QK.tmp\Driver_Updater_setup.tmp
    "C:\Users\Admin\AppData\Local\Temp\is-H35QK.tmp\Driver_Updater_setup.tmp" /SL5="$A005A,5854474,811008,C:\Users\Admin\Downloads\Driver_Updater_setup.exe"
    3⤵
    - Executes dropped EXE
    - Drops file in Program Files directory
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of FindShellTrayWindow
    PID:2960
  - - C:\Program Files (x86)\PC HelpSoft Driver Updater\PCHelpSoftDriverUpdater.exe
      "C:\Program Files (x86)\PC HelpSoft Driver Updater\PCHelpSoftDriverUpdater.exe" /INSTALL
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      PID:3544
    - - C:\Windows\SysWOW64\schtasks.exe
        
        "C:\Windows\System32\schtasks.exe" /Delete /TN "PC HelpSoft Driver Updater Schedule" /F
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2944
    - - C:\Windows\SysWOW64\schtasks.exe
        
        "C:\Windows\System32\schtasks.exe" /Delete /TN "PC HelpSoft Driver Updater Monitoring" /F
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3500
  - - C:\Program Files (x86)\PC HelpSoft Driver Updater\PCHelpSoftDriverUpdater.exe
      "C:\Program Files (x86)\PC HelpSoft Driver Updater\PCHelpSoftDriverUpdater.exe" /START /INSTALLED
      4⤵
      Checks computer location settings
      Executes dropped EXE
      Loads dropped DLL
      Checks system information in the registry
      Drops file in System32 directory
      Drops file in Windows directory
      System Location Discovery: System Language Discovery
      Checks SCSI registry key(s)
      Enumerates system info in registry
      Suspicious behavior: EnumeratesProcesses
      PID:1292
    - - C:\Program Files (x86)\PC HelpSoft Driver Updater\PCHelpSoftDriverUpdater.exe
        
        "C:\Program Files (x86)\PC HelpSoft Driver Updater\PCHelpSoftDriverUpdater.exe" /TRAY
        5⤵
        Checks computer location settings
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:4428
    - - C:\Users\Admin\AppData\Local\Temp\tmp452.tmp_collect\PCHelpSoftDriverUpdater.exe
        
        "C:\Users\Admin\AppData\Local\Temp\tmp452.tmp_collect\PCHelpSoftDriverUpdater.exe" /COLLECT
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        
        PID:3788
  - - C:\Program Files (x86)\PC HelpSoft Driver Updater\Extra\DriverPro.exe
      "C:\Program Files (x86)\PC HelpSoft Driver Updater\Extra\DriverPro.exe"
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Drops file in Program Files directory
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      PID:3380
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --field-trial-handle=6612,i,736307454345737085,17074239584193065386,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5560 /prefetch:1
  2⤵
  PID:3416
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --field-trial-handle=6956,i,736307454345737085,17074239584193065386,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=7032 /prefetch:1
  2⤵
  PID:1832
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --field-trial-handle=7164,i,736307454345737085,17074239584193065386,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=7152 /prefetch:1
  2⤵
  PID:4884
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=7156,i,736307454345737085,17074239584193065386,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=7068 /prefetch:8
  2⤵
  PID:5028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=6092,i,736307454345737085,17074239584193065386,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=7284 /prefetch:8
  2⤵
  PID:3172
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --field-trial-handle=7412,i,736307454345737085,17074239584193065386,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=7312 /prefetch:1
  2⤵
  PID:1040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --field-trial-handle=7204,i,736307454345737085,17074239584193065386,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=7136 /prefetch:1
  2⤵
  PID:808
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --field-trial-handle=7060,i,736307454345737085,17074239584193065386,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6852 /prefetch:1
  2⤵
  PID:2496
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1168,i,736307454345737085,17074239584193065386,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=7400 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2984
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=6896,i,736307454345737085,17074239584193065386,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5516 /prefetch:8
  2⤵
  - NTFS ADS
  PID:2568
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --field-trial-handle=6100,i,736307454345737085,17074239584193065386,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4992 /prefetch:1
  2⤵
  PID:2168
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --field-trial-handle=7352,i,736307454345737085,17074239584193065386,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=7448 /prefetch:1
  2⤵
  PID:3192
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --field-trial-handle=7440,i,736307454345737085,17074239584193065386,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5748 /prefetch:1
  2⤵
  PID:1060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=6752,i,736307454345737085,17074239584193065386,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5216 /prefetch:8
  2⤵
  PID:4512
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5460,i,736307454345737085,17074239584193065386,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=7312 /prefetch:8
  2⤵
  PID:3912

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:1996

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4844

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3664

C:\Users\Admin\Downloads\Bon\BonziBuddy432.exe
"C:\Users\Admin\Downloads\Bon\BonziBuddy432.exe"
1⤵
- Loads dropped DLL
- Drops file in Program Files directory
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:3156
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Program Files (x86)\BonziBuddy432\Runtimes\CheckRuntimes.bat" "
  2⤵
  - System Location Discovery: System Language Discovery
  PID:3052
- - C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE
    MSAGENT.EXE
    3⤵
    - Boot or Logon Autostart Execution: Active Setup
    - Executes dropped EXE
    - Loads dropped DLL
    - Drops file in Windows directory
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:1156
  - - C:\Windows\SysWOW64\regsvr32.exe
      regsvr32 /s "C:\Windows\msagent\AgentCtl.dll"
      4⤵
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      Modifies registry class
      PID:4284
  - - C:\Windows\SysWOW64\regsvr32.exe
      regsvr32 /s "C:\Windows\msagent\AgentDPv.dll"
      4⤵
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      PID:1476
  - - C:\Windows\SysWOW64\regsvr32.exe
      regsvr32 /s "C:\Windows\msagent\mslwvtts.dll"
      4⤵
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      Modifies registry class
      PID:4868
  - - C:\Windows\SysWOW64\regsvr32.exe
      regsvr32 /s "C:\Windows\msagent\AgentDP2.dll"
      4⤵
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      PID:920
  - - C:\Windows\SysWOW64\regsvr32.exe
      regsvr32 /s "C:\Windows\msagent\AgentMPx.dll"
      4⤵
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      PID:2984
  - - C:\Windows\SysWOW64\regsvr32.exe
      regsvr32 /s "C:\Windows\msagent\AgentSR.dll"
      4⤵
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      PID:712
  - - C:\Windows\SysWOW64\regsvr32.exe
      regsvr32 /s "C:\Windows\msagent\AgentPsh.dll"
      4⤵
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      PID:3676
  - - C:\Windows\msagent\AgentSvr.exe
      "C:\Windows\msagent\AgentSvr.exe" /regserver
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Modifies registry class
      Suspicious use of SetWindowsHookEx
      PID:1208
  - - C:\Windows\SysWOW64\grpconv.exe
      grpconv.exe -o
      4⤵
      System Location Discovery: System Language Discovery
      PID:1424
- - C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe
    tv_enua.exe
    3⤵
    - Boot or Logon Autostart Execution: Active Setup
    - Executes dropped EXE
    - Loads dropped DLL
    - Adds Run key to start application
    - Drops file in System32 directory
    - Drops file in Windows directory
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:368
  - - C:\Windows\SysWOW64\regsvr32.exe
      regsvr32 /s C:\Windows\lhsp\tv\tv_enua.dll
      4⤵
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      PID:1180
  - - C:\Windows\SysWOW64\regsvr32.exe
      regsvr32 /s C:\Windows\lhsp\tv\tvenuax.dll
      4⤵
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      PID:2404
  - - C:\Windows\SysWOW64\grpconv.exe
      grpconv.exe -o
      4⤵
      System Location Discovery: System Language Discovery
      PID:3040

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
1⤵
- Suspicious use of SetWindowsHookEx
PID:3580

C:\Windows\system32\BackgroundTransferHost.exe
"BackgroundTransferHost.exe" -ServerName:BackgroundTransferHost.13
1⤵
PID:3068

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Active Setup

T1547.014

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Active Setup

T1547.014

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

SIP and Trust Provider Hijacking

T1553.003

Credential Access

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\BonziBuddy432\ActiveSkin.ocx

Filesize
336KB

MD5
3d225d8435666c14addf17c14806c355

SHA1
262a951a98dd9429558ed35f423babe1a6cce094

SHA256
2c8f92dc16cbf13542ddd3bf0a947cf84b00fed83a7124b830ddefa92f939877

SHA512
391df24c6427b4011e7d61b644953810e392525743914413c2e8cf5fce4a593a831cfab489fbb9517b6c0e7ef0483efb8aeaad0a18543f0da49fa3125ec971e1

Download Submit
C:\Program Files (x86)\BonziBuddy432\BonziBDY_2.EXE

Filesize
796KB

MD5
8a30bd00d45a659e6e393915e5aef701

SHA1
b00c31de44328dd71a70f0c8e123b56934edc755

SHA256
1e2994763a7674a0f1ec117dae562b05b614937ff61c83b316b135afab02d45a

SHA512
daf92e61e75382e1da0e2aba9466a9e4d9703a129a147f0b3c71755f491c68f89ad67cfb4dd013580063d664b69c8673fb52c02d34b86d947e9f16072b7090fb

Download Submit
C:\Program Files (x86)\BonziBuddy432\BonziBDY_35.EXE

Filesize
2.5MB

MD5
73feeab1c303db39cbe35672ae049911

SHA1
c14ce70e1b3530811a8c363d246eb43fc77b656c

SHA256
88c03817ae8dfc5fc9e6ffd1cfb5b829924988d01cd472c1e64952c5398866e8

SHA512
73f37dee83664ce31522f732bf819ed157865a2a551a656a7a65d487c359a16c82bd74acff2b7a728bb5f52d53f4cfbea5bef36118128b0d416fa835053f7153

Download Submit
C:\Program Files (x86)\BonziBuddy432\BonziBDY_4.EXE

Filesize
3.2MB

MD5
93f3ed21ad49fd54f249d0d536981a88

SHA1
ffca7f3846e538be9c6da1e871724dd935755542

SHA256
5678fd744faddb30a87568ae309066ef88102a274fff62f10e4963350da373bc

SHA512
7923556c6d6feb4ff4253e853bae3675184eab9b8ce4d4e07f356c8624317801ee807ad5340690196a975824ea3ed500ce6a80c7670f19785139be594fa5e70f

Download Submit
C:\Program Files (x86)\BonziBuddy432\BonziCheckers.ocx

Filesize
152KB

MD5
66551c972574f86087032467aa6febb4

SHA1
5ad1fe1587a0c31bb74af20d09a1c7d3193ec3c9

SHA256
9028075603c66ca2e906ecac3275e289d8857411a288c992e8eef793ed71a75b

SHA512
35c1f500e69cdd12ec6a3c5daef737a3b57b48a44df6c120a0504d340e0f721d34121595ed396dc466a8f9952a51395912d9e141ad013000f5acb138b2d41089

Download Submit
C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Internet\page17.jpg

Filesize
50KB

MD5
e8f52918072e96bb5f4c573dbb76d74f

SHA1
ba0a89ed469de5e36bd4576591ee94db2c7f8909

SHA256
473a890da22defb3fbd643246b3fa0d6d34939ac469cd4f48054ee2a0bc33d82

SHA512
d57dd0a9686696487d268ef2be2ec2d3b97baedf797a63676da5a8a4165cda89540ec2d3b9e595397cbf53e69dcce76f7249f5eeff041947146ca7bf4099819f

Download Submit
C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Internet\page18.jpg

Filesize
45KB

MD5
108fd5475c19f16c28068f67fc80f305

SHA1
4e1980ba338133a6fadd5fda4ffe6d4e8a039033

SHA256
03f269cd40809d7ec94f5fa4fff1033a624e849179962693cdc2c37d7904233b

SHA512
98c8743b5af89ec0072b70de8a0babfb5aff19bafa780d6ce99c83721b65a80ec310a4fe9db29a4bb50c2454c34de62c029a83b70d0a9df9b180159ea6cad83a

Download Submit
C:\Program Files (x86)\BonziBuddy432\MSCOMCTL.OCX

Filesize
1.0MB

MD5
12c2755d14b2e51a4bb5cbdfc22ecb11

SHA1
33f0f5962dbe0e518fe101fa985158d760f01df1

SHA256
3b6ccdb560d7cd4748e992bd82c799acd1bbcfc922a13830ca381d976ffcccaf

SHA512
4c9b16fb4d787145f6d65a34e1c4d5c6eb07bff4c313a35f5efa9dce5a840c1da77338c92346b1ad68eeb59ef37ef18a9d6078673c3543656961e656466699cf

Download Submit
C:\Program Files (x86)\BonziBuddy432\MSINET.OCX

Filesize
112KB

MD5
7bec181a21753498b6bd001c42a42722

SHA1
3249f233657dc66632c0539c47895bfcee5770cc

SHA256
73da54b69911bdd08ea8bbbd508f815ef7cfa59c4684d75c1c602252ec88ee31

SHA512
d671e25ae5e02a55f444d253f0e4a42af6a5362d9759fb243ad6d2c333976ab3e98669621ec0850ad915ee06acbe8e70d77b084128fc275462223f4f5ab401bc

Download Submit
C:\Program Files (x86)\BonziBuddy432\MSWINSCK.OCX

Filesize
105KB

MD5
9484c04258830aa3c2f2a70eb041414c

SHA1
b242a4fb0e9dcf14cb51dc36027baff9a79cb823

SHA256
bf7e47c16d7e1c0e88534f4ef95e09d0fd821ed1a06b0d95a389b35364b63ff5

SHA512
9d0e9f0d88594746ba41ea4a61a53498619eda596e12d8ec37d01cfe8ceb08be13e3727c83d630a6d9e6d03066f62444bb94ea5a0d2ed9d21a270e612db532a0

Download Submit
C:\Program Files (x86)\BonziBuddy432\Regicon.ocx

Filesize
76KB

MD5
32ff40a65ab92beb59102b5eaa083907

SHA1
af2824feb55fb10ec14ebd604809a0d424d49442

SHA256
07e91d8ed149d5cd6d48403268a773c664367bce707a99e51220e477fddeeb42

SHA512
2cfc5c6cb4677ff61ec3b6e4ef8b8b7f1775cbe53b245d321c25cfec363b5b4975a53e26ef438e07a4a5b08ad1dde1387970d57d1837e653d03aef19a17d2b43

Download Submit
C:\Program Files (x86)\BonziBuddy432\Runtimes\CheckRuntimes.bat

Filesize
279B

MD5
4877f2ce2833f1356ae3b534fce1b5e3

SHA1
7365c9ef5997324b73b1ff0ea67375a328a9646a

SHA256
8ae1ed38bc650db8b14291e1b7298ee7580b31e15f8a6a84f78f048a542742ff

SHA512
dd43ede5c3f95543bcc8086ec8209a27aadf1b61543c8ee1bb3eab9bc35b92c464e4132b228b12b244fb9625a45f5d4689a45761c4c5263aa919564664860c5e

Download Submit
C:\Program Files (x86)\BonziBuddy432\SSCALA32.OCX

Filesize
472KB

MD5
ce9216b52ded7e6fc63a50584b55a9b3

SHA1
27bb8882b228725e2a3793b4b4da3e154d6bb2ea

SHA256
8e52ef01139dc448d1efd33d1d9532f852a74d05ee87e8e93c2bb0286a864e13

SHA512
444946e5fc3ea33dd4a09b4cbf2d41f52d584eb5b620f5e144de9a79186e2c9d322d6076ed28b6f0f6d0df9ef4f7303e3901ff552ed086b70b6815abdfc23af7

Download Submit
C:\Program Files (x86)\BonziBuddy432\SSCALB32.OCX

Filesize
320KB

MD5
97ffaf46f04982c4bdb8464397ba2a23

SHA1
f32e89d9651fd6e3af4844fd7616a7f263dc5510

SHA256
5db33895923b7af9769ca08470d0462ed78eec432a4022ff0acc24fa2d4666e1

SHA512
8c43872396f5dceb4ba153622665e21a9b52a087987eab523b1041031e294687012d7bf88a3da7998172010eae5f4cc577099980ecd6b75751e35cfc549de002

Download Submit
C:\Program Files (x86)\BonziBuddy432\Uninstall.exe

Filesize
65KB

MD5
068ace391e3c5399b26cb9edfa9af12f

SHA1
568482d214acf16e2f5522662b7b813679dcd4c7

SHA256
2288f4f42373affffbaa63ce2fda9bb071fd7f14dbcd04f52d3af3a219b03485

SHA512
0ba89fcdbb418ea6742eeb698f655206ed3b84c41ca53d49c06d30baed13ac4dfdb4662b53c05a28db0a2335aa4bc588635b3b205cfc36d8a55edfc720ac4b03

Download Submit
C:\Program Files (x86)\BonziBuddy432\ssa3d30.ocx

Filesize
320KB

MD5
48c35ed0a09855b29d43f11485f8423b

SHA1
46716282cc5e0f66cb96057e165fa4d8d60fbae2

SHA256
7a0418b76d00665a71d13a30d838c3e086304bacd10d764650d2a5d2ec691008

SHA512
779938ec9b0f33f4cbd5f1617bea7925c1b6d794e311737605e12cd7efa5a14bbc48bee85208651cf442b84133be26c4cc8a425d0a3b5b6ad2dc27227f524a99

Download Submit
C:\Program Files (x86)\BonziBuddy432\sstabs2.ocx

Filesize
288KB

MD5
7303efb737685169328287a7e9449ab7

SHA1
47bfe724a9f71d40b5e56811ec2c688c944f3ce7

SHA256
596f3235642c9c968650194065850ecb02c8c524d2bdcaf6341a01201e0d69be

SHA512
e0d9cb9833725e0cdc7720e9d00859d93fc51a26470f01a0c08c10fa940ed23df360e093861cf85055b8a588bb2cac872d1be69844a6c754ac8ed5bfaf63eb03

Download Submit
C:\Program Files (x86)\PC HelpSoft Driver Updater\English.ini

Filesize
50KB

MD5
f5b8c34947247058f621bdf996c3cc53

SHA1
6d306b9744feb2678a14061cb66f1e7f51a4c14a

SHA256
d65a51902e7dc17956fd538e021fa7895fbcf542764948a8030e96a9ab1d6442

SHA512
f4445293dfe5227f2dec56cffcae26eab5935ed9be98f71fe19ebccefcda641202245f959f25c5a9e331bbf76f382f7f5c59d52d468af732bc9acd0f6dd2d9f6

Download Submit
C:\Program Files (x86)\PC HelpSoft Driver Updater\Extra\Brazilian.ini

Filesize
17KB

MD5
59fdee32d3f9b78f5584b0f41b0fd6f7

SHA1
cd29d4fd4868027203e05aaac7540e3b56b76ae3

SHA256
030e0280563f4e6cc76dc47fa8143fe2cae26684bf657e836fa250d6a44f8710

SHA512
f94e38fe71227f055830124baa9b2aa5707ff4680f527bd10a71a73f43e5888056ec83ce77bc3097ed945d89861efdf44d2450fb905388bc09c4fb00c341e2ea

Download Submit
C:\Program Files (x86)\PC HelpSoft Driver Updater\Extra\Danish.ini

Filesize
16KB

MD5
e105e39bd46b29fc3d9c8a45cc93b1a8

SHA1
e8d29b02e57e223feea62b0bae930df9af064dd1

SHA256
338afdb73932bfbd15c2627df805c5838efc1a0e624e84e7311389bdfb1fd54e

SHA512
873f1cb99e02885a9f85b8ced3c0dd404f652b974f421bef77e223fe590488cf1202a55f48f784793cb34f68565a31e06d52496ba3aad8b52ff1287816c1ee09

Download Submit
C:\Program Files (x86)\PC HelpSoft Driver Updater\Extra\DriverPro.exe

Filesize
5.2MB

MD5
98ff049770433852a64f027caa567e71

SHA1
1c2589dfb5bea24fb439c333f1fe7bfb9719bd20

SHA256
012da8993f671af5ff41ea38577a25822268763b766b17fa88398ec23e34aee5

SHA512
c569301533bf64b5072d49bcd7a82f2c57dc877158345c2c8056842b98288935aa088a96edaf5f2d955a984d8087013760307e4a18b52a5c7892269c6b3e09d2

Download Submit
C:\Program Files (x86)\PC HelpSoft Driver Updater\Extra\Dutch.ini

Filesize
17KB

MD5
094069998ccb29d5a56a4e605394a639

SHA1
440b4ecbff42c32d1ea1f299001f38675ac0190e

SHA256
c2b9ef60261365303b536258831c93fc1804e09e1bb01a02b010fa7878cbd22e

SHA512
6e6f443e6b744e2b62989cb92e8bb7561e5ef8aaef46dea35529107bdbce028894d0e8a150fd66f7ff1b287dce086fcf3b9f8defe3b985e73ae74bfb2431d21f

Download Submit
C:\Program Files (x86)\PC HelpSoft Driver Updater\Extra\English.ini

Filesize
15KB

MD5
1b2ffa92f211d9d0b7cdb536e99ce4b3

SHA1
ec5b4885556194540bdb4a0166adbd081b591fae

SHA256
10d7845b4f5ce17da1115eb60b054adaa32f424e349b21d8a46682eecc1b835e

SHA512
86ac865a88a438bb4035b0b5473354b8aecd9963a79c67f5725813a585a0b94eb1ed049903fc5e8d8495d274fd23b88bdc7ac7c263e4c18e1c2492066873fa79

Download Submit
C:\Program Files (x86)\PC HelpSoft Driver Updater\Extra\Finnish.ini

Filesize
17KB

MD5
07ace8db776a5db0a639fa6be292a277

SHA1
11b8003a8a5382b8e3dcd3b002b9de254f4c83d4

SHA256
e6524a50756ca57f607acba31184b493d04030b31455ecd7d9ecdd9f875a6805

SHA512
345071223110b19bb0b06e261929be7fd9c9249e7960296ad471bd86c28c605c5f9b9c3d3bd0123e4fb6d59badf80f077882b06cd78f0d6a4a47ecc035d2a348

Download Submit
C:\Program Files (x86)\PC HelpSoft Driver Updater\Extra\French.ini

Filesize
18KB

MD5
d0d011e52fb74218b602003c376d94b3

SHA1
3024e6bd626d6dc3a684295e733eac740d2c53fe

SHA256
0895c6e68dd04cdc888e93a82b60d59d807eb24b8002c2bdc8998bacc6246bee

SHA512
8ebd6f8e6dc9b987c161d44b505e29b1840442cc2b46e67239a3aa33e1fa2257b9726c36a9527e0e9f17001ca02272f7ddf5676b36ec27472936a5c8f30c8eb1

Download Submit
C:\Program Files (x86)\PC HelpSoft Driver Updater\Extra\German.ini

Filesize
18KB

MD5
9f25fbf2d9d6db03a387895b9ad147b4

SHA1
42ffa865b058e4dbe41059c5c03b09ebe41cb7a6

SHA256
67d2a2452dd77fa8deda9e1d5cf5710eeadc5ef29a85b7aac690420db2cbb62d

SHA512
3b935261a4180e58464886355123193edf446512ecb61b941e3cffc2062ea51399802a4873760e35696e35afedfb9e647a904927f2cf4171e64b040bc29230a5

Download Submit
C:\Program Files (x86)\PC HelpSoft Driver Updater\Extra\Italian.ini

Filesize
17KB

MD5
123b66fc5bdda63a8bba1b580511f6ac

SHA1
abba14dfa8c91c0c98a2659a9e6751cb98383921

SHA256
f809d4ea37d7c1d42c5d8ffe55b1bdeaa9065b2313b53810400297f70efecd44

SHA512
2a942d9cbf31b3e6a30f66c6445ffe1c18582826c0a9f1d35268e99193b590762adc9f6aa14498b39285da873ea3b6ec87a3c48a79eafe7c4c2bfdc8634910f3

Download Submit
C:\Program Files (x86)\PC HelpSoft Driver Updater\Extra\Japanese.ini

Filesize
21KB

MD5
daba71201d5e8859ff518008a23bf1fe

SHA1
f583f65604c1793d90c5b4ba72145f45af0894d7

SHA256
cb73b7514d23b9958735a8bfdecbd5d77571be9cc23da9bb9724b01b9116e602

SHA512
d187f38e7ab632656bb5fc3baae5bbbcf521a9f612e09dd03c536bd0c03482eb7a42116380aec1bfbf2b462f88c86cd7c29cc02e4f0030f2153edabf1e031dd4

Download Submit
C:\Program Files (x86)\PC HelpSoft Driver Updater\Extra\Korean.ini

Filesize
18KB

MD5
a1aaaf95ea726ad6d5bb5e3ec030be59

SHA1
f1b2341983c7d2a0a81b7f5786865219aeb22ca4

SHA256
52bac3272f720b51fad93ac34cb9f244522752e82c833c7eb6edebb960d32369

SHA512
c3db2fb4378733d7cca8d7dee651cb096fc6cf01dca8203643aa8cd9a6db0f411b222321ea51aac8361e2bd732c546a6cf7eb5f7cfca5f1e34692fd1e5dfd48e

Download Submit
C:\Program Files (x86)\PC HelpSoft Driver Updater\Extra\Norwegian.ini

Filesize
16KB

MD5
1f35efcde6db4dec93c94bba45be4542

SHA1
359a683c1c959c0ad5cf7f7ead2a463fe4747842

SHA256
1902747d9c60329c5752b869c1adf85c701b533471cf3c6c980f736d7551c4c4

SHA512
d243d4ecaee6ad2ef06a73291db82ca9763b1d8f7a93c0f07b2b0f7b71a85b5773cfd99962aed6b2c600d86a228a5dfdbf17aee12106e5dd6dc9fedf6505a4c3

Download Submit
C:\Program Files (x86)\PC HelpSoft Driver Updater\Extra\Polish.ini

Filesize
17KB

MD5
85a03f193e27125d605b19804b43e0bb

SHA1
70d28931c8f5f19b59b1e719f1183a79f69efa62

SHA256
4805389183887f3636646cb5897371bccf7d683b4e7cbd50e35d2675e1d7fac2

SHA512
591c555a75ef380048583a4cda16888b2005dd103edfa2b4aea0b8aed459102f3a6781d34e4a2f533b25faaabefa980aafb546bdf743a55febf03c72c6000fb0

Download Submit
C:\Program Files (x86)\PC HelpSoft Driver Updater\Extra\Portuguese.ini

Filesize
17KB

MD5
b95d52afe2aa053c0096a2567bd3e381

SHA1
9fd928fb9af44e30fc8bddcba4f42a319b567666

SHA256
0e1c55e1acffc117656b552e9dc9fcab1bb5d4c8d15fdfaadedafe21222c0aea

SHA512
5d6fefdab72dc5edae981a52a809eb840bdfb6f834f7881a7ac95d99fb4692e8ee1b66709696020564cd3f3c4bf13b1b2d01228f924272c8097dee7e02a3add1

Download Submit
C:\Program Files (x86)\PC HelpSoft Driver Updater\Extra\Russian.ini

Filesize
25KB

MD5
f1e275534fe7d59ad3bebfda230d7370

SHA1
cc11725efe67239f62e0d3ae063a27576ef67db3

SHA256
c9e0b64103422fdc3f6a31ec2300b58e9540cc21346a0620c9f0901d16bdc405

SHA512
b6045f90ee2e16d15a321c149beab0d91f6e4603a9582d1efabcccdaff53bb0aca8a7ca34219b19511f9a649b11fe35cc41ecb41989c29702470d1decf5496c1

Download Submit
C:\Program Files (x86)\PC HelpSoft Driver Updater\Extra\Settings.ini

Filesize
126B

MD5
77d8771a751ba0d495200f339872ef85

SHA1
533acd0f129881feaa756fb79dde5d023f6bcede

SHA256
0166b6cd9fa3a3b030681c23b3d2399148a9ae0fa945ea5c39ff0b87f18098a9

SHA512
9bdd6655e27b36954fd6127a75bfee92d49ae7d1d553c44f6f67592ebfd147a4c0791b2bdabaa2657916c4621212b20bbb913499fbe3653584de099fd5cd01d7

Download Submit
C:\Program Files (x86)\PC HelpSoft Driver Updater\Extra\Spanish.ini

Filesize
17KB

MD5
839235142fedcf6eaacda727ab05dcb5

SHA1
99d860c34452d31d3c69f37bdb826bb9b45ab478

SHA256
802b866f10646fef8facf3b5b45b714f800aa03a582c76c06d4b9cfe7e164c82

SHA512
c145a8386e41aa9427d7a896aba5c6024daa3d9c2f2041325dc72b5c991aa43c24db0cb29138f0c91833c00528912ec787a5295fb832a8764c1e5f11b71a2dae

Download Submit
C:\Program Files (x86)\PC HelpSoft Driver Updater\Extra\Swedish.ini

Filesize
16KB

MD5
1aab81548ef8bfb11b1e81bebee4f19f

SHA1
073a5e57c51153da9454f3097f35f4213fc15d18

SHA256
0b5578d884c760c2d1e4c2d4fb16459f15bc3871a55320e58e1d9d3bfe5a4bbd

SHA512
f84cca8cc024a2c4427f9479aa719a1d0534053aa2dca7d4abd9fe759b32dea3cb91cbdad44d7e0b45f6c04515e3025d4a198704d826071d174e0fec92b71865

Download Submit
C:\Program Files (x86)\PC HelpSoft Driver Updater\PCHelpSoftDriverUpdater.exe

Filesize
8.2MB

MD5
21a4dadd5686773fe0ef880c22f07d38

SHA1
6236e9ec7eee10d95b3055a5e473fd2656898469

SHA256
76ec2ea23b6d6cfd69699822a95e9032b9ef8100df19be91357c4e71a1f33b37

SHA512
e8dc6bec5347f6d83cdab1df7683abc0d563603ea08dcd5acccbdb6ac3a6efdbaa88dbdff5c257251eaa1c5311947a581d4a2bd506cbf3fbddba1e46471683c9

Download Submit
C:\Program Files (x86)\PC HelpSoft Driver Updater\PlayaSDK.dll

Filesize
960KB

MD5
11a813c0972b740937d3a7e2daf9ffcb

SHA1
4245b5a3c97f725c56a29d745767edebb5e3f15d

SHA256
3f933bced2d9f65d48f7c48715bf286fd431341a74e1ce15d39b7c4c96603cf9

SHA512
9a590dcab0cf7051d04743736ea7a6b74fa0f87539580cc41a58ad33a76574201e7b6d54d5100cbcd262266bc55b053243edd4860a2d43deeb1c164395e4a941

Download Submit
C:\Program Files (x86)\PC HelpSoft Driver Updater\sqlite3.dll

Filesize
640KB

MD5
842e8edbfbeffb9ef234a2da6d5980fe

SHA1
f76e944e5ac3c489d987a11a313b41dee3e813f3

SHA256
ec30f1214fa645b8e436142acab6cc9a07f5c4e3414b5e539a832df9237a7bb3

SHA512
1ca9449dffa72b274b842b3a1f2008d3f13c6f423e7ac466e2efb97fe2103e1aea052a5e8a9839083061154fb61ec870fbe8e35164b386a3aa0aaaf8064a0ed4

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

Filesize
64KB

MD5
b5ad5caaaee00cb8cf445427975ae66c

SHA1
dcde6527290a326e048f9c3a85280d3fa71e1e22

SHA256
b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8

SHA512
92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

Filesize
4B

MD5
f49655f856acb8884cc0ace29216f511

SHA1
cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

SHA256
7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

SHA512
599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

Filesize
1008B

MD5
d222b77a61527f2c177b0869e7babc24

SHA1
3f23acb984307a4aeba41ebbb70439c97ad1f268

SHA256
80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747

SHA512
d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006

Filesize
62KB

MD5
2a269f39d847da7bf9b5d6841726b888

SHA1
3e3fbcdcdff5d84a331c0ecb9106637137cd4847

SHA256
f9401bcef77841dc036b71ec058704f10dde85bcef9b7efc42a12fbd0d200515

SHA512
40e14c79501180e5d0a28099b6df83ebe37f8b043cdd9295bffef7c4a376a6226ff330f8a0a15189d361fef1ca2bc661907c0e7b141c72257dcfcecec22719c6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000007

Filesize
41KB

MD5
abda4d3a17526328b95aad4cfbf82980

SHA1
f0e1d7c57c6504d2712cec813bc6fd92446ec9e8

SHA256
ee22a58fa0825364628a7618894bcacb1df5a6a775cafcfb6dea146e56a7a476

SHA512
91769a876df0aea973129c758d9a36b319a9285374c95ea1b16e9712f9aa65a1be5acf996c8f53d8cae5faf68e4e5829cd379f523055f8bcfaa0deae0d729170

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002b

Filesize
20KB

MD5
87e8230a9ca3f0c5ccfa56f70276e2f2

SHA1
eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7

SHA256
e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9

SHA512
37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00004d

Filesize
20KB

MD5
e241a1d3ac1af67a908a231b3c0f8744

SHA1
e8412046594395ab89d4788f91e36ac115aa602a

SHA256
4399c3e6e5716b1bf1d535176eecc007364152ac36a19855626aa2689bce0053

SHA512
de2882cbc94ee616ca01e534c867de2cfe0cf3b9a023f65864df9c8c343c2161d9e53a3f0fab83007cc51ac1886c3d378ca1c8b7e4ac7cbbbb7460262f17fa7d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
cd5d1dddf806fa2e49f85e84630c7b33

SHA1
e71b7a5bf1b584e328009040449570386ebec45a

SHA256
da8dfa4a3b59e802b9c2a80cda3e6d26715d5e84743ec5a2cf989b411f86f971

SHA512
d0542e95ed1e72a37272cfcf8b6e8aa49434b5cf3b9d33558727da69d49b2025fec44d71b0a02305e9f1ccad248c41f1695687742990696d1a653f4bb4c3938f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
ca680133bedea88845d05b2e4621d5ee

SHA1
05672fcc7652dafcc03e941bb04178ae54c6e0cf

SHA256
4964b12de76f1a491593faed5dd0546a780372ed1a21a24a6b2c9e3cf3f09619

SHA512
eb7289dbf4aead229d4eb548990cc7dec29c66fd9b1aa83e80c0f95ec193d007b323b9f21c6d6bf458445ed7b68e245810bc8fe05c2914557df2c29a6fb2fe4e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
16KB

MD5
69ab4b42a6f50ef8b7f4d0a80563033d

SHA1
4e458f387aed416c92d8c775983da034eb24296f

SHA256
bf2ab1125ce5775f7578e5db7e78d126b26753d22293f2da0417507e45f2cc2b

SHA512
1cf9797b077c2c5f71c59cf892db9a7a98bba6427897165430f72dbd191b77de92e6342b48459c28a2e11943f6373bb8d83a684b57c3e8705d20a71cbe22ddea

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
23KB

MD5
8607cd2d8a8f9ae26998135ea0df9b9b

SHA1
f03f09edb7e9baf49e8e5aa8000f02bf2af81822

SHA256
4c3266db60755039c2a1d9d578bd8927b1d0a6fe397b198729ad7b42523e38e3

SHA512
76306c1b8311f3fbd2acd830478f407f2889b89507ccd4e07df6b4dbe64847f88165f978d2fde946100bc9cd5d6b8334ed6c9856f7d91e51ac7a5e158a46441c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
a6d58b00c1be1ce137d3526bb115777d

SHA1
c312c521680f3f9e719ccd5f297cd7c9b8a058a0

SHA256
e38390737c5e96d85b457987b6f155e6aff0df60399d1a76d49a2e8b3eb0e251

SHA512
cd00eb18e866a788990dba8502e66cac817b4743c6c718939701e88b15c848dc4fb84a36cc4e759f061dc2142f68c51c184db85f400c75d68654b9cdb678441f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
a3e089c034a6c47172acada3ae310fce

SHA1
fb8e553ecdb2eb4436f585c477806c34986fa625

SHA256
9eae8a14fdd27594dfc81320130764a8e249047860a1821996e48cccf4270e4a

SHA512
6a46ce752954f516edc1ae3cb48ac86ded7f324c85a4184246e97f13a7197cb6049a2d9d05b8536fa706fce7384ff9dff7d4dfd03a2e7fe098928a383d7cee4e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
86c876e2fd94393c05d1cac01c356ede

SHA1
ec13b81fddac52736f21b24ecb9f6655a6761e8a

SHA256
dc11701ec600b14caa78853e5a5dcc2c50ac5a8724f7838f2a45cccd205d3543

SHA512
6f6092ea5a943a06e6f6ebc8add5e409494049d7a0cf75e27f8a887ccee3303d4f23157f0417ef0e4914f979b94af598531c38c6de68428c10d0722fc176237f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
2bfc779a4eca70208d955b34184d7a1e

SHA1
69ffc65acf0c9788b88571a7fb38e3bf7f527abe

SHA256
1f63634969a66e2c80da832883c2afcd2bb01f57e9391c388fe3635db73df4b1

SHA512
6746c3cb5699df8eb10bdd14bff6851b8092894986db1c6430d3c167149245130639e8ecaed2fad126f0d1695b33ec8406b7f37a5e4245fbd90fcd11158dbed8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
73829f039e539b2533a9fcc9a5be2681

SHA1
986da23160716e6838745fbc3528226304b29e06

SHA256
8f43366edb2876545c75efb9128d0b54f8dff2c8fb4e7368d38208a7f5281ba7

SHA512
40757a792930ef17d4039dcca3b0fece6af9a69bc93586713d8c5ca3533988d0cef84bd7674fd006b32ebdf773e695b85a6f9f4b24baecaaf3cfac2a273b16b0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
8e12c3fd3c3b0f092abec917006ddf8f

SHA1
6b0853aff2b05c7d519e634aa14ae308df6f65c6

SHA256
9a441b6ea0b0e0094895444a9e7d438160fcf6d085686f3fbc9022fb38f32e29

SHA512
c82ecd793154e7b6002f660c3922b5ed8a3e400c04620fb2ab58e87ae69c7568d8d35b72479eeaeb017f9cc9450c77f6381b39a08a2b0a07ca030b2c8f231238

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Platform Notifications\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ab218ac82b91dbc4b1f81db941313d9e

SHA1
1be258f112e63f2bd5b04768c3827f7700fe75c6

SHA256
f3f4391fba658a258af20c687456584f8981e74814d15c4fcf87d01adb8f634a

SHA512
c682e5d6dd69c43f7d736c74430ba239d71035ca60ed72350c67946bd1ca08c33adc09953ec10b2bd56c76755c9c2ae15f3aca1fdf87d31c096e757081f99341

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
6b767820df91566ac117ee74c49e9319

SHA1
6fda62365946aa094b0d1172c94591b87f56af14

SHA256
2a38dc7550420f93d3dcfc2c8d212b26de3927a5e32e6289c0be5db0725c54e8

SHA512
ce518ac1975193668509f793b3efac2eb5e64f508ff707736917180087e54d0bf2dfa67098ce8c69937c18264e8ac27bfecee8436aded0f6b9f839af4d1fe28a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
f09378b6524e629bf44a7799b968cf45

SHA1
53fd55e64fc60426e9199ccf868ee14f458f2ada

SHA256
1d431e0627581d1aa4bb7fc373a16e51dead269bd7efa40abad608553412c46f

SHA512
fcf2dc8fc51e0202e8a5943b0d461ca613ed83e75b480849091427b262250db9ab82f17666895911c1a41f733b0878be1f059cfb30791cc1c6ddeb5acbee2bc0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
e5fec647ff51e6603fe1a824e9c87f6d

SHA1
5c5ca3e4fe75304fb31d4d68d7094354a838d5d2

SHA256
56d3bfb564c909dab571cce24f78f51a813e6e0357da014db9890eb2e9894972

SHA512
92aade18ebc69c8abb0503a892de79dcda9fe59f9fc8c7468945f8b671430f86f97a1ebc655952aa8e9e41c3737b050adf77591bfff45506635e860c1d981b99

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
f9ac0b1d48ba7d58a0fb58815d0cd91f

SHA1
78a7865ad58ca3f47af59e05de3b0f0b28b2e7ae

SHA256
07e18815720fc40d1a0a36484b5450fe19cbf967a556a2433cf02f37a230dfc5

SHA512
3769de54e84a04365e9546e5f7e85c60ca642e9a1e42343c787bbeb6705d5a7a77c96f94f28102977e789e3b4485cc1f79f58a509ffcf8c1e9107ffceddf463a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
f96e50f2655fd994f350c26892b0131a

SHA1
f93c1a23dd168359c68928a2b737cf2b4c74a2f0

SHA256
0a20f0b6e703f831c65a475ecabd180a4549fbfe2810d94b078c09abba1cf5e0

SHA512
723036b9a985eaa5c3e5b9dbc79537891e0f54a9fe8531e1854815999076582aa270d5a99c8c60ab004f305f52799e12692affbe1f97da3c0f12a840f4cd03bb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
b51c2028834364c11f97a9a731b17a5a

SHA1
2c7080e12353f7d8e30d0b855515f8bbd1d6c64a

SHA256
ca32bc951b2e771cd2b48c0014fbd3b8a23461480f8f29a8cad4f0df764cb6a0

SHA512
473cc6a55e37afeb9721b10e7f525d66d2dd84016d458029e9e30219ca232ffc8adc9b9a92c90c4faf3c1fc7f37aeeb5e4a3601c8de189abf9aef30200c7aa32

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
0f1ae7ea978394ee30cbc10737bf2d48

SHA1
f03e05cc097eee4d01b176d615876b5acb7fea1b

SHA256
ae85b6b01b390805d71521e44024da706df0df410cb4537bf04f53e119ff68f0

SHA512
268364229cf3a8a4110c43c75ae745be8d609d3a0e3da236fb70440e39160757e8640f22e2febea63d17a727ec01b5792b338027d29e48f22664952b7b52aeaf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
f7098e48dd74e19d38ab13774f42e0b9

SHA1
3fa0c99cd9f27fe98e81cf3ec6217df4b8e878b9

SHA256
d567b2dd1c8705d64276c083f18ddfad6e21c10544c2bf7f38a56eead0d59c33

SHA512
f7e7df52aa201ae94502d474181f4ec88ccd3ecb8adca97324fba288e9d86f29100b360ee24b6156eb316648fc4baa6eee56a67e445934a50af72726e4f987dd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
ce052e17571aab643a39f7d2ba1242c2

SHA1
f13e8c72a011abdd64112426e8003c316679ecf3

SHA256
2551e78d8619afb8519ca961eccbb9b8fe73cc39b4907533f0d71aecd63a36a7

SHA512
b93cfee2aca9ac7e2eddd4a02e5df89a615afc10a030e0e937477b739ebac940e285b8b77755cb6062cc292f6bf8259df581179eda342340918961cc922082b5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
6ee41a9ae2f03db854de498b9e578b9a

SHA1
4700fc7907983d8a9a45f592dc9d5fc8232299e2

SHA256
6b9e57f22a53ce95ef1dbfecd55ad33b87c5822ec54273d91e304268b42c8b42

SHA512
181f7c179c7c08265d67e3366c69cc04d6c99edd247ca18aabc8f5f5efc2b0fb48f8e43e2ee1afb99a8a8c9504d2168c84247c6fbc87a1ddd7226aa87a482221

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
3e6fd9501a430ad62d50ff622527dd6b

SHA1
d87107c0d6dc4cc342dd66733579468f614c13e0

SHA256
ecab987c700b488ce93be5cab8a1d9d24b8922287dae18c8bd02999e8dd7632c

SHA512
b18181082e9ce03351bd5eeaa28d22d8c3672fa47707eb56b79bfadeab00a5ae16840c73a7b24e436d51d6a139eea614510bb99227ca4eb638d565299aadcff8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
e98b3974e9ca8ab7a34645e1a4b2fb05

SHA1
012fdf0f6a4c5e824fdad4dfa0b00dd88d7ba6d5

SHA256
1cceb9d73e831f94e8427ddc0e0a2b73009b87e97045562c4f37b10244ba09a9

SHA512
43ee73e14ef002979dc79bbefc33464755794439916646f4c0ff87c749f73a2123bb500a4c005e123b0584194bca20310a2ecf9435f74a37274d4f06a9562120

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
094c627dd0df7bad061e0113fafc533c

SHA1
ce94dd07e81e310edf8176b6ec3aafd316dc3945

SHA256
6ed065f373cff53a1eab231c1c60336022fa256a498cb739335108a1ecd2ba44

SHA512
1b8ebaad84b379346185f1a8ab56e02216eb62edc34b163b365f33138044abd93f09d249cb646936013b254e37632b0f8415470297c560698bf0839c5605fe01

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
8eba009c30565c8aa4df619a16bbc9bd

SHA1
846e92be83e98f2acf6c1007adcc18b72023f2f5

SHA256
932c96e74a9728020bc718fba0e41c91beafad4ff2a4b2b7725a46e39046d8e8

SHA512
d4df92c88c5d9a26dca325250ac96534cfad2a58d527ea32b88595e6bf7691c53951e844e229f85a166efa22967fbcee86d4dd539d146b0173d4e8116e5a0b9e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
9ff6c819ba4ee0879bd9cbf11953a7a8

SHA1
bbe92e3067fa49f5a65950d6dd94b7a055461c9d

SHA256
6e1a0b919ad779f77ef285312f345a6179a94d0fd05bde85f9c9958fae233dac

SHA512
1382b1535cda68ef3c9df83b42f87ce8b0c360204ee1d4d94c9e364e9cacda23bd2d33c5aaecbae31268efcd112ee05c85e0d1cc96e609c3b758e30b67bd0247

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
833dea4b91f4bb9365f5f2c3992e2c96

SHA1
ddf3e502321cdf8c6621f5dd6659702ee43c9b1a

SHA256
8037314b6f23e418de4b624f67abf6c124b1fb3d53cd1baf19bcab7ea682c34c

SHA512
e19b82de61e4c2a79e142e56aab85f4a4558a37b5f90fb62e24dd1732a7c56130ef0380a8b7dfd74d6ad220ee12e8909cc74eb5956f756b9debcaa803f85e622

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
d708ee235e0efb4967313fdc565bb2f1

SHA1
3c9b54b9e819104585bbd829a9ed67489261ae0d

SHA256
da2ba40ddc8b25fbdd5178c7e98d49c01b132f76f6d79dc8d7add0afd05c7632

SHA512
88bd2fce8c36280b505ea446c154d52f6382d545e3cf859ee7f32ea91af9756c175aea677c41fb22fb3b7ecab1732691d4f40867bdf6e4eb4dd7a7faa8fc43aa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
573d2f2fb56519f4343b8dda5b76a31d

SHA1
0a7157f22dfbfb182f75dd92c337679707e2b3b2

SHA256
b8914e733495aaa599acb8047f979b425e5fe91c43a6932992f813e727a8d49c

SHA512
12501c9b8e191bc6a720ed84a0bd62a5bf779615031114a5504cdfa8dd16bcd60c02512ad1515065fd82744314b0996ee3ee2c814f6acd1516baa0d213adeb5c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
e86d7375390eadb5f7607215a56e7b14

SHA1
6e7571edf569b08a4933065f08faa06665d39ac9

SHA256
7990945bc5eea198654721d28bac5094ce92b2bba1c9de5d264bb30262ff4c5b

SHA512
84b722cdddaaaa9150d5c98efdf86ec7b7cf194b3288ce46d67ea7540d4d82c46f33b8a9102635cc24528c5c4c85f323719861fe5887b06bf28558e64b1bc979

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
4b4012f919d88c8ef0ee37adb91697fe

SHA1
c22f7eab98e905397f5ee4263b8421e40ce2f7d6

SHA256
5c889f5b9ae07ebd39e9e0cc05ef871cd359fce9629d127023363087605dc525

SHA512
eeb3eaacd4307fd0d72aa4b11b912b2a5e697c01893d79015b593c1c2a3d3558e9832c3b0e11a112be2962db147240a15cc95fc2cdac0ca8c61a2737033854bd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
0491d545407c75a13b9dd849dee844c9

SHA1
8177cce080d03670a9176ca218eaf61269a69c7d

SHA256
13b8073f2cce4a3e7bf0ffc19951d005c6f91f20ea8427c3f78c92f2babae088

SHA512
730c151412fa00b258bbc92e8ca17e98e14699fdcca2ceef5459c8e4844e99b0339a53e7a0bcbbc8390d68863c2e4249124c010f9b31f76ad01e8825db1f9f31

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\c49cb20e-f7de-4c7b-af09-4eedd700c30a.tmp

Filesize
15KB

MD5
69e060838a861562a5615008582832c4

SHA1
19ab8f44558ed98efe1dbe60067869a3b544b68f

SHA256
7bfa3bf8081abaf4b0760fbb49e23090cc777fe387439bf14a69a495e25dea1e

SHA512
cc56d5018963460492a3c77aa390d40f3d9edc6d27e6728204d136f05e06f1c671ab1c614ba5aca1772f5fe273b025049b94dc102f62be3e23a3a796fa0fca3f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
228KB

MD5
2f5257a21defa4622f8d0f11032284cb

SHA1
3daff4bfc9c4440661ba88ce9b0b3ab2eb5a635b

SHA256
01050f0f476e2bc998c4b2134c880783a459ef7fcf9c4cc834d20b6d59ace879

SHA512
e5d256189bf3da3a1ef8627f73e45b004bfd94f8b0940fbe8907f85bfa0149043c748094f70ac3c859c0fe199654905a5d673d1368ef1ee8854cdc6a1a48c131

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
228KB

MD5
4af81de70426b8274fd57182b12a0e50

SHA1
273d001109f67a9d92dc8836e4557524da6b0191

SHA256
c7bd73d95fc55ce26bd823d3ca7ec956fdacb674961f0bd1c296b55ee0e982d5

SHA512
0a756522481ef81bd8e9f1792f938bae604d7830e943292a728fdef744b897dc1aa284e8fc0d2ec3e2ae3ef638b3314831ce889c67fdc1a800c6fbd3d4b7942d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
228KB

MD5
116b70a9af045d48ced91c4a6c55f7f8

SHA1
a0e936b19ec846f81a81c8f7b053ee27bc09cc60

SHA256
6fbac36a574737a816a235312f8b5e5287d773038da27a74bd0f3e5c14a38683

SHA512
ee14fecb57087933adcf5178f5a29fdff25f068de8a6eaf0786afbbdb3f5632c7dd820a330406bcb20b714c2ca98936375b9aa5ed8050216e5bb9a614f4fe875

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
228KB

MD5
83023ae8142bad13238b01235440a316

SHA1
ffad00a278fe19a64d96ccda11160b6ffba97752

SHA256
6b9020d5cd77af304fef0b5d137bc7fe5ea8c3ba80951298ac0ad02d591c03e8

SHA512
c9702584556e195639b2be61f4f49b744dfecc7fb8ab654f6de80f42f0d7f31fdb59721015e3300e71413259584e611536b92cee18dda7739d50c90d877d6aae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_idx.db

Filesize
14KB

MD5
8795c8525835a1ad636da42af7391b50

SHA1
aa9a9a1999fc4cf86f962fc4d3747dd20ffde73c

SHA256
396ded42e9fede4468c425744c6a4375a0eb5d7ed771f4f377310f5a2cae8a78

SHA512
74c12aacfe388972ec2c7f33b56d278c687a76df97ff8604df88347e64d0c5c3fca18b2f12dc267d07d501ea4ce1e8cbceedcc05476fd6de7a2418da6500c7cf

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AC\BackgroundTransferApi\045ae5b5-1676-4e97-ba69-43d2a1a1f55e.down_data

Filesize
555KB

MD5
5683c0028832cae4ef93ca39c8ac5029

SHA1
248755e4e1db552e0b6f8651b04ca6d1b31a86fb

SHA256
855abd360d8a8d6974eba92b70cbd09ce519bc8773439993f9ab37cb6847309e

SHA512
aba434bd29be191c823b02ea9b639beb10647bbe7759bbffdaa790dfb1ec2c58d74c525ef11aacda209e4effe322d1d3a07b115446c8914b07a3bce4d8a0e2c3

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

Filesize
11KB

MD5
40189492302044d783cc11caafe6a4f4

SHA1
e4ba7ba485fa1a7b155ae1d4264524d22e944cf3

SHA256
e893b19be6557dd5c8b1f49fbe01e5c8149f583e6d10434e5daf09747d4cdbd4

SHA512
6cf14ef5109ae991ecad2fa2b41a8dd7ca559c0d0c7bcafaf114438da1757bdcdb872ea6dea4eb46e68c406f8dd9260ec5fde46b37420833cefefd1ba5e337ba

Download Submit
C:\Users\Admin\AppData\Local\Temp\$inst\0001.tmp

Filesize
8.0MB

MD5
8e15b605349e149d4385675afff04ebf

SHA1
f346a886dd4cb0fbbd2dff1a43d9dfde7fce348b

SHA256
803f930cdd94198bdd2e9a51aa962cc864748067373f11b2e9215404bd662cee

SHA512
8bf957ef72465fe103dbf83411df9082433eead022f0beccab59c9e406bbd1e4edb701fd0bc91f195312943ad1890fee34b4e734578298bb60bb81ed6fa9a46d

Download Submit
C:\Users\Admin\AppData\Local\Temp\$inst\0002.tmp

Filesize
8.0MB

MD5
596cb5d019dec2c57cda897287895614

SHA1
6b12ea8427fdbee9a510160ff77d5e9d6fa99dfa

SHA256
e1c89d9348aea185b0b0e80263c9e0bf14aa462294a5d13009363140a88df3ff

SHA512
8f5fc432fd2fc75e2f84d4c7d21c23dd1f78475214c761418cf13b0e043ba1e0fc28df52afd9149332a2134fe5d54abc7e8676916100e10f374ef6cdecff7a20

Download Submit
C:\Users\Admin\AppData\Local\Temp\$inst\0003.tmp

Filesize
8.0MB

MD5
7c8328586cdff4481b7f3d14659150ae

SHA1
b55ffa83c7d4323a08ea5fabf5e1c93666fead5c

SHA256
5eec15c6ed08995e4aaffa9beeeaf3d1d3a3d19f7f4890a63ddc5845930016cc

SHA512
aa4220217d3af263352f8b7d34bd8f27d3e2c219c673889bc759a019e3e77a313b0713fd7b88700d57913e2564d097e15ffc47e5cf8f4899ba0de75d215f661d

Download Submit
C:\Users\Admin\AppData\Local\Temp\$inst\0004.tmp

Filesize
8.0MB

MD5
4f398982d0c53a7b4d12ae83d5955cce

SHA1
09dc6b6b6290a3352bd39f16f2df3b03fb8a85dc

SHA256
fee4d861c7302f378e7ce58f4e2ead1f2143168b7ca50205952e032c451d68f2

SHA512
73d9f7c22cf2502654e9cd6cd5d749e85ea41ce49fd022378df1e9d07e36ae2dde81f0b9fc25210a9860032ecda64320ec0aaf431bcd6cefba286328efcfb913

Download Submit
C:\Users\Admin\AppData\Local\Temp\$inst\0005.tmp

Filesize
8.0MB

MD5
94e0d650dcf3be9ab9ea5f8554bdcb9d

SHA1
21e38207f5dee33152e3a61e64b88d3c5066bf49

SHA256
026893ba15b76f01e12f3ef540686db8f52761dcaf0f91dcdc732c10e8f6da0e

SHA512
039ccf6979831f692ea3b5e3c5df532f16c5cf395731864345c28938003139a167689a4e1acef1f444db1fe7fd3023680d877f132e17bf9d7b275cfc5f673ac3

Download Submit
C:\Users\Admin\AppData\Local\Temp\$inst\0006.tmp

Filesize
1.8MB

MD5
b3b7f6b0fb38fc4aa08f0559e42305a2

SHA1
a66542f84ece3b2481c43cd4c08484dc32688eaf

SHA256
7fb63fca12ef039ad446482e3ce38abe79bdf8fc6987763fe337e63a1e29b30b

SHA512
0f4156f90e34a4c26e1314fc0c43367ad61d64c8d286e25629d56823d7466f413956962e2075756a4334914d47d69e20bb9b5a5b50c46eca4ef8173c27824e6c

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\ADVPACK.DLL

Filesize
73KB

MD5
81e5c8596a7e4e98117f5c5143293020

SHA1
45b7fe0989e2df1b4dfd227f8f3b73b6b7df9081

SHA256
7d126ed85df9705ec4f38bd52a73b621cf64dd87a3e8f9429a569f3f82f74004

SHA512
05b1e9eef13f7c140eb21f6dcb705ee3aaafabe94857aa86252afa4844de231815078a72e63d43725f6074aa5fefe765feb93a6b9cd510ee067291526bb95ec6

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTANM.DLL

Filesize
40KB

MD5
48c00a7493b28139cbf197ccc8d1f9ed

SHA1
a25243b06d4bb83f66b7cd738e79fccf9a02b33b

SHA256
905cb1a15eccaa9b79926ee7cfe3629a6f1c6b24bdd6cea9ccb9ebc9eaa92ff7

SHA512
c0b0a410ded92adc24c0f347a57d37e7465e50310011a9d636c5224d91fbc5d103920ab5ef86f29168e325b189d2f74659f153595df10eef3a9d348bb595d830

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTCTL.DLL

Filesize
160KB

MD5
237e13b95ab37d0141cf0bc585b8db94

SHA1
102c6164c21de1f3e0b7d487dd5dc4c5249e0994

SHA256
d19b6b7c57bcee7239526339e683f62d9c2f9690947d0a446001377f0b56103a

SHA512
9d0a68a806be25d2eeedba8be1acc2542d44ecd8ba4d9d123543d0f7c4732e1e490bad31cad830f788c81395f6b21d5a277c0bed251c9854440a662ac36ac4cb

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTDP2.DLL

Filesize
60KB

MD5
a334bbf5f5a19b3bdb5b7f1703363981

SHA1
6cb50b15c0e7d9401364c0fafeef65774f5d1a2c

SHA256
c33beaba130f8b740dddb9980fe9012f9322ac6e94f36a6aa6086851c51b98de

SHA512
1fa170f643054c0957ed1257c4d7778976c59748670afa877d625aaa006325404bc17c41b47be2906dd3f1e229870d54eb7aba4a412de5adedbd5387e24abf46

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTDPV.DLL

Filesize
64KB

MD5
7c5aefb11e797129c9e90f279fbdf71b

SHA1
cb9d9cbfbebb5aed6810a4e424a295c27520576e

SHA256
394a17150b8774e507b8f368c2c248c10fce50fc43184b744e771f0e79ecafed

SHA512
df59a30704d62fa2d598a5824aa04b4b4298f6192a01d93d437b46c4f907c90a1bad357199c51a62beb87cd724a30af55a619baef9ecf2cba032c5290938022a

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTMPX.DLL

Filesize
60KB

MD5
4fbbaac42cf2ecb83543f262973d07c0

SHA1
ab1b302d7cce10443dfc14a2eba528a0431e1718

SHA256
6550582e41fc53b8a7ccdf9ac603216937c6ff2a28e9538610adb7e67d782ab5

SHA512
4146999b4bec85bcd2774ac242cb50797134e5180a3b3df627106cdfa28f61aeea75a7530094a9b408bc9699572cae8cf998108bde51b57a6690d44f0b34b69e

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTPSH.DLL

Filesize
36KB

MD5
b4ac608ebf5a8fdefa2d635e83b7c0e8

SHA1
d92a2861d5d1eb67ab434ff2bd0a11029b3bd9a9

SHA256
8414dfe399813b7426c235ba1e625bd2b5635c8140da0d0cfc947f6565fe415f

SHA512
2c42daade24c3ff01c551a223ee183301518357990a9cb2cc2dd7bf411b7059ff8e0bf1d1aee2d268eca58db25902a8048050bdb3cb48ae8be1e4c2631e3d9b4

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTSR.DLL

Filesize
60KB

MD5
9fafb9d0591f2be4c2a846f63d82d301

SHA1
1df97aa4f3722b6695eac457e207a76a6b7457be

SHA256
e78e74c24d468284639faf9dcfdba855f3e4f00b2f26db6b2c491fa51da8916d

SHA512
ac0d97833beec2010f79cb1fbdb370d3a812042957f4643657e15eed714b9117c18339c737d3fd95011f873cda46ae195a5a67ae40ff2a5bcbee54d1007f110a

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTSVR.EXE

Filesize
268KB

MD5
5c91bf20fe3594b81052d131db798575

SHA1
eab3a7a678528b5b2c60d65b61e475f1b2f45baa

SHA256
e8ce546196b6878a8c34da863a6c8a7e34af18fb9b509d4d36763734efa2d175

SHA512
face50db7025e0eb2e67c4f8ec272413d13491f7438287664593636e3c7e3accaef76c3003a299a1c5873d388b618da9eaede5a675c91f4c1f570b640ac605d6

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGT0409.DLL

Filesize
28KB

MD5
0cbf0f4c9e54d12d34cd1a772ba799e1

SHA1
40e55eb54394d17d2d11ca0089b84e97c19634a7

SHA256
6b0b57e5b27d901f4f106b236c58d0b2551b384531a8f3dad6c06ed4261424b1

SHA512
bfdb6e8387ffbba3b07869cb3e1c8ca0b2d3336aa474bd19a35e4e3a3a90427e49b4b45c09d8873d9954d0f42b525ed18070b949c6047f4e4cdb096f9c5ae5d5

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGT0409.HLP

Filesize
8KB

MD5
466d35e6a22924dd846a043bc7dd94b8

SHA1
35e5b7439e3d49cb9dc57e7ef895a3cd8d80fb10

SHA256
e4ccf06706e68621bb69add3dd88fed82d30ad8778a55907d33f6d093ac16801

SHA512
23b64ed68a8f1df4d942b5a08a6b6296ec5499a13bb48536e8426d9795771dbcef253be738bf6dc7158a5815f8dcc65feb92fadf89ea8054544bb54fc83aa247

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGT20.INF

Filesize
2KB

MD5
e4a499b9e1fe33991dbcfb4e926c8821

SHA1
951d4750b05ea6a63951a7667566467d01cb2d42

SHA256
49e6b848f5a708d161f795157333d7e1c7103455a2f47f50895683ef6a1abe4d

SHA512
a291bb986293197a16f75b2473297286525ac5674c08a92c87b5cc1f0f2e62254ea27d626b30898e7857281bdb502f188c365311c99bda5c2dd76da0c82c554a

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGTCTL15.TLB

Filesize
28KB

MD5
f1656b80eaae5e5201dcbfbcd3523691

SHA1
6f93d71c210eb59416e31f12e4cc6a0da48de85b

SHA256
3f8adc1e332dd5c252bbcf92bf6079b38a74d360d94979169206db34e6a24cd2

SHA512
e9c216b9725bd419414155cfdd917f998aa41c463bc46a39e0c025aa030bc02a60c28ac00d03643c24472ffe20b8bbb5447c1a55ff07db3a41d6118b647a0003

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGTINST.INF

Filesize
7KB

MD5
b127d9187c6dbb1b948053c7c9a6811f

SHA1
b3073c8cad22c87dd9b8f76b6ffd0c4d0a2010d9

SHA256
bd1295d19d010d4866c9d6d87877913eee69e279d4d089e5756ba285f3424e00

SHA512
88e447dd4db40e852d77016cfd24e09063490456c1426a779d33d8a06124569e26597bb1e46a3a2bbf78d9bffee46402c41f0ceb44970d92c69002880ddc0476

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\MSLWVTTS.DLL

Filesize
52KB

MD5
316999655fef30c52c3854751c663996

SHA1
a7862202c3b075bdeb91c5e04fe5ff71907dae59

SHA256
ea4ca740cd60d2c88280ff8115bf354876478ef27e9e676d8b66601b4e900ba0

SHA512
5555673e9863127749fc240f09cf3fb46e2019b459ad198ba1dc356ba321c41e4295b6b2e2d67079421d7e6d2fb33542b81b0c7dae812fe8e1a87ded044edd44

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Msvcirt.dll

Filesize
76KB

MD5
e7cd26405293ee866fefdd715fc8b5e5

SHA1
6326412d0ea86add8355c76f09dfc5e7942f9c11

SHA256
647f7534aaaedffa93534e4cb9b24bfcf91524828ff0364d88973be58139e255

SHA512
1114c5f275ecebd5be330aa53ba24d2e7d38fc20bb3bdfa1b872288783ea87a7464d2ab032b542989dee6263499e4e93ca378f9a7d2260aebccbba7fe7f53999

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Msvcp50.dll

Filesize
552KB

MD5
497fd4a8f5c4fcdaaac1f761a92a366a

SHA1
81617006e93f8a171b2c47581c1d67fac463dc93

SHA256
91cd76f9fa3b25008decb12c005c194bdf66c8d6526a954de7051bec9aae462a

SHA512
73d11a309d8f1a6624520a0bf56d539cb07adee6d46f2049a86919f5ce3556dc031437f797e3296311fe780a8a11a1a37b4a404de337d009e9ed961f75664a25

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\W95INF16.DLL

Filesize
2KB

MD5
7210d5407a2d2f52e851604666403024

SHA1
242fde2a7c6a3eff245f06813a2e1bdcaa9f16d9

SHA256
337d2fb5252fc532b7bf67476b5979d158ca2ac589e49c6810e2e1afebe296af

SHA512
1755a26fa018429aea00ebcc786bb41b0d6c4d26d56cd3b88d886b0c0773d863094797334e72d770635ed29b98d4c8c7f0ec717a23a22adef705a1ccf46b3f68

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\W95INF32.DLL

Filesize
4KB

MD5
4be7661c89897eaa9b28dae290c3922f

SHA1
4c9d25195093fea7c139167f0c5a40e13f3000f2

SHA256
e5e9f7c8dbd47134815e155ed1c7b261805eda6fddea6fa4ea78e0e4fb4f7fb5

SHA512
2035b0d35a5b72f5ea5d5d0d959e8c36fc7ac37def40fa8653c45a49434cbe5e1c73aaf144cbfbefc5f832e362b63d00fc3157ca8a1627c3c1494c13a308fc7f

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\andmoipa.ttf

Filesize
29KB

MD5
c3e8aeabd1b692a9a6c5246f8dcaa7c9

SHA1
4567ea5044a3cef9cb803210a70866d83535ed31

SHA256
38ae07eeb7909bda291d302848b8fe5f11849cf0d597f0e5b300bfed465aed4e

SHA512
f74218681bd9d526b68876331b22080f30507898b6a6ebdf173490ca84b696f06f4c97f894cb6052e926b1eee4b28264db1ead28f3bc9f627b4569c1ddcd2d3e

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\tv_enua.dll

Filesize
1.2MB

MD5
ed98e67fa8cc190aad0757cd620e6b77

SHA1
0317b10cdb8ac080ba2919e2c04058f1b6f2f94d

SHA256
e0beb19c3536561f603474e3d5e3c3dff341745d317bc4d1463e2abf182bb18d

SHA512
ec9c3a71ca9324644d4a2d458e9ba86f90deb9137d0a35793e0932c2aa297877ed7f1ab75729fda96690914e047f1336f100b6809cbc7a33baa1391ed588d7f0

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\tv_enua.hlp

Filesize
11KB

MD5
80d09149ca264c93e7d810aac6411d1d

SHA1
96e8ddc1d257097991f9cc9aaf38c77add3d6118

SHA256
382d745e10944b507a8d9c69ae2e4affd4acf045729a19ac143fa8d9613ccb42

SHA512
8813303cd6559e2cc726921838293377e84f9b5902603dac69d93e217ff3153b82b241d51d15808641b5c4fb99613b83912e9deda9d787b4c8ccfbd6afa56bc9

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\tv_enua.inf

Filesize
2KB

MD5
0a250bb34cfa851e3dd1804251c93f25

SHA1
c10e47a593c37dbb7226f65ad490ff65d9c73a34

SHA256
85189df1c141ef5d86c93b1142e65bf03db126d12d24e18b93dd4cc9f3e438ae

SHA512
8e056f4aa718221afab91c4307ff87db611faa51149310d990db296f979842d57c0653cb23d53fea54a69c99c4e5087a2eb37daa794ba62e6f08a8da41255795

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\tvenuax.dll

Filesize
40KB

MD5
1587bf2e99abeeae856f33bf98d3512e

SHA1
aa0f2a25fa5fc9edb4124e9aa906a52eb787bea9

SHA256
c9106198ecbd3a9cab8c2feff07f16d6bb1adfa19550148fc96076f0f28a37b0

SHA512
43161c65f2838aa0e8a9be5f3f73d4a6c78ad8605a6503aae16147a73f63fe985b17c17aedc3a4d0010d5216e04800d749b2625182acc84b905c344f0409765a

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-H35QK.tmp\Driver_Updater_setup.tmp

Filesize
3.0MB

MD5
dfd93de42e9578134afa014f60acbe36

SHA1
9a0e08fd5122a5f7688b05868aa51e4e2c69a647

SHA256
9d2d3263a5b32dbb2dd9532aa571c1e07da9a2df228e5389872df126126bdabc

SHA512
4b6858c06a93e107e9854d4e5892da171d28c069fe7cea465c66e9e5dbb98285d165bf50281d8d00390263b99323222bc7c87017bb24c90c6529a3406faa0100

Download Submit
C:\Users\Admin\AppData\Roaming\PC HelpSoft Driver Updater\26E484A9F1BFB5EC9DF0894433ED102B521E889E.7z.status

Filesize
38B

MD5
cf25c42f45a3fc92adb23a4fe24daecf

SHA1
2d52571ca1837e970538cabcc3c8fe78ae32ca88

SHA256
d25a2b6fd3c55e9a3932ac6290dd1729f02c90bdffd7cad20661ba20505a06a0

SHA512
a2ba4d33b442053030e8233af7bd64dc230343c8720f62228bb687bbaae5fea805b479e0b7eea7d8bc0ab0c84122b0733859f024ea77d4b4df59dfd0796ac00d

Download Submit
C:\Users\Admin\AppData\Roaming\PC HelpSoft Driver Updater\Drivers0.7z

Filesize
11.8MB

MD5
b3df33dff8702834dfee1759c72ee951

SHA1
1d8a7bb14e8d046ac14c9e60ae03d8d7673a9adb

SHA256
09b3b7b17518b8db208432b583d068970d09edc1d77ca6f33efdb76abc3976b9

SHA512
667069d9283cec1fee9d908e7bbc4ddc963df10a8e46d5f9541e432d69e6d3fbf567dfe560d0458d9dd2c514756825d4b45f7036dd8699e0d35afa9fc23f15c9

Download Submit
C:\Users\Admin\AppData\Roaming\PC HelpSoft Driver Updater\program.log

Filesize
7KB

MD5
5fb38bc7b261e25baf9cb8bd286f2e84

SHA1
de317156dc9836a49856cfd5af4ca8a9824b7586

SHA256
20706416bb74a35b21a28fbb0eb039dab164c440802585b6b4686bfd45b3a0e4

SHA512
85441049303a768e56eff35cb0cdaf8a7dad63126dfd141a04334573a91a9dadfe87bcaaff0a28105a5cb78999296e14d126858afd6cd54781e4c81d8236af84

Download Submit
C:\Users\Admin\AppData\Roaming\PC HelpSoft Driver Updater\program_error.log

Filesize
229B

MD5
c0568b371552d39e11d4151fac92f673

SHA1
b07246a9fa24028f9d8df58d1716c21b9d5a8a00

SHA256
4cf1c2940b266126b5c281b1104e79eace07009611dfaab81f1945d8d56ef20c

SHA512
45a44d2449e20ece2d9257cb85b7cc9769e932f72301f88bf71eb01dbac97810f1ef1b75e5dd2c0df1d03c15fc5f15cd2f41af2c5607b83df7ed53a5d0955a61

Download Submit
C:\Users\Admin\Downloads\Driver_Updater_setup.exe:Zone.Identifier

Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 760792.crdownload

Filesize
6.5MB

MD5
60eadf6552fb282c9dd437890c0b5e24

SHA1
11d401803530793093a7e01e54ad627d72b3065c

SHA256
0e056015ea77714ef6307709779bc9b7ade3a0e3e730d6cee39e298056d9811b

SHA512
b4cc19f0ac5f333c73b1cb592276243f64ba44ba8b81e61bbf3d475c822b2faa18dad48a9795e6589c97ae12d4ff6c2de3a4d207ac3aae7ad4684d66d72916ed

Download Submit
C:\Windows\msagent\chars\Bonzi.acs

Filesize
5.0MB

MD5
1fd2907e2c74c9a908e2af5f948006b5

SHA1
a390e9133bfd0d55ffda07d4714af538b6d50d3d

SHA256
f3d4425238b5f68b4d41ed5be271d2f4118a245baf808a62dc1a9e6e619b2f95

SHA512
8eede3e5e52209b8703706a3e3e63230ba01975348dcdc94ef87f91d7c833a505b177139683ca7a22d8082e72e961e823bc3ad1a84ab9c371f5111f530807171

Download Submit
C:\Windows\msagent\chars\Peedy.acs

Filesize
4.0MB

MD5
49654a47fadfd39414ddc654da7e3879

SHA1
9248c10cef8b54a1d8665dfc6067253b507b73ad

SHA256
b8112187525051bfade06cb678390d52c79555c960202cc5bbf5901fbc0853c5

SHA512
fa9cab60fadd13118bf8cb2005d186eb8fa43707cb983267a314116129371d1400b95d03fbf14dfdaba8266950a90224192e40555d910cf8a3afa4aaf4a8a32f

Download Submit
\??\pipe\crashpad_440_AUTXHIRCHJFLWCJM

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/1292-966-0x00000000002F0000-0x0000000000B2F000-memory.dmp

Filesize
8.2MB

Download
memory/1292-960-0x00000000002F0000-0x0000000000B2F000-memory.dmp

Filesize
8.2MB

Download
memory/1292-750-0x0000000060900000-0x0000000060993000-memory.dmp

Filesize
588KB

Download
memory/1292-749-0x00000000002F0000-0x0000000000B2F000-memory.dmp

Filesize
8.2MB

Download
memory/1292-1115-0x00000000002F0000-0x0000000000B2F000-memory.dmp

Filesize
8.2MB

Download
memory/1292-1116-0x0000000060900000-0x0000000060993000-memory.dmp

Filesize
588KB

Download
memory/1292-797-0x00000000002F0000-0x0000000000B2F000-memory.dmp

Filesize
8.2MB

Download
memory/1292-1053-0x00000000002F0000-0x0000000000B2F000-memory.dmp

Filesize
8.2MB

Download
memory/1292-1050-0x00000000059B0000-0x0000000005AB2000-memory.dmp

Filesize
1.0MB

Download
memory/1292-882-0x00000000002F0000-0x0000000000B2F000-memory.dmp

Filesize
8.2MB

Download
memory/1292-1023-0x00000000002F0000-0x0000000000B2F000-memory.dmp

Filesize
8.2MB

Download
memory/1292-916-0x00000000002F0000-0x0000000000B2F000-memory.dmp

Filesize
8.2MB

Download
memory/1292-997-0x00000000002F0000-0x0000000000B2F000-memory.dmp

Filesize
8.2MB

Download
memory/1292-947-0x00000000002F0000-0x0000000000B2F000-memory.dmp

Filesize
8.2MB

Download
memory/1292-993-0x00000000002F0000-0x0000000000B2F000-memory.dmp

Filesize
8.2MB

Download
memory/1292-979-0x00000000002F0000-0x0000000000B2F000-memory.dmp

Filesize
8.2MB

Download
memory/2960-727-0x0000000000400000-0x000000000070F000-memory.dmp

Filesize
3.1MB

Download
memory/3312-552-0x0000000000400000-0x00000000004D3000-memory.dmp

Filesize
844KB

Download
memory/3312-728-0x0000000000400000-0x00000000004D3000-memory.dmp

Filesize
844KB

Download
memory/3380-723-0x0000000060900000-0x0000000060993000-memory.dmp

Filesize
588KB

Download
memory/3380-722-0x0000000000400000-0x000000000093A000-memory.dmp

Filesize
5.2MB

Download
memory/3544-676-0x0000000060900000-0x0000000060993000-memory.dmp

Filesize
588KB

Download
memory/3544-675-0x00000000002F0000-0x0000000000B2F000-memory.dmp

Filesize
8.2MB

Download
memory/3788-1119-0x0000000000630000-0x0000000000E6F000-memory.dmp

Filesize
8.2MB

Download
memory/3788-1120-0x0000000060900000-0x0000000060993000-memory.dmp

Filesize
588KB

Download
memory/4428-995-0x00000000002F0000-0x0000000000B2F000-memory.dmp

Filesize
8.2MB

Download
memory/4428-1001-0x00000000002F0000-0x0000000000B2F000-memory.dmp

Filesize
8.2MB

Download
memory/4428-1058-0x00000000002F0000-0x0000000000B2F000-memory.dmp

Filesize
8.2MB

Download
memory/4428-751-0x00000000002F0000-0x0000000000B2F000-memory.dmp

Filesize
8.2MB

Download
memory/4428-752-0x0000000060900000-0x0000000060993000-memory.dmp

Filesize
588KB

Download
memory/4428-1025-0x00000000002F0000-0x0000000000B2F000-memory.dmp

Filesize
8.2MB

Download
memory/4428-885-0x00000000002F0000-0x0000000000B2F000-memory.dmp

Filesize
8.2MB

Download
memory/4428-829-0x00000000002F0000-0x0000000000B2F000-memory.dmp

Filesize
8.2MB

Download
memory/4428-918-0x00000000002F0000-0x0000000000B2F000-memory.dmp

Filesize
8.2MB

Download
memory/4428-981-0x00000000002F0000-0x0000000000B2F000-memory.dmp

Filesize
8.2MB

Download
memory/4428-949-0x00000000002F0000-0x0000000000B2F000-memory.dmp

Filesize
8.2MB

Download
memory/4428-1121-0x00000000002F0000-0x0000000000B2F000-memory.dmp

Filesize
8.2MB

Download
memory/4428-962-0x00000000002F0000-0x0000000000B2F000-memory.dmp

Filesize
8.2MB

Download
memory/4428-968-0x00000000002F0000-0x0000000000B2F000-memory.dmp

Filesize
8.2MB

Download